From a1a18d4099da93b0bb8f09ccf8a42914f46011a9 Mon Sep 17 00:00:00 2001 From: TrueCharts-Bot Date: Wed, 13 Jul 2022 09:37:50 +0000 Subject: [PATCH] Commit new Chart releases for TrueCharts Signed-off-by: TrueCharts-Bot --- stable/traefik/12.0.18/CHANGELOG.md | 99 + stable/traefik/12.0.18/Chart.lock | 6 + stable/traefik/12.0.18/Chart.yaml | 30 + stable/traefik/12.0.18/README.md | 44 + stable/traefik/12.0.18/app-readme.md | 3 + .../traefik/12.0.18/charts/common-10.4.4.tgz | Bin 0 -> 47288 bytes stable/traefik/12.0.18/crds/ingressroute.yaml | 198 ++ .../traefik/12.0.18/crds/ingressroutetcp.yaml | 160 + .../traefik/12.0.18/crds/ingressrouteudp.yaml | 84 + stable/traefik/12.0.18/crds/middlewares.yaml | 563 ++++ .../traefik/12.0.18/crds/middlewarestcp.yaml | 59 + .../12.0.18/crds/serverstransports.yaml | 101 + stable/traefik/12.0.18/crds/tlsoptions.yaml | 87 + stable/traefik/12.0.18/crds/tlsstores.yaml | 64 + .../traefik/12.0.18/crds/traefikservices.yaml | 270 ++ stable/traefik/12.0.18/icon.png | Bin 0 -> 20293 bytes stable/traefik/12.0.18/ix_values.yaml | 307 ++ stable/traefik/12.0.18/questions.yaml | 2614 +++++++++++++++++ stable/traefik/12.0.18/templates/_args.tpl | 155 + stable/traefik/12.0.18/templates/_helpers.tpl | 22 + .../12.0.18/templates/_ingressclass.tpl | 24 + .../12.0.18/templates/_ingressroute.tpl | 25 + .../traefik/12.0.18/templates/_portalhook.tpl | 26 + .../traefik/12.0.18/templates/_tlsoptions.tpl | 12 + stable/traefik/12.0.18/templates/common.yaml | 24 + .../middlewares/basic-middleware.yaml | 65 + .../templates/middlewares/basicauth.yaml | 34 + .../12.0.18/templates/middlewares/chain.yaml | 21 + .../templates/middlewares/forwardauth.yaml | 30 + .../templates/middlewares/ipwhitelist.yaml | 33 + .../templates/middlewares/ratelimit.yaml | 19 + .../templates/middlewares/redirectScheme.yaml | 19 + .../templates/middlewares/redirectregex.yaml | 20 + .../middlewares/stripPrefixRegex.yaml | 20 + .../templates/middlewares/tc-chains.yaml | 29 + .../templates/middlewares/tc-headers.yaml | 64 + .../templates/middlewares/tc-nextcloud.yaml | 25 + stable/traefik/12.0.18/values.yaml | 0 38 files changed, 5356 insertions(+) create mode 100644 stable/traefik/12.0.18/CHANGELOG.md create mode 100644 stable/traefik/12.0.18/Chart.lock create mode 100644 stable/traefik/12.0.18/Chart.yaml create mode 100644 stable/traefik/12.0.18/README.md create mode 100644 stable/traefik/12.0.18/app-readme.md create mode 100644 stable/traefik/12.0.18/charts/common-10.4.4.tgz create mode 100644 stable/traefik/12.0.18/crds/ingressroute.yaml create mode 100644 stable/traefik/12.0.18/crds/ingressroutetcp.yaml create mode 100644 stable/traefik/12.0.18/crds/ingressrouteudp.yaml create mode 100644 stable/traefik/12.0.18/crds/middlewares.yaml create mode 100644 stable/traefik/12.0.18/crds/middlewarestcp.yaml create mode 100644 stable/traefik/12.0.18/crds/serverstransports.yaml create mode 100644 stable/traefik/12.0.18/crds/tlsoptions.yaml create mode 100644 stable/traefik/12.0.18/crds/tlsstores.yaml create mode 100644 stable/traefik/12.0.18/crds/traefikservices.yaml create mode 100644 stable/traefik/12.0.18/icon.png create mode 100644 stable/traefik/12.0.18/ix_values.yaml create mode 100644 stable/traefik/12.0.18/questions.yaml create mode 100644 stable/traefik/12.0.18/templates/_args.tpl create mode 100644 stable/traefik/12.0.18/templates/_helpers.tpl create mode 100644 stable/traefik/12.0.18/templates/_ingressclass.tpl create mode 100644 stable/traefik/12.0.18/templates/_ingressroute.tpl create mode 100644 stable/traefik/12.0.18/templates/_portalhook.tpl create mode 100644 stable/traefik/12.0.18/templates/_tlsoptions.tpl create mode 100644 stable/traefik/12.0.18/templates/common.yaml create mode 100644 stable/traefik/12.0.18/templates/middlewares/basic-middleware.yaml create mode 100644 stable/traefik/12.0.18/templates/middlewares/basicauth.yaml create mode 100644 stable/traefik/12.0.18/templates/middlewares/chain.yaml create mode 100644 stable/traefik/12.0.18/templates/middlewares/forwardauth.yaml create mode 100644 stable/traefik/12.0.18/templates/middlewares/ipwhitelist.yaml create mode 100644 stable/traefik/12.0.18/templates/middlewares/ratelimit.yaml create mode 100644 stable/traefik/12.0.18/templates/middlewares/redirectScheme.yaml create mode 100644 stable/traefik/12.0.18/templates/middlewares/redirectregex.yaml create mode 100644 stable/traefik/12.0.18/templates/middlewares/stripPrefixRegex.yaml create mode 100644 stable/traefik/12.0.18/templates/middlewares/tc-chains.yaml create mode 100644 stable/traefik/12.0.18/templates/middlewares/tc-headers.yaml create mode 100644 stable/traefik/12.0.18/templates/middlewares/tc-nextcloud.yaml create mode 100644 stable/traefik/12.0.18/values.yaml diff --git a/stable/traefik/12.0.18/CHANGELOG.md b/stable/traefik/12.0.18/CHANGELOG.md new file mode 100644 index 00000000000..b301181862b --- /dev/null +++ b/stable/traefik/12.0.18/CHANGELOG.md @@ -0,0 +1,99 @@ +# Changelog + + +## [traefik-12.0.18](https://github.com/truecharts/apps/compare/traefik-12.0.17...traefik-12.0.18) (2022-07-13) + + + +## [traefik-12.0.17](https://github.com/truecharts/apps/compare/traefik-12.0.15...traefik-12.0.17) (2022-07-12) + +### Chore + +- update icons ([#3156](https://github.com/truecharts/apps/issues/3156)) +- bump to cleanup old docs and use correct icon urls + + + +## [traefik-12.0.15](https://github.com/truecharts/apps/compare/traefik-12.0.14...traefik-12.0.15) (2022-07-12) + +### Chore + +- bump to regenerate documentation + + + + +### [traccar-7.0.13](https://github.com/truecharts/apps/compare/traccar-7.0.12...traccar-7.0.13) (2022-07-12) + +#### Chore + +* update helm general non-major helm releases ([#3147](https://github.com/truecharts/apps/issues/3147)) + + + + +### [traccar-7.0.12](https://github.com/truecharts/apps/compare/traccar-7.0.11...traccar-7.0.12) (2022-07-11) + +#### Chore + +* move icons into the apps folder ([#3139](https://github.com/truecharts/apps/issues/3139)) + + + + +### [traccar-7.0.11](https://github.com/truecharts/apps/compare/traccar-7.0.10...traccar-7.0.11) (2022-07-11) + +#### Chore + +* update docker general non-major ([#3128](https://github.com/truecharts/apps/issues/3128)) + + + + +### [traccar-7.0.10](https://github.com/truecharts/apps/compare/traccar-7.0.9...traccar-7.0.10) (2022-07-09) + +#### Chore + +* update helm general non-major helm releases ([#3113](https://github.com/truecharts/apps/issues/3113)) + + + + +### [traccar-7.0.9](https://github.com/truecharts/apps/compare/traccar-7.0.8...traccar-7.0.9) (2022-07-05) + +#### Chore + +* update helm general non-major helm releases ([#3075](https://github.com/truecharts/apps/issues/3075)) + + + + +### [traccar-7.0.8](https://github.com/truecharts/apps/compare/traccar-7.0.7...traccar-7.0.8) (2022-07-04) + +#### Chore + +* update helm general non-major helm releases ([#3066](https://github.com/truecharts/apps/issues/3066)) + + + + +### [traccar-7.0.7](https://github.com/truecharts/apps/compare/traccar-7.0.6...traccar-7.0.7) (2022-06-25) + +#### Chore + +* update helm general non-major helm releases ([#2977](https://github.com/truecharts/apps/issues/2977)) + + + + +### [traccar-7.0.6](https://github.com/truecharts/apps/compare/traccar-7.0.5...traccar-7.0.6) (2022-06-22) + +#### Chore + +* update helm general non-major helm releases ([#2948](https://github.com/truecharts/apps/issues/2948)) + + + + +### [traccar-7.0.5](https://github.com/truecharts/apps/compare/traccar-7.0.4...traccar-7.0.5) (2022-06-21) + diff --git a/stable/traefik/12.0.18/Chart.lock b/stable/traefik/12.0.18/Chart.lock new file mode 100644 index 00000000000..fb93a4d817c --- /dev/null +++ b/stable/traefik/12.0.18/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://library-charts.truecharts.org + version: 10.4.4 +digest: sha256:e76f58e980866194e06f0e9135c981662f0b1132d3c5848dbf344c48ab657396 +generated: "2022-07-13T09:34:57.986252258Z" diff --git a/stable/traefik/12.0.18/Chart.yaml b/stable/traefik/12.0.18/Chart.yaml new file mode 100644 index 00000000000..913988ecd5d --- /dev/null +++ b/stable/traefik/12.0.18/Chart.yaml @@ -0,0 +1,30 @@ +apiVersion: v2 +appVersion: "2.8.1" +dependencies: +- name: common + repository: https://library-charts.truecharts.org + version: 10.4.4 +deprecated: false +description: Traefik is a flexible reverse proxy and Ingress Provider. +home: https://github.com/truecharts/apps/tree/master/charts/core/traefik +icon: https://truecharts.org/img/chart-icons/traefik.png +keywords: +- traefik +- ingress +kubeVersion: '>=1.16.0-0' +maintainers: +- email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: traefik +sources: +- https://github.com/traefik/traefik +- https://github.com/traefik/traefik-helm-chart +- https://traefik.io/ +type: application +version: 12.0.18 +annotations: + truecharts.org/catagories: | + - network + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/stable/traefik/12.0.18/README.md b/stable/traefik/12.0.18/README.md new file mode 100644 index 00000000000..9013206d203 --- /dev/null +++ b/stable/traefik/12.0.18/README.md @@ -0,0 +1,44 @@ +# traefik + +Traefik is a flexible reverse proxy and Ingress Provider. + +TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation. +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)** + +## Source Code + +* +* +* + +## Requirements + +Kubernetes: `>=1.16.0-0` + +## Dependencies + +| Repository | Name | Version | +|------------|------|---------| +| https://library-charts.truecharts.org | common | 10.4.4 | + +## Installing the Chart + +To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/02-Installing-an-App/). + +## Upgrading, Rolling Back and Uninstalling the Chart + +To upgrade, rollback or delete this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/04-Upgrade-rollback-delete-an-App/). + +##### Connecting to other apps +If you need to connect this App to other Apps on TrueNAS SCALE, please refer to our [Linking Apps Internally](https://truecharts.org/manual/Quick-Start%20Guides/06-linking-apps/) quick-start guide. + +## Support + +- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Adding-TrueCharts/) first. +- See the [Wiki](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/apps/issues/new/choose) + +--- + +All Rights Reserved - The TrueCharts Project diff --git a/stable/traefik/12.0.18/app-readme.md b/stable/traefik/12.0.18/app-readme.md new file mode 100644 index 00000000000..0fa481e7ac5 --- /dev/null +++ b/stable/traefik/12.0.18/app-readme.md @@ -0,0 +1,3 @@ +Traefik is a flexible reverse proxy and Ingress Provider. + +This App is supplied by TrueCharts, for more information please visit https://truecharts.org diff --git a/stable/traefik/12.0.18/charts/common-10.4.4.tgz b/stable/traefik/12.0.18/charts/common-10.4.4.tgz new file mode 100644 index 0000000000000000000000000000000000000000..8604b47288a457e2e334c195e3226036e9560f82 GIT binary patch literal 47288 zcmV)KK)SyliwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POv1ciT9UI1cw~eF{8GdfT2gb+auyn#nxt*iN@kCytNpq<_0J zeH@5{B#bGN4S;gg>3sM9!Ic0n66IUcGv>~AED|Ub3WY*dp->2t*(`}Whf_#cdjV(B zclZBvyWQ?!XGi?o?RJa*b_d(N?|M7^!FG3huh;K=*X{Lp2Ho#K_W^JzJsD+?eAm5m zTgA@(NgkNu4~S5l#6vLew_uu@pAlq;vQ~&_Kyb>$yVqG9@V`KWM+A}u7$*c=k_-t3 zqOEB%LqjlSETzLvXM))@8?}RE)?p+=fhf~~X-YecAk>*b$`I+O_mUM`IN%Lw5O59| zB(yC-WfYMhi5ZHSfSPso20PvE-tKPe8ZB-T64GJI2YF*HUt{Wv7cC#CX0EdlGF|=Q z?=O4p-k{y}yFavM5XTJS7!d&s%^;430LSCxe{#U>giKlh#E|#bA^-pxiE{J{6=ZRR z0b8VKsL^Z9H7>nwd#AnAdZh7J^M4Mb4ABP?088h8ueZ&=73Tk5fA4AjKgRP6_&#`- zqWHtvDWE9|@E8XmNa8V`WCZfL-g*Z9Cq!eIMT{4|KnRRbl-#tE6vgv2KAFJ@8nyrs zur36Q1z=MIQ~?k~7{v@=Ua$oKL1{uUOUPmfCewhlabn8{Rm+#Pn!*JP@(Ib{L`$y! zp;Or39SldoHrySI`a$o-F5DUI1ZX!H?2Sj=px=El-rnzS4|e-KGzzzSgK*r3d*NVz zwA0@my$E*pN88=T7^GPgfi#J5uxJ7C>rDI@f|K!S!p;byyhAMk?H5eYj~OK4x>Ucx z1WkCwdb;PZ8YyizB^t{*Zw)@?Fulu66qv_obM*G_+d@rjmtPIbp>n@HXm>Svx3~L!xV^s*``d%PF+@B2gYF(D>ZrT3(;dIqhC8SWcY^Mq z{{oG}UN0Q&h5g=su-)AYU%Ut!w7nK}W5nn*N!Ys7)%EJBYalnIt}eeCR=uzo?7rB4 z(I58)+Yt4~{r-#Hz5ZU<-QOGUpzcn9f_~WRcf0*ye`hcVd%<`-*nzvdy}@X--5rf# zgSP9bdl22g1yytnk`Pfu=7_9I*}P^wZFw1Afp17&t4bq?4h!$JcXJjV?C*zr2=#Zv zUAWUnd;8(`XuPu*>+cUn{n6e|FxcK3^>@eNet)nt-m6~eoTi(Sbe2U7;}|cQ+@grj z%QPiVUZV;gK_R9U6zaCS?VcvkPOrDW8wLpW&|o}(-R<3Qzx$#a!ksQeK`?-W7Xca% z2BR0fFz9V>_u-3f@FMK@_XoXjd$6~v;imMNM9Bz7Ib9F~Fb2sS5rRV`j4COX(HMUM z$yodvXHmor2xWG>Q>7g!yc~)dCP(lW)bJ zHZFI^V9D^x@m~Y1tZ>&p-LhG`Bd6JHgb1HqA)=U|5Tr>+r5uWI0O=6)mM~D3P6!MU zpo~Cfep2yYyudE;5>;U98cb-A!Ld#IjjrS zn+sG4>|K0>BE(P`L=Ij8I})VeU;v)P3E@)*Q~pik&!-l#LGTw=_j4K-TAIO6AdBG~ z;)qW@QOo+h4j7t|i3A}2Dpa+Gwoo^PglQ=U@?S<;oXZjAKnR*+ijx>jG384Qi119T zDEh-s^8FkBdI+{#E$pmeQqbp1mAh`arSf&ieP6pwC}l*fn&1LOC}0TzFp82JDpmyq z=>nuUxW@4WKoH{b7?Iop4ROG>0G_1@VK8Q9A-Om_cykPXe19T4qahE0Cw_Y^)v#U} z6tB-_Fb+59rh%iCAU+L*hpeRviK$!x1Cj|{Qk#Fasvd-)tbt=AVgO4tq)f~yz=wad z(9qhgXW)$B86-GbRCE}9Vgw$z?QlLg)JT9!JVU=HF=}1@-w?dNJZ!a6$b#ufoG?6I zsD-5Eh=EizxB!CAk#T~a9$d(lTk=D3wVI$9NsUsk=?Z| z#0j0xBspbxRY0S)sh@EiS__R(o7L=;1yJbfcnx4$@Mbv1vup<7EXiWVAuILb2g*eoP2o*k z0kkLH&2W6Km65xH>~RrHv6PfJ&+Dc`g${a2REjA#$EX zQq#76zrt~d<4G-Rkr50UGZZg;S2p4>>X=8sU!P@;#lTZ;04tF#(QZJNrF_GezJv05 zY=IGFgZ#I>COTl;6?6%N(kj0OHo8+qnCkud$k|jX!&{E(c_xOWy2FHjEL1u|W3kw4 zHl^9Mh}GsYT=8Rkbt;jUA^=aziSv zz{|Je`yHs(E(zv$(Qva$KzWgm`yr_C9 z{8*k>*8tMGe1rpxWKH=_d2kxnQYcua*n6tvV2B9{ShN6;F&Iph_Q{tMWz6B2Au@)6 z7~8W5LCS{|z#B-=5L|K?qeTiSMHF1`Q_WJ8TY!kfFgnoysO5O#W{&wV1Rjd%wx|40 zIEAyJ`dc~syl@(%UQOK*=`O2E`D6}s2_S!-oE_Rb4b)Tuzz3c-zq;*SzuW2W6e^!5 z8AEQB5K)F>D5G_}Zd?3c$KWNN31sL7E`|<#;{!NHafrlxq6i$vbN>S*oU|a#7*p%# zjE@E%n(J(YNQ@Zb^bQDOV2lZ6?Uwv?9M7%k`xXlOVU9@>3w7Ptu5ECs*5TZ~cm^&O zF@vA9XLi_n1`alXHqxJgSDWDM;Ns$!qapa=^JmaLM}jHZTuy;6Uw&vk1Ba$aOZ8q_ z+HYa{Gg_RZv3ai-fBD^?!PGaFn|Q9#V#xoaUmuk~3#;xmNoE#MNrqBex;6Q^&{DZA z@wD5VCdZq`y1e{9r)5o+*Go!N(+TNOLh)SSudP@^EDQTOGWn`ArJ{Bp3(C1*m_#if zMgWXSG83LG%|+Heg{W~VUBt?V;pc@M5za-?k(A&{o0R;?p^p$}QEq!K z96ykOD#o#8ej2dw=K2Pb&<|leK_tnjpCeKS9ev`)9%e#z3I&`ZAyrz>KQhR`$)HIvrE=4ZzHAu>5ivFPu!e6E+)^4+evQxR5TYB;$$%HKt##Aq; z3HYd#nb%yX{es!_Ct3Gn%K}n#tK@6EXIJ+C9y@JgDk}=z*{f-(suowz+bx5r7!13* zcEqO2X?1jZp~+0Q%+9tph2k(_R0&xyg9|_qO`1v1na{G6 za=G-%IAp;M0x%*7h6_FNz>}@K>;Z2Jgc%a1K8Hn65(E;LycMzDiw?@Qkxy;22*_nl ziWUL1G(k5{{;U8lZFdwGE41}NvehqhV~XiZU+coziJ(*=8ZXUCLO64E_Py{D~k^(r-|;Rc=01i zvQ)nryFY1`rV-+-03-21GnOiMIOS4MPsn%id6KZVn9d*zrt4uX+==-X2`yuv5;8o*@7kz%gYoiiFRj z-BQ2IZV$cZ))2Q

4l%Kqhx16{icsuH91m#FZH6I1(5yL`!)gVa0MBxFW>GI9UM9 z(2TahF>lf-tsQn#I7a|;X?_!P{gI0&uD}#v@K3U@q22?KL9HZ2WO;Cgi)2ktto@Rp zafhlZE$i1ZEOS_uxSo+@gh~-!zTZTYGf1z6K$ooUr%C7=e69Bpo}-vs+k9eT@fT%~ zuq^eZU$3*dEberq%{t!)Zxkr$5G>$bbd={%0MIy;Rbx3pZLqEqtfs#c{D6f@^O1l0 z$dwYVFx_A}m2P`E`imqZVvscOGXqz825z{_U-Z^e6gBz}^#R)6!Oy-EXefBO7 z&!qE0TH2R~XL$oBV*tTVmzQU%1x)4ArJXTCJn`=x{+|o8v~S8Tr;tr`ovNlgo(ef& z)1mogEC)^(FvchfHB-yZst}Ii#<)W@%h4-!(+C9&h2W#6q!@`UiKc90nnWSh5LMil zmPVDZ>o^Ap%!f*~5|ChYgd(`OKtU3RbO?G~^)*EVi$%8Zo=eCiW9GxIdOwCZ$_Tog z5=1$|{7W9E5kh<`UN_UMn%T|g2jO-D{fXVzVRx5o_ss9rz`r$yzmRLf+U%~@l4@qB zHqd)!bp`v0(br*gn`rmU=2f8YgUO4`+*j|PJ(I5X8GzI{`iV2>wpvnSg-(2*YkG*Wg$&$GaWIwJ zy*Ls+hy0CejQl`>1s2Q@rEr3bJ#a%XV<>Lx=A@puOid(6IO_sree_|9JKXAz5*Ydf z(Ig`Qq8+Y6&U>9_#vt;0o7}!qSe$VdGy>x!4spPZjA?Syyd(LBeww5i*Op`w`Z9TwOz6A#n2>~g{7Pid5t4d4Q;A7{Oz+s;_2a`2x?<2yMJcU^s#ii~~eA zw*de7O8wl@?&y=VEpVEI=uC!z>V@2VEd~Txrvhru1=OAlP#riU$((n(Ca6>{05iA{ zZXWbohKUq~HE~I$!wR=V>sCh=>bs;sE$K~E6^v3Tag-BTgzAbc2V^D%s}v2ZR0>`# zCr~lYOm0x=9r#NE$7386qBgXk$T>{$2WP4PMmfyYBAaC_As9xvtGy#7w2#xyrX0XZ zY=$+c<5UGnwCxEHPa<@|U~s(!&crHll)*^7IG5vK-pIg*^fjE}XrUd%7KlOs98STQ z7sYy~D_^^Xb1O&V-&-#Qe5kCYpb;}^1vOt3 zRxS*wmM=9c!-~~G&|<~XV8OZN>L4jzyEN1+4-Rt(5V1J7l-EfJ8y3oPdCU93k|2rN z*0+l+6)>zbL?5|*^l?l6d%^#>JUmkh;QOPqk9KuwO7Tz1s7m2Y3?R46@@UOC1QW#a z6-xx}a8`PM{ziNi>s!9nX7yeoJQUCiT`~^ld~FiJz@n=Kt5xomI}4fUwb=U?!Dsni zoA}apNB3h6`Xe7Pbt)Kz$}F>n!K}?VHV4F{@7l7}a7-D3AxOqnJG}JAR5T$*qs>Q{ zNc)IWC{$CAkC6y;l|yH%0m3}YanG?X@`H04U9HEmRU?J%^;?XRUbh`xfZCM0>&~ay zh^2vs#}OyA1UbOn$ZmmjYhUTmSKE%WAb&%~oZa=-GME zyD8cVPQ9Y7qwbn3+L{DlS@>?XEY&A}?x<;-=*4PTs#|$*P1_I`EK#)&GL}R*zP4#6 zLl!saxXf-IxG#Aa%) zV&@dFVR97c`LOfm-0 zr!=7^@=>*p;?U2iT8GC)+A105^VyGMe*`HG+_-7o_P+(yXEs~u;DB$_tka8^yIARI zC*tjfAfDj(Q%zA8Q6B~(6rN8Y?@w+h-m{6R9SDk`A`r2OXnm&bCTho*iL`t#q#)71i7)vim8k!eP;u5%Amzpv=oMOoms=W_JR~btcwdF1 zwj*P+Rw9)`HqDXZ0CN48f66VM9J4dXrftv+C17?fI?g-kJr-+4$n|BeQd&6>!QWqk zUc0yBcT14u@qjati^Tb8Iq*s?>1EP!+{u;BxK(pj;LQ}E$l%S!kcCR#4632+h#yq6e!Z<>G8u683QYL!3VXvKSY>gT+VX&1;fSeQ)yeV#Rvk}u>sDzB z0)Qzdj{xWdv;}!=4z2(@tX~VRagq$d2$E%-c4sbYIEE^Mt|s^_$H#21s+jf?u1>sy z*kq;crC|%{JkTPh0aw_~@t)T)$GvKrB8P#?F=rnR72p3GZWNeKM`m^v`dg>xl?Tb% zEh=p+4>>!g5jy*DxTXI5>1>O0#1=ralr4@h*-{JMRzBsn#9}3qo^XZ}F%s5JQaZQI zs&PUBle;DriII3;EYkmiqe!Se!fuKeCdC?2ZUAY{aX1ynU4Idt3YN&lN=AGnQ8q)` zVskg+HG%CTAs;(`X-&E`Gfz1T0*Ja(kNr@ERpZua*Sky z0yz;iz#*!b)bj2I9@}8^T?SDdg(85;mqFCLt`0CSN#!*iDzd%h{*()r5I8~L(42nC zrL_Y<_>U+OsR2IvAGbibh~W$eTrHE?oaD(8O|h_|novRf|9gEQf^PEdQUd~!3MYc< zR~a6k(`+ivIz<#okP|#dF`%+nvQy>ySu8xpC0Q!WfV96kYc(#>~vI;;l-}y{)Y!YinNf$cg zFht{vBqP26Y2ol*xeS9O{+CWPFI*NM9RMHORu&5gXg2a?I9E(H9~w&_%x9?f!HY<8 zBJ;$GW9DYA@Uio0HWEgILQBpjlB95=PE0s*@Iai;d7Ic-8?{7a1zvrdyD}4{$P4XQ zfB>^3L}t$9&i;`KzEi^|$2COc|EGYi<%E|oIyr{E#E|NPMn1=aN*6pdT^oXP1jAnl zX6PMPSo7|S@J@q!h3N?fm>KIh1%QVI#2A%=*y!Z<5Bsj{~CNF*tWk6&Hrb5C5$ ziBP&;Uk7g*unQ*mwGTD!pueuPh zSvsa*6%s3FLwhRQ_@{w-d5wdq zjNVti4_>Bhnzqdzj^dUO%`GiY?}iE$Ek$I8DHUD_dF&*ZCO5H688@A&tc?`0v%Fx* z#I3OVmBG=_>NjUY_^^D`n18G?*Jq0(yEhkhW)5BPa*+xz54V1TDGILjxe7)W%6s5q zs&V4OWNoj7Ng#6SD*s(Vw8O@wa5+Cz!G|D-v4#gh2Og9eR>l^8MZT4usRrz;U08Qz zU)kgPXJQTaiIu++D=YId=ioZNlLh^m&ON$>=`8=}pV%R3_4nc2k}}<)bR5c&_@F>? zd!N(o4h|G8S)`*x{<_enyV&so&vGC3(7XcLJtw^?JN>TpN$wTQ7QW8aQ^Qw!hph=~ z>9X#wOFe%%8)D_qQOoa_qan8nRAwwSOrpO0aH_hMrwn`I-+KP79C8%~uzI{zuC-=^ zEeo$6X(vzH%3&@-eH!9g5f$bl%0zAoBF$`fvPDowc^tx?zym>kG zZ4Hih%v^bv9|xz&4Dr9cCq7>y%2w>@Sobz5fs}7=f3yOKa2(<}4n+z^Ot1AtC?W|G zWiSp`%U{kWUNA*4_0>CH#I7o;pK=Kzx0pD=gCwSm zKrC|Luch$FjE*>-_-HPpOFEEJJc&i-qc{ms=UFW78$;pl28=Du{aj9 zuyB&;s@Kk?*90})nh)d9hcUyxezV!qe^nsKk~E2u$>JjAOnrDqO!aYbaY|es71s^; zRJ7pd#NbM0UGvmrW}U%L7uV=!2>ym+h9-#oU9g9)_%oO4f0MaL<(Hc&ir>c+GEB!} zzp3zD1bO7c_BSb2|6a)M#RL&p5~-tG^d81cz!c+?!xc0zjTF*Fb6f5p!jK{p&!sec z6f=V5+YVwuM}}!~YNaWcoF`{GzE>8?Glt$n9!D64zCyrfiQqxR0$wbMkE$up6C@x)aIVe^iIgFnV6M$pB7Ko!#Q!enS43VRNWHDc=txTQjvYH4p79kGWAhHE$ z7EF2LZ*h$I@V0f-LztMr2i*^=S{BQ`N-B<%C`xWb{@!OG;^JZp!0=xgW%7Ioq##CI zrbDvW5}j8G(WNO$q6HWcaiRi_86x0^oW?(h3l+tPNChcKvmw~&cDpm>gPw`YG53GO zBIT7FMXPA9P;j^V7Aq#u`8xS@QMY5Ay)R@O5&^?Mp1mIy>Wtwv5+TN%JH#rjcZn#Y zE&g8_DMopN$33(*K1Z?t*HXBw#*gk2?6%?ic?5XB5b8TqJk@oGOOZ|uU!93o_k4>t`AuJ9_KYzis8 zNk}L+d6I0R4<2aS$v7T?DVqlvUgIdbxWO!#TAQcnlejS>RLP&|)ydg>#{`&GeH|3j zFeus2yJF?l)D$dam#v|pJMf@bs~8d$MOM0Gb9P!L0M#j#Wbm@~C#Nx>I79)o?jW=L zyuwCv9K6Z|2s?4apb$xn;(6{hEZ-^zO5woy zog|^ayd1WztY^XEBQuGmStm=s#*sOWQ{LpS+|#?&wurN@H&0{!|80(f`Wh#~nswT~ z_uYl{_ZLb#44htGt736bg12IMux~JzVp*)$GCEKO*MEDFkUQ4-)_S|(cN@OF>XlOuzNT)7)CN7CJ4olyMnGrBP zh?Ce714RU^FP;j7@3iNXx9HU*{88o{5a>@KGXu-j2d)83QS743_ykeF)TMMH;9JH@ z!!*^ow&lFg=cu{dN#WGo?v4qUiiW8y*PVc^@H)ao=A*RLA{o#cEo7Q^EixeZ5i{#@ zVsVEL6qgC8>pcmcLx#Y`#ZO#ttW=;Tm^sSRIlK{dH5?5Cs52|V3t?0qQRNk+Xt3j> zm{Tw;)^5vdIz)jTV5xYeYF81zd^K`Gu_3Wotzoj&;Pkav-Z2 z$=_7>MkZ00T0Q!dirZ?i_Bf~VPJbhW5%`G1D?;H%EsPzM0A}IdGZ>o z9jm~zXAhFbMgS&gJOuZf#>Q#D{*kA(0o#LKcTe(xm7}G^2eHX1vIZmMTPk%q5WqTF z5DEt?3rFaIx(!VZU3=Mq_=;ohymr-*bs`Fc9mTHj!dMl;K)P6*j$Rcr- zLX_(%&V`7a!``32;oW|dTx0QpbB7y&bZN3e2$5|5I+vLzV zESnq#&xbH14DkD$9R}#FW{0W$z;1?T&sr)KIL$X1WhQiSjE<{ivQ3V{SU9U=rn54I zC`B<>+AyLVl)9KDp^UFUzeRb0Md_lJnse)>F6V}lz|#i^js6vm0)j&7X{Ha{Ypq1u zF&F~`=|YKn!B}y^kUCEN{`}2_x|7;k6ZjY$z2e-Pk;vLwJVzm>>vxOrYR!5iiau_q zW}LCZ(fZv|6`OTT6@KKdCGjM=Ro7(2hFz0|AGd2kgoEp8!V9n6yS#3*4(8<_w~sW5 z$ojqGwVL&dmwc=qefNNmT<1IHBCU?t8|++_FHLTPcDvo;zump< z-gmv7{$RViz1QpazU%h8-ND{>pnKn)t$H%bAo;F)=eCNS`;$DMKX?Ap63e(rWFzcK zwMjpUGL#Y=%M3`ziYb8M3Uhm}yp)xg8{J!($w;7fo8OU0;cA4!w;Hx@#3_$yXQ~)PYGJ;VXe>&u*roKW^6(lg8An+W=A^Nlho@0UN@TIAY zKOL8vacf5Bt^LqeE37W? zT&3&PyY0i5B8RxHWUlYPvDosqagFe(oiQBgLTv@g1MSTsc;N_CunSGLrG4A11zt37 zXCuS`1D>?4ydvPuO+&!vIGzyRzMSTUm^x+hHCoWp+dt&ifCWYDpAKIF?|Gbr=nAJ^ z-cQxRotL7S=sDPQA)tsN1EvN>;hU*eUD_q7RV5C~$V;b<14xtf zCD@P~Icd2y-L99{@bZ44n2|-Aa7BZ6>;{d5!wQwV zW|cJ5va7$WELS9CSs6RhtA!71+c^YlK8=U}VQwB>Kx?A#R5S>1@eyR*8Xw7QY1W@LFS zD7~L9FV6}RAQz)bih323*Oe{~V)nR|r6-H1+nqvV)LS}udh}o%f{h}Vis9S@8s;~wN{`2#41pE; zf4{f4UC{scw!7O;`u}4*%k+Of{B0Q|A&mgJR$IBSg(_Q`Tk=T7IEy0w7oTIkEh^p# zmw}Q3yp5ldC`3dQGGcKG>Cb3UU)ZyAM|!HR5;qotFP-`1>;HL9p}I!eb{kwt;-9?w z;wIlV*t9xhYnx5bb8)*}t7d-lKi&1{iVqs)_7CuEkj9M3L3>(O+ud24x}HE#b|UYM zHtY(>Tc}$aNtID%u_&BF9C7Qz6AOvFmO;W0Ks1W~jK8P50yo$Aj z%WbP)(qm)1IOj;F+mxg>;S%dDJ~Cvdbl-$olvqUDfm&Zy5GBn<5e|Mv3rUne081{! zc`xt>7!7t%9JuQb2Q3Z*Hvlaoq?