From cdc861de0de11051f0a4cf0e0772ad14caa06b46 Mon Sep 17 00:00:00 2001 From: TrueCharts-Bot Date: Sat, 7 May 2022 11:18:12 +0000 Subject: [PATCH] Commit new App releases for TrueCharts Signed-off-by: TrueCharts-Bot --- incubator/kopia/0.0.1/CHANGELOG.md | 10 + incubator/kopia/0.0.1/Chart.lock | 6 + incubator/kopia/0.0.1/Chart.yaml | 27 + incubator/kopia/0.0.1/README.md | 39 + incubator/kopia/0.0.1/app-readme.md | 3 + incubator/kopia/0.0.1/charts/common-9.3.3.tgz | Bin 0 -> 44145 bytes incubator/kopia/0.0.1/ix_values.yaml | 31 + incubator/kopia/0.0.1/questions.yaml | 2923 +++++++++++++++++ incubator/kopia/0.0.1/security.md | 111 + incubator/kopia/0.0.1/templates/common.yaml | 1 + incubator/kopia/0.0.1/values.yaml | 0 incubator/kopia/item.yaml | 4 + 12 files changed, 3155 insertions(+) create mode 100644 incubator/kopia/0.0.1/CHANGELOG.md create mode 100644 incubator/kopia/0.0.1/Chart.lock create mode 100644 incubator/kopia/0.0.1/Chart.yaml create mode 100644 incubator/kopia/0.0.1/README.md create mode 100644 incubator/kopia/0.0.1/app-readme.md create mode 100644 incubator/kopia/0.0.1/charts/common-9.3.3.tgz create mode 100644 incubator/kopia/0.0.1/ix_values.yaml create mode 100644 incubator/kopia/0.0.1/questions.yaml create mode 100644 incubator/kopia/0.0.1/security.md create mode 100644 incubator/kopia/0.0.1/templates/common.yaml create mode 100644 incubator/kopia/0.0.1/values.yaml create mode 100644 incubator/kopia/item.yaml diff --git a/incubator/kopia/0.0.1/CHANGELOG.md b/incubator/kopia/0.0.1/CHANGELOG.md new file mode 100644 index 00000000000..34094bfc5ce --- /dev/null +++ b/incubator/kopia/0.0.1/CHANGELOG.md @@ -0,0 +1,10 @@ +# Changelog
+ + + +### kopia-0.0.1 (2022-05-07) + +#### Feat + +* add kopia ([#2630](https://github.com/truecharts/apps/issues/2630)) + diff --git a/incubator/kopia/0.0.1/Chart.lock b/incubator/kopia/0.0.1/Chart.lock new file mode 100644 index 00000000000..ef43b8d6745 --- /dev/null +++ b/incubator/kopia/0.0.1/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://library-charts.truecharts.org + version: 9.3.3 +digest: sha256:0f7a670206ca5a9b0ec735ec385b07d2b569b008088ea7fb0c727e43d4c889c9 +generated: "2022-05-07T11:10:30.502448724Z" diff --git a/incubator/kopia/0.0.1/Chart.yaml b/incubator/kopia/0.0.1/Chart.yaml new file mode 100644 index 00000000000..63226ed282b --- /dev/null +++ b/incubator/kopia/0.0.1/Chart.yaml @@ -0,0 +1,27 @@ +apiVersion: v2 +appVersion: "0.10.7" +dependencies: +- name: common + repository: https://library-charts.truecharts.org + version: 9.3.3 +description: Kopia is a simple, cross-platform tool for managing encrypted backups in the cloud. It provides fast, incremental backups, secure, client-side end-to-end encryption, compression and data deduplication. +home: https://github.com/truecharts/apps/tree/master/charts/stable/kopia +icon: https://truecharts.org/_static/img/appicons/kopia.png +keywords: +- backup +kubeVersion: '>=1.16.0-0' +maintainers: +- email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: kopia +sources: +- https://kopia.io/docs/installation/#docker-images +- https://hub.docker.com/r/kopia/kopia +- https://github.com/kopia/kopia +version: 0.0.1 +annotations: + truecharts.org/catagories: | + - utility + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/incubator/kopia/0.0.1/README.md b/incubator/kopia/0.0.1/README.md new file mode 100644 index 00000000000..1f761469c31 --- /dev/null +++ b/incubator/kopia/0.0.1/README.md @@ -0,0 +1,39 @@ +# Introduction + +Kopia is a simple, cross-platform tool for managing encrypted backups in the cloud. It provides fast, incremental backups, secure, client-side end-to-end encryption, compression and data deduplication. + +TrueCharts are designed to be installed as TrueNAS SCALE app only. We can not guarantee this charts works as a stand-alone helm installation. +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/apps/issues/new/choose)** + +## Source Code + +* +* +* + +## Requirements + +Kubernetes: `>=1.16.0-0` + +## Dependencies + +| Repository | Name | Version | +|------------|------|---------| +| https://library-charts.truecharts.org | common | 9.3.3 | + +## Installing the Chart + +To install this App on TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/02-Installing-an-App/). + +## Upgrading, Rolling Back and Uninstalling the Chart + +To upgrade, rollback or delete this App from TrueNAS SCALE check our [Quick-Start Guide](https://truecharts.org/manual/Quick-Start%20Guides/04-Upgrade-rollback-delete-an-App/). + +## Support + +- Please check our [quick-start guides](https://truecharts.org/manual/Quick-Start%20Guides/01-Adding-TrueCharts/) first. +- See the [Wiki](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/apps/issues/new/choose) +--- +All Rights Reserved - The TrueCharts Project diff --git a/incubator/kopia/0.0.1/app-readme.md b/incubator/kopia/0.0.1/app-readme.md new file mode 100644 index 00000000000..d46614b1464 --- /dev/null +++ b/incubator/kopia/0.0.1/app-readme.md @@ -0,0 +1,3 @@ +Kopia is a simple, cross-platform tool for managing encrypted backups in the cloud. It provides fast, incremental backups, secure, client-side end-to-end encryption, compression and data deduplication. + +This App is supplied by TrueCharts, for more information please visit https://truecharts.org diff --git a/incubator/kopia/0.0.1/charts/common-9.3.3.tgz b/incubator/kopia/0.0.1/charts/common-9.3.3.tgz new file mode 100644 index 0000000000000000000000000000000000000000..7f7bb8781e09992e18539b2e4048c7551636b07f GIT binary patch literal 44145 zcmV)qK$^cFiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcciT9UC_aDdQ{XC@+jd{;X<4$hoBgfZNq75n;`qc)dUt2% zI1mX*7*ix0faGZ0`R>1iCjkh^AwqEykHMXbk3zrF7is%rKiTC+#3vbQoEpK$PjgG^HIz5b7)-Wr%dtd&!Co9PoxT2)Kd_ z655uamK2d7i5ZHSfV%9AhJ$W*ba2qPM(dk|gmm0!fvmAcOJmv+FB&bNnz>$1km>3- z|M9BV?hV`BR`;960^*oK93vutp#{Xz7~puC{AUKZosd}rfEe=rS_A-KNumt>Tm@NN zVZhcY8f)|#D~-!hd%wNkc&hPN^M3`SC8Ccc04nEyuh;X;|Iz-z^Zb8`=LKlB!21-% zpU%$!O;LcSH~>KsPw{L?AfM}v7vMibG=t2`0D=gkm;uZSHUJRuvKgQs6dX}(rf++7$LqPi(6ZFFpl5kt9-(Z4f zyka@sGuSmrZeZ4cW)phVYj@lIZok((>J1FNM-UCBhuz-c{^7wP3Wxinqsef3I2{eA zhiE#O_9lbTVAAjRCx_jG5$YcGCa^mhpo8hKe{^(I2Zyaloswk1Ada@Bw60f9Xal(> zopt%mupBD)+XwBgChw?