From 6d8c6f92e29e77a2db64e73559604cd65359f794 Mon Sep 17 00:00:00 2001 From: TrueCharts-Bot Date: Sat, 24 Sep 2022 23:43:54 +0000 Subject: [PATCH] Commit new Chart releases for TrueCharts Signed-off-by: TrueCharts-Bot --- .../{0.0.13 => 0.0.14}/CHANGELOG.md | 20 +- .../timetagger/{0.0.13 => 0.0.14}/Chart.lock | 2 +- .../timetagger/{0.0.13 => 0.0.14}/Chart.yaml | 2 +- .../timetagger/{0.0.13 => 0.0.14}/README.md | 0 .../{0.0.13 => 0.0.14}/app-readme.md | 0 .../charts/common-10.5.10.tgz | Bin .../{0.0.13 => 0.0.14}/ix_values.yaml | 0 .../{0.0.13 => 0.0.14}/questions.yaml | 0 .../{0.0.13 => 0.0.14}/templates/common.yaml | 0 .../timetagger/{0.0.13 => 0.0.14}/values.yaml | 0 stable/traefik/13.3.11/CHANGELOG.md | 99 + stable/traefik/13.3.11/Chart.lock | 6 + stable/traefik/13.3.11/Chart.yaml | 31 + stable/traefik/13.3.11/README.md | 108 + stable/traefik/13.3.11/app-readme.md | 8 + .../traefik/13.3.11/charts/common-10.5.10.tgz | Bin 0 -> 48378 bytes stable/traefik/13.3.11/crds/ingressroute.yaml | 209 ++ .../traefik/13.3.11/crds/ingressroutetcp.yaml | 169 + .../traefik/13.3.11/crds/ingressrouteudp.yaml | 87 + stable/traefik/13.3.11/crds/middlewares.yaml | 587 ++++ .../traefik/13.3.11/crds/middlewarestcp.yaml | 61 + .../13.3.11/crds/serverstransports.yaml | 108 + stable/traefik/13.3.11/crds/tlsoptions.yaml | 92 + stable/traefik/13.3.11/crds/tlsstores.yaml | 68 + .../traefik/13.3.11/crds/traefikservices.yaml | 289 ++ stable/traefik/13.3.11/ix_values.yaml | 387 +++ stable/traefik/13.3.11/questions.yaml | 2856 +++++++++++++++++ stable/traefik/13.3.11/templates/_args.tpl | 166 + stable/traefik/13.3.11/templates/_helpers.tpl | 22 + .../13.3.11/templates/_ingressclass.tpl | 24 + .../13.3.11/templates/_ingressroute.tpl | 25 + .../traefik/13.3.11/templates/_portalhook.tpl | 26 + .../traefik/13.3.11/templates/_tlsoptions.tpl | 12 + stable/traefik/13.3.11/templates/common.yaml | 24 + .../middlewares/basic-middleware.yaml | 62 + .../templates/middlewares/basicauth.yaml | 34 + .../13.3.11/templates/middlewares/chain.yaml | 21 + .../templates/middlewares/forwardauth.yaml | 30 + .../templates/middlewares/ipwhitelist.yaml | 33 + .../templates/middlewares/ratelimit.yaml | 19 + .../templates/middlewares/redirectScheme.yaml | 19 + .../templates/middlewares/redirectregex.yaml | 20 + .../middlewares/stripPrefixRegex.yaml | 20 + .../templates/middlewares/tc-chains.yaml | 29 + .../templates/middlewares/tc-headers.yaml | 62 + .../templates/middlewares/tc-nextcloud.yaml | 25 + .../templates/middlewares/theme-park.yaml | 26 + stable/traefik/13.3.11/values.yaml | 0 48 files changed, 5876 insertions(+), 12 deletions(-) rename incubator/timetagger/{0.0.13 => 0.0.14}/CHANGELOG.md (87%) rename incubator/timetagger/{0.0.13 => 0.0.14}/Chart.lock (80%) rename incubator/timetagger/{0.0.13 => 0.0.14}/Chart.yaml (98%) rename incubator/timetagger/{0.0.13 => 0.0.14}/README.md (100%) rename incubator/timetagger/{0.0.13 => 0.0.14}/app-readme.md (100%) rename incubator/timetagger/{0.0.13 => 0.0.14}/charts/common-10.5.10.tgz (100%) rename incubator/timetagger/{0.0.13 => 0.0.14}/ix_values.yaml (100%) rename incubator/timetagger/{0.0.13 => 0.0.14}/questions.yaml (100%) rename incubator/timetagger/{0.0.13 => 0.0.14}/templates/common.yaml (100%) rename incubator/timetagger/{0.0.13 => 0.0.14}/values.yaml (100%) create mode 100644 stable/traefik/13.3.11/CHANGELOG.md create mode 100644 stable/traefik/13.3.11/Chart.lock create mode 100644 stable/traefik/13.3.11/Chart.yaml create mode 100644 stable/traefik/13.3.11/README.md create mode 100644 stable/traefik/13.3.11/app-readme.md create mode 100644 stable/traefik/13.3.11/charts/common-10.5.10.tgz create mode 100644 stable/traefik/13.3.11/crds/ingressroute.yaml create mode 100644 stable/traefik/13.3.11/crds/ingressroutetcp.yaml create mode 100644 stable/traefik/13.3.11/crds/ingressrouteudp.yaml create mode 100644 stable/traefik/13.3.11/crds/middlewares.yaml create mode 100644 stable/traefik/13.3.11/crds/middlewarestcp.yaml create mode 100644 stable/traefik/13.3.11/crds/serverstransports.yaml create mode 100644 stable/traefik/13.3.11/crds/tlsoptions.yaml create mode 100644 stable/traefik/13.3.11/crds/tlsstores.yaml create mode 100644 stable/traefik/13.3.11/crds/traefikservices.yaml create mode 100644 stable/traefik/13.3.11/ix_values.yaml create mode 100644 stable/traefik/13.3.11/questions.yaml create mode 100644 stable/traefik/13.3.11/templates/_args.tpl create mode 100644 stable/traefik/13.3.11/templates/_helpers.tpl create mode 100644 stable/traefik/13.3.11/templates/_ingressclass.tpl create mode 100644 stable/traefik/13.3.11/templates/_ingressroute.tpl create mode 100644 stable/traefik/13.3.11/templates/_portalhook.tpl create mode 100644 stable/traefik/13.3.11/templates/_tlsoptions.tpl create mode 100644 stable/traefik/13.3.11/templates/common.yaml create mode 100644 stable/traefik/13.3.11/templates/middlewares/basic-middleware.yaml create mode 100644 stable/traefik/13.3.11/templates/middlewares/basicauth.yaml create mode 100644 stable/traefik/13.3.11/templates/middlewares/chain.yaml create mode 100644 stable/traefik/13.3.11/templates/middlewares/forwardauth.yaml create mode 100644 stable/traefik/13.3.11/templates/middlewares/ipwhitelist.yaml create mode 100644 stable/traefik/13.3.11/templates/middlewares/ratelimit.yaml create mode 100644 stable/traefik/13.3.11/templates/middlewares/redirectScheme.yaml create mode 100644 stable/traefik/13.3.11/templates/middlewares/redirectregex.yaml create mode 100644 stable/traefik/13.3.11/templates/middlewares/stripPrefixRegex.yaml create mode 100644 stable/traefik/13.3.11/templates/middlewares/tc-chains.yaml create mode 100644 stable/traefik/13.3.11/templates/middlewares/tc-headers.yaml create mode 100644 stable/traefik/13.3.11/templates/middlewares/tc-nextcloud.yaml create mode 100644 stable/traefik/13.3.11/templates/middlewares/theme-park.yaml create mode 100644 stable/traefik/13.3.11/values.yaml diff --git a/incubator/timetagger/0.0.13/CHANGELOG.md b/incubator/timetagger/0.0.14/CHANGELOG.md similarity index 87% rename from incubator/timetagger/0.0.13/CHANGELOG.md rename to incubator/timetagger/0.0.14/CHANGELOG.md index 9f619a0fcd6..6bbb75b3176 100644 --- a/incubator/timetagger/0.0.13/CHANGELOG.md +++ b/incubator/timetagger/0.0.14/CHANGELOG.md @@ -2,6 +2,16 @@ +## [timetagger-0.0.14](https://github.com/truecharts/charts/compare/timetagger-0.0.13...timetagger-0.0.14) (2022-09-24) + +### Chore + +- Auto-update chart README [skip ci] + - add missing icon ([#3879](https://github.com/truecharts/charts/issues/3879)) + + + + ## [timetagger-0.0.13](https://github.com/truecharts/charts/compare/timetagger-0.0.11...timetagger-0.0.13) (2022-09-22) ### Chore @@ -87,13 +97,3 @@ - Auto-update chart README [skip ci] - Auto-update chart README [skip ci] - Auto-update chart README [skip ci] - - Auto-update chart README [skip ci] - - refactor Services SCALE GUI - - update docker general non-major ([#3818](https://github.com/truecharts/charts/issues/3818)) - - update helm general non-major ([#3767](https://github.com/truecharts/charts/issues/3767)) - - split serviceSelector ([#3751](https://github.com/truecharts/charts/issues/3751)) - - - - -## [timetagger-0.0.13](https://github.com/truecharts/charts/compare/timetagger-0.0.11...timetagger-0.0.13) (2022-09-20) diff --git a/incubator/timetagger/0.0.13/Chart.lock b/incubator/timetagger/0.0.14/Chart.lock similarity index 80% rename from incubator/timetagger/0.0.13/Chart.lock rename to incubator/timetagger/0.0.14/Chart.lock index c74169a86cc..8a14c81aaf6 100644 --- a/incubator/timetagger/0.0.13/Chart.lock +++ b/incubator/timetagger/0.0.14/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://library-charts.truecharts.org version: 10.5.10 digest: sha256:336e6960f0537ccd930cdb8b5c05714d2489a6ae1d1402322346809b13e4660b -generated: "2022-09-22T13:37:19.075124466Z" +generated: "2022-09-24T23:42:11.588708144Z" diff --git a/incubator/timetagger/0.0.13/Chart.yaml b/incubator/timetagger/0.0.14/Chart.yaml similarity index 98% rename from incubator/timetagger/0.0.13/Chart.yaml rename to incubator/timetagger/0.0.14/Chart.yaml index b32802100ad..fc67d8cfcaf 100644 --- a/incubator/timetagger/0.0.13/Chart.yaml +++ b/incubator/timetagger/0.0.14/Chart.yaml @@ -20,7 +20,7 @@ sources: - https://github.com/truecharts/charts/tree/master/charts/incubator/timetagger - https://timetagger.app - https://github.com/almarklein/timetagger -version: 0.0.13 +version: 0.0.14 annotations: truecharts.org/catagories: | - utilities diff --git a/incubator/timetagger/0.0.13/README.md b/incubator/timetagger/0.0.14/README.md similarity index 100% rename from incubator/timetagger/0.0.13/README.md rename to incubator/timetagger/0.0.14/README.md diff --git a/incubator/timetagger/0.0.13/app-readme.md b/incubator/timetagger/0.0.14/app-readme.md similarity index 100% rename from incubator/timetagger/0.0.13/app-readme.md rename to incubator/timetagger/0.0.14/app-readme.md diff --git a/incubator/timetagger/0.0.13/charts/common-10.5.10.tgz b/incubator/timetagger/0.0.14/charts/common-10.5.10.tgz similarity index 100% rename from incubator/timetagger/0.0.13/charts/common-10.5.10.tgz rename to incubator/timetagger/0.0.14/charts/common-10.5.10.tgz diff --git a/incubator/timetagger/0.0.13/ix_values.yaml b/incubator/timetagger/0.0.14/ix_values.yaml similarity index 100% rename from incubator/timetagger/0.0.13/ix_values.yaml rename to incubator/timetagger/0.0.14/ix_values.yaml diff --git a/incubator/timetagger/0.0.13/questions.yaml b/incubator/timetagger/0.0.14/questions.yaml similarity index 100% rename from incubator/timetagger/0.0.13/questions.yaml rename to incubator/timetagger/0.0.14/questions.yaml diff --git a/incubator/timetagger/0.0.13/templates/common.yaml b/incubator/timetagger/0.0.14/templates/common.yaml similarity index 100% rename from incubator/timetagger/0.0.13/templates/common.yaml rename to incubator/timetagger/0.0.14/templates/common.yaml diff --git a/incubator/timetagger/0.0.13/values.yaml b/incubator/timetagger/0.0.14/values.yaml similarity index 100% rename from incubator/timetagger/0.0.13/values.yaml rename to incubator/timetagger/0.0.14/values.yaml diff --git a/stable/traefik/13.3.11/CHANGELOG.md b/stable/traefik/13.3.11/CHANGELOG.md new file mode 100644 index 00000000000..01a3b86993b --- /dev/null +++ b/stable/traefik/13.3.11/CHANGELOG.md @@ -0,0 +1,99 @@ +# Changelog + + + +## [traefik-13.3.11](https://github.com/truecharts/charts/compare/traefik-14.0.0...traefik-13.3.11) (2022-09-24) + +### Chore + +- regex redirect docs ([#3880](https://github.com/truecharts/charts/issues/3880)) + + + + +## [traefik-13.3.10](https://github.com/truecharts/charts/compare/traefik-13.3.9...traefik-13.3.10) (2022-09-24) + +### Chore + +- Auto-update chart README [skip ci] + - update docker general non-major ([#3860](https://github.com/truecharts/charts/issues/3860)) + + + + +## [traefik-13.3.9](https://github.com/truecharts/charts/compare/traefik-13.3.7...traefik-13.3.9) (2022-09-22) + +### Chore + +- Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - refactor Services SCALE GUI + - fix prometheus annotations ([#3841](https://github.com/truecharts/charts/issues/3841)) + - update docker general non-major ([#3772](https://github.com/truecharts/charts/issues/3772)) + - update helm general non-major ([#3767](https://github.com/truecharts/charts/issues/3767)) + + + + +## [traefik-13.3.8](https://github.com/truecharts/charts/compare/traefik-13.3.7...traefik-13.3.8) (2022-09-21) + +### Chore + +- Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - refactor Services SCALE GUI + - update docker general non-major ([#3772](https://github.com/truecharts/charts/issues/3772)) + - update helm general non-major ([#3767](https://github.com/truecharts/charts/issues/3767)) + + + + +## [traefik-13.3.8](https://github.com/truecharts/charts/compare/traefik-13.3.7...traefik-13.3.8) (2022-09-21) + +### Chore + +- Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] + - refactor Services SCALE GUI + - update docker general non-major ([#3772](https://github.com/truecharts/charts/issues/3772)) + - update helm general non-major ([#3767](https://github.com/truecharts/charts/issues/3767)) + + + + +## [traefik-13.3.8](https://github.com/truecharts/charts/compare/traefik-13.3.7...traefik-13.3.8) (2022-09-20) + +### Chore + +- Auto-update chart README [skip ci] + - Auto-update chart README [skip ci] diff --git a/stable/traefik/13.3.11/Chart.lock b/stable/traefik/13.3.11/Chart.lock new file mode 100644 index 00000000000..e01c31ad182 --- /dev/null +++ b/stable/traefik/13.3.11/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://library-charts.truecharts.org + version: 10.5.10 +digest: sha256:336e6960f0537ccd930cdb8b5c05714d2489a6ae1d1402322346809b13e4660b +generated: "2022-09-24T23:42:11.621791117Z" diff --git a/stable/traefik/13.3.11/Chart.yaml b/stable/traefik/13.3.11/Chart.yaml new file mode 100644 index 00000000000..eb481e44bbf --- /dev/null +++ b/stable/traefik/13.3.11/Chart.yaml @@ -0,0 +1,31 @@ +apiVersion: v2 +appVersion: "2.8.7" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 10.5.10 +deprecated: false +description: Traefik is a flexible reverse proxy and Ingress Provider. +home: https://truecharts.org/docs/charts/stable/traefik +icon: https://truecharts.org/img/hotlink-ok/chart-icons/traefik.png +keywords: + - traefik + - ingress +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: traefik +sources: + - https://github.com/truecharts/charts/tree/master/charts/stable/traefik + - https://github.com/traefik/traefik + - https://github.com/traefik/traefik-helm-chart + - https://traefik.io/ +type: application +version: 13.3.11 +annotations: + truecharts.org/catagories: | + - network + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/stable/traefik/13.3.11/README.md b/stable/traefik/13.3.11/README.md new file mode 100644 index 00000000000..2f010408387 --- /dev/null +++ b/stable/traefik/13.3.11/README.md @@ -0,0 +1,108 @@ +# traefik + +Traefik is a flexible reverse proxy and Ingress Provider. + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. + +This readme is just an automatically generated general guide on installing our Helm Charts and Apps. +For more information, please click here: [traefik](https://truecharts.org/docs/charts/stable/traefik) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + +## Source Code + +* +* +* +* + +## Requirements + +Kubernetes: `>=1.16.0-0` + +## Dependencies + +| Repository | Name | Version | +|------------|------|---------| +| https://library-charts.truecharts.org | common | 10.5.10 | + +## Installing the Chart + +### TrueNAS SCALE + +To install this Chart on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/docs/manual/SCALE%20Apps/Installing-an-App). + +### Helm + +To install the chart with the release name `traefik` + +```console +helm repo add TrueCharts https://charts.truecharts.org +helm repo update +helm install traefik TrueCharts/traefik +``` + +## Uninstall + +### TrueNAS SCALE + +**Upgrading, Rolling Back and Uninstalling the Chart** + +To upgrade, rollback or delete this Chart from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/docs/manual/SCALE%20Apps/Upgrade-rollback-delete-an-App). + +### Helm + +To uninstall the `traefik` deployment + +```console +helm uninstall traefik +``` + +## Configuration + +### Helm + +#### Available Settings + +Read through the values.yaml file. It has several commented out suggested values. +Other values may be used from the [values.yaml](https://github.com/truecharts/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common). + +#### Configure using the command line + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +```console +helm install traefik \ + --set env.TZ="America/New York" \ + TrueCharts/traefik +``` + +#### Configure using a yaml file + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. + +```console +helm install traefik TrueCharts/traefik -f values.yaml +``` + +#### Connecting to other charts + +If you need to connect this Chart to other Charts on TrueNAS SCALE, please refer to our [Linking Charts Internally](https://truecharts.org/docs/manual/SCALE%20Apps/linking-apps) quick-start guide. + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/docs/manual/SCALE%20Apps/Important-MUST-READ). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/apps/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +--- + +All Rights Reserved - The TrueCharts Project diff --git a/stable/traefik/13.3.11/app-readme.md b/stable/traefik/13.3.11/app-readme.md new file mode 100644 index 00000000000..b76832bd9a2 --- /dev/null +++ b/stable/traefik/13.3.11/app-readme.md @@ -0,0 +1,8 @@ +Traefik is a flexible reverse proxy and Ingress Provider. + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/docs/charts/stable/traefik](https://truecharts.org/docs/charts/stable/traefik) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/docs/about/sponsor) or contributing back to the project any way you can! diff --git a/stable/traefik/13.3.11/charts/common-10.5.10.tgz b/stable/traefik/13.3.11/charts/common-10.5.10.tgz new file mode 100644 index 0000000000000000000000000000000000000000..af170c75a6d72f3af41a3fe5f1fba3b07a19c437 GIT binary patch literal 48378 zcmV)yK$5>7iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{cH20TI6QyrDey6wZF_#!)wb+-CVSRxJKa8=I6k(M-rdD%y~&bL`~_k>qL41Ym{4#7IDeH2IPaFlQfHS6vTcY3|O-QCs=THF#Ev4d6{2^9Tx2mnAv;~f1$1yx*Q zz!xbxFzB`B2A6)Xv)k$ST2C|ndj8L0oFVo|0$}O<@Ar3yyTjuA-`nmz&;O@*UVwHR zyiZZ`@%#+16oq(XYlIPpg$UpduR-MXn(Lf-r3n3?}oem-e|Zx z3Safc!(neQ*c%Kh=~rhB($F~ML%SaM(a}j z7E?4473=Aq!){1&3$p<%Q4qn&7be|OMF z(cU)P3B$pwF&ylS#=Cp_z24qvJVL|mZPe@a_jk|$jmD#}2@Y$K`U>Khg)m0zlA4=} z^`y>WSCZO%?b^Q@04Y#-yWiO}wA~+$`=kB6Xf)j09qhvWo#Fo8a1ZT_;c(~GPJb}m zMX&n%(P(?PJsd>g-ZeW-$LT<>zru=GH z9(@O$VW)4%i*|a$z5c7cLAZ@Z(ReQkcZY+~{xBSjclKZH^!H(J`_-%c2#$Al;ND=r zzmN6@JKN(|!|mbt)!v{%+iOubL7Ytq;p-d-gB zcm)T8aJ=6S$9r&l5cT%^JN_0&C# zZ{dPzx`re|4AD8F>rytaSx;M0rmev@B(GDY5k!~BJDt5w&(OFx9__x0MtcYj(HQOz z_IATC+JDvC8|?N5ui&fRXf)d04M*DujbVR(7mj+bhW*~FSG%LVot^Dh&01fJiD8`L zWNq22YSk0@P(f`-Uj=Oy9G9xwVm&Z0WZmocU+s_j+acUV5N_}6gu_uZ7)8CX4+pQt zqu&0`-ritmdpjKL_xq!8{0i>vkM{QVxA#Z;dtw+3WOj$+;5_LWo8P_4|9H-tO*rd+*iu-rhLsjic?