*FE*PB~-sGgpOd{(aickuh`XT|!z-5(4J>;GW8 zzw@;IKgJ{c|L2GijOIwh>UG4P7ni)&r4j&BD^z2(AHOJXuSDO{9?_TPNrvIj;=a}o8LI0MsgD6G}snfM!CYX|@{p8<{m{&bjsrOharPmc;Rw#`eW`)d;9TMkx(U_*Z{5wvX)($Y;f zS57j!yW+|n9k(TK5NOoJ6c*pFGywu_DYnS9v`Ct(3u4`@j8C{70|9^R)l_D36T) z&`OQSvM<7L3nvVcxOJkALg{s;18^)eFHQ41WsH7A!3a_m>QH8R1BQ|w%Ot62tDQ4k zwY#f`a@$mp7Cv7} z{uj<7*TH3hb(~j5W3W0~#?KRt`Zk?P0G*{y5#>ao&&+Q_DxBiY~dQ^ z;RA|=J?+2pOd=@{cs_r&^u(^zCVRxC)C>OQ)F*fN-aq8AI{$ zL$3C$f>T4V0;Gbg*DDH#3IH{(O$FC0w6N)bso)QB9;%(!u4p!kD;r*KICRKI)8WwP zwJL{0eQYuuy4@OTx{y{4hl0@g3phdyk(o}iClC0!SAqVQJb0-3tNCai=*eV6(0q~d?or=k9@6N25!7re^<+wJZY z_5bef;7R{~j7PMaZqgtyw9JFWX`{y z@Q-aPiNTjI!zBe7oPaN1JPGqGi=wk6!hzh?s;iTlVj}Rmd{ELkB&mM>NRlk&zfn9N z+EM4~Sl#kX}1_@b$?*y~lfNNS#rV43V zT3O5vR~m~>u%(>^m?R17v?-l-WM&X~AY11HR__X(TrpYl?3!P`I7vFi^ka#zQSI=8 z{@ss?JU#!0Pb2-0-Yo`jh5py;m-N5x_MrEq|2@WI^go?kGq5sZ%5kSg`;+M=*VFz= z?m+($#CXN=y+-j}RlED;XvQyJd|TM(p~kfa^NN74cPacWL#w^qE=jnuD)t4BR5#>G zvO;rlVHC9sr4xp?hNuRhaXj+V`tx<4M)F@>)%;NMzqeD8|2y3$`~OiMBmdPF#)iH* z9mf+e!7Nv6Hw#VxfMc0XTx}dG4j7Y>)86vUk$6;^{c;DIezuG6>eX*SQDqOTf=qvuI=*$Ab=?x z;RrK~lyrn)m?tSdJ-)m;IC^_>+FHXuY^e6<^bQ*ax-Z|bO^=8746DSBLjkQb!f}UA z#ovA){-F^gTpKf|t z=$|DUmIeM*B>%kMsK2U}?tx?ea`G&V_-m+)*Uf*O@K)%5@}l1d)BkpM`z8B-_euYI zl*j0Qb`t3^o~-Zl)d1RtVU|r`Q`*WKRO_-`mhoW?yH~eaNDr}|$JWXZAv>^uvuFtZ zFxmX`d|t`45HGs>I$QaKq=EZUei0fkRyT|BXN)5xyV_y1v}3;K*D=-U zA_m1MxyD*63L=bRlmA&~ooH8PA_9O01g1#I0L#Z+xruGHH!!+3P>a|HpXB^8X&}e|sq?+y6!kSJ?mh+Y0;NE!M>TcWd0y{$InW zx7N8oqfu|T;=YV}n;s8u)USxTGRQQJxsnT2o3F_)#TCOwPCEL4SBh%VozcYlvz~d8rrp-Ie({)R4$0|j z{(9}ho<$eMy`1_qU70`BQP0AX|KJBc*D_#N%l|tD|1|LbZ&%#^(0j`N^eE5L_#erz z_ZRq6IoEu#`KBCvck}B#>5FSWb@P9o#+|Eq8sEna5UcdRZgKwi2K~X4|L0MjI{oj% z+38nM{pM-xXnnj)h^bm93p$|S&P9sc1seSZyd*`j0JXeEt@B?ZlS2X3+KFlJ1`{;N zAX$myiWY4+6>XMMxK^qg^EB3qMg=nYZT?n*)c+iJ_tR5&mdSrL0XkQbJ0Hyc?{{~L z`d@$hN&kD4r%wLs<3MugfnEfl$y!pdrz1=mNXC_RbqmI!s0k}h7jYRXozG+3Xmi1c zR$l_PcKcc~JI=r^MPw$@CNq3jtcQU7^wdR|68p;0$&i}DD*emA$=Bn6uD*?G-C3Jp49s%_akH{~AZp#SLb`)NSqc$@%dw2XEfkt$FWGJ*&w1 zyZ4vJS3RdhZ?E6(4cgsyx6|u;E#TghC+{nj#H?Y8Pcj})-8f3GPR`~#E@raX&!2_H zr7jfhSJ9n^sOHDOW@o=@>g;DNJY7J z;rg=zI=3eNpn~{=0`+^hp?*D=Cd9hq%R*0!-Haj<%X|BlmP;X}Hwg(PWl%hSO_G_6 zRgfCoIT~xpwzf}Ji+KzGa!7;~_+W?X z!{q-cT8;i~6LK^VH_vTxvqoh1^Sa3H4`-)W2k$R`DqY7X7MCW1x0%p2cO`vIYk1lG zH}2>=dH`3>|Gm=w@9xf1{)b0->imDd=&`>S510}Yrt6-@zv2A9lLu&}|EE{F|6yn6DgW1_JZAmRXVyJ?gKKP ztGqzw;|f1epK0ZBiO2%X6J-L_4?xjDaf9dCwH*YR}Ik`Oi$r)o2DOl@j*%7W5*T?iA zewUqwewUqUze~B3SI7VF@Xh<9Yz$Zcw0I zW2&rX=0AlW2eH7?Uv4Jd{}_+XdQVCJ6L&jwu6{}g{++Mg(OD86WGoR^+&#$sU;T3a zkKXpqQ~r-fd6fQ#X`cI39Ac*cQUJjy%8-y$V)dOGrT}RY0%+I*B;uA23fL4f00{yC zL6D)al~Ei|l)=b34MccEAXzL`BIW%e(-hhlhCG*N!q>WYKCjH*u6<>_syj`guA0NK zzFQYP>bqZ3SO^o;_t{rph+?1NcW(UDfUGNIRBJB{j>X$w>^syQ)o#PRGqP}#&!)NE z(Yf~Cv1&CXUb@%5d-<0oFf74U^aW~8!ttat?<>DxjR>l_nO!3wnz~C$UaooanxeH! z!EH~h)OdY zpQALw0i;e%>%CQ7ZBNbMr|L@id#lp6s)QK9flcXg0nfv;_wN~w@b8e}BtAnVKrw?8 zl;?+#IgroQ`lnc3FNb+<2X$jZnwdAUfrB|BaDuExDyX#zi_dP_i^`t7MYDt~?z1y9 z0r58dX@E;JJ)v&>zkAl7{8_dB_lo)7dxM>)`+pwiS!?}=kv@C(7N+%UK3~Uhe7i-z zkUZ!fR&Rswnrpawe(}yLdHFcxH?W?&v?;IZ?)TfR?M<^d6&f>OWfFrKA`_HfnJrgu zYds2az&0zL`SyOF_WEybI(mY%x6%k~ad4sU9Ow=L=<2YeLDmTN>DqoGJRUlt! z*Th%S+u*Em<*)Oy0;UG(LaehrpTc+l)KA^|udf!phvR=M*8g5_XV5LK|GlUDPmlAg zz5bu5yJ8I?#RZ`ioeKylLN}d#M%vK}21ikyq_nrH&DG($j`Egj zP_r<+A-o4Pg>ssC3VRQ@=};UgcgUr)uoZCpQy;K;+S=|U0hhoc&DcCpiWqtvf6J{LEPCI_j-@gy^73`E z_|~C!{nF}4R(rc5Qqzh>rIg)9qOyp7FqTibDgZv1Ce%*BZ2>Wr+oDW9iFvipp9SgK zf?n46RfsBEUgt2y&f6i<7ij}fy6LPSI_>`zEEtc8sU#Nz4}S^}VP17(&)ern1fR9f z(HwJ0P$|*z7_@VAYEcvqRzp9jAzg#0#W<`Y(EH5H2*O7#l4Y^+nSiH=4LiHcd`;Dvay1h28Ut)^SL!EU`81(Rbpa5!8I;}v5NERyBC>jZO@65#j@DGb z=yY}aG-s@pO%+L2HwFKVecg5bUloQZ!=vx$1zzR<9rO$L|Mm8^_nz|qKFTBfzporG zFPkE8Y7f8i^-5Q70Au?wAW*Je8TY^1!>jlz6@c%}&+BmOn%-Wg?)~_D%OG?4@>M;* zWjdApisdrR_kE?!t8k15zVp0uy`g&8pK)tFXgG`>{>>(8|htj&}(2`^BD0+x_r z*@UpZ7CKp5LY5I12uNINvG85DfT}%%ESSD&8o1Y{s_{1!aeRY1hm+Go&RDrN_1UCz ztSI4`jVVz!|3Zi0AD;3Nc)u2$9W}7f5>Uq)QZrBrEq@tEjolW=p;wMYN#+=fU+!Ru zlJf6rW5h1UXHV(6D3$<68c`vL$I#*e>Bvq;r4PAHfYVn|5?t4QXa_hX?pFcvrMMU) zH&Ddh|yKE2Z+&cU!8*3EZ^SfKg)+O8KDvxj@(jh)B3ohI z0u^SXUt7pA`1GLF;o6j&>gwNtkCswsEe=`=>ArcV#7nl~pf)vCG4W%#Tx}TCstpYn zE**PeJ6WrjE~lg~6tB|i#a}+HUr+1T)B4p|`aG>)PwUs8dHs6K!gavBdweFmCrtkA~9<1%cz8?p#g2ETJ4a-^Nl=OVB5D2O9Eqj6Wm!(Y> z>5%uv#LOkc*%L0bT3sxMmiv?|*{*obsM?dPo3rVZ5Ysk64B{A6Ic@8mu2vUSeMMGp zilSMYPCNR{r?0j;hTs~Zv{kW`Kc4@%xx=`^#ch7v{_gw=H*)0YDtGW_!yrJEzD+`% zhsl?LB8HgeyB)T4j$rr;!3@2N1LTRMjMm1zlam98%Z`v05<^)+MEWW#T8HA_od#aK zc=03lY66)|r4$AFQ+5CCLs+G;sTu=?o0Oy;*Z?vB+Y)nLE@mcCGJ+B3na#?8BAM|e zpG5g@r|(v=s>H@XXF__q_Tk%k>hwP{g7>BXuG0T@cS`!-&i0f3_bAU=`X6VC2TAq9 z0e>60UN|Oe1`r6U+)Lbmfs~u3Uo~975TmRg0M0-$znV|CI}|R&3(T0vC?r%CD284I*9O7{>6zyT@Ckho`Lah!~Y7$ zA&w{C3>Vafg?w{k-wacdL`bDLf+<$%O>2j!rPCeR6SQtXXeL(+nI}-^dlwO!2SJcz zF%!s`$|hA(t=y(g?Nceib75BgtUGLc(Q=DK$9m^yZEAFL)r0(VU1Gk{Ec!F(xpn&A z9j|lpOx;wkY^Z(uM)BTT+@~rLuQPR9YFkwTYe4-RV%uc z9HtIZaTAly0})+rC0bzox3#Nb4Uo#@;-rl+k?QxAE=K+#*UTkKhk#Y9b>yUYe6?fU z+=2zQ;IlcLu;Ea=osxtlK@z!xvkAPPE-%k6%vt>9NAdL_h>1@q4W@`wZOT|mYmS;r zOf;ty8-J6)@D+?;93WzF;KLF{qjnZ!-U@27aR)|Ga^uVN|2|IFxnc6_scd)Jrd0IX zNQm60*Ch0mH|6Ba+XNf(s&@TRH!O1tn}X$ix;F04PFI0MOH;k2lt(Wd{yzPNl{h) zLTn(P!+4@|oz#8R>c8fxmC)8YU$ulVb=}Zoc1hrPjD!59qGU*V=Lm+2gD~W>U$bG|SBJXGK~y!qA(R>uR-e9xGaN1C@Na^R7}d!YE#%xPZYC7x zQ%xwu7}U2>GYASU*8R$V7dfHH2$&xxM)Y%j+<>oNTUIszps z4cc~Q1G!=9W<6-u9 zTppgasv@HE5_#tdcA2)NI zLBF!PpkL*U)o@bPM3a&2OL%>=?lWIlHKD%RM4ED?xiBZ~B188iY}`Hp>{6y);SVVK;FN^dN4mPs7| z>LgDtQue!f*<~}SI@{5c&+#ihEBt>@?xWt#4Y*?euQ%uy{eOGAPw`)m^Q`6nb9e3^ zBofT!yKf^VjIMkAmm7p|UwerqnBU5tV%?o!^e$I|72SF|T%=|lzNgE-Dpei3{f6fQ z*7Od2y>+i7|06u=1XD;@=gR8Yofd#q^1r`RlK+FJ^Iwnihzs@)rIfZ=Tl!=H3`k;K z_OR^YZ`*BJ+;~wkOrA3+Pa#KLE#ALuuEaN+2@oT&T@pLNgY;JKVqM*kEdLY_xZ zWvg`3n&7RLpwNMZGN)7&ft!R}M+pqYRn==!sI4oDqaU8VDP%68_+)I9m?1KT0ix35 zlo0_$1g>#xulH$t-fIUjZU=ENZsVk*FA)|!|5t)z;B5i#7O-zklv~on`-(?l|0ADe z^54mmeTM~LmHgk{-Yd%gz1~y)$47bOM2@252K=0jkW#+@OTY+$L~3gxirdR3a%DdC z>l~WB9%z?A`_QgrHQm-IXkldmDr{R9<c6fZDZw_|pq z_`F}zNb;%@9D42%U5aLNL=KZ#Dw6vDt=I0o@G5sASJSoap669aj1YrPt5qomB*_k^ zD7ZExp-i^7Seq#MH6ng-oA_1<_&1l6QYqOatGW;6Y4up+StkFL>-EkdV5{W+POq5% zcd*-kivNC;$JYN<;LF;ozqY3Ngwx001q&^Y=MY7dm!`U0t?%Dbmk&9V_CcCz8LyD= ziAv%>1fG4~!{qk=^2KYxG%du!%&n_K%CN0t&6Z|dhBAXOoS@JjE!@K<7kSq5I^)Pb zZ?x1Zs#x|K9EPw~O+Bd+_A{d6Y-Y=HpK(j6nwXzNhym;h)n7-vzm0Ka80!eh)OYMP2MX}5ks61phQ zcpH3tC>WstW)uOM%#g6*q~MbyImRdoso0!}@C-8)a?_4YF$Ei=g&5_d(+ge}#}nbn z+HAK@#(+p6DS-q@%pi`bVhHgLGjM~Wh+Byn<#cx7s?fE4|AivG#mcUF*hVRA&7!Hu_xNB%J zF{Z?%x=g77w^DxJo46R#h4DNtL0Xbl&&)(wt=W78YCc+w&IO}V3OSPtW>+&umJ*uG zYALC--Gax!>Z>Js)Ze+*Nl+TW00Hm6J>Xq=>kAs)v7(4C?C7$DcW`xQst#d0{9L^g z+Ljx{&KRyf@onwOZq@;g-96b751aUObBk$1K((F|%h{BYBt;}zfBQsX@y5cW1g3j=QF$zrBSk&p?u%maSI)lK7V#2tLp(nG)rQNYT$~m z7iev;ltG5ZStI~gLB3E0s$kp2#}G$gLr_*1I?JNSI!RzQ!1=d!YCeMMcm>`9)bRo8 zhm!;J8pq)Y;?Ff|q97yk zoDxHym_G32yu5Y9T19&i9;09p=nF;7&--kHAu_|UOh+|Cl=3MK*;LUr|M)ilHY^SP z`b}6uqN0&pzSK3-0szHxotIWhz_a%!M@kL|7yPg+4hjR==2aBcoa<#Z$oCh==U4X+ z_5LBgJ-GOJO_-w2N}yL4$CvjF`0U4~1Q3@MIPMQn zb^h*MVZ6Pb*D4)1`D|rJ&zlWkgnm4GUvA>`!^zRf!PSS8i<4Jxj<1f6Kb#yMUliJz zCpgTTa<1=ipd6i_d^kS8Iy^W#cy;pTIVMRw<14`&5)4O?K7$Zp%0My(Gni6c13=5a ztrJAF-KJ{DneTj-i(AOgV5;F-&dQ=MSrw3(Dm=TJ1xo32SM6$u+Feow_BBan7HIRX zBDI9w1}{=rV)u*V;HsmmA+Lm2b?H-)!eSOyka@ERtwN=9cdIL?EH}KxkLOFV%O_LS zKKQcpY85}!G(z$G4QE#CD2RULYO36*(4{5UnqLkY7SFoHE4opDP*@16)Lr2=^UmZ> z4^2^k#|zP5M}in91XRsSZy8a<-zc8HR#&K%9Kr!X>^PS~zRD=55|GO07B*tdm{{ZR z+T7o!Z~|@9bTe#(dS?o#fvd=MuO>6#w(uBF-on&r!hT!Vid|-TLo3V>=M;KXEM9J| zi=y&S3?q29a>qX6^i?1;ATG zCWs1$#wE$n>A?lKI6QcB3??W>1Tqu?t`gvQoXD>7k|xu)z7ImAk7)tv%U2R8|2TZ9 zZd(vruHyEElFs2~qOtE?umHUTGMA0@s*H-L=-gCchUs~sl(NE_)k1EB(J| z65cfgXodf`+b_lc?DhKnC;#tbJktN$x||}ACZTlaVuq7=iT}6VYU%(^ld$$MnDNib zWU)d-72oCgSC)B>%GtNe`_s#{iOQtnH5OFaLY6I7`qkD&ysABd69GAblq46*l%2|WeO|))+1y>pD{0+U|J?u&OScSTntSTZ56AKE6mhk+ zn!Z?YROYqUm{9f$X49W!$$~OgQ=u{^i52z}#_9-OJ4xk{y7CvntTIVo#aD_T38r$b zH*YJw{N=U;HPnx0yxYiKTaCIXYrPnPfBgCoZQ29@K>xZ!Yu2AKM~Vucd4pqh)-pFY zik};JnBVKZ*?4QJ{S%Zzg1owm4NT4<>F(1}2PgC- zrVK`r`&@#j-E0cX z31FJ?f)(GaHma<4Yhy-xdP*>wEn2nw@jjgp7@{(NWafkYNxiM(kMieR@<$oaUHGF6 z?W^%e8I_zrD$rb;KT0qf^G80JZ1Du#>F<2H_1t%$+->4JpuXa)ckr;Myo=y1=DQ7G z)nEo|E-Qr?kebEC4MGS*VS>P@hDj<5)U%38faZ*G`~C-U>F&ca%=59V{Jj2%R)JZ= z@@VAUD?0Yn+kCS>Z>q8Se-L4)vWr?j@6nculMr24sSEAj_t*@yveD|l?-4vp(j-bI zi;I*X7#=1uWd!0_n$Wc$?-hXvkvxHm_4BrkJh>ac($m2IN7x+?0j@g#y|-J+|FPSD zI{)`5kJuJD6RALr!%rV?aU6cl+Q)gcnM}1Wd~|amhWV3f8Fh2c~%5{;)LGAHHoZ?DW=^WS|^3I7$F0t&b3)p*#hmXoP{;C?(fq4UoHQoTj=5PKlOII{cb7$ z)861o{y)aEH2*7?RBi@X{$`eBF*`$KhQ)OV6#Oe0$sDkl0+Pk85gI2%ACFYtB(VDRStt?11iueDeoj$%T-D|R;DNN2N4>Bg`XS8r4dUQ;WY9b&g zq}Io4v>1Xkf;i@*TG{IPyLXpYX9pJ-zq~s?dWh!LH=iU4^HWIaO+vytAA?0TfS3=ddD!#b%DK!1=ycmZ(*xq~LH6Z0Ii6_Yt27Gt=p_Hr>uHivRM-2%Hz$Wb|Mc$t z#qrhI$?1=`B|zR#H4Sh)X@D+GB2tH_ck%Acxfmqxwn%dDYYdTS@bKMvDV*FI9Dyy*a)*cz^lR@#*Es;lbs}yVC|Bj|CwPGB!mq!+}`ft6MlYdV6wu z_5R}c{Pf`M5>_&x`EsGWskPwlI@xQf%|9#=h0ZZRA9$S+jyrU!@$~#a|M`c4EJ}hzz}vW@ssWY=J*t|vz%A=Ta4;P14)%xVzx+SYnWu3_Q+P>*$t>Hg6S*?9aP18;GYBD-0on%20>Ag7n}U|O=XcWUbbPO-49#f`81sg zCqzL7y)CPJ{wzSYr8ObX@cqg8|vX;~ovS4}=Ck&4lMOMObKoAsTf>j9_P;GT{1JDHxSOokVFs5x)u04aF zt}=?q)eVP_=*!*yPJe$N{PBl^jR;8yA6jOC_cl3?tpcgD3DTFlz5YswP3e$OHX(@q z7L{*blAg&4pLcu$7H-*ab0m2=AnV9b7Bd`~QB5aTm=XlT1@Pb7_Me4B{-?DT1Ai*7 zfReaaj1ne*MhK;#-_kE))UfL{`fm|yN#$_VCRuza*WitRdR%k+r?=^WKctcid|%-9 z{Ijh$e*wNPoPzzmZg0=}sMT9u;I|AT_ScFo{q+`osx~T%eVQ%kZxIYattGi{%VsOc+dG4FUQ?@unqbaePtzX3J$`pyQNUOt^4T-VnEs62r_^SNpt|NgTRbORcD`fD3~FrDBwVB#yZ* zm&DX-NQx?h*|2iG@hSOtfoPd2B>{tsM8NmO#+2{#RhiSQ!q)ua4c!lxkkcQeKpgJB z*x&AOggg3!u&uv%9U)6QoSx1gXmVX75dq6Nu6h`X1K|#Z&GqG8f7{6C^X9XY1A{-u z?_RfRP5~BO^2;p_zviMz0E})rth6#*UKO8dHgZ3z7de1ZiDetWk8GxEO3c$(!Y$LG zZ23I}-#k6d_J5Pn9kYP1i2vCh?3M3-+j)xrd6Y-S|A;YG*FobX22nD>LG#^OdG^}u zyQT!sAX(_k4pc;SG1#Xn$~3~GcE)g|3$+y}bJL9t|4c>xc+UN4#n$a$B&(i^@^%ZW z7@}sFiMTj}--bN#ZQTc5oxpQx4`sd&>J{>#Eo~M9 z%F%DY)6N7hztF===Ygjhvh%=KwDeLH(@<)zqp+gbWceJz642$l+sobr2~MkL8!@s$ zc)qtOgZ*3=h}gBWckBdQCth4q%+8rs=z-$^vE3tuyt*}BK?{=32q_EbU-n7%CQxK| zNRq;d4n1jUmq-4#5r%bwx47tkUVR0FbESa=zAypiffH&fr_Esm@$6Cy;;M1v^@^@6 zXB0Q`a8fm(o5g-}ZH0rW9nbRDTdY-2uB1Q7({TNN$orpndwcz2{{QYy?`i#ij7Ru? zRAZs_OkXZ*a>X57oxgy0 zY>LPYrU*zh#8q(!oP9WyN4E;i7JC?1-A)GF6ZRXzy--(4C@^J*jn%)6!nIiq2d1{k z&2lQ6UGqgUj}sz2jLUFZS))o}&69@e%Irg~nn<5s!2fh|gqc>K z7mluJCt6{u0T0bmwm8DXoo@QAb5O_C{A^G&6ymJpPRx(W7;v5}=~d|0%UhuMck~9& zaPiz{Wh16=RXgIRE?bpd*}$nk$f78kkn$XoR5dAMz0JBJG9=pDbm%T`>otieQZA{D=Gj9|80Y-zJ5Cuj=I*I*rSbQ)<{<_m_26npziJG5!7urC6R=|0@@8^Dw zg=c+nj}n+5gM_f3+_MKu;0^bC{cUe4JZ`90;V1Tzhn-Fto`_#89(B<0G7^CTyd2W- z`}zM=!25pAQLJF3{7-Z4K~vvteQ90m7_7wcU*RYy_u1pGhrzVE&kDz4pMBqN!4#{z zp@(4JYhB|w90JLrtr=pFvl>@w#MRVRcx6>QiYVe$-3E~B&em-D@};GrSFo}yt_UWW z8pVNoZ-qI`Is~?nulROJ9nOb#J#i96^JYyw98ZRz@Q8Yx2dnF3Bq~)AbvU0@R}sTl zRYeSYRh^b=MwXdLPKf;XnU)n`BPXu_w`rJc3Ai>#-VTr@W{-EReq*Y)lT7#~ar zm^He$254b;H-JI{6=|pVXkB1IGD{=G9O1j67;IfwoX5(DDbCA*RVm@VNawjy|5JyV zZmIk=@c-}jcZ>V~d%Y+B|D!w=`G3By_NR}|l~upSXCM`bT+3U2GVifhR3{&c((h7& z<~Ye@s=S7Zr)L8)%4?-Y`Aj18qJary;KKj9v$m~F6*E! z#F@afUZyRDTL*J}a8jprAcw@5ikh0#*xf%~BnZ_5`anX8bHA07b#1-uFc_2~hT zkiPDBDf}%%HOioZWX97n6F|XE084brBA9a}Bn&7^YBUArm>e7HG2|`Ukb3^Zw| zQacSM?JXOt>DawDnA;>9--gIv4}EC{Z9Iawvhb=is=l^TzsA$V{*wth9?t&T=@tF| zy}j-3ll}J?&$nm)sdO-RvHv89YWuI8ZRXMKKRX-ao$Nmg(ATp6BntOr|0!TA?Y}~! zt4y{E9341o*?)C7KAinm)!P;JUv0Or&-Bb{AQF;rOc5*zIngw|pZzYpNDw3_l6Ks*WBk#^BCz+yYrn9u zA;Fdu0{Ih9tW?$r^t_<$HG*=hRz_ge1Z+VlvjcfT*YX+FR8EbMjIvQ*GSoFZr+E}|I9-Fb&VupKS zvsr8RjU!1{En4{ZqEhYi@y{7Y7!!uTsjaj*R+31|yV{<8^e4e~vvn}ys8 zG!uCTuyu6zHVpGItF2<||DNcpef?Bedzgm>Y+e7*ew~bcucU!ACme3pLu%W$vc85f zsT?aQ5T7^Yb;q4;N8Nt#`8)JwuMyVB(C^1mYy;6|`5J>>zf|sTz*-oW1u(s5Jx$Cy zV2KVYXA&Jib+j?f>FI~5t)+QC*lhMDTN9rUrOoL4G-&HB&(Dte_wE-L5A~h!1EPNC(opPG($O1KJDDQ~7} zae7s$d6k~Stx@Aj-^*HD8))@voJL!%B3DIPH0hzqndt%;Eb*q2uE$lMCoYiIyGe}a zm;38X42BrIlE$Rf`_ z{bzst$IO|U@BetyNB_@*6rTV67H>{PT0a~i#*V(;uwe<-=v3tVJm6}=Yectc3?RtJ zl7g6o=u9k;oe=7nViF(x`fHtl)D{zK$T-H5=FjHbpxporzWw2cLGcF8(+Fo248A#g zJz)R+=Rm%K)1XLLkg!%Fv1*FKXWJCVtE*s*!fk}()x|0%`OnWkpkT}Mh93Yhl-XEO z93YipZv$zte*Pgzk$4TdcvpTXUXTCvS1`Ik+FQn~kc25zBs~Qe`um!qr>B)iJVegi zk@#GO#PIMu=_Lcc++0f__#WZanw|o;#7K?VT*EZH>ufR@pL{k264pwk*lRzT48j$E z--@KyC{;NVhkv9QZJ5KmO#WbH6^ns@Ed$xvO zDicJiWaby1E0v-TG|yDsZq76+a$_u~qvTp1fKl-wuUnx*Yr?yA2&%O9XW7Nrvu&=n zBDc@f{xA0Dra&pO^431t#=nm?r9qZsd8pZYt^+EWtMjban}qJPaXU1t=87^*lF`j} zfzlXJl#MVs&KsSI47%8q{;Fza%uR~E6kJa}3c=ge@~8^p zSedIOX3ChH9JLz5wgQ=wghXVu`v>E}yelTt?ne*N1mwM{ zA=(b#r-k&l{~GLnyn(Ab+x}m)@c&OI#{GYHI(8oY{|{2y+5h^Er)va~lo>#PuMi*^ zMBQqZONjq(0G^6x9R~c**Mv|lVh+;vh>{UqBT*X+RuNgih)c!hZCyr^3%C>|B*T=X zJCz1_lp`J$ABzSQu8dmjmygBkGOA|r+{Y;w3bqb(zL|oDpD=9O#V%$=(Vgu+Dw#i?nz=0q9h_a@!qnMak{C< z!xggIpj@K`wIy?NFTpwFmp1x;?^(8&hW#%e4j9j?DT*T!|T}#7!vMMpQ=Kw4l9;)1aPltEW`UvOsF${7d%ax&^9Jp*nl5|$L;Cv( zh`a}nGUCrw+VlUjARybA_7DU6_`g@l|L0C-kN%$rDSP<8ob(=I0LtaEUmD1ot%ZW3 zsVW=P7mJ8cE4ZVi$m#pE0z>PTjer*7LqVyLB4_0p`Q3#{-mOQO^81wr{x6r!&k0HC zosI$b@qd3jGxdMx@%@j7DK`GkCLJtE3LseFTNHz8y7ax2;e|MoF2!9k6_gtFzKP4$#-NEmp z%0B)-HsAksr&H(A|MMWFd;F&!s&yrn2sn>mW(&Jg%P3%VidZX|Is(N3st*IzDrmu= zU|&d;fo`bhg3v&!dYtldAox@C3m6Os_UeZvew9C!r`34Hb3Xjf;D1V-Sw)0%cFT}l zou9pYKK$pmR}IKOTWo*H20%vVm1Ffr_`~@cru1B12r!$P6m~$@Vn9pb>T&?ukg0+A zRDCugjQ%5~MFan*NhB4mJ4%2({NI_nCjXzglgT6he~8kF|HmOpGXO=*Eud>iK|o>( zaa=^-jt<^raD`4S(x6yWBIvac2>j=IQNVxd5?5QrVraaqlNT9dDJhOu18Gv2x2$Lq zsW0j}m9E|wNo&eYo{rSrElU0yZlc5b)}KX&lZO5O9;PvlS9gy9-lzXLW6#w8W{>Z` zJWT1Z|9=$g0l)>>Qh8}5B~ipLufWxwji0Y3+2k6o8m|AmCWP+UFb&p^FH1B?V z1Swjf58vWA1cPDvKmQZ{pD#aVYv@g;rvuJbemr~q>f+UlQ}DXz8we2<_fww!`YX^c zo&5IODf@-h`R%vEBaraRmJGLKkeC9TfsCdkUPU{QB1S%AN+F;Gz*~aD>R4s~^Q)C9 z3AX{oBnBwH#VLt5D5j%>|AXTt0c%Q=?DY6JBtbS>U>d^>W`lDqc`{0~<289dq~v(Z zIX8uIIFwk149iffsb9PKy_wQud9YH;|Ap*4{yBgNT;S-gIiU9Ne}6nP^M5<8`*{EJ zK?>*pa7)PsQXIf2+HpZ}es=lutLN80e{=Eb+0R$cU%$OLf4(p9TWVbTqAB@$m-qt; z&tY;F^2>z$j#cqB*k+V$te-h>>(_9{m|tN1u24TqNz#Pd@?9afd@iupSJ2Z?qF|e1 zx>I&(X@|iuwDkDv9su$b0bNK4SqCf~Z%ITMgpG=P$Zg#(t%t8$x9fn<=xccqG-9mn zV*YGbif=Ea*L?{~c`aocC?lZB;<=X>8&AIm@}NWS7Iz`3IwK0x6`~yJA$SUIa2zt@ z2FJ`+s;g6ScYzFTZc%zpHVI4-82s&P;5y!zS!TJ~R0~CeQ}p_4K+`Rze2Pt~+_u{~n}pPIDGTQT zN^+g2)X{&@^7n9Pq-izBo`;itU+=S*h4dHyqXAJ2at zq;UTKoQK$eV!DCSlGM4y`!$L|h?u?dlBuyc1KSLREg8P4a}|h;9BeivO{1)0OQ<#) zb?wzZ9_WaEZ}xcp z^B|>B|I06d-JkBKLPGcHeHG`(9-Z$>!fVvfUJ@9710xs*D79&R|6v+V^Zwr^NrW~i zrZ9Sul5NuO6kyN(_dN6c2ha7Vv&a4a5Jl|&Bw@>2rT?u?yUe+i%Do+emH4^kp0B_g z6tTd^Ux5tXA`8+af&p5SC`2i^g(+rwO4--Nol>%a^1M%`C#Dm7Rj#3V>Co*9+qYG+ zt$tHfC;Si`r9%``lro)3>w!dvqu)&!sfV|N9C5 z+#mnxyOsE_$N0~ODV)K4kJ1(5as3eqU?g5_%rmRTp?JoTuN3)BstS!7z^zKvhN;EO zmmo{Ge~$z(R#DZC?Am@Zc!@u ztwEKJt^`WAIo_&7^*J>qOoz4@`G;kR&HF!~ceVY$XygAg-~V@KWAE|)&x4dk`~NM8 zwi|RFLA<$EufyJ>FW|NcKHKXUsB83)CqsWS|3K6JXS!*2{BuBJnvy6&=~)~T%4axZ z3Vd6xuy6m*#>V{*Z|qDS?f(ZUeE)N~1g!H6-ebD1|J*hvFmF48MdJ}$V5JbjS{&+? z0)9=z!WHTf*bW04@QlP&aP2xsWz%b|87{6e@BwTlrU`3n>ZLm%aM`#JKi^&myt z|Ml}MI6(DVOCF$7mRrQW7WRze5PdiTUt)?jb*bJ}b)M#(qD`LTMSb|PN@Rtf==d0n zI%UD&A{M9>KBBV`4uWnH@mP_8s6udAi{R~SSnKFx<7HJ1G!%!$kn42*@okvL(!aFl z|2>tzHum4t%>V0olgIpD4^pc9-&FoeKX>H%^=e-ShHvNiB@Vh@dlUfnD2!ETZM4M_ zpO3V6U3Cgeie!n!H!F;iz1OIV1z^*a+{HcBVgL8o`J(LI|Gr;||Mwoxe;%aN?0<9T zcir=*k%!||^UiGM1Du}HDN8J$fqa^024Xmef8p7s1UUW5e}47L;3gc*Z@=m3?D$V# z*L?rA{N{3%Z}1+9_M#&eX2A%m7?f(Db3jd&qpWQ5f}RFri~X-%!RTiL?z8_Y@4t9s z&v~@}9;9gd-#*WR9n^pCap$MW1-yqR*scTF^n-eu_bUo*oX8EZJF5+*d03&o&PHq? zz^+Ny3`GOiU37}a^2aIN_Pkoc-^&NEkN;Qm|9g(}c>en!#lrt{&VR{%6#Tab z%QsyC2}*mp0!-3AZ+C#|Ws^IgUB9)<5_`HVYJTROE>=O+2ck>*99WYdq?ACsEcYJj z@cd6u+VFo8_CNdoqD}ly<^10pPy9#z{}4sz|CM=`%75wiwqk&U&7po}sBHp&YUry~ z*sFlsXzK|H>!bOM?$^O@WK*T;Wlkkf{;u4r-Tv=?_WMPv{2%82cm3(3{r@1Py#Fh9 zzxt`euD68x<)H32#;**vEORc2U{!i&0PJdgR|5WzBGxZ+j z|AUm${+IKt_I}!Yzpu3KQ`-3~r~IJvKF1!zu-|s{Bp#1dlfa68RWW&GRP8NFuZ4Bx z?K7{uF7{PE0Gfs6weme0>0U>W>k)VB#T)fOuMs=OW_o3q?ErdQpBUe*rTT z0;1lPCbu|5q0B1M{C+fFf+HA3x*R$F3cNruN+Cru2?^vm%MwOL9PCuSlCO?+Sy6q6 zNemKCM{Xcg6v6=tJaUSEp zAEfa8e}w`Phir>$On~h!_3F1+6eeHbyRgkh7JH(!mBnL{92)vSQ5wVOBBm%^!l1l| zYo8PjV1!21c5L5)k054hUQB^g-rO?FaX>;eWO@xwP;+Ye%8>++iA@tZzvSLVI7fgFJHAGjtzH+Gfv0AB=t6lMcR{L8wziexE*Op zN;VYYsK?-`rk#dPHEKs)jA*tdg!Z6LHSI*5YP5&CZ?-s6X|&=cUTt8qf0ZZjeT>pk z-h$zUuhJqB)*5F0;maq%yzE2)1@H~}HA!eH?;l>IK0@Wpck_`;X~kI0Pm=Pydn~4s6sOnl^Rm#`3VuB1#u9uq~aYcIyQ8X_gz< z-J9kYc`QQ9F8P@452J1kCDItt_awbZNQ8r34b^`DmG!aQW3lT0%s#p&2f!Zv-y8ep z`|p#f_jv#7K}w_IZl>8bXu8xt0`2V=g0(7t8) zZPgAKYtk`yq1XO=i{U^y+fuSpPLzaXl!>@sB9Oo=dr#6Z6IKffE9!Wy$|YPon4d5! zSR)+&FA6A0n~|p|#M#~Paxg7XZeWUGxVSq~38*bv60gX;pcQ~xq75P(+^oqqLwCnq zz-oy+BT;&HvgTif{jAx?GLmkR$+NSGb}oco^cLjvrz|IGK_+^Ii)JpX-= z!q0!M*Eq{vyFBcN8FLx8kv7DZa)Fd6-dBC}o}@QS_Sg4RtJ$l&S%LyKpDDV< zZ1%sy871lNCEj4l=eMTwb#(>c3`Ja#Ipwb94Wz+Zg!P{``@+S1ja2iOa%y#-=~Q4) zdq-l>RwOI>Xf$K28{rWfj55}fvh$rU3(Iw-ydu~?4+dB*rY&E)C1CxA?8KzWB>$zB zDxo{&724HWYM@$MMF|OOW>^FHdo%2NE;jj}A9vk@0d{-{n@EVB~UVDO_ zx6p%3_=}M-(%=<94l7?s6ybRFCJDu7?KIqe!k#zh=j&{jYCBXMx92DhYnGMzCWIsd z!bj=La(8NEwLX42;YN^w90T-AQ%|3g6pXSh4|U(h@D}0-E}|kJpoHMGMt{&675F#s z!<*uFG5HOuLK&iIsW7QzXvH?{}-3> zGVOlS_b|zI`~3dYVkc_wYru_aeD&s1{XJgBrNROwH#+LCYf0|N8XWPbG6i6rMHWAn zRg9u`en)6n5>iElx4EgIp^(>3MD63Rc!C8s4vP6Ontr%NX^KMxC^1HnCw<^!rHPLv zhzYIW9hD#r4RKU{*tA6NKyNsZi6-epv#;DNype69t!0eC7np*DRc%0pua>jWZW ztNIf7vR0G&({R#1X0h}Cbpjve{)g+1{mT6h|MC6z2PvPF|MNR__sjX$3DkN1nxy#O zB&IOBB;nbX5`IB0H6;LB%NE|hPN2s18TdZ@p0#V@^f{K+Jiego6LEJwIR%>599^_~ zkV(0%V5cZSDe|Y}1694}g|M5VDb2y#UpAeEHQfNq2-*r*5QvAqb9X4B%0|p{bPV!~%c#B7!q_NoLzswYI z$umXVNekF#|M{*N|2dnDALajpl#2aVn)Z9J0gZ$sP0B#2YFmY%Os}REls_2CL3wdo zRD@C`O;IRA?qe>Nd)j0;*3i(}gsh|g6B&~wRD)X7t+fSX#XOptpR(Bbe{vfp!90NBs}&HTTU+3b=3KS=qc=RYDB zW0T6yYP8k#d0mb3^S=$fo-bO9I?ujoteQ9PqrCHm7M;Ct1{T=*c>;M)+PVR?u6-f} zUreQjsI@SVEg!Y`&$8J0zi_=hK>iPR;#BVc`jf}={|6}*{(r@%{T`UVa@`KgHxG)3 zY}n`L@om|S`(^%n!KwuZ3L)hgdONeO+=py{Zq30AC-kqCSG=ooP37QjDcVH!^3zBB z7el_*H!KRBiQa|Q}*(I`5MPv#K7M3-^tW`|JijP z&wn4JRQSJ~_A@c<_a_GOS6y021BJYsOi-<=qCtJBmk{!+RZzgHj8FjYASx7y{Su=t za`@8;i%%SNT<-m#K-g7M6c8Q-#vO{}|D!dEHh2}26x~0LJ^bI9RNnvarnATVuMbk5 zfJ;azO5=?2C$R#+`!$NeVvC~?$19M);0CTxHad6$c&3nSn}{dmvo(q$u!_h+T!F{& z>IkGLf)w8(kU+ZDeur^*@C3wY#qX4Zr%8&I_yY=sTj;+IN8pDz+5r;tmW(8jpcF(n zMx%q#v#X!4C`r-56L2o_iM&0(0wGSbgV74pWBy-3{=sPR@AR1eSN*VF9kc(aKeOBT zxB#?(!Ob=SOB|u>;Hy#gJ~{Ymw177UUybO7{hOqCb@0^zr8ip0|99{NyoD(y+YDSh zd!8MPl9VtGcQC>sg2$qIO8)m?bejbvM8|&wb|d%y`FCfpUOa#K!;8@-ymuUp``>jY zuJ4%p-ye@3_y0qbC*XX|l&OfU{w#Dr!}-V^x#Pj#|8@-je(>bU z6Yx{%!@r)cDNVA|k>+OOG>tmX35!Vp2W1e#-Ae#iH=vZ&*k4B>sq(ku3b3AY8 z_(N}cc))Nm>e!Aw_)2CM0U-%)PzuCDAQ6a3Jlw$lC8@0bE&jkN({#t!*%E&MgAj+@ zU%A9_2+)TF1r&u~FdP6Jhd6+gq~PgKPdslnY1J2;Wm}XTv-*dJ2etw8Z3E`_9x%@s zFkc_AarXhUQ100%_j*(A8kBprl*_q03q$pi&cz0@#=QRsvB;{1V@yTwy=k}JdsF*_pIG{K(zkEZa^FsB z`__+P!!QKfG~&7-*;4RJ#Ek!pY!HA+0z!f^&cq{pgMb<=zvJ%k8+OOkGFa{Aqh_!s z<-wY2gXPXDgS8}SV7!}`BAMRKM)Jf$ayv0rL-M#x@}!yMHoMuKw_9v#iro20o82s7 zciSuOykW1{^qb!5jiKG>%8fheHl|P(DoA8m1@&IFZB9j=vPc;M<15 zu?&OLZx~KS?yStSo$@&N#yrTA~!i0m^vhS21`g+CUsLIA=+ciLr9J$vwxh$UV_9+gSBtmb|5F zj8(xdy`gu~hh4h!Zi0x_Z|HL!zZ4&O_t`P}?CO1<80#Y-X^H~M7KLCBU`;Y=vJT$w zX*-20@Aq`v(C<19AwKl%_p~zCj^6Kag;z!-xT)v&9U>tNb@9ZZdNFfFeG&m51lEMr^y`kw&iN2J`fBRcDMoP6It`BU5EPkT@P zM7NIwB)zk4MNbGr0JoGxIKE-MCJE#Il&G91qR(C@M;5DZ?enD8iV+`r_t`J?d7>FI z-q7vk;&D&roftZ+-_U1^@SF4&eiK9ZO*G->4c*R;4$9}tuP5Z{e zA1A%}<5+ij2}t^Qc0SP&eI9pQL*w~jEhCP(bj2_NI3^S?chY_l1KUmToJ{P3XI$%+ z6CZjHY+3M(HP4)eT{rvXg>f)Q1&wqaQ{O!g0^Q%)Z zxFt9oNRL!Zz>CW_0A~PZ8D23XjgN@iajUs@c0IO~bh;oOXX@^TY3v6&k;SI`|?TzD%!YJYf$2M7|Fht_GDK|7S zYkw>vV%%Fq_=boWYa*i5AB}S>qFD!2XR-tZc!>kvlkwLr0Q3& zO~9M0Z$OCnAc>X&NDWh zSKf4$F-%gDpfuXC1;0%I`an}Sgy|{|&Xt|+xNsc%!trdI#p}IUJY%zX<;~(53?L+d zI6$Rq1Xv$o1d3NWn0~N^{A>XvFwGEuE{Lr$QHKx6v}F*R8jz`Lcei=Ao#gf2Np598 zocaOLcGC6re;t`3Q_z+xNehW94EsWAS=(wjG`*A}3`J?#Iv)hgyStKBt-L56Y zsg2qZA9|Bg)=(WSaL4WI{F|P1bKFc%?2a49rp!9Mm08D7W}T8U+qciNS+_pVW(|F| zD6>v)W!5p2S*N7Tw(fI{Z-M`GD94~1`<>40?ANg=w@z>6)-mL^Q&Mi7dCe(rL{{AD z5>K(QE>1gkaoW^Hi&%Afi&e)Et4>L*I{lmm({aZ>kDK~zk*ZE_sp=R)#3@PDp6qz@byTh|m$hJOEw2 zL@7qX>&VzVD`R71*Nz1H(0e3GvXnv6N1~qrGIcu&FxM);7=gAv_Y~UmkvB2=Jk|T$ zbC)|E=h>OHKFOJMJOQ29Pe57cZR6QfA()T6u`!+#eLVXq1e1IU?x_&W zN1ku=d93xhr`KaL?Y4#{(FF< z(Ys_ljHnz4^Xcm->L*SEn|5s~o!eWba}AZw)m1vjWYaX=fh~`-gCIkRNUxG>x2u$F z6Fz|Ci4IM@N2LL6H=WYgE&-ujwr=xgq@wnO&GW3x6s>9*;{Crz8qrbM;WeCs-C zC{eDiMA^fOj84wFxvj@DtJ`{Be~VjuxYJfNm*==wN4u$qW83W}PJyl}m44RVjO0zrgeyiG*TCCoRj zNFo$$Q%rXtVFoG$3ryAB4AEbH6^W*JwL+;1z*qMPZBx+gP7WRJ-1qouSyxO)|=p)1Cc% zdX{*P+`}^HHU+eo{>d5|s;91bIxRHM{v6HHL7T?eTj4YWdZBK*L*MHCxeqRD>7Y$H z>#ds^s@X*Apl6=yvElw%_rX zTTa5}eGkIsBg5@A)`!A0Ekww))FzYx7~%K^S z?Ke4Mtx8AV-Wwh%SMR;mIb%+5w`d37etB|kIjWlXJ*he|r`M_NpgO0z*d!6+F)!R1 zli^Jg;Ux}u3O#vm_8UxNxWS_99Z#Hn`-$_3Wo}RU&h1HgZcoZ{>sGjKM&uoGZu5xz z#5i679Ov1#)xn&t2lbP8(s%NVtG*}Y$*W!f%&8By86}(I95I3m6mc=3(w~py^mSxR zGb>}V-TLi)>DRdPJ8Pak6^hQ6tsakFJTJ9|aTv)7l_G_YLC0HTzWvsi?FMk~3&7KI zbkNMQ0CM)E+vC*(=yL3ue5*r$&QRrE7Q@nUXWIiUrWSo_+E<^Nmi4J=S)VeO29BlH zl%!Q+) zyc*}*ug2N#-1ok6Z``<_mbkEMPrQ&Js?Ki3@y#uN+ck(F-sHLeMOv5J;IES9bi9x6 z+wbGsuH*Nop&_RePN>Kl+ucbs~^ky^P@@M7~M%(2v0^+eJpEZq{XrP zS(1o;cf1PV+phvlETVMMSCkq_CMG3OY7a{_Cf4b=N}PsO;&n^2$LgEDTM-$-&mQ8~`!8@_~ZEZOwdZ(Beo8#crj)U5{IHoBH zw}JGVpv$-CV*1%%yYDW`1EUXwNarVpqa*jTUl6z5r|x~7+BagE#(T!