^rokv24SV4s+#kRR91i;j`=f5y>-I)nv>)_BG@VW-Xw-xK zaL^0jQGaw0pnm_T+duLSajxyHs2d|j=Sjl0rLL}5PF(}JCUtfB&9KUaMRzb59u6j9 zI5<3n;Q{RRkI=y=Jn9`FbTAC|Vc4Gx4!XnsV9*-`lY`MH-0vUt4|*dQ3=YCUjke3F zdmP=sHC1#Ck`PfuR)}m%*{o(cZF!lN0$-E7R+U;19Tpz6_cIpm_a+mFdSQ1koP=Q* z1cwJbcmUzi!657f!BIF0k4A^RK|eg`!NFv5H0lRvf7I>v_XqpaZcwlJt+*IQDUQ*$ zl$N#1seCM<)+Dfmwh4|y*8O(xpxrlgJwoCB;IIq32o3h9BRCx%_NFL22nW-k-#a+y z4dGX=7>$C_XgD}J8tjLI0oPysX)v7*jwXHB zI~W`sb&t^DXatW2K@fzn*XtdO`sm5Ft23 z!l58d5;VnMKr$7-rpqYei)Xduey>V9Pu141;#F&5(l3;??(rWYs2Z{Li; z6h;&^8bJ~>l0*?A1}=)>BtlBT=&$VtP#?mv@HOPI$ch5K$Zw19pJ0STkO)T#1(0wA z(b` z{>oLghBj9>g@kE=0y+H&h5<1nC;2IJm~~3_uX#=@gO7 z(GlW+?E$<<6T)E3jLa6|6#VegMQM3RnZZAzDL`BIIviTT%)A^=QkGD2YDBF`f z^93%_2#q<>BrphqC1uG1oSuuiyzChCj{5E1@UT4`wufGjaG9_LWH^9Pv<5TC=7>v8 z9CQ1aivEdu>cx3N*cc3lLyMr*YB5d1Mw*1j9@Xbj5?&S2cwseGrv;%Aya>7~M%8@l zYOnfe`4yJ~)k5VpVu&noj3~I7BTndS*2w9>s{*o&DY(IG4lXbMTXR#p!Pwf^PIm)G zS%~8dp!n&66mu2)m=OF=4k-fXNeGUYETI965Xo8K{~ls0VEsn}sxmkhVzDp<7$h^q z#+;EdU7@Uk1&%)$fq^0S8^K|e z+wY1CslcTM`~rL0_TX_*yjURkcxAur30`W&mewwatJ+xTj=1pD+ij7`s8WPgh2n>$ zAiuAZgnx1>aJfR4lYgLqQO(Fj9NJ3J1ko~7!wDzJ%FLGh3sq)BKDL2c6;!f>lV?wM~!-(l&UXsu5Hwd=DV?uX@pvzq!>aDqe~uFrT|#=tx@z5e~30 zTjU#Qi`A^6nzrn>k5n#SK!^znShNO^F&NC18skz>S%5fZh)iK1M({jBkn({8@CFhz z2A3ShWSv4v5e3(WRI?4`W+Ngoj7~KGYOPkey<|R&K@-Jvzo{0jIE9O``dfJjn&CW1 znlSB`n}md_yYHZ|j#ii?u~^C)%e)OPm1fJV zrx)O29W(ev`@ZGL#?e!RZb9)QgACTbG_8HfdU%!6ScmYmKk%k%) z6tBJ~$-?{wpxtgaP`pwS?gjXyk&^vaB;|^GN|J?9!F-m>B?7PXvmg~95(RA)j6sMN z$)0rO$-*1~2@~AlC;}5C3$?9G{=^%3M6_K%eX71d$jqMB6y&gh@a<4AN`b!7qs6Cj_%K2qH-3LOpXSFs@1kcTc2SnFezdF1c~9>z(jwXQB!40?;*OXwl+* zX$1s}g`!?9NEe2h^v)X8Koz()%ufRr-dyv+ZG|wNA(AXDH zQh=#tbFL?>ipzS(dyh2(qx>ogEKL71+1Wo_`_niu% z5hQVdQbs$vUP~EsIG*v3F&8G59HA{$u=7GH9vshFY>xEn-G1+20qvI-p~L>%49PDI0eoUfw-v_24@Dv5>AVOswGX<#2w*OFZ(?wbgn@iHM|l|hlk97#eS0$gk%Wk}!H+1i3_K8I^PQ8^MzW+QmLD{z z-63D4s(w{rnZfendQOrFDs1|8}1c{X^xZ!3MU%BOW95O`RJ~uB< z&YO*F;d^;e zdIw#;D&%zq8*wbbG6fUqXvIv-3hJLx z9f?g07PQ;#T}wENT_LU^7Bb)w#-OLc>{%{evG0_`(K`DqYC&?1LcZQrC`i!iM*(Xm zR!aJum(wZ!BEf6jCWj7FhY)T6vs4_F&i zN;GUTDR{MvKvs{fGX*$RTmEgEi{e>?E*K21_rSRjwXc^jQZGKp&X_j>E>6FP3mmPr zm(>E%aP2dkf+;VGh2Vg8NR;ppWoVq9uLgVkzeBqTEH(b*pGETHGQWZblwgcm`KqN};JpWMxL z)Pd-=3;>uTVC`6mFKu^pKWCsn^AS_Wtx%{IH`Xv14TocMR6=@ytrZWBDMK&>$<%6x zm;RiJCd6p8`3S3U4o;y^O+6h9Lgmoe%2X_}GTbw)^Zei(|5aK|MKNfj%GQEnl(hD9 zG%B?zb>IC%vsK6;iw$(%!EB~!OveSYPz6VE;l0@^6u$a$2_`>Vf=dCR78;(fgUJ3QoDXszb@@o2!}xjyN^ZdX=(N$Hm{%UNxb3ep#wpd31Z#5Vy); zJzlaT!tu3DI~k8>3q{V{dtj2Vc@`Q*IRXL;=ulo6c1xDL#qo8K_Garp(FdDgY(m7q z0*7IA0|~N6@O%6Ph41(mBt8`=BW6=Fm9=FVE!7x-Xo|1xFV}}u1}mg6Ksp4QBW%t} zD9AFhS!_vWhH6Fu8z!d`OjE>H#2h~Vt(wl-GO=t~P5Du^mmP~SBk63}8(g!QxTB*9 zb{%v$j>(b%5eB8=Ll(Mq6o;)PReE@ur>&A1DVgs0fv-BU)eRg%h;{ zsze^NBe}k@0Gc4VrWhzS1TS9Xbn!f)EYribP7`0UNh(qQF`?ollt9YerPmr-#7tWj zmpnoyG<-|NX11dwfKg^8<&jDun`cOI0Ga*EKV>VP46}2{=50_9C18C29p|0&!3tdw za(kJZlvdI?@E@;0uiYE8x&=rw+WlM{fOkGxZm>d2T1`6cFRAH_b24KE-b@aPj8?1- zS(xPYAX^KjoB? zR_?f;Th+;T05%;JbnE&o1p&Ym10iG(=!