From f54cc0c0a3de67ffa335ca07a5cfdb829866ff57941b0206f8fd9f6642257598 Mon Sep 17 00:00:00 2001 From: Denislav Prodanov Date: Mon, 15 Sep 2025 15:33:58 +0300 Subject: [PATCH 01/25] Create 3.4 release branch --- .obs/common.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.obs/common.py b/.obs/common.py index ede08bb..8db978b 100644 --- a/.obs/common.py +++ b/.obs/common.py @@ -1,3 +1,3 @@ -PROJECT = "isv:SUSE:Edge:Factory" +PROJECT = "isv:SUSE:Edge:3.4" REPOSITORY = "https://src.opensuse.org/suse-edge/Factory" -BRANCH = "main" +BRANCH = "3.4" -- 2.51.1 From 042175ff4c0227d5e804a09b130fc9fc248b841a91b97f42577a3c9c275d4494 Mon Sep 17 00:00:00 2001 From: dbw7 Date: Wed, 17 Sep 2025 16:52:05 +0200 Subject: [PATCH 02/25] Updates for EIB 1.3 (#269) Co-authored-by: dbw7 Co-committed-by: dbw7 Reviewed-on: https://src.opensuse.org/suse-edge/Factory/pulls/269 Reviewed-by: Denislav Prodanov --- edge-image-builder-image/Dockerfile | 8 ++++---- edge-image-builder/_service | 6 +++--- edge-image-builder/edge-image-builder.spec | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/edge-image-builder-image/Dockerfile b/edge-image-builder-image/Dockerfile index cad327a..392138b 100644 --- a/edge-image-builder-image/Dockerfile +++ b/edge-image-builder-image/Dockerfile @@ -1,5 +1,5 @@ -#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.3.0-rc0 -#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.3.0-rc0-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.3.0 +#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.3.0-%RELEASE% ARG SLE_VERSION FROM registry.suse.com/bci/bci-base:$SLE_VERSION MAINTAINER SUSE LLC (https://www.suse.com/) @@ -14,11 +14,11 @@ RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)" LABEL org.opencontainers.image.title="SLE edge-image-builder Container Image" LABEL org.opencontainers.image.description="edge-image-builder based on the SLE Base Container Image." -LABEL org.opencontainers.image.version="1.3.0-rc0" +LABEL org.opencontainers.image.version="1.3.0" LABEL org.opencontainers.image.url="https://www.suse.com/products/server/" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.3.0-rc0-%RELEASE%" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.3.0-%RELEASE%" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" diff --git a/edge-image-builder/_service b/edge-image-builder/_service index 6fe39df..0b243a5 100644 --- a/edge-image-builder/_service +++ b/edge-image-builder/_service @@ -3,11 +3,11 @@ https://github.com/suse-edge/edge-image-builder.git git .git - v1.3.0-rc0 + v1.3.0 - 1.3.0~rc0 + - + @PARENT_TAG@ v(\d+).(\d+).(\d+) \1.\2.\3 enable diff --git a/edge-image-builder/edge-image-builder.spec b/edge-image-builder/edge-image-builder.spec index e457b82..0da621b 100644 --- a/edge-image-builder/edge-image-builder.spec +++ b/edge-image-builder/edge-image-builder.spec @@ -17,7 +17,7 @@ Name: edge-image-builder -Version: 1.3.0~rc0 +Version: 1.3.0 Release: 0 Summary: Edge Image Builder License: Apache-2.0 -- 2.51.1 From 8eeb3b2a265efaa357c7aab2a964101a16046039e0e1534b99ed2aeb9aed59d4 Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Mon, 15 Sep 2025 19:09:28 +0300 Subject: [PATCH 03/25] rancher-turtles: update to 0.24.0 (cherry picked from commit 2ae659283a63f4b81538a2bb94abc96381d15f282dd4d25a12b5af09d105d22f) --- rancher-turtles-chart/Chart.yaml | 15 +- rancher-turtles-chart/README.md | 2 +- rancher-turtles-chart/RELEASE_NOTES.md | 42 +- .../charts/cluster-api-operator/.helmignore | 23 - .../charts/cluster-api-operator/Chart.yaml | 6 - .../templates/_helpers.tpl | 24 - .../cluster-api-operator/templates/addon.yaml | 60 - .../templates/bootstrap.yaml | 61 - .../templates/control-plane.yaml | 74 - .../templates/core-conditions.yaml | 36 - .../cluster-api-operator/templates/core.yaml | 68 - .../templates/deployment.yaml | 177 - .../templates/infra-conditions.yaml | 81 - .../cluster-api-operator/templates/infra.yaml | 87 - .../cluster-api-operator/templates/ipam.yaml | 77 - .../templates/operator-components.yaml | 28753 ---------------- .../charts/cluster-api-operator/values.yaml | 72 - rancher-turtles-chart/questions.yml | 11 +- .../templates/addon-provider-fleet.yaml | 14 + .../templates/clusterctl-config.yaml | 31 +- .../templates/core-provider.yaml | 5 +- .../templates/deployment.yaml | 12 +- .../templates/metal3-infrastructure.yaml | 58 +- .../templates/operator-crds.yaml | 13 + .../templates/post-upgrade-job.yaml | 90 +- .../templates/rancher-turtles-components.yaml | 36 +- .../rancher-turtles-exp-day2-components.yaml | 13 +- .../templates/rke2-bootstrap.yaml | 1 + .../templates/rke2-controlplane.yaml | 1 + rancher-turtles-chart/values.schema.json | 145 +- rancher-turtles-chart/values.yaml | 89 +- release-manifest-image/release_manifest.yaml | 2 +- 32 files changed, 334 insertions(+), 29845 deletions(-) delete mode 100644 rancher-turtles-chart/charts/cluster-api-operator/.helmignore delete mode 100644 rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml delete mode 100644 rancher-turtles-chart/charts/cluster-api-operator/templates/_helpers.tpl delete mode 100644 rancher-turtles-chart/charts/cluster-api-operator/templates/addon.yaml delete mode 100644 rancher-turtles-chart/charts/cluster-api-operator/templates/bootstrap.yaml delete mode 100644 rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml delete mode 100644 rancher-turtles-chart/charts/cluster-api-operator/templates/core-conditions.yaml delete mode 100644 rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml delete mode 100644 rancher-turtles-chart/charts/cluster-api-operator/templates/deployment.yaml delete mode 100644 rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml delete mode 100644 rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml delete mode 100644 rancher-turtles-chart/charts/cluster-api-operator/templates/ipam.yaml delete mode 100644 rancher-turtles-chart/charts/cluster-api-operator/templates/operator-components.yaml delete mode 100644 rancher-turtles-chart/charts/cluster-api-operator/values.yaml create mode 100644 rancher-turtles-chart/templates/operator-crds.yaml diff --git a/rancher-turtles-chart/Chart.yaml b/rancher-turtles-chart/Chart.yaml index f17efaa..8d06aac 100644 --- a/rancher-turtles-chart/Chart.yaml +++ b/rancher-turtles-chart/Chart.yaml @@ -1,5 +1,5 @@ -#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.5_up0.21.0 -#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.5_up0.21.0-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.6_up0.24.0 +#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.6_up0.24.0-%RELEASE% annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension @@ -7,17 +7,12 @@ annotations: catalog.cattle.io/namespace: rancher-turtles-system catalog.cattle.io/os: linux catalog.cattle.io/permits-os: linux - catalog.cattle.io/rancher-version: '>= 2.11.0-1' + catalog.cattle.io/rancher-version: '>= 2.12.1-0 < 2.13.0-0' catalog.cattle.io/release-name: rancher-turtles catalog.cattle.io/scope: management catalog.cattle.io/type: cluster-tool apiVersion: v2 -appVersion: 0.21.0 -dependencies: -- condition: cluster-api-operator.enabled - name: cluster-api-operator - repository: file://./charts/cluster-api-operator - version: 0.18.1 +appVersion: 0.24.0 description: Rancher Turtles is an extension to Rancher that brings full Cluster API integration to Rancher. home: https://github.com/rancher/turtles/ @@ -29,4 +24,4 @@ keywords: - provisioning name: rancher-turtles type: application -version: "%%CHART_MAJOR%%.0.5+up0.21.0" +version: "%%CHART_MAJOR%%.0.6+up0.24.0" diff --git a/rancher-turtles-chart/README.md b/rancher-turtles-chart/README.md index 74c4009..8b35298 100644 --- a/rancher-turtles-chart/README.md +++ b/rancher-turtles-chart/README.md @@ -1,5 +1,5 @@ # Rancher Turtles Chart -This chart installs the Rancher Turtles operator and optionally the Cluster API Operator using Helm. +This chart installs Rancher Turtles using Helm. Checkout the [documentation](https://turtles.docs.rancher.com) for further information. diff --git a/rancher-turtles-chart/RELEASE_NOTES.md b/rancher-turtles-chart/RELEASE_NOTES.md index e33ae51..c85d98c 100644 --- a/rancher-turtles-chart/RELEASE_NOTES.md +++ b/rancher-turtles-chart/RELEASE_NOTES.md @@ -1,6 +1,42 @@ -## Changes since examples/v0.21.0 ---- -## :chart_with_upwards_trend: Overview +## Highlights +* REPLACE ME + +## Deprecation Warning + +REPLACE ME: A couple sentences describing the deprecation, including links to docs. + +* [GitHub issue #REPLACE ME](REPLACE ME) + +## Changes since v0.24.0-rc.0 +## :chart_with_upwards_trend: Overview +- 10 new commits merged + +:book: Additionally, there has been 1 contribution to our documentation and book. (#1714) + +## :question: Sort these by hand +- Build-and-release: Add automation to release turtles in rancher/charts and rancher/rancher (#1663) +- Build-and-release: Doc: Add ADR for updated release process (#1660) +- Build-and-release: Test prime image build (#1710) +- CI: Display kind and docker version in e2e runs (#1707) +- Dependency: Bump forward CAPA to v2.9.1 patch release (#1713) +- Dependency: Chore(deps): Bump github.com/onsi/ginkgo/v2 from 2.25.2 to 2.25.3 in the testing-dependencies group (#1692) +- Dependency: Chore(deps): Bump the other-dependencies group with 2 updates (#1693) +- Testing: Test: cleanup import gitops suite/spec (#1704) +- Testing: Use providers charts in e2e (#1699) + +## Dependencies + +### Added +_Nothing has changed._ + +### Changed +- github.com/onsi/ginkgo/v2: [v2.25.2 → v2.25.3](https://github.com/onsi/ginkgo/compare/v2.25.2...v2.25.3) +- github.com/spf13/pflag: [v1.0.7 → v1.0.10](https://github.com/spf13/pflag/compare/v1.0.7...v1.0.10) +- golang.org/x/sync: v0.16.0 → v0.17.0 +- golang.org/x/text: v0.28.0 → v0.29.0 + +### Removed +_Nothing has changed._ _Thanks to all our contributors!_ 😊 diff --git a/rancher-turtles-chart/charts/cluster-api-operator/.helmignore b/rancher-turtles-chart/charts/cluster-api-operator/.helmignore deleted file mode 100644 index 1b9a9cc..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml b/rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml deleted file mode 100644 index 89742e5..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -appVersion: 0.18.1 -description: Cluster API Operator -name: cluster-api-operator -type: application -version: 0.18.1 diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/_helpers.tpl b/rancher-turtles-chart/charts/cluster-api-operator/templates/_helpers.tpl deleted file mode 100644 index 471367b..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/_helpers.tpl +++ /dev/null @@ -1,24 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "capi-operator.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "capi-operator.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/addon.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/addon.yaml deleted file mode 100644 index b82fd38..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/addon.yaml +++ /dev/null @@ -1,60 +0,0 @@ -# Addon provider -{{- if .Values.addon }} -{{- $addons := split ";" .Values.addon }} -{{- $addonNamespace := "" }} -{{- $addonName := "" }} -{{- $addonVersion := "" }} -{{- range $addon := $addons }} -{{- $addonArgs := split ":" $addon }} -{{- $addonArgsLen := len $addonArgs }} -{{- if eq $addonArgsLen 3 }} - {{- $addonNamespace = $addonArgs._0 }} - {{- $addonName = $addonArgs._1 }} - {{- $addonVersion = $addonArgs._2 }} -{{- else if eq $addonArgsLen 2 }} - {{- $addonNamespace = print $addonArgs._0 "-addon-system" }} - {{- $addonName = $addonArgs._0 }} - {{- $addonVersion = $addonArgs._1 }} -{{- else if eq $addonArgsLen 1 }} - {{- $addonNamespace = print $addonArgs._0 "-addon-system" }} - {{- $addonName = $addonArgs._0 }} -{{- else }} - {{- fail "addon provider argument should have the following format helm:v1.0.0 or mynamespace:helm:v1.0.0" }} -{{- end }} ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "1" - {{- end }} - "argocd.argoproj.io/sync-wave": "1" - name: {{ $addonNamespace }} ---- -apiVersion: operator.cluster.x-k8s.io/v1alpha2 -kind: AddonProvider -metadata: - name: {{ $addonName }} - namespace: {{ $addonNamespace }} - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "2" - {{- end }} - "argocd.argoproj.io/sync-wave": "2" -{{- if or $addonVersion $.Values.secretName }} -spec: -{{- end}} -{{- if $addonVersion }} - version: {{ $addonVersion }} -{{- end }} -{{- if $.Values.secretName }} - secretName: {{ $.Values.secretName }} -{{- end }} -{{- if $.Values.secretNamespace }} - secretNamespace: {{ $.Values.secretNamespace }} -{{- end }} -{{- end }} -{{- end }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/bootstrap.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/bootstrap.yaml deleted file mode 100644 index 3a002a8..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/bootstrap.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# Bootstrap provider -{{- if .Values.bootstrap }} -{{- $bootstraps := split ";" .Values.bootstrap }} -{{- $bootstrapNamespace := "" }} -{{- $bootstrapName := "" }} -{{- $bootstrapVersion := "" }} -{{- range $bootstrap := $bootstraps }} -{{- $bootstrapArgs := split ":" $bootstrap }} -{{- $bootstrapArgsLen := len $bootstrapArgs }} -{{- if eq $bootstrapArgsLen 3 }} - {{- $bootstrapNamespace = $bootstrapArgs._0 }} - {{- $bootstrapName = $bootstrapArgs._1 }} - {{- $bootstrapVersion = $bootstrapArgs._2 }} -{{- else if eq $bootstrapArgsLen 2 }} - {{- $bootstrapNamespace = print $bootstrapArgs._0 "-bootstrap-system" }} - {{- $bootstrapName = $bootstrapArgs._0 }} - {{- $bootstrapVersion = $bootstrapArgs._1 }} -{{- else if eq $bootstrapArgsLen 1 }} - {{- $bootstrapNamespace = print $bootstrapArgs._0 "-bootstrap-system" }} - {{- $bootstrapName = $bootstrapArgs._0 }} -{{- else }} - {{- fail "bootstrap provider argument should have the following format kubeadm:v1.0.0 or mynamespace:kubeadm:v1.0.0" }} -{{- end }} ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "1" - {{- end }} - "argocd.argoproj.io/sync-wave": "1" - name: {{ $bootstrapNamespace }} ---- -apiVersion: operator.cluster.x-k8s.io/v1alpha2 -kind: BootstrapProvider -metadata: - name: {{ $bootstrapName }} - namespace: {{ $bootstrapNamespace }} - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "2" - {{- end }} - "argocd.argoproj.io/sync-wave": "2" -{{- if or $bootstrapVersion $.Values.configSecret.name }} -spec: -{{- end}} -{{- if $bootstrapVersion }} - version: {{ $bootstrapVersion }} -{{- end }} -{{- if $.Values.configSecret.name }} - configSecret: - name: {{ $.Values.configSecret.name }} - {{- if $.Values.configSecret.namespace }} - namespace: {{ $.Values.configSecret.namespace }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml deleted file mode 100644 index c20b029..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml +++ /dev/null @@ -1,74 +0,0 @@ -# Control plane provider -{{- if .Values.controlPlane }} -{{- $controlPlanes := split ";" .Values.controlPlane }} -{{- $controlPlaneNamespace := "" }} -{{- $controlPlaneName := "" }} -{{- $controlPlaneVersion := "" }} -{{- range $controlPlane := $controlPlanes }} -{{- $controlPlaneArgs := split ":" $controlPlane }} -{{- $controlPlaneArgsLen := len $controlPlaneArgs }} -{{- if eq $controlPlaneArgsLen 3 }} - {{- $controlPlaneNamespace = $controlPlaneArgs._0 }} - {{- $controlPlaneName = $controlPlaneArgs._1 }} - {{- $controlPlaneVersion = $controlPlaneArgs._2 }} -{{- else if eq $controlPlaneArgsLen 2 }} - {{- $controlPlaneNamespace = print $controlPlaneArgs._0 "-control-plane-system" }} - {{- $controlPlaneName = $controlPlaneArgs._0 }} - {{- $controlPlaneVersion = $controlPlaneArgs._1 }} -{{- else if eq $controlPlaneArgsLen 1 }} - {{- $controlPlaneNamespace = print $controlPlaneArgs._0 "-control-plane-system" }} - {{- $controlPlaneName = $controlPlaneArgs._0 }} -{{- else }} - {{- fail "controlplane provider argument should have the following format kubeadm:v1.0.0 or mynamespace:kubeadm:v1.0.0" }} -{{- end }} ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "1" - {{- end }} - "argocd.argoproj.io/sync-wave": "1" - name: {{ $controlPlaneNamespace }} ---- -apiVersion: operator.cluster.x-k8s.io/v1alpha2 -kind: ControlPlaneProvider -metadata: - name: {{ $controlPlaneName }} - namespace: {{ $controlPlaneNamespace }} - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "2" - {{- end }} - "argocd.argoproj.io/sync-wave": "2" -{{- if or $controlPlaneVersion $.Values.configSecret.name $.Values.manager }} -spec: -{{- end}} -{{- if $controlPlaneVersion }} - version: {{ $controlPlaneVersion }} -{{- end }} -{{- if $.Values.manager }} -{{- if hasKey $.Values.manager.featureGates $controlPlaneName }} - manager: -{{- range $key, $value := $.Values.manager.featureGates }} - {{- if eq $key $controlPlaneName }} - featureGates: - {{- range $k, $v := $value }} - {{ $k }}: {{ $v }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- if $.Values.configSecret.name }} - configSecret: - name: {{ $.Values.configSecret.name }} - {{- if $.Values.configSecret.namespace }} - namespace: {{ $.Values.configSecret.namespace }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/core-conditions.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/core-conditions.yaml deleted file mode 100644 index 61e86d2..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/core-conditions.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if or .Values.addon .Values.bootstrap .Values.controlPlane .Values.infrastructure .Values.ipam }} -# Deploy core components if not specified -{{- if not .Values.core }} ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "1" - {{- end }} - "argocd.argoproj.io/sync-wave": "1" - name: capi-system ---- -apiVersion: operator.cluster.x-k8s.io/v1alpha2 -kind: CoreProvider -metadata: - name: cluster-api - namespace: capi-system - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "2" - {{- end }} - "argocd.argoproj.io/sync-wave": "2" -{{- with .Values.configSecret }} -spec: - configSecret: - name: {{ .name }} - {{- if .namespace }} - namespace: {{ .namespace }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml deleted file mode 100644 index f117eff..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# Core provider -{{- if .Values.core }} -{{- $coreArgs := split ":" .Values.core }} -{{- $coreArgsLen := len $coreArgs }} -{{- $coreVersion := "" }} -{{- $coreNamespace := "" }} -{{- $coreName := "" }} -{{- $coreVersion := "" }} -{{- if eq $coreArgsLen 3 }} - {{- $coreNamespace = $coreArgs._0 }} - {{- $coreName = $coreArgs._1 }} - {{- $coreVersion = $coreArgs._2 }} -{{- else if eq $coreArgsLen 2 }} - {{- $coreNamespace = "capi-system" }} - {{- $coreName = $coreArgs._0 }} - {{- $coreVersion = $coreArgs._1 }} -{{- else if eq $coreArgsLen 1 }} - {{- $coreNamespace = "capi-system" }} - {{- $coreName = $coreArgs._0 }} -{{- else }} - {{- fail "core provider argument should have the following format cluster-api:v1.0.0 or mynamespace:cluster-api:v1.0.0" }} -{{- end }} ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "1" - {{- end }} - "argocd.argoproj.io/sync-wave": "1" - name: {{ $coreNamespace }} ---- -apiVersion: operator.cluster.x-k8s.io/v1alpha2 -kind: CoreProvider -metadata: - name: {{ $coreName }} - namespace: {{ $coreNamespace }} - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "2" - {{- end }} - "argocd.argoproj.io/sync-wave": "2" -{{- if or $coreVersion $.Values.configSecret.name $.Values.manager }} -spec: -{{- end}} -{{- if $coreVersion }} - version: {{ $coreVersion }} -{{- end }} -{{- if $.Values.manager }} -{{- if and $.Values.manager.featureGates $.Values.manager.featureGates.core }} - manager: - featureGates: - {{- range $key, $value := $.Values.manager.featureGates.core }} - {{ $key }}: {{ $value }} - {{- end }} -{{- end }} -{{- end }} -{{- if $.Values.configSecret.name }} - configSecret: - name: {{ $.Values.configSecret.name }} - {{- if $.Values.configSecret.namespace }} - namespace: {{ $.Values.configSecret.namespace }} - {{- end }} -{{- end }} -{{- end }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/deployment.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/deployment.yaml deleted file mode 100644 index f8af47c..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/deployment.yaml +++ /dev/null @@ -1,177 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "capi-operator.fullname" . }} - namespace: '{{ .Release.Namespace }}' - labels: - app: {{ template "capi-operator.name" . }} - app.kubernetes.io/name: {{ template "capi-operator.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: "controller" - control-plane: controller-manager - clusterctl.cluster.x-k8s.io/core: capi-operator - {{- with .Values.deploymentLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.deploymentAnnotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "capi-operator.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: "controller" - control-plane: controller-manager - clusterctl.cluster.x-k8s.io/core: capi-operator - {{- with .Values.strategy }} - strategy: - {{- toYaml . | nindent 4 }} - {{- end }} - template: - metadata: - labels: - app: {{ template "capi-operator.name" . }} - app.kubernetes.io/name: {{ template "capi-operator.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: "controller" - control-plane: controller-manager - clusterctl.cluster.x-k8s.io/core: capi-operator - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - serviceAccountName: capi-operator-manager - automountServiceAccountToken: true - {{- with .Values.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - args: - {{- if .Values.logLevel }} - - --v={{ .Values.logLevel }} - {{- end }} - {{- if .Values.healthAddr }} - - --health-addr={{ .Values.healthAddr }} - {{- end }} - {{- if .Values.diagnosticsAddress }} - - --diagnostics-address={{ .Values.diagnosticsAddress }} - {{- end }} - {{- if .Values.insecureDiagnostics }} - - --insecure-diagnostics={{ .Values.insecureDiagnostics }} - {{- end }} - {{- if .Values.watchConfigSecret }} - - --watch-configsecret - {{- end }} - {{- with .Values.leaderElection }} - - --leader-elect={{ .enabled }} - {{- if .leaseDuration }} - - --leader-elect-lease-duration={{ .leaseDuration }} - {{- end }} - {{- if .renewDeadline }} - - --leader-elect-renew-deadline={{ .renewDeadline }} - {{- end }} - {{- if .retryPeriod }} - - --leader-elect-retry-period={{ .retryPeriod }} - {{- end }} - {{- end }} - command: - - /manager - {{- with .Values.image.manager }} - image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}" - {{- end }} - imagePullPolicy: {{ .Values.image.manager.pullPolicy }} - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - {{- if $.Values.diagnosticsAddress }} - {{- $diagnosticsPort := $.Values.diagnosticsAddress }} - {{- if contains ":" $diagnosticsPort -}} - {{ $diagnosticsPort = ( split ":" $.Values.diagnosticsAddress)._1 | int }} - {{- end }} - - containerPort: {{ $diagnosticsPort | int }} - name: metrics - protocol: TCP - {{- end }} - {{- with .Values.resources.manager }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.env.manager }} - env: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.containerSecurityContext.manager }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.volumeMounts.manager }} - volumeMounts: - {{- toYaml . | nindent 12 }} - {{- end }} - terminationMessagePolicy: FallbackToLogsOnError - {{- $healthAddr := $.Values.healthAddr }} - {{- if contains ":" $healthAddr -}} - {{ $healthAddr = ( split ":" $.Values.healthAddr)._1 | int }} - {{- end }} - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: {{ $healthAddr | default 9440 }} - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 20 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: {{ $healthAddr | default 9440 }} - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - terminationGracePeriodSeconds: 10 - {{- with .Values.volumes }} - volumes: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.podDnsPolicy }} - dnsPolicy: {{ . }} - {{- end }} - {{- with .Values.podDnsConfig }} - dnsConfig: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml deleted file mode 100644 index 2b38694..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if .Values.infrastructure }} - -# Deploy bootstrap, and infrastructure components if not specified -{{- if not .Values.bootstrap }} ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "1" - {{- end }} - "argocd.argoproj.io/sync-wave": "1" - name: capi-kubeadm-bootstrap-system ---- -apiVersion: operator.cluster.x-k8s.io/v1alpha2 -kind: BootstrapProvider -metadata: - name: kubeadm - namespace: capi-kubeadm-bootstrap-system - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "2" - {{- end }} - "argocd.argoproj.io/sync-wave": "2" -{{- with .Values.configSecret }} -spec: - configSecret: - name: {{ .name }} - {{- if .namespace }} - namespace: {{ .namespace }} - {{- end }} -{{- end }} -{{- end }} - -{{- if not .Values.controlPlane }} ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "1" - {{- end }} - "argocd.argoproj.io/sync-wave": "1" - name: capi-kubeadm-control-plane-system ---- -apiVersion: operator.cluster.x-k8s.io/v1alpha2 -kind: ControlPlaneProvider -metadata: - name: kubeadm - namespace: capi-kubeadm-control-plane-system - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "2" - {{- end }} - "argocd.argoproj.io/sync-wave": "2" -{{- with .Values.configSecret }} -spec: -{{- if $.Values.manager }} -{{- if and $.Values.manager.featureGates $.Values.manager.featureGates.kubeadm }} - manager: - featureGates: - {{- range $key, $value := $.Values.manager.featureGates.kubeadm }} - {{ $key }}: {{ $value }} - {{- end }} -{{- end }} -{{- end }} - configSecret: - name: {{ .name }} - {{- if .namespace }} - namespace: {{ .namespace }} - {{- end }} -{{- end }} -{{- end }} - -{{- end }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml deleted file mode 100644 index 1a183e0..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml +++ /dev/null @@ -1,87 +0,0 @@ -# Infrastructure providers -{{- if .Values.infrastructure }} -{{- $infrastructures := split ";" .Values.infrastructure }} -{{- $infrastructureNamespace := "" }} -{{- $infrastructureName := "" }} -{{- $infrastructureVersion := "" }} -{{- range $infrastructure := $infrastructures }} -{{- $infrastructureArgs := split ":" $infrastructure }} -{{- $infrastructureArgsLen := len $infrastructureArgs }} -{{- if eq $infrastructureArgsLen 3 }} - {{- $infrastructureNamespace = $infrastructureArgs._0 }} - {{- $infrastructureName = $infrastructureArgs._1 }} - {{- $infrastructureVersion = $infrastructureArgs._2 }} -{{- else if eq $infrastructureArgsLen 2 }} - {{- $infrastructureNamespace = print $infrastructureArgs._0 "-infrastructure-system" }} - {{- $infrastructureName = $infrastructureArgs._0 }} - {{- $infrastructureVersion = $infrastructureArgs._1 }} -{{- else if eq $infrastructureArgsLen 1 }} - {{- $infrastructureNamespace = print $infrastructureArgs._0 "-infrastructure-system" }} - {{- $infrastructureName = $infrastructureArgs._0 }} -{{- else }} - {{- fail "infrastructure provider argument should have the following format aws:v1.0.0 or mynamespace:aws:v1.0.0" }} -{{- end }} ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "1" - {{- end }} - "argocd.argoproj.io/sync-wave": "1" - name: {{ $infrastructureNamespace }} ---- -apiVersion: operator.cluster.x-k8s.io/v1alpha2 -kind: InfrastructureProvider -metadata: - name: {{ $infrastructureName }} - namespace: {{ $infrastructureNamespace }} - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "2" - {{- end }} - "argocd.argoproj.io/sync-wave": "2" -{{- if or $infrastructureVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }} -spec: -{{- end }} -{{- if $infrastructureVersion }} - version: {{ $infrastructureVersion }} -{{- end }} -{{- if $.Values.manager }} -{{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $infrastructureName) }} - manager: -{{- range $key, $value := $.Values.manager.featureGates }} - {{- if eq $key $infrastructureName }} - featureGates: - {{- range $k, $v := $value }} - {{ $k }}: {{ $v }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- if and (kindIs "map" $.Values.fetchConfig) (hasKey $.Values.fetchConfig $infrastructureName) }} -{{- range $key, $value := $.Values.fetchConfig }} - {{- if eq $key $infrastructureName }} - fetchConfig: - {{- range $k, $v := $value }} - {{ $k }}: {{ $v }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- if $.Values.configSecret.name }} - configSecret: - name: {{ $.Values.configSecret.name }} - {{- if $.Values.configSecret.namespace }} - namespace: {{ $.Values.configSecret.namespace }} - {{- end }} -{{- end }} -{{- if $.Values.additionalDeployments }} - additionalDeployments: {{ toYaml $.Values.additionalDeployments | nindent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/ipam.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/ipam.yaml deleted file mode 100644 index f3b7311..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/ipam.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# IPAM providers -{{- if .Values.ipam }} -{{- $ipams := split ";" .Values.ipam }} -{{- $ipamNamespace := "" }} -{{- $ipamName := "" }} -{{- $ipamVersion := "" }} -{{- range $ipam := $ipams }} -{{- $ipamArgs := split ":" $ipam }} -{{- $ipamArgsLen := len $ipamArgs }} -{{- if eq $ipamArgsLen 3 }} - {{- $ipamNamespace = $ipamArgs._0 }} - {{- $ipamName = $ipamArgs._1 }} - {{- $ipamVersion = $ipamArgs._2 }} -{{- else if eq $ipamArgsLen 2 }} - {{- $ipamNamespace = print $ipamArgs._0 "-ipam-system" }} - {{- $ipamName = $ipamArgs._0 }} - {{- $ipamVersion = $ipamArgs._1 }} -{{- else if eq $ipamArgsLen 1 }} - {{- $ipamNamespace = print $ipamArgs._0 "-ipam-system" }} - {{- $ipamName = $ipamArgs._0 }} -{{- else }} - {{- fail "ipam provider argument should have the following format in-cluster:v1.0.0 or mynamespace:in-cluster:v1.0.0" }} -{{- end }} ---- -apiVersion: v1 -kind: Namespace -metadata: - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "1" - {{- end }} - "argocd.argoproj.io/sync-wave": "1" - name: {{ $ipamNamespace }} ---- -apiVersion: operator.cluster.x-k8s.io/v1alpha2 -kind: IPAMProvider -metadata: - name: {{ $ipamName }} - namespace: {{ $ipamNamespace }} - annotations: - {{- if $.Values.enableHelmHook }} - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "2" - {{- end }} - "argocd.argoproj.io/sync-wave": "2" -{{- if or $ipamVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }} -spec: -{{- end }} -{{- if $ipamVersion }} - version: {{ $ipamVersion }} -{{- end }} -{{- if $.Values.manager }} -{{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $ipamName) }} - manager: -{{- range $key, $value := $.Values.manager.featureGates }} - {{- if eq $key $ipamName }} - featureGates: - {{- range $k, $v := $value }} - {{ $k }}: {{ $v }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- if $.Values.configSecret.name }} - configSecret: - name: {{ $.Values.configSecret.name }} - {{- if $.Values.configSecret.namespace }} - namespace: {{ $.Values.configSecret.namespace }} - {{- end }} -{{- end }} -{{- if $.Values.additionalDeployments }} - additionalDeployments: {{ toYaml $.Values.additionalDeployments | nindent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/operator-components.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/operator-components.yaml deleted file mode 100644 index c04c850..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/operator-components.yaml +++ /dev/null @@ -1,28753 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.16.1 - helm.sh/resource-policy: keep - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: addonproviders.operator.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /convert - conversionReviewVersions: - - v1 - - v1alpha1 - group: operator.cluster.x-k8s.io - names: - kind: AddonProvider - listKind: AddonProviderList - plural: addonproviders - shortNames: - - caap - singular: addonprovider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.installedVersion - name: InstalledVersion - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: AddonProvider is the Schema for the addonproviders API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: AddonProviderSpec defines the desired state of AddonProvider. - properties: - additionalDeployments: - additionalProperties: - description: |- - AdditionalDeployments defines the properties that can be enabled on the controller - manager and deployment for the provider if the provider is managing additional deployments. - properties: - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the additional provider deployment. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules - (e.g. co-locate this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set - in the container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the - Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to - distinguish between explicit zero and not specified. Defaults - to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - manager: - description: Manager defines the properties that can be enabled - on the controller manager for the additional provider deployment. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should - be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - type: object - description: |- - AdditionalDeployments is a map of additional deployments that the provider - should manage. The key is the name of the deployment and the value is the - DeploymentSpec. - type: object - additionalManifests: - description: |- - AdditionalManifests is reference to configmap that contains additional manifests that will be applied - together with the provider components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the - namespace of the provider will be used. There is no validation of the yaml content inside the configmap. - properties: - name: - description: Name defines the name of the configmap. - type: string - namespace: - description: Namespace defines the namespace of the configmap. - type: string - required: - - name - type: object - configSecret: - description: |- - ConfigSecret is the object with name and namespace of the Secret providing - the configuration variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider components. - The contents of the secret will be treated as immutable. If changes need - to be made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must be in - the same namespace as the provider. - properties: - name: - description: Name defines the name of the secret. - type: string - namespace: - description: Namespace defines the namespace of the secret. - type: string - required: - - name - type: object - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the provider. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - fetchConfig: - description: |- - FetchConfig determines how the operator will fetch the components and metadata for the provider. - If nil, the operator will try to fetch components according to default - embedded fetch configuration for the given kind and `ObjectMeta.Name`. - For example, the infrastructure name `aws` will fetch artifacts from - https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. - properties: - oci: - description: |- - OCI to be used for fetching the provider’s components and metadata from an OCI artifact. - You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. - If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. - type: string - selector: - description: |- - Selector to be used for fetching provider’s components and metadata from - ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain - components and metadata for a specific version only. - Note: the name of the ConfigMap should be set to the version or to override this - add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - url: - description: |- - URL to be used for fetching the provider’s components and metadata from a remote Github repository. - For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick up - desired version of the release from GitHub. - type: string - type: object - x-kubernetes-validations: - - message: Must specify one and only one of {oci, url, selector} - rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' - manager: - description: Manager defines the properties that can be enabled on - the controller manager for the provider. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - manifestPatches: - description: |- - ManifestPatches are applied to rendered provider manifests to customize the - provider manifests. Patches are applied in the order they are specified. - The `kind` field must match the target object, and - if `apiVersion` is specified it will only be applied to matching objects. - This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 - items: - type: string - type: array - version: - description: Version indicates the provider version. - type: string - type: object - status: - description: AddonProviderStatus defines the observed state of AddonProvider. - properties: - conditions: - description: Conditions define the current service state of the provider. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - contract: - description: |- - Contract will contain the core provider contract that the provider is - abiding by, like e.g. v1alpha4. - type: string - installedVersion: - description: InstalledVersion is the version of the provider that - is installed. - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.16.1 - helm.sh/resource-policy: keep - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: bootstrapproviders.operator.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /convert - conversionReviewVersions: - - v1 - - v1alpha1 - group: operator.cluster.x-k8s.io - names: - kind: BootstrapProvider - listKind: BootstrapProviderList - plural: bootstrapproviders - shortNames: - - cabp - singular: bootstrapprovider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.installedVersion - name: InstalledVersion - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - deprecated: true - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - BootstrapProvider is the Schema for the bootstrapproviders API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: BootstrapProviderSpec defines the desired state of BootstrapProvider. - properties: - additionalManifests: - description: |- - AdditionalManifests is reference to configmap that contains additional manifests that will be applied - together with the provider components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the - namespace of the provider will be used. There is no validation of the yaml content inside the configmap. - properties: - name: - description: Name defines the name of the configmap. - type: string - namespace: - description: Namespace defines the namespace of the configmap. - type: string - required: - - name - type: object - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the provider. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - image: - description: Container Image Name - properties: - name: - description: Name allows to specify a name for the image. - type: string - repository: - description: Repository sets the container registry - to pull images from. - type: string - tag: - description: Tag allows to specify a tag for the image. - type: string - type: object - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - fetchConfig: - description: |- - FetchConfig determines how the operator will fetch the components and metadata for the provider. - If nil, the operator will try to fetch components according to default - embedded fetch configuration for the given kind and `ObjectMeta.Name`. - For example, the infrastructure name `aws` will fetch artifacts from - https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. - properties: - selector: - description: |- - Selector to be used for fetching provider’s components and metadata from - ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain - components and metadata for a specific version only. - Note: the name of the ConfigMap should be set to the version or to override this - add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - url: - description: |- - URL to be used for fetching the provider’s components and metadata from a remote Github repository. - For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick up - desired version of the release from GitHub. - type: string - type: object - manager: - description: Manager defines the properties that can be enabled on - the controller manager for the provider. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - secretName: - description: |- - SecretName is the name of the Secret providing the configuration - variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider components. - The contents of the secret will be treated as immutable. If changes need - to be made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must be in - the same namespace as the provider. - type: string - secretNamespace: - description: |- - SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified, - the namespace of the provider will be used. - type: string - version: - description: Version indicates the provider version. - type: string - type: object - status: - description: BootstrapProviderStatus defines the observed state of BootstrapProvider. - properties: - conditions: - description: Conditions define the current service state of the provider. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - contract: - description: |- - Contract will contain the core provider contract that the provider is - abiding by, like e.g. v1alpha4. - type: string - installedVersion: - description: InstalledVersion is the version of the provider that - is installed. - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.installedVersion - name: InstalledVersion - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: BootstrapProvider is the Schema for the bootstrapproviders API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: BootstrapProviderSpec defines the desired state of BootstrapProvider. - properties: - additionalDeployments: - additionalProperties: - description: |- - AdditionalDeployments defines the properties that can be enabled on the controller - manager and deployment for the provider if the provider is managing additional deployments. - properties: - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the additional provider deployment. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules - (e.g. co-locate this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set - in the container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the - Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to - distinguish between explicit zero and not specified. Defaults - to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - manager: - description: Manager defines the properties that can be enabled - on the controller manager for the additional provider deployment. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should - be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - type: object - description: |- - AdditionalDeployments is a map of additional deployments that the provider - should manage. The key is the name of the deployment and the value is the - DeploymentSpec. - type: object - additionalManifests: - description: |- - AdditionalManifests is reference to configmap that contains additional manifests that will be applied - together with the provider components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the - namespace of the provider will be used. There is no validation of the yaml content inside the configmap. - properties: - name: - description: Name defines the name of the configmap. - type: string - namespace: - description: Namespace defines the namespace of the configmap. - type: string - required: - - name - type: object - configSecret: - description: |- - ConfigSecret is the object with name and namespace of the Secret providing - the configuration variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider components. - The contents of the secret will be treated as immutable. If changes need - to be made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must be in - the same namespace as the provider. - properties: - name: - description: Name defines the name of the secret. - type: string - namespace: - description: Namespace defines the namespace of the secret. - type: string - required: - - name - type: object - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the provider. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - fetchConfig: - description: |- - FetchConfig determines how the operator will fetch the components and metadata for the provider. - If nil, the operator will try to fetch components according to default - embedded fetch configuration for the given kind and `ObjectMeta.Name`. - For example, the infrastructure name `aws` will fetch artifacts from - https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. - properties: - oci: - description: |- - OCI to be used for fetching the provider’s components and metadata from an OCI artifact. - You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. - If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. - type: string - selector: - description: |- - Selector to be used for fetching provider’s components and metadata from - ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain - components and metadata for a specific version only. - Note: the name of the ConfigMap should be set to the version or to override this - add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - url: - description: |- - URL to be used for fetching the provider’s components and metadata from a remote Github repository. - For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick up - desired version of the release from GitHub. - type: string - type: object - x-kubernetes-validations: - - message: Must specify one and only one of {oci, url, selector} - rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' - manager: - description: Manager defines the properties that can be enabled on - the controller manager for the provider. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - manifestPatches: - description: |- - ManifestPatches are applied to rendered provider manifests to customize the - provider manifests. Patches are applied in the order they are specified. - The `kind` field must match the target object, and - if `apiVersion` is specified it will only be applied to matching objects. - This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 - items: - type: string - type: array - version: - description: Version indicates the provider version. - type: string - type: object - status: - description: BootstrapProviderStatus defines the observed state of BootstrapProvider. - properties: - conditions: - description: Conditions define the current service state of the provider. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - contract: - description: |- - Contract will contain the core provider contract that the provider is - abiding by, like e.g. v1alpha4. - type: string - installedVersion: - description: InstalledVersion is the version of the provider that - is installed. - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.16.1 - helm.sh/resource-policy: keep - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: controlplaneproviders.operator.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /convert - conversionReviewVersions: - - v1 - - v1alpha1 - group: operator.cluster.x-k8s.io - names: - kind: ControlPlaneProvider - listKind: ControlPlaneProviderList - plural: controlplaneproviders - shortNames: - - cacpp - singular: controlplaneprovider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.installedVersion - name: InstalledVersion - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - deprecated: true - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - ControlPlaneProvider is the Schema for the controlplaneproviders API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ControlPlaneProviderSpec defines the desired state of ControlPlaneProvider. - properties: - additionalManifests: - description: |- - AdditionalManifests is reference to configmap that contains additional manifests that will be applied - together with the provider components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the - namespace of the provider will be used. There is no validation of the yaml content inside the configmap. - properties: - name: - description: Name defines the name of the configmap. - type: string - namespace: - description: Namespace defines the namespace of the configmap. - type: string - required: - - name - type: object - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the provider. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - image: - description: Container Image Name - properties: - name: - description: Name allows to specify a name for the image. - type: string - repository: - description: Repository sets the container registry - to pull images from. - type: string - tag: - description: Tag allows to specify a tag for the image. - type: string - type: object - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - fetchConfig: - description: |- - FetchConfig determines how the operator will fetch the components and metadata for the provider. - If nil, the operator will try to fetch components according to default - embedded fetch configuration for the given kind and `ObjectMeta.Name`. - For example, the infrastructure name `aws` will fetch artifacts from - https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. - properties: - selector: - description: |- - Selector to be used for fetching provider’s components and metadata from - ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain - components and metadata for a specific version only. - Note: the name of the ConfigMap should be set to the version or to override this - add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - url: - description: |- - URL to be used for fetching the provider’s components and metadata from a remote Github repository. - For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick up - desired version of the release from GitHub. - type: string - type: object - manager: - description: Manager defines the properties that can be enabled on - the controller manager for the provider. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - secretName: - description: |- - SecretName is the name of the Secret providing the configuration - variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider components. - The contents of the secret will be treated as immutable. If changes need - to be made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must be in - the same namespace as the provider. - type: string - secretNamespace: - description: |- - SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified, - the namespace of the provider will be used. - type: string - version: - description: Version indicates the provider version. - type: string - type: object - status: - description: ControlPlaneProviderStatus defines the observed state of - ControlPlaneProvider. - properties: - conditions: - description: Conditions define the current service state of the provider. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - contract: - description: |- - Contract will contain the core provider contract that the provider is - abiding by, like e.g. v1alpha4. - type: string - installedVersion: - description: InstalledVersion is the version of the provider that - is installed. - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.installedVersion - name: InstalledVersion - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: ControlPlaneProvider is the Schema for the controlplaneproviders - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ControlPlaneProviderSpec defines the desired state of ControlPlaneProvider. - properties: - additionalDeployments: - additionalProperties: - description: |- - AdditionalDeployments defines the properties that can be enabled on the controller - manager and deployment for the provider if the provider is managing additional deployments. - properties: - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the additional provider deployment. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules - (e.g. co-locate this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set - in the container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the - Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to - distinguish between explicit zero and not specified. Defaults - to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - manager: - description: Manager defines the properties that can be enabled - on the controller manager for the additional provider deployment. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should - be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - type: object - description: |- - AdditionalDeployments is a map of additional deployments that the provider - should manage. The key is the name of the deployment and the value is the - DeploymentSpec. - type: object - additionalManifests: - description: |- - AdditionalManifests is reference to configmap that contains additional manifests that will be applied - together with the provider components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the - namespace of the provider will be used. There is no validation of the yaml content inside the configmap. - properties: - name: - description: Name defines the name of the configmap. - type: string - namespace: - description: Namespace defines the namespace of the configmap. - type: string - required: - - name - type: object - configSecret: - description: |- - ConfigSecret is the object with name and namespace of the Secret providing - the configuration variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider components. - The contents of the secret will be treated as immutable. If changes need - to be made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must be in - the same namespace as the provider. - properties: - name: - description: Name defines the name of the secret. - type: string - namespace: - description: Namespace defines the namespace of the secret. - type: string - required: - - name - type: object - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the provider. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - fetchConfig: - description: |- - FetchConfig determines how the operator will fetch the components and metadata for the provider. - If nil, the operator will try to fetch components according to default - embedded fetch configuration for the given kind and `ObjectMeta.Name`. - For example, the infrastructure name `aws` will fetch artifacts from - https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. - properties: - oci: - description: |- - OCI to be used for fetching the provider’s components and metadata from an OCI artifact. - You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. - If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. - type: string - selector: - description: |- - Selector to be used for fetching provider’s components and metadata from - ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain - components and metadata for a specific version only. - Note: the name of the ConfigMap should be set to the version or to override this - add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - url: - description: |- - URL to be used for fetching the provider’s components and metadata from a remote Github repository. - For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick up - desired version of the release from GitHub. - type: string - type: object - x-kubernetes-validations: - - message: Must specify one and only one of {oci, url, selector} - rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' - manager: - description: Manager defines the properties that can be enabled on - the controller manager for the provider. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - manifestPatches: - description: |- - ManifestPatches are applied to rendered provider manifests to customize the - provider manifests. Patches are applied in the order they are specified. - The `kind` field must match the target object, and - if `apiVersion` is specified it will only be applied to matching objects. - This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 - items: - type: string - type: array - version: - description: Version indicates the provider version. - type: string - type: object - status: - description: ControlPlaneProviderStatus defines the observed state of - ControlPlaneProvider. - properties: - conditions: - description: Conditions define the current service state of the provider. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - contract: - description: |- - Contract will contain the core provider contract that the provider is - abiding by, like e.g. v1alpha4. - type: string - installedVersion: - description: InstalledVersion is the version of the provider that - is installed. - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.16.1 - helm.sh/resource-policy: keep - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: coreproviders.operator.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /convert - conversionReviewVersions: - - v1 - - v1alpha1 - group: operator.cluster.x-k8s.io - names: - kind: CoreProvider - listKind: CoreProviderList - plural: coreproviders - shortNames: - - cacp - singular: coreprovider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.installedVersion - name: InstalledVersion - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - deprecated: true - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - CoreProvider is the Schema for the coreproviders API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: CoreProviderSpec defines the desired state of CoreProvider. - properties: - additionalManifests: - description: |- - AdditionalManifests is reference to configmap that contains additional manifests that will be applied - together with the provider components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the - namespace of the provider will be used. There is no validation of the yaml content inside the configmap. - properties: - name: - description: Name defines the name of the configmap. - type: string - namespace: - description: Namespace defines the namespace of the configmap. - type: string - required: - - name - type: object - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the provider. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - image: - description: Container Image Name - properties: - name: - description: Name allows to specify a name for the image. - type: string - repository: - description: Repository sets the container registry - to pull images from. - type: string - tag: - description: Tag allows to specify a tag for the image. - type: string - type: object - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - fetchConfig: - description: |- - FetchConfig determines how the operator will fetch the components and metadata for the provider. - If nil, the operator will try to fetch components according to default - embedded fetch configuration for the given kind and `ObjectMeta.Name`. - For example, the infrastructure name `aws` will fetch artifacts from - https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. - properties: - selector: - description: |- - Selector to be used for fetching provider’s components and metadata from - ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain - components and metadata for a specific version only. - Note: the name of the ConfigMap should be set to the version or to override this - add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - url: - description: |- - URL to be used for fetching the provider’s components and metadata from a remote Github repository. - For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick up - desired version of the release from GitHub. - type: string - type: object - manager: - description: Manager defines the properties that can be enabled on - the controller manager for the provider. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - secretName: - description: |- - SecretName is the name of the Secret providing the configuration - variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider components. - The contents of the secret will be treated as immutable. If changes need - to be made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must be in - the same namespace as the provider. - type: string - secretNamespace: - description: |- - SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified, - the namespace of the provider will be used. - type: string - version: - description: Version indicates the provider version. - type: string - type: object - status: - description: CoreProviderStatus defines the observed state of CoreProvider. - properties: - conditions: - description: Conditions define the current service state of the provider. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - contract: - description: |- - Contract will contain the core provider contract that the provider is - abiding by, like e.g. v1alpha4. - type: string - installedVersion: - description: InstalledVersion is the version of the provider that - is installed. - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.installedVersion - name: InstalledVersion - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: CoreProvider is the Schema for the coreproviders API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: CoreProviderSpec defines the desired state of CoreProvider. - properties: - additionalDeployments: - additionalProperties: - description: |- - AdditionalDeployments defines the properties that can be enabled on the controller - manager and deployment for the provider if the provider is managing additional deployments. - properties: - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the additional provider deployment. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules - (e.g. co-locate this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set - in the container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the - Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to - distinguish between explicit zero and not specified. Defaults - to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - manager: - description: Manager defines the properties that can be enabled - on the controller manager for the additional provider deployment. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should - be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - type: object - description: |- - AdditionalDeployments is a map of additional deployments that the provider - should manage. The key is the name of the deployment and the value is the - DeploymentSpec. - type: object - additionalManifests: - description: |- - AdditionalManifests is reference to configmap that contains additional manifests that will be applied - together with the provider components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the - namespace of the provider will be used. There is no validation of the yaml content inside the configmap. - properties: - name: - description: Name defines the name of the configmap. - type: string - namespace: - description: Namespace defines the namespace of the configmap. - type: string - required: - - name - type: object - configSecret: - description: |- - ConfigSecret is the object with name and namespace of the Secret providing - the configuration variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider components. - The contents of the secret will be treated as immutable. If changes need - to be made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must be in - the same namespace as the provider. - properties: - name: - description: Name defines the name of the secret. - type: string - namespace: - description: Namespace defines the namespace of the secret. - type: string - required: - - name - type: object - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the provider. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - fetchConfig: - description: |- - FetchConfig determines how the operator will fetch the components and metadata for the provider. - If nil, the operator will try to fetch components according to default - embedded fetch configuration for the given kind and `ObjectMeta.Name`. - For example, the infrastructure name `aws` will fetch artifacts from - https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. - properties: - oci: - description: |- - OCI to be used for fetching the provider’s components and metadata from an OCI artifact. - You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. - If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. - type: string - selector: - description: |- - Selector to be used for fetching provider’s components and metadata from - ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain - components and metadata for a specific version only. - Note: the name of the ConfigMap should be set to the version or to override this - add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - url: - description: |- - URL to be used for fetching the provider’s components and metadata from a remote Github repository. - For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick up - desired version of the release from GitHub. - type: string - type: object - x-kubernetes-validations: - - message: Must specify one and only one of {oci, url, selector} - rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' - manager: - description: Manager defines the properties that can be enabled on - the controller manager for the provider. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - manifestPatches: - description: |- - ManifestPatches are applied to rendered provider manifests to customize the - provider manifests. Patches are applied in the order they are specified. - The `kind` field must match the target object, and - if `apiVersion` is specified it will only be applied to matching objects. - This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 - items: - type: string - type: array - version: - description: Version indicates the provider version. - type: string - type: object - status: - description: CoreProviderStatus defines the observed state of CoreProvider. - properties: - conditions: - description: Conditions define the current service state of the provider. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - contract: - description: |- - Contract will contain the core provider contract that the provider is - abiding by, like e.g. v1alpha4. - type: string - installedVersion: - description: InstalledVersion is the version of the provider that - is installed. - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.16.1 - helm.sh/resource-policy: keep - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: infrastructureproviders.operator.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /convert - conversionReviewVersions: - - v1 - - v1alpha1 - group: operator.cluster.x-k8s.io - names: - kind: InfrastructureProvider - listKind: InfrastructureProviderList - plural: infrastructureproviders - shortNames: - - caip - singular: infrastructureprovider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.installedVersion - name: InstalledVersion - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - deprecated: true - name: v1alpha1 - schema: - openAPIV3Schema: - description: |- - InfrastructureProvider is the Schema for the infrastructureproviders API. - - Deprecated: This type will be removed in one of the next releases. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: InfrastructureProviderSpec defines the desired state of InfrastructureProvider. - properties: - additionalManifests: - description: |- - AdditionalManifests is reference to configmap that contains additional manifests that will be applied - together with the provider components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the - namespace of the provider will be used. There is no validation of the yaml content inside the configmap. - properties: - name: - description: Name defines the name of the configmap. - type: string - namespace: - description: Namespace defines the namespace of the configmap. - type: string - required: - - name - type: object - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the provider. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - image: - description: Container Image Name - properties: - name: - description: Name allows to specify a name for the image. - type: string - repository: - description: Repository sets the container registry - to pull images from. - type: string - tag: - description: Tag allows to specify a tag for the image. - type: string - type: object - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - fetchConfig: - description: |- - FetchConfig determines how the operator will fetch the components and metadata for the provider. - If nil, the operator will try to fetch components according to default - embedded fetch configuration for the given kind and `ObjectMeta.Name`. - For example, the infrastructure name `aws` will fetch artifacts from - https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. - properties: - selector: - description: |- - Selector to be used for fetching provider’s components and metadata from - ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain - components and metadata for a specific version only. - Note: the name of the ConfigMap should be set to the version or to override this - add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - url: - description: |- - URL to be used for fetching the provider’s components and metadata from a remote Github repository. - For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick up - desired version of the release from GitHub. - type: string - type: object - manager: - description: Manager defines the properties that can be enabled on - the controller manager for the provider. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - secretName: - description: |- - SecretName is the name of the Secret providing the configuration - variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider components. - The contents of the secret will be treated as immutable. If changes need - to be made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must be in - the same namespace as the provider. - type: string - secretNamespace: - description: |- - SecretNamespace is the namespace of the Secret providing the configuration variables. If not specified, - the namespace of the provider will be used. - type: string - version: - description: Version indicates the provider version. - type: string - type: object - status: - description: InfrastructureProviderStatus defines the observed state of - InfrastructureProvider. - properties: - conditions: - description: Conditions define the current service state of the provider. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - contract: - description: |- - Contract will contain the core provider contract that the provider is - abiding by, like e.g. v1alpha4. - type: string - installedVersion: - description: InstalledVersion is the version of the provider that - is installed. - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.installedVersion - name: InstalledVersion - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: InfrastructureProvider is the Schema for the infrastructureproviders - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: InfrastructureProviderSpec defines the desired state of InfrastructureProvider. - properties: - additionalDeployments: - additionalProperties: - description: |- - AdditionalDeployments defines the properties that can be enabled on the controller - manager and deployment for the provider if the provider is managing additional deployments. - properties: - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the additional provider deployment. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules - (e.g. co-locate this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set - in the container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the - Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to - distinguish between explicit zero and not specified. Defaults - to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - manager: - description: Manager defines the properties that can be enabled - on the controller manager for the additional provider deployment. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should - be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - type: object - description: |- - AdditionalDeployments is a map of additional deployments that the provider - should manage. The key is the name of the deployment and the value is the - DeploymentSpec. - type: object - additionalManifests: - description: |- - AdditionalManifests is reference to configmap that contains additional manifests that will be applied - together with the provider components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the - namespace of the provider will be used. There is no validation of the yaml content inside the configmap. - properties: - name: - description: Name defines the name of the configmap. - type: string - namespace: - description: Namespace defines the namespace of the configmap. - type: string - required: - - name - type: object - configSecret: - description: |- - ConfigSecret is the object with name and namespace of the Secret providing - the configuration variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider components. - The contents of the secret will be treated as immutable. If changes need - to be made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must be in - the same namespace as the provider. - properties: - name: - description: Name defines the name of the secret. - type: string - namespace: - description: Namespace defines the namespace of the secret. - type: string - required: - - name - type: object - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the provider. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - fetchConfig: - description: |- - FetchConfig determines how the operator will fetch the components and metadata for the provider. - If nil, the operator will try to fetch components according to default - embedded fetch configuration for the given kind and `ObjectMeta.Name`. - For example, the infrastructure name `aws` will fetch artifacts from - https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. - properties: - oci: - description: |- - OCI to be used for fetching the provider’s components and metadata from an OCI artifact. - You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. - If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. - type: string - selector: - description: |- - Selector to be used for fetching provider’s components and metadata from - ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain - components and metadata for a specific version only. - Note: the name of the ConfigMap should be set to the version or to override this - add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - url: - description: |- - URL to be used for fetching the provider’s components and metadata from a remote Github repository. - For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick up - desired version of the release from GitHub. - type: string - type: object - x-kubernetes-validations: - - message: Must specify one and only one of {oci, url, selector} - rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' - manager: - description: Manager defines the properties that can be enabled on - the controller manager for the provider. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - manifestPatches: - description: |- - ManifestPatches are applied to rendered provider manifests to customize the - provider manifests. Patches are applied in the order they are specified. - The `kind` field must match the target object, and - if `apiVersion` is specified it will only be applied to matching objects. - This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 - items: - type: string - type: array - version: - description: Version indicates the provider version. - type: string - type: object - status: - description: InfrastructureProviderStatus defines the observed state of - InfrastructureProvider. - properties: - conditions: - description: Conditions define the current service state of the provider. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - contract: - description: |- - Contract will contain the core provider contract that the provider is - abiding by, like e.g. v1alpha4. - type: string - installedVersion: - description: InstalledVersion is the version of the provider that - is installed. - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.16.1 - helm.sh/resource-policy: keep - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: ipamproviders.operator.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /convert - conversionReviewVersions: - - v1 - - v1alpha1 - group: operator.cluster.x-k8s.io - names: - kind: IPAMProvider - listKind: IPAMProviderList - plural: ipamproviders - shortNames: - - caipamp - singular: ipamprovider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.installedVersion - name: InstalledVersion - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: IPAMProvider is the Schema for the IPAMProviders API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IPAMProviderSpec defines the desired state of IPAMProvider. - properties: - additionalDeployments: - additionalProperties: - description: |- - AdditionalDeployments defines the properties that can be enabled on the controller - manager and deployment for the provider if the provider is managing additional deployments. - properties: - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the additional provider deployment. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules - (e.g. co-locate this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set - in the container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the - Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to - distinguish between explicit zero and not specified. Defaults - to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - manager: - description: Manager defines the properties that can be enabled - on the controller manager for the additional provider deployment. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should - be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - type: object - description: |- - AdditionalDeployments is a map of additional deployments that the provider - should manage. The key is the name of the deployment and the value is the - DeploymentSpec. - type: object - additionalManifests: - description: |- - AdditionalManifests is reference to configmap that contains additional manifests that will be applied - together with the provider components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the - namespace of the provider will be used. There is no validation of the yaml content inside the configmap. - properties: - name: - description: Name defines the name of the configmap. - type: string - namespace: - description: Namespace defines the namespace of the configmap. - type: string - required: - - name - type: object - configSecret: - description: |- - ConfigSecret is the object with name and namespace of the Secret providing - the configuration variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider components. - The contents of the secret will be treated as immutable. If changes need - to be made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must be in - the same namespace as the provider. - properties: - name: - description: Name defines the name of the secret. - type: string - namespace: - description: Namespace defines the namespace of the secret. - type: string - required: - - name - type: object - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the provider. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - fetchConfig: - description: |- - FetchConfig determines how the operator will fetch the components and metadata for the provider. - If nil, the operator will try to fetch components according to default - embedded fetch configuration for the given kind and `ObjectMeta.Name`. - For example, the infrastructure name `aws` will fetch artifacts from - https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. - properties: - oci: - description: |- - OCI to be used for fetching the provider’s components and metadata from an OCI artifact. - You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. - If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. - type: string - selector: - description: |- - Selector to be used for fetching provider’s components and metadata from - ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain - components and metadata for a specific version only. - Note: the name of the ConfigMap should be set to the version or to override this - add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - url: - description: |- - URL to be used for fetching the provider’s components and metadata from a remote Github repository. - For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick up - desired version of the release from GitHub. - type: string - type: object - x-kubernetes-validations: - - message: Must specify one and only one of {oci, url, selector} - rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' - manager: - description: Manager defines the properties that can be enabled on - the controller manager for the provider. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - manifestPatches: - description: |- - ManifestPatches are applied to rendered provider manifests to customize the - provider manifests. Patches are applied in the order they are specified. - The `kind` field must match the target object, and - if `apiVersion` is specified it will only be applied to matching objects. - This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 - items: - type: string - type: array - version: - description: Version indicates the provider version. - type: string - type: object - status: - description: IPAMProviderStatus defines the observed state of IPAMProvider. - properties: - conditions: - description: Conditions define the current service state of the provider. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - contract: - description: |- - Contract will contain the core provider contract that the provider is - abiding by, like e.g. v1alpha4. - type: string - installedVersion: - description: InstalledVersion is the version of the provider that - is installed. - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.16.1 - helm.sh/resource-policy: keep - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: runtimeextensionproviders.operator.cluster.x-k8s.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /convert - conversionReviewVersions: - - v1 - - v1alpha1 - group: operator.cluster.x-k8s.io - names: - kind: RuntimeExtensionProvider - listKind: RuntimeExtensionProviderList - plural: runtimeextensionproviders - shortNames: - - carep - singular: runtimeextensionprovider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.installedVersion - name: InstalledVersion - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - name: v1alpha2 - schema: - openAPIV3Schema: - description: RuntimeExtensionProvider is the Schema for the RuntimeExtensionProviders - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: RuntimeExtensionProviderSpec defines the desired state of - RuntimeExtensionProvider. - properties: - additionalDeployments: - additionalProperties: - description: |- - AdditionalDeployments defines the properties that can be enabled on the controller - manager and deployment for the provider if the provider is managing additional deployments. - properties: - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the additional provider deployment. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that - the selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules - (e.g. co-locate this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling - rules (e.g. avoid putting this pod in the same node, - zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched - WeightedPodAffinityTerm fields are added per-node - to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a - list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set - in the container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. - Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in - the pod's namespace - properties: - key: - description: The key of the secret to - select from. Must be a valid secret - key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the - Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to - distinguish between explicit zero and not specified. Defaults - to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - manager: - description: Manager defines the properties that can be enabled - on the controller manager for the additional provider deployment. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should - be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - type: object - description: |- - AdditionalDeployments is a map of additional deployments that the provider - should manage. The key is the name of the deployment and the value is the - DeploymentSpec. - type: object - additionalManifests: - description: |- - AdditionalManifests is reference to configmap that contains additional manifests that will be applied - together with the provider components. The key for storing these manifests has to be `manifests`. - The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the - namespace of the provider will be used. There is no validation of the yaml content inside the configmap. - properties: - name: - description: Name defines the name of the configmap. - type: string - namespace: - description: Namespace defines the namespace of the configmap. - type: string - required: - - name - type: object - configSecret: - description: |- - ConfigSecret is the object with name and namespace of the Secret providing - the configuration variables for the current provider instance, like e.g. credentials. - Such configurations will be used when creating or upgrading provider components. - The contents of the secret will be treated as immutable. If changes need - to be made, a new object can be created and the name should be updated. - The contents should be in the form of key:value. This secret must be in - the same namespace as the provider. - properties: - name: - description: Name defines the name of the secret. - type: string - namespace: - description: Namespace defines the namespace of the secret. - type: string - required: - - name - type: object - deployment: - description: Deployment defines the properties that can be enabled - on the deployment for the provider. - properties: - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - x-kubernetes-list-type: atomic - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: |- - A label query over a set of resources, in this case pods. - If it's null, this PodAffinityTerm matches with no Pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both matchLabelKeys and labelSelector. - Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - mismatchLabelKeys: - description: |- - MismatchLabelKeys is a set of pod label keys to select which pods will - be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` - to select the group of existing pods which pods will be taken into consideration - for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming - pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. - Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - x-kubernetes-list-type: atomic - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: object - containers: - description: List of containers specified in the Deployment - items: - description: |- - ContainerSpec defines the properties available to override for each - container in a provider deployment such as Image and Args to the container’s - entrypoint. - properties: - args: - additionalProperties: - type: string - description: |- - Args represents extra provider specific flags that are not encoded as fields in this API. - Explicit controller manager properties defined in the `Provider.ManagerSpec` - will have higher precedence than those defined in `ContainerSpec.Args`. - For example, `ManagerSpec.SyncPeriod` will be used instead of the - container arg `--sync-period` if both are defined. - The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. - type: object - command: - description: Command allows override container's entrypoint - array. - items: - type: string - type: array - env: - description: List of environment variables to set in the - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - imageUrl: - description: Container Image URL - type: string - name: - description: Name of the container. Cannot be updated. - type: string - resources: - description: Compute resources required by this container. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - required: - - name - type: object - type: array - imagePullSecrets: - description: List of image pull secrets specified in the Deployment - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - description: |- - NodeSelector is a selector which must be true for the pod to fit on a node. - Selector which must match a node's labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - type: object - replicas: - description: Number of desired pods. This is a pointer to distinguish - between explicit zero and not specified. Defaults to 1. - minimum: 0 - type: integer - serviceAccountName: - description: If specified, the pod's service account - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - type: object - fetchConfig: - description: |- - FetchConfig determines how the operator will fetch the components and metadata for the provider. - If nil, the operator will try to fetch components according to default - embedded fetch configuration for the given kind and `ObjectMeta.Name`. - For example, the infrastructure name `aws` will fetch artifacts from - https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. - properties: - oci: - description: |- - OCI to be used for fetching the provider’s components and metadata from an OCI artifact. - You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. - If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. - type: string - selector: - description: |- - Selector to be used for fetching provider’s components and metadata from - ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain - components and metadata for a specific version only. - Note: the name of the ConfigMap should be set to the version or to override this - add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3 - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - url: - description: |- - URL to be used for fetching the provider’s components and metadata from a remote Github repository. - For example, https://github.com/{owner}/{repository}/releases - You must set `providerSpec.Version` field for operator to pick up - desired version of the release from GitHub. - type: string - type: object - x-kubernetes-validations: - - message: Must specify one and only one of {oci, url, selector} - rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' - manager: - description: Manager defines the properties that can be enabled on - the controller manager for the provider. - properties: - cacheNamespace: - description: |- - CacheNamespace if specified restricts the manager's cache to watch objects in - the desired namespace Defaults to all namespaces - - Note: If a namespace is specified, controllers can still Watch for a - cluster-scoped resource (e.g Node). For namespaced resources the cache - will only hold objects from the desired namespace. - type: string - controller: - description: |- - Controller contains global configuration options for controllers - registered within this manager. - properties: - cacheSyncTimeout: - description: |- - CacheSyncTimeout refers to the time limit set to wait for syncing caches. - Defaults to 2 minutes if not set. - format: int64 - type: integer - groupKindConcurrency: - additionalProperties: - type: integer - description: |- - GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation - allowed for that controller. - - When a controller is registered within this manager using the builder utilities, - users have to specify the type the controller reconciles in the For(...) call. - If the object's kind passed matches one of the keys in this map, the concurrency - for that controller is set to the number specified. - - The key is expected to be consistent in form with GroupKind.String(), - e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. - type: object - recoverPanic: - description: RecoverPanic indicates if panics should be recovered. - type: boolean - type: object - featureGates: - additionalProperties: - type: boolean - description: |- - FeatureGates define provider specific feature flags that will be passed - in as container args to the provider's controller manager. - Controller Manager flag is --feature-gates. - type: object - gracefulShutDown: - description: |- - GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop. - To disable graceful shutdown, set to time.Duration(0) - To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1) - The graceful shutdown is skipped for safety reasons in case the leader election lease is lost. - type: string - health: - description: Health contains the controller health configuration - properties: - healthProbeBindAddress: - description: |- - HealthProbeBindAddress is the TCP address that the controller should bind to - for serving health probes - It can be set to "0" or "" to disable serving the health probe. - type: string - livenessEndpointName: - description: LivenessEndpointName, defaults to "healthz" - type: string - readinessEndpointName: - description: ReadinessEndpointName, defaults to "readyz" - type: string - type: object - leaderElection: - description: |- - LeaderElection is the LeaderElection config to be used when configuring - the manager.Manager leader election - properties: - leaderElect: - description: |- - leaderElect enables a leader election client to gain leadership - before executing the main loop. Enable this when running replicated - components for high availability. - type: boolean - leaseDuration: - description: |- - leaseDuration is the duration that non-leader candidates will wait - after observing a leadership renewal until attempting to acquire - leadership of a led but unrenewed leader slot. This is effectively the - maximum duration that a leader can be stopped before it is replaced - by another candidate. This is only applicable if leader election is - enabled. - type: string - renewDeadline: - description: |- - renewDeadline is the interval between attempts by the acting master to - renew a leadership slot before it stops leading. This must be less - than or equal to the lease duration. This is only applicable if leader - election is enabled. - type: string - resourceLock: - description: |- - resourceLock indicates the resource object type that will be used to lock - during leader election cycles. - type: string - resourceName: - description: |- - resourceName indicates the name of resource object that will be used to lock - during leader election cycles. - type: string - resourceNamespace: - description: |- - resourceName indicates the namespace of resource object that will be used to lock - during leader election cycles. - type: string - retryPeriod: - description: |- - retryPeriod is the duration the clients should wait between attempting - acquisition and renewal of a leadership. This is only applicable if - leader election is enabled. - type: string - required: - - leaderElect - - leaseDuration - - renewDeadline - - resourceLock - - resourceName - - resourceNamespace - - retryPeriod - type: object - maxConcurrentReconciles: - description: |- - MaxConcurrentReconciles is the maximum number of concurrent Reconciles - which can be run. - minimum: 1 - type: integer - metrics: - description: Metrics contains thw controller metrics configuration - properties: - bindAddress: - description: |- - BindAddress is the TCP address that the controller should bind to - for serving prometheus metrics. - It can be set to "0" to disable the metrics serving. - type: string - type: object - profilerAddress: - description: |- - ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060). - Default empty, meaning the profiler is disabled. - Controller Manager flag is --profiler-address. - type: string - syncPeriod: - description: |- - SyncPeriod determines the minimum frequency at which watched resources are - reconciled. A lower period will correct entropy more quickly, but reduce - responsiveness to change if there are many watched resources. Change this - value only if you know what you are doing. Defaults to 10 hours if unset. - there will a 10 percent jitter between the SyncPeriod of all controllers - so that all controllers will not send list requests simultaneously. - type: string - verbosity: - default: 1 - description: |- - Verbosity set the logs verbosity. Defaults to 1. - Controller Manager flag is --verbosity. - minimum: 0 - type: integer - webhook: - description: Webhook contains the controllers webhook configuration - properties: - certDir: - description: |- - CertDir is the directory that contains the server key and certificate. - if not set, webhook server would look up the server key and certificate in - {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate - must be named tls.key and tls.crt, respectively. - type: string - host: - description: |- - Host is the hostname that the webhook server binds to. - It is used to set webhook.Server.Host. - type: string - port: - description: |- - Port is the port that the webhook server serves at. - It is used to set webhook.Server.Port. - type: integer - type: object - type: object - manifestPatches: - description: |- - ManifestPatches are applied to rendered provider manifests to customize the - provider manifests. Patches are applied in the order they are specified. - The `kind` field must match the target object, and - if `apiVersion` is specified it will only be applied to matching objects. - This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 - items: - type: string - type: array - version: - description: Version indicates the provider version. - type: string - type: object - status: - description: RuntimeExtensionProviderStatus defines the observed state - of RuntimeExtensionProvider. - properties: - conditions: - description: Conditions define the current service state of the provider. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - contract: - description: |- - Contract will contain the core provider contract that the provider is - abiding by, like e.g. v1alpha4. - type: string - installedVersion: - description: InstalledVersion is the version of the provider that - is installed. - type: string - observedGeneration: - description: ObservedGeneration is the latest generation observed - by the controller. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: capi-operator-manager - namespace: '{{ .Release.Namespace }}' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: capi-operator-leader-election-role - namespace: '{{ .Release.Namespace }}' -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps/status - verbs: - - get - - update - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: capi-operator-manager-role -rules: -- apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: capi-operator-leader-election-rolebinding - namespace: '{{ .Release.Namespace }}' -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: capi-operator-leader-election-role -subjects: -- kind: ServiceAccount - name: capi-operator-manager - namespace: '{{ .Release.Namespace }}' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: capi-operator-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: capi-operator-manager-role -subjects: -- kind: ServiceAccount - name: capi-operator-manager - namespace: '{{ .Release.Namespace }}' ---- -apiVersion: v1 -kind: Service -metadata: - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' -spec: - ports: - - port: 443 - targetPort: 9443 - selector: - clusterctl.cluster.x-k8s.io/core: capi-operator - control-plane: controller-manager ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: capi-operator-serving-cert - namespace: '{{ .Release.Namespace }}' -spec: - dnsNames: - - capi-operator-webhook-service.{{ .Release.Namespace }}.svc - - capi-operator-webhook-service.{{ .Release.Namespace }}.svc.cluster.local - issuerRef: - kind: Issuer - name: capi-operator-selfsigned-issuer - secretName: capi-operator-webhook-service-cert ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: capi-operator-selfsigned-issuer - namespace: '{{ .Release.Namespace }}' -spec: - selfSigned: {} ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: capi-operator-mutating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /mutate-operator-cluster-x-k8s-io-v1alpha2-addonprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vaddonprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - addonproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /mutate-operator-cluster-x-k8s-io-v1alpha2-bootstrapprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vbootstrapprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - bootstrapproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /mutate-operator-cluster-x-k8s-io-v1alpha2-controlplaneprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vcontrolplaneprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - controlplaneproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /mutate-operator-cluster-x-k8s-io-v1alpha2-coreprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vcoreprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - coreproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /mutate-operator-cluster-x-k8s-io-v1alpha2-infrastructureprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vinfrastructureprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - infrastructureproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /mutate-operator-cluster-x-k8s-io-v1alpha2-ipamprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vipamprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - ipamproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /mutate-operator-cluster-x-k8s-io-v1alpha2-runtimeextensionprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vruntimeextensionprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - runtimeextensionproviders - sideEffects: None ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - labels: - clusterctl.cluster.x-k8s.io/core: capi-operator - name: capi-operator-validating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /validate-operator-cluster-x-k8s-io-v1alpha2-addonprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vaddonprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - addonproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /validate-operator-cluster-x-k8s-io-v1alpha2-bootstrapprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vbootstrapprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - bootstrapproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /validate-operator-cluster-x-k8s-io-v1alpha2-controlplaneprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vcontrolplaneprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - controlplaneproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /validate-operator-cluster-x-k8s-io-v1alpha2-coreprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vcoreprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - coreproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /validate-operator-cluster-x-k8s-io-v1alpha2-infrastructureprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vinfrastructureprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - infrastructureproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /validate-operator-cluster-x-k8s-io-v1alpha2-ipamprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vipamprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - ipamproviders - sideEffects: None -- admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: capi-operator-webhook-service - namespace: '{{ .Release.Namespace }}' - path: /validate-operator-cluster-x-k8s-io-v1alpha2-runtimeextensionprovider - failurePolicy: Fail - matchPolicy: Equivalent - name: vruntimeextensionprovider.kb.io - rules: - - apiGroups: - - operator.cluster.x-k8s.io - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - runtimeextensionproviders - sideEffects: None diff --git a/rancher-turtles-chart/charts/cluster-api-operator/values.yaml b/rancher-turtles-chart/charts/cluster-api-operator/values.yaml deleted file mode 100644 index c993acb..0000000 --- a/rancher-turtles-chart/charts/cluster-api-operator/values.yaml +++ /dev/null @@ -1,72 +0,0 @@ ---- -# --- -# Cluster API provider options -core: "" -bootstrap: "" -controlPlane: "" -infrastructure: "" -ipam: "" -addon: "" -manager.featureGates: {} -fetchConfig: {} -# --- -# Common configuration secret options -configSecret: {} -# --- -# CAPI operator deployment options -logLevel: 2 -replicaCount: 1 -leaderElection: - enabled: true -image: - manager: - repository: registry.k8s.io/capi-operator/cluster-api-operator - tag: v0.18.1 - pullPolicy: IfNotPresent -env: - manager: [] -diagnosticsAddress: ":8443" -healthAddr: ":9440" -insecureDiagnostics: false -watchConfigSecret: false -imagePullSecrets: {} -resources: - manager: - limits: - cpu: 100m - memory: 150Mi - requests: - cpu: 100m - memory: 100Mi -containerSecurityContext: {} -affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - arm64 - - ppc64le - - key: kubernetes.io/os - operator: In - values: - - linux -tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane -volumes: - - name: cert - secret: - defaultMode: 420 - secretName: capi-operator-webhook-service-cert -volumeMounts: - manager: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true -enableHelmHook: true diff --git a/rancher-turtles-chart/questions.yml b/rancher-turtles-chart/questions.yml index 7665187..26b0d60 100644 --- a/rancher-turtles-chart/questions.yml +++ b/rancher-turtles-chart/questions.yml @@ -8,11 +8,6 @@ questions: show_subquestion_if: true group: "Rancher Turtles Extra Settings" subquestions: - - variable: cluster-api-operator.cert-manager.enabled - default: false - type: boolean - description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually." - label: "Enable Cert Manager" - variable: turtlesUI.enabled default: false type: boolean @@ -35,6 +30,12 @@ questions: type: boolean label: Enable Agent TLS Mode group: "Rancher Turtles Features Settings" + - variable: rancherTurtles.features.no-cert-manager.enabled + default: false + description: "[ALPHA] If enabled Turtles will remove cert-manager." + type: boolean + label: Remove cert-manager + group: "Rancher Turtles Features Settings" - variable: rancherTurtles.kubectlImage default: "registry.suse.com/edge/3.3/kubectl:1.32.4" description: "Specify the image to use when running kubectl in jobs." diff --git a/rancher-turtles-chart/templates/addon-provider-fleet.yaml b/rancher-turtles-chart/templates/addon-provider-fleet.yaml index e2d4b02..9942580 100644 --- a/rancher-turtles-chart/templates/addon-provider-fleet.yaml +++ b/rancher-turtles-chart/templates/addon-provider-fleet.yaml @@ -7,6 +7,7 @@ metadata: "helm.sh/hook": "post-install, post-upgrade" "helm.sh/hook-weight": "2" spec: + enableAutomaticUpdate: true type: addon additionalManifests: name: fleet-addon-config @@ -58,3 +59,16 @@ data: matchExpressions: - key: cluster-api.cattle.io/disable-fleet-auto-import operator: DoesNotExist + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: cappf-controller-psa + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller-psa + subjects: + - kind: ServiceAccount + name: caapf-controller-manager + namespace: {{ .Values.rancherTurtles.namespace }} diff --git a/rancher-turtles-chart/templates/clusterctl-config.yaml b/rancher-turtles-chart/templates/clusterctl-config.yaml index 3fe56dd..2c1ac95 100644 --- a/rancher-turtles-chart/templates/clusterctl-config.yaml +++ b/rancher-turtles-chart/templates/clusterctl-config.yaml @@ -1,34 +1,5 @@ -{{- if index .Values "cluster-api-operator" "enabled" }} apiVersion: v1 kind: ConfigMap metadata: name: clusterctl-config - namespace: '{{ .Values.rancherTurtles.namespace }}' -data: - clusterctl.yaml: | - providers: - # Cluster API core provider - - name: "cluster-api" - url: "https://github.com/kubernetes-sigs/cluster-api/releases/v1.7.5/core-components.yaml" - type: "CoreProvider" - - # Infrastructure providers - - name: "metal3" - url: "https://github.com/metal3-io/cluster-api-provider-metal3/releases/v1.7.1/infrastructure-components.yaml" - type: "InfrastructureProvider" - - # Bootstrap providers - - name: "rke2" - url: "https://github.com/rancher/cluster-api-provider-rke2/releases/v0.7.0/bootstrap-components.yaml" - type: "BootstrapProvider" - - # ControlPlane providers - - name: "rke2" - url: "https://github.com/rancher/cluster-api-provider-rke2/releases/v0.7.0/control-plane-components.yaml" - type: "ControlPlaneProvider" - - # Addon providers -# - name: "fleet" -# url: "https://github.com/rancher-sandbox/cluster-api-addon-provider-fleet/releases/v0.3.1/addon-components.yaml" -# type: "AddonProvider" -{{- end }} + namespace: '{{ .Values.rancherTurtles.namespace }}' \ No newline at end of file diff --git a/rancher-turtles-chart/templates/core-provider.yaml b/rancher-turtles-chart/templates/core-provider.yaml index d4e7dbf..921b1cd 100644 --- a/rancher-turtles-chart/templates/core-provider.yaml +++ b/rancher-turtles-chart/templates/core-provider.yaml @@ -22,7 +22,10 @@ metadata: spec: name: cluster-api type: core - version: {{ index .Values "cluster-api-operator" "cluster-api" "version" }} + enableAutomaticUpdate: {{ index .Values "cluster-api-operator" "cluster-api" "core" "enableAutomaticUpdate" }} +{{- if index .Values "cluster-api-operator" "cluster-api" "core" "version" }} + version: {{ index .Values "cluster-api-operator" "cluster-api" "core" "version" }} +{{- end }} additionalManifests: name: capi-additional-rbac-roles namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }} diff --git a/rancher-turtles-chart/templates/deployment.yaml b/rancher-turtles-chart/templates/deployment.yaml index 95f61c4..169f42d 100644 --- a/rancher-turtles-chart/templates/deployment.yaml +++ b/rancher-turtles-chart/templates/deployment.yaml @@ -26,7 +26,7 @@ spec: containers: - args: - --leader-elect - - --feature-gates=agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}},ui-plugin={{ index .Values "turtlesUI" "enabled"}} + - --feature-gates=agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}},ui-plugin={{ index .Values "turtlesUI" "enabled"}},no-cert-manager={{ index .Values "rancherTurtles" "features" "no-cert-manager" "enabled"}} {{- range .Values.rancherTurtles.managerArguments }} - {{ . }} {{- end }} @@ -67,12 +67,20 @@ spec: resources: limits: cpu: 500m - memory: 256Mi + memory: 300Mi requests: cpu: 10m memory: 128Mi + {{- with .Values.rancherTurtles.volumeMounts.manager }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} serviceAccountName: rancher-turtles-manager terminationGracePeriodSeconds: 10 + {{- with .Values.rancherTurtles.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master diff --git a/rancher-turtles-chart/templates/metal3-infrastructure.yaml b/rancher-turtles-chart/templates/metal3-infrastructure.yaml index e06700c..491b186 100644 --- a/rancher-turtles-chart/templates/metal3-infrastructure.yaml +++ b/rancher-turtles-chart/templates/metal3-infrastructure.yaml @@ -1,5 +1,6 @@ {{- if and (index .Values "cluster-api-operator" "cluster-api" "enabled") (index .Values "cluster-api-operator" "cluster-api" "metal3" "enabled") }} {{- $namespace := index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "namespace" }} +{{- $ipamnamespace := index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "namespace" }} {{- if not (lookup "v1" "Namespace" "" $namespace) }} --- apiVersion: v1 @@ -10,6 +11,16 @@ metadata: "helm.sh/hook-weight": "1" name: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "namespace" }} {{- end }} +{{- if not (lookup "v1" "Namespace" "" $ipamnamespace) }} +--- +apiVersion: v1 +kind: Namespace +metadata: + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "1" + name: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "namespace" }} +{{- end }} --- apiVersion: turtles-capi.cattle.io/v1alpha1 kind: ClusterctlConfig @@ -22,8 +33,11 @@ metadata: spec: providers: - name: metal3 - url: "https://github.com/rancher-sandbox/cluster-api-provider-metal3/releases/v1.9.2/infrastructure-components.yaml" + url: "https://github.com/rancher-sandbox/cluster-api-provider-metal3/releases/v1.10.2/infrastructure-components.yaml" type: InfrastructureProvider + - name: metal3ipam + url: "https://github.com/rancher-sandbox/ip-address-manager/releases/v1.10.2/ipam-components.yaml" + type: IPAMProvider --- apiVersion: turtles-capi.cattle.io/v1alpha1 kind: CAPIProvider @@ -59,11 +73,41 @@ spec: containers: - name: manager imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "imageUrl" }} - additionalDeployments: - ipam-controller-manager: - deployment: - containers: - - imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "imageUrl" }} - name: manager +{{- end }} +--- +apiVersion: turtles-capi.cattle.io/v1alpha1 +kind: CAPIProvider +metadata: + name: metal3ipam + namespace: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "namespace" }} + annotations: + "helm.sh/hook": "post-install, post-upgrade" + "helm.sh/hook-weight": "2" +spec: + name: metal3ipam + type: ipam +{{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "version" }} + version: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "version" }} +{{- end }} + configSecret: +{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }} + name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }} +{{ else }} + name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "defaultName" }} +{{- end }} +{{- if or (index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "fetchConfig" "selector") }} + fetchConfig: + {{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "fetchConfig" "url" }} + url: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "fetchConfig" "url" }} + {{- end }} + {{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "fetchConfig" "selector" }} + selector: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "fetchConfig" "selector" }} + {{- end }} +{{- end }} +{{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "imageUrl" }} + deployment: + containers: + - name: manager + imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "imageUrl" }} {{- end }} {{- end }} diff --git a/rancher-turtles-chart/templates/operator-crds.yaml b/rancher-turtles-chart/templates/operator-crds.yaml new file mode 100644 index 0000000..581cf14 --- /dev/null +++ b/rancher-turtles-chart/templates/operator-crds.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rancher-turtles/aggregate-to-manager: "true" + name: rancher-turtles-operator-admin +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' diff --git a/rancher-turtles-chart/templates/post-upgrade-job.yaml b/rancher-turtles-chart/templates/post-upgrade-job.yaml index b19a86e..e6b10af 100644 --- a/rancher-turtles-chart/templates/post-upgrade-job.yaml +++ b/rancher-turtles-chart/templates/post-upgrade-job.yaml @@ -1,4 +1,3 @@ ---- apiVersion: v1 kind: ServiceAccount metadata: @@ -11,23 +10,38 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: post-upgrade-job-delete-clusters + name: post-upgrade-job-delete-capi-operator-resources annotations: "helm.sh/hook": post-upgrade "helm.sh/hook-weight": "1" rules: - apiGroups: - - provisioning.cattle.io + - operator.cluster.x-k8s.io resources: - - clusters + - addonproviders + - bootstrapproviders + - controlplaneproviders + - coreproviders + - infrastructureproviders + - ipamproviders + - runtimeextensionproviders verbs: + - get + - watch - list - delete + - patch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: post-upgrade-job-delete-clusters + name: post-upgrade-job-capi-operator-resources-cleanup annotations: "helm.sh/hook": post-upgrade "helm.sh/hook-weight": "1" @@ -37,13 +51,51 @@ subjects: namespace: '{{ .Values.rancherTurtles.namespace }}' roleRef: kind: ClusterRole - name: post-upgrade-job-delete-clusters + name: post-upgrade-job-delete-capi-operator-resources apiGroup: rbac.authorization.k8s.io --- +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-api-operator-resources-cleanup-script + namespace: '{{ .Values.rancherTurtles.namespace }}' + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-weight": "1" +data: + cleanup.sh: | + #!