}a6CY$hlayfd*f(l zFM72--0AIYqaJ#N#J66hiT zu~?ev1>JjH+Jhp>p@d_KWEl{lu^^aWVPFAN)`U?c%fT2Z>_7}hC}th-BZ_B$qgg8D zBnV*wMhIjKMV%JVr4GQCugjsqBq3Z*rj;O_q7rUPET$=mV?-^=D1oCG>4|T?ipuIk zbRd`4MbhL&fmqjeA;E)c zX`C0XA%N2zKoW^ZUZ?AT?Ao?`BD}?nAArCAL&4Xpc}8YPbHfV&fLt1@xAIRHm-}O| zWO&v1uK`w7xNo2C*sR-;vurj(RLrgjF-%beQW7yGhhiK;b^!WI7${386h;UzP9aB= zg)I7pP;hLKVOydPI8r@Pymf&>iXcZ|Lo1X`0Fww@kT}N4-Z(Ht{O5-`O~s2ULCnbaue!;k9y zTk-k;Y`0q2(_u=`=c>xrTYjlr5BcwF)r7W1q}BwNC`KVC6u>wpw@hjU1la1R*_sD9lkvQKYTb*(NY%iJ6)}Jl11Xbp3W(t!Eey0y>jgNc zcm^qs7Zn{wpE-qxemjB>jtmmu3eV85BtfmK|2+U7u8vx*6!LI-nh=i13#~|6o)}1F zg9{+(99#GD+2N&Xxurf7wbcYANEwtyr)vPp*qp)CRbXQnGb{5fRnH-xf{cmrp9(EH zhZKtnOqNU`pB{kky5E)RiPols@h!zipW!Tx(SabO0tP{tF-~US^jy{zWe-6A)u7WK z?sta6&ae_B%m|-Bjzbv73owCvii9M^$%G=tWdCG6{osDd7lx(o2#)axCpkd*(+4T%FZhvA{HuTzgL4vr!;BN@xS@qr z)ZZe^B&`2zO>LEP66F=d{FyA;)e1kbV=fHRUMTtL?5#dl1IHkQKMqylJPzMJ9X!Wbj> z2ifZ>pz!m<0p0I8-99@1@PXqP|0<`^Iiev-IP~=RLp1Xa%?Mr8w4^xkNZD8n(K!wg z3`5ac?J8auJ571|BRvXpOx>N_m!V+V{Z8|J@Vo#=t_ zHRuuuB`v=OHl|ZWnEL(t$hlN1!&{E(MJ9)&y2Dg_EL1v1W2x*7o3d>5PZaW^L^*>q zJH`A@XLfevGe3$99A@Txxqk*6PQo~gH1og_nOpf%6x3=3sNgyl(2@4ZN{9L_p*L#T zWUYSbC?x>`yiyN)wUa!V>ZE~(?ZIhWOQYZ{#Xc}C2O~^T$m0cooWpRctxus&^kNPt9MLfh<=CFb2r@CG0Nz51 z4#1UwFlJ~J%E#0n761jeTZ0COBqVwqz<9Do2NY&+2YC!E6Bf&N=N`+{g1 zra?{J5$!Fj%EV+2O$nfWo}M4M8x71>0-y~7v;69H`h#9~uv4gfK{Af~DiLBFCs4&f z1-*{^zplkgJ`>2%EnFOU@U0Kv0wocW^NAsFlFZv5Ar+(rX~wzMpEEHUVrXu%5uyp= zNYFc^h=VbvjCWe<*GV#Wrtdo_*AH_{Ng~a4yLRn>E3Jp~^~DQtxkxztY&^3Etry^M z6PQK%3-J9WI6u6+{Q39*eD~!G=v*Ml6dfU_z}K(ewO)WDTco9XuU6XcVEPkUT%fUi zZfTT?bAT!`l-e?_sn3O$%5BM~(-AZ|*|e+6 ztN-;{He`9Tq(n8HkQpVE%q9M26>Ev*U|&b3w(d-+sN2VaaV{B#X!T(Qz?hPm^kf+> za`q`?jWgvU);^4OUdR*SLKGb<39hY4#h(KD2nj}BV%&N*DGYfAV-P_Og+Ll15EB?l zBhA{m5;kOjaf*}4G2~FgID&~;R|B5L#^5w+UjTJAobth>6cdX10)#PS%7K=<`nW(_ z&YzLmfnwnlMVVM&n|ep0n$p)ojV~BSvvxuv)D9_@&Kk2~SFT01>$&j!Ko+VT$CmwR z!NS{{TS%jJ1d|D(BxCIykviz;vsmn5E@h`Qz!{QKrS$@&zD!qYVMGzUVbW^?CK*=N z0~DlY*(`S{3W0AxGBH!k53?Zrd5RL_HY1FmDQ)i9$qSOnwM3LKqfiO>q>Y(3La6M-&=<)xJ3ZQ z6v1d=MjiyJmDha`Y=J04a;Yz1QAEN};gYu^^}Xz%(v4zjTP2{>oDwY(Xv>puK|j#@ zqbd}@=z4}A4X4O8J(QT}Mvjc|9ki9IN=`;&TZo?j{qGcw|M8Cv6HJ?{#11Cih=i;g zk|abaXI)dTt*uF%OvJ|og}e<@=?9VBZ0myE7cdMF6Kvb&Q)FImwv@QKR6pP1I6dAJJ!{XQ=tnA-#_>Xk+DwQJL19to0PGI;TL64`cX;{J z0qFGxMnvVCwQ?AdFkV&NBa(3RnRh~%!V!)!$6`P;&TwQG^*?+#6=UqX%azDEa;gb5 zB1%#{d@ypi81i+1^!4l3fo|R|2hNov_0q>q?sH|yArmw)y_7G0pd?Gpo3a0sWoa5C z!3r>z9}HvZaz|4k12{RC-FkG z`v%8I$$YyDF1L`*O}!Hq!dTmg7J#6@8Ig$FYGGkSyfIlmDls0Ta1q9+u4A@ z(doFMZ*d$8ZlhVUCDbcS08TKsCAI(rVs?o6i)RQx4sgOajAQBZ=(O}NyW7JaxHTl! zDk#D-JRnoMk($%x!miWO`^1$Pm^c!cEM!Z0A-RebI0!>Xh;h0An4=l%fD_TASK2u2 zrf`k`7SjAS5%!}HPr`sHz!0BQUn8>zpu&Y|gy{0%3?Ipwo;dp@VdD-}Ra(}sWmx90 zDserhWQ0lqUhQ@hQO+T|kpf+@dOIai+v4lIkMSHOVzn(MCYFCO4k^#lw({$BH>29Dy4*2xI{<13vK^HK_ zD2@zMtIp~Wj^f6+M>WUMt8CL4g&alTlcA&>i7kbuYGX>`h#81F?#oD{O4xOr10?1L z+O(38V0?^XxVS_iNg{Rt`aS(MMHEXVTX-)dB+0n_u&dvXA&xVOuBH?*fw1_J$7w_m z--*}lG^=KI`}tA0-9mq6_jTCaC))$_do}QHjo~kqPFS1WwJxb;7&}tV%^)$;JXpkfmUR#)Jx6 zQqD?NJ)`RA))gk~yx)Cc7i8`JrdZ!; zEY8IgumbBeiEt;Rh0g6yF(IATXgYMB^-u7f*z}#9g*}UeZ^^^}4h6 zGGcPAJymA>P&xvx${(--@L>fCdQAtT2t{C|)|EQ!)h;2$QkLNvjv+O>s^1Bg{LX+` ziS-(Lz`90-N^KY_^guB}D}saW5aQv*bSl4mHXh^83cS&+YUnWY2;rY7sQ_uUklx8w zn!tu2mm(Y7&>x}r^;f&GeTipjj5gj97>!^IlMvC(Eg*h=uYYbCclhb~7C0jjI#*$+ z#*naIivdZ_sf3zy3AHB^bO+8UnTt->1hpy!FoO%}Wud?u%{>%h5PJpYLpm{|?HUZ4EZ@kjSl4*HWAF?}c*MS5B041?9p zII#!Rl<(YGtKo!k1S3GkPCKIXr&Kl}N24P~n5y-Wpirczo){w;Xsd?KH3Q`GFvmT| zy2uaSS$M6FRjXDCyZT#>lF{3qEx=q#-FN5JZn6rL|;oZPsyQ=yZtP!!C)1xAEV)p;H%o&*9C3+Pc^ zo1_^hZ*g){ro9cCAm%tJO!5ej8IGd(7E_w{6<~m!SI0Wh)b$@NF*ZjPml8m6>)j-tPb;6P$dmDavEkhM^3_7ZWJ>gD(^x zc!_Bo2%4ZW5VDDAePPy3%#Cl82^U|f<&6W-hCl{#pv;Mg7X@8BC5-2K*wtzBOFl^z z>OT@D&zef4{P+f=p=EfxV{xfNx>CcpbvSG%wrkc(q*BPIIZ^^ZZvTo;`HCmU>>ToG z2Q)(o*jF>0AB}nRc!nw?a;(c@+c%_z%n)DoZ zO4C`lYR(FxnF16QJlYttG|8Jmb{0$p1MceWWszMv;CrF4Re-UK*cReZah4c?R0sG$ ze{|G%@Yp?}VMDYP`+8i{=Jw2qd+^PTnT9fS&+ZrbIxR$$gaQC8qZW9hs<41j57>E20lb1@Z|sr?3}ry;SVvjGiO8cx}}E;SU0@APSb`n875q#)QUwBf@m z)*BYVsuhQ=tq%AVj=1_&y(}|e)$v%rZk44V0oY>d2!cs1T#(21;0$n&6&S%aCgcE& zAYI03_vW&OW2hteYJ%T#eC+n>vDscP;OfOo$W2z(SsFHx&O;+&8gPZ%oalKSb3CY} zDRU_J9CQBhNb~)_;6{P%bZlo=p}%!@UU`t5-J;UQ@_}H-G)CtikGAxmKb~(1j@SZd zmh#0hrdwL!ZRJyLODZdwbVV?njFE75lG3@mtQr#<+T1y*Ow1(u;*kDl9LLi1k?W>p zVN<+O?FLZGIRU5Qxb4rY4!el2l&Pp`zMb?oYYogu)2|NA~npF0DNP(to4_f_syjYx^ZHO3=oPL=Ct ziS!tw2y8fLY;J*scvYnlDg%(@MzEMHQ)2xSRp_fmTo`Kc)OLAW$0OZBmFR(@OrDGa z=rd-LCBqov*;YQvIsnOj7c9Y9b z0r=E$vS>iSvQb-wlO@dXp+fcz^m_aS0>ShytIxb2rwfNvU4VP_K$S%pB_Fnt`VaDp9Z>? z6JEjS<`}jWhRhsvY6~owa=}B}wF7X0VDvM^9K9C?YudX|y|e3Ci1vP2&<`J_daC|Hpv#rOJ|$Urfb zQb^$paYW53Ot7Mts%uM(1W8eH^8KYbcO|Sm@o%a2_j;U#rqL#6l&LKzVdspU3=D4m zFdd+$Im}xMCRRxrh88$XAr;0IzeOkkFm}&-v>fJGhc_%k$o3*kH2q^mVh$%cYl>q5Y1>6n3yi^F&A5e#nxd)X6Ln`WYGpf*fW zai#$*7*y0{c1uj_PWfF51J$rEA?2RkCH@tukKfDIKPrlS0%HWZ81;!xgrn)PB?W5; zOK;v-r6Vm$-*K4vEd8bj_+M{)pKkWktUhyKgV|5BFIZaQR;>H=f}`Q8-<}N-!}7^s{;6uYK3g2S zy}5KVgP4j}i&T1f#Of!UqVUF?tKf8@y$3#~1}8C0&h}bFLYdQ7`|k)f4jZ4s<@{6y zAA%&t8Xg1_cu;0o6199+kDs$hF& za-S|?I>-O{2X;t0{e3*Qq)NA_9EWNoK5CF+y)Wo?4+n~oEXq-$eqEZSyWH^sFLEFD zfqeyxdro;(b_PA?liDkoE!rkmPz_(19kwQ{Wy<=yF7^E7ZHSdaM;*Ukj)vMQ(3!dP zFv#WU!0PeVx!#%$wko`Oq`f?GD~GuV^?8VEMO2iFC>yyc zi8OQF$qqq1;jy>3S1IlEaH*~0@@UETdFYc&b(k?k?Iszp0YtM!dqPQ;c4v#WEmFy# z$(S|Z&ScCQvSu=7_vcHMfGod5q2KH1Uap$H9u}06*QY+4DyU)a@=u-W?M*D*w zu=?d~;)PQL)3$!sma(gv>SscNs4XTz@Q@^oQ;1~_{G=#nmE3{Mi7 zc_|?g>b^+iZHMYS>1Ip(y7W$$IueQjIF`p^77k7-UH00!{FDT8qvEE4Hj^#1b7BaivaWe%GsDi{=gS*(djS51 z6OJZ`{-5;3U>Z zx7Y)WnS?3FCxhlDX5jELUNv-oA_Q; zD9>2>0C^-~6ty)1ZB8T)A|AFS4s9XvS zgTO>;hGZ6)cel5<9q+xLjM8K)F#EC$bk*%!tR_cbr)3iy9JIg-@G}A#%j8W%6oq6q zLrG-zIF0`@PcEcus`CT{#0bvyc_EoHM6i5_NyY@^a7wTf04J=Cj!HBFV@3c@gf5Ur zrKUpQGZiAo0L>Dis+~-s`m&rDa~>lB+9I+ASQbu2n0%pPy6D@v z&Oa0~9?5{=AI?7<6zYuO4U!?of;*&^HoHWOvzGX;4Hc9{O$tbL`cwVwXD)03^PzCh zmaK2C_8XJ@n!i$g{lT|3uJpZWLg%Tx{wk0{SaEYiVJ!OJmUm$4?2{^D#U>7nWE_r; zRazP-38Tp7i(lHZ4bS{|ex{r6fK%R}X`pW*ln3K*GA3KvM@BLZ{!TIqgjiA{>!2%T zROe=&wIOd$$xO6Fo9z`#v=;pqOHl%ePJ(mZ_m@D+EJg=ng)llFiqUx!%%|B%@=e91^xaWRMqQyIlsdfGXI+{l9j1C` z%Xwry%=lDBBQK??t^qSXl`B$9ofqIx#(3cfg^+FmY#r+IBxr(^gc5oHCz8DKxSB(5 z`PQW+euqvZF)xStYj2B` zgCi^Sl^Z~neuHy4P!0;I+ylPTHk!8&JWmtx{~dvX{+bZ!{qWj;@ZG5O_oGTXQi5JV ztHPMjin_v_a4+0fYFyfPDwxH@U6fxLY@D4(L`G;+>&k3P zzj8Z*9JV7&Rn7z_MmQ!qNed?+rK%BcGz_3nrvFzxld9G_xZ7=ERM?*hNgOdyM8NqH z=z|m8&YX!BgPH_Udif6|`cug5zzQ2vn2A%A_$YHRK{POZiK09ppknJ`nws43YF?Og z_d@QZaB7BH-t*)zmE-D_ur*%Cn5z7#uI;P>pyP$QmcWP%2!6oaxlCK$IR)kA7y3F{ zisz6caC!No5F9Hl&IWnBZuzySJ;(@zD;>Dw+J(7Sa z8Xtg%O?%`u;Qq+dAc5^+zqhCOz{%-T;)BHIpjm?v+=Wne&J3_l){MeI+(OC)pl|O} zL)TfBK%pWnf~Z}U;y?=2bu%2)<~T5i_t!JZQc7lG9p_kNxltCAiE@XsDNcdOCKHnz zyoRN=++Z^8FEf`cj!kVP(A-qAuq*APJDNon=$(urTl)!3B8S9P22pOOco%pI4*PKN zR&@IDZ63REuHjf*6| zxT&|^#7GclQ=(4Znu$S4CU`);PVD_^@*1*R%%{@mI49AAO%8*@vdLlbe2j&J1^$q; z!vek2?69>T+0F3cMN6lSXZfbI%A7BcT?(^IwJA^-%gv31n=D=tN>L(=HjJ16r7sd9 zj0+9)OPm*2lr9#k$#Y=q3T`L~JagdG+F#Kqq$py6VfxU&hE1lag9$*8Ews3ojFk|M z^zr)-7jG~19qNuw5Myxsz2M%A#?Dss1&T0RzgtvPYt|!K^l3Xa6O0{=*6)_C*sNo^ z@Dq29BolI{uBnO*yQT_1ZP&sWhc{Cq3a{O}yl%4&=H;KZkBr20{oaXM&H5!uK2?wY z^x%)u?p=G`TUYKNcdyG=dv|ym->r>auh$#y?8tw6yd6>~^iREew^i)iALRM+rTdqbRNgk-kz7scP>xZYp_Jl8<;gnH zOaUxc*gK}x)xi|mtDiHQw?fAxd^qj2{?h&Wwe{tT4bcpE*ijtVk=tXPGTQ~9t?S@1 z0G*G@?3=`71mh0=d?Xf_=Autskiukwz)PG&=<^nMi6x>3uWe=g`J~j0cUL?RklO8b z3#M4FF%Lj+v(GwVf;(Xnj>Q^z-Va(gIEfB`-gY~b_v;Hg?AT_AZp{#fDp1j!1Hhl# zU%r5s#oNN=ONp~+-Q4G+6K%=+#dS}4>SP?prcg(N3P5MG2wuAXH0(l?9kr@$)`BRSx3dx9kb^+2sDdKk z%}qrc)mBseIqf-|2=6pv*X`K71AHTKA1Rpkk%y$>9m@sDRC{#%E}lLcG38@PT6Jlkq)wG2DkHC4H69>C($`=^ZR4myoAMt} z3)A~qE!)-D#N`#>yI(Caj(oKcRU2{rWYPr>4SC%Uh zvMi8vucd@=AiI;{^|Csq5zUen^l|6Rh86+kVjY=@((Tcv%OwSb?f_>Ad*Lxazv#J8 zoC(hNg5Z=lPzGjqCGfD-Xu9&ZWA|%{=&WwU-P2j!P+HwcRWqu*5tPA?S6Al+36P6X zEk%Qh$?HoO4>5P#%F>g^%U0Hv#)jOo&pEzK=;@MfIFvG_~Ov9>EJ-b`DiJDgY+v%6`*jO*l z1yV^_6{&5I#Cpm{1?rS;C9z70$E*`-{j!26X*P;+_!C+vqWlIpxs;~@!EazR+(Aj` z>mLDH2Iw~ct>U7Z!glq|9XwRe&tpC-_5VHm{^nVs|F;LjVL|^7w+Fpv{r?n?^#5NV zPBEGz8KKveJ6%HZI#-VX%$xv?)qebGFZXMZnT`s(RY(C$u<|hKVk}8l${1yGv5p^WnJId-Em!xG$s0-=&CFbW6 zk@##nKE_kB|J334t`k?@z0RZX?_>?dSd9CwWx-hcRm8T?{h#ws5Y1 zB&}0@0Lti@F2IS(&o#|&9#WCEDgJt-w?GZqqj%wKZ0$Ahz%R8>YRk-XN zcSvtZC!CSh_454ad9=Jgh`PkOefVe-fG!NegUw}Bi^`M1#8o(yS~|^40E9o?>=??AA9J&36`UG^6(AK{ zy+KhpQ~;=PZECndp@mHkOa*_)Q&63}c15#UQrYl&!(l=`nhu9KrByi``eT#fFzwb* z(}%QbI5dRrU%)Zqh|WwZMs=*uzcBVc)Nw=IU&BZ9&}=R^&SkfmD*t3@(_yo~o%7H{ z|E%V372xB1kZ88cu`SnIc{q+wCmr$9_BW9&Q8)Cyy(pyvNqUOy!-99sVKK4QW}0)bTOLn40Ku0pRx;;bPsPWMle*yR*MlVm zIh=s6Ujqg6Jd5LV65~+qYSq)|T2V|D_JL%ffAEGtw)pC9po8=YCeTz0JOIoYENL7zF2XFVkj96o9+=sd^_H zNYz2e+7KoEmrSd+lqQ7${+liEa<2SmrM}-(ba=ix3`VChFp#|T0+vtDO$g6j4FwhK zKL}k8m-?II=N!9kGXfOaAwFO7efF_q_gplE=z_y@j!1?$^i31WYi`&Dza^ z69C{uC7sv1Qys&@UFuT_p;^KFIO*Duz@>Fd|G`%eJ&yfww0{<#f zem-o}UzMhNgTb@Uid z*7x}u03FLP%Od=u~DR0)T}Srbx>G$H!f{iS4vEvFS|O;Gbl4ZO6(pM}fR@5Qjc|QAY&} zdb#1-^3ITWN?4vz-*vsK=bvO$)sA?suT#jU*VlT*p>vc3l{sAgZM+zbc@edhlb$^gl%kqUXG}2-sT36iEHJV0btgIKJkL;MGEf&5!PtM$Jf&d2iq^!IkROa7mo=k?!{Jazsb_qL-a_Wzis z*IGVS`+q9#LwZ>MPnD(f$o`+4JZqo$v@7%avz~d8rrkDc{o*mt9Fo`9{Po(0J&P`i z2RZd=yE1>Qqn-to|L6xk*IK}?mjCw*{%PR<->$g-q5qu!=}DfY@jr@TA1?5xa;~-I z=9_l#-OsQ0Y%i|;)Xo2Snsl${Y4Q*^K&-O=w)@5VABKbBbNu&{JazWp$Mdt_!StJ_ ziD&hRG7)B4PZn%I$(@T7`3f5S0s@kvM1opgqt^MakjbHdYU{+dcZ(^SWRR}JaYc(R zoK&ayV;aIM$o3cF~YCdMMFfTljZ!7-{b4*$KJ^pE%~lmB`Gbgwn1 zJl6Vu(AzEAe}nC3`|nAfI{9yo1F4}0MhQThwWP3~jxpnaj4RjGEto{ICagGJBxH+n zK96yu%>^r#tC#%5oMU>V6~Au&2^ajf!)vei+5HncneMWOPUiG1wZDm{k^Fz;{2zP6 zy<+~4{?2p$zbAQ0=RY4{`?o?w=DWZ8W7X!b{({Grzhob41b&-0m;ZBl z{qFtohqotd>>3N|{V_L;1q(gYUa_Xa<8Kq!Y%+-UZ*Ux6-eMk3{np-`UYz`V`1Y;a zTJZiXaEe^K|8RA3-Ss$ZXd?;^p3v7wXo%j`ftB3s>cz2Ne zRo*^QQLaw}Z{N~#DP-)H&`41R zCG$6w%v7v`vfwVz*hsdueX>T(JNTDFBAmbnH&iEg5_H%UQWSM;K|@J}kNUcVSsf>W zH%!*`P>R10_KvC9B-lZejqw~Mh_Q1@MzSIAMbmhP_KH>>Cz_&>{r9-}KYGJKY5#v` z`}zLwCwU$x|3`7v*uHB*jt1i9r7LdMi0pn@7uo&s{OtPh!_|+a>-eN{X(D)=30-?v z((kz%UN--&yZ4?Rz*YXgUOE56Ztr>j=SiMA|KF7v`v>s=YLT&2W;mM*)t2XKY_ z-`UZ6lc)W_q{YMGK+Izi2ovz8*n_%%*TO&y{TNaNISTFz))WwQb_#u0 zvgp67#A1SYkpIfkNaA!qZulN25l$xm;!Hteq?cf3^p?=61weVy)KP_H@>(&?a%LY% zUUYI8hQfqt6;^%l%rP0|6c_6*Wer^*X#{r8%pFvmqKe(1&wioQp;cD^d&gDO>aQsHZOVjy(p9qju^M9{jI{&-(y#M<&kG`mN zY;I}QvHN8Ye`(Xukq?jI&zCYnVs|ygc_<2`2*dC zWQ&2`P^4shdZVs%0n+RH;p)fhpHBYA`rqrbO#3J+PF(6L28|U3Ex<;nTs#o^U^Z}&0yt9zv6^!)1Z`?n{T*WVu={d976?3GN$Jb2!Z`zH6})<0kL z)9Kr{mp`9g9sTHyvCI@zd(>t}9<}k$7(L3lo1KQ|Zg#5A-IP0dee&N&Z$BKL9G{(B z{rvvor_1Zp^N%|vb}GX!(EeZl%u++z4OfSYR8!@5-dujDb3BNLj{R~w>HXWB=vnV6 z*?(aS8S7sENGSeQ=aQcLEqUQ^SLZrm}duR#m6rX=)wdIUMJ^N^j-bS<@62(kD$Jlb2M2;JqZ3 zDj0Z+MkOcQ?-r1<9^KYnTO9p0qKx$~r*9Ib-G)ZOfCxli-_H@HI6}dudEaqg`>R?* z3CGJfZ%g%MzAS;^2(F_4-*6I6Cf)f!JML;kP>u7>AaHNbov=JbP1)L&fxNG ztUFi7yA{IrTrcY=Ui}Ft5%|qqs|hyhIWJGheI=8ATGj7%(Sz;4b!UdGG{eaSN@E;C z=GAoGJJt2^2T`7O>RNB^+5T`hFDLpRWd365a1IMx6>pe#_LF>=Jn8|ow?%kO z9q#9^zPBbXr^EgR^tn%)vR3!M-%YnSy~V50m<6jYv6vw`L14q6ptQH6k0KoM%}Qs! zd*0i4{Wmu~JK-+-_e+p-0|c62=#;NUvk<0mr+5QJZ;P|RRlLs2N|*+u53z3T`7a$E z^{@Zb>3^I|C}Qj((m$`z|NZ{XuvgUo{pb6?p5|Fw|DP(xcpUAox$ePqzlOJ_=GV0z zM(?}8z7ehOQl+f(-LDNazJuV)l;Rnr3mwEKNIG$Lz?ptssig6!lW`oILLCjNu;Km^ zW}Ljm$;~4+q4l+HVHxWb2c*#b(!luNmkdw^3gvOCDAb^ZB9oO`J13MIvKHZ`gmTu9 zxT0uIVtwVwT+f*T;LXiD@cBkHce)=8w}4HbzC|voW}?*-sdAjW3ACiRB($b;0U=H3 zrnApVJ9f$8D6W%~?pC!COC3{3drJ+dSrpyUJRJVuH3&5JfwyC9P}Ja#gcSG9_adm* z&fXXP-2SuRhB_ddB`ek{1^gLB?{E~w=oV5XzJqGi)HOSAiWQ8IE#&_z0G3l<11h!Y zNp#VoO84iyu0Zs)xA(UNPE0QEVIfHnXNe(vu5KkTQ&ro$ChDPT8L3uHi?!r$f_FKEcLhOd#KJJS1AbdYFZR3r-e3mYg`ttsDFBgMR|j` z%1u#n9t501G{!f!>p5R_FzL$N543|4P8TV`31@-lfX+WSy$Np7NCr@uNSvn4I3uo` zae1H=G4wS4mOD9E%)XHuOJz0kay?mm>(RSjwR)1(-L8oBwBm8;%62PJdCWfAl~1`U z0BtZO%)Nr$0b(n6WSM*ti)vrKNYZsAy}ZN`6+10C@;OYo^LB(N&kNb8R8q*80{AWS(=0LDN$zw=>DA)k6z=sN*V@|!z)T5q#_`Bh~Ex63tBy{xD( zf~B=vQAZJ4HROLSVDUQN2{o_mIwUFM<6`7gmA}39O9f6I=PH_~ChkenT>PqLe3#d) zTqt}OwXft3;+HSEY(1xFj6VkoxcFQJwuBh~BN*PGBs%b3u0{d?O@v}a|E!E6bg3=? zf^_Ao03_LLgs7@6$y=&hwwekUovm)4<&3qmsUpehrr^J@ue;9wtHTggc=SEJz^nYf z!$BecM}Kd7@A>}cCwZj*_j}LF%clsOxx=r0y~@=a!o*Dm4YaFQ#r?1L@M^wFCEy41 z^LpI6rnlFt`!GJ=GRR!M{H~tgGM&nP#d4YE`@U+;O`wQZrB*t@bjI z2D>egL$4f*lFYFyezk)oORB%C7b9*tF?)(@&kiTRlSWJmVwv^R`+(C?=|jFI!0Gof z32$mYbV3|a|Eq-fTIMg!7fZT$ZmNoU>I6eQB)1*(IYg;vTdFrzOXek&+FpvuO5@ZY zt<`UQgq8EJW0T(4dAkWVwP6gl~v3WkvKZ?mWd#o!l5 zqy)!O(vW^RGOjUS5+^yJ6;LV!SbyNaE|Y#0dM+VKI65DjBI?3hAKN>yjw|dNF^yB9 z%r2#mKBJU8LkV-pR?u6ZV%gZPE#xiu%%Iib+LW8>>feKpmQrXf4q6K7p?RmoOI`vD zwW+C#$sY&H&4yvE+0amNnb-^0$y%+typnBcc$Ku5c=@cqp7qzW{%S0Jp7qzW{`w>9 zucuUBUw)T_aCQFQbbj}I&&6j|{+Iq<@%+#3cJKN8?~^=h$N!$2Q~ms-%mZ)~Lp*z& zXy9}nI=9A@J-1GR0b6XP)3(NCTZ9E_-L?Ll^``I3bRMql!hRSBuZAKN+lJ#T@=6Bn zpb!XY@GX0R&6lN37U_`p#>UJM>g@>^TCFaYL(6^2m26i$XH@M;HqE(oBGk4`5r;Sd zRZiP_r>oONU0;(mn4);rVbiWT^V!y09S7hBp|n+@%Ad}E+}vSY;o`PG8sD&4<2d)+ z$gyXu+{2#@!w@m{jzlI8Q(Fa!SYq1mZrIWVg3-?ubM!t5Q6MknbT;k_nZ+skB|}a~ z4C92#^i@u@4#U5C4ZM2w>IWRu1Txu5DYCg8tNZUB!YYkT)fi~plq3zn22cUmj+hH_ zF*AwD2*!eEHY)>)RK}Nl66L?WzB|RLF17|H6Vf-3_V)SFPo4dDuM0m4&no+Gw|M_+ ze|Kl_Z2vvUvzGlQnBq}Vz2x_eXcOUg%k|>kbkZ<@KvLyF;sz|Fd};c-h6`9?l28O@zqz|p9?Uc;Xy;1n@td~xN_3Fnr@+1Br5W5Wc?QNm%4I3dxS%#H#&~N=mp+>gH@Wkr$~M7%A`-8Iyf*-H0&M)m*{N+dS%^=8$PZznk!5UrxY81OJMXpjA0TY zYH<+5633%XmSE8e>hN(F#xc2VtMvbEoYp05SmNyc9Za@+ZBuIcZ4j#V=?w`3?M*p7 z4>rLDnx%YUKbnSBZed%nyiXUJPpZ8A>Fv@L3Vr!vZkG5`IB#N6JNe8JO<=5?EeL_6SAkBkQ_;}Df9D}zRlI6aRF%J!8^{+hnV4KB zbzhD7Z+L1Yw6)GxEg?)@H_Vt_Q8*ssFuy4&A7}4V<$zaIUe+d4p?!zrF-|bo6$&r? z{r0K~%Ymvqw3VRMr@E1-hSOviNg0+Ma()#*6N>k#CKO@}>f5Lp z1PvFPe&xT5oX}(h><=3w`XxVZAoSOklMTbOl)OO{uXOG*4X>>-E7+t49XGRq+A#IA z9(3}T?rj0?U0q&l)|l`=%7|zoc>O}s#0X?Wbj`=h+OJnf=T81A^Zo!_9i6wTBBJvW zdFLyTEoM`xgy6N2S8z@qm+7Op+EYGfB$7!cgt}HycS>hVHNaT{m@xvV=ZllxKWjb+Xc&jBT zbm*WgC>6)xme8A+z(`(Iy(Wb^rm{Tx5xAQ|_7aNEc8!v7M8_~hOnIC#DuKwrHG%ET zKI_c;oiM?jFbT&UOuFV0VcGM45}bfw3j}w7eP^QFksgW^l*F-?>=Y)^VVq9kSvCW^ zRkss=>k)R}_Ond>dwH_&p#WCO|Lwh^{NH<)|4;L%i5$n|7W|ZrkT$;nCt!pCQPx_7 zlFqV;T$xY(CWq$g1LHF29J!U8raJ}&Bdi=ig>CDiJi0(UqdFaBno^QdEY>r*RVf!S z#S4tq?U#)E<>|9qDN$w%B22(>v#IEg36u9)pYIn=Xo^}BgCQC zYE_B>MY5wQ3U4e)7+38r)+S1RjYzw=O?;;W{F}>3scmkWRo#d3tQgjKmdStZdcAiD z*edzI(=Xcp!`;Di{P&YQuKlkAU)DDL&1zaqICK16ve5E)4p~HdX{yWB`u-hr`A9(N z9Hyy}@fwLX)k*vhK;WMDu(|!eehpeMO$)IwbLZ-iGVBWT^Xu0NC^MMA35wdIg@4%O zGS6CGw>Wao8!cTG)vSpgY(=!x^taiR?#DBwp>0=^)B1U8dC773m8;`~ahOyc{CQqS zER+9=w2yxO_ik^nU6lXZyU+2zPx8pweDXPkNhA$tDImyLIqwA|^TmkAe*s!4t6`u>@)O9*<*5=^KS0z&7OVMCkv5Df{W-6NA z1iuNBGzr0QTmFe>m)UrXKZBqhRNLRJBe`P&pv7RE#qk3ClED~{v5=@~D#xVL`WY$c zvOE`Ui1A@yghH4x1Q?kixrS4MPmSalqc~!6b0)?!%uytkc6^E%*cdJ3C?B6)in2JF zNKe*gr*%38R0&B1BqRxkIANM0P}H)~ju=T`~mn+idO#%*JH2{kQPzFlwVvFu7!QJ#$nk zY00dXlG@rWcnqArI-*Daom-t0r7;W<2>xFHg6m*?L1Q{r6!C=}T~0&?S9hlB5Vpt9 z)jOdbwL$ES;p!9L&aUic9pJ>@lP&SEjZe3?m^K7d>p5|pO(`WQqVWQRP;iIg7NbQ; z!YPSkL}d_e15U9Ot`=#9N5x>Cms966f(WHCStB1fFYWZgrOR^ z^6Mp98!Y3Hqj45Xz*Uehb%83_Zt*e1G1xE@>Wpvz!5qdo0>w5r{>(OmI*h6$bgjx3 zLmMcz{C^_WljxKQO-6At33BJ0cMEDwNIIy^_P9ne&M$7(@{cw!n8HIk(do+dTc}>B z5GFdYClkCL%R;{Gf3H3^4UJmWMGwimf8QXc^=NZ*Jc;WwOiPb3TKkkoCcCWsbB&rP z%&0o2#L;JN4m^1;?;OBZ(O!(lC|rc*LQ(tkA=}`H&TyjAQOyuzVv0jP)pX52zRSNI zlm>tOCLAGA(MT>|>Y8Z*fRec+#24@Q2FaJ|GSj^`I31cLhwKAG)Sbs>1Uu&+PLK0L zG)AzBw_3bN&;CJK%G3ZV-CAovez-ijxPEx34+Zgyf3m>Be|LEK)0!>FI!loj1+Fho zt{w>RqjSR#O{rYb;F!r=aLefN!^Qg#=Z$&ej%_>&c%N&k)F>;`AHnE-5-%}ZB{r>IA_3_Ea)1#BiLOXMUqr55aA`%bE@x|%KlZ)%4!}G)MPv4$i zot7ZMIIh6i!nyk2W&?TkzvTfdTLH=ZVWUT1&iyZrMS&9@_{W)wo=b{;$uLC`2v9P| zlq55u)8>$3IEu|_iWoBv$QaCE%1jLa9Z$VUbqWloTFsv#Q3PZiiVl*}B^_FYAi47UwYq+l%U7stUjtXD%`39st@mtvPsrm7wNQibIftDZ(EnZFgx>Ktk@uY8+ZXf9J) zajpI3q2chXU%a9l1qcPTP-VDF2Viin_N-WnLOfo`2D=Kxm{3qPFN0-7k$3bl1^M4d`iJ$G2`){KcW4sYyDbQ&knu}wF_MjEQNfF8Jtto?d21F@soQkEN^JVg33EjUlmoDJ04_Fb-agDJX>6*Es89F<>1eZsLZ%@DkC5S?fA|Olx zoQ#R;swio5mYbU`WFnjvP`eUZ0_7hMUh8`!yT6(sVjex%&L;~ReWU#(r~IYq?k^L<}FV2Da+hEFMe*|XP!_PqH{#Clr1EQWF@D>52XS%6H7>MyXDr@ zTBaz46a{rx8dwLVa*vsKgHv{zFb?C`bAfThcn8}L?kD{=M^C3A($-@6^TBK7GAX-x z1d^Y(z{?x75T!P5(1I;#=Qofg_!saSV1#mcoV0LF@5_AO(3<|njn%g(2~cYfj5{$#!A26Gh$M_th!eGVuKoC+2*ilysau?%cWva^J@>ml z4g7zU-}4aQs`KA_yQTaeyU+f=r+MUN!nsTZY8`&&c#G%oYv%5g+b+)GER|%`DCl<0 zmR8kO9KvWciAep!Le*(abw1N2dRvzCRCcMbg7F&6GR6)W1?e@Bxs_Lu=`YdX9 zDM}(lC2dV4fC6r*Yf`W>>t5BJmA!arQ??cf* ziy5F<(i)*Lq2_p`_9-bpXHz|59Fq2yp^1#*bD~j}#QNDvVkL17`Bd%D+s*8PXw`Z| z_R4DkQHB{uNr?O-crxTg7Ps99hV6jY6S z{oyr7J!sN;hbl~uXIad#ShAeT;}I04gkesoSj`;Nm*dc0rctp6W}{XQK(BUtza|#I zS>Ud-D_}yci_WJRq!>n{Vt#W&nsc#u_SJ&rRXjxeEJlcet%I6)E#c`y$TwTaz>H~S;Bzt&whA+ zUj|f7tiyo1)#Jmf!|x9-PYQi==e{(B5L96@QIH0gR6*%OP9_b|WhAC`hz6JM-(JW;3hs)e0Kdi%$p(+!UzFmloxzb9 zi~k%ED&=QT261wB`2E|H>%$LMKc1XjogN)toxVS70P;i<;xOY=lyDqMU0&V7;qklE zv+EC+Cl_aj@0PHV1uZm#cAwUQyYFPLrMCF6L=<`_{@Nhuj&RatQ-f#F4$YsxX~?p~ z2(l^o+uy!BdH?1+{T_u=0)oSglNl5QjN=6e38g6HLiMM)(a`C10^d8Ww$>aExhOSH z6CGIj2FLl7(s#a86xIj%F_Q&@l_fdEu?+EZ?&(>lAJST!r-=>`1!I9`-Zwl3$(ZeY zj_CCS@i7cz@E`wCdi5KaP?Uo9FLMyQfjCy#YbJ<;vp1LX9dLN`Hu$TsNfSG=3Pbyu zfe3LFaujU=bt{2rLyWPD}6t*yR7+K0q(Wc-f|lah_~}m(z46T_^s2vuC4ht)snK15eg+)E&?}K<#CZ@NaAB{fCncJ~eQo{IzBKAvM zzPm~JH7A1a#RMqa(cx!U3UWZsF`X>oIJSLHC)b!!1fvCLe{ffi4ifpFj(P{}sk%T) z;o`VnBLY~APznYu^CCeFyIx~b7qM2fk47DuB}YoFZ~R{%jKTj4HUsdRvYXiywA&K9 zmtS0C{3~d;rBiXR*X!>&AC1i{3jC5`#Q$2+slVQ#SJf-kVy|Wk_Dc+-8BRbu6YDzA zo(3irJVPYopv}NG7&!D*mBb1&jB(*T5HrN!D3=%I0%_jk_ZJlf?D9rEoAz%!27d>^ zOM`F#UcUyx`TMgU0`LzZoXQ{HzCS!ZJ^KM%2y_8v^5R-^uTum$6siR$V1{OdE&}k6 zf~o?Fo}6aLd8Z~~-c;$6YVJaQkA&z)iEI@onCIaT!YF1OQYlLP#3dVS(-YR7mT8PY zLbx7X(R!!T0hfYB3xgpyR5G!9G>7rZFCMGLBH9uHq<$3=RWA_1fENKsIp|RporJzW@S*vOG$Zop|v1` zj78CTO06oCMb31nl=$1*;#TACZf>hWrN}GsH3*!2*Pa)aZCe3fze;BE_Fpy3Fk_s| zikY9)H+hHNZ)TIX6fatghbgGY;+T6Q?FM-jQIh)3FJOzvYwPn;!QqFi_d%(!+Y31o zuf5juAfKvM3YoB%L0pQhXG2$;O-{%1`}}ParR)0rFXBTrn!%Lw^asQbf~r9)mNw3( zRN4#jj#$+*@uDi#UL61yPLZ%iau5>PS_rkomVMx1dP%~Y<-J%+Qqv9RGXKhc%fK~( z^oEXVa4Y(;AYijWcN}>qxy^}(YlKE!<&`b34?SHCw~C7mRCy{L#>Xgz3wr|6;UFPE zIu(V$@)0%Q#iA&q=xRz4o02#x!!DL+2v~c9YEkyTHw2pc2SJN4z0cJU8-}k||M`2{ zEYHuwJuB^hccFd9Rlo}Sf6(79-2XG^_jU)*_Wx5nGCuvII>EK%1i;b@A?wm56~q1Q z$xY1BtS;2jHAdyZJW;rl5DC;XI&+`Q!RtIey(^`mY-zK2paA^>0^Td?P_Fh@c&8s$fswg(Y_<-JMAZ z*E=tuDCTCGEA+r~V7czCLSE$>udV~hT+ z_A45FUshki;azFrfG@YEFc}4y z+VL!Zy@SE;Bz&7 zy#ZiX)%oisN8OePy3sFU^J>k*Go3ZK$z41zOZJA}fzOz6oJ^#c_XVrG zg8ddQ7)U7^%k6F87sq3J!iFJkvNe`4eZ8#76?d?8{{r6gDWbQSA)wHZR|O(){_#j1 z-77R(>|s)MJ00-zENn>kQe7o!z?2c%L$B=;(^nW=jefODj2DC z%@@f$CRBNtm*KRsMwP*ur&=|Y`N!NeQ9j*J{ORS0v#q`?99=X{)WTE)0h*pq6j>xu9k!!dc0koFA34-~v@LsIae>x4`hP=q;Y%;j zcm7&)>?@=J~Q#DzN*$h~EWNnKrZN=-QWyT0>p{uwoYZu9aV&f|Bu8+v)t0F#nsc z*5Zg?fn0f{z=wvn;{SfVtF5jMm)DOFIp2{WZ>RiJWtubsOUF8oVqkxqDvPuBw%o+7 zzt?Wq!f0j<s32YzlIi}hj%-28KGKV>cE+7~q`Ir+d@M{akAqD3nD5-n0W z>B%ihjE?XhE!_|w1qBtu5Zi|!