~B^d29|o@Or$UV{S~7WDF*dRB_t9xvb_G zsyMWg5Uva#vq`CfxC^*CyZ&OUlC~>1|I<~VMNAE@u$$vOFJq1ewKT;EUzcOfKbyK?<4v-66BWbL^Wwr9tj9n%P%e>&MyfBtyB$2npTphe2ouQAzE3U4o) za(hBqiIf1G;Y6f?wI7qN>}Az7A%V%_kct!`ye}5%f5uTHOdqjsiq|Hu4^eIaxt!y0 z&ddQ_1OI2?sbGmzRx)lPiIxkbS8VQVn86`aU!UG72)wY&F11XPDGIeIm0Uy11ftZJ5{W|jD^P- zgaBq1_$CUf>rR0x|IJ~^%-BL7DL-O33s zVRSMKTM|R6kL$EJ7F4?6q3PNfd_XY#nP7(AbAvVO{^cA2D5YUCH8|>Ca7}|~wq;RD z8;bvl#^C7a=m%_oOIJc7mM)Sbxm1A7j5U@o$rC{g7@w?Up2G@L?%mJKTJ!2G56SXIYSOexG&FfOL zx1^Mi_%3FZY}gewV)N?){}aiN--*^gNs4_2Qv?~GCNq^|L(yYTNT>kDT3KdWg7}|u z{w)MJpn9W*AmcHW-U_?`J;`Z*2-a9Z5+yTwN8VUL(&5#gx#NksLkc~#NE2~2g`!R6 zNb}Nn9A>sie}@CCM)%J*xKB6r$ub_7t$b@teX@+7`Jz5wG_1`4VN?pDqzRU0u{e#I z`6@Zioh2om368-ui9$qV{E6J14U^y+krrQ!CMwb0eOP9$aH?jR7vS>!>-RvV$P{a? zM0imCOGLa+qC^m)fE$P2T2j)Q;5@?_85AdComr4ddW~)`m2oha@$AZv!OIkvnQgNl zqj*+PvvSd`to@oxZgaeWGwWyF)aU$cX?FN0-G1{fobYGig5Q<{e#_B!M*fXT`I1Zl z%-m25m0Ig5Mp2ALh*ldEzylILL@R4?s{;#!b0bA$fhiRZJ$Vi)m?t-}%ttg|BvK_% z#LlyV1#i)ljb{_Q0G-A9wcVc!I}wYndbv)8%aj5Lf;kGV^-&*2*2)#<;;OOY17+=1 zhe;q(wJK+LLbUhOrLoB!R_2fs35XBcn6#vRI?>CHm`v8c1tJapx?DV$*s4=x}|eHmGG6`u&%>ex~#j2SitrsuKh%jYVs`v>E zu9s<{73;OxieqzhA^+Z@{r(SF{&My?gE@j}OTBA}@LomrGtL)s7mgD=NMgze#3Hfz zR!U5!WyJBUg;p{ErvoX)vsk29ijxp^Uc}-KJb7?+x50m1ILBBmzM}w6#mS+yg_BGf zy>-&QI;iQ^S}+bIF@+4%smPd^ z`!3>OvSIsoDXIS>mqv_1=^%>K={EWRVUTFcH*M#=n{`sBMbKN<6m;ZOIkY4h zV7p;5DU2K71^5|(C0&ZELI?_y#RA2l2spA*(qvhLR84v0A^{PCE9I;cxk)(72RK<$ z4mp@7*oqP4I;1T#n!t!A0LNSxh|^?qF7T<0BBX#UW4?s8Qi7`N!VzXHLL9U~WDn3~ zFz1cG!!hQ=+tz_0VPaxKbU&{$-1g46@pn#$kA~51pqs14&Isu~$cQLv1LJ`EH0-Y+O zEMXX$4Ca+Bo7m1z=Vz+@X=T~=^_}=FeTTgwN9TpPu(`ELW4~j_$~@ixV3pd(5N%tT_fya0dG z@>%=O(il)2q5xXg`&eEru_AEXS!yN5dnGRro676POoXApSS|NfjuXOMmi0SE*a<=g z;DsH9jN(=1A}QY21PYh{jmf;*MdtJ(1A1|@er+QGhVT1sVM_sPgY8JPe3(;61i zb#z8{k9aY8AX&z7krJ8A!r8@R9xsk7@nF2JNT6=RH*U|z5EJ%=>vxeBR{cj68V>EO zM%5jO!v4$dG1ML@zGB0i^|ZgKCA=c?Vu}zGd3@dq7mX5?uY)BZC9)A`Ff^b*YnY}w*|nS&`UtiNM1XU18!;waC>ox!{BZ)d!s|6AG9jdG6v=ZU z(OShbD2V~V513gud~(6gtqu`QFYe7Fcm){(7Z*Qrxv|lFnqlUcP9NZnsH@><7(g9& z5vy}!@Q5nkL5hZh7K%9q!+hb z>d{7D?)a@O4zt7)+2M)2f@p8l$ZoPTA#f~iHwO)JiKMiVYNv843h%7Y81(x4{hsyK zhY@h{1L=IK3fnC2jn$4-;Khqa$$%pO6Eq!HUAuFK3^+~$_Kz$h4%i>|x+BR4R(h8L zAH*gd$rg-|dDhF)CxC4dDCEv$=1$)Obvu|Gx^~rBdd~@YUfXxtT?o`|54)Ehch~2* zx3kGok}Md+k!6r&Hd&O+q}zwiaSC)|ktn&wTNrB9_L6SD%33lw)-{zteM`x}_L@m| zw2BPSJK030_S0EJ7KMHGP-doB$3`WCef;p2_xf#ejl~Df9B#11rO78DcxPtLj7keY z)pB90UPOsL5@^yzC?khg=zQDe1-$EZ)p6@0n(lVRyzDGOmAqiLwIg!aXS^2i{Fx@5Rje;+%N2}9}}_QwxzFVyA2mPX)1@cKK>yh{>U8*U#^ zi0Ss-BD`9?9*Lq)+o=WT>u|Dtw^YS?9aDv$xNAu~OYYP)S+Qot+5GPeJ>WG$pJn z{o887s)DlU%XtdLVg2zdeP_3UD!0`2z3@%Yc5BKNZT-q$zcyN}Rs*J3t#HP`!mhLG zPY{E>#x;(^F({c)jRj&*Mgr;J$=lnk69PT8lrxCtF_YgpM!$j>bLq#xfLGPmcZjAg zMeo$jumCt%rz!2MdTLXPV|#mB(*Gb z2epT;?RWJvTTQF`b9i-?KsgcMtkqSO510z0tG&f09S&e|671BWrou zGIL!zo&|YJDL7U8ECdNJ0AI2Se?TO6Y0W*G6UfbCj z6W436K8!=#)K`i1zwOvILr#B*Yoe9H^1vl%q4pHC8B+<3uU{{0h<{|!Qk?(hV8nw- zferJ&*YEA;=KsO|aQHm`pW+eo|AUyxxy+DeGU)VmI@m;AR$MlL4gZu)V|mwtl_C>b zZ8$TJz<7qhOI~3Qyv$DQj9(ceA$#c>H(BYzQbC#grhtURfm%(pzJ6_((w%Q*vN3BD z&d#J($Zjdmp9lhF4XRy{e7kK2Qih|#@`~fd8!zD7v@13xm7G2rnbh#Y1I_nhfF-yl z*a>mK_$Zp;%Qv~3BVk@JimfPnOq$?jrCny3Wq&}?