/usr/bin/env bash + + set -euo pipefail + + remove_finalizers_and_delete() { + local resource_type="$1" + if kubectl get crd $resource_type > /dev/null 2>&1; then + kubectl get $resource_type --all-namespaces --no-headers --ignore-not-found | awk '{print $1 " " $2}' | xargs -r -n2 bash -c 'kubectl patch '"${resource_type}"' "$1" -n "$0" --type merge -p "{\"metadata\":{\"finalizers\":null}}"' + kubectl delete $resource_type --all --all-namespaces + else + echo "Resource type $resource_type does not exist, skipping cleanup." + fi + } + + resource_types=( + "addonproviders.operator.cluster.x-k8s.io" + "bootstrapproviders.operator.cluster.x-k8s.io" + "controlplaneproviders.operator.cluster.x-k8s.io" + "coreproviders.operator.cluster.x-k8s.io" + "infrastructureproviders.operator.cluster.x-k8s.io" + "ipamproviders.operator.cluster.x-k8s.io" + "runtimeextensionproviders.operator.cluster.x-k8s.io" + ) + + for resource_type in "${resource_types[@]}"; do + remove_finalizers_and_delete "$resource_type" + done +--- apiVersion: batch/v1 kind: Job metadata: - name: post-upgrade-delete-clusters + name: cluster-api-operator-resources-cleanup namespace: '{{ .Values.rancherTurtles.namespace }}' annotations: "helm.sh/hook": post-upgrade @@ -54,13 +106,19 @@ spec: spec: serviceAccountName: post-upgrade-job containers: - - name: post-upgrade-delete-clusters - image: {{ index .Values "rancherTurtles" "kubectlImage" }} + - name: cluster-api-operator-resources-cleanup + image: {{ index .Values "rancherTurtles" "shellImage" }} + command: ["/bin/bash"] args: - - delete - - clusters.provisioning.cattle.io - - --selector=cluster-api.cattle.io/owned - - -A - - --ignore-not-found=true - - --wait - restartPolicy: OnFailure + - "-c" + - "/scripts/cleanup.sh" + volumeMounts: + - name: script + mountPath: /scripts + volumes: + - name: script + configMap: + name: cluster-api-operator-resources-cleanup-script + defaultMode: 0777 + restartPolicy: Never +--- \ No newline at end of file diff --git a/rancher-turtles-chart/templates/rancher-turtles-components.yaml b/rancher-turtles-chart/templates/rancher-turtles-components.yaml index 0ce7aaf..a083131 100644 --- a/rancher-turtles-chart/templates/rancher-turtles-components.yaml +++ b/rancher-turtles-chart/templates/rancher-turtles-components.yaml @@ -1301,6 +1301,13 @@ spec: description: Manager defines the properties that can be enabled on the controller manager for the additional provider deployment. properties: + additionalArgs: + additionalProperties: + type: string + description: |- + AdditionalArgs is a map of additional options that will be passed + in as container args to the provider's controller manager. + type: object cacheNamespace: description: |- CacheNamespace if specified restricts the manager's cache to watch objects in @@ -1436,7 +1443,7 @@ spec: minimum: 1 type: integer metrics: - description: Metrics contains thw controller metrics configuration + description: Metrics contains the controller metrics configuration properties: bindAddress: description: |- @@ -2775,6 +2782,10 @@ spec: type: object type: array type: object + enableAutomaticUpdate: + description: EnableAutomaticUpdate can be used to automatically update + the CAPIProvider to a newest version. + type: boolean features: description: Features is a collection of features to enable. example: @@ -2875,6 +2886,13 @@ spec: description: Manager defines the properties that can be enabled on the controller manager for the provider. properties: + additionalArgs: + additionalProperties: + type: string + description: |- + AdditionalArgs is a map of additional options that will be passed + in as container args to the provider's controller manager. + type: object cacheNamespace: description: |- CacheNamespace if specified restricts the manager's cache to watch objects in @@ -3009,7 +3027,7 @@ spec: minimum: 1 type: integer metrics: - description: Metrics contains thw controller metrics configuration + description: Metrics contains the controller metrics configuration properties: bindAddress: description: |- @@ -3118,27 +3136,32 @@ spec: properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: description: status of the condition, one of True, False, Unknown. @@ -3148,6 +3171,8 @@ spec: type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -3417,7 +3442,6 @@ rules: - update - apiGroups: - infrastructure.cluster.x-k8s.io - - operator.cluster.x-k8s.io resources: - '*' verbs: diff --git a/rancher-turtles-chart/templates/rancher-turtles-exp-day2-components.yaml b/rancher-turtles-chart/templates/rancher-turtles-exp-day2-components.yaml index 657e22e..c35a8be 100644 --- a/rancher-turtles-chart/templates/rancher-turtles-exp-day2-components.yaml +++ b/rancher-turtles-chart/templates/rancher-turtles-exp-day2-components.yaml @@ -181,27 +181,32 @@ spec: properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: description: status of the condition, one of True, False, Unknown. @@ -211,6 +216,8 @@ spec: type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime diff --git a/rancher-turtles-chart/templates/rke2-bootstrap.yaml b/rancher-turtles-chart/templates/rke2-bootstrap.yaml index 097b31e..18d5a22 100644 --- a/rancher-turtles-chart/templates/rke2-bootstrap.yaml +++ b/rancher-turtles-chart/templates/rke2-bootstrap.yaml @@ -22,6 +22,7 @@ metadata: spec: name: rke2 type: bootstrap + enableAutomaticUpdate: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "enableAutomaticUpdate" }} {{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }} version: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }} {{- end }} diff --git a/rancher-turtles-chart/templates/rke2-controlplane.yaml b/rancher-turtles-chart/templates/rke2-controlplane.yaml index 8e2866a..1720302 100644 --- a/rancher-turtles-chart/templates/rke2-controlplane.yaml +++ b/rancher-turtles-chart/templates/rke2-controlplane.yaml @@ -22,6 +22,7 @@ metadata: spec: name: rke2 type: controlPlane + enableAutomaticUpdate: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "enableAutomaticUpdate" }} {{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }} version: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }} {{- end }} diff --git a/rancher-turtles-chart/values.schema.json b/rancher-turtles-chart/values.schema.json index 419a833..e7d37a1 100644 --- a/rancher-turtles-chart/values.schema.json +++ b/rancher-turtles-chart/values.schema.json @@ -62,7 +62,7 @@ }, "kubectlImage": { "type": "string", - "default": "registry.k8s.io/kubernetes/kubectl:v1.30.0", + "default": "registry.k8s.io/kubernetes/kubectl:v1.31.4", "description": "Image for kubectl tasks." }, "features": { @@ -155,86 +155,30 @@ } } } - } - } - }, - "cluster-api-operator": { - "type": "object", - "description": "Manages Cluster API components.", - "properties": { - "enabled": { - "type": "boolean", - "default": true, - "description": "Turn on or off." - }, - "cert-manager": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "default": false, - "description": "Turn on or off." - } - } }, "volumes": { "type": "array", - "description": "Volumes for operator pods (certs, config).", + "description": "Volumes for controller pods.", "items": { "type": "object", - "oneOf": [ - { - "required": ["name", "secret"], - "properties": { - "name": { "type": "string" }, - "secret": { - "type": "object", - "properties": { - "defaultMode": { - "type": "integer", - "default": 420, - "description": "File permissions." - }, - "secretName": { - "type": "string", - "default": "capi-operator-webhook-service-cert", - "description": "Secret for webhook certs." - } - } - } - } + "required": [ + "name", + "configMap" + ], + "properties": { + "name": { + "type": "string" }, - { - "required": ["name", "configMap"], + "configMap": { + "type": "object", "properties": { - "name": { "type": "string" }, - "configMap": { - "type": "object", - "properties": { - "name": { - "type": "string", - "default": "clusterctl-config", - "description": "ConfigMap for clusterctl." - } - } + "name": { + "type": "string", + "default": "clusterctl-config", + "description": "ConfigMap for clusterctl." } } } - ] - } - }, - "image": { - "type": "object", - "properties": { - "manager": { - "type": "object", - "properties": { - "repository": { - "type": "string", - "default": "registry.rancher.com/rancher/cluster-api-operator", - "description": "Image repo." - } - } } } }, @@ -258,43 +202,13 @@ } } } - }, - "resources": { - "type": "object", - "properties": { - "manager": { - "type": "object", - "properties": { - "limits": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "description": "CPU limit." - }, - "memory": { - "type": "string", - "description": "Memory limit." - } - } - }, - "requests": { - "type": "object", - "properties": { - "cpu": { - "type": "string", - "description": "CPU request." - }, - "memory": { - "type": "string", - "description": "Memory request." - } - } - } - } - } - } - }, + } + } + }, + "cluster-api-operator": { + "type": "object", + "description": "Manages Cluster API components.", + "properties": { "cleanup": { "type": "boolean", "default": true, @@ -343,6 +257,16 @@ "url": { "type": "string", "default": "" }, "selector": { "type": "string", "default": "" } } + }, + "enableAutomaticUpdates": { + "type": "boolean", + "default": true, + "description": "Allow the provider to update automatically when a new Turtles version is installed." + }, + "version": { + "type": "string", + "default": "", + "description": "CAPI core provider version." } } }, @@ -359,6 +283,11 @@ "default": "", "description": "RKE2 version." }, + "enableAutomaticUpdates": { + "type": "boolean", + "default": true, + "description": "Allow the provider to update automatically when a new Turtles version is installed." + }, "bootstrap": { "type": "object", "properties": { diff --git a/rancher-turtles-chart/values.yaml b/rancher-turtles-chart/values.yaml index d15d11a..d061d3e 100644 --- a/rancher-turtles-chart/values.yaml +++ b/rancher-turtles-chart/values.yaml @@ -9,8 +9,8 @@ turtlesUI: rancherTurtles: # image: registry.rancher.com/rancher/rancher/turtles image: registry.rancher.com/rancher/rancher/turtles - # imageVersion: v0.21.0 - imageVersion: v0.21.0 + # imageVersion: v0.24.0 + imageVersion: v0.24.0 # imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent # namespace: Select namespace for Turtles to run. @@ -23,6 +23,8 @@ rancherTurtles: rancherInstalled: false # kubectlImage: Image for kubectl tasks. kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.33.4" + # shellImage: Image for shell tasks. + shellImage: registry.rancher.com/rancher/kuberlr-kubectl:v5.0.0 # features: Optional and experimental features. features: # day2operations: Alpha feature. @@ -31,8 +33,8 @@ rancherTurtles: enabled: false # image: registry.rancher.com/rancher/rancher/turtles image: registry.rancher.com/rancher/rancher/turtles - # imageVersion: v0.21.0 - imageVersion: v0.21.0 + # imageVersion: v0.24.0 + imageVersion: v0.24.0 # imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent # etcdBackupRestore: Alpha feature. Manages etcd backup/restore. @@ -43,61 +45,33 @@ rancherTurtles: agent-tls-mode: # enabled: Turn on or off. enabled: true + # no-cert-manager: Alpha feature for cert-manager removal. + no-cert-manager: + # enabled: Turn on or off. + enabled: false # clusterclass-operations: Alpha feature. Manages cluster class ops. Not ready for testing yet. clusterclass-operations: # enabled: Turn on or off. enabled: false # image: registry.rancher.com/rancher/rancher/turtles image: registry.rancher.com/rancher/rancher/turtles - # imageVersion: v0.21.0 - imageVersion: v0.21.0 + # imageVersion: v0.24.0 + imageVersion: v0.24.0 # imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent + # volumes: Volumes for controller pods. + volumes: + - name: clusterctl-config + configMap: + name: clusterctl-config + # volumeMounts: Volume mounts for controller pods. + volumeMounts: + manager: + - mountPath: /config + name: clusterctl-config # cluster-api-operator: Manages Cluster API components. cluster-api-operator: - # enabled: Turn on or off. - enabled: true - # cert-manager: Cert-manager integration. - cert-manager: - # enabled: Turn on or off. - enabled: false - # volumes: Volumes for operator pods (certs, config). - volumes: - - name: cert - secret: - # defaultMode: File permissions. - defaultMode: 420 - # secretName: Secret for webhook certs. - secretName: capi-operator-webhook-service-cert - - name: clusterctl-config - configMap: - # name: ConfigMap for clusterctl. - name: clusterctl-config - resources: - manager: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 100m - memory: 100Mi - # image: registry.rancher.com/rancher/rancher/turtles - image: - manager: - # repository: Image repo. - repository: registry.rancher.com/rancher/cluster-api-operator - # volumeMounts: Mount volumes to pods. - volumeMounts: - manager: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - # readOnly: Mount as read-only. - readOnly: true - - mountPath: /config - name: clusterctl-config - # readOnly: Mount as read-only. - readOnly: true # cleanup: Enable cleanup tasks. cleanup: true # cluster-api: Cluster API component settings. @@ -114,6 +88,10 @@ cluster-api-operator: core: # namespace: Core component namespace. namespace: capi-system + # version: Core ClusterAPI version. + version: "" + # enableAutomaticUpdate: Allow the provider to update automatically when a new Turtles version is installed. + enableAutomaticUpdate: true # imageUrl: Custom image URL. imageUrl: "" # fetchConfig: Config fetching settings. @@ -127,7 +105,9 @@ cluster-api-operator: # enabled: Turn on or off. enabled: true # version: RKE2 version. - version: "v0.18.0" + version: "" + # enableAutomaticUpdate: Allow the provider to update automatically when a new Turtles version is installed. + enableAutomaticUpdate: true # bootstrap: RKE2 bootstrap provider. bootstrap: # namespace: Bootstrap namespace. @@ -154,13 +134,16 @@ cluster-api-operator: selector: "" metal3: enabled: true - version: "v1.9.4" + version: "v1.10.2" infrastructure: namespace: capm3-system - imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.4" + imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.10.2" fetchConfig: url: "" selector: "" ipam: - namespace: capm3-system - imageUrl: "registry.suse.com/rancher/ip-address-manager:v1.9.4" + namespace: metal3-ipam-system + imageUrl: "registry.suse.com/rancher/ip-address-manager:v1.10.2" + fetchConfig: + url: "" + selector: "" diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index aeed249..1db6420 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -175,7 +175,7 @@ spec: - prettyName: RancherTurtles releaseName: rancher-turtles chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles' - version: '%%CHART_MAJOR%%.0.5+up0.21.0' + version: '%%CHART_MAJOR%%.0.6+up0.24.0' - prettyName: RancherTurtlesAirgapResources releaseName: rancher-turtles-airgap-resources chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles-airgap-resources' -- 2.51.1 From 5e533c35b9171175d587b658c1f42aec3bf0c07fea42145282244c1d16fadf7c Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Mon, 15 Sep 2025 19:12:34 +0300 Subject: [PATCH 04/25] rancher-turtles-airgap-resources: Update to 0.24.0 Note this requires a configuration change because the IPAM provider is now decoupled from CAPM3 (cherry picked from commit 948a0193d8f9d7d97e0e00ec23a7bd8e6dbfd4cb2fe0c53fffb56500e92e46f2) --- .../Chart.yaml | 8 +- .../README.md | 3 + .../templates/airgap-cm-core.yaml | 9 +- .../templates/airgap-cm-fleet-addon.yaml | 4 +- .../templates/airgap-cm-metal3-ipam.yaml | 1038 +++++++++++++++++ .../templates/airgap-cm-metal3.yaml | 1030 +--------------- .../templates/airgap-cm-rke2-bootstrap.yaml | 107 +- .../airgap-cm-rke2-control-plane.yaml | 124 +- release-manifest-image/release_manifest.yaml | 2 +- 9 files changed, 1293 insertions(+), 1032 deletions(-) create mode 100644 rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3-ipam.yaml diff --git a/rancher-turtles-airgap-resources-chart/Chart.yaml b/rancher-turtles-airgap-resources-chart/Chart.yaml index c3dd0ed..88b3e59 100644 --- a/rancher-turtles-airgap-resources-chart/Chart.yaml +++ b/rancher-turtles-airgap-resources-chart/Chart.yaml @@ -1,10 +1,10 @@ -#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.5_up0.21.0 -#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.5_up0.21.0-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.6_up0.24.0 +#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.6_up0.24.0-%RELEASE% apiVersion: v2 -appVersion: 0.21.0 +appVersion: 0.24.0 description: Rancher Turtles utility chart for airgap scenarios home: https://github.com/rancher/turtles/ icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg name: rancher-turtles-airgap-resources type: application -version: "%%CHART_MAJOR%%.0.5+up0.21.0" +version: "%%CHART_MAJOR%%.0.6+up0.24.0" diff --git a/rancher-turtles-airgap-resources-chart/README.md b/rancher-turtles-airgap-resources-chart/README.md index ee1d2d2..d6bda53 100644 --- a/rancher-turtles-airgap-resources-chart/README.md +++ b/rancher-turtles-airgap-resources-chart/README.md @@ -23,6 +23,9 @@ cluster-api-operator: infrastructure: fetchConfig: selector: "{\"matchLabels\": {\"provider-components\": \"metal3\"}}" + ipam: + fetchConfig: + selector: "{\"matchLabels\": {\"provider-components\": \"metal3ipam\"}}" fleet: addon: fetchConfig: diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml index 3f59250..0939b5f 100644 --- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml +++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml @@ -1,3 +1,4 @@ +{{- if not (lookup "v1" "Namespace" "" "capi-system") }} apiVersion: v1 kind: Namespace metadata: @@ -6,9 +7,10 @@ metadata: control-plane: controller-manager name: capi-system --- +{{- end }} apiVersion: v1 binaryData: - components: H4sICBlUgmgAA2NvcmUtY29tcG9uZW50cy55YW1sAOz9e3fbyJUoiv/fnwJLmTmWekhKsrs7ac/JyU+x3Rmf2G4v2925Z2xPGyIhCWMSYADSspJfr3W/xv1695Pc/aoHXoUCST2cVK2ZtEwA9di1a9d+73iZ/pwUZZpnD6NPx199TLPZw+hFvEjKZTxNvlokq3gWr+KHX0XRPD5N5iX+FUXT+bpcJcXk8/jj78pJmh8ui/xTOkuKh+rROF6m/GqerYp8Pl7O4yx5qP45hzcWcRafJwW8lcGA8Ag+GZdX8PXiq/F4/FVszQ3+Tj6vkgz/VU5kUD3hRzBkvniVlPm6mCaPk7M0S1fwZmX+cZblqxh/VotIipWaBHaXZv+dTFfjaTw+K/JFZT6H/HdSfEqz8zF+aK8NF3OeZJOP69PkdJ3OZ9zfJw3Yo8nxd5PjTWEo0OHfpvO4LJNyUv/6q3KZTLFjmJMamIYpV0W8Ss6vHkZ/SU4v8vwj/XrJf/MrOJc0yVaP8uwsPVe/wae43mlifqjslHQxlrdqLxH+VPfUvLCMVxcPo0Oe6krNQU/8VfIpTS5l70s1/BgR1Px5CluL/z4v8vXyYQOaAjcFawRBXqTq3+MGmgoi8a+PEMj08zwtV39uPHoGv9Lj5XxdxPP65jDcL/Ji9cJMAYac8gNAofU8LqpfwaNymi8T6/TN4LdPFhDGUTybEV7H85dFmuFs8vl6kekRZkk5LdLlirDuTbpIohnMD/+Jo06TaFok/M/8rLnWKPrvMs9e0t5M1MmZqE+wu3IVL5Zf2Zhwcq42fnWFk4dP+IdZsiwSBDuAblWs+Uf+5tNxPF9exN8wNKYXySJWewwAyE5ePv35wevKz1F1Zf//sYVL9jKitIziCHANiM0qiS4v0ukF7H0WnSbRukxm0SpnECQRn3v8ZZnP83PAjMlXVq+Prem/uYBucXnRZTqfY19Fssg/wccpADJLEJiriyTKgELBo3kS4wHVncGxXgKWa9zjZhE361fXQrEhbPgreBGoXFLSyIIlMCMGJ88IZl3gMko42nrXARj5KdK5Sa3r13CMoRvE2/V8JqcR1zPNz7P0b7rvEoGIgyKIy1VEeAgYGX2K5+tkBAPMaj0v4ivoBseM1pnVH31Q1ufxPC8S6PQsfxhdrFbL8uHh4Xm6UiR/mi8WayDuV4dEe9PT9SovysNZ8imZH5bp+TguphfpCsZaF8khEh9aSEZkf7KY/aaQS6KsDMvIC6QSzqb1gIjCgO1BSsE4yF3xEs0u4E8IuldPXr+J1Ex4p3hTzKsNuKj9QWgCeJKCv8OrivpMstkyh82gfzA9j8r16SJdIRr8FSC9wq2rd/uIrkU6IEs8vLP6C08zeGeRzB8BVt/wXuGulGPcBK/dsi/7+ssMXuuBui47ttamKq/hVXl6KgcO/pUWeCRWSEvk/NvfVCHVTgKwCQfxkpij2rM+bKt/z5hXJIAbCRJ7OKdxNM+ncDYBVuspoka8ii7y+UytYhWn87Kl27O8iIgdQbKisPYRjxXxYPiKteo6argWTZsVw95nydPsrIh5doAEbS/6QAHbc+7wjSL+Nn1UmIHECfHVGpLQt1gQfezoGVcqcI6Ii1WTr14ZdqMr4yxN5kQOyvVyCcwAXhhnNIU8m1/h33RUKz0rHlBfYh0D6F2eRfEp3EU4jEAgOo3xqsNxZGCYQbIi4gPkZZ5O4wZx4ebeMRm265HvPkk3Cln/uqaDVMPaKTH0mkQ6usrP8MNZdHoFnynotS/Pb4nYui5n54rhblYXsaIIsqrGXVttHeSs3gidiDvzn5NzF7A9PeNJ0m1FoAdBa5pUOAU4InDC45n8iAQazg0/G/Et1Dt5bIazALKTwVBwO6az6H+//vHF4Z9yOS7xFO7mkgnrAoYaARIDEwdsh9Dc1/hkAuxbegZX2kR6A7i/vf/eDeco+gFOcvIZeNg5MCpy/vTFqxAwLQUHVc/A9sEiccLLfCYLvqSlrOKP0IEsBS76efqxg4aZtoc3jzXtvyNT/OtetH95AROI9vCfezwdzWrhbwqnzLSImgPgz8/xBPQMSywCXq4HEQAB1p7lVlc0AO4jzC2FjZg1pgnQhTlWYdIzJNzbyefoPnLJBDOA3sGESWN5Bf18xhGnFzmwO0wRYbUXMdCyMofZXCbz+ZiJ+Cy6BKYnP+sZT20hojLsVQzcq4vhrcHH7xA2OcJ6G3b+iGMcRC1ujeuqN0+Ikcy3Q4i9sM7CFhBDXU2RJSDCINBm+bREeE2T5ao8hPu0QA3E4WVefESFDyL7mLGoPCS1wuFv6D+7AhBrS3YMJer09kGFsygPdwEpxQ4Mv5t74fWaCd+0PgbSJFYjiDxt3RKLeMbXSJxd3fKZxf1YFzizq7FSuAIDiH+XKVze8PsuNmCd7pT4/fT08e2j5+FvYFU7OMgdcma1fR6b2Y4X8XLMX8XA7KbT1q8Uh9wO9zECrvVJz3TaZWXV/LZRS1VpXcpagpTB2jb6XaQlLSdbMmvXfp8AR7YG/F6IesQea5EUqLnDrRSOCDC/XObZDG9+/abWjIiK7+pOSGt1OW1TSaxhzWh9ydIX+8g9Xojuf8atOZK4l0XrTAves+hjciV8M5wEGDUv1K7GtnIMmFzUeZ26pECQb1ECRBMR6SJXeT4n7pl6pV0sElgWENQoLk7TVREXVxpVkCmFucTwJkzYMcxf10lxFZ/OuUeRZ04RDxK0guD0L4CZXeSz9OwKkVEojYuq1ShaO0Fbl2hiAkIF1N8AdRtaZFui2toto85zwAggF6JGBUwpCeSsMmakqOn18+I8Rr0yvafsPX9zIc0+GVx4K5M5gOpA7xeMD+gRr+De50dwHeN8RH9CynRj/HPdHtw7Wch2iga8f5tjQM8LnYoevy3ckYJngHLHg2J6KHW2V+h4nAMPRY7/QbkpBc7tKm9uW3FzC0qbG1bY3KSyZmNFjcfhcito/M/VUMXMHVDKeEDHrYzxh85QJczNK2A8gdGjeBkGkcEKlxtXtnhAxVvJ4g+b61Su3GHFigewnQoVfwAPVKTcuBKlFxK97OowxUm30qRdYeIYPu0xUPdvUt3e3GKkV6ztuFQnRfswGZN9S9eWEb9psq+Nq7sWr7OW7pRJfw28QDEnAdbFdL9pfzWio4z6mDJFUVn1miL3tlC+SC39CQabpefIE9SWMd3M3SDIM0GeqbQgzwR5Jsgz3e8HeSbIM0GeaW9BngnyzJcqz+CaAVs3EWTk05orNP8Ktzn8rHn9Ti4dGLwVc9JTNJ1MVVgCfk7TLl1RGx0iUGUKikPZyi35cbKc51fI8nWw354W8kZvvHaMKsKJynMMlpEXIgkhajVxdQIBW0xGUOjUhkb7qQECsegUK3xP6fP62jgCh+ygJbLIcUWSY2aqfZa1PescUou3AI51qdzSP9h+9x+66ISP4y/B3sU2D3Fvoc7giyxfJQQMDCCqLjySWA9mUvX6R85+6Wohdvn5T6/fEHpk6V/XiREOKhFRbA3NOGpJeSE4B5DJSC9WyFSsg6Yae++izn7eM4Iqu4K+Rj0+b3YQhIgQzKxXqZD6igmZFSznHKsBDWVGrgb+DDig3Px81aPoNM9XGOW57HM9HuadZXWsYMYU3/ysoVzRhgjF6u1eXxZWUKLA5rkOsHB34QsibM7YBdOGAkm63lU8g2kDIxtMGwIUbL7RDqbtJu7BNE/3Q9M8YyE6Zuy5q9huMj7CtNuPlDDttlVV1XZL0ROm3UIchWk3HVFh2laxFRb0hh70/ngL0zY945vEYJh2BxRl1TYYxv0RGqZtCuNNojZMu534DdM2AqlHTIdp28B1ozgP024l4sO0wbAdFAVi2qYQvu7IENPusOqv2gZvWW/ciGmbbtMGsSSm3UpUiWkD4ekVaWLa8JgT09zRJ6Z1x6FsMO0+l4tqG4owdX8CW7KtPQvire46iLdBvA3ibRBvg3jrhF4Qb4N4ezfYzyDeSgvirbMF8bbRgngbxNtq26l46069YNpQVNk0HcMgYz6368nO4B5ziNjnlRzBen1grLtpA1F7k9N/c0kUTLuhdAqmXUdiBdOuI8WCaYPoVV/aBdPuNFLeRHoG024kUYNpvikbLHDsNnmDaQNwy/NVnytvbFx8nG9V1aWOVz3m1jevcTS1EpU3n/Zk4PHMhxEXRdxkEzs/bn3Q+JEp2MPoLJ6XPD8ko/F5UvlpfapTUz+M/v7rV19YvneV2l2l5d8ss/t2ydytvbHTuqvfQiL2kIg9JGIPidhDIna7iTj4H0k8X108ukimH9uv4EERD1Zvmj7GStK0H/LkAV52UsCWjTNtQLI+u8+7nll9EX/+KbsgyFw5srJlVz86zLxjOWR4FZw7AinGfjKCv2Rwkl1FZ+sCgF4AJBbJLOV7Dukpbkg8n+eXskkgieZwXe09t1a8Z7QSzMaTYdgx4J7i9veUnBlJV90ce0VTBCAa58WYIWCVqGk29NN/vYqL1XqJPFG+Xu0ixK3ZKwOJxexkJaqaz+liDdcKsnZ4VJonyMV1k+muJKTXhw9ufgEUbUZNPfMCo1LSMrsHsynLfJriReQa4qLI1+eoa/iAxHnyUg7Z08cf+Ix25tzEhgkkDMOarLThTx9vuLmWcWF0V+fE71HwlFuAEWJ4r6z7dEAHsyuEC3PWBFpic6N9oSCkaYg/AUFGhcSBexibEtNg0Gs8J65qV2PIxl33UswwWkenpQfds2s3Hydn8XpOvE10fBQt0my9cgvQT8+iq3wdXablBYWIpSWpgBgFYGhY5EifBebgks9IZtMVG3+PtgqttwjVm97woyHFLRrdtjIENp3suZOwyf3FDjONtCjGgcZ53upnaw60EECZL1nKHDHGnKXzeUJuDUnbnW30KY6xWDLDZWfJpWKqjdK34VnF1+oF/A/qb84q0BG2TkVLrnLHuLE1PWaz5ikGJAKBRUpoCcIow4VCIaFQSFu7C15BoVBIKBRiWigUEgqFhEIhoVBIKBQSCoV0fKUl+0dKJHTwrv4b0NKtiZowuUyE5VBvEM8xg+kXIAi65BrgZkhtFHNKDBJMWGmBWT7U2ORTYPcfU+zG4pRufeS5HEOgIQiVrz++glM4SSZyFFtmzb4sLPmo6Zg5dA7hTKgyDNqA7A14W8YIABPpaCyp/0pM48xZiuvHinVKzoEMD0fZWpQmZhJFf0EpUPGTtibjAt48TZJMJQk5B9mqq2ymDAJc+JrzaaAsloDMyhKgKL2Uscq9+2652Ms7gifSx3QDsj5LsnM0iR73vOrtZrHq0xoO7Q9fvPF1+DkOMJSdr/SjJqunXWpHHxLqsuhz0/j1Ks7Od6L7GaAHp+O1XgCRtzJBVdTfFSV3aeu4HTNAkZOlULotcWHY/95PlbXuAT0FkbREB6tpMiNGBa/AyFbKu07dk/NJtPf2wfhbEPbGLKotkljRfXvpqma6WjrBAdVMLkTajw9w/uhrhv+vCMcDS3utIbYPxM+l2tw/rfVF5odvW7rqVgbFK7StP4z+693bt0fj79//25j/8+79v2yugewr0bXrCsmtHYY6yaFO8kZLxBbUn0H9GdSfQf3ZbEH9qVtQfwb1Z1B/BvWn3YL6M9RJbgTmVdwVUSyx/C9aiyd3jNfi/fimxd+CTqZdiRiZ3CwHTjLlFN0yO8VyQJ8dA9ojhYLOG4qMoaCz3UJB50oLBZ1DQeftCjrDHQ6Afw3nBADZ4WFe2c3qB8o5eXoRZ+cqDoFfUdrRLiV7qU4Ru5PKtx101yWC9tPQ/izy/girXRRtBald0QAWRirP8wTkfLMwWwdRudH7pWu+f2XAGd3DpD0/A+CfxtOPOOqHv/89mqjiFjTWr7+O8bcCEBPux19/7SyBIEPY65ipA5l8nibJrIy+e4BbXMRT6L40M4BjCe8tFnwyv/2d9RI7GsNLjlHPE0q7j4c4o1HVpcBzLtdnZ+lnBNqcbFbRt64lvDHzZ/YAcTItFwqJeKfOckRYUnEU52tHJQ9uX0cfKlD98JDGqSiUxG20fx+xM14adHOiVhnPlzBRmEoB4hODfUSAIDNofgmnf+QHg20tC2hqfQxUUIV5dhon/U5LS3f60Fzkl9E8r575OanFAKuQbiyWKy4Pgq7I9BbZt1lnZ/jfjqEvcgymi8+oUIV5m3nb4iNgGp7QmUxuApuh4w0A0kc8DWQkrvRLpI47Q0f+ZN4prtZ83csETeSd18GLH988echMKbNHctOh1FWksxnQRpCd50JqWC2norneONNj9GAC7UwRpzvbZasvJc2sgHmBrVzk64z9QJjFl+2rb3m5TIgBj2aFrsGBPXdHexFUENgCOxj2aETGRqa4MhC5DwhcqW+hMhRYk13xtObpIhVWy71XL1oWCywgy94siHzA63y6mvNo0Xgsdu0PdxEJfsa4cTikKzgfO8KFli63RInLOCWKTr4i8OATjdDFEnEm1hmNj8KrN6ZItxpZpIctsOUWNjXUsw31bCst1LMN9WxDPdvu9++AMTDUsx0OjFDPtt5CPdtQzzbUs9Wtr1hE/ybV/RxbQrUVazsu1UkxikCdyaWlayu3SzOTS21c3XV3FVSV6WUNvEAxJ3uEi+l+0/5qREcZzWtlipYP1WuK3NtCpahq6S+v6g4JNI1A9A3r7gZ5JsgzlRbkmSDPBHmm+/0gzwR5Jsgz7S3IM0Ge+VLlmSX6qLQxlf27I59WHBbUb4z2FABnnA6ZKW73qbE83BTDTw4zsSO7JrcX+QoW91INrML/ZFgJTMyLGQc+4j8oRrPZVWdUdWeCUBrUSjhJq5e1G4/GdoywwGEjdgUAbcvtEwTEmOzy6/M9eFZXskgA5xz/I9vcfQh3tinVDp98jqeYiy3P6B56bE0QmMgnyntvAZDF8cqkk070hNBXQETLMGNttuHcNt52bn5hcpJmu/1cd66y1y3c6tZx5o1To3HorcjxfXnoyWtOeTcp57k+//Od4xu23jQL2CowRHGxThTwN4bRLkuO5Mvrqr6ZLyu7i1OqpMXzWgo33pUfUZz6EM9mH0bRB3SABB7uA7lxwb8WcPt+oItCu0379D2o5sTSs7LlJtDCvuun4WI7UBHeY+ppuv60+ktM/XzaSNxfWyNexOKujNImubsdYh+HQ0ZHLUSWX/K22+kD6KywV7I4r3JClA9wwJJsJpu5hL3Ff3HSE7/aIV+TOhCQmRHkofjKk7B+FO1Llwc0wDja5/EOmLHgyQ0dRiMg/KDw7yEqH2jQpBzY9yBEJGXMdWEia3oq1QHol01x8UlKaSV+5k7kjx/QFSktjd6TnGdmM/GQJ9B6UhkhK+WEsV6udBiTBlCox2436J4v7jQliuboLzNkLX9JWJkjbrQgCKGnf4ZCWvnpeEIk2lIighDHZBt3d+Q1zmkyjbFr42005hiCC0p2cxEXKFTNTKUGAlzLPLxG08UpJIU/3Byz9VQla81p4yhRz/46o4S2+DfpMA/8wPYqOasInBfr0wkIm5YcNQbxsjysL/fwdJ6fHs6OkqMH8fE39+GP6Wz27TffH3/7/YPk+2+Ok+R49t3pt7Pvj2en8XeHy4/nh9NidvgRyE72CymBJuf5b54dH303fnZ83JdKBltFclJxFON1Rl2Oac2lM9+2aZ8Uhl/rEaUjFI6p3YaW2O73u6+2Tasgrqx8yrioP+UVa5RdGCaeT9dioJMd9a+XeFK95I2e6FNcpBgtpPht4mQnpAg3j3BLT9fpfAXP9K/+gzMWWU7uCYtPCS5Cmd3EGvJ/Tp4/Qxwj2jhokYNrXKqVXPcWq3HUFut/W/sbl0N39GfVi/LP1KfGb0/xtDY29ZpgPaDml3/9ytxVyYtfQba15yXvqfXn3sKmhMkBQrH6RBPsPFMqXa2l0mS7ZzUNydi9of5E0TctTmN15kPMwU7RNWZZyEro5/24NwDr/KqQV2aKn7TPEZ/sdHakf3ila6MNm2f1Y0GfyowxZtfjVBKeoe11pSJLjaaof7nDLlR3LaLeNXtT20rNoiZo7CBnRRJ9Qr3rjW80toajIojDMK1QABPxHs/LvPHEc5j29Gb7M5JYKXaXtU6EujSYPk2eTDgj7Snw1UnsznrJreoaI4rqDTa0tZ/mhnnCqW1bqyNcDzQW9TrDpLK/TvxuH7EX07UnVqMyMn2fYCEWzxkwdNGOBYg2aczHky0cyo6Lqdn35WbgbzulvHKW4Oychj+X5qXftdtgLtZ81Meb1N/3rkcum/wSzsVNIbgeazBq6y+3RmrsKaBzpf0DoLP3y36SyNi6c3texFu655Uqb+chj/Sso38NY9vm5nhLSSmdr3jMp29fbST3sStb/2BX2Yv1Is7GWESMJGP7ucObjp31XEqxXixOMhxw9rQzRaovMdQd8YJ8tEFU846txEb8k366T/bT1Q0ogt4osVWbS2VeygFVL06pgsjC9AFVqR9GESmZL9MyUUkbOgfCoFcuteZa8ln0xAYvKrZLlRq/fZpA1FUE7ua4IS4DW6OGcj3Qdt/M/Naj0921a4PPfQcbMkW/J6WoKp8oO4R3WYHuLgziajhkvSRYO1HA4ZnzMVIj+Kk1vW4zSZ6SDF9u48uuVfJKnGutrFJ13O9U47lGSSrtzqQ8MDuTN7MwhLFUE9WHxiT0WsYpe5qTxbssTdY6YzBzc0Y/c6YnRS9Zl4Ju8fUU9FphXyGu3dnnuFVzxmmkeJRnZ+l5/xb2sAakbt8ITRtf7gpNVce1jHh9C3UiTC8sXP7cDa7by4TWm+egmycb0ygtD5zL6OarNFXbxPmyzhGUNeOCthDjCZoSVq7bAzLEOUqpedTWssqKFZAZczbwZieN8nOe7CAItk+lNp0YDyptk9GLau2lslDnsnpX03+JuhN1+tPBzmSd5PzTb/p52shjR2ZeTd4jTmUJLMRFeo6G4jn6huv8hp39xq2b4ij3+hhrBmHGrdnDWj7MmX7CdR7K6DyXaK5TVGujC47erwwIlG13iF5iKQ5aXfR/PdfAysgG+ZpcKfAGK5X7xjZMkVdKzDtydw5KjdmW7lAntuyRs7uTXjo/tBNimrSXW1+MfVkn78ju3ET2ydb8kwM4ZQ9twK5v5j5y1rsTfSoT3z3SfjEqvrBUQq/tD6De6hPdSEfBNl0dHan7Ifevy4t8rnIss9dmt8IjX46ZRksAaJUpFfcxTp6clEhU2ccJD1vvekeWWew0saIrUyqCZg/g3CKXFYa/99ohcYWzORj5yRNhfKg6vJGdvHz684PXzok1JtdzxGvddizCYl4+pXH0I38UfXrgFoxkj9+YvkjjVK5P0cVKgCNPhJlxdvhn7SIXPXr12EkcfLXlw+nscKtD2xjWka2CWogrxUPjpbfPZJe8eS/jKxUDXnoYXznN2qNYQoHFsw0pBPpRYnE1j8olpqOTtmVgDOB6tQb5CtNOYxqD9JOUUzRv+Y5gMVxrtK28FD/In9gN8gehEEB/GFvhgij7/VqVTytwb+uCpidCoOh08Wpf5iWldeib6Y7cNAFcPzpKXXEbjGbYaQWvVOo+dXZJ66Yl4Pgca5GuKGmgOotwMgmypaLTHvEl2P7Z9i+7uob9w0432D9StRbRAhnhsI+D9lH07rveSZVQU4Than5NT57ANEPGhYKrTJ/saH5TkOq1m7W9OsR+1gsIghzlDPUDnbdhOMnWvc7yQ3EA+1QIoIo9s/ux3PA3jAeeZvWdxSH4GtglX8wg8Ms3ojFQ/+KMTAPwY0dr1WzP8/hzurgGTKr135T21ANYu355B+xhmoH8jqGmhZTc9TtwPr5tZk1pdr0w4/5bYCYPvhyYcSHZXUOKe5WjZAQ79TtTz0kkV7/8zAJJep7lTr2Caj9QIICigqawkOpsycrRMgFI7AtdlNQgldiyMfyLDmmhM35dJvcwfRol/0C7M+xjdu6qa8zNGRPWNShHhQFTtYK/MebLPDGczKEsanLerZVWrRebBPq7uueGR4J7IBB1ap0v0eNwqqhBbKcDEIF9bWuL+PPT69hS1a+25sSfVX0Na1s3Yl222V8hgEhjv/vG60wINe4D4jNa2zVAkTvuAKPSq+8QjH704trgeH0qtErnFjzpCjclExLMHmVrzzh7qP4u863Xi21H6rNrg/Z18E0Lw0naEOZT3+BtBqAuOsbV+Vik0vG8TEYNkwULSgBqrqmIwbmUkzEb4eDJX9dU2059J1K1dLvxXJDc9k4FTxg5uJk5bTiL3bOS14RpaXY9l4z0q3ENTuc/7iWTZtd0yaiOO8D4j3bJpNk1XjJ25xY8/3kvmesRzhdG9LYhvONLxgzid8mcY51Fn2uGO954NsOuGXtWG87jS7loQIDaNaaR+32fQQVfahhVKlaUIHjWWp4lu7d/Uacb2L+SashBsH/576PUoN31Tkq3isAXcPQ/q1yqdYaEN3Xhly/ophVm/jGXg0HU5glSUZ3dMAehOvLz7WjzBQmnq9Z888wMxZ0Wtz8+XC34Izk3+jwAVdsRMnkaGwdE7vqaE+m9HcNbrZ1CRvDvwabbn23DL+zIQ13Wg1Y00oWNhU8aKd4XWDIxDe2Mpq2z9K/r5FpEeqvrqsGNbQQsGUkWTgkA5E9uSrj3N7ZVSADsyjgvxgzcXQOte6QmL6QLpqb9AfgJZ9SrilSxNug9FWcKLZGgJX2xXPWHw2uIq7Sq6A+Mv8VYeiSdSwEbdGbCoOekWKTADvRnC4LNNOXHLWbO/Ch8BeBtb2fHB35OWtTGA6SU2ieeaQfuH/j5/Enf/lPfaPKDp09fTCaT6G9JkStns+s5a13X7XWeuo4xGcNLFeCprlepqyTsq2dKCFNJABmRmjO87sx4TOP5Ojuj5BsyrGZs5lf93BCwa8mS6KN411v8JufQbLryxkXVld7DjV61DffacGjD9rerE3nrlMLt0N2gX+Y8s9nEYk0xhwXSq0yH3j15BuBEFOkN/sY2j7PzdXzee6V5skiVdf+sp/pqrX3nTiW4UD3yOMy4TvcyvZcxNC+NR1W1zuV7J/jRg2CSWDzb2Yq5N5Y6lvxktS6oDhYGhopmTSHCGdYe9E1Z83SluRmspDeHLkD6UPnyL6J9zCPOYhPzPirk7SCiyCcdEz7Pp1aKeqAAnXhuwp8rx1Ty4p5RoCi7xsEh0KTLd0HJBPgDAosFEhhg+rHkTCA6HxLcx1StJ4k+nOX5B66bKFrxDzDp1fN4+WFkQE97MlUJRCilcx59mMibE+zDF+hn9T2TCa4uczr6JW8K5ctmJtPMtuybkvBOwoBgdw8ZKjzXZ/CD90SB2ueJZAJhzyf2hAIOPykAhpSwfQCuSSea19KFDWDe3XtvXKQmmBWb33orhR4u9MwAnUyQzft9R90hHY9PD6er+SEm+UGEPzwgV8yFKl/knfDQBgjxkHRa0grs/OoqYEOnM146xe5J0DUX2hPxJJ4DEOMinmI+zhEF5354e08eYamwe+8/WGDVBAQ7HHSYyFO3clYmD775lw8YbZfEhbAUhBUfNH75HRt89e096RCm6zWrgbzfAu4EuAquNSUbD1Gn1+rnWVou5/GVotYNSk0hZuplO2G4OHvSdan23nNKVCHotEjij7X+tdFAVdm03/QnX5TSflRZJsx8DxeEhVhhxg+jv+PEf90bhGt75jL66dUzvndwkItc6VmVaDnBn/auEWOeaH7iBnDHDAb9TOfAzSJfVGNrSI6uJIJqufkxAaraEvqAMKrKLuBPiFSDOIXXKaZrac4XOlMZuuP6DEZoEWxJZe6n6VYN8O00B0RQy0JGoTkPlADk/HHZVVziiFNnNN9W4bccuXk2jAXFJmcX5tbsHP67nq+EMhbrDHPwR0lR5MWob8tQ6SCFJDwnEmuv8OZEmOJfYt4dOrEd863glFKlaLWetnrQaSQNFteAHNlKGc/Zcty9usgs4iM71QMe2jbKGGxX3BgEgo0PJlUR4erDCCaMXVFFFqwEcGI1Atz790gX8ZmlZ3YFYTIr4ZEk0uQ7oyd+wSaq7X3WnP2c5oxGePTi3N/7N96y/TKZn03gp4N/2zu4FlIKO1v6008OZ4vIhkKpo55mhArXSH55gqrud0ncP+U2NUFeLdgoXzXIq1BkSthUMLHl8uTA6zDB0GpQW2r3RQC8x02wgIlE4OmIbn6vAb69kf0jcJan6WyWZNWfXwnTUf318Xo5x2pTifctjikRVNpAFTooFX9aZubb6wkctrM1JfeOZzNryZpdmKLKiIvvTOcp8WAEf9xGLmSn1c+UfUgiQlQ/JjHkinxWiKY05us3XZ+APG7jDXHd/k7v5+Av1ZYP/lBjxbWQjLUviauc+D1iaGocuMU79WdaM00nuZRrkbAKeLHJu6zoqMl0nufn8+RwmszHyJy+y9705K4zjdh7tP471ClJpzbFl7lu17lMaKLRB7wIPuhbzLPPdt0brOQ0X2d6Ibwszy65xMu77Kkl+VRAY0zDPbXm7WaUfMx+8SWOtvSKZvmsN+GgaZZ9mhkMTv6D0HuXYZYRAumEnvkqW+JspnR8hMRTXbqGtEMAAOoY2JB90/nBBwKXN/fVD9RW/bpn/6wtJBXaQdXhjx3yl+8ySgaiN8AXLxRE30Iff06u3n8YkZpOGEnMq1+D1ZCOuU/KlU7ngKtSzLWv7CDMaFkkjYLHBHiLImfvkLN1Nh1ygMs1WmBKwSuY3f5kMpHNb9lWX3zItVGbjwZgMRUpqFRojbbcs/S9giny7VcWGN5lGg47QGP4OwbReaTomSJF/sBggoWdaFIkXHf58F025kEHQ5j9rM/kkJUPo7+/o+vq3d7D6N0ebSjcIcs8Q8i/vfeXdHaerO69nyyLNC9SD6M2t/8ZHR+92/u1Nk+egQpfFTurd4r65kzZD4QwkP4cyRn/X7/37PIo+h//Q77BGR8ddM15kFzJZT1b5kvVWMu/AGHbv4dX6D0e710mHlue/VPKQ2VqJQMj15BGWV8KDSHC+1hmfa9XVh1bZAQGBSryLjO3bcnWVu8LezpfzwSVdUw03Th2VjytSMGVenYNp1quEOW6SleJDzjgjPlKaz/yENalreszqR+vZAL+QGaHs3d7SiRAfvXd3iQ6af7o36ll79b28hgBj5z0ibJ4DeBhslzcVICO7hDJRB2PTjQyN+XjZCArMdI7AaseRDEcOMoAqt+ejUynZ6sN6tuxTO1dRuU1NSZxGRHtyFMsog9v4/HfTsb/+ctkfPhe/j4af0///Nqbz6vcpoD+Jw1+VI3tyidYbSALxUg5oeO8mElq16oDkjgIXHiKipFM0rhTGLpDFOTeL7/ck3F90Q3mBF+RoRUoPXQGXVBXE92TvDPLV/zMs+d740YPcXmhuj+0H/r2+Msv5dz08bK6M6yLF+f9hUflQdWYE3z15PWTVz8/eYx5SS9hw2R6MvW/y6+/wthDlEPyGWuCAJ9XEZwFOtt7I/iLQongT88e3+1l6/mcP00z/m9c8n9JZ8t/Ag9erob0ikx7mqlJJTwnnF5eyB/CEw7pND2Dt9WS0wVqxrizeaL+yPPlkB6X8fRjfC5zo01HpTf/kzV+cEtU+EPfriNhdoQIwNGMqwd/Vh1xc2btl190N7/8Ev2viPlDIMFDdBPOaX4e40/bzPGzOqrY0bXMsUhmcE5hmG2mqTqpEK+Znu8A6eUD9vwBiMbHhExn6ob5kM9nryuKGLh6/S9cQPp5Ok2RHsXvsg+rIs7KVOuYUVJ8l/3xSillfc9B18RKY/xQ7rMsddE4b/Tgvnp4uptO9fT4kuQSrWxCgXX89PLxyZsn3pp9UruXKof+u6z8mC6XbO1DjYfietk3wZsNI3XzGYqVk2swmfhGXSAXhTDrfW1A6S//qmIVBhRFyzFIuGPM9dpfldhj1s3ueWowSI97Zl9FANWGO9z61Qhgg6idE5p4/IrTrUfs7Rb1BPp6H+Lw6JmLX7++QTZibgNNBJuY+m4oV79qG+fsV2147n7VBhX768/lr9qd3t2byfWv2qY5/1UbTJN7X/V4re9mGdezqXe81zPURsV7xvqz1oedqocNi/5IGdNNSv7Ip5b3Ol4G/CscVXQh4EyewFZw7ZY2hHjKKQuB85gj+oiZDz/ndKjVykG6oiFZptvAUJ+CMJSdM3BfAs2Sxe0443dQm73x2pVGWp5jhRp5gWu0dpzbTiBgiyNJzW9Do/1EOiMYfElQe7HoiPRxJTvE2dUpWRHYPsvannUOSZ4qqIJJZpwukjl0u1DQh20qNUz76hcPIc/UGXwBdxj51qj4U2vh2mVPdEyyfrd4Qs4c5Bj9/KfXb0wkpmG2bHgIic+40pEqjewcoFG4SvCObDlZfA7Ab+z91jUDxbvocb6IU/9icz1bUOlUMa/Kj2nGv7JtlpZj6pJMxQ8m7Qnefa4zIABwPrIZFTv8wR64JLaKWCgU5+yd9grKtmLvRWbj7cTigQV5vyDJVAXLWA0gmzd5o6qOqeMCnbQf3K13UID4H0k8X108QkO09zY2P7WKrz1vPHTvucolPXyZvuLBIv78U3ZB87nq4wK94kGHBYIOigAdylCeZFfR2bqgIJoiWSSzVOdhIE2ECh1GPQKgPnqm7z234LFnDhOzh+RA1Dvsnqogvaf5fulwUMaHarh3f54HJMKv0Ua6Xr5JF0m+voY8RvURVGwqilXJqpKskVylEYEH4jw2JNM5FVEqzKGBq0HAyOFf1aKhL/AKSsvsHsypLPNpGvsEe68uinx9jgTvw2sMRXjJ7qPF08cfVLBabx+or5+tJfqJ0gGIZ76u2Yc+AXFhXMI4mxZxTT7qIaF/99AN/ayItbBLLpFXCCkW6Ajk5SpeLKN9Uo1JmED8CSg4yjT9CalhsDxbFfk8ejmPs4SGhL7jOUhUsx2PJNt6M8syg2l9D92Llf779/oxKzUJ4Y+PMGccxvF5JWG7ytdwJZcXUouZlEyMJjANWPZInyC+GJPPWgsMXxztLPGGRQjfCEu7+8wwjSFYVDA12MkvxKbJir3u7Vw8vMmVk7JKVHBHnhZe57Z+RudAd1FBvWT1yIjx7CzFqr3sVdWkZeS5VqD415/zgDmxkhSLl8pwflbkC87pokBlWFtC9gv4H5Qqzirw0p54TBs9jKGxNVWWyOYpSjdAxqlcHfSo2OSTl093qn7UFUh99EwVbKMyAJJkX5Ys4PGK/xiksRoUFL6JcuvpGU++EKt+HC3TZJpUMyVJ6VX5EdaZFonO00MEY4A7lXjDqxBBCdCnqPDDP+WC/RIKAyRwRT6DI+2jCItEXc5rfDIBeSk9A0I5kd5gV97ef++nBMUoWCmQMlIRPrJeQxNSDseJdP9GClzmutoiLYhqj+eyoDXGRn/09DXfo5BDs4S/o/T56160z24yZK3d40npwDy76qaZHCfDKdJz4HI93avI9+ITgPgA7QuYFiO3OqRh0tLKflGfLMAbZlqFj9fAHMx8X7MmAM8Dye9RXkFvn4kEXuQgwDNrDCunmPUyx6DlZD4fK+enyxgopJ+FVG2tWHOBcRyYVG7gAf4Iy7yus/tn6HsTCgRytYpAr8QbTKSyCNw7izXwWFeHRJ0xNDsvysMZGoIOy/R8HBdA4VcJXW9Y6mMM7yEKkdPgYvYb0jOOcek+vjuD4OkqS2u3TeD5wjpTW8OzJTEAQAkDicpD1Cx8SpPLQ9RVwarHeGjG4sF7SF4Vh7+h/1wH+Mhj4zphSAPcFUBSMOnhruGoHHM35SE8oflapROpjYe0kNX4HG9t31eLeMYXWpx5pHXFds3UAHeLAgunV2Nh98bAP45JnAbGAn7f9fas02sjuj89fXxXUPvwN7DOHZOIAebDimYIfTTEKLbKF+nU+a3WmjxSAvU1JFxsDGEiw42BSNgn9QbxTzNYUAFidL/cB/wZZxJkawOJbKwiQgOKmgHnyLBGQQ0cnKpTleis3/F5np+n03ge/fgKTjZGQfHxbllBStoElgzVpMxMegbaJPOW17H5qbEbdjRlzJoyS7uinNGZk+bAMdKJgGDoMZzhVslMpjRhkyj6i0oDwO57ZkiMvz9NTNKvc5BDffzLUEJZl5LGJsJqbawwkclGEsbSgyE+GoYBbhE8KT/hw9TfiI79BIZhHhcrP73vZn17pLTldr2rHOJYx3vj8aIvurO5ol+tvHtfPY2/r+KsPwnSNVpK6EBLWuCzVgNJxQBS2vaP3nmkpZL56c7HpeIoez9VVr8HVJ58boGqTZMZMWN4hUe28ab/nD/BNEVvH4y/BaF6zMLwIonVzWSDQZlSFRgIJqgc7EfC/ZjiZ9HjDP9fka0HljVDw3AfyHC/Mnv/tNYjGa6+bemwT4Unafej/3r39u3R+Pv3/zbm/7x7/y+70TZ7nQMgF69Q4/86wRtiZy4LqtaJwdWSB6D7Q5UByJJL2EplIlfaVFabObs/FTuFG81se8FRtK/616Z5cz9pawYemTJH3VbZ5zVO0gjMwY0zt29ytwq1PLjfiy59hmPgJmAur1cF+vo5bdYVdKl+pgyX0wsgKMr5hl9R58JNjkuVhIvNSNLDIF8SXz5jdU1mGm1wUP4JFSuE5HrBw3KeZJTd0YBJaxwaC/bW7Ul+GVErUn4xOhZnsDOn8fQjJRf8+9+jiXJ+o2F//XWMvzV80SYrwdQX1ltwf8zyBfyr05GqMh17+TPlgoopjBMgGt89qCRpVLOlPDPpYsHG3W9/Z73Elkp4qXfs84QyaaHzakZjCxMu8y/XZ2cppaKUimrf9i/njVkLrmKRIKKn5cIkSKqGFMbF+drhIWi3r6MPlT358JBGqyjJB3gEqS55sdDZiVp3PF/CpCUdp8phhqAhXh8u4jkmLhsCFRzHjToti2miuPog2ld0kvT06ueJ+JY2hyrfvieQHezImut1v6Iw9BgYMjLH9gsIQ6hIS9eamFzklyBKC8mwLI+c+G2FyLliX0o0u9JbJJnqeksCd+cEMHUkpihfSWJU5SpCqrniIxf35iFIJj0xnhqwu0c8GXTxv9Ivka0EL0K0Bfvf7sdHir/4h3CAo50t4vRaMMbqVxc0yVfx3KpuSN5DGhXq6APHLSP3wxl2xUDCnt2gJ0cdiUpT9SuioxEx/QxPGY7UB7IvNIKQZHJ4AkmJJjdPF6nEofjs+IuWhatkguIE8EFSGPOY0XgsUqk7HP0LQqif8zlQ88fJCoa4Brxq6X5L9LqMU85djRonePCJRnDLVSvKaDmjWSSziT/WSeca8aSHrTHvzqNGOZSV78EFhri+rVX3iqOlTNrAGE0Tk5zccprusaiT507W5/N1+5D3FS4sNcc1uoGpIybBxmpHcsunCZY6WIPBqdaQ07C70bnodTbIfDpdF3j1KxFmnp4l06vpXDN5gC9w5mNAFwH162S10xDMRfz5afbDPD2/8FLPepfeGV53Z3DRnU0sd9ZyjY2HmcIFEjK43874qYUler8uMCN9Fglh5Nj0FJPde439ynaTQ00dd1eqeAWzwyYtOenQJCUrTIkjc0Z8SL0GzeezpLCRJ9pfl1y0UAXGCP7hTYP03KDpAWryyHNZ9ItEongRvot+ka9gT59mIqzPo33kYxGpE77ybDgfjNrUj6ROnF/GV35JYCSpGXkGy9Iw4xoGo1xm9iEk1awajWmnnxHXwiGhn5LlKI5AIIZhTXm6GCt8TWGpXsVisKkkzFYq9bRUA9w/+tdRHVcsLoFlllIrX+F1X58oJjbkVkfXUDqNfeFhZ+StKemJJZAIc+BTjEaZ0uaxVl6N1q9hxsY1VDjJJlWSMZBAJ2qKnepTcKm2VVjDAGsK7g50+tNydg3aslfcebSm3hEbzlLUFRbxopxw9VDKVz/H8ITe3hoXulJMvkFz7O/VaLyUXd5DjLovc0CF3ngffn848bfHqCgXl/wTKU8BI7u0K1GKRCs9u5KISqMloLOK9AUpjXfhgXrdy2jvFWmYRtHei+QyKVeYK/tHIOC+dSjIsp3lhp/HFN6Y4WQk55vZ/cc2HLBWuiEmUmvBYzTfJNTjiBfl9Sov2+tVhstuHV+IP3i9LvyquXzpvNAbKyqqxXJqB0djgPxsjZVX4lO4Nr2z1aobpdm99wkxQgomkj0tQRpdaUvvfvL5YfTtQf2m9b301PTMvYT9HR/9a68ilBsJUjg7ydpzhIZoMvYasxlK1X69ndQWR33Pp2vW+5Mqxloi3px4iTLt9xuhohjcATvyQLEjKH3aLInCGmC7/DzQ18uIrBXIWYoNm03t1duNc61KIIDWUJAWxWsYg4eYnQmFNJy53v5ZTjvJtpXo+AGxTwpLPOULQe/oR7L+zy3kIsd18i/6KKE7TbB5DaJBi2AT94gREORSCZIIF9IstRzrYp1lvmEasaXdsaRU2YzUMJo1UA065VtyYRIqrA9coNzVtBYWKWps4XUT4Y2OzlAivDnZRIZtO0JPvMIAEl/xu9glAUZCsxUBJuEYevxt+0H2oc5e4zAFF/JYIb6xCrEd7Wg1mjKyOZl5e2HQkXI2Ly5DRD1lZvsCajuJlvfMigs6pX4BHVEnvWU/rY5tuktSr49j5mDXEMnvYtToEyzdQ5tryVEVKZWu+R8zFnr8PBSUoAQQHyTw+shE42qXvW+rmd+gZd7HsWfIzq0qwdZYeGYecWi0csdnS0M1W5X6ih3jdFR8D2vf5fhTGmdzHsw7kRM3X13GaZ6v0I6w3DXq645NCAPSBvNzM05bbH5eAr1OKmbgrGDz3JO4DFH3YJmja2KOoGsV1S9lTmvh/bW6Cn5qdLKIc3C/Fczf/+Ewp/2hMenYdhmXjm0g/zq4aPmmlfRuI04d212JVcd2d+LVsd1qzDq2W4tbx3Y7sevYdhC/TtAbetB949ixbXrGN49nx3anYtqxDYaxb2w7tk1hvHmMO7bbjHPHthFIvePdsW0D1y3i3rHdYuw7tsGw3SAGHtumEL6ZWHhsX0Q8PLbBW+YZF49t023aOD4e2y3GyGPbJPzUNxn6NvHy/hGmmOy6j5nwnnY1j9muhdpalrSKZFt7FsRb3XUQb4N4G8TbIN4G8dYJvSDeBvH2brCfQbyVFsRbZwvibaMF8TaIt9W2U/H2uur5dVbzUyUnhV9smqvRW6FSL6Ur3L8f5U5W6O0nMaVpWZnUIinOVUYHZlbtqgX6TZMFXCUR2KGU/E9b/k/q1Kh0GkLsWUxYALN86ulLlaxQYk8+Y1qYWOozVkoJOssEVkoAeg2oywRyaTqWHE+lxFLxSaWeWeSz9OyKQh6ZTm2UHLOdMK5hoPE5EDy4dwzId03JQtXC3VQtVPsPM5Ei5pHKwVZy8B/FftmhuHNgeTxP3IwKoaVT32iCoQjGWLBb3PJ81ecyHBvnH+dbVUWq49WdFHmkkmydT3vKafTOoC8t4dDCwa75DqsSLPf1S6TBOyhnSP20FzJcwqMvroQhrsezeCGtb2fVC7+wyoWVTf7CSxfinu+2aOHOwF/tVXHp6qRVyxeWNv+Na7I4n3gl2VBW+T9uFUN9dl2je+SNHuSj7E49eweTcy4NZjjH+KfP0OmFTv90uTn7iOU/UFZOoqE3mY+TYBsycVZayMTZNU4X0nTn4CSEHph9kxj8kHfzZvJu0gb90yXf9LpoQ9rNkHbzplEpJNz8h0i4uTuk+AeIOGWFXUewaZtKK0SbVt1xrfu6VNoRT9kIW3DPbWnBPbdnxsE9N7jnBvfc4J4rLbjnBvdcdwvuucE9N7jn6hbcc4N7brWF6NNm6xF3g3gbxNuuFsTbIN4G8TaIt5UWxFtqQbwN4m0QbxstiLdBvO1qQbztaP/M0ac+8meIJtUtRJOGaNIQTRqiSUM0aYgm9Z/vkGjSzol3PEDN2Lo2p8oJt0P+XtPLlTCO/FQILqnYFHdpf1Q9Et3XMjo7px13cGVG5kU9E1XmduhssHVGn1XBoAbVY5JeB4fTennt+UjqXqceW9eSJe/CjvogfSwMrGf1pohBMlFe89tG3D7DAjHCpyUG0NFKj6LqIsFfgjuk1IQL8MKleGf1m76ndRkgqsk6pyvajEZRUuj3SnEzMXngYiDPxyy/zKhoUaZdSrmMMnXYOTi+hTvCKmHpnZijKcoqyEd0zVzFkmG9FfKidtILxx0K4k4ZdxeH9N2gk+hivQDMwxA84n+kX9R60v2FtamAr0qB/4pP0eWXQKS3r2eHGELM+UUYVtHJZvcuGGZYdisefNf7hkRV7MlYwhSe3CvpBFirQ53vI5As54/i0uHCj52WSmOBiIELnl7keUmIhJiMemtEuZWBCmqNrdDJ6Hwdw8ArLPcHfdwcYEvgoot01RmK6Ata1Y+J2kK7zGfkg9IV30YIIE3dXvE2THNU25QsBSKPUiKsdMohZOOsgl+do9PBBwIiKYsUAYd9XPOI+CServCM5gXKgq7oGdzR12o9DGsVwk4pCzJVeoxvsN//EM+7EaR/B1ruzA74C4k0hhVG3RHRT/j1TbEGaNJ0RtFPGVG4jeflKpvlixUqmYChxvaZInMOHsV8IuauyTRfHHqcuecYejDRvU5oHKvullaw4Y4XeVnq+7Mk61d0omKVR9HpGivpTWMMGzXipGELOidhZIyz9RzEhCSJJhTtw9tkpofl5KlQ+Gk6R5Si4DKsjw2Hg66jdLHMC8DeTv1Zz2a52Ndxy8Xe+hrPuvURDt/ywMnWdrO0iq36k8TnttH1CoI1P9B5EjBIYqUjffNMv9syXSmobQSyJrStYO/vvulYUnuI96fjU7go7/esRN6Kzot8vSy5EB8GtyKNEclVxeqCBI65FwpWO6StK8LDZHGj90pFIbT+6+fjP9KA4i3QXLGbK3Rx0Y3FddIBi8XW4Sg2vy/6JZvnVevRlLyLq8X2Z6RzNn+JBjyiAz/HRYqnvHzF9RxfJWdiSyh/Wr7JH0Ono+glHv3ZtplnDEuv3XcU64S8BlLoGNmElZDvbrJiL5lfBmxHxuKV0LBtcsf4c/mNFfZoZ5o9m1N6TXIAts1kgYHCwDZMPzZfxh+blwKtRwDANmTvNN+PHlXXJRNgo90SxhUZRORdZa2uDxfx52cUOv8wenD/t9/9blvw+VxBpg2BZMtdVaN5E62ptq4tO/JTcPUy5uq6p3FJBbb7QPsDcVPIBE/ZEto6UKppKjCxx/eZ/aFpNbiWt5/fT9qv3u9HtbnCb4gJWBC1r5QoXU1ok0FSKOafFpKX6LV4Jmdpua9NW3A6nYfRUS/m9GVwcUui2IagS6HEILkyyO3wvIgXsCwQJ0GQylZ4+xf28VsNEmPdWPOyyGfracJ6ay3G1u9SPLGSFg1kOtg5q8wtSFYSOVzKdJSE6s4PRjlHRD6maOMa+z5UMsb2RvVjZ8ayBI5+StOQsKXQtlPKxmaRqOOj+z3IqN90vCaZfB5G//X2ZPyf8fhv7/flj6Px97+MHr7/2vrn+4M//Mu2RNEtiGLbWBh1ArxHUMXWV894HO3hcHvuV2gu7ndkLtuCsq/kdAWQ1yUkV6/N4++8cG3/LWMUINtY/vpa/XTwh/13E+fzg68P4SULT9+/HRsknbz/+uAP1rODLVG232rjJfryq8LmdD5ngtv5uFN65scdEjS2XuMQ7OJTEkOijgRku7cedU53J8YjkJaVXNYnL6v3qglIm1YkJegRI9Uyc7xVlB+uujN3Ysjpnom27OhVsPNaK1zj5TKJC51uwNDWuGea/VKf5AtyuaNUlmS9X4W6/YDyj+iFddGgnlSMnpB8rMdVMHWQjTq0t4GsH3y5ofjqdpAY5ulA4rDyaRdlSZGepzrg41MFzzw4PeFslH7pQ5rNAZYfaCvNOVOHpJpclVO0yrlRzv3olI6uD45P+hZZHTotp+jnp5QBcfRYftFqHO34hc5BWdmfcMbTG8XP/23YDnb6vhHo+o6Oak8bvizxbGa550TszwaAvEjPkZWeo3eq9pnq6b16Bn7Wc+r57DFKtOhGM3tos8uYOko/If4efjnPJY6H0o0u8k8GUzLYRSsUyg0Kfw+8Qf53mzo6DXJzGu7kNMjvrs3jSfvKeQzm8qbz+Nz2tzO+dP1fDnAv8nVcu6O7eZMOay3uaprE7nBPdujwNRSiOuLTXI9p7U6k6AB+q2/NL/IVLISUFuyUrIPYdG+UIf7yIhcH0dXFunRq8Lmt8uWYibHE7tXuyXJ6kSxicksBlgYpppiBYqc3mw0BFeUnV7oJgUtJf2IP47GZp3BnJLFL9uW+Buwlf1Bx8ZKfalzMrmg/vJedvHz684PXHlNtTNfrMNeG6FicxYd+SuPoR/4o+vTAYwSFGW9Mj8SIl+tTKZlgjUUUI3UnfOb2Zy25RY9ePfYgBsOimjd3Gd4sAKVtvBrHbLZDSC2Fx+KVuc9EGK/I+WV8pcKFy94EuKpxJsNHsUR9imsI0iHU5qTlwChN7u6kbUloMFmv1vF8jj7xmK84/cRFFCLz1rBxLJ5tjbU7Xoqju2i/fhA6BLSOcRyujtKtwzNNuVIAG7guaKoUSa1tB8gkLPOyTL14BGwVnYPyyR+vea5jJppAwYu1z/UIYPzRKynBxmiJA1TwUGXTVPRggRUYBCiAf+eo+F+RL4A62XDOCe5aaiXdTthj3z3Orq55j3GADfaYNOPo0VEkYa93s9eSyPY6d1vlyhU5vpo6dxAfY5q5PuTmUAl9yd52K3A0oBkOS+sflg/BWPsQWM89AaT8XoYBdmDwUZ9ZybTNMAf7r5f04bwiwo/cIvZ4lMkxbaeo5ldYxzQxe22wUfKlaFDUv7SRehjYdwoDzcg9jz+TZ8J1YmFtrKbcrB4ATPTLO2OExaGCfOCpmtGQo9wvkzZXKb4eNwJRKdPUhKg8+JIhKs411whHHkGOpxGR1e/iraGM8vIzi23peZZ7aHdU+4HsVYoGl+slOlyzLZC6BLpA/iEJQGhfqLJkgYiXqbE2jOFfdPALnYDrMrlXJJZTFbkPuutZmWZlnbhYn5Jl31CZrqEPT+f56SGwjCv4e/nx/NA8MbzZoSxtct5nBFCtF+98vGdUG3gTD7iNNkM1GsA6p6Jr44xKG7DcDjAFBn7ITai9G65x89UY2hQXf1almCwE2IIN2x4TfD0ZTfNzVzTNOANdL6R5kA5QKxvIzkE9hDbdCKxvRglaGciCOTEfprpMgumLbP0nXIdL67tseF65nSpAb2RHrpsrXBgu2t4FpjANnm3wEXh6Fj2pc/J4a3C0X938xWImbEdK/NU8v+QEjOifWUTJX9eUWEV9J5oM6XbLGa3I8bNnQnhep8gumZltNZfrYppvADPT7PovQBlD4yac+H++C1D7XV8vpGsXYBXU/ywXYJrd0AVoD2TBPFyAtba4frXIwig97F24lgvQDOV3AZ5TkWyPK5A73nJOw65Ae25bzebLvQRBCL1OzEQZt9dchy81THYVG10Q6j2F+jxLrtcCSwNsYIFNPsd05CRGKVhgt99rFTt0jbstQ6iLpQCi8lm599cZKt54Ssp3K7zVQMXn0MoRGwKwzUOqogK9Rd5Hdefn89TmIxXOqudZ9U0uzG0zXGtxz+Wj2oJvZMrx9dRVbafIN8gMPjgL9zBDd1/UqGmb7YyCDyVskKDTTdwPfrZdGGAHlR/4iFc6EgiNFP83Uhw/sJ1ifrwWWrrO0r+uk2tXpljDVA2/bGNiWZIVKnQXoVs/fXIbapWhRt8KuYH9G+fFmDfgOkHaPWqTx9O1w1PfZO9JSkkGqkJorM3LT8XVSMttKjHJwGMFt1V+KYFP9FuMlWHSuVQpQpdBLCCTFIsU2Bnf+jew7Wc59kyJpw3ban4U7ghw3rPL44MhLpLUxoMlutqHg8ox3T8Y4qcr4wxd0haL2nBZ9N1kMon+lhS5cgS9/lPcxTTc1HnuGJ/PC+W4oawm8qsU3xJm3rvkAjaRCCQSrRZuo7s00RV4Zs/OMJO3GlyzbfMrX44P2NNkSdRZongsXhvJTJtLP07RDtbxDtRRbSt8MBzpJjjQ1ZW8depd4SeuukRKrqQ1RvleFkghMx1R/OSZ92YgspFbzjzOztfxueelO4gNrMDjZz35V2vt6Xoqcf/qkTeBwPW3LH/zhQ2XMLENLvaHbdM6MpUB69myWE5b8pPVushUNQbRkyrEOcOEZP7lZ7A9XWn+DKtVzKEjkNew4h+Pt59OkolUsyBuToXkHkQUY6mrl8xzk9eWOInOM6K9uaqHXmpanKEOOGdXVTgamigOW1YyAZ6GQGSBB4aZfiQmNTZZnoBvoKJGSfThLM8/cMo8sY98wMSaz+Plh5HZBtqfqcqrhDwpzPbDRN6cYB/DNuCsvosyzdVlTsSh5A2ienrMQps5l30TE65P2CXs7iHDhmf8DH4YOF24U/KEZXjxIGQSBtJNUmC2LqwVOBgHpSvNKy51TrjcgRPG4XCCWS35rbeIvAQMNT9AMxP2937fUWpJV9Oih9PV/PC/yzzDg3B4QC7TC1VmYtgKX9jAIU6YzlJagaO/8M8N3TkZDJSMgi9+nUSNEDyeY5rGIp4Cbwy4gkqZD2/vySOs4Xbv/QcLxJrUYIcbHDjywK+cp8mDb/7lg51+RC68Dxr7/I4Wvvr2nnQIkx4wt414VI/UkvW2DeVX6SVrdF/9PEvL5Ty+UlS/QfEpSNZKX6m1T+KITZeywoxBE8PsKNFpkcQfa6NoY5EqFmu/OZQArjPY7FFlybCKPVwc1jSG2T+M/o6L+HVvA6zcMxfcT6+embTAF7nSkSsRe4I/uXKj1ds2uPVEczM3jGVmYMzAPQc+HPm0GoNFeoYEdQyYXdpkA6hgHtbiVhumEsnWGRT8CdFvA97kdYp1DZuzhi4p4JtSEtTmMUK7Mm24mjxXCB5ivVANMPM0B2RRS+Qsj/XZoBwjp5brC+NyJYtu822VpoAj1s82YY+xybmHGTaHgP+u5yuhtjpXUFHkxahvE1E1w7kw/SsTY4t1zEdzOnyjXGKZZDrnHbOu4FotK+7IWLjo9JJGkMt9jmw11qA5c8YRdV1a5Ev2rgdUtJHxvMy5SBoDbRggtjy8F3GpinEjyCSNeom8gMknFYu1EHDy3zmBFsJulp7ZJbTJnIjHlgjasHk9GRKYptreZy11zGn+6PSBXtL7e//GW7lfJvOzCfx08G97B9dOkvvz2dabCrmNyFL2M+pin2aELjdEzCX3rak0ogqGmIDTFuyVrxrEWuUgjrEkAJPumNgIrCxAxEYrnW0txTBUeXNhhwiZ+COelFhR9hoA3RvZPwLXe5rOZklW/fmVsDzVXx+vuQZdMpBvwHQ0yJgjV6JCnQFEyD+3zG9Y3ydwUM/WmMJKyhuo5Ws2hbKpw4PTq2g6T4kbpB3BjeXUx1r9j1eSaBR1Pybr74p8qogqNWY9ZNL+IcLcxludCvtrvdsbfq/QYsPPNf5cOwFaDyOhFcqxRwxWTXYwvNwg7GQpUnEp6lImXAQOcfIuA1FxGK1vie47z/PzeXI4TeZjZLvfZW96E0lVGwk06JPiUEEN69FLWzWQv9DqbFpg9AGvtA+WM2Q2eJY1Jh0gcJqvMw0ABsegHomMwASfWpJiBbDaTWEYGiGbZpSuUvqHmBX0+rAeDepW9FiW3wQzVZzkDaH6LvuUxoP6pG2ZUD8fiJ6KtpUO0zSRpHSDuiQNHmaHT+PoA7Bp+2aIgw8a2FtivPEfYe1si41l0Ais6SXF50HVAZcDeZbvsv6kbNVmbTiBAsHwFnr6c3L1/sOIVKzCgC+Abg0DMed9qECae8ZzxSfNL/GjNV0gespHvrZsaynDjlfKkvWCKnAxeq2zKZOWco2WulIwEEbfn0wmgiCDSU0rgogrCt0H8wSBvNF5Y21lFQzWjqaD9HFc9IAlpysLMO8yDZmdQQD+jucxyL1Mewd12SSu2JUmmCL3lA/fZcMYd5qmPccFJ8aUesoPo7+/owv93d6we/bdHqER3K/LPMOdfnvvL+nsPFndez9ZFmlOhfz+56Auj4/e7f0K62vOWVktxWtggFUNm1mhmjX7UdEZoD9HDOdBvf6v30dH0f/4H0K3/ifM/uigOf9haJXbvrXQ7cOWuZeruFiVfwEivH8PmYh7POq7rL+OQrNRJmNTcx1o2RTEgnxh1e4besF5+SF4+xFxQ+nIogVYq+HJs3eZ4U1K9i0YduKy6Xw94yNl8l3QbWxliR1Gagq7gj3QG7kylbM7XZ0+AJoMPeY/8kCWIwTIcAWnI5Ufr2QaQ8kSO4++21OCH0oc7/Ym0Yn14zA0pw5YIaB9P7TvSIwbAnLRMClXWXUJwlkuzmBATn2gPWgoMRSh2xrNE+HAN5aBOLk2DOtV5xxtB/cGIDEMm57X1lxb/zTfZT9mjqqxbU3jJ9oBS+NsVyyiD1jn5GT8n79Mxofv5W8qawL//HogG1DhJ+CAnTTkA5nB4G5BOo7xrtKVbtUlrh0Gh+na2CGHtGI0R+OwZCjeYEbg3i+/3JOZkgYX/s0lfGHOSQkPkQzem9wbZvGq9DfLV6qfsT3W0HnO4vJCdXRYn3Q5108H9fuyimVscZLQJDLLsVVqGHP15PWTVz8/eYz5xS9h62WqMtO/y6+/wmyHqy7lY9ZTwrlaIc9FVGdvBH9RCCb8OZBpy9bzOXeQZvzfuOT/kjWC/8RaYKvhfaNwlWZqggnPD6eaF/KHcNzDu07P4BsFBC7dy13OE/VHni+H97uMpx/jc5knIQaaefifrK2Gm67CfQ8bIBJmUAgPUIa4Smxm1XG3ZWx/+UV39ssv0f+KmKO+hjl/HuNP20/4szrt2N11TrhIZnDWYbTt56y6qpDPYZy+WigpZz5g/x+ACH1MyNSsbsAP+Xz2erAgaRR+qs411YMHKhe/yz6YGoWDryTUFLzL/nilTBSj6iT1wEP5S21GVA78LD3TaG82n26J/LeyptDlT6UGZmySzLPop5ePT948GWgFIxMVa1agz3dZ+TFdLtm2jhoyJTsMUy6RAUWKHp6hEmByzSbIYTFpVIpt7b2xA2qM2B/4RmwNr61WbwNWM6T2WtvXfkWOVNvU8d+v7BG7Lth1L0haqjj/e+dg2KJEkt8Yw12oB9Ug0h9tXEGB20bmt80N8Tdao0i1LWsVqbZpzSLVBtMV/xpGqn1h2HCTNY5U267WkWob3hGeH3i/7HcPjuv1Z5xvew3eP/CYCvI5Hhd9vgbjPn2fx0z7rmarPuWjPDsDTrMzp0xXwUv1XSV2nUtUY8qcnHKMOCyBUrya+sBj0CyZiSLB3IpGc7mb90d54ddeayQ3ebmRVf1Gn9DvHiLiQp2xvfrW5ziRlgdOVOhCgtaPGj+yMtxKl4BXEDq7W7+sT7W9QS1LKmNHf//1q/F4/JUpWfgwqqRonkjK6E/HX31MMxjnERkwXkl/ppDpVzYv1uAVpkDsgY3MYGIFdpdmuIDxNB5TlVGglct0XF4B77Q45L9hWbBBY/yQe8izVZGjQ9v4PMkmyDeertP5jPv7pCb/6Why/N0Ei5Dbl9OUS0JOgN/k5YijXfFQPcJU1F8J9qnfNNCS1SnWqs/OywlcYQiVeodf4enCsWCaai6yGwVeA1cPo78kpxd5/pF+veS/1WawXxie1NSKSScQTCuHQaaHAJIuxvJW7SVSUVTAar2AETAPo0OeqkItM/FXyac0uRR00Agzjj4dW3+ewm7jv8+LfL18GHWBRWYjuyAXovr3uAb8KBIU418Vjr1OVn9k8NM7KCb82f0expfQu8v5uojnrg3lTYK/1vO4cLz4VcQWx4fRCwVevBo+WVAaW6VCrdPHe/bpOJ4vL2KulVYtOtdZ4K2bc+lcucSYoe+DjoVovlyasAlZMGoz4LjkABHgYyrVUhuVUUmPoHzKrPqnViQ/lUEtEspAb7Et7UKHRXsq9M/NuCHEJF29Xa5ONgRztVhV+cgWJg512qmsM0XQa0o8r10v5ZygNS0/R+5upg2OylUNPd1XZD4vUDoTo3dTDFjEV9ANWY3WmdWfGMxrbz9X4WkPbbc7RZGn+WKxBtp7dUikEaO08qI8nKEkeFim5+O4gP1fJSS7YD79MS0kY5+Mxew3Gslbbp3G9Ugnc8D24AmVEn+Wwd3sAnu+Jqjif6Ot4bxTYlYzHpBd+4PQBPAkUvuEKiyTFSebLXPYDEFwpK14By7SVWlUTKtG0N8jurWInV9ihrWGU+3TDN5ZJPNHgNU3vFdUBWeMm+C1W+16kQ4uRF1dHVvbSWtew3eVswefcZakFQbq5HWfn86OqrDs1kwomt1kzSoTVq9VS723UUEufZqkhfHHaHKNnXH0lUFbSPHHJFmWhBMUSWSK4bUfPD1eZmpYW722sbN9Spxpo5cXvtx1+6dt/HZzqt0SkQQqKFWxkM/8MoMzrG4i6fa0DTesrvpUAQ2O17lc449TQRrzs87GOGC5F3GnyN6TnKEVtRRewbV0KWp9YuJZDamm6hCeaQ3mlm9FM2Yb2LtG742jz9qudTMmfRnM/BSSgjkD6vUqXEv5ti7i6UfOGaAvHYOQPZoPFVajlkzi827KEAOq9CSmGKbGwv7UYaW/KzhyryQFsiSMqemwZskUCy03YDS9iLPz/qh2jGPfOwF4Xv2YTZO9NkpGwblKMBrpTFVZPs6XHOLGlZLouUlQEE8pJJPn4QP2XkVhk6mptwrU7+H7dSI+iV7r0Ce6n8mhoAdIr5NpoS4gFvuex8uyxzmkP25nLB33vKRH3AUM53G5OuHj8ybtvly4VcBZ+zICrAOGR2moVLRxP1nDdglog/3VrxYlkDo/V7mgkekbY3ztLuDi0mNxa2qzaqil70uVWaVduVQflYRTlvBa6LtPJklTViA63h4WPsrYPgI8prPleNyheLOnuYUm1q0UbOeVbkcNSH5LVT2g9ZNbEUgbYZloSJ59lM/Xi0xrbCpIS8d2tpbkLiUF+E8xSlEkbLciJ4owHQulZIom2uKlvse+YW4LRaRYjXJyruDKEJipaL5+1cs3QfUSVC9B9RJUL0H1ElQvQfUSVC8ecwuqF9OC6iWoXoLqpasF1UtQvQTVS9c0g+rlH1j1orQsyiVoMyXLtnoVa+P6NCzqvaATCTqRoBMJOpGgEwk6kaATCToRuwWdSNCJBJ2I66OgE+luQSdiRg06kfZpfqE6EX3HtvNu/feC9bmDf+PjJlyX7EeblITtRb7CcDdTA3kBhCwGkYayh7Ji4n7zw05sCYF3dyfwLkTcqT9vNuKOHrpC7Txi7PqD676641F1ikBxHxTvbF3j9lJRARh8t4KeMugpg56yQ0/Zq6DsVbN1KyWEIr2mlCF5sQlf9gyvbUk6grUI4f9lPlIsTv2L5YD27PH8udLXpKUmeFysKFHlia03/HSLqrIpp5K0GUVmN0R5wPwf5WVbrFftaSDcqh0awNRl6lD/VMBZ/6SqtJtX4Sq8+6LthKr2hqQu8x4l4Th58bhL3eFU3/lqak4cMxWSpJ5Ui20xFcaqXh+TqxHnbsuk6Ke87BDG5lwljDNyWvl1umDjo5iDnlyybgUiOKrc8rx+/EGrV/WSRQJxi5/OOqJewqmCmvf0e1RvehesejK0T/dKqQ8M+HqRLiU3eqKKVzs2gBvViNbdM4Y+zUYoi+F/nnxOVR6/x3lSwq/0y9bw4antCjqSyYkzfXGSaZPvSaCgSvpqSMLbcKPBH7xUN0aowhuldK+qQmV5NqaaeK39C/TgHzbwNhxKhuHa8KpQLaDDHJltdCHgjJ4iNqVTtyomKc4TFGemF6699Kg97qm38kte2JVHEAC66FxRnyJojOek85naL6cCx6Hj6VvY4CXRLfTMkZFtSPa13t3xO2bWnPgKkeoYmLp5RNj6KyBTihzGicojZT8TTaPVTedASxwAdxQ+xRtL6k5ynRQcs35Lj6LLi7zka0ezDXvwrz3KvNoxkH1M955i2Tqx2lYPn74cKRvqHj3bmwy+2D00dB0PK+iD+Tsd2OOwTfpYJcV6cGgsB5ISP4mnF20KQAWb40jV4LYMm1SB01Kbo6S80iL31gbxV8mZlQnNmJQ2sWe77DWbWmoUNDuJnaeNxmWd6bHL9FtkeqnDsCRuHnYGo2LrBMxmFgYP28JWCeM67AS7zRRnKT3dJ1hbMVVeaPVvPnZkc1UcAdpM8Q+HLwpquSgBNJ1bbWUdIIu1o+nY9NUBg5bdaN+HcV009hLtWUc/SLhn3wdbvM9PpVDNLuT7POPLu49Gmxf1XKRIq5lGu2fEppT1kRpRD0gaQly70Rlqaf3k5VO3EZUvWGJTeMabUGa0vZrc5i5DsK+48AytuVR7m7Rjes0m4TtmfUZVGupzxROGeJAc82t2M8t0VEyR10tVrJqy3/MJNKMppwcWGphKovKNasRIpet1qZSENF3ssHNwfAt3hI+q9E63O1WtdaXR9LVS994VUgp7e/XFxXoRc1ldSkOqq6AD8LCSKOUuXVHx4/g0X7N8b7avZ4eUYfHKiFSbLthdntp3vcxKUv1nbZZQeHJPvA/M6qimV5cSttqpcEdTQgxc8PQiRz65kTXWJvFY0gTNelilJzpfxzDwKoF/kFXEE7CiRd4OuGXyKcHaeNuCV/VjleTOsDwQFXuAOyUGIeIsNRVqX/FWTPNZMopKtm/AdVqQFC+1vNm3CW7DZJbCqXGUceLSFyslWmgKnq7WPCIp2aYrUxJp3gky3tXXaj0M7+c/vX6DwCaND4ooRHf4Evv9Dxi1sPkOtFyeHfA3DoMV9B0pm9ibAu1BNJ2RKiG38bzohS2xgmx4MDFDke1zhVud4nHMJwlXtKH6yB7n7nmcXUUT3euExtECZcLHC+7PDHe8yMvSkpjm6Ucg4p+AsCHZG0WnazxG0xgrnZiM8oYv6JyEcbw7W8+j/TJJokkG+DzhbTLTKw+kAvBpOkeUYi89lWeai6KAXAMk4FpyMPN0Wh9hv7tjqhUD96ckE56kh/lqfgBLOUO+kznCc/O7qkibl21iWJFMYa+xjoriIX34NXUlp9nqu2861iklPvu54C81zEkG/cdILRP8D4L/QfA/CP4Hwf/gH8j/oLHUqcbgDtkneCy0tuCxEDwWgsdC8FhwjhI8FtSz4LEQPBaCx0LwWPDhuoLHgtWCx0IUPBZUCx4L9hjBYyF4LASPhWoLHgtdswoeCy0teCy0wTl4LASPheCxEDwWgsfCBh4L15WR1d8dwdqtyoUaXAmCK0FwJQiuBMGVILgSdHBawZUguBJ4Tj+4EmwBneBKEFwJgitB9+yCK0GjBVeC4EqgWnAlCK4EwZXghl0JxnCUgYJM03lwM+AW3AwqLbgZBDeDWgtuBl+6m0FwMaAWXAyCi0FwMehgtZsXe+trwRNhx54Ikaov0rM8eYurN3A1U1wDER4xQyn7UjybwaRJOzBDSb1NhMIT1lgV3G5CPHQF1J+P/0jDilF8qD3IxV03lthJIizW29LEG0mAFfEVdri6qgqj3nV8/oyE0GZA0WBKhMLqTAo8jUB2myerzoJ+/jYlw+RrzY5ippD7QJodI+OwEqztJjRNYSSlrA56+tsYhfz5/sYKe8wIzZ6NRemaJANsm0kHA8WDbcQAbEMqeXmZBHpEAmxD9k5LAqgMvC4pARvtlrCyyDIiNytrdX24iD8r/dSD+7/97nfbgs/nUjJtkKmx7faqkDrj1GXdZNrUanAVS8chA3oaoz5qvewD7Q/EXyFbPAU+Jz1rHyjVRBQuxuP7zBDRtBp8zNvP7ycty4Eevh/V5oquOmuibNr1rKvRjQTwIFKoquG16V/UWnzOVftlbdoizdLFevEwOurFnPa73TS3bIptCLoUSjCSKyNGIn5exAtYFgiYuvRgYR+/1SDB1o01L4t8tp6SJHZmBNv65YknlnVXKOWxr4tiwEHWWiRxRpWNeTpKZnWbavFDJTFXLEfJZrIytjeqH+tGiC0RpJ/SbOTaj80iUcdH93uQ0aeK4TJeoQ/hw+i/3p6M/zMe/+39vvxxNP7+l9HD919b/3x/8Id/2ZYoukVTbBuLp06A94iu2PpKjI6jPRxuz/0KzcX9jsxlW1C6pGlsFUBel9hcvTaPv/PCtf23jFGAbGP562v108Ef9t9NnM8Pvj6Elyw8ff92bJB08v7rgz9Yzw62RNl+1wUvYZhfFTan8zkT3M7HnfI0P+6QqbH1+kjALj4lMQR4n27dzSAnCjSFf0yuOg67Y7pd/hiLFitp58KGOe2HsprprstqhiKa9SKaO62eSb80SmZ21cmU4pgXeUHlea0h+EG9auZXPqUyB0WqKMuj3OjlenqB5c5fJlRz9/AlohT2XflHMjtUqpPDH0Aa1NopK3xFRIrlRVyqDWYMeGn90iD011nmUy3VGb9ShlCVSguhKiFU5QsNVfGOTxkYlPIiWV3mxccm/9RKbTJ+G88k3JASEjhUBQ/wZRR6CTfFNlr4SkeWGyCCBy1TWtnJb2lRGs9Gt3O/7QP13TffPGh/z1LYOJnZbi3MMp/52CDeUBZjBnuB2lo5aZcXKdxuL/OZesoah3g+z6dtp0cG7dWsT9NZ8Ufo46NDgO71B/eXLR3cvlsqGlszdcC/UxwRdu1xvojTDi1YZR/4RfZwxGtWvu+Iq+gBgPp46/2XjqKfn74M+9/W/XBnaxFjXs7jLHkiV1m/J17jk7q2XN+K5JW5ylvmLNcUbp+xd0rfwGxD50NJ7UVe+lBYxDF8ld13M8EtRT1Lpp5onWKRbyOUX/oR+zeKdm86jW0JczfWjQlGLT/jfDfFsFfJ2SbxoLUuJOYpX4o3ZZEAW5ZgoD4FgilZeqz14lXn7It8Pms7RMxnGNvv0hKg2LVUkJPmQa/E7XwItl6uoFUMaYUJ4oOIGsbdnJbc4YvSg5ykJSdZbwt25OkZT4L4bYZ7mkyTiqxDxqAknsmPyGIWiTwbMR/tpJpGJkIzCwzxiQL3/vfrH18c/ikXbT+ackv2nKC4lJGWhIVpfE1eB4s4S8+AGZ9IbwDPt/ffd7FFaJUTvS0Z5djZQUQFhW0pm7sj3SPRMZoosDuywEtawir+SLQmFtEE/Zu6rpQ9xFtrmn9HQvXrXrTPgSl7+M89noYWCu1QBDMdNk8W6fk5GmU6hiNyjez/Aemsz6Ist7qgjnGfhN+cNaYHUIS5VWHQMRSwosnn6D7HRkCnAKUD8bcvr+D7z2TnxMCmjB34YHUX8ackKnO06Cfz+ZiFgll0SeGOHeOoLeLgwGVcrJwiuMDBfWi642X8zsufK1E0rtN7a/KdJyS642P8IPGiEjYzGBJGk43AmOXTEuGA7hzlYf4JL8vk8hAZSFTXIjKOedfLQ1INHv6G/rPpwlnDueXqqZPbAwGOXh5uAgF1kfrfXZ1weF2/nJWCDc68YoVIk2ZR20U8Y3IcZ51G3Ws+OwhncnuYXo2FLRnH2WysnVmn7ex9D2DX6VbE5aenj2/zRMHsNzhQOwsBhdUUMQyypl3bkMdsdMIKxU14S5uTbGO/6rxldWhhLKdK5Z1FZQxMjxo5cJqB0wycZuA0A6cZOM3AaQZOcyhgA6dZa0M4zSUGoLXArwI7fsmKPKNUIMuCrj7Lb0hMG8C+IVvRvlt2djkKj5zPI7Qsx2WZTzHecibLarHM8DpO83yexFUPuC2zAwxJCXCjeQDEPFTxR592KWhDEgDTQhKAWgtJADZdcEgC0A7YUGtAt5AIICQCCIkAbrvWgG1Uf4o+8/Ec3UMHOH9YX2nuKDWaIe3H0TLni7iE3UgQw3QfQzjYuk9APOvLHtZ43zllTjMKbw2b1BngKYhz7D3VQiV8s1j6nNgf7LHIYbLpHW3zpTK3aMaTa0fepyvyqbosK3IKHAGLZl/kl0Dz4UjXerSU1lPLPQPIb7nEFLV0tDfhd+MVy8/dblxDsoN6+WtVNsCMzzaBsyIhLf1CZQS1XmighGk1Nb9S6EeL9PyCHKUik7faTVocUUc2mnvdB/YHyEImxcKcCuRgKpvcvTgMQEiJpybMw+WcXtUOleIU3KtrP1q9q6+sqnoQxTd8nrIurLokJUCjYnjaqrvWvt4dO9hFI1onKoM/75IL+o9+tQclASSljkYvJCPAWbwCMRNmCZuyoIgCzDwo8lNLxySQck5YlcsEOSiyPOhpfQIetiiQ7ePxuxbferxk6q86ZATvtQs/ejNLX+Uf4aKS+GQLx9spmRUFjhEayyJZdfiNO+BUN0b2X28tX5g8mZXwfPu99iU4kbr9dO4iXZBOO0LxLXa+IHm3ZbZUuSGxLqtdZgaiAKhNsJQ+rLvEKjGHHyKbrfR6U5F72sjik8n5RIV0jaJX6yyjP94QmSa5fxRxHFeUrKYDkOzLL8EkI+2w7tKXHmDH6L1JgF0FjYdE21mfPbbmR8oPkvMUOcVU2Kggxgs30+QoSz6jnRsoSmmzBSF2L8Tuhdi9ELtHLcTudfQaYvf+CWK3QuzeP/f+h9i9ELsXYvdC7J604FEdPKpNCx7VAofgUe0HieBRHTyqg0d18Ki+Mx7VIXYvcJqB0wycptUCpxk4zcBpBk4TW+A07RY4zVr7J4zdg2f5Mp/nveWSW9GAblFAv3hZrufiOZfoHus+Hm3Y8eLHN08eop9wWmoNNMIoycgvzlr0G+m1jbdMYmKXz9GAcDaPmTecrtJP+APnZZ+paaGhtORq4//eCmY06UuH8OdFen4BTAEWPClSZPXiOTv24Q1P4RjpSnxuy5U4p6A5P0U2Dt9vs0j1lFnDgBlfC5l1rwmgHuHninEEQJD3UtLhqUhLFshuxKL0ewi7/IPxyamgjfb2dht++uGHrd0ToXNazgI9qi/lwaT/HXP5OMUP68gltR/WWl0FOk6Av19nEi+JN4413iIpEHctq1iBZZNy8hkzb2ofFBsHKu5U9VYtSy4HAh2qzgi7iRNuDWXQjuYg+Szn7kJP+iKdqQL2FRyFgZ8zzLi+VTeQfIratdRl6HxxkIM/Ny/TLrYhlZ8qcxZj1jrTCoBZ9DG5EukNgwPQW1JhQ1zTN3C4Zc9oVEoMqZl4jK3gSiB5jnqmnS8SWCJcUFY8lHaERJJzReZ2mHTPUH9dJ8UVEXHs1QTtknGYgrspjI6qWlLkbuftVW01XqKdlcBowvE5sAjATxkAO3vujYXgZtfd6Gp3CL2ec0iJOMNhtRfaDgmXI8SpcSd5cR6jdyC9p2pe/K0PsfapGgVvdYJlWg/0fsIcAIXiFXlt4KOc64wVCQaIslukxQr1npdZjwuKtfiBqMJ7uz2WeLwki3eghf8+q77U/ZStF6cYe3xWo9wYn+iE2VOm90xvMFo+nY8aN5lWs5XCWTA9UkHiZvBXMi0nwYaLAUu6wm2wXiD+WRUQrZkb9IhmeVJWGSx1edXqzrkW+hekPEa7FJ9jWM9KtGptVx1Oax5PP5Ydg4nejSGnfJTT8wzJdfdE+l02sPVXJOzBN4QcbM/JGRD9bQQ+u58IyBpOnxTj/Ltie0Tjqti5nPZvASwLReQilJHV6aoGV92Bs7TAfeHQ7kxxWOi7Ps+vFm1Outz8Ei700NxP3goH5MT/rElLXW/uEH9654ASMPS2zbZJF005DS5eFtspZJp4DrkSKBoRX+FvmXJ0dO8h5Hkx7Ly1j83OepLG5odsrsHSS7gDLTjjoAzCpjoXQ+/1eQIOuaaf15egZN2ab6/ZMBA+QfCjuAm2EVFugrPKfqm1uMU71Vghzr3I56UWnYFljJuzVDfBJSrPAd5nyfRqOk9qH9p6C1dglWl+zL5TTjZtGLskneqb1JKuG8tnGUaxTUbKbtuLPk6lmtqGmSUrrsXgLs8vUdmK2uWqXiaW24JVjKaTD8qFDfWkE+rrQ/9lis2be+2Xy7kN3bZNZfTGrvbv1PWJ6+5xfY8FNm9JWF7fQGDh5r3x3IZuK03uRiVkbjcoJ3O7LmmZ23XJzNw8JWduPvIztzuNlDclV3O7Mema2xAZW8Cxe0mb2wDc8n6125Zs2lCcUC4LnI0u/SsK0KZsuxYWOzk9HwbBkswJqYjIUca85pClxZO0sG4gcqNNuHfQ/QQDxoUbho9wmSMMDT+YYFjiFGPPNaME8zqnEUlgZpaC0r8kyNJ8ThfrRTSnStTuUuDYtB6Co3su4vKCjtF54s4QKF/7EoB+NQy3oejQrZKpcOhwCPLsXJyZVsKB96NCp56myaJ7a2mi/RnH/8ls/pYU+YEHn9GmwKHsb3JzIkKurqJ9yrylcxSsV3k5jYEgHbDhD1mkMlXZXphRQwkC19A7CRVqTfDog56fzoVbv+aFW18Jcmxj5tydb2TuIzlA99gdXObsxBUD1D79sVJ2dNicfQt/h3SxrUsO6WJDutiQLtZ/wSFdbDtgQ7pY3UK62JAuNqSLvUvpYkO+1ZBvNeRbpRbyraYh32rItxryrYZ8q9JCvtUvLd9q1RVB7iH5ccQiqGLarNSgKKGuK6EvcaUn+dlOe4pOCtq5xVZPchbTlq8b4LzbKVrvaCLbFk83KwhJfB/MnvftXFWBzFP5ufJbAzAqTe0pLOyYkXiDLLVDEtOqDkIq2ZBKNqSSDalkqcWsGSJNzZ/iVgG3n9todGI5fZp717Y8wZEF2j9fz8SkkSBishZeawyUzsp81xoNxuGXnfpmUl8iQUQH7jWNwET3vjWfjY1bPNeT2vpVHgiJJRWtYFy7TarNshnl2ucGiJsNW4oO3UR/oTt/swMtZ6UzK58GZu9Ac8InzAI5j0mdbFa1r4xeBbq5Af9eRud5Pjvgy5a8f4gaYZ9Vh9B7pdUNukR3K0qf1lTFJcVaZPdWUfIZPhxhoKuSrlbiUwAwXrt1x4Bj+QrO7B9zmKmt0LLGIQTT/wKkZ8/hBwVH2V5VtFm2W1XbFneqJxbx52fkffIwenD8XddLaaZeOu54ZRmv8JJ8GP3X/tt4/Lej8ffv99+O5a+v1U8Hf9h/N3E+P/j6EF7af3sy/k/57e1Y//3L5P3XB3+wnh38y3XoeyvoOFRlAwB9Sic9avGkcPkhVOLsESkp2B6d6FodD5xzbPbFI0OPdZVzSPzd3mtI/P1PkPg5JP7+597/kPg7JP4Oib9D4m9pIR1jSMdoWkjHKHAI6Rj9IBHSMYZ0jCEdY0jHeGfSMYbE34HTDJxm4DStFjjNwGkGTjNwmtgCp2m3wGnWWkj83b2UkPg7JP5uTfyNo73YxSVV7cnOvVa5unpX2ZvpTjxcMnso9keWwNsyYTeXlML70ShuMoc15qMTXDrYvCj6mVNTwatwKjA2i759/OL18fH9B6/XpxLFwhxpeyeW48r9bx+0v9LntmKcVrRPyh8etnqt/OGh5bfS/s7B1+3OKF9oqngOa/qPJJ6vLh5dJNMW35DWCbqTxjd6VaF5msiNolla6pxfePcVIN07+rRSvNj9VnxTWhMC6vxDHgDzAxo2XoU7dc6wxDlC/GWWFMUWt63Y5HRQyW3UjbOKi/NkZYWq9Yz49IwjIR5GL/K2kZTDm4zj058QEpVP5+BhdOLRM65VUx4SOkn+bo1TqjTZb4sbqCQV5Bm1TcAaipJbZBgZvsF60SmxY42YEcokLGDfTNWz5mlIzcK4i6P3DHiK/g8IrA+MLB/ovkC/SDxE7SulZaYqSilWvrHuVEF90YyqAXX+Kbug0TozI3ADOeLHFr2k3cbeOYfMuzvPGX+CwcHrgjJSFAlnVBDYkZ5E5fTC0wlHLYerbe+5BYU9k5SBU9KRO2fPoHsqe92eypsYSXfubaqw7gC2cV6MGSIPCS0cH2MA/msgGKv1EgNi8nWHu4Zqw6DY7N26ACg6kbJccVo0SieDNKyJvT3DrHLtsG1oZbRWe8EktJqG9AXMDDYTPXsN1egb5qLI1+eYU/MDJYd9Karop491htieHpBpNcFLyUrr5SzH8wXw1obj4mRylMW5Lz/b2PJ3rqnSKQ+A7SGuYp+ifal1Qk70mir0JT0bV31AaEDoGYgYhsHschzZzJtYkhlK56jVkWW6974dtv1Ij4+QJ1073LFVgxvkKl8D6S8vKNuFsES2ODbS54X12SpXDOtsj3zoeC+RtAjdGylss0tq0NJ9q3HJprceBXawiVWIs3Rn3VHuveezfhbnCSbS0T5WI8aqM7ijk9nIwYyKbqNnPOYDEARZcqnkOR0ApdZulxCi7BXwPyh8n1UgJRKZSvXe6mtot9iaJtst5uknTAq9XiEltUKB3FmWBPyeyWn7zHB2284kZ7cByXB7THWd8/PKmXsTJjy73Z45z263adqz2w2b+ex2gyY/u92U+c9uG5kCK7DyP6zdJkK7DT+nQ0yHdrtlM6LdBkDRJxf0JlAcYna0282aIO02EGgOra/dNoPcIJOl3W7UfGm3AdDzMmvabTgMr8vcabc7avq024BN6TSJ2m34RgwwldrtRs2mdvOGmHey/SGmVbtpDcYjR25muw3bnJbuTeC5KR5VC4gm3kdnWesZQiV1jUkVVIus1+NTrZBK+DPlpFycquo+cc8waNmcxvPox1dweifJRI5wy+y5Vg1LbmpKZh7OYXrj37ANPR4/NfbADiGLWU9laTmupASGqrJHJV5WrFvrHcyq9od9K03URIoBKn7X1uBcxJihP9EmlXOQEV2aYBmIQ/XJgxPkyoSSBUvGaFQCqswqbqzol/m9K6K4k8bazSP43W6DyqysfDSsm/TrSMpgt+tbm0/2f2yO7KrV1/xQujMjq928yXRfaCo3jZ+vMC53l/R4gM2hWr+izdRQMSaUti2hZxYoZrPkTTc2LhLH2Pupsu49oNkghpfozzNNZsRA4RUc2UaQvhP85HwS7b19MP4WhNsxi6Wc2IPuGBsEyiSnQKBzSvch3H58IEkVKU5aEaMHlnVAQ28fCGufmnj/tNYfmX6+benOrTDTrgjv3r5Fh4J/G/N/3r3vynHBbUCMtRPjb6M2/CPbmUHlHn/uKBjvGDNtvv2mRV1arb2oK64rJSlXXBeDNXq9uEYs9XqUqqQ+g9spcN81YqgXH+rFSwv14kO9+C+/XjwKC5xllLN3Ollp/y1v6VZnyMNE8VierJail/kRvMMXyxXXJ0BDIb1FEpuu4S7Xm2N4TC8BCHbGJeP0F3xNFR/Fr2smE5xEJ8aDABDiiKeCBOhKv0R6f3L3SVx1OxrW6hKTTM8cKOJx4AiaRZzufIesPhWjscoxRXa8yNcZayr4dhXQ17cLpF/U6mfRDLti8wTVn3CMTA4bDCRTau5oRGwqp8OQwUiQFapA/VvF5lATQVObp4tUyKprUHYLf9GyaFP8mniBD3g0p6s5jxiNxyI1fdh2A3/G1MZwKFaAizvex5aut9zOyzilrIykbYAHn2gEF0liJ7wZzQH5P+9dlq71RksPG+60x2b012b0h353PcZqiYPeYt2dpRcrDL6yZvsWX3TyqG0VFht5kmwUwbSN1VAEFfdgHIF7q3qTVsxSmp2jZnRlPCdkWF0Gg70o4unHsmMwMWMr5R3LtOl5hhxq90T8yjX6OE1+iosU2UtffNLv1xmeKQgg+QI5ngEym/KfWyJf40IxP8lFOYsP0YnrbxocnDxwplg1bY42HAOeW1Acyzx/lin0bJA48tR3IHoC9KvRVVo2cpn3KeAxxkO+th2NW9zwP7AC8IMv8Ibpec3gP8AF6aMT3aTwdXUUKwclO5Jw2gMNBZW63IYvXt+93mjcHqM5gJL7Paz5p830kxEH10jeaxRY4SZaKOkUPdBz8Tg6RfXIIv/EdhWixCDYWm5ZPqa5QcppP++C2kbYbjcKUXY+MyLD14UjTOM3WIJKFmyuWHVRSJCAdRPhO3aC/LrqyD55Cv28pjBQ1dSc/V8SdiTCultYKG6Zov4kQwwrPx1P0AOt4ugmBItc02gXR7rInLnVx6x6QZtUP0HCdhEXaC2fmToCxCS2TYZdAqY6eTxQndl6qjxKucI4l81L48aU+mt5Y2PLpC6qusxLLvesnK6ynEfo5UtMwyQvtuvBxfqUagJa9uYyPS8P6xM+PJ3np4ezo+ToQXz8zX34YzqbffvN98fffv8g+f6b4yQ5nn13+u3s++PZafzd4fLj+eG0mB1SlutfyA1pcp7/5tnx0XfjZ8fHPsakig1c6bPGkjh7TEsue6MVsPmbmnpKSfNLdMRu1oI0LPlzdbq9a/LPBT1gfT0vIGYBY3+COoxtgmDtfiK485HxJf9w/l3ROHGJ1bGnxPkvgOZR/cqVGMS7zmSVdz9LC+ToM4n/UoaBma4e3x0+13ExX5C1LTpbZ1O6/nd0A/vVQ+65/3r4f79d8hUKqjxnR2eaEyUtOXEx5Hav7SuVC62jE3W10S2VmJC+Fv6zHbhODt339r8rHPnuOXEfDtyf8x7CTd0Ip32HOGwv/rWPo96Kk/aaQS/nPGSPN+CUb5FD3oAzvgsc8d3ghHfIAd99zndrjreP03Vyg27O1pPj6+Zkh3KwjrkO41g/eSfCQq1+S5m+auaSjdK+oIsx9LYNEyVdNPMHGRMP+kSSU4PYnKlcM77C37KevqN7j+RDA9KCPDbcsKfiuPkhR3oqn+IWPttxkuQedS6G3utTtA65lp7Xl6ByMNVqzpgNW8YF4DjVS+TcpcgmwGLt/VJr6UvTw40jtbgX+bzUKZ2QHDdnqewulxjVBfA+S6ZX03lS+9BmQQ2FdE3GVwvryN9k2lCF2lQ5btVD8hrLZ9ZW89wmL1LLXvSrWBj+7IbD3hgobMrYBnd5fm7Bw0d9gG3B8R+mkw+qtALlHKC+PvipiLyVoZVS47veu0rnag9r9cutwOWymRTGQyf9HJlz3qGY/L+k0x+qRdQtf7C8QlM8gxO9IToknxK3oWC9jtxKssitMyw1TuUuTTw+GZe4baK2v/nsS9x2nYNJ93rDmZi43W4+Jr32m83KxO3GcjNx883QxM0/TxM3j2xN3IbkbKp+4Z3LYJPTfCtZnLhtmsuJ2xYZnbgNzevEbRMY31COJ243lOlJBts63xO3a836xO0Gcz/pAW8kA5Qa7cbyQDUH3CIbFLfNckJxu+7MUNwGkeLBWaK4bUJbrjFjFLcd5Y3idtPZo7jdZg4pbrvMJMVtiDxAMxiQVYrb7nJLcRvIzAzKM9UyY8/zg+2mc05xuxuZp7jdlfxT3G4xCxW3W8pFxe02MlJx2zovlUBv6EH3y1HFbdMzvmm+Km53KGsVt8Ew9vUxxbYpjDfNZsXt9nJacdsIpJ75rbhtA9eNc11xu7WMV9wGw3Zw9itum0L4JjJhcfsC8mFxG7xlXrmxuG26TRvmyeJ2a9myuA2Ep7dDLbdN82dxG5xFi9sm23gDGbW43VBeLW43kl2Lm1eoFLfNjtmN5tvidmNZt2S4m8i9xW2omD4kDxe3gRmruA0m7oMyc20+hmeWLm43s3LfYApuntm71MtDjolXJi9uAy8P35gMbENye3G7ZqvUNeb54naD2b643UDOL267zvwlve4m/xe3jbOAcRtw2r3PTH9eMG6D3VU8c4Q1/dlUojC9WV2uX/34d/M5uLgNuSe983HJ6xukTeJ2A+b3m83Txe0Gs3Vxu66cXdyuK3MXt0FXqU8WL253GilvKrsXtxvL8cVtSKYvAcfu831xG4Bb/rdTmr1Ce/9rTlS160vqeZqRl4rhuCQjFklTrCojMyswIspRTtlK+eD3DnEqHgv9m2N7DRxF+2oc7QxnpDbt24AMYJmjZap057LkRjo/mEsf5+OXf4abvxuYj85+6AYq4xVe0Oss/SvmJ5qhAhHE78Lhn/rGyxsf2xs78RERCLqwOCqqMWRpOaG3+OrfK0n73TvofjIBrnmqPXxwmaMoWU0PJtFTIBJxmRgzIXo20ohkIBRHTGGhlRvWnCTL/qwF2qmEVUcXcXlBJPGctE8785YelNiP22DMuN0kf9xuM9Uft6EJ/7gN20iv5H/cNtrFW0kEyO1W0gFyu8akgNwGbfKgBIHcNtnru5AsUKBzN1IGymR8t6o/fSC3oXvTnUqwEusGnCKQVfE7WkksWz+qd+YXbCoHvLMLRioAQmZz3K/uac86iO5RSrbEa351Fe2jA5COJIrXq7ycxoB6B8xhoRKBw5xViAgH4uECeiehUhoQMPpAdz2MGuAZyjy9AQNDkehNNYZODaMC5OE/iGboGJB8TkvaOCtGzMPniPwhs90mmLMUlDfg9GrikCiEUUEot7w2ASob6R4Zv5H1sbtCQIjCRjQZ+XS6LpAPSYVBMiGlJg4SiGsMWyjn83Xip90Yaj4C7vVp9sM8Pb/wNtR4B7BgGx7EYn81yBa0qY+ABQJjMWYOdoE3CVz4Z/zUwiK9lxfxcom+8JIWA6UFvHo83ZuxvbKdhVEfz12WKpzSYIDRpJKGnP02cFqfUvQ9QVfo1DMZHbZ8PksKG8Gi/XW5hhv8KhLrrcJRnSxKo/IBCi8U/yFiEJEWXsiQxXMeDxC4zpMM+p5H+8h8I/InzIPYMD8YtRkayGgwv4yvfB0r8JSkeQFMC8ZVyBLpeolm+WVmH1gyyKgRc//QQ2zPLbwSToWCCtAj9iz9DEOrKxV9DmDMKSwZ7jB/B5Un7ID7kLWhdKdJbDsMcv/oX0d1/LGT+ZLgVWpzC7w+xPOTiRQ5FGvOZQBsTBDlqG6uI56NEQqZSWNPOgW2VMIK1Ih+9iVs+CkzCvF0lX6yoXKvtJgHX+BvHUw2UFGMuwad/7ScXWNoyCseJFrTKBKdzCkYykn0UmgC0ajUD1Ua3OVruW/foBPI79WIvKzruN8YzV/mgC5e0Zn8zWYXiT2WVoQgyi35J1JtSaKIJtsN+C5Krith9Y16hM430iakUgAvfxLxM4UIWPqmvVfAo+SLUbT3IrlMytUe/PUjXATwl3enf+EwYiNNYGZutDiOVPYwkuEe2/AAUm4RIlH0eY6YAKH0Zzh4gd6vMxi8X2dYDXFPGcLFAC/yel34uUlg+0fjxd5Yca0tPhq2JQlTbs3Wc9TVn+afSIU44KTyzdUcYtDJWmt9FPxvfFrm8/VKC8r7yeeH0bcH9dt9yCWrpmnuQOzz+OhfD/ynSd4gOEvJPHaELjDkYmJMHKhm8e/xpLZQ6n8+pXxLM9aXWcvF2xovbr5X/EepaFV3xBI9UCwRSrE2W6QwClhA/5if9TJKF8LxihcNO/xUb9ES47hLCcPSKixStXkPZfA0n3OsIa5Ao8Usp91NPk8x8cLxA2LlFPYMkIPkCEQ/ki/S3EI8Chci78mPEmjZBKH3QBrUCEJx2hoBkS+VQIwwIlVkCwko1lk2JGguttSBlsQtm5MaBrgGtsEUYQccoSST0Acz3AK9t8DaImON7b0JYr7xMduEmG9OepF53P7SIN5k4HVRsbnvmpAjkdqakJPQD73+tp0A+FB577H4NhASWyHisUq8MNrhqjR1PctFTwNIIUIEUt/mZWgI8QBdgH2ptZ1Yy5uCNEac7cF/KR10m71PO7btrkryvi7rmxBPCq0gWGgHzuhENt6SAStSN7ETP2YsrPkBzTbUwU4MFuJ95blxtWuvL9RKvLdtt76+HtWguG1QE6p3SS1KBd/yUNyGaFc8S0W1rHZXBaO4DSobxe3aI6LuStr6aru+clLchocuDS8tpb7bjLG84TJT3O5QKvxq24CjH5IUYEflpzaeq3cpqpbJDsKpLcpScbsDxam4bVGiyl7J3ShUxe1uJOmvtmsoWsXt7ifwr7adFbDiNjTy0qOYlXrVp6QVt2sMpdy8yBU37xVvUvDKXk7v6n12aswpwJ1v9KxnQJV09w5sAvee2Q2HsUi2L/HEDqsZQJ+0VwtY8qOsR8C4lToBOO3hFQJwRTsoEaC6cdYIeEkv/RNWB8CFd9YFaNuBUBhAWiV3/873rdq72kB16KslAspKYkratDtcJ8BTaB+s1Om/eu9I/DYeuRCPfddCX0M8dojHvnNIGeKxq+AI8di6bROPTSxCCMqm9iUFZdty1I2EY+OAIRCb2z9IIDZuae9EOoKxSUoOAdkhILtv6BCQHQKy9WTubkB2VyT20ktC7wvFVtQyBGHrdj2M2V3w1aHNDl46bS146QQvneClE7x0uicbvHSCl07w0gleOvrV4KUTvHRu10vHuZZueHZBcaxqKDaedA7U8aCtSkTlMpXL5DWXurDTF+SnYuSjooJW6ckq0etmLKeOIjGVOVhlT9QEVJIbsfiYOVgeBE3i2yk7VJesi4Oo0ah0HQ6lFZKxXWdTm2xb917njQEJmqbZdin0sd+ABqs3RQx3ntLmduGuLyv0jKqVsOaoUodFj6JiB9HfRkqdYPYVvky7bzbbYec0MaFxlGtlTnZgM9r0AosezCas/oj1tUqXCOk/MmBDVJgXTRc77KYH8BbuCLPp0jvJXVMsx+Ri7pQ2AZk2Uhx2vNfLzS6Ssoy7kzX4btBJdLFexBnZqEh+kX5R7U1GUozfTFZxCoxVfKpUQWb7enaIIcTuBRGq+ztV6L0LhhmW3UnafNeLakXuSSuONJ7cK+kEWKtDAeoRkOj5o7h08OvYaamKsiFi4IKnFzn65KnKTnlBKFevE27si9H5OoaBVxhG7yyru2vAlgnQ+XTVmaLGF7SqH1VmuWS1Hhev5jsGAaSp2yveBuS8R1HJ7kZoCC8RVjp8ExUjVhBs5+h08IGASHUJTbrT1ZpHxCfxdIVnNC9QFHKZc3BHX6v1MKyf//T6jRK9demSiK+s3/8Qz7sRpH8HnFWUKvAXElkv1TVS/opvCiwGRdMZRT8xm7zxvFzhor5YocJCDTW2zxRVrMWjmE+koi9JIx5n7jnq9Se61wmLXcakqmsI4o4XID/p+7OkAr/RiTLogyi5Xmlx0vgsGYagcxJGa3e2nkf7ZZJEEzJ08TaZ6WH6OLIXn6ZzRCkyemKOKzgcdB2li2VeAPZ2uiL2bJaLXR63