&bz;xSblKUv)+l+ns5#5Dn@=y>XoYW>6Py%mWbgG zC|0OX&0NQOFY;$rD($}j#fUB%AEWg6ry?NnBKkK=nAFl3+!_DjIEMW<91ZvW-$yAT znY^9>KxU9n0i*_8K-NIsl4DLt6s4Pl+KZWF5GjCuLedm$;(#q96yPkC1_a9lP-j7^ z3r-Dy#bUu}5gzq{vOF@Pkl-vd!nhRLD=G%_OPHo2j6~qzsn9|~ZZ=+!i z$a=uEf#SA@R(gNB?H5$^lrQ>akUYqQB-yw6?U5RIrzh^v>(#=ehI$o!ESBK(__z#@ z#h;p&RV2Jk5&{EW0qOKlxBpuK?@zas#EOMf{4>9~B1d1xUfWi=8_j9_cQE(MeeThp zPyJPOp9PI(pZop(0gSPD8~ha9x(7En3QhrEq6ce~LAunaQp27mSHfef;*nUDUey~4 zh3>5EreA+OkkBiZGOsQMj4f&u`TA=g`3>h&pc?sN-PW|B>ridS?h?thX=#U}8RmYT3Obe&Z0~~WS;ryDH0JwEEU>n) z=o%{%CRSbntV#**v!t#&^*?bLt)ueS!2drUj?MG`sk8V0KT4^{|Mc5xfAZ>MS@mmt zi&cOqw7mM8m5(h^wIn@4zl#%ei^+zkN^Gcj_EbQ*@>;3UK1~S8^q+Z;q<>kVph|@W zB08X`Ce&G(R4CVFfuhVRpmO|8fN2?uDj=Fjnby&cMh%XJuOYA!jqNq}^3YUPs_bpO zj%Dvyfvu{g=0szP5F3j;>h|YQRjLJ+Q_piIOj|YgnD~D~P1(Fxkt2DKUq-i@U z|F1L+*Caq+iR)00PPL)SYNRuE#wfM(v|6|}nC-!FomPXyeoB81g`<=iE#)^~cg4`=^X^>&B-XYJUX>^}ikQwYRQEHRd@ z5va*xn`;Dmt42m(*#vArD76DwZld3U;w(%%P@IM7Z$q)o7F3C@S_$`qy`^C*d4G5N zoAsbA;3mczhmeEnYOEPx?q;ls*=T93sbkRrM`L5{j(BXwT7wzxh|OlL-8;r=bM3e0 z(CzwQvDxmQt^Bb}wtFoN>_3^!v$FxX!~UDNQ}g|op*!B6|2<0i?Cd`!jqDvvKqHZ@ zX$4j%%zbP_@IGw7X69eKdo7t^YfsuXgoQV(nla7O++QL-}<)@`joQQlB!qUJt2k+sOLrN2GMDBtd-Mlvf>h zHXU{Q!RK$#mz_pfEknN_OR)(=o8@Z^di7GdzX5AtTo%C8o^>=atANESsGLc(0M*jQ zG^eKYzzmhQ(npueM8VZiGZb{N@ZXkEwZ&NOX68Ri{2Kt5qREgag1l9i*9(FJ|?BQy2@s%0bIkF{0{tbu*R+6yopts*{< z?W`Du?AGv`+Aep&VY66vO=u@XHan#Svb`#K&!vI>my$5Ki~6@S|LbsE%Kti??DfA# zDW9GG$KHIZQ2&}Kf3$U_?q@zF_1LOk@dh!^Pe8(?lkS(pDYQKLQ{C~7hO1DO@@9$_ zr&bl3m-a?-g&L=Q*R{AN(5lrqg|;j=oycVewb!l;`|BU~0k}lx>m-K#-C} z1|kxmGrmN&T&Uv=ljz`=U#bM8vY2Q?$}tvM{%q0>+V(*2oA1Bx6>lIt3vrr(-q&Yu zdi1~l=!sX5Y7_|z655Ie!3`2g%x{p$Z7vImsX|4PQ*fcakIH*`T6#%^=gb}O z&pITEhviAvOliHjl0fhS!pl{53S5nm8nd~ANpRQMq%aQGFOfq|+DKNf}x->t|y=GEiVD$rNS! zO15xX0_Kf0z{=ZemU&>DF(!eWi(~rlD8rrRCMJQwCw;PxNra*-pBMBoOW=2O4Zo5m zh)~JQFDzGThCXI_rs`&MrcjX^V>um~Yq((JC)7qV77h_Mix!j7( zK9l>u*q`eHCC|!R`D7paK3HpmEXGoOq|0?cDRXt6^?Ds=TV>o1&8oSg4C8okvzenL zLK#X2m>lPgPI-piVvI}ZDxc62DcEn&_6R&>``Fl$)hA2CH zmlo39{;RS7@ft4gZ2N!F!2drP8~6X+$;jFJ{~x6^v;Wl{pREvx6KVhfwnBhl5LK&L zEFt#49(cx|b?C7_-w={15pytG4KgywR*2UIy=6$|Fl17(ep~BEasij1n4~x($yTNT z9^{Az#mAyS2A4)H`it@^tE^c(_i@SugMo3&?+2Iv&Uj?{|0mvbx|jctQCi6V zzvZR@NHZ7()TZWZq;83eRU}&|nf&Wc(JNVnu$eN#xF?A~fZ~vB`J>lT#;K+v3s*>Q zeZ58lYBh6nC&4-7S2p^8>shv!n*A?cZ|~!1nV|Fzj9|z9cipL(|I68*|2I zK*dkygNqWcjP$WT+-4HNkXfII)0mM=+=S9in2D&H2DF!P8q`y6^-So{dBdI@!o#9> za$=0$34*>7eQDei`O>y%ueK{--k@z-(S=W7fs-_=0ImagEPZBQ+LZ?UKbb@SPFmnj z{_l*;_>Zx>&;R%+rEG(7)w@K_Jm9vOxZ1iUWzZsYJ+Wcp#ymkX}MrCmLisRXP|$`r8SJya#(3 z@y9C7`Tv>klTDO$5CgmT|FD$*&mB+q{+~xFJNUnt^bTSGisiCf8i<;Wg@UB1EF0t( zi-?dbxTU1X>3dj#p>)eeKm+k1p;SnbGkr#Wb77KqYcErNyHdmd#j^P+CP{XuW58Yf z-y50vUmR!u{>S4K8~>-14i+Q<5G?U6iolg-5DeN`1Z)M>NPV~acjoT!}=WXEJTqG>rjpFTRH36Jrm>?htq(dw<|9|%Wl>W2# zKRqA^&UjN?KJ(p1xX3ZnJ6tD7SPNBrumSzeg$5^lFDmZ2)bam}Byf2LzmF`t`2Wa! z|JR+2r+fd;qm=gXpK7Sq6<;FYJcOw&>`E>ppVld2twibw6#1w+3{-X%{4>f+3Kb5D{c+GM?{ImB@jWf%LaK>&alB@HxS1D7OpM^pb41@h==O45n=RS zDJ^RFe-?*A(Ym7q*unpuiEHxzsXKP}{QogZEB+q^C`ke2F}EOF!3_8$${>!4=-a`; z+Y~O*sYMzTi;4%m76O6&TrCRNPi^9A%UBGJmv-_Zr7R`E(XuB@3iFm#7KieSyiTR6 z_eIhgy~(qIyt|c=zr%HSSl#-w$Z%4#|3APa!qM{X5x~3jKW8*F^}p%<{g=lnE%yHp zd_4d-C!0)MT1iM4vdb%Qxntw!t4TDuhRd4kKW_-hcI@#=fU3I3u78?$KR$s3Ez!qs za1?-EKl$fBga7mNQ@Vn~@#M6}*vb!QZ(d)#et8Ps6nz5$%J}`1XTSUc)JrG7{(4G( zp>=-!_3#M9?6M`rEf^%u08T-gB_vvgTaX}1K4nS)$OwS91PA4@OaW$BD-#lI{0x%_ zpy(DSBwC{=8yx%}94!b~Wm%k_9v=t9PX}|HMR1Mj;2aB{jFR+tMLzU1a=c-jJA+Zs z7g+ifOJAv}Uc33NnbN*ITB+p!Ty`G+8@)QAWNC;>LEFEu1gbu<+MLy)V?rZDetH$kG;4}KFFM?W(m0irA?Mm?N zrSQ5hpqAHCq=7O5nk=4sak26ADE{*uTc$BUZG~pSzs>s zpid$nW;*ZHIEz80219Z)6A1fV=M5$gR440c>Boxvp*0)@^yq%;6>$32-Tt)Hjh2{T z5cF~=B|LvXwYXOQQ{1~(cpZlw&w_T@|E^nl|HU2e^}k0cjMJQjA^8AOvPOVqC<46& zyg@yn9>I{9+My{sux95L;N{y3kkVy=7ubi)N^PbgYNrNlU6s$TbI*W6f+p8lN*(nV zC4UctdHL?VSIG$S>_YLaU*^76c;8;`0JkD(b_ugpPbV}**(FNWn5UQI`^W-FuiD$y zwxsJw3TlxQWLoRDlY)OhuK3?m>iK_yZ*hp0D0s;Gf6jR7ndd(fcYpr#D24I=7c9gE z6w?i)mL$(DKCDm#0z~bVS5%F~DcGbaXvpwQovT1(i7R9jzhFYQ3k`83E9Nm zP62l8|KZSl|6%BQ6K}u&AEWU7AIEfg%k;nHX%{({60x@fu;f2C-18-Py&@L)_)Cz& zTVz2RhtNkW5(X#%w=ls}Ptko{%qb-rNYDFta$-8MmwFAwONVY>+P*F0P5GOoI%bF9 zDCwgpLkZQHlpY9lII8S{+5ts_iAiu}C_WXVQr)qyxxr5V9Tr6YFnJa$QR+2K%3Z*qlae2XkUe%UY=-7wne=em~{@+jd=kEAV&n?G) z?d|_ZDU88%rmP-0e{AktrYQ1s0y_jz^zQxhBJ$qFFChG<|F|r%e*gQ~U2Xp_n)v^Q=Ki0K-2MHZM=7=T|2q2>>^18%w1!-CHGU9LcHx4}a=uif9A z0t+hpt_D4s>b`Ophj89%6W^gU*#9EybVuRePmsK@TP#hLRuG0DYw_*0Bduh)9J1T!o?7xYb z|93bX?el*Kag;B8g3U#pnY`T)$xTjj|{|-B!m!13H^Gfmm!~OZsqm+vMZ|?lId)_qiaI~!7 zne}{t(W9NRMB*99XL)8IinISGmR*X2Q?LBzSHBEy!od9ctD4S^{q$AE_h0lkm&<&E z^^mvc9kDPAN>It5lmndusn_4f{Ue(GGnJ9vWaI*?62sHShyV-!d{eLF^_xAZe9;sCGf71pmed@sVJK2JF;P>}r6IMgKyIrWjt*{NN zv9_`gbp(5UzAsg!CI9c_1K7p?%lZG^>2!bo`zXc2|8vfNNq^-0w*$*JT>&vlI=KQ& z(mro@fb3hQO8OjFogYL?Ag;^3$2vU!1C%EGp9I~{ z{=aAv|5G~uAC5-TJ^z1Vs|jF5zsi_~I;!Rt<*~d1|NJD~l`#WH;_We&gaz7kk$NnEV-pI`V<2d{H??)+Y|6d`WL;>C6 z3KO8aOTPNe7lp|e*e-0ck@=p`wlaTAl0icsGn7OyyofTCETFIN;mRk4eHfxaxgFhi z;1h_bniplj(Kolqa_o};^{HM&c~=nhNkrAY1pU0h3Cs6ZovR220g2K9ZOt23sh<_J zvUW-{!5a#NuU|#vyUW*2h@-3IBG^(oRD<}aoAz-WYbnd zCmS`RE<#zlA|&fToow2QI@xFkbzg6ADAQ;~3%p#zc=sxg;fDw%gS-XBVO`w?h7|b; z${K^`)f>Vtr28&;D8aK-I)#|6r-T_R(D%tEs-Z~BAeKArt7eVo{wdex*?kdNJ9`rqOr z;%=tyylbk^dW}KL7pfZOc59oRQ0%T;|MXPz*0l)>n}admKxp1le_OQ$#)@>zZRoW> z-(omW&NdlYN+(K8(u|6@pF?BA@&CPjD0T)=9GJSAarceE6W ziSWNn0kX<}##$f6|L2aT(~|#hFaIB>u=8I!=gg1KUL(i|Kc$r$qdo{o6U59yv)UlL zQv>Ecl;+LLLB{pYhMH)_rr4`vo13F8-H>UF*m9k+OZz)?KtJhkK59jbSYuRrQjw;p zs?ra&ZEG8!-^Hm;^HSpfF$vP+pK{;ReMo?v_MiFwn>+Em{rT^s6n6e|y~1hk+GSxs z)R;?|EjJH0i23#M)1T*TZCs%&KO4S)ws ztQz3~9Sj}oiSB%7%ffP9DX$22&w~M0iD}E%t_G~zke!$`ndHAxQYEyfyhOWPOEpw0 zt0*Qx#SAMTe`|()&&4MH^W(02Pylwwe{V9KnDT!-+Q0wuD5Z=1&)3GiD**a|><$ee zue?_Q_A0;*6(B)zh<%vaTk`K}_;r@R3@x|(K`}m#y*G%j@X8bHyoDNM!d{GwkOHp& za#;F8!VpKxw{gHfE2rW16ZX70J71@}RN0~YxIIU4Sh1|+H!dV85H?Cr_3l*2YIXcn z!i^vUF$U=8x}H8G2^gds7V5r<;4Q=HF(4S9=sN}v+5N{r5}3@a<4%?mIkRQK6g8Ep z>h-_II$DLIxL4cmptb=}6+U*FuPx&)^ew+Hz5Cf)0Q#j#R)m=Bv$*gqu0YeS=iOC% z2LSYal&0U204Y;Nk>tQAZG)nkA|-ln5Db1uaE88TY5DjF|GXipQAl}dN;ZkFBS_HC z8LMTK{{ zsiB|{*G_ot<1bl)1v(Cr`B0j^zeP!c0|YW+j3P_=z{W}u9}5tXtb})GZpYa?|U}a99$1PNtIlr7@2$=z1XT&L*co)0m_4c6(m_$0&CGF9Ts8JpNuv;;t~b{S08t4w=Ku1kMB96@1<#l3*TVP3XNC7m zI92>#xx`p`xXqZn22x`I$2&O0^uj~SICrJPAI}Gy42OC2xk$Xy15XbR>!gIo)?EHaArKu2x(ys}W44|6=TvOiCbKH&G_&rymcr=$cStx&2}-| zRSTz%^4+E*O0sWB7@(x5;HexoTap6`B2P~8v~#@0UMHz7cKI(dMO?B>5qHu8cG-WP zYsP<0r`}%vKT0Xtf7-O)gAHgT9H~UmNl_GZ$X(1u zy{C1CV+9S3O~@+xAIO;0Q1vQNH`W%66|*-rAF|l_e|+mdlK*cwEc^e)`}nU%DJA}Y zDUUxh@Q$5119s?q50Zdof~)5L@vXm;-%BIm^4)pu3$dDMKx^mh{TcchJj;)a89D4b z&pgI{I25KFYxWVR8IG2$|0efRpI22x10}9s$;eCf8?*5;CXzh~l~WwG=BWDf610PN=fX8zytbh_vNk5V4={DPEEv@xPB#D)>Kt zVC+5wfJlvAX8?#wEjT47ui_oi60hXz*UBu}XN_AH?~%4;m$L0nvp_@J%`%W3YibQG`M-FL<1S)g=lSn=V!r?EI{WkAM=2%#FQ)yBPy79e zf&5jM2GT$xZzmIEtFma2U#ca9_-Yjtuq-1az&nTv31YXzsEQnZIAQU?QOA1kdj-O_ zlA?gH7Z`Uag8vUzC|u)ZL=trWICk)VXIy&!V>p@Y^S?eyc>*qBmZ2m{DSzTC0DM@X z2+TJ)3~;mrG4yZX5~YKKCxB%NNjEWnLOxxgFa*nx%=r~~94(JPfl%4=->%B z=lMk5onL_fC+WdpiL+z&UrzqPVE&)vnEhA&uv#9||Hwbn+vvCeG>87pCI$-}qV(X) zLHZ#+_;N6ZHwRx1vNioTN$~RE%m44-33vw+Og1UFc>W?i7{m#o9PVI%0|bwG^@RNU zU~rrIBtXZ%2X-U&|M|CPuV21+_5I7iI=FWnwfo<7#;)g>``;Tm`~CkI-efZb2RhGr+>GAOrXRFPe z3hU!6*&wDNrpGMjj!)JxOwh5~(i;p08l*$;Z0HP!eaGt$Cx-_V7p0Ew*n=-cb`cN| z{{|(1KLiqjh(!H0{5MHN^>6S;S~*L$l$|Z`N6-s!!2Fd990dS^Zzq*~>&CEQ5P(e*GF^~tGVpUq zjsKLa5rAgU`>?4a;K%iT9Cvy-pxyp zNN;B&d2AuMnHZ}ed8Cs(t|z(4ZgywQ7Mq+RcXrZbHw)P9_KG{J*()~vrn7ouXg8{I zPaWYCGy5jdlE{dGn){k7_AUHfZlYifUUOXM2_Gq#+D_fSao8Stfgy=RlzQY{ozR$cInRA2_jm* zrq5OUl7HyjXUFKXtM++ptPh_g3Gy?#C^&lnE0Sg=>tOw!G*h_peosa<{jTB={6oin zPfBy`sQn(5cx6cZo6648y}(mtv(KEDQZtaMCJ;wRtb<7_6NlEfj>p8d4kn$~!Ngbx z6MY>F&G9%(Q@XXU{{dirM9N${yt7`*$@lD&Ke0{zr1RvDRr`oTQakIG^n@S)aFdY` zM>n+BB&OUyBQoa+@AI&gBa7Cz_IX@s#qbZE`|N3b9xH~-uDUYzp)|w#)|M8_TAQw4&LW!EB%+&uj#Wzh>bf7v9ZC}#+ndwx(Tt9Nh_t7*01Ta zg?WuTGq171yv7>y>SpJ-CzDnhF0J3x;o+W)Tke~2-M+E#$8l%=I8t3+9FjVotxt4# zpGPg%&}ep8$%rE+T`>#+j!1?VTVcQOfo&&vPR4e@GpcmU@eiE`Ru?=Y#WOclwDEQW z>$PM^o}D3$Y=URhS@4Vu!81|>kK6a$)_oQqGPvY|_hi^|qYf>mC@0p||E@x4WC)>= zB81fb%QepZ$M0XiyLf(a_S3tItBbE+z4+<*i+302FRo5O@0Q@8Cp=OS0WUA#0-OSv zrg%w>G&Uk`%dO_x+4aaKqDGxX)W{G~BSl2H9Z#Fw=}Eg?Fg>Z;1r`xC>MWv0hKL#| zBFgO#O*>rJSzwLR4BnuW+TJ)yGZ==<;Ml~=1O|v7H|2&#YVD6jM2tF%2+t4^BSl1L z{ZTl#B${?Wb|#IHj~CcyJvrai5zoewz0NGzGgz{xuw+*;eA+F>md5Y2#`yJYEZOVK zl0AbZdm2j~wr9z#&*OFm?sRN7a6KCv_Byj+&tSuz#)jQlw?2jbXuI}#*iN`ihcokJg{g61frRfpMOlWUr4k{&Ac_1HY+~^C>T3`ncDcwpcovTB zb>`Tf!LdD!V|P16b*IBthhVgR&4RITb+0p5AC@+W%GKRUuKx1v1)DEDl^W}8JJ&d^ z&nzhPkvZ0U7{fUZafZ44qlg$-r{w~4?Ap!Hw&{kQH{H3=IYl5T75QW-A0}A7KcJS30PE zu!8Jt0mLv#5qmC(t}$MR4alTn5Stv3iEDSa4Q)GV*m)&5*p1m> zI5qk#BnTBB{o$-ia7qD5RRnkh5)_eJIt~nahUXzV0+2pV~$9U3i z4UH#tyrNnGpdUK-d1&<6Q~P{U;eg4X1E2Gpvy^!zD8Q-cZ@WX4@x*$lLW#5Wx1%;N z8w_2ezr)J@cDuqr^&>tMx!pBx8NM^Nhwo70ZR62VQk!E8MJ;) zpQ|+m`k`x|-I>v6Ra0=gdG5z8`=l=+cSWCF@~C=|GrGUrSLx zc52wPYg6gm&MKX2sC2HX(m5uZ&XO(IusAyiQWW#_D!F#MOvol?6BwWvMFEQZEyxmx zBWs6j`kLEWUvmw8&7D+s$Ub>=)g(Mc54#TiG8&`wWGXk#9 z&);xrTe<*7BYv+9Md>C%)$n10fSwcM_TWq4hX_WSnCD!=Y~%7ILjESf*%rjqK!sqA zGkG_I_m^Eo$`ZU>qC^JZ%lm}3DQI^miPl#w9s^j*z^&0}RtKz|UO5_hHNaXL@T1|h z4p>Xdh8ksJt~CD5R$+kRlqDvi%Wk>y`8~CWd>B~QyiGmqc8fjV+=hwZsw!f|9=gYs zbuXi0Qy{xtde2A2FeF@6iDWLeYI1COaToQ6Oz)J?bVS-n5^!DTHSv?*tubu&XX8!H_gn&%!c z`~bJ9h_HlIlZI;~F0+X%JY)fUlw^IG^_xU;Q20=^J9Hk|?|95CCtM)9b19T0Iu}+VoD^1=@Kh)w zik4wz2gQU4hMs05flG8A!ZdwNSLYJ33zkuU686fzynn}g-%iu^>Kw6FrK4-_4Ud$o z_TK88F{ig(w1a2AJUO!*Rn5AdRGpa9>r{47o>N_{;}Ef!7v_vf@j4Fi0{bk5p13#r zHO?Zq#=Pq-Pn!(kKqO)bI#-kU{ORZoOgknO4NMU2p^46GVzcpsN0o?fl@I;Renpze>&Yo0zynFzy z$F7ODI@IS3W$tA@EG>7oJqhuQ zq2-un5bh}86(Y)<`nknmtCYiZ2+2SU)AR#L0$U%d1$pNr z6-JJVu_nly9=Q#t?KG9))T*i2Qc`rzNMR(T7;A#OBA37ww~V*>#i9VkA=y&X`AE~L zg{sXC&(2Adp^rRNXL!<%DGX0)m_oJC@0_Z_$W$@bgnq?fu$yv0fHO=Y7y=k#n5Kx! zeda>QlMb!4vEk#;PACjdtbSWtj)~4GCPwBsIF;idcP@^ygajL3_)XB|yK_GM^snu= zm-@h{1Hsez@!@F6{p=USZTG1=U#IqrSfNuvV!k3U_!@>V@=*fL z=(vdPw^IR!c2B8i3vBW_2R3;|V3Vf?Ho1MLp}%lAY3C3fPOJ`5&lc|Fbqsf6EvH5& zPt;B}Ja8Je49y(cLo+>FjFZq2coIEwgN$sQzQ7ga znoPavVl?5S(eeaxsK->)-+UT+Ew_|cx239eY_D@{mS@Cfd1`D{-B24_%4@lvyt?&N zt>t=mjm>h5j*irhnhEJQDat*!R9dR%N?cp#frX0p%cO@AN=PDbb$<5h1s|c7*KLRP z>$YC?lN$U(=VdT7M#ob|ry}P6l0W#!#s;VC-D~GkIX?L6!}5v95f@qU*Ry|DfKOWWX~2m<#mjmVlB;$=T>({=w?)) zv6<-qQnxzye}^oCY@;iBYn~Y09KO8;Nl{i^d&W zEgH`fz~yxf;PM8B0y|TOq3o}wmfbB(C{Gc~f?G6Mg5WyD5dy&+Y?3eqaA^(c_AC)m zUe|~yBN*RPBBDeus>!fvk)4%DLx-GJ4radPq{~2&W}74wS3Kl(Pq*d8SJ!^=)w6g) zy{?{6Bb}BvP!&e|^&NXsJh!FC-?e-EZArH}=iD+YQN9$gkxMR8@`L#;+#BrWSS9iVUU5Yet4mALyJw9A|p%DP@j~Mm5l01>6|#o$Qv}&C&f-i^`vx9*JF-`(}axb=Sxny zK3{S&Fp~!9qhX6hx2EywIvS4lqT@;Njz~Qnj?J!fI@@)QVb?i|UFXbrfUkv=>iyz$ zHfkKhsBsjdW(O(N)8lkjxgA~Qb`+Jno|0;n*XgG63crM_Yc5Wq_flF;th7`su1;6Q z)zKAKr%+re851iR)rzarRdF@)Upa;1T2Dr`I@vk-m19oIq!}62dQj)wOh#%Zr_h5a z88&OemLI8OdZc`vj&xeQX0+J&NOv}(lQC>YMzy5roLb1pEaViDrk)HNE4#}TEZ1Bm z&Td+!l;o<_%0G0WW@^Yi4oM-!H6MFj!y5!x)V}GgNKuxu%bom=Hu(^-tD8#f{%qFD zKAX)f=GoLHcBh@i?$i*wQ&a5P9}Ce;v{}3J=b7#Jd1@2q)6U|2YKZfxDb8KX^^6ZV zLCXzH0`?9VdmC(tGV%UTWylCeWuv~+_GK*{gL-uXm-0YFn;U-j@7?8V5idyBC(OVH z1OgKMIb#O~&$cK#1Z0x|vJg+|Tf0=n38tNunyIeTOiiVx)FawHL>UUV@*%QKv`JBr z_m27R^BspG_E?oxV?h!+9=0A zJw`sY=#0~@I^$H=8K;KM*w8sRYZo3cqu;0|8YEQeW+O(meIB0r9IlzT+IhF*T zJFr)qx$>L^9q5RRgA@nIr=8&Q(JDM-W_!qLYO!&qU2UAHZsSZ18>c*&EaNy8q*N1vEUfYpW~)3; z3zx4893mFzj9|bni|5jr4MsaoF!m~QVcD4E@#$z~B!{RHl6|2ki4N9|Q<7YhS1zYUw?HkG~l>pgdsEVZ=U@7(5 z-RGLwu5(RnFX~J>zo;`|?@K6~f1*68V+>0!qDYd_zUSA6Z%)!a%=#-L!X@}H(T=xE z=rOZpITln__q=O}1#jwTUH5c*#GX!j6ag!W|%)Ow+bBSkCSPmHIXB!xXTe?X2%V4v17yf4KzTX%7^1CQ}B^|$c zarXSX7lU>15I7viaVDb?`@iEj=KtNXH~hjKd9LGlDNn$KxF$h`;laT-n~28&hIpR9WXm*}>tut@MFich3Rjq2vjHJt4k4-p z6<_(Q?o|AWzZZmQA`ql_jYF7#7-kttq9c&4aGK-z08=pE;E;*t1hGpUYlx!^MUbNN zNt%H<%03_zalMO!XWlBRnhBwwC0hXf6-Kv|#3g|trI9~e|NPD02b6b$H~c{<$}H1^ zgTHO&D2Y&p(o^vMuV1hIWNRNYqPv8xTNs2R)Y{4hMg7rRucPOFO0Qhw9 zsjrkz+W+Xk7{rVGIvnc<8>WMUYdRP>1rU6T!Zmm$hK1h_J^115&FhQTFHgbsw-;C7 z{M)lP*Wls`y#D?geD~t)^)sNng7_az!*n@*U zxMX+qfWJci4KoCO{CR`@n?Btl8CY&`fYL$~6#RcclI8IlMjIF&|39q76>agSq4Scp zIdk>+X*~;2UhiaCp!M=LKocaq5#KC~61%hrx1r zoV`mgufP4_I!kDy?_(4J2!3P&s*Na%(1&AxMM#Pc5BmN7!C4rBH+Z?qQmR^_ z53cnkE`o%AClXNb{}l??ec?K|cOg*A|6OO~j;99y_dLhj^Z&;vl!x&+W6D|j@7NMJ zI8fFzPC=aDHB4~0WlT7rOqeN@Tej|BpIwP~WXjzK2j7wp=oTeM-~$r3XL(&1hJyd6 zAkAPDz$D;UIi>-)h&bENU;3gD@S53U>f>KBG@371fFs5c_}PPGii~BlJxzPSeE9Qi zA(v=9WaWA^c>&r~OugQRe zPvH6=;1fu*gmU~(;C=7y^?C0-_yn#{2J)v(!8Kl^|Bwh#$cpJ&ynPBj30Exz^2@Ib z0(&KO3t+UZw02XlLJ7P7M~z+jG1&r~p>;X{FQC7wHj&d6*@XF1Ybo;;-JtD&OQs^1 zgbyPy=Z7Z)Ni{V(6*?)`pCc;&KQSgM{ZVYvM4E;aq;xUCkhbrWC>_wM?4dsfpSw~v z2@1d_3Q)oq5F@BSI`B!r`E_FASKXx=6;k!c>3~dt0SG9tzJSJwVlEZmM`;QcI7D!egYv**#i2p*YCqkw(1@AA`+qAzvPNk29jc9djv-az+}m`XF8yZHpKxd z-s0@{Hz`W`0nA`OzzG|y;<{}HLc;Tz@vX?gYlAESaj#=)=>m5?2H+Ez6GA8R{Q`z5 zqLjZ7e#uP~m8Y;++BgzV3kFscw^jR$B?s676y4&4M2t(_!UR*Csd#~~K*#o+75pnc z0r@qRFTN9{de1 z2%?1WB)ys^}9 z#C~3rO_arOC3h(^oD@#LqZ7WPwbb53C`(s_ls07tp_hXyBwm(~4PDsmXYr74p4tUx zE4F6F7yk$G_!T*9d}XndbFPs{ z6P_-CcbBgR_U;VwV|ZO~Ys6C`epq3D#TJ=dTePJ#apywr>ISS0m+%KD_}FMDx&mJ; zT74JV2&1aO=JnHnGuei?<|l&#aVis`YRM{LL4po=$5&jF^O@o}3P6 zDDXxn4s;M2d5bArOitVd3dX@`;Sb&M*qy-n!u3Zkf&rS$yp#EG5}f!mf9OxgCtf`@ z3_GQ$O2_>E79|N4W6XG?HKd&>4Y*=gFd&UHW?3R5IQI5#G9jeFm#+z04I~t0-+h4PyCtdqS0bZ|2aBoK$Toa z(h{j%N}|%U^l-<5Dk2FjOW<5;p+)9>#pA*hS}H>ablEA+epyrKvRtyxw}sBD92wl8 zZGL<&gwdZlh(8OO20E=meHs+8=~c%UXUbP44 z79xZ-uu#0yHcUYgJfAipRy+k!CifNpu%qW$Lc$OwJBE^qX`ogS+HR2~^;qV7N>O$k zK(r=Nin1Ckm0B7zW0l0CcgJY=@QGMsF)FgY+1@(5l+@xGjxMC})=kFYZg>*JV$NwN zs7~?;ymu*%*Bh3Im@GhmQcSJPm;`CL@hwgESPc-!z9C8mMHu+!l4`prIX-|+7u{F>oBC7WQlChi_tWIui-}^ zTGj#IMDP~kkgcUID75xEBC17ZXt}k))t4^V#LEN*2;|MaAqjY%<4%vL?u`R!j8M(@ zjeLOYnUD^L%(bRb$-NC%ViK-UC7|!4=O{!ODmO1c55RM_L@5Y>ml3m7S2!*0xeB#D z??unjd8=-(q;W2G2uZY6#qcvP!a0oL9EUi=$k_Bf7zDl3AOCgK3lb93e=#<2UYt_1 zs0O-Tb)#kAt1!tXqei8)7+=1~vMeUhSV6N}XwL}`V_EB5Mh84;2Z&^r$| zX@-(-aFS*{fEUc4^EyBL08AfX+eoYW1I||8@|snxs8HjSaIq!~`Byl)N$twUu~0Pl zrE#9NOt>@bj^yISsa9sKXw?_zJUCh&3kO6W#{5zgo$9`*c>IL>`>7qAt&sfrQ1r3N z9rYc=Q8nEIa9vW*uGrN!$tzC5*&(?8$0>MweGa}p1ea%5S3f*I1%LkK7ch7uo*rQF zn7{t|XK-FrUM4t<;|j2Yl09)fXFJc2mEE+{PYWjAKgH#U-tspj0%a-x-g+``(2?&==_Y8DXv|l=*!| zLH`5JR_vdB$mu>l%zG-CR>e5~P+TZcYZeJFwq(OIcjw$TBjCM-O}@`jmfWFYuFk@c ze2~sy<}*hhDJQ~N(M*O8QCPUnyCGm!yDo5@!$NDR*2x>1&Ihf9^b4@RuH*}Wn)<{( zG0lm4d-7V4j{sey2&P*QWB*2)=L>f6Sf2kHWLvt5k43XNR{jbjuA95TNt!jKkN(mWO? zZ^=I@@@^y3C+G%&q_0?i&r%dqZ4Di2giz|phDBqMROq;Ci5Eoy3#2TMG~?PoI{#w- z&{+rDl6~|MuHz65LgK@aF%rsTrEoD_U}Bdtb)jk_S>$ zCXzW@WUD-&igiRXK!u^ab@SJ+fIDzUeWwW`8CPbLI8t-qD_?GHRy$AhAh;n;`MGin ztn6xTW2~%pW31wjB8hm7vZdDL@oX}HK1Y%>DREaSRShe4NorQ6!Rm{vV9=s&Q{KF; zW;0TWl~8}jOs3T3U7D+y}sAk7na}}A_lLCPsLgR?P z^O_#ftx5lfGJh}_91g$*Q>GI{iCJ@R5{!T=0URlsBcqu_;kNk9TEXN71yphh2zlj4_k5^bBGtn-}+{()UWSLdT~)xPA*-C#<`t*jMSoO z%g@TgD&=!qQE9MAs@xF1?%8B}2}ayb;Jz8ABhpPN*zDUkudZm-O^TF&P1=FyUk_A_ zwP()xGpqIkXBAAh(`JdJ+FaA%w>V}N?RH=*VJM$1yUt)b@Z{n0#G8)1x$8iGJQ>bU z784K7120&>;b=0Po%oZ<^u%AF`3z0R3ljt{(Q3Vz3Iety}3Vf18)?-q38G`X9!0pgY)-IHEDSL1jX1m-{An||kLmw5AGa`ZNi7`3rYZ6d3JQNQmDe+?W9w-*EFcwY;_rZw}x7tnK zAo5TJ(~SkoSUW$&g`3IT?i!jFyIr*FbKuQzm+yJyR$JI%||{O`;+Nn z?)XDzw(w3IZ!#XbXdZa(Bv=gLG?<*sN5k=a=8sP1p3{sfx&5^>v|XEDt$a5Pv0<1_ zezQWsEFx5F)XIy`CavZ8?bHT(z*UUzh+)C>-XIwKkl+k`ANkzzc~;cSUGl{ZQhp;~ zzzq^^Fc7grnQ6u~nKcPeZvBWTem-1VvPtp>mBelE%6xKEb&ndO+0WyYswSHOLN(T%Ap(uiHS2ONQqm#Oo^a^J2l={U2Z?a<;Gpc@dBe zflpf=71pUZTFJlD?rE+fMeJ1&v>=I(N}dfa7}z%%SH}_nGw2NM57an__`Nn}3CWY5 zMB2+1gjR0`ovJVo-r7A&?6kggTR{xt56lwN?gEJGFT!u3+ZF@uu=@S+UuYkHB8#80 z75a%c{OkLp{8S_(;LrU(i|B$>g+AY8`od6d7+UAxo?Q}hS6i?p2nH;&y<&Mwwu~2Q zr%Lxa0EN*njJyggDgKYKq-L|(OPpUTf_!4gBIh5nGYR^6gVHSTQ6S_E>9>zeV`|NQ*wr8>6Jc(JiJ> zg_M#t;_nlpFhv{~yYQ+%E~>WNMC^zc1>l*2`jBl&4m8??;Sq>P`E5k1@-X&}vLnD! z_sCF@iXPa9e>1mj$hX3&<&)^&G7}c__r2Fx;`@PEgH(@&Al=OS%rT2uZUlY5T< zVoT>4LUESz^qdw7%Q05*tuKSC%B-AKFGW|K77wEziGO~3c?9BH{|KOUoNb@uI^12(>?tI1>X7fI_ui zl;X>a&&E4}kJe`c+eKlPT5?%2W)UcJY`tLjElD%RRC#s;f+HojaUKIn={=@U79?c1 za7lhX&a;R2sZvPNocb=rKUoP{4#D;J&%XyEnwF_Cgz3`%FId48%tMMYFfrSDZo9}j z$5Ds-tCbk4w@Z)3A}M%E+eS#UotuWOOBin0K7KFz^S+v(0Npm?2KlgXdhTc9Y!ulh zAwakHF$pRLi(~7zxj$SO(5fv6 z9o|6r3WQ@?T$Ye;JCoK+ECQ+k6Hoe*m+|=#kxs<`ruVXfcqDtY-u70~>7V3MR~_ zUwwv@UlfxL9El_&fHlq2q-zgVrFY_Q3|D}YvI4=W9jsA+H%k*VvZNK8*dCnQPLhG3DOm1S_s&H4$pq!}BXc`%*pY0^x!bD^``(5l^LGI_j zc_pEr^Ta0`tG4sorVtd-lxUcQ{?c%wP46 zdhGQ*wH^E6ZHf}{xB37Vt5@80*TaV;aX?ZhSH)%Cfh2>WEoCE9HGfq%sEo@O?aHUN z1<<;P5s`02zh=${mcdmr5ixjawoFj^b19*$nKyJ! zhKtE$>>>-)vsEsI-G$#-LEiZ8GFIp#OGc`EMmTJx?-w}n6a&VQdUB} zWXP+~?M&#-FIZ@usDfi&NbDW=xE=t(x7XK~qNR*Dk|}Q38lc~g>3^>BED49o%{tkp z3TtW{oSN^OuUot_`SF{V;<|de`Tdbo|mhw1f>GtHyHMMYjRD z|B~jZVQ8awiiW!omXVY-&f#EGWCV7nE^BzPJ)xs#B*mSlLdssp*NlkVa3%BgCMDHCUa&sO%*(W>keS+s1@I8P5QI4H=rT(JAf_Vb+`@DX6jh3a0`iV*ta_3 z(hX~7yHAjR7H6boLIwawez=iYBH*0dB5|Y^NOlZ;KR^9UP=M=HF`U+$<*fZ9TI2~z z$tLkjX&qUH(zJK_OV5utz0=;vah!GUsK?!Nz0=;wOWgbQs3)TFm71xv6L~K+B1%asg17nR$LOd6Zll<~%uEMnFvBP00C;sGldH z5JHm4K#p+$z81ORxQ{hsH|CXepj0xU$WOMhxF97Y>k*I3V5gNVbps2mxy30K>4spm zos(e8k;_?Bj`hXE0Sg=o87h-)8nb%&_Tss4oW1?-?CNj5)1fvqmm&wl+Y}|>;yHLm z8yo@@-S%%`0%UfbaH}Dy_V=-$nR`x6-WF0dP{x}`Qq|+bVUCjT{hN}Of@7hUDR`9nN8pm(IeET;q4+_h@5z5D({jH_do?2ikR8tgb`7+H^pWJzA} ziooD&7{bU$2@?pfWj#3s;?n(HlT_xpWGOs$Bc68Ru(ofuBwE*UU?QG3y%t8xj7JRa zj&w)XY)66!Tec&<60NC@>|G!k@fq<7^Pt8#Ps~Q4$~psZ#V3^1DnmOM%5S9FL1!EmH@R$O1t`5$v(*j9ypURuon6;8f`50-JX z+%c*4P*sNgx_%Er1oSVxe&^oOL<)rO8HKvFw-tBwTKCoOR9o;9f#-{Wv+9< zTn~>lUV8*`ct-`#RmeD#_Fb(82c3q0_)M0b$b08n(O<62NAT#fa9PLK{av(UBObZ3ViI=H~q4R8)3V|*6 zV6BeMz-9ppfiDf^bD3JL7)vE+h`*{$0+4JXo^n(`(w@HI5ZE*imI?IHB}y<0ogh)5 zzD44^&rdw-1bu$nS^3z9F+QfkJ|r;c=NA5POoINcd;BENq;~kP5>0EArf`XD5z7xu zP~WW~$(mgH(TF0U5T_Nd;!6Dv@=Fm#&ATQqVi4Jjb_G;%I-QZ2gk-tBim6e2o+nHy zlP6!}v$g2*B%d5RHe`I%Z$8OFZ-P;3*6d^j81{ zn7x*=;cvOf+u@XvaB6tm8cSJlou^%_$YO8Fd0@Qya;iSd@?Lqk1V;hB#lZ%K)Ks~V zDa%#vjkU)fKi~wtWN$mxoO|e?x*dEJh^kLM3>+1aM24(BJ%c#52v zJBQAEgvN`>a5kImq>P_}9GrzAc!QU#ECp})^DhDDGjV&JY|uIDFStwyoydbP_T}>` z{ORap=^`DhgZszfIF2(JjoAMk$1(r!j3(1B+>z%xjyIkR-7g$>I2}&E0M7lBQZAb` zgUJ`popG6+`<;}2zkjg80XjVZpbs+QAJAV8o)o@kY60D1^x@#(FYJkfRe}~@^`zh} zc-nv@%j2J@0Koonmf+j%z)#a2GjqP`W$0se%>GVL_*E~>wjoMa2xUER{MUnnCr?=J z-#%j(^v@?xo`5SKMwF*)!Yn;FI5_wOUK8*gPBmsvWyvNAI48{PvBet literal 0 HcmV?d00001 diff --git a/stable/traefik/13.3.11/crds/ingressroute.yaml b/stable/traefik/13.3.11/crds/ingressroute.yaml new file mode 100644 index 00000000000..572adae5f00 --- /dev/null +++ b/stable/traefik/13.3.11/crds/ingressroute.yaml @@ -0,0 +1,209 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: ingressroutes.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRoute + listKind: IngressRouteList + plural: ingressroutes + singular: ingressroute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRoute is an Ingress CRD specification. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + IngressRouteSpec is a specification for a IngressRouteSpec + resource. + properties: + entryPoints: + items: + type: string + type: array + routes: + items: + description: Route contains the set of routes. + properties: + kind: + enum: + - Rule + type: string + match: + type: string + middlewares: + items: + description: MiddlewareRef is a ref to the Middleware resources. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: array + priority: + type: integer + services: + items: + description: Service defines an upstream to proxy traffic. + properties: + kind: + enum: + - Service + - TraefikService + type: string + name: + description: + Name is a reference to a Kubernetes Service + object (for a load-balancer of servers), or to a TraefikService + object (service load-balancer, mirroring, etc). The + differentiation between the two is specified in the + Kind field. + type: string + namespace: + type: string + passHostHeader: + type: boolean + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + responseForwarding: + description: + ResponseForwarding holds configuration for + the forward of the response. + properties: + flushInterval: + type: string + type: object + scheme: + type: string + serversTransport: + type: string + sticky: + description: Sticky holds the sticky configuration. + properties: + cookie: + description: + Cookie holds the sticky configuration + based on cookie. + properties: + httpOnly: + type: boolean + name: + type: string + sameSite: + type: string + secure: + type: boolean + type: object + type: object + strategy: + type: string + weight: + description: + Weight should only be specified when Name + references a TraefikService object (and to be precise, + one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + required: + - kind + - match + type: object + type: array + tls: + description: + "TLS contains the TLS certificates configuration of the + routes. To enable Let's Encrypt, use an empty TLS struct, e.g. in + YAML: \n \t tls: {} # inline format \n \t tls: \t secretName: + # block format" + properties: + certResolver: + type: string + domains: + items: + description: Domain holds a domain name with SANs. + properties: + main: + type: string + sans: + items: + type: string + type: array + type: object + type: array + options: + description: + Options is a reference to a TLSOption, that specifies + the parameters of the TLS connection. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + secretName: + description: + SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: + Store is a reference to a TLSStore, that specifies + the parameters of the TLS store. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/stable/traefik/13.3.11/crds/ingressroutetcp.yaml b/stable/traefik/13.3.11/crds/ingressroutetcp.yaml new file mode 100644 index 00000000000..127a41767e1 --- /dev/null +++ b/stable/traefik/13.3.11/crds/ingressroutetcp.yaml @@ -0,0 +1,169 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: ingressroutetcps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRouteTCP + listKind: IngressRouteTCPList + plural: ingressroutetcps + singular: ingressroutetcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteTCP is an Ingress CRD specification. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + IngressRouteTCPSpec is a specification for a IngressRouteTCPSpec + resource. + properties: + entryPoints: + items: + type: string + type: array + routes: + items: + description: RouteTCP contains the set of routes. + properties: + match: + type: string + middlewares: + description: + Middlewares contains references to MiddlewareTCP + resources. + items: + description: + ObjectReference is a generic reference to a Traefik + resource. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: array + services: + items: + description: ServiceTCP defines an upstream to proxy traffic. + properties: + name: + type: string + namespace: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + proxyProtocol: + description: ProxyProtocol holds the ProxyProtocol configuration. + properties: + version: + type: integer + type: object + terminationDelay: + type: integer + weight: + type: integer + required: + - name + - port + type: object + type: array + required: + - match + type: object + type: array + tls: + description: + "TLSTCP contains the TLS certificates configuration of + the routes. To enable Let's Encrypt, use an empty TLS struct, e.g. + in YAML: \n \t tls: {} # inline format \n \t tls: \t secretName: + # block format" + properties: + certResolver: + type: string + domains: + items: + description: Domain holds a domain name with SANs. + properties: + main: + type: string + sans: + items: + type: string + type: array + type: object + type: array + options: + description: + Options is a reference to a TLSOption, that specifies + the parameters of the TLS connection. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + passthrough: + type: boolean + secretName: + description: + SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: + Store is a reference to a TLSStore, that specifies + the parameters of the TLS store. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/stable/traefik/13.3.11/crds/ingressrouteudp.yaml b/stable/traefik/13.3.11/crds/ingressrouteudp.yaml new file mode 100644 index 00000000000..2ed2b6969b2 --- /dev/null +++ b/stable/traefik/13.3.11/crds/ingressrouteudp.yaml @@ -0,0 +1,87 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: ingressrouteudps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRouteUDP + listKind: IngressRouteUDPList + plural: ingressrouteudps + singular: ingressrouteudp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteUDP is an Ingress CRD specification. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + IngressRouteUDPSpec is a specification for a IngressRouteUDPSpec + resource. + properties: + entryPoints: + items: + type: string + type: array + routes: + items: + description: RouteUDP contains the set of routes. + properties: + services: + items: + description: ServiceUDP defines an upstream to proxy traffic. + properties: + name: + type: string + namespace: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + weight: + type: integer + required: + - name + - port + type: object + type: array + type: object + type: array + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/stable/traefik/13.3.11/crds/middlewares.yaml b/stable/traefik/13.3.11/crds/middlewares.yaml new file mode 100644 index 00000000000..714d151151f --- /dev/null +++ b/stable/traefik/13.3.11/crds/middlewares.yaml @@ -0,0 +1,587 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: middlewares.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: Middleware + listKind: MiddlewareList + plural: middlewares + singular: middleware + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Middleware is a specification for a Middleware resource. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: MiddlewareSpec holds the Middleware configuration. + properties: + addPrefix: + description: AddPrefix holds the AddPrefix configuration. + properties: + prefix: + type: string + type: object + basicAuth: + description: BasicAuth holds the HTTP basic authentication configuration. + properties: + headerField: + type: string + realm: + type: string + removeHeader: + type: boolean + secret: + type: string + type: object + buffering: + description: Buffering holds the request/response buffering configuration. + properties: + maxRequestBodyBytes: + format: int64 + type: integer + maxResponseBodyBytes: + format: int64 + type: integer + memRequestBodyBytes: + format: int64 + type: integer + memResponseBodyBytes: + format: int64 + type: integer + retryExpression: + type: string + type: object + chain: + description: Chain holds a chain of middlewares. + properties: + middlewares: + items: + description: MiddlewareRef is a ref to the Middleware resources. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: array + type: object + circuitBreaker: + description: CircuitBreaker holds the circuit breaker configuration. + properties: + expression: + type: string + type: object + compress: + description: Compress holds the compress configuration. + properties: + excludedContentTypes: + items: + type: string + type: array + type: object + contentType: + description: + ContentType middleware - or rather its unique `autoDetect` + option - specifies whether to let the `Content-Type` header, if + it has not been set by the backend, be automatically set to a value + derived from the contents of the response. As a proxy, the default + behavior should be to leave the header alone, regardless of what + the backend did with it. However, the historic default was to always + auto-detect and set the header if it was nil, and it is going to + be kept that way in order to support users currently relying on + it. This middleware exists to enable the correct behavior until + at least the default one can be changed in a future version. + properties: + autoDetect: + type: boolean + type: object + digestAuth: + description: DigestAuth holds the Digest HTTP authentication configuration. + properties: + headerField: + type: string + realm: + type: string + removeHeader: + type: boolean + secret: + type: string + type: object + errors: + description: ErrorPage holds the custom error page configuration. + properties: + query: + type: string + service: + description: Service defines an upstream to proxy traffic. + properties: + kind: + enum: + - Service + - TraefikService + type: string + name: + description: + Name is a reference to a Kubernetes Service object + (for a load-balancer of servers), or to a TraefikService + object (service load-balancer, mirroring, etc). The differentiation + between the two is specified in the Kind field. + type: string + namespace: + type: string + passHostHeader: + type: boolean + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + responseForwarding: + description: + ResponseForwarding holds configuration for the + forward of the response. + properties: + flushInterval: + type: string + type: object + scheme: + type: string + serversTransport: + type: string + sticky: + description: Sticky holds the sticky configuration. + properties: + cookie: + description: + Cookie holds the sticky configuration based + on cookie. + properties: + httpOnly: + type: boolean + name: + type: string + sameSite: + type: string + secure: + type: boolean + type: object + type: object + strategy: + type: string + weight: + description: + Weight should only be specified when Name references + a TraefikService object (and to be precise, one that embeds + a Weighted Round Robin). + type: integer + required: + - name + type: object + status: + items: + type: string + type: array + type: object + forwardAuth: + description: ForwardAuth holds the http forward authentication configuration. + properties: + address: + type: string + authRequestHeaders: + items: + type: string + type: array + authResponseHeaders: + items: + type: string + type: array + authResponseHeadersRegex: + type: string + tls: + description: ClientTLS holds TLS specific configurations as client. + properties: + caOptional: + type: boolean + caSecret: + type: string + certSecret: + type: string + insecureSkipVerify: + type: boolean + type: object + trustForwardHeader: + type: boolean + type: object + headers: + description: Headers holds the custom header configuration. + properties: + accessControlAllowCredentials: + description: + AccessControlAllowCredentials is only valid if true. + false is ignored. + type: boolean + accessControlAllowHeaders: + description: + AccessControlAllowHeaders must be used in response + to a preflight request with Access-Control-Request-Headers set. + items: + type: string + type: array + accessControlAllowMethods: + description: + AccessControlAllowMethods must be used in response + to a preflight request with Access-Control-Request-Method set. + items: + type: string + type: array + accessControlAllowOriginList: + description: + AccessControlAllowOriginList is a list of allowable + origins. Can also be a wildcard origin "*". + items: + type: string + type: array + accessControlAllowOriginListRegex: + description: + AccessControlAllowOriginListRegex is a list of allowable + origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/). + items: + type: string + type: array + accessControlExposeHeaders: + description: + AccessControlExposeHeaders sets valid headers for + the response. + items: + type: string + type: array + accessControlMaxAge: + description: + AccessControlMaxAge sets the time that a preflight + request may be cached. + format: int64 + type: integer + addVaryHeader: + description: + AddVaryHeader controls if the Vary header is automatically + added/updated when the AccessControlAllowOriginList is set. + type: boolean + allowedHosts: + items: + type: string + type: array + browserXssFilter: + type: boolean + contentSecurityPolicy: + type: string + contentTypeNosniff: + type: boolean + customBrowserXSSValue: + type: string + customFrameOptionsValue: + type: string + customRequestHeaders: + additionalProperties: + type: string + type: object + customResponseHeaders: + additionalProperties: + type: string + type: object + featurePolicy: + type: string + forceSTSHeader: + type: boolean + frameDeny: + type: boolean + hostsProxyHeaders: + items: + type: string + type: array + isDevelopment: + type: boolean + publicKey: + type: string + referrerPolicy: + type: string + sslForceHost: + description: "Deprecated: use RedirectRegex instead." + type: boolean + sslHost: + description: "Deprecated: use RedirectRegex instead." + type: string + sslProxyHeaders: + additionalProperties: + type: string + type: object + sslRedirect: + description: + "Deprecated: use EntryPoint redirection or RedirectScheme + instead." + type: boolean + sslTemporaryRedirect: + description: + "Deprecated: use EntryPoint redirection or RedirectScheme + instead." + type: boolean + stsIncludeSubdomains: + type: boolean + stsPreload: + type: boolean + stsSeconds: + format: int64 + type: integer + type: object + inFlightReq: + description: + InFlightReq limits the number of requests being processed + and served concurrently. + properties: + amount: + format: int64 + type: integer + sourceCriterion: + description: + SourceCriterion defines what criterion is used to + group requests as originating from a common source. If none + are set, the default is to use the request's remote address + field. All fields are mutually exclusive. + properties: + ipStrategy: + description: IPStrategy holds the ip strategy configuration. + properties: + depth: + type: integer + excludedIPs: + items: + type: string + type: array + type: object + requestHeaderName: + type: string + requestHost: + type: boolean + type: object + type: object + ipWhiteList: + description: IPWhiteList holds the ip white list configuration. + properties: + ipStrategy: + description: IPStrategy holds the ip strategy configuration. + properties: + depth: + type: integer + excludedIPs: + items: + type: string + type: array + type: object + sourceRange: + items: + type: string + type: array + type: object + passTLSClientCert: + description: PassTLSClientCert holds the TLS client cert headers configuration. + properties: + info: + description: + TLSClientCertificateInfo holds the client TLS certificate + info configuration. + properties: + issuer: + description: + TLSCLientCertificateDNInfo holds the client TLS + certificate distinguished name info configuration. cf https://tools.ietf.org/html/rfc3739 + properties: + commonName: + type: boolean + country: + type: boolean + domainComponent: + type: boolean + locality: + type: boolean + organization: + type: boolean + province: + type: boolean + serialNumber: + type: boolean + type: object + notAfter: + type: boolean + notBefore: + type: boolean + sans: + type: boolean + serialNumber: + type: boolean + subject: + description: + TLSCLientCertificateDNInfo holds the client TLS + certificate distinguished name info configuration. cf https://tools.ietf.org/html/rfc3739 + properties: + commonName: + type: boolean + country: + type: boolean + domainComponent: + type: boolean + locality: + type: boolean + organization: + type: boolean + province: + type: boolean + serialNumber: + type: boolean + type: object + type: object + pem: + type: boolean + type: object + plugin: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + rateLimit: + description: + RateLimit holds the rate limiting configuration for a + given router. + properties: + average: + format: int64 + type: integer + burst: + format: int64 + type: integer + period: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + sourceCriterion: + description: + SourceCriterion defines what criterion is used to + group requests as originating from a common source. If none + are set, the default is to use the request's remote address + field. All fields are mutually exclusive. + properties: + ipStrategy: + description: IPStrategy holds the ip strategy configuration. + properties: + depth: + type: integer + excludedIPs: + items: + type: string + type: array + type: object + requestHeaderName: + type: string + requestHost: + type: boolean + type: object + type: object + redirectRegex: + description: RedirectRegex holds the redirection configuration. + properties: + permanent: + type: boolean + regex: + type: string + replacement: + type: string + type: object + redirectScheme: + description: RedirectScheme holds the scheme redirection configuration. + properties: + permanent: + type: boolean + port: + type: string + scheme: + type: string + type: object + replacePath: + description: ReplacePath holds the ReplacePath configuration. + properties: + path: + type: string + type: object + replacePathRegex: + description: ReplacePathRegex holds the ReplacePathRegex configuration. + properties: + regex: + type: string + replacement: + type: string + type: object + retry: + description: Retry holds the retry configuration. + properties: + attempts: + type: integer + initialInterval: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + stripPrefix: + description: StripPrefix holds the StripPrefix configuration. + properties: + forceSlash: + type: boolean + prefixes: + items: + type: string + type: array + type: object + stripPrefixRegex: + description: StripPrefixRegex holds the StripPrefixRegex configuration. + properties: + regex: + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/stable/traefik/13.3.11/crds/middlewarestcp.yaml b/stable/traefik/13.3.11/crds/middlewarestcp.yaml new file mode 100644 index 00000000000..32c41e532de --- /dev/null +++ b/stable/traefik/13.3.11/crds/middlewarestcp.yaml @@ -0,0 +1,61 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: middlewaretcps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: MiddlewareTCP + listKind: MiddlewareTCPList + plural: middlewaretcps + singular: middlewaretcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: MiddlewareTCP is a specification for a MiddlewareTCP resource. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: MiddlewareTCPSpec holds the MiddlewareTCP configuration. + properties: + ipWhiteList: + description: TCPIPWhiteList holds the TCP ip white list configuration. + properties: + sourceRange: + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/stable/traefik/13.3.11/crds/serverstransports.yaml b/stable/traefik/13.3.11/crds/serverstransports.yaml new file mode 100644 index 00000000000..a5f5206abad --- /dev/null +++ b/stable/traefik/13.3.11/crds/serverstransports.yaml @@ -0,0 +1,108 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: serverstransports.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: ServersTransport + listKind: ServersTransportList + plural: serverstransports + singular: serverstransport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ServersTransport is a specification for a ServersTransport resource. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + ServersTransportSpec options to configure communication between + Traefik and the servers. + properties: + certificatesSecrets: + description: Certificates for mTLS. + items: + type: string + type: array + disableHTTP2: + description: Disable HTTP/2 for connections with backend servers. + type: boolean + forwardingTimeouts: + description: Timeouts for requests forwarded to the backend servers. + properties: + dialTimeout: + anyOf: + - type: integer + - type: string + description: + The amount of time to wait until a connection to + a backend server can be established. If zero, no timeout exists. + x-kubernetes-int-or-string: true + idleConnTimeout: + anyOf: + - type: integer + - type: string + description: + The maximum period for which an idle HTTP keep-alive + connection will remain open before closing itself. + x-kubernetes-int-or-string: true + responseHeaderTimeout: + anyOf: + - type: integer + - type: string + description: + The amount of time to wait for a server's response + headers after fully writing the request (including its body, + if any). If zero, no timeout exists. + x-kubernetes-int-or-string: true + type: object + insecureSkipVerify: + description: Disable SSL certificate verification. + type: boolean + maxIdleConnsPerHost: + description: + If non-zero, controls the maximum idle (keep-alive) to + keep per-host. If zero, DefaultMaxIdleConnsPerHost is used. + type: integer + rootCAsSecrets: + description: Add cert file for self-signed certificate. + items: + type: string + type: array + serverName: + description: ServerName used to contact the server. + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/stable/traefik/13.3.11/crds/tlsoptions.yaml b/stable/traefik/13.3.11/crds/tlsoptions.yaml new file mode 100644 index 00000000000..054ffe6cf5a --- /dev/null +++ b/stable/traefik/13.3.11/crds/tlsoptions.yaml @@ -0,0 +1,92 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: tlsoptions.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TLSOption + listKind: TLSOptionList + plural: tlsoptions + singular: tlsoption + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: TLSOption is a specification for a TLSOption resource. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: TLSOptionSpec configures TLS for an entry point. + properties: + cipherSuites: + items: + type: string + type: array + clientAuth: + description: + ClientAuth defines the parameters of the client authentication + part of the TLS connection, if any. + properties: + clientAuthType: + description: + ClientAuthType defines the client authentication + type to apply. + enum: + - NoClientCert + - RequestClientCert + - VerifyClientCertIfGiven + - RequireAndVerifyClientCert + type: string + secretNames: + description: + SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + items: + type: string + type: array + type: object + curvePreferences: + items: + type: string + type: array + maxVersion: + type: string + minVersion: + type: string + preferServerCipherSuites: + type: boolean + sniStrict: + type: boolean + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/stable/traefik/13.3.11/crds/tlsstores.yaml b/stable/traefik/13.3.11/crds/tlsstores.yaml new file mode 100644 index 00000000000..0fd2501746c --- /dev/null +++ b/stable/traefik/13.3.11/crds/tlsstores.yaml @@ -0,0 +1,68 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: tlsstores.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TLSStore + listKind: TLSStoreList + plural: tlsstores + singular: tlsstore + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: TLSStore is a specification for a TLSStore resource. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: TLSStoreSpec configures a TLSStore resource. + properties: + defaultCertificate: + description: + DefaultCertificate holds a secret name for the TLSOption + resource. + properties: + secretName: + description: + SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + required: + - defaultCertificate + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/stable/traefik/13.3.11/crds/traefikservices.yaml b/stable/traefik/13.3.11/crds/traefikservices.yaml new file mode 100644 index 00000000000..c96892c41e0 --- /dev/null +++ b/stable/traefik/13.3.11/crds/traefikservices.yaml @@ -0,0 +1,289 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: traefikservices.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TraefikService + listKind: TraefikServiceList + plural: traefikservices + singular: traefikservice + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: + TraefikService is the specification for a service (that an IngressRoute + refers to) that is usually not a terminal service (i.e. not a pod of servers), + as opposed to a Kubernetes Service. That is to say, it usually refers to + other (children) services, which themselves can be TraefikServices or Services. + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + ServiceSpec defines whether a TraefikService is a load-balancer + of services or a mirroring service. + properties: + mirroring: + description: + Mirroring defines a mirroring service, which is composed + of a main load-balancer, and a list of mirrors. + properties: + kind: + enum: + - Service + - TraefikService + type: string + maxBodySize: + format: int64 + type: integer + mirrors: + items: + description: + MirrorService defines one of the mirrors of a Mirroring + service. + properties: + kind: + enum: + - Service + - TraefikService + type: string + name: + description: + Name is a reference to a Kubernetes Service + object (for a load-balancer of servers), or to a TraefikService + object (service load-balancer, mirroring, etc). The differentiation + between the two is specified in the Kind field. + type: string + namespace: + type: string + passHostHeader: + type: boolean + percent: + type: integer + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + responseForwarding: + description: + ResponseForwarding holds configuration for + the forward of the response. + properties: + flushInterval: + type: string + type: object + scheme: + type: string + serversTransport: + type: string + sticky: + description: Sticky holds the sticky configuration. + properties: + cookie: + description: + Cookie holds the sticky configuration based + on cookie. + properties: + httpOnly: + type: boolean + name: + type: string + sameSite: + type: string + secure: + type: boolean + type: object + type: object + strategy: + type: string + weight: + description: + Weight should only be specified when Name references + a TraefikService object (and to be precise, one that embeds + a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + name: + description: + Name is a reference to a Kubernetes Service object + (for a load-balancer of servers), or to a TraefikService object + (service load-balancer, mirroring, etc). The differentiation + between the two is specified in the Kind field. + type: string + namespace: + type: string + passHostHeader: + type: boolean + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + responseForwarding: + description: + ResponseForwarding holds configuration for the forward + of the response. + properties: + flushInterval: + type: string + type: object + scheme: + type: string + serversTransport: + type: string + sticky: + description: Sticky holds the sticky configuration. + properties: + cookie: + description: + Cookie holds the sticky configuration based on + cookie. + properties: + httpOnly: + type: boolean + name: + type: string + sameSite: + type: string + secure: + type: boolean + type: object + type: object + strategy: + type: string + weight: + description: + Weight should only be specified when Name references + a TraefikService object (and to be precise, one that embeds + a Weighted Round Robin). + type: integer + required: + - name + type: object + weighted: + description: WeightedRoundRobin defines a load-balancer of services. + properties: + services: + items: + description: Service defines an upstream to proxy traffic. + properties: + kind: + enum: + - Service + - TraefikService + type: string + name: + description: + Name is a reference to a Kubernetes Service + object (for a load-balancer of servers), or to a TraefikService + object (service load-balancer, mirroring, etc). The differentiation + between the two is specified in the Kind field. + type: string + namespace: + type: string + passHostHeader: + type: boolean + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + responseForwarding: + description: + ResponseForwarding holds configuration for + the forward of the response. + properties: + flushInterval: + type: string + type: object + scheme: + type: string + serversTransport: + type: string + sticky: + description: Sticky holds the sticky configuration. + properties: + cookie: + description: + Cookie holds the sticky configuration based + on cookie. + properties: + httpOnly: + type: boolean + name: + type: string + sameSite: + type: string + secure: + type: boolean + type: object + type: object + strategy: + type: string + weight: + description: + Weight should only be specified when Name references + a TraefikService object (and to be precise, one that embeds + a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + sticky: + description: Sticky holds the sticky configuration. + properties: + cookie: + description: + Cookie holds the sticky configuration based on + cookie. + properties: + httpOnly: + type: boolean + name: + type: string + sameSite: + type: string + secure: + type: boolean + type: object + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/stable/traefik/13.3.11/ix_values.yaml b/stable/traefik/13.3.11/ix_values.yaml new file mode 100644 index 00000000000..c980da8e168 --- /dev/null +++ b/stable/traefik/13.3.11/ix_values.yaml @@ -0,0 +1,387 @@ +image: + repository: tccr.io/truecharts/traefik + # defaults to appVersion + tag: 2.8.7@sha256:6aed036bb4faf8fa769f94b5eff931b73885043f870509344620098b9220f13c + pullPolicy: IfNotPresent + +# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x +ingressClass: + # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12 + enabled: false + isDefaultClass: false + # Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1" + fallbackApiVersion: "" + +# -- Deprecated (will be removed later) +# -- Activate Pilot integration +pilot: + enabled: false + token: "" + # Toggle Pilot Dashboard + # dashboard: false + +# -- Create an IngressRoute for the dashboard +ingressRoute: + dashboard: + enabled: true + # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) + annotations: {} + # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels) + labels: {} + +podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/path: "/metrics" + prometheus.io/port: "9180" + +# +# -- Configure providers +providers: + kubernetesCRD: + enabled: true + namespaces: + [] + # - "default" + kubernetesIngress: + enabled: true + # labelSelector: environment=production,method=traefik + namespaces: + [] + # - "default" + # IP used for Kubernetes Ingress endpoints + publishedService: + enabled: true + # Published Kubernetes Service to copy status from. Format: namespace/servicename + # By default this Traefik service + # pathOverride: "" + +# -- Logs +# https://docs.traefik.io/observability/logs/ +logs: + # Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on). + general: + # By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. + level: ERROR + # -- Set the format of General Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/logs/#format + format: common + access: + # To enable access logs + enabled: false + # To write the logs in an asynchronous fashion, specify a bufferingSize option. + # This option represents the number of log lines Traefik will keep in memory before writing + # them to the selected output. In some cases, this option can greatly help performances. + # bufferingSize: 100 + # Filtering https://docs.traefik.io/observability/access-logs/#filtering + filters: + {} + # statuscodes: "200,300-302" + # retryattempts: true + # minduration: 10ms + # Fields + # https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers + fields: + general: + defaultmode: keep + names: + {} + # Examples: + # ClientUsername: drop + headers: + defaultmode: drop + names: + {} + # Examples: + # User-Agent: redact + # Authorization: drop + # Content-Type: keep + # -- Set the format of Access Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/access-logs/#format + format: common + +metrics: + # datadog: + # address: 127.0.0.1:8125 + # influxdb: + # address: localhost:8089 + # protocol: udp + prometheus: + entryPoint: metrics + # statsd: + # address: localhost:8125 + +globalArguments: + - "--global.checknewversion" + +## +# -- Additional arguments to be passed at Traefik's binary +# All available options available on https://docs.traefik.io/reference/static-configuration/cli/ +## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"` +additionalArguments: + - "--metrics.prometheus" + - "--ping" + - "--serverstransport.insecureskipverify=true" + - "--providers.kubernetesingress.allowexternalnameservices=true" + +# -- TLS Options to be created as TLSOption CRDs +# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options +# Example: +tlsOptions: + default: + sniStrict: false + minVersion: VersionTLS12 + curvePreferences: + - CurveP521 + - CurveP384 + cipherSuites: + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + +# -- Options for the main traefik service, where the entrypoints traffic comes from +# from. +service: + main: + type: LoadBalancer + ports: + main: + port: 9000 + targetPort: 9000 + protocol: HTTP + # -- Forwarded Headers should never be enabled on Main entrypoint + forwardedHeaders: + enabled: false + # -- Proxy Protocol should never be enabled on Main entrypoint + proxyProtocol: + enabled: false + tcp: + enabled: true + type: LoadBalancer + ports: + web: + enabled: true + port: 9080 + protocol: HTTP + redirectTo: websecure + # Options: Empty, 0 (ingore), or positive int + # redirectPort: + # -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support + forwardedHeaders: + enabled: false + # -- List of trusted IP and CIDR references + trustedIPs: [] + # -- Trust all forwarded headers + insecureMode: false + # -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support + proxyProtocol: + enabled: false + # -- Only IPs in trustedIPs will lead to remote client address replacement + trustedIPs: [] + # -- Trust every incoming connection + insecureMode: false + websecure: + enabled: true + port: 9443 + protocol: HTTPS + # -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support + forwardedHeaders: + enabled: false + # -- List of trusted IP and CIDR references + trustedIPs: [] + # -- Trust all forwarded headers + insecureMode: false + # -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support + proxyProtocol: + enabled: false + # -- Only IPs in trustedIPs will lead to remote client address replacement + trustedIPs: [] + # -- Trust every incoming connection + insecureMode: false + # tcpexample: + # enabled: true + # targetPort: 9443 + # protocol: TCP + # tls: + # enabled: false + # # this is the name of a TLSOption definition + # options: "" + # certResolver: "" + # domains: [] + # # - main: example.com + # # sans: + # # - foo.example.com + # # - bar.example.com + metrics: + enabled: true + type: ClusterIP + ports: + metrics: + enabled: true + port: 9180 + targetPort: 9180 + protocol: HTTP + # -- Forwarded Headers should never be enabled on Metrics entrypoint + forwardedHeaders: + enabled: false + # -- Proxy Protocol should never be enabled on Metrics entrypoint + proxyProtocol: + enabled: false + udp: + enabled: false + +# probes: +# # -- Liveness probe configuration +# # @default -- See below +# liveness: +# # -- sets the probe type when not using a custom probe +# # @default -- "TCP" +# type: HTTP +# # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used +# # @default -- "/" +# path: "/ping" + +# # -- Redainess probe configuration +# # @default -- See below +# readiness: +# # -- sets the probe type when not using a custom probe +# # @default -- "TCP" +# type: HTTP +# # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used +# # @default -- "/" +# path: "/ping" + +# # -- Startup probe configuration +# # @default -- See below +# startup: +# # -- sets the probe type when not using a custom probe +# # @default -- "TCP" +# type: HTTP +# # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used +# # @default -- "/" +# path: "/ping" + +# -- Whether Role Based Access Control objects like roles and rolebindings should be created +rbac: + main: + enabled: true + rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - traefik.containo.us + resources: + - ingressroutes + - ingressroutetcps + - ingressrouteudps + - middlewares + - middlewaretcps + - tlsoptions + - tlsstores + - traefikservices + - serverstransports + verbs: + - get + - list + - watch + +# -- The service account the pods will use to interact with the Kubernetes API +serviceAccount: + main: + enabled: true + +# -- SCALE Middleware Handlers +middlewares: + basicAuth: [] + # - name: basicauthexample + # users: + # - username: testuser + # password: testpassword + forwardAuth: [] + # - name: forwardAuthexample + # address: https://auth.example.com/ + # authResponseHeaders: + # - X-Secret + # - X-Auth-User + # authRequestHeaders: + # - "Accept" + # - "X-CustomHeader" + # authResponseHeadersRegex: "^X-" + # trustForwardHeader: true + chain: [] + # - name: chainname + # middlewares: + # - name: compress + redirectScheme: [] + # - name: redirectSchemeName + # scheme: https + # permanent: true + rateLimit: [] + # - name: rateLimitName + # average: 300 + # burst: 200 + redirectRegex: [] + # - name: redirectRegexName + # regex: putregexhere + # replacement: replacementurlhere + # permanent: false + stripPrefixRegex: [] + # - name: stripPrefixRegexName + # regex: [] + ipWhiteList: [] + # - name: ipWhiteListName + # sourceRange: [] + # ipStrategy: + # depth: 2 + # excludedIPs: [] + # -- Currently requires to enable Traefik Pilot. + # -- Until it's deprecated. + themePark: [] + # - name: themeParkName + # -- Supported apps, lower case name + # -- https://docs.theme-park.dev/themes + # app: appnamehere + # -- Supported themes, lower case name + # -- https://docs.theme-park.dev/themes/APPNAMEHERE + # -- https://docs.theme-park.dev/community-themes + # theme: themenamehere + # -- https://theme-park.dev or a self hosted url + # baseUrl: https://theme-park.dev + themeParkVersion: v1.2.1 + +portalhook: + enabled: true + +persistence: + plugins: + enabled: true + mountPath: "/plugins-storage" + type: emptyDir + +portal: + enabled: true diff --git a/stable/traefik/13.3.11/questions.yaml b/stable/traefik/13.3.11/questions.yaml new file mode 100644 index 00000000000..cfee0f1ba6d --- /dev/null +++ b/stable/traefik/13.3.11/questions.yaml @@ -0,0 +1,2856 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: Controller + description: Configure Workload Deployment + - name: Container Configuration + description: Additional Container Configuration + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "http" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" + path: "/dashboard/" +questions: + - variable: global + label: Global Settings + group: Controller + schema: + type: dict + hidden: true + attrs: + - variable: isSCALE + label: Flag this is SCALE + schema: + type: boolean + default: true + hidden: true + - variable: controller + group: Controller + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: advanced + label: Show Advanced Controller Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: type + description: Please specify type of workload to deploy + label: (Advanced) Controller Type + schema: + type: string + required: true + enum: + - value: deployment + description: Deployment + - value: statefulset + description: Statefulset + - value: daemonset + description: Daemonset + default: deployment + - variable: replicas + description: Number of desired pod replicas + label: Desired Replicas + schema: + type: int + required: true + default: 1 + - variable: strategy + description: Please specify type of workload to deploy + label: (Advanced) Update Strategy + schema: + type: string + required: true + enum: + - value: Recreate + description: "Recreate: Kill existing pods before creating new ones" + - value: RollingUpdate + description: "RollingUpdate: Create new pods and then kill old ones" + - value: OnDelete + description: "(Legacy) OnDelete: ignore .spec.template changes" + default: Recreate + - variable: expert + label: Show Expert Configuration Options + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: Controller Labels + schema: + type: list + default: [] + items: + - variable: labelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: annotationsList + label: Controller Annotations + schema: + type: list + default: [] + items: + - variable: annotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: customextraargs + group: Controller + label: "Extra Args" + description: "Do not click this unless you know what you are doing" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + - variable: TZ + label: Timezone + group: Container Configuration + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + group: Container Configuration + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: expertpodconf + group: Container Configuration + label: Show Expert Configuration + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: tty + label: Enable TTY + description: Determines whether containers in a pod runs with TTY enabled. By default pod has it disabled. + group: Workload Details + schema: + type: boolean + default: false + - variable: stdin + label: Enable STDIN + description: Determines whether containers in a pod runs with stdin enabled. By default pod has it disabled. + group: Workload Details + schema: + type: boolean + default: false + - variable: termination + group: Container Configuration + label: Termination settings + schema: + additional_attrs: true + type: dict + attrs: + - variable: gracePeriodSeconds + label: Grace Period Seconds + schema: + type: int + default: 10 + - variable: podLabelsList + group: Container Configuration + label: Pod Labels + schema: + type: list + default: [] + items: + - variable: podLabelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: podAnnotationsList + group: Container Configuration + label: Pod Annotations + schema: + type: list + default: [] + items: + - variable: podAnnotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: ingressClass + label: "ingressClass" + group: "App Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + description: "When enabled, ingressClass will match the entered name of this app" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: isDefaultClass + label: "isDefaultClass" + schema: + type: boolean + default: false + - variable: logs + label: "Logs" + group: "App Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: general + label: "General Logs" + schema: + additional_attrs: true + type: dict + attrs: + - variable: level + label: "Log Level" + schema: + type: string + default: "ERROR" + enum: + - value: "INFO" + description: "Info" + - value: "WARN" + description: "Warnings" + - value: "ERROR" + description: "Errors" + - value: "FATAL" + description: "Fatal Errors" + - value: "PANIC" + description: "Panics" + - value: "DEBUG" + description: "Debug" + - variable: format + label: "General Log format" + schema: + type: string + default: "common" + enum: + - value: "common" + description: "Common Log Format" + - value: "json" + description: "JSON" + - variable: access + label: "Access Logs" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabledFilters + label: "Enable Filters" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: filters + label: "Filters" + schema: + additional_attrs: true + type: dict + attrs: + - variable: statuscodes + label: "Status codes" + schema: + type: string + default: "200,300-302" + - variable: retryattempts + label: "retryattempts" + schema: + type: boolean + default: true + - variable: minduration + label: "minduration" + schema: + type: string + default: "10ms" + - variable: fields + label: "Fields" + schema: + additional_attrs: true + type: dict + attrs: + - variable: general + label: "General" + schema: + additional_attrs: true + type: dict + attrs: + - variable: defaultmode + label: "Default Mode" + schema: + type: string + default: "keep" + enum: + - value: "keep" + description: "Keep" + - value: "drop" + description: "Drop" + - variable: headers + label: "Headers" + schema: + additional_attrs: true + type: dict + attrs: + - variable: defaultmode + label: "Default Mode" + schema: + type: string + default: "drop" + enum: + - value: "keep" + description: "Keep" + - value: "drop" + description: "Drop" + - variable: format + label: "Access Log format" + schema: + type: string + default: "common" + enum: + - value: "common" + description: "Common Log Format" + - value: "json" + description: "JSON" + - variable: middlewares + label: "" + group: "Middlewares" + schema: + additional_attrs: true + type: dict + attrs: + - variable: basicAuth + label: "basicAuth" + schema: + type: list + default: [] + items: + - variable: basicAuthEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + default: "" + - variable: users + label: "Users" + schema: + type: list + default: [] + items: + - variable: usersEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: username + label: "Username" + schema: + type: string + required: true + default: "" + - variable: password + label: "Password" + schema: + type: string + required: true + default: "" + - variable: forwardAuth + label: "forwardAuth" + schema: + type: list + default: [] + items: + - variable: basicAuthEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + default: "" + - variable: address + label: "Address" + schema: + type: string + required: true + default: "" + - variable: trustForwardHeader + label: "trustForwardHeader" + schema: + type: boolean + default: false + - variable: authResponseHeadersRegex + label: "authResponseHeadersRegex" + schema: + type: string + default: "" + - variable: authResponseHeaders + label: "authResponseHeaders" + schema: + type: list + default: [] + items: + - variable: authResponseHeadersEntry + label: "" + schema: + type: string + default: "" + - variable: authRequestHeaders + label: "authRequestHeaders" + schema: + type: list + default: [] + items: + - variable: authRequestHeadersEntry + label: "" + schema: + type: string + default: "" + - variable: chain + label: "chain" + schema: + type: list + default: [] + items: + - variable: chainEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: middlewares + label: "Middlewares to Chain" + schema: + type: list + default: [] + items: + - variable: name + label: "Name" + schema: + type: string + required: true + default: "" + - variable: redirectScheme + label: "redirectScheme" + schema: + type: list + default: [] + items: + - variable: redirectSchemeEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: scheme + label: "Scheme" + schema: + type: string + required: true + default: "https" + enum: + - value: "https" + description: "https" + - value: "http" + description: "http" + - variable: permanent + label: "Permanent" + schema: + type: boolean + default: false + - variable: rateLimit + label: "rateLimit" + schema: + type: list + default: [] + items: + - variable: rateLimitEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: average + label: "Average" + schema: + type: int + required: true + default: 300 + - variable: burst + label: "Burst" + schema: + type: int + required: true + default: 200 + - variable: redirectRegex + label: "redirectRegex" + schema: + type: list + default: [] + items: + - variable: redirectRegexEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: regex + label: "Regex" + schema: + type: string + required: true + default: "" + - variable: replacement + label: "Replacement" + schema: + type: string + required: true + default: "" + - variable: permanent + label: "Permanent" + schema: + type: boolean + default: false + - variable: stripPrefixRegex + label: "stripPrefixRegex" + schema: + type: list + default: [] + items: + - variable: stripPrefixRegexEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: regex + label: "Regex" + schema: + type: list + default: [] + items: + - variable: regexEntry + label: "Regex" + schema: + type: string + required: true + default: "" + - variable: ipWhiteList + label: "ipWhiteList" + schema: + type: list + default: [] + items: + - variable: ipWhiteListEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + default: "" + - variable: sourceRange + label: "Source Range" + schema: + type: list + default: [] + items: + - variable: sourceRangeEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: ipStrategy + label: "IP Strategy" + schema: + additional_attrs: true + type: dict + attrs: + - variable: depth + label: "Depth" + schema: + type: int + required: true + - variable: excludedIPs + label: "Excluded IPs" + schema: + type: list + default: [] + items: + - variable: excludedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: themePark + label: "theme.park" + schema: + type: list + default: [] + items: + - variable: themeParkEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + description: This is a 3rd party plugin and not maintained by TrueCharts, + for more information go to traefik-themepark + schema: + type: string + required: true + - variable: appName + label: App Name + description: Lower case, name of the app to be themed. +
Go to https://docs.theme-park.dev/themes/ to see supported apps. + schema: + type: string + required: true + - variable: themeName + label: Theme Name + description: Lower case, name of the theme to be applied. +
Go to https://docs.theme-park.dev/theme-options/ to see supported themes. + schema: + type: string + required: true + - variable: baseUrl + label: Base URL + description: Replace `https://theme-park.dev` URL for self-hosting reference. + schema: + type: string + required: true + default: https://theme-park.dev + - variable: addons + label: Addons + schema: + type: list + default: [] + items: + - variable: addonEntry + label: "Addon" + description: Currently only supports 'darker' and '4k-logo' for *arr apps. +
Go to https://docs.theme-park.dev/themes/addons/ for Addon information. +
Go to https://github.com/packruler/traefik-themepark for more context on plugin + schema: + type: string + required: true + default: "" + - variable: service + group: "Networking and Services" + label: "Configure Service Entrypoint" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Entrypoint Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabled + label: Enable the Port + schema: + type: boolean + hidden: true + default: true + - variable: protocol + label: Port Type + schema: + type: string + default: HTTP + enum: + - value: HTTP + description: HTTP + - value: HTTPS + description: HTTPS + - value: TCP + description: TCP + - value: UDP + description: UDP + - variable: nodePort + label: Node Port (Optional) + description: This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: "Target Port" + description: "The internal(!) port on the container the Application runs on" + schema: + type: int + default: 9000 + - variable: port + label: "Entrypoints Port" + schema: + type: int + default: 9000 + required: true + - variable: tcp + label: "TCP Service" + description: "The tcp Entrypoint service" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: web + label: "web Entrypoint Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Entrypoints Port" + schema: + type: int + default: 9080 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabled + label: Enable the Port + schema: + type: boolean + hidden: true + default: true + - variable: protocol + label: Port Type + schema: + type: string + default: HTTP + enum: + - value: HTTP + description: HTTP + - value: HTTPS + description: HTTPS + - value: TCP + description: TCP + - value: UDP + description: UDP + - variable: nodePort + label: Node Port (Optional) + description: This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: "Target Port" + description: "The internal(!) port on the container the Application runs on" + schema: + type: int + - variable: redirectPort + label: "Redirect to Port" + schema: + type: int + - variable: redirectTo + label: "Redirect to Entrypoint" + schema: + type: string + default: "websecure" + - variable: forwardedHeaders + label: Accept Forwarded Headers + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Trust Forwarded Headers from specific IPs. + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Always Trust Forwarded Headers + schema: + type: boolean + default: false + - variable: proxyProtocol + label: Accept Proxy Protocol connections + description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Only IPs in trustedIPs will lead to remote client address replacement + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Trust every incoming connection + schema: + type: boolean + default: false + - variable: websecure + label: "websecure Entrypoints Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Entrypoints Port" + schema: + type: int + default: 9443 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabled + label: Enable the Port + schema: + type: boolean + hidden: true + default: true + - variable: protocol + label: Port Type + schema: + type: string + default: HTTPS + enum: + - value: HTTP + description: HTTP + - value: HTTPS + description: HTTPS + - value: TCP + description: TCP + - value: UDP + description: UDP + - variable: nodePort + label: Node Port (Optional) + description: This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: "Target Port" + description: "The internal(!) port on the container the Application runs on" + schema: + type: int + - variable: redirectPort + label: "Redirect to Port" + schema: + type: int + - variable: redirectTo + label: "Redirect to Entrypoint" + schema: + type: string + - variable: forwardedHeaders + label: Accept Forwarded Headers + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Trust Forwarded