`KNe_^55jSd@A|h?+^3#-@%}J z@GSqI;;HoiaG~aUfP|w`Fvx{DQ|Iyes4b*z+&+fwnqKFMa#Khbg~7n@LaF7xxrc8> zR}kUFmLk$8$5dihM^>`rzu_V(hh=1=z5icgfLcY``W%lJ%_=1Al)Dxl<#<|HYUdI` zGUMfsn6iYdRc0S+32(LMD=Pt;`vnCO3&?``TWe^l2B)p-zV(dNP=eQdt-xCh13-b? zWzG3W-sWU*n>=&}-JyM&gvUjiSI|8N%yQtkyn7E49p=%HmLI3X$MhAKQKkSX3_5V{mchUcbK_1osFktIg0H*M> z3GgQ{0f=w=#;K{cZVVbPDI<`f*_y9s^`gA_0Z9gI`hb`k_TD0lL$DJg3tk3fx9}y2 zA{@^?rlI_75p4=_1a`zknS$n7!TR4~=$Ae4l10`K#HBySNFgRiEAf8&= z$){{+3P{K~?uISuIbN9Y0vJJ*FN(&mK(ko~_hOql?1j*qL;4e1XBC^8gu7Yq^kC$A zrx1FTlUEyiqIXVJeJ60!z`RCl>gmF->acDRxC`K4HAJjv|EbeJ=ShTv^@CV})%IVn zJM0Z|_TO;7+k3YEp5hVyzwZh@zB8K%OzzA%G>5^I1LvcKI)pHz!_i*%W=Tp?n%QOiuELTEhXRWd&PP+}| zWetwIS`3$Z?kq7FQR6)+xH<0UX(e&;>=rtj5O1}%HT4CE zvLbK3q?{pyw=lmP6oa21kpdh;Nlp4{WbCzu#|>+QUNsbtMC|n~*hSKBLeC~d0Y~d& zT|{ko+hcnN*0HrmEvB(56xpTl(Pfl8M8PWNWll*N^es`*DlO!!kM*FH;aZoQ%Ie>P zk18p&6$e#9dT8D$@RDPf$P5Fjn3Z{^)D9Vz+97vRYL5HQ%Ez)vtvU5tU`mojL9_9f z&${hdw>|5&+LGy6w>|5&KeBFnQq|`88Gmb^W6}R-j<-Ek{Qv%NKkxrL7!3N){=cVq zg#YgX1xXx2vbGO_a*?VX`B4HxMDpiC#a3{s%g;I{>1+ne&1L}yePM{iFglGHB2$rn z-r5B&-DWISYl1egW@HyQ2R&7yDNo8?JT2LOwvWe)%<=6k&!O#{1Z5#Q!X28`F%gFz zv6Eq#rJS$Cj1yTWTyN&_T&1zNy2jnS@uIg%<9c}I6YFh3HeIzo(R7V^sO58;ZGoDu zS|2rCV*_g6EpZfPCju8Rt!C@&xLmuOi8G+t3G3=(%B#RV@?1O>EplNV2SKuoS+4BV z7e?qKl;io#U7rM+xu9OlddMMT7c5XgR`R)8iw!!*h$`C4%H5|q>w2grsBY0ITG^%p zraZ7TkBp2ZEkSiRztJujr@+4jtjPohWqesEEK>K>EUUP$c6sCNFO~Eb&#G*}nF#bW zFM||{&^)uce98)I5k{q06*rCCjj%%JpV}Vu*ng|wY4d;d`rT1J|3|;~eE$DQp2GS6 z^DG0rx^Pt7V0YJS0747-g8|c3urUBoM~t0+IV;Zt_M>4P2wlqRPqL`ZOEE;7iD0utZhl8H2x;$({z4J1Q|)C~(Ck_i2d4h{;$ z-6Mmy_c$%0G)g^cGxsD3Sum?c@6m-*-3;aXfn-#qF9QNrY4) zP?+K$NU}^TDBsXYLG5|7bx7P&3Wu@Sa+UBd9N&XLasyD;TXAL&Bgi)7y-s)wpJ5Jap}sS~7pU$l;>?mn-9kv;a2f|L#F|nAiWK-r!mPKgFZ;KLQt? zYx0#6FIUyti{eqnMrKREzm1%hr={Pg@RubjDlp|G;v!1iI{jLqS2gYbY|9tl{1<}u z>CS)l2i?5=f6yI1&;KWR3jQB`gYF&uJ;tqDbpTY~%vJaNr@ju%@&M^quJ=cmEIVJN zK3l#U4d*WT9(CQ4Y>(L)QK#AZXGC>p>YfpGd-q8BADXUKVU1*lvbl9(g7xRbxHZWu1u%E%0yB>nA< z`k5X)pY*%SQ>y==TxdOn8L-Lz9~Jh0hJ(R#{;wx_Ec@SHUvIq*a6<`-zB{)>TSDBh zZg5-#-t~jl&IQ$3SV-)aVG`f}t`(0nA=gO3XXEwt)JnYdzzY!1{LkVP9%v1)Vg3*H z`@OvVKN>xs|9z6@4*CBs6oWi;24E*ZMiqIvGN!tkTILIpPCk8SljHRB2^Kejpw)@r zkqh~uG6+@yen46DJ52)UF3zcF&pjvQb-QTh5o- zV#%N1GciM}fZ3~bUtOE?c==c<6BS&OThFfo+g$Y2@)fWM&?+#Deea(JWC&=}3#gky z-z6b(4$p`~c{{S{tcZ2RUGoEi;m-s!^j<{x?1EpxFU!PE1Daji=71I#0XrAR3#?c| z;4H(rP4PdS_KuE@e!xv%E50yH2~E0(nqUX`Vv_hkHfK>Xfl(8@EJU*YSzPhI$y2cZ zWpI4QIxNw-vd%u-Wks;b{_pp4`5*he{=xJ4pC@^w{jW`bmgrmEa))J-xS_9o(^I$u zaIDe-q0Eb4a{b#3uTZ@C?zh6J8BY{Y`FR}e>+5_Aj?7tyy3Z+{0x3EXw=sOYfM!= zsnYdW%3tpAsS;atK*qIQn0(45qo_bv51}2XtPaCmqqW&gQJmWZO-7ce37U&!8MAZ9 z=1tIS@z>&}-Da?)ELk)`b7kSCFxagkSy-F{+M92Ysd9Fe?PB;h)HcE?Az1b1RWmOW zJOJ*xUsZFrs@Uo>_O`p-Xy}9#bw{Htf#j_>z3oOgWyGvZH(MAD1)=jTc#Rk$3og^e zNi})*v$Ie7f5n;VY`avl(JIh>94n2g-Ao-1Zz~7#oHta5C*_%M`-8yIhNspRS9{>) zJfY0a9ju`9*R*txZ%3{uMCEo0*_?vzuEm{-TV-DiJ(?Vkrs>RX$wpe;xv(+4Z`E9| zlKb9cE|mTKTiZeZs!vV(U)dLT+Ys0k|1%m5^Y(wQ_iX<^$z%5a91{VDD1bS0StR|W zh*WL_R$0V+nyV}C&G!ag2xmgmaTw~ar~G4^pfsVFC1ef0ejQg7WN-$)er-ya=gTOP zNuP4wNViUEiV24{3YG-3HMh6X7m*-|EaPMPks>k%UHwyqO?Mk8UX2@;dO-2&Ev6fk zjxLmUKI_`jg=Bt-MUyPtvfM>ZVI_}6QTMZ~?Kop@oisGYW!