XOytr3VWg+qs5uRkObvZZpEuX87jLCGHkx7erBW/Gp3AN0Bi0WHaVFaGF6IlvkEbvBDHEBXVTVo84JiIYiGr2w5cyi84TTB1G8I5Kdu9y9iCWKXwqi6xrcbFG4LmRuSIDCLa3YHcoVC5S7nKKhNrG9L4SyhFpB45Q/IlMeszsYvb3dk17YE1eokB7YTKbsRH5TSVtSfuvM512kWtNeibE2fMOM1zGLTOZvX5KPs6v/kQqIqbMLpdK3vba6MIsnet5sPcflafSmLK0vYuI02XuaJ0gs+6V3SsTV5IW/Ilr3SOIQiYGoQo2SasfbziAq3dmvdhToUe2tbKBpjxORTkrEjIdLcg31SUdcwLjnQ+aXZWxNrFVXEawC5Qpss1XyhCC92U1CHy24TF6/qzP7DTuKbqTFY2uXtxmMwuJfGBMA+Xc3pVI2N9KSZcR6t39ZVVNd3546icp1zYubok5XOJNd+nrXlCtN64Ywe7aETrRGXw510iUP/Rr/aghB3ln7oiSw/jabzi+wE2ZYG3QJ5N07mIii0dExUcEVVXOnqdeFVPC+6RpCiQy+XxW41FPkahDWw/itAjr+KjB2ZqNIYeWAWM281Oq0hy8hI4zcP7R/e/Ofr++LsxcDGwn8mYGYlxmo0fAdkca85rsmAPLLJbiVjZtfOttEX27VWHLOi98SJ73My+r/KPICnwNW0f8HYyfl7EiwVcqlPyIyhgq9lpJSCJL5JUSYwPf9nyheIEKmxN9b32/XOSs3a6rJScf6I81O256Kv+EY0PdLQVYvNKMlqzpC3vtsxWQgNdIYGW98t333Qsqt3fZXkBGLTJEaUP7SrOtjzPD1GeVJ5BUxHw2y7EJ+je+zIhy+coesXp+0bRG7qgSbk1Ih4QTkKymg5Csk/Hp4Ca93sWKG9F50W+XpacfupCzHZCdHRZ1BlaIAnvZ1ReumU9KDprZ2VRBeiIqp+P/0hjfeqy8rt5RJeivLGuToHf0qLXdtDSbZcV5fY9S9HepbnG9mfUZdRqebOsb4nyT5sneYS6ds2fPWWRD9OvVx9YnfyFYkdL6xfxmCqpw475qXd+Wr7JH9Nt8Aqo7CqBQTLgYWDKwFifws+vOQfaT0v952PSQ78yhRtGnMCY/nqJeolOI++JZtvnV1gFXPnav5Irq1KHvIprqeXhrqQccq4jb9cp++1W/H4OxfWFnqgAY7d3v9OTqsMiggSJeE6lecbrABVcMWpZlTzdrZWxsUkLxii/vZI7pguYPv5J/kaSxgp7fEaaPRuqfk1mFGybmVIG2lK2sZlg87WbYPPyBOqxn2AbsnfabILM43WZVLBxhW3W+6N+HVX/slbXh4v4syo//+D+b7/73bbg82FZTBsCyRbepnaTTHQ0qcXm2J7pitrFnLTzNC4p328faH8gZTQqaKZApUF4bx0o1dfV/Co6vs/aY5pWQ+n79vP7STur9v2oNlesFb8mytabbZAufPToQlIoYdotJC/Ra/E5V+38nWkLDt17GB31Yk6f+7PbkIdtCLoUyookV0Zck6FMZJp1/FaDrIBurHnJPmAcW6qtgHU2BU8sG/rRJAY7Z2XFBPFMohpKEz5HdNLtMkbCppgXawFlGxkWsRmFsrkRYste009pGgZK8ZVzGimxWSTqGGRFNzLqNx2vLTHErAAU+q+3J+P/jMd/e78vfxyNv/9l9PD919Y/3x/84V+2JYpuOx62jW15ToD32Pmw9aU9HUd7OJyrDge8QnNxvyNz2RaUfZlqK4C8Lhtj9do8/s4L1/bfMkYBso3lr6/VTwd/2H83cT4/+PoQXrLw9P3bsUHSyfuvD/5gPTvYEmX7nOw8LYf8qrA5nc+Z4HY+7jQ+8uMOAyS2XoU+VlkjMSTqiODpc/Ab6tznmO4wp75+U0S3IaKmc6jI38x3agG8A7C2eOwjo/eLTzqK/lVv4FzVfFT/rhqlaELT9IuOg9FuUGFdKHJ34tgXnejkAxVXHUfPJkkAyTyiEQCOQqsSqiwf+i13kx+/yDMfpkvykw8Eeu2rLpD3FyHwBPgNAIKs/wPBUPmmCwjsViALdd0TO8c5HrmGb6/UdG4e1/pDYv3Z+3oYbB3q2yKW8tnQ4wB/k8Pn8OGMmHbpsFyx4gxlB+1Dwdpa/pEzGDgiMXYH37WoFwdicf2zZmTxejle5eMe8fP6aKcZvo7MSqF6G/jcw1twlkEfjbm8uYNbWbTT/0AXsuRqDDdx9cVruIn7IP3lX8G8QqdINxDLuGMXUP8p796NUSlcukMv3Wugj1/gbTss6qzxI6vhrVhRTFiJFiDrl/Wp9kJROyw6vejvv341Ho+/Mk4yD6shwpOPv6N8fp+Ov/qYZjDOI4pYVhbHxzplwFd2StdGNlIr7vY8ySaoKzhdp1gsnTpXQ386mhx/N0Hlp501UuHD57FMRrmjPIwsF52vJEg/0pPnYsvlRJK3Tur9fIVqbRyCmJeHUed73LOajWRyVP8e1yYRRQyoJ2oaj2ga9AQVI39ue/oslQK4y/m6iOfNRfBGXuTF6oWZyhhf4ydAONbzuGh8CE8pleRDK7WIgJs6GVccZMk16xFmHsr0EJWT/0ZqPrLFB0adSmJjCX5pW3QU/XeZZy9j1DYa05P6CnsEZFwoNRHv4YlWuDHCa0rCjz8dx/PlRcxaco5uV4gNa81OXj79+cHrys81ClabZ4t/NP6z/lbFzNDOhFoHqXKY3RcUTpi/qkSJykaZCH5l9NeWQxNTqZxV69TsNdKHQlvCASvgnyty/TvH7KSq71LZ3MTVilABHeDJbEIugLWe0QhSJJSnfZ1Z/bG9pj6PWsJQcb1T5GWaLxZrICRXHKGPHtN5UR7OMMXNYZmej+MCCPkqIfeXQwDymBaScdqrxew3msC1kNCGrpgO6IDtwSMrjsKc/pVNSXoXlO3t1ZPXb+wUxKnKmm6Zerv2B6EJ4EmUnUw5FifZbJmnmRiB5ymJRuvTRboqddQGbF2920c6mYOEStRfeOoIAbzmvSLT4Rg3wWu32nOFd8VkC0nv2NraibZjI1Sxw4qtuZ2ecXMEZ9M28Sd94dnWq5UEkxiQwoCeEjej3OH0jFo4DeIFWljUHg+5+I/rbNZVGrc6W3mVD8PLJ88BPTnFyKOT6JQfcTIRccnq4jslJkjleamuTNaBvoD0RzTFyVOMZQezphi106sOhrPHaCSR8Nt4CKpgeoKM8jVLFFH9szaO6Bcbl0zn9nHjDDNPPsdT9NAQW+qHdTH/gKLDB+n2A+dTOtWRu3jyO3p8etY6AXKWY59SQjtgy3X4jnhCXeVrdaFgNIcefFN1jTu7UjObUksRDZlCNzPvYTckLm8ZdyFC61zofXtC/MMOZ7VEzmkHki/2I/n0VQBW9NOrZ/w7OdOfRXJLGU8s5YSFRZAXqaTrcQT7AAeEnVJOglgPie5KqfEJpuMPHAeMdpZ+VmfkIs8/jrWnCX66HdiAV94J2KAftb/0t5TaUOcYPbTulZSnV/EBvkcam51Z95tvHrhefYmj2/4rRD55Uqqo9vH4u2+/ffDtiBUPZfopcdTC3pV867a3O9LBjM2J2URNDcRvG5INn0fnACFxRs1NDH/bJiJIIwpzjIsZHRwEX0fX+x+Iq06Ac0LEeIh7dIgo/aFzO3ZP39+onGmJ/miP+Lk95ycfcMYfFKIhF0nXGQf9KKxXF0RaqTvz73i0O7rG18wqJKCHc6F1TudEUxBFsUY7olQ7pVJds+dU4BKeRFH4lAmCVH1xCZ/HaxiZkrXv4YOHy7gsL/Ni9v/bE//jrtlzfvZJ9EMRny/Ig3R/7zeTyWTvgOBDxUXsMl77e3+Qp84SJSrve5J2+1c7Sa/jwOqT/lqqVmwSRNPoBPMNUFIO7TEIfLOyQuFecdY7JR2z02xLx+hXa/kcmouc2bR4pTpYcJJSuQJ4Em2Asuk6yXHk0fwM1Vpq7iPhlVWXOO3OKi9uJoq6ePIZD4VW7TRbrY5d9ZNqLTvSv+kFKgq/aJNgVeMcNOY9jmF58bhLle0fQuFM9NM9UxHZ1ROu0aIcallLMeL6WkxViDFCb2Z5uXPQIplLdGVC1YhMIZhtIjCgJ2/XQKoJpoIocP34g/YV10vmqlfuLOVN3UHlqZfXvEBtZ77yahcsD3nap3slwx7x9SJdqiuJMNa9Adx+JoZJdc8Y+jQb4d2L/3nyOaViC7Cdj/OkhF/pl63hw1PbFXTEH5o5eXLuswoTCRSUbKchCW8/zfDi4aW6McJ2usbuFfeQ5dmY/Z3b+hfowT9s4G04lAxDPtf8hNWe8xjzkkqeE9LHoTo+nTpHoSJtnF7atZce2bE9s/H65bbs8pmMMUd214r6fVvhnHQ+U/vVxaP1uZwO9yjtWRLdQs8cJcKG5O/o3R2/Y2bNia8QyeXxd7wpCFt/BWRKixItlGh5AUbTfiY8sdVN50BLHAB3FD7FG4uC2yIg33R/UU3Z6i09kpqoSO91UPwe/Gtv5AgetI/p3tNsj++7xuHTlyMlAtujZ3uTwRf7ZuZObBX0QV9kB/YA2UfWeotUOk506UcVNQGttjWFCQk7JCcB8vSs7UT+DnnTjvxD+LhcL1FUhPdfsTHyibHEtnzFMuNrNRHJ2yXVBGZJpnQV7qzWnVvSTmvGFaW1l1K+L1FqXS3PESRpNUZ+F4r5jbOmVmfSlji1NqOQQDUkUA0JVFtaSKAaEqiGBKp+OxASqIYEqv9MCVThxpzNWwMPKmilXqs4S6mTrfmw/1Bvaaa6ZaJU4cR8synXVh/Uqq/EviV8UxLvJrNv3U9SVlN21XSK/ny68DypsovkHFG3UJVZvAyNfcydpI57mQPKbU3rK51V/FnkScnpeeZzrRhvgk5zbwwpXqwIHd0H31a4Y/IrNBLhzQp0eWNC5/JL6PRKkHq+tnNCfY1bMDvk8fUfgA1e87Le7/AstBGsE7ZspyAepbldiHlbKb67fCYd6zKfKKiTDy9r4uVBTzolbAiXrbW7F47NaEycznGL+8rF9jPp1wwaqHW+4kCDfuUgV1rtqbLuzSBUeqtg70oVZFaOyEg2xTfSSVv8qMfxkRIEHbTDx3eiz3PCfTl3eE2M7UO9u6t3WDaAjtn5ZgEIoQ2bhTaky3g2Q1UwSE3pAj5YxovesIb2lzaKaXj68oTHf4Tj0wMT0lB92IhoqM2dt0+HLVSffqWjFl4oQzwyb1sELrywaO2SCsSSwjUn51q0o/HopHMSPLKiFhCiE/zsVXI2sTCfd4UKzr4wvzZodW0u5E6+m7ngtjTn8mfza99c+gI6cFOrG34XwzmqqNcRzVFFsRDMUWkhmCMEc3xpwRzVU++M5YATVX27CqVuKUUIbY9CQt7qcP4nGk84wHIUTUZR+RYOzgjAUq9+qDcYbNOf6O5v5Uv9GHCgYtRHVb5StFSfCw5Z1kvujFp+elbpkZhr5cDKKjD9Tz6hyhFEOZgiFqMKnebRNcoP5Ot3FUnJ2ou0mI1RmXLF6QpHlTko7nsDN8c2qtMKXkVsSGoRjWcn7DaZR7eGosn+1MTOHc7DVYXTYlHsn1vlhx05B3TZreWYepGePpN1jfhULNaV6p5rUfttRn+ESvSTIPNiBxVSXCVnZwcWQYhLy27rbJ3T5lTd08XmQkkSsh9Ge+3JFv0ok83Kyyo7pfRq8Yjk7AwzlsPVdqVxhLX8szXB6TSefryMixmXkAJ+TNTyaZeqXzlMs6uH8o2TBLWlZvHo6FMIn85tzFwHVeaIW2sucPeLHMggxr/FKdmWirw7TWnLTW9ODF72VLoC86cny1V5iG4in9Lk8hDzMMCpHuMEx+KAfEjS4eFv6D/DCcLOvHw28dgo14tFXKRl4vAfaZFk7RZ8NUwLvhq1Fnw1Nl1w8NW4JsAGX402GAdfjeCrEXw19KNd+mpsa8E5Q+zmn9wmnKDp/8fS9GPhsKDoD4r+oOgPin7d7oCiXwzeL1qVV7WUTfrNNk8eJe7biHSazPPsvD3upysep5VNCOaIYI4I5oi+eQRzRDBH6BbMEcEcEcwRwRwRzBHBHFFrwRxxTYAN5og2GAdzRDBHBHOEfnSXzBH/9AElyS0Gk9BvLXEk3SEkSWf4yFc7jxw5qSjG6uaZqtpMbCCV3/rsMk17lSUdp7dlpxo8hxuzTzXncdeCUPrMUsEiVWnBIhUsUl+sRcrbGDVQw+qnXlUjG/vNIGsS6VP7dbnqtQ5NLlvZCdsMCbyM25g+0fEiSQxq3KDGbWk3o8Y9Byy8jFvUExVckbe0oSpZ4Zr0z4Is6meLZWpZmZDi2zH2SmJo+4C2TNEywnTMNZh5W1sw83bM45/LzBtJpYi+88rlJFRFGf6X0JKeS7wtk0iXcbmNFI31VV77uc0SPZa57VTP0uH2uZGjZxDM/1kE8x35jAa5PMjlQS6//r0KcnmQy6Mglwe5nFqQy4NcXm9BLg9yeeXnIJffrlze7v9wYx4PQLxgDzOYCvk4pBlOeTyNx0jvsOw4MJnlVblKFof8N95lcIfhh9zDDfpMiB/ZLFnO8yuuiNjpNcHimBEXpV7Z1cPoL8mpzrV7yX8rVGkvH99So5znQxCRLsbyVu0lLmptw9F6gepLR4ciOao56Im/SpBt+NlyoGAs/HRs/akkdPES2Y2DyHMG9GMNaHpmHEUazxsOI82t4l24yIvVCzOhcbRgomQcShpffrVzx5LG9JUnXrnGqKwyej2N5zChn5aH8tfj/DI7fMWVdw8xx3kyOxSHvBYlEPuLLS/isqaDsn7p1f3AQZ2r4tL5GVUAXGF93YzYEe1SuYqL82TFqdqJoWnfu7YJYlG/dBpXNXWvqj82yWzPPNH3+GpH04OeXrXPEZ5sOkFvQM7qU4yYbbyIPyUV6RZrDaNuh1inzuWItqB1QT/xs02XtM5i5f+4E8hb/bVP1zzvnPIM9TJIb+xbr+Lv84AP/gZ6xQqz3DzM7crGJkViraPV1WNrzm8seZKrUhfJIsdYrjRT/rks7HxGJdQ8iUtbNRd0mEGHGXSYX5gOs0FKSJdpn7mGQrPxyRcY9Q5X4bMkO8cb4Ljx0CFvwnd0E3eWnejXcDwHKWWxXlh3WSlVJ5BsS5Q80NjL+ZXWxAghF5rV0inRaphXm0LBrjZxFO2rvhSNt2N49JUK1K/MMeikjNK2+htEcmG8g8Yzd6mKbhEWRYN12SbHV3XuHNaVlJEuQD6rXIPcS5fwfAoybhLXI+MAZc9RTn4MSwLWN9lid9/QtfuZdpgC8dKssr+xPV3YkEX8MdHjw3acEaXpALm1VawVPiO2nIvmWv0aAZV3Gf+dZqSHbukYRp9SXiDqLLK5BYo5skJfWM8cvazB68nnaQJcRhtiSqyaQrZyXZxRUW3Rrc3q8siEyszy5mqw4NdtCiim50Dw0wUdE6nUrYMg43bcqJyI746OWlQtm2OxkjA2QZ4XmiQooqtY2+qcj9uOOXFvdCfT9YjkMY9mIKSimJmWFwCq1WWSWCFtf0uKnLa4ohLdLTA+pVQRJ0Xlz9WzFG7pTU+VoZc5RrMxYF4nDJECQzwzlfHqMkLsR4vLzQIq6tulzSFZArs9BRhuAj0qC657IDJk8OrJZ155BaJc9lvLVe1WJO7QkrbUIac0EPQdGcVa5cs24D1dseqdypDbAowWNynCFXVpQ80S9crmHnrr+ieMMqgQQhycV2FqVyzvNhgOq2zeGYffmKozPrp7psLBqydEc3VVdhZaQMzBSuNcwh1FKlXbHV/uHBRkQ7miuXY8FUprFYJU86ncBj11P6xBBEcVxpHXjz9ojkEvOV7CCe8wQqrWxj5aT/tiULEpqHlP37Ghdn+WFMX7dK9k2CO+XqRLoocc8HvWswHcfo7n6Ux3zxj6NBvhnYz/IVrBXMHjPCnhV/pla/jw1HYFHQmiTSl+m6I3icm2BNVSMikkBpJoFs0wmpeX6saICytSF7tXBkPUsylDfbN/gR78wwbehkPJMHSX8RPWgsyJuxJGKFYmgIaRqtoWSXGeoGp+euHaSydBkvn6bLe7MpxpXQXeWs1uqvUXJoRz0vlM7VfHC04joc/CBi+JbqFnlv2o3mwrQB8N7d0dv2NmzYmvkEW8xCP2d7wpCFt/BWRKCzhmJ2TlAIHSfia8v9VN50BkLccdhU9FYkI3lznfXzBm/ZYeCe+C9F475+zBv/bI1N8xkH1M955me3zfNQ6fvhwpf8IePdubDL7YPYLOd2CH1ta/DfntimjGXSH4MccAMdxEaoBHFvZRM4soI7YJa8klMYVDOTfk5MkuhUq7bbxKXnFHov7DvTxLz7H6cbwARH3J9yjvbHrW0UdTWyaQeYNa89+rMXiy7Zvfz+ks4s+v10V3ahy0aV/92OIRpNrYKUk03+sh1/53r638MOKaMc8Qg8kpJ1DHPlujviE+zdm45L7+SRxuduq6r34mpbQMiLzAaZnP1ystSu4nnx9G3x5EXAY7KaZoPzhHLaPHVPSqqJfjo389cE2F7mmciegsjrBg9PP4s2VWQtpz5OrjpDZ96nGOlbuVs5a9CBC5inydzRjlXf32ahZUe8IZTh6qbFUsRiN7CV8+OPrXkViHLi1Z0uw3EPB29x5u6Bhl0uSYhFhF9diWq7hYAZUns7Vm6FdoHXR0XtUdkCQPs9RbOMtpXxJSY0XHsBRLB+Po1kjRP6K3XT630IJMpqeoRvgIYjF6mjUB4+hagwwBc7Yu0KtsFCVZqVRcuPKaTVSPXbDV3tE9fI3OaiuJtlBaMwEyXuoghqN/aA0YHueuckcBCRrnxZgpjGUVbYOlfRj+oWmfbbtuAP96CNoAZPYjaJsTo5kjoxMDsp1U0p3YSyQrxo7tiVlV1ehNzHCN2M9v2w+PD6Vz9M40UIhOhZAh40l2mdFWM9f05iwXJ3TYwJLdgpAeNcm8IU0uqa9CrttOiWWAWqEmlwiUSz3TRbvQN2HVBf4d064eobA7CZkfcVG+u5buNHrE2eHmV6JrhT/K9RIzcJGhVrj1ztCCvQqfutcFDzlLCFIPxnZTp32l2+2RU7THEf96KurFKoHVNs3Ncoe3G9Zbp9O5Xa8xhV9czGSx90rd64DYil06F6jhN5RGGv6zrS8NUEJg2/Hda81R1H7rDDpfE0xmpAtgBxVUKKAlCn4UU6blnIIsD+WjdJFeIKVAC9EpmXyBVnk+p7uGeiXOskhgWbA7ViY+jQHIJVwRlYYJO4b56zoprpgOQo8mTSxpeym7Nt0ai3yWnlGuWAmtcV14NTRrj+DB/JXj83U6A1QyQO3stVcfFkXnSYa6laTd60M1/722+5PNzpeSOJh91UeooxCbU8Ju6HCVwR6pT2Hb4UT9tZMVxUbuJj++ePZ/oqc/UD80HmuULuJSmBPYA3Hf7ow+wfZUvNS0QgonODJuLYAy6yJjq77l1aSoGWwyh6K579bMdLiMy5L9AlKx5HBn8bzM2edjcYqOgeoUMDjgDjkD+LmZs0SvWMWZxUyJSxz4ExoQ2AevAOm+jOShgZ5L343ILilh4fRm5Jao9nFO7jrKA4hnqpW92pNCq+xckiYvNs8s/Kj4RPZun4kXUmpChVozhj9pxcqRNUCXD4NqL358I2gA2/HN0fcgoKRAw4CXG0WpoEKSUmyRvHb/6Dh6JP5BwPB/e3TEu8lpaR1DsYMdRsdjOmQrT7LGA1rDlIiOMOFnyL0rxS37VgBnuFohGuuUtYS1LuLJdAwJ5FW0r04t8C7xGXtzJcplhn189ICv8IvxCb11ASBJigPnhp2QWW+mlHk6BKnXfK/aNV/JcHoWy3yVZNMr1zIavrk2+QEmPZvqxMDw8DwnTjiv+e3GFXfd7kV7XMlzhxkC2y1zAc/ZCiGGPrj0S8vwXBXASyYZeXEeo4suvacCRf7moh37FJbBtzIZkQ/01QvjX4nrgrIvlxwdQA5BnMhdO2a5hBrunUJrdnqjz122Fq/LvDvkD5v/VhGBUaZMITpIvBhfVcjLJHpqQiWZ4+HcHhQyKO7NQH/mKyAs521GB9XKfGECR9m1mP2EYnXXkkmDnIdtem58yeMlssoFyuzt8YOmxUAOAA9gz4G2TTTxgY+xMgNSpAyO/owj4E1yE0MUBB/JQCGZUJwKaRX35sKVXvdnuw1FLPh/IG5AnYpSorq/IKpmQtZ2hNjUWcWFmn8RBE9AYm07AJPoRAXwm146RXhsVbsoDrQnaRD2TBechMA8EK8YoIR5hihaC51wocWLnJUyQvFE22Q4MNIvAXmcsd+JWcXY8GU6YoN3/azT1I5tRaZcNZxih6VagAt/BbBx9PjF61+enfzxybNbOxsaCl/Uocgvgf69UmHZjlvc/2g8E885tZ2zZMlUUDkHSrgOxes/e6bfEx6QHO/QqOI0miQYLzRPVixemegAhTvnIJSjQnqKlzC6Jk40dy9vpng9YHAwTSy2rmyX5LLCywk9EzLkbVNRKNOcaWiJWMn5d6tP5tk5zYB22ubNF1006h17RLKCzrPg8AIRlMRBDNmitUg1GeneeXRuFBF7HYqGuH39WEFZ46uRZMgc0JFF51ucPUwYcCS6yteRXF1XpEe47LGaRRpHT9TbCm1qOSNIGDYEMFahNITy2WoUOekemf9UmDKTVFVhpBBBxuqcdsiFIT7Oldi6QvWarZoa7+VTFZjnmztHNU93MYDHPJ9+pB1+jMd76BR7UAcbkgGqPXLy4jHKjKRYxwG1gmMPYzPOyY6lJrEHwAdxB2SGgssw9Q5jujUnViiWCXED2WXMtyWrFdeAonMiHb39m9wv5A9IR7JvF1AlkHjl9akItkJLx0JLARyHvzEgGs8ERr2DIxd8Abw48d1V+kzVVeAQxHz/E6XUNAlpUIKneipslhk8UoP3L902GJ65quCY9iZn2qyngl7SeOUD2UtmJTJbuKF7aAFdpKV9MGjr3S6f2CiJzGUKzM839+9H+z9lEqNDKuEngA2rqwMrSJe1h36HrT0CqtrMXTHolOkjJCG5ChPp8tPhtOpG6gWCfWPtamXduXM61uRBOey0mb6E79ZCSpvNmwa7hX9uQ2E3JOGaabvPRuZIRmaaN6SA8d81oH56+vhOwAmWtiMw9TlqYxtbPInztdZMT/YLPTqbMe5Zr6rSqRvDNsQ/t955t9N4z+DNCG/VPC3WUvlPq7vsqO/TBGSuNC/U72JvvyVbNi51DPf+uLPSlw+3CxfFCp0kOpLU+UOu0llL7r04AraVCpqiLVpiu+FhvCzJUcp1koixoEtTKQLZuiU+N//v//3/lGbsJXlgJ1jJMy1bcvb5wwYbD9iadHAzGFU6bYWTgaJKhzXWBSmddWNN40Q1+ZwybFqqU1X+U/npW/yxNhy3xkXbjbXFVN3x0IRHod2fZnkV/VEtYPI4XsXEq+ZrF6ngKSfEMnKtXF9+x1ecGyLQ7U6kG3BNCpJTIp5h8/O4MEmio0kXoqOIo2WaTFVOXqXuYSOr/IikplAaR+FjvRaCzSSUoVjkmI3h0f9+/eOLwz/lSmiZUqw9JdNYkCZAJeASivuaih8Dk5yeJeVqIr3BXry9/74f9pyHUkpRjrQcq3KuWLhPANG9G+vLMleqs0tazgrN6rksZ51Q7cn+3YqiPcoLb6b/d7yBf92L9i9JibGH/9zjKWnRwM7xYabGboNFen6euD1YVaMsMXhtkCdsivmvrO4ysccYI359qgBpmGcVNh7DAguSfI7ua+0fQPJAXDDKK+iL0j1OUaWdsWUaVk1e4mSdukzm8zEbDWYRZ5b1GFNtKZvvMd+oM/dRC6z8D6uP7LTJOd1MfrpDEtQgKPpIUZtAcTNJ6qYzO9ttINB6bHSqbQY51qTeCfCRrehwl9BTDNRmvIAXDF/XmTWVvQ1oHLO9NZ0QmVlmfEXFmaOStWnXfN5xj8iteno1FlaMRA1diHnqilXmNmBTPHQEm2zERnqC66ECHqqCARDzlMA3lcGjqNvxW78xaDewP2OFwg0xQg4+M5zfdJ6vZ2N04lCySsQD9WRrIBY3S+cjWzA0XnYL5ELFHvUy4eAb4judBkBsthHwNWwtHt88QsHmdTItEspm656a57bOKl3uGvqm57YkciU9Ze6SzCxtmyQbcV374OrTC4Qep8KZdU+Da7vse06bPOXlc6ZRcWbjqy7VCQ/MYAbU/XGOIN+FcqfSoYKF/BjN+Fc7T1Et/gR23elKYpIdxZyxhnv7wR61tIMWxGdZNqiXyfcAGdD8ItaxEk6djz/YGp0qnY/4CtWUP1PK4+6j58nJEZ49M7LaMFpztK36y1drshuNiSel9NSUDCOSN6khuX3tyF3QjNySVuQWNCI3rQ3ZShPieQj7NSDDzt8mmo87ovXwhFi/tmMYxDbRctyOhmMAgDw0G8OhtJFG41a0Gd724gFajGHwum7txR3XXHhuQK/GYhjQN9BU3IqWYldy2GaaiSyfJY8LuHUlXm8nQQq1PnWVMErLEC/yNedWo2A8nbShnlS6RF9W5H9m2BVfu9hzX/ioRCII04T5PEbRIokzk9YGeR7oSEVrUf8Sq4qz1Ylr5phOmCOUnWELP7558jB60bJoHVjLrpcfcHumqzmPGI3HK371wzYClpJKnj7exdaZ3tSmqdgbcd8wh0rJpDpcVwJp+8WkSm3LWkZe9TUOhEniE2LfzJ4JQz3NgR6Vy5y1Hcrvvcd5pDayVScP536RnmP06xzJImVCXy8SjrCzCjpNVF4XylM3jUvCMCUvY2QWZUBxOV+Tm6nVJS5Twyx6hC6G4/UymufncGGIxG465uqeRVJamSlyAg17mBLH53QMMMlQVgbafAuZkNzzBIWWc6TulLi/jP6sSQuPNon+0rKQ9iwQ3CjmDdYE0xvnZ+NVkVjbTbnr9SpHtYBoe58sWFBggEvSRndWxffHZjAk2gqNVcJlk2vrJOMai+oJAxdmgVkT0oof9e9KlOY5Ats1D45gzkjuw+1LMWc9EggMobC2jeq6aKibncLkyAUeueKjhPWxC7Anpuvs+JxdgjAKbnvJwcuxgIjuzXOAZx/1GSR8VkCv0qE4VXPsXX0Wk9TUhvgKJ/qJhgcp/NTHufnTwU8txYGUy5p1EuQ1f4KDF9FKAlqsAHWVUKLppuS4eXoh4vaAHJvROp5betqONxqKuNb3NstH2lVzsmtWYx0WXftZZfap/NxVzYb8/gbVs+Eydzai5KeSRGX7kjaNomEbZVutpcNqqWy2zzXmiAqr7Fa1WjTNUiyRq8DbLosTKID+SUdN94DhTS3EWm2IEL/WUibOCX/3zaAJU53CvhKt+I6dYZ2YYE68JQ/Jba+rxpzd9nV1xVFklVccRVJfcRRxgUWMC4ukyGJL+j0HRalUDuyD/sD6hdeDNNsUStllgUNrl2CH00LSXFg8r6JbLTtyOwU9dP2C1Eq9E9vlDvQbp5Tihd/ixBg8ZdJyf8pTtFHBAUN9b0ewFoCOcySIB610o3gWO+BRupaZUBKrMSVYFpVv212pZXpMBAyTrc6/HJTa4jf0n7H+eMgBaikAuQvM9KtT6a6LogrWOFMnEsOHTGi5wp3RHHl7hH2Nyioe/Pjo6F+t62caL4E15DoDyRWlzeAcRG1oUs/FR9kBmLwRFqLYcgUMruneqkPTOkUyzONiaG4641Zncr/ND2OtUOndIUke1Vd3B4dhdb0pWJJ/UYW9rZ/syt7SF0kmBrR0Vl/LUa0WY20wirhOtTnqVVx6rZyv4g/rr7bW/hVWEsuOD66mLC4Q0pNdTZbsZg0OmIvAVr/qrYYsuZmZRSpTCmpXyWLaeNbmbHTeQfUd9gnrXiwr8zo5r9a01elnQw3pUEM61JC+YzWkWdIJNaSdq8MWakiHGtKhhnSoIR1qSIca0qGGtAJ5qCFdaV9cDWkatY3ihPLSobx0KC8dykuH8tLNFspLh/LSobz0gKFCeemOD0N56VBeOpSXjkJ56Xr7YspLs2fqyxxkDwfD438j2v1VlH5L/skuxtU0OsBe6xTc2kuau+SKH1iQUkpP9pRGTWfmOCXR3is4Y/liFO29SC5BvIdDt/fjfIZ/Obr5Cw6Z5SY4AcsqYi2hkagaOHbhsb1mo87EQptS3atzjAQETVf5Wp624wVejuMFXmXnCx53aKhA3jaFUIE8VCAPFchDBfJ/ANoXKpCHCuShAnmoQL5xBfKON4dVDO9mhcfVzzve+TFjPtwBk1COPJQjD+XIQzly3UIN23/uGrahlkaopRFqaXxJtTSsLK6hqkaoqhGqaoSqGqGqRv8aQlWNZgtVNSotVNVotFBV447lpsQWqmp82VU1QoWH9hYqPLQtNVR4CBUeQoUHvzmFCg+Vdhek9FDhIVR4MC1UeAgVHkKFh1DhIVR4CBUeOr4KFR5ChYfW3kKFh1DhIVR4CBUeQoWHUOEhVHgIFR5us8KDTt/Vt3zzot4QVTNB3EHNnrRGBDdn3ZkXopqSWScYU+PGqrCEyeepLRuozHVqo9kxjT3aOk05fdrmOWzimyIGGU0lX942384zRAvh2hMrqdpKj6JuR7zXJD0zZTWgG7WblLHaTnt265CgdQYkcE5O3WY09I08xyRolIYkJk4beRZK7Dzii3ZdVtKoYYfddBTewh1hIi29k0VhinIeHpSumSuUxjAR4uY73usl1SAqlnF3yLN/QqSL9QIwD08zH3DuF7WlxMFj/Bk7UUrBAwKR3r6eHRKOneICJEnLpgvmrHrbrpf9QCk/n8oYrPGE0mkhvurVITfdmSC12ql2WUXEwAVPL3LMvAGIRLwhDIYoV+VS7TyU0fk6hoFX6AlKGYs9AasyAm4F3BJ4tyJddSZY8AWv6kdxI0TVdOK4KYC3rLibv+KtmOaouirZukCetnaxBRK7rQDAztHp8JcrlaxEE/IUOVcckdhiEAbhnOYFCoJzh6YMd/W1Wg/D+/lPr98otphMBER3+EL//Q9YTWDzHWjhIzrgL2TSGGAYfUcqX/WbAnM103RGqjrPxvPqDsbzxwoVkGcosn2uyACExzGfiDFsAjLPoce5e46Kl4nudULjWDk1tLoRd7zIy1LfoSKenCi+ZkQlP06TKWbLtEKPDHvQOQkT33K2nkf7JcioE9I6SXJP08UBu2PEp+kcUYoSh6C7OhwOupLSxTIvAHs7tY49m+Xi3sdRZ9gEB3a38Wr9XHhbaqdQXStU1wrVtUJ1rVBdK1TXCtW1QnWtUF1rF9W1uk66DtYdUP6nBVg8p8eVnDfLIs1JKARKUJnmdZRhCvWsQj2rO1DP6kssIXfnCu817V0AqjKfpoS6ZNUbRKsUpvK/pMvKzH6u/NaAmCpIdgrrZH/+TeqRbVuCTHUaioaFomGhaFgoGhaKhjllqFoXan0Lr1pi6FwnxadcZcV0ETFVhkpZZNTBFGbTyKnXUG0Mx6H5hgpjocLYP1KFsdajUqu9qm2hppIsAQh+Oc/FVbNalZXz5XxeWRzTJHpJlVnR+9O+eC7Wp2RLsryc4ZopDy2fssO0LOEqPDw+/ua3R1wMCpFFJQ66IypuRyk0h4pw+5JebmLXZmj6WgWyWUKA5QW4wJOr0r/BkVb/MBkISWuZdLiVj7H3FNNCxnY+VXPFjsjNVo3S3YdF2xUOyp1ppYGtcvr/U3d7jYP8Lw0UGUT+tdNB5BDtm/WoYQ6iAp1ZRtHHJOGstcywaqYS+nz+uHXbyWHnMi3Z0bktahpp0EOFP7bVoFhnZElHY3vbesRdpwMrvo5O2nGBiLtc+0RjdbfSW9vZ+Tr6MWOnhWohOLsGRHOGl/RXUVK3in5lmDYs6xjnDdVlQX9wRvmETh35dmKZ6U/o9akESk4qjJNpP1TKs7zVfcALPJx5U5ZkWKNFnMXnxhLr9FaHcZxQY84MmLcVrxJAlt2zblW/USJrdihvFsM6CLUbN63d+EXd5Uff/Pb7673L8USuVydnMPImWGB/zxvIsMPyMsKLY3oCfsvOYJsUOOlWpjA+Wwn5NGHTxLBhnLUKsSZfRbvWAkYNigKnpU8Pd1crMfxT3tD/c/L8mWEXVR51PSfZ9lc/PHrw4MH3sgmt2G1SLK4k27uGGauJUXp6jkqD6PtRdP/o/oMROiN/H8WL6Kc3j1q6REq5hy+Oj+D/vn9z9P3DoyP4v//c68aObldNh/wbCpSGAqWdUw0FSusQCQVKQ4HSUKA0FChttlCgNBQobbRQoLTaaprqWy1QmnCcRmdYrR/OWt0oCb9Ufqu8NnLakZewyFJ2kcTz1YVx4unoGTHlAuVq62MdPaeVH/l0ui5s1fc8Bd74ajrXtjWAd5LNUE1jceKbFjldxJ+fZj/M0/MLRz6Nu1rIzZo8ytrkpIQyZo51tjJKInjGT61d1ZC+AKYOA91XxnMYha1WjYNqryzsoLPNnZQq8YNVxku8TRIuzqc89pU2B8lPOncm+Jtj/L8tbO2vyzVpsISXU1iipHWDTAdIWVDJFUtRMDqIEsfkXCCrSoHD4biIebSP2csQ4YSO2pA8GLVgPxG1eH4ZX7nYZXHxI+8LWQZpzriqmXUsMHNNpMZguuDo9rmFEUr+5zpxqOj4bNUlrdbd27j83H1Vfs4u4GbsdZz7wNRovE9lzlwMj2XPV3pR54ox3yorlUcV2pWWnBSGNx8LtJkI6lMs8MfSthqjLWRaNYpuU6kY0k/2WrFMFqlqXcXOrqdYWyhI3fVWKEgdClJ/cXe57WkRClJXIRMKUoeC1KEgdShIHQpSh4LUoSB1KEgdbVGQOjqRbbE47op0QlecqhjtMlHOQg3rUMM61LAONaxDDWu7hRrW3QsONaxDDetGZ6GGtbOFGtbuyYca1qGGdahhHWpYhxrWoYa13UIN60oLNawbLdSwvmPVt7CFGtahhnVfz6GGdahh3bHYUMM61LCutlDDOtSwDjWsQw3rZgs1rHULNaxDDetQwzrUsLZbqGF9TTWs0Y9JUh3vsox1tVsd0IHRcCizaYbDTiUYr9C3aWWFbuickNrjTiRgx/Bw7WMwq04Do2RmOlfVOrCUZ+fEZI0GlDniqaDvypV+iRiOM0zalLhKZdU80I9UcsathKhQaPwLLzSOK/kZ6ybAoVgBLu54H1u63nI7L+N0JUVxyHX1E43gImSc0GpGczApQz12WbrWGy09bLjToep7qPpezXwXqr6Hqu+h6nv7KxhegfAq/4Q+bLsgh9UetcqntFxb7UrTlOUPVjiTEN0Er4rYzurGtWLMN87Yc2sHbUfVZHI+wY2ya0jL1Rct57EhyawUQ4dmSaJSJosYNnQquO8YujZNnbFULWOFzs4y6IiRgw4EEIl4tjDTUScO4QVQeFWBp0uBK+PB2rgcwst89h+cpWBEZTkwQNX60dqFUZSspk64qgMu6k1O06rcvi2X3BGDmi+aMhVighremLkLzOsalfnZ6hK6OLyIixn+UUtWUf67i88gOJJ2nvGGU6GYOrCUTBZoBhAKzGgjru0Y4WM2h8jDbMY006rFndfg7c5MQSxl9Xq0MqiT0hF3BSezJpTmsiv3LdD3s6xPM740awfLOkMUQWWye2gEGGFlddmZ55QTobAwAd3nz9LPkh8Po5MQcj4nOzqvzkACtbBiqwpfotwlUj97xCfbQMHa6Xtl49x4T4PhoBMnqwRieN+p1E2AAMWVNbW9R5VDb7DkYbQX/ZuacO8VcZHMl0y6FnhcEykZzrVs7eK+ZXS6Pj3VgWZ5ben5Jeq6ddDFoXpDyJQjZLE3n1lbwY4KapuMUCQlSFiWixnROSWqB0bR2JgtcDaOuADp6/Cqx3rjqL7cumoP14pK55ZVBG0xWPb8E2WeiKnstVn0vlAbjKEjcQZz+uazAz6CxJgTmmOfaVbbc9PNvCf/ILentdLWyAEllC6a8leNABVM9lKVwroErshZ69o0Tq/zRyDv9dtRjUcUTP8LqCYfsgfFjKwgVzb9r9y6cVmnGX3TWcSflZ3+wfF3fS/7GPW5LVGrVABO/Nf+23j8t6Px9+/3347lr6/VTwd/2H83cT4/+PoQXtp/ezL+T/nt7Vj//cvk/dcHf7CeHfxLn9XMVzHtzguIbVzFZdf96aNJxDxWRGKilmzQ1Z7cqRCbWQNRL4mRRa6od7+1dGUkhBE6vvnUp9r3JyCfWkqNqUibZtE3f/ka6clK6KoKapibzDfN6IptdCFuzBqb0TqeNwt61t9oeGq0vrdZWsH22XfPahw16qfyzyqatvJzV20sro5aebWnOhbfFjai6Lru2xfIupbizC3FKPe5NhQpHVREeq0sVVvGrhuqmW4uqL4qYdY9KhuiEuFJvKDZk9YsU81Zd/Ji1cq4+t5X45LrAA5q6g9WrmCnu5LOR0cxaR28Vh+PNYdNfFMA/5IqM822ObufIVqIirnCJ+pRlDII1TiKj8LMqCRfdpMy9uvQob86zQRlgptT1K8ZjVP7zySVcbxSVVOIJRqxXmldVio5YYfddJSlKqVY4N7J5WyKhsCuWmjY+jPnyxB9pFpkk+2Tql+sF4B5LLHMtZCmai1QThOOspO68wQivX09OyQKagocl0TPmy6YC3ttu14OFKQSYUpBovGEUvIjvurVIbveWdCx2qmOaUTEwAVPL3LUPAAikaYEBkOUW3VpB+LofB3DwCsMFazURL1uwJZYWwhrWW8JWtWP4kRKrhUk1VWmANqyEov8irdhmqNfQ8mSLoVh2vXuWbNjEsp0jk4Hv1ypZMeaiKeopNUqnukKz2heoCrNZbXFHX2t1sOwfv7T6zdKA0yqHKI5fJn//gcs6L75DrTwEB3wtxVbFuqOiH7Cr28KrCtL0xlFP7mFvt55dSd38ccKpUkw1Ng+U+QdiEcxn4gqkQrZeJy552gGnBgtMI1jZYzRvii440Velvr+FE38ieJpRtHpGnMxTbFYn5WXwrAGnZMw0u3Zeh7tY1meCVm7pbag6eKAffWVUoi8GTCWGQ4H1x1boE4q7nZJ6dksF+c+brnYW1/rDL3nfGJt7Fw/o94mDyp+90+Uwrc9IXa1kDfA7ly/bPhlMcW0lqJ08pPffTOIn6Qy5D1zpHfsOhY2HeKHxNN1lfa2274unj6KrOrpo0jKp48irp8+wgMkx7xFPehAGmLfPWWEujjArH93Xfrr4em3KRJZXwGWt+Bs3HblW+dS2nYJdjgtJImLZYFXYmXLjmy+/G3KJukqMeKRQOr42C4qo99AWihKSkn7wlMmrvxTnmKMCRwwZHdwwJbBAHRcUlvyMkg3SimpOscpSNcyE8rrM6a0xuKy3UYMtU+e8KPV+ZeDErf8hv4z1h8POUBWnsNditp2+sTNTpipfefMRkeCEFUUXbFzm/gHnLWWDKlRWeURcHx09K+WdmAaL2Ng9q4klROyp0mK7G8bmtTTk5HViMkbYSGyy1dYyEx3b/GFrVOkwDpcDM2NMyyipUnlO2v56O4V6jud56eHGIjFOIsye14CP3d4/+j+N0ffH383FiuTZMoZp9n4EQgMY83fTBaza63wx7kIZ7vE+t3QY84TE3PCZa191bnxKMZkh3AQ623P+pWN97zI18tSLKuJTgJkJ+ZjWwrt3IziYlrWCAjXYCDulUou0Ebfn4//SKN26pvduiAP0tZYaOMbHcvZokdUl3m3moT3u6lvi06031xNgladd/RJ8poxvJ0YqmVEEzbitfPgbkTB1pec16WVbICzU6ayVJY1ZtNSH5YdvOY9S7/pCgn+M3KUtsIOw3S4GpCRm5R7xitOyqr++dPyTf4Y+tasa5OLNQVmRpzwnv56yeXSW6fkX0LQaFa1SVtpsBCtUFCOiX3p8+GpAIpfBgRB/c4rIbXb1AD0V7Y2VthjyW72bAoIXpM6FttmKtmBOtltdK/YfPWv2LzMsT16WGxD9k6rX9F74rpUs9jesLfvlSTbJhWirNX1oW2Rv//b7363Lfh8NAGmDaos2ei5Ti4nOvOopVqwXeEFVy9jTp19GpeUsb4PtD+QUgt1kVOO2GodKNWUeH4VHd9nLRRNq6E8evv5/aRlOdDD96PaXDFDwpooW0+a7UjVfWdSKJ5GLSQv0WvxOVftqhXTgMPDJPIPo6NezOlLcu82CGAbgi6F0kbLlUG+zucgisKy0ItcfPgxGbw5fqtB1gQ31rws8tl6Kv7y2ppQv4HxxLLBEFXrXJJYaT1BSpFgitIwUEQn3ZU58UNlpqAAjJoWdaiBAtsb1Y91I8SW3ref0jQMHZIx32nswGaRqGMQmdzI6OMxZLyFxJnnveXx88vo4fuvrX++P/iDy83Hiyi67QHYNrYJOAHeYy/A5i4xhJriPRzOVQcJXqG5uN+RuWwLSpcJA1s1i/o12SoGOLLdQc80r7CBvkq1XhYIflXYnM7nTHA7HzvyBzsMGdh6PeF6veCG18x1e785pjvM2a1H24+tchIq7zfleDYAKBm+Q2VIABkow3PHVUm9o+u6n/g1y+5rEWoHALH+SROO6+V4lY+ppkWPQsSlAe6EpuneTyWiBPebgmrngWt90PiRGWKrdgkmrUJZzPplfarVomrHKPzKbB+ZAF6LBYASHmkOvOEeiGyZ2k31KioVG5vHHdRf5V5rL8tlH/3916/G4/FXVjIoVChT6BGVg1bZGz4df0VpYaJHlMVKqSIecyw6mmTsQh2NAhXAYSLVoegP7C7NEJ7jaTxGuf8hqvDTcXlVAp075L/RDS47H+OH3IO2sI5BnJkgGTpdp1gLlqanJv/paHL83QT5KrvIgWi6J0C+eDnKbfWhHdf2lSRyUXhNodfFep6AVFTr4CuVI59yVFjuvLpodPSX5PQizz/Sr5f8t9p+NlQ9oqTiBiXE888+4jwdAoh0MZa3ai9xbhUbjNYLS0KEQ56qwmwz8VcJhlXK9mt8HUefjq0/UZuM/yZ98sMGQAV0CtxSgUH9e1yDsqQY0iQa4fxqLSpUvFX+3Pr4WSpFIJfzdRHPW/aJtwDwZj2Pi+bzr/AY5niedeoYVHZ/spY+rhS/oCjIRxgZnumlVIgtzU3XNBB4/TcwCvY5pfEntZd4a/9Y/bHB9LQOlxezxD2W/QYP9KP1S98ob6SCHcv7AM6ppPpLTda31q2rTEdrH9Sn2C2QncWyMrETzXPxtPS9wY8N5kVU33KhCwHBPmYgEP784HXl5w4/aDVPdRvyR/XwSPNaRdRsV6x2JdBzy/845RanfcFBdMbmmSnFr9YeGf/crmRfHG9XWjno8LxDD9P8PKOK0ty3TrlGJSNWHOuLLrwkOlMoXq1nFISLhAL4MdBZ98cye30e15wHSF+tLZd3Q15o5jJzbw/lKiM1qDgQsDpB74LSv7x68vqNXahI5wi11H1d+4PQBPCo3KI6Kj3JZss8zUQRSHcEshKLdMWB9Em5aksw+ohuW/IIYxNp/YWnDnfSW8qz1rFb7cW+umIgGmVqqvoJeFw5YvRDxT6lTrtvlAMR1x7DK+dr0SVWSs6dNaN0Qy/zGSu4JI3MUPuoukK2sePp+juVkKHKNdalUnjEfofsWxHtEfiwCPXrj+lyj3zC9v4Sp8DXoJYC8HCvqyP5VKIWte6bwFPNRdagyzEVrzYBt52Q5Pb0zCzYlKJU45P1Ei9G1LDwqPUtUs6WekO7clBqGzh3SArECVff1kmJqHPCQMkkJWtWiyHmiqUt+wavt5iS48jrkl5KbGV1uET7p0hr8AomqxZ1ezCpRHg4kkFg/h2g+Kt0Th4EZv4yNJYQMv4Th9o/RZM0WudpcpYXUma4W5ujAUheLTRAJ/4Qxu0CfUroCCEuNS+Ze+oatYrc9eGXQ4fP0NObDhQw9KtOxCI9ecJbIezKQtyBpmoyFH8LAyZAyAsMP6dZ0Ywk9YhAF97R5yGeX8ZXUlSZ2MPfdxR3dZWopLV1PMNd6nhUAaVDhu/U/xEib0MH+ZhWwuHclKALLeQEA3glAQv3Y9MQPqLmRSw0Ku919cqdIPEhr3+JAEhd5MxBA2VpbOsusbTskT4C3c4PVBw51ZYecmPQa6MjPr5//M1vv/ndg++++R1ORP/rt9E+5cUo009JR/6AbbU43crfcV0eq3fZqmtVzl+b+JWZoucKnRQZeG58DdvogWWlIsrQ7i341PKftPewVXBRJAb9J2CD9QTEZVALvm27Yg+kTZKL9XyVYrYV7a86EgtkSfkFERl+fNWOQ39RSaUlE4YuGqD8fu2O0ACpfqfcRnxHvda/oRvQi8ftI+l1mpRJc7ZTEqIiKOTOa4ICbrg5JgegG/Qybc37AZMEUkQd6ouqNsHWvdMlsfmtspbwx96eyhw7ddv11SI5IV/kvbzci37/+2hvnmbrz3tkRFK9mddcve6VWFicO1mSXRhxfq89+8zY4RoujVzTn3xGcaiiWmrp62Ny1VQqHaosrwSr7pmr+nkPAdopyEjbTPdZT2nUKC8fRgTh9ldqOLEz2NDW+IDgqcN4yYTcsbhxZPa98ZZfhHGdIOl65nKKO0lk+x3gSzabnwJXalWvbTW19znMeW6mr8NHnaCRmqEWCMEwKYVY6HMuEUcS8+HIEs+xIerge4VzckF6cublKtm1KankY+W/c0r9VSQKDheRIn8JYksba0EBwiJ1juRWT88qMSTxvMz1zZdVYl4478/lRa7vqe7wOT0RnSPHhKFQFRfxt9fUU18lFGNSo/mec9eXtgWRyv3cOnRn7xtMycc71JsqRTWsr38ouC2JGKsI5bqCFFu3MIE89i9uHkC13rRUQ1M0ndSPhDUnURYahiZeGd6JCe6I695IjrNME2t6uWfoIiElLSE71s4xhbB3VckVr5eeV2rwoho+dhgX/qDlYK9t5mZ41Z1Wk9SX4bBleRVB03tneXXS7t4rea8Q+y/SJefvoqjtM68N48YClykIjPj+NBthfiz8D/M3hASP86SEX+mXnUKvl0mQNhx2IkemFKJP7ipWmXeBkco0puEMbz9Fk5eAwGOYijMhDkKZik8TCvdhP762UQS28A8btFsNKIPRXctP2KDDKQJF5xQrm7GzhJxqi6Q4T9CiO73o33UPQigr8EcPv4RbqnX5C/WWzPPLNybscc8bapedr3kWAfRb/IbL9pNAKhZqPyrvub+DQgbMXPkKxPptcJz/jjcdnYZfAU3TAvMyK/HffqZLyulueoZbkoITcAI6kGBQjCCY8y1MMaZVHgQzfmIuFLyddHzlHvxrb+QMwMFmE4a9p2jlUCk+KgddX/SkpNujZ3ubsi0eGOjxyvDqG32CsX8mlk3lGh3NfpfkFZs7d8sobXLdFyaqtCyhV2JpzqnDEoCtKvG1vxMklK7JBwklSChBQlEtSChBQvF4OUgoQUIJEsqXL6E4u3QGRy3STB42rT+uYzLocKCXzSZOA+Sd07CGsRPTds4C1PNQRwEaWKzQ2jLeyhGoEa7FQwCm4ecdoKMe/PwDKn52Td8As+JNnQEa8/FzB7CcgtiKD9siZvz8HMW7veam9DgHdHcJLPcCA67X5Z6ibnuLPEthtjiSq1PLb6TttWvwBoBZd09oZ/ZugfI2a+q9DmElDyMD+/YXG/iz5aDVRHQ6GEMCnPSmNzrYzMoPONdt4dc0rXW2t2bd94a4L9PRJEn9mjCCzUDrvps8c7t5fZl2Dq5dIC610zVY91+y02tTNWUTUFtN1kK4PWfcpSFTV2n7gP7oE/RkQU8W9GRBT1ZpQU8W9GSuFQQ9WdCTBT2Zaf88erJbseRb8sudteLjHN1ySLvk9kUIJK1Td0omg+32/fJmkEi6Jh8kkiCRBIlEtSCRBInE4+UgkQSJJEgkX75Ecqct9111m2eNjBaty2h+Ptbpi6yfMOnQV50dDc0lGdI1OtI1XiTxfHUxvUimH0PCxmtN2PgfBOlHCGl62EjZaL3QlbTR3i3eiIu8WL0wc4LjdDE1f3XkdrS6+Wrn2R2fx5+xbEClThoPaNUhjFGPoZPY1PMxApX7SX3zlY0jz5sP+vIyvmiWUzO1HMSk3zoRzgCrMvfXAu55Ok/aHzZzsNTm9EhKN+jamHX4dE5Hpv4fLbB51PaoOZWZVUVN00uVNjKeLy/iB4w0G+SNrHAoTazuSCPZgtucSdLqrFH7jfK/K9ckq8Kb5NHXKbFABMTqbpasF/JShryUIS/lF5aX8rUUWdHnRmVRZ6oREdmIlvk8nVb52261m1zWeO31eKJab+q88Pi30BmVFtDGGw40ay192aJacxY3cYiK9j3ZXEOcXf141pbpy50jbOwWTvtF0pMMxLt1QZkVC1U9TuodoVQmdz/l+FzBFQxEa8++2PfMTe32ANpTms09kufw3EgXTRBXZBxY+jgvxrxC6xo0DSuDv8bUi+slZmDO16tNvJVN9hbk4VEjm0lFAJUnGj1OsQhUTCPqC80qDCDlW1t6P6Oy0pzq0FyEBO42udZZYFrv0hupwLnJclu6YepbJEAfE8yITUpYGylUxc+W7kR+IfNOjPVdzooYpr8m+qSetnsMV8vDqoyPgHv5kvnYEddTOAO4YSJIy9fb5leMPNYyBpeqxeVlyaU695r860qmeu28U4AC5PF3VoGCUBJF1FZ5y3ixNR1W7s/TTwnVEENcwT6sBKWDq4h28D+tu48JUIXHUVOXZXZovnvUXbRTxOj2j92pBXt6xpMoJLw3jkDGnyYVJovqoyXxTH7Eu61I5NmIj6ZTJ2eYMdQywRCfyDzwv1//+OLwT7lgHFY3LLnMK2mbRnDvTy/Q+illbl9TNc9FnKVnwAVMpDeA59v777v0UVioTkoZUZ06UpYrHkWdrpQDEyLdI9EXmugyn8kCL2kJq/gjdCBLAJ5onn7sLL60R0KZmebf8fb7dS/ahzME4NvDf+7xNDQ3al+QZjpskyrS8/OkOykwcU/IdxxQGSe0Y1tdZHILS9k1OFb16QEUYW5VGHQMBaxM8jm6z7pP6BSgdCDmAa5qTuQDlZaSUlQV0y5zLHKZzOdj5vuBBJPxpGMctUVsXljCveLk/QUO7kPTZIZV8zsvxBx7nd5bYyw9IZG1snD+kHhh4eoGkGipXg/rwwqn5SGIpQXqnQ4v8+Ij6voQGce86+UhKZMOf0P/2XThrBPbcvWc0fPWQEBuEoebQEAJbf53VycclIhR77OWnrpCbRfxjMkx8Nq3dHYQzqT5mV6NVepP4DHGxELCZZdN2+1iPYBdp1sRl5+ePr7NEwWz3+BAOS0vQ8w43S5lFeg9q/qwAJ6RxcyIP2wuExFXePyWZSWfk2Kali0Xqpvn83Mu2titqOo61LH7Qy1z/rXFHebSW3EfGu445OMy1OMstIGbkHICcvTarsWwnnqVk/ZwChpURPq6HIF27wLkBZ9+t58h0Ll2V58bdPK5GfceT8ceD5ceT2ePa/Rk6S/62u200+uu0+sDMbzUas+Set1yhjjk9O6O3zG7MfebG3O8uVmXGycW7Ywz06boR6ps6kZpKFq6scvRK35oZdf4lqo3s4SL/7RBXVV2F21wrUKsGnPCXJPVMZd/X5ySIgLVPS19z3MgePE8+vEVCCyTZCJSS8s0Ua5RCTDUPMzgja79Yt87zs1PDUBWr28qhWRK3JLVVzNOnK8hjlasoW8dwKiJKPpAKd4Bhn9R8QkoM8ysQS5iTCyeZOpInqcgb7V3ztXc0ZCN6tgkLpmVkglpE6x7O9tV306q5a467zQncesleqsuq4fv945i7tvPz3WfOcqKjx2o0lm/2+2Pt4HLXZcPnWVmrD1p9eAft1GhyhtdptYW5Kl68KBJrkim7COjnVQE24FgtJhKlNKk0qvD+OpLfi26pDwsxAdGeZKxor1WYtWa2qYUy1AkNTDpa3FU471RqQnXCgPV+DYlnoRnvMm5nwOFeVPEQERUbdhtReFnRLOwdm3lFohWehSV8Qc9awQFiOGgXD89UWsmK8mlorbrDOjf/Ao5cTPa9CLOzoEzYAkhXqlwrI9ZfplJKNm6VO4aNF3ssHNwfAt3hJkd6Z3YsilqkeLTevlK01SJLXS+GONIm1LABTBf6JW6ta7iYr2I8VqMZzhv1S/aLsgfAivwJcB5AN8Zn+KtQyDS2+cVV4hOLFp+2nTBWC6xSwXrv17mG7En7SCm8QQk+Tnhq14dFWzqcoepdloq/S4iBi54epEjU6yYLhgMUW5VMx3rCzuOztcxDLxK4B+tFtYOwIo/z3bALbHuYbrqVPb4R6lyP8p+TlQt+Yxl7tMVXEExSAy2n80r3oppjorukm1765KLbVkelWifX4jvwbxbfKXDT8GrvLGKkqerNY9IGrXpCs9pXsxQSuoEGe/qa7Uehvfzn16/UXX/SB4huvOayNbvf4jn3UjSvwNOnqtaRVfflBX0HSnvxDcFsoU0nRGwwETlNp6Xi9PyxQriq2FihiLb5yriyNuzPJ+ICXoC0sahx7l7jhLGRPc6oXG09Ch+LmikwB0v8rLUd2hJFuno5BMQNiR7o+h0jcdoGgP2wbenKRCB4sriDzonIcVo4buz9TzaL5MkmiBDrn1qdRcHLPTEp+kcUQquuVmCNWzhcNCVlC6WeQHY26ncuza2dQPWtFvrUnUi7mHAVvkKOBbjzN1w5Z7m60yCsIl2yoOW6dq+eo3H7tKWwGejU/nD6Khjne3ebHXv7YFr7VujrKhlqTe4RsWf/ynJhMPsWWXzA2MVIBfic/NAvduyRMm/ZpySmofCWu933wxalOUcVZ6wv+CWHmmqG+3BqXe5xVdRByh07Lj4m3KN5lYFpXFn5BiNaJoW03VK7Jry1pNMfTeDJqu4OE9WvSeA38I5X5aVO1rptPSZsBzWes46gvxS8if4C2MeptomcWuliJ0RZGd4A/MvKoTM+smOIZO+hAfAiLLBcTEiKUpP9ZCXpvAvUR2Vr/qCXVAiNM6lIDCBeEx+isLNdYQiVaajs16qD7FTWPhiWZnYia6syZOaKSfOEA70jxUOxIQ7hAP1rA9bCAcK4UAhHCiEA4VwIKuFcCDV7lQ4EOdBM8UOUvFuw32Byytez1c83PERIuR61VnX4Cpfw4jlBelL0pKU1Ez8gH8E2jEibZz2G9DaRnanPwqRSiFSqQHOEKkUIpVCpJLVQqRSiFQKkUohUglbiFSyW4hUqrUQqRQilUKkkmohUilEKtXWFCKVOucbIpVCpFKIVAqRSiFSqd5CpFKIVNqg/y86UskiH68whGITAjTA/Fd1y2uz+lVsfKVt4msZOS2VUpmEe1wA9rv3U2VNeAHEH2EY9ChJZqQvQcm94lzUhvlPzifR3tsH42/f78GWECe3SGJFPO2lan8/Wap2TG9Div34AOdbJEQr9WF90OY2tQ8E5qCtj9NaH2RV/bali6YcHq/QYeRh9F/v3r49Gn///t/G/J937/+lA29acD+EuIUQtxDiFkLcQohb+6xCiFtLCyFubXAOIW4hxC2EuIUQtxDiFkLcQohbCHH7Zw9xu4sBXHcsxu0248nuYECiimZTxd02C2bbJn7NOr8VqSrEnoXYsxB7FmLPQuzZP3LsWcvrjfhlrY0z8dikKIJfznMJE6lGNuuQZnNdTKKXFN0cofxvnbqL9SlpMyznAzhj5aFVrvQwLUugA4fHR7+9f5+usgUeYNG63pH4uWYvvIF076gYs4XwYqRBx4V0shh2W+VaDwokWj6xuDhEEHgDWKByiboU2JEXbCnP7sEsyjKfUpxdW9cXRb4+R+v/ByQdk5cSDvb08Qfe9o64MJtvSlY68KMSKxZLSCAZ/znKCyWYduWLEId7ZT1ADfXuV7ZhRPFX0T65XsxYxRgrRVWbyXGMxiSUkgEH4yyhQaC3eE73+bZ9y4Zc19RN9+qiMEyq7rH9HFOgZBniJEOcZIiTtFqIkwxxkqaFOEmBQ4iT9INEiJMMcZIhTjLESYY4yfqTECfZ2kKcZIiTDHGSIU7SOUqIk1TPQpxkiJMMcZI93YQ4yeFgDHGSIU5yo/7vTJxkiIX8p42FbPn6izfU36l4zhCtGaI1Q7RmiNbsaCFa82aiNUOkJrUQqRkiNUOkZofE1bzYBwtmIaAzBHSGgE7XqkJAZwjoxMaxafd71ilvRedFvl7SbtN6iNcQTYvepRl62ZJyYEa60jaVUNYim94rFb9Amljs/+fjP9Kw4h461A3VJVg3ltjJFVhSt6VNZpdJLQCXLAG3rkpzd12SLrY/I+9TU04zb/DKnDM5k6PoJd7+Wzs1GKlemxuU9ITiBjJpMUoKyvzQzVnYK9RhfihbvBI2ZhuvBH9Bv7HCHjt2s2dD2q9JFYBtM3XAQH3ANnI/Nl/ZH5uXTbpHB4BtyN5p0R8tMdelFsDGKmWWXVFGRPFV1ur6EO40ZZd4cP+33/1uW/D58C2mDfJ1aTI4NUJn4qAtXkf7+hhcvYxLkjhPQRiaRetlH2h/IIEK5eApez62DpTaYfbH91kComk1BJe3n99P2vm170e1uaYU7IDEatYeMWIa3UcYfoWkUFzSW0heotfic67amTzTHHyLae4YRtXcyihsQ9ClUJoQbaEGIn5exAtYVjqN0hn6kwLRKezjtxqkyXJjzcsin62npHo5M5qs+tWJJ5aV1Vqs0RJ3NiMbEUyslOkoJZXbV0iCuoj9rbguJJspx7C90UFX5kaILZ1DP6XZKCUaNotEHR/d70HGPiMrNmPxeXsy/s94/Lf3+/LH0fj7X0YP339t/fP9wR+aZiDTvIiiWxeFbWN9lBPgPboqbAlITK6JjaM9HG7P/QrNxf2OzGVbULrUZ9iqcs816cmq1+bxd164tv+WMQqQbSx/fa1+OvjD/ruJ8/nB14fwkoWn79+ODZJO3n998Afr2cGWKNvvO+el/eJXhc3pfM4Et/NxpwKNH3co0bD1OunBLkrG5xaJ3PQwxIsPfbE+Jlcdh90x3S6HQOiwQ05uWdiwzEc6DF0nPjK/uPMejcfjr6zoSTTcJ59XSUaedyrM49PxVxSvFT1awwALJWM9xtuOsOYrO+kEpdKILTEYrk4EZwYTK7C7NMMFjKfxGAWah9EUA0PKqxI28JD/RuNydj7GD7kHrcQaA582QfierlOsLEvTU5P/dDQ5/m6CF8bccq8Uw/0E9oWXo4JvdYoJdDb4SiXPEZ3JMs/n5aT+7VcqYQYnhjFRO+KVe/Uw+ktyepHnrFy85L8V3DkfCUjBZ+m5QSsxpdt4xjMhWEgXY3mr9hLHT9kQtF5YUk6hQ8lho+agJ/4qwUgU2XmNG+Po07H1p0okRIqYhw1YCtQUpBEEeaGF63ENwBL2p7QWLwHE9Csekj/XnzyDH+npcr4u4nl1YxjmqLh7YYYHAsUnDIXT9TwuKt98hbmQcjxAOmYMVUWfrPUPTAFmTZb8tIH3FFW0ALCZdEq99pW9z6+qP/alvLKHFQZDhei+IedM4oAPXyaUu+GQcjDgEvEfr9YZ/fcHKqCscSVZTTunvLyIy2oSs5fWL32T/bMmhTrm2mSQUIo3YCbrKNHMGqZi0vlf0lllXj9XfmvMbGb5N2nyqBJmxXNY5wPGng0yZlVEGHuDnHmzCJWZY7c+b/hhEfNj1blW3lbCRGqnqyIhTyvLMyok3QpJt0LSrS8s6ZZFPjCqt3LaJAeD0QJZL1ch9A+dgesMri/YuMf5AjVCPauovqwV7mIvk6fRTB533EZ2s/QmqxW8SXmJBng6bmg5A2C9whRAr9E1YrZR5Mdz1vFZxtWSO6ObiePEKSPM/EoyxMy0ZVXpGhWZbun+VJIUtcnbdvqgo2i/3qu+32y9lvJBQdamzIl1AKi2dE7XDQzcdIp222pd6sylzl2FnOgm0K72QFo7UtqKwlJ8vZ4+Lu3MegbMdgYh/M7kDGoOZSvkMJyQQ7Htr2gcUpdTNhATHyPB57WMXxRmquaEfMq9sjnF68d5xS9vAn6TPVdRTWUbn1STWXUClK5TutmSQjJZ4T26xsRWIBhdIii1C9/fkiInhS3eaTpwx+l0MRAjtYy5ATAoxxoAM79asBWBu8JVoV8X/EciTWFBvMoWjOzIRUMZpLI2dHBbW1Gih4F+ost/G4v5K+5I2AgkISBgY6KaeAF7/ZK5GnZLTLuS3AjJf6xh9FpA9Aa579+rMXiy7QrFftvyIv78el24bJId2SNV68siWX+vRwfrb4Z5Y6UbbHHA4kQD7O+HvPpsPUcCfgqiitOQH+mz2ezUpbX9mZhbGRBjwk9LENRX2m1oP/n8MPqWUjDBCU4KDKeIKQ7IYyomzgZ7OT761wPXVIhS4EyElz1CuyIFEZn7C95oyWln2klt+tTjfLqe0w1MfLa1CLgPinzNdHq9dPXbS+ZUe8Jq84fKks/Ej3L05dGDo3+VeEo46HJOXifWfsfzznRY2NZL20fZOAsU1WNbYrrLUvKNaWMv+fw5Ojd4k885PAlnqbdwltO+JJ+naBw7hqVYF4KjW3NV/EiRYXMLLSiHFsVYfpQMfE3AOLrWIEPAiHPbCGSokiP8eeVdno4FK3Ac3cPX6Py7kmzkSu4TIOOVJnFhNWB4nLuBmVANLO3D8A9N+9bWoW8A/3oI2gBk9iNomxOjWY+JsotU0p3YSyQrEsT2xAyP9AbEDNeI/fy2/fD4UDpH70wDhehUCFmsMsCOtpq5pjdnufGgxU95ei1k3pAmR99Vct12SixhbsX+nGlX3jiZbgft4rjYDvDvmHb12B27Tdh+xEVZtQ1jPlG1J+Ys8xHPWq6XGP5Aah9h29MuyO1V+NS9LnjIWUKQejC2m+YdW/ml49XZZvnX06rzcs3dV9QSQ2WNdgVd63S6c+xh/FRczGSxVgrlW8qep4bfUBppGGpbXxqQjAbbju9ea46S/mmd6TTKM8oJw4puTCxTUj0clVjDUnIjy0MOlS7Si36EVxFav8mmsCLjDGZbx16JsywSWBbsjhUGpTEAuYQrlRDfMcxf10lxxXQQejSqRNK9U6g33RrkzE6euaKfcV14NTRrz0GIwYPj83U6A1QyQO3stdflIlJxKEm7Jlk1/722+5PNVhmvETxn6ecRKiu0QozgBVcZ7JH6FLYdTtRfO1lRbKTC/vHFs/8TPf2B+qHxWHl2IdkliLtXCjgX6J+e1YJWcYIjoyoHlFkXmclcL9YRRc1gkzm/pPtuNaleomVcoic+81IqkQx0Fs/LnPWnkklHTgGDA+6QM4CfmzlLjMqRO0ZoEKBxYEoWLd66IN2TMrEKPZcLG7lAsk8znN6Mk0nIPs7JBKCsCjxT7bjEiSU/Jsb/0SVp8mJFvcn40ZpivXP7rIw7EiurUGvG8Cf1WDmyBiD4O8Z48eMbQQPYjm+OvgcBRRJ5j6JUUCFJJcSJXrt/dBw9EvU7MPzfHh3xbr5y+VdhY0OdKhhhucNqPKA1TInoCBN+hty7St5BUiPGVq1WiMY6Xpiw1kU8mY4hgbyK9tWpxTQvZyvxXaWuZUomW8gr/GJ8Qm9dAEiS4sC5YScck6WUeZGiFT1KV9Ou+UqG07NY5py41inLtOZaYfIDTHo21VHZ3dlW4orZv3vRHlfy3JGODtstcwHPORudWLbRK89KQFoVwEsmGXlxHqOpn95Tfkl/c9GOffIO4luZEroc6KsXxr8Sk4rK9UI2G7FO6IgmdlFzCTXcO3ly7fRGn7ty7nld5t1pyLH5bxURGJXSUoiOzuOvXdYm0dPSkHjieLgKCWyvdpMA+jNfXWBBGRflyemWVcHreMdQbCgWEuC7lmwb5IRg03PjkxIvkVUuUGanCbq2D8gBRR0gbZto4gMfL+IiRYqUwdHHCxTtqbquiiEKgo9koJBkbk6FtHKwdOFKrxuF3YYilomuKCXT+xdE1XoyzGMbhticad52yOBfBMETkFjbDsAkOlFxXKaXThEeWzU/Jg60N2ORfc90wYFJ5oF4NgAlzDPKllh1wXKhxYuclTLKGMzaJsOBkX4JyOOMDcNmFWPDl2nPL971s86Uq9hWlNJTDafYYYkgceGvADaOHr94/cuzkz8+eXZrZ8Nk//+SDkV+CfTvlaoD4LjF/Y/GM/GlUds5S5ZMBVV0vrj9Ibt98uyZfk94QHLFQaOK02iSoN8hFkJSpWDE40jhzjkI5aiQnuIljNFXE83dq/I5eD2gFzoXZbKubJfkQvGuXG6nuNK1VmjONLR4vuX8u9WnCSu3Sh/x5osuGvWOPSJZQedZcJjS35E4iK6ftBaJ3dUpHu4KIvYmlh4SAfhjBWVNJGCSUbU5PLLoU5FyuQvAEao/JlcXld8CpHcrsCONoyfqbYU2ipYLtpIwbAhgrBzzCOWxXpKT7pH5T3nFM0lV6Z0KEWSszqVmXndnPuHs2PoKZJm2Xaks0zzThgM85vn0I+3wYzzeQ6fYgzrYkAxQoN3Ji8e6+hQOqBUce5gn5JzsWGoSewD8jEr6FRzz3juM6dacWKFYxlUWZJexRF+SWnENKDon0tHbf6V2ixzJvl1AlUDiVZmkItgKLR0LLQVwHP7GgGg8Exj1Do5c8AXw4sR3V+kzhezBIYj5/ldxAFKEDGhQgqd6KmyWGTxSg/cv3TYYnrlSkJn2RhXX1PG5qDopsXJXksxKZLZwQ/fQArpIS/tg0Na7ozixUbqGyxSYn2/u34/2f8rgCGPFNVIJPwFsWF0dWM7+rD30O2yneQ5U2b0r5q4YdMr0EapVEaLLT7vlqxupFwiupESbrqy7oljHmjwox5AqY6bdcr0x07xpsFv45zYUdkPqkpm2+3pKjgJlpnlDqrOylGlDATWg2pRp1wCnzrJTpnmCqS/oGNvY4kmcryGiO1/o0dmMcc96VZVO3Ri2IXUa6p13hx33DN6MFFFtWFW4Sp1W5TNxmoDMleZFrX7rLdmycalU+s0RJd7P7cJFsUInieUuxFrdWWsdYGBbKZs02qIldAIexsuSHKVcJ0llMcu1IpCtW+Jz8//+3/9PacZekit2gumU0nLRTRj8JAEeEEQpNxEbRsJ0p61wMlBUoQjjsl6ssI/soIL/IkegVVSnOhW8JC62+GNtOG6tRmw31hZTat1DUyYL7f40y6voj2oBk8dYLRspZ1e9DnvKCbGMnKbNl9/xFeeGCHS7E+kGXJO9VZE75+dxYd5MtWS73V7lZLvdZhVlu91wRWW7UbTpzVRXtttNVVq220ZVlyuw8j+sPrLTJud0M/npDklQg6DoI0VtAsXNJKmbrvZst4FA67HRqbYZ5AZVh7bbjVaKttsA6HlVkLbbcBheV2Vpu93RKtN2G7ApHjqCTTZiIz3BDVeotps3xDwl8E1l8CjqdvzWbwzaDezPWKFwQ4yQg88M5zed5+vZGJ04dEJYHqinai+xuFk6H9mCofGyw1QFyh4leX5Utueebm0j4GvYWjy+eYSCzetkWiSUTsk9Nc9tnVW63DX0Tc9tiSlKesrcJZlZ2jZJNuK69sHVp39+RPepcGby0ODaLqOH0yZPuT6c5bS9Enl6wKOSxGMXyp1KhwoW1WQgtlasHn8Cu+50JTFJGGKuXM69/VDNRWIFLYjPsmxQL5PvATKg+UWsYyWcOh9/sDU6VTof8RWqKX+mlDDQR8+TkyM8e2ZktWGcqS+4+WlOfLUmu9GYeFJKT03JMCJ5kxqS29eO3AXNyC1pRW5BI3LT2pCtNCGeh7BfAzLs/G2i+bgjWg9PiPVrO4ZBbBMtx+1oOAYAyEOzMRxKG2k0bkWb4W0vHqDFGAav69Ze3HHNhecG9GoshgF9A03FrWgpdiWHbaaZwOxrjwu4dd+4q9UPClKo9akEG07LEC8wOTFtDVcaMgVVlH8yiTkl+rIi/zPDrvjapcKNjpE5wRhnFWCmCfN5jFTdCzMYJZ2TaC3qX2JVcbY6cc08XaQSoewMW/jxzZOH0YuWRevAWna9/IDbM13NecRoTAWG4NUP2whYJr/fLrbO9KY2rZEosOapMShDoGpemQIdiQKbeQLt+nueI6dW8BfM/SI9x+jXOZJFSgC5Xki1FSt/+ETldaGEdVMs+4BspsjLGJlFGVBcztfkZmp1icvUMIseoYvheL2M5vk51pXhpZuOMbQamM+ktDJT5AQa9jAljs/pGGCSoawMtPkWMiG55wkKLedI3SkJZmnn0KbRJtFfWhbSngWCG8W8wZpgeuP8bLwqEmu70UnXrHJUC4i298mCBQUGuCRtdGdVfH9sBkOirdC4XrIQfe/JPVY/YeDCLDBrQlrxo/5didI8R2C75sERzBnJfbh9acm1mGYYQmFtG+WH1lA3O4V1kQs8csVHCetjF2BPTFdqI8kuQRg1xaLL6GQisYCI7s1zgGcf9Rlcj9cGvUqH4lTNsXf1WTzlipZNfFE40U80PEjhpz7OzZ8OfmpJMq5c1prZ5P0JDl5EKwlosQLUVUKJppuS4+bxKMfu8oAcm9E6nlt62o43Goq41vc8KhC3PGyfffesxjqFT+XnrvTXLTWUOhNgc30DGxdUubWtcmDrbFSv/BLMIndjklqZXFa67MM+5eZiWio5qlo2pJbC+cAUA+tcA7bNU8ZqPKNhexZZfVlxIZWCc81T0pyty2XfVSG1aqgwRVClqBoxqqoIHofQV+fmBGFnPFpHgVKFcbGqsWwixrWVBBXDTs02uxOyH2KnWahPc+1fjdSXxj67rlqjm9UZHVZmtJsmX2xcftS39Ggv2e8pOeq7QSfXVl+0Vrivr2ifxz3nqvTou1723vUt1lgp/eZaamKKNSJi4IKnFznGnauaijAYolyV492osuIGFRF7gVsCH1ikqxayPQy8qh9Fs4mq6bzlUwBvWQkSeKUKbqIajGNT2T+aqmwrzhhFeCvZZefodPgxg/isSsJT5IJVwDHwxHhO8wKFyrlD64a7+lqth+H9/KfXbxSLTeYGojvMOfz+B1fcX/8OOMs9blzqsa+cY++8XLUTfbHiukoqPkcljimRO6Fx6oVLUXWJO17kZWllbyFR50RxV5zf4jSZYvFxK+ee4Q06J2GyAZ2t59F+CfLuhDRYjQq+B+zaEZ+mc0QpzPKPzNkZHA66ktIF5t6MuzWYPZvlkgQcJRE76wt6cPRt4Ubi2fC864Lqx5pqDzqTV6k1e4XUxgYqA5u3oPJN2TSdqyucOKC2AFmqcmvJyWSl1RP6BGS0KJDy8MhdDKerUMyrjmvKe9VCEjdddEtlKmyNRa/yj0C6JD58nRLTQlditeIxSvbLIulK6+KAR11q7BcKWr5olQyq77XzuRsIDHhoQbjtExfUa42UHElNX/mCNUpn7XVkVpjDkzL8bSpB/EgHc0iuilayQvkrMi4AjqhP2UCNQYUchjqN330SRb8XzLb+L70XWK/Pi+8tdjN+Lrfp4XK7vi037tVyo/4sN+fJsqEPS+9Bcvmt+J6hYb4qt+6l0gsTl2eKL0yGeaPctB+KFwicvidD4DDQ3+SGPU08dBRe3iW+ELk+j5I760vSC2KH/4gvWAf5jNywt0jP+ns8RIb5hnSLcMrw8SedwLSHKW5+oItfcv1cOxWqvNsyfzFbumLYLQPFd98MMlBQdemNiivih1bN2opyiR8a/wGxuXaoRp9MzicqfGMUSYnskV1MexRxwWwslD1I3iKr0EY2JrYnaftSq6EoOmmzMamyfRVNJnenNfLk0IHZzyivoopp4NR/LX3ukdzXUk1kc8uUZ2VHDQDBXKpcBUI2l0jRtkAbbvzBLudqVXXy3Mv2Goy12jh2sahmscVVXJwnOku+cbGhapyukpXG36tRhsfuHtlx1MeVKxSZtZtHe9rWitcR1jVXjPDx0dG/WvbQaQx3NdxRUg4DVeGc2r6NrrSuWk1LCp2RChC16VfJyhrHKKLNt63TpggwXCDNVpd26KwisymStN4BjR8ZWx9yNjr+BS5xVMjZP61PtUZUoRm5fhicQ5lHYSJJ0dGExCCF/OZF0i/WX2UdaO1l0XVHf//1K8rOZGV8J4XTo3y+Xii77bhGuqTYHN8lZUqaD5X9umqhl9H+u8wzmY4uoaK+wN5gNgvlHEH8fHRyrrRKDFZdSas2F2ssQz2m6PjYHLodEjzeq+qPDSLvGFZsAUr8ty6SQ7lmDl+iNgzZRvyHXDmHfMnozYPLpnPKdMNV5vvS+qVvsk0/GphnmU9TugZMNkbnvhHGKccP/tenSj4vnlc1x1djZjMrIFXX4eIvPx3Hc1gnMxRYVXSho3jzZZKdvHz684PXlZ9dVNjeIKGS/LG2OQpFWVLhH7L2WZ83sueSXcMkatQZcsXewwmATKpc60Jq1891aeXc9woCocVhSjYCvWR4jSo3dzUluFMHwcVESkv5Bf+kyzc/x9IKqm+t9xGukqgFujyQfqlN943XQpGQCgu97nR/bCWqz+OaxSJNa1voeYOna6pb3NtDqhUyEEjtCta56V1QZoJXT16/sQtWmaTVhsPt2h+EJoBHhe1qF0mgNKII1xVc8G5ZpKtSFURoi93tTZn+1GF+vyXlUMdutRd963JLa+Ta63RKgzdb3RO38UhzxnJvGcOtIrXbOKSW2G1nzHa/sU2Cm3tWUX1ZC6bi+FsNxC67biO7Gb+jeLWKsQZ16+J2XaG+5tK3iVzwPM1qtWVL7oxuJtYpYd71S5B4lKjW5Jx5/e18Nkl/bTJDpaZqtF/v1US9Wz4xppAnDJoT69BuTaPrBgY+2KEoZqIksOjARoqDSg8ka7QGW5TtctOQmAuvWIvSEWxRNqMt4oocdq9sTvH6cd5Tdm8F/wuN5I3arf3lypWIG7OJl+MQZrCNMP91Wl4Aqq4uEZTau+lvSZFzVXB3gbDNMTIUOQ1FTltbKHL6j1DkNFTG++eujBcydKchQ3fI0N0zwF3K0G3lhgu5ukOu7pCrO+TqDrm6+9cQcnU3W8jVXWkhV3ejhVzdd8ZL0bSQq/vLztUd8ka3t5A3um2pIW90yBsd8kb7zSnkja60uyClh7zRIW+0aSFvdMgbHfJGh7zRIW90yBvd8VXIGx3yRrf2FvJGh7zRIW90yBsd8kaHvNEhb3TIGx3yRoe80SFvdMgbHfJGh7zRm4A35I3eeAdC3uiQNzrkjW7pIeSNDnmjQ97o5kRC3miCY8gbHfJGb+bVEvJGV6AR8kYPh0nIGx3yRlst5I0OeaND3uiQNzrkjQ55o0Pe6JA3OuSN3nneaLGISk/13MJNtwHOC1z9qi/Xcf30aEOEzrJz1aCQHRNqzRP9mLuR35ZFmpPtBTC8MkF780PG6sEZq+9ShvE7lD1bJco+hRVynOQmebI3SY2tOgrJrEMy65DMOiSzrrSQzDoksw7JrC1gh2TWIZl1K0BDMuuQzNoPHthCMmu7hWTWlRaSWYdk1iGZdUhmXW8hmXVIZh2SWffOLySz7mx3IU0WtpDMOiSzDsmsmy0ks1YtJLMOyaxDMmtnC8msay+GZNYhmXVIZh2SWYdk1g54hGTWPWPdvqR+F6T0kMw6JLM2LSSzDsmsQzLrkMw6JLMOyaw7vqLE05gYVbzyd5nPutqtdnK9yC8jlNlq0Yks3MQr9G1acT4fzNdKb2H2D526RUnAjuHh2l+BRHDGYqSRmelcVRPCYmxhdGJCGwBljngq6LtypV8ihgMWkGLSLBciVfzOjpT35VZCVMg4/oVnHMeV/IxxWHAo0J14x/vY0vWW23kZpxROQHlR4cEnGsFFyDhB7yxhb+mJ/y5L13qjpYcNdzqkfw/p30P695D+PaR/9yGFGFGB8Cr/hD5suyCH1R61yqe0XFvtHNGwk2kGK5xJ1uEErwpOlKt4Nk5dZ/JSfuW3g7ajaoKJImCj7ATQcvVFy3lsSDIrxdChWbKelskizjB3H+O+Y+jaNHXkploGpaiTQUeMHHQggEjEs4WZjjpxCC+AwqsKPF0KXBkP1saxfC/z2X8k8Xx1cTWiaNLZem7/aO3CiNNjODpXB1zUm3S0tNu35ZI7YlDzRVOmQkwomIS5i2mKTpT52eoSuji8iIsZ/qHuK4FV+e8uPoPgSNp5xhuV0VAlccU8wUgzgFBgehFxbc+AfpnNIfIwmzHNtBJp5zV4O4HCLGX1erRCm0jpiLuCk1kTSnOc8H0L9P0s69OML83awbLOECy+WKmwZwsBRpgWXXbmeZzF5/iTxgR0nz9LP48YFrA7BDmfkx2dV2fAaR8STLeqs2eiGk3yfo74ZBsoWDt9r2ycG+9pMBwUoUYf8Xgq9x3Gp5/PMWgVJTgztb1HlUNvsORhtBf9W3eiUtNoty+S+ZJJ1wKPayL5vjkRrZ2Zt4xO16enlFMU+BNRt5ul55eo69ZBF4fqDSFTB90T6YzBUq0t2rSC2ibBJUkJklPYxYxEmpRVDoyisTFb4GwccQHS1+FVj/XGkTq5ddUerhWVzi2rCNpiMGf5J4yLm8eUs9osel9l1i8wiAaYT1htns8O+AgSY05ojn2mWW3PTTfz1myl9fa0lpcaOaCkzO6tON3pCFBBn4GVSgdUAlfkTFRt2ot8BUzCH4G8129HNR5RMP0voJp8yB4UM7KCXNn0v3LrxmWdZvRNZxF/Vnb6B8ff9b3sY9TntkStUgE48V/7b+Px347G37/ffzuWv75WPx38Yf//a+9bl9s2snX/6ylQmqmy5U2QkpN4Eu2Tk1IkOVH5ppLkZO/xeHsgEqKwTRLcAChZmZqq8xrn9c6TnF5r9Q1AdwMgqZun+0ciE0Cjsfq2el2+72995/WtZwN209MPe+Ff+W8fQvn3p/7HZ1s/ade2/tzkNWtrmHZx0lAJy2PZtX+2sSSyjjjCJSYw5C+WazKldKpSMknCiEe7JGQW2b+m7bfU66YWTS3sPJ7tqFo825G9fs925NmOPNuRLJ7tyLMdVYpnO3rsbEee6QiLZzryTEee6cjCdFTf2I23eUKkoDshkqGKA0Dog+aMqqblkbzC8Z6DccpduWj/nKZXmBHAM9C/FFqgeT84BmUfWhXrIWKXi3OcNNpBOk/G+UDzOQ3OJ+n5ADIFKPoJFME0Z4vE4Pn282+3f9h5EXIzKIdyCJNZuM92oVBOmv6UPHBTCK8SOfyWLv/XZYPyg6HdYPBUWJ4Ky1NheSosT4WFxVNhQfFUWPXiqbCUHDwVll48FVa9eCosT4XlqbA8FZZRMJ4KixdPhVUqD4IKyxuOtLL8DOHBuQ2zQoTwjrN0Mc954GwsMV513HUKlROmj8S4MTFBa6vhk1w4aWQ07287P+P7rIFEbktJi0lf+8TaMxKkxxFaYlE7LGu+ZYVX1Tp86CqWck/NWeUhorhMs97lHhxQXAMEiisypCZIq6qohY1Udn8tiiOnMI7y8JC+SRe+0yvw3OkRE3AexRVJc1xJmNt9DufLdsdecFQ3lfZkWH7ln+/nZ+mBxRMC5XQYgQH9/bwn/jzAmImTmFyyqJRQkjD8dQw+NANLARRnvLMlNkaaLUUMAoxFcHVG3CbpzugoSVoyXoEh8YSvSDbxtwltbh8uU/vChrjmes1KY76lgBooywXVdIyqWSV6BkrbCBoorYJzGyJpoHTpOxlAA76o2wqugXJGyhhGgIA5GYJA+Le6HtTjs5//5cX3q4qvzXFQlS6SNJwbKyutIiXUjpB6YjQfq9eYU8t0rghCcBfzJtG+xLAE0ufQXmJ8USKXcnYE2HlOcQTYrJr7/8OXj33zMfiHXqWtgJe3wJVtVI1yrRZUMMCpBEuhcDPVlzylm7aZV+azsypT4qbaDbYbR459C6biDumC0mW4ZCKeiG8ZUcVVyzO640yffkWneDD3qDnO0tFiyLOnZTxYdQuHGcvjTOMv0HOS5hCVeZ5ar520cZ207c9UMGaBB5phOn4lDqZriBmUM1GPzqOmRe40rzS1UDXOIugMV4OiLVE77GThHoxt8kdU7ghP7fio5X986u1+fKb98+PWT66kj1aLojuiC8rSUV1OgTdEfEGJ2QnAnYWyCa/bdN+CbXHfw9uyqihdQWhQypxatxRt1iGt6QHmKbVKInfnJ7WMIaNbuZpjvU4LrvWyg03GEYoGpTEvqjEnqikfqmsulKO53VKfGiy4UCoGS+3++uG/bta1ibT1wV8z7crjvaXSar7wLR/4F/yQ20F81UfqElzMwyINQUdrsp/ULKitxKnqt1RblnQgTvJ3JVbrXDNeqP1IuvAuNpB+KNIMjmHaL4tzaTgUXYY4HKr/QMsSXeQgmRcbcvVWIw8837uDf/xzIwzDDS1KCcyoiCuRoy+TO0SvdjYw+iHYR4hiYVk4IKAxdueGzsJYYx9kCiMsIpjaD9UlM5BROIxCOMbvgik7CfObnC1bA/obnIizcQgPUg3SIxay00kfVpXzRTIZUX0iXzK42u7vvOiDmqQz2HH7bp+tRvQ5Ij5uVwct2RAs6RIvpvrchuA9Q2+v5uEG+xQbQTe7we/x+WWafsZfr+lv0ZNERk1WLK13KfdKn67UCpQDryLkd1VuoqgDXXraDXPs/wE1VQxS1fCTGLy0vNfl0AuDqx3tT8EWj0bk3ZocucSElDmrnvh3WBEuD6ApoeLBlvBK/xXYafHKfLLIoonqDJLzZZohjr18xZSQAMAEs5hEmbx/A6ZRCvNRRlWAWftK+96wxGKIUa77APE1k5WXVstjBV/FJfTfbIPXJ6RC2NrQO/K4+nNNVam8SQLnk8YsIts0H+mAe1AH3IE6UC5TQ9toBUA/bblh2i9NbaqnCrMm5ekwQQ8N9wKoZd8iIf5oqRW/lX5ragcCLGJkmvH1U+vrSQg8drU/Uzm31AqoV0vEnWdJivlC8shVa9hIc13J5Zwqu9qJJkzc39DQHF7GU0lOy4bkjB1Lf/vmtPSzywqgYULC7kwPypO8TCLCw672WM21hucGBUMiHWj8/CX9aFmMzjPNZ2U2FNtCW932DPh4Q0o6HxmQh0zfJwzZ0hqmMkZtgXyEJpNrEaSw8mGM/Bi4P0XdMniSh2bg1IekUjQFmKLn4WCfxRgHCjBesj6yQVTbccuxRVJfMGgktfNPPWbR3T0Yn4hmXU6uSuYR2QvCnnRyeHqm0/BKBgzNfGnrH5AmE49gzpCYa2xN49HkSO2QoIlvcT5NCoKJi/PCRJ+xj+oG5ijNRyYC6SNHguM9RVhaestMZW1L/K+RsJp2EQihM4I/VPP92+b6O6hMmy2Z66YuXStlqdsfNnRTlLZ2qN4OJemtUJF2pCBtIB6lDaYt4WgLjvMW9CSrU5O0YdtppiRpb+O/KyqS+6UhuW8KknugH7nTZIu7pR1ZmnKkxeRyU420n1ddKUbuPfWiHV53ezIzp3S60oncPZVIS2E0UIh0k0hn6pA7pw1p5fVoSRfSXja3SRPyYBMzWgnbSQ3SXsAdKUHunA6kHaqGy0nVlQKkfiqSV1pJFTksS1CiZX5LpdkMJ+liFIJZW8Yt0QusAHbLkl5aqtMNN6esa2A6pcFBicfT3JSGbmlDMtpemrdPKrpOMlGnaByj1UkauiJZqKAENTTYRBLqjANpBqWwkYG2BqVYM/nnrZF+doBkMJzlm8WxdlLPJck8GwLqG07Hq52MG1aahhNxu0XmLk7C93cKvs8T8B2ffu/w5HtXp96lTrwNk8Z+0m03X7qccO/5dNsgCfuptp0kupxm7/Yk2+LDHSfY9l/f6eR6p6fWRoy3FqfVdnK4rVPqAz2hNgjWejJtJ8wOJ9I7PY0uq9d3O4E28xo2S/HueQzPLu+Qv/AWeAsdfeuixmuBZ3C7VHh3T4F3f9R390V5d+dUd3dHcXff1HZ3Sml3f1R2a6GwcyxRVg6P5vVpdc6O9XN1WL/Uxm5h5uRwsV64OThWpL/oQn3RmvZiNGJrV24ywDR3snyYzEdi3qqfAUt8DFsxP4G3Xv+H6bw04S0WJaX5LgvAycW1R01W5nUdeFPEKcJ6ZMmV4J+8FLwmPdoq4/5M284dr4SyPtTwN+UX4oMy5e3XNC9Awe2x/ZdCEI+OrT4XJsejmbjrVhC0eRuN19aLjf318KjkrUhUPIGKJ1DxBCqG4glU7oZApU1WuidR8SQqS7bLk6h8JSQqj5cdRbcecDsT+hyDKnVGQWl0E8GhYZRRmVVDKvGCNkX5ixHkj03/81TChUgqDVOj2TCepOMxGm5ZbbSvkmFjTlul+3jHtRm+nsPH4g7FNyPB3CKwHTXzsVGCJRRIidRChoKL5AvsOIsiRWwZtBikZosRKkNPcbIILZgpAaxXYDTDnBFeekFowuOC0mlcIAWxEQj1gq3UEfjb8dXXWSqsNFqXPCG/caB2aS31wei9LRvVe9zaFYGVdrZgowJtQtwfoxvvpI3U1FRYZcWw4h1wLbTOZEYxBWy5Osf0TY6Yx/quQBAcGq2GWuHLemKpkt20YGNlDmuAMkbr30OSMHvWJNe95lVIijyeXLCGojbMtjHe1dMklyk1ZuzOPfAM4MCDaaaPu3TIdtVgtMgU+hCfUHJPf6On9ZYLXysJlTLKaRrLOAQxF7mpnHXfgM8pCQdqqlN+8BOEnpovugUOrZnY554Wq3wxHCazYVGh/LGsUwr0tZH/xy9QfoHyC9R9LlCPjmwKDtHvKV+3oaHanQrgLlfWHAlAr0nf0MzKqd2E4Npsd3H0AIcWaEee1Yo7i6iziCPLYKr28Z8+/tPHf5aLj//08Z8+/tPHf0Lx8Z968fGfldIl/tPTQdUebKSDkqEW90QHtYb4K6GSlL9QU5S1YCzOoWM6e88s+n1f0gjpAVoR/gtP4OeL8/OJZTrPhYdHhvngkaF8CDWJ/AjdCKQpg8WEx4ORHYQ7KMBkwzolBC9b8P4/6CCCYDq8zzv0RDeozAtwSNEvAitT+8kElqmQLDtD+vHACV5TFayuHqhG6G7lp5oA65DYYiQsPnmCRMWQGFm2M9TbINH4xd1QE/va6bzUmr1xGcJPgql6+EIPX7gSfCHtJh6+sFQ8fKGHL/TwhR6+0MMXfnXwhRqgiQcybNUOD2TogQw9kCHKxAMZeiBDD2TogQydInwIboKWwvZAhvoNawYy9CB8HoTP8REehM+D8PkgLB+E5YOwfBCWD8LyQVg+CKuVuB7C6coHYXXR6z0Inwfh8yB8HoTPg/DV3+9B+DwIX/sv9SB8HoTPg/DZXupB+DwInwfh8yB8HoTPWDwInwfh8yB87XvAg/B5ED4PwmeowYPweYwrj3HlMa4sH+9B+DwIn1+g/AL11S5QHoTvIYDwHUHUwxK7g3iW5w/H6AlIRvlgAYEPMLIWs+R/FgCawSVwI43qxtjabiEY6CvE/w7+BE/VamwINdUiWlrEmMCReU97BPKeS6sFNMR+zLQfbcAKbAoIqLUAki/BBW968VKhezI28WQxg3HTPnppv/KkAHUwto39kaWLsS34MeNVAEJBQcbHpzGg3MjmjdhA2Ol/23++tVyEIoygSfuPe4X3uz8J7bpPFhgFGmZPLJ9G3/FNf+dFfzvc7p/P0/63YTQdvfh2yS9hs+E4S7/ctP+YJzosxCvxvPPj+ubPadG2SVx0EDM94G7KMi3hGmCrOWW17LwRlZjbhYHQtLopjbMUjWOpNylnA5RtpnOKHAet6HUcZTM6p+NYY2rU0++2LJXyFoTJiFZONl/Y/X/pp9l4wDTsxRf4ZzgHzRH++m6gHuh/178spqZIg0Y5c7/MbHx6w75l2nINfSeeCuixta2jaX40tXoNSs14dxrgrY6pPYiL4SDNQ46N4pzfB/F5wnSrX96+H7wGYQd/wZD0+I+breWmeY6Cef9+tRF8KmtZ8xBWU6M8ZMvufOk0YGrACXv1r4hXkBc2a6PY8Sltoc9qZCovWkvZrr+YCkCYQTwLF/mAXf7Ern/KF+dSFp/Y0Ga9CrcOdgYwqgfZZT5FbaR7N9gtjmFJdTBcph3dcMGy4RruLO1ZpuuVncByi1qQDTfIddJwrTK3TXfQdDNcUcPXoogaza4eDVoVn4jkE5FU8YlIXA4+EamdJHwikk9E8olIPhHpwSQieTTo2oMeDdqjQbfqiX9xNOg7wv9tasa/Nhj0Q4HkvjdQagHzfM6+h1BslkF57gLsLCrwUMweitlDMXsoZiweinmFI5iHYqbGeijmpph+D8XsoZg9FLNePBSzh2LuIAwPxVwtHorZQzF7KGZbTR6K2UMx67BlHorZQzH7CCgfASWKj4DicvARUO0k4SOgfASUj4DyEVAPJgIKYZQhHJ/7wFdBYy5XIx1Ml+l1AKeBSsgTKdNRUQCKEgGzAKqpFvIi8JTtSaiYtxFEF3T8iHVHdhUuFQKVgj0VLMC6fJuawE5z2Y28CTda1vAEUI9MA+GAIKBRfdjZhuNgyjaDTsq6x79+YPjX0OLfIKCIDeKCjaEV+8VQ1Yrdcx0l6GZHZGR24QrfYD5fo9jx3ZT81LLXeJWy43gNHXvOg4x7kHEPMu5Bxh8nyDggcoI88l8gtmSZZapcgxZprAJYddRb1jPJjH3BiMOpxrBEUxay0GUISkQB7jUABilovFGAWcBM8DqiLd9igvkkUkskGUPiL0XMYRzzeBqxDhrysWt4ZaVZMlpQNJv9fSNe1qNOxoHMJnM0mqpmiJkC8mFffVKSn8kAx9/DvoVix47T0a9xNCkub3oYuThaTPQfNWn3KNbcUKmYiNxsxeGReASg2pShBhCpDq2DPZgDZhF1NgQrpRfFNaticBllI/hD7BcCBOffTfs2ygutpDQeBHKMQJ0ERDyY22xCQ2w+jn2mrLH1RXUCTuPRiNYyDfk3rcjVKARSuarY5xIsFY1KIH1oxAKHKMWdPtdEbFfljma0SVUmiDYX2MdmhUJ8kh3cQ1QP6oE3mEmdaT2Nid7JFwJ2gl5ASblmZjAuvxl7mzLRRSRjDmYWjsrbo5mpvroMR1WdB42vp+8WCyd77yQa8n0GIpjHEwh6hBOJatLmfmnSqlGwG2wG/yYaal2qL+PJnJaaKUy3mAMPEyKmDhGay8wEyEMopxwAjtL1DGHueYDnQNzBlxcDpkAn3PvSEFXo96g1czDTyHEWDMoDXqyBEXkw9L5fBqZb1n22BmzWUmWaNRps3xzWbZ5OIgTBVR/1VEB1ZwCMgLkk4zQdbdGUQYUVhyfUmcwqfaeqAWXD7i4+qgDcggYR57MnPF29B4nrYuwW3AvGRLxwI96yRSAtYkAKYi2t7EbiPbiyyH8RGhibFN9kI7RC3+jrcGmXi/Lq3LY1Yxp9EX7Gb3Ze2G5yOSOpzMFqkbE+/q+nH6Lwj+3wh49PP4T8r2fip62fnv6t77y+9WzAbnr6YS/8K//tQyj//tT/+GzrJ+3a1p9tXohVIGpLY9G0L7ksTUygRzjFg2+eW/QsE1ptxUQFIxLtVJ/jG8P0a2pjvS5687TCleI5ZDyHjOeQ8RwynTlkevbdUjLIqPsP3p7q5DLsn55dZr3sMjD60OwX54df5kl2c8D+XGa+m2sSjY7xF8z5q1oW9Qetk19aW/HkJKB7y+dvaQuqVbISeKZSpDwBjyfg8QQ8leIJeB47AY8n38HiyXc8+Y4n37FoyPWN3XjbnXH0iAiTZTRVGZ1iPNBl8YQ2LSZhQKtmI6JRYQuCdzCfeV6+0iXE6egSDacjLaYH4TFwRaFQCzaKISwBtxQKHuBBA2TJNyHCu3UxGdJyCs/bNbF2s7Bem4zBELoOWXHoYy6UR583Hz+VPYI2GRy7xPlg0154qLMpZiX+MmQ7nEkia+kKocRh6y8jUA5ZFdZegNJOJWuYf9D9L9PsbSXkZS3d11R3vTP1GJnSeJzinkjSsLzN1tV6p1qiepr6lh5AdxmPsEHVX/r6F/kCTX/oqQdn7ekRLIyTWEIL50Ftgy8EEE29YBIOt6JJexOZeoK/92nr7tO35HsFBfn8nbb79Q9PZ5/kdzdWHUu2p07z1GmemcgzE5nsg3fFTGS4T6fHKPsSRvKK2LbGKVf+zomt5Eo2IJjFXwotY64fHCNvAIQx6jH+l4tzPINonrQ8GecDLbhqcD5JzweQukhh7qDLpTk7cw2ebz//dvuHnRchjy8ISaUOk1m4zw71oTyD9KcUWoZLlQCh6WLX9Lxxnjeu3jy/OvvV2a/O9786e9I8T5qniifNc7bAk+Z50jxPmtfcEk+a50nznM3wpHmeNK+xGzxpnifN85BRHjLKUDxklIeM8pBRVkl4yCgPGeUho8rlXxsyypPm1R58+KR5lKnf8IEin3+cpYt5zrPpY0moIoA5lNcFvQUjVFQM38P0Ds39RjG80jH3287P+C5rxmQj84o1w6X2XS7qFZH+UulBLSklL2WeP8nLUVi2if8KgpD15A/QAtAxp8XgosejF7yfn6WQedRT5Cn7nBQGrx/V3SQ9PBTRn7atj90gkTEInA1G0DFE/FpDvY60T6WH9y/j4WecsFE2jjkCgoI26rFhkqeBdu/pYkgRcb3gHSAGnMQ8kH1USvDO+CCytWRPAqZMZO43z5oSTkG1FqAx5BVhi3CwhGO8FccrKrUXKTDXoI5qgmKxHQ+MOCM1QIoGEJJecFgMR9V/v4mnbM3lP5nFYE2rgmJJrZIhwiKFBZx6EFwYwVGisEO6UCmNbkm5BofiE6462HqsmZSnS7ZV7QudmPimmtUuc0v5WFCWy8nqmJS1SvIVlLYJWFBa8Bg0JmJB6dJ3Mv8KXI+3lZsF5YxWLkwgAhMJ5BDxb3U9qANHPP/Li+9XFV8bFUqVLpI06FqVnU1xX2pql45AyMfqNYLdFcF5BEHRi3mTaF9iVgskIw3p1GB8USK3T7aq7zynsB9sVi175MOXj32z6vhDr9LWBIM1YLEa2QOjqaACArZFWAqFtbG+5MXyW9rMK7O+qQrT35LpYrobbDeOHLN6qoo7IxBKl+GSiXQ0vmUgdN04i6YYy6VCHTJ9+hWd0gndo+Y4S0eLIYc3lF6GqtoEM5ZMUSr6TKQ9zUYCyzLnzRGOC3vePhQMzON5ivAJ1TSqrhmKUM5EPdqOEGmJX80rTS3TkUfwObMdoWhL1M7284bB2ARwA0WB3HAMmo8aUM2n3u7HZ9o/P279ZEOngdJqUXQnBEJZOinQKfCGhEEo8Wxh8YhSCYNNeN2m+xZsi/se3pZVRenKYYRSEuRtJSu2xFuC8sAAlVrK2ZV+CKVlCiLdytUc63VacK2XrVmMdNmSyQilkYzJCfKkajADPUHpAvbU0Nz2WE+OD+vGXA9wa/SDIK5Xv7h568Mw3NA8j+CFRIjNHK2b3ER6tbOBvo5gH9l0xBnrgDDIwderEwAjrXGkHVgBiSQkV3kG1SUz+IBwGIVwoNkNhmBUJR/ugP4GA+NsHMKDVIM8y4ZMT+uDfM8XyWRE9QnIrOBqGwKfYMOYROfxRLyeIl/6rF/oc0Qg5q6Oy7ohiMpFgntcMEWv8uiG4C5GE7Bm8AZ7CNOJbnaD3+PzyzT9jL9e099C7EQNTVYTNap4lLk+zKghKApeRcjvqtxErgddgNoNc6RtH1BTxSBSDT+JwYjLO14OjTC42tH+FJztaG3brYmSC00IGkSQZvJsHVbkyz1mElorpkbBFHlVufCa/YYX55NFFk1KvUICv0wzpD+T75ryC2zgLCZRpj+yAZTzKcwd6WoBW+CV9u2hZnE5zjBwfh9yAWey/nJcEUKksx33HBAkwEE6C3nUfKFjFpM9SsTBKItUHosO+W+2YqLjXZ4uAG6TqbFioaTBcFL+sa6HNzQwEgY91banGcYyI8Z0EUDUUQF6F9rrTokxYMvaSFnfiam10ny4bHOpaW3E2HfIkdVhbB5+orVpIy1+US6j9ODVTjSZX0bf0EgbXsZTSXnOhteM6d6/fXNa+tl11FHDXViB6Fl5YtEGPen12sO16H5UkRRkq4zh56qmDOXnAWZafIrZJmaLR3Ef3UAEBhhCPtUANI8+Udjs5MFfYSvZfPJk4sy1EBBY1zAfYzxL/pB1ywgI7rlJOMoZnXowS6ZSM5xhshhDOQB6XNZHx61qO27ZnSh3a4M+UFP16iEI7u7BkAMKnqfsWzoJyl4QR+eTw9MzhaKrsyYqS42tf0CaTDwy1lTkd8ezEY+fwnBUzLRh2sk0KSgzKc4xM6Za7T7qE4jmQckN1RuOHFBA9xQ2YektXUuq3lxHqOSqhqVr1eIBbnMj5mcVn/I0rswpuzH8KyDeJG6A45Qt/00pPnY4E/58Sbxz+kngMMhEE0kvwUmC0Cg+YidlIA2wmFR0op7NE7YypdPNfhD8hkFtmrWHX+sFm2/jazZRNtlf75j+y/6q1Wo2BIQBVWG4QFUaLtAbugi9oj8sI/dKFWJQcfOkpiNwViPcLSk8BKHmwRPHQZ+FR1sZulAnaOqI7eBpjUxVs7ZJTQqMzylE8OUQ9ZkQxPNNPWRes8BaIYjNJlWhCi7H8kDPylkpBSfWB3GHFR0SNwpcs4lWZMS0clCvk/ySCaW4BlQMiSP2R5ylaLBczGRkYCM3lTM8oqOwcjbthmwBX0ZY4lkOqgunRyQ4oTRhTRHFXF8aTop+hwsSGGLMUTavsUKwJqCE9DRYjckH8YpGgsGl4jjGBdS2kFM5Kqq8QGIYA38ZaENo+YaT8RqS4dxhQPSawZ/w/6EQb33Nd/tj8UsOv4DGUTqlOrq3+kgZJpl6VvY2t45NTeqMKARMqO6j+Ii3B7aogPbucCf6o72lIvmRX8FRJJ0jNLR6ROrMCSdmPLie32x9KUJ08U0OKKHVUF3Fm85qam3mRSJq4RDnU0b5/eQnR3M23ywBm6KYVAntaisPKJfa2vyeohc0byf205Ocw6Ox8XqZzCmEnGe3ujuACqkLonoaoUczCL8p4H+HmI+A3XmQxjn7FX9ZWT7UtHVJhy+KCaJToqEWN3ntmJL3BfWDlCS7+whR3uhT3SNCd6BB9bhYnsdovCHflal+Lj32D114S76KvwZ3V7pCZ2DiV+EoA5EwJ9bCGstlGmfjGMx8w0tXXzoXJN7eNt3dbESnYrN/GwM1RWn2U7B5Yr0m+styQ6P7oLt3oOGTcBd6rRmhq0W3NjatoY29026aaW2iLWQazWGK/QN2Chyt/2SDKcmA9E2w/OjXeCKpVo31RXMEnWM9yh6NKWMKIlkIL45iTcu7NBAYASYYrPcyoW+T/Wuz5wgE06fp5tFssydB6EqTT26OmECyidc2+5039haQmmuIXBaq2jJarHhW7KH8vI0bKD19zrd3qRjq8bLi2JSYkmiY/BYXF0zThx6UZ4uIYDgw2sGI31lJkEKtf4heJA32FWrRiHrEZ3ROoTPbV9rLD8opIBVH2YgL70kua72n9ALxeuPbmxWwmjfOeFOH1QhKq/2i/eavtZHv/+wMKUKJR7gokJ0SVhZwcXLKV2TNkjZKxD26MXNfisI5ICVvXpGmExyTWCsuH0C1nMRXOuCwHAGwZtzgcGUNdrwGj45kI5iNNPMDqn2IeonGIYxLx/BLfmxybeOVYWY+nQFMd8gO6CM2lJRQrbU2boyByHuIzaZAUdr3tV4f72zBLSRp8gTDECn9xK/H+kg8yrqdssgdr0Eb5Lu3r/8zOHqJ9eD7aGsBMFAyKbM+EAS8LtEfXVRgE6CBPWXrZENmkWmUO9y4LdZVyQbtmlGX0UxVOI/yXCa409AnJnIIY0fTAOBvqVnAk+pxhf7i+hLY8yTlMFUM0kBBw4sxm5aHZC4myCZUkZ5L8cU4NwpcZbN3RghTvB8naMMVZmFqqWKwZYKbRpx+E5vleAv/WM5XSePDCIBl7T6VuSr0BTG0RiR/yuDuaS+wsb2K8vbdGR8GrDu+3f4Beakw01nR0cUJBvLx255v7wT7fNNjKsx329vUmyeuIBoo5GeR6L4q5lGOA/yGoQ6ud5EuZhLRC0O2o8kkLQoYxhK4F0eta/GkdYy46J9qjGCK3B6rFsh48oUn8ES4h3ddMpEgD6PjRXt4vud0nslFINYK+BinbVGUW96S2eyZzlPK7HO0wgLARssPQAIOcaK5IdiiktfW/tEttuSJ4zwC5Z61gDd0HOEnfqOxVKdUZJJKs3EEnlpicebRJ3+41o6nGAdCuzJak7bk1svef8NNp9JcSaEIqOvKtBVO79iwDPJ4nbXu6BPXoavVZm7P04bSvqtwgRE2Db7oSKADGZjUD440knJiqIUFD7pXKv+Qm1VcOtC6oGCyvzovwB4D69c1IC3QXousAuhD1tdzFVIQzUFVziDFCxvo6j4dJrQvFx/28DTKEliRZsBBzSnI6YsgIFUuCrFgFVf4nU4bmYiic42VRi+4XroOLBVCn/NU+Ee0qjWk4EPpNrApFV/3+NIvfIDHwB5hmAD9YE8k66hajGCwopQNJPCizRE5xzZVFZR9oi7woz1bCdMZDNFKBI1rWLxlAwjyZfmKxzmllQYGILywPI7IAK2+IlR6mQzcoV6/sNrcoBAhuHidUId5moBr/HLBRsHB29NPr/d+Pnx9b3NDwSM8pkmRUlKrsLqsY2q85i400Z2jeE6roHBO8qgtULf3Xr+W93EdED1wkOTqeAUeyCh6QmDlcBOWGDtjdiiHRLshbMJodJLavcAXgu0BQo05XbmGJ+wcqfGM4xFlNxKMBttcBX5Kcr1OlSyu4RBzeOuYnsgWzgSEM4TwGcoxjAh8eBxMkXyRfQtP0JSQAg9lIDZ6Frr4f96Vhqwy2sYzUA5KXEKswYDjeJMuVPQNyOt65vZfBHKM7om7xbARazkfrXgYVgtgJAKrcMgDoJRz3QvwjM5jn2lJFURqGT/IaJU7aU2gtPGyQmlCEFNlNSwxVVr6jZg8JunwM/bwgZVhytHEhqEDBZYBzKbae3sg4bnghdLAsckGUAyB7LORaMQmEz477rAzQ0aJzY2vUdWqGctXLBXpyM4uIU+xQ7MiYO9NcOlorL8EbsOnZFMvgEkgbhWzUTrY8rU05GspE8fgT0pEoSDLaXw5aMGXTBdHvbu8PmNeFpsEEe3/xaWuO8AaFMOsHnI1S71cMvU0f7oeTnThIvtT5SyltVklYYLpJAdoszge5aBsQYduBnOI6M/1iYFd7/b9QsGc/OuEKT/fPn8ePH0/Y1MYIOnQJHzIRkNxs6XFapP1sN1kM6OEl4vaKzrNMjmFKjBLuPnJqGqxIzUKwQWCs+yX2SHXLN/UYuXoAsOmyj0DsqnSeg12H/6pdJVdF+A2VdYPOOVAcFOltaSs0FuqdBVUBzguVW5BTlZcLlVaiqkpYgNKqOkkzttgoDtvaLDZhIENcpdKC9sYlC6O+mrl9uiRhpfXA/1F6QabJ81deg7AeczOXEmaVdjh78mXDZ+K2HiOVOBmbfdcAFCt41grK6OYGLXroQ2Eqa3I2w6+aB5kzi5G83yBAQqOegUgWSoNgeTd4iG8/+///N9cvXsOJ5FpDJg5ST61LwztTgJDjstlgDZeTkalSo1yUlIUybVhXkVzbFp2LhGvG4RWpj4SNC88YEfTj6XjuKhTcZQLWYuRxHqg4iTB74+tvFGgZv2DqIhQV00XrqWCmhyjykjga231nbbHuS4HuvUd6Tpsk42w0db2tdgw7wZOWi/3By2tl/uEmdbLHUNO6+UO4af1cldQ1HpZCpa6JKv2k7XN2WmZebrc+ekBnaA6SbHNKWoZKS53krprOGy9dBRag49OlOUk1wk+Wy93CqWtlw7SawWxrZfuMrwt6G29PFAYbr106JQWNoJlOmIpO8EdQ3jrpbXEWp7Alz2DB4E98Fve0ak3oD7lhYIOUYccuKY0v+EkXYxCCOKQqJ/0ooa0LVRxZ8mkpx8MVZQdEGUKfxRH3BZwzg3V6k7AU9a1MH3TAA42p/EwixE3x920lt06KlW5bumrmk3IAjle5Rm54GYxdRLviNvqB1ed7UHw3LPCCcUgxbUaJIPTJ49gDc58ylZojS3kwZmvD1IQ+TqMO6UKhSz4j8GIftXTYWqZME4H1BuVbB1R6irV9lJ/a64nLaRlLr4mJb+FyKrstA6bT3ux1SoVNh8eK1Qx/lTyeRwVpxgIT5EZs8prHPy4orSznLS1mqzHYtJypWxpKem2SN6lheT+rSMPwTJyT1aRe7CI3LU1ZCVLSMtJ2GwB6Tb/lrF8PBCrR0uJNVs7uklsGSvH/Vg4OgiohWWju5SWsmjcizWjtb+4gxWjm7xu23rxwC0XLTug0WLRTehLWCruxUqxrnPYcpYJAIU7yNiuy/P11pKkUKlTHGwKBFGNpoBChV1DdDKKNUPEJ+MxJ4dYVtB/RlAVbbt2BnQqZxhZgAF3XGlir97uCXID9TLktebZWlg/z1WF1rIJR02bJNOEZyg70xbenR3uIlNU9aNlYi2FXv4dumdYTOiNQYgsMuzWv69ywBKnEhs1NpT2XadqE51WJsAO1KQSZ1KZrssTaZuPSWV+hjIimHgaXoTkKai+qT7jCnWZ21jEvTcEj1TenGjJX6ztl8kYsl8nsCwint5iyik1NJTofnBIGj746tkAynGEifMyZGYBmKKDeoSTp2hVwmdKmQX7EGIYLubBJB0DeQh9uqoYUquZ8hnnGuZbqqAdL1DjcwYGyOfYVJDSpl1IpeSOYzi0jGF1zwj04pVcWuht/eB3w4eYUSCoYM4b+ybWvDC9CIss1robUZ7lV/YqCdF6P2mywMQA10kbwlmF3h+pl8GiLYaxQF4TYoHYewyPlVdIuKwVgJqQlOKov8/hNE8Z2K52UAbzDM990H1JToQ7I0ih0LoN4X2l1FVPAUpaBlMu+8zT+igEuOVIF2Yjji6BIwpJFBGMi3IBYbjX5wHMfbBn4OGzJHoBzOI0zVF09UWEpybTwBdjonnRaLEUXjVpbu3XwSsDRrQIWdNmgpV4UZXyggMbUcETWrQEdQEoUQ9Tcuw8jRJxR0CG6m2W65qd1nJHzRBnvG85YCJz6+2tCmVadOlnG3qxgSjHhl9MJDn6UBCUWqtAGNcQ6hsQlc5KGKkK5VViHRnw8g3dUUXQV3xPLvDO5VFPuTX7jY3szjGK+aMnFrau5tl8NFOWKan7ZZwij9MhAKpLyuQ4RaD22TCZcIxxQ31C1D02ddha9lJvH66jL0sfq6+7/fLdhsrFzfN0jsGbEjwlXwzZ+jkUGm2+SJCrEDuObxGG6nDlnWcxKbCAX5ZMYmMDlckUU/vYmnae5qYqOfJBqQFMTcH0P/h6Ih2kvWRO2TGGWtg4ziUfLrfa8kQl2J9wOHK6H7Zrx1mGkZDQeSblQs9qjIYChwE2S0lyRqvtRfIFFBk9dx6xcw11ovL/FHc8DpMAezOTV75F2c7CZC2ARLiTL53GYModm7OqLxazUQRGZ3z1dZaKLVFz6p0pHFywkAaKGU6LNzWaKnWNXE//JNUDoadmCzbYcVjww72uWUnF1tR0UJXEbOEdci0go5IZGdoJ8keR/bK+LJBPjlRY03BiX9grwWdEmIuWL+bzNNOgeUzfRZIxzlE4FuSJRiWiD5KkYLvEBWs45qxmiRgK0ySXcdAj47jdg2MhDkxYTfRxmQ6Hi0yAY5K9ga8kMuRdsO2aRjCdQokMmi3juFpJ47zGwcGPPqxHB3ziSQQb58R4gsSO84VhWXctvgsmFoRRjEdL7VByX6LAaVDBCSCETnv2VZbfVTlmSuxA/vvt7Fbr4GXP4osJZpbXgT7wg1LjvszGDBF6St2i5Rd2JGkvsc507FBQL2S3mvSGYM+1I+U6TD3VJol58XAPmbCYYy/82zwNfBM1ls11dnRL5PoqSD10nqGr6qP+IQLHy8TxSIewlnfQzkZ30U5PTUaH5VWawGLDlhRkfTXnS7H1muBueDIEr0ZoNnruOq+atwTxCEN2MI6m3HvnBIDnpMXl9uedUIoagd+tS2M35jtM+aVfBPWd9pOJ+w7O16qnsZmnvJVl/qjacQd6RsxscSv4WSuEXeLwU73VyO6lUfF1JiHjgTy8Jp0AC72/tXMccViVn6p1Q5WYC3S1kVCN8gShGQTkUelcVm+GhM0UD0Bl7IOn81KD9sZlmjBJj+w51zznmuRco13Yc655zjXPuVbvH8+55jnXPOea51zznGu83M7JFdtrmhOejs3TsVWLp2PzdGyejo0XT8fm6dgq33Tp6dhs7fV0bJ6OzdOxeTo2T8fm6dg8HZunY1PFc/j8a3P4eCxRjyXqsUQfE5aohmLjUUU9qqhHFfWooh5VtPkbPKpovXhU0VLxqKK14lFFHxg2BxSPKvq4UUU9wqW5eIRL06d6hEuPcOkRLtu1ySNclspDOKV7hEuPcKmKR7j0CJce4dIjXHqES49waXnKI1x6hEtjbR7h0iNceoRLj3DpES49wqVHuPQIl8smksJbEkvEdNkrIG+UoqZTRyFxBqW0myDOrFk6ZQQe8Ub5QjTnwNsUtoZ0R4AF1mlCpmgyCkOz+l+aTMQT1mtnHOCRIHdWzX58DSg1XNWOlZQljCRijOCWBpsRzQvKMcFt0L7+kK1NhmNLsLLFjK1bE4zEVm+DgMYxACliUliE6jEoGp9n6fWsR7vjIhdgGthcqNC++LG7oEdoZeW1oxtgCIczmBm2louxDNAYqIJb7mtcX6c21FYq7dNTCRoUpi/hDXH8UQ6gCUIRzIQE7YUikt3X0ENczcZgfp4yt+wHZxas2W7fS8GbiAp7oSA8aZxgTjWMV/l1oAJbwUrKlco4UxgY8MHDyxTyoNhAQoWOvQyGXFm11HEKgvEiYi8uIHwT0YNaCpajrawm3JwpXFlSWPN724pX1CNUCFzVJLDAkIk3L8WIc4DeYQr2ppxcAhgeG6Rarj6clZMpUxETNmsmdnsPTv68EKljcgVPQN1MOBBwBECdQ3aGg9PbxGHegl49Fd9D8n7z/vRM6LJo18d1h/boH18CeNzyPWDQCSzy58uk8prQ8O0J7KizDHCTsDm94P0MV7ml24U3rDgqEOsKzrJyRdbnFXptYDqmfe7B6rODyqDFvHsD1pK+rLWP79FgWKSNEHo8S/Ncy1TDM4UEPiPw4PN4GMHRWuULKb3A2giVlHKxmARPc3aw7KOpiOOaqSq2KIYiOk8mMKQQegZizNnkwC0pmQK4bmQ3FTZ0lkvlDgNrrkOI9RoutFCdTYm2Hlbcw4qXiocV97DiNJw8rDiOYA8rXi4eVtzDintYca14WHEqHlbcw4o3YU9LK4HMNW+D3W2QEjXmgGrhv82zJEW7SLCzXWpfB3DsBw82fp/o3Y8cB/3hQNzXHYNsqc3TYaIOlpW92zIrhNpF/+J1lZr0W+m32nwV2Ovn7AMp42EZ6PXuaOuiGo+P7vHRPT66x0fXisdH9/jojxEfHeI6SdNpB5XO/rhIM4V/rsxTBGst1Z9bwFSH92B77xpZ/XHAp7sFbnLZPBN5XJpqpwXBsRHENE6OfjaNvoh/KAA+mGlMPbJFYLHaE0BFxLGlLao9DC8V1dsf1gaW8EfzVTKdjCr62/+S9d1G7f9bfj+vnf9rPbVzI8ZT9QWi/q0gg9CPXvA5jueBRCtVOgKr7M2psWsxvOU6ySmW15QY/DYt8DiKY0Q3qmSLGS7G4Jo2fQgPbrH0/LNgr9LfaKbj6wqeE2R9vBrTtHgWvJuRb5+mgl6foU3X+FeWY33CyDcDLKyZ5QVniCILQc40kGOcS2i5B0qkKwhlFEeBixRwtaAV5qkiwqWN7nW3QAhHkn+LWm2n0SwaK3+FM/aavcAsJ1rl2UZQ0HcxIc2eFDW2gIbqA61ZcETIulVw/0ZKz9LgWRq0ctYRzNmzNJSLZ2mo1udZGuy1eZYGz9JgKp6lwbM01IpnaTA/61ka6tc8S8PDhdr3LA2epaFUPEuD/YM9S4NnaahV5lkanMWzNLgb71kaPEuDZ2nwLA2epcGzNOjFszSUimdpqBXP0vDA8CWheJYGz9LQVLNnafAsDZaP9SwNnqWhXDxLg2dp8CwNnqWhXjxLgyyepcGzNHiWBs/SoBfP0nBLLA2QA8hz1NdJ1FCuVuYlXqbXAZzZpMKhczNEBQQsFVpqokw9k6HLb6yYNKKwbR9C0C4KnkQjzsw4r8pI54BrFuypPH82ZLapKRC7ciNvQoXjAvI5YheuZDnTbmdbZP6tdIjyVBqPnEoDvuQ3gFZhk6JgY3HN/WioesXuvI6SgkMGgcc8uMI3uBYySrMZYRsAf651L/OqZUfzGpbsac9r4nlNyklxntfE85p4XhPzLZDKD/LKf4EYtnUsh+Uapckn10JbdT4GwKSYsS8ccQiKGLaKSM+lJYgp9Ywx2V4UrQf1QNW4P+5DR+mEC3zrC+aTSC3JZBSDgGae+pDH04h16JCPfcerK82U6ctvZHJAfCNe2qPBgROCLRLRaKqaI2YcyItJ4aQkT5cBl7+PfRuB2xyno1/jaFJc3vQQXWm0mOg/ar3QC+Ji6JSrmODcvMkBeXnYtxaS2yNR66Ct2MM5oOQGPMk7yNOL4ppVMbiMshH8IfYrAav67y49A+WI1nkaNwRwqEDTMbOcrRlsoYA8FB7aDkngqnNweRiNaM3UiCvSirydQiGV8syG+Y9GR+gVaMwChzTBZj3XRN+ssh7NaNOsTCxtDrGPzwqFPSwHQA9oSHjPvMGU9kwbCRA+f5F84VmtrHdQcm1mdjAutwBHQxYDyK+AJEFMSE420aOZraSg9fSTvDZvWjeD5CBxE0TaH+x3IuGKDYDsRmva5n5p0qtRshtsBv8mGty4RVzGkzktXVOYrjHn1yDgdx0JPw/OF+fniEC+mFcggAHG9xps3TLpYiDu4MvUlr0hjVmIJvil0tBWeVx4SuAY/i5lJJBLWWnCiDU2Ig+cPkZcgmwb8CrfdeagKjB+dYvQilLlmlcEfDEcsHyeTiLkiFAf/VQw2WSQRMOUT/a1aTraoimo0JChzmRW6XNVzaQha5jKUYUHAjSgGJEkEHSix4aCnANa1tfCTQyhCgGR/Az495XdUbwPVzD5L8K1ZpPsm2yEXpAbff0v7bpRXl0zmpozjb4IP/03Oy+abm7j1KcyB6tSxsbEfz39EIV/bIc/fHz6IeR/PRM/bf309G995/WtZwN209MPe+Ff+W8fQvn3p/7HZ1s/ade2/tzkNWtrmHZn80IJy2PZtX+2sSSyjjjCJSYwwIaUa3InMNdzfcEuCZlF9q9p+y22POKphXbO0/hVi6fxs9fvafw8jZ+n8fM0fp7Gr8MHexq/WxKsp/AzydhT+HkKv6+Gwq++sRtvezBMf6XB9eQAUNgAAGJUNYmO5BUBDTpOyQVpaCta8qbplaTCCmbxl0ILme4Hx6C4whSP9WCny8U5jkrtSJgn43ygeU8G55P0fAAx7xTHA5pWmrNZOHi+/fzb7R92XoTcoMdBCcJkFu6zZT6Uo7I/NUXCInNfSuA9mJ/+xCJmT4voaRE9LaKnRfS0iLdKi2i4b5nt6RFsRvWtp9PO050T0rgBlQ1P7Ygil6CF9N2q953nxPScmJ4TU3/Wc2KuixMzEJEqDd0h4lnGWbqY5zyKRGq9JThU2vhxWRthDqBRmdcm2pNc2FGk+vjbzs/4OqtTzW07b+FPqX1h7Zk6z0zd0WI3KztWk6qpUdbqsHKrsAJpKNFtOBSiYDZWuKcqFNd0heLy29TkaDU+aU4dDchdudCUqh2VB4c0HrqQDl6BaU13aUD2ISrgQlXFZbcn//l+fpYesAohUAqJsN7P5Z8H6Ig4icnOyX7oBZTiAn8dg2FqZRID5XCS4TnCsA+jB+yHES5OTfGIJelIAkMwe59wPWMVFoL2PqjaFzZE5dRrVhQGt+SlgrKcp6qjq2oVlxSUtm4pKK1CSxrcU1C69J30SoHd6bY8VlDOKHMB3SrgvgDPCv9W14N6dNHzv7z4flXxtVGkVenEbWHSuEuLoyKY1bRvPa2Hj9VrzAgpgvMIAkgW8ybRvkRbP7hohpR9anxRIpdfpiHuPCdzETarZlP/8OVj3/A5rIYfepW2JniCR+o2QYNrK5zJipZCbkMwLHmx/JY288p80FCFs/rtBtuNI8e+a1Jx+0mhdBkumXDS8S0D8zbGTNFEG6DMRwK7kJp+RScnq3vUHGfpaDHkuT/SyVrddmHGUhyFsloKZxCw3FFimHbqwnXSzQ0CDwrvLSaTVZxLXf22UM5EPdqOEGnusOaVpub/5ZZfpw8YirZE7Ww/bxiMbaIfVeQjD0z8qEUvfurtfnym/fPj1k+ukMVWi6LbTQplaVepU+ANblQoZq5RVcJgE15XJykt3YJtcd/D27KqKF2eXSglQd6WC7dDUO4DjLJtlQLVxJXTyjFLt3I1x3o9s7nF6LIDC93h34XSGNXbGNHbnbXHHcnraG63wN0Gax6Uij1Lu79+XK+b+GwibXtU18x88kBuqbOa7HLLR/QFP812kF71kboAF/OwSENQ0dZq8NCqbWXxECf1u5KmdYYZL9R+JA14FxtIPxRpBocv7ZfFuXQCiJ7C3FHVbWjRO+UGPURrkyp3LbYZ9DDRi+JWQN2qdRpVUL2Vaq3czHf34B//3AjDcENDsguudjYQvio4JWfy3hAJPDd0GiGd/oQ7TfpsMSCYGhHQvqtnvG5wiKdgCLg0RMyabeiwRnQlv2FPTGuNys6jYT9aFJfASoInDwGKI5t7kk7itTZywuY4+x27g70wzOAF1hZniwn0dgjup1/QjApvZnoGqBil4RByn+kGJh+c89/IjVB/fphiAJ3+zfUK0ctVqXAcF3QtyemPa/Da6e+CPxfzkfhzLq9ThjV1wnicxWN8+8mCRjAXGMj7VNqz8TkDv1tN8KLCGFYJPg52g80CFbaOXb6vWrLWnpdtHIkWUudTHwcfPi4zPpdqrFNaK84+/ZvajVsF1NVqqNXqjEYjSJWttrn+In6H/DUu8sEFxHMkfxBfkPkWqXYZ2qZGNx/yHVqnJdCYL/PoBcxGNd9Rzp9pIYInz54YFwhtfhpFX/tOV3/ME0yRR7JB6+JCqKviR46dxCM1lxkEC7CrFjw22frWIv0cz7IY8CparpSm6Vevl23OsJcTgGin+lsPW4y+jnPDT2qEyivlf1hGeelBrnZdYvr/8DIefq49ZrrFNTmWGj3N8uDNGDHdI72Z8j3P9LOl/fodbgHov8+Bva72g+UVdK1eefkfloeND8ZF7d+2x21r1i1M9fadBWhZuCksN71N+waFqrFT4TqHX0fFSlXfqiYCfb/9fknm0bTFbsBuG42AFpYtJMl0ya7JmBqfTNtsPnJXoJ7LjT+uvqIsp+T/nCD01a3r+uf8PXaVP50IIHQhacdHbHBYYDqoNJ80+EaFupnxQHbrJypNY70NmetqqJD1kiLVdetWmvwtC7d6hl6r3K7j88s0/RzyYG97qwQLJYQn8+kJf+4G3377Db69iDI2X4/xN71W/NRyJFfLhlYFEc3nuRpQB3I/X10gMmQ4RK17V4sgrvQXF4r1ukNyMvIOfTNlibQ57Nob3675ZdrrKpFzlYS20+vbNaBMZapw3sUvbI/JxloTwiAsrWalC6MkGs/SnKn+eci3sx///A8Imv10cLT3y9t3p2dH+6ef9g4OTg5PT3d/3P2eDdR/lqpIZmxjZgcovS5Rx9Hb08P99yeHemW7P16Am6dcySJnz8uw4hCPZiFXf0I2IthCJOp8f8qqOzw+OdzfOzs8YK94ebL36c3e/q9Hbw8/vd17c/T2F+MrLpiiAM1EtJQfubHzmOmarOLD/ziWVRy/e/d690c4zv+zJxYxvhWfxgW/ef/1+9Ozw5NPTCrv3p/sH346PTyrPHSWztNJOr6BdvO7z94dv3v97pf/FO3rndD2f3rwitd78v7t2dEbVt3BK3mTsvAeQ2xwMr4s9lHDrjScNeETE8vL10e//Hr2af/Xw/1Xp6JNvI7fo6R4mWY6puk+NxPTb3sF/IbqfaX23/eOzl6+O/nt3ev3bw4PDs/Yz5/23709PTpgH0a/7p3Br28O356J92oDe8pG8EgflQN9SEOJZ1f6dVonjt8dQKcenh7v7R/KqwE5kV9macXriG5hAxOKouBQHNlyobG+dP3vM77q/dHBet+0SFQIaDJFSzgBOWY3/SyaDSFmC3yU/G89yF5bk3evdvo/9L8r13S8mEyOU7YC3+wGRxdvUxiTEDoj75okTOFny8hxlp6XXKwQXftLXMHlnWPDB3Ru/KN8CffA6hWSWnXoyO1UCFcui7ST/iC2V72S2vYqa8vSIh2mk93gbP/YWel2rdL6l7Ss7XtTE6dA8T7MG2uTWFCdpI7OtTZCxwU+KW4A4o0dOfTKkPL3OEuukkk8jg/Bp0LhWgGuXtqdbDOn7N9a+OMoSysk02Gw9/p16av5C0b1etkRai/naumL774rOaDw2vscttvyJZ6MBi3lmYxiUL9kX8SU289n6et0nL+bHUKalnyOAJXfgD5aGm+IAU2zcFBM5wO224fl8TVA3XA2DodxVuS1noZf9Yazrnk3m9xoLixHN+Bnvk1nJ2lalJ7AZwCKj42Li2RSGhnkRuM7EAdWly/SFe+3Jq27IsRfMraOHsdZko44tg1E2Yj7mHpPsWmakhJfXDBlBGDDBWyibNvnmH03ZHTgwaBfjsefRrBUrVxNSdPa0DtXa6Oha8gIocsxVxx4xsMAdnhNC4cfhTjLJzwIEEaYiPUeUfTh16xlj2Y5EpFwI4vhs/raY/38atj6RmnrQNb3DUjsyRegY/GtjcRwhD9uaBOEPmJykSfjGaiI4oZ28g+ElZlekmbjaMZPrlyoIQAoQ9JZKGQ4SdjYuhlO4va9x5u93o6rf3ND78Ejp/iI0Z0cjaasJvYnVwrMpoY3iwKjGX8nce7rGcSlD4xms7TQJVmVTjIDwYfDKIQY8lKTB6axubIVg7dcjoRS9vMG/5U8bEIUJ+h24CLiw/5qh/8PMnHgb8pOIklQ8/gYE+uB0yQgbjB0HF3k2zI2P5ajEL88TNKQt0Nc2JDwBmrrSmA+4SlY/Hb4P4uEaZSxZj/hzAFyHppsj+SB5A4pZbC0mK113j15nxKbhs4lr+6fsOPCIf/H++MD8Y9KlEbJJwPnlENc73NY8Gfx4+5AdECtqxexssfRlcoX97V0qEpaXa0vBWPEw+5GzR33lXWgcm6uqytVjY+jU8t+4a+sezXv9Lr6V6vycXRwxUP/lfVwHq9t5gLi0qPoUR7d8Mh6kju+TT0aTeaXrEsrvu2V+7VSX1+43h0RcI6+djjuLX1On7VqpxvCAB5ZzzfNYQj/WdckhroexywWEVKPrDNp8jQedbSQ0JW7tl7lklPY/tQdHIL0IFlzty9ltPkNkNQeqdnmSrb9kRpu+AfcoulGiIj1/IO03oTBweHrw6/IlNO6S1cz5tT79QHac1p17uMz7jR38armHa13vYXnvntxDTaeen96M8/D6mMRML/OLhZ1PpIe1nMGvroOXoclr97F3pj3wLp5leNivXu9Re+Wu/PubHpa59rMet6e92Cm8UoWvfo89ka9W+/ROzTr1Y++X71l72vre5WVdwtDgFf+yEcC/4pHOSAgH9Y+HGQa7Dq6X1bWtybhOjrb9syd2cBk8x/nqatlR2O+81p7G2t85F0us8Dr3f7/AXZhbEIgJwwA + components: H4sICOIXxGgAA2NvcmUtY29tcG9uZW50cy55YW1sAOz9+XbcRpYvCv/vp8BidR+R7swkKdmusvrUqY8lydU8ZclaEm3f05LaBDORJFqZQBaQSYrlz2vd17ivd5/k7ikGTIFADiRtI1Z3mUoAMceOPf52uIh/iLI8TpOnwfXxZx/jZPI0eBXOo3wRjqPP5tEynITL8OlnQTALL6JZjn8FwXi2ypdRNvo0/PinfBSnh4ssvY4nUfZUPRqGi5hfTZNlls6Gi1mYRE/VP2fwxjxMwssog7cSaBAewSfD/Ba+nn82HA4/C62+wd/Rp2WU4L/ykTSqO/wMmkznb6I8XWXj6Hk0jZN4CW8W+h8mSboM8Wc1iChbqk5gdXHy39F4ORyHw2mWzgv9OeS/o+w6Ti6H+KE9NhzMZZSMPq4uootVPJtwfdd6Yo9Gx38cPV53DmV2+LfxLMzzKB+Vv/4sX0RjrBj6pBqmZvJlFi6jy9unwY/RxVWafqRfb/hvfgX7EkfJ8lmaTONL9Rt8iuMdR+aHwkpJFUN5q/QS7Z/impoXFuHy6mlwyF1dqj7ojr+JruPoRtY+V80PcYOaPy9gafHfl1m6WjytzKbMm5prnII0i9W/h5VtKhuJf32Gk0w/z+J8+ffKo2/hV3q8mK2ycFZeHJ73qzRbvjJdgCbH/AC20GoWZsWv4FE+TheRdfom8Nu1NQnDIJxMaF+Hs9dZnGBv0tlqnugWJlE+zuLFknbdWTyPggn0D/+JrY6jYJxF/M90Wh1rEPx3niavaW1G6uSM1CdYXb4M54vP7J1wcqkWfnmLnYdP+IdJtMginHaYumW24h/5m+vjcLa4Cr/g2RhfRfNQrTFMQHLy+vSHJ28LPwfFkf3/h9ZesocRxHkQBrDXgNgso+DmKh5fwdonwUUUrPJoEixTnoIo4HOPvyzSWXoJO2P0mVXrc6v7Z1dQLQ4vuIlnM6wri+bpNXwcw0QmEU7m8ioKEqBQ8GgWhXhAdWVwrBewy/Xe42IRN+tX10Cx4NzwV/AiULkop5Zll0CPeDq5R9DrDIeRw9HWqw6TkV4gnRuVqn4LxxiqwX27mk3kNOJ4xullEv9T153jJGKjOMX5MqB9CDsyuA5nq2gADUxKNc/DW6gG2wxWiVUffZCX+/EyzSKodJo+Da6Wy0X+9PDwMl4qkj9O5/MVEPfbQ6K98cVqmWb54SS6jmaHeXw5DLPxVbyEtlZZdIjEhwaSENkfzSd/yOSSyAvN8uYFUgln03pARKHD8iCl4D3IVfEQzSrgTzh1b168PQtUT3ileFHMq5V5UeuDswnTE2X8HV5VVGeUTBYpLAb9g+l5kK8u5vESt8E/YKaXuHTlap/RtUgHZIGHd1J+4TSBd+bR7Bns6jteK1yVfIiL4LVa9mVffpmn13qgrsuGpcXHuJI4mfAgznD/L5FwlChncUrqzzoWYRVeExdUeta2rcrf8xbLItgEEVJ1OJBhMEvHcAhhUlZj3APhMrhKZxM1gmUYz/KaaqdpFhDfgfRDbc9n3FbAjeEr9KvcsJVamgdNqxLCIifRaTLNQu4drHbdiz6z0FhhgRyqjYC0CLen/R7u1mxO5LChfhyvzHZATKtqsXhD2IVuiGkczej056vFAu5+vB+m1IU0md3i33QyCzUrlk/fWQ0N6LWeBOEFXD3YzEvuVXAR4s2G7UjD0INoSbQGqMksHocVWsLFvW7SbNMj39WSatSW/ceKjlJp746Jf9cU0VFVOsUPJ8HFLXymZq9+eH5DxNJ0FztHDFexuncVAyCjqlytxdJAvcqFthMxY/59cq4CltMpd5IuJ5p6kKvGUYExgCMC5zycyI9Ij+Hc8LMBXzqtncdiGAkgPgk0BZdhPAn+99vvXh3+LZXjEo7hKs6ZtM6hqQFsYuDZgMsQqvsWn4yAW4uncIONpDaY93ePP7jnOQi+gZMcfQKWdQZ8iZw/fc+qDRjnsgdVzcDlwSCxw4t0IgO+oaEsw49QgQwF7vVZ/LGBkpmyhzeJ1e2fkQf+ZS/Yv7mCDgR7+M897o7mrPA3tadMt4imw8RfXuIJaGmWOAK8Sw8CmAQYe5JaVVEDuI7QtxgWYlLpJswu9LE4Jy1NwjUdfQoeI1NMcwazdzBi0pjfQj2fsMXxVQrcDVNEGO1VCLQsT6E3N9FsNmQiPglugMdJpy3tqSXErQxrFQKz6uJvS/PjdwirDGC5dDt/xCB2ohb3xmSVi+eMkYi3xRl7ZZ2FDWYMVTNZEoHEgpM2Scc5ztc4WizzQ7hPM1Q4HN6k2UfU7+BmH/Iuyg9Ji3D4B/rPtiaIlSNbniWq9P6nCnuRH25jphQ70P1ubp2vt0z4xuU2kCax1kDEZ+uWmIcTvkbC5PaezyyuxyrDnt0OlX4VGED8O4/h8obft7EAq3irxO/70+f3vz0P/wCj2sJBbhAri+XT0PR2OA8XQ/4qBGY3Htd+pTjk+nkf4sTVPmnpTr1orIqn3KWkqrgsZS1AymDlGv0u0pJa62eW5Nq03ifAka1gf89FG2K3NY8yVNThUgpHBDs/X6TJBG9+/aZWhIhG7/ZBSGtlOW1dSaxivKh9yVIP+8g9Xhvd/4xbfSRxLwlWiRa8J8HH6Fb4ZjgJ0GqaqVUNbV0YMLmo4rpwSYEg36IEiBYhUj0u03RG3DPVSquYRTAsIKhBmF3EyyzMbvVWQaYU+hLCm9BhRzP/WEXZbXgx4xpFnrnAfRCh0QO7fwXM7DydxNNb3IxCaVxUrUTR6gnaKkeLEhAqoP5mUjehRbbhqa7c89bh7rGSAHcHkA7RoMKuyWn6WVvMG6Sk0k+zyxBVyvSeMvX807WB9snWwssazWDaDvTawXmFrRIugQfgR3A1Y39El0J6dGP3c90kXDsZx7a6JXiy1t8NLS80Kn38lnNLyp4Oih4P6umh4NlcueNxJjyUOv6H5q6UOferyLlvJc49KHDuWHlzl4qbtZU2HofLrazxP1ddlTQPQEHjMTtuxYz/7HRVyNy9MsZzMlqUMN1mpLPy5c4VLx6z4q1w8Z+bXSpaHrCSxWOyncoV/wnuqFS5c4VK60y0sqvdlCjNCpR65Ymj+bjFZN2+SGXbc43ZXrG2w1ydFO2+ZIz4NVVbZv2qEb/Urq5aHM5qqlNG/hXwAtmMhFkX031W/2pARxl1M3mMYrOqNUbuba7ckGrqkx1shp4iT1Aaxng9B4RenunlmULp5Zlenunlmeb3e3mml2d6eaa+9PJML8/8WuUZHDPs1nUEGflU3rwQP1v+FW5z+Fnz+o1cOjB4S+akx2g6GauIBPycup27AjYaRKBCFxSHspGj8vNoMUtvkeVrYL87eSlbtfHYMaAIOyrPMU5GXggkeqjWxNU4CVhCMohCpfZs1J8aIBDzRrHC95S+LI+Ng2/IJpojixwWJDlmpup7WVqzxia1eAvTscqVo/q57Yl/3kQnfJyAae5dbHMXVxeqDL5I0mVEk4GxQ8WBBxLmwUyqHv/AWS9dLcQuv/z+7RltjyT+xyoywkEhGIqtoQkHLCmPBGcD0hmpxYqWCnW8VGXtXdTZz5NGtsq2Zl9vPT5vdliEiBDMrBepkPqKCZkVJ+dsqzIbyoxcjPnpcEC5+PmtB8FFmi4xwHPR5obczVPLqljNGVN887Oe5YI2RChWa/X6srDiEWVuXupgC3cVvlOExRnHYErXSZKqtxXbYErHKAdTukwKFt/IB1O2EwNhiqcroimecRENPfZcVSx3GSthyv1HTZhy36qqYrmnSApT7iGmwpS7jq4wZaM4C2v2uh709tgLU9Y94+vEY5jyABRlxdJ5jtujNUxZd47XieAw5X5iOUxZa0o94jtM2WRe14r5MOVeoj9M6Ty3nSJCTFl3hncdJWLKA1b9FUvnJWuNITFl3WVaI67ElHuJMDGl43x6RZ2Y0j3+xBR3JIopzTEpa3S7zeWiWLpumLI/gS3Zlp714q2uuhdve/G2F2978bYXb52z14u3vXj7MNjPXryV0ou3ztKLt5XSi7e9eFssWxVv3TAMpnTdKutCM3Qy5nPZDVKDu80uYp8XUIL1ese4d1M6bu11Tv/dASqYckfQCqbsAmTBlF3ALZjSiV61QTCY8qA35V1DNZhyJ6ANpvjCN5iyZSAHUzrsM89Xfa6/oXH3cb5VVJ06XvXoW1u/hsHYwiuvPm1B5vHExgizLKyyjI0f1z6o/MjU7GkwDWc59w9JangZFX5aXWiE6qfBz7989iuDfVcI7wqdfz2A980w3a21sdHd1W89HnuPx97jsf/e8djD6zCG+zeewXz8DU/OOmERlUq0ejy3iDaeXf6bzipQ5NlqEjFbG+GODGkjKq/rE650FpnvaqHsXn139uKpbDoFZkcajwkZ10hLzljm88WKWmCy/NjqTx1fw/WeTo07OdasnO7hT3u6ib4UftaEUNsGVchDZbbqvN3J0sNfXKNxCmMEqtOsdP3KXEATUB1MY7RD3W1zUmqlaB9WPvx6UmrZBz2zlrWYAiKsuoNLNF7VfN4m5urKz/AINXA4vix9oTLLrBRaYyBZkrhqWnt8sRgh8Ci33sZFa+aTT7WVSh2FSRrlyaMliJrw4QDWSqdXWdJ1ThO3Sj4m6U3SXO+rdAnk5K8p9FQfoNendjsM56/+BceSLc9PsglZe25twaDAWNStW6MkMA8/fRsll8hEPTn+qumlOFEvHTe8sgiXeH8/Df5r/104/OfR8OsP+++G8tfn6qeDv+y/HzmfH3x+CC/tvzsZ/qf89m6o//5p9OHzg79Yzw7+xckwOwRK4K/CDGZn0/2o6rHMmdb+NFZHdeLLNKF5h/xAFmaRSVEz8TrNoeZr4I1eRbCm8TXLlClczTX3rSk/IsGWtwZyE03D1Qxv66vwOgbuQW9h1UZzbScwZH7HjH0ehYnIzYU5UEwgcCMp8IAhZVSi+2+VMw5HkGBWi1kLaVctJ2rc3VsmUWXNpqNkNW8W7NSUNb6gVmu9reqSLIfF7VbzhlNwhLN/SjdN8ORxg9RYL1EWFNhIP0mLjXqUunBPdx+rdXHL84r0/ntPRfMfUThbXj27isYf63djpwhPqzaL9XlZfcidR0bJmr8antWUDkDFdp0PPasMHJfvkyuamcZrA9Vvt9853NqGcrBQ3L10BI4O/XSi/ppQu/cWu8/mlU/xfDUPgMzBScSbbKXf1KaXcDZLb1zXDBDoBDj3VQZVZjDZ82gSs7oAxVJcc6mC9sEymKfALO/Z3dozrbE2lDgeR4N7Smm6p1T3gVTV3M0CvYFVGKbZkCfZSvhXLRj6+HYJfNdqgaqldLXcBmpAtVaeJLZcRMvC8pDxCk9j9ZC6lJeplq7M+bYWGBejZPF6hYG+MTG5cMrTcYxcrauJqyxdXaL55hxt86PXco5Pn58rCcfxNWJyGb1ftCwKRywdzoHjNebAS+KzSThz64ENu19yk4UKJre21KO0hcG+ECmSckMl0h64m7GJPTUGtQL3hsqpbbUhC7froZhmtNlTK2F1za7VfM6sJW3g4yOUHFYO6QMLSFi36Qo40PyKou7jnJQIvAWgaRjkQJ8FVoRFn5CSx0v2pzvaCK3IIlRnrRHdXXKHVaqt5TlsOtly7WGRK5J9kCtIc8Yn2XneymdrBrQQpjJdsN5nwDtmCiKBEhhq2AIjfTraYgU3DjuJbpRu0tjRK87qfHNfwf+gGWxamB0RsBQAxTJ1tBta3WNObhYjxgMQWKSElvINpe4+D1ufh62uPARH6z4PW5+HzZQ+D1ufh63Pw9bnYevzsPV52Bq+0pL9M63X3oY8U1OtMTQaeLiSrYx4jgl0PwNB0CXXADdDaqOQUcaKJmHdNrlpFqxiFA47v1BG1dDRBPrToH73uzdwCkfRSI5iTa/ZPZglH9Ud04fGJpwYdd1mGzZ7Zb4tnw6YJtLRWFL/rXgYMmcp3rRL1ik5GzI8HAHgKU3MSOxGip+0NRlX8OZFFCXKqnoJslVTVnJphO0uqLxCWSwCmZUlQFF6KZ8f9+q75WIvh1PuSCc/dul7eZsMgAml6/Isw65/g/YlNwwelu/b7MJcPAyuqni7zi7b1JZcuvrWqiVUTi5Kk0dHXxZ0DqI2WhdJKqLdYu2I9kkLpyioq3s1WnuTcClIdXJQ+NTAYu4dX+1ZB586zv65+Bt3urWFwjY/Dq7QwHoRTfEuuohQ3Fin4/7r7PCyUKWwyMpFpEhS7nyH+rn2ti7B0IPqsXHFpdH2uZ2N+fT46Kjloq+3o3LRW+BNmFxuRflYrLFk7cnot7sw8tAx0jalOttOwYKT2wYcRw9Qn8IqlsJw9oqj3gNmIfwIzcGlOY4mxIUjf1cwhLkG+uJyFOy9ezL88sMebJgzDhrS3gb20JXzhBo6zQPqUF1beT88wP5jbAr+vyIXT+qWZR9udpfefv+iVBfZ1r6sqcq1mbUfUNUZQL/lc+qNK9D7d+/QS+ffhvyf9x+a3HU2x6eWAZ56ALF0MpMXKyx4S5toNfTWLaXMAZkjmzeljcHCLo52mt65hljZ3K5erPmBG9adODBdTC5bw3zpiPTSmwmKpTcT9GaC3kwQ9GaC3kzQmwmw9GaC3kzQWHozwZ2bCdy6lmbskDYhzIkT4il3eWKCFDyHOZhL+ylpba39UkN7NY7IZzV+SXQyLUlohExuknIAEEod0jvFckCdDQ3aLTVtzN2glTwAsbIsUK6dSdQHLqUrHsWWPa7vDgbljsBPdgF5sgugEw+i2QZqcs9b567BSu4EosQXmGTLcCSe2BmNL8B9DhP/Fs4MTGRD4EdhZYsfKIf+8VWYXKrwIH5FaUqb7AK5OlHsgi3fNtBglzjaTk/bk1n5b17t1msrS+3EajAwUn9eRiDzm4HZ+ojC7d4uafNdrMKrTVDuFCb/Ihx/xFbPf/45GKkce9TWL78M8bcMNibclb/80piJTZqwxzFRBzL6NI6iSR589QSXOAvHUH1eCguO53M+mV/+yXqJnfPhJUerlxFl/8JDnFCr6oLgPuer6TT+hJM2I7V88KVrCGem/8wq4J6M87naRLxS0xQ3LKk7ssuVI6Egl8+D88Ksnj+ldgrKJXG1bl9HrIyHBtWcqFGGswV0FLqSgSjF086WW3IdSG/g9A/85sCychwfPf5iMzvHpiYLtDA/B5Kq4GoajfN+R6+mOn0Cr9KbYJYWCcgskrBfJELzxZJTHmIsAL1F1mAdWCtMW0PTVymCgrCZ3nqbmebsI2xbPO4T6dwIVla7CcCyHXE3kEO51S+Rnm+KkTTRrFEOLgWb5BFarxvvFgaIIG6X+S65NgWwYQKEFoTymdAt1vepiM0zJ+Rfy06glcnCeGurbNWlxKQlcEWwlPN0lbAjFssOJi66sOT5IiLOPphkOq8g1twc0WmCxnnuoNmjARlEmXxLQ+Q1IfNKdQvJosi25Ja7NYvnsfBw7rV6VTNY4C1ZqGcJ5xx5g/Fyxq0Fw6FY/88f4ib4AfGv4JAu4XxsaS/UVLnhlrgJY7oeyIsFHlxTC038FeOFTKh9lIq9d4pUqzeL1LDBbrmHRcXgOySweQMUj/9aFmvaBI9HEd83xcBAH/HfliOi0eWIm9EB8Sb4yo6uMj1ROWEJuIfJuxWu+ijnWMWGbthfhbabncrgyhFvWsa1ZI6BwDwoRtJ47NE0Ykx/Ol3egIB7CMzXBP+gYYUY4BakiX1nNU6Ttce2Cltk6i5AFzWiEZU2ik7ZYksFTS51dSBFpfo8EYrsfmstd4NkEqNldK7A44AliC+v4HyvYFTwyxhWgVUXosOrH+i/N3SBtyl8hvdAOJmbTqjm4QDldBhqZu3k9Snjob1OJxzceDsIEOJvsprZP1prOAii5XjTJNWy2Qq9asJtcrNeDuwmM4ON0E1YvNJM+0A4VUbZlm56IygnQ1V8oZyw7ArOCctuIZ2Ki+lUoHhhOtGLfk6cDwzbCYuXvq0N4wlLlw3bFeupQMHce2drYE9Ytgv4hOX+QJ+49XsCfsLiAn/C0goAxS+1gEBh8QIraIUZbgGEMg05NKJOYChTQ7NTcxeAKN9++wNFYWn0KfRlx7fiS9jBj9DD5uXhP7i576DHLvTwGfQnq3flK3i/foL37SN4D/6Bd+wbeJd+gWv7BHocLrcvoP+56uoD+AD8/zxmx+335z87Xf397t7Xz3MyWnz8us1IZ9++O/fr8+KRPP35/Odml358D9iHz2Oynb57/hPc0Wfvzv31NjX1dfXRa+bz633zHM23paZuX6RyaFMNiplibYe5OinG3q9xVGuqtpBVqziqpXZ11eNGIHOl1iMxb0YuSC6m+6z+1YCOMnrU5TE6O6lai3rMmvrSoosATU0Fo228HgZsL8/08kyh9PJML8/08kzz+70808szvTxTX3p5ppdnfhvyzKsW5+zCkrk+dbhp14xfLKJNLtollr/pFnWzyG6XbL+9uA1X7FO/wXDZsSP23Tthb80Be+vO11tzvN6l07WPw3WrF4KTWjlIxQL9RtbLkCefFs6N+o1vSELaMSGJLD/XR9lY8W9q5+aFnGyN2VTYpeS1aljhDEmz4gmTZhNGWMJ/kE12w4xy1B1q1HJDo9HL2E28Y/16WdNh34GFCVgnk5x4hLui/nzvaKsqGSRM5wz/I8vclrptC4tSrPDFJ6BICMPPsILPrQ4CgX6h/B4Vll4eNR7oFiDKwhTRMExb6y04l7WXnYsfiI7k/K0/142jbA0at6p1nHkT8mjCfQsXUhs2oPFkQzdVCadri07f+n7D0gpWiqUwh6hZKhMF/I3nqG0QvgCdWNKFT9b4dZLAp4vC6mKXCsklvIbChVflO9S8nIeTyfkgOMeQSBD3zomngH/NgVE/p4tCB1X71N3mcaQKJdj2ek865vkudtvjVW9ASiyLVoQpLussKtZdPrRXm60oHU9M3Uu3tGaYxSWTiQIpMFdWi1ehxFyj/ozYxEOs47BL66hXTdIb3p02nCIdaQ6tlqhb9hM8BzoQJRPZcwtYafwXIxz7TDiyfygAwJnjffxUAv5J/XgU7EuVB9TAMNjn9g6Y/+HOdW1GnxP4QR2Tp6hOpUbFAdK/bovH/PK4GbvQ+sAfuxRLp41O6utd7XTWjRcytivg2rX2+ouYYDx/4Erkj28wrCrOjaWIAoEmE4ER8KUkgaGu+YhPlXA20CY1oLY2u60jhoE4c+YowmDsT5ex/Bix+luE2nARU0wBqrXy6+MR3VSW2QV9YOk3XN12CGIsF9E4xKqNk/aQgRauyNseQ0uG43SiM9zzxNX0w6s15jjGOq06XKCT1VjFwaS0cOQPv79KKDsW/k1WnwO/aXsTTQsquqvVxWiczi3N0zCPL/PD8nAPL2bpxeHkKDp6Eh5/8Rj+GE8mX37x9fGXXz+Jvv7iOIqOJ19dfDn5+nhyEX51uPh4eTjOJofkQP8Tqc1Hl+kfvj0++mr47fGxzwEs6JoU2MRQfPKHNObcmbzPlGu1w3d6ROkI9cfULl34PyztgATFss5a2e2ooMm/pQX9mIWqMQ5n45W4NMiK+i0ilpMiE2E069dhFiOkSiHyakSmQ/MIl/RiFc+W8Ez/6t847yJLASXA5hI0KB4AbD/+Pycvv8U9RrSx0yBLqp5mROzSZ90uYyydLmQsas52vZlUO2oz6X8XI7M67p0fVC0qqlWfT7/dg3Shsn3WWNXHX7piiQof7XxNvXDRuPjgymMZAiVsfQUZ/ZaXvLvmhx9vqnRhyGNR+oQOehH1ib6s0kQZALWiUl9ZLeOuKEfcW8z/QvDFTa6MznyIySxJ22+GhWyUft5+GjoKGZ1OQIe9344Ui6UwC/hJ/fjxSaeR+1CAXY2cVGdvxF7twUQU5qD4sWz7wmwgGJ0H3aHzgR5GSwWZZpSc7VPZjQkaO/Pdt47Z+96y26mZGhu9T10uPhiG5cJcCPt8oQ7TpFUpdAB5nXCWp5Un3hdWHW7//oS0GARKxwpTOhbUmKYCnoITb9oLkIWisC1NCpaiNVhsLGssaG091QXznKe6ZS22sJvZkPV5DhJKeosGTrI27XJ/17fYutO1v/HL2u8jzMTt2QOeXfTWgI02qvTHk5XvKkKJQ5Xvy1UUu3pKeRuMcfzetUo3/PldL9OEXdbiUenD7nwqls7yh3TSk9urNtXG+ZXf9+KLuVO0FV/D6b2rY6jb6nwA9ZcbHz2sqT90hdIfunJTOzp03i/7ya1Di39peRE5npZXinyyh0zaMo72MQxt07vjLSWpNr7i0R+f3dC29vZxbaiicKKtf3AAztVqHiZDhAYhnY793OGjzyEALsWxH7Slx+FrPWhRgj2fnDYmbfK9H3RFPDM+qlf0PxbPFKNvkHqaid3p8g60rmdKT6JdNKRfKj5GD07pXclcfI52i/NBQBadmziPlNdiY0OIlhfnbUOeBi/s6UUrUq6S2tZ3c8GwYwgU47HJmon+VvaYuDttvMWU25T2WbEg5FoMMdt2y/JhJWBhx+jerXS++QtlPPQGMWquwhwAPQ9J672hHcDGDJeHKLHSgp8twltz5skYeDEC4s8cdZ++ypdNs8Yz45y7wqypitsdDO9pziSdnzuHXUdcfG++rYtMoTqqD7VJpbAIYw74IzedPDf5QowVvhWJa2XdC6zsw+jEch5RbQUsgSa6FVXFbB16kz1Lk2l86eqZF79FNry1tn3ly21te1VxUMxF0vz1Pez91rl1helVBDgvO/8d3aQuBnxIva154JyOAhNd5aKb+Wd9Wazjj19m2PKS+VN7y+DBH9NhWtWH84q/rFKfqh3JqmBW7EtcD7zZSKr9/Okb6JjtZq+Nu8apVluN9aBqaykM1Dms1tG08ybuzE7+5LsxuxM5WrYbp08ryU7I5cVgJHPuI+DMruJLdJqZYWShTojTWG9YuyiNYMAIPY/3AUYElUGBJ/oJJwbOg8tUsAAuInGv1euVAF217ZDBa0wDTaML/q+XerIS8sd4S25lePHmypVtE17TK4fSA7nyO+VSqsuJozMhtehcmrMkOT+0MyiZPEkb3+dtaYoeyOrcdbqi2oRFXsKIx6zvhhloI213Jlm3qeR81137HRqo+rg4VNs7sU3KJv0W+41ovA5dD7nX3lylM5Xoj73um5Vl6WLIdF8gSYr8ubjncga/KEdCzT6keIBbxzuwTNgXRdRfxIK3G3Aukctiyt97rZC4GttckfzkufF8bgp4Izl5ffrDk7fOjlU610I2StU2DMJiiK7jMPiOPwqun7hlRFnjM1MXkad8dYEurDI58kQYJGeFf9cuyMGzN8+dRMbXZtSddne3vdW1YR3Z4lQLkSaEHqTj+0y+KRrjJrxVqES5h6MEpwZ4Fgo4jXgOI4UgDPfcK322qeikbhiISrFariSBAAY7I0Q0Rd6Yt3xbsJi4FVoYX4uf+ffsZv6NUAigP7xb4aLJ2+MGVMwAcISrjLon8rDYA5BdWKQ5AY219XRLbvAwXd81qu5V6bzNsNLCvlJpXtTZJQWpVgaEl5jpYEkJZtRZhJNJM5srOu0Rxojl97Z+ye0O1g8rXWP9SCueBXNkrvt17LSOYmrZ9koqqH8RsIu5mDx5AlMMGRcKrrJCcSDPXc1Uq8217tUuttfWiaCZo/xSflNn8fNfHH3d5h/RwSfC2w/CJ4y46+bCOtXOUnl6ru3UFXe8wTy9VrYWQNbFn8TXi0RgFDstlXwjqhD1LwYq7bBJtzQvmvd6GX6K5zvYdaX6qyKnegBj1y9vgUeNk2V0ibAKWQAb/6IJ6tQUf2dYM6Y42e2ccf01cyYPfj1zNsW8LVu/MLlWOUpGulS/M6UdBcJ/yM8sFcWXSepUbqjyDcVgKYqp0SB0ZQvW+uYRzMS+0FBBzCsEEA/hX3RIMw2EexM9QlRhwsRDPwVYx+TyoLVHzsDfpkY59Bc4uyX8jYG95olhpw5lUKPLZnW7Kq27SWbf/7JtSFhjvbuDq7Y7mIrHvqRKrWMrOioGZu3EUjvmt2fN64q+5re8pKpebf0KPyn8NGtZ1+KeNllfoatIur9qzonNhc+EEPm2SZSDtv1Z5IobplHZHrY4jX5kaGfzuDv1YKFyaz6JMzCpgyPEarU1g4zVr79LfMCiVdmSanBns70LdmxuGFR7hvnUV1imDlsX/TzL7DFSacx6N6iYY1hWg6mOieFBYAdCQE8G2Hj0j1WItnL1nWgMpNq1+4LktrUreMLIz9L0ac1ebJ9D3dFOi5PdXDJSr95rcDp/u5eM5ua2P4ulS6Y4jb+1SyZOdnjJ2JVb8/n7vWR2I/PPjURvz/CWLxnTiN8lc0lplD2uGa547d50u2bsXq3Zj1/LRQMC1LZ3GkWTtBmL8KWKwahgIeoFz1JJk2j7tj2qdA3bXlSMfOlte/7rqDKmb3klVdoBIfAZHP1PCo68zJDwos79sOa2r4drB8nZhSLOP1q789TXec8UVHJ3zJmoivz8Yer8Z/pTWyq+SGFd906NqyQf2pr9I5hCbV6TqmxpM3naUR8MFJQzBKWu3nYzLL235YVXi0ChT/h3Z/P4D7ZxHbbGU50lkEY00Jk5hBEcKOYeeE4xqbU14uMnMPRDNxh6gSYM/VZ56MXcUhgTDbn1NT+MIu99uErif6yinahwrKqLdlu2CbEkLIjgEnfMn9yVMsffZlsgzbCgwzQb8uRue9KaW6ryvrGAcMKA2y3pjL5bFKFDbRc+FccgLYGiQ8Z8sWyHDtEzriDe0bcdfwsxDVU8k/Sg6JiH4A9RNo+B/WtHqYPFNGmELObd/Ch8JOzb1sqOD/wcDqkMO0ilpU88gV0eH/j5r0rd/l1fq/Odu09fjEaj4J9RlirHyd2ctSY2aJenrqFNlVtN4rYV2yNZa0Vc8YTPMcmXrDxjShjVlRnvfzxf0ynBKUmzmuGc3bZzqZhYbEH0USJFLDmA8barbulhVgwL8QgJUWXNtTacc7f1bapE3rqgcFT0WmnXMUxt9j1bUUxuhvQq0aGpL76F6cQt0oo5gWUWJper8LL1SvNkXQvj/kF39c1K+4FeSPCteuRxmHGc7mF6D6Mr0phHzurG4XtDtulGEFAez3aylDR1JA0u+MlylSUqDaJoUtVGmGJmd18QstOl5mYwTzkmygOpUKUYugr2MaeJ5N8j3keFhB4EFA2ooR5m6djK6gMUoHGfG1SDwjEVDP0pBVKzhyUcAk26fAcUjYA/oGmxpgQaGH/MGchII9zBfUy5UKPgfJqm55yVXqwg59Dp5ctwcT4wU09rMlb4R5T+IQ3OR/LmCOvwnfRpec2kg8ublI5+zotCuTWYyTS9zdu6JLyTMCBY3VOeFe7rt/CDd0eB2qeRABmxAx071KkchZQ8psNek0o0r6VzQUG/m9feeNqNMIMGv/VOcmNd6Z7BdjIBYx/2HVldNcwGPRwvZ4cIiIYb/vCAPHrnKjmsN9CuPSHEQ9JpiQtz55eKCgv6LvLQKZ5VQAk4jbmIJ+GskHYT1Trn7x7JI0zE/OjDuTWtmoBghZ0OEzmHF87K6MkX/3KOkaNRmAlLQbviXO8vv2ODr757JBVCd7161Tnz0Brohx35yzncO3Dd7BTIk5so3wnq50mcL2bhrboRKrcBhWSql+0EJuKXTFey2l+eXaLEjRdZFH4s1a8NUVJh4U1/EkkpdgaFYULP93BA0HFkA54GP2PHf9nrtJ/3zIX3/Ztv+W7DRq5SpbtX4usIf9r7le/KF5ovuoP9aRqDesYz4MqRvyuxZ6QPKODx1XAwCCCulp0+oF1bZHvwJ9y4nTietzGiSVX7C5WpXCFhuQeU1bgmfYufhUYV2NMXKWw2NSxkeKr9QElGzjjCpoc0xAFD5FTfViHxHE097cZKYxH6AH2rVg7/Xc2WQuGzVYJ5h4Ioy9Js0LZkqDyR5FmeHQl1kES1I3xz3SAsGFGFhv4W9pRSCWltrbbW0YknTVy+CMfIUFnKJc/eMqaGupAtAicr1TI9tGyEuG9nGes0BWsfTMqcNoZx8zRh2JdKLGXhcIq1E/bevwc6MeIknio0T20OxSNJpMm3Ry/8Yq9U2fukJZQZ9RmdR9D7eH/v33jJ9vNoNh3BTwf/tnfQmVw7gFtL3+yYXsP2yf2JNMexBmQIJPi804T22w5pPHfQ5E4PFby4ie6s2fLyVYWGC9kn0LqMKXpIfAkwhkyVtM7YVnH47jJkSEyAjon+4e6IXWevMn17A/tHYMMv4skkSoo/vxHuqfjr89VihmlCI292BLFQFESsihmWVIo1PfOt9QRO9HRFGTjCycQasuZ7xqhf46yG41lMzCTNPy4jJ0rWunqCMpMoLFWPAQFekkMXEa5Kf/2665t3F3W46+11+zu9np2/VEve+UO9K3ZCMla+dLRw4veIayqJEhaD1o42aYoGNJa7l3YVMHyj90nWkOzyMk0vZ9HhOJoNkct+n5y14HeaQnIKusY4dE9Ro+rJV0qoV1CNqKPBOd425/qq9KyzXlEJI7lIV4keCA/Ls0rOaPc+ObVEuMLUGP8G5Hg8azUaUebxmFNAh5CCGn7aCrpqiuVkwVwMo4fh7L1PEF6IpnREz3w1U2EyUQpR2sRjnamPVGkwAVQx8Dr7pvKDc5oubxavfVJrjRGe9bNqlfSNB0VvWI5WWbxPCAVIL4DvvlAz+g7q+Ht0++F8QDpN4VYx+U1prrpUzHVSqhA6B5w6aqYdyTvtjJpBUit4TIC3yFJ2cZquknGXA5yv0FyVy76C3u2PRiNZ/Jpl9d0PqfYA4KMBu5gyCaklY5XfhmsWf1BzisLBrTUN7xM9D1vYxvB3CPL5QNEzRYr8J4MJFlaiSZGw9vnT98mQG+08wwrLkA9Z/jT4+T1dV+/3ngbv92hB4Q5ZpAnO/LtHP8aTy2j56MNokcVpFnt4AHD5n8D3v9/7pdRP7oEKGRejtHeGlmpP2YeIdiD9OZAz/r/+7FnlUfA//od8gz0+OmjqcyfhlfOl1/Q3X4bZMv8RCNv+I7xCH3F77xNxO/Ssn/BTlV2arLFjYD3TOSoUJBsgbngfM7bv9cp6douMQKNARd4n5rbN2TTtfWGPZ6uJbGWNQ0A3jg2rqbU1OFLPquFUyxWi/LrpKvGZDjhjvtLad9yEdWnrJIrqx1vpgP8ks9fk+z0lEiC/+n5vFJxUf/Sv1HIO0M4FIU48ctInyjzYgYdJUvHpATq6xU0mtgv0OJK+KYcwM7MCILCVadWNKIYDW+lA9ethCDUuY6lR34qla+8TyluudxJn0dJeT9k8OH8XDv95MvzPn0bDww/y99Hwa/rn5958XuE2he1/UuFHVdsuINFiAVkoRMoJFafZRHCii95a4k1x5SkqBtJJ43ti6A5RkEc//fRI2vXdbtAn+Iqs0kDpoTKogqoa6ZrknUm65GeeNT8aVmoI8ytV/aH90LfGn37KZ6aO18WVYYW/RLbMPdIaq8Kc4JsXb1+8+eHFcwQ2voEFk+5J13+WX3+Btrsoh+Qz1gTBfl4GcBbobO8N4C+Ks4M/PWt8v5esZjP+NE74v2HO/yXFMP8JPHi+7FIrMu1xojoVcZ+we2kmfwhP2KXSeApvqyHHc9SMcWWzSP2RposuNS7C8cfwUvpGi46adf4na/zglijwh75VB8LsCBGAoxkWD/6k2OL6zNpPP+lqfvop+F8B84dAgrvoJpzd/DTEnzbp4yd1VLGinfQxiyZwTqGZTbqpKikQr4nubwfp5RxrPgei8TEi+5y6Yc7T2eRtQREDV6//hQubfhaPY6RH4fvkfJmFSR5rHTNKiu+Tv94qpazvOWjqWG4sLMrXmKUuaudMN+6rh6e76UJ3jy9Jzv/OdhoYx/evn5+cvfDW7JPaPVcJOd4n+cd4sWCTImo8FNfLjhzebBipm6coVo4622U8EBzlm53aZXzjk5BVw4Vpfa1D4spdIB+WvFhR1h2CyD1E1On2iBSPEVar565BI84vPw3b8p2o0t1d2i8DCpuBbXR6EjoKLtMekfIbZEtpq72Lu6pnphH9+hq46Fw62izWsT3eUSYSVdbOSKJK98wkqnRKa9ueqUSVB726d5/JRJV1M5qo0mG1PF/1eK3tRhqWczw0vNfS1FpZzIb6s9qHjXqR3WQ/kwzk6+Q+k0+tMAW8N/hXONXo/sDIv8AScRKruv1yyhCnwDXNcHeJiRI/Z6jlYgo1nXmXrOp1s1TugjDDjT1w3xfivfE8WszSW7Jk1G8pvzNdrY3HrrTp8hxTdckLnF694Vg3TgKWMJB8IvZs1B9YZ6iKL7V6WR4bZSwLSJeYs8egnUWZlZj1vSytWWOT5GWD6qNowvCyLF3YGdPON0kvQ3O/raQyVBl8Adcd+QWpuGtr4NqnUfRjMn63aEWOKOQB//L7t2cm5NbwZfZ8yA2QcMo3cVRz3/iVDH6y7+gmSsJLmPzK2nvm0XQH628zh6x4Wj1P52Hsn3y0ZUkLlSq+Wfl0TfhXtlPT9JjkTGPxCYpbguBfaqgUmOyPbFLGCr+xG86JISDuDUVbe+d4oSxYYBoiv/L2wGSyGXkCIQlWmSBZJSKbYXSm0jmq4weV1BOCB7cjZFH+Iwpny6tnaOT33hbVT60smS8rD917SGHjd582X0kHpvf75Ir6c9vG0HoFJneLSO4UirwGfqkeWyl9lMIyVcATGC2h3tQnUmLc2xnZk+Q2mK4yChvLonk0iTUiDKmTVLA8KoPgzGKcxJ7duT3TJrPR5AXW2uwev5xme1pWkgo7Yc8UAQ7aEWfwNnqLhu7V4iyeR+lqB0ht5RZUNDaKotGysITkVI8npePhwoL3VUop8DJzOq2tQAGPxezXr/AujvPkEfQpz9NxHPrAGyyvsnR1iZT6/C0GxrxmH+Ds9Pm5Cs9srQONLpOVxPsRAIbEcOgsrujYEWbGr4/xAol99FG/CeF+hAEL0yzUCgLya73FmWIhmKY8X4bzRbBP+k0JKAmv4epB2a8dyR8aS5Nlls6C17MwiahJqDucgeQ52XJLsqx3MyzTmNaR0YVeqL99rZ+zZpo2/PER3m0YueoFM3mbroCXyK+IkY5zUszxNoFuwLAH+gTxjR590qp8+OLIL9rfg15bhPBMePvtY1RVmmCZSXOv7Nxj02QlZ7RWLm765I9LOCqFvSNPM69zWz6jM6C7aGVYsEppwPtsGmP6eXaNq9Iycj/MUA5uR/lgFjInZeyN8n6YZumcQZ3UVBkenzb7FfwPilfTwnxpd0qmjR4W7dDqKoumsxjFPCDjlGwUalTywsnr062qbHVOah/dXGG3Uf4UyU4iQ5bp8YoU6qTl6wSDsI5C8HTKnc/ENSMMFnE0joqYbZKMW36EccZZpIG6iGB08ImTkAYVsCqQFISDcPi3VHa/BE0BCVyS4+dAO5rCIFHn9RafjEBwjKdAKEdSG6zKu8cf/BTHGPctmaUGKhZMxmtoQsyBW4Gu34jDi1TnyqUBLcOPEUcRMrGcxR89Awb2KADWDOFnFMN/2Qv22deJTO573CkdwmnnXjadY/inLL4EdtrTR44caK5hig/QJoNAMKlVITUT5xbeS7mzMN/Q0+L8eDXM4fuPNWsC83kgiDb5LdT2iUjgVZpHguUFIyeUhjzFMP1oNhsqD7abECikn5lbLa2Y5IFx7Ahv2fEAf4Rh7urs/h3qXocCBcFLhblQCBoZSUomuHfmK+Cxbg+JOiMYQZrlhxM0nh3m8eUwzIDCLyO63jBH0hDewy1Enp/zyR9I4TrEofs4YHWaT1dycrusM5+vrDO18XzWQGHALGE0WH6IKpHrOLo5RKUdjHqIh2YobtiH5Bpz+Af6zy6mj9xudjmH1MBDmUgKOz7c9jwq7+p1eQjP2XyrAHRK7SEtZHsGR+bb99U8nPCFFiYewNVYdkwNcLUoOnR8OxR2bwj845DEaWAs4PdtL88q3hnR/f70+UPZ2od/gHFumUR0MLMWNEPo1yLWwWU6j8fOb7XW5JkSqHcAMVppwmAIGEuZsE/qDeKfJjCgDMTodrkP+DPGzmSzC4lsrCJCS5LqASO2WK2gBg5O1YWC9mv3Xp+ll/E4nAXfvYGTjaFsfLxrRhCTNoElQ9Up05OWhtbBmvM6Nt9XVsMOiQ1ZU2ZpV1REAXPSHP1HOhEQDD2aM9wq2QuVJmwUBD8qwAj2wTRNIlLDRWRg7i5BDvVxEkQJZZULcFOAaS5ZYSKdDSQWqWWH+GgYOriScKfWiFaW0ZS31UDBrJ4hAqxXtSBfcfYUiefxo5G7xn1Y+imhuayH3KAWXuUnV1pYDmHibaDQAUiOpJ1m7SPf+Q2nSwJzYC4g2nCDcSnIxHLsdKjs3vHVnkVYTP4FdrmlAXi2Uzgux8EV8DYwH1O8IS8iFM3WH0TXHeEBi86lsB2U1b1IuB7AHu/iQ+u5ZENvyssmunYLx/265eoN9SZM2pHk1mY8qPaSLTGj3+7OhEiHVdst6yyHBctgbhsGW/sR50oZVhjaXnEG9oD9oYgCuO7H0YSkFORtCybX9kG/QDS5d0+GX37Yg21GWqJ5FCqWzZ4G5RyhpoHmBLXm7UdiPyR0AHRfxf9XBOpJ3XLtA3/SbuXZvyjVSBbdL2sqbD8Iu0gBrRL5BP/1/t27o+HXH/5tyP95/+FftmPd8Trs0OM3aGF7GyEt3ZqvVKnacuI4czJyeQHvJZVvKIluYOMoFxtl1GDttbPVCzEXuje1bbY7CvZV/dq1x1yA2qiIBzRPUcWct0XgkFIA+uDeoffvsmNlhHNuaz9HEWDqoS9vlxm6Jjt9VAq7qPiZ8h8YXwH5Us6A/Io6Lu7rJVeoiWzNlRo6+bb5svvLHVlLtd1P+SMVjIGCm4WH5TJKCFbYTJNW/FUG7K1iF6wu0e4TICQdiymszEU4/kiotj//HIyUMy41+8svQ/yt4hs7WspOfWW9BbfVJJ3DvxodOwvdsYc/UR7ziJ0fAdH46kkBHVj1ljC74vmcfSy+/JP1EjsMwEutbV9GBH2IvvYJtS1MufQ/X02nMWEgS+rWL9uHc2bGgqOYR7jR43xuwOaK4dlhdrlyeCzb5fPgvLAm50+ptYKtqoNHoaqSBwuVnahxh7MFdFpwoBXoJE4Nidxw7c8QabLLrGA77q1TM5jqFlcfBPuKTpK5TP08El/3alP5uw80ZQcdctB5wCluPwmd132OAuJz4CvJ3aJd5u5Cnmqq1lTqKr0JZqnQIsuzgCFAl7jrl+w0jm4V9BYJcDpjpCyoswMIVJyL9G19w6r3DOGwkDBOpIsj2LRaBwDb5og7g2FPt/olsoXiDYu+Hv5sw/GRYlweumeu196ilc3CeCc7xqpXZyxLl+HMys9M3oF6K5S3D5zjhPyiJ1gVTxLW7J56csST0GGVkSk4GpDswvMpzZFKRdaFWhBaTw6NIPBR52bxPJbYPJ8Vf1UzcAUrK04+5wLKz20Gw6GI+m7MkF/RhvohncE18TxaQhM72Fc11W+4vW7CmLMxoIoMHlxTC27xcEnYxhPqRTQZ+e86qVxvPKlh45334LcGw69Gef439H7b1o4o1mrpfqyQZNvalCroK5YXBNcTx64ulTdFv9MWF0LLfdAO8SIofmqMnRILXnq2A57pj4ocSueL1VJAho3f9CORLp2dsb8NbVuCivZhZ0lEAM1kYqQjwLtlESKlKLHCmCVUOo48nS5vwiw6BJ56gn/Q4BDfWMeuSF9bpqySAraoQSflEY6cR0MJiI8v4Jg8thbS50ScTs1Gt6I8BKxNmSNLG4hoQA2X2Xo+3DYEcqXjJvlURnm55ULiMTU3rnF6mA4LJ0n6/cZu1hhoiX6yir2FazWu+Jb5MNVbP2QXX2kkuESnQWeN/oY23d6ZlwmhuzWp0IDl/mcdJhYHdSINzrhY2P6PcuttXHMfK8ppxayMqYkwjoGSBZVkXI1LvfI39b1Kl0Ck/4opGiwHX7tFOnPGZD4R9+on2YS89m5telGgdmFeWnAPX3hbu3q85cS/RsW6j8hsqF3dfzeUvz5XPx38Zf/9yPn84PNDeGn/3cnwP+W3d0P990+jD58f/MV6dtCmvu1kV4J7OUTEz11sc1V3xepM276UaDAuUSqfvVbOMRy8ThED6DoaBK+iS87ChgqZlPOP+lRJbgTyPptEFbt1EV2F1zHaM9UBUa351HuCKcHpbTMtlpmjMD3KkZqvSvSPyFb6quQEawlqV2feN5XqQ6JmpXsfCMpt4074IdUP9dR6vKpWenunws/SOizuZzcb72cXNTZRD5V5mzl0PYQi/1GtA1GUd1Xgt9AZVZ/2yTCclH4kOm1K4raYof+qzotnhV23uLZTCE3SduHcv4jky+RYZtUdxmOpm1yg29SKpFZwEQy1s8WUgetRJWhXo9Mg6twa6XgM1HqyypS0MYun0fh2PNNqXtgvIJyHsF1kqt9Gy63iR+GJTr6ZxZdXXq5J3lmfu6d87pzveR0nKWu4xtmStbdz1DjATT/lp9Yu0et1hckQk0CuIkb6i+dtcp4qb+x4NRTuuLq8JDXCCptsdWSzlwQ30CXGChnwIfVqNJ3hRWhtnmB/la9AWr3VUB2y/5ChRcWL2aYHyLJQCLH4MxCJ4kH4Dpq57dNEzHWzYB8Vzripo2RZOGjY4KDWOwXdF2Y34a2fi5dAxFOIrgwN8esRzuImsQ8huYKo1ph2ejXw0tpDQj8FMxqYkPgTNKus+yhCQ3tjGKpXnmIsKm+Wlf0uzlUDj4/+dVDeK5YWhY0LuXb2gNd9g5OY2FB8G11D8Tj0nQ87v1HJKYh0dwKPByyp8WChJAQsVqnW2j1asDBjxylLiFE0M4HRzKTfaTNxq7IRvkAHXzJcHaj0+8VkF9HFduU6Xxv/GKz4V9gi0xhdCLJwno+C1zrv4AzBA1qbqNzyyl+BxKQ/B2/sLmzzcuL9/DqF/eEh/613I9htFHwOFvwTCfawTZuMrkGMlCye3grwk7Hx0QFGooPkxzuBZEVk3HtDhudBsPcquonyJaYj+w6oum/OUhIYk9Ro4zFLGoLIFqXH5/Y8AF22KIzkzPRozTfP1zDgQXm9ysP2epXnxePVTqwGMA1vV5lf5t/fAINEY9UOaxUIGk3EbTw3hPybrFAFHl7AvRr4JgdSV061eu/TYqQYzNtzkaczTGAtFe5Hn54GXx6Ur2LfW1F1z1xcWN/x0b+2+kpwIUkLeycgyUfoGfsSvU+NZx3ax/xqOykNjuqejVfsGkRGVWuIeLXiLcv3gF8LBRP/FviVJ4pfQfHU5lnUrgG+zC9WfLUIyKEJWU9xqq276Ti1jYTsa6UR2UO9mjH7EMGwUYrDnuvln6S0kux+FRw/If5K7RLP8yXbO/iO3JFn1uaiEHOKBPooIBvVafNqRE8tTpv4aw+AOOdK0sR5IRtxzbHOVkniC6gQWnZaS4xdaWZEcaKlqep0yjdk0wRhSx+43wkVL5GYDrR8ZX1ZWdRdk+W1DlNXsrw+IZ14x5M1kX59u3oS/YKz9jZJMpKejUgyydNQ4x/rj7YPvfZqh2m6EMwCOQ4VPNZgS6PRtJJ9UJnzF/YdaWn1KjNk1VPMtq+kupNoudwvOW137AfGEDRSYA4laVimhyQo+0TEdfYnl3A5o3kfYe5kWlxLyirIsHTxf5ewSOTn1qzEKJjxTuKwj8Q0LFbZ+rbqudeybMfr1icaoMvKLQtAaZj5dxaIB5F4arBxogi5rb5i9xWNaNfC7DdFC+QmUJwb80aj5uKr6bhI0yWaHhbb3vq64qJ3i/m5irFmObC0Vq+R0c08q7l56UlcuiiDMM/0jtglqFoh8rFhtQzNV0ps6ad5J29X9jWzgPjaP+wWcN8VTw7LNjHlsHTkaDtiy1V67B0Qfx8Yc1geCs4cloeDNYflXvHmsNwb5hyW+8Gdw7IF7Dmava4H3ReDDsu6Z3x9LDosDwqPDkvnOfbFpcOy7hyvj0+H5T4x6rCsNaXeWHVYNpnXDTDrsNwjbh2WznO7Bn4dlnVn+G5w7LD8KrDssHReMk9MOyzrLtPa2HZY7hHfDss6uD++yd82wbrzh+TBhF5tzIR3t4sY5NsWaksI5wXJtvSsF2911b1424u3vXjbi7e9eOucvV687cXbh8F+9uKtlF68dZZevK2UXrztxdti2ap4qzKmbVuw1ZnYlLeW+nfI7tqKX6yaq9FbwcLV0CDanXD/uJws0f9P8GLivNCpeZRdKhg4ZlbtjIP6TZPBSyGPbVFKDpMkFTAYLz8+DX7yuqPUeQdOetZYSDxPglWilRcTSpbLMoiVHFdh8AmxZzFhDszyhacvVbREiV0jnyxTCn5MuX7aSYgPFkcYmJ5dxMsszG712hK8z61K4+nV4D9WUXbL7kxQt0iOF5InOrtWeJXzdBJPbylKkunUWokt6gnjChoaXgLBg3vHTPm2KdksvIhmv/5NycNgdRHuOwS+YcxJDMw2mRHq07mn2SXI8/+MJEf3MrpMM/inV8v7+TiV3AuMC32g9wJQslvBe1eQ0TnHDlLomB3Ji5gcnqdvQpnd47FvrEHXzcZTud195vmqz8U4NI5AzreKSlXHqx59a+vXkHPMNz5tSYvZ2oN2TPc26IKuoAWuEXUDKJDb/TVS7Pq2/M67XY+41wkElMLlWsAj7nbDMWdk6ob6O/jJOZGbfKnXSzMeQh+gU41enTg0GziYdUuk84PxlTpYAoltbI003ShgYXAFASGcC0ACNd6I6evD5NCUb8uDkiqDL+DCI7gv5QdbWGQVAq4w13gkbggv4gtJk/jy+7dnHDAQ/0Ny5ZBO1Z4QuQkShiZXmVxb7EfUGQXOpPcb3UiM32atuYt2W9hKj790YSt5oip53b/TMJ4BoXyeztEuta3lLNaqZAR1cuVpMJHHFvePc2TxXeFScBaXqfvWe2lyrITEi8qyfFPsiMWbpoVN5KV63REeiaYFG8LGee+fDrhcnjycb/YRH6idX0+Kg4XZrM6mf/d5Drx2+O8uw0HbffAbym1AZP0usxrQ3Pb5DAqlz2fQ1E7TpmnOZEAbumMOA5Jh+uwFv/LsBbTyv7sUBl43eJ+8oE9ecNdbqU9b8JtIW7C9TfEbiO1lZWdDWG+dOrCP6y06Plv3dV6CeW8TurD0jtA1pXeEbulx7wjdO0L3jtC9I7SU3hG6d4R2l94RuneE7h2hdekdoXtH6GLp43yrpUXc7cXbXrxtKr1424u3vXjbi7eF0ou3VHrxthdve/G2Unrxthdvm0ov3jaU33Ocr4/82cft6tLH7fZxu33cbh+3a5U+breP2723uN3GoTU84Pz1xT4V6IEkuBfmIb0Qakz6NzxbdvBl8Xw039c6o3rNZBQaNy9q13GVnLjaEyuIs8ERsTEEr9DoM9WobpMUPticVthrl0jSAzsV3DoDMLkdNqRoaeNtYDzLsywEkUW5028axlytUQd5YvYeYe0iswTBUr+tklbBX2p/oB4U7swrl66eNXb6atc5mijH7oxuddMaRWyhqyzF8ITktItBRR+T9CahjFKJ9kLltNhUYWPj+BauFWuRpXa6v8Yo3iDr0dRzFdeGyXDI8dpJVhzXLkhIedic19N36aQavnyvVnPYnhgZSNyTfgbzOOYwIfQZjuGuDi/QYZhmS69ky2LxZDHfGGBQRiOTXop2aQoh9QhzaZ1FGGverADxnUSuRScw5n9p25zaho9yOQ56xlAL/Qxk3dmzMHcEFaCDd650KLjvcBLHV2ma0z7Fg4KadNzRSzPTqMe2okSDy1UIDS8x+SPUsYvFao4z3sZS5SAfZPGyMXrTd7FUPSbQDS1On5Cri5d8c+JEa/L8hpdznKJCKmf5FjmuHOdcw1YhU2oljWtsnegT0DmBvVI3EOyHFbeIT8LxEklJmqGU64oLwp3xVo2H10wBGxCQRaLS170lyvrnb8JZ80azVrIx5LZ9lWp4AFPquAFjVuJjMqCrAH49y1Yw49TlQfB9QsS6qe+t/XKlZ/PdOQqGwlws9vklYxYe+3Qkxr7ROJ0fepzvlxh4MdK1jqgdK7+bVi/irsjSPNdMQk62v+BEhYAPgosVZmwchxiNa4Rpw/s0dsJIVdPVDASjKApGFOvEy2S6lx9wDsbwIp7htqPQOszSDgeIbtZ4vkgz2OGN2sM7Ihkuxn9Yw7PUvsajr32Ezdc8cAoEzay+4kH/JuHTdbdSYaNWPzBMFzD3Sx2InSb63ZruSnp4I8pWV82Kxf+qGnvqisC/Pr4AhuFxy0jkreAyS1eLnBNHYuwx0jOR+VUodTiZIFpHxsqbuHZEeCgt1v1RriiN1iL+cPxXalB8LqojdrPQLpGjMrhGemLJIzqoxxaMREtnCwhqPPrWaBIBsPwd6aXNcqMZlOjJD2EWI7XI33D+0TfRVCwy+feLs/Q5VDoIXiMJmWyKfWTkH+0EpVhI5I+Q0ofI2izlGmgmT/aQ+WXY7cgMvRFauAl6kb9IVBlhi47rHkQjLOuJRx3lo03kICy+shAWLzVki0yEpRNIzF3IRlhotYTZRmYU+W0ZqydE1JPHf/zqT5tOn88VZEqXmay5q0o0b6T1/da1ZcfPyl69CTkb9EWYU4r4tqn9hrgyZLjHbE+ubSjWNBUY5uPHzEZRtyrcz7tPH0b1V+/Xg1Jf4TfcCZjAty31LV1NaNlCUihGtBqSF+mxeGLn1NzXpgja0dOgHaSpDWDHLUdj6bJdMiVyyZVBzpuXWTiHYYEIDEJbssTbP7OPXzfR271rXmfpZDWOWOOvRe/yXYonVoD5QH6ElbPSMoMUJ/HXuXRHSdVuhDqChBGZnmK2S2JAV2key5mqx8ZSswSXdkpT0QpIYninZgCLP3CJJ2iJAC09Df7r3cnwP8PhPz/syx9Hw69/Gjz98Ln1zw8Hf/mXTYmiW6DFsrZQ65zwFoEXS1v+7WGwh83tuV+hvrjfkb5sOpVtKdILE7krYbt4bR67kPHMXtt/xzsKNttQ/vpc/XTwl/33I+fzg88P4SVrn354NzSbdPTh84O/WM8ONtyy7fYuL9GXXxU2p/E5E9zGx43SMz9ukKCxdDCrNSirtm9Va+zuVoxqIC0ruaxNXlbvFSFwbSGR9X1K0CNGqqbneKsob2Z1Z27F6tXcE20G06NgF8DaeQ0XiyjMNGiDoa1hSzfbpT5BXXI59RSGZL1fnHX7AaG46IE10aAW8E7PmXyu21Vz6iAb5dneZGb95pcLiq9uN5Nu/iIkDqvIAFGWZPFlrMNmrgv7zIPTE85G6ZfO42QGc3lOS2nOmTokRXhfBgmWc6NCJNC1H51GHJ+0DbLYdJyP0VtSKQPC4Ln8otU42n0OXaySvB225z6xYb08E7vtikavRFqOtuOoymnFsyicTCzHqYA9DWFxruJLZM9n6Desvdlaai+eqx90n1o+e45SMjo1TZ7aLDiCeuknJDPAL5epRFgRwuw8vTa7L4GdYQWpuafC3zeyk2fkui5onRzQurufdfKIrPM/016MHo25/Bw9Prc9IY2XY/uXHZy9fF0KH+hq3pcrYY0joSbhW1yfLbridZ1dHZdrrt+4dOdSDAe/1TbmV+kSBkJKEXYd16GGujbKgXBzlYob7/JqlTstBFyW6WLIhFkiLEv3cD6+iuYheQIBy4TUU8xModPP0J4BFYspLIMJVIxJP2M347GYF3B/RKFLtua6Oqwlf1AAapafSlzStu4BeC85eX36w5O3Hl2tdNfrYJeaaBicxedex2HwHX8UXD/xaEHtjDNTI5GRfHUhSUGstohixG68by5/15Jh8OzNcw9i0C32fH3H7vXChOraK3HkZjmE1FIQM1LjfSbCeF3ObsJbFdSdt+Ifq8J4k89Cic0VNxekQ6gtivOOsbRc3UndkNAgs1quwtkMIxcQrjq+5jQhgXmrWzsW/7bC7DSvJRxBtGvfCB0CWsd7HK6O3K0jNEW5fABLuMqoqxTvrm0TyDAs0jyPvfgFLAWdhoqcGK64r0MmmkDBs5XP9QjT+J0XdMTa2xIbKOxDhXmq6MEcc4LIpMD+u0TDwpJ8DdTJhnNO866lYtId9Wvsu8bJ7Y7XGBtYY41J844eI1nUr/V21lrghne52grRWGT6IsBxJz7GFHN9yM2hYJfJnncv82impvtcWv+wfBSG2kfBeu45QcqvptvEWuqkL46+duuT9Df+OQq4dIxDa7ONmbLe9sT6y5msGGJGmJ573KIe2aFM2ep+9s/9ZIpPFihTxNq3xtLKl6LkUf/StvluC7XVWdP85cvwEzlk7HLfltqqivPqAcyJfnlr/Ln4kVC4AuXY8qvZV1SujlJcXO5kRiV5WHVG5cGveUbFp2iH88gtyPE0krv6XZxUlC+C/MzSZHyZpB5KJ1W+ITOdotr5aoH+6mwCpSqBLpBbTAQztC90XCBEwkVsjCxD+Bcd/Eyjt91Ej7LI8iUjr0l3ljVTLMiSq9UFOTQYKtPU9OHFLL04BE52CX8vPl4emieGZTyUoY0u2+wUqrTuOx+nIVV8IktKX+yYPehwRa63m6kBixSIlpERv9YQNhwr0YsuXS5bzaDscPFVG9ogGX5SOcisDbABb7j5TvD1ETXFzxHUFHPodzvT3EjDVCvrz9anugv5u5O5vhv1b6Eha86JvzHZjyKE17I1v3DjLqzvku64h1tV/d7Jiuya8ZwbRt1eBaYwFbaw8xE4nQYvysIC3hocj1k2/LHsC8sREws3S28YIBQ9X7Mg+seKgH/Ud6LDkWo37NGSXGpbOoTndYwcmenZRn3ZFV9+BzszTnZ/AUobVl7l3+EFqHnY3c506QIsTvXv5QKMkzu6AO2GymnD+wvQlPnuNS9zo1exV2EnF6Bpyu8CvKTs8B5XIFe8YZ+6XYF23zbqza/3EgQhdJc7E2XcVkMlvlQxVhask71Q7ynUp0m0W9szNbCG7Tn6FNKRk+iv3va8+VqrqKwdrrY0YQCdLqNPKnCizFDxwhNQ5L3wVpZu9cvjh6Fc7Zo9Zc1FqvM/K6hZ75G/UtX5eZTVeaD19MCTHvgCbHNZb6/VOD8zOajZb2SR8vWDVmWrm6+T/b9DLJD1UVcKsgbifcGTYBeuBG3hyKast2nU0hESiEQzr+MS8oPtVgKbSwUADHikA5nUgWJ/B0rgAa5bDLx+Tfn7zAz9sfPxZd8V4ZBh7x0y7MDw49s8LZ4v+5vGO+/tVRL/YxXtXAlnNVP0SWDbJOsgWBFHPAwGwtAn96GO6+qPULhCYBsM02zIC7DLKW1utSobsAC+wonw9SSJCfajqLwItefDqTjnaXlfQQV1pEfAgaQ3EjZIv4WY8SqeSfY1dLLFxFhRNo+BDfbN6wXLPk2xZgLUN+KO+VG4atjznlUeH3RxKqYy7KwJKH3YKc3c44Munu3STtchbTCoNYdF341Go+CfUZYq1+ndn+ImRvCuznND+3xeCHWKcIbkV0kqKEJgh+swUJKkxHGWAtR0lSYeCc/sdIpZCVTjmhWf3fpy8SByRAuizhL3ZslPSGbqgmCwi3Z4m3domyob7QcjZayzB5qqkrcuvDOXhUX/XkEvW2Hc/U2GFDLRMf4vvvVeDNxs5DE2C5PLVXjpeel2Yu0L8/GD7vyblfYNvxAkDvXIm0Dg+GuGv/7AumsNsHROYopl3fxYhQbL+HUsey/4yXKVJSrLjOjX1caZIkSgf1otLKdLzZ9hFp4ZVAQyOGYy5fb241E0kiw9xM2pgPaDgKKSdVamWWpQrYmTaDwj2tGweOglV88UbQcpe1HD0dBEsduwohHwNDRF1vRAM+OPxKSGBncN+AZK1hYF59M0PWcQS7GrnSPU7ctwcT4wy0DrM1ZIZ8iTQm/PR/LmCOvotgDT8ipKN5c3KRGHnBeI8oQyC236nLd1TLg+YZewuqc8N9zjb+GHjt2FOyWNWC8jzq1MwkD+iTLEz8McqJ33oFSlecWFRmlMHXvC+MKOEGeW33qHm5cmQ/UPtpkJlP2w70ghp7ME0sPxcnb433ma4EE4PCBv/rlKmdNthK/sySFOmM5SXJhHf4UOF/Q05mkgeBi++DWsIW3wcIbAqVk4Bt4Y9goq2s7fPZJHmJvy0Ydza4o1qcEK1zhwFE5SOE+jJ1/8y7kNCCQX3rnefX5HC19990gqhE536NsaOmz5sLseCstaPLEHuGy5bHLTKIDZ0j2jfp7E+WIW3qpbpnLDUBi7BWCrNZgSk0BMgNqJnTqG+EjBRRaFH0utaKOmSrptv9mV4K4S2FyDwpBhFHs4OMwND71/GvyMg/hlb41TsGcu1O/ffGuAwa9SZctRIv0If3KhI5bLr2kvv9Dc2h3vatMw5g6YgZyBfGiJgSQ9SoQ6FMSzN/gghZ2+yswGUdDVZQYMf8Ltvgbv9TbGfLTVXkOVBAFBICWlfgzQ34I2mOo8Z3bvYtVTBU7CRQqbUw2RcWXLvUE5TagE54XH4Qpud/VtBVzCGBbTddh/LEJnoIfVJuC/q9lSbhONTpZlaTZoW0RUPTH6rn9GeSyhDreqdodvzBtMb090paHXhb1WwuEeGMsvUQvSeHKa5oGtpuvUZ8YgUuyARS5l7VqmihYynOUpJ7fkSes2ERse3quQsd5znjJJ3JAjr2MQ7EKxosOe/HeG7MO5m8RTK90zm9nx2BJB69avF11iQlXZ+6Slqhn1H52hMHpgf+/feCn382g2HcFPB/+2d7DmFdACelz58g7vgHbI7nJRUf8BmZN/QOX2aUL7845uD4H3NombVP4lE/Nec1zkq8rtoGDWQ8x6wndFSHwSJk8h6qa1+Lbap9vePLuywwFNrCF3Sux5e5UJ3RvYP4IYcRFPJlFS/PmN8HTFX5+vOEFp1JExQkQslHSQ7VJoCzBFKJDU9K9b3SdAGaYrRNSTDC5q+JoPo4QR8ODiNhjPYmJ3aUVwYRndXdtT8A4UFa2uxwCbL8m5kchgpdddOu1vDOUy3OhU2F/r1V7ze7Ut1vxc75+dE6BVN5pdoBx7xNGVhCPDPHbanSyWK7ZIcQG0F4ElHb1PQPbudrnURPJepunlLDocR7MhyhXvk7NWLLtiIYkNncMcOr1uNXqp/zoyNNo+QAMMzvEOPbe8kpPOvSxJBTADF+kq0RPA09GpRiIj0MFTSxQuTKz25em2jZAvNFpsyZJG3BG6RlmPOlUrikHLuYi5OMaZxFl9n1zHYac6aVlGVM850VNRX9NhGkeCi9mpSlKJYgKMOAzOgS/cN00cnOvJ3nDHGycrVnfXGK06tcCqc9IkHxQ94TmibvE+aceFLBZrwWkqcBreQU1/j24/nA9IZy0c/xzoVrcpZlSYwkxzzXiu+KT54dBa3QWip4JVSsO2htLteMUsys8pWSFvr1UyZtKSr9D0mcsOhNb3R6ORbJDOpKZ2g4hTFN0Hswgnea3zxurf4jRYKxp3UnByXhcW1W6tiXmf6JnZ2gzA3+EsBEGbaW+nKqvEFavSBFMErfzp+6Qb407dtPso2Lx8mPOnwc/v6UJ/v9ftnn2/R9sI7tdFmuBKv3v0Yzy5jJaPPowWWZxSXtT/2anK46P3e7/A+Kp9VmZgccPoYKbEYkaoes0efXQG6M8Bz3OnWv/Xn4Oj4H/8D6Fb/xNdJQ+q/e+2rVLbyR2qfVrT93wZZsv8RyDC+4+QiXjErb5P2lPFVAsBqyvvC/IzGINYkM6tNKddLzgvxw5vxywuKB1ZtADT0bz49n1ieJOcnTW6nbhkPFtN+EgZbBu6jS2g6m6kRmkDaTaB3siVqaJO6Or0maBR12P+HTdkeZaADJcxIrL8eCvd6EqW2MP6/Z4S/FDieL83Ck6sH7ttc6qAFQLamUY744S4ICAXdZNylZmcZjhJxbsOyKnPbHdqSixv6AdI/cR54BvLzDj5inSrVcMe10/3GlNiGDbdr425tvZuvk++SxxJuOuK3p9oWM2N92I2D84xldPJ8D9/Gg0PP8jflLkJ/vl5RzagwE/AATupyAfSg87VgnQc4l2lE4erS1x7YHbTtbGHE2nFqI/GA8xQvM6MwKOffnokPSWVMfybM6JDn6McHiIZfDR61M2kV6hvki5VPUO7ra79nIT5larosNzpfKafdqr3dXGXsYlLYgTJ7shmsG7M1Yu3L9788OI5pji4gaWXrkpPf5Zff4Hedlddysesp4RztUSei6jO3gD+olho+LMj05asZjOuIE74v2HO/yXzB/+J6Q6X3etG4SpOVAcj7h92Nc3kD+G4u1cdT+EbNQmc5ZyrnEXqjzRddK93EY4/hpfST9oYaFfif7K2Gm66AvfdrYFAmEEhPEAZwiKxmRTb3ZSx/eknXdlPPwX/K2COegd9/jTEnzbv8Cd12rG6XXY4iyZw1qG1zfusqiqQz26cvhooKWfOsf5zIEIfI7JtqxvwPJ1N3nYWJI3Cj2wucFhm8ThGKhe+T85NGtbOVxJqCt4nf71VJopBsZO64a78pbZbqogIlp6ptbP1u5sj/62sKXT5U7aTCdtA0yT4/vXzk7MXHa1gZKJizQrU+T7JP8aLBRvzUUOmZIduyiUyoEhe1ykqAUZr2jy9MaDlyzuzeXaLFKX0livvndQhxxKXXSMld89wWS4dxt8lA2bd135p4VRZN9jDL1Ecu3PY2YFIoCsEfHjjtWyQVM6vje5u852ytumP1s4zw2UtC+H6vgJ3mtVNlQ2zu6mybpY3VTpTIv+sb6r8ynbDfWWFU2Wz7HCqdF7XTh94v+x3iw7LGbucb3s13t7wkFKkOh5nba4Rwzb1pEdPfS72tqvcyir8LE2mwDw34lU1pSlW3xUwKyKONcmItuDfzdsYKdBY6sCjUk10jFLOzIpYdIUktEcC4tdeY6RQCrnBVdZdH1wFL6QLD260hXi5tunQnsXa5zigmgfObdeClNG012rrrPzIZgQLjQVvRoyDsH5ZXWhLjRo1Z5R+Gvz8y2fD4fAzk3v2aVAAsh8JsP718Wcf4wTaeUamnzdSn8ly/ZnNIlZYmDHcQcDdJtCxDKuLExzAcBwOKQU1kO1FPMxvgaWbH/LfMCxYvyF+yDWkyTJL0RVweBklI2RnL1bxbML1XavOXx+Njv84Qr9++84cc27fEbDBPBxxUcyeqkcI2P+ZbHL1m560aHkBY8dMeCO4WXFWyhV+hocY24Juqr7IamR4I90+DX6MLq7S9CP9esN/q8VgjzokCLEFj0BTMC6cOekeTpBUMZS3Si+RcqcwrdYLGIz1NDjkrqqtZTr+JrqOoxvZDnrDDIPrY+vPC1ht/Pdllq4WT4OmaZHeyCrI3az+PSxNfhDIFuNf1R57Gy3/ytNP76D08nf3exjqRO8uZqssnLkWlBcJ/lrNwszx4mcB22qfBq/U9OItdW3N0tDK+WydPl6z6+NwtrgKOdFlMWNoY3bOZoaqceQS7oheIzpMpvpybiJqZMCoB4LjksKMAEtVSHtdSXFNGhjljWclsrZAJSifdRZRng6Lg6qXhSzaU6B/bn4SZ0ySeti5RmVBEArKSqlKVkRxRdTueI0IZG8pPYd2WpVzgnbI9BIZzYk21SonPwxKWJLjQYZCo7gLVKWTeXgL1ZC9bZVY9YmrQentlypS8qntsKgo8jidz1dAe28PiTRiwGCa5YcTFFAP8/hyGGaw/suIRCrMOjKkgSTszTKf/EFv8ppbp3J70snssDx4QiU/q+WqYFaBfYYjNI6caT8CXikxSBrf0ab1wdmE6YkkQxTeJGz/SiaLFBZDNjjSVrwD5/EyN8q5ZSX+9BndWiRZLBAksuKOfJrAO/No9gx29R2vFWUXG+IieK1WvbqmgUlRV1fD0uJjk+UvZ5i1JUZNwRlqJETF+WlWgig6XOXGCp1Qr/GWUp4+dZSNc1FHcWa8U6oMZyNMQ6HRGvL6MYoWOa0zBXKZ7KT1h0m3h7qpam/rOOE2fdG4UssrX8a8/tM6Vr3a1WaBS8I2lOJcSGJ6k8C5VLeLVHtRtzesqtq0DhUu1jlc451U2DTmZw0S22G4V2GjRqAF+6N2a6l9BVfNjRg5iDFnjafqqkM2pzGYm7t2mzErwL5Gem0cdZZWrZnZaAM99NN9ys7pkEBd7bWYb+AsHH9kSAp9kZgN2aJYUUFGasgkeW8nLzxslRbck24aM6xPHVb6u7BHHuWkqxY8opKKbBKNQdqpztH4Kkwu20ETECZh7wTm8/a7ZBzt1VEyisVWws5AA6El6TBdcIQh54ij5wb/IhxTRCz3w2faW3WSVUalXAqz/gjfLxPxUfBWB4LRnUvuFS2T9DYaZ+oCYlHuZbjIW1xl2qOYhlJxy0u6xW3M4SzMlyd8fM7i5suFS2E6S18GsOuAiVHKLRXs3U7WsNzAtsH6yleLEjKdnyuIemTkhhjevI15canAuFQVYaWtpe9LBdxTr08qt0oCJ0ttNfTdB3zW24zrNRc+ut42Ajyks+V43KBrs7vpVPS6lbhuPWA9r9RV87cd1R55cRV1e9ZPbuUeLYRlDSIZ9Vk6W80TrYUpbFo6tpOVYAflhK8wxphNkZrdypkgQLQfQvwKRtq4pr7HuqFvc0WkWDVycqnmlWdgomIb29UpX/TqlF6d0qtTenVKr07h0qtTSqVXp/TqlF6d4p69Xp3Sq1OaSq9OcZRenVJfenWKKb06pVenPAx1itKcKNed9RQnm+pKrIVr05qo93o9R6/n6PUcvZ7DKr2eo1R+x3qOgt/4k6aXNvYb7/UldXPW60t6fcnvQl/SIQ/rdmXDXgfT62Co9DqYUvG6+OXV35+6ZvMwx7tQ6bh72dw/ab2eiW2/2KzPHYwsn21hP2VF60RALK/SJcbcmTzvc6CaIchrBP7KWpfH1Q+tPfxVdQs7t23jVu0DBx9O4GAfMaj+vNuIQXroChX0iBFsDw787IFHBSraxnVQWLjFbthDRcVo76fW6297/W2vv11Hf+uruBXS85ZgVtJsA95NVaE6Sde24LdgWk/4f+mm5EFU/2J5pT5vAH+udFVxrgke58WKVKZv6w0//axKEswgojaPyeyGKE6YdSREvvlqWY+W4VZrUQMmBViD6qswy+VPigrL0ryKUDCvO6GqnJF0aN4jrJKTV8+bVD1O1aWvlurE0VMhSepJMa8bU2FMIPcxuh0wal8i+XPlZYckOOOEdIzFakEVNc2Nj1ISanLJ5IUZwVYLJwB/0KplPWQRXtyyrzMlr5dkrGbNu/stake9ClYmIVqnR7mk2ob9ehUvBBU/UnngHQvAhdKt6+p5h54mAxTj8D8vPsUKwfF5GuXwK/2y8fxw17Y1OwKKxQBqDC9uoLNkFlR2bD2T8DbcaPAHD9W9I1TKlVyqV/nAkjQZUvrF2vpl9uAf9uSt2ZQ0Q+RR53yG7TBDZhtdKxjLVcSmeOzWA0XZZYTizPjKtZYtthTqr59+zQ8TsgmeESZ03jiiNi3UEM9J4zO1Xk7NkEPB1DawzkOiW+hbB9BdF1C71tXxO2ZWnwrodAjaPaDd+gtsphg5jBMFt2U/E42oVU1jQwtsAFcUPsUbS1KccoYcbLN8Sw+Cm6s052tHsw178K89wtxtaMg+pnunmLBQLN/Fw6cvR8LB3aNne6POF7uHN1fDw8L2QVhUx+5x2GV9LLJi5Tg0Fg5JhhCF46s6/lPNzXGg0tlbRl1K9mqp91FSXmqRe2OngjfR1AKMM+a0dXwCXHaldS1KajYbiZ2nLcllRWqxH7VbjlqpQzesOw97iFGxNU7MepaQXePhNRgp1gPCa74ztNLTfYK1BVchgqt/87Eje7PiCNBejH84/HlQy0XQ33RutYW5gyxWv02Hpq6GOahZjfp1GJbFXS/RnnX0DuGevTxkFtMLyUW0Dfk+TfiWbiPG5kWtyJM8vKYb9e4f65LQZ6pF3SCpAnHsRjmoxfKT16duqy7fpMSPcI/XIcFoDDbw9S7LtK9cUK3RiIdw31Gmd1KQ6dkwaP+Ip43aNFTpyhYhNiRFJNJmfplOi8nwe6NSo1PqAz6EpjXl88FyAxNK1L9RgiDJq77KlZ6QuosVNjaOb+Fa8WmV2umCp5TFLsBRX4N663Uhidc3XTqVN564k6vVPOT0yoTdqp/BPGJGWQJ8XVIS7PAiXbG0b1ayZbGUhfLWCFjrjt2dptx36JIDXGeap39pc4XaPI/Ee8KMk7K8NSln7UFHimsa027BoY+vUuSfK6C7NunHJDdo7sO8TcHlKoSGlxH8g6wlnlMs2uXNpjmPriPMlrjpRKt6rCTtCSaMovQfcNeEIFxMY5Oz+A0vxTidRIMgZ7sHXLMZSfeS3Z39veCWjCYxHCVHYi9OhrJUIocm+PFyxS2S8m28NEmyZo1Txqv6Vo2H5/vl92/PcLJJE4SiCxGjt0TL/vwNRnmsvwI1l2rD/BsnysL2HShb2VmGdiLqzkAlFVy7X/TChruCbHvQMUOm7XOFSx3jcUxHEec4oozZHufuZZjcBiNd64ja0YJmxMcLrtsEVzxL89ySpGbxR6Ds10DikAAOgosVHqNxiLlvDIC/YSMaO2GcEaerWbCfR1EwSmA/j3iZTPfyA8kJfRHPcEux56KC6eY0OSDvAAlYc7HcrDZ3p/YR1rs9Zlvxe3+LEmFhWni16gcwlCnyo0yvL83vKkdxmteJZ1k0hrXGzDqK5fRh79Q9HSfLr75oGKckfW3njn+tYWHS6G8DXqf3S+j9Enq/hN4vofdL+A35JQTBt8WhjvUObpB9ek+G2tJ7MvSeDL0nQ+/J4Gyl92RQz3pPht6Tofdk6D0ZfLiu3pPBKr0nQ9B7MqjSezKUNQK9J4PfRHHpPRl6T4ZyNb0nQ+/JUCm9J0PdPPeeDL0nQ+/J0Hsy9J4Ma3gybAfZdss+C6YuxC8LJ9dhgmpePPRj9EMgTfdkMoRpUqAiFutJAmCcQNWhpZHqPRZ6j4XeY6H3WMDSeyz0Hgs1pfdY6D0WPLvfeyxsMDu9x0LvsdB7LDT3rvdYqJTeY6H3WFCl91j4DXgs3E3iiTt0a1gXjfn34/QwBGoARGgcz3qHiKYu9A4RWHqHiN4holzNg3KIsK6v46PHXzTlCNhO5qTetaLS2rqL1Zx+ZhtL1btnVMtW3TOslXzyeO1V6l04eheOFheOOyIZbvGkyrPUvtZ7jGzZYyRQKWdahidvcVYOzt6LYyAiJ/Y9ZbgLJxPoNKldJqgCqRM78aRWRgU3shAhnfH3h+O/UrPibdDV0OYSRSpDbCQ1lpximTiM2MQWjoLsUBxVQappOoZ/R4Jq8+RoiSaCY1UmCcYGINHOomVjskt/Y52RiLTKTDGVyDEh7Q+R2VnKrm0mWFXJLSYPF939Taxt/kJSZYQt9pl7EJawrCcwdZSYNpGMsHTJJOdla2mRkrB0Wbs7kZaw0GoJ+43sKXLgMlbXhwUW7o9f/WnT6fO5lEzpZMOtu70KpM4431k3mbZhm72KqQuR2b0IUUu3WrRN7TfEpyELPgZ+KZ7WNxRrIgoX4/FjZqyoWxV+6N2nD6Oa4UANXw9KfUUfqBVRNu0i2FToRoL5IFKosjHWKavUWHzOVf1lbQowXfF8NX8aNMncWFx3uyluyRpLl+2SKSFMrowQifhlFs5hWCAU69SXmX38ugnj7l3zOksnqzFJfVMjjJcvTzyxrOhDiZKdiBQjD3LdPAoTyvrN3VFyttsGjh8qKb9gkovWk++xnKl6rBshtESZdkqzVggGlpJyx70ZfVJjLsIlOmc+Df7r3cnwP8PhPz/syx9Hw69/Gjz98Ln1zw8Hf/mXTYmiW8TFsraY65zwFhEYS1uK22Gwh83tuV+hvrjfkb5sOpUuqRxLYSJ3JX4Xr81jVwpls9f23/GOgs02lL8+Vz8d/GX//cj5/ODzQ3jJ2qcf3g3NJh19+PzgL9azgw23bLtPiJcwzK8Km9P4nAlu4+NGeZofN8jUWFqdT4yNsEF91d07BX0MPka3DYfd0d0mR5d5jfm5cWDdgiv6dKnxttOl9slRy8lRt5oVlX6ppEJtyn8qSU+v0ozyOVtN8INyNtTPfFKgdoooUmZaudHz1fgqAOHjdURpmA9f45bCugv/iCaHSnVy+A1Ig1o7ZYUZiUixuApztcC8A15bv1QI/S7Tt6qhOkOLSvFEfQxQHwPUxwD9BmOAOgb+vIqWN2n2scozFX1xCi+rLsivQSI/j+mulCDOrsp4mGneTK/hzthEH1+oyPK0xB6jrUurPfktLVTjKWmOn7B9xL764osn9e9ZqhsnW9usj1mkEx9rBL6mlkFNf4b6Wzl7N1cx3Hev04l62sTFo2YinM3Scd0pky61auDH8ST7K9Tx0SFoF/eT/qDoyPvs9Pmb4IIeNIuAra79/tKsQ75wy2FDawiOdW4UgIRBfJ7Ow7hB71Y8+fb7mgTwv8iDFW97ealh6lpmRX3s3xmPDVjlg+3yw+nrvN+A97EBHQ9Fcns9C5Pohdze7Z6alU/KBgLNCJB77jKt6bPczLgRjIlX6gb5AirveqdcpbnPVYKvqb2Mf7NLeCJ7WF0XOV8XaJhjaXetY7bwu93oooqtS2vd7mx6IzXvwiHNVc3P2N91d9ybaLpWCHKxComnSxfifZtFwJlGiClBQYZKnTDUpoGi4/9VOpvUHSpmu4z5e2HJkOyKLJuV+kGvhPVsGZZWdqhWEqudE9wPIm2ZUAYacoNbT8smJUMBibsb8GGnU+4EiRw873E0jgrinsKmkB+Ry84ieTZgUcJJRY1YiJYmaOKagkL/99vvXh3+LRWDB1qzc3YeoZingVYGCA/9lhwv5mEST0EeGUltMJ/vHn9ougXQMCmqa7JLsr+HSEtqt8Vs8Q90jUTXqKPAwMkAb2gIy/Aj0ZxQpDN0FWu6YvZw31rd/BkJ1i97wT4HPe3hP/e4G1outsNcTHfYQpvFl5dol2pojsg3SkAHpLafBklqVUEV4zoJoz2pdA9mEfpWnIOGpoAHjz4FjznuBiqFWTqQQIz8Fr7/RKZeDJpL2F8SRncVXkdBnqJTQzSbDVkDMQluKJS2oR21RBx4ugizpVMLIfPgPjTNsVh+5+XvhQgt1+m9NxHXcyaaY6/8ZuJVISSr80wYZT5OxiQd5zgP6NGSH6bXeFlGN4fIsKLGGjfjkFc9PyTt6OEf6D/rDpyVvBuOniq5vynA1vPDdWZAXaT+d1fjPLwtX85KxwhnXrFCpEy0qO08nDA5DpNGu/aOzw7OM3l+jG+HwpYMw2Qy1H7B43p2v2ViV/FGxOX70+f3eaKg92scqK2FF8NoshAaWdGqrcljViphyXEd3tLmJOvYrzJvWWxaGEulfYO7Mg+B6VEt95xmz2n2nGbPafacZs9p9pxmz2l2ndie0yyVLpzmAmP5auavqNyll6wgPoKZWWR09VmuU2JKAfYN2Yr61bKRCykadTYL0Lge5nk6xvDWiQyrxp7B47hI01kUFp0AdwwbcadYEWyCKrrhj5uUsj1QhKvGHiii4eMeKKLPnNFnzuihGTxXoIdd6GEXfhOZM2y7+ylGFoQzdKLt4C9ifaWZqdgoj7TrR02fr8IcViPCHabr6MLklt0Gwkkb8lzlfWeXGeUW3urWqSnsU5D42NWrhkr4gqj6nNhv7LbeWt6llg+5zcZK38TzrMFF6nRJDl03eUGUgSNg0eyr9AZoPhzpUo2WXntseXAA+c0XiJBMR3sd9jhcsojd7EPWBZzWy8WrsACmfWbKpllEivy5AqS1XqhsCVNKlgCd8mMeX16Rb1VgYNPdpMURm2Vvc6/7wP4Amckom5tTgRxMYZGbB4dhGjEx2rTzcDgXt6VDpTgF9+jqj1br6AujKh5E8aCfxawuKw5JydioOx7Xqre1R3zDCjbRiNqOSuMvm4SF9qNfrEHJAlGuY/YzER6m4RKkUuglLMqc4i4QtVKEqpqKSX5lSGKF+IIcFBkndLeugYfNMmT7uP2mwdceL+n6mwZpwXvswo/ezdCX6Ue4qCSK29rj9ZTMipXHOJZFFi0bfOod81S2V7ZfbzVfGIzVAoiB/V79EJybuv50bgNUSSsoKArIRlWSd2t6S4lDIuuy2iZ+EoWJrbNL6cOyF60Sc/ghstlK9TcWuaeOLL4YXY5U4NsgeLNKEvrjjMg0aQAGAUe7BdFy3GGT/foTiklLW8wi9msPQ+Ttva3MZ14xidZnz63+kfKD5DxFThGJ/Zoymin5l8MPPqEpHChKbrMFfYRjH+HYRzj2EY59hGMf4dgHmNWUPsKxrTN9hGNTefAbsI9w7CMcix3uIxz7CEdder/z3u/clN7vXOah9zv3m4ne77z3O+/9znu/8wfjd95HOPacZs9p9pymVXpOs+c0e06z5zSx9JymXXpOs1R+hxGO8CxdpLO0Ndt47TZQ3wKXNQ4X+WomDoSReVJydanbIa++O3vxFN2l41xroXGeooTcA62Bn0mtdfxlFBLLfIlGheksZP5wvIyv8QcG8Z+obqGVOF8tUH/977VTjZ4NUiH8eRVfXgFjgNlxshjZvXDG/o14y1NUSrwU1+N8KT466NUQIyuH79fZu1py8mHckMfppPe0ec665GTGntFz4SJhRsibqzEsz1q4tfiVdo9pl780PrmIih4HLVah9onEUu+Z0dgtZ1onVZeac/3vkJMOKuZYR3Kp9bDG6krrcgLM/iqRoFK8fqz25lGGm9gymWWYbCslHzrzpvbJsfdAwb2sXM4KIXpyMtDBbErbnNji2tAO7XgPYtBi5k4Ppm/VCfPipT0KDb/kOeOsaM2T5JMKsSabR+OLnQIeuHjZfbF0yRdW6LNYtlaJ1gZMgo/RrYhyGCyB3qNqN4Ql5QMHora0RgnokKyJB90S7gcS7qhmWvksgiHCbWXFh2nHUIwWvCWrPnS6pal/rKLslqg51moim8lyTLHxFFZIuVApvLnxKiuWEmNRz1dgdOXwEvgFYK7MBDtrbo0N4WJna2kqD2h7cXdZmyXhNuIoiPmCaGkklJA2UYltSbPLED0n6T2VNeWfbZtsn/KZ8LJHmOj3QK8tnHfYTuGS3EfwUcqZ6rIIg2fZZdTikVrPzqTFL8aUrtuGJ27zHePxkgze173FueaqLs0frOYXGJc9LVFxjN10ztkp036mPQgvEM8GlVtN699y4TKYNqlQetP4G+mWk3jDJYFJgeFmWM1x/1k5NK2em+0RTNIoL3Jd6iIrZS50DfRHpEJG7RReYsjTUtRtddcedmsWondRfWOikOOZU/7b8WWCpLu5I+2+HFjac1q27DecOViekylcAJtIgnY9AZA47D5pzPl3xQKJKlaxdimt3xzYF4pWxllGtqcpn2BxBaZxhuvCYe+J4rbQr3+W3s7rHJi5+CFUtNDfa29NhNKgywH8u6YyZd26Qzxq7Q5KyVDbJisoVVTlOLiPWbSnyHJiReR2oKBNfIW/ZSLSUL2HEOjFx/MqPzeL7Eklqx8WnQFrto+DSAj36hwMvdfmPdjl9n5ZHoKShUuOz2bBQDgFeZDCS9iORBAO08J6qbG4pT5VWGnOtcjnuRatgZMMq71Ul8INKthhvqfR+HY8i0of2roNV/yZKX4ygFOONqUbFxU0C92V4bNoozgovhY5kLC6Fm1MSxEWiPkmK/zH7F3uX6QwoOrFrVbelsuc1ZCmknPl5oa61BHVdd5+r2LxZmrbxXUuXZdtXdG9sqrtK7U7Kd7dru+xwOItIMvra8gxXLwXnkvXZaXO3angzOUOxWcuuxKiuexKlObiKVBz8RGruTzoTXkf4jaXOxO6uXQRvbnsQADn0mGfeb/abHs2pev+UC4OjOoX/wPl6gnetXCVZkaGbOT6fJgFS2CnTUUEj5AHq03mFn9Sw8aBJI425NZG9yOMsRfOGD7CYQ4wmv5ghJGcYwzX10wT9OuSWiQ5mtkLQsyJkL35FM9X82BGKc7dOeaxaPUExxldhfkVHaPLyI20KF/7EoN27QyXrtuhWVNT4NbhEKTJpTg/LYUbb98KjeqbKrvurbwJ9iccKCm9+WeUpQcePEedXocA8+QWxQ25vA32CaxMwzqslmk+DoEgHbCRENmlPFYAOcy0oTSBY2jthIpOp/lomz0/VQyXdoUMl7bc9liGzMU730jcR7KDSrI5OM1ZiStmqL77Q6X4aLBR+2aU70F4exDeHoS3tvQgvD0Ibw/C24Pweq5AD8Lbg/D+5kB4exTbHsW2R7Gl0qPYxj2KbY9i26PY9ii2UnoU218bim3Rc0HuIflxwCKoYtoswFWUUFeFaJqwUJP8bIPJok+D9oWxNZiMDVvzdWU6Hzbw7QOFB65xjLPimsRVwqx528oVdczclR8Kv1UmRoH/XsDAjnkTr4H92wXuV1XQA/T2AL09QO/vGKA3ZG0QaWf+FtYKte0cRqUSyy/U3LW2cQqOKdD72Woito0INyPr4LWWQOmpzHe1cWSnSjRUCmbcMsr7UKlFNW1U/vnsF1MIzLwdVAfikr+KvnMFNkFx7ej6YOK3ayrj8NNGBTnpW5GCo6/6iqaHb4nH1mSubbzjHp+UxqywMCSWVtSYYen6KxbL8pVqPyKgxvZ8UnTsOgoXXfnZFtSyhcosTJHQGgNd+eSmRDQRXyx6sT7KrbfRj7tZXXtaUljnFCuSPFoG0Sf4cIDRu2q3LMX5ASZu5dZgw8ZJl0A5/ppCT221mtUO7Rr9LziG7O78JOPQ4duCTs32/6pbt0YlyTz89C25yTwNnhx/1fRSnKiXjhteWYRLvKqfBv+1/y4c/vNo+PWH/XdD+etz9dPBX/bfj5zPDz4/hJf2350M/1N+ezfUf/80+vD5wV+sZwf/sq6JAChGuA3jkaqnYtmg/WmigRSCTJlCNe+QHwg6yLIMvE7RwHcNbNCrCNYUdScUYAu3cCMoMhaKS5K3BnLpkPcN7Jir8DoGRkFvYdVGc20nMGR+x4x9DiK80ZpYZ0v4PWA8MLoppHQZSpohHTAQe5CnZ05qaFpO1Li7t0zy5ZpNR8lq3rRPhnrKGl9Qq7XeVnUbSArbrauOE87+Kd00QY13ksu3p4B1gfSTAC/QMbXWmcfZx2pd3DLUWHp3k1wEZe1Jn5OgVPqcBI105w4h4a3b+IsnrvfaL2QsXq6phgocHx01vvW7S4RgLcXjL+vXonUV+mQK/cnpMziUy28jg4O14b48dt2YfZKH2lb6JA+m9NC7PfRuD71bLD30bg+920Pv9tC7WHroXbv00Lul0id56JM8SOk5zZ7T7DlNLD2n2W0mek6z5zR7TrNYek6zVPokD81D6ZM89Eke7sRsSiN6tY1br1iTPUmFu7AwU8S9GmQPOrJqC7choZ5Oa5rkCBSBWsgjdimMc+WkZaAlm/rl5B8rg5zDN9hxJbaYWmlz4KZVIeWpwJHg27B90Xr21RPEE8ng2CBNAo6ZMbYammbEJm5SriLmoKFmhOrKGNQrnC2uwmQ1h7MztquHObm6XVxFSR7sDw/4QFFdIFXV2JVMm1GiEBqThspbN+9Xa+5d4wfpdHOs91v8lWZI4Tjc/4jC2fLq2VU0rvHNqu2gO1dKpVYVS64J/yCYxLnGtESeIIsnTlArA1tm11vw/qoFvNWYeh4T5jdpWHgUbji4bmBwciFKLynsOqwbsaFfCrBNk7Awu4yWVmx1S4unU3atfBq8SutaUo6l0o5PfUIHFUbcwdPgxKNmHKsmnCSMk16iNrC2UGS9LS6pAJrLParrgNUUQTQlCGWyxnjRKbZhjIhyaBB22Ddf1azJP9HxUDzfZ7OWBsnTBifrnDfLOV176JeLh6h+pDTMWIXVhiqwww1/1xZ+rwoQ3e+TK2qt0RubC8hX39Xoa+0y9MbRM+9uPVWKPaKSG6eCpjSYiCv9poYOEhzLNnTBEwTNWGWE1JRFjDQkS0SXrILDRCIg1/ee3bU90yKjuVKAQUujewr4dU/BDwdSnbu7BckJVmeYZkOe+Ke0+xwfIzDNW7zxVwsMFE1XDV4zqnRbrGrt1j1DUfvWshH2GpLK6iFpaWaZ6rggQ5KtxSdKXYxIegU9g8XEWBNDnNqaucrS1SVCU58TxvprsQScPtdA6y01IIKUCeqNllotasU3zUGsMXwp47CSM18btOnQisApWTIIH8cORFIxwcG+ZBKjQDNNfNrwQodFFxxqEGoGWonhodtsRxbzLoZkmtJQ7zriWtfetsK2Q/jxEbK0K0eAkCpwUd2mK7hh8itCgRLOy5aEB/q8sDlBYaixyvzI57popcUWoTuTtHHbpAY11dfa9mx665G+DosY5TjZRdKM/tJ6PstncRYhwJx2cRvwrpoCK6Difep5XlEttbTH7AZOQRLdKD2BjqFUY7cT9BGqE/wP6j2mhZkSuVVlTKn1DrVLaHWTRdFZfI25FVZLpKRWuKwbfVCm3xPjvc0KapfNLKJ26YAp32IpbeyfF/T8XVhQ7XJ/1lS73Kdl1S53bGW1yx1aXO1yV9ZXu6xliS3Mlf9hbbbQ2qX7Oe1iubXLPVtx7dJhFn3SKKwzi12svna5WwuwXTpOmkNHbpf1Zq6Txdgud2o9tkuH2fOyKtul+xzuytpslwdqebZLh0VptEjbpftCdLBU2+VOrdZ28Z4x7zw1XSzbdtEaDJ1KoIW/7rY4NdUbfBMTQ1iC6CDeR6OPtjShwM5DUgWVAFx0+5RyqwDIQVjN8wuVJC9saQaNyuNwFnz3Bk7vKBrJEa7pPad8Y8lNdcn0w9lMa5gklq7H4/vKGthBfyHrqSwtx61kj1J5aylT2pJ1a62NWflzsW6liRoJjIXid20NzlWIyW0ibbm5BBnRpXCWhhgKghxoQa6MCERf0iugElAhjrl3RbvM751YzA2mbpfuwOoelQae4Ot28QymVaVT2rSlj6qXyzr51dQyq9hwpfHknEK86MpUThIe7Spr1/jNaUhpjU245iabiUtBUpXDxScNFnvv+GrPIhw0AM7XpqBba9HUq6VwLI6DK8SIuYimeN9dRJK9ZK0BdNsDDsAouxQ2gEK8KpKle93NPjmbsDgA74uv+VHTRpB8u3hzCH7R7qbK5oh3LnrbvEEMg50wDVRzyQJHiAl3ZnhbFvKf1dnbCha13DaotfQCdU2sfioMa684+j1gXMKP0CRc2ONoQlIE8qEFI2XbgF9cjoK9d0+GX37Yg011xklpNfCSPQXK/K2mQCccadv6++FBwIjbhE6hSM+TumXaB+6izVayf1Gqj+yfX9ZU17bpNTyaO4ObN/UwHkLv371Db6B/G/J/3n9oQjPj4kVwPI5ze4rkDl46nmmRn9m+SArU8WUpV7L9kqPNuPr2WY0Zopga/Jlyg1TGh4swl5RbcOTQ587VYq7Ho1SQ5R64jtDdJ3T24zu9kzivkyl3R74Vd5us+Q7TNO8qQfOuUjN78g0+6Zgf0Pa6j7TLd5ZwuUuq5R0kWe6QUtT5Eoo2jHDPyPFOKdF/+Wuq1TjomKQIs+faUEWzSGAz8T6fL5acGwuN8fQWiR8amFKuOkfziKCTi7xofcFXVvZRXDQn0sFRcGJkVtgQR9wVJEa3+iWyrZHnXuTKGVfxCMkxwcnEsUU8Dh/NZhbGW18hq07FdCxTTM8SzlO4ZImX4JvWYIIWlgvEAbScJcEEq2ITIOU+c7R8ZoGm6kzIRwPighnxRxojsVuoAtVv5UJGbR91bRbPYyGxrkY56uVVzaDhCmAlNfMF53g0x8sZtxgMhyIenm+6gD9gWg04FEvYi1tex5qqN1zOmzAmgG1SXcCDa2rBRZLYn3ZCfUBe0HuVpWq90FLDmivtsRjoSYaEKG+AeO++BsUaN8F7V4TqTdHbzenIZDkx2VcoJYCnppilK3gL2a5Apjci/jK+OpNDyz/zkeTdc3TF/jK09acqIozdtTQLaF23A4EXVphfRhVL04lJkNPp8gb4v8OrMJvgHzS0ED2zgjSx6bxzulwQ+YPyUjbh21vCSkeQe1WYIJUd0DYFuy/Xr42ihVgLk+BOx8yJFMBhdZjlnRJlUYpAXC0RMpWJqDhLdUF9qvAuhE+RrIaTuemI6gKckZz2uz3tEkBx8vpUgfhO2OHudkC5XCarmf2jNSeD+mRLqrQadQqnXvZToXcNKQGc3NpLc+zqUwOYGW3MDKCKrxnEK1NA7ag9tP6bZQ4wBMU3c4Aqu8ogoMpuMwkUF7lVbPBKJ6Bf9le4P7D0Aqp4S6Ft6QZU6bqpu6YfKFDB9r21tRwEqmw3F4Eq95eTwPTgnnITqOLKUaBKa64C82JLzgJVvJ322+1f7bkMio226BGcuQ2KNbkNVV1yHXQdi3/uA1VE8bMlEYDr0nHv2k5V5LxQXHPuP7nhtMiUxLNBVeuvXMdzHbGpxKVi42+kW07FNcaVPyJoi9Wc4i+L0qH03BIZ8M4tQi4ofAcT3CsBUs3tEvWyPFQukadamjCFMqvKIQshQp7XNyY+48pThulefJmg2rq5I+1Azlh8AiGvgVKhztl3P+n3y5rPMTAeQNb/GXUx5KhgtQUyXK4t5sc/qgDwLg5o+puKKlceONNmmTJDh0kzPffgpSX9/EG60LJAwiiWVyB4AWxupao4ryTUbPN2Q9ZBvraDh2tC68/53jv3nbxuTlWm8W9ALN6VM1GxFUuZwlEbwuaoWVD5M+35RaG9NfSLy3P0vaPUDWVZfKKfDNj1R5IvohULZPu5MllhVHkq4T0XKArN02vFI2JqiU9LKwbKyw/MBn1p4/qxdPIC8vP9L62cHRSjdtZOhrJLHzi6F3a1abXTWNcpUiKnufPVzSVIBNbVSGoxK22sK+uiOg9eXehoEK/2/seIw4jgDCDWDWx4Uhrhls+vj0cYf1YIcxMKSoFptIoDjZNj2IwhG4jRI7WdQmJBveBwnE5Mdl1SX9d1hp0IxzqlKpDByWqsFJQpeSORxuI6Ditd8vNWZL/kpdIwglCVxxTkKyFXScottDJKpiDCrh14cLW6GI3TuWVNHObxZX5Y7vDhxSy9OJwcRUdPwuMvHsMf48nkyy++Pv7y6yfR118cR9Hx5KuLLydfH08uwq8OFx8vD8fZ5JB0Jj9RENLoMv3Dt8dHXw2/PT72OZkFZlxZ3YeihhnSkPNWrAIs/t5+SKRaX6Ij5iWHdXXi24YX33oCEhaP4XeXjzymouUF3IQglJygIXYTbDG7ngD4FWTaSWvKvytyKLGzCpApTdiWAf8FCYVckdGQ1HR8i3LHNM5QGkkEj0YZToAtmKW3c8773FBRA1NxRR6JwXSVjNlAsh3uQQkweFeQsdKxUI1XZYvs4rdKvgJNkV9uqExz0eT2I6hnIG5qh7HC3ddQiboF6UKLDMRQDe9cP7lO6cKXUXgo0sT2pQgf6cFfaujCeN2JlPCApANvVtqLJ26TAjbi/r27us30ca3cfZfNtQY3f49c/Brc+0Pg2h8Gt75FLv3hc+cbc+Vt3LiTDXVz362spge33cZld+WuHcPpxk1fe4OpK8gbMSP8XTdSBsNxIDx7keBNgYMx7Bp6tAm/KFVU4ayNSx56xJD3ktj+kNmlV/hbNqc0VO+Bhd0BkfW5Yfw99fvVD4u5WmtECsfZVb5ZrsHQe50cXFouwpflIShI8FIcmFmwRZjBkSHEYU6ngxwRDNZeLzWWNoRnLoxew7XI53nBn6zaS2Ueu0GkG5jvaTS+Hc+i0oc2t21o8lZcb5rhxE3p7HLThD1eGT5z8Vq8IAMhsx3VtWhXPPH8s5WdveclGJp5bD3n43YZy0epgmXOmBimknOV7ZNwGKmucz/FWScVdAf1s7fqeRrGs1XmzLZtStc9Uahc7Q35UaXottw+8yrOr4dJ4qUJfA4pJkgq/cZuPLdjhNICrfIEgrr3leoCvc2l63LtAoZbBrkxGHeFimzTcugDzs1lHePL3QN1c9k2XLeu9Y5Bu7ncL3S3HvvdAnhzuTMYby6+YN5c/CG9uXgAe3PpAu9d/MIbj3Kd03xHgN9c7gX2m8u64N9cNoAA59IVCJzLOgt6R6DgXO4IGlwa2xggnMvZLmHCudwhWLhu8E4gw1VrdwYcXm1wA/hwLuuBiHPZNZQ4l050vzOsOJd1aMsOIca5bAlonMtdw41zuU/QcS7bhB7n0kX4oB50gCHnsj0wci4dOadOwOQ1PfY8P1juGqScy8OAKufyUADLudwjbDmX5f2Al3O5DwhzLhsDmcvsdT3ofqDmXNY94+sCnHN5QDDnXDrPsa/bM5Z153hd+HMu9weCzmWtKfUEROeyybyuDY7O5d4g0rl0ntvOcOlc1p3hu4BO5/IrAFDn0nnJvMDUuay7TGsCq3O5N3h1Lh3n09sHm8u6gOtcOsOuc1lnGe8Agp3LHQGxc7kTOHYuXuF+XNY7ZncK0M7lzmDapbm7AGvn0lVM7wLczsUbvt27xkADva8B4s6lYxgbl843TidYdy7r3jx3BvHOZftA71zuBu6dy85A37mss1s8AeC5bAcGnsvdnAffUDEunvDw6uUuFN0LKp5LRz7HHzberr497AxLFwh5LhsxQDuCk+fyMEDludwhtDyXOwCY57JtmHmpdTtg81z8Iefl/W6Uam34eS4dSJx/UGorID2Xzr5rnuD0VWdchVCv90KT36oHMtSdg79z6cLHegPBy+tr4HVzuQNfnLsFiOdyhzDxXHYFFs9lV5DxXDrxDz7w8Vwe9Ka8D1h5LncGLs+lC8Q8lx0AzXPpsM/8b6o4IZjjt4yQvvULq1i9vrfipORDKAjtJLGxzEmeEsAKKcda5e7AtKG15QtxOmpfM9vx5yjYV+1o51kjImr3JGRB8xSNy7k7zwoXgam8beO9/GDQuPi7jfqY3bquq7I/42KukvgfCJM3QRsAiBGZw5/9zCvaCMuZjb9HdIPuNI4zrTSZW0E2NbFIj3IyYLU2uk9IyWPtpIfDJCzjg1FwCrQjzCNj6UdPaGqRbPziuC1MvPKknBEf26520X5hrP29CvMropSXpEDuELXx1ZO2d3cQtNEpfwWXzhvufnNZcLnPjBZcuua14NJtIb1yXHBZaxXvJd8Fl7P7yHrBZYe5L7h0WuROeTC4rLPWDyEnhszOw8iMIZ3xXSrfLBlcuq7Q/WbM4PKA8mZw+TVkz+CyjRwaDWHLnRNpcNl1Og0snrbnNTJIeEhgqRXU6JNHwqPKtkwTXLrZcDtlneCynlHyvjJQcNl1HgouDyobBZdOOSnkk67Wvwean4JLRwWXb64KLusdhR3nreCy9ewVXHaTw4LL/WeyUP2453wWXHyyWnDxzm2hXvfMcMGlYyyZr1HfP+eF3Q0vlaZX/gu7Vh+L+7pQr11Hug7uK5b27BhcurP+TZkyChhBFxHqVSQkaSkYQN4JoqrpM6p2Se/kGYECYpDeHLcbsuuTatjMO6oPgQ7sY2yQRkrBxGv5OITb+oA1t8gtMyCdgqpgWQAH0NoJhXpJk9E2dbtRAMMpRxPL1lM1qXq1P5pZVv1IYA3hP7jlMH6AeDOyBhs8HI/QJAqbTLabS8Fyw7iD2FiDjcLCocxQagV3wqys5WHBex31oHZVOBFiN5YLLR2P4SqfrDIlohpYLoMlFSWTEJZQzurbyM/I2tXLFMl58s0MUx36+sN5g2pg6Q6sYX/VyadvXYdOawqMYzmrs+eoVgJWccpPrV2k1/IqXCwwZF7ATNEigXoozyhoLG/smGKUzbnKvKSKgB1gHDrID4jDO7Bb13FOypGbq9gzzQGWdIYclLXBgv1VvqI8l+LkrfaoxhbXW/kA+V6CiRBTC5EWHkiXwbNYd5oEl1ECdc+CfdTE4+aPkmXhUGKjg1pvOPSEmN2Et/4uqYssToH1JPgFGSJdNSC53iT2gSW3M9Vi6g+HhOWlta9E3CTsAZTLp/EnaFpdrxiaAG2OMffopTdLHwQv2H/3KSsC6X4TfEBo5PHRvw7K+8fOW0VWmFw7lcHrXQJEmUhR3LHmYjrMjQF2GpSdEkmByxsKNcvGa+4iRZafZHrVop8XHRaWFsg2OCbpw8zKo9xiJHwnf2PMmY7+KrhqUPn3i8kuESTsRhQ7IT8GK/6VYdQY2zIfBa+FUBDhiv32T4X9fCuXMMnofw7e2N3YxaXHe/91CnvIUxmx/u1it6VNpTivC/6JNFCCwFnly1Gxztb1W5EFjAGVDj0SLCRdMF/+dKOiv9h7A4xLOh8Ee6+imyhf7sFf38HtAH95V/oj450ZcQMz06E3ZFGV8dyeD6DvFnUSDwPPFv1FeOQneIDer/M0eL/Oc+X5emfWBhiUt6vMzw8dy2+QQaPxa7elCvSZviRsL7dccmNPgvAivSaHgw6nlq+2ahOdTtlKW6/hf8OLPJ2tllqq3o8+PQ2+PChf/11uYdVNc0lincdH/3rg302yE2EvBVD+CA1NL9HT3vhZoVHWv8aT0kCp/tmYQK0nbAKzhovXOd7sfMf4t1LwwdgSz/RE8Uwo5tp8k9pRwCP6Y4esFkE8F5ZYggnqbtQc8eBygXPRWlAyzHs3ZfZpOmPMIhyB3haTlFY3+jRGtMjjJ8Trqd3T4RzKEQi+o5CMmbXxCHaEojA/CmBTdQq9G9JTjVMosSsDIPi5kphxjshxoYYEZKsk6QK+E1rOA5ZIvtJMkOKQS9PWmSJsgWUUREh9MH/HN0KJPHW4F1bWl5UFvwvyvvbBW4e8r0+MJ53ifJuuEX1zd7hACq7A2ybtSLY2Ju2kJ4Ba/1hPEnzovndbfD8I0S2Q9VBBOg62OCpNb6epqHZgU4iIgfS4ej0a0txBfWBfc3Un1nLyJiUT40j6D6WBknNYXsOyPVTh3zdaeR1yqsKZjdVgFJzIwlsSYkEmJwbju4RFOb9Jsx39YCU6i/i+0t6wWLXXF2ok3su23ShFj1zpXNbImN46pBqVg2/ydC5ddC+eidRrRrutdOpcOiVV57JzrJWHkhixWHaXbJ1Ld1CU7onX1Xfrwn3caRJ2Lg8o2WKxdM5izmUN0aALSuGWUrRzWXOId4Vz4526ncv6236DNO5cHkAydy4bpHS3R/IwErtzeRgJI4tlB0neuTz8ZJLFsrWE71y6Yvl4JH9Xr/qkgOeyCTjPttF5NvEXxOI9Reu6C3pPl8/SDjmbnPONlvF49cYs2WPXkvks1DrL0zKI7kshQv1rpATdslTSJ/X5KRf8KGmRre4lMyV2u3tOShzRFpJSqmqcWSlf00u/w3yUOPDGTJR1K9CnorRf3nUqyq3vh2LtamMoYlJMSqlsF4bAPOTMlJ56kI5CVCfhqYPQ1AUj0JcDeSCgYkhSepCwh4bH1IOE9SBhD25T9iBhjaUHCWusfhsgYcTN9EhhVH5NSGG2KHknGGHYYI8OZt7t0cGa0MFwp7R2pAEhjPQPPUpYjxLW1nSPEtajhOnO+KOE3TVIQBM6wMJLN9AGD6CoZQ8MoMtu+L2H4ABGi927ftWV3vWrd/3qXb9616/mz3rXr1LpXb9616/e9at3/epdvxpL7/rlO4iuS+EccvO0N002HBVmlSpPGhtqeFCXz7UuZ6vI+emFWFPxZ7qOn9W5lTXz0QYUszraQrs2dK+oaxW2lJjTTB8sl5EqIW8UlQrNmWzCqjUQeHi0Wv8aFlB+lW28dr01XBMiey8b4snapA1Y+uVZFiZ5rJTXTfvVl62q1qj9gCjLMKvQCvjV+m0VmYsuXbIpEA6Jr+zm+9P2CbuITOApgR/NbiXTqrQ2vsJci5MR64FCfXnTVUWKoASYHRVESd3FCpupA7yFayUo8lw7CaBjTKPuYiGVWgVZQ9KgNrzXyjPPozwPm4FSfJdOqmGL+dVqHiZkDiSZTj+DeRwzwB+qGWPg5MILpR4zK9myWDxZ7OwRoAmk0axgySbHR4+/aKLSHrJI6yzCWPNmKEbfSeRaNIoU/0sp6PQ2fJTLcdAzhoLqM7gPZs/C3CF0oE5Y5PEx7TucxPFVil6lKuF7mtGOXjYh4YfB5SqEhpeIigF17GKxmgXJbSxVHsHl5IDU9l0sVQ/SyWtStpEaFlW7sfiQ4kRr8vyGlxPFkEGQs2MaukkQCruO4UZFlhUJ39g60Segc5IcU9898XIlGSDgSTheIilJM5QLXeY33Blv1Xh4zV5+//ZMqUp0YtfgLVHWP1Nmc4+VbNT4tq+SM5G7d9r2rsnYW/vliiv33TkqftxcLPb5xe2A+JlpOpJk4yS+eZzvl2irGZkcJiynGus7HWNgEDCp6jgDgVMzCQgh+BHuIuX7AbL3aqnlb+MBZ7iexk4YTex0NQv28ygKRmS85GUy3UNoSnItuIhnuO3IkI1QeXCA6GaN54hhHjYDDN4RyXCJHcManqX2tcZs4Y3Zvp08ebNcIWL961nIaUNq6Fz7Pq1UAt/AtYBhCvqU4QvBAt+gjTIXXyQFI0EaXmAviTqiLFA/uYSBOo4QXhLnOcrrfR7Zuly8lTBDhTr1pfwWsFvHSzGWaQ8bcsxDxT9BJxY6VtekcdFJK+lqkFQKSMZEfCbs6vjOxKOLqQyC14igQUfCfYDQcHEVjT+yKFNm0S0CZ6a+2nHeGRdpCo2WOc82D35fl0wfQldwosdgB8XWvDUaOHvVSh7+9Wf+VMBz80JiElQxmutQgxCXYwZCbQ5FGpUueKQzDPxBLCKiiOvIQeESKAfQy2arTDdXVw81d2EBTPvMfU+ziMy6c+W5ar3gQBSLk2kWasdrxdUAa0JovCu+mIQWuq9Ph+rEJixe16j9gQ01HaszWVjk5sEhtmZMEhXtPBzOxW2JjLVh2riOVuvoC6OqBruEQT5DpUEl1kV5/wb5bTKuBSbSCvuGFWyiEbUdlcZfNkmF7Ue/WIMS+pSn9JKsgLxPwyXfD7Aoc7wF0mQcz0R6rqmYqOCAqLoyjmhwaN0tuEeiLEOOmtuvNST6GAzXsAsqQo88j48CnqnREGpg3TsuN7tPI8lJc+BYDx+j4Pr18VdD4IZgPaMhMxLDOBk+A7I51BzcaM7eeWTTFPG6uvKtIrGTXXJQJln1Nw1ysPe2ESnpbnbNMv0IMg1f8jZ5qL8ELrNwPocreUweKhlsFHaH6reY7yYpEigf7rTmC8VHFJii4nv16+ckhvVUXemT/0ZI+/XZNoqeN5UPjAYTVmUpmP2sE5B3a3or4byuMF7Lr+qrLxoGVe9JtbiCHdQyDnoH3egYqzwvKBn4IQqwyr1sLFqHajfrQciGweuIjNV1T1wCg/W4ZuKGDJVd/yEypLXfiEqgy0aW5I8tk6hSRF5m6WqRMyLflVh0hbApksSp9+hsTSjbWs2mQCWB9uAXpYeORPzh+K/U1nWTj4qbi3XZPSrjalRtWEaR0taxTBV5wVbxyLKbNBkisPwdl8hW/KPBmbQaltLitEotBmg60RzkKQulmMSi+MCq5EeKKc+tX8TfL3/jSMOq3vl+cZY+pxvnDVDyZQSNJMBlQZdh417Az28ZFvL7hf7zORkP3pj0NwO9jQfBa9TANNr/T7RgMYORhoEKQHkj1yLsKTudpb3XYivsQ8lh5BpKvtpj9joveK0diuMWPVHAA+6QF6cfYIOBS2c3VTYCvHJQlRei7lpJ/M36J3s3adEdJcw3co81TaaPd52/zasywhZ3onuwfWFZz/7V0QC2iaELi6+xC4uXk1iL0QtLl7W7E+MXFlotsaagtQENKjJW14cFjfwfv/rTptPnwxaZ0mUma/in0k0y0lHYFitVkwjzJmQc44swJ1D0tqn9htTuqEIaR5Q4urahWF9Xs9vg+DHryalbFfX2u08fRvXs4NeDUl/hN0oVNQ1aAVjpwkdnPySFAm9QQ/IiPRafc1XPQ5oi8axPA5dvkp/zvttQiqXLdsmUTU2ujLAkp5lwTev4dbOtunfNa3YPzEyudLStltkUPLHst4EGQlg5CygYRECJyclNTCnRSbc3IQm0YrQtRVmuZa7FYlTe5kYILctUO6WpmH3FjdJp+sVSUky4N6OP67DJAi1Jmj9YmZx/Gjz98Ln1zw8Hf3Glb/Yiim6LJZa1rZbOCW+xaGJpQ4IeBnvYnCtxEbxCfXG/0yRKmeI1lW3g3YWJ3JU1tUOy8geYcdxjntvcKT1tm/yqsDmNz5ngNj5uNI/y4wYTKZZWk0Nr9uU2H82u/pmO7nbzy2w3ljSbSko6h4L8zXynFsAbJtYWj31k9HbxSUNLvGkN+ywauMrfFWNsTWClftFxMOpNPjq5vfLTDE40IkfBAcpRs0HOIJlHNALAUWhVQpHlQ5f2ZvLjFzfpw3RJyoaOk176qmnK2/OyeE74HUwE+Sd0nIbCN02TwI4PMlDXPbH1Pcctl/bbG9Wdu99r7QHd/ux9OYi7POubbizlVaLbAf4mhc/hwwkx7VJhvmTFGcoOC6N9Rs6Cf2T8DUeQzvbmdyXqxY67uPxZNS5+tRgu02GL+Lk72mmaL29mpVC9j/3cwlsw+qiPxlze3MKtLNrp39CFLBiu/U1cfHEHN3HbTP/6r2AeoVOk67jLuGLXpP4u7961t1J/6Xa9dHdAH3+Ft223wMHKj6yGt8KIEegVLUDWL6sL7emiVlh0esHPv3w2HA4/M444T4vR46OPfyLsy+vjzz7GCbTzjILZlcXxuQa8+MyGQq6g+Foh2ZdRMkJdwcUqnqHbClaumr4+Gh3/cYRTbaOtqv3waSidUS4vTwPLDegzwYoIdOc5O30+EtDjUbmez1CtjU0Q8/I0aHyPa1a9EdRT9e9hqRNBwBP1QnXjGXWDnqBi5O91T7+NJWP4YrbKwll1ELyQV2m2fGW6MsTX+AkQjtUszCofwlOCXX1qAePIdFMlw4ILL7l/PUPcrEQ3UTj5Z5IYly0+0OpYgMklFKhu0EHw33mavA5R22hMT+orrBE241ypiXgNT7TCjTe8piT8+Po4nC2uQtaSM/CB2tgw1uTk9ekPT94Wfi5RsFI/azy48Z/ltwpmhnom1DpIhcPsvqCww/yVjoIlywf/ZsAdlNFfWw5NiKxypy1Ts7dIHzJtCYddAf9cknvhJSL5qrpzZXMTdy7aCuiiT2YTcjMs1YxGkCyi/A2rxKqP7TXlfpTAdcW9T5GXcTqfr4CQ3DJ4A/p0p1l+OEGApsM8vhyGGRDyZUTuL4cwyUMaCKUgQO+9P2gCV0NCK7piOqAdlgePrLgyM1Qym5L0Kijb25sXb89s6O5YZVOwTL1N64OzCdMTKTuZcn2OkskijRMxAs9iEo1WF/N4meu4Eli6crXPNM6HBHOUXzh1BFbueK3IdDjERfBarXqM/aaweiHpDUubW+EaKuFrwbhcOvLe0fW0MPxNW3y99WoBEBWDZHhqx8S/KAc43aUa3oJu/xqmtMUnLvzrKpk0ZQwv9lZe5e3/+sVL2JCMN/PsJLjgR4wsI05YTZymxCkp0J/iyGQc6P1HfwRj7DzFmDawZ4o1u7htYDEtE9eXx48bgCxaLa4txiYBRNjEs1BhKtD8Kh+1SBHjv2ujin6xcjk1bgIuDFr04lM4Rs8OscGer7LZOYoc51LtOaOIXeg4aqQYDTWeTms7QE52q4Tc6HDzAjuvA5PEg+o2XamLCONUdOPrqnnc4GBVMLCapDzShWYhwA+q2ct272G6JEZzETbtqdph0fv22PiHhznABfKBW5DjsR7JqqEC3oLv33zLv1P4wTSQO9f4lSmXMsxyP48Fl8oRXAX8HFZKsBihbhKdr2Lj4UykDfgnaG0af1In9ypNPw613wx+6rUCQKt2vwQgRWxlCaAete3ob0kipCgV+q49ygl/W3FIvkQLi42Y/cUXT1yvvsbWbc8euma4U6KU2D8efvXll0++HLBKJo+vo4PdS/5uTwQH1tHQHOTuKgW4brPZJpcSfB5cwgyJm25qsB7qFhGnNKAQ1TCb0CHE6Wuoev+c5I0IeErcGE9xjQ7xeJw3Lsf2b7AzBTQY6Y/2iNPdc35yjj0+VxsN+Wu6sDnkSu16dQXGhYxa/45koqFqfM2MQsKpGECwsTsnmhop6jfYEtXbKsVr6j1D/EtwGCExEGIIKUHDHD4PV9Ay5XbYwwdPF2Ge36TZ5P+3J57ZTb3ndA6j4JssvJyTb+3+3h9Go9HeAc0PpSuyEx/u7/1FnjqTHqk0EVHc7HnuQcY3Yzgdh15Ti7eSP2edSMVKJYhbQQAw2h8TZBRl48P1ZrhJpXtgl+SaitFr2fLoNDwKM7PhUlUwZwBjuUa4E3WTbd8NJCWTv/i3qDRUfR+IXKKqxG435p5ys5pUxYtPeLC04qxaStlDi58UM4iSdlMPUN0S8zr9gCpnV1HhPY4QevW8yVDgH6DiuONPHD0VhYh6wtmilLsy64AGnH2QKRMxaugrLi83NppFM4mPjShHmklJtUl8C9Tk7XhJGRNViAqOH3/Qnvh6yJyLz53BoKqZKTz1ikmQWdtaJIJaBSv+gNbpUc5zj/v1Kl6oa412rHsBuPxATJeqnnfoaTLA+xv/8+JTTIlYYDmfp1EOv9IvG88Pd21bsyPe5ixZkOuklSJNZkFJwHom4e3TBC8vHqp7R9gu7Vi94kCSNBmyN3ld/TJ78A978tZsSpohj3Z+wkrlWYiAwIJzQ9pONHbEY2crlDqSoedda+mBnO8Jg+2HEdvkkRoifn7TiNo9h+GcND5T69XE57U59Hb3120ZEt1C3zoSF3bBb2ldHb9jZvWpkIXwZ7wpaLf+ApspznK0/6JdC5hV+5nw1VY1jQ0tsAFcUfgUbywKHQyAfNP9RZm8i7f0QDJRI73XsAZ78K+9gSM00z6me6fJHt93lcOnL0cCndujZ3ujzhf7esZkLIXtg57ejt0DZB/Z8w2glJzbpX2rqA5oFblJl0q7Q1AlUC5gzTLyd8ibNuBP4eN8tUBxE95/w6beF8bOXfMVy51vVUcE/00yjUyiROk73HDyjUtST2uGBQOBl8mjG5JwbUxdvd2Wyy4whYs9qYMVdhpisPTwwq4ae3jhho97eOEeXriHF64pPbxwDy/cwwsTHe3hhYPfH7wwMBGTWW3QS2F7qtcKjnqKimim9T/UW1rkqOkoJV4y36zL4pYbtTLTsZsTcwzE6Erva9eTVPmEPRyP0ZdU+cOyoj+LLvEIZCphlJcpt40TFmjE1yls3Y3vlUJlBc8qeZIzNBSIiMpsUJ06zdDyTPFgRSRrJiC2OQLR2NAMh9wA3AFNH7mQC4bB6WWS1qL98WNsY11C7PKZafSYkcTttuNMee48iE2zc8N2WEnyhvwP2K1e47Peb/C6tQ9A49qzlYn4vup2wpOxkdmiyZ/YMS7ziVo98m9nO4o8aIEaw4Lz4okh4XJa8YY18VL+XjkWF0uRVOPK1rh8XfmPzJ35cXsja9c7m1VtfMWxTdtVz5zj+y2npd+YUSvUVjhd8sgEEeC1I37NTtrsR32Pj5RuwUF7fbx72nx73MxNg1/P0CY6XVkXA/dRd95ctoMuOB8NfffH97gvBNGSwvC3gCRaHdKGiKLP43yM+msECXXhb/bolj26ZY9u2aNb9uiWPbollx7dske3rCs9umWPbll8yXcie3TLNee5R7e0a3hw6JY9nseW8TziRTiZoIfeeBbGc/hgEc5bsTzqX1oLyOP09Qm3/wzbpwcGx6P4sALjUeo7L5/G6ig+/UxDdbxS8RGo6tgAreOVpfRcpOlM/OBSii9H92ZunYRQ2UcWVAfO6Ag/exNNR5ZSiFflNdb3yvxaIVylvhCGwnb6gstS7cvfza9tfWlDMcFFLS74Q8QwKW69BgiT4hbrEUwKpUcw6RFMflMIJkWS4AteInS1RWMvbzUAVRBJpyVneyic5tPXiqjX8FRGUCUiWqeIdut1YVX+Rlf9Brp4IFpUR9FOqkinPgYMy6eH3IjMdzot1EhGKBWKzKoj/U8+kCocR4UK46ZFdSv1o6mVbyji8jZIRYUQZ5MhOm3cstJiUOiDkhVcoQSNwkaVyNROr6ItpBAVoa5x7tbpR7PHQpXbKZl7t9iPZrFrGFgcif1zrSVtSyEaTdEDcky9KE23wAGlFN2U3AhRaKc45sUGoqN4RjYXAgMgtKRmcbWKblztqru7WFw7kGzPT4O9eg2LHyGyGXUZZaPxuphzNZpOMQkfXFy3ekuwdnuyonm6CMcfb8JswnnbgdsSr8G4SWpXke4cX6MCEkUrnWsGjk46abW1QYN5CkpoGzY6L4WzeQpUDwGewpjcY7O0WTdZc4+bA4JXOWV8xZSA0WKZH6Jt8zqObg4RWhQO8RA7OJSo70OS/Q7/QP/pfv63Flq1TtRMvprPwyzOI0cMT42capc+XsZVYx8v0/BxHy/Tx8v08TI1pY+X6eNl+niZPl5Gv/S7ipfZ1Jg1xVPCP7mtWb3R47dl9EC3397m0ds8eptHb/PQ5e5tHmLqf1Wr2Cvhtes364KJlCrE3jcX0SxNLuuBaKo8hht/2clWOBiK3qjTG3V6o05bP3qjTm/UqZbeqNMbdYLeqNMbdXqjTm/U6Y06XHqjDpbeqFMtvVHHt1+9Uac36ljloRl17g+8o8jm3jN2RxeIjnLHGzaJB25Hj7nRY270mBs95kaPudFjbnDpMTd6zI260mNu9JgbxZd8J7LH3FhznnvMDbuGHnMj4Ld++5gb0T3ibdBvNVAbzSgbUSPCxmdbB9c4KbjBlN02i04y4htZ+K3NX7Pqx2oZx+P78l/t3Ic781ut9uOh4XS0uav2nqqF0nuq9p6qv01P1Y5OVX4eVapZ46HpdDV98nX16ZqupuR91e75pV5r8PtiZ33anIZi3oR1jK54hCEF7Z2+eqevmnI3Tl+XsAtvwhpfgMJekbe0F2u0xDHpn2WzqJ8tDqtmZEK57+pkb82JXJTO9tmuGZ3l7dkwzN59vLb07uMN/fh9uY/j+QD2/lPbeaWX1LTIv4QMNbIOzSaLJqf1Oio21FxA6ec6D/eh9G2rGp2GwNO1Qk17FcDvRQWwpajVXgPQawB6DcDu16rXAPQagF4D0GsAeg2AftprAHoNQK8B6DUAvQag3qfjzrw4gHjBGibQFfLbiBPs8nAcDpHeAY+E7Gx+my+j+SH/jdcgXH/4Iddwh34gElk2iRaz9HZO0kWjJwgLfkYwhRODHh+3T4Mfowudm/iG/1ZbheUNzm9qtg+NeVw43twfmhGpYihvlV4i347CPFovLEgtcCgyquqD7vibCDmOHyynEN6F18fWn0oXIJ4v23F6eckT/VxPND0zzi+V5xUnmOpS8SpcpdnylenQMJgzUTJOMpUvP9u6s0yl+8qnM18hrkwevB2HM+jQ94tD+et5epMcvlkl6O17iPnuo8lh0WXSVjexQ/niKsxL2i7rl1YtExzUWZCs5hcYyTqFmzoZwrCAcyJ2RAdZLsPsMsJfLm6Zoalfu7oOgpA+i8dhUSf4pvhjlcy29BPDJ2631D2o6U19H+HJuh30nshJuYsBs41X4XVUEKjhUC9Qi0SsU+NwRC9RO6Dv+dm6Q1oloYp23MrMW/XVd9c8b+zyBDVASG/sW6/gw8ToUutoMAvMcvUw16s1qxSJ9ZtWVc+tPp9ZoigHD2bRPEVsGuCExdOb5aRPqO6aRWFuKwF7bWmvLe21pb8lbWmFzvwawf3W1LvAd3TnvsWg9kmbArhWl1GqQo1PAtSsyyyXF5BuC9AfENmb2a1WxQglF6JV0xYRa2irTqPwnNWqRNCOgn1VlyLydgSWvlMxIDFFHArodl2oAtFcaO+g8syK06uJYXAF3i0QrqBGkC9KzvSSCpGLchNOOSlch/xekxB9AbJuFJZDPCgeD+Tl5zAyYIGjDda+oSq9B8JPtAco6hhuV3sHhPZIYMnm4cdI1wcLNiVi1LAo1mKyznlKnPuIwuWseo0My/sA/x0npOWuH82YYJKpssBmKAioxA5lJS02xhoWxv/i0zgCRqRu60p4o9qO+Sqboryj1G+TssgyCl6ly4jXXU8Lfl2no5KIvhwmmg7SZJUVIr7D+m1TODNfHR3VaGPW3+dKCFlnX6lvNbHURERRb8UNF8dwXEcYiOGja5xuVKSzaTABuRYl0zi/gqlb3kSRhYvzzyhLackLWtTtTs51jDzef8SoL7r9NoaLfb2JqtZTnbQUoXJ4wt5GPFMZBrwnCij8JsBTgnafu53AoG311p/hHDj3MczJOrOqvjVwD3Abm1+nFhbSKHjxiWeiMMM3V4hXpUW2etsWV2gJcoo4EAYIfUemulrRtW4yT5es1YcpG1/ZspGWZCmYGtV0XS0eVOWLT8jOFpRWjqktf8JbCHVNuCdLcyq63Xkdr6zKGdlFzHsUWX3y6nmThcEf6sQR037i6KkIB+oJ0Wod+M7yEEhQwcfodsA3SCKghvJyY6MgdsqtH+HX9HG9fKWKD1IK1OQdwoutFnY//qCZED3kcAEnvsE0qkodv2o99UK3kFnbGqaFWgULyYLW6VHOc4/79SpeEH1kdLFpywJw+SGcxRNdPe/Q02SAdzn+h2gFcxPP0yiHX+mXjeeHu7at2RHcgpjA4igIl9h3SwbOBV0yMjOJFtcEQ7t5qO4dYYMjYPXKFokqPOU+UK1fZg/+YU/emk1JM3S38RNWsMyIKxMGKlTWhYr9q1jmUXYZodZ/fOVaSydBkv76LHd7gDSXptjmWoueKu0x6HBOGp+p9Wp4oTU0vHvkd8uQ6Bb61jJNlYttYGijoa2r43fMrD7xFTIPF3jEfsabgnbrL7CZ4gyO2QkZUEBUtZ+JzGBV09gQGeJxReFTkbTQ+WbG9xe0Wb6lB8K7IL3XLkN78K898iJoaMg+pnunyR7fd5XDpy9HAmvco2d7o84Xuwfq3BZM3NqwuA4HKd8apZMl3skjWAoELiRmnMgO8M/CSmrGEeXMOoEvuiEGsSsXh1w+mb9QN7iJ80qhIo0Fyz+K6hEXexpfwkbOwjns5Nd80fLSx9OGiivKuLcyXWeosf9z8MZuuH53tLNC8/DT21XmAhsLk9vvaryRVBl6QisN/ei5/+Wsel7WsBhZz5iJiBtloEvU9U9WqNQIL1I2crl5BZKxq5W6LrcfSDkuDSLjcJGns9VSy6H70aenwZcHAel+YIHGaMe4RB2oR1f0qKiW46N/PXB1hS517IkoRo4QPOxl+Mkyb+EEHrnqOCl1n2qcjVcz7TRmDwLksyxdJRPe/q56W9UVqrxgbJynCq6PZXDkReHLJ0f/OhAr1Y0leJr1Bmpf72bEBR20DICvQQQsHeF8GWZLuBLIfK65/yVaKR2VFxUPpAaAXuolnKS0LhHpyoJjGIql2HHufSVyf4def+nM2hZkur1AHcRHkKHR4606MY6q9ZThxExXGXq3DYIoyZUeDUdess3qtjP2HnBUD1+j09xS4kuUam6lqSe8QC6upcnwOHeFCw3I0TDNhkxtLOts3Vzah+FXSQdLh7kDNbSt6pXl2A2J67C9/Ujc+uRp0oJM1kQ89b3jJJsFK8zm5K2oufQmbzhGrOeP9cfJh/Y5ameqKGSoQNqQbyWD0WCjnmsKNE3Fsx4WMGeHJaRQVcJviJVLaCwQ8LpTYlnGloy3HDc5vkt3G6gZek0sm6Z/y9SsRaZsRq7zIzfKq9hSvQbPNOAoq2rhj3y1QCRwMixr3r+hyr0CF7vXNB9ylnBKPdjedSMRlGq4RczRvlD860WkSK5NYLWxdb28bPUm/9ruNMvWUoe6Eyj9QJhNZPCPcv1GhwCSbbpBqObXlF0qnr61L3XQaWDZ8u1s9VG0iKsEKl/RnExItcCuNKifQMMV/CgWVcuNBpkiwlV2kWKEE74N0H2avJaWaTqju4dqJd4zi2BYsDpWhgC9A1DzcEtUGzrsaOYfqyi7ZboINRokVlIeU14zukUIfJ4AuiV+yHUBlrZZfZgS5t4YXq7iCWwlM6mNtbaq14JAkJOjeq8VVfzX2q5PFjtd8N4Tr/pBQL4MF7diOkDHpwGukfoUlh1O1D8amVUs5C7z3atv/09w+g3VQ+2xguoqzIVZgTUQR/PGOBksp+JPp/Vb2MGBccuBLbPKEnYusPyvFHWDReZ4O/ddm5gKF2Ges3tCLIYhriyc5Sk7p8wv0IVRnQKeDrhTpjB/bmYt0iNWwXShED5s+BrtEQLaDfJ/HshDM3su9TkhITO0OZzehBwo1TrOyN1IeTBxT7XuWDt0aA2gSxblwaaJtT8K3puty2cim5TWUW2tCc8/KdbygdVAkyuFKq++O5NtAMvxxdHXIMIgfDfwdoMglq0QxRQFJa89PjoOnokjEwgAXx4d8Wq+ccGsYmFXQEQMQMRxCxVb7wMaw5iIjjDlU+TmlR6YXTyAU1wucRvrdDu0a13Ek+kYEsjbYF+dWuBlwulSIKzFc4e9kHSDb/CL4Qm9dQVTEmUHzgU7ISvhRKn+dLBUq3eAKju+kuH0zBfpMkrGt65hVLyIbfIDTHsypoMWstfoZUqccVryMA4LjsXNg/a4kmcOqwaWe+YCZlUDh9gQEajXsmkXhfOcyUeaXYboWEzvqfCWf7royD4Fk/ANTfbpA30Ng6R0K14RynSdc0wD+RlxJg3tK+YSeLh2Cgja6u0+c5lxvC725kBFLP7LRsRGWUmFACEh472rAnVGwakJ8GTuh7FPKNBRnLKBFs2WQGQu62wYquTp3IS7skM0uySF6t4lCwm5PNu03XjAhwtkmzOU5+ujHk0JgTRQIgKkcyNNiOBjTJGJ1CkBMjDhkH8D/mIIhOxHMm0IUoxTfa2i9Vx7pdVp2y5dN5ZJuJBLGPuviMKZQLstbWyqrBBswb/IBo9Amq07AKPgRCEWmFoaxXssRZMrNrQnuA97pgpGXTAPRGQFSpgmuEVLAR+ubfEqZYWNUDzRRBlujHRPQB4n7NJiRjE0PJqOM+FVnzZa8bEsyUqsmlOssSSVcO1fmdgweP7q7U/fnvz1xbf3djb0LPyqDkV6A/TvjQomd9zo/kejVKX2/BJfPbXKk2jBxFG5I0rsEYEPfPutfk/YRPocLTNOy0uEwU+zaMkSmAmAUFvqEuR21GGP8W5GZ8iRFgDkzRhvDYx0po6F1k3uEm6WeGehL0SC7G8sOmjqMzUt4Tcp/27VabLFWe7lvCdEfY2qyhapLaNjLlt7jvuWJEaMP6OxSJYvqd55ou50f7a6MHVxNPuusO2Md0iUIM9AJxndf7H30GHYI8FtulIphG5J1XDTYnoL9B49UW+rbVMCwCB52dDFUDtu4JZPloPASQ7JhqhirpnSqgSqmcg6VuW0Qq4d4uPOiaUp7rBaioiCr09VlKEvhpAqng5qMB+zdPyRVvg5Hu+uXWzZOliQDFBKnpNXz1GsJF08Nqh1IHsYRXJJpi/ViT2YfJCIQJTIODteazOmWnNihWKZeD0QaYaSp4k0jyvYojMiHa31GyAb8kCkI9m2Cqg1iLzwjQqyr9DSodBSmI7DP5gpGk5kjlobR+b4Clh0YseL9JmS+8AhCJktIEqpaRLSoAhP9Vi4L9N4oBpvH7ptY5y6kvyacpYybTaZvFC7ApwAkL1okiMPhgu6h0bTeZzbB4OW3u1kioUQcW5i4Im+ePw42P8+kWgi0hq/gN2wvD2wIo5Zweh32OrDuIrF3BWdTpk+QhJfrHYiXX46NljdSK2TYN9Y2xpZMxBQw5g8KIeNNupL+O4tPrZavGmwWyfApevcdQGeM2X7qGwOUDZTvGcK5IFtT9T3p88fxDzB0LY0TW2u4ViGFk/ifK0Wtsp+oUWVM8Q1a9VmOlVmWLp4BJcrb3ZTb2m8Gq6uit8ms+PZVYpLrRGzg9wvIpC/4jRTv4u5/p5M39jVIfAAQ0duuXbOFy6NJfpYNKDv+c9iobIaUMEwABY2nAVsupaYdXgYLnLys3KdKpWkPNW6QjaGicvO//t//z+5aXtBPt8RJmGO8xowQv+5wcIN1qIprjdHhUpr58nMosL5GurMq0q120aCCIEnnRHqqKVdVamZVZSAxStrO3NtNLddWKGM/B6QTB2chW4C1Mvb4K9qAKPn6DuCVDRducgGdzki9pFTtPvyPr6iXRfhbnviXYcrUzY5IQx165/H5UnSHXU6E31FGCziaBwVUG+UTVZ+RFKTKaWk8LReA8FikHIoMjpk23nwv99+9+rwb6kSYMaEEEDYIXPSCihkMaG4b/HJCBjmeBrly5HUBmvx7vGH9rlngE3JijrQMq0Ck7H2Pk2Irt0YaBapUqPd0HCWaIVPZTgr1Ml9bOUIsewRtL7p/s94G/+yF+zfkEJjD/+5x13SYoINaWK6xl6HWXx5GbkdYFUh+Bu8NsiRNkZgL6u6REw2xuZf7irMNPSzODcezQI7En0KHmtNIMzkgXhs5LdQF+FYjlHrnbAhG0ZNbudkwLqJZrMh2xUmAaPterSplpSt/Qik6gR1qpkr/8PqI0etc07Xk6UekDTVaRZ9JKp1ZnE9qequ0a7t0nHSWsx4qqw3c6xVfRDTR+akw23OnmKg1uMFvObwbZlZU7B0QOOY7S3ph8jkMuErKkycaeRV2fF5xzUir+zx7VBYMRI1CCooZ9+eti52WBQPfcE6C7GWzmA3VMBDbdBhxjyl8XXl8SBo9hvXb3RaDfIh1xYpXBAj5OAzw/mNZ+lqMkQ/DyWrBNxQC1YEsbhJPBvYgqFxypsjFyq2qdcRx+4Q3+k0BmKxDYJvYWnx+KYBCjZvo3EWEUyvu2ueyzopVLnt2Tc112Hm5fSUuUsyudQtkizErtbBVafXFHqcCifIoJ6uzcAGnfZ5giF0grg4wQeLQ3XOB+KuAXV/nuKUb0O5U6hQzYX8GEz4VxslqRS+Aqvu9DYxUEsh4+Vwbd/YreZ2jIO4OMsCtTL5HlMGND8LdWiFU+fjP22VSpXOR9yJSsqfMQHU++h5UvKbZy+NpNSM1hxtqv7y1ZpsR2PiSSk9NSXdiORdakjuXzvyEDQj96QVuQeNyF1rQzbShHgewnYNSLfzt47m44FoPTxnrF3b0W3G1tFy3I+Go8MEeWg2us/SWhqNe9FmeNuOO2gxus3XrrUXD1xz4bkArRqLbpO+hqbiXrQU25LD1tNMJOkkep7BrSvhfVuJYyjVqdOfEapDOE9XjOxGsXsa86EMhZ2jXyvyPxOsiq9drLkt2lSCFYRpQjiQQTCPwsTg5CDPAxWpgC6qX0JbsbcaCWeGYMUc0OyMbPju7MXT4FXNoHUcLrthnuPyjJczbjEYDpf86vkmApaSSk6fb2PpTG1q0VR4jrhvmEOlZFId3Stxt+1iUiHfZwkPWH2NDSH4fUTsm1kzYajHKdCjfJGytkP5wLc4j5Rajq34MOj7VXyJwbIzJIuE376aRxyEZ2WqGilYGELGG4c57TAlL2PwFgGouByxyeXUqhKHqecseIbuhsPVIpill3BhiMRuKuaMp1mUW8AWKU0Ne5sSx+d0DDBYKksz23wLmQjeywiFlkuk7pSQIA/+rkkLtzYKfqwZSD1oBBcKi4MxQfeG6XS4zCJruQlxX49yUIqfttfJmgsKEnBJ2ujaqvj+0DSGRFttYxVCYsC7ThJOHqme8ORCLxBkIS74VP8pR2meA7Zd/eCA54TkPly+GJH2kUBgOIW1bJSwRs+6WSmEZs7wyGUfJfKP3YE9d7rG9GcwCtpRcNsLAjCHC+J2r54DPPuozyDhszD1Ck3FqZpjT+tpSFJT3cZXe6KdaHiQwus2zs2fDl7XZD1SLmvWSZDX/AkOXkRLCW6x4tkV/kTVTclx87TOiNsbcmhaa3hu6Wkb3qgo4mrfWw8NtSmZZlOvhjpyuvSzAgYq/NyUpof8/lyJejhdn1yO6YWgq2yeq6eS92wdVNdKJUXWywBq1WRt2+f8eUSIFT5WKXVONctM4Epet81sCWqm/6Zjq1vmp/qBzmNshWer9WOqWDO82lwtzoF99UWngVGuxrZkO/iODQVP/DJDfMlD8vBryrNnl32dYXIQWCkmB4HkmBwEnGQSw8kCSTRZA/TnID6F7IktIyu827RZGxI71gxut3twmwljymPcJDekKftQdZwpYAvDVSvKWLOQDyOBCcU2hrXJTC4Ic4bfYnQO7jLp0a/TGK1gcC5Ro9wQGgZTx0AN4qMr1SiuyA6vlKqlJ4SqNSR8aFEq193GWmuA2MXQ2WL/8074Gn+g/wz1x13OXU3uzHWWpqaapk3rl/3TnRJG5e5xwj4St4kccL7ERdPiQD0CwLKIZ64EgOOjo3+1Lr5xuAC+lFMsRLcE68F4SXU7qIwjSOgFTDBpg6LMdAvctaneSsFT20XyCsDBUN80OlgjMOH657SU/nWtPVGsYrdEzCPV7famp1sSdQrm5F9UFnXrJzuNutRF0pKZcTrdb+VwFzPfVphXHKeacPUqDr2UO1nxrOVXaxMtC3uLOd47p64WtwypyU7dS7a8ClfOGXeLX7WmnhYAaubO8piC7hXGTR13Xe2Nhk5U32GdMO75otCvk8tiAmGNqNsn7O4TdvcJux9Ywm4WqfqE3c7RYekTdvcJu/uE3X3C7j5hd5+wu0/Y3Sfs/t0k7KZW60hVn8u7z+WtSp/Lu8/l3efyLpc+l3ex9Lm8+1zefS7vymt9Lu8+l3efy7vLwz6Xd5/LOxBP3dcpCCsOjsj/yrTrKyj5F/yTncusavCADaDhybXXOFfJSVIwv6dk8mzJNBtPzHmLgr03cAjT+SDYexXdRPkSTuXed7MJ/uWo5kdsMklNsAZmqcRUTAPZyRzL8dwes1GwYt7SmJOjNbYRgWTqyg/M3Xa8wMNxvMCjbHzB45Lt07336d7jPt17n+5dlT7de1PPHy4d7NO99+nem0qf7r2u9OneS51fN917w5vd0rM3M8rD4ucN73yXMJfumJM+93uf+/3es772ud8fbu73PmFwofyuEwb3GUr6DCV9hpJfa4YSCxu3z1XS5yrpc5X0uUr6XCXtY+hzlVRLn6ukUPpcJZXS5yp5YIifWPpcJb/uXCV93oz60ufNqBtqnzejz5vR583w61OfN6NQHoKU3ufN6PNmmNLnzejzZvR5M/q8GX3ejD5vRsNXfd6MPm9GbW193ow+b0afN6PPm9HnzejzZvR5M/q8GfecN0MDjLXNi3lRH16VYUK8Q81i1YYWV3vdiEBRxJXWEGiq3VAl5jCgpNq4gfpcp0KafdPYqa3RmtOmcJ7BIp5lIYhpCkF6U2Sfao0G8QY2jLD0kQUIt9Rvq6sTLz05R4SsQNdtM51jnZ52B9dxRasE6OOMPMFNa+g4eYkAbgSFEhIbjgwN4VYP+BZe5QUIOKywmcjCW7hWTMGldjI3jFEIxCPU1HO12THWhFj9hvda6TjIkXnYHFXtu3RSDdtKrlZz2J545JkKqGcMq0jxbOxsKckgaLb0SrYslnD2FFcgmDHrjp3BATcdukAMKsgF/pdCSdabh3C+cBPrcSL/3QgKaw/a+F7TbsGhj69ShASB3UXcJDSG+7DI19rQm8HlKoSGl+g7SijNnlOsIA43muYcuL0sXjYCO/hOtKpH8S9EBDXC3RimNy84qL/hpRinqOzK2R5Bvrl23gkS1K3QwsbWiSJQLBIvrKL7MfK62CIx0iA+wuFNMxQdZw7dGq7qWzUenu+X3789U4w0GRWIGL0lWvbnbzCDwvorUMN5NMy/0E5jsuHtO1AY3WcZ4lNTdwYq9dHa/WoO8/PfFSrUz5Bp+1yRyQiPYzoS89kIpKRDj3P3ElU1I13riNqxsDy0ghJXPEvzXF+5ItCcKDZoQNlPLqIxwn9aQUyGm2jshImOma5mwX4OUu2I9FSCVmqqOGAHjvAinuGWIsASdHCHw0H3VDxfpBns3kY9Zctiufj9YdAYaMFB5HWsXTvfXoc51ac461Oc9SnO2rID9SnO+hRnfYqzEsxbn+KsT3HWpzizXn3AKc6aCICON+6Qg6lmsrhPzwvwPossTklKBQJR6OYucmH1ScX6pGIPIKnYrzGP34PLflg12cFU5ek4pq1LhslOtErtVP6XVFno2Q+F3yozprLCXcA4OSRhnaRwm+aBU5X2mdv6zG195rY+c1vwsDK3hZ9U1NZXT6pP183rxjMD3YZnbzdAK6+tiOFFcjYUqrOU0CuY6QDpEDt7kOGALzeTBafW2QOTXT2FPT7NQvVa8D8MSskzQkiRNDgEja4UJImlqCn6yzU35zYoN6PY+U2ZXUfhdtA/Crw7XlxK92smMVI2j4aqVWRkCy4YBlMCPZHoj0EQC6QeiIeUzQk7cf7zz8CEaBjIEc3lL78M8eeMkLbhX+eOFiztNSI+4+dCcBmfN4c9jbskC8ewKXLTC8xklJGxqxnL5ss/WZ+SUcvhiYWufOiyDB1JDLsTBjKMfDWdxp8ouRAdp+DLplHxcVPn2zDrPCzy47Twhx9/+ZXVSVd2Il2TnB2KgSSATr6fshgZ5Dw4V5IrrcZ5UwqT8/K6ndMMncu6NS7aGeVd4MbKbWl8uyqdK8ZKNm16lHcQkN52OcFcfuS80KRHqu1XZXDNXTMwpg1VC1neYu9kjhkB/yJfxsuV3nKy4SgRcoLOtfFYNk/TUiqP7Ov0JprBGbE3KWsjddO2k6gKzmqmFJp/V8RAOTEPOGwwlFSGRBXiWf3grfsJNnv9K22Bx+viid53dlL0dpdkla5EpTotqUpbqRweFFUX1YlRxu4gfym2Q/2N+5ylfc7S31XO0trDVEr4rp2RTPp6miD45TKV6IpiKniGuPu0tDQEo+A1pYPHgA1b0LpaXZAzhxWYBGJVfmi5gR/GeQ6i3+Hx8Rd/POI0kbhZFNbfFs/qNo3CjuSqNV9vLxmomzzWMeafq1h0SwlmOfLP8SQrNFc44uofBlyYjHlRQ2TYEGuPEfE5tKHTjeA5IIZetdJch3UbqD0pbIyF+F7UdP1PXe0OG/lfelKkEfnXVhuRQ7VvxqOaOUC26RJ++BhFDFDPChutVIE6Xz6vXXZyq72Jc45VquM/WLSU/WPb2bNVQhIqer/VjUecaht2xefBSf1eIGIvjAKzhKpaqa3u7HwefJewF2ExZaydDKrawxv6K8upWkXPEkT+TBraOaMMbhjSxVs+olNH4RlZNIuuMXBDKVSNeFJ/qFRwWK0U7TU9DKotQzLM1DxMwksTa+cMOIN2nLPGvBywe0seJUxZ8si6Zf1aCazeIUuddaugzwa97WzQv6o7/+iLP3692zsfT+pqeTKFltfaHdb3vIA8d5h/Tth51KXwWzZofZRhp2uZx3C6FLJqEFGIsUMIFYWeQpEGdgImBAQQw0ZNnR5hLFZumFNe0P9z8vJbw1aqVCq6T7Lsb7559uTJk69lEWp3t0FPJlJszxmbT1EOe4nK9ODrQfD46PGTAQYZfR2E8+D7s2c1VSIF3cMXh0fwf1+fHX399OgI/u8/95p3R3OghUPM7lOe28HcfcpzZ1f7lOflGelTnvcpz/uU533K82rpU573Kc8rpU95Xv/tQ0t5HnGwZSOahmfCc1ON0gqofHEyNnJ0lZcwB2NyFYWz5ZVxfG2oGXfNFcrc1sc6Yl4rTNLxeJXZ6vNZDHzy7XimTaQw31EyQdWOxZWvmyF9Hn46Tb6ZxZdXDhitB5z5VXUe5XBy7EX5M8U0nAlhB0/5qbWqeqavgMFDfJulcT9BQaxWG6HKG2t30DnnSnKF92Rl+RQPzYiz+apwOqW5QVIUz5y4vjOE/bEFr/1VviKtl/B1apcoSd5spgOkMqgYCyVnKB1ECUZ2DlB57ogjyCzYR9BS3HBCU+2ZPBjU7H4icOHsJrx1sc7iFk8eizIM0rZx0lPrWCBgXaDaYLrgqPaltSOUboDTyKIS5JOVyLyYlnft7LSPVXZaO7+rsfkx5JFJ6vyYsqC6mB/LM07pUp0jFmeAHPO+2rQrzhkLjhcf87ca1JQLzP/Lkrdqow4mRRUKUWel6HgZX9tjxayZpN515ULdTS7XzM6LuhHFtyvSeAvF5Oec0yugWD3gXF7LASQSEDetZ0W/pTzuzjDm+88+iWHbCTjvsNcprKJDAvanqXZ9BX+3Bf+kYJ+sPf+8YEYX8L1bA/DGVfLxweMt2YtbsmvHEzssfu8NeeIMgr1X0U2UL4EL2/sOKCT85ajmR2wySQ2uYr4ioX4ykIPGsIvP7TEbT1Q8y/ANjrixjebMvViGAXfb8QIPx/ECj7LxBY8rdS4Ju3+VF7xONW67c7QkdUeX+skKjTnhRcoBO271AZHbaqW7yf/u0ZVu+d+bsrRboTqtudrXzyG/WvjmgD/ePAd8MdO5dyb11cInzbskcxeA/WKGdEflRYMbmb/sPPCT1HYxPX5SyIPu3PtKC0+55dOZtS2MheVjPCM0herEOKrWU4YToxPMq6zxMvKmWEmJS3ZUH1p4tE1J4YkbKk3GrpLCEx2xDsOvkg6WDnMHamhHCFaWYzckrsP29iNx65OniQNICEsT8dT3jpNsFtw8NydvRYu9N3kjmQnq+WP9cfKhfY7amSoKGSqQNoIpQO/UwUY91xSIXVSYvxQmESlUlfAbYuUUpWwCXndKLNdbEpWJZLmk1iZqxsiTDdN/t2JRM/aVZ6yL4F5Z1tjgRJbF4scLsgtdet8lz534vmcWww2z5iH8NPPWw+LnDe+oHjmmsbsXe3M8UWF+rZAh/PUiUiTbJtCl1Fid7da1kXm13WlW10sdGikHkejCbCKDR/lehTU3Sbm7jVZUza8pHltOoY5rv4OZBMuWb3fbcZUNk6tEAxRPyFrBAqyV9UwFRJloV2SqCL3SRcoZTDv6JMHFy5S02ynXKg58HJpjAcrpHcBQNnj8ocOOZgjYiOkq1Gg5GKHahADR6Baap5N4SlioLdFvWErbrBXwyJrUFtnZGQU1c1jXsNzz1plVDW1iy4Zdk1u+FUWOMGetYJpdhonyo0a3sMs0a3IT5rKfj2GUvKzkJ3Gg1w6u51vxztH4UqwwJg2jbVCZRTXQU9acUu2Ee7zVLTFzmRO97beNL1Rjn1XxW087OFohs2qAAVsvfBGB/BenWSmrxT0RaOwqpdZpBGv0odMa130bOkwDSR9zjsVCasVZOiZ8aiSw4lAMD8NFTtKEa2OSzZjoJeuDMcOipQf9f//v/yc3bS/I2BmhU2SczzdNwMgNOnNRdpujQqW181QF9h/m5aRQLQ0wZk6Kk6ZmLBS4cfaaFfO4lUNKZRhojiRWhT2YCXn30HglLY1fp443Hz0vZr6VGM3WzqPYEXGWRyc8p138lpP675lTE8t28mrSqPxTQ3vm16z0zytB9F3m2cRy/7k2sTyEfJtY7innJhZCVbnbvJtY7jr3JpaN8m/SXPkf1vY8nFi6n9N18nFieSA5ObF0mMX23JxYus/iOjk6sdxPnk4sHSfNI18nlvVmbq28nVjuJXcnlg6z1ymHJ5buc7jrXJ5YHng+TywdFqU1ryeW7guxRn5PLPeS4xOL94x55frEsk6+TyyTAge/TSGoWHMdLFhOTwMBVU4z0eUa+YgUqNxm23Kiu1Y8K7iMKdY0i+bImYoD9OuI7VeNeZRMKYC6VFHHCq8acJcjjwXdPMOrE5tNlQ0x2pyWbkJvc8bpuDHb9FttsDhYPGYNoT2Axj1PcbG3oewoVKhmTH4MJvyrHS5XMjrAfnPq2EzMXciBU1zbN3arua2ZFk/YIsaU1+w3IRLRa1ua/kr2v20sQaVSpU8RcKeSYmUMM5POfXQoKeXi5RSiSakZj/yTfroIXz3EdnQQnleKp+6hG6m/S53D/esbHoKu4Z70DPegY7hr/cJGugXPQ9iuU+h2/tbRJTwQPYLnjLXrD7rN2Dp6g/vRGXSYIA9dQfdZWktHcC/6Ac+Z6qQX6DZfu9YHPHBdgOcCtOoAuk36GrL/vcj925L81pP1MWiEvLYkf0K6csQl+i9ATbU6uAXDBVFK1AyHjdeI+NfzxdIKY9HQnNq/UOR4R/Nw7WPkr8bQUZI/navsI6ea4gYIpOjEpKKALXPEXUHPnFv9EjEcU0TCilwJQUse+EcKAXOjpPU0mxmwRtteIavOYhKocJ6uOP5QsjXL1JeXK8dIRWRSJ1gV80aU2NLRsu2YqAOFjgaU9964wyNjiqsuLjRUv/hhYW+1wzsF3bHfkavRV9+dvXhK+6g86Ek8ZerAbs3neIbGyxm3GAwJLAhePd90AX/AZExwKJawF7e8jjVVb7icN2G8lNx85Kh7TS24CBmjgU2oDwaX1WOVpWq90FLDmivtsRhKjj99vo35N7WpKZeAPOVMZK4hpRFSQNIqrK9dsVBM6FyEZVJfY0OIAxiRwGMOkIigRXR/Ev2IGjpdmUot2wDa0Per+BKzVs+QkSCAXgTsJh80C8ZtpFzxNeAhCWairWqBDeRCvpdWlThMPWfBMwQ8Hq4WcKdcAosl+jILaBH4HxDXotxyBk5NsOSUZCSnc4rxX1+a2Wa+bUySOoYyIIBZFl0iP0Qo07kN+0itjYIfawZS72jLhWLCYUzQvWE6HS6zyFpuOpp6lKI5qF0nay7olLp0U+hEqiTl0DSGbI7axgp1ywRMnSSEI6qf8ORCL9AxNVYBIwRA9acc9V/klepackH8SEhTgssXS272CeavtpaNcvHoWTcrhQhZWVS57X13ugZtZgdeicVeCRBTMlHbvXoO8OyjBpCTR9tTrzzQnepzTkQ0DccMtVrdL2pPtBMNS9P75XEVEVG/tiVNLwam4Nznf0Ovvm2Q1mKNWn2UW07AVvJthluE2ZpI6HOE104hdwonszPfOAP9rd1gu/FGo8sRLrqyi6BiVq7RYDELDXlnBRu6fgt6TR7NQ9gcY3faASylbmpIWTWMJbqFS6MD3mh0uIDghJO56Y46vThfMAtvCvPpUgZLezA2ztf0Op38B0NCDChvGAb7Wj9aqzAIouXYOa+KWIiqlHF0lYO85bA84KnmSyuPhTChtjhkTgWBd4M8nS5voIrDqzCb4B8lZJD83108C80jafp530hEBubKo0UitF+gP0B0EEpIggAwNsosDpGayYTpr/kZ+lqcbzcMCLGnxavWgrwnBSauCnZmRVua88I9tqa+nf09TfgCLh0s6wxR7JmBUtEbYBA80yvzkgAoMmsnYKDBNP4kwIQY14Uz53Oyg8tiDyTEDXPcq8AvAooBBjEPEeKacyLpWbBW+lFeOTfe3eB50MjWCrkN706FmQUbILu1urb3rHDozS55GuwF/6Y63HrdXEWzBZOuOR5XXpvwIp7FS4JGsNbmYnVxoUP00tLQ0xvUm+vwlEP1hpApR7BnK5BcXTrBwtY2UFwkcUhAm4uxMXmYCgdG0diQrXn2HnFNpK8LsG7rrDFmr2HUHs4mhcotC0slhwRx7rR38cU4KS2keXvWgubI5VQbbtQ+maQRgXQTAlgpaZQAh+fANlF2z/b6GaDor0Czy1eeao/Ikv4XkEI+OU8yzrJzaxP1wlUa5mVC0NYdi6V5ctxsvJaXfRgbLpJ27WnwX/vvwuE/j4Zff9h/N5S/Plc/Hfxl//3I+fzg80N4af/dyfA/5bd3Q/33T6MPnx/8xXp28C9tZjVfd6BFOgsp6fGWN7Wq1zIPWpu8hAId50WC2r63Kqgzr9M8RsSjQfAqgg2B2Ed4paQg+DvyS5lC+DPydhFyRmJ4Vpk+DKqt9lpPYB74XTMhqMawcvSYU6udi/CigNOPccWKp2BgpwShqGeeF7fqQaLmo3sPKKX5hl1ww+5wGeopbX1Rre529n8byii3Wdi7LqbQR9WOSHh0bwY1WPPFmtzAqlUMUlTcYzChCxbDbyxN+KbQQsM31222L38CopxVbEgrFVBXTbXsr4DCbb8UZkHFLs0MTFY1iMqxt+/UF8q9S4em5w3PLT+9hjcqblG1760HeFrf++ZeDXVQaulnFahf+Lkpuy3RLFd+WyZqonhNLyTaefMUt5Wc7OsAt1YqKSrlDUBGTUb5fU6JR0o+hXdRysZXByFYSUTvAvlfP2OGuTjaEgBbbKkQAoXMKRHHZrFqEe6qvW6UVwoNP9PXoWqXXHWwUZNEvMDROt0DNUAmRbI2MDdtcsgMFvEsg1s7VmbRTRMKVGs0QPuwYcTYU5Cy9NtKLYsKVTlHBOhM2plmmskeVhpiQMPbEGMxI3QB0xpnKJkIAnu4VEmhSPYYsIZ3lRcS12GFzUSWdRJKLce1k/PnGE3yTckhsbQnAJEm2ui4SPabLp1Uw56rV6s5bE8W/WeRecbZYwhWiQN4EWBvJSg7eiVbFkusRoRVIVD1DR9Y9+Hx0eMvmjzWPe5Dj9sQkyNuOomSYlFhiPK/lPZSb0NKVILHQc8YCiyN6eBNObOQAWjf4SSOr1JUC8I+JTVmmtGOXjap7sLgchVCw0uMbIY6drFYzczLNpYqxwxvDuHSd7FUPYozyzljm+SyGsMS5QUIhje8nOMUHaFyVmdR9Hlg5cxh9a3B22psnegToe3w5lC3UIxWHa3HHS+RlKQZ6stdbh64M96q8fCavfz+7ZkyGZG+lkjjW6Ksf/4GZTCPlWyUJtpXqYZXMqWOayrL9AO6CuDXMxBZBwF1eRB871YUtfarGR/Lf+colaK5WOzzSy7HeOzTkdgUKLWYx/l+ib4FI2MOonYsdYR2cMNdkaV5rpkEMe+dKMZtEFysUMkwxjSrFpSP4X8aO2E0YtPVLNjHRGkjcqGRrLCmigNWaSjtMLlIIcwDHCDOEDlHiT9s9nO7I5LhknSGNTxL7WuN6CYM9ljH+7YLNnWyuJIa/kYA7Mta8bewUasfqAvo0vyiZRG2HteyqzVJi51M+ldfdGLSF1ew+duyTl+xPUhnLrJpIz8kRrnCl9cMaP8tQwh+v0DTEP35nNi8N4xgOqAgJlTMwYEVslJjl6hXNQ0DXXvzM2yu5umbBgTVoXSo5oF0r2G+a3c+CWye4mLh3SapkCVA47Qiol3NzO9W2NtmSuTyGDFJE+eRsDPD5y45tm7nQdVxpsC5jGuUUkHU7LL1p2ObyQDJthnWJgbE+0SMQ4Iwxl0mIe06jVHpDkQD2VNssH5XjGcxJcFjTparUfpvVTl2QaqWnhCc3JCw9yWWpu5C0c7SIpMU+593wgj7A/1nqD+uNGfdXF8cfV29upyXluPQWli9m2h6aqpp2vE2OrDPdndlinWCrZK8TXm5l+zNLA5h09qEWqyetfMKkAvY8dHRv1rqqXG4CIFZvxVkQhRTohjFoLrtV0bfJNM+k2La3Sg23WLaT129xdfXdpHiwXEw1DcGEEZ3AAXnWfPRw0trezFLLw4xipfPAiqN0hx47cPHKHJ/ffzVUFwBBOBtGCfDZyA4DjXvOZpPdpoPl6F2JxsdiGIVuyX/jHoWcuIBbWTQiLAUa7jF6RHPm5ZpUf45l1m6WuTiFRNpSDsbjpZN5rSgE7Kn1owR9mGFB3uUK1FOO+z8cPxXarXRrOLWUXoQw8pAGylfnX5b8QPNSjpe76oeODjR/tMlBYuqvKFOEsONf8WJIWZGmszJTFsvNrk3CpY2kHqXtrwynY1isKVKL/Hrllo7b2DXH1l6dxfAxd+R67XVxRiuySn0jKirXOveMBS5+uf3i7P0OdQ9CBoFAZOJbcBJYOiv1yg0b5x312j8tTuSUpritkLdRkjcUpv/ZWGi+GXYIKj+eyMUeJPEuf5GgMoIWxw27sEYgGU9g0BHi8Ammn8svtp/LF5eBy1WACxd1u5OrAFYzjjq41ZSTJCGWcbq+rCgovzjV3/adPp8lC6mdErHXNXOlMjlSONrW/qaGj+am5ATRlyEOWVuaZvab0gPiSrmMUfu1jYUa0o8uw2OH7PikLpV0fe9+/RhVK9s+npQ6iti86yIsrUkl5BoGvSqRlIoXqI1JC/SY/E5V/XaKVOAw8PUKW4UJL9kL27LEZYu2yVTRga5Mijm5RIkXxgWRhNJLBemQDHHr5uxyb1rXmfpZDWWuCltbCrfwHhi2ZCNFhNYOSs7BAgvElSXGwaK6KQ7nTV+qKxYFIhXUnx3tV9hOVP1WDdCaKnq2ylNxQ4meWKctjAsJeOlezP6OIYap1Dx2fxgOXb+NHj64XPrnx8O/uLy5vQiim4TDpa1zTjOCW8x8WBp8/8bBnvYnCs3ILxCfXG/06R4NcU/Xt53IndlXurgr/wAHZC9Qr7a0rt7GXv4VWFzGp8zwW187EDDd9iMsLQ6fLY6e3ZPNO928nR0t5tPZ4tNAku7XaJskdA6/XpNIk1IRxmeKy5K6g1Vl2N8diy7r0So7TCJ5U+q87haDJfpkDI5tShEXIrhxtk01fupRJTgflez2njgah9UfmSG2MrYhUCIKItZv6wutLZUrRiF4ZrlI4vDWzE4EPCd5sArnqvIlqnVVK+iUrGyeFxB+VWutfSyXPbBz798NhwOP7NAAVHPTGGjOXnmC4rP9fFnBA8WPCM0Q6WKeM6YJGgBstNTVdIwAYeJVIci97C6OMH5HI7DIcr9T1GzHw/z2xzo3CH/je6ZyeUQP+QatJF6COLMCMnQxSrGpOnUPdX566PR8R9HuC3sVD6iAB8B+eLhKO/sp3Z882cC6KX2NUFwZKtZBFJRqYLPVPYXwiqyvNZzyfn8NPgxurhK04/06w3/rZaf7WLPKEWG2RLikWofce4OTYhUMZS3Si8xxpY9jdYLC9oIh9xVtbNNx99EGF4vy6/36zC4Prb+RG0y/pv0yU8rEypTp6Zbcgupfw9LsyxQc5pE4zy/WYkKFW+Vv9c+/jaWxMiL2SoLZzXrxEsA+2Y1C7Pq88/wGKZ4njWEGCq7r62hDwspniga/hkihCR6KAViS33TGXpkvv4bGAX7nFL7o9JLvLR/Lf5YYXpqm0uzSeRuy36DG/rO+qWtlTPJ5MryPkznWOBjY4P+Wbt0he5o7YP6FKsFsjNfFDp2onku7pa+N/ix2XkB5Xme6/R3sI4JCIQ/PHlb+Lk+YFT3U92G/FE5tN28VhA16xWrTUCqbvkfu1wTmyJ7EKMHuGdK8au1R8ZvvAn0kWOlcwuLFM871DBOLzHvl6pbQ29SAqQlYz6gazmJzhRGXaoZBeEsIiAXBLzQ9bHMXu7HjvHg9NVac3lX5IUqpqV7eQizktSg4q/A6gS9Ckr/8ubF2zM7HZ9Gp7bUfU3rg7MJ06NQrTU6SZRMFmmciCKQ7ghkJebxkgFVonxZB239jG5bcuJjs2f5hVOHt/E94W02rFZ9isum8JxKAraifgLzq9lHjH4o2KfUafcNyyHi2mJ4Zdwulf4KcWimpOpC2LnX6YQVXAIn1tU+qq6QTex4OptcITKucI01qRSesasou1wEezR9e4Ng7+3HeLFHbnV7P4Yx8DWopYB9uNdUkXxajiGl6SliUlbocrgANtYCS2icSS6nUzNgk4BZtU/WS7wYUcPCrZaXSPnH6gVtwiLWNnCukBSII44I1uB0VDntQEEUlDGrwRBzxdKWfYOXC8UkJ/K6wAyKraw8L8H+BdIavILJqkXVHowKkUcOUCDEYQOKv4xn5EFg+i9NY0I84z9xqN1WNEmjcV5E05QcgULCrmibQHJ2oQYa9w/tuG1snxwqwhmXTM/MPTW1Wtzc5eYXXZtP0IGfDhQw9PWelWq1byJeCmFX5uIlNFadIZgFaDACQp4hdAj1inokEFQyu/COPg/h7Ca8zdlzhdjDPzekNHclZqaxNTzDVWp4VJhKhwzfqP+jjbwJHeRjahPBFkrQtC3kBMP0ChAX12PTED6i5kVMry3vNdXKlSDxoWAOCeyIXeTMQQNlaGzrzjGh+pE+As3ODyWEBHJj0GOjIz58fPzFH7/405OvvvgTdkT/64/BPmEa5fF11ID9sqkWp1n5OyzLY+Uqa3WtyvlrHXcz7Timt5MiAy+NC2IdPbCsVEQZ6p0ITy23SnsNawUXRWLQfwIWWHdAPAm14Fu3KnZD2iQ5X82WMSJlaffYgVggc8KZxc3w3Zv6PfSjSi4gKEY6BY5yM7YrQgOk+p0w7viOeqt/QzegV8/rW9LjNNB5M7ZT0kbFqZA7rzoVcMPNEAOGbtCbuBazCToJpIgq1BdVqYO1ayfok08DfisvgbXZy1PoY6NuuzxaJCfk+ryX5nvBn/8c7M3iZPVpj4xIqjbzmqvWPbihLyOuZEF2Ydzze/XIYUOHJ7oU8oR/8QnFoYJqqaauj9FtVal0qNC+aa6ae66ywT6F2Y5BRtqku9+2JAAP0vxpQDNc/0ppT2xtbmhpfKbg1GG8ZELuGNwwMOteecsv8r1MkOTf+hQ3ksj6O8CXbFY/Ba7UytFea2pvc5jzXExfh48yQSM1QynuguckF2Khz7mAgEqIiSNbCIeiqIPvFe07TTGzMjnzJpMwm5S7pIAj83/n1CqIQksKDheRIn8JYksrY0EBwiJ1DmDC02khZCWc5am++ZJCiA1jtt1cpfqeao541B3RUGgm6oXyh4kbvqae+iqhkJYSzffsu760rRkp3M+1TTfWvkaXfLxDvalSUNr15Q9lbwsgb3FDua4gxdbNTdyQ/YubB1ClFVKwKxLZSflIWH0SZaFhaMKl4Z2Y4A44l5rgUyaaWNPLLU1nESlpabNjPjasol7rWiz+ecnxeml5pTRflBfOjhrDH7Qc7LXMXAyvutXcyPoy7DYsr5Seeu0sr05a3Uc5rxXu/qt4wdiLFIw/9VowLixwmfT2uN9PkwHCIOJ/mL+hTfA8jXL4lX7Z6uy1MglSus+dyJExIS+Quwrx/JaePR8pQEk9z/D2KZq8ZAo8mik4E2IjhFh/EVG4D/vx1bUicwv/sKd2owalMbpr+QkbdBjeVXROobIZOxOiqjKPsssILbrjq/ZV9yCEMgL/7eGHK6dKk79QawJYP1g9YY9b3lCr7HzNM6Wt3+DXHLafBFKwUPtRec/17RQyYPrKVyDmBIXj/DPedHQafoFtGmeIz6/Ef/uZTlOqq2lpbkEKTtgTUIHEiGIEwYxvYQo9LfIgiNaMUDl4O+mwyz34197AGYCDxSYMe6do5VDILYWDri96UtLt0bO9ddkWjx3o8Ur3LExtgrE/wM66co0Onn9I8orNnbtllDq57lcmqtQMoVViqfapwRKApSjx1b/TSyhNne8llF5C6SUUVXoJpZdQPF7uJZReQukllF+/hOKs0hkcNY8TediEylR/TDoejsLr13g/2qEPdtFhZk8poU/Mhl9tc1dUeZXE/1jVWqFXaEoG/mU6AoZ6/9OA/6ZUK/lPaRLtAw/3CQ24twdlfG70BlrHuYG8iCpWO3a22sypgWru6tBADYu1XFvwazkX1cJOPBmgG35eDDo6w8+PoeAPWPVhMCNe12mh0h8/twXLeYm9DWBZxN0gvUQxdK+6KC1ODM1Vgmgwx8DwVb6nqPDePE1i6C225KrU8m+pe20HXgvQ6+YObc0uL7O8yZhar20YydPAzH39i5X9s2GjRXw+HTQigVh60SsVrOeNAHuu2RNB07Ta3t6bF4L3jPsyR1WS1K6xo7np6IXgJs9c7l6vp52YSxeISz22Ay+E1+ycW1Wh2QTUVufVEG7PHjdp8tRVWt+g//bp9Xm9Pq/X5/X6vELp9Xm9Ps81gl6f1+vzen2eKb8ffd69eBxY8suD9TbAPrrlkHrJ7VchkNR23SmZdPYvaJc3e4mkqfO9RNJLJL1EokovkfQSicfLvUTSSyS9RPLrl0h+8x4GjASyO++CpvTskwo6SO1UVz8faigo6ycEcPqssaKuuJw99KUD+vIqCmfLq/FVNP7Yg1/uFPzyP2imn+FM08MK/KX1QhMApr1avBBXabZ8ZfoEx+lqbP5qwMm0qvls60iZL8NPmIKhkIqOG7SSTIaoa9GAQGVsS6DE36tvPrP3yMvqgzaMy1fVjHUmL4a4HdR2hNF0VRaEEngBd+dF/cMqnk2pT88kDYZO3lqen8buSNf/o2ZuntU9qnZlYiWq0/RSQXCGs8VV+IQ3zRoYnAUuqrqrGyA5a/Y2o3JalVXS6xGWvnKfspLoSU4CDS8GYiom0LPk0R7js8f47DE+f40YnyqZrSSv0WdIodMzBQmIhAAnPIvHRX68WU0oFzdegS2es9abGm8f/xaao+AW7T3EAXy1mUZrVIHrZpi178zqGMLk9rtpnRDhxl4buoVpH8A00yu1cEIk5x34hDpJ8iQBSXeVERhmphL+SYoqFFDlU4JlXcJND7Rxz+7OnmnF7Qy1p5S8eyTa4vGUKqrdKshvMKvDNBvy5Fm3rSlJOoneIlrmaoGg2elquY7jdrUWtTU1tjcDE7KlTA8bXXLx5ZBq0LepleFhmdY0RziSU8pozpiV5hamRahbLmc+c712Z5JKdZ1JqKmGSX8WAXGOENqctNT2VlGpW2uqE+GJ7F8hJuqZZiF0f0XEUT2td6kupv9V0J2wI9MFM9EDTowxhXlDRE/LGd5mlowwWNMGpyLG4SXRjSI0+u7RKWn12HmlruB/0CVyWpgFIV2KitaueWh1h60fs/g6omRwuFewDgtptnM62Abmq3b1EclWGCzVdRlmg2mgRR9IK0VcdnvbjWrC0yl3IpM47TBYxNE4KnB4lOguCifyI16sWSTPBnxjOJWWhhNENRw0Qfqh4H+//e7V4d9S2XGYpjLnfL2kjhsA0wFnPsxVvuK3lJZ1HibxFFiQkdQG8/nu8YcmhR1mHJScVJRwkKwJikFSpyvmyI1A10j0hTq6SCcywBsawjL8CBXIEIAhm8UfG7No7ZFEaLr5M163v+wF+3CGYPr28J973A3NCts3sukOG+2y+PIyakZ3JtYNmZ4DyseFhn6rikSufXWTTSrdg1mEvhXnoKEp4KOiT8FjVg5DpTBLB2I/yW/h+09EPlCrK9iwKll6nmK20mg2G7LQASSYrEsN7aglYvvLAu4Jp+Ah8+A+NFVOXBW/80KcudfpvTeu1nMmklqe0X8mXll7dY2ZKEZVUKZ3GB+mqs0PQSbOUOl1eJNmH1HRiJtxyKueH5Im6/AP9J91B84KuQ1Hz9Cs9zYF5EdyuM4MKInR/+5qnIe3KiFnqc4SzniB2s7DCZNjYO7v6ezgPJPaaXw7VBiuwGMMiYWEyy4Z1xsOWyZ2FW9EXL4/fX6fJwp6v8aBcpqmuti5mn3uihK15Z1lnFuMa0/KJkZLWsCbqE4cYKlbSQHRpygbx3nNBevmAf28sdb2wyr6WjXshq6mTP+k8Q778r34W3X3tPLxsWrxrlrDr0p5TTlqrVejWE+98oR7eFF1yg6+K8+p7ftMec1Pu59Ul9nZuW/UHXpF3Y0/lKcnlIcPlKd3zA5df9qz+TZ7ObX6N7U6jXTPodsypFY/pi4eTK2r43fM7sxf6c48le7WR8m5i7bGqWl99zOVD3ct3I6aasw8GH5oaSdvl3RGk4izOtXN+s1VRLp10Q6XUv+qNkfMNVkV49SCYHFBiglU/9TUPUuB4IWz4Ls3IMCMopFIMTXdRDlHIYaofpjGK1X7gQU0nJvvKxNZvL4px5XJXUwmaM04McBFGCxZA1/bgFEbUbiG0s7DHP6oAjpQhphYjVyFiBgfJepIXsYgf9VXTh4CZFVH9WwU5sxKSYe0Pdi9nPWqcCfVkgzDPmyw9LG8zANltj/LsIvfhLMc/vN98jFJbxqzdDkNZVxaqemyyehS03cHT7NssLrQGZMJV2wBKURpFa0Va2YxbMONfQZ8F49LQYErG5V3LUz63vHVnnXAqKMs+xEn7sp3HxS323Fwla4ylQbuIkIOp0tH29cLX/BZLDqbMLbikd3ZTnKxNMPmKRw6qAWbXmseuH1Y13BTbfLptEzdpSe1US/Duouo8EaT6b+GftRRDTldZMnNojF7cGkXKkNaGvzt7AGzjq3ws8M5wPd2tq4t5Q0k/lrK65HtMqXUylZH173QzIWlGib1PrZqPI0KuSBr50AVZraIZeUer3MtzIAinGUhnH6VE3pTMlut0WgQ8LLDHwr3SrDUbytsLbxoZKsQp0qoWi3xoQb/50Zd06sESNrsVgictDa+CpNLYClZtAyXKvCRrjEJ2lzlyumIuosVNl8rV5SeWrhkqZ34+TGqI8OLckJbU1TSPXQhGmJL61Jc5WS+4dJJNSyMXK3mIbJW4QSHYJ7BPKJTD6bnjIB7BdklvMBrlWZLr6RXMC96ZWkZfN2xYy7VJrW+/9C5FrVT5V/K91Fvnke5bGI9Tsrr1uTpZQ/aeETRbsGhj69SFLEUCw+N4T5clhwT9MUMDMkqhIaXEfyj1n7fMMXiqrbZNOeYHjVeNqoO/YPEuR7lnUFEMPq0mMXjeAm3WQjyp+029oaXYpyiGSVny/Eq55x8lrMwen/MxbNl1qwMIYpAseO8sIrwx8uVuOCgfna8xMObZhOUuR0MG67qWzUenu+X3789U+lBSbolYvSWaNmfiWVefwXuh4PfHrvn4s2FEzRk2j5XAQe+T9N0JPzxCGTXQ49z9xLl1ZGudUTtaF2EeFGhCQxXPEvzXF+5Ofk7BCfXQOKQAA6CixUeo3EIuw++vYiBCGS3FjvR2AnJWQ3fTVezYD+PomCETLx2F9dVHDCHH17EM9xScPdNIkx1DYeD7ql4vkgz2L2NquKdccBrcLnNOryif3wbv1Z4WVHoZboEtsd4JTb45hdaTVeJYCUQja1zSK185s6LC4w8ekc+DY4aRl/vslkOV2iZgfLrTXNgJYulkdbMwf2PXYkCf4sSYV9bRl/9wPCT5Et/aR6od5tGHlkOctUjZI33qy86Dcpy1MtP2KN1Q+9IVY12X9arXONNqz1wnesrEn+tctz2/8VgpWAcZ+NVTGyeshkLrObdbJNlmF1Gy7aTIW9hn2/ywo2u9Kn6TFjOkzUzUJgn9IATsBN/Sc/DbaBKCmvpZ2Mo5RTva/5FxVJaP9nBlFKXcAwYWtk5QEzEUKmpHPtV1TpIeFPhq7aoLxIOtR4OZC6QvclnVni/Rh2B1R0NUas+xEph4PNFoWMnOl0vd2qiHIr7uLjfVlwcE+4+Lq5lfFj6uLg+Lq6Pi+vj4vq4uD4ujkofF1cfF8eIiSYtSixundhRuDnD1WxJzQXHR3gCVsvGDCi36QpazK9ItRPnpFlnygvMKxCuASkOtcOMVoxyXMlRH7LXh+xVprMP2etD9vqQPav0IXt9yF4fsteH7GHpQ/bs0ofslUofslc3hD5krw/Zw9KH7PUhe6Ux9SF7jf3tQ/b6kL0+ZK8P2etD9sqlD9nrQ/aa+96H7NWVPmQPy686ZM+6Qd5gVNBGdxDVUDJCZ/TbLm3PRdfTOpNzwcCc2/blmpbjXNkuCt3fK44S+YrwIzSDXlPRhNRyqCAq2OPrBvbichTsvXsy/PLDHiwzCQjzKFR3sj1U7dMqQ9WhGnUbbT88wP5mEV3B+lA+qZv2fbi3DurquCjVQSb9L2uqqKp3wiU6RT0N/uv9u3dHw68//NuQ//P+w7807MWa89THj9Jc9vGjuvTxo6r08aN9/OiGQ+/jR/v40T5+dK1+9fGjffxoHz9aP/o+frSPH60dVR8/2seP/u7jRx9idOQDCyC9z2DNBxjtq0JFVQrR9SJFNwkOtc5vQQbrAzv7wM4+sLMP7LTLQwrsDD8pU95XT+qYtD7s81cT9lnzegWhQCsQDeIC6bbgl8tUYrGK2AUatMDcWaPgNeEXBKiysI7+1eqCFDCWRw8c9PzQysx9GOc5EKPD46M/Pn5M9+kcqYiojB9u6CotIF1+KpBTbRmyBOBAWi1XWJapVt3CPSGfWJsNNwi8AXxYvkD1D6zIK/ZgSB5BL/I8HVMwa13VV1m6ukRPhXOMjhi9lpjL0+fnvOwNwZc28xYtdXRVISAz5Lhb9qjhUEoUo+r1RUKVHuXlKFA0GtzaBh7F5AX75M80Ya1oqHRrdQbXIZrLUFSHPRgmETUCtYUzYio2rVsWZFddN9Wr28pwyrrG+nNM0ch5H4zcByP3wchW6YOR+2BkU/pgZJmHPhjZbyb6YOQ+GLkPRu6DkX/NwchhH4oc9KHIfShyH4pcX/pQ5M5N9aHIjdJIH4rchyL3och9KHIfityHIvehyH0osp7HPhTZfrZOKHL4SYUiHzU5xfbByH0w8laCkWu+/tX7ili+TPUO582U4kHFYveR1n2kdV3pI63rSx9pvdNIa4usHh89/qLKmshrW+Dp+5jtmtbWXazHX361w6Xq476rZatx325uhksfG97Hhm8cG35HJMMtZ1d5ls7ieB+K3oeib2XsfSh6H4ruMaO/ulD0AqGvBnu1EnkngS9oLzvpLzlq93HLPMpbwWWWrha0m2i+iMsS3ZveBRN0/Sd10YRMNnVKwqRGrfAoV1wQ6dmx/h+O/0rNis96V994l06kMsRGXsdSmFhGLfbj1rqLnJUXtaPSfG2TkgLL35GjK9nImON5Y86xnPlB8Bp5mo19q4xCRls9lUyLAhuyniHKWsoK2swv2SPUAdAonb0R5mwT5yh/HU1lhC3uNPegq8Gynr6mo8JmE8UMFl/lDBYv15gWJQ2WLmt3J8oaLGxkYOkfpWNUAMhYXR8WJMg/fvWnTafPhy8ypZPLXZWBKhE6gxBh8VLa5dDs1ZswJ1n7AkS8SbBatE3tNyQmogZgzO7YtQ3FNgDJ8WOW66hbFXHs3acPo3p+8OtBqa8xRWAhsZrUh7GZQvcRxoQiKZQ4mRqSF+mx+JyreibSFAdfZIo7ZlsVt2IPS5ftkikdkHaUASJ+mYVzGFY8DuIJOrkD0cns49dNF+jeNa+zdLIak9JpanSB5asTTyzbGbR8pPUIyYSshtCxXLqj1Hxul0WJNCX2uuBBFa2nXsRypiNBzY0QWpqUdkqzFrQklpJu2b0Z2xQQWIwh793J8D/D4T8/7MsfR8Ovfxo8/fC59c8PB3+pWvdM8SKKbg0blrW1bM4Jb9HAYYlAInN1bBjsYXN77leoL+53pC+bTqVLKYil1ktk29q/4rV53KQPw2L22v473lGw2Yby1+fqp4O/7L8fOZ8ffH4IL1n79MO7odmkow+fH/zFenaw4ZZtd+H10sXxq8LmND5ngtv42Omg1KjSw9LqK2zk0QbteXdnYnQJ/RjdNhx2R3eb/JKhwgY5uWZg3TDhNDaGhoQzv7gR4YbD4WdWSDe6ckSfllFCDsAq9uz6+DMKIg2eraCBuZKxnuNtx+5aNhwPgQyFlhgMVydOZwIdy7C6OMEBDMfhEAWap8EYo9Xy2xwW8JD/Rr+A5HKIH3INWkk2BD5thPN7sYpnE67vWnX++mh0/McRboCZ5eUt/hgjWBcejkIE0IA76H7ymYIVE53MIk1n+aj87WcKSoghs0wooQQH3D4NfowurtKUlZc3/Lead0ZqAil4Gl+abSVeEPY+457QXEgVQ3mr9BIHddozaL2wILS1Q0H3Un3QHX8TYXicrLzeG8Pg+tj6U0GskSLmaWUuZdbUTOMUpJkWroelCZZYZKW1eA1TTL/iIfl7+cm38CM9XcxWWTgrLgzPOSoGX5nmgUDxCUPhdDULs8I3nyFKXIoHSAeyoqro2hp/R3BEq7MULgK8p6i6ZQKrcHzqtc/sdX5T/LENDNBuVhgMhRtwRj7ixAEfvo4IUOaQgGFwiPiPN6uE/vsNyKaWpixajhu7vLgK8yK842vrl7bO/l2TQg0EYWBtlOINmMnylqjiKSqgDP6XVFbo1w+F3yo9m1geb5o8/n/tfet2GzmS5n8/RR7NzNquISnLdekuz/b2UVtytU75opXkqp2pqXGlyJSUY5LJySQtq/r0OfMa+3r7JIu44JKZABJJUbcq4EeVTCaRQAAIBAIR3yehBNOp6Cd5SdfBEqwdYcwB8iIK4lQmi934eSsyD40f6e404u/YiFRheGWGsXdGrFyEI4xwhBGO8AHDETIQjPb6GLqlLpGHgT+4JsLgmdiuxEDtFTPwAHX0ov6wcrDz/Rt/m0z4a8fuYxbDT7JciicRHK1HUOpaoNAorCPAITuGAI/JWglnjSpUsDC5+ow73IofgA2KUlgQrWp6xehVE3WBK12OUltb3nrKAGq2Y7cJbfYsedKsVW1zpntLBtiAhVMVaEEIYVsqx11HvLgdLe+/EvZ5NRcKVw8M0nUGoV4DOu/Qd8t+Sw52O9irTLhRLWYT3Qx+p/HM2q8y/XL15CD5K3wPes0RqUgnEzEwRgONEJPeZZvAXHlctZt480tBms3rxTCwZd4KXJDKVV7Jj+rAe04B4y6LG15WMuoebK8rAOET56VLEK2Kafw1Kwv048JWp9IKvbEePWeoOnquIRz5W73fLKbF1YwuGvgr0UMIaBP/45x40TnqsWW2OjC0EPlubpsq/gtZOPSLF71H++A6l+q1ilSwMH3I5gfoHHEwB9StdCYmwyFZQxTImbsQu3jr2FOCO2a5nYDV/qfkyHyx3RHZfSc9Sz8fr0rfXaYDZVeWLrTd5nMdvtvw6xvZcrX1tKB3jYAYwEyhSEiw9yerKWj/U3Hc8QYDJGohtyv1eX5/QAOZXwjwFqeVOOwvlYZ4kn1+kXyN2HJiuWcl5NakmF0W0BSdvQW17Dz7p6e+pqBagZawPfwM7iaRJ0BvfuIJC1inLruN5mON0/Fqits32upGJ8RmUhYrUvKrha/eTp0oyz653l/IaADSlAg+WiRfPvsnzlwVmoDXzHFmjHc6deL8QVktzAhvHXDQWMIV4PhWDKSoLowxLtFTuZ43xZSS3qCVaggnBY5L9nkMF2w7oivG7uGd+3JfeYf5hlNjWiA4IKaLf2Ro0bZgPFUrkYFgOABvIM5hFYGVUM9d0ZglOYE81UMy9PyKYjsmskp5TMP9j7MNG8IIWHc9IZ61LM3F8CD1YGMx99CGK+OXreG4GRXXY3qHqbj11dOk4+LTpTzVvuNVm7UDyfXVGyzyNdQb9BHq+YN9OYXoPk/tpBVZDdVUWyrBrgfXarnSQGeFjvuFn1LzLIpfKytP3XUFblslxtlwSVGiuQsik5vr0GaUf+0Q/4a1WcdtpvtiPEzdyLtybcuPJNfPlI6QaNFWqwWkiqBzSR0CHFVu1azYLZc8eC2BSAPM3nUhFpdhyOMKWJs+Pa2HXDeCiNnL0fd4Ynf7WZvjRoCS2PCSgQTy09Jywp030OPvCDhUvn7Ns0vrOtj6UA/kLSgb3p2NNjLW3WquEOQnCIBF7nRA0aqQj0yCsxiudDCKMGzTp4ohWvEqgTt2vLlY4hUQEE1ArWh7lpnolhgdI4VMzQCI3rqSXCCe1/zXKiuvSC+KGrUDEz38iAyAuwiGzGP8L7t/fBtgY5rZ4VchOXN4vsonYippoTpr7QzsSGQ2TWb3X8sSPtZmfTzYEuwfxHOWfx6Av0P521BeYmsTYyR/KoZdrKj/chqrUNBx/u7t639NDl5hPfg+8s1dMKoJ2v/Sv+cT/cFZI7kYGjjQDnoxZVblXJN28B2M1G5ikAla17/XalyrZJFWEO9PtpVEzRKVpdOqIPcsw4bxKiBxiD3lTMjPb6xl2qNJFYM0UNDwYsTJ55hgcf5HX2Vder5AOQy0pMhpsXrnBGLC4zjFiwd5l0EtVeFRhKL7MdNRlr6zKHWWvac0P6zsEs7hM+DFOBdZTq0JyR89bNXAeAHK3/OOt+9OeBqI4fjq2bfiCMMcBoMk56mQ5ZyohY89f7aTvGTvvjgAfP3sGY3mkS+KCwpdB0quHCPoVs0D7MMYlQ4b5WdgzUvQGDxXQobYcgnTWOVj46z1KU/SY6Agr5InctUCvNDZkiNksWpukkapOYJfDHfxqQshkqx86h2wXcosk66/ROqKDh+uLje8JYvVM1sUhNntPdtYMX5I/QijfT5WWe9ulJ+0Flzg7nTAljz1YG9CuWMrYNqG4eS7dIgDNJCX64fzitRHUZ6nEFyAz8lIqF99euQJxiPRDo3IQE/VNixOSld8eyNBg/B6iC8zVA4VBcX5DjxUO8aObXR3n/rARoM2djcbA5TwYUNlI0H7WAEpOhMVJDdKDiqt7tH6ITImMbwqMEPoounyAni1fFqowB1XggDAfoPZrsCnQvsuXpVg2IOp23UUTLoAs7mE8zw20Dd8QjVgngPouZFSROLHs7TMQTvNhRqAzRSubhW9lFYQPB/xaoPRDr3uaxnS6ZsrnYEbZuk7sXQ+R8WEFw9Iw3UQbUDpN7GJcMMMuKJPeIJn4jRrWwCjZFdmjulanMd7KHVgYHjR1oSO81u6CkqF0l/wkVVowmKOMLH1oC/ftHhbkMNG3juTJ0pbY+h7EupxQnfQuhdDbaOpWDMa9TMn1jSUJWIZy9cpEgTKWfHNXxZsmuy9Pf7wevcv+6/vbG1oEpSHtCiKS6H/jiQdimdHD18ajSqbQT5ylCfZgpSjhCHg+EOwyHdfv1bPsZmIP4ebGe/NSwYBkEATJ4myOBRKTqlzcW4HH/YY9mZIAxupA4AkF4NdA8LhibLO2Ml9hxtMvCUysvJKMVFhm/HVHIJX0OdGnTq/3SCGoznB7mtwVXac2kpc5jy1EZkRT4wQg4p94SRihWVxX+ZnJ9B+n1TEd7Vpp1MSszlyccJKhiiOnMiAxBxBdkbe0ZCcUExcv887UXN0Vz4tp40BTKzOy1ovpiqCA6Y8sMl51SHeIcrwfNK0EmGr5LOOUTkzirorC8mrh9JFH6jL9YgEdQmkURDymBbjjzjCe7C8+zaxY+pAATWAGX+7b/cUNx+8UPlAtgAQ5RyvvmQjtoTw50h4WlLyfedrdLV6xbLG0jG74kgz5DRQ9DyuxBSdourorL/GbMVLsmsUwGuQBfE21c6+rEuHrEuFOLb/QYtoOGEZdb4cjOMLYaKjOV7Xz5g7KBZBSmaBTEhgikahgzJY1WO2vvTLE/ny7q6bd4xnPhQ4XU4k9bBKFAbvSgW8hlk2qcAGgwHdgkvTWV6ZCwOH3p9OCgVxIy5zYRN99fx58uT9XCxh4KNEr/G+mA3Lq6dG1gE5GMMW22lRCK3sHxW9V/RaZWoJNTjWcPNT+QFyR+oUgg99ad2eufkWHX0K0Bx9OBh1uWM2Rl2CdbDfJ0Clr+z6sDbqsnm2OQ99oy7BknLy7unSV1A9uPh0uQE5OUn5dAkUU1f2M5ShYZN4H4OJ7n2gw5UzhDHr9GZ6XWZQ+vDWNCt35z93vLydsiJL2CQzc1okgkaN0VqGXJxm4vyVF2WD6fqOrr6hqUiS6Uld77Z8xaaxhBiLxSZOvqoyK2O6MGERnRyurjmRQ3yZLiqMs/KtKgmtVihfIV2GccjO//vv/1vpdy8w+DsDjKe8mrmVRNipgF4ojlV+hdZPnalKrXLSUpSJEcOqSevapYLgDuCiAKHVvKuKsYC5rAxbWd0zW3nbzUIOZUQ63tYUghAmgK28Sv4iOzDag9gR0KIuLiOzyRmaj4QdF2r7hB7t+hzuNne867FldvLHO9sXsHneDq+8We6OY94sd8k3b5Zb5p43C6bA3g4PvVlui5PeLGvx09dkFb5YQ85R66zT9c5S9+g01UuKISeqdaS43qnqZli8Qw5WvYXWcY0ny3qSI6/qvRAfXidtb1J60oBazxYIkuFx01iT0BRCx0kKvpp/CK9cJrRFpXMvSp0sN7zeYYwwKnt8NWRTDI8ainBg7OPzpdJjUAL8BesMxFo+g5vRAgFugx4SCzyNr3seTxJ33Lh6otdoYAy5upGCAdGHHPhOW37jabGaDCHOQ6HU0os6GM3RxJ3n04F5MNRBeYCnIO+mGHxIQlB3VGteCB6LoYXlWyRwsDnOxmWGGE/+pgUO66RW5aalr2u2oWdU+C1Zl3jlYhskHoibGgdfneGgjf5V4YUbUeK6HuyI934eAUmsCB2yBKGLBsijhjSyCedOrUIpizpiiekVa6aviFH3RptoSIgUcxq4tld1wBQjx4FDnHmAOo38AJEJnV+mKrXC6/MJF1urUunz4XCihvNnjCiGIX6eAuPmKUpj3niNF4iDSpjnJNRrshmPSaCmDPSU9FOSt+khuXvvyH3wjNyRV+QOPCK37Q25lickcBF2e0D6rb91PB/3xOsRKLFub0c/ia3j5bgbD0cPAQV4NvpLaS2Pxp14M4Lvjnt4MfrJ66a9F/fccxE4AJ0ei35CX8NTcSdeik2dw9bzTAAW3F4pdl1O79tIHkOjzjpdYDoDxGQcGqI/0iwvMlYZjzkVxLWC/TOBqmjbRY5Mz5tPMLKAQAnIaAI4kIEk49AvQwg8TujC+jm1FVqrkHCm+SznhGZvZsO7k/0XyVtLp1UeLoVh/gLDM15O6Y3JEFmPxKO/XOeApdEGNzF0ujY5aC3YwkakRi+8QlmCcAs9sIVt1EKTdDDwzbmRHybafpGfQ7LsFNQiwlGuZkwBY4CajyQsDELkjYGLAsxMPi9D8hYCqPgCsTHk1KgSuqlklryEcMPhapFMi3Mgu6Gu64ohE1sYn1llAFsUKBqKNkWLzxsYoLFUllratAvpDN7zDA4t56DdEZKzMoG98W2j5EdLR+ygEVQwLU70STRvWJwNl2VmDDcE7OpeDhr50+Y4GbLAJAHfSRtCW6Xdn+qXgdKW07jJ0whx+Bgqq74h4YpWAMhCXoup/mMFp3lK2Pa1gxKe53jug+HLmcF8AukUxrAhaLWSuh4poKkuYcmVHznzj8KBA2e6dBsxGAXOqDFwYEOQCacLwnRvrwNY++DPIOpjU/QSTcXrmqNI67N0TDSe7fki50S30ghQhZ+6LLdwPfjJgnwuQ9baEPfhCgc2oiUntxj57BJ/oh2m5Nl5OiXij4Yc6rc5vjf8tI4nWo4463MBJM2WL+2td7dqqBCAah+7MLktxE42KqfcZOK8JjC3Aq86CoO3bT3fhrTVeFgNpgmzPEHEL1KxEvmqgRT9VNOUOTsGZX3UWjXZ8LUdPa8/bCAlaSq89lJpt9YXw+/jbq3fVmh6VqZ7Q2tV0vNRqn29bV4ROhPUHNSpUgWlkl1aZ5arqxLwDnvd2xRTSMGIzruhLvd1OE9qqKK9A37U9bhR+1GjulX2xdqUqaF0qZ27QgdNaujQ3Qo9aoN3sItzMGBH9BFVhnadeSYlqHQw62SNw87XaR0zj7MFuj6+KCCdXZJDipfBPKxbyWtRRK5B7dgp5krYjmW+tGj5foKW9UgVj0pQIa2PhXirWmLBkWQOBdcZ5bZSTDXShUtrGo79Br6m8+2oERCdr67xc7CcZcKysKNh8RYlHESnHk8djOqx7A/J+8374xNpluMVBSqjY9Rlf3rlyxvsHgEvb+XanJVdvJSd7fKRQIbOipvihnwDjh/N9TvC9zQZWMHdCSNeFlVlgMLg8WhXGmMEm3GajYFF3YD106aEsxEaZOhsNU2eVOKMPEKvV4uK+CmFg6Sn+RSmFPASgC13JhYH7lP5DOA+U7fXs2OwfKcHD7ejkygx4BRgS1fiaIg3rl2re9bUa1BgYZXyBpa8iwktIwZvhjxU83E+lfs6Gky2BFuk6zXO1nizqxr0SajRsgTNQ2922ac+Bpwjx4YV3GtWiet22kKxBaXV6WXxUaguzi9f5WjJ4JZYp24Gb8CizFxoMR55NE+a3WcIyy+sB4n6c3azeI3zBSxacSDuOl3Ix1qQHlnDx/mWvFBndiacJcCEIojgugeOd7gw+2BdWNUK4l/Mickcpj4CjupLGAwycl6Ydx1AuiNnrhsz07mBdcbJhO5itxMbc5dRMXcbD3PrkTC3GgNze9Eva8a9dC4kX6xL6BrqF99y55EtnTLxRbOEyqRfBMttx64EicAbr9JHDj1jVG45OiXAWxEUkRIqkZuLQrm38SedIvbEnISKtVecyS1HmHT0vyOqpF88ifsIJy9PvlO4qB1GcfsH2i2MRMAmwio/a2k/X3X68t6N+4xvvup1n4E02WvRQ8IPDfLdmnOJvtQxB3xP63CS7o/ORzLlY5Aw1/fAZAUfJMT8DYzfvc5beGUUeE9Ve7Z9R0W3T4qWUV40Wfpj3psku5ptsObapOqU3x6jQgBODYAaLXXKVAlGF9zCg6CF0WT9m61AssomLyXyaYlTN9G0qAtGU270g0221WCWChxc6xy2VFMP8tK9MLms2vSRy7Q8zxRovw7hQe5RHyGn7VWW6sF0B99dtYTjtQojsSPH1qKagMxdGs07z579k3HVOk7Fvi72M2bnALc5Ie3bdJC117JZzMyG7kLwvF9lS+M92mmtf2ttNmaYQQextYppwklys+78se4XrQ9pIr8g5Dv6RGz44LwzP1qdKu+pnIEYWqKnI5yP5OzCE3cywiNT66abfJHNR8lf2niY/eLJ3/7+CJGgDAB6dE69LKarmbwSHtZXwgmz49G+U+XoJZEA3PWIAH7bf1bFnJujGF3kL6A20ZqZDL5A2z/ZPZceKBKrIvpqtMV4l1YsYwisbL/aLgl631H9w9aG4Hkt3xtIV4Gx6WzzlrR9CJ4zMDHhH7w9bdOGpAZPbEzOJuNuWGvvofFJV2PbcTqinVUxznE/0MiP3nHDGScDS+hfn2rYYdSuOp5Yq2UTI+FV0YTRLz/tpFPRTzI+gAZ1prKEi0U23z08+OHL49rHPgVtDhBrSfqxup9kjbJAHiK8GTR+3kLqxTsQDQqp0Hj5bogAhjQsr7FX2X15Lg+ef8sBIVgCsnggICqH+ijhweuo5F5/BXGbVIajTPwT9+XiHNgdZN3KR8QWKGoLiKZAX5TNTw7bQpmhuwui+lR9dKPUbMcNH6GUrrXo85b913bN+IcH3TB4mcD0GeSfU6MgrxSO9o9PTP4sDZCtrWHX+IA0hXhkWrAKwRSahp3milAG9pZZvqwkJ4MtN7gTtf3Ac1V/R44kx2jZOelcYW8tXL/6XbAB2yfDHa8T8ebNDb9mTrjM/LZZRJZccG8OePdFHCdLd/Si/nATpb6e2F25dh+z6ECldLlMgSTb2jnnFU8A56LtxN6IDlzniNCoQp168nmDAbfiB2CDIjcUQL1fijORPLq1DWgSi93cxvOh7ehQY35NnjRr1cn1RhiNphsVLy3QgrBfwOGuI178dIOHNZ2M8VrMoLV8DbUa8Mhhzemo7MenPqkdQSkdlSeno2ondaS149jjqt3Em18Kgad7q/ibR3496VuMs9206/Lkm9ItMaU/TMSwiv6s8upCTN3lJYhWBUj9mpUFsZv7aczWn6GRmrVRIjWrvURq1t8CNWvk86uV3zWfXwQQjwDiEUD8oQKIG9B1EUo8QolHKPEIJR6hxLv7EKHE2yVCiddKhBJvlQglfm8CInWJUOIPG0o8wlrbS4S1tnU1wlpHWOsIax3WpghrXSv34ZQeYa0jrLUuEdY6wlpHWOsIax1hrSOsteNXEdY6wlpba4uw1hHWOsJaR1jrCGsdYa0jrHWEtaYSYa0jrHWEtY6w1hHWOsJaR1jrCGvdt10R1jrCWkdY63qvI6x1gDwirHWEtY6w1hHWOsJaY4mw1lAirHW7RFhrLYcIa22WCGvdLhHWOsJaR1jrCGsdYa1dzY6w1hHWuv7N7xXWmi9buaYm9HE7LIFgi+u/6oJiPrFPaXUSV+ukG4vZCmO9R9XwZ4syL/CeRszwWgPNwY+A2r0Bte8TAPo9AveWON6nooeUh7kOjPc6yN2yooi1HbG2I9Z2xNq+N1jb6WeZmP7Nl+1vf5dI3IZMnn/9je0Bfza/1+chKj/AF4NN38OFEXG+I873bw3n21hoX++0B2KDC63XUos44hFHPOKIO5+OOOIRR1yViCMeccS5RBzxiCMeccRrJeKI+9ofccQjjnjEEY844h5ZRRzxiCMeccQjjrhZIo54xBGPOOKe8nvDEa/d17UvMWuP6guF9o2AWX5P2OTeK2D1VEQwvxEE887LZn5sQ+KPaOitEtHQIxp6REOPaOjtEtHQVYlo6BENPaKhRzR0s0Q09BtCQwdkXU672CQger1alTNwUVwmcEpspKrSQSldQiTXksCdAPAXnwIoGIXjI8/xnteLbX8pTgRndHDVJ39cV3VEYUg0TXZ17oqYMs+oKRCZc6UeQoNDdCAHBDXfRKpF2T2Tsa3XgvmNkPUPHLIeevIDJNqJRQER4hseR0vV1xzOyzTHfBFE0BVffMI3+BQZITxPMgqAH4WPMletBpprWHOkI39A5A9YRv6AyB8Q+QM6sx34sQ15eiH3BWRffQdRfZtQrfUalfuoMoKATaxyMSvyuZDWhDGuM9h2CItZ2n+EiagBTx+FzQYzjDcDBBIx6CYQOW+jyWKaavVODjYI/WY43SqbpXMAhaR15Hl1o5kqzVd2A7EP+aUDmmi4uITCSScz3Ry5ekFeQgpHNXn6nMH8PtE3Svw8LCZ/zdLp8uJqgKnHk9XU/NAYhQHhrngql8qCXaW4TFWAvBGwPCBR06ZV5ayYMO2HLJVxDmGlxdnyUlSxfZGWE/hD7n0sq+pffDYLyhE9/TRvJFSmRAcGAGrQP0LpAG4NJwHMhS7Ug4OqZjIh/WvAthcNeXuFQuZpfas1ktDQgQmjAo1Z4ZSmpPLnhui7zd+DOW3AjYVlrCHR+XIpc+SNCTAAeH4emTfpPD2Hj9RMgESDs/zzgGQhRgclF7Kyk/N6CwgjJAMcXwXLCi45BpQd0MrWUjBG+nHVWjfBzSA5SKUPEfTpmPdOADM4n0KGM5wGddO2XtYWvZ4lL5Kt5J/dCLi64GhfZNMFqa4ZLNeMIeUJ4diEfK6S09XpKYLVCluHXfe668Ul+M1Vesq2fILV1FN3Q5zZcrLYsAhqU1sjp+KJg8GqfYaNAj6qLxipY1O6zTPniE+QoSHA6l0nHkxua68Dgk1qlRs3LKnRRVxXaLnj3IUH83ljIPXTUyu2bbMcNFDMwUTKqvnjJYHjDsT4qom9lMhQlTCbvLDmurwtlmLn/4vQ2c0tT74P1ZL6l1CFtHK+LCd4TXJlKvXaVppWTUXQ1RzDpPlyx315zQ+HGDZUFuB2KsVA/8eTn9Lhr8+G3/785Kch//WF/Ojpn5/8+8j7/dMvtsVDT37aHf4bf/bTUP39YfTzF0//bHz39B+7rtVCw4EWxTT10Q/I0ndSy3pbWPk4yfV9nryEqynU7rn1A17RGoDzhwXwRnwSev5tJiYEAIrDllKIg781X7NZfoTdgZ8ecA4PuSA4h2dVqsUg39Vd666QAz2rBQJuDA0tbqxaFVwEGwXghJcrZVMgv4I4HZWzmuUa0oK5lEf/FiAE1TWbkM1Xs67JNVQi7XxQju5m5r+f9Uu+szZ3fUZhiKtdJ3tb0pnrNdkyvnWp+exB46PjHpIJ3b0J7Uu7bmrRzMF/9rvjk7vVWKjITeeuP3LTRW66yE1XL5GbLnLTPWhuOmN33Xn2/CtX/HvA7hpZ7q7NctdjsNym0CaGKjLltQvMjI0x5Zk+EtfZJLLpRTa9a7Pp3ZLK8LPytW0W62ORvC/pT95nqWIPEGKhOZPmbdVEfSOJB84LjjTBK5VZ8Uk6CgHm4/PSyIMZJYdwDoJWZWYE68XqFBef4cao8vNq27gS3z6dFqfbkBRFwZlgNReVUDbbz8Hm+HbnmyHfrDBezjCfD1+KnXOoFt9oRgECM4j+lEAprb53WjPXxC79bfMexqkUNhki6WMkfYykj5H0MZI+Yomkj1Ai6WO7RNJHLYdI+miWSPrYLpH0cWOkj+vDvP9uSSE3xv9oj0IZSuwe2zcGK5bva4vghpJe0vLN8TiF4/P79l29+m6vuGzfPKlvLd9QuqT1qwaNl/6C3al9TpiR5tIiqUhz6a4m0lzeX5rL6FYzyvqLh3MpOhaMzLg4L4vVouI8h0yBlJsEIxQELR1DuXVbFoI21OLjSl6kqeSLH3b+gu9zhsj5/UgB+qDVxU3FOPFwtEOYnMpfV+sJ2dBR8rt6zepbvAqDbe1WqX9yQPFNECi+EKWWIJ2GtBG/1DCIjHCiiuKJ6tND3TH7AAq/B3PADNCB0zpqJONyUeG0v2Q8erFxDpKDtiN5oLKoGv98vzgp9hy3TFCUfTQwzaFBcpTR1TrydEuDZ5Acwj2nI7zbm57iCNJSTl0Z5wJzEa6jU/bY+hPwapJWbJbgZj1ijeQSf0gmSnjcVquHHRH7dxC/BWW9GK6eQVzXCdaCEhqwBSUo7LwjcAtKn7G7lQAuKCdkjGFEEDjbISiI++r7YS2q5A/f/PG64gs5DOvSR5KWU3ND02rCYeMAbUmkuEQ4BWFzpRBcvlp0ifYVho6QPYfeJOuLcqXKxelg5znFemCzWiEaP33+eWR3Anw7aLQVwFlXqNkmzZjrZkEDA67cQBXKS7i2ytO2aci6snsOdGHSRz8MbtcWTMUf7Aelz3QpZVwYbxlp4yKbwTyy0lx+/eID/bPmsCwmqzEDZ6j4wOYWDiuWA56zzzBymU6cEsY8o6roQzjpSdf+TAXjQTjwEJFYGrFKfUMOoZzIekxWVCO6qlvTtEIXmSHYG74IpRGh4Z+MIZmBOiuQk/Z+NjL7Pgxe/PyF8c+fn/7Zl84XpBT9UXdQ1o688wq8IyoPSlcC2DDZgtdt+R/Btvifcbm0dAkHTAsV5E1FBPZIWL2HGahBmB/+zLvA+Dx6lM0c5/ekcJ1fe+jQPGF+UDoz/jqz/boy/fpm+Xma2y+pr8PbC+V6Hl+XSIMP/obXVx3vHZU24R1u+MC/4kNuD/E1f9KW4GoxXBZDsNG6/CctD2qQOHX9jmrrkk7kSf62xOpca9YvWh+SLfwCG0gfLIsSjmHGJ6tT5TiUQ4YQTHr8wMqSQ4RBTsL2hiiV1oiQTmk+SmZ642Heu5O//f3RcDh8ZMRwgRsVYYAqvOnl6+JPO48wNiR5iej00rOwRxiT4slHJt1wi1ZXGIygRBCJBarL5yCj4TgdwjH+Bbiy82F1VQm1tU1/wxXr/HwIP6Qa1H3gUJxORqBVTlf5dEL1yUzg5NOz0c4fRjDUJjUr+3dHQhtRd2T04AsTr+oRx3poqLDm7x5JEk+8Czfu/8E/JWbQ1Yvkx+z0oig+4qeX9LccyfE0F9Y5ebGM0aUkQHO5UitQDlzFkJ9qPEQxGab0jAcWOP7b1FQ5SXXDjzK4w+ZRV1NvmHzaMf4EFzL8G53IL1pyZIlJKTNFrPz3sCFcDi+qAaLClvC9+SnQvuM3i+mqTKd6MEjOF0WJRCzqFTMCbgEXzGqalur5R7CMCliPKuYE3NqfjP4Oa/S8GAP8EtAd56rymrY81MiFLKH/FBu8uSA1uOIjcyAPmx+3TJXGmxTzC1nMMu7vJCvFUQCPdNt8h7zNl77bdOcKaFaWtpEGwKvresOMT7ra1E6CF02qinGONzR8C6DVvkNC/NNaK36ofdbVDsTWxbg96+tnzteTEDiydzTXGeDUCqjXSAtflHmBeV/qyNVq2MS4ulLqnCr7tJNOhbiJLqYaX2QzxcIupuRcHEt/+PK49rHPC2DAAcPuTD9UJ3mVDIaHXeNnras1PDdo1Ch1gcbnL3WPVmZ4eWbcWdkdxa7AX78/AzpvAVvgmQFZ8tQ/6chW3jCduuwKcyTwr8qIrwXNhxkE50BkLetWoaUcmIJLH7Kb0RVgyy2Ag32ZYZQsIDiq+sgH0WzHDUdeKXvBYpG0zj/tiE7/8GD0Jrp1mSmc3CNqFKQ/6Wj/+MTkl1d0S4b70jU+IE0hHknTpOA2hU7jWHtkCMrRxbc6neVLQgjNqqWNq+klmhuYR7aYpBbknQNPwusdxZ86Rss0opoPt2EoWozidX+LQRguoUyaCBSh6BMe/u1u7+Wm+bY3yrPtvwMb+3m1gy9Rb4ZH+0b4s3vyZnewZdOmEsqS3X0hGcJGdX0mqhCitm4GqnC//m0xT90t69RdM07dAdvUraaf3C7L1NoMUwGLy88sFb6u+jJK3XkyShg9Qzhbplc6fdmjbp85KlAYHYxR/STSmynq1lmigm46AtmhwmVzk6xQ9zZVJUjYXiaocAH3ZIC6dfanMLQT38VUX8an9klIfRMkVSRerqE910mZtWUznharyRBc2SpWiV7ghGNcl6nZUZ3prDkWQwPLqUj2auTT9qZ0DEsIM3a4NG+eCXuTDNhe0Xhmq5eV+pps1JJz2tJgGwv1NWE6XDzSwTAdG+aNvjG+6B4gFZazfLc4Ns7hvCZ3c0cQfcfp+Hon4w5N03EiDlMyt3ESvrtT8F2egG/59HuLJ9/bOvWudeLtWDTuk27Yeulzwr3j022HJNyn2jBJ9DnN3u5JNqDjnhNseO97nVxv9dTaiZkXcFoNk8NNnVLv6Qm1Q7DOk2mYMHucSG/1NLquXd/vBNpNY9stxdunrT25uEW62hugqfWMrY8JtXsobpj59PYZT++O6fSuGE5vndn09hhN75rJ9FYZTO+OuXQjjKUeFeVkpOnWT9dnoNk884yzpy5+FTsrjI93xc8Cc8MELMHkK5OJ0FeVzenSPbDqx+QykmtVfwzY7+ew/fKpO1jnj4tFbZE7vEja2l0XhpTFtUtN1i51E35UxiOCDnLkRHCX1wIZpZ8GZdbzswrghndzz9uhbA7MnZgSrS/H71TG21+Lagm2rjvdbZ+ZZg8OwYtyMJf/WrMTfnBybqP1u83Cjv92+HyqIDKfSOQTiXx0uQY2RCTy6eaGifQ716bfCclhj9Q5d02dE2lxIi3OtWlxrmUxPlyeGtPvwB4qvK1MmjQkS0q6m0o+EquM6gwlMmxFEdjom2aEBBTL/7RQ4CKKlsTWaDGNp8X5Obp8RW20w5JLZEGbpv+QyCYO63PoLO5QvBlJDh2JBGk4nq0SrGFGKlwXcjGc5Z9hx1ktC0SiQV9DYfc1oYX0BBeLNJqFOSBGBWYzrBl5vy/JYTiiqJhlS6Sit4K2nglNncJNPb76siykf8cYksd045zoXdpImrDe+9bd8QP2k6Xg352vxKxAbxLf5JhuP+VdtTUVtKycVjwAl9IUzecUjSDU1SkmezK+nhi7JULm0Gy11Ao9G0hVpYZpJebKAnSAdmOb/SFJ2O/kFqDqGLRQ3kfkyyqbnomGookstjEe6lleqWQcO9LnLtwp4MSDZWbOu2IsdtVksio1VhEvKLWnvzGTgOuFdSVhWKYVLWMVwSDXIjvZxfBt85pS4KG2OlWHHyNQ1WLVL+RowyRJd6SsqtV4nM/HywZ9kkNPaYjYTi6lqKCigooK6i4V1IMj7oJD9HvK7u1oqPGkhsOrtItHIfgb0rc0s3Fqt+G9djtjPCPAQARhRGRBPGREQ0Z8YxYvd4wcjZGjMXK0XmLkaIwcjZGjMXIUSowcNUuMHG2UPpGjv1vqLHvgZRCflgqUcPNpJcn+6HwkE/8GkvBqYAKjDRKNhHbbkVvSJKn30DCUjTCu0kHWlaiEt5Z9P1KkQ2ZoV4r/whP46er01MrWBeCg8oZHBQvhkaF+CLWJ/ACvEchSBo8JR5KRH4QvKMBlIwZlCLdsyfv/QwcRhOHhMe8xEv2ANc/gQoo+kciaxkc2aE2Ne9kbAJDjLLimJrRdO8SNsODqv+qCt8Poh4n0+FQ5kj5DSmXdz9Bug8Lul09DTaK3s0WtNbvndcA/Bb0awQ4j2OG1wA5pN4lgh7USwQ4j2GEEO4xghxHs8DcBdmjAn0TYw6B2RNjDCHsYYQ9RJhH2MMIeRtjDCHvoFeF9uBoIFHaEPTQf2DDsYYTsi5B9nk5EyL4I2RcDr2LgVQy8ioFXMfAqBl7FwKsgcd2H01UMvOpj10fIvgjZFyH7ImRfhOxrvz9C9kXIvvCeRsg+62sjZF+E7IuQffUvI2RfhOyLkH1miZB9EbIvQvZFyL4I2dfVqgjZFyH7sETIvgjZFxGxIiKWpd77iIgVIfsiZF+7eVFBRQV1TxRUhOy7D5B9BxAvscbuIH/L2cYZ3ifkk2p7BSETMLNW8/y/VgCxwRK4Uq55a1Ruv+ANvGXE/27/A/yqVWNHkKoRCxMQnQJH5l3jJ5AlXdMW0BD3MdN9tAGnsS2UoNUCSNuEy3vbi9cK+lNRjUerOcyb8Linl41fSggIa9vEH2WxOneFTZZcBeAZLMkj+SQDTBzVvImYCDujr0bPn64X2wgzaBreue/xeX+X0Nn7eIXxo8PysaNr1I8vRzvfjJ4Nn41OF8Xoq2E6m3zz1Zo9EavhsCw+X4V35rEJIvG9/L23cyN7dwLaNs2WPcRMP/A3ZZ2WsAUYtKacnp03shJ7uzCEmrSbtjhrcTyOevN6HkHdZ7qgmHOwil5naTmnczrONWFGPfn6qaNSbsEwn5DmFOtFPP+HUVGebwsLe/UZ/jlcgOUIf329rX8w+np0sZzZYhQ65czXOPPz4yvRl1mgDn0nf5XQzzamR4vqYOa8Sqg1491xgo96lvZ2thxvF9WQkVS863svO82FbfXd2/fbr0HYyR8wmD379erpesu8QsG8f3+9GXysatnwFNZLoz5l60EB6tJAmAFH4tV/RaSDaunyNsodnxIeRqJGYfKit1Ts+quZhI/ZzubDVbUtvv4gvv9QrU6VLD6IqS1GFR7d3tmGWb1dXlQztEb6D4Pb4zismQ6Wr2lHt3zh2HAtT9b2LNv3jZ3A8YhWyJYHlJ60fNdY27YnaLlZvtHT12GIWt2uETtal5jCFFOYdIkpTCyHmMIUJomYwhRTmGIKU0xhujcpTBE7uvXDiB0dsaODRuJ3jh19S2jBXc34fUNH3xcA7zuDsJag0KeiP4R/sw4mdB8YaFlBBG6OwM0RuDkCN0fg5r59r1USgZsjcHMEbk4icHMEbiaZRODmCNwcgZsjcLNXhPfBLx8o7AjcbD4QgZtrQe3rAjfP0s8S9fj511/aH9HAyM88A/KwwZ+1GL5pSyFCQ4dBQ9cm0zcbE2OElbb3M8ZkxZisGJMVY7JiTFaMyYoxWTEmq11+3zFZCAkNCQJ8K38dZOl6Nepy+aK4TOCc0QjCIkM8XS4B14mgYgCh1QjCkdjQ7rRYzCRJ0jM62GTm1XoT+hVCp5JdHb4ghvwZNUGcNcsr9RButKLhOeAw2SbCHsFZo/mw8wwOq4XYDHoFVUUs73uG5Q0t/gFCnMQkXoo5dM1xsVR1zeG5THO8+EeUZ/HFJ3yD/eSOYsd3UzpW4KhxlWrguIaeIxcB0yNgegRMj4Dp9xgw3fDAfb3zfGMeOEAaBVlW30HUzDoqrl6DETetw3FNyF8xqvlc9H7CiLEZqHfKqZZ2EAGjaPjADvgjDfQ3STCnWQyaCefL21OymKZavZIjJfu8zBiUsspmqRjcMc97yysbzVKxj7LZ4u8r+bIBTRBcBEIRpJOZboZcZSAf0eujmvxszjt+j+gLRcIdFpO/Zul0eXE1wDjMyWpqfmhIe0CR85ZK5SJmlxeDPXE8o97QoQYQqQkUhCNYAQITDTaEYRVny0tRxfZFWk7gD7nXSEiff7Ht+Sgv9LDSfJA4OBJDE/D9QC8IZQCZBrhuhKEndJMeBFQBkwnpQQPcuGjI1SoEMteaePAK+hUdUiB9aMQKpyhF0T43ROw2Aw/mtME1FoixFkRny6XGr1IDPECMEhqBN5gXXhojjWnr+WeCqYJRQEn5VmZyXn8zjjbl1cu4zApcNIw2PKCVqXtdB9dqroPO11O/pdIV752mY96jIB77fAohnHCa0U3aellbtHoWvEi2kn+WDXWq+YtsuiBVM4PlljGgMuF7moCnlcqzgKyKegIFoEJdzhH6n8NVt+UTrF4sCAm9uABqU1QzAqDFzdCsqeccmdQnvNSBKd1+mGO/Dka5qvtkA0iztcoMT3ZqdAHXAVqwOOeQAGDeGBD9NFgf7tvtgwYGL5gUWTV/zBn1A8itlxNyyVdqQm4rPyivWNnFMgMwI9HSxhYj34PqQv2LAMvETP+ynKBb+spUrrWtK62aC9bVDMMU+HKnfRnHD/kMAioLcGOUYuD+48lP6fDXZ8Nvf37y05D/+kJ+9PTPT/595P3+6Rfb4qEnP+0O/40/+2mo/v4w+vmLp382vnv6j65ria7wgEUxTTcBhi3raSE14+TU9x7y0qKmyNxz4we8qjJgjg8Lwl8cJG8zMaCAxAgquxAHUUu0uS4/gvblpwYch01H4dNMmOq5UEZq8sp3uGvbFf1lHEjVccoyMw/wvKpUsAEoYgDDLFdqT0YUb2Htl7OaRed781z2u/+bMfNrzVdn85UD0QeycqTInA/I0VpvnvrRnmtzzWYU+VykYuEf4P6SfNk+AbiBnxu+VdCc6GD9mF1ZdH9XG9t10ZtnDcKi3xyR043EQEQSKOtrIwnUwyWB6lgn/FC3eXLPyaQGBpXUQH2+9/bYZJkS/1xvk5ItcT6gG+J8RLevsxbRzs5q3M9Exqz1GLNgneJNQFbtf17k5dWe+HMdzWivSTY6w08wMbl52WD+0Kkm1QUMOkQkvnjdrabcw61KroXwq229SCoWScUiqdiDJhUzDIOdZ8+/soecb8Y0iPRklretO1g3a8VFirN2gZmxMYoz013YdhtQiTRokQbt2jRot6Qy/MeJts1ifezWWNdkhN46Zr2K7rP6CcpsSpu3GCngHxAzq9O6TZJ3oDsYaUWbV/IO+wIvjyZGTCQCHqH2olA1sRogrAu3QQq+4qArus20+bX9hqsKCTyG37vN1rDV3K5NxbBJ84+cidSZMx0Rxc3HroqfoGsQ1wCx+LgMOk4VscX8ZZ/HYld2e/qvORTSrsXWX6RgL4sqnKMAJcxK7Vh/MPyvivJtI2RwI8PXVXd7MM0Yw9p8nOH+S9JwvM011OagOqIiu8aWfoAhAxyhiKchFSu1qlbogcZIJwhYOT4ABTvNFFh8lbSMiaWEFmsXTI9k56xyY5IHMfllRGbCiPpS7S4pSPIXMi02Pz29Y1Ld3lz1qOxIhhnJMCPXXB655tr13hrXnOU5k/CofkU1Ud/Ibeu8YOPvlPinPqkGJPPs89LIOB4lh8gEA2HgZo7UxeoUzzLGhW6Vn1fbRnDq9um0ON2GtHFKEwJbrqjE2W37Obhwvt35ZsgxVkMyqYf5fPhy9/BgqM4yoxmF5qKqkhBjrb53OoeumaofeUSjbjeaF3V71O1Rt9+Sbo8kqpFENZKoRhJVh6MhkqiG9ySSqAa0JJKoRhJVbzMiiWokUe0chkiiGklUI2BfBOyzlAjYFwH7ImCfUxIRsC8C9kXAvnr5fQP2/W5JVDfGl2pPFxtKJHjbN+DfhvXa8bVFcENJx2r5hgAT3V9ZqyOWR8sXHP/bx2HNGCwdgpdILedlsVpUjJOSKRIwCdekb4PwFmOCBpRlIgl7yLgWpAhndWH4w85f8F3OdOROtjBnklOrXz66MJkB1ZhuRl5SVcMUeVzVY8tcCul7GCIzywesE7wwNCKU8SZmkLxfnBSQfDbQhF8vmcgMvz9oX98M8LBGf7q2ZPGAwjySM3CQHEI8tDOA7cDoKv345UU2/oiKJC3PM8a20YB3AzFNqiIxnj1ejSnOb5C8AyyYo4xTASY1lI+SJ5GrJbsKCmuqAEA4cU5eVmodhU6a7wk1imFwDvFRnK9obJ8VwLaGtrMNZMt1bLEiSLWghjrgpQbJ/nI8af77TTYTewF/ZBeDM7MOiiO7TgU+ywQluGyEkMkUjjhLN1gXldrsVtSgcFg/YpPGNWLdRHJ9Eu5aPfTyuNxJ4h2U9ZLvembfXSfLDkpoph2UAO6dzow7KH3G7lYy76CckObCVC5w3UA2F/fV98NaOtAfvvnjdcUXYtrp0keSFhuwsbNpjmbDHLSAy1wiBOoyOU0h1Hu16BLtK8z5gXSuMZ1mrC/K1fYptPrOcwpHwma1cmt++vzzyG7SfjtotDXHIBJQVhN3uDcVNEDA5wmqUHpB2yovU30JWVd2O1iXWT7PZ8IWdVAGUfGZzbr4szSh9JkupUzo4y0DAU3Py3SGMWY6BKM0l1+/xE7/rBEW9WQ1ZtBbdfvRNJtgxZKLTEfFyaSw+UQiHFfcHHmh4kakgIIBg5wxCl1oJpn1zRWFciLrMXaE1EiL69Y0rZxTjiz05p1CacSC+idjVzYZFI10xkBkPxtoZR8GL37+wvjnz0//7IIogxKkFP3pklDWTpn0CrwjnRKKD3cEyjDZgtdt+R/BtvifcR3tdAkSpS/DE0ob6eUGUjkDQfeg3DNUvUA5+5IqoQQmVtKjbOY4vyeF6/zamZtJXzvyM6F0Egh6EdR0DXYUNSh9kNQ6mhsOpObpmPWL1odkeLxAOD/6YFmUYPMan6xOVVSn7AprseRvf380HA4fGTeicDuK4MkVel3Zdftp5xHewSQvkWNNnrH2iJkC7qBNovp0LvaD1DiwAhjNkK7wS6gun0MHhuN0CAeaF8kYnL10t7xNf4Pjc34+hB9SDeosOxR22gjke7rKpxOqT+LRJZ+ejXb+MIIJME1Ps6l8PUXkjMS4UHdkgOgLE637Ed+uKIiAbCkMvcZPH8HuD7Wia9pwxIM/RNhEVy+SH7PTi6L4iJ9e0t9S7OMpRD2T10TPKo5+N6cZNQRFwVUM+anGQ3QlYgrQeGAB18zJNjVVTiLd8KMMnMs88GpqDJNPO8af4GuDf6O37UVLlCw0KWgQQVGqs/WwIV++yZOukeOMGgVL5PvGF6/FZ/jlYroq02ltVEjgF0WJlJ3qXTP+Qkyc1TQtzZ+IL6pxAWtHXQGBL/CT0feh4XE5LDGg/yVkOM5V/fV4JyTOEDvuKWB5wMXtfMjR/EsTyZ78UTI+R3ukqkwOyH8KjYkBAep0AUDKwoyVipImw1H9w7Yd3tHAVDr0dNuelBhjjcwDywSioZZgd6G/7ph4ZJ46G6nqO7K1VrkP120uNS1EjCOPHEUd1uZhF51NmxhxlUqN0g8/7aTTxUVKfKPV+CKbpXLhiOk1F7b3D18e1z72HXX0dJdeIPqtOrEYk57seuPHrawDNJE0GLfKLWBTU6UYcOCbETdj94m54mT8RzcQgQXjk5caIExSF6XPTh38NbyWK1aAXJyVEZoCeg3zRM7n+a+qbhWZwTdKOePc0akHs3caNcMZpswwxAQIKVR9dNxqtuOGrznVbm2xB1qmXjs0wj88GApBQf2UU0wnQTUK8uh8tH98ovHRTZZe7alxjQ9IU4hHxcDKrPVsPuG4LgyTxQwgYZ3M8iVlTGUVZuw0q32J9gRinVDSRfOBAw8o0x2FczhGy7SSmg+3IVzZ1HAMLaaw5XUE3SZ663HWWERu7/d9YnZeMyGUKGIOC6Hvu3KN3Kgs/Pua8lrQRxJOQmW8KJYh5opDL/hEHI2BO8bhQzH52raOhCoqZlsjC8Y4fzdItt5ml2JlbIm/3gmDV/zVqtV1hUxVWL6gKi1f0Bv6CL1hMKwj90YVCtCV/JGGUcDkdrg9UpwKsobA1RtD/cv7du3ZQiOgayCeJU9afNyGe02ZTuBtLiCUsILwU0aQv2rH7hsuVyegt92HKm2/9Qh76LdqVSrBSf0gn3AiguLOgEqa2KUmwgwHezqvLoRQlpcA7qGg137NygI9lKu5ClHspCj0xmn0FFYllt1YaOx1hCV/y5DTcFxEnivKVzYsT0w6pumkWdhYkEAUZg/3eY0VgvsAJWTm4xqEbgi7NJFEXo2bYlSgLkVO5WDZpIeT0xhoLMH8QVc3HIU3kJXnj0ei12z/A/5/KMXb1vn+C1jsyf5nMDFqx1LP8DZ/UgcRp5FVo83usJnNfpHlBAdYP0cBEW/3XGEA4fffnouOXU9LZRYmf4OzSN2G0NQSVi3MNuYOmnOUPz/sfCkijfEmJ35tTNXrXJ+LmoL9uvBWdQPOS0Zf9Kkupwux3hyRo7LYTAnj26ArT5baxi465SgY15s4To8rRnkT8/UiX1AsO6fZ+geACpkLsnqaoQdziLdZwv/2MTECh3OvyCrxKX5ybflQ0zYlHVaKOQJ6omcWN3njXFKNJOGPkqR4+gDB6qir/hlh3phB9agsTzP01tBlla1+lp74hym8NV/Fr8Hdlb6hQy9RZTHcQSr9h634ynqZZeV5Bn698YVvLL0KidsbMtzdXnMqLoe3NWJUlu6LCbFOnN/J8XI80Hlf0P86oKNLuAu9NrzOzWK6F7t0aOfohC0zo020hczSBSyxv8FOgbP172Iy5SVwf0rCNvM7zmg1qnG+aIHYeWJExU8zSt2C0BWCvaNI2PouDVx0AG0G+l5lFm6Jf20NPJFf5jLdOphvDRSWXm3xqc0RM1m28LutUe+NPQAZdAMh1NJUW8eKlb/VPC543sYNlH59mtXpMWoBsvLYlNuyeYT8VmdnwtKHEVRni5TwQDC8wQpD2sjUQqt/jNdGBgou1GLQs8lu9M7lsztUwuVn1mGAjcwnaTlhYT6u1BN3lPcgX299e7dB1rqOsz7UQztBCdo/wo0Bo41sD4gzpYwlnqCSIEclaBq442QmcCREVE5KBGS6slMiy8LUwIoSdVkUU5yjWCuqkzIT3co+mXjMagaADrnC6Ssa7HkNHiXJZzCfGO4INAMRzBOdRRiYjvGXfIzybeuNaWY/rQHS+VAc2CdiKmmhOmvt3CgTmZCR2V2DsoSPtVkfD7Zk7lIMqJK/iw4BRJ0qxkj+VAw7pbd7XoM+yXdvX/9rcvAK68H30VYDGKfkUxZjIHnZfaI/OGvgOUADB9r3KabMqjQIqti7LfWsGGTKDPKtqIt0ritcpFWlMu9p6mNlGMeOrgIABtOrgLP9UWN/9vUE9kDFRE8VgzRQ0PBiTPPlmMzVFLm3GtLzGcIY6EaRq2L1zgn6isdxij5d6SamlmpicyG4WcrMytgsz1u4s0xFTPPDiszlHD6dUivtBzm1JiR/Si0fGC9wkYDL8vbdCU8DMRxfPfsWmdswBVuTkmY5RvLxY8+f7SQveRMUJs3Xz57RaB75omig0EWLAi3WQY9qHmAfxibq31mxmiuoMYzZTqfTgpgoFR4xzlqf8pRcjkDq+8Tg20vPlhyhiFVLyD71wiP4xXAXn7oQIkGKXc+LdvG8z0zN+VkidQV0xutrlOWGt2SxemaLglIOPa1wIMOR+gGswjEuND82XFq7tnV3OmBLnnrOJ1Du2AqYto8q7A2wOlJNkl0htaI8T+HaFp+ToSi/+vTIEwwKoR0aPU1P1TacvIEzPLpVlSuT4hLQDlY5LEz426ESOXhno7v71HcgC9rY3cnkUMKHDZWN9HewAlJoDCpKaZQcaGBMJiIH5QfDqw4GkKi1vPBAikFBRAJ9loD9BnTZJcBB0L6LxAl4oWzqdh1fkC7AbC4h3yvxkPFBqWGZjpQiEj+epWUO2mku1ABspsidhj2C6FSlIHg+miCjXv+ZDKnzzZXOK3Gz9J1YOp6+4nz9B6ThOnACoPSb2IQXYN4G0yc8wTMgyLAsgFGyKzN3dC1WxFpZ6s4TeNEWs0Nv6SooFUV/wUdWoQmLOUzRRjiNb1q8FRMIkmdZ4+GZxrTGACkY1OOEnNO6F0Nto6koHhr1M6c/DsoS/T3yddI05pwB3/xlwabJ3tvjD693/7L/+s7WhsZweEiLoqAMV+mR2cTSaFSp7nD41k2O8iRbkHKU95kc2QUW+e7r1+o5NhPx55AI63kzntko4ELi/LDXS06pc3Fuh2S8MezN6KdSBwCJjQS7BoQjY8NMxGvf4QYTHwlLqbxSQDrY5iZoVV6ZdeqEcgNDmaG5M/pFufImKZwg/NBYTW1ED8QTY4EcnaIvnMSp4BDuy/zsvIzoc2X0rjbttJ83m4PNUGNREg0GDMqrYqUDdkBel1b4A7PIOborn5bTRqp4nq14XtZ6MZWxWDjlAQzLqw4TPMZzfDRpWklXV/JZx6jcS+gCJeRiFkoX+pku18NB0yXwqknIY1qMP+II7zm5tTxN7Jg6UEANYMbV7ts9BS0GL1Q+kC0xgTIIdp9PZCO2hPDFiUgcJUpKfu58ja5Wr1jWWDoaUhxphpyGh55HwA2courorL8GzMNLsmsUwGuQBYV51M6+rEuHrEuFOLb/QYtoKGmCOl8OxvGFMNHRHK/rZ8zdEosgJbNgeWGaFKCDMljVY7a+9MsVR1F3180IpDMfpaIuJwXpZp2oCd6VCmDZsmxSgQ0GA7qVLCDqvzIXBg69/7oYCubtX+bCJvrq+fPkyfu5WMIAp4de430xG5ZXT414bnIwhi02O8J5vei9otcqU0uoARGFm5+KvJY7UqcQfAA+6/bMDRfn6FOA5ugDIafLHYPJ6RKsg/0+ASp9ZdcHdE6XzYNledDndAmWlBM2TJe+guoBJabLDcjJiSmmS6CYuoI8oAwNm8T7GEx07wMdrpxh4oILphLgMoPS526/Wbk74KTj5e1kAFnCJpmZLSARDJRHzEwhOM3E+SsvSvn5zM04CuWGNRw0FTH+PKnD3ZbvqQSs2sTJV1VGfmq9A6KbRJiw6TShq2uOURdfpotqhfENnnolgFmhfIV0GcYRwP/vv/9vpd+9gFPJLAOMnbyauZVE2KlgzDheFojm9WRUq9QqJy1FmYw7rJqolF0q6AJxx0FodQonSVfD8T6GrazumZdtSpF6IYcy0oZv6zBLCBPAVl5pELTRHsSOgBYtVj61QU3O0HwksLZQ2yf0aNfncLe5412PLbMT/trZvoDN83Zgsc1ydxDZZrlLuGyz3DJ0tlluEUbbLLcFqW2WteC1a7IKX6wh56h11ul6Z6l7dJrqJcWQE9U6UlzvVHXbsN5m6Sm0jms8WdaTXC8YcLPcKiS4WXpILwgq3Cz9ZXhTEOJmuadw4mbpMSgB/oJ1BmItn8EtQ5GbJVhigafxdc/jSeKOG1dP9BoNjCFXN1IwIPqQA99py288LVaTIcR5KJRQelFH1heauPN8OjAPhjooDwg/5d0Uo4dL+OeOas0LwWMxtLB8iwQONsfZuMwQZ8fftMBhndSq3LT0dc02YIIKv+WEXrhysQ0SD8RNjYOvznDQPP+q8CI5KHFdD9HBez+PWA/edMwgdMcAeTCD914BIt+Ec6dWoZQFf5hM6FMzm6aVSOO9jHqjc7VTynyl2l6Zb63MHIeizinYZeQHiKzJsuvx+YSLrVWp9PlwOFHD+dNIB/JUXGDcPEVpzBuv8fD8yhLmOQn1mmzGYxKoKQM9Jf2U5G16SO7eO3IfPCN35BW5A4/IbXtDruUJCVyE3R6QfutvHc/HPfF6BEqs29vRT2LreDnuxsPRQ0ABno3+UlrLo3En3ozgu+MeXox+8rpp78U991wEDkCnx6Kf0NfwVNyJl2JT57D1PBOAKbdXil2X0/s2ksfQqFMebJYIuprOAMQKh4boZzTLhoxVxmNOBXGtYP9MoCradt1M7lROMLIAg+/YaBKvfjaQZAj6ZcjPzQldWD+ntkJrxYKjpk3zWc4Jzd7Mhncn+y+QWarZaZWHS2GYv8DwjJdTemMyRNYZ8egv1zlgyVOJi+IbSvjQ6drkoNWJvBO9qOSZVGX3ct5t9zGpzudQBxSTv4YXIdkKmm96zNigrnM0yxj4juCRxptzIz9MtP0iP4dk2SmoRYTjW82YgsNAlR4l+2Thw129mEAVzjB5XobkLcBi9FCVMNmKUSV0U8kseQnhhsPVIpkW50A2Ql3XFUMmtjA+Mw1JDL1XyJBnaPF5AwPU78RSUNKmXUhn8J5ncGg5B+1eEmbG90q10NtGyY+WjthBI6hgWpzok2jesDgbLsvMGG5EhVa9HDTyp81xMmSBSQK+kzaEtkq7P9UvA6Utp7FMIZFigTh8DJVV35BwRSsAZCGvxVT/sYLTPCVs+9pBCc9zPPfB8OUVEfRMIJ3CGDaEA1ZS1yMFIGslLLnyI2f+UThw4EyXbiMGo8AZhQyRiOVF6YIw3dvrANY++DPw8FkTvcR18brmKNL6LMVTk23iyznRrTQCVOGnLsstXA9+smBKy5A1YyU4iRp1qSsc2IiWnNxi5LNL/Il2mJJn5+mUiD8acqjf5vje8NM6nmg54qzPrYdrZG+9u1VDlTld+9iFdmwh1rFR6SigI4ZRuQbkcQvCvgOBqfV8G2hVQ8U2QPzNEoK7r1mifAig60Onsk/7jYsir3tl1muoqTTeJNEBpUy8kpnzmCUBsF4KIag2PHGCiO7zcT6VYOTyhgXZsOA92qmIiXBi1Z8WirkqqVb50uAeaAgMNnJMloPaiMaPtO3CnkviWdUsgiMH21mwDKmCuxJhtRqL7WAsDfQO6UkrEzeSRZnJRGPL4wd9+tBssbVPtKQGQlGKnetVTXjQsVfOKTmqP22pXD68KBYYqquQdRziMYVhqa4uHgC7y6eZtYH2uWypsjG7Q+aypRZxIqsUWzL76DlFDeYdqh0mgxI2WlaWGPcKg2czJc181nQsgTnANFIUeLS3nuWfwWw1wRQQaNlSJx71nqB9w7gZYIkJeVVPKf1dXlBIlBm+0i1mGTjuz+1p9mer+SSFKwZ89WVZSAPIWB0nGjQZ4+U1b6ARXWx1TJvnLzPxlwxNxCWbr8Rkx2nBrhzTjlbHGFvTwTCWq4UH5FLiieVzulYhPChNBS3Gcolsg6RIbNNJ9HBQw1NJMQuxWi0WRWngNtn6RZKxrlE4BFa5QTRjTpJ8KWyCM9FwzFYuczkVZnmlot4n1nm7C04AnJigTcx5WYzHq1IiqZJ3iTWJSnCQXMy2GUw+B6IKF1s6ait1FWMwtPBBV4zoNi88BW/kXRiPkfZzsbJs376tZSXEgpib2STQPLH9pG2hKCBHCp+359ozEA96AaRU+bOGs0EBUPLnN2OthFDR1mRhZZg9myLWQBsRBjtUWHgPcB8lGlhlcAb20EK16sf9N7iKOjpXe9Y2wmBdqnGWhqSlc0ZXkl29s1cm+QHVpvid0ecDydIAw2Cb9xLUk7ADttCo3drkXAhkSGiSIcD4WkazvTDuI0GBQhtITah09QRtivQUGQnUZLzZ/lTkoKeENkI6YXuSnVD1BJ3EWTNcjTSKTMADrppbgjiXw0VapjO+5vUSDTAbdr39VS/Eq06CAadW7UepiHni9InkVDQ+spEqgiNGjzQ285hbWScma52LYWTkgpaPwoV86xBJFTQftdLGGRyPvdntOOKLazKZ1TBMoHXgJ3K0+q9aw9BkfAMzbyKtqipHPA8Jn1U7z7eboeBY5Q+gMtHh2aLWoN3zOv+c4t2OZH6RzE+R+dFGHcn8IplfJPNrj08k84tkfpHML5L5hco9kvnp4juqYnttayLy/EWev2aJPH+R5y/y/HGJPH+R56/Rp4vI8+dqb+T5izx/kecv8vxFnr/I85fcOcNP5Pm7vzx/kRyqVn7X5FARjTai0UY02oeKRmvgIEVc2ohLG3FpIy5txKXt7kPEpW2XiEtbKxGXtlUiLu09Q3eBEnFpHzYubcRItZeIkWrrasRIjRipESM1rE0RI7VW7sMpPWKkRoxUXSJGasRIjRipESM1YqRGjFTHryJGasRItdYWMVIjRmrESI0YqREjNWKkRozUiJEKZf20U3hL7oinrt8NqAfV2qOzx1IhGKoh6AJJc+b01AF65BvVC9GpA2/T0BvqUgL8sF5HMsWUUTCa8xamy1E8FWN0wtCRhMhz3VzJdo06h1DMBzbFMy1/BV2J4CS45cFmxcsCc1Vwm3TrJ/LFqTBuhXu2mgu9NsUIbv02CHg8B/BGTC5L0XwGQ+TjvLicD2j3XFUShQObCxW6laN4CsaKNC/XjtcEYzi8wZpxtVzOcsDUQBPd8Vyn/p25EIGphA4dV0N3HIRMCiuaMIvkd4TfCfKRNJgED4bSUiPZMVhskWM+AGfhrdv30gHk26/rVIucqfyvM40lSpMHE7ZhEqt+gt3shD4xO61jpnG2QNfHFwUkWYnZhVageBnMw7o9aoIgJOerVLx4CTGfiEUUKGLGbrmemCthpZX50pk8HCpoWY+0O1AJKtSCsRBvVQssZ6TgcQFOqoruETCmNikMIAA4YOczYVfmYilN3U4i1AiYQ0QDKxV+DjZqzojEKSCGjsXBD458U49PDEb1WPaH5P3m/fGJNIDxMgCV0THqsj+9Aii69UfAYkg45M+6U1+10PQdSCSqkxJQmLA5g+T9HFXf2u3CB645KxA5Cw7ASk2b6wqvemA5FiO+9hqJ0812wLp7Ay6Wkap1hO8xMF6UYxFGvCyqykiDw4OIglEjFOPTbJzCeVwnH2kzwtkIndVytpomTypxGh2hf4lR0nQVTynwIj3NpzClENcGAtPF4sB9Kp8Bym/q9i92DJbPTh8mzgSJIdZr+SLA3rZl8UYc+4hjH3HsjRJx7COOfcSxjzj2Ecc+iTj2ukQc+4hjf/cAfMuIYx9x7Kkpvx0c+wbYuXIkKQyDELB4i5SoMXtUC3+2KPMCXWfJzrNa+3qgsd97dPu7hIt/4MD794dToX3hLFRtVYxzfSZtXN05VoW0zOhfXFetST/UPmutVwn2fyo6SJk062D994f3l9VEQP4IyB8B+SMg/30B5E8/y7zCb75sfxvh+h8QXD/NQzFXxHfHhCy7lvStFRHqUEVxCFJzzfERgKYFrU/DgqInq0F8JX1UtgF4WyxFXw4gAEs+lvwPDV70El1nFR3X4G5MHdbmxqGxHkbrfp0/XsWNxhkmMrOO2oRVH4pJBn0A+0C6abQQM+mBclQt7zk64AIhx7pY8vsnAyAyQOGJE970NB1/hEb88re/CetOqyyU5d//PoSPS5yl4l+/eN5gOJrA0wA/5+0t+zzOskklFAnMkjIdi0lR6VacQhgH3qW7Ia6+/qPxU3Wt43gYInzBJyoaMjfvNrgbiGP6GdHgUYclX7t6RTpOKlU1ZNwtDO8GuVL/kudff2M00gcnr2ritYOp0QX8TdZAmYM5XyW/yMMnjsYvLszpX5rj9gtK6BceN+egnSBQLr2s+S4Fe9neXOop1K5Jj75qoWdNP2mlXOGZzYZwtKvVOXfTWseEZjERcTfTOpYxJoGuTqtlvlypKccTDvnD5hBzn4958riGUiZqfCous6lYI+YkpSgb9WozdlzmbLo1hTofSWUgcxsGlE1Mlj9rhXxq77xhFIjJbn+kC4/AGzDgud6/a9IZSIKh43sY/4z446woNamMvq4hrhB1pr8Bohp4D7b3tulqHgYnjV/gtq3+C5n0bvgrjIwBMYOSSsLGikUi/6FRjMFeFGd+V7i6qD0HaGmcW4YWG6BtIKt3/9iYWDIOjzViMZ00nBL/U9V3E7X/L9V/rp3/tZna2TP/RPdA1v8UlO25+OBjli3I24GHanXwFZW9ObYOLcb6XuYVJT7ZtBYZpDxHzJuCcjVHuxZC8mwd4Uhfx8h/kew2xhtvo1iv0A4i6+NqbMvii+TdnGIaaSmY9VnadIl/lRXWJ2+u5gAcOne84ASh+SEjjCZyhmsJb7KBWPIT5H1I/5Y2Y+xLReaWWa1tv0AIjJv7orXtLJ2n5/r+3puoJl5glxNpebERLKlfQkjzx8sWBVNH9YnRLNhsy34V3P3NW6S+itRXRjm5iNRXkfoqqPmR+uoa0onUV5H6KlJfuVsXqa9aJVJf2X8bqa/a30XqKyqR+soskfqqViL1VaS+0iVSX0Xqq0h9FamvdOMj9VWkvorUV5H6KlJfReors0Tqq1qJ1FetEqmv7hloN5RIfRWpr7pqfojUV7UQzXbiRu1RHar5LGBAfx90Wt60F/VUJN26EdKtgPhifGxD4o8EXq0SCbwigVck8IoEXu0SCbxUiQRekcArEnhFAi+zRAKvGyLwgrx9hpnZJIdXvVqVmn1RXCZwSlQGh0nbBdnss8XSgBNQiXYqUPuNEyNVFrHtQ8Dd2ZJThuTJH9dVnQQHUE2TXQ3VI6bMM2oKROZcqYfQ4DiD7JXMhx5ezyvceSbzHK/FTBNZ1h44yxr05AdARxOLYinm4obH0VL1NYfzMs2XjPoH9/7JJ3yDT5FRUtEE2wDos8GjzFWrgeYa1hzpSHkXKe/qKYCR8i5S3v0uKe8MT+/XO+1cV/XYhjy9AIIAsq++g6i+TajWeo3KfVQZQcAm4RdgUs2FtCYMQZXBtlNDQiLESf0bK0yBLMZsMMN4s9H5CAbdZPTibTRZTFOt3snBBqHfnDRSZbNUTI6xH0QESqOZKvH7jUqryK7kSwc00XBxCYWTTma6OXL1gryEFI5q8vQ5g/l9om+EdXdYTP6apdPlxdUAwRYnq6n5oTEKgyRbjr1ylcqCXaUM7c8B8kbA8oBEbcK/4whXgLefcHp8UhVny0tRxfZFWk7gD7n3ScCZf/HZLChH9PTTvOGMDEWzgzn5Qv8IpQMZPJwEAOnzenBQ1UwmpH8N/rOiIW+vUMg8rW+1BgIJOjBhVKAxK5zShKL53BB9t/l7MKcNuLGwjDUkOl8uNYuBmgAD4LnjkXmDYAClMRMg0eAs/8z5wGJ0UHIhKzs5r7cAZ0OZAV2ABHNB1DEmKhswwpmSgjHSj6vWugluBslBIU7IhEnYO2WqmpgA5ZXRtK2XtUWvZ8mLZCv5Z9ngzu3mIpsuSHXNYLlmzM1GVEEmd1KVnK5OT5HLZLVokAkAIcAl+M1Vesq2fILV1FN3QzrzN23gq7WprTPg8MTBrE8+w0ajqtUWjNSxKd3mmXPEJ8jQEGD1rhMPuZW11wHBJrXKjRuW1OgiritNgQAP5vPGQOqnpx1J1FQOGnRgYCJlCKyBGBwNCDiVBLfy84PpQrgsfwF6nMaWJ9+Hakn9i2gvxMr5siTMrCtTqde20rRqKoKu5hgmzZc77strfjjEsKHCIIovkv948lM6/PXZ8Nufn/w05L++kB89/fOTfx95v3/6xbZ46MlPu8N/489+Gqq/P4x+/uLpn43vnv5j17VaaDjQopimPh4/WfpOallvi3QOJ7m+z5OXcDWF2j23WnCfhwWxBA2St5mYEMAXBFtKIQ7+HrQ4XX6E3YGfHnAOD7kgOIdnVarFIN/VXeuukAOzFymBgBujqjlSeNWq4CLYKICVqlwpmwKJCsXpqJzVLNeQFsylPPq3ADkGrtkEO7ZqvQyVSDsflKO7mfnfldxP76zNXZ9RGOJqF4roAPfNxIIiVK/Jj2fQTv0Hxz0kE7p7E9oXF6zAzEHZ/bujQL/VWKhIp+6uP9KpRzp15omJdOqRTt0skU69m07d2Md2nj3/yhVpHrCPRWL2axOz9xgst9GxiaGK5O7tAjNjY+TupjfCdQqIBPCRAP7aBPC3pDL8RPJtm8X6WOSbh3KnfPOWX+0BJCggDk2at0wT9Y3EqT4vOEIEr0JmxSfFSpzMs89LI39llBzCAQZElpmRpxerU1zKhvuhys+rbeMqe/t0WpxuQzITBVWCDV5UQnVtPwcL5tudb4Z8I8I4N8N8Pnwp9uGhWsqjGV3sowAlwEmr75220bo8S2cm/fs1ph9vl3c0+xxc9I6Jpwh9a1z01hl30KcPzRZb+0RHaqGx4S7iVU140LFXztU8qj9tqVw+vCgWCEqk8N4c4jGFYamuLh64tMynmbWBdjVgqbKhGNZUA8L8AR4kglXiwyBzzsG8QwucVfynrEaJbrvNM6IHz9KxyfkurEPEbGQtcpZ/BvWyWhbiKMf87IU9AAjPkk9wk5YeBnFwEvKCXZRYiSldjM9YHMwIST1LvFWz0lKfCSsyhYQvAp4vCxlcY6yOEw1ijshg+jRi4ChZ04TM2D4tE4kWijiB85WY7DgtOLDejNFSIXK2poO1J1cLD8ilPMTnc0pyE7r2FDhk6ToOuFWWcPiUXA626SR6OKhB1cGwrcTsWYAtomMTbf0iyVjXqI7VaP8wyZdVNj1TDEC5nAqzvFL4XnbqkF2IAcWJCdrEnJfFWJwIJLIxHSZZkzSpVm3CZRuO7izTirRV1bhdB+4CDqIUI7rNC09tit6FATfzq+VitYy7cn3JePbVlZgTCACcTQJ9s/bt1VKPjdqevyHoNAh7ZIxHfU9/oT5rBPIqQFyL+zMOtzkWa7uqpav/O+bt6zS12j+AYAy4iqChP9efy9EsLFyPaEQJZQA7lbxtCHTGf/NVrx7W+LE7Old71jaZ4WpBc9HwLYKlc0ZXkl1t1tU8YFSbchRjMPlFCgxuVk+vSSEDgNl4o7G1ybkQyIrVJMCC8bWMZlsHbLKtm2KLURFwqclboZ4gi4jjFkvO2JilBIn+qchBaYitCLZ7eKHlZWKfJ4piBofkaqRFLCuHJnDV3BIEHR4u0jKdcca1l/WFPeD19le9kGQ72V6Ms57QXm1HybpHPY617BhLGZF5XharRcVxkMrarkGhk8GBanOCETTWQ4SxSh9X0vunzNYfdv6Cr3PeoPuvtQLuP1s93NQdKBTbFadTFelaPddMOoZOufdMz2OFoTh2F5t/nUPxrXUovivVlhydLlPjvtUgcdFX3trET+uTQ7nFfehF34ND2LxThFx8NPyliYw6e6D++X5xUuyJCiHUF6mc3y/Un3t4E3iUkQcf6DYTSviEvw7BnXptAiN9F6wCTOV1Gswe8HqnqNm6Iupr0qGHxXSAi6EjtmOuw0AUfj3c6mFHCN4dXBNDWe+quOdd8XXuhKGE3gtDCYoj67gfhtJn7G7lnhjKCeXx4cUjXMzB3SP31ffD2uXVH77543XFF2Ko69KL18pm0deU40gxJhjWvSUy8hLzI5fJaQrRYqtFl2hf4Q0VXD6OCYvB+qJcqV9hXu48JzcVNqt1E/TT559Hlu6IGr4dNNqao+cAaVvFDPc2k1ksSRWy78Ki8jLVl5B1ZT/I6MKMvn5cu65dk4o/pgBKn+lSyutn3jIwi/FcWKnoe1TZueCP0suvXxiCf9YclsVkNeZMWBWG0Nx2YcVSiJP2lsorTGC4pTRpfYgjPennBUP/Psc3YGp140q0b2QDlBNZj7EjpMYlbremaUVIsMfZGyUBpXF145+MIaH+Osyfo/B/NkL1Pwxe/PyF8c+fn/7ZF58fpBT9l/tQ1r7g9wq84/IfSldE9zDZgtdt+R/Btvif4bZcV5S+eAQoNUHeVOBBjwyUe5hSEpTE28WTFxQGQI+ymeP8vnRdx9HXHn4TTzQBlM4Q/s7w/f6Mff6wfU9z+0Xpd3gLoVzPY+gSaehR3fAaqgO5o85muuYNH9FXfJrtIb3mT9oCXC2Gy2IIJtpGHR5GtUEeD3lSvy1pOleY9YvWh2QBv8AG0gfLooTDl/HJ6lRdMsiRQiQFPWzoDjxmbyBilyqTu5V8AHaYHEX5KGBQtgaNKmg+SrU2HubdPfnb3x8Nh8NHBq5r8mnnEYI5Jsd0ib07RvLuRyaFoEl1xpcyI6EMCLRNZq+8MPEfHjHgYTIGlDYiZS8fmSB/9E11JX4xazWqPE3Ho3S1vADWMYrc4Lep5h4V02yjjZyKNS4+x+EQLxyWBQaXOFpcrqYw2kO43voO3ajwZmFngIlRmw5Dvqt9hJlGp/wZ3UG0fz8uMDTU7HO7QrxFa1R4ni3pu7yiPy7hVtB8F/y5Wkzknwv1PeGN0CCcn5eY8VbMj1Y0g1lgIO9j5QzH31m4XVuClxVmoCV4HrxItpZosPUc8pe6JRsdedXGiWwhDT6NcfLTz+vMz7Ua65XWNVef2aeweUuhDmJ375pqeioZ84vm33UXiK4+qCaNtBm0OoLqJJB/d/N4+VxbMulkAvmtzSG2jAs9oT4Vjds+g7Cb/FeiT7Q/oqxUi1xa7ezROiMh0P41B5kg/IT9iXo+YIAIHn/x+ObHY5EjJg7yMjt1MUG2yw8ZeJHDsdeYgB0vRTzb2izArIbMMTDtaXCaI6xaNfKNp2X2hDzv+Fb1h/SJME6EfSFOY46psBBvAjZs0bF8Jj5epLOOJzPfU2y1ToRBVFwhvbX/OcBSRCXpfewC4YTGF9n4o//BBfDoep/o+DazN7jHLPR8a9UJAbpgBXclS86kcS6NZfExm5cZILIFWj+2LdWikFdonxNEfq/6g3UrryrLR1pket7X/uFQxbUftiaba241K7M94tPraym+bim1F5XjY0f7zSfaYjF711pLrQ8cr6Dv2pXX/+H4sfWH2bL1b9fPXdvtDexSLs3XGLGGWm0q0A3OnvUatKYm8mwlTRuzsQtZP7z+WlrvIPsX2pVv/DzLu/8j97G2mErqGylpTyceMREEHca7T9OsuPH8YXU63LjXwDiV3YTMzaOWlPWaIjXPj0Gn1RsWbtNPtFG5XWanF0XxcciJFO5WSSZ1CP2XSkL8+SL56isi6FqmpVivh/iZWSt2tR7qGNjQpiDSxaLSE2pP7WTXF4gKxx/iUemFEZ3fGC8WivN7j+RUaCreP9YlEuLQcTc+rPkyEp3faMhMOUoNf3ev14c1gDysL4wmE7OP/ETsMeW50YRhMqxps9oXkzw9nxeVMIWrIe9nf/rHv0Hg+Ye9g93v3r47Pjl4efxhd2/vaP/4+MWfXvxRTNS/16rI51U2Fqdesy5Zx8Hb4/2X74/2zcpe/AlhsuqVnAm7AupAbLo/sbf9UJhAoqb9/3P44c3uy78evN3/cPju3esXfwJ/0t8HUsPwPnmcLfnhl6/fH5/sH30QTX73/ujl/ofj/ZPGj06KRTEtzq+gofz0ybvDd6/fffevsn2DI9qbj/e+53qP3r89OXgjqtv7Xj2krxgOIfg9P79YvkTDr9Fw0YQPh0f7r14ffPfXkw8v/7r/8vtj2Sau48c0X74qShNi/iXfU9Bnu0v4DK3ORu0/7h6cvHp39MO71+/f7O/tn4iPP7x89/b4YE90jD7dPYFP3+y/PVHvPSzzAtLz//cqW2Vc4+HRwbujg5N//fC/3++/32+NFTCcpCZ10jDZNqcmlGz+yfye1vvhu70Pb3ff7B8f7r7cV98mFPDwqiwaN+QYwmDhsNPkaWrpjZTCcL508++zvur9wd5m37TKdbhyPsNbG4LgLq9GZTofQ3wh3Kfz32bCiaFbX3zaGe08G31dr+pwNZ0eFkKVXr1IDs7eFjB/Ic5LPTXNP2UAMHhYFqe1eACII/8ua1AqLLDl23T0+bX+FW5mzW9IbM25o/ZFKV2l32hL/Fbuk2YlrX1S1VYWy2JcTF8kJy8PvZU+a1Xa7klgbX+0NVEMaSn0YmdtCtaxl9TxJjhE6KipxYoHRF1xdjArS6fT4lJohE/5NDvP9uECkGILCdXQeFLsygSw0IrVnZTFov7JMNl9/brWa37BpF2vOAvtVmxffvP117XbUvzufQX7Zv0rztiElnK6r5zUr0SPhJX68aR4XZxX7+b7kMuofkdcGG/AsKzNN6TvoGW4vZwttsW2PazPr2008ubnw3FWLqvWSMOnZsPF0LybT6+M+1bPMGA33xbzo6JY1n6BvwHkYzEvzvJpbWbQnS/vVsyJo15kWtBvbeZzQ4jflUKRHmZiZ5gwRhqEhMnnhJ1OgZSGtZGdnQmrAhhfJEq1atvHTPQbspnQwh/VM09mKeiqa1dTM5kemYNrtNEyNHQrYsqx0iTMVqseB7xlTsOHUpz1oxpEsyNaz2bPGub06zaXJ/PK9LlbujUyfjaqPo2DH1ROi2khlIX4WV5VK7DHeG8jMRzgh4+MBUKdmJ5V+flcHAJz+UCY/BPpPqWXFOV5OucjKAt1CNwXkIE5lDKc5mJuXY2nWfjocbM3O3DtPneMHvzkGH9ijX1IJzNRk/iTrQK7z+DNaomhtz+SOF+aafa1DqbzebE0JdmUTj4HwQ/H6RASHmpN3rbNzWu7I7jlaibUIAIe8ad0HSxFcYT+dBYRT/tPO/w/SBuDvykPjyRBzeM5JvWB92wvH7AMHH3J2zI2P1OzEHs+zIsht0N+8UgBlOitK4f1hMdZ+dn+f61yYVJmhiOEEZfVOrQ5Eem6nG/mtOfR4SY3KZPVc1psBsqj+vblkTha7PM/3h/uyX80Qopqlw1wptlHfV+Bwp9nD3sA8WZlU6OIlT2ModSXTA9sQOkuuHNcjfvjTY2uUaXnRto31O5f3cKImzfqD2/YneOt8YWuN8iS4+1+r17jIvE3NoD6WnZTQ6lrfBiDWr/R/o0Nr3GvvqnxNap8GAPciC34jY3wJnZaXdXDGNGHuZdy4IJtRNPp4kIMaSM24drj2qhPReGtZ0Z5Ai8cY07duu6gW8I4HtjId61hCFza1CKGuh7GKpaxXZbBXMtpg4RND9Rt80m1/YE6brgDN+i6kSISI38vvTfDZG//9f5vyJUTPKTXc+a0x/Ue+nOCBvfhOXfUEN+ie6c93tHD88DGXseU3sAU4Mof+EyQSTcPcULcmNPPGPfo97vrUdyA5689ntH5d7/GWGYbbXKIZZ0PZITNhKvf3ABvwr/bHuLo4r1nw7whezv6eW9nOG/P02sMrsvZG72892YZX8vP217HvwlX7/0eUchsdQ+rSmjdxKCqypzIBr5xdf3m1nxg9czi3+pAY+byRkcba3zgQ64SzNvD/v8B+Kqyku8FDQA= data: metadata: | # maps release series of major.minor to cluster-api contract version @@ -19,6 +21,9 @@ data: apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 kind: Metadata releaseSeries: + - major: 1 + minor: 10 + contract: v1beta1 - major: 1 minor: 9 contract: v1beta1 @@ -52,7 +57,7 @@ data: kind: ConfigMap metadata: creationTimestamp: null - name: v1.9.5 + name: v1.10.5 namespace: capi-system annotations: provider.cluster.x-k8s.io/compressed: "true" diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml index beb64e4..54c2a9e 100644 --- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml +++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml @@ -813,7 +813,7 @@ data: control-plane: controller-manager spec: containers: - - image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.11.0 + - image: ghcr.io/rancher/cluster-api-addon-provider-fleet:v0.11.0 imagePullPolicy: IfNotPresent name: manager ports: @@ -835,7 +835,7 @@ data: memory: 100Mi - args: - --helm-install - image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.11.0 + image: ghcr.io/rancher/cluster-api-addon-provider-fleet:v0.11.0 name: helm-manager resources: limits: diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3-ipam.