Headers from specific IPs. + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Always Trust Forwarded Headers + schema: + type: boolean + default: false + - variable: proxyProtocol + label: Accept Proxy Protocol connections + description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Only IPs in trustedIPs will lead to remote client address replacement + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Trust every incoming connection + schema: + type: boolean + default: false + - variable: tls + label: "websecure Entrypoints Configuration" + schema: + type: dict + hidden: true + attrs: + - variable: enabled + label: "Enabled" + schema: + type: boolean + default: true + hidden: true + - variable: portsList + label: "Additional TCP Entrypoints" + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: "Custom Entrypoints" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the port" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Entrypoints Name" + schema: + type: string + default: "" + - variable: protocol + label: "Entrypoints Type" + schema: + type: string + default: "TCP" + enum: + - value: HTTP + description: "HTTP" + - value: "HTTPS" + description: "HTTPS" + - value: TCP + description: "TCP" + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + required: true + - variable: tls + label: "websecure Entrypoints Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enabled" + schema: + type: boolean + default: true + - variable: redirectPort + label: "Redirect to Port" + schema: + type: int + - variable: redirectTo + label: "Redirect to Entrypoint" + schema: + type: string + - variable: forwardedHeaders + label: Accept Forwarded Headers + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Trust Forwarded Headers from specific IPs. + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Always Trust Forwarded Headers + schema: + type: boolean + default: false + - variable: proxyProtocol + label: Accept Proxy Protocol connections + description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Only IPs in trustedIPs will lead to remote client address replacement + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Trust every incoming connection + schema: + type: boolean + default: false + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: Select TrueNAS SCALE Certificate + schema: + type: int + $ref: + - "definitions/certificate" + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: expert + label: Show Expert Configuration Options + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enableFixedMiddlewares + description: These middlewares enforce a number of best practices. + label: Enable Default Middlewares + schema: + type: boolean + default: true + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: labelsList + label: Labels + schema: + type: list + default: [] + items: + - variable: labelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: annotationsList + label: Annotations + schema: + type: list + default: [] + items: + - variable: annotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: labelsList + label: Labels + schema: + type: list + default: [] + items: + - variable: labelItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: annotationsList + label: Annotations + schema: + type: list + default: [] + items: + - variable: annotationItem + label: Label + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: Select TrueNAS SCALE Certificate + schema: + type: int + $ref: + - "definitions/certificate" + - variable: entrypoint + label: Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: security + label: Container Security Settings + group: Security and Permissions + schema: + type: dict + additional_attrs: true + attrs: + - variable: editsecurity + label: Change PUID / UMASK values + description: By enabling this you override default set values. + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "002" + - variable: advancedSecurity + label: Show Advanced Security Settings + group: Security and Permissions + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: securityContext + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: allowPrivilegeEscalation + label: "Allow Privilege Escalation" + schema: + type: boolean + default: false + - variable: runAsNonRoot + label: "runAsNonRoot" + schema: + type: boolean + default: true + - variable: capabilities + label: Capabilities + schema: + additional_attrs: true + type: dict + attrs: + - variable: drop + label: Drop Capability + schema: + type: list + default: [] + items: + - variable: dropEntry + label: "" + schema: + type: string + - variable: add + label: Add Capability + schema: + type: list + default: [] + items: + - variable: addEntry + label: "" + schema: + type: string + - variable: podSecurityContext + group: Security and Permissions + label: Pod Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID this App of the user running the application" + schema: + type: int + default: 568 + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + + - variable: advancedresources + label: Set Custom Resource Limits/Requests (Advanced) + group: Resources and Devices + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: resources + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 10m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/docs/manual/SCALE%20Apps/indepth/validation" + schema: + type: string + default: 50Mi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: hostPath + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + # Specify GPU configuration + - variable: scaleGPU + label: GPU Configuration + group: Resources and Devices + schema: + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] +# - variable: autoscaling +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: networkPolicy +# group: Advanced +# label: (Advanced) Network Policy +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: policyType +# label: Policy Type +# schema: +# type: string +# default: "" +# enum: +# - value: "" +# description: Default +# - value: ingress +# description: Ingress +# - value: egress +# description: Egress +# - value: ingress-egress +# description: Ingress and Egress +# - variable: egress +# label: Egress +# schema: +# type: list +# default: [] +# items: +# - variable: egressEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: to +# label: To +# schema: +# type: list +# default: [] +# items: +# - variable: toEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: ipBlock +# label: IP Block +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: cidr +# label: CIDR +# schema: +# type: string +# default: "" +# - variable: except +# label: Except +# schema: +# type: list +# default: [] +# items: +# - variable: exceptint +# label: "" +# schema: +# type: string +# - variable: namespaceSelector +# label: Namespace Selector +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: matchExpressions +# label: Match Expressions +# schema: +# type: list +# default: [] +# items: +# - variable: expressionEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: key +# label: Key +# schema: +# type: string +# - variable: operator +# label: Operator +# schema: +# type: string +# default: TCP +# enum: +# - value: In +# description: In +# - value: NotIn +# description: NotIn +# - value: Exists +# description: Exists +# - value: DoesNotExist +# description: DoesNotExist +# - variable: values +# label: Values +# schema +# type: list +# default: [] +# items: +# - variable: value +# label: "" +# schema: +# type: string +# - variable: podSelector +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: matchExpressions +# label: Match Expressions +# schema: +# type: list +# default: [] +# items: +# - variable: expressionEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: key +# label: Key +# schema: +# type: string +# - variable: operator +# label: Operator +# schema: +# type: string +# default: TCP +# enum: +# - value: In +# description: In +# - value: NotIn +# description: NotIn +# - value: Exists +# description: Exists +# - value: DoesNotExist +# description: DoesNotExist +# - variable: values +# label: Values +# schema: +# type: list +# default: [] +# items: +# - variable: value +# label: "" +# schema: +# type: string +# - variable: ports +# label: Ports +# schema: +# type: list +# default: [] +# items: +# - variable: portsEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: port +# label: Port +# schema: +# type: int +# - variable: endPort +# label: End Port +# schema: +# type: int +# - variable: protocol +# label: Protocol +# schema: +# type: string +# default: TCP +# enum: +# - value: TCP +# description: TCP +# - value: UDP +# description: UDP +# - value: SCTP +# description: SCTP +# - variable: ingress +# label: Ingress +# schema: +# type: list +# default: [] +# items: +# - variable: ingressEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: from +# label: From +# schema: +# type: list +# default: [] +# items: +# - variable: fromEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: ipBlock +# label: IP Block +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: cidr +# label: CIDR +# schema: +# type: string +# default: "" +# - variable: except +# label: Except +# schema: +# type: list +# default: [] +# items: +# - variable: exceptint +# label: "" +# schema: +# type: string +# - variable: namespaceSelector +# label: Namespace Selector +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: matchExpressions +# label: Match Expressions +# schema: +# type: list +# default: [] +# items: +# - variable: expressionEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: key +# label: Key +# schema: +# type: string +# - variable: operator +# label: Operator +# schema: +# type: string +# default: TCP +# enum: +# - value: In +# description: In +# - value: NotIn +# description: NotIn +# - value: Exists +# description: Exists +# - value: DoesNotExist +# description: DoesNotExist +# - variable: values +# label: Values +# schema: +# type: list +# default: [] +# items: +# - variable: value +# label: "" +# schema: +# type: string +# - variable: podSelector +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: matchExpressions +# label: Match Expressions +# schema: +# type: list +# default: [] +# items: +# - variable: expressionEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: key +# label: Key +# schema: +# type: string +# - variable: operator +# label: Operator +# schema: +# type: string +# default: TCP +# enum: +# - value: In +# description: In +# - value: NotIn +# description: NotIn +# - value: Exists +# description: Exists +# - value: DoesNotExist +# description: DoesNotExist +# - variable: values +# label: Values +# schema: +# type: list +# default: [] +# items: +# - variable: value +# label: "" +# schema: +# type: string +# - variable: ports +# label: Ports +# schema: +# type: list +# default: [] +# items: +# - variable: portsEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: port +# label: Port +# schema: +# type: int +# - variable: endPort +# label: End Port +# schema: +# type: int +# - variable: protocol +# label: Protocol +# schema: +# type: string +# default: TCP +# enum: +# - value: TCP +# description: TCP +# - value: UDP +# description: UDP +# - value: SCTP +# description: SCTP + + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: openvpn + description: OpenVPN + - value: wireguard + description: Wireguard + - value: tailscale + description: Tailscale + - variable: openvpn + label: OpenVPN Settings + schema: + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: Sock5 Server + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: dict + show_if: [["type", "!=", "disabled"]] + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type + schema: + type: string + default: hostPath + hidden: true + - variable: hostPathType + label: hostPathType + schema: + type: string + default: File + hidden: true + - variable: noMount + label: noMount + schema: + type: boolean + default: true + hidden: true + - variable: hostPath + label: Full Path to File + description: "Path to your local VPN config file for example: /mnt/tank/vpn.conf or /mnt/tank/vpn.ovpn" + schema: + type: string + default: "" + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: git + label: Git Settings + schema: + additional_attrs: true + type: dict + attrs: + - variable: deployKey + description: Raw SSH Private Key + label: Deploy Key + schema: + type: string + - variable: deployKeyBase64 + description: Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence + label: Deploy Key Base64 + schema: + type: string + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: nodePort + description: Leave Empty to Disable + label: nodePort DEPRECATED + schema: + type: int + default: 36107 + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: promtail + label: Promtail + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: loki + label: Loki URL + schema: + type: string + required: true + - variable: logs + label: Log Paths + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: path + label: Path + schema: + type: string + required: true + - variable: args + label: Promtail Command Line Arguments + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + required: true + - variable: envList + label: Promtail Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/docs/about/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true diff --git a/stable/traefik/13.3.11/templates/_args.tpl b/stable/traefik/13.3.11/templates/_args.tpl new file mode 100644 index 00000000000..68c640bf0df --- /dev/null +++ b/stable/traefik/13.3.11/templates/_args.tpl @@ -0,0 +1,166 @@ +{{/* Define the args */}} +{{- define "traefik.args" -}} +args: + {{/* merge all ports */}} + {{- $ports := dict }} + {{- range $.Values.service }} + {{- range $name, $value := .ports }} + {{- $_ := set $ports $name $value }} + {{- end }} + {{- end }} + {{/* start of actual arguments */}} + {{- with .Values.globalArguments }} + {{- range . }} + - {{ . | quote }} + {{- end }} + {{- end }} + {{- range $name, $config := $ports }} + {{- if $config }} + {{- if or ( eq $config.protocol "HTTP" ) ( eq $config.protocol "HTTPS" ) ( eq $config.protocol "TCP" ) }} + {{- $_ := set $config "protocol" "TCP" }} + {{- end }} + - "--entryPoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}" + {{- end }} + {{- end }} + - "--api.dashboard=true" + - "--ping=true" + {{- if .Values.metrics }} + {{- if .Values.metrics.datadog }} + - "--metrics.datadog=true" + - "--metrics.datadog.address={{ .Values.metrics.datadog.address }}" + {{- end }} + {{- if .Values.metrics.influxdb }} + - "--metrics.influxdb=true" + - "--metrics.influxdb.address={{ .Values.metrics.influxdb.address }}" + - "--metrics.influxdb.protocol={{ .Values.metrics.influxdb.protocol }}" + {{- end }} + {{- if .Values.metrics.prometheus }} + - "--metrics.prometheus=true" + - "--metrics.prometheus.entrypoint={{ .Values.metrics.prometheus.entryPoint }}" + {{- end }} + {{- if .Values.metrics.statsd }} + - "--metrics.statsd=true" + - "--metrics.statsd.address={{ .Values.metrics.statsd.address }}" + {{- end }} + {{- end }} + {{- if .Values.providers.kubernetesCRD.enabled }} + - "--providers.kubernetescrd" + {{- end }} + {{- if .Values.providers.kubernetesIngress.enabled }} + - "--providers.kubernetesingress" + {{- if .Values.providers.kubernetesIngress.publishedService.enabled }} + - "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}" + {{- end }} + {{- if .Values.providers.kubernetesIngress.labelSelector }} + - "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}" + {{- end }} + {{- end }} + {{- if and .Values.rbac.enabled .Values.rbac.namespaced }} + {{- if .Values.providers.kubernetesCRD.enabled }} + - "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" . }}" + {{- end }} + {{- if .Values.providers.kubernetesIngress.enabled }} + - "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" . }}" + {{- end }} + {{- end }} + {{- if .Values.ingressClass.enabled }} + - "--providers.kubernetesingress.ingressclass={{ .Release.Name }}" + {{- end }} + {{- range $entrypoint, $config := $ports }} + {{/* add args for proxyProtocol support */}} + {{- if $config.proxyProtocol }} + {{- if $config.proxyProtocol.enabled }} + {{- if $config.proxyProtocol.insecureMode }} + - "--entrypoints.{{ $entrypoint }}.proxyProtocol.insecure" + {{- end }} + {{- if not ( empty $config.proxyProtocol.trustedIPs ) }} + - "--entrypoints.{{ $entrypoint }}.proxyProtocol.trustedIPs={{ join "," $config.proxyProtocol.trustedIPs }}" + {{- end }} + {{- end }} + {{- end }} + {{/* add args for forwardedHeaders support */}} + {{- if $config.forwardedHeaders.enabled }} + {{- if not ( empty $config.forwardedHeaders.trustedIPs ) }} + - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}" + {{- end }} + {{- if $config.forwardedHeaders.insecureMode }} + - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.insecure" + {{- end }} + {{- end }} + {{/* end forwardedHeaders configuration */}} + {{- if $config.redirectTo }} + {{- $toPort := index $ports $config.redirectTo }} + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.port }}" + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https" + {{- else if $config.redirectPort }} + {{ if gt $config.redirectPort 0.0 }} + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $config.redirectPort }}" + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https" + {{- end }} + {{- end }} + {{- if or ( $config.tls ) ( eq $config.protocol "HTTPS" ) }} + {{- if or ( $config.tls.enabled ) ( eq $config.protocol "HTTPS" ) }} + - "--entrypoints.