*d%`zONfgr{rKR7X~y zCd3*ufZ`Pjd|jiw&WzxNaN^mYWZbP4YuomWqfFaW zj_eGxY#CR#+;@d%z1}Ey|9ihX=5cW|(Eh&2DZH2yo02YXe2P&9~Uy@q65#LPKnA>q$lExyWG)Yf-{50Vj8W;4a*9 z@ahDxILgZjPEeNpyCg(o&_5V*CBV=^>9!WQMr&iQO7~{!Ghv^-dVjR1O#bUsclUPw z)sX+gLBak%=s(B*Kgna{ze%KcU+14mtLSz8>90P=pZ>PN?dKM&?iv&cZD0Kb7nB zvFyLWpjVjxqv!j-pX4$2pULqp$9qekuSxT5C9^J{z`ms5r7qhO0r4G7?|x3Jr5kj7 zwp)2@b-M=jHC#kv@T=U>5es*10nQmquObokca@6W#G~$ESACq3G;lx4FT&Qf&x1^H zgk&c>Y>{@%chRu_^jMy{QF4v7JrqP3#pcGJC5gt)Z9e&<8UcYRQd7Th!lJyr8O_c* z{3DrMnNe!zjy5pJaNxoh_Y8`FvD^WNC<$ORPbf2Q^T%EQZ_L*Yf3B`l$mUm9YOTS4 zhy_E*5rTg)7e+1l|G4Y_e&4hH?>)=^CwYqU|Gw*gTNM=7|3(sf*8lq3hV{Q&tj_x1 zt#Qxw{}zjSOV9lg7xjiE9%@l<)8p|M^&6sY3^KK2Zlt+V0F|9Fz8GX6(0?*j$?cqd&;Y`!T6-#z?#&-UUSpR)PCO5@IzxJ&ZU^FQ{w{cb-0 zV}Eq;JpZ5KDYO67Risa8`ibjEEvs*vYff*?Rg}#nMX|iu^v)NfW*~syKrxNoV1i~# zNbYqHs}01{V564Bu}WiYYj`k`pT5VD%5?p&>h6Aia!-}~SJR+#CE4`R*8jcHAaDQm z51#M;dXlG1{_EpFa_E6p0??$e$StWOOc_X~-lcT|#-XSQJ*SJfB$fW>Dc-!fU?j7D z$)D&$OpmeRS8YGxg5UIZ>-9dpXJQ}SSNhP&e4cg9@9U{0{~tI1!~STPkN@fQ4xZz` zpX4c=|Ge+^uSZH|yT9tAZ}V4u+OYTQl&Z7!>r}X3vWG1KzxA7o|Gv0-_x|;z<0!hg!7P}&t$ly`;myy-Z{OOjHQ%2#ts)=Z zf4qEi)pJVpM*Vhg*zUHwonF7`zvx;LvxF(W$Y8uPd51i`Iz3+vT+C#%x3|LFQdw;K zKDv|)xfv2aL3|htv+6JPcXi7>T@B@xG^T`iCw@cU%3;3(V8==r_HTb(HNEB9U^m~# z2O<8@L;PWm`n|hQznn`G0(N}pX|cPch=}RFTU{=Nl-?vHl$1g7>U)wbWUPX;jXRSvJqaP7*Tpol8I=@c~Ljsp|zov$Bd?^W&b^H{*Ugk*Du6>Kj;5_n&%Pnf8^JW zt;f0@^rbCs>PB|IEQ{>^bbfYq{PFU~vCOERQ!8~uZas1PE0_!iC=PxfVNO-^-}t5P z=>gn0|A)o+-{<(Br+Lc!e?RN7e-IC#5*gKU!`cS%d-pP&?&;q%F1tc_WDXO@*SGr! z9zLtjwa;`t==j&1|M&6$ZS?=-@Bi-i2E%9l|0Ivm|JmfauLsCGdomx8`RwxonU5R% zK)G^tJVCiC+xUVGhKD(CkbHA*e^9nAxp;Ga{NecW{RhWm@Nc$D;q?6S_`A1nF0Q^i zKKbd**=wg{JY~&i_fpZl^oR5>{dD^F?ZwZhmnT0uV=O`jOIe;O3nsR%zu`#-h3?U|DNQjy#E#EZhwW5 z4#Iy2(+9o#RbMiZOCO-b=yVxH`hJkjKIm5dOv5{v>e?A7t5o5R*|vL#A+wRxjreW< zJs0+oeEWO5cqYPa`BlYT|DM1@=W>1p!o8wpSHExDuYD&nG;N%VSAhgk z43QW{r!hlh3IjwR&Hpzj#Q%+Y&+*?+@@ysl-zb&?y4ChrSBIez;F{P6K~ zv-mIaTow_Y+pEQ*c}r&FFK-I9rPx^#F)@KpLN%`sX*-B5~GL4TJ zgTb6HIA0@?{|zUxM~dMuEiTCN*N}^s<~CVo>o}0qFAiuWuT= z{{fKd`QPjHhyDEdkAwZ^_^&5)qJMR7r7MdKVoipX_m zn2~7og274T0K7m$zZHe{R)o1ER98^v$~2rs7~T+$K24Pk)l{fAfqU-V5o0Hu1+w*7 z38>7uiNCb|%6Xv-%5GsPWMn@6g2Hz=3?p;{i4@RHKW_3s{rC9_T8!q5#vEXIX}<(i zXw#9|yhUTh>DL}aUpda*Js>9Xe~P(WD4Qo<0lVh)a)L;V7@`3Qn_$<)DceA)iHdVHx7%cAz0jl`sMAH5`K&3iZsuOQ_t`VS-Egt z7W6Xo{~*pEGXai&~N_nYd+rkg$|2fjn(n?GZEsF}-Q;pPPk#$pdu_^#9AnugT z@|;>gOl5WNbjCJ;+Co1Z%O;1>+2;0X##kGh%9E^Y3U0Tl@%+?&%Kg9TDtL(GKXvYZ@8{ZnPO-tn%Bjmy=oS7a~<5T);u5Sbe##Tvr&+I+XypC1qmerR z(>XD7Kx86A)@q5egoyBRYavJRKb;1Sj*fo7&HReAKqv)D3Z^F50n*uR$&6+;ZD&z3 zfl(8@v>hZC%g6xAj489<4ysl$-#Ot2+afO4|Jn|J?ET;FXw=K=|L6VRr+T*5|9Vg5 zF*Lqnxk{~XuSf5r@$>82t+ai^Uj6=7D&J|psKxECrI7L#3|$3cd26}hMG`|xXj-GA zcKMv`L{;lywh`qYyStUKg^D9fEC8Df_x0oEM0s8*YMq$-UZo%lCdRGFExF^+x1ExN zB|#FoL$M2*KVDv*Ul5*{b~*_kR+|l`JNb)u5+dzq-Pz_zw4@A?)AQyo z*pW%p^v7ML-I?$enSwEOO|koOg@^2qDXUJ^K+;vhTuml4SMc-W4nRIxdqYWzb4lyyXtnrokxd21S%h+~cXd{Z^LAy>!iNUxjL* zGEmbCT7D{{iXToLl9Wmm6NGwBT?RQl-!