&EDY83OSc2- zr^tx;lECmA7{NF|DL7-}BD>#B1@!EmQr{NXp*QX35cQ^3 zhp2B0ck+9NJMoq?qmw6kCtDskc^yMDJ$q=TZ;NsAd&fBWMvRlM$2jSoR3U1GIRoO5 zP<|BY^4-mpjWEtgB3z`}6;N;5O)c`KR>Re|MMe3&qoRBxD$3WRqMU{o5f;M#dt9g_ zr#x|lqe9$5yh0geBQ%})v*mayMx)~iq*soqXukR6`5m{E-?XLbb!@+PY?g1tX8C$- zR?|=$Tgvaap8TfuRIlawca6<*jE;`=j+zPSw;9Skw@g~<=So6b7lDPE_RFP*7D`BB zaCLt6^0^qHj@NBH`*mBt{z(n-q4zTIjM4G6(W!~~zZ4Jt44(%PPBH`%m{Q;!0T{xB zpH1+zj?8vve+24b6+Ra3tlNHbXALn-ZpVWHR~!`7dFaJ#g^0@Zv?K-@g%mBfQIsKS zosD{h-|zWM2yf{cv*GEpVV*^wlVk_*2ksz|iu|Z@4oV3K);J19N_~qT*|)_``8{K& zcuRBRx%Hiqx)~E_d?tqf{Ps$1Dk0x0onqRmm^GQsiLUuEN(NT=7RBNy$?bTI;@Xc< zd|MQi-!qDewVWHndzPg3=An zGA{l3NKCp}H15P|(fF1CF28R8mp?KT*ttFoRev?J>~3Moc#2#W!lI!mf}04(2!so; zO`{CJl{KW>w?stweIufbV0>STh?2diC&Q*i_EsVd9dcGXnE94dE(1-PZPQ3z@le-2 z-HsPuUHipX-{J}N`+7o+bXxvMR~YTrckD^=+>Rc9*Y5GRCEe^h>y9&BZD7 zUPjA_m6m$N)#ZTUEKc9E9&*pQBc{a0&-C1w3J2S-Y%oMx!$3jXb+PvHO^W1j)JhO@OS#NPZ zGsOAK6z8txdd7R4qSY3rA%6#qzYVrRRKEXH8!{qL*{JWeeR)gApkCj=l{^sf_D0FcN~iOV^yUZOOmqju=TJ`S(^1#mS$xIWoGC}mF~$tk;oET zuD`e@x*_WwXF-aSdjI&$qVLT5>N~TtzB4oQotjA#2NkzTY)0IH8FH4J)crlpW z;xXnT9D`%K*d!^r^HNh+Oxi@Hfv}o z4kf*z8sNgY98Ur-9N6paLVM1F4fKoe&R>HKPE$FxlTMds=93f4v%cXriEzM{j^adt zj3MM#@eGa5HheaJ>B-Us3BU!x@ym+iiiN82(z zW(0Rk`ct9=W}a+FY_p6h1{n@fz&au3qf>au-1d;w%wprr`r0_NvW+t{Y@F&~@{Hq5 zkTOjO^03NFNY{Cu79n4kI6^$o8NrZW7SE+KAB=9CVB**2#z?pES@w#=uLs(XYi#pTZFX~MB`x4sbpK4F)7{ii_D3Vgv_x$?s%}F+d zbhsumTtW;J>v*?>9&=lkV@YLw&-;d0h^9`d>wejuajZEzWgjWZXc4-EMa1vCTjr6u zE%AsX(Aw+%6FxUPZJF?LhJbA%Z<51^yBA9FT=JO|o&yF3bPJ*rvH3=pR4-UTF#v%?d!iyB9JFdxGr(1L`Bk1;3 zxWfFJ4TuPL2r(t7_$pp?XX01>y(C-{fgr;h9KjSMkW!S!M}V$zmg9I2GqBj=h>PYF z@k<>Wh+~Rk$j}8OqhNvPdxT=4cM0&^Tg6l}DfDT&129-)bjwIw5g0KV#l!W_UjO%q z@lNnsJSfGOWp;4zkL?1bF`_6t1@Hd;waXuV9y;%M)n}UYI5_wSUZaF$n38k{J^~)B z_Yu5BDYFK^$AgbUt$Zx~kNt~7yvVP^@qX}OIyksygMl*u!FMRyfR}Pu#O=_7AJ1OD zx_I^C6kLCIaRtu5J9~W%F0R0^I z`QIGlmADUka4-ay{Ei+7)+o5)hQLq1Y;kZiWLt!S)fR^+D?~xT|3@TU9dBT~h0*c< z!&_Xj7Ju=a7rf1};||Zl5XY-wu@;UG!4jt#9UTn86+*nbKmCYrunoiE!4RAmq&>q~ zK+>?N9f}`DtJN`mn_XUi_v1B9S)(5k6axr;;sUCRD2vhi<6uolh7J#g!{NbM6oJ=x zwWb+UEm3-lLNEl^{E7rR0(u?CzNO7h6!492L)lE6KsWQ7AE71YRl1ph#cyI=1T#@*HEv406K zy3XsXOnz9B0S6z!^*_N!kkOQJ{Ey(>;LY{<;2rn~t`G(J)284WZ_vLUK z1s|oWmI3+oHx7ZnlDY#h-ql*W8Cau~-~VIAF8i470H$b@jlgpltm{qWY)!UN{?uB= zeML8DHxiPm$R!cL7%ar$$w*Pnj82VC#`PD7$^Va>i7I~-pEQ}KAp;p(OfX{Yha}EM ztSW!#kHZ(Plx>Pau#H2MiUq_8Dv*u>5(<8un)r2hX^9G@dgOFKF2Dc;4A@XY6GU;B zN)Vtd14|qswvuTJ0>34xaAV?lNse-{OTkZUb%rF6!j{Q45@aLIROeEQY||lU+){K& zt58xtlmmABL?igHepE*M>A;U5!WmycKMjUMxTWjC(I6%<8vIMGNNpe)Hoix2i~vkm ze0ydiwrDdPqT(&i;c%OwbQnSkhapb+U=`PGDTs*3XC}6y0ACtp1xR=uGfNkQ^DzV; z!GaJrneUb`$`GUcx%5kJK3M$;mqU< zgataj=d9pgiV4W)fe$=WI|_jE@naMUQ15XRv2`ZQbxNe$F`p*s-_yFOlr6R+!rM_YaBSBti}_m0#=^2wq?c(n4=u?07N-nHUT**~5Lw zS6AP$U1P^Q5?B5Och(px=ccdWdk#TCYYFKan4#&o2A=pZL@{d_nxIGE$2E${+DL~^twMFC>A1hTNMGHF-hOt(tf^A9-V+eM!G%86&cm?LnlEG2+G zB>b2Ua|>&M#72y1&a)7Bhr^%K48Ch%t|J_;Qj}#a_9BddtgQLUO}=VFBd@R5pka!< zjwMeO*d57xlHTBW^$e%wK|UVn!j-|4H34UCJU&A1Ns^!#h4QA7&d?~=tS*)yCRE(o z5~~6xiD;}e9J!x2WE;~2uGKE(hLgq#M0CRUtd`!J7}0D^NM%#@5PCVNLgLYsY}vx* zKg)-F^VBYwuKD)8BwtBMz=?Tz;AJc$}4gpcfjD3 zNzUN7ylcH_!Tv5 zVrB7@bD@za6P_)Bx0kO*_U?@GWB9V*E)ma&_;HPcHD6?EZLyZh#9c_aTQ*>AxTHTo z!^cNM(-p*GDb>#F2UuOy#KqI0Gmq+tu16#EcecWR6U3Ddd`q zNcFe^tBi_Pwu}lptf<%w0joX&Z()Q(wbHpwr5YUpH6tX|Vy-#T&#aVL(syQ!fqrY8|9(g!I!D-mDpw37*1L8SX95mE`?j z*&2G2>8UqIp+7!xpo7rZU(Voidg3loI0?tgz;h=PcM2CvHyFDJhG;tXPZr)ZJPGE3 z7tAInels;3JEN#h$Nb?Ir706*+<0R(l%1&zxMEjuAX`eZ07jxG`NaNBE#bd2Ru_f< zg6~L*|IOM)%!C4GvY~`in5m76M0W$(7m5L_-(u0t+xit_qUo?|G~g`|*CDH}q4CHY zIcf==c*qM+91l(A3vW7~jGg&(;>{s+PSAD*O zK50RfT1UzfXN2N}5JxTBZ6lDq_>?jxWx%ugrc7HSeZ+L!cIH2q~YMGY!^=o5p5f?2nrPi-9PWlE zMLg!5b%N<6AHh49;dr&>iHOM(geb$z%1lU@RU6;p43qdfoH0)O5^uPRUIOyDYh1v; z;unNOZLk*AK_u!MFbR)OdBcM#M+rO5J!A1^+8c;Uq-~VNQzcF8{G2J1>0nm!VrPH*|#JG&vM+^5!1bK zsEiS&`My>UkUf>s;gGx5N>mDO!3Ay6S%+;rWhHUegMO8aQf4~js{^$68107 z2F{C9Y97_V)@#{l83j5_vZc(ZR2JilHy3PMm!lvUIU=IA%p89DS4kdg35R*TI-&eV z(j})E#yVSJ$dP;=3ahk>{Aq5ojrj@Co2zf~*j`P(^D};0~lHBhf7aaTXDBvrW`_1c}9!7tMW=A-YZE>J8(pM&p%x^_hwY zp#%)hqise}`Ylc~Iskad{W-7l!w;*NO=>L5UD+(vW|NL+o9lD%%^|ovySn=E*(vzzufKxP zYx(p5kH`G&x4(k(q5>}{zWp{O8~GOiqmh~m{(D8dtB==7RMQXjl?M#T_Vsl>P?W|n zx`-)CmoPw8`|?eOWJDB}cakBcJT!+NFz`qUvG1`0GEz~TY;V7ZDLMr_6l$?cM6&an zlPq5ZijEYX)tR^46lEW9!FZG^S{$MVbF}H$Q%rq;tq@EAx!$ zmig1aOKo1h2Zv&sV)5%SqQNn%nSmkLz$9U0U0kx-DavG1_MP+CyYF2XhC_*dNC|gM zAsP%h1;h84uK7QQP|$sRnDFnBAD$!f`c1no-g^uV|D(^%=IIHHwj58jHzX3s)&rez691( zRz`c>2}Q-e-h>Ur@n033kxuG}ecEIF=0{ESmg#$b2*i|!1)Dz}`ybXJ*;2v;a^2ED z+fov-Z`!~J?yTZZ_|sY>rAHzvi2LUGL;h@)iWh}5y>$%%LiT-&KcMh?9EK5M+&!x? zjdQhtC_NpbyHN72c@k*^sO*0M@y5ndRqA&!R&nBhPK7jhMtECqG4fjmm5 zDMU+rqkmyCjB~;S21s#LHbEOmaloU@&bi8*ah*Az?PA<@X#6^8lAt&gki|_AjYcUzS{p==N+`ik}UG(!o~*3e;z5Jnx@@@OoQNga2i@S-^6ft1ye=3M(H z=U@CEW!AyB^YVjU9-m@rhgZvOr?a7XTV=(Itk;>v6iM`;dX<*TjDYv+j`BsavF zI9Kj~m0!(mjg{AKjaB|pBoS{=w)DCpo=pYN=SXrUCGSdQx?#mHNzJP?SbcFd3|iK0 z%bPd#Y(^=u3hE!2$yB<$Pm?X3CkS0=yJR}-o*Atm5|=-AHFD;ArrGhDb=>$2)SM(69QN7WP~e4=?2GQfs!;t>Ha$;^0C0iZprH*MHLku zl5XQ8{XU0}va{r0Y+7Z)|vt}~jAe08`y^=D&$;W{vw zOufa)a_YlH=!Z+_ji=uHB$!TTC&3ae=4dvV%!BE~n@*M!XFByyCd*(s-9wKuAXUU~ zHFM_cf`r{CKz7vcc4~|bJlYInf)AOFBH~CQR zv9Qb4>%>F_=m;t6y)5mR+Coy5!b(=+bAqK}VSwpw1R9;IfGivfcOy-#q^d12r~*?S zrd@)vkvvbxP7CD%$^XkAhNzI7F$r}~jLBJFk&vn3k$f;oix<21K(UyIu?R|p4^D=- zHE!}2k%u~%ek@qU+656V+)Uc^HzX*IdnJ&D*oloF+F%Hlq zn9i09C-9v4(m!$h>BMuN8#Z1p~K-A^i^SoL;$R3PbpG~f>+d#`phUXE)n>zFJV#(e8?_n%+w(tab zF;ERbz*-&^)~P&N$-lGim0U%d*sCFENzwpSJR3qV@NX)vjwb--&^g*4nQ;({du`kj zQYSsBvX?Cgt==Is!4NzKzIK9?sqo zJpw#+j|vs3>4AOtw+q{bd?TG&0g3-tWy0eAzIP>-_--WEAk$+Z$hM0icg$j*8$sLv zSH9b@*wT51P)swCp3_2MHO4Br4ODPdm6h}AmFTL|;$ie7`Oohzk3e!8909aR=*?IUL>)fZ^oZy3GgQW+*4Q&B73?%(5ypXn%?Yq4(zjXJRA( zFsRmxQet_D*?24QvHE;q`zXvxORg%$JOX8btrzURBN^pPRb)pXIM#9-=P{6s-eU%3 zNg{p=m*nT;B769dDTO4<1vDX}KChxGw$wf;G&*B4Q{*6SJ-7 zwu`I_9QU}tT8p86y9{_Nl7^?UZKO2YyJ`5kgwdAo<9Dh*@9GH((QPYkkPnNX=YA&6 zMv-k2LUel{lb~a;IJSPD`@^-AT9(U0uaY{hs7@sfrpQU?#1eBP8KRfk`%IR&AATCl zHBG+gD)k}r@?vt_nfdQY0cHcS7I+JPJan{bldx{v*+Fg0olWqhA}p$nU|lW8fl zq19UuWq2d$E0B(9d0B2YoAKbvLJiI%Dml!J?wpp`_TUlDd+ku{*TD_i4NeCt3&h}P zkciAHo86G-?LXe^hWXdu{$(iU60LySZ1WkU{0Yn^qepflT2yQ_pyfcevYrjRpV(l_ z)-dHh{rWSc{Gyn0;3y=N0NylDlU{nLD!UVZX1|?wd zJ=&0THz?K{1ay-uGw}5F+4sW*rBHG$A!PJ5(yma{HbM zKr~=4+vnz}wCbLALj!STPjU9{*TFJ-!4&Pm>129xr2abRsmDc-)ZldR1Ak`kdz@_` z4c3FB0e^i@Z^wUllc7}ptv|rU>lJt1%i+U{IH0IgtKu^6KuTd`OWDX(&END5s^aox zyXvWJ0kkP%MCMy5Uo#g2%i(I7h&a5Au2Pi!Qb{PQxZY(^qcO_4fb@WY&IQuOKs&9M z4Y76xuzulo8mjtGI}=NXXuG26ezbL{Y6753*|ps9)D3;On9iJK5RBcq=Ld6d>HAJF z_dVytTTZ7FA345@&@yy`!1Y|uhvCBYoTU>~6SP&R%A@R3O!&@jy61E*POns55adA= z#jRP&WHQe}ATy52a7`J$FRrxMmPLzWFbcC9E}g~B=OLfDVAp<+@GXi_mJOLji21*G z^6+gk6f~%FGyca&Rku<0Qhn$3>(*)+&Pbi^*O;=Ly?6z%duFwMQJulJnnBChNHNn<)<&&&Z$y{wibR|FUS)mfj z{jN_5w6Z!CvQ}#|D|Mg-%7d;;h4h|Rr9M*kwkFF!YdUf7>yf9lZ`MEaMEwogrw*v6 z?pe<3U(q~E7`o`4vf)02RU}o7(;JP8jKJ>9Mb1eWgrOTw182TiF6ZNU;LidyUXEvz z>0*wM{UeRqB`T|(%2{$%RGnyVcKK}y|B7tp$Hl~)JI{5G#iByJLGe}9AH zP-UlKutq`gZNI5rwr_Pbb?_vvJAiGXR(@+V>CdX(fR@nj0JebF<2FQ>spGlAEhN6? z-taJv%%@FgCN-sP6uPhaW;dafpE_aP6sD1@Zh(jfsDr2YP#im6X$z8 z_^sqQQ8-m7e+G_4M%2u5wOf#yn~F9Aw3@go7XXEsndcW%N6D38&XdDY0uqvJBf)QE z{X7YU6p~y93XCK0jm!-ve5{n;nAg&QGRcJEAl)VMf|Qi3Ms7H3$d z8-np}LBgFtu4Yj?)|U?lEO8`ds7khJ%ZvJ^m+tSHq%zMX%i!@F@vIYvjeWBv(YjUx6N|j*jW9Z9 zJmPToq&u=^JCa1$vK@()Xiarw?*gGD;KXapgBj-{F&l%b>WsjZxD2hU0Pk4ccSqv? zSL`3x=a=vJbiaG^?DE|R2uq*+AZ`8xzK;O}*XNg|tcNQ^i=E2T)Uy5a=JiYdmG5iq zP^qa?6s9Xg_pRI_=b~2MaIOePe~H!e0a&JFBlPDYr!oJ+-3adrfbaMvL-h=mbRy{M zOR*;zAXmt0&9h(}f4@sOU_J>vd6Lwx*bs%1;VA8_xW1nAKkmY?t%~w_X*~nfIQbqv zSjEwC$7H34s(R!I+p}vF{FWOhvnTt=g;4HX%Ilg?s&_J_nRanmikQ&3q%Np8Nrav< z=DLu~_3)^~YmYz<@2KFp8X0HGzH9VI)EI;1_PyU_$#=aSv`l1g4UJ@q)B81IbFL>( zl>iHEN?EowC@in1T~{JJ%dmy@IZ}`EW;_-mRGIf>j`kw}1rVGmriDW3#G`s*=seq{ zMqtN1*r=m(ur%Z$@Rgx_rc$dFW2prViC48r2-0mVQjSVUrKfKM1U}89RSE-iiBil% zCrBLXZ;?3f@)OS{L7(4t);5YIBW3K z#M_LVk>_}>Gk3>%eybToCtp7K^nk=W@d_LbxnK%VGIEy0i8n4zg1FyyNFCiFmaeJL^(K+ugxJ(I~$b&B) z%jZ?Z)6vJuMLODq_m9JI9A`Qn^Zz@JWB%V6PiJ4aV{hs^{>=5yGSRTt`xpVpd0{{U3|E{YNKLEl60DXI^D*ylh literal 0 HcmV?d00001 diff --git a/stable/traefik/12.0.18/crds/ingressroute.yaml b/stable/traefik/12.0.18/crds/ingressroute.yaml new file mode 100644 index 00000000000..3391ba532a4 --- /dev/null +++ b/stable/traefik/12.0.18/crds/ingressroute.yaml @@ -0,0 +1,198 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: ingressroutes.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRoute + listKind: IngressRouteList + plural: ingressroutes + singular: ingressroute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRoute is an Ingress CRD specification. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteSpec is a specification for a IngressRouteSpec + resource. + properties: + entryPoints: + items: + type: string + type: array + routes: + items: + description: Route contains the set of routes. + properties: + kind: + enum: + - Rule + type: string + match: + type: string + middlewares: + items: + description: MiddlewareRef is a ref to the Middleware resources. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: array + priority: + type: integer + services: + items: + description: Service defines an upstream to proxy traffic. + properties: + kind: + enum: + - Service + - TraefikService + type: string + name: + description: Name is a reference to a Kubernetes Service + object (for a load-balancer of servers), or to a TraefikService + object (service load-balancer, mirroring, etc). The + differentiation between the two is specified in the + Kind field. + type: string + namespace: + type: string + passHostHeader: + type: boolean + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding holds configuration for + the forward of the response. + properties: + flushInterval: + type: string + type: object + scheme: + type: string + serversTransport: + type: string + sticky: + description: Sticky holds the sticky configuration. + properties: + cookie: + description: Cookie holds the sticky configuration + based on cookie. + properties: + httpOnly: + type: boolean + name: + type: string + sameSite: + type: string + secure: + type: boolean + type: object + type: object + strategy: + type: string + weight: + description: Weight should only be specified when Name + references a TraefikService object (and to be precise, + one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + required: + - kind + - match + type: object + type: array + tls: + description: "TLS contains the TLS certificates configuration of the + routes. To enable Let's Encrypt, use an empty TLS struct, e.g. in + YAML: \n \t tls: {} # inline format \n \t tls: \t secretName: + # block format" + properties: + certResolver: + type: string + domains: + items: + description: Domain holds a domain name with SANs. + properties: + main: + type: string + sans: + items: + type: string + type: array + type: object + type: array + options: + description: Options is a reference to a TLSOption, that specifies + the parameters of the TLS connection. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: Store is a reference to a TLSStore, that specifies + the parameters of the TLS store. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/stable/traefik/12.0.18/crds/ingressroutetcp.yaml b/stable/traefik/12.0.18/crds/ingressroutetcp.yaml new file mode 100644 index 00000000000..67e099b47da --- /dev/null +++ b/stable/traefik/12.0.18/crds/ingressroutetcp.yaml @@ -0,0 +1,160 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: ingressroutetcps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRouteTCP + listKind: IngressRouteTCPList + plural: ingressroutetcps + singular: ingressroutetcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteTCP is an Ingress CRD specification. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteTCPSpec is a specification for a IngressRouteTCPSpec + resource. + properties: + entryPoints: + items: + type: string + type: array + routes: + items: + description: RouteTCP contains the set of routes. + properties: + match: + type: string + middlewares: + description: Middlewares contains references to MiddlewareTCP + resources. + items: + description: ObjectReference is a generic reference to a Traefik + resource. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: array + services: + items: + description: ServiceTCP defines an upstream to proxy traffic. + properties: + name: + type: string + namespace: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + proxyProtocol: + description: ProxyProtocol holds the ProxyProtocol configuration. + properties: + version: + type: integer + type: object + terminationDelay: + type: integer + weight: + type: integer + required: + - name + - port + type: object + type: array + required: + - match + type: object + type: array + tls: + description: "TLSTCP contains the TLS certificates configuration of + the routes. To enable Let's Encrypt, use an empty TLS struct, e.g. + in YAML: \n \t tls: {} # inline format \n \t tls: \t secretName: + # block format" + properties: + certResolver: + type: string + domains: + items: + description: Domain holds a domain name with SANs. + properties: + main: + type: string + sans: + items: + type: string + type: array + type: object + type: array + options: + description: Options is a reference to a TLSOption, that specifies + the parameters of the TLS connection. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + passthrough: + type: boolean + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: Store is a reference to a TLSStore, that specifies + the parameters of the TLS store. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/stable/traefik/12.0.18/crds/ingressrouteudp.yaml b/stable/traefik/12.0.18/crds/ingressrouteudp.yaml new file mode 100644 index 00000000000..910acd6c270 --- /dev/null +++ b/stable/traefik/12.0.18/crds/ingressrouteudp.yaml @@ -0,0 +1,84 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: ingressrouteudps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRouteUDP + listKind: IngressRouteUDPList + plural: ingressrouteudps + singular: ingressrouteudp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteUDP is an Ingress CRD specification. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteUDPSpec is a specification for a IngressRouteUDPSpec + resource. + properties: + entryPoints: + items: + type: string + type: array + routes: + items: + description: RouteUDP contains the set of routes. + properties: + services: + items: + description: ServiceUDP defines an upstream to proxy traffic. + properties: + name: + type: string + namespace: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + weight: + type: integer + required: + - name + - port + type: object + type: array + type: object + type: array + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/stable/traefik/12.0.18/crds/middlewares.yaml b/stable/traefik/12.0.18/crds/middlewares.yaml new file mode 100644 index 00000000000..1770587a327 --- /dev/null +++ b/stable/traefik/12.0.18/crds/middlewares.yaml @@ -0,0 +1,563 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: middlewares.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: Middleware + listKind: MiddlewareList + plural: middlewares + singular: middleware + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Middleware is a specification for a Middleware resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MiddlewareSpec holds the Middleware configuration. + properties: + addPrefix: + description: AddPrefix holds the AddPrefix configuration. + properties: + prefix: + type: string + type: object + basicAuth: + description: BasicAuth holds the HTTP basic authentication configuration. + properties: + headerField: + type: string + realm: + type: string + removeHeader: + type: boolean + secret: + type: string + type: object + buffering: + description: Buffering holds the request/response buffering configuration. + properties: + maxRequestBodyBytes: + format: int64 + type: integer + maxResponseBodyBytes: + format: int64 + type: integer + memRequestBodyBytes: + format: int64 + type: integer + memResponseBodyBytes: + format: int64 + type: integer + retryExpression: + type: string + type: object + chain: + description: Chain holds a chain of middlewares. + properties: + middlewares: + items: + description: MiddlewareRef is a ref to the Middleware resources. + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + type: array + type: object + circuitBreaker: + description: CircuitBreaker holds the circuit breaker configuration. + properties: + expression: + type: string + type: object + compress: + description: Compress holds the compress configuration. + properties: + excludedContentTypes: + items: + type: string + type: array + type: object + contentType: + description: ContentType middleware - or rather its unique `autoDetect` + option - specifies whether to let the `Content-Type` header, if + it has not been set by the backend, be automatically set to a value + derived from the contents of the response. As a proxy, the default + behavior should be to leave the header alone, regardless of what + the backend did with it. However, the historic default was to always + auto-detect and set the header if it was nil, and it is going to + be kept that way in order to support users currently relying on + it. This middleware exists to enable the correct behavior until + at least the default one can be changed in a future version. + properties: + autoDetect: + type: boolean + type: object + digestAuth: + description: DigestAuth holds the Digest HTTP authentication configuration. + properties: + headerField: + type: string + realm: + type: string + removeHeader: + type: boolean + secret: + type: string + type: object + errors: + description: ErrorPage holds the custom error page configuration. + properties: + query: + type: string + service: + description: Service defines an upstream to proxy traffic. + properties: + kind: + enum: + - Service + - TraefikService + type: string + name: + description: Name is a reference to a Kubernetes Service object + (for a load-balancer of servers), or to a TraefikService + object (service load-balancer, mirroring, etc). The differentiation + between the two is specified in the Kind field. + type: string + namespace: + type: string + passHostHeader: + type: boolean + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding holds configuration for the + forward of the response. + properties: + flushInterval: + type: string + type: object + scheme: + type: string + serversTransport: + type: string + sticky: + description: Sticky holds the sticky configuration. + properties: + cookie: + description: Cookie holds the sticky configuration based + on cookie. + properties: + httpOnly: + type: boolean + name: + type: string + sameSite: + type: string + secure: + type: boolean + type: object + type: object + strategy: + type: string + weight: + description: Weight should only be specified when Name references + a TraefikService object (and to be precise, one that embeds + a Weighted Round Robin). + type: integer + required: + - name + type: object + status: + items: + type: string + type: array + type: object + forwardAuth: + description: ForwardAuth holds the http forward authentication configuration. + properties: + address: + type: string + authRequestHeaders: + items: + type: string + type: array + authResponseHeaders: + items: + type: string + type: array + authResponseHeadersRegex: + type: string + tls: + description: ClientTLS holds TLS specific configurations as client. + properties: + caOptional: + type: boolean + caSecret: + type: string + certSecret: + type: string + insecureSkipVerify: + type: boolean + type: object + trustForwardHeader: + type: boolean + type: object + headers: + description: Headers holds the custom header configuration. + properties: + accessControlAllowCredentials: + description: AccessControlAllowCredentials is only valid if true. + false is ignored. + type: boolean + accessControlAllowHeaders: + description: AccessControlAllowHeaders must be used in response + to a preflight request with Access-Control-Request-Headers set. + items: + type: string + type: array + accessControlAllowMethods: + description: AccessControlAllowMethods must be used in response + to a preflight request with Access-Control-Request-Method set. + items: + type: string + type: array + accessControlAllowOriginList: + description: AccessControlAllowOriginList is a list of allowable + origins. Can also be a wildcard origin "*". + items: + type: string + type: array + accessControlAllowOriginListRegex: + description: AccessControlAllowOriginListRegex is a list of allowable + origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/). + items: + type: string + type: array + accessControlExposeHeaders: + description: AccessControlExposeHeaders sets valid headers for + the response. + items: + type: string + type: array + accessControlMaxAge: + description: AccessControlMaxAge sets the time that a preflight + request may be cached. + format: int64 + type: integer + addVaryHeader: + description: AddVaryHeader controls if the Vary header is automatically + added/updated when the AccessControlAllowOriginList is set. + type: boolean + allowedHosts: + items: + type: string + type: array + browserXssFilter: + type: boolean + contentSecurityPolicy: + type: string + contentTypeNosniff: + type: boolean + customBrowserXSSValue: + type: string + customFrameOptionsValue: + type: string + customRequestHeaders: + additionalProperties: + type: string + type: object + customResponseHeaders: + additionalProperties: + type: string + type: object + featurePolicy: + type: string + forceSTSHeader: + type: boolean + frameDeny: + type: boolean + hostsProxyHeaders: + items: + type: string + type: array + isDevelopment: + type: boolean + publicKey: + type: string + referrerPolicy: + type: string + sslForceHost: + description: 'Deprecated: use RedirectRegex instead.' + type: boolean + sslHost: + description: 'Deprecated: use RedirectRegex instead.' + type: string + sslProxyHeaders: + additionalProperties: + type: string + type: object + sslRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + sslTemporaryRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + stsIncludeSubdomains: + type: boolean + stsPreload: + type: boolean + stsSeconds: + format: int64 + type: integer + type: object + inFlightReq: + description: InFlightReq limits the number of requests being processed + and served concurrently. + properties: + amount: + format: int64 + type: integer + sourceCriterion: + description: SourceCriterion defines what criterion is used to + group requests as originating from a common source. If none + are set, the default is to use the request's remote address + field. All fields are mutually exclusive. + properties: + ipStrategy: + description: IPStrategy holds the ip strategy configuration. + properties: + depth: + type: integer + excludedIPs: + items: + type: string + type: array + type: object + requestHeaderName: + type: string + requestHost: + type: boolean + type: object + type: object + ipWhiteList: + description: IPWhiteList holds the ip white list configuration. + properties: + ipStrategy: + description: IPStrategy holds the ip strategy configuration. + properties: + depth: + type: integer + excludedIPs: + items: + type: string + type: array + type: object + sourceRange: + items: + type: string + type: array + type: object + passTLSClientCert: + description: PassTLSClientCert holds the TLS client cert headers configuration. + properties: + info: + description: TLSClientCertificateInfo holds the client TLS certificate + info configuration. + properties: + issuer: + description: TLSCLientCertificateDNInfo holds the client TLS + certificate distinguished name info configuration. cf https://tools.ietf.org/html/rfc3739 + properties: + commonName: + type: boolean + country: + type: boolean + domainComponent: + type: boolean + locality: + type: boolean + organization: + type: boolean + province: + type: boolean + serialNumber: + type: boolean + type: object + notAfter: + type: boolean + notBefore: + type: boolean + sans: + type: boolean + serialNumber: + type: boolean + subject: + description: TLSCLientCertificateDNInfo holds the client TLS + certificate distinguished name info configuration. cf https://tools.ietf.org/html/rfc3739 + properties: + commonName: + type: boolean + country: + type: boolean + domainComponent: + type: boolean + locality: + type: boolean + organization: + type: boolean + province: + type: boolean + serialNumber: + type: boolean + type: object + type: object + pem: + type: boolean + type: object + plugin: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + type: object + rateLimit: + description: RateLimit holds the rate limiting configuration for a + given router. + properties: + average: + format: int64 + type: integer + burst: + format: int64 + type: integer + period: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + sourceCriterion: + description: SourceCriterion defines what criterion is used to + group requests as originating from a common source. If none + are set, the default is to use the request's remote address + field. All fields are mutually exclusive. + properties: + ipStrategy: + description: IPStrategy holds the ip strategy configuration. + properties: + depth: + type: integer + excludedIPs: + items: + type: string + type: array + type: object + requestHeaderName: + type: string + requestHost: + type: boolean + type: object + type: object + redirectRegex: + description: RedirectRegex holds the redirection configuration. + properties: + permanent: + type: boolean + regex: + type: string + replacement: + type: string + type: object + redirectScheme: + description: RedirectScheme holds the scheme redirection configuration. + properties: + permanent: + type: boolean + port: + type: string + scheme: + type: string + type: object + replacePath: + description: ReplacePath holds the ReplacePath configuration. + properties: + path: + type: string + type: object + replacePathRegex: + description: ReplacePathRegex holds the ReplacePathRegex configuration. + properties: + regex: + type: string + replacement: + type: string + type: object + retry: + description: Retry holds the retry configuration. + properties: + attempts: + type: integer + initialInterval: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + stripPrefix: + description: StripPrefix holds the StripPrefix configuration. + properties: + forceSlash: + type: boolean + prefixes: + items: + type: string + type: array + type: object + stripPrefixRegex: + description: StripPrefixRegex holds the StripPrefixRegex configuration. + properties: + regex: + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/stable/traefik/12.0.18/crds/middlewarestcp.yaml b/stable/traefik/12.0.18/crds/middlewarestcp.yaml new file mode 100644 index 00000000000..f0d1d5640bd --- /dev/null +++ b/stable/traefik/12.0.18/crds/middlewarestcp.yaml @@ -0,0 +1,59 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: middlewaretcps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: MiddlewareTCP + listKind: MiddlewareTCPList + plural: middlewaretcps + singular: middlewaretcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: MiddlewareTCP is a specification for a MiddlewareTCP resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MiddlewareTCPSpec holds the MiddlewareTCP configuration. + properties: + ipWhiteList: + description: TCPIPWhiteList holds the TCP ip white list configuration. + properties: + sourceRange: + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/stable/traefik/12.0.18/crds/serverstransports.yaml b/stable/traefik/12.0.18/crds/serverstransports.yaml new file mode 100644 index 00000000000..78241697d1a --- /dev/null +++ b/stable/traefik/12.0.18/crds/serverstransports.yaml @@ -0,0 +1,101 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: serverstransports.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: ServersTransport + listKind: ServersTransportList + plural: serverstransports + singular: serverstransport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ServersTransport is a specification for a ServersTransport resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServersTransportSpec options to configure communication between + Traefik and the servers. + properties: + certificatesSecrets: + description: Certificates for mTLS. + items: + type: string + type: array + disableHTTP2: + description: Disable HTTP/2 for connections with backend servers. + type: boolean + forwardingTimeouts: + description: Timeouts for requests forwarded to the backend servers. + properties: + dialTimeout: + anyOf: + - type: integer + - type: string + description: The amount of time to wait until a connection to + a backend server can be established. If zero, no timeout exists. + x-kubernetes-int-or-string: true + idleConnTimeout: + anyOf: + - type: integer + - type: string + description: The maximum period for which an idle HTTP keep-alive + connection will remain open before closing itself. + x-kubernetes-int-or-string: true + responseHeaderTimeout: + anyOf: + - type: integer + - type: string + description: The amount of time to wait for a server's response + headers after fully writing the request (including its body, + if any). If zero, no timeout exists. + x-kubernetes-int-or-string: true + type: object + insecureSkipVerify: + description: Disable SSL certificate verification. + type: boolean + maxIdleConnsPerHost: + description: If non-zero, controls the maximum idle (keep-alive) to + keep per-host. If zero, DefaultMaxIdleConnsPerHost is used. + type: integer + rootCAsSecrets: + description: Add cert file for self-signed certificate. + items: + type: string + type: array + serverName: + description: ServerName used to contact the server. + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/stable/traefik/12.0.18/crds/tlsoptions.yaml b/stable/traefik/12.0.18/crds/tlsoptions.yaml new file mode 100644 index 00000000000..c901ac2df5e --- /dev/null +++ b/stable/traefik/12.0.18/crds/tlsoptions.yaml @@ -0,0 +1,87 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: tlsoptions.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TLSOption + listKind: TLSOptionList + plural: tlsoptions + singular: tlsoption + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: TLSOption is a specification for a TLSOption resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSOptionSpec configures TLS for an entry point. + properties: + cipherSuites: + items: + type: string + type: array + clientAuth: + description: ClientAuth defines the parameters of the client authentication + part of the TLS connection, if any. + properties: + clientAuthType: + description: ClientAuthType defines the client authentication + type to apply. + enum: + - NoClientCert + - RequestClientCert + - VerifyClientCertIfGiven + - RequireAndVerifyClientCert + type: string + secretNames: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + items: + type: string + type: array + type: object + curvePreferences: + items: + type: string + type: array + maxVersion: + type: string + minVersion: + type: string + preferServerCipherSuites: + type: boolean + sniStrict: + type: boolean + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/stable/traefik/12.0.18/crds/tlsstores.yaml b/stable/traefik/12.0.18/crds/tlsstores.yaml new file mode 100644 index 00000000000..7bb6193b026 --- /dev/null +++ b/stable/traefik/12.0.18/crds/tlsstores.yaml @@ -0,0 +1,64 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: tlsstores.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TLSStore + listKind: TLSStoreList + plural: tlsstores + singular: tlsstore + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: TLSStore is a specification for a TLSStore resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSStoreSpec configures a TLSStore resource. + properties: + defaultCertificate: + description: DefaultCertificate holds a secret name for the TLSOption + resource. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + required: + - defaultCertificate + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/stable/traefik/12.0.18/crds/traefikservices.yaml b/stable/traefik/12.0.18/crds/traefikservices.yaml new file mode 100644 index 00000000000..1d98c25d68d --- /dev/null +++ b/stable/traefik/12.0.18/crds/traefikservices.yaml @@ -0,0 +1,270 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: traefikservices.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TraefikService + listKind: TraefikServiceList + plural: traefikservices + singular: traefikservice + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: TraefikService is the specification for a service (that an IngressRoute + refers to) that is usually not a terminal service (i.e. not a pod of servers), + as opposed to a Kubernetes Service. That is to say, it usually refers to + other (children) services, which themselves can be TraefikServices or Services. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServiceSpec defines whether a TraefikService is a load-balancer + of services or a mirroring service. + properties: + mirroring: + description: Mirroring defines a mirroring service, which is composed + of a main load-balancer, and a list of mirrors. + properties: + kind: + enum: + - Service + - TraefikService + type: string + maxBodySize: + format: int64 + type: integer + mirrors: + items: + description: MirrorService defines one of the mirrors of a Mirroring + service. + properties: + kind: + enum: + - Service + - TraefikService + type: string + name: + description: Name is a reference to a Kubernetes Service + object (for a load-balancer of servers), or to a TraefikService + object (service load-balancer, mirroring, etc). The differentiation + between the two is specified in the Kind field. + type: string + namespace: + type: string + passHostHeader: + type: boolean + percent: + type: integer + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding holds configuration for + the forward of the response. + properties: + flushInterval: + type: string + type: object + scheme: + type: string + serversTransport: + type: string + sticky: + description: Sticky holds the sticky configuration. + properties: + cookie: + description: Cookie holds the sticky configuration based + on cookie. + properties: + httpOnly: + type: boolean + name: + type: string + sameSite: + type: string + secure: + type: boolean + type: object + type: object + strategy: + type: string + weight: + description: Weight should only be specified when Name references + a TraefikService object (and to be precise, one that embeds + a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + name: + description: Name is a reference to a Kubernetes Service object + (for a load-balancer of servers), or to a TraefikService object + (service load-balancer, mirroring, etc). The differentiation + between the two is specified in the Kind field. + type: string + namespace: + type: string + passHostHeader: + type: boolean + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding holds configuration for the forward + of the response. + properties: + flushInterval: + type: string + type: object + scheme: + type: string + serversTransport: + type: string + sticky: + description: Sticky holds the sticky configuration. + properties: + cookie: + description: Cookie holds the sticky configuration based on + cookie. + properties: + httpOnly: + type: boolean + name: + type: string + sameSite: + type: string + secure: + type: boolean + type: object + type: object + strategy: + type: string + weight: + description: Weight should only be specified when Name references + a TraefikService object (and to be precise, one that embeds + a Weighted Round Robin). + type: integer + required: + - name + type: object + weighted: + description: WeightedRoundRobin defines a load-balancer of services. + properties: + services: + items: + description: Service defines an upstream to proxy traffic. + properties: + kind: + enum: + - Service + - TraefikService + type: string + name: + description: Name is a reference to a Kubernetes Service + object (for a load-balancer of servers), or to a TraefikService + object (service load-balancer, mirroring, etc). The differentiation + between the two is specified in the Kind field. + type: string + namespace: + type: string + passHostHeader: + type: boolean + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding holds configuration for + the forward of the response. + properties: + flushInterval: + type: string + type: object + scheme: + type: string + serversTransport: + type: string + sticky: + description: Sticky holds the sticky configuration. + properties: + cookie: + description: Cookie holds the sticky configuration based + on cookie. + properties: + httpOnly: + type: boolean + name: + type: string + sameSite: + type: string + secure: + type: boolean + type: object + type: object + strategy: + type: string + weight: + description: Weight should only be specified when Name references + a TraefikService object (and to be precise, one that embeds + a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + sticky: + description: Sticky holds the sticky configuration. + properties: + cookie: + description: Cookie holds the sticky configuration based on + cookie. + properties: + httpOnly: + type: boolean + name: + type: string + sameSite: + type: string + secure: + type: boolean + type: object + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/stable/traefik/12.0.18/icon.png b/stable/traefik/12.0.18/icon.png new file mode 100644 index 0000000000000000000000000000000000000000..5d807a7e5d93664dafc3a0b38f067464514972e8 GIT binary patch literal 20293 zcmd42byOU|_a}-oI0FQi!QI{6osa~AGq}6ETX1&`?gV#-1P|^Wf;$9zldtV>-`U^p zp7+(;%WD|Nf3x++plMHUU25E%*z3Qb;4N&|8o{d)iqAm?hWnq0^Q$w5xr z8B)La_kfn5%kqGNg1@rV)N;{MRuTZ)+p-v$*c+R&c-T5XsG*>QL_Hjgz}BWNAY)T= zOFLnT^Nt=0kfn(*#V2lMHf0A%QwvKuFDKLYUMiYkFKaNr35BQ#NXSC~!ob$l#R%kK zYh&ju;2})$555AB^54g-6rg{QxL6BQi2oG`(o$9fN!mM^f_Pcjn89ppY#?5K7Isc< zUNFBY6NrP2gPoO)mzAB1nT<_=lV5aiJ5?gl+3?`LGFYpEL>b11Xx+! z-Q8K-Ia%zT%vss_`T1GdI9NG2m?0F*&YpHIMjp&|&XoV=AZ6+dcCvJEv9z}X{pDz6 zZ13tKOaX!VPaSL>{=?SJ`CoQ|Sd7)f$bpreh3&6S{~$C0|A)@O)yd``!cD-erZ%Rw zrgkpQ5L)*C&^lPyyVyHh*#9@I|5N=x34qvES@}OQ{+C#6ZT};}*+tq7qQ<`r^1q~Z z*7S5RWz{fsws&;`n@YPuU{e0o#z8>R$<)Zj-bvHm-saz)Qu{Y#5C;bfH;C?&rJaer zyEFZNX<#a4>SMOT$*gW0_^Mp?EK7ZJOXTN|0GqmH?cJH{BKCPc>X6+ zNX(cRxfuN)iA}%)X7*0DMi7N9ZH>%LSsm=mDM0@*qkyEnjlB~@Fa#ave|;`5DXHdU zZ)Rx&sc_bil>o_0OY*Su^YAcpu(1CFuClU#yq&X)ksa7nUP_n(VjLDrOA`S;9(EIU zQ%F3SaB%T4bDD4&G4pXl^yD|?<>4^mVdv%JH2HUXDSNQ%-w^oQ{-52!#2yUc@ju`h zakFvrahigejf{9WnR(f`Oqq?0&3KqiIoM6O*tpp_czHSg%}v$G64E1$Z2l|Pzo<+g z9KqZi{OrbH9%gPZ7eBKp4;Lr1G1wI13^raq9yTL(PIi8_zhVE6ND`23XuBZ=#&e3%koIMfLiDi&isM7lu_Tn( zp^d}Q5n}ofz{|s3av#qtPfwfY%>4YbJ1X_GJ3hNUp1lZ7dD;n@PIg^)ab95uuV(x$7IFJAPng~$D@{kR5OFQiCf9j5Wr*jt`18J z-34ZSFvtRdW8~sbN8qWLXdUbl(h0m9^l=1yaoqN8Wp1VzIvPqVst1Py|3xyv9T81U z)p3CE;Ja2le0Ug8m5us7d-|0{09QP$#$ff#Pi9yyAc~{(z9Y?WpkUx8tUGiI%q#iE zb>~-__%=tL3*O%2NS!Z8XK-imXEeA22!=7O4P>khgUs_3I}0|@b%cDdd~sT%X`k+H z1Ktq2k=Oi*zdwYO(8LE{OK*{+9KH;u9Ge+CCSyERIcqN~Mzm#Hb~e}w_nOP^)NF?K zat8FkZRjqGK>N6;nC6W9gyRqth0jG10(4@u9>vGq5-*iJ_i+3%+*~nvDGQMbty?o@=TM$;8YLQ3&mU z>w>(Rdl`ti$@8U%FbsL0fgy?8kPlJh>y3z@G?V{^xhjjT1nLa+3GyrEusJV zb@?fkL1d)aHO2XZmuqY^!CCl5&Q^+18D2=pbhs4ZEPsqfh{g_mXlkO1NZbOUEvkls zD*df6`QUvBW*&lw*c$coiQ}V8UcgT{Cqp|-2_a?cmu(P0ggT_xkvLg{FIIBv>E}CS zixT`6rr{FMY6sE#P1Hl(Acv&*$^O|nOcdOaYUwRWFk`W^=arzQR{-@^J~A zVUQ>?STg;U6rU(4_cXn)D*_DzbA^ZD{ZwK-dp0P)rHf>-p)R@q-gkVT!w4V7M~(g) z@dN6G&W@wzmzOf6z02od%pGZQOrOuzFXdrj2u^LpV{5v1?IN8@@KP0EEq1wkBR$o?j$=K*CSzq zDPu5h>rTGD?MIR6sjl3!_f}VadT(b(LjV_IB!?rNtU&E{x)OT+#Og|Hj#2N*=!)9? zomPlDQ0dTVi*n!Tv7_eLudKTI%h#_oA($aXe9J@q&FTu!^6Y5+wEsX5)t;8I!9JY1vK%#TEpp^9=RQ4Z=~ ziyKBP#W_LkT*jT8Q;x=|f!yjW$Ri9TEN+L>Yv`h8)p1T8h)d0v8%$4@>cQ(+j^k{{&B2OGRql)86BD946IN4bKjqC zj|8@(#hvKWLdb?