{{ $entrypoint }}.http.tls=true" + {{- if $config.tls.options }} + - "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}" + {{- end }} + {{- if $config.tls.certResolver }} + - "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}" + {{- end }} + {{- if $config.tls.domains }} + {{- range $index, $domain := $config.tls.domains }} + {{- if $domain.main }} + - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}" + {{- end }} + {{- if $domain.sans }} + - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}" + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Values.logs }} + - "--log.format={{ .general.format }}" + {{- if ne .general.level "ERROR" }} + - "--log.level={{ .general.level | upper }}" + {{- end }} + {{- if .access.enabled }} + - "--accesslog=true" + - "--accesslog.format={{ .access.format }}" + {{- if .access.bufferingsize }} + - "--accesslog.bufferingsize={{ .access.bufferingsize }}" + {{- end }} + {{- if .access.filters }} + {{- if .access.filters.statuscodes }} + - "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}" + {{- end }} + {{- if .access.filters.retryattempts }} + - "--accesslog.filters.retryattempts" + {{- end }} + {{- if .access.filters.minduration }} + - "--accesslog.filters.minduration={{ .access.filters.minduration }}" + {{- end }} + {{- end }} + - "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}" + {{- range $fieldname, $fieldaction := .access.fields.general.names }} + - "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}" + {{- end }} + - "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}" + {{- range $fieldname, $fieldaction := .access.fields.headers.names }} + - "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}" + {{- end }} + {{- end }} + {{- end }} + {{/* theme.park */}} + {{- if .Values.middlewares.themePark }} + - "--experimental.plugins.traefik-themepark.modulename=github.com/packruler/traefik-themepark" + - "--experimental.plugins.traefik-themepark.version={{ .Values.middlewares.themeParkVersion }}" + {{- end }} + {{/* End of theme.park */}} + {{- with .Values.additionalArguments }} + {{- range . }} + - {{ . | quote }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/stable/traefik/13.3.11/templates/_helpers.tpl b/stable/traefik/13.3.11/templates/_helpers.tpl new file mode 100644 index 00000000000..ab55e4e7ec6 --- /dev/null +++ b/stable/traefik/13.3.11/templates/_helpers.tpl @@ -0,0 +1,22 @@ +{{/* +Construct the path for the providers.kubernetesingress.ingressendpoint.publishedservice. +By convention this will simply use the / to match the name of the +service generated. +Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride` +*/}} +{{- define "providers.kubernetesIngress.publishedServicePath" -}} +{{- $fullName := include "tc.common.names.fullname" . -}} +{{- $defServiceName := printf "%s/%s-tcp" .Release.Namespace $fullName -}} +{{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }} +{{- print $servicePath | trimSuffix "-" -}} +{{- end -}} + +{{/* +Construct a comma-separated list of whitelisted namespaces +*/}} +{{- define "providers.kubernetesIngress.namespaces" -}} +{{- default .Release.Namespace (join "," .Values.providers.kubernetesIngress.namespaces) }} +{{- end -}} +{{- define "providers.kubernetesCRD.namespaces" -}} +{{- default .Release.Namespace (join "," .Values.providers.kubernetesCRD.namespaces) }} +{{- end -}} diff --git a/stable/traefik/13.3.11/templates/_ingressclass.tpl b/stable/traefik/13.3.11/templates/_ingressclass.tpl new file mode 100644 index 00000000000..909e249d6a5 --- /dev/null +++ b/stable/traefik/13.3.11/templates/_ingressclass.tpl @@ -0,0 +1,24 @@ +{{/* Define the ingressClass */}} +{{- define "traefik.ingressClass" -}} +--- +{{ if .Values.ingressClass.enabled }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass" }} +apiVersion: networking.k8s.io/v1 + {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass" }} +apiVersion: networking.k8s.io/v1beta1 + {{- else if or (eq .Values.ingressClass.fallbackApiVersion "v1beta1") (eq .Values.ingressClass.fallbackApiVersion "v1") }} +apiVersion: {{ printf "networking.k8s.io/%s" .Values.ingressClass.fallbackApiVersion }} + {{- else }} + {{- fail "\n\n ERROR: You must have at least networking.k8s.io/v1beta1 to use ingressClass" }} + {{- end }} +kind: IngressClass +metadata: + annotations: + ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} + name: {{ .Release.Name }} +spec: + controller: traefik.io/ingress-controller +{{- end }} +{{- end }} diff --git a/stable/traefik/13.3.11/templates/_ingressroute.tpl b/stable/traefik/13.3.11/templates/_ingressroute.tpl new file mode 100644 index 00000000000..7f012c92350 --- /dev/null +++ b/stable/traefik/13.3.11/templates/_ingressroute.tpl @@ -0,0 +1,25 @@ +{{/* Define the ingressRoute */}} +{{- define "traefik.ingressRoute" -}} +{{ if .Values.ingressRoute.dashboard.enabled }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: {{ include "tc.common.names.fullname" . }}-dashboard + annotations: + {{- with .Values.ingressRoute.dashboard.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} +spec: + entryPoints: + - main + routes: + - match: PathPrefix(`/dashboard`) || PathPrefix(`/api`) + kind: Rule + services: + - name: api@internal + kind: TraefikService +{{ end }} +{{- end -}} diff --git a/stable/traefik/13.3.11/templates/_portalhook.tpl b/stable/traefik/13.3.11/templates/_portalhook.tpl new file mode 100644 index 00000000000..e3586c5d4e9 --- /dev/null +++ b/stable/traefik/13.3.11/templates/_portalhook.tpl @@ -0,0 +1,26 @@ +{{/* Define the portalHook */}} +{{- define "traefik.portalhook" -}} +{{- if .Values.portalhook.enabled }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: portalhook + namespace: {{ $namespace }} +data: + {{- $ports := dict }} + {{- range $.Values.service }} + {{- range $name, $value := .ports }} + {{- $_ := set $ports $name $value }} + {{- end }} + {{- end }} + {{- range $name, $value := $ports }} + {{ $name }}: {{ $value.port | quote }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/stable/traefik/13.3.11/templates/_tlsoptions.tpl b/stable/traefik/13.3.11/templates/_tlsoptions.tpl new file mode 100644 index 00000000000..3e5aad3bee9 --- /dev/null +++ b/stable/traefik/13.3.11/templates/_tlsoptions.tpl @@ -0,0 +1,12 @@ +{{/* Define the tlsOptions */}} +{{- define "traefik.tlsOptions" -}} +{{- range $name, $config := .Values.tlsOptions }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: TLSOption +metadata: + name: {{ $name }} +spec: + {{- toYaml $config | nindent 2 }} +{{- end }} +{{- end -}} diff --git a/stable/traefik/13.3.11/templates/common.yaml b/stable/traefik/13.3.11/templates/common.yaml new file mode 100644 index 00000000000..c933a3d08e0 --- /dev/null +++ b/stable/traefik/13.3.11/templates/common.yaml @@ -0,0 +1,24 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.common.loader.init" . }} + +{{- if .Values.metrics }} +{{- if .Values.metrics.prometheus }} +{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}} +{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}} +{{- $_ := set .Values.podAnnotations "prometheus.io/port" "9180" -}} +{{- end }} +{{- end }} + +{{- $newArgs := (include "traefik.args" . | fromYaml) }} +{{- $_ := set .Values "newArgs" $newArgs -}} +{{- $mergedargs := concat .Values.args .Values.newArgs.args }} +{{- $_ := set .Values "args" $mergedargs -}} + +{{- include "traefik.portalhook" . }} +{{- include "traefik.tlsOptions" . }} +{{- include "traefik.ingressRoute" . }} +{{- include "traefik.ingressClass" . }} + + +{{/* Render the templates */}} +{{ include "tc.common.loader.apply" . }} diff --git a/stable/traefik/13.3.11/templates/middlewares/basic-middleware.yaml b/stable/traefik/13.3.11/templates/middlewares/basic-middleware.yaml new file mode 100644 index 00000000000..9ba8e5c5d93 --- /dev/null +++ b/stable/traefik/13.3.11/templates/middlewares/basic-middleware.yaml @@ -0,0 +1,62 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: compress + namespace: {{ $namespace }} +spec: + compress: {} +--- +# Here, an average of 300 requests per second is allowed. +# In addition, a burst of 200 requests is allowed. +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: basic-ratelimit + namespace: {{ $namespace }} +spec: + rateLimit: + average: 600 + burst: 400 +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: basic-secure-headers + namespace: {{ $namespace }} +spec: + headers: + accessControlAllowMethods: + - GET + - OPTIONS + - HEAD + - PUT + accessControlMaxAge: 100 + stsSeconds: 63072000 + # stsIncludeSubdomains: false + # stsPreload: false + forceSTSHeader: true + contentTypeNosniff: true + browserXssFilter: true + referrerPolicy: same-origin + customRequestHeaders: + X-Forwarded-Proto: "https" + customResponseHeaders: + server: '' +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: chain-basic + namespace: {{ $namespace }} +spec: + chain: + middlewares: + - name: basic-ratelimit + - name: basic-secure-headers + - name: compress diff --git a/stable/traefik/13.3.11/templates/middlewares/basicauth.yaml b/stable/traefik/13.3.11/templates/middlewares/basicauth.yaml new file mode 100644 index 00000000000..ccb541742f0 --- /dev/null +++ b/stable/traefik/13.3.11/templates/middlewares/basicauth.yaml @@ -0,0 +1,34 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{ range $index, $middlewareData := .Values.middlewares.basicAuth }} +--- +{{- $users := list }} +{{ range $index, $userdata := $middlewareData.users }} + {{ $users = append $users ( htpasswd $userdata.username $userdata.password ) }} +{{ end }} + +apiVersion: v1 +kind: Secret +metadata: + name: {{printf "%v-%v" $middlewareData.name "secret" }} + namespace: {{ $namespace }} +type: Opaque +stringData: + users: | + {{- range $index, $user := $users }} + {{ printf "%s" $user }} + {{- end }} +--- +# Declaring the user list +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + basicAuth: + secret: {{printf "%v-%v" $middlewareData.name "secret" }} +{{ end }} diff --git a/stable/traefik/13.3.11/templates/middlewares/chain.yaml b/stable/traefik/13.3.11/templates/middlewares/chain.yaml new file mode 100644 index 00000000000..f87994f7956 --- /dev/null +++ b/stable/traefik/13.3.11/templates/middlewares/chain.yaml @@ -0,0 +1,21 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{ range $index, $middlewareData := .Values.middlewares.chain }} + +--- +# Declaring the user list +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + chain: + middlewares: + {{ range $index, $middleware := .middlewares }} + - name: {{ printf "%v-%v@%v" $namespace $middleware "kubernetescrd" }} + {{ end }} +{{ end }} diff --git a/stable/traefik/13.3.11/templates/middlewares/forwardauth.yaml b/stable/traefik/13.3.11/templates/middlewares/forwardauth.yaml new file mode 100644 index 00000000000..7a3e32fdbf7 --- /dev/null +++ b/stable/traefik/13.3.11/templates/middlewares/forwardauth.yaml @@ -0,0 +1,30 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{ range $index, $middlewareData := .Values.middlewares.forwardAuth }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + forwardAuth: + address: {{ $middlewareData.address }} + {{- with $middlewareData.authResponseHeaders }} + authResponseHeaders: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $middlewareData.authRequestHeaders }} + authRequestHeaders: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if $middlewareData.authResponseHeadersRegex }} + authResponseHeadersRegex: {{ $middlewareData.authResponseHeadersRegex }} + {{- end }} + {{- if $middlewareData.trustForwardHeader }} + trustForwardHeader: true + {{- end }} +{{ end }} diff --git a/stable/traefik/13.3.11/templates/middlewares/ipwhitelist.yaml b/stable/traefik/13.3.11/templates/middlewares/ipwhitelist.yaml new file mode 100644 index 00000000000..1179245017e --- /dev/null +++ b/stable/traefik/13.3.11/templates/middlewares/ipwhitelist.yaml @@ -0,0 +1,33 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{ range $index, $middlewareData := .Values.middlewares.ipWhiteList }} + +--- +# Declaring the user list +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + ipWhiteList: + sourceRange: + {{- range $middlewareData.sourceRange }} + - {{ . }} + {{- end }} + {{- if $middlewareData.ipStrategy }} + ipStrategy: + {{- if $middlewareData.ipStrategy.depth }} + depth: {{ $middlewareData.ipStrategy.depth }} + {{- end }} + {{- if $middlewareData.ipStrategy.excludedIPs }} + excludedIPs: + {{- range $middlewareData.ipStrategy.excludedIPs }} + - {{ . }} + {{- end }} + {{- end }} + {{- end }} +{{ end }} diff --git a/stable/traefik/13.3.11/templates/middlewares/ratelimit.yaml b/stable/traefik/13.3.11/templates/middlewares/ratelimit.yaml new file mode 100644 index 00000000000..144b9d8bf38 --- /dev/null +++ b/stable/traefik/13.3.11/templates/middlewares/ratelimit.yaml @@ -0,0 +1,19 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{ range $index, $middlewareData := .Values.middlewares.rateLimit }} + +--- +# Declaring the user list +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + rateLimit: + average: {{ $middlewareData.average }} + burst: {{ $middlewareData.burst }} +{{ end }} diff --git a/stable/traefik/13.3.11/templates/middlewares/redirectScheme.yaml b/stable/traefik/13.3.11/templates/middlewares/redirectScheme.yaml new file mode 100644 index 00000000000..f2413f84e19 --- /dev/null +++ b/stable/traefik/13.3.11/templates/middlewares/redirectScheme.yaml @@ -0,0 +1,19 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{ range $index, $middlewareData := .Values.middlewares.redirectScheme }} + +--- +# Declaring the user list +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + redirectScheme: + scheme: {{ $middlewareData.scheme }} + permanent: {{ $middlewareData.permanent }} +{{ end }} diff --git a/stable/traefik/13.3.11/templates/middlewares/redirectregex.yaml b/stable/traefik/13.3.11/templates/middlewares/redirectregex.yaml new file mode 100644 index 00000000000..46e3e724dd6 --- /dev/null +++ b/stable/traefik/13.3.11/templates/middlewares/redirectregex.yaml @@ -0,0 +1,20 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{ range $index, $middlewareData := .Values.middlewares.redirectRegex }} + +--- +# Declaring the user list +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + redirectRegex: + regex: {{ $middlewareData.regex | quote }} + replacement: {{ $middlewareData.replacement | quote }} + permanent: {{ $middlewareData.permanent }} +{{ end }} diff --git a/stable/traefik/13.3.11/templates/middlewares/stripPrefixRegex.yaml b/stable/traefik/13.3.11/templates/middlewares/stripPrefixRegex.yaml new file mode 100644 index 00000000000..007c166ff39 --- /dev/null +++ b/stable/traefik/13.3.11/templates/middlewares/stripPrefixRegex.yaml @@ -0,0 +1,20 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} + +{{ range $index, $middlewareData := .Values.middlewares.stripPrefixRegex }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + stripPrefixRegex: + regex: + {{- range $middlewareData.regex }} + - {{ . | quote }} + {{- end }} +{{ end }} diff --git a/stable/traefik/13.3.11/templates/middlewares/tc-chains.yaml b/stable/traefik/13.3.11/templates/middlewares/tc-chains.yaml new file mode 100644 index 00000000000..409766daa89 --- /dev/null +++ b/stable/traefik/13.3.11/templates/middlewares/tc-chains.yaml @@ -0,0 +1,29 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: tc-opencors-chain + namespace: {{ $namespace }} +spec: + chain: + middlewares: + - name: basic-ratelimit + - name: tc-opencors-headers + - name: compress +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: tc-closedcors-chain + namespace: {{ $namespace }} +spec: + chain: + middlewares: + - name: basic-ratelimit + - name: tc-closedcors-headers + - name: compress diff --git a/stable/traefik/13.3.11/templates/middlewares/tc-headers.yaml b/stable/traefik/13.3.11/templates/middlewares/tc-headers.yaml new file mode 100644 index 00000000000..a0462f1fd73 --- /dev/null +++ b/stable/traefik/13.3.11/templates/middlewares/tc-headers.yaml @@ -0,0 +1,62 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: tc-opencors-headers + namespace: {{ $namespace }} +spec: + headers: + accessControlAllowHeaders: + - '*' + accessControlAllowMethods: + - GET + - OPTIONS + - HEAD + - PUT + - POST + accessControlAllowOriginList: + - '*' + accessControlMaxAge: 100 + browserXssFilter: true + contentTypeNosniff: true + customRequestHeaders: + X-Forwarded-Proto: https + customResponseHeaders: + server: "" + forceSTSHeader: true + referrerPolicy: same-origin + sslForceHost: true + sslRedirect: true + stsSeconds: 63072000 +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: tc-closedcors-headers + namespace: {{ $namespace }} +spec: + headers: + accessControlAllowMethods: + - GET + - OPTIONS + - HEAD + - PUT + accessControlMaxAge: 100 + sslRedirect: true + stsSeconds: 63072000 + # stsIncludeSubdomains: false + # stsPreload: false + forceSTSHeader: true + contentTypeNosniff: true + browserXssFilter: true + sslForceHost: true + referrerPolicy: same-origin + customRequestHeaders: + X-Forwarded-Proto: "https" + customResponseHeaders: + server: '' diff --git a/stable/traefik/13.3.11/templates/middlewares/tc-nextcloud.yaml b/stable/traefik/13.3.11/templates/middlewares/tc-nextcloud.yaml new file mode 100644 index 00000000000..6a3019d56c5 --- /dev/null +++ b/stable/traefik/13.3.11/templates/middlewares/tc-nextcloud.yaml @@ -0,0 +1,25 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: tc-nextcloud-redirectregex-dav + namespace: {{ $namespace }} +spec: + redirectRegex: + regex: "https://(.*)/.well-known/(card|cal)dav" + replacement: "https://${1}/remote.php/dav/" +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: tc-nextcloud-chain + namespace: {{ $namespace }} +spec: + chain: + middlewares: + - name: tc-nextcloud-redirectregex-dav diff --git a/stable/traefik/13.3.11/templates/middlewares/theme-park.yaml b/stable/traefik/13.3.11/templates/middlewares/theme-park.yaml new file mode 100644 index 00000000000..92a4257e279 --- /dev/null +++ b/stable/traefik/13.3.11/templates/middlewares/theme-park.yaml @@ -0,0 +1,26 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{- range $index, $middlewareData := .Values.middlewares.themePark }} + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + plugin: + traefik-themepark: + app: {{ $middlewareData.appName }} + theme: {{ $middlewareData.themeName }} + baseUrl: {{ $middlewareData.baseUrl }} + {{- if $middlewareData.addons }} + addons: + {{- range $middlewareData.addons }} + - {{ . | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/stable/traefik/13.3.11/values.yaml b/stable/traefik/13.3.11/values.yaml new file mode 100644 index 00000000000..e69de29bb2d