`_p(Cu_Ni7=g?C5$g_*2iJUrL<;=vab$x zt3gyXj??eq0!M3`f8BTPwwI@PHRV(dtdYrn=Z9|-*@Rt?+i>AZVb9vfa4Zd{zx^&#ehe;8&Ko`#epVvuya(C*KA0DR(?(Vyv$j0+*%79$qa@CfP;3uywJN<n{Dw!qjXC+O_ z&v%qb6?=rr?O4;=+iJ76Y|~|fB~WUVzllQ`XzkHpe#lf3D;b?LJ>klsQYJm=T^bjUXqlc0>Jd z^RM)OoByY2;vcwVERT>Sh;k7kqbfJi%$A$VBSb&E$HkB8*&zQ1qf!3+ z*Qh&u_WwW0|Ie z3WvycgcQraRdURNBEkf@EPu(DHCH%oW_?th8w~cXeyimhuOfW6R(Z(g;(aH3ry9kH52gHmuX~Mw%n!_J$warvam>A=w)emrzr1-k^7ck z3gt?>BrSJZkv{gE*-;{(SWISeuzTd#i8+Ms0H=bz)aqT# zh5SsgzUPD{bDcB}whB#WYs&S-lx!mT8}aTRl{S?68}T)B?(?^~_N)1-q-e8jmF*;| zGl<#aR+OI1jg~1iMoW{{0dqf_@l@rwR1Bx~4(7+!Vv3y9^#FNU5CtWZDK%-k9Fgb) ztm3Z=fLpCrWBcSV5@;@#X`4OULI@X0qDZ+~2#mwyD4oNz#*%GcGj^vScu42?J z>Mf%(HD>=C|CRo4+yu>5t0gq;)|U^wbWWJHZf`;HaGJewv6WhqyYOyo4vVN!J1nB@ zKxq&^A;d0l@Do}~Li`F?a={3WXW9J%j$+{uuhF^+BEc)jP+gF>Pm!Jc`FZSTgZ_Vr z^iLb}zxNJ?h5Nss?|*%oNALd-j8+J6aoU+ewdCatfTuWs3;|44(y}E%Vfp4yPDWb+ zuQha;C+c^Hi_XQ8veyWuCrP@tyk?nJ)A6$s3l8gjDlC3S!Tp5Ra(7?v^k z+daKX38E-wS@eI)UNY(*lAd`v>1>QN++mQy9bBU|NStA)CcLE+es`n zlu<^}O_Y*KYkN{z%Ifri>Yj;D8MnmUrw^Gw32Qa$NM7m%}Y0~JxkDNw*z)e z@N1rYZHsJ{8M3=^-q^jIl4N0S2oPpnWzRPB=%qqQFvr~y&lWk=v@y*&?dN0cYu2@c zkqa1`S*dwWRBzjqEXp)hNKGO>_bPA=gm?!!}KkI>24a<(hLmZ%pSa(rEFD z*N3#d>N!b#^*tJ*$$um`2F*RtyaVhK-)UVMY}x(aKulK6eS*PUj*rpOWIG(k+K$4lnUH>*k zixna#$s!dA|Ngz#?j1Ef-nfkvZM&%)6b2K-pwpyxsVN2i90k{g7?jEO*4vRI%P!i= z?e*5{l9QHix0-?~N}eoz2~wXe%)38T@?V`GxVHyzll<=%{eK68=lnlU^4RvDI8JNN_~g_1PXzx|9Pt(3)%o7iZ4=MQ6{n=dI;cWjHJ9LZFsZ{ciEDxPe?VucFG z{6}YY6h;1&iWTbdDVH_LiRtiwdIfgOSzOO&y=;)5oLG+C(sLu(szj&x z;%Qp!my=~2fZ@LQ6E7~7(<%M}nysea3U8cP4&xM~D3nKzBD}y1h4Q*|Ou^1%Er$5@*#$3) z+>Tg@_AkdVbTab;YQ=Xw`8 z1mCM0J06JF3gC+TRw$C=Io-R>d?$~G>+1P>rR_Or$1)@*&#hYmbKLt@Jgpgfbx6)J z4RWW!6ej*Mg$CS8St585weG^Gd%Dal5#=0|)#}Yepk|`Q;#?jo+mW-kU~@HRWGP{t zZ4i#i&dvD>td3d|NBx~yrUa#th_C;DP0+k*ZZBVSukvDDnXJb_kSt@yMFN)~)jgq3 zowMBRwcNID!M02a=8T@^)q<0t5JI?H1~qn*N)}kxjl~xEM<_P=`s?4eUL9y0UzvE#j#ojAXvc&halhP&R^+nvkW7jR4!G} zd|aE7C;uO4w#9$V`Ijb`{u0KURNgOPoXyfq3beTts5KF6ktomI+)qMi`>)FWr-&`@ zfBW-h|4*-9$p1Lle~$lplE=fcV%V+7@6Na29U?P1527T1ky3#wP(m*qRJKR?O-Wt~ zzU^dz2su92=PTR5YU+5&k{OB-;WIByD4P*Pe~CZ}DZNQZNX7YaghCWn!46T1;t<6F z7AI3Qm^P08A-pM7tr8Ssdanirgj#JaAi*%4+^aPOqh5PSJWKA|o`jKa@7YoG2YjmJ zzfJ)9xc>kCes`45|1unQpZ)(&@(AnpUgF(v_pAyzc&$Z(0_Ch^6~ydDq)>%kR@Pcl zL_Ae?k_BejieJ{uC%|9uUWZxj#gZ~X3BEeMA(){&R(5j^C=(Of2F>hfjmE}l$!B>s z1f0&dKokUN5*}y4ByTZgGJ%-;UXngLE^B{#jRR&<>SU$VokHfkW}z7iU>4@;0WB9! za*(Y`*@;|@6O7|T&{lNJ-?Fy_A0}oz-SQ5pRhzpdbd{SZ4oT&!0yX99T7SWaX_iZs0~UJQsCT9jOLBibl>fSueQ5vEMI7kBind)86DT{ruL z$XCG7q8&Ro>DkWN;`iHP@&#MOsb0$ZvNQSpb(e-ATH(#)+dw1>$OihzlD~5bWh~=S zpVnnX2AJoxZ>BHpn@VgckBH`KP{!4MOT_!#5hwL|+M1Sz*lzM6O$tw&l|o9ws--C^ zpw|;oY>|pwd-*0yy5Q;)QM(EUFV2FdrJ5qwm@$5fxSOOSrA$yToARHYZ0KvKCJAPv zCFX^Bhp~2UfykrlsH?&#Z%|EYfPLnf(?X4*bp}=iU}nRqGn3iM3dgfMDJvWJ?^{vn z9@Y@U9HD|3)>Jcqszk6V?2Mv08kV1Vs<2n|7QbyX_cYG+=3TL^hZ46XkRMLess?;w zwxsPlh*+zU?ZvB}C^^yUynghdeK2uag!dq#RDtz~(PD$!iO>vkeewB5&`}&Z#u1vK z5QwC9n63Fr0exZMW{zUpp2aG3z>=)aX1T0=B5SuTz=hpakDXgCZ}N~uPG1GOnGd6{ zQCr;JbFM+Wp#hAIv4`ttG>9Y7uW1TJ;A2!lLF++q8v(*FD9FDy` zC>iNA2`_Sk?V*alW3TQCCC9zTY0BS-ixPRKW@acnK(=G#te}tjdgwr}3;JEqFJ3!v zcNE2;`5(?dZklPjn2!S#euDw%bw{PR1<7K9V;LDFy~8kyN_bnVeVd!WK}dGHGwU-Rc55QA<@!gl&p3=V<`aIo^HbE7XB3Xe#G)|+J+_is+~SB zrhsK=7F+7yl_mN$c%r|FDf;*2ihdadJM>g>(s)pw_7udgoNeE4*F@}{V+Phff+h8~3*EGbJCrJsfD zEBzX-W4ORU>37}qYm%f@ZI^u4jhB4RTK5;Iu;`qFk1z~Ndi?4R0P;C@Ye5Kk2TD3# z6A2eY85V}*W!