^f?m)hRVBxjGL9X}0*EfdS0VDiVgR2ENi*7u(r16;lYbJa zMPMn@#m+x@dUacEw*TB@F>_Bc;^}U0e~x0i`dWaw)5M=@sjtQjb6F+X^A4KN2rw)( zf8EKbqoX4_y}teezj?ojEe$mOgD(c1lVGa1i;KKy^7MoV`%r*F)~FaN{JvchB|`XA zmGZ7BZ%9P)bh|Ku@!m4Umf;@r$SXDe*XYN4G~&^`L`;cnEVw>;g>rWn zS65&1sKVOY`+NU!*L9R)c6YB-=`qIxUoPu;0M)T)cvBA)3^|=3I!^T4{Li1o9qsKK z+fRNS3ts+?N?24_T&HXDUp1|ew`gb%7 zFP7JdLxUT}a|{-Pc=nYCQ+^ENV@;=3S(~TnCt1YL$9J$z#B&i$(F?Y#4v}3BrdrMW zvppV4GVMA)TrYg#@IgPrOzE*dIAUh9S01twJHH__nO;zTX$XQfxXq^#-lgTvt5TFLK z1o#)@(D{9u&xvv1%$X@Fi*P91rCg8Y6e-8R0NmLReRp!W?(=%l@H9Rc8rSxa2e3#i+D4(XkQr)I^x zfiw8%nKUS8N3^04JzBaVnk6$;>(RQ_gI!_JsDz zdluK4P&`Wn1?ccRHkC;!!CeMBDny&TEJ9{iR)hs2KKS zETqXR-&F4n{$K}p!R&;9@L1mtk1L4B_@zDv*y{{B;trspEg=#NNTr6JdNTR!0l6IK zR#DbmHX7v+O>49^CNn0qQ|C)Y`EiHw!#V>-!lJ9z1^aV+i%#f6nB<1u_8LF5BT-(S zb&iyOv3z}fHr4&sl#*P6-ugBtK;*Hg9sSV5+~s5JosgyKk8FM^ZL>25A~{}c+`XBL zWI`bz0X3Bbp~6IEpu!th2857>*4bF`E%|`Ek@tiVq_CEj7lx;U;9Em8n4A0Y$CsIM zju(>%NKBKLikohmoIP&8=Y6kSnPZwHZbfnS{Df_<*BIa7CHpu&AovKL0-zxg=|mB9 z7$Pj`+<07G@rd|tJN?%4R^h$vFR|5KA#ifli+WNO%_|jh!jlx+ec)pjbgMJpSD2-w z@^;y3u5LbHl7PU8$2qJ!1=-8~vk{anqL<12J6(JSCQF1t}HY`FehfR1qwx9FTR;m6Uj8KPkW7~D?wzF$kCjXTBQ((a` zCgfYs(}(L$Dhd#4#XET#8fFVDW^OEEsi9J|HzKhdS@7*StHwj+`i&(m=@ahkMCXl@ znA;%twCDbDb{rMXh(x_gC!lKOLJCS-~}Qb$F{h zA<@ayJXLnr)TG@o8K^k<_$)-qC)i@&-PW5~L^N(Z=}Q>y&B$us&8CsMX@B}zy2SCZ zxCbY`;f?_7OQ13SWiln^2pn4Pon}~ntZkLwV#mei1;Wbf4ecL1*4$ga5BP=s@!_l; zF_qXOSB6@|56AyF1P=dL@k(yc{%qHiLu=pwJ;{H_ z_Bt*3li5IJfIfV~OUd+uWSEW{T7sHWL*<7U3IR@*iAY~?tVX$1y;gB~`B8jrf}k(A z@BO-@`v}ZR-kZ-K`_6=~B!c+APpH@j$bx||rCL-DdZg_)8i}F(b{$v*K6IV8@rvF~ zkiI3qcbI)E1Dsk$NLMGud=mb3ei*ZDq~f`LT!+g#EGIwrdmaR*j>9e_6m#5e(zqJm&RyYM^8Zy3-g?@+3J402j>f&rJ`_T9$Mqk6r6OufPR&!O zv&L3V(^r`L!aG~<#{9zSye_ee*wcnJ| z^CdaE+HbO3kveX+MP<^Jv$C;S5Cz1DhZ-I94(}fUfU=K=BWP&K^Wf_WLRGIelRN25 zvh3x14g}T=Do(D!*;l`Y!<=vhnwcS(@w{JglM)6k~d`Qs-kP++Vw16Z0Pb~nSQ#$pM=&5NP)>%VASsOx%Ksl z*%HOw<*;zEraaO9IIba3jh?HkD`X^!3HQ)F6^2GMYSu`V$L`>;1(_3;%-%>g@+r2L;HGBn!Lq;0yYvo<1X& zr7iD9w-&pMqu|lzK75t7m%Fj?WETmp+uMjuw`d1!|YwwK^@adL3>v%ltZt z10%cAUJXM5t($4J5M~n%PWuWrt6%>PKGH0$t+Tk(o&1M`F;$6*57`kS7I-uU<$ZKy zWsm%Rkw>+y#l#LE_oN@elJA%>?t9%im*+UVPO z&?1Uqah|RIwh1rN^p@3+kK9JgxKL99c8FKsVU_bX?X-z9Y>F`-5f6{XW0j#Ff&>$k zo}ON@hO_%88HDFiLwR7dn*49#XpQ1aiZ7K^kYOno56{liEBQBKD8hj{JVW`w2nmY( zr8YQeQx?>^oel3Jon}|_BK zomzCCdd7^#kfod ztl(fA{XKlRNc}taVOdb{6vGhBh~qj_JhY+N!loVBBQelHb{a!Vh5(qAaxYeK&uT=@Z=$ol}S*`gz*_)iKzo_R< zsE`*Yzu*1F6gDmjRewNnB31HUoOc+(H3q9hdFhs;_Y@!%vx(Jm*Wdq{QUB$J)_Ikv z*7*2vW1wBNGY3Q84Vu;K)S%wf;v|0Z)OsTJlEWLB^dt3sYK={^22S(s#Zm+J+Dp58 zg0aC|-2sL_h+jZ~J}U=v%w zJ9-1B=>6LK3O*^p_;ts+B*1XHANSSgy1MhN!u-9K`=+0_?DHmXPu~YtPx_WG9zquRwHB>l$@H(nk6y1?309&L}nLeyH`h@%%LR z?TEcu@fV|46BWsoxYY1R9M}n4?=bCb<%TL2X~o%GvxH1TA;5AH1gd^v?XRTfcM1wF z<2#CZ4>wi&{=ZTU8tcuIH*_;)pJYe*dH7|G6eIh#q%$2wjelYw6?z;LQo|3u5Cb)O z4e1ScwIZ87Nf@_ObYGaOC1o z>%C}Ei#NP`_ap3{m)kZ#*`D6yMJ|E54F~L}`xq}S#=b=V+hZlXV-^`rH zrD85J_&&ixYkWmLP0X6mG{PPG4eOlybHbLOTCPgs2j3`;_DT-E)S!JXe-45OT~}&odzbke;C|m& zYL5>_bzR1}MOg)H@0>45;>b|x;JwF0dp0a4D3&ZjLsHyf;P>=}4ndHpMpDkk9fdlT zPy5zI>GPP7LzUdWVNVD)5getHQgk&KuiJ<65$j@)`0Y*xTq&Vv{LA0?3~zJq^V=tphXWHC8^ z=i4Q+gPDTW^w!F=-KXr8L;mQ@F)hcBKm%(DTY!rY%|+92E#K3#-1~*g>r1F{LXovj z;8LjL9L_bhRJRnz(QH@MPACTDb0Dy=E)hz{LZORDo|fyQKP}m@_UL#rjWr`jGX+@3 zghYDbV=;4dOp%;Ul*@i2L_6IUKMasVirD$Re_7CyNp;hi#v^?!D!Fk1KvL78HUC&2 zYaiHI_KqC=q15Z$MauX!9u}*~pODf_xE&?W*El60AV7SpEWk9QOX}bRmRh?d!Z$c> z0IC`5XB%$I38C?eLtt!EG@hk`5mQLH1kxAs=}fs`@>g0`Yk5P|b9r=$F8FQ<&6QM* zf&c;%DJ*heNWX+uN`zMVGzC({AabeP2F7xMugktbP%DcfTumZXm4{HGGgD%!$$(sf z8qsg!V?+AzuigTTPcokqzeO>9KPe&R=Zu8i`u;w*Wx}n17Hgg=o)uV|4tLqJ_@OuM z>)DoN*1W5rrOWlhXQOD#>d+yV1mywzx{!Q&BhH=B6J{^O6AdKtx{}_61(QWYI z5e0#w(SS~i1Fe?0taLJhd7xmhZG8P(Ty6b z2<5TB1&;!={5@=f(WR(l&Qc#;#B54VLMr}hJKoZLH};b$KF8no5sSfjTY2bi^|Z(k zpi{8tMh1)*NO#zB>@JqdF&gH01V|cMRt7iKy?n$}tAC{4DSl2YcC}!kf^PZ@ZE$Q) zPLF0z6*fklsnupdz_1wVay&{z2RFSHkg}=B)|3#qO_DqiagOeC(N!R`atb@*4A`Lq zzvHE)`r6uhcm8pr7aD9DRq#E^2IGreZm#h_pxLZeZ|T?0N!YyXxp#R`nn_|Z0k!q^ z0ykDW+!M5v?v%`9Wmqbo8!D%jlZ3;1F#(9H4_}v$xiQ^GV&Uma#0O}-R|tNXKm17g z^WR=iv5Mkx40l>N_=Mn81fT8>{XBRV-F%C^7nmF`iz*CzW8SNgRP!%3li30Xzpo0ESw!I|DCGbHFoO9uNCNlPwLwuwZY$m#eQI?4!q}kg z^a#m}2=)#Z^^fwoD{t0>FVI3Mz4(0|%Vw9eBzx7ccfB0F;ia9VP_K{pIF}*nwlGJ~ zHHbCko!tPwxN(@2*?N3};Qjlz?0N4$)8Kk?9&Ezg_WQJ{r&Z@39no|PN^IiKs6Pt~ zBYd&PrEu<0{J$|K)qT~lC(zKCYTY=T$uFB-O4z(vjPp%BJnJM42F3IALk*DXza-&* zzQYN@-|WGB>%Fl%+9Vk;&c&=?$35PC>Utd<#4e(`^MEE#Oz!Bo)WHKbF`IQ(@4lyh z_cDlte58Db<))2-pTaNUc=9S*j3dOyC%iV6y5q<^7*g`vf`UzoPR2AfX90#(DW`8d z0g=U1dCGlZcJ1yt-rb{{nCnnc4Ij9Kc*VKZ zma_N>Q?Pb{K(zN~>5))L!p~gs{$#x|oa&kxzuwZ}p3%I4RV{ngeRgkp!73FQP4r0e zA`}xP;3{#BJcg}&c%D7cmU1bpiK(y9%x`RWdn3qe(q7aVttN48Rdl%8JIq3U(n2>2 z8%8psknVlVI4U_Ve~!6&Yu5W<?S3B~NgGR|X|*BY}o5>}+bj|3mJrAX;R#Cs>d zM-0&1jn1h}1MYQMW0360JD~$6aMrwZoE5Z`G#h;O0FKhQ#$Iql%i15hPqn(ecb6QS z>r0YlXrJExh(l%xTW(RYtt8*~(_|OXBj0_)l+G|zGPw+u9LCYYKif{c%Bi{|1Apns zeIGQ@6e^s5o$nN*HG%oNJ5oOpl_DravA!IdK*?G>6{W|S@c=)Y!_MT>?*cqZ7 zEK7N(AJX&}Ou=NbM1xrsw*ho1e4}JIFv1u1m{FP-8;OGQ#UfqJ?wn|amH;`n;?K)A ztOx4e@Ns;Mo<-UKJaFOyB!xPgAq4=I| z1=5(PpW{%0=Uo1t)UDc9k^;(-QpOwYIr$XQGIjJdF94zfsJUj1Xa80SgeFCpg*2ndXjN-$g^ZstTm?&Sx`%G}n*@qm@>(o-5_<_=2x%pHIT__No@kuJMV^fVH#;7;3?^%sH9V>I?d(q;~Kl3_&R(L0a-yd z#?k8&0^XiX_}=_k)plN*jNNtenH>B%v__pHNM-bt=a%vfe+ZGOxTA z;Nt3645ln!WpKkgFuicp@H32b%>bq^P1dA)UP*#hirc&FVCtpZDhruzOAN^RF z<$A|K>iY4jtSgAwjo14Fqv>`c8!5lAO1}qPA*=u`Eu1>0ybbm&?yYm6J6Y*dT>Y?r z%v{hHCL}k*BjC=%6PITKP1Dy7Co`))Gci~>(ZO2PUGDjU&M~{)_W_EfCr>Cl-&QJ9 zt?)*tBC0=sXRO^s_R*DT-{M{b@_!@_Cy)JcEjY7IU+EiJqPN>PZZO4guCE^fQoFTj z#BJEnAEumCSXgFUGGR4K`wg;;;*uQ*ktmo>4pGdr`pQqZLwruIg27Ywbyk82rDa!Y zAOJe!D`+~vg^5Oemc0;wQ;CD2oxaXT*o!1un4<^Mc@G$iTdx9y4@>@9- zd%hKGvtn)EM9$2p*E1Fk1eJugx9Gzo=}<@DssKEV{oWCWM$-+krypr`s#I#ecV~C3 zHvs}y_ z{qDcLJ)66oEOk;jgzGOPF!;Q!Fph`5&yvk6@8A2PpiLrKh(30y4Nr5|o>o2wPL>YB z6_(2(4c_Iuo0h|ZEACGq<=7Fec><3jcDEtz(Ek`KZVY+5ulaP*Hx$snN;gf(HAW4O zpn$A2f+z7;o)C$IsNwR(T^#A4Cii!tO9Rq8#?}fXt!d$ z7`9KS{TU6Oet(jg@?Jsd-lOuSe}}Qr-gPq$);ZXfhAi)3u6=nGzl&c|X?1=H)7ym6 z*Ymu#*?RueeKz6lc!uK1w!(4qeWY3V;bpt$RB06IjZbsdgCSY9i*yJNT|0-ibOb4G zS2YO@v31$6eZ%?Adr-P^?WSY1q19ns_3Qz_cJ#=U9Jb+l`{C^aIxN4AS(3cImq%Nd zssP0LaY9^&LZ)QKd1Ak8DxMadRqT5LbNof_YcpXkv%bDNd^U37PCI_O_^``Pf2>K< ze$AgFODUg4fwT*Z+)W35mPP%VCU7`^jla5xR;&GOD}lH3`6~ML+M8GPq<;CHhDI_6 zf448P&v3GMpYy!eBjQ1x+R8@wd#J&-PS>r>E#ja%^CZDA0=ubgcmyi; zvi?UPxG@$U23BH*@i)OOW#na+#HsGpx3@>ckF3XgBzb?#;5yG*aSo`8A*^3$4|xid zO*v0CI!{~tpX@iij>BIM;F)^%j1}%T6=xm$q{KJ)5?I#;FJDSyih|Lw79W=2M!rSE z2LVsF6p3(~4beQdo;r6tRkz#8HmpQ0?$U0xKVwT@SKbCNV2#e7cUsvAw!0xKz8t6d zJt*3B9;wuL-p^B|xk`wratYNG(OoeW4z2}F$Ki$*(-(zCz#I4P0yP>ijKq+~wS=y| z3u?7q;Urqc-}`QNJg*<;S$FMCu)fg_KjrD@9pN9y%mYF;Y!NqQ10rLnR|Jo{uV#7< zqIiA6%tdb}xVX&t%^f+gnRJ!jYXYlY}x{uBe|LYQsnecsDKDkn?VK__z@6WZS84FRF%(7AC2;D_Vc zI3GU?Vb4J4YaTCA@5zcF9h9HPsW)hUGJac%ueH4e5TZ({+LnL+2HQif@*a7Af~?Kw z={D?)1rS?HE;^X0G=+U=B^vu~)`G(ObEfResvxP~@QT5D<4b?^6ljIh<9XaEQ62J? zIQg}{1dayqIQ;f%#_Gs7qzbKn-vn<$G+wyY0kqVO(Sa;8+GRJykdg-VOBC(E`^4Uw zevyHLztWNQ+$a3v;~I2KYCEE0)&uI?KK0dEESNeTOh$-x6j#xQbTX&dBR8noHdI&) z`>hqSHJFRWlyzp-$DOnuzn2tM(M^I4AH>(mj(S8gDfC)doI6k7lbt zwb6ksNg~XJg3aS9%d0#wNV1EHM(oHR2b@;pX~6X_;I0v(u1N5jRR*;Pnnpb10rWIYBVoB)7Ag-n|S8)34t zC|86y$T#W;m$l$?u6q0ZdhoDv(h_pkJ>YUK|pixNRjGq;R0%;v^B`>^03 zEDC&BQL+{$BOnk5C=OjXyVoPsuCZKF(Zq#ZMdf;g)5j9J(iU4+lhe=H6I$de)B~li z29zJN09DcNG_bo7R=KRbG$!FQqN(8S?uk`Aq{2n0sk+rl6&ymz1kfudH}y%GBir8~ z>^&pdief@Kdz3HY=AmQ6L!QW7{ovB_@@{QRSRGCa=Eg;`N_YfgrwiNI#~4jV>Y9jN z;vexffpAikS-=gRrg^c}Etq6m?B7S3zPd-du8YQ(>17nXm<5tj<)Wk^WaEqMp0z-P zZ*a7qEUOP#A(DWkG8>_-o4M2FcRV>`XDS_wppo%J3EJAGBY|)S7m<*&XTJkZc!|Szx3z>va;RxX@ zb;;xSmwT>=etk9P^LCZp4?TPpLn7*sZjs$R@IAmXU;1u6Pew0XzPXSyC*6iupanli zhY*Ek^^5#B@a!oFUPg16EP>4Zy9>Tff=jDG`lyXDRuTq+yaB(Id|x~s8>!W2tUIaZ z+u&^T-))24^T1F>KH1km^kmbzLU})-9V{5er zZadp-C0*e9p9iuQ4Fj|vOCy;MHVR18dd97~6a_fDxl?MzzsA3Dh?vT`^w!Jm6DN@! zm2s#r1RF?sQATLk+gLK*QABq|Jge+2xk=U2Hus0VXEOaf668uW?W%~2#5f;WVlbvGoex@*G9ohdOx;y zdMJ$KhfQOH+y92l2N)vY}cUvt? zbOM7Y3!k^)EAM_Pbk}RmkU5o_s zuy|oImm2othIA~U)JcQt0szB(WO17qQJ0f6QBU_Y5=t)7N;vKvCjsKlxFs5LpF`A0 zjhZf*v@U3##Xk6OI&JoPQ}{@iY0=F_cDSq5%#tXAPjuH5s0e#&e7^3$D~3Y%b5Jl1 z#ZG4&1wLRhl&M3EmU__s^zlA zUaY?^@k!isW`kzIf;0Cv(#5*Tyi(JxaBpJ*v=3AJx~RZOtYDzABti8 z2&5ntw21DT5pgM5O|HZ7j;5B8aohgPqOTb_koiqZcBX)iYFHsi2hr^-x<3;S&yV*N z2a~7aJzk?D5p^Lo1_V+hY5B)#Mzbi!tPM1=waC%3Tf{=6?C%Rb-Qjr(fPmh2(|8QS zl9H9S7qR;{I^^K%rks8)6>2j^NH(DKJ`+P*<5f_Ls{R~=Z{&8y2@uz%eMYfE|qe7%EkC?)jr8TdR;7^M53W2Js1re1ydHo-P z0vlBA>whHLWY&WOt`@}0JWwe}>afzsze(XxM7@+Hphe6ukIpDx@^q5&w|i!T-ev|= z0=+zyLA38^mVH{oH)QsD^zSzB(cGu1LyY_R@xvpI+xLI9r=+)+q`L?T%)~enf#x;q zNrz}7VG)a>92m^zFw+p)X16Vs2pw!ZD{FIlGGK>G^_2G(^Rha`7L7 z$e31C+$95VGLex)Da@2VBVZ5=lN#*3*p#NAzz*S+=wKO%X*3 z|B^61K^;~wVw9(1qWFmr=n1^INbt$JwO@4z=@}UlhpccBo$UNo7xxW7AGL>Jryz3r z0}sdk&zAFuJ=Au*>Nl)u(kD(OICTR4W|FYQk(3w>eS1naq$(F z;@V4?D%ZUFe+v6mwLWy??E$|EdyR}H zkoYG;mM^z$g>|5J&xzMXu&^TC^LBg?)YjW-xH=W8yz!pAAp=|1k(4kp#vvhwMAH&e z7?TBx8!~*=c~`36%K_|9?tKWLig&eX!n^+dbMCSBWIlxM^Uc;C|5vP1sD>r*H%HH- zxK6X@r|i?(BJ$s`?;T0UsetGS@ga0gYDq>+@5T&)#zbT;86MOES&o&VXm`eEjtdvp zKlj&mYx+R1HFQ`8TBoAJrX`|kA`*cbmk44{4V*lT#>qz1&(w=F_qpGg>sygY3Y0)Wa=4% zzx1NcnW3v9w7D!VhMriB7#o0!&_`N{X37QOq`g~fZdw;wQx_g;grV$}9&#y{fmL(K z2B0Wllarv@<&f;LDm37!|Mcx5qA?LM=YvfH9y=Y;SUQaI3>%hjH^Lz9ZDL^)*jh58;k z0}T7%WJfW5QdJd>EoR6&;7$3#c&k)CBMDJpAI%^SbZVp=eqPmv;3-V_?|U8qRVHMD ztcw(O#}!_9TdnRhk~&;}jfp9oHo**ltLD;CNlfL?GW{2YO0IiiR)#&}?vI2_G14j4 zz)zDm1-*t@P+0*@{4t&vvPh9MmgBPDr7u&8oKhJ~Uc)RWe@q$bFZ1z2^@z@d@@bbt zj1>d@=3R*5Nc?yY*(H>e0ok|n15d>TIu={RVLg&%a7;-Vgm@sb)k52jIT9EL^N6h% z@t4Z%fSI-(Y9w8+_fW-!T*b`_CL;r_mljfvCHMC%M7fa4H#^A5iGxvvWfAGy=d%Jp z`%!IZBM*2VI^#d-mJ9Nh7rTkGIbLKdGr$tEa}uuYUg#{gSrbrVu%x-`@u#!+_c^LfWywRd|r8T?!Bcl=z=+y^Ji=cq2 zVD-m0%T*tSRb%rAsoENM30l_sr4$^A6}CNX%opET7`u-T$A z*>Hs>E#-%~ppeby=j{9SZ$)um@I~gjvKCo>oerWj&*baJe(1TAO1q2{n+Hh!?zZe*9dVUqxN> z(_78D-A9-uKgs_C?;^2p@p zA$*aCod+iCubY(6q2Jk9)s?1eRAOz>@Q*vs1$NYy9Ur zbdSYY=sn$c%v`Q58Yd(&DpQ6Vmc<*~bC(E_)yjUF4 z87GO^i2}}H-x`_g7JXYS16o{93Q*sS>Nc)g9aC|)q$2KS?8t8>wc(9XXPfKv(!ROd z8M<%Ml@Fe@HPrY_`V(KG<)Hrfj!Tv1w%l5jH>H1X-F*@H$#^x&(5ap)2mV(xj|T% z3E%0mk}z%v6Rf?tMA5XAq10-)>WIGm0)!FJd6@jqp#3RV`Q{g?TGBDfNxG#*61$U_hF5~pS3AmN53l61#CO0Y zG@ow`rU8)sCfAXr*DQw@QtzRfp^q6>i+c0e&9Iw;N4WzUdKtmPVQg{h6TfQoJ;d=; zjEG05^l`oXI?hAW00e12<-VY(NAt#K%{}d(vY!EXO&L?z#{@6`XBxY>) zPW=WsmhmVDSUSSK;x{l-YgZV-AK88kuwd4A7TXM=fXM1h6f z2+r^f#zvsNI|k~l5rUV+YDd;FGW^F&LY5vI_#$6P7dLLviHa6Gy8ADkYOpfD-dyJx z^#{gdFH&{{I*Ego47C$Sn$aCr z3K9JLUMkBCegakz*kUP`=1|@KU>mue3`k@Fwd+J^Pk%M8ETpr=S?NZSc->&!Utigl zHt^PsRZuFru+bI*eiH)QWNz~OWpCz=*>n~I@eZfom2)v9m=qHiP%4|t!tR2pRScQ~ zFnad+tAy+y_hWFV67H?rYxh3A-NEW#w#88<7jmaj3aEWIM3rA0a?R#%A@+a0&WpSH zl81lrO$>xP_J=t*ySp_Z&-d^H7n7aXIpLtqvDg9b`-;t0i6aZGJ3-i1a)EaRUF?Y@ z)*$fvrTQ<2BJCmF)BMdaGr(4PDIGksCz(P6e+=K%DbNiNtvVkEKM5K~Em;FDmrR2J zUXJ<~38B62bUKOG(Dl^eH`dnp&~;{?Ct0G$-ou{QT`_B4VI!BDaRcm8`QdG3xVuP` z+e8^Zm-Trr)(T49EU5+N!tB*34xsV0j21ZqO2a$?Zr$rt-1Kzz&h3!ma=Uptv3@7R zp&vda<_@6SoP?Zk6)L#VZ1aJ zSHar*X+*!l*zs8IlQ*Ti@CAOGuFQePk!rYl6Y>M5Y`T+6kQH#$ha{NJSad{SE6%8l z-_;Tu!{+4B74lsn?|Exps|_J0P;(Yqr{4l@Lf%4i&FdQ0=jCa0=j-PBz%ru%eO^!C zPioeFIlO)kfesvjN&Q0cF@W9}o$#l6d^iQEU!!7*cwg;lXLx%8y5BG&bSaHzkRuA+ zTwKWN{EN+Cw6r{5CAO9!>xUB0_LrrrSxHzu3_9);PMdhR3zCIsV+tds4`8>3WFOW) zzPtVaI!6>iIw9wo;2=*lSnmoZdOL^Kf1X{WxKd7zTE$=CmNIXTPT0mGdwl+)>%S{3 zXDatqL#Wdau}ye!&S9f*`im`QtmtHs-5939szr5OHD(bxM--g~UkwI~5@>pKoWl~q zR2nDBaxDz!cc18%|E@FJQuHq^tSr6Vv+0p#+E`JbY5*Z(RIgNFo$S}tA^dAKfund8 z0qol2QXe0Dlt4{h2uf`239k1GvG9F`@VC!TE$6!%hzj^vYcChRH+Nqghs(d?6ObOd z-`kt)7xED6KsHlqthl-BCQYcj#+zFB=UlG?+fjGjs^ja8sP14d205IyrExp%M zl+S*c&h$z!RAv@Y>+Oc?QuEM};wn4fX1kg&Dgz6e$t-e%Lk1KY)=#(KnO3my3N6eN zBd2umqndIu3{cO8P8Eyv|1@*w|4cZ39Kcz_Fl<9jjxo%A%n`~p$6PD9@0%i2i{evr zjETASam1W`nxpWUV~Ik}QH~Nxhl&&_%G?&_>+@fHe|i1-e!PBuKb|j+>-$Sm$fIgG zE|rcAH5hoF-Aw4DMmSvpflw-Gt{WW^*Ui?mcZ0c)PxPY8Ai|lA>hpC|9P6`;)g4K* zeZeVe4qNl@!0D%4^sQ>hc1*6mt%@Kva@Oigcc#>9UgJCQggGnh7T^rgj2ur^{%3M4 z(=ma&nKzvKW-{G^>hq{*&D4o2=)BitV7|<@%3^#?d~C_ZPt9y3gogk&ta!X?ns>7+ z%dl5ues$h`ZWbjBvv^#BTMQ_4&MI_92n?_i=X~Xu>DlP<-6JrscWKRx?As{& zB7@{(3l(KD+TBLZpda`ou&u^Z_6nWes2N={1 zVggLZzJ9gP!HLYDDb6&{MuX%uulemyT?n->p_%vT31i6aUGmtiZXV%n(9{MiG25ELbL56=o8-ZB+tCz(90(* zj@)ZEBv=~XJ7?0*I4{sj?v5tCqvJL&*3is=c@-Xs%y0*3%m@GJwkJC;h#@^nj5iJF zE^jU@s}8gkjj`-XnX8Q`J&>^1U>9_QYs94i-@L2BkgTSA=R4^5nZMq8AbRi_|*ewO*`?oPhl*O5nh zn{kNG`hP1@+(zQ0Tg-1$jYO+UuJxFvpR(M&n;hrJ=2Tis*%@D&F?T1` z2h-~Gch}a6P6&nFe1_kU>$t}cmH7z?ei>C~%poQCjh7JxiQOUBCkjf~Q-i0Y2(wBB z!%@C%Q4)F6q$7*2B$YXyV6v_XY`zb!Nh1v7{6Bw4Gk+Q1lanI%kEP6KMTo~oe{?6-U z$>i_Qro3w!=cOC)GAMoG70n!lHip~e$}ez0<|{KzT@^*c82LrJUyr6adpDf?f*oc(5hSH%;6IT-{t(=SC_ zGDwq=>W#N18DFq_-xwIsP6rcMo_fzsKHQ-Gk=fLdU2jw7Fu`ZE;&{7*>UmGB!*OrLsdI2J4Z#w9$YX+6Y0BeOT?QP{J z3X?S^C*zbw#r0u#=<*-`fF`7Suv7XnYIt*F#a%V#BC8#GM)uHl1yNeOoH1rY1Z_(w z2^Sh%z5zh|ESn%pp#r$7dCEQ5v0Q!M-QZ9a@$o%K^Tp=WmM>CUCi0G#JhjU;M}fI4 zgtqsl?dEuz9$#$dU&O5A0&4bhmpKTyL~>i2E>;M^gM!(2RlK{ht~w_+C&DBv37;%= zi9R|=T4~4~J}~>&5OC4dJ0sq?a00H<8%U0?SL@B-2QIh*W<=(NJrr!~VZ+m~k<3Qn z=9Vz??s7ZZIy*1x*2bkb$){kW{QQJ6K7$I3n2ME7F#Bb4tyKx^nV!<#)SyGaS!2mH zE#kurlMP4H8^xwZC6o)Fk@zA=Mo8&odTc8sL)pq&&Rs0XI>;+9c;msn8D;zsD}}eU zaBT$xHj2yc__$ObOJkjjRy9s&!WpGH=JZ4=~VL-_#Sf2Y~h<#mWorSOAmryR>z1&Uv@f} zu?>xextEY!IDB<_yk9_Jm+dIW{gICesv=0)xDd1d1w7@ZiYqNziLzc zrVO}P*Q+{5P}yq0DJRlgTO$W)IgUPUp}M1|<0h_S0cM@>uJx()=f?_Tl4@_Lh*Pd4 z%fwOk*1+3ojlR75)T-}P;~ymyKlO}a)5Mz#>;Td6nQ10{G@w}vPjut=COvi(CW~$N zqS|JSaGbHMz*exFL0kK;1J97lORERH5hGia19Kl8kauh#k0uU{Fmf7@-~Oxn{>v-x5he>8SQ)bq zC92d8iI;fvRgvaW!^m&5En21x^(9Rj&qc_otRdAVN#ccn%0{HF*NEBI-Kr^^;hKfV zJVo<{fQw#!ZAv2bnMCmJmBLpdXiGJmK1RQTHo?b-QTz_q0k#zgNz@|!RRLKP?}gls z;~rO-KdrHVrGNYO&okL+!61&1rw+XJ;|IyMhaT#o&5j}KRko4qW^{^Sq#YL_rs!5q zMyl?y`SUvmd*LFG?^|0JjVO-BJz>&oh6{ZX+YP4|BLxAhhYec3RuTWCLV6!u ztMxeMq5AR}`xnD8mZRSJl2Q)oxo-W<+>iYNaVtT38-M= zDN_ey%GcUsgi}^gkG#SAfkiRdfI|^af&ER{w+$!jQCjXfC!eLTKMdA8g`ArLI#&&; d|NrNHQi`Th!5^tDq5p>N?5xjOHChCw{11IJn{5C9 literal 0 HcmV?d00001 diff --git a/stable/traefik/12.0.18/ix_values.yaml b/stable/traefik/12.0.18/ix_values.yaml new file mode 100644 index 00000000000..691fd7c5255 --- /dev/null +++ b/stable/traefik/12.0.18/ix_values.yaml @@ -0,0 +1,307 @@ +image: + repository: tccr.io/truecharts/traefik + # defaults to appVersion + tag: v2.8.1@sha256:808661df0066e25faf5d776e6d787d6771d093ca4a485bdb05bd359559a5e1a9 + pullPolicy: IfNotPresent + +# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x +ingressClass: + # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12 + enabled: false + isDefaultClass: false + # Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1" + fallbackApiVersion: "" + +# -- Activate Pilot integration +pilot: + enabled: false + token: "" + # Toggle Pilot Dashboard + # dashboard: false + +# -- Create an IngressRoute for the dashboard +ingressRoute: + dashboard: + enabled: true + # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) + annotations: {} + # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels) + labels: {} + +podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/path: "/metrics" + prometheus.io/port: "9180" + +# +# -- Configure providers +providers: + kubernetesCRD: + enabled: true + namespaces: [] + # - "default" + kubernetesIngress: + enabled: true + # labelSelector: environment=production,method=traefik + namespaces: [] + # - "default" + # IP used for Kubernetes Ingress endpoints + publishedService: + enabled: true + # Published Kubernetes Service to copy status from. Format: namespace/servicename + # By default this Traefik service + # pathOverride: "" + +# -- Logs +# https://docs.traefik.io/observability/logs/ +logs: + # Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on). + general: + # By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. + level: ERROR + # -- Set the format of General Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/logs/#format + format: common + access: + # To enable access logs + enabled: false + # To write the logs in an asynchronous fashion, specify a bufferingSize option. + # This option represents the number of log lines Traefik will keep in memory before writing + # them to the selected output. In some cases, this option can greatly help performances. + # bufferingSize: 100 + # Filtering https://docs.traefik.io/observability/access-logs/#filtering + filters: {} + # statuscodes: "200,300-302" + # retryattempts: true + # minduration: 10ms + # Fields + # https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers + fields: + general: + defaultmode: keep + names: {} + # Examples: + # ClientUsername: drop + headers: + defaultmode: drop + names: {} + # Examples: + # User-Agent: redact + # Authorization: drop + # Content-Type: keep + # -- Set the format of Access Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/access-logs/#format + format: common + +metrics: + # datadog: + # address: 127.0.0.1:8125 + # influxdb: + # address: localhost:8089 + # protocol: udp + prometheus: + entryPoint: metrics + # statsd: + # address: localhost:8125 + +globalArguments: + - "--global.checknewversion" + +## +# -- Additional arguments to be passed at Traefik's binary +# All available options available on https://docs.traefik.io/reference/static-configuration/cli/ +## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"` +additionalArguments: + - "--metrics.prometheus" + - "--ping" + - "--serverstransport.insecureskipverify=true" + - "--providers.kubernetesingress.allowexternalnameservices=true" + +# -- TLS Options to be created as TLSOption CRDs +# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options +# Example: +tlsOptions: + default: + sniStrict: false + minVersion: VersionTLS12 + curvePreferences: + - CurveP521 + - CurveP384 + cipherSuites: + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + +# -- Options for the main traefik service, where the entrypoints traffic comes from +# from. +service: + main: + type: LoadBalancer + ports: + main: + port: 9000 + targetPort: 9000 + protocol: HTTP + # -- Forwarded Headers should never be enabled on Main entrypoint + forwardedHeaders: + enabled: false + tcp: + enabled: true + type: LoadBalancer + ports: + web: + enabled: true + port: 9080 + protocol: HTTP + redirectTo: websecure + # -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support + forwardedHeaders: + enabled: false + # -- List of trusted IP and CIDR references + trustedIPs: [] + # -- Trust all forwarded headers + insecureMode: false + # Options: Empty, 0 (ingore), or positive int + # redirectPort: + websecure: + enabled: true + port: 9443 + protocol: HTTPS + # -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support + forwardedHeaders: + enabled: false + # -- List of trusted IP and CIDR references + trustedIPs: [] + # -- Trust all forwarded headers + insecureMode: false +# tcpexample: +# enabled: true +# targetPort: 9443 +# protocol: TCP +# tls: +# enabled: false +# # this is the name of a TLSOption definition +# options: "" +# certResolver: "" +# domains: [] +# # - main: example.com +# # sans: +# # - foo.example.com +# # - bar.example.com + metrics: + enabled: true + type: ClusterIP + ports: + metrics: + enabled: true + port: 9180 + targetPort: 9180 + protocol: HTTP + # -- Forwarded Headers should never be enabled on Metrics entrypoint + forwardedHeaders: + enabled: false + udp: + enabled: false + +# -- Whether Role Based Access Control objects like roles and rolebindings should be created +rbac: + main: + enabled: true + rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - traefik.containo.us + resources: + - ingressroutes + - ingressroutetcps + - ingressrouteudps + - middlewares + - middlewaretcps + - tlsoptions + - tlsstores + - traefikservices + - serverstransports + verbs: + - get + - list + - watch + +# -- The service account the pods will use to interact with the Kubernetes API +serviceAccount: + main: + create: true + +# -- SCALE Middleware Handlers +middlewares: + basicAuth: [] + # - name: basicauthexample + # users: + # - username: testuser + # password: testpassword + forwardAuth: [] + # - name: forwardAuthexample + # address: https://auth.example.com/ + # authResponseHeaders: + # - X-Secret + # - X-Auth-User + # authRequestHeaders: + # - "Accept" + # - "X-CustomHeader" + # authResponseHeadersRegex: "^X-" + # trustForwardHeader: true + chain: [] + # - name: chainname + # middlewares: + # - name: compress + redirectScheme: [] + # - name: redirectSchemeName + # scheme: https + # permanent: true + rateLimit: [] + # - name: rateLimitName + # average: 300 + # burst: 200 + redirectRegex: [] + # - name: redirectRegexName + # regex: putregexhere + # replacement: repslacementurlhere + # permanent: false + stripPrefixRegex: [] + # - name: stripPrefixRegexName + # regex: [] + ipWhiteList: [] + # - name: ipWhiteListName + # sourceRange: [] + # ipStrategy: + # depth: 2 + # excludedIPs: [] + +portalhook: + enabled: true diff --git a/stable/traefik/12.0.18/questions.yaml b/stable/traefik/12.0.18/questions.yaml new file mode 100644 index 00000000000..153180ff18b --- /dev/null +++ b/stable/traefik/12.0.18/questions.yaml @@ -0,0 +1,2614 @@ +groups: + - name: "Container Image" + description: "Image to be used for container" + - name: "Controller" + description: "Configure workload deployment" + - name: "Container Configuration" + description: "additional container configuration" + - name: "App Configuration" + description: "App specific config options" + - name: "Networking and Services" + description: "Configure Network and Services for container" + - name: "Storage and Persistence" + description: "Persist and share data that is separate from the container" + - name: "Ingress" + description: "Ingress Configuration" + - name: "Security and Permissions" + description: "Configure security context and permissions" + - name: "Resources and Devices" + description: "Specify resources/devices to be allocated to workload" + - name: "Middlewares" + description: "Traefik Middlewares" + - name: "Metrics" + description: "Metrics" + - name: "Addons" + description: "Addon Configuration" + - name: "Advanced" + description: "Advanced Configuration" +portals: + open: + protocols: + - "http" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" + path: "/dashboard/" +questions: + - variable: portal + group: "Container Image" + label: "Configure Portal Button" + schema: + type: dict + hidden: true + attrs: + - variable: enabled + label: "Enable" + description: "enable the portal button" + schema: + hidden: true + editable: false + type: boolean + default: true + - variable: global + label: "global settings" + group: "Controller" + schema: + type: dict + hidden: true + attrs: + - variable: isSCALE + label: "flag this is SCALE" + schema: + type: boolean + default: true + hidden: true + - variable: controller + group: "Controller" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: advanced + label: "Show Advanced Controller Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: type + description: "Please specify type of workload to deploy" + label: "(Advanced) Controller Type" + schema: + type: string + default: "deployment" + required: true + enum: + - value: "deployment" + description: "Deployment" + - value: "statefulset" + description: "Statefulset" + - value: "daemonset" + description: "Daemonset" + - variable: replicas + description: "Number of desired pod replicas" + label: "Desired Replicas" + schema: + type: int + default: 1 + required: true + - variable: strategy + description: "Please specify type of workload to deploy" + label: "(Advanced) Update Strategy" + schema: + type: string + default: "RollingUpdate" + required: true + enum: + - value: "Recreate" + description: "Recreate: Kill existing pods before creating new ones" + - value: "RollingUpdate" + description: "RollingUpdate: Create new pods and then kill old ones" + - value: "OnDelete" + description: "(Legacy) OnDelete: ignore .spec.template changes" + - variable: expert + label: "Show Expert Configuration Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: extraArgs + label: "Extra Args" + schema: + type: list + default: [] + items: + - variable: arg + label: "arg" + schema: + type: string + - variable: labelsList + label: "Controller Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: " Controller Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: TZ + label: "Timezone" + group: "Container Configuration" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + + - variable: envList + label: "Image environment" + group: "Container Configuration" + schema: + type: list + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: expertpodconf + group: "Container Configuration" + label: "Show Expert Config" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: tty + label: "Enable TTY" + description: "Determines whether containers in a pod runs with TTY enabled. By default pod has it disabled." + group: "Workload Details" + schema: + type: boolean + default: false + - variable: stdin + label: "Enable STDIN" + description: "Determines whether containers in a pod runs with stdin enabled. By default pod has it disabled." + group: "Workload Details" + schema: + type: boolean + default: false + - variable: termination + group: "Container Configuration" + label: "Termination settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: gracePeriodSeconds + label: "Grace Period Seconds" + schema: + type: int + default: 10 + - variable: podLabelsList + group: "Container Configuration" + label: "Pod Labels" + schema: + type: list + default: [] + items: + - variable: podLabelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: podAnnotationsList + group: "Container Configuration" + label: "Pod Annotations" + schema: + type: list + default: [] + items: + - variable: podAnnotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: pilot + label: "Traefik Pilot" + group: "App Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: token + label: "token" + schema: + type: string + default: "" + - variable: dashboard + label: "Pilot Dashboard" + schema: + type: boolean + default: false + + - variable: ingressClass + label: "ingressClass" + group: "App Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + description: "When enabled, ingressClass will match the entered name of this app" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: isDefaultClass + label: "isDefaultClass" + schema: + type: boolean + default: false + + - variable: logs + label: "Logs" + group: "App Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: general + label: "General Logs" + schema: + additional_attrs: true + type: dict + attrs: + - variable: level + label: "Log Level" + schema: + type: string + default: "ERROR" + enum: + - value: "INFO" + description: "Info" + - value: "WARN" + description: "Warnings" + - value: "ERROR" + description: "Errors" + - value: "FATAL" + description: "Fatal Errors" + - value: "PANIC" + description: "Panics" + - value: "DEBUG" + description: "Debug" + - variable: format + label: "General Log format" + schema: + type: string + default: "common" + enum: + - value: "common" + description: "Common Log Format" + - value: "json" + description: "JSON" + - variable: access + label: "Access Logs" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabledFilters + label: "Enable Filters" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: filters + label: "Filters" + schema: + additional_attrs: true + type: dict + attrs: + - variable: statuscodes + label: "Status codes" + schema: + type: string + default: "200,300-302" + - variable: retryattempts + label: "retryattempts" + schema: + type: boolean + default: true + - variable: minduration + label: "minduration" + schema: + type: string + default: "10ms" + - variable: fields + label: "Fields" + schema: + additional_attrs: true + type: dict + attrs: + - variable: general + label: "General" + schema: + additional_attrs: true + type: dict + attrs: + - variable: defaultmode + label: "Default Mode" + schema: + type: string + default: "keep" + enum: + - value: "keep" + description: "Keep" + - value: "drop" + description: "Drop" + - variable: headers + label: "Headers" + schema: + additional_attrs: true + type: dict + attrs: + - variable: defaultmode + label: "Default Mode" + schema: + type: string + default: "drop" + enum: + - value: "keep" + description: "Keep" + - value: "drop" + description: "Drop" + - variable: format + label: "Access Log format" + schema: + type: string + default: "common" + enum: + - value: "common" + description: "Common Log Format" + - value: "json" + description: "JSON" + - variable: middlewares + label: "" + group: "Middlewares" + schema: + additional_attrs: true + type: dict + attrs: + - variable: basicAuth + label: "basicAuth" + schema: + type: list + default: [] + items: + - variable: basicAuthEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + default: "" + - variable: users + label: "Users" + schema: + type: list + default: [] + items: + - variable: usersEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: username + label: "Username" + schema: + type: string + required: true + default: "" + - variable: password + label: "Password" + schema: + type: string + required: true + default: "" + + - variable: forwardAuth + label: "forwardAuth" + schema: + type: list + default: [] + items: + - variable: basicAuthEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + default: "" + - variable: address + label: "Address" + schema: + type: string + required: true + default: "" + - variable: trustForwardHeader + label: "trustForwardHeader" + schema: + type: boolean + default: false + - variable: authResponseHeadersRegex + label: "authResponseHeadersRegex" + schema: + type: string + default: "" + - variable: authResponseHeaders + label: "authResponseHeaders" + schema: + type: list + default: [] + items: + - variable: authResponseHeadersEntry + label: "" + schema: + type: string + default: "" + - variable: authRequestHeaders + label: "authRequestHeaders" + schema: + type: list + default: [] + items: + - variable: authRequestHeadersEntry + label: "" + schema: + type: string + default: "" + - variable: chain + label: "chain" + schema: + type: list + default: [] + items: + - variable: chainEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: middlewares + label: "Middlewares to Chain" + schema: + type: list + default: [] + items: + - variable: name + label: "Name" + schema: + type: string + required: true + default: "" + + - variable: redirectScheme + label: "redirectScheme" + schema: + type: list + default: [] + items: + - variable: redirectSchemeEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: scheme + label: "Scheme" + schema: + type: string + required: true + default: "https" + enum: + - value: "https" + description: "https" + - value: "http" + description: "http" + - variable: permanent + label: "Permanent" + schema: + type: boolean + default: false + + - variable: rateLimit + label: "rateLimit" + schema: + type: list + default: [] + items: + - variable: rateLimitEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: average + label: "Average" + schema: + type: int + required: true + default: 300 + - variable: burst + label: "Burst" + schema: + type: int + required: true + default: 200 + - variable: redirectRegex + label: "redirectRegex" + schema: + type: list + default: [] + items: + - variable: redirectRegexEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: regex + label: "Regex" + schema: + type: string + required: true + default: "" + - variable: replacement + label: "Replacement" + schema: + type: string + required: true + default: "" + - variable: permanent + label: "Permanent" + schema: + type: boolean + default: false + - variable: stripPrefixRegex + label: "stripPrefixRegex" + schema: + type: list + default: [] + items: + - variable: stripPrefixRegexEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: regex + label: "Regex" + schema: + type: list + default: [] + items: + - variable: regexEntry + label: "Regex" + schema: + type: string + required: true + default: "" + + - variable: ipWhiteList + label: "ipWhiteList" + schema: + type: list + default: [] + items: + - variable: ipWhiteListEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + default: "" + - variable: sourceRange + label: "Source Range" + schema: + type: list + default: [] + items: + - variable: sourceRangeEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: ipStrategy + label: "IP Strategy" + schema: + additional_attrs: true + type: dict + attrs: + - variable: depth + label: "Depth" + schema: + type: int + required: true + - variable: excludedIPs + label: "Excluded IPs" + schema: + type: list + default: [] + items: + - variable: excludedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + + - variable: service + group: "Networking and Services" + label: "Configure Service Entrypoint" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the service" + schema: + type: boolean + default: true + hidden: true + - variable: type + label: "Service Type" + description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: "Simple" + enum: + - value: "Simple" + description: "Simple" + - value: "ClusterIP" + description: "ClusterIP" + - value: "NodePort" + description: "NodePort (Advanced)" + - value: "LoadBalancer" + description: "LoadBalancer (Advanced)" + - variable: loadBalancerIP + label: "LoadBalancer IP" + description: "LoadBalancerIP" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: list + default: [] + items: + - variable: externalIP + label: "External IP" + schema: + type: string + - variable: ipFamilyPolicy + label: "IP Family Policy" + description: "(Advanced) Specify the ip policy" + schema: + show_if: [["type", "!=", "Simple"]] + type: string + default: "SingleStack" + enum: + - value: "SingleStack" + description: "SingleStack" + - value: "PreferDualStack" + description: "PreferDualStack" + - value: "RequireDualStack" + description: "RequireDualStack" + - variable: ipFamilies + label: "(advanced) IP families" + description: "(advanced) The ip families that should be used" + schema: + show_if: [["type", "!=", "Simple"]] + type: list + default: [] + items: + - variable: ipFamily + label: "IP family" + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Entrypoint Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: advanced + label: "Show Advanced settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: protocol + label: "Port Type" + schema: + type: string + default: "HTTP" + enum: + - value: HTTP + description: "HTTP" + - value: "HTTPS" + description: "HTTPS" + - value: TCP + description: "TCP" + - value: "UDP" + description: "UDP" + - variable: nodePort + label: "Node Port (Optional)" + description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: "Target Port" + description: "The internal(!) port on the container the Application runs on" + schema: + type: int + default: 9000 + + - variable: port + label: "Entrypoints Port" + schema: + type: int + default: 9000 + required: true + - variable: tcp + label: "TCP Service" + description: "The tcp Entrypoint service" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the service" + schema: + type: boolean + default: true + hidden: true + - variable: type + label: "Service Type" + description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: "Simple" + enum: + - value: "Simple" + description: "Simple" + - value: "ClusterIP" + description: "ClusterIP" + - value: "NodePort" + description: "NodePort (Advanced)" + - value: "LoadBalancer" + description: "LoadBalancer (Advanced)" + - variable: loadBalancerIP + label: "LoadBalancer IP" + description: "LoadBalancerIP" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: list + default: [] + items: + - variable: externalIP + label: "External IP" + schema: + type: string + - variable: ipFamilyPolicy + label: "IP Family Policy" + description: "(Advanced) Specify the ip policy" + schema: + show_if: [["type", "!=", "Simple"]] + type: string + default: "SingleStack" + enum: + - value: "SingleStack" + description: "SingleStack" + - value: "PreferDualStack" + description: "PreferDualStack" + - value: "RequireDualStack" + description: "RequireDualStack" + - variable: ipFamilies + label: "(advanced) IP families" + description: "(advanced) The ip families that should be used" + schema: + show_if: [["type", "!=", "Simple"]] + type: list + default: [] + items: + - variable: ipFamily + label: "IP family" + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: web + label: "web Entrypoint Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Entrypoints Port" + schema: + type: int + default: 9080 + required: true + - variable: advanced + label: "Show Advanced settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: protocol + label: "Port Type" + schema: + type: string + default: "HTTP" + enum: + - value: HTTP + description: "HTTP" + - value: "HTTPS" + description: "HTTPS" + - value: TCP + description: "TCP" + - value: "UDP" + description: "UDP" + - variable: nodePort + label: "Node Port (Optional)" + description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: "Target Port" + description: "The internal(!) port on the container the Application runs on" + schema: + type: int + - variable: redirectPort + label: "Redirect to Port" + schema: + type: int + - variable: redirectTo + label: "Redirect to Entrypoint" + schema: + type: string + default: "websecure" + - variable: forwardedHeaders + label: "Accept Forwarded Headers" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: "Trusted IPs" + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: "Insecure Mode" + schema: + type: boolean + default: false + - variable: websecure + label: "websecure Entrypoints Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Entrypoints Port" + schema: + type: int + default: 9443 + required: true + - variable: advanced + label: "Show Advanced settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: protocol + label: "Port Type" + schema: + type: string + default: "HTTPS" + enum: + - value: HTTP + description: "HTTP" + - value: "HTTPS" + description: "HTTPS" + - value: TCP + description: "TCP" + - value: "UDP" + description: "UDP" + - variable: nodePort + label: "Node Port (Optional)" + description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: "Target Port" + description: "The internal(!) port on the container the Application runs on" + schema: + type: int + - variable: redirectPort + label: "Redirect to Port" + schema: + type: int + - variable: redirectTo + label: "Redirect to Entrypoint" + schema: + type: string + - variable: forwardedHeaders + label: "Accept Forwarded Headers" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: "Trusted IPs" + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: ipaddr + required: true + default: "" + - variable: insecureMode + label: "Insecure Mode" + schema: + type: boolean + default: false + - variable: tls + label: "websecure Entrypoints Configuration" + schema: + type: dict + hidden: true + attrs: + - variable: enabled + label: "Enabled" + schema: + type: boolean + default: true + hidden: true + - variable: portsList + label: "Additional TCP Entrypoints" + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: "Custom Entrypoints" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the port" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Entrypoints Name" + schema: + type: string + default: "" + - variable: protocol + label: "Entrypoints Type" + schema: + type: string + default: "TCP" + enum: + - value: HTTP + description: "HTTP" + - value: "HTTPS" + description: "HTTPS" + - value: TCP + description: "TCP" + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + required: true + - variable: tls + label: "websecure Entrypoints Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enabled" + schema: + type: boolean + default: true + - variable: redirectPort + label: "Redirect to Port" + schema: + type: int + - variable: redirectTo + label: "Redirect to Entrypoint" + schema: + type: string + - variable: forwardedHeaders + label: "Accept Forwarded Headers" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: "Trusted IPs" + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: ipaddr + required: true + default: "" + - variable: insecureMode + label: "Insecure Mode" + schema: + type: boolean + default: false + - variable: ingress + label: "" + group: "Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Ingress" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: "Hosts" + schema: + type: list + default: [] + items: + - variable: hostEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: "HostName" + schema: + type: string + default: "" + required: true + - variable: paths + label: "Paths" + schema: + type: list + default: [] + items: + - variable: pathEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: "path" + schema: + type: string + required: true + default: "/" + - variable: pathType + label: "pathType" + schema: + type: string + required: true + default: "Prefix" + + - variable: tls + label: "TLS-Settings" + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: "Certificate Hosts" + schema: + type: list + default: [] + items: + - variable: host + label: "Host" + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + $ref: + - "definitions/certificate" + + - variable: entrypoint + label: "(Advanced) Traefik Entrypoint" + description: "Entrypoint used by Traefik when using Traefik as Ingress Provider" + schema: + type: string + default: "websecure" + required: true + - variable: middlewares + label: "Traefik Middlewares" + description: "Add previously created Traefik Middlewares to this Ingress" + schema: + type: list + default: [] + items: + - variable: name + label: "Name" + schema: + type: string + default: "" + required: true + + - variable: expert + label: "Show Expert Configuration Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enableFixedMiddlewares + description: "These middlewares enforce a number of best practices." + label: "Enable Default Middlewares" + schema: + type: boolean + default: true + - variable: ingressClassName + label: "IngressClass Name" + schema: + type: string + default: "" + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: ingressList + label: "Add Manual Custom Ingresses" + group: "Ingress" + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: "Custom Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Ingress" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Name" + schema: + type: string + default: "" + - variable: ingressClassName + label: "IngressClass Name" + schema: + type: string + default: "" + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: hosts + label: "Hosts" + schema: + type: list + default: [] + items: + - variable: hostEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: "HostName" + schema: + type: string + default: "" + required: true + - variable: paths + label: "Paths" + schema: + type: list + default: [] + items: + - variable: pathEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: "path" + schema: + type: string + required: true + default: "/" + - variable: pathType + label: "pathType" + schema: + type: string + required: true + default: "Prefix" + - variable: service + label: "Linked Service" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Service Name" + schema: + type: string + default: "" + - variable: port + label: "Service Port" + schema: + type: int + - variable: tls + label: "TLS-Settings" + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: "Certificate Hosts" + schema: + type: list + default: [] + items: + - variable: host + label: "Host" + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + $ref: + - "definitions/certificate" + - variable: entrypoint + label: "Traefik Entrypoint" + description: "Entrypoint used by Traefik when using Traefik as Ingress Provider" + schema: + type: string + default: "websecure" + required: true + - variable: middlewares + label: "Traefik Middlewares" + description: "Add previously created Traefik Middlewares to this Ingress" + schema: + type: list + default: [] + items: + - variable: name + label: "Name" + schema: + type: string + default: "" + required: true + + - variable: security + label: "Container Security Settings" + group: "Security and Permissions" + schema: + type: dict + additional_attrs: true + attrs: + - variable: editsecurity + label: "Change PUID / UMASK values" + description: "By enabling this you override default set values." + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: PUID + label: "Process User ID - PUID" + description: "When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps" + schema: + type: int + default: 568 + - variable: UMASK + label: "UMASK" + description: "When supported by the container, this sets the UMASK for tha App. Not supported by all Apps" + schema: + type: string + default: "002" + + - variable: advancedSecurity + label: "Show Advanced Security Settings" + group: "Security and Permissions" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: securityContext + label: "Security Context" + schema: + additional_attrs: true + type: dict + attrs: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: allowPrivilegeEscalation + label: "Allow Privilege Escalation" + schema: + type: boolean + default: false + - variable: runAsNonRoot + label: "runAsNonRoot" + schema: + type: boolean + default: true + - variable: capabilities + label: "Capabilities" + schema: + additional_attrs: true + type: dict + attrs: + - variable: drop + label: "Drop Capability" + schema: + type: list + default: [] + items: + - variable: dropEntry + label: "" + schema: + type: string + - variable: add + label: "Add Capability" + schema: + type: list + default: [] + items: + - variable: addEntry + label: "" + schema: + type: string + + - variable: podSecurityContext + group: "Security and Permissions" + label: "Pod Security Context" + schema: + additional_attrs: true + type: dict + attrs: + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID this App of the user running the application" + schema: + type: int + default: 568 + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: "OnRootMismatch" + enum: + - value: "OnRootMismatch" + description: "OnRootMismatch" + - value: "Always" + description: "Always" + - variable: supplementalGroups + label: "supplemental Groups" + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: "supplemental Group" + schema: + type: int + + + - variable: advancedresources + label: "Set Custom Resource Limits/Requests (Advanced)" + group: "Resources and Devices" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: resources + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: "Advanced Limit Resource Consumption" + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: "CPU" + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/indepth/validation/" + schema: + type: string + default: "4000m" + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/indepth/validation/" + schema: + type: string + default: "8Gi" + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: "CPU" + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/indepth/validation/" + schema: + type: string + default: "10m" + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/indepth/validation/" + schema: + type: string + default: "50Mi" + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + + - variable: deviceList + label: "Mount USB devices" + group: "Resources and Devices" + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: "Device" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the storage" + schema: + type: boolean + default: true + - variable: type + label: "(Advanced) Type of Storage" + description: "Sets the persistence type" + schema: + type: string + default: "hostPath" + hidden: true + - variable: readOnly + label: "readOnly" + schema: + type: boolean + default: false + - variable: hostPath + label: "Host Device Path" + description: "Path to the device on the host system" + schema: + type: path + - variable: mountPath + label: "Container Device Path" + description: "Path inside the container the device is mounted" + schema: + type: string + default: "/dev/ttyACM0" + + # Specify GPU configuration + - variable: scaleGPU + label: "GPU Configuration" + group: "Resources and Devices" + schema: + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] + +# - variable: autoscaling +# group: "Advanced" +# label: "(Advanced) Horizontal Pod Autoscaler" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: enabled +# label: "enabled" +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: "Target" +# description: "deployment name, defaults to main deployment" +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: "Minimum Replicas" +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: "Maximum Replicas" +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: "Target CPU Utilization Percentage" +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: "Target Memory Utilization Percentage" +# schema: +# type: int +# default: 80 +# - variable: networkPolicy +# group: "Advanced" +# label: "(Advanced) Network Policy" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: enabled +# label: "enabled" +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: policyType +# label: "Policy Type" +# schema: +# type: string +# default: "" +# enum: +# - value: "" +# description: "Default" +# - value: "ingress" +# description: "Ingress" +# - value: "egress" +# description: "Egress" +# - value: "ingress-egress" +# description: "Ingress and Egress" +# - variable: egress +# label: "Egress" +# schema: +# type: list +# default: [] +# items: +# - variable: egressEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: to +# label: "To" +# schema: +# type: list +# default: [] +# items: +# - variable: toEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: ipBlock +# label: "ipBlock" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: cidr +# label: "cidr" +# schema: +# type: string +# default: "" +# - variable: except +# label: "except" +# schema: +# type: list +# default: [] +# items: +# - variable: exceptint +# label: "" +# schema: +# type: string +# - variable: namespaceSelector +# label: "namespaceSelector" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: matchExpressions +# label: "matchExpressions" +# schema: +# type: list +# default: [] +# items: +# - variable: expressionEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: key +# label: "Key" +# schema: +# type: string +# - variable: operator +# label: "operator" +# schema: +# type: string +# default: "TCP" +# enum: +# - value: "In" +# description: "In" +# - value: "NotIn" +# description: "NotIn" +# - value: "Exists " +# description: "Exists " +# - value: "DoesNotExist " +# description: "DoesNotExist " +# - variable: values +# label: "values" +# schema: +# type: list +# default: [] +# items: +# - variable: value +# label: "" +# schema: +# type: string +# - variable: podSelector +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: matchExpressions +# label: "matchExpressions" +# schema: +# type: list +# default: [] +# items: +# - variable: expressionEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: key +# label: "Key" +# schema: +# type: string +# - variable: operator +# label: "operator" +# schema: +# type: string +# default: "TCP" +# enum: +# - value: "In" +# description: "In" +# - value: "NotIn" +# description: "NotIn" +# - value: "Exists " +# description: "Exists " +# - value: "DoesNotExist " +# description: "DoesNotExist " +# - variable: values +# label: "values" +# schema: +# type: list +# default: [] +# items: +# - variable: value +# label: "" +# schema: +# type: string +# - variable: ports +# label: "Ports" +# schema: +# type: list +# default: [] +# items: +# - variable: portsEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: port +# label: "port" +# schema: +# type: int +# - variable: endPort +# label: "port" +# schema: +# type: int +# - variable: protocol +# label: "Protocol" +# schema: +# type: string +# default: "TCP" +# enum: +# - value: "TCP" +# description: "TCP" +# - value: "UDP" +# description: "UDP" +# - value: "SCTP" +# description: "SCTP" +# - variable: ingress +# label: "Ingress" +# schema: +# type: list +# default: [] +# items: +# - variable: ingressEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: from +# label: "From" +# schema: +# type: list +# default: [] +# items: +# - variable: fromEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: ipBlock +# label: "ipBlock" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: cidr +# label: "cidr" +# schema: +# type: string +# default: "" +# - variable: except +# label: "except" +# schema: +# type: list +# default: [] +# items: +# - variable: exceptint +# label: "" +# schema: +# type: string +# - variable: namespaceSelector +# label: "namespaceSelector" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: matchExpressions +# label: "matchExpressions" +# schema: +# type: list +# default: [] +# items: +# - variable: expressionEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: key +# label: "Key" +# schema: +# type: string +# - variable: operator +# label: "operator" +# schema: +# type: string +# default: "TCP" +# enum: +# - value: "In" +# description: "In" +# - value: "NotIn" +# description: "NotIn" +# - value: "Exists " +# description: "Exists " +# - value: "DoesNotExist " +# description: "DoesNotExist " +# - variable: values +# label: "values" +# schema: +# type: list +# default: [] +# items: +# - variable: value +# label: "" +# schema: +# type: string +# - variable: podSelector +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: matchExpressions +# label: "matchExpressions" +# schema: +# type: list +# default: [] +# items: +# - variable: expressionEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: key +# label: "Key" +# schema: +# type: string +# - variable: operator +# label: "operator" +# schema: +# type: string +# default: "TCP" +# enum: +# - value: "In" +# description: "In" +# - value: "NotIn" +# description: "NotIn" +# - value: "Exists " +# description: "Exists " +# - value: "DoesNotExist " +# description: "DoesNotExist " +# - variable: values +# label: "values" +# schema: +# type: list +# default: [] +# items: +# - variable: value +# label: "" +# schema: +# type: string +# - variable: ports +# label: "Ports" +# schema: +# type: list +# default: [] +# items: +# - variable: portsEntry +# label: "" +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: port +# label: "port" +# schema: +# type: int +# - variable: endPort +# label: "port" +# schema: +# type: int +# - variable: protocol +# label: "Protocol" +# schema: +# type: string +# default: "TCP" +# enum: +# - value: "TCP" +# description: "TCP" +# - value: "UDP" +# description: "UDP" +# - value: "SCTP" +# description: "SCTP" + + + - variable: addons + group: "Addons" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: vpn + label: "VPN" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: "Type" + schema: + type: string + default: "disabled" + enum: + - value: "disabled" + description: "disabled" + - value: "openvpn" + description: "OpenVPN" + - value: "wireguard" + description: "Wireguard" + - variable: openvpn + label: "OpenVPN Settings" + schema: + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: "authentication username" + description: "authentication username, optional" + schema: + type: string + default: "" + - variable: password + label: "authentication password" + description: "authentication credentials" + schema: + type: string + default: "" + required: true + - variable: killSwitch + label: "Enable killswitch" + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: "Killswitch Excluded IPv4 networks" + description: "list of killswitch excluded ipv4 addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: "IPv4 Network" + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: "Killswitch Excluded IPv6 networks" + description: "list of killswitch excluded ipv4 addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: "IPv6 Network" + schema: + type: string + required: true + + - variable: configFile + label: "VPN Config File Location" + schema: + type: dict + show_if: [["type", "!=", "disabled"]] + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: true + hidden: true + - variable: type + label: "type" + schema: + type: string + default: "hostPath" + hidden: true + - variable: hostPathType + label: "hostPathType" + schema: + type: string + default: "File" + hidden: true + - variable: noMount + label: "noMount" + schema: + type: boolean + default: true + hidden: true + - variable: hostPath + label: "Full path to file" + description: "path to your local VPN config file for example: /mnt/tank/vpn.conf or /mnt/tank/vpn.ovpn" + schema: + type: string + default: "" + required: true + - variable: envList + label: "VPN environment Variables" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + required: true + + - variable: codeserver + label: "Codeserver" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: git + label: "Git Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: deployKey + description: "Raw SSH private key" + label: "deployKey" + schema: + type: string + - variable: deployKeyBase64 + description: "Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence" + label: "deployKeyBase64" + schema: + type: string + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: "Service Type" + description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: "NodePort" + enum: + - value: "NodePort" + description: "NodePort" + - value: "ClusterIP" + description: "ClusterIP" + - value: "LoadBalancer" + description: "LoadBalancer" + - variable: loadBalancerIP + label: "LoadBalancer IP" + description: "LoadBalancerIP" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: list + default: [] + items: + - variable: externalIP + label: "External IP" + schema: + type: string + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: nodePort + description: "leave empty to disable" + label: "nodePort" + schema: + type: int + default: 36107 + - variable: envList + label: "Codeserver environment Variables" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + required: true + + + - variable: promtail + label: "Promtail" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: loki + label: "Loki URL" + schema: + type: string + required: true + - variable: logs + label: "Log Paths" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: path + label: "Path" + schema: + type: string + required: true + - variable: args + label: "Promtail ecommand line arguments" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: arg + label: "Arg" + schema: + type: string + required: true + - variable: envList + label: "Promtail environment Variables" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + required: true + + + + + - variable: netshoot + label: "Netshoot" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: "Netshoot environment Variables" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + required: true diff --git a/stable/traefik/12.0.18/templates/_args.tpl b/stable/traefik/12.0.18/templates/_args.tpl new file mode 100644 index 00000000000..a395c6505bb --- /dev/null +++ b/stable/traefik/12.0.18/templates/_args.tpl @@ -0,0 +1,155 @@ +{{/* Define the args */}} +{{- define "traefik.args" -}} +args: + {{/* merge all ports */}} + {{- $ports := dict }} + {{- range $.Values.service }} + {{- range $name, $value := .ports }} + {{- $_ := set $ports $name $value }} + {{- end }} + {{- end }} + {{/* start of actual arguments */}} + {{- with .Values.globalArguments }} + {{- range . }} + - {{ . | quote }} + {{- end }} + {{- end }} + {{- range $name, $config := $ports }} + {{- if $config }} + {{- if or ( eq $config.protocol "HTTP" ) ( eq $config.protocol "HTTPS" ) ( eq $config.protocol "TCP" ) }} + {{- $_ := set $config "protocol" "TCP" }} + {{- end }} + - "--entryPoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}" + {{- end }} + {{- end }} + - "--api.dashboard=true" + - "--ping=true" + {{- if .Values.metrics }} + {{- if .Values.metrics.datadog }} + - "--metrics.datadog=true" + - "--metrics.datadog.address={{ .Values.metrics.datadog.address }}" + {{- end }} + {{- if .Values.metrics.influxdb }} + - "--metrics.influxdb=true" + - "--metrics.influxdb.address={{ .Values.metrics.influxdb.address }}" + - "--metrics.influxdb.protocol={{ .Values.metrics.influxdb.protocol }}" + {{- end }} + {{- if .Values.metrics.prometheus }} + - "--metrics.prometheus=true" + - "--metrics.prometheus.entrypoint={{ .Values.metrics.prometheus.entryPoint }}" + {{- end }} + {{- if .Values.metrics.statsd }} + - "--metrics.statsd=true" + - "--metrics.statsd.address={{ .Values.metrics.statsd.address }}" + {{- end }} + {{- end }} + {{- if .Values.providers.kubernetesCRD.enabled }} + - "--providers.kubernetescrd" + {{- end }} + {{- if .Values.providers.kubernetesIngress.enabled }} + - "--providers.kubernetesingress" + {{- if .Values.providers.kubernetesIngress.publishedService.enabled }} + - "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}" + {{- end }} + {{- if .Values.providers.kubernetesIngress.labelSelector }} + - "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}" + {{- end }} + {{- end }} + {{- if and .Values.rbac.enabled .Values.rbac.namespaced }} + {{- if .Values.providers.kubernetesCRD.enabled }} + - "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" . }}" + {{- end }} + {{- if .Values.providers.kubernetesIngress.enabled }} + - "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" . }}" + {{- end }} + {{- end }} + {{- if .Values.ingressClass.enabled }} + - "--providers.kubernetesingress.ingressclass={{ .Release.Name }}" + {{- end }} + {{- range $entrypoint, $config := $ports }} + {{/* add args for forwardedHeaders support */}} + {{- if $config.forwardedHeaders.enabled }} + {{- if not ( empty $config.forwardedHeaders.trustedIPs ) }} + - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}" + {{- end }} + {{- if $config.forwardedHeaders.insecureMode }} + - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.insecure" + {{- end }} + {{- end }} + {{/* end forwardedHeaders configuration */}} + {{- if $config.redirectTo }} + {{- $toPort := index $ports $config.redirectTo }} + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.port }}" + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https" + {{- else if $config.redirectPort }} + {{ if gt $config.redirectPort 0.0 }} + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $config.redirectPort }}" + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https" + {{- end }} + {{- end }} + {{- if or ( $config.tls ) ( eq $config.protocol "HTTPS" ) }} + {{- if or ( $config.tls.enabled ) ( eq $config.protocol "HTTPS" ) }} + - "--entrypoints.