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3-ipam.yaml new file mode 100644 index 0000000..d4101d3 --- /dev/null +++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3-ipam.yaml @@ -0,0 +1,1038 @@ +{{- if not (lookup "v1" "Namespace" "" "metal3-ipam-system") }} +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3ipam + pod-security.kubernetes.io/enforce: restricted + name: metal3-ipam-system +--- +{{- end }} +apiVersion: v1 +data: + components: | + apiVersion: v1 + kind: Namespace + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + control-plane: controller-manager + name: metal3-ipam-system + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: metal3-ipam-system/ipam-serving-cert + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + cluster.x-k8s.io/provider: ipam-metal3 + cluster.x-k8s.io/v1alpha2: v1alpha2 + cluster.x-k8s.io/v1alpha3: v1alpha3_v1alpha4 + cluster.x-k8s.io/v1alpha4: v1alpha5 + cluster.x-k8s.io/v1beta1: v1beta1 + name: ipaddresses.ipam.metal3.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: ipam.metal3.io + names: + categories: + - metal3 + kind: IPAddress + listKind: IPAddressList + plural: ipaddresses + shortNames: + - ipa + - ipaddress + - m3ipa + - m3ipaddress + - m3ipaddresses + - metal3ipa + - metal3ipaddress + - metal3ipaddresses + singular: ipaddress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of Metal3IPAddress + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPAddress is the Schema for the ipaddresses API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IPAddressSpec defines the desired state of IPAddress. + properties: + address: + description: Address contains the IP address + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + claim: + description: Claim points to the object the IPClaim was created for. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + dnsServers: + description: DNSServers is the list of dns servers + items: + description: IPAddress is used for validation of an IP address. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + type: array + gateway: + description: Gateway is the gateway ip address + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + pool: + description: Pool is the IPPool this was generated from. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + prefix: + description: Prefix is the mask of the network as integer (max 128) + maximum: 128 + type: integer + required: + - address + - claim + - pool + type: object + type: object + served: true + storage: true + subresources: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: metal3-ipam-system/ipam-serving-cert + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + cluster.x-k8s.io/provider: ipam-metal3 + cluster.x-k8s.io/v1alpha2: v1alpha2 + cluster.x-k8s.io/v1alpha3: v1alpha3_v1alpha4 + cluster.x-k8s.io/v1alpha4: v1alpha5 + cluster.x-k8s.io/v1beta1: v1beta1 + name: ipclaims.ipam.metal3.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: ipam.metal3.io + names: + categories: + - cluster-api + kind: IPClaim + listKind: IPClaimList + plural: ipclaims + shortNames: + - ipc + - ipclaim + - m3ipc + - m3ipclaim + - m3ipclaims + - metal3ipc + - metal3ipclaim + - metal3ipclaims + singular: ipclaim + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of Metal3IPClaim + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPClaim is the Schema for the ipclaims API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IPClaimSpec defines the desired state of IPClaim. + properties: + pool: + description: Pool is the IPPool this was generated from. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - pool + type: object + status: + description: IPClaimStatus defines the observed state of IPClaim. + properties: + address: + description: Address is the IPAddress that was generated for this + claim. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + errorMessage: + description: ErrorMessage contains the error message + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: metal3-ipam-system/ipam-serving-cert + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + cluster.x-k8s.io/provider: ipam-metal3 + cluster.x-k8s.io/v1alpha2: v1alpha2 + cluster.x-k8s.io/v1alpha3: v1alpha3_v1alpha4 + cluster.x-k8s.io/v1alpha4: v1alpha5 + cluster.x-k8s.io/v1beta1: v1beta1 + name: ippools.ipam.metal3.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: ipam.metal3.io + names: + categories: + - cluster-api + kind: IPPool + listKind: IPPoolList + plural: ippools + shortNames: + - ipp + - ippool + - m3ipp + - m3ippool + - m3ippools + - metal3ipp + - metal3ippool + - metal3ippools + singular: ippool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this template belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Time duration since creation of Metal3IPPool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPPool is the Schema for the ippools API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IPPoolSpec defines the desired state of IPPool. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + type: string + dnsServers: + description: DNSServers is the list of dns servers + items: + description: IPAddress is used for validation of an IP address. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + type: array + gateway: + description: Gateway is the gateway ip address + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + namePrefix: + description: namePrefix is the prefix used to generate the IPAddress + object names + minLength: 1 + type: string + pools: + description: Pools contains the list of IP addresses pools + items: + description: |- + MetaDataIPAddress contains the info to render th ip address. It is IP-version + agnostic. + properties: + dnsServers: + description: DNSServers is the list of dns servers + items: + description: IPAddress is used for validation of an IP address. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + type: array + end: + description: |- + End is the last IP address that can be rendered. It is used as a validation + that the rendered IP is in bound. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + gateway: + description: Gateway is the gateway ip address + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + prefix: + description: Prefix is the mask of the network as integer (max + 128) + maximum: 128 + type: integer + start: + description: Start is the first ip address that can be rendered + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + subnet: + description: |- + Subnet is used to validate that the rendered IP is in bounds. In case the + Start value is not given, it is derived from the subnet ip incremented by 1 + (`192.168.0.1` for `192.168.0.0/24`) + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))/([0-9]|[1-2][0-9]|3[0-2])$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))/([0-9]|[0-9][0-9]|1[0-1][0-9]|12[0-8])$)) + type: string + type: object + type: array + preAllocations: + additionalProperties: + description: IPAddress is used for validation of an IP address. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + description: PreAllocations contains the preallocated IP addresses + type: object + prefix: + description: Prefix is the mask of the network as integer (max 128) + maximum: 128 + type: integer + required: + - namePrefix + type: object + status: + description: IPPoolStatus defines the observed state of IPPool. + properties: + indexes: + additionalProperties: + description: IPAddress is used for validation of an IP address. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + description: Allocations contains the map of objects and IP addresses + they have + type: object + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-manager + namespace: metal3-ipam-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-leader-election-role + namespace: metal3-ipam-system + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-manager-role + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - get + - list + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters/status + verbs: + - get + - apiGroups: + - ipam.cluster.x-k8s.io + resources: + - ipaddressclaims + - ipaddresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ipam.cluster.x-k8s.io + resources: + - ipaddressclaims/status + - ipaddresses/status + verbs: + - get + - patch + - update + - apiGroups: + - ipam.metal3.io + resources: + - ipaddresses + - ipclaims + - ippools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ipam.metal3.io + resources: + - ipaddresses/status + - ipclaims/status + - ippools/status + verbs: + - get + - patch + - update + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-leader-election-rolebinding + namespace: metal3-ipam-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ipam-leader-election-role + subjects: + - kind: ServiceAccount + name: ipam-manager + namespace: metal3-ipam-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-manager-rolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ipam-manager-role + subjects: + - kind: ServiceAccount + name: ipam-manager + namespace: metal3-ipam-system + --- + apiVersion: v1 + kind: Service + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-webhook-service + namespace: metal3-ipam-system + spec: + ports: + - port: 443 + targetPort: ipam-webhook + selector: + cluster.x-k8s.io/provider: ipam-metal3 + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + name: ipam-controller-manager + namespace: metal3-ipam-system + spec: + selector: + matchLabels: + cluster.x-k8s.io/provider: ipam-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + template: + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + spec: + containers: + - args: + - --webhook-port=9443 + - --diagnostics-address=${IPAM_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${IPAM_INSECURE_DIAGNOSTICS:=false} + - --tls-min-version=${TLS_MIN_VERSION:=VersionTLS13} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: registry.rancher.com/rancher/ip-address-manager:v1.10.2 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: ipam-webhook + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: ipam-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: ipam-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-serving-cert + namespace: metal3-ipam-system + spec: + dnsNames: + - ipam-webhook-service.metal3-ipam-system.svc + - ipam-webhook-service.metal3-ipam-system.svc.cluster.local + issuerRef: + kind: Issuer + name: ipam-selfsigned-issuer + secretName: ipam-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Issuer + metadata: + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-selfsigned-issuer + namespace: metal3-ipam-system + spec: + selfSigned: {} + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: metal3-ipam-system/ipam-serving-cert + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-mutating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /mutate-ipam-metal3-io-v1alpha1-ipaddress + failurePolicy: Fail + matchPolicy: Equivalent + name: default.ipaddress.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ipaddresses + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /mutate-ipam-metal3-io-v1alpha1-ipclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: default.ipclaim.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ipclaims + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /mutate-ipam-metal3-io-v1alpha1-ippool + failurePolicy: Fail + matchPolicy: Equivalent + name: default.ippool.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ippools + sideEffects: None + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: metal3-ipam-system/ipam-serving-cert + labels: + cluster.x-k8s.io/provider: ipam-metal3 + name: ipam-validating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /validate-ipam-metal3-io-v1alpha1-ipaddress + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipaddress.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ipaddresses + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /validate-ipam-metal3-io-v1alpha1-ipclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipclaim.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ipclaims + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: metal3-ipam-system + path: /validate-ipam-metal3-io-v1alpha1-ippool + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ippool.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ippools + sideEffects: None + metadata: | + apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 + kind: Metadata + releaseSeries: + - major: 1 + minor: 10 + contract: v1beta1 + - major: 1 + minor: 9 + contract: v1beta1 + - major: 1 + minor: 8 + contract: v1beta1 + - major: 1 + minor: 7 + contract: v1beta1 + - major: 1 + minor: 6 + contract: v1beta1 + - major: 1 + minor: 5 + contract: v1beta1 + - major: 1 + minor: 4 + contract: v1beta1 + - major: 1 + minor: 3 + contract: v1beta1 + - major: 1 + minor: 2 + contract: v1beta1 + - major: 1 + minor: 1 + contract: v1beta1 +kind: ConfigMap +metadata: + creationTimestamp: null + name: v1.10.2 + namespace: metal3-ipam-system + labels: + provider-components: metal3ipam diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml index b70867b..7b6855d 100644 --- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml +++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml @@ -1,3 +1,4 @@ +{{- if not (lookup "v1" "Namespace" "" "capm3-system") }} apiVersion: v1 kind: Namespace metadata: @@ -6,6 +7,7 @@ metadata: pod-security.kubernetes.io/enforce: restricted name: capm3-system --- +{{- end }} apiVersion: v1 data: components: | @@ -19,548 +21,6 @@ data: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition - metadata: - annotations: - cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert - controller-gen.kubebuilder.io/version: v0.16.5 - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - cluster.x-k8s.io/v1alpha2: v1alpha2 - cluster.x-k8s.io/v1alpha3: v1alpha3_v1alpha4 - cluster.x-k8s.io/v1alpha4: v1alpha5 - cluster.x-k8s.io/v1beta1: v1beta1 - name: ipaddresses.ipam.metal3.io - spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: ipam-webhook-service - namespace: capm3-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: ipam.metal3.io - names: - categories: - - metal3 - kind: IPAddress - listKind: IPAddressList - plural: ipaddresses - shortNames: - - ipa - - ipaddress - - m3ipa - - m3ipaddress - - m3ipaddresses - - metal3ipa - - metal3ipaddress - - metal3ipaddresses - singular: ipaddress - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Time duration since creation of Metal3IPAddress - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: IPAddress is the Schema for the ipaddresses API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IPAddressSpec defines the desired state of IPAddress. - properties: - address: - description: Address contains the IP address - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) - type: string - claim: - description: Claim points to the object the IPClaim was created for. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - dnsServers: - description: DNSServers is the list of dns servers - items: - description: IPAddress is used for validation of an IP address. - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) - type: string - type: array - gateway: - description: Gateway is the gateway ip address - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) - type: string - pool: - description: Pool is the IPPool this was generated from. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - prefix: - description: Prefix is the mask of the network as integer (max 128) - maximum: 128 - type: integer - required: - - address - - claim - - pool - type: object - type: object - served: true - storage: true - subresources: {} - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert - controller-gen.kubebuilder.io/version: v0.16.5 - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - cluster.x-k8s.io/v1alpha2: v1alpha2 - cluster.x-k8s.io/v1alpha3: v1alpha3_v1alpha4 - cluster.x-k8s.io/v1alpha4: v1alpha5 - cluster.x-k8s.io/v1beta1: v1beta1 - name: ipclaims.ipam.metal3.io - spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: ipam-webhook-service - namespace: capm3-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: ipam.metal3.io - names: - categories: - - cluster-api - kind: IPClaim - listKind: IPClaimList - plural: ipclaims - shortNames: - - ipc - - ipclaim - - m3ipc - - m3ipclaim - - m3ipclaims - - metal3ipc - - metal3ipclaim - - metal3ipclaims - singular: ipclaim - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Time duration since creation of Metal3IPClaim - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: IPClaim is the Schema for the ipclaims API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IPClaimSpec defines the desired state of IPClaim. - properties: - pool: - description: Pool is the IPPool this was generated from. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - required: - - pool - type: object - status: - description: IPClaimStatus defines the observed state of IPClaim. - properties: - address: - description: Address is the IPAddress that was generated for this - claim. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - errorMessage: - description: ErrorMessage contains the error message - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition - metadata: - annotations: - cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert - controller-gen.kubebuilder.io/version: v0.16.5 - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - cluster.x-k8s.io/v1alpha2: v1alpha2 - cluster.x-k8s.io/v1alpha3: v1alpha3_v1alpha4 - cluster.x-k8s.io/v1alpha4: v1alpha5 - cluster.x-k8s.io/v1beta1: v1beta1 - name: ippools.ipam.metal3.io - spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: ipam-webhook-service - namespace: capm3-system - path: /convert - conversionReviewVersions: - - v1 - - v1beta1 - group: ipam.metal3.io - names: - categories: - - cluster-api - kind: IPPool - listKind: IPPoolList - plural: ippools - shortNames: - - ipp - - ippool - - m3ipp - - m3ippool - - m3ippools - - metal3ipp - - metal3ippool - - metal3ippools - singular: ippool - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Cluster to which this template belongs - jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name - name: Cluster - type: string - - description: Time duration since creation of Metal3IPPool - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: IPPool is the Schema for the ippools API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: IPPoolSpec defines the desired state of IPPool. - properties: - clusterName: - description: ClusterName is the name of the Cluster this object belongs - to. - type: string - dnsServers: - description: DNSServers is the list of dns servers - items: - description: IPAddress is used for validation of an IP address. - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) - type: string - type: array - gateway: - description: Gateway is the gateway ip address - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) - type: string - namePrefix: - description: namePrefix is the prefix used to generate the IPAddress - object names - minLength: 1 - type: string - pools: - description: Pools contains the list of IP addresses pools - items: - description: |- - MetaDataIPAddress contains the info to render th ip address. It is IP-version - agnostic. - properties: - dnsServers: - description: DNSServers is the list of dns servers - items: - description: IPAddress is used for validation of an IP address. - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) - type: string - type: array - end: - description: |- - End is the last IP address that can be rendered. It is used as a validation - that the rendered IP is in bound. - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) - type: string - gateway: - description: Gateway is the gateway ip address - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) - type: string - prefix: - description: Prefix is the mask of the network as integer (max - 128) - maximum: 128 - type: integer - start: - description: Start is the first ip address that can be rendered - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) - type: string - subnet: - description: |- - Subnet is used to validate that the rendered IP is in bounds. In case the - Start value is not given, it is derived from the subnet ip incremented by 1 - (`192.168.0.1` for `192.168.0.0/24`) - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))/([0-9]|[1-2][0-9]|3[0-2])$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))/([0-9]|[0-9][0-9]|1[0-1][0-9]|12[0-8])$)) - type: string - type: object - type: array - preAllocations: - additionalProperties: - description: IPAddress is used for validation of an IP address. - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) - type: string - description: PreAllocations contains the preallocated IP addresses - type: object - prefix: - description: Prefix is the mask of the network as integer (max 128) - maximum: 128 - type: integer - required: - - namePrefix - type: object - status: - description: IPPoolStatus defines the observed state of IPPool. - properties: - indexes: - additionalProperties: - description: IPAddress is used for validation of an IP address. - pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) - type: string - description: Allocations contains the map of objects and IP addresses - they have - type: object - lastUpdated: - description: LastUpdated identifies when this status was last observed. - format: date-time - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - --- - apiVersion: apiextensions.k8s.io/v1 - kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert @@ -643,6 +103,13 @@ data: spec: description: Metal3ClusterSpec defines the desired state of Metal3Cluster. properties: + cloudProviderEnabled: + description: |- + Determines if the cluster is to be deployed with an external cloud provider. + If set to false, CAPM3 will use node labels to set providerID on the kubernetes nodes. + If set to true, providerID is set on nodes by other entities and CAPM3 uses the value of the providerID on the m3m resource. + Default value is true, it is set in the webhook. + type: boolean controlPlaneEndpoint: description: ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. @@ -662,6 +129,8 @@ data: Determines if the cluster is not to be deployed with an external cloud provider. If set to true, CAPM3 will use node labels to set providerID on the kubernetes nodes. If set to false, providerID is set on nodes by other entities and CAPM3 uses the value of the providerID on the m3m resource. + + Deprecated: This field is deprecated, use cloudProviderEnabled instead type: boolean type: object status: @@ -675,27 +144,32 @@ data: properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: description: status of the condition, one of True, False, Unknown. @@ -705,6 +179,8 @@ data: type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -797,6 +273,13 @@ data: spec: description: Metal3ClusterSpec defines the desired state of Metal3Cluster. properties: + cloudProviderEnabled: + description: |- + Determines if the cluster is to be deployed with an external cloud provider. + If set to false, CAPM3 will use node labels to set providerID on the kubernetes nodes. + If set to true, providerID is set on nodes by other entities and CAPM3 uses the value of the providerID on the m3m resource. + Default value is true, it is set in the webhook. + type: boolean controlPlaneEndpoint: description: ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. @@ -818,6 +301,8 @@ data: Determines if the cluster is not to be deployed with an external cloud provider. If set to true, CAPM3 will use node labels to set providerID on the kubernetes nodes. If set to false, providerID is set on nodes by other entities and CAPM3 uses the value of the providerID on the m3m resource. + + Deprecated: This field is deprecated, use cloudProviderEnabled instead type: boolean type: object required: @@ -1192,7 +677,9 @@ data: description: |- TemplateReference refers to the Template the Metal3MachineTemplate refers to. It can be matched against the key or it may also point to the name of the template - Metal3Data refers to + Metal3Data refers to. + + Deprecated: This field is deprecated and will be removed in a future release. type: string required: - claim @@ -2221,7 +1708,9 @@ data: description: |- TemplateReference refers to the Template the Metal3MachineTemplate refers to. It can be matched against the key or it may also point to the name of the template - Metal3Data refers to + Metal3Data refers to. + + Deprecated: This field is deprecated and will be removed in a future release. type: string required: - clusterName @@ -2526,11 +2015,19 @@ data: address. properties: address: - description: The machine address. + description: address is the machine address. + maxLength: 256 + minLength: 1 type: string type: - description: Machine address type, one of Hostname, ExternalIP, - InternalIP, ExternalDNS or InternalDNS. + description: type is the machine address type, one of Hostname, + ExternalIP, InternalIP, ExternalDNS or InternalDNS. + enum: + - Hostname + - ExternalIP + - InternalIP + - ExternalDNS + - InternalDNS type: string required: - address @@ -2545,27 +2042,32 @@ data: properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: description: status of the condition, one of True, False, Unknown. @@ -2575,6 +2077,8 @@ data: type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -3267,14 +2771,6 @@ data: name: capm3-manager namespace: capm3-system --- - apiVersion: v1 - kind: ServiceAccount - metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - name: ipam-manager - namespace: capm3-system - --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -3303,21 +2799,6 @@ data: - delete --- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - name: ipam-leader-election-role - namespace: capm3-system - rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: @@ -3515,87 +2996,6 @@ data: - watch --- apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - name: ipam-manager-role - rules: - - apiGroups: - - "" - resources: - - events - verbs: - - create - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - cluster.x-k8s.io - resources: - - clusters - verbs: - - get - - list - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - clusters/status - verbs: - - get - - apiGroups: - - ipam.metal3.io - resources: - - ipaddresses - - ipclaims - - ippools - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - ipam.metal3.io - resources: - - ipaddresses/status - - ipclaims/status - - ippools/status - verbs: - - get - - patch - - update - --- - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: @@ -3612,22 +3012,6 @@ data: namespace: capm3-system --- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - name: ipam-leader-election-rolebinding - namespace: capm3-system - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ipam-leader-election-role - subjects: - - kind: ServiceAccount - name: ipam-manager - namespace: capm3-system - --- - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: @@ -3642,21 +3026,6 @@ data: name: capm3-manager namespace: capm3-system --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - name: ipam-manager-rolebinding - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ipam-manager-role - subjects: - - kind: ServiceAccount - name: ipam-manager - namespace: capm3-system - --- apiVersion: v1 data: CAPM3_FAST_TRACK: ${CAPM3_FAST_TRACK:='false'} @@ -3681,20 +3050,6 @@ data: selector: cluster.x-k8s.io/provider: infrastructure-metal3 --- - apiVersion: v1 - kind: Service - metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - name: ipam-webhook-service - namespace: capm3-system - spec: - ports: - - port: 443 - targetPort: ipam-webhook - selector: - cluster.x-k8s.io/provider: infrastructure-metal3 - --- apiVersion: apps/v1 kind: Deployment metadata: @@ -3734,7 +3089,7 @@ data: envFrom: - configMapRef: name: capm3-capm3fasttrack-configmap - image: registry.rancher.com/rancher/cluster-api-provider-metal3:v1.9.4 + image: quay.io/metal3-io/cluster-api-provider-metal3:main imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -3785,92 +3140,6 @@ data: defaultMode: 420 secretName: capm3-webhook-service-cert --- - apiVersion: apps/v1 - kind: Deployment - metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - control-plane: controller-manager - controller-tools.k8s.io: "1.0" - name: ipam-controller-manager - namespace: capm3-system - spec: - selector: - matchLabels: - cluster.x-k8s.io/provider: infrastructure-metal3 - control-plane: controller-manager - controller-tools.k8s.io: "1.0" - template: - metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - control-plane: controller-manager - controller-tools.k8s.io: "1.0" - spec: - containers: - - args: - - --webhook-port=9443 - - --diagnostics-address=${IPAM_DIAGNOSTICS_ADDRESS:=:8443} - - --insecure-diagnostics=${IPAM_INSECURE_DIAGNOSTICS:=false} - - --tls-min-version=${TLS_MIN_VERSION:=VersionTLS13} - command: - - /manager - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: quay.io/metal3-io/ip-address-manager:v1.9.5 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9443 - name: ipam-webhook - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - - containerPort: 8443 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - runAsGroup: 65532 - runAsUser: 65532 - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: ipam-manager - terminationGracePeriodSeconds: 10 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: ipam-webhook-service-cert - --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -3888,22 +3157,6 @@ data: secretName: capm3-webhook-service-cert --- apiVersion: cert-manager.io/v1 - kind: Certificate - metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - name: ipam-serving-cert - namespace: capm3-system - spec: - dnsNames: - - ipam-webhook-service.capm3-system.svc - - ipam-webhook-service.capm3-system.svc.cluster.local - issuerRef: - kind: Issuer - name: ipam-selfsigned-issuer - secretName: ipam-webhook-service-cert - --- - apiVersion: cert-manager.io/v1 kind: Issuer metadata: labels: @@ -3913,16 +3166,6 @@ data: spec: selfSigned: {} --- - apiVersion: cert-manager.io/v1 - kind: Issuer - metadata: - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - name: ipam-selfsigned-issuer - namespace: capm3-system - spec: - selfSigned: {} - --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -4132,82 +3375,6 @@ data: sideEffects: None --- apiVersion: admissionregistration.k8s.io/v1 - kind: MutatingWebhookConfiguration - metadata: - annotations: - cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - name: ipam-mutating-webhook-configuration - webhooks: - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: ipam-webhook-service - namespace: capm3-system - path: /mutate-ipam-metal3-io-v1alpha1-ipaddress - failurePolicy: Fail - matchPolicy: Equivalent - name: default.ipaddress.ipam.metal3.io - rules: - - apiGroups: - - ipam.metal3.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - ipaddresses - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: ipam-webhook-service - namespace: capm3-system - path: /mutate-ipam-metal3-io-v1alpha1-ipclaim - failurePolicy: Fail - matchPolicy: Equivalent - name: default.ipclaim.ipam.metal3.io - rules: - - apiGroups: - - ipam.metal3.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - ipclaims - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: ipam-webhook-service - namespace: capm3-system - path: /mutate-ipam-metal3-io-v1alpha1-ippool - failurePolicy: Fail - matchPolicy: Equivalent - name: default.ippool.ipam.metal3.io - rules: - - apiGroups: - - ipam.metal3.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - ippools - sideEffects: None - --- - apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: annotations: @@ -4414,86 +3581,13 @@ data: resources: - metal3remediationtemplates sideEffects: None - --- - apiVersion: admissionregistration.k8s.io/v1 - kind: ValidatingWebhookConfiguration - metadata: - annotations: - cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert - labels: - cluster.x-k8s.io/provider: infrastructure-metal3 - name: ipam-validating-webhook-configuration - webhooks: - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: ipam-webhook-service - namespace: capm3-system - path: /validate-ipam-metal3-io-v1alpha1-ipaddress - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.ipaddress.ipam.metal3.io - rules: - - apiGroups: - - ipam.metal3.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - ipaddresses - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: ipam-webhook-service - namespace: capm3-system - path: /validate-ipam-metal3-io-v1alpha1-ipclaim - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.ipclaim.ipam.metal3.io - rules: - - apiGroups: - - ipam.metal3.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - ipclaims - sideEffects: None - - admissionReviewVersions: - - v1 - - v1beta1 - clientConfig: - service: - name: ipam-webhook-service - namespace: capm3-system - path: /validate-ipam-metal3-io-v1alpha1-ippool - failurePolicy: Fail - matchPolicy: Equivalent - name: validation.ippool.ipam.metal3.io - rules: - - apiGroups: - - ipam.metal3.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - ippools - sideEffects: None metadata: | apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 kind: Metadata releaseSeries: + - major: 1 + minor: 10 + contract: v1beta1 - major: 1 minor: 9 contract: v1beta1 @@ -4524,7 +3618,7 @@ data: kind: ConfigMap metadata: creationTimestamp: null - name: v1.9.4 + name: v1.10.2 namespace: capm3-system labels: provider-components: metal3 diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml index 6c9ab91..3afcc80 100644 --- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml +++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml @@ -1,3 +1,4 @@ +{{- if not (lookup "v1" "Namespace" "" "rke2-bootstrap-system") }} apiVersion: v1 kind: Namespace metadata: @@ -6,6 +7,7 @@ metadata: control-plane: controller-manager name: rke2-bootstrap-system --- +{{- end }} apiVersion: v1 data: components: | @@ -564,27 +566,32 @@ data: properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: description: status of the condition, one of True, False, Unknown. @@ -594,6 +601,8 @@ data: type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -943,25 +952,42 @@ data: description: ContentFrom is a referenced source of content to populate the file. properties: - secret: - description: SecretFileSource represents a secret that should - populate this file. + configMap: + description: ConfigMapFileSource represents a config map + that should populate this file. properties: key: - description: Key is the key in the secret's data map - for this value. + description: Key is the key in the secret or config + map's data map for this value. type: string name: - description: Name of the secret in the RKE2BootstrapConfig's + description: Name of the secret/configmap in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + secret: + description: SecretFileSource represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret or config + map's data map for this value. + type: string + name: + description: Name of the secret/configmap in the RKE2BootstrapConfig's namespace to use. type: string required: - key - name type: object - required: - - secret type: object + x-kubernetes-validations: + - message: Only configMap or secret can be populated at once + rule: '!(has(self.secret) && has(self.configMap))' encoding: description: Encoding specifies the encoding of the file contents. enum: @@ -1153,27 +1179,32 @@ data: properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: description: status of the condition, one of True, False, Unknown. @@ -1183,6 +1214,8 @@ data: type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -2124,25 +2157,43 @@ data: description: ContentFrom is a referenced source of content to populate the file. properties: - secret: - description: SecretFileSource represents a secret - that should populate this file. + configMap: + description: ConfigMapFileSource represents a config + map that should populate this file. properties: key: - description: Key is the key in the secret's - data map for this value. + description: Key is the key in the secret or + config map's data map for this value. type: string name: - description: Name of the secret in the RKE2BootstrapConfig's - namespace to use. + description: Name of the secret/configmap in + the RKE2BootstrapConfig's namespace to use. + type: string + required: + - key + - name + type: object + secret: + description: SecretFileSource represents a secret + that should populate this file. + properties: + key: + description: Key is the key in the secret or + config map's data map for this value. + type: string + name: + description: Name of the secret/configmap in + the RKE2BootstrapConfig's namespace to use. type: string required: - key - name type: object - required: - - secret type: object + x-kubernetes-validations: + - message: Only configMap or secret can be populated + at once + rule: '!(has(self.secret) && has(self.configMap))' encoding: description: Encoding specifies the encoding of the file contents. @@ -2537,7 +2588,7 @@ data: - --concurrency=${CONCURRENCY_NUMBER:=10} command: - /manager - image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.18.0 + image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.20.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -2778,10 +2829,16 @@ data: - major: 0 minor: 18 contract: v1beta1 + - major: 0 + minor: 19 + contract: v1beta1 + - major: 0 + minor: 20 + contract: v1beta1 kind: ConfigMap metadata: creationTimestamp: null - name: v0.18.0 + name: v0.20.1 namespace: rke2-bootstrap-system labels: provider-components: rke2-bootstrap diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml index e9531e6..b9a307e 100644 --- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml +++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml @@ -1,3 +1,4 @@ +{{- if not (lookup "v1" "Namespace" "" "rke2-control-plane-system") }} apiVersion: v1 kind: Namespace metadata: @@ -6,6 +7,7 @@ metadata: control-plane: controller-manager name: rke2-control-plane-system --- +{{- end }} apiVersion: v1 data: components: | @@ -1177,27 +1179,32 @@ data: properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: description: status of the condition, one of True, False, Unknown. @@ -1207,6 +1214,8 @@ data: type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -1582,25 +1591,42 @@ data: description: ContentFrom is a referenced source of content to populate the file. properties: - secret: - description: SecretFileSource represents a secret that should - populate this file. + configMap: + description: ConfigMapFileSource represents a config map + that should populate this file. properties: key: - description: Key is the key in the secret's data map - for this value. + description: Key is the key in the secret or config + map's data map for this value. type: string name: - description: Name of the secret in the RKE2BootstrapConfig's + description: Name of the secret/configmap in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + secret: + description: SecretFileSource represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret or config + map's data map for this value. + type: string + name: + description: Name of the secret/configmap in the RKE2BootstrapConfig's namespace to use. type: string required: - key - name type: object - required: - - secret type: object + x-kubernetes-validations: + - message: Only configMap or secret can be populated at once + rule: '!(has(self.secret) && has(self.configMap))' encoding: description: Encoding specifies the encoding of the file contents. enum: @@ -1741,7 +1767,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -2603,27 +2629,32 @@ data: properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: description: status of the condition, one of True, False, Unknown. @@ -2633,6 +2664,8 @@ data: type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -3130,25 +3163,43 @@ data: description: ContentFrom is a referenced source of content to populate the file. properties: - secret: - description: SecretFileSource represents a secret - that should populate this file. + configMap: + description: ConfigMapFileSource represents a config + map that should populate this file. properties: key: - description: Key is the key in the secret's - data map for this value. + description: Key is the key in the secret or + config map's data map for this value. type: string name: - description: Name of the secret in the RKE2BootstrapConfig's - namespace to use. + description: Name of the secret/configmap in + the RKE2BootstrapConfig's namespace to use. + type: string + required: + - key + - name + type: object + secret: + description: SecretFileSource represents a secret + that should populate this file. + properties: + key: + description: Key is the key in the secret or + config map's data map for this value. + type: string + name: + description: Name of the secret/configmap in + the RKE2BootstrapConfig's namespace to use. type: string required: - key - name type: object - required: - - secret type: object + x-kubernetes-validations: + - message: Only configMap or secret can be populated + at once + rule: '!(has(self.secret) && has(self.configMap))' encoding: description: Encoding specifies the encoding of the file contents. @@ -3291,7 +3342,7 @@ data: additionalProperties: type: string description: |- - Map of string keys and values that can be used to organize and categorize + labels is a map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels @@ -4181,27 +4232,32 @@ data: properties: lastTransitionTime: description: |- - Last time the condition transitioned from one status to another. + lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- - A human readable message indicating details about the transition. + message is a human readable message indicating details about the transition. This field may be empty. + maxLength: 10240 + minLength: 1 type: string reason: description: |- - The reason for the condition's last transition in CamelCase. + reason is the reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty. + maxLength: 256 + minLength: 1 type: string severity: description: |- severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + maxLength: 32 type: string status: description: status of the condition, one of True, False, Unknown. @@ -4211,6 +4267,8 @@ data: type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + maxLength: 256 + minLength: 1 type: string required: - lastTransitionTime @@ -4559,7 +4617,7 @@ data: valueFrom: fieldRef: fieldPath: metadata.uid - image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.18.0 + image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.20.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -4807,10 +4865,16 @@ data: - major: 0 minor: 18 contract: v1beta1 + - major: 0 + minor: 19 + contract: v1beta1 + - major: 0 + minor: 20 + contract: v1beta1 kind: ConfigMap metadata: creationTimestamp: null - name: v0.18.0 + name: v0.20.1 namespace: rke2-control-plane-system labels: provider-components: rke2-control-plane diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index 1db6420..dca2382 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -179,4 +179,4 @@ spec: - prettyName: RancherTurtlesAirgapResources releaseName: rancher-turtles-airgap-resources chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles-airgap-resources' - version: '%%CHART_MAJOR%%.0.5+up0.21.0' + version: '%%CHART_MAJOR%%.0.6+up0.24.0' -- 2.51.1 From 1fac881ebc7dd596ba3466fe57a7a1f6517206279676a7c570c5e3d0f568c9bc Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Wed, 17 Sep 2025 13:04:16 +0300 Subject: [PATCH 05/25] rancher-turtles-chart: fix fleet airgap config It seems the fetchConfig is not currently supported in the upstream chart (cherry picked from commit de51bf9c8314a77e3977425aff94b42d99a59c8cb8e835590976c4f896557e4b) --- .../templates/addon-provider-fleet.yaml | 9 +++++++++ rancher-turtles-chart/values.yaml | 5 +++++ 2 files changed, 14 insertions(+) diff --git a/rancher-turtles-chart/templates/addon-provider-fleet.yaml b/rancher-turtles-chart/templates/addon-provider-fleet.yaml index 9942580..f42c87e 100644 --- a/rancher-turtles-chart/templates/addon-provider-fleet.yaml +++ b/rancher-turtles-chart/templates/addon-provider-fleet.yaml @@ -12,6 +12,15 @@ spec: additionalManifests: name: fleet-addon-config namespace: '{{ .Values.rancherTurtles.namespace }}' +{{- if or (index .Values "cluster-api-operator" "cluster-api" "fleet" "addon" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "fleet" "addon" "fetchConfig" "selector") }} + fetchConfig: + {{- if index .Values "cluster-api-operator" "cluster-api" "fleet" "addon" "fetchConfig" "url" }} + url: {{ index .Values "cluster-api-operator" "cluster-api" "fleet" "addon" "fetchConfig" "url" }} + {{- end }} + {{- if index .Values "cluster-api-operator" "cluster-api" "fleet" "addon" "fetchConfig" "selector" }} + selector: {{ index .Values "cluster-api-operator" "cluster-api" "fleet" "addon" "fetchConfig" "selector" }} + {{- end }} +{{- end }} --- apiVersion: v1 kind: ConfigMap diff --git a/rancher-turtles-chart/values.yaml b/rancher-turtles-chart/values.yaml index d061d3e..97d7353 100644 --- a/rancher-turtles-chart/values.yaml +++ b/rancher-turtles-chart/values.yaml @@ -147,3 +147,8 @@ cluster-api-operator: fetchConfig: url: "" selector: "" + fleet: + addon: + fetchConfig: + url: "" + selector: "" -- 2.51.1 From 5408eb4de5c6a2b6286c59944d66a0b9f83c0a68c89e54da0da5f3325e4e5dab Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Wed, 17 Sep 2025 13:07:01 +0300 Subject: [PATCH 06/25] release-manifest: update images for turtles 0.24.0 (cherry picked from commit d75736809d4ff7cb5f907d66cbc1f912c4eb52ed150514a7b7861ccefa24b510) --- release-manifest-image/release_images.yaml | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/release-manifest-image/release_images.yaml b/release-manifest-image/release_images.yaml index 74d6ecf..cb774a1 100644 --- a/release-manifest-image/release_images.yaml +++ b/release-manifest-image/release_images.yaml @@ -36,23 +36,22 @@ images: - name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-controller:v0.14.9 - name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-speaker:v0.14.9 - name: %%IMG_REPO%%/%%IMG_PREFIX%%upgrade-controller:0.1.1 - - name: registry.rancher.com/rancher/cluster-api-operator:v0.17.0 - name: registry.rancher.com/rancher/fleet-agent:v0.12.3 - name: registry.rancher.com/rancher/fleet:v0.12.3 - name: registry.rancher.com/rancher/hardened-node-feature-discovery:v0.15.7-build20250425 - name: registry.rancher.com/rancher/rancher-webhook:v0.7.2 - - name: registry.rancher.com/rancher/rancher/turtles:v0.20.0 + - name: registry.rancher.com/rancher/rancher/turtles:v0.24.0 - name: registry.rancher.com/rancher/rancher:v2.11.2 - name: registry.rancher.com/rancher/shell:v0.4.1 - name: registry.rancher.com/rancher/system-upgrade-controller:v0.15.2 - - name: registry.suse.com/rancher/cluster-api-addon-provider-fleet:v0.10.0 - - name: registry.suse.com/rancher/cluster-api-controller:v1.9.5 - - name: registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.3 - - name: registry.suse.com/rancher/cluster-api-provider-rke2-bootstrap:v0.16.1 - - name: registry.suse.com/rancher/cluster-api-provider-rke2-controlplane:v0.16.1 + - name: registry.suse.com/rancher/cluster-api-addon-provider-fleet:v0.11.0 + - name: registry.suse.com/rancher/cluster-api-controller:v1.10.5 + - name: registry.suse.com/rancher/cluster-api-provider-metal3:v1.10.2 + - name: registry.suse.com/rancher/cluster-api-provider-rke2-bootstrap:v0.20.1 + - name: registry.suse.com/rancher/cluster-api-provider-rke2-controlplane:v0.20.1 - name: registry.suse.com/rancher/elemental-operator:1.6.8 - name: registry.suse.com/rancher/hardened-sriov-network-operator:v1.5.0-build20250425 - - name: registry.suse.com/rancher/ip-address-manager:v1.9.4 + - name: registry.suse.com/rancher/ip-address-manager:v1.10.2 - name: registry.suse.com/suse/sles/15.6/cdi-apiserver:1.61.0-150600.3.12.1 - name: registry.suse.com/suse/sles/15.6/cdi-controller:1.61.0-150600.3.12.1 - name: registry.suse.com/suse/sles/15.6/cdi-operator:1.61.0-150600.3.12.1 -- 2.51.1 From da8736177f218b9a807ee45a23d6c74a55541598be1cad972875bae2e628241a Mon Sep 17 00:00:00 2001 From: Denislav Prodanov Date: Fri, 19 Sep 2025 10:03:30 +0300 Subject: [PATCH 07/25] backport cert-manager to 3.4 --- release-manifest-image/release_manifest.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index dca2382..35e19e3 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -180,3 +180,8 @@ spec: releaseName: rancher-turtles-airgap-resources chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles-airgap-resources' version: '%%CHART_MAJOR%%.0.6+up0.24.0' + - prettyName: CertManager + releaseName: cert-manager + chart: cert-manager + version: 1.18.2 + repository: https://charts.jetstack.io -- 2.51.1 From 24685d27be5805cbd72564da4bd7635bbcc3aa17a5f184cc2948d8d016a9d91e Mon Sep 17 00:00:00 2001 From: Denislav Prodanov Date: Fri, 19 Sep 2025 19:13:51 +0200 Subject: [PATCH 08/25] update release images --- release-manifest-image/release_images.yaml | 100 +++++++++++---------- 1 file changed, 51 insertions(+), 49 deletions(-) diff --git a/release-manifest-image/release_images.yaml b/release-manifest-image/release_images.yaml index cb774a1..9b934e3 100644 --- a/release-manifest-image/release_images.yaml +++ b/release-manifest-image/release_images.yaml @@ -1,63 +1,65 @@ images: - - name: quay.io/jetstack/cert-manager-cainjector:v1.14.2 - - name: quay.io/jetstack/cert-manager-controller:v1.14.2 - - name: quay.io/jetstack/cert-manager-webhook:v1.14.2 - - name: registry.rancher.com/rancher/hardened-cluster-autoscaler:v1.10.2-build20250507 - - name: registry.rancher.com/rancher/hardened-cni-plugins:v1.7.1-build20250509 - - name: registry.rancher.com/rancher/hardened-coredns:v1.12.1-build20250507 - - name: registry.rancher.com/rancher/hardened-etcd:v3.5.21-k3s1-build20250411 - - name: registry.rancher.com/rancher/hardened-k8s-metrics-server:v0.7.2-build20250507 - - name: registry.rancher.com/rancher/hardened-kubernetes:v1.32.5-rke2r1-build20250515 - - name: registry.rancher.com/rancher/hardened-multus-cni:v4.2.0-build20250326 - - name: registry.rancher.com/rancher/klipper-helm:v0.9.5-build20250306 - - name: registry.rancher.com/rancher/mirrored-cilium-cilium:v1.17.3 - - name: registry.rancher.com/rancher/mirrored-cilium-operator-generic:v1.17.3 - - name: registry.rancher.com/rancher/mirrored-longhornio-csi-attacher:v4.8.1 - - name: registry.rancher.com/rancher/mirrored-longhornio-csi-node-driver-registrar:v2.13.0 - - name: registry.rancher.com/rancher/mirrored-longhornio-csi-provisioner:v5.2.0 - - name: registry.rancher.com/rancher/mirrored-longhornio-csi-resizer:v1.13.2 - - name: registry.rancher.com/rancher/mirrored-longhornio-csi-snapshotter:v8.2.0 - - name: registry.rancher.com/rancher/mirrored-longhornio-livenessprobe:v2.15.0 - - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-engine:v1.8.1 - - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-instance-manager:v1.8.1 - - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-manager:v1.8.1 - - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-share-manager:v1.8.1 - - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-ui:v1.8.1 - - name: registry.rancher.com/rancher/mirrored-sig-storage-snapshot-controller:v8.2.0 - - name: registry.rancher.com/rancher/neuvector-compliance-config:1.0.4 - - name: registry.rancher.com/rancher/neuvector-controller:5.4.3 - - name: registry.rancher.com/rancher/neuvector-enforcer:5.4.3 - - name: registry.rancher.com/rancher/nginx-ingress-controller:v1.12.1-hardened6 - - name: registry.rancher.com/rancher/rke2-cloud-provider:v1.32.0-rc3.0.20241220224140-68fbd1a6b543-build20250101 - - name: %%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:0.9.1.1 + - name: quay.io/jetstack/cert-manager-cainjector:v1.18.2 + - name: quay.io/jetstack/cert-manager-cainjector:v1.18.2 + - name: quay.io/jetstack/cert-manager-controller:v1.18.2 + - name: quay.io/jetstack/cert-manager-webhook:v1.18.2 + - name: registry.k8s.io/e2e-test-images/agnhost:2.39 + - name: %%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:0.10.2.1 - name: %%IMG_REPO%%/%%IMG_PREFIX%%endpoint-copier-operator:0.3.0 - - name: %%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.8 - - name: %%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.5 + - name: %%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.9 + - name: %%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.3 - name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-controller:v0.14.9 - name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-speaker:v0.14.9 - name: %%IMG_REPO%%/%%IMG_PREFIX%%upgrade-controller:0.1.1 - - name: registry.rancher.com/rancher/fleet-agent:v0.12.3 - - name: registry.rancher.com/rancher/fleet:v0.12.3 + - name: registry.rancher.com/rancher/fleet-agent:v0.13.1 + - name: registry.rancher.com/rancher/fleet:v0.13.1 + - name: registry.rancher.com/rancher/hardened-cluster-autoscaler:v1.10.2-build20250611 + - name: registry.rancher.com/rancher/hardened-cni-plugins:v1.7.1-build20250611 + - name: registry.rancher.com/rancher/hardened-coredns:v1.12.2-build20250611 + - name: registry.rancher.com/rancher/hardened-etcd:v3.5.21-k3s1-build20250612 + - name: registry.rancher.com/rancher/hardened-k8s-metrics-server:v0.8.0-build20250704 + - name: registry.rancher.com/rancher/hardened-kubernetes:v1.33.3-rke2r1-build20250716 + - name: registry.rancher.com/rancher/hardened-multus-cni:v4.2.1-build20250627 - name: registry.rancher.com/rancher/hardened-node-feature-discovery:v0.15.7-build20250425 - - name: registry.rancher.com/rancher/rancher-webhook:v0.7.2 + - name: registry.rancher.com/rancher/klipper-helm:v0.9.8-build20250709 + - name: registry.rancher.com/rancher/mirrored-cilium-cilium:v1.17.6 + - name: registry.rancher.com/rancher/mirrored-cilium-operator-generic:v1.17.6 + - name: registry.rancher.com/rancher/mirrored-longhornio-csi-attacher:v4.9.0-20250709 + - name: registry.rancher.com/rancher/mirrored-longhornio-csi-node-driver-registrar:v2.14.0-20250709 + - name: registry.rancher.com/rancher/mirrored-longhornio-csi-provisioner:v5.3.0-20250709 + - name: registry.rancher.com/rancher/mirrored-longhornio-csi-resizer:v1.14.0-20250709 + - name: registry.rancher.com/rancher/mirrored-longhornio-csi-snapshotter:v8.3.0-20250709 + - name: registry.rancher.com/rancher/mirrored-longhornio-livenessprobe:v2.16.0-20250709 + - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-engine:v1.9.1 + - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-instance-manager:v1.9.1 + - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-manager:v1.9.1 + - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-share-manager:v1.9.1 + - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-ui:v1.9.1 + - name: registry.rancher.com/rancher/mirrored-sig-storage-snapshot-controller:v8.2.0 + - name: registry.rancher.com/rancher/neuvector-compliance-config:1.0.6 + - name: registry.rancher.com/rancher/neuvector-controller:5.4.5 + - name: registry.rancher.com/rancher/neuvector-enforcer:5.4.5 + - name: registry.rancher.com/rancher/nginx-ingress-controller:v1.12.4-hardened2 + - name: registry.rancher.com/rancher/rancher-webhook:v0.8.1 - name: registry.rancher.com/rancher/rancher/turtles:v0.24.0 - - name: registry.rancher.com/rancher/rancher:v2.11.2 - - name: registry.rancher.com/rancher/shell:v0.4.1 - - name: registry.rancher.com/rancher/system-upgrade-controller:v0.15.2 + - name: registry.rancher.com/rancher/rancher:v2.12.1 + - name: registry.rancher.com/rancher/rke2-cloud-provider:v1.33.1-0.20250516163953-99d91538b132-build20250612 + - name: registry.rancher.com/rancher/scc-operator:v0.1.1 + - name: registry.rancher.com/rancher/system-upgrade-controller:v0.16.0 - name: registry.suse.com/rancher/cluster-api-addon-provider-fleet:v0.11.0 - name: registry.suse.com/rancher/cluster-api-controller:v1.10.5 - name: registry.suse.com/rancher/cluster-api-provider-metal3:v1.10.2 - name: registry.suse.com/rancher/cluster-api-provider-rke2-bootstrap:v0.20.1 - name: registry.suse.com/rancher/cluster-api-provider-rke2-controlplane:v0.20.1 - - name: registry.suse.com/rancher/elemental-operator:1.6.8 + - name: registry.suse.com/rancher/elemental-operator:1.7.3 - name: registry.suse.com/rancher/hardened-sriov-network-operator:v1.5.0-build20250425 - name: registry.suse.com/rancher/ip-address-manager:v1.10.2 - - name: registry.suse.com/suse/sles/15.6/cdi-apiserver:1.61.0-150600.3.12.1 - - name: registry.suse.com/suse/sles/15.6/cdi-controller:1.61.0-150600.3.12.1 - - name: registry.suse.com/suse/sles/15.6/cdi-operator:1.61.0-150600.3.12.1 - - name: registry.suse.com/suse/sles/15.6/cdi-uploadproxy:1.61.0-150600.3.12.1 - - name: registry.suse.com/suse/sles/15.6/virt-api:1.4.0-150600.5.15.1 - - name: registry.suse.com/suse/sles/15.6/virt-controller:1.4.0-150600.5.15.1 - - name: registry.suse.com/suse/sles/15.6/virt-handler:1.4.0-150600.5.15.1 - - name: registry.suse.com/suse/sles/15.6/virt-launcher:1.4.0-150600.5.15.1 - - name: registry.suse.com/suse/sles/15.6/virt-operator:1.4.0-150600.5.15.1 + - name: registry.suse.com/suse/sles/15.7/cdi-apiserver:1.62.0-150700.9.3.1 + - name: registry.suse.com/suse/sles/15.7/cdi-controller:1.62.0-150700.9.3.1 + - name: registry.suse.com/suse/sles/15.7/cdi-operator:1.62.0-150700.9.3.1 + - name: registry.suse.com/suse/sles/15.7/cdi-uploadproxy:1.62.0-150700.9.3.1 + - name: registry.suse.com/suse/sles/15.7/virt-api:1.5.2-150700.3.5.2 + - name: registry.suse.com/suse/sles/15.7/virt-controller:1.5.2-150700.3.5.2 + - name: registry.suse.com/suse/sles/15.7/virt-handler:1.5.2-150700.3.5.2 + - name: registry.suse.com/suse/sles/15.7/virt-launcher:1.5.2-150700.3.5.2 + - name: registry.suse.com/suse/sles/15.7/virt-operator:1.5.2-150700.3.5.2 \ No newline at end of file -- 2.51.1 From d3e972e24225ad79f729e2a98fb389137ac7dc4922be5f2650852fd7222f54fd Mon Sep 17 00:00:00 2001 From: Denislav Prodanov Date: Tue, 23 Sep 2025 09:35:43 +0200 Subject: [PATCH 09/25] bump elemental dashboard version --- release-manifest-image/release_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index 35e19e3..8839957 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -151,7 +151,7 @@ spec: - releaseName: elemental chart: elemental repository: https://github.com/rancher/ui-plugin-charts/raw/main - version: 3.0.0 + version: 3.0.1 - prettyName: SRIOV releaseName: sriov-network-operator chart: '%%CHART_REPO%%/%%CHART_PREFIX%%sriov-network-operator' -- 2.51.1 From 0b3f99e64cbb9c8f79390d7abbe6a7c3622499ad8381f4140bf11c5d602d31e2 Mon Sep 17 00:00:00 2001 From: George Date: Mon, 6 Oct 2025 13:11:13 +0200 Subject: [PATCH 10/25] Manual backporting of #280 as it failed to squash commits --- _config | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/_config b/_config index 1523035..f282a84 100644 --- a/_config +++ b/_config @@ -75,6 +75,8 @@ BuildFlags: onlybuild:release-manifest-image BuildFlags: excludebuild:kube-rbac-proxy-image BuildFlags: excludebuild:metallb-controller-image BuildFlags: excludebuild:metallb-speaker-image + BuildFlags: excludebuild:nessie-image + BuildFlags: excludebuild:suse-edge-components-versions-image %endif %else # Only a subset of stack is arm64 ready @@ -103,8 +105,22 @@ BuildFlags: onlybuild:release-manifest-image BuildFlags: onlybuild:metallb BuildFlags: onlybuild:metallb-controller-image BuildFlags: onlybuild:metallb-speaker-image + BuildFlags: onlybuild:nessie + BuildFlags: onlybuild:nessie-image BuildFlags: onlybuild:nm-configurator + BuildFlags: onlybuild:python-annotated-types + BuildFlags: onlybuild:python-executing + BuildFlags: onlybuild:python-flit-core + BuildFlags: onlybuild:python-inline-snapshot + BuildFlags: onlybuild:python-pydantic + BuildFlags: onlybuild:python-pydantic-core + BuildFlags: onlybuild:python-pyhelm3 + BuildFlags: onlybuild:python-rich + BuildFlags: onlybuild:python-suse-edge-components-versions + BuildFlags: onlybuild:python-typing-inspection + BuildFlags: onlybuild:python-typing_extensions BuildFlags: onlybuild:shim-noarch + BuildFlags: onlybuild:suse-edge-components-versions-image %endif %endif @@ -155,6 +171,8 @@ BuildFlags: onlybuild:release-manifest-image BuildFlags: excludebuild:kube-rbac-proxy-image BuildFlags: excludebuild:metallb-controller-image BuildFlags: excludebuild:metallb-speaker-image + BuildFlags: excludebuild:nessie-image + BuildFlags: excludebuild:suse-edge-components-versions-image %endif %else -- 2.51.1 From 40869007bdd7a72e709d9276d010e74872e7d4c6851b54ff4787b7ebd6ef4d88 Mon Sep 17 00:00:00 2001 From: Mikhail Krutov Date: Fri, 10 Oct 2025 13:58:47 +0200 Subject: [PATCH 11/25] 3.4.1 bump (#285) Reviewed-on: https://src.opensuse.org/suse-edge/Factory/pulls/285 Reviewed-by: Denislav Prodanov Co-authored-by: Mikhail Krutov Co-committed-by: Mikhail Krutov --- release-manifest-image/Dockerfile | 6 ++-- release-manifest-image/release_manifest.yaml | 38 ++++++++++---------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/release-manifest-image/Dockerfile b/release-manifest-image/Dockerfile index a959c3d..09a38f9 100644 --- a/release-manifest-image/Dockerfile +++ b/release-manifest-image/Dockerfile @@ -1,4 +1,4 @@ -#!BuildTag: %%IMG_PREFIX%%release-manifest:3.4.0 +#!BuildTag: %%IMG_PREFIX%%release-manifest:3.4.1 ARG SLE_VERSION FROM registry.suse.com/bci/bci-micro:$SLE_VERSION @@ -7,11 +7,11 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)" LABEL org.opencontainers.image.title="SUSE Edge Release Manifest" LABEL org.opencontainers.image.description="Release Manifest containing information about a specific SUSE Edge release" -LABEL org.opencontainers.image.version="3.4.0" +LABEL org.opencontainers.image.version="3.4.1" LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%release-manifest:3.4.0" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%release-manifest:3.4.1" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index 8839957..d5fd906 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -3,11 +3,11 @@ kind: ReleaseManifest metadata: name: release-manifest-3-4-0 spec: - releaseVersion: 3.4.0 + releaseVersion: 3.4.1 components: kubernetes: k3s: - version: v1.33.3+k3s1 + version: v1.33.5+k3s1 coreComponents: - name: traefik-crd version: 34.2.1+up34.2.0 @@ -23,42 +23,42 @@ spec: - name: coredns containers: - name: coredns - image: rancher/mirrored-coredns-coredns:1.12.1 + image: rancher/mirrored-coredns-coredns:1.12.3 type: Deployment - name: metrics-server containers: - name: metrics-server - image: rancher/mirrored-metrics-server:v0.7.2 + image: rancher/mirrored-metrics-server:v0.8.0 type: Deployment rke2: - version: v1.33.3+rke2r1 + version: v1.33.5+rke2r1 coreComponents: - name: rke2-cilium - version: 1.17.600 + version: 1.18.103 type: HelmChart - name: rke2-canal - version: v3.30.2-build2025071100 + version: v3.30.3-build2025090900 type: HelmChart - name: rke2-calico-crd - version: v3.30.100 + version: v3.30.300 type: HelmChart - name: rke2-calico - version: v3.30.100 + version: v3.30.300 type: HelmChart - name: rke2-coredns - version: 1.42.302 + version: 1.43.302 type: HelmChart - name: rke2-ingress-nginx - version: 4.12.401 + version: 4.12.600 type: HelmChart - name: rke2-metrics-server - version: 3.12.203 + version: 3.13.001 type: HelmChart - name: rancher-vsphere-csi - version: 3.3.1-rancher1000 + version: 3.5.0-rancher100 type: HelmChart - name: rancher-vsphere-cpi - version: 1.11.000 + version: 1.12.100 type: HelmChart - name: harvester-cloud-provider version: 0.2.1000 @@ -89,7 +89,7 @@ spec: - prettyName: Rancher releaseName: rancher chart: rancher - version: 2.12.1 + version: 2.12.3 repository: https://charts.rancher.com/server-charts/prime values: postDelete: @@ -97,12 +97,12 @@ spec: - prettyName: Longhorn releaseName: longhorn chart: longhorn - version: 107.0.0+up1.9.1 + version: 107.1.0+up1.9.1 repository: https://charts.rancher.io dependencyCharts: - releaseName: longhorn-crd chart: longhorn-crd - version: 107.0.0+up1.9.1 + version: 107.1.0+up1.9.1 repository: https://charts.rancher.io - prettyName: MetalLB releaseName: metallb @@ -123,12 +123,12 @@ spec: - prettyName: NeuVector releaseName: neuvector chart: neuvector - version: 107.0.0+up2.8.7 + version: 107.0.1+up2.8.8 repository: https://charts.rancher.io dependencyCharts: - releaseName: neuvector-crd chart: neuvector-crd - version: 107.0.0+up2.8.7 + version: 107.0.1+up2.8.8 repository: https://charts.rancher.io addonCharts: - releaseName: neuvector-ui-ext -- 2.51.1 From aad7827d677d645de09eabd19b4cbfe672e07d53f829d7e8691706f7c00dd083 Mon Sep 17 00:00:00 2001 From: dprodanov4 Date: Fri, 10 Oct 2025 15:49:45 +0300 Subject: [PATCH 12/25] fix rancher version --- release-manifest-image/release_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index d5fd906..79877d5 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -89,7 +89,7 @@ spec: - prettyName: Rancher releaseName: rancher chart: rancher - version: 2.12.3 + version: 2.12.2 repository: https://charts.rancher.com/server-charts/prime values: postDelete: -- 2.51.1 From 853872d9bab7c58e357f3a845b362669b9f5f97817fe40d77bd27ce9cc034afd Mon Sep 17 00:00:00 2001 From: Mikhail Krutov Date: Tue, 21 Oct 2025 16:03:28 +0200 Subject: [PATCH 13/25] update release_images.yaml for 3.4.1 (#289) Reviewed-on: https://src.opensuse.org/suse-edge/Factory/pulls/289 --- release-manifest-image/release_images.yaml | 56 +++++++++++----------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/release-manifest-image/release_images.yaml b/release-manifest-image/release_images.yaml index 9b934e3..fcec57a 100644 --- a/release-manifest-image/release_images.yaml +++ b/release-manifest-image/release_images.yaml @@ -1,29 +1,28 @@ images: - - name: quay.io/jetstack/cert-manager-cainjector:v1.18.2 + - name: %%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:0.10.2.1 + - name: %%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.9 + - name: %%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.3 + - name: %%IMG_REPO%%/%%IMG_PREFIX%%upgrade-controller:0.1.1 + - name: %%IMG_REPO%%/%%IMG_PREFIX%%endpoint-copier-operator:0.3.0 + - name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-controller:v0.14.9 + - name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-speaker:v0.14.9 - name: quay.io/jetstack/cert-manager-cainjector:v1.18.2 - name: quay.io/jetstack/cert-manager-controller:v1.18.2 - name: quay.io/jetstack/cert-manager-webhook:v1.18.2 - name: registry.k8s.io/e2e-test-images/agnhost:2.39 - - name: %%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:0.10.2.1 - - name: %%IMG_REPO%%/%%IMG_PREFIX%%endpoint-copier-operator:0.3.0 - - name: %%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.9 - - name: %%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.3 - - name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-controller:v0.14.9 - - name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-speaker:v0.14.9 - - name: %%IMG_REPO%%/%%IMG_PREFIX%%upgrade-controller:0.1.1 - - name: registry.rancher.com/rancher/fleet-agent:v0.13.1 - - name: registry.rancher.com/rancher/fleet:v0.13.1 - - name: registry.rancher.com/rancher/hardened-cluster-autoscaler:v1.10.2-build20250611 - - name: registry.rancher.com/rancher/hardened-cni-plugins:v1.7.1-build20250611 - - name: registry.rancher.com/rancher/hardened-coredns:v1.12.2-build20250611 - - name: registry.rancher.com/rancher/hardened-etcd:v3.5.21-k3s1-build20250612 - - name: registry.rancher.com/rancher/hardened-k8s-metrics-server:v0.8.0-build20250704 - - name: registry.rancher.com/rancher/hardened-kubernetes:v1.33.3-rke2r1-build20250716 - - name: registry.rancher.com/rancher/hardened-multus-cni:v4.2.1-build20250627 + - name: registry.rancher.com/rancher/fleet-agent:v0.13.2 + - name: registry.rancher.com/rancher/fleet:v0.13.2 + - name: registry.rancher.com/rancher/hardened-cluster-autoscaler:v1.10.2-build20250909 + - name: registry.rancher.com/rancher/hardened-cni-plugins:v1.8.0-build20250909 + - name: registry.rancher.com/rancher/hardened-coredns:v1.12.3-build20250909 + - name: registry.rancher.com/rancher/hardened-etcd:v3.5.21-k3s1-build20250910 + - name: registry.rancher.com/rancher/hardened-k8s-metrics-server:v0.8.0-build20250909 + - name: registry.rancher.com/rancher/hardened-kubernetes:v1.33.5-rke2r1-build20250910 + - name: registry.rancher.com/rancher/hardened-multus-cni:v4.2.2-build20250909 - name: registry.rancher.com/rancher/hardened-node-feature-discovery:v0.15.7-build20250425 - name: registry.rancher.com/rancher/klipper-helm:v0.9.8-build20250709 - - name: registry.rancher.com/rancher/mirrored-cilium-cilium:v1.17.6 - - name: registry.rancher.com/rancher/mirrored-cilium-operator-generic:v1.17.6 + - name: registry.rancher.com/rancher/mirrored-cilium-cilium:v1.18.1 + - name: registry.rancher.com/rancher/mirrored-cilium-operator-generic:v1.18.1 - name: registry.rancher.com/rancher/mirrored-longhornio-csi-attacher:v4.9.0-20250709 - name: registry.rancher.com/rancher/mirrored-longhornio-csi-node-driver-registrar:v2.14.0-20250709 - name: registry.rancher.com/rancher/mirrored-longhornio-csi-provisioner:v5.3.0-20250709 @@ -36,15 +35,16 @@ images: - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-share-manager:v1.9.1 - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-ui:v1.9.1 - name: registry.rancher.com/rancher/mirrored-sig-storage-snapshot-controller:v8.2.0 - - name: registry.rancher.com/rancher/neuvector-compliance-config:1.0.6 - - name: registry.rancher.com/rancher/neuvector-controller:5.4.5 - - name: registry.rancher.com/rancher/neuvector-enforcer:5.4.5 - - name: registry.rancher.com/rancher/nginx-ingress-controller:v1.12.4-hardened2 - - name: registry.rancher.com/rancher/rancher-webhook:v0.8.1 + - name: registry.rancher.com/rancher/neuvector-compliance-config:1.0.7 + - name: registry.rancher.com/rancher/neuvector-controller:5.4.6 + - name: registry.rancher.com/rancher/neuvector-enforcer:5.4.6 + - name: registry.rancher.com/rancher/nginx-ingress-controller:v1.12.6-hardened1 + - name: registry.rancher.com/rancher/rancher-webhook:v0.8.2 - name: registry.rancher.com/rancher/rancher/turtles:v0.24.0 - - name: registry.rancher.com/rancher/rancher:v2.12.1 - - name: registry.rancher.com/rancher/rke2-cloud-provider:v1.33.1-0.20250516163953-99d91538b132-build20250612 - - name: registry.rancher.com/rancher/scc-operator:v0.1.1 + - name: registry.rancher.com/rancher/rancher:v2.12.2 + - name: registry.rancher.com/rancher/rke2-cloud-provider:v1.33.4-rc1.0.20250814212538-148243c49519-build20250908 + - name: registry.rancher.com/rancher/scc-operator:v0.2.1 + - name: registry.rancher.com/rancher/shell:v0.5.0 - name: registry.rancher.com/rancher/system-upgrade-controller:v0.16.0 - name: registry.suse.com/rancher/cluster-api-addon-provider-fleet:v0.11.0 - name: registry.suse.com/rancher/cluster-api-controller:v1.10.5 @@ -62,4 +62,4 @@ images: - name: registry.suse.com/suse/sles/15.7/virt-controller:1.5.2-150700.3.5.2 - name: registry.suse.com/suse/sles/15.7/virt-handler:1.5.2-150700.3.5.2 - name: registry.suse.com/suse/sles/15.7/virt-launcher:1.5.2-150700.3.5.2 - - name: registry.suse.com/suse/sles/15.7/virt-operator:1.5.2-150700.3.5.2 \ No newline at end of file + - name: registry.suse.com/suse/sles/15.7/virt-operator:1.5.2-150700.3.5.2 -- 2.51.1 From 05061793f1138009f87f7a758ee85c1ef9a1eb61be162f3182e03f79c14f0d7d Mon Sep 17 00:00:00 2001 From: Eduardo Minguez Date: Wed, 22 Oct 2025 09:19:21 +0200 Subject: [PATCH 14/25] fix: 3.4.1 release manifest name (#292) Signed-off-by: Eduardo Minguez Reviewed-on: https://src.opensuse.org/suse-edge/Factory/pulls/292 Reviewed-by: Nicolas Belouin Reviewed-by: Steven Hardy Co-authored-by: Eduardo Minguez Co-committed-by: Eduardo Minguez --- release-manifest-image/release_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index 79877d5..9f86aa8 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -1,7 +1,7 @@ apiVersion: lifecycle.suse.com/v1alpha1 kind: ReleaseManifest metadata: - name: release-manifest-3-4-0 + name: release-manifest-3-4-1 spec: releaseVersion: 3.4.1 components: -- 2.51.1 From 386550eb41519408b9e3f153c3bfccaec97732365a88670ccc19a53e86de663a Mon Sep 17 00:00:00 2001 From: e-minguez Date: Tue, 30 Sep 2025 16:22:19 +0200 Subject: [PATCH 15/25] feat: Bump c-v to 0.2.0 using release manifests now (cherry picked from commit df4cde31b0fedb1a60cd8ddb1f255fc4c063408cf1d6444969943703609beb10) --- .../python-suse-edge-components-versions.spec | 8 ++++---- suse-edge-components-versions-image/Dockerfile | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/python-suse-edge-components-versions/python-suse-edge-components-versions.spec b/python-suse-edge-components-versions/python-suse-edge-components-versions.spec index 0d83e7f..5157cf3 100644 --- a/python-suse-edge-components-versions/python-suse-edge-components-versions.spec +++ b/python-suse-edge-components-versions/python-suse-edge-components-versions.spec @@ -20,7 +20,7 @@ %endif Name: python-suse-edge-components-versions -Version: 0.1.1 +Version: 0.2.1 Release: 0%{?dist} Summary: A tool to gather and display component versions for SUSE Edge products. License: Apache-2.0 @@ -73,9 +73,9 @@ cd components-versions mv %{buildroot}%{_bindir}/components-versions %{buildroot}%{_bindir}/suse-edge-components-versions %python_clone -a %{buildroot}%{_bindir}/suse-edge-components-versions cd .. -# Move the json files to /usr/share/suse-edge-components-versions instead +# Move the yaml files to /usr/share/suse-edge-components-versions instead mkdir -p %{buildroot}/usr/share/suse-edge-components-versions/ -mv %{buildroot}%{python_sitelib}/components_versions/data/*.json %{buildroot}/usr/share/suse-edge-components-versions/ +mv %{buildroot}%{python_sitelib}/components_versions/data/*.yaml %{buildroot}/usr/share/suse-edge-components-versions/ rmdir %{buildroot}%{python_sitelib}/components_versions/data/ %post @@ -92,7 +92,7 @@ rmdir %{buildroot}%{python_sitelib}/components_versions/data/ %{python_sitelib}/suse_edge_components_versions-%{version}*.dist-info # Include the main executable with its new name. %python_alternative %{_bindir}/suse-edge-components-versions -# Include the json files +# Include the yaml files /usr/share/suse-edge-components-versions/ %changelog diff --git a/suse-edge-components-versions-image/Dockerfile b/suse-edge-components-versions-image/Dockerfile index be5b4db..c5e9a16 100644 --- a/suse-edge-components-versions-image/Dockerfile +++ b/suse-edge-components-versions-image/Dockerfile @@ -1,6 +1,6 @@ # SPDX-License-Identifier: Apache-2.0 -#!BuildTag: %%IMG_PREFIX%%suse-edge-components-versions:0.1.1 -#!BuildTag: %%IMG_PREFIX%%suse-edge-components-versions:0.1.1-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%suse-edge-components-versions:0.2.1 +#!BuildTag: %%IMG_PREFIX%%suse-edge-components-versions:0.2.1-%RELEASE% ARG SLE_VERSION FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro @@ -29,8 +29,8 @@ LABEL org.opencontainers.image.description="Gather and display component version LABEL org.opencontainers.image.url="https://github.com/suse-edge/support-tools/tree/main/components-versions" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opencontainers.image.version="0.1.1" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%suse-edge-components-versions:0.1.1-%RELEASE%" +LABEL org.opencontainers.image.version="0.2.1" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%suse-edge-components-versions:0.2.1-%RELEASE%" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" -- 2.51.1 From 1e5f60b17e14a286d9486782cdbec88407b7194418b0d57920f0fbd63fabfd32 Mon Sep 17 00:00:00 2001 From: e-minguez Date: Wed, 22 Oct 2025 09:44:30 +0200 Subject: [PATCH 16/25] chore: Update c-v to 0.2.2 to include 3.4.1 --- .../python-suse-edge-components-versions.spec | 2 +- suse-edge-components-versions-image/Dockerfile | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/python-suse-edge-components-versions/python-suse-edge-components-versions.spec b/python-suse-edge-components-versions/python-suse-edge-components-versions.spec index 5157cf3..ea86afd 100644 --- a/python-suse-edge-components-versions/python-suse-edge-components-versions.spec +++ b/python-suse-edge-components-versions/python-suse-edge-components-versions.spec @@ -20,7 +20,7 @@ %endif Name: python-suse-edge-components-versions -Version: 0.2.1 +Version: 0.2.2 Release: 0%{?dist} Summary: A tool to gather and display component versions for SUSE Edge products. License: Apache-2.0 diff --git a/suse-edge-components-versions-image/Dockerfile b/suse-edge-components-versions-image/Dockerfile index c5e9a16..00bb6fe 100644 --- a/suse-edge-components-versions-image/Dockerfile +++ b/suse-edge-components-versions-image/Dockerfile @@ -1,6 +1,6 @@ # SPDX-License-Identifier: Apache-2.0 -#!BuildTag: %%IMG_PREFIX%%suse-edge-components-versions:0.2.1 -#!BuildTag: %%IMG_PREFIX%%suse-edge-components-versions:0.2.1-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%suse-edge-components-versions:0.2.2 +#!BuildTag: %%IMG_PREFIX%%suse-edge-components-versions:0.2.2-%RELEASE% ARG SLE_VERSION FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro @@ -29,8 +29,8 @@ LABEL org.opencontainers.image.description="Gather and display component version LABEL org.opencontainers.image.url="https://github.com/suse-edge/support-tools/tree/main/components-versions" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opencontainers.image.version="0.2.1" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%suse-edge-components-versions:0.2.1-%RELEASE%" +LABEL org.opencontainers.image.version="0.2.2" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%suse-edge-components-versions:0.2.2-%RELEASE%" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" -- 2.51.1 From a6fde4c76157ef1a0930796add102bae54198cbfa04430db3c10f8c306b79f19 Mon Sep 17 00:00:00 2001 From: Nicolas Belouin Date: Tue, 16 Sep 2025 13:59:19 +0200 Subject: [PATCH 17/25] Use BCI nginx for metal3 media subchart Signed-off-by: Nicolas Belouin (cherry picked from commit 18844c5a252b932c5590b7a471eb32ce94c76c78dfa620a6a123a579aaccce8c) --- metal3-chart/Chart.yaml | 8 ++++---- metal3-chart/charts/media/Chart.yaml | 4 ++-- metal3-chart/charts/media/templates/deployment.yaml | 6 +----- metal3-chart/charts/media/values.yaml | 4 ++-- release-manifest-image/release_manifest.yaml | 2 +- 5 files changed, 10 insertions(+), 14 deletions(-) diff --git a/metal3-chart/Chart.yaml b/metal3-chart/Chart.yaml index b7f9e47..8b38eba 100644 --- a/metal3-chart/Chart.yaml +++ b/metal3-chart/Chart.yaml @@ -1,5 +1,5 @@ -#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.16_up0.12.6 -#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.16_up0.12.6-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.17_up0.12.7 +#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.17_up0.12.7-%RELEASE% apiVersion: v2 appVersion: 0.12.6 dependencies: @@ -20,9 +20,9 @@ dependencies: condition: global.enable_metal3_media_server name: media repository: file://./charts/media - version: 0.6.6 + version: 0.7.0 description: A Helm chart that installs all of the dependencies needed for Metal3 icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg name: metal3 type: application -version: "%%CHART_MAJOR%%.0.16+up0.12.6" +version: "%%CHART_MAJOR%%.0.17+up0.12.7" diff --git a/metal3-chart/charts/media/Chart.yaml b/metal3-chart/charts/media/Chart.yaml index 283fa6f..4899bbb 100644 --- a/metal3-chart/charts/media/Chart.yaml +++ b/metal3-chart/charts/media/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: 1.16.0 +appVersion: 1.21.0 description: A Helm chart for Media, used by Metal3 name: media type: application -version: 0.6.6 +version: 0.7.0 diff --git a/metal3-chart/charts/media/templates/deployment.yaml b/metal3-chart/charts/media/templates/deployment.yaml index 9dccd57..f41513a 100644 --- a/metal3-chart/charts/media/templates/deployment.yaml +++ b/metal3-chart/charts/media/templates/deployment.yaml @@ -34,13 +34,9 @@ spec: {{- end }} containers: - name: {{ .Chart.Name }} - command: - - /usr/sbin/httpd - args: - - -DFOREGROUND securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http diff --git a/metal3-chart/charts/media/values.yaml b/metal3-chart/charts/media/values.yaml index efa8c21..b573861 100644 --- a/metal3-chart/charts/media/values.yaml +++ b/metal3-chart/charts/media/values.yaml @@ -22,9 +22,9 @@ global: replicaCount: 1 image: - repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic + repository: registry.suse.com/suse/nginx pullPolicy: IfNotPresent - tag: 29.0.4.2 + tag: 1.21 imagePullSecrets: [] nameOverride: "" diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index 9f86aa8..2daac39 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -171,7 +171,7 @@ spec: - prettyName: Metal3 releaseName: metal3 chart: '%%CHART_REPO%%/%%CHART_PREFIX%%metal3' - version: '%%CHART_MAJOR%%.0.16+up0.12.6' + version: '%%CHART_MAJOR%%.0.17+up0.12.7' - prettyName: RancherTurtles releaseName: rancher-turtles chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles' -- 2.51.1 From fffb09efe0c340865199eb6db277696588d696999b8822d77c55c0c292fc896d Mon Sep 17 00:00:00 2001 From: Nicolas Belouin Date: Fri, 3 Oct 2025 09:31:53 +0200 Subject: [PATCH 18/25] metal3: Introduce TLS variables for ironic vmedia server port of https://github.com/metal3-io/ironic-image/pull/759 Expose it in chart with a new `ironic.ironicExtraEnv` value that allows passing arbitrary extra environment variables to allow for advanced configuration we may not want to keep as not for the faint of heart. Signed-off-by: Nicolas Belouin (cherry picked from commit f60348562e324689b3c7e60b091b9f2bc5d5a804f528553e055d7bf7ac9177ba) --- ironic-image/Dockerfile | 8 ++++---- ironic-image/ironic-config/apache2-vmedia.conf.j2 | 13 +++++++++++++ metal3-chart/Chart.yaml | 12 ++++++------ metal3-chart/charts/ironic/Chart.yaml | 2 +- metal3-chart/charts/ironic/templates/configmap.yaml | 3 +++ metal3-chart/charts/ironic/values.yaml | 4 +++- metal3-chart/charts/media/Chart.yaml | 2 +- metal3-chart/charts/media/values.yaml | 9 +++++++-- release-manifest-image/release_manifest.yaml | 2 +- 9 files changed, 39 insertions(+), 16 deletions(-) diff --git a/ironic-image/Dockerfile b/ironic-image/Dockerfile index b137d4f..671f1f5 100644 --- a/ironic-image/Dockerfile +++ b/ironic-image/Dockerfile @@ -1,6 +1,6 @@ # SPDX-License-Identifier: Apache-2.0 -#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.3 -#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.3-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.4 +#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.4-%RELEASE% ARG SLE_VERSION FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro @@ -41,8 +41,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba LABEL org.opencontainers.image.url="https://www.suse.com/products/server/" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opencontainers.image.version="29.0.4.3" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.3-%RELEASE%" +LABEL org.opencontainers.image.version="29.0.4.4" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.4-%RELEASE%" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" diff --git a/ironic-image/ironic-config/apache2-vmedia.conf.j2 b/ironic-image/ironic-config/apache2-vmedia.conf.j2 index 2301717..3abb7c4 100644 --- a/ironic-image/ironic-config/apache2-vmedia.conf.j2 +++ b/ironic-image/ironic-config/apache2-vmedia.conf.j2 @@ -11,6 +11,19 @@ Listen [::]:{{ env.VMEDIA_TLS_PORT }} SSLCertificateFile {{ env.IRONIC_VMEDIA_CERT_FILE }} SSLCertificateKeyFile {{ env.IRONIC_VMEDIA_KEY_FILE }} + {% if "IRONIC_VMEDIA_TLS_12_CIPHERS" in env and env.IRONIC_VMEDIA_TLS_12_CIPHERS %} + SSLCipherSuite {{ env.IRONIC_VMEDIA_TLS_12_CIPHERS }} + {% endif %} + {% if "IRONIC_VMEDIA_TLS_13_CIPHERS" in env and env.IRONIC_VMEDIA_TLS_13_CIPHERS %} + SSLCipherSuite TLSv1.3 {{ env.IRONIC_VMEDIA_TLS_13_CIPHERS }} + {% endif %} + {% if "IRONIC_VMEDIA_CURVES" in env and env.IRONIC_VMEDIA_CURVES %} + SSLOpenSSLConfCmd Curves {{ env.IRONIC_VMEDIA_CURVES }} + {% endif %} + {% if env.IRONIC_VMEDIA_TLS_ENFORCE_SERVER_CIPHER_ORDER | lower == "true" %} + SSLHonorCipherOrder on + {% endif %} + Options Indexes FollowSymLinks AllowOverride None diff --git a/metal3-chart/Chart.yaml b/metal3-chart/Chart.yaml index 8b38eba..70e0d15 100644 --- a/metal3-chart/Chart.yaml +++ b/metal3-chart/Chart.yaml @@ -1,7 +1,7 @@ -#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.17_up0.12.7 -#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.17_up0.12.7-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.18_up0.12.8 +#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.18_up0.12.8-%RELEASE% apiVersion: v2 -appVersion: 0.12.6 +appVersion: 0.12.8 dependencies: - alias: metal3-baremetal-operator name: baremetal-operator @@ -10,7 +10,7 @@ dependencies: - alias: metal3-ironic name: ironic repository: file://./charts/ironic - version: 0.11.4 + version: 0.11.5 - alias: metal3-mariadb condition: global.enable_mariadb name: mariadb @@ -20,9 +20,9 @@ dependencies: condition: global.enable_metal3_media_server name: media repository: file://./charts/media - version: 0.7.0 + version: 0.7.1 description: A Helm chart that installs all of the dependencies needed for Metal3 icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg name: metal3 type: application -version: "%%CHART_MAJOR%%.0.17+up0.12.7" +version: "%%CHART_MAJOR%%.0.18+up0.12.8" diff --git a/metal3-chart/charts/ironic/Chart.yaml b/metal3-chart/charts/ironic/Chart.yaml index cf64357..c5b378c 100644 --- a/metal3-chart/charts/ironic/Chart.yaml +++ b/metal3-chart/charts/ironic/Chart.yaml @@ -3,4 +3,4 @@ appVersion: 29.0.4 description: A Helm chart for Ironic, used by Metal3 name: ironic type: application -version: 0.11.4 +version: 0.11.5 diff --git a/metal3-chart/charts/ironic/templates/configmap.yaml b/metal3-chart/charts/ironic/templates/configmap.yaml index f46830b..58912b4 100644 --- a/metal3-chart/charts/ironic/templates/configmap.yaml +++ b/metal3-chart/charts/ironic/templates/configmap.yaml @@ -52,3 +52,6 @@ data: {{- else }} IRONIC_USE_MARIADB: "false" {{- end }} + {{- with .Values.ironicExtraEnv -}} + {{ toYaml . | nindent 2 }} + {{- end -}} \ No newline at end of file diff --git a/metal3-chart/charts/ironic/values.yaml b/metal3-chart/charts/ironic/values.yaml index 4f0aa74..2c83461 100644 --- a/metal3-chart/charts/ironic/values.yaml +++ b/metal3-chart/charts/ironic/values.yaml @@ -64,7 +64,7 @@ images: ironic: repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic pullPolicy: IfNotPresent - tag: 29.0.4.3 + tag: 29.0.4.4 ironicIPADownloader: repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader pullPolicy: IfNotPresent @@ -138,6 +138,8 @@ baremetaloperator: debug: ironicRamdiskSshKey: "" +ironicExtraEnv: {} + tlscerts: cacert: "" key: "" diff --git a/metal3-chart/charts/media/Chart.yaml b/metal3-chart/charts/media/Chart.yaml index 4899bbb..5f74cd3 100644 --- a/metal3-chart/charts/media/Chart.yaml +++ b/metal3-chart/charts/media/Chart.yaml @@ -3,4 +3,4 @@ appVersion: 1.21.0 description: A Helm chart for Media, used by Metal3 name: media type: application -version: 0.7.0 +version: 0.7.1 diff --git a/metal3-chart/charts/media/values.yaml b/metal3-chart/charts/media/values.yaml index b573861..2cbe873 100644 --- a/metal3-chart/charts/media/values.yaml +++ b/metal3-chart/charts/media/values.yaml @@ -42,8 +42,8 @@ serviceAccount: podAnnotations: {} podSecurityContext: - runAsUser: 10475 - fsGroup: 10475 + runAsUser: 486 + fsGroup: 499 securityContext: allowPrivilegeEscalation: false @@ -102,11 +102,16 @@ volumes: - name: assets persistentVolumeClaim: claimName: media + - name: run + emptyDir: + sizeLimit: 10Mi # volume mounts volumeMounts: - mountPath: /srv/www/htdocs name: assets + - mountPath: /run + name: run # media volume settings mediaVolume: diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index 2daac39..fe5b4ff 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -171,7 +171,7 @@ spec: - prettyName: Metal3 releaseName: metal3 chart: '%%CHART_REPO%%/%%CHART_PREFIX%%metal3' - version: '%%CHART_MAJOR%%.0.17+up0.12.7' + version: '%%CHART_MAJOR%%.0.18+up0.12.8' - prettyName: RancherTurtles releaseName: rancher-turtles chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles' -- 2.51.1 From 8b156f3a42426b677f81a5d80da5a9e4659b81af5756235ab753242dde51c58c Mon Sep 17 00:00:00 2001 From: Nicolas Belouin Date: Mon, 20 Oct 2025 13:32:49 +0200 Subject: [PATCH 19/25] Remove kernel modules filter Signed-off-by: Nicolas Belouin (cherry picked from commit 28f7c4b0744641d3f174a2604068b7bc3335636826aa01f9ac139214c4e17ef7) --- ironic-ipa-ramdisk/config.sh | 2 +- ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi | 62 ---------------------- 2 files changed, 1 insertion(+), 63 deletions(-) diff --git a/ironic-ipa-ramdisk/config.sh b/ironic-ipa-ramdisk/config.sh index 8d2226f..c188274 100644 --- a/ironic-ipa-ramdisk/config.sh +++ b/ironic-ipa-ramdisk/config.sh @@ -16,7 +16,7 @@ baseSetupBuildDay #========================================== # remove unneded kernel files #------------------------------------------ -suseStripKernel +#suseStripKernel baseStripLocales en_US.utf-8 C.utf8 #====================================== diff --git a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi index 9104d46..454b163 100644 --- a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi +++ b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi @@ -28,68 +28,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- 2.51.1 From 0a0264cc2b76987fa54edf6e27c4d46a9029e4f7af75587093d31cc8716cc1df Mon Sep 17 00:00:00 2001 From: Nicolas Belouin Date: Thu, 23 Oct 2025 11:09:57 +0200 Subject: [PATCH 20/25] Bump versions Signed-off-by: Nicolas Belouin (cherry picked from commit cd217a73f8c60d1bebacc01b0d08b6868d8605dfb2f53a7cc15a754fd1d47337) --- ironic-ipa-downloader-image/Dockerfile | 8 ++++---- ironic-ipa-downloader-image/Dockerfile.aarch64 | 8 ++++---- ironic-ipa-downloader-image/Dockerfile.x86_64 | 8 ++++---- ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec | 2 +- metal3-chart/Chart.yaml | 10 +++++----- metal3-chart/charts/ironic/Chart.yaml | 2 +- metal3-chart/charts/ironic/values.yaml | 2 +- release-manifest-image/release_manifest.yaml | 2 +- 8 files changed, 21 insertions(+), 21 deletions(-) diff --git a/ironic-ipa-downloader-image/Dockerfile b/ironic-ipa-downloader-image/Dockerfile index 485db0e..08909e2 100644 --- a/ironic-ipa-downloader-image/Dockerfile +++ b/ironic-ipa-downloader-image/Dockerfile @@ -1,6 +1,6 @@ # SPDX-License-Identifier: Apache-2.0 -#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.9 -#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.9-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.10 +#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.10-%RELEASE% ARG SLE_VERSION FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro @@ -18,11 +18,11 @@ FROM micro AS final LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)" LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image" LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image." -LABEL org.opencontainers.image.version="3.0.9" +LABEL org.opencontainers.image.version="3.0.10" LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.9-%RELEASE%" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.10-%RELEASE%" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" diff --git a/ironic-ipa-downloader-image/Dockerfile.aarch64 b/ironic-ipa-downloader-image/Dockerfile.aarch64 index 38d7eb7..6f47548 100644 --- a/ironic-ipa-downloader-image/Dockerfile.aarch64 +++ b/ironic-ipa-downloader-image/Dockerfile.aarch64 @@ -1,6 +1,6 @@ # SPDX-License-Identifier: Apache-2.0 -#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.9 -#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.9-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.10 +#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.10-%RELEASE% ARG SLE_VERSION FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro @@ -18,11 +18,11 @@ FROM micro AS final LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)" LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image" LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image." -LABEL org.opencontainers.image.version="3.0.9" +LABEL org.opencontainers.image.version="3.0.10" LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.9-%RELEASE%" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.10-%RELEASE%" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" diff --git a/ironic-ipa-downloader-image/Dockerfile.x86_64 b/ironic-ipa-downloader-image/Dockerfile.x86_64 index ad94c15..619cbeb 100644 --- a/ironic-ipa-downloader-image/Dockerfile.x86_64 +++ b/ironic-ipa-downloader-image/Dockerfile.x86_64 @@ -1,6 +1,6 @@ # SPDX-License-Identifier: Apache-2.0 -#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.9 -#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.9-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.10 +#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.10-%RELEASE% ARG SLE_VERSION FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro @@ -18,11 +18,11 @@ FROM micro AS final LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)" LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image" LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image." -LABEL org.opencontainers.image.version="3.0.9" +LABEL org.opencontainers.image.version="3.0.10" LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.9-%RELEASE%" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.10-%RELEASE%" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" diff --git a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec index d244cd7..e398255 100644 --- a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec +++ b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec @@ -19,7 +19,7 @@ Name: ironic-ipa-ramdisk -Version: 3.0.7 +Version: 3.0.8 Release: 0 Summary: Kernel and ramdisk image for OpenStack Ironic License: SUSE-EULA diff --git a/metal3-chart/Chart.yaml b/metal3-chart/Chart.yaml index 70e0d15..4e44b0a 100644 --- a/metal3-chart/Chart.yaml +++ b/metal3-chart/Chart.yaml @@ -1,7 +1,7 @@ -#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.18_up0.12.8 -#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.18_up0.12.8-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.19_up0.12.9 +#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.19_up0.12.9-%RELEASE% apiVersion: v2 -appVersion: 0.12.8 +appVersion: 0.12.9 dependencies: - alias: metal3-baremetal-operator name: baremetal-operator @@ -10,7 +10,7 @@ dependencies: - alias: metal3-ironic name: ironic repository: file://./charts/ironic - version: 0.11.5 + version: 0.11.6 - alias: metal3-mariadb condition: global.enable_mariadb name: mariadb @@ -25,4 +25,4 @@ description: A Helm chart that installs all of the dependencies needed for Metal icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg name: metal3 type: application -version: "%%CHART_MAJOR%%.0.18+up0.12.8" +version: "%%CHART_MAJOR%%.0.19+up0.12.9" diff --git a/metal3-chart/charts/ironic/Chart.yaml b/metal3-chart/charts/ironic/Chart.yaml index c5b378c..5b8d3a8 100644 --- a/metal3-chart/charts/ironic/Chart.yaml +++ b/metal3-chart/charts/ironic/Chart.yaml @@ -3,4 +3,4 @@ appVersion: 29.0.4 description: A Helm chart for Ironic, used by Metal3 name: ironic type: application -version: 0.11.5 +version: 0.11.6 diff --git a/metal3-chart/charts/ironic/values.yaml b/metal3-chart/charts/ironic/values.yaml index 2c83461..f5390c7 100644 --- a/metal3-chart/charts/ironic/values.yaml +++ b/metal3-chart/charts/ironic/values.yaml @@ -68,7 +68,7 @@ images: ironicIPADownloader: repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader pullPolicy: IfNotPresent - tag: 3.0.9 + tag: 3.0.10 nameOverride: "" fullnameOverride: "" diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index fe5b4ff..95a0ab4 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -171,7 +171,7 @@ spec: - prettyName: Metal3 releaseName: metal3 chart: '%%CHART_REPO%%/%%CHART_PREFIX%%metal3' - version: '%%CHART_MAJOR%%.0.18+up0.12.8' + version: '%%CHART_MAJOR%%.0.19+up0.12.9' - prettyName: RancherTurtles releaseName: rancher-turtles chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles' -- 2.51.1 From ef31131144362236e7ee1529e0e1b7e9d576412e2478fd3a5987417bd6c0b550 Mon Sep 17 00:00:00 2001 From: Nicolas Belouin Date: Thu, 23 Oct 2025 11:54:18 +0200 Subject: [PATCH 21/25] fix(metal3): Fix a typo in the media subchart Signed-off-by: Nicolas Belouin (cherry picked from commit b69a806fed211b6cc2bdb3261d343cd13725824b1811f2f4c752c1154079dbc1) --- metal3-chart/charts/media/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metal3-chart/charts/media/values.yaml b/metal3-chart/charts/media/values.yaml index 2cbe873..eff908a 100644 --- a/metal3-chart/charts/media/values.yaml +++ b/metal3-chart/charts/media/values.yaml @@ -42,8 +42,8 @@ serviceAccount: podAnnotations: {} podSecurityContext: - runAsUser: 486 - fsGroup: 499 + runAsUser: 499 + fsGroup: 486 securityContext: allowPrivilegeEscalation: false -- 2.51.1 From f37ccbc70e09c11e0ce72d4fbf257bab2afd5a07c64f0685cbd1a3bd5bfd7078 Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Fri, 21 Nov 2025 16:15:38 +0200 Subject: [PATCH 22/25] rancher-turtles: Update to 0.24.3 upstream release This is to align with the migration instructions: https://turtles.docs.rancher.com/turtles/stable/en/tutorials/migration.html This is also carrying this fix as it's not yet backported to 0.24.x: https://github.com/rancher/turtles/pull/1734 (cherry picked from commit ecb1cb35866ca8374c9ca8af6ce766145363e113b78704cc88d31fcae7ad4222) --- rancher-turtles-chart/Chart.yaml | 12 +- rancher-turtles-chart/RELEASE_NOTES.md | 114 +++++++++++++++--- .../templates/addon-provider-fleet.yaml | 2 + .../templates/metal3-infrastructure.yaml | 4 + .../templates/pre-delete-job.yaml | 8 +- .../templates/rke2-bootstrap.yaml | 2 + .../templates/rke2-controlplane.yaml | 2 + rancher-turtles-chart/values.yaml | 12 +- 8 files changed, 123 insertions(+), 33 deletions(-) diff --git a/rancher-turtles-chart/Chart.yaml b/rancher-turtles-chart/Chart.yaml index 8d06aac..449fed9 100644 --- a/rancher-turtles-chart/Chart.yaml +++ b/rancher-turtles-chart/Chart.yaml @@ -1,18 +1,18 @@ -#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.6_up0.24.0 -#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.6_up0.24.0-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.7_up0.24.3 +#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.7_up0.24.3-%RELEASE% annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension - catalog.cattle.io/kube-version: '>= 1.23.0-0' + catalog.cattle.io/kube-version: '>= 1.31.4-0 < 1.34.0-0' catalog.cattle.io/namespace: rancher-turtles-system catalog.cattle.io/os: linux catalog.cattle.io/permits-os: linux - catalog.cattle.io/rancher-version: '>= 2.12.1-0 < 2.13.0-0' + catalog.cattle.io/rancher-version: '>= 2.12.3-0 < 2.13.0-0' catalog.cattle.io/release-name: rancher-turtles catalog.cattle.io/scope: management catalog.cattle.io/type: cluster-tool apiVersion: v2 -appVersion: 0.24.0 +appVersion: 0.24.3 description: Rancher Turtles is an extension to Rancher that brings full Cluster API integration to Rancher. home: https://github.com/rancher/turtles/ @@ -24,4 +24,4 @@ keywords: - provisioning name: rancher-turtles type: application -version: "%%CHART_MAJOR%%.0.6+up0.24.0" +version: "%%CHART_MAJOR%%.0.7+up0.24.3" diff --git a/rancher-turtles-chart/RELEASE_NOTES.md b/rancher-turtles-chart/RELEASE_NOTES.md index c85d98c..3f6d9ca 100644 --- a/rancher-turtles-chart/RELEASE_NOTES.md +++ b/rancher-turtles-chart/RELEASE_NOTES.md @@ -8,35 +8,113 @@ REPLACE ME: A couple sentences describing the deprecation, including links to do * [GitHub issue #REPLACE ME](REPLACE ME) -## Changes since v0.24.0-rc.0 +## Changes since v0.24.2 ## :chart_with_upwards_trend: Overview -- 10 new commits merged +- 67 new commits merged +- 1 bug fixed 🐛 -:book: Additionally, there has been 1 contribution to our documentation and book. (#1714) +## :bug: Bug Fixes +- Build-and-release: Fix: wrong github token value in core capi workflow (#1829) + +## :seedling: Others +- Build-and-release: Append target branch to backport PR title (#1768) + +:book: Additionally, there have been 2 contributions to our documentation and book. (#1865, #1870) ## :question: Sort these by hand -- Build-and-release: Add automation to release turtles in rancher/charts and rancher/rancher (#1663) -- Build-and-release: Doc: Add ADR for updated release process (#1660) -- Build-and-release: Test prime image build (#1710) -- CI: Display kind and docker version in e2e runs (#1707) -- Dependency: Bump forward CAPA to v2.9.1 patch release (#1713) -- Dependency: Chore(deps): Bump github.com/onsi/ginkgo/v2 from 2.25.2 to 2.25.3 in the testing-dependencies group (#1692) -- Dependency: Chore(deps): Bump the other-dependencies group with 2 updates (#1693) -- Testing: Test: cleanup import gitops suite/spec (#1704) -- Testing: Use providers charts in e2e (#1699) +- Build-and-release: [main] fix: org value not set in release workflow (#1758) +- Build-and-release: Add backport automation GitHub workflow (#1754) +- Build-and-release: Chore(deps): Bump actions/upload-artifact from 4 to 5 (#1839) +- Build-and-release: Chore(deps): Bump github/codeql-action from 3 to 4 (#1815) +- Build-and-release: Chore(deps): Bump rancher/aws-janitor from 0.2.0 to 0.3.0 (#1743) +- Build-and-release: Chore(deps): Bump rancherlabs/slsactl from 0.0.15 to 0.0.16 (#1833) +- Build-and-release: Chore(deps): Bump rancherlabs/slsactl from 0.0.16 to 0.0.18 (#1840) +- Build-and-release: Chore(deps): Bump rancherlabs/slsactl from 0.0.18 to 0.1.1 (#1856) +- Build-and-release: Chore(deps): Bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#1834) +- Build-and-release: Ci: Add attestation (#1730) +- Build-and-release: Ci: Add new release workflow (#1721) +- Build-and-release: CI: Fix release workflow (#1729) +- Build-and-release: Ci: Use digests instead of tags when signing images (#1728) +- Build-and-release: Cleanup release workflow and build action (#1755) +- Build-and-release: Docs: Add document for new release process (#1761) +- Build-and-release: Feat: adapt chart to use system default registry (#1711) +- Build-and-release: Fix secret path for backport automation (#1757) +- Build-and-release: Fix: Bump Go version to 1.24.9 (#1838) +- Build-and-release: Fix: update nested imageVersion in values.yaml (#1747) +- Build-and-release: Use bash in release-against-rancher.sh for pushd/popd support (#1760) +- Build-and-release: Use proper path for backport secrets (#1765) +- Caprke2: Providers: update CAPRKE2 to v0.21.1 (#1869) +- Certificates: [feat] cert-manager to wrangler conversion (#1794) +- Chart: Bump rancher-version in chart.yaml (#1785) +- Chart: Chore: Drop CAPRKE2 and CAAPF templates from rancher-turtles chart (#1789) +- Chart: Correct Providers release-name (#1813) +- Chart: Fix: Change `capi-system` namespace to `cattle-capi-system` (#1837) +- Chart: Fix: Change Turtles namespace to `cattle-turtles-system` (#1818) +- Chart: Fix: Set `securityContext` field to Turtles controller and hooks manifests (#1850) +- Chart: Remove Extension mentions from chart (#1871) +- Chart: Set kube-version to actual version in Chart.yaml (#1722) +- CI: Bump e2e to k8s 1.34 (#1872) +- CI: Feat: Install Turtles as system chart in dev-env (#1836) +- CI: Fix gitea ingress template (#1860) +- CI: Use Rancher v2.13 for e2e (#1843) +- CI: Wait for rancher-webhook before installing providers (#1846) +- CI: Wait for rancher-webhook when testing charts (#1853) +- Dependency: Bump kubernetes version to v1.32.x series (#1787) +- Dependency: Chore(deps): Bump github.com/onsi/ginkgo/v2 from 2.25.3 to 2.26.0 in /test in the testing-dependencies group (#1801) +- Dependency: Chore(deps): Bump github.com/onsi/ginkgo/v2 from 2.25.3 to 2.26.0 in the testing-dependencies group (#1802) +- Dependency: Chore(deps): Bump github.com/onsi/ginkgo/v2 from 2.26.0 to 2.27.1 in /test in the testing-dependencies group (#1842) +- Dependency: Chore(deps): Bump github.com/onsi/ginkgo/v2 from 2.26.0 to 2.27.1 in the testing-dependencies group (#1841) +- Dependency: Chore(deps): Bump github.com/onsi/ginkgo/v2 from 2.27.1 to 2.27.2 in the testing-dependencies group (#1857) +- Dependency: Chore(deps): Bump golang.org/x/text from 0.29.0 to 0.30.0 in the other-dependencies group (#1814) +- Dependency: Chore(deps): Bump sigs.k8s.io/kind from 0.29.0 to 0.30.0 in /test in the other-dependencies group across 1 directory (#1751) +- Fleet: Chart: enable optional fetchConfig for fleet provider (#1734) +- Installation: Add cluster indexed label to all CRDs (#1749) +- Installation: Add helm policy keep to installed providers (#1725) +- Installation: Chore cleanup turtles chart provider refs (#1821) +- Installation: Feat: add fetch capi manifest workflow for air gapped (#1805) +- Installation: Feat: remove embedded capi (#1793) +- Installation: Revert "Enable no-cert-manager by default" (#1792) +- Installation: Standratize helm chart values with other system charts (#1769) +- MISSING_AREA: Add check for externalFleet annotation (#1868) +- MULTIPLE_AREAS[ClusterClass/Capa]: Add EKS ClusterClass example and e2e test (#1712) +- MULTIPLE_AREAS[Installation/Chart]: Enable no-cert-manager by default (#1784) +- MULTIPLE_AREAS[Testing/Capz]: Ci: bump k8s to 1.34 for Azure tests (#1863) +- Operator: [fix] Remove unnecessary finalizer wrapper from CAPIProvider (#1810) +- Operator: Remove clusterclass-operations from values.yaml (#1800) +- Operator: Remove day2 and clusterclass operations code (#1783) +- Testing: Add gitea helpers back to e2e setup (#1851) +- Testing: Fix: Drop CAPRKE2 from expected set of default deployments (#1798) +- Testing: Print error in artifacts collection instead of failing the suite (#1717) ## Dependencies ### Added -_Nothing has changed._ +- github.com/gkampitakis/ciinfo: [v0.3.2](https://github.com/gkampitakis/ciinfo/tree/v0.3.2) +- github.com/gkampitakis/go-diff: [v1.3.2](https://github.com/gkampitakis/go-diff/tree/v1.3.2) +- github.com/gkampitakis/go-snaps: [v0.5.15](https://github.com/gkampitakis/go-snaps/tree/v0.5.15) +- github.com/goccy/go-yaml: [v1.18.0](https://github.com/goccy/go-yaml/tree/v1.18.0) +- github.com/joshdk/go-junit: [v1.0.0](https://github.com/joshdk/go-junit/tree/v1.0.0) +- github.com/maruel/natural: [v1.1.1](https://github.com/maruel/natural/tree/v1.1.1) +- github.com/mfridman/tparse: [v0.18.0](https://github.com/mfridman/tparse/tree/v0.18.0) +- github.com/tidwall/gjson: [v1.18.0](https://github.com/tidwall/gjson/tree/v1.18.0) +- github.com/tidwall/match: [v1.1.1](https://github.com/tidwall/match/tree/v1.1.1) +- github.com/tidwall/pretty: [v1.2.1](https://github.com/tidwall/pretty/tree/v1.2.1) +- github.com/tidwall/sjson: [v1.2.5](https://github.com/tidwall/sjson/tree/v1.2.5) ### Changed -- github.com/onsi/ginkgo/v2: [v2.25.2 → v2.25.3](https://github.com/onsi/ginkgo/compare/v2.25.2...v2.25.3) -- github.com/spf13/pflag: [v1.0.7 → v1.0.10](https://github.com/spf13/pflag/compare/v1.0.7...v1.0.10) -- golang.org/x/sync: v0.16.0 → v0.17.0 -- golang.org/x/text: v0.28.0 → v0.29.0 +- github.com/onsi/ginkgo/v2: [v2.25.3 → v2.27.2](https://github.com/onsi/ginkgo/compare/v2.25.3...v2.27.2) +- github.com/rogpeppe/go-internal: [v1.12.0 → v1.13.1](https://github.com/rogpeppe/go-internal/compare/v1.12.0...v1.13.1) +- golang.org/x/crypto: v0.41.0 → v0.42.0 +- golang.org/x/mod: v0.27.0 → v0.28.0 +- golang.org/x/net: v0.43.0 → v0.44.0 +- golang.org/x/sys: v0.35.0 → v0.36.0 +- golang.org/x/telemetry: 1a19826 → aef8a43 +- golang.org/x/term: v0.34.0 → v0.35.0 +- golang.org/x/text: v0.29.0 → v0.30.0 +- golang.org/x/tools: v0.36.0 → v0.37.0 +- sigs.k8s.io/cluster-api: v1.10.5 → v1.10.6 ### Removed -_Nothing has changed._ +- github.com/prashantv/gostub: [v1.1.0](https://github.com/prashantv/gostub/tree/v1.1.0) _Thanks to all our contributors!_ 😊 diff --git a/rancher-turtles-chart/templates/addon-provider-fleet.yaml b/rancher-turtles-chart/templates/addon-provider-fleet.yaml index f42c87e..f1d9fa4 100644 --- a/rancher-turtles-chart/templates/addon-provider-fleet.yaml +++ b/rancher-turtles-chart/templates/addon-provider-fleet.yaml @@ -6,6 +6,7 @@ metadata: annotations: "helm.sh/hook": "post-install, post-upgrade" "helm.sh/hook-weight": "2" + "helm.sh/resource-policy": keep spec: enableAutomaticUpdate: true type: addon @@ -30,6 +31,7 @@ metadata: annotations: "helm.sh/hook": "post-install, post-upgrade" "helm.sh/hook-weight": "2" + "helm.sh/resource-policy": keep data: manifests: |- apiVersion: addons.cluster.x-k8s.io/v1alpha1 diff --git a/rancher-turtles-chart/templates/metal3-infrastructure.yaml b/rancher-turtles-chart/templates/metal3-infrastructure.yaml index 491b186..fa701b0 100644 --- a/rancher-turtles-chart/templates/metal3-infrastructure.yaml +++ b/rancher-turtles-chart/templates/metal3-infrastructure.yaml @@ -9,6 +9,7 @@ metadata: annotations: "helm.sh/hook": "post-install, post-upgrade" "helm.sh/hook-weight": "1" + "helm.sh/resource-policy": keep name: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "namespace" }} {{- end }} {{- if not (lookup "v1" "Namespace" "" $ipamnamespace) }} @@ -19,6 +20,7 @@ metadata: annotations: "helm.sh/hook": "post-install, post-upgrade" "helm.sh/hook-weight": "1" + "helm.sh/resource-policy": keep name: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "namespace" }} {{- end }} --- @@ -47,6 +49,7 @@ metadata: annotations: "helm.sh/hook": "post-install, post-upgrade" "helm.sh/hook-weight": "2" + "helm.sh/resource-policy": keep spec: name: metal3 type: infrastructure @@ -83,6 +86,7 @@ metadata: annotations: "helm.sh/hook": "post-install, post-upgrade" "helm.sh/hook-weight": "2" + "helm.sh/resource-policy": keep spec: name: metal3ipam type: ipam diff --git a/rancher-turtles-chart/templates/pre-delete-job.yaml b/rancher-turtles-chart/templates/pre-delete-job.yaml index c099b9f..a4d591c 100644 --- a/rancher-turtles-chart/templates/pre-delete-job.yaml +++ b/rancher-turtles-chart/templates/pre-delete-job.yaml @@ -59,9 +59,11 @@ spec: image: {{ index .Values "rancherTurtles" "kubectlImage" }} args: - delete - - capiproviders - - -A - - --all + - capiprovider + - cluster-api + - -n + - {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }} + - --ignore-not-found=true - --cascade=foreground restartPolicy: Never {{- end }} diff --git a/rancher-turtles-chart/templates/rke2-bootstrap.yaml b/rancher-turtles-chart/templates/rke2-bootstrap.yaml index 18d5a22..a7bc706 100644 --- a/rancher-turtles-chart/templates/rke2-bootstrap.yaml +++ b/rancher-turtles-chart/templates/rke2-bootstrap.yaml @@ -8,6 +8,7 @@ metadata: annotations: "helm.sh/hook": "post-install, post-upgrade" "helm.sh/hook-weight": "1" + "helm.sh/resource-policy": keep name: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }} {{- end }} --- @@ -19,6 +20,7 @@ metadata: annotations: "helm.sh/hook": "post-install, post-upgrade" "helm.sh/hook-weight": "2" + "helm.sh/resource-policy": keep spec: name: rke2 type: bootstrap diff --git a/rancher-turtles-chart/templates/rke2-controlplane.yaml b/rancher-turtles-chart/templates/rke2-controlplane.yaml index 1720302..3aaff9b 100644 --- a/rancher-turtles-chart/templates/rke2-controlplane.yaml +++ b/rancher-turtles-chart/templates/rke2-controlplane.yaml @@ -8,6 +8,7 @@ metadata: annotations: "helm.sh/hook": "post-install, post-upgrade" "helm.sh/hook-weight": "1" + "helm.sh/resource-policy": keep name: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "namespace" }} {{- end }} --- @@ -19,6 +20,7 @@ metadata: annotations: "helm.sh/hook": "post-install, post-upgrade" "helm.sh/hook-weight": "2" + "helm.sh/resource-policy": keep spec: name: rke2 type: controlPlane diff --git a/rancher-turtles-chart/values.yaml b/rancher-turtles-chart/values.yaml index 97d7353..4c84556 100644 --- a/rancher-turtles-chart/values.yaml +++ b/rancher-turtles-chart/values.yaml @@ -9,8 +9,8 @@ turtlesUI: rancherTurtles: # image: registry.rancher.com/rancher/rancher/turtles image: registry.rancher.com/rancher/rancher/turtles - # imageVersion: v0.24.0 - imageVersion: v0.24.0 + # imageVersion: v0.24.3 + imageVersion: v0.24.3 # imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent # namespace: Select namespace for Turtles to run. @@ -33,8 +33,8 @@ rancherTurtles: enabled: false # image: registry.rancher.com/rancher/rancher/turtles image: registry.rancher.com/rancher/rancher/turtles - # imageVersion: v0.24.0 - imageVersion: v0.24.0 + # imageVersion: v0.24.3 + imageVersion: v0.24.3 # imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent # etcdBackupRestore: Alpha feature. Manages etcd backup/restore. @@ -55,8 +55,8 @@ rancherTurtles: enabled: false # image: registry.rancher.com/rancher/rancher/turtles image: registry.rancher.com/rancher/rancher/turtles - # imageVersion: v0.24.0 - imageVersion: v0.24.0 + # imageVersion: v0.24.3 + imageVersion: v0.24.3 # imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent # volumes: Volumes for controller pods. -- 2.51.1 From 7172780283a32cb4d3ffdb50432ac9c5abfd5b4739d7f1353d8bd82b1c49e03f Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Fri, 21 Nov 2025 17:05:23 +0200 Subject: [PATCH 23/25] Update release-manifest and airgap-resources to 0.23.4 Updates to align with the 0.23.4 chart update, the airgap resources don't actually change but we're bumping the tag to keep aligned and avoid potential confusion (cherry picked from commit 894068cccd9ffc141637e93f603b39d71179a2cd9be5e76be42fe307f54b9ff4) --- rancher-turtles-airgap-resources-chart/Chart.yaml | 8 ++++---- release-manifest-image/release_images.yaml | 2 +- release-manifest-image/release_manifest.yaml | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/rancher-turtles-airgap-resources-chart/Chart.yaml b/rancher-turtles-airgap-resources-chart/Chart.yaml index 88b3e59..c04266d 100644 --- a/rancher-turtles-airgap-resources-chart/Chart.yaml +++ b/rancher-turtles-airgap-resources-chart/Chart.yaml @@ -1,10 +1,10 @@ -#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.6_up0.24.0 -#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.6_up0.24.0-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.7_up0.24.3 +#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.7_up0.24.3-%RELEASE% apiVersion: v2 -appVersion: 0.24.0 +appVersion: 0.24.3 description: Rancher Turtles utility chart for airgap scenarios home: https://github.com/rancher/turtles/ icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg name: rancher-turtles-airgap-resources type: application -version: "%%CHART_MAJOR%%.0.6+up0.24.0" +version: "%%CHART_MAJOR%%.0.7+up0.24.3" diff --git a/release-manifest-image/release_images.yaml b/release-manifest-image/release_images.yaml index fcec57a..61b7259 100644 --- a/release-manifest-image/release_images.yaml +++ b/release-manifest-image/release_images.yaml @@ -40,7 +40,7 @@ images: - name: registry.rancher.com/rancher/neuvector-enforcer:5.4.6 - name: registry.rancher.com/rancher/nginx-ingress-controller:v1.12.6-hardened1 - name: registry.rancher.com/rancher/rancher-webhook:v0.8.2 - - name: registry.rancher.com/rancher/rancher/turtles:v0.24.0 + - name: registry.rancher.com/rancher/rancher/turtles:v0.24.3 - name: registry.rancher.com/rancher/rancher:v2.12.2 - name: registry.rancher.com/rancher/rke2-cloud-provider:v1.33.4-rc1.0.20250814212538-148243c49519-build20250908 - name: registry.rancher.com/rancher/scc-operator:v0.2.1 diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index 95a0ab4..29e85db 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -175,11 +175,11 @@ spec: - prettyName: RancherTurtles releaseName: rancher-turtles chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles' - version: '%%CHART_MAJOR%%.0.6+up0.24.0' + version: '%%CHART_MAJOR%%.0.7+up0.24.3' - prettyName: RancherTurtlesAirgapResources releaseName: rancher-turtles-airgap-resources chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles-airgap-resources' - version: '%%CHART_MAJOR%%.0.6+up0.24.0' + version: '%%CHART_MAJOR%%.0.7+up0.24.3' - prettyName: CertManager releaseName: cert-manager chart: cert-manager -- 2.51.1 From 651d2d2d76723b9b3f1798c8799eade8e4faba3c4afe8b6cbecc85bd4f7aca37 Mon Sep 17 00:00:00 2001 From: e-minguez Date: Mon, 1 Dec 2025 11:39:44 +0100 Subject: [PATCH 24/25] feat: Include the EIB elemental fix temporary for 3.4 --- .../0001-eib-elemental-reset-fix.patch | 24 +++++++++++++++++++ edge-image-builder/edge-image-builder.spec | 1 + 2 files changed, 25 insertions(+) create mode 100644 edge-image-builder/0001-eib-elemental-reset-fix.patch diff --git a/edge-image-builder/0001-eib-elemental-reset-fix.patch b/edge-image-builder/0001-eib-elemental-reset-fix.patch new file mode 100644 index 0000000..69a5aed --- /dev/null +++ b/edge-image-builder/0001-eib-elemental-reset-fix.patch @@ -0,0 +1,24 @@ +From 643bcd634310909d01e1365cf5f3aaac98f25414 Mon Sep 17 00:00:00 2001 +From: Eduardo Minguez +Date: Tue, 11 Nov 2025 17:10:01 +0100 +Subject: [PATCH] Fix #808 + +--- + pkg/combustion/templates/31-elemental-register.sh.tpl | 2 ++ + 1 files changed, 2 insertions(+) + +diff --git a/pkg/combustion/templates/31-elemental-register.sh.tpl b/pkg/combustion/templates/31-elemental-register.sh.tpl +index c1ff4337..91f8b4c2 100644 +--- a/pkg/combustion/templates/31-elemental-register.sh.tpl ++++ b/pkg/combustion/templates/31-elemental-register.sh.tpl +@@ -20,8 +20,10 @@ WantedBy=network-online.target + [Service] + EnvironmentFile=-/etc/sysconfig/proxy + Type=oneshot ++ExecStartPre=/usr/bin/mkdir -p /etc/rancher/elemental/agent + ExecStart=/usr/sbin/elemental-register --debug --config-path /etc/elemental/config.yaml --state-path /etc/elemental/state.yaml --install --no-toolkit + ExecStartPost=/usr/bin/cp /var/lib/elemental/agent/elemental_connection.json /etc/rancher/elemental/agent ++ExecStartPost=/usr/bin/systemctl restart elemental-system-agent.service + Restart=on-failure + RestartSec=10 + EOF diff --git a/edge-image-builder/edge-image-builder.spec b/edge-image-builder/edge-image-builder.spec index 0da621b..0e8b259 100644 --- a/edge-image-builder/edge-image-builder.spec +++ b/edge-image-builder/edge-image-builder.spec @@ -24,6 +24,7 @@ License: Apache-2.0 URL: https://github.com/suse-edge/edge-image-builder Source: edge-image-builder-%{version}.tar Source1: vendor.tar.gz +Patch: 0001-eib-elemental-reset-fix.patch BuildRequires: golang(API) go1.24 BuildRequires: golang-packaging BuildRequires: gpgme-devel -- 2.51.1 From 85ceed02515cb997663b82db03626a6b506c2827cfff230dccfd02779fa273a4 Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Mon, 1 Dec 2025 17:10:39 +0200 Subject: [PATCH 25/25] fixup --- edge-image-builder/edge-image-builder.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/edge-image-builder/edge-image-builder.spec b/edge-image-builder/edge-image-builder.spec index 0e8b259..9a4dc7a 100644 --- a/edge-image-builder/edge-image-builder.spec +++ b/edge-image-builder/edge-image-builder.spec @@ -53,7 +53,7 @@ Requires: ca-certificates-suse Tool for creating and configuring a set of images to automate the deployment of Edge environments %prep -%autosetup -a1 -n edge-image-builder-%{version} +%autosetup -a1 -n edge-image-builder-%{version} -p1 %build tar -xf %{SOURCE1} -- 2.51.1