-o9;Z^N=TeO$!tIGtHEqc3X<|n}`opN60*U8DcyadgQLUlWbm1d@R zg_+FzYp!6;?jqX-JK!3};i>Q`WZ8h+GB&84!nxyDpx5mWxU@7f(hJ2-C2V^AN}Bv7 zQba9QT=dgQ#MRfk)UhD`&dxT^Kd@`5*83nrGo=@k6}bTl+xq!Bv*bkg*q3YttrgE!MvP~?wNct4(R z0LMA?9J0Ba0KQETJ4a-J#YLL*Lcl5k~j(=kvyX_O^A52NS3iJ^}#=q31D+5 zoP=Z!O0?t(a2i0>Jr8q{X{C%6CG@+O!WDUN49hVeh(A?kc42imRV;LXQj}(zH=!zHF zhQwGdqr}^?jRw1nZL;ZWUb%^={|2B1j^Dm*06-8G7p0q)`l#M;u45CQ z>2l(JR4+0Bg%Td@pRL!jXQTb6asVK5_j5qi_Fu1eFwEuu>UZ}Kp7TFG$#W~u2wrl# z4&oS?;nqh0LxAJ_$#(0YV7VQ~!JTMm(u%VL!{+;g#PrSVl6(d6CCiTG);M2A(RmW# zVC~p6;#)g4A2Y@77zRqYdo;b0Oxll0h0$i3=8})M=13mrYRcQ&3Ik))5?s3>HJa!P zBk-8asN;@=@`b3y|Mr?bqL8~McE>*5t49t_S$BSW#LN%ITn=JPF%4xQj-5~9O-bMK z0X5}z@)kB|p_K?vQLqlQqs;ugKV-&@)L5?J7KladG z?en3bcr|tmk@JtIuhk3`Zfkek)G)MpDK{fv2I1qyn-5p_26Arz?~X5i+6+PztAufN z@#gZLaL#|I=uO4Kyae12AKrgFucGiBKt2RCpWw~!ArJ(^_i?oTkR*(o?Q~5US~ya< zP=zmt&ytu|0R?0IVtDo8&GGB2_h)ba`|88{_qnlZ_L}~1MRl|OPBHAM(8SrN)7PiR zSD#KVPQQEm=IZsEPp2nuE^_Ux5*%htS;933<@JZtPj5b4ogAMZe|P%!^zyU-2}Y3z zX9MT*e@aK{@_&k1I$gaHuRIHt>pk#tCGYTX76vAIsh`Vv=u4!D? z4ne;xF+m|{qIiW#5-+%r&EgwHsx+|`m`uR}rc~De&`R2-cSk)TDjw?H-YNpUEEczr zUx!sLRirb~kgBdZlsnL)2TrKCs`DWRU}HX(v@QQ&Gb_vGezR%eU60 z?Xm#_NCB>bn7fo5&^%VlOFItQM@*KQp1-WbE}J51&~uQ>m%l!dp{EO4 z?^#p8np@Uo?)JJ~UHXzo$>~K=l5W}dCq0(+FyJM}`GHVODsOZA39Ub%sZCz{{n#2C z(@xeS2Zo%P`97*gU$j_Om!s~jYEK+hG0>MI=McBwZ$jKIyDj2Q-OY&S#bW6cJS=DO z0?R5!LGeli3c5^Uok?(<^Xil8um0ss7Mq=%;vUY{ZEjkbm#!<=r=p zexJ_gjsD+xLRkt~Fn=unZ?|`Fkl+9B?myrE`ZUiI@Bd%EfBk+8LKGo}K$ryAh=3qj zqzOgxtw^OB2MFN*;!6jh_p|_Jb%F;Bx4I5z^ZGa6>Skn#w%R}50d!3R7J=3cn9??m z6Nabj_5yynT2e%=Zg{s4eRa?u^bZfsHfIwNk`O=<6T8f+T5}it-~YQ2q`nV=zB=gj zYeH0etzSTg)4H>yM080GaZ3+z4px)|*Bq8xss!ZS!Fly#%h>|8k#5+g0sqiiQqs~N zJoUVF_{-m?$akKN@;^<&`(^;#u>aQ`bo2RNN4>%Rv;2RGNACYMF6SaWnv|?qNa6DR zzjmY624I?mcK$!dX=irnE`&`ktf~CF%596{*{WiS@(RP=m(RRi;$ZZgtQ5`F-@Pe2 z2Qr@5lyji!u1y-yg6kyZhYUlE1cZ#QIYP zRbA+_$g#R6HuIn4KiAl|oDmqHb40L^6-gY5N>+&<3I$5|pNn4;HenW@RV(#Ez-)== zse)nI&2?*+XV}KY0-6veZVcYd?N?=yI{I4pa%irz+}h5_ptupopcr+W zwWsbvC;}~Pns_Mm3P73U!Sl^(!{-83(>;yAj@~LNz}OYe!%d2}pldR2_?XTJ43U=` zmhxK(Hx$3#ksFGD?!yg5XulaZ6j8~z!Gq@3+)#jVM{Y3l$QH%9neTkM^R#!M+;7f1 zpnk&%@8Dt2b{D}rOm!Q;rjZQ_DzrlTHWO@aQeX1o31r?O7fc|>TPBRXYJHp!yHE#QfZ7@KkvWxi<1zU%VNKN zZP>r>4;@a$qF&5h{rCN$vLsESWVXIY34-BC5>rMXR>uHJKR!ge5h7W_KkMg~u>Szw zxyOHM`2PsI=N%xM_J2l${Qa+^gZ=0GU!UX=`#3a?xhhGhMpV;NL@(P+v zMv8i_AOk~`*X|I$MwJ_AI{eQ{$)!5|GV6!cS<#D^CP~cy&)&PXw{2sMqW$b&fvwE!#vbj%^eBjk&_n1t6~n^&ixe&5 zh%g7%15fi7;Lr5Pcm(9-e6mDnZTCj1rBV-g14*I*r#SVObzn+*e3}tPLQ*#EMJO-& z#dzBJ?&jvQBjRKQ+ax{7eyU?EtZAH;bHA2{*xHpn@uY3wH90_zm`!62hrq}5{LZnQuzWou_pVI zjVjXB>dx#_M){gRBea_Nd#PiqO3 zCf=0uHcBFIy4)adf_^Er>YTp0dEKcrt{FMA_k!cs^hbI>8B1RvcG9VvHM_OeCQ=bS@#njarYw~?^p!L{7XTVA5m$H$5CT~z z1m|cA8d#WKlkj#s6eE1JrGE zfB)-%OkcMw&P@c+lEzV#4LSLyuu_l3CKNp#+71Qui&q34v!Z$C|t38K^O97{D2nGzD87mv;Z%v^{0y2`