{{ $entrypoint }}.http.tls=true" + {{- if $config.tls.options }} + - "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}" + {{- end }} + {{- if $config.tls.certResolver }} + - "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}" + {{- end }} + {{- if $config.tls.domains }} + {{- range $index, $domain := $config.tls.domains }} + {{- if $domain.main }} + - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}" + {{- end }} + {{- if $domain.sans }} + - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}" + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Values.logs }} + - "--log.format={{ .general.format }}" + {{- if ne .general.level "ERROR" }} + - "--log.level={{ .general.level | upper }}" + {{- end }} + {{- if .access.enabled }} + - "--accesslog=true" + - "--accesslog.format={{ .access.format }}" + {{- if .access.bufferingsize }} + - "--accesslog.bufferingsize={{ .access.bufferingsize }}" + {{- end }} + {{- if .access.filters }} + {{- if .access.filters.statuscodes }} + - "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}" + {{- end }} + {{- if .access.filters.retryattempts }} + - "--accesslog.filters.retryattempts" + {{- end }} + {{- if .access.filters.minduration }} + - "--accesslog.filters.minduration={{ .access.filters.minduration }}" + {{- end }} + {{- end }} + - "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}" + {{- range $fieldname, $fieldaction := .access.fields.general.names }} + - "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}" + {{- end }} + - "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}" + {{- range $fieldname, $fieldaction := .access.fields.headers.names }} + - "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}" + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.pilot.enabled }} + - "--pilot.token={{ .Values.pilot.token }}" + {{- end }} + {{- if hasKey .Values.pilot "dashboard" }} + - "--pilot.dashboard={{ .Values.pilot.dashboard }}" + {{- end }} + {{- with .Values.additionalArguments }} + {{- range . }} + - {{ . | quote }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/stable/traefik/12.0.18/templates/_helpers.tpl b/stable/traefik/12.0.18/templates/_helpers.tpl new file mode 100644 index 00000000000..ab55e4e7ec6 --- /dev/null +++ b/stable/traefik/12.0.18/templates/_helpers.tpl @@ -0,0 +1,22 @@ +{{/* +Construct the path for the providers.kubernetesingress.ingressendpoint.publishedservice. +By convention this will simply use the / to match the name of the +service generated. +Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride` +*/}} +{{- define "providers.kubernetesIngress.publishedServicePath" -}} +{{- $fullName := include "tc.common.names.fullname" . -}} +{{- $defServiceName := printf "%s/%s-tcp" .Release.Namespace $fullName -}} +{{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }} +{{- print $servicePath | trimSuffix "-" -}} +{{- end -}} + +{{/* +Construct a comma-separated list of whitelisted namespaces +*/}} +{{- define "providers.kubernetesIngress.namespaces" -}} +{{- default .Release.Namespace (join "," .Values.providers.kubernetesIngress.namespaces) }} +{{- end -}} +{{- define "providers.kubernetesCRD.namespaces" -}} +{{- default .Release.Namespace (join "," .Values.providers.kubernetesCRD.namespaces) }} +{{- end -}} diff --git a/stable/traefik/12.0.18/templates/_ingressclass.tpl b/stable/traefik/12.0.18/templates/_ingressclass.tpl new file mode 100644 index 00000000000..909e249d6a5 --- /dev/null +++ b/stable/traefik/12.0.18/templates/_ingressclass.tpl @@ -0,0 +1,24 @@ +{{/* Define the ingressClass */}} +{{- define "traefik.ingressClass" -}} +--- +{{ if .Values.ingressClass.enabled }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass" }} +apiVersion: networking.k8s.io/v1 + {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass" }} +apiVersion: networking.k8s.io/v1beta1 + {{- else if or (eq .Values.ingressClass.fallbackApiVersion "v1beta1") (eq .Values.ingressClass.fallbackApiVersion "v1") }} +apiVersion: {{ printf "networking.k8s.io/%s" .Values.ingressClass.fallbackApiVersion }} + {{- else }} + {{- fail "\n\n ERROR: You must have at least networking.k8s.io/v1beta1 to use ingressClass" }} + {{- end }} +kind: IngressClass +metadata: + annotations: + ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} + name: {{ .Release.Name }} +spec: + controller: traefik.io/ingress-controller +{{- end }} +{{- end }} diff --git a/stable/traefik/12.0.18/templates/_ingressroute.tpl b/stable/traefik/12.0.18/templates/_ingressroute.tpl new file mode 100644 index 00000000000..7f012c92350 --- /dev/null +++ b/stable/traefik/12.0.18/templates/_ingressroute.tpl @@ -0,0 +1,25 @@ +{{/* Define the ingressRoute */}} +{{- define "traefik.ingressRoute" -}} +{{ if .Values.ingressRoute.dashboard.enabled }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: {{ include "tc.common.names.fullname" . }}-dashboard + annotations: + {{- with .Values.ingressRoute.dashboard.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} +spec: + entryPoints: + - main + routes: + - match: PathPrefix(`/dashboard`) || PathPrefix(`/api`) + kind: Rule + services: + - name: api@internal + kind: TraefikService +{{ end }} +{{- end -}} diff --git a/stable/traefik/12.0.18/templates/_portalhook.tpl b/stable/traefik/12.0.18/templates/_portalhook.tpl new file mode 100644 index 00000000000..e3586c5d4e9 --- /dev/null +++ b/stable/traefik/12.0.18/templates/_portalhook.tpl @@ -0,0 +1,26 @@ +{{/* Define the portalHook */}} +{{- define "traefik.portalhook" -}} +{{- if .Values.portalhook.enabled }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: portalhook + namespace: {{ $namespace }} +data: + {{- $ports := dict }} + {{- range $.Values.service }} + {{- range $name, $value := .ports }} + {{- $_ := set $ports $name $value }} + {{- end }} + {{- end }} + {{- range $name, $value := $ports }} + {{ $name }}: {{ $value.port | quote }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/stable/traefik/12.0.18/templates/_tlsoptions.tpl b/stable/traefik/12.0.18/templates/_tlsoptions.tpl new file mode 100644 index 00000000000..3e5aad3bee9 --- /dev/null +++ b/stable/traefik/12.0.18/templates/_tlsoptions.tpl @@ -0,0 +1,12 @@ +{{/* Define the tlsOptions */}} +{{- define "traefik.tlsOptions" -}} +{{- range $name, $config := .Values.tlsOptions }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: TLSOption +metadata: + name: {{ $name }} +spec: + {{- toYaml $config | nindent 2 }} +{{- end }} +{{- end -}} diff --git a/stable/traefik/12.0.18/templates/common.yaml b/stable/traefik/12.0.18/templates/common.yaml new file mode 100644 index 00000000000..d078b251c20 --- /dev/null +++ b/stable/traefik/12.0.18/templates/common.yaml @@ -0,0 +1,24 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.common.loader.init" . }} + +{{- if .Values.metrics }} +{{- if .Values.metrics.prometheus }} +{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}} +{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}} +{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "9180" -}} +{{- end }} +{{- end }} + +{{- $newArgs := (include "traefik.args" . | fromYaml) }} +{{- $_ := set .Values "newArgs" $newArgs -}} +{{- $mergedargs := concat .Values.args .Values.newArgs.args }} +{{- $_ := set .Values "args" $mergedargs -}} + +{{- include "traefik.portalhook" . }} +{{- include "traefik.tlsOptions" . }} +{{- include "traefik.ingressRoute" . }} +{{- include "traefik.ingressClass" . }} + + +{{/* Render the templates */}} +{{ include "tc.common.loader.apply" . }} diff --git a/stable/traefik/12.0.18/templates/middlewares/basic-middleware.yaml b/stable/traefik/12.0.18/templates/middlewares/basic-middleware.yaml new file mode 100644 index 00000000000..144f94e7333 --- /dev/null +++ b/stable/traefik/12.0.18/templates/middlewares/basic-middleware.yaml @@ -0,0 +1,65 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: compress + namespace: {{ $namespace }} +spec: + compress: {} +--- +# Here, an average of 300 requests per second is allowed. +# In addition, a burst of 200 requests is allowed. +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: basic-ratelimit + namespace: {{ $namespace }} +spec: + rateLimit: + average: 600 + burst: 400 +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: basic-secure-headers + namespace: {{ $namespace }} +spec: + headers: + accessControlAllowMethods: + - GET + - OPTIONS + - HEAD + - PUT + accessControlMaxAge: 100 + sslRedirect: true + stsSeconds: 63072000 + # stsIncludeSubdomains: false + # stsPreload: false + forceSTSHeader: true + contentTypeNosniff: true + browserXssFilter: true + sslForceHost: true + referrerPolicy: same-origin + customRequestHeaders: + X-Forwarded-Proto: "https" + customResponseHeaders: + X-Robots-Tag: 'none' + server: '' +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: chain-basic + namespace: {{ $namespace }} +spec: + chain: + middlewares: + - name: basic-ratelimit + - name: basic-secure-headers + - name: compress diff --git a/stable/traefik/12.0.18/templates/middlewares/basicauth.yaml b/stable/traefik/12.0.18/templates/middlewares/basicauth.yaml new file mode 100644 index 00000000000..ccb541742f0 --- /dev/null +++ b/stable/traefik/12.0.18/templates/middlewares/basicauth.yaml @@ -0,0 +1,34 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{ range $index, $middlewareData := .Values.middlewares.basicAuth }} +--- +{{- $users := list }} +{{ range $index, $userdata := $middlewareData.users }} + {{ $users = append $users ( htpasswd $userdata.username $userdata.password ) }} +{{ end }} + +apiVersion: v1 +kind: Secret +metadata: + name: {{printf "%v-%v" $middlewareData.name "secret" }} + namespace: {{ $namespace }} +type: Opaque +stringData: + users: | + {{- range $index, $user := $users }} + {{ printf "%s" $user }} + {{- end }} +--- +# Declaring the user list +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + basicAuth: + secret: {{printf "%v-%v" $middlewareData.name "secret" }} +{{ end }} diff --git a/stable/traefik/12.0.18/templates/middlewares/chain.yaml b/stable/traefik/12.0.18/templates/middlewares/chain.yaml new file mode 100644 index 00000000000..f87994f7956 --- /dev/null +++ b/stable/traefik/12.0.18/templates/middlewares/chain.yaml @@ -0,0 +1,21 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{ range $index, $middlewareData := .Values.middlewares.chain }} + +--- +# Declaring the user list +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + chain: + middlewares: + {{ range $index, $middleware := .middlewares }} + - name: {{ printf "%v-%v@%v" $namespace $middleware "kubernetescrd" }} + {{ end }} +{{ end }} diff --git a/stable/traefik/12.0.18/templates/middlewares/forwardauth.yaml b/stable/traefik/12.0.18/templates/middlewares/forwardauth.yaml new file mode 100644 index 00000000000..7a3e32fdbf7 --- /dev/null +++ b/stable/traefik/12.0.18/templates/middlewares/forwardauth.yaml @@ -0,0 +1,30 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{ range $index, $middlewareData := .Values.middlewares.forwardAuth }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + forwardAuth: + address: {{ $middlewareData.address }} + {{- with $middlewareData.authResponseHeaders }} + authResponseHeaders: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $middlewareData.authRequestHeaders }} + authRequestHeaders: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if $middlewareData.authResponseHeadersRegex }} + authResponseHeadersRegex: {{ $middlewareData.authResponseHeadersRegex }} + {{- end }} + {{- if $middlewareData.trustForwardHeader }} + trustForwardHeader: true + {{- end }} +{{ end }} diff --git a/stable/traefik/12.0.18/templates/middlewares/ipwhitelist.yaml b/stable/traefik/12.0.18/templates/middlewares/ipwhitelist.yaml new file mode 100644 index 00000000000..1179245017e --- /dev/null +++ b/stable/traefik/12.0.18/templates/middlewares/ipwhitelist.yaml @@ -0,0 +1,33 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{ range $index, $middlewareData := .Values.middlewares.ipWhiteList }} + +--- +# Declaring the user list +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + ipWhiteList: + sourceRange: + {{- range $middlewareData.sourceRange }} + - {{ . }} + {{- end }} + {{- if $middlewareData.ipStrategy }} + ipStrategy: + {{- if $middlewareData.ipStrategy.depth }} + depth: {{ $middlewareData.ipStrategy.depth }} + {{- end }} + {{- if $middlewareData.ipStrategy.excludedIPs }} + excludedIPs: + {{- range $middlewareData.ipStrategy.excludedIPs }} + - {{ . }} + {{- end }} + {{- end }} + {{- end }} +{{ end }} diff --git a/stable/traefik/12.0.18/templates/middlewares/ratelimit.yaml b/stable/traefik/12.0.18/templates/middlewares/ratelimit.yaml new file mode 100644 index 00000000000..144b9d8bf38 --- /dev/null +++ b/stable/traefik/12.0.18/templates/middlewares/ratelimit.yaml @@ -0,0 +1,19 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{ range $index, $middlewareData := .Values.middlewares.rateLimit }} + +--- +# Declaring the user list +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + rateLimit: + average: {{ $middlewareData.average }} + burst: {{ $middlewareData.burst }} +{{ end }} diff --git a/stable/traefik/12.0.18/templates/middlewares/redirectScheme.yaml b/stable/traefik/12.0.18/templates/middlewares/redirectScheme.yaml new file mode 100644 index 00000000000..f2413f84e19 --- /dev/null +++ b/stable/traefik/12.0.18/templates/middlewares/redirectScheme.yaml @@ -0,0 +1,19 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{ range $index, $middlewareData := .Values.middlewares.redirectScheme }} + +--- +# Declaring the user list +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + redirectScheme: + scheme: {{ $middlewareData.scheme }} + permanent: {{ $middlewareData.permanent }} +{{ end }} diff --git a/stable/traefik/12.0.18/templates/middlewares/redirectregex.yaml b/stable/traefik/12.0.18/templates/middlewares/redirectregex.yaml new file mode 100644 index 00000000000..46e3e724dd6 --- /dev/null +++ b/stable/traefik/12.0.18/templates/middlewares/redirectregex.yaml @@ -0,0 +1,20 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +{{ range $index, $middlewareData := .Values.middlewares.redirectRegex }} + +--- +# Declaring the user list +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + redirectRegex: + regex: {{ $middlewareData.regex | quote }} + replacement: {{ $middlewareData.replacement | quote }} + permanent: {{ $middlewareData.permanent }} +{{ end }} diff --git a/stable/traefik/12.0.18/templates/middlewares/stripPrefixRegex.yaml b/stable/traefik/12.0.18/templates/middlewares/stripPrefixRegex.yaml new file mode 100644 index 00000000000..007c166ff39 --- /dev/null +++ b/stable/traefik/12.0.18/templates/middlewares/stripPrefixRegex.yaml @@ -0,0 +1,20 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} + +{{ range $index, $middlewareData := .Values.middlewares.stripPrefixRegex }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $middlewareData.name }} + namespace: {{ $namespace }} +spec: + stripPrefixRegex: + regex: + {{- range $middlewareData.regex }} + - {{ . | quote }} + {{- end }} +{{ end }} diff --git a/stable/traefik/12.0.18/templates/middlewares/tc-chains.yaml b/stable/traefik/12.0.18/templates/middlewares/tc-chains.yaml new file mode 100644 index 00000000000..409766daa89 --- /dev/null +++ b/stable/traefik/12.0.18/templates/middlewares/tc-chains.yaml @@ -0,0 +1,29 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: tc-opencors-chain + namespace: {{ $namespace }} +spec: + chain: + middlewares: + - name: basic-ratelimit + - name: tc-opencors-headers + - name: compress +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: tc-closedcors-chain + namespace: {{ $namespace }} +spec: + chain: + middlewares: + - name: basic-ratelimit + - name: tc-closedcors-headers + - name: compress diff --git a/stable/traefik/12.0.18/templates/middlewares/tc-headers.yaml b/stable/traefik/12.0.18/templates/middlewares/tc-headers.yaml new file mode 100644 index 00000000000..330fbe4467a --- /dev/null +++ b/stable/traefik/12.0.18/templates/middlewares/tc-headers.yaml @@ -0,0 +1,64 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: tc-opencors-headers + namespace: {{ $namespace }} +spec: + headers: + accessControlAllowHeaders: + - '*' + accessControlAllowMethods: + - GET + - OPTIONS + - HEAD + - PUT + - POST + accessControlAllowOriginList: + - '*' + accessControlMaxAge: 100 + browserXssFilter: true + contentTypeNosniff: true + customRequestHeaders: + X-Forwarded-Proto: https + customResponseHeaders: + X-Robots-Tag: none + server: "" + forceSTSHeader: true + referrerPolicy: same-origin + sslForceHost: true + sslRedirect: true + stsSeconds: 63072000 +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: tc-closedcors-headers + namespace: {{ $namespace }} +spec: + headers: + accessControlAllowMethods: + - GET + - OPTIONS + - HEAD + - PUT + accessControlMaxAge: 100 + sslRedirect: true + stsSeconds: 63072000 + # stsIncludeSubdomains: false + # stsPreload: false + forceSTSHeader: true + contentTypeNosniff: true + browserXssFilter: true + sslForceHost: true + referrerPolicy: same-origin + customRequestHeaders: + X-Forwarded-Proto: "https" + customResponseHeaders: + X-Robots-Tag: 'none' + server: '' diff --git a/stable/traefik/12.0.18/templates/middlewares/tc-nextcloud.yaml b/stable/traefik/12.0.18/templates/middlewares/tc-nextcloud.yaml new file mode 100644 index 00000000000..6a3019d56c5 --- /dev/null +++ b/stable/traefik/12.0.18/templates/middlewares/tc-nextcloud.yaml @@ -0,0 +1,25 @@ +{{- $values := .Values }} +{{- $namespace := ( printf "ix-%s" .Release.Name ) }} +{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }} +{{- $namespace = "default" }} +{{- end }} +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: tc-nextcloud-redirectregex-dav + namespace: {{ $namespace }} +spec: + redirectRegex: + regex: "https://(.*)/.well-known/(card|cal)dav" + replacement: "https://${1}/remote.php/dav/" +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: tc-nextcloud-chain + namespace: {{ $namespace }} +spec: + chain: + middlewares: + - name: tc-nextcloud-redirectregex-dav diff --git a/stable/traefik/12.0.18/values.yaml b/stable/traefik/12.0.18/values.yaml new file mode 100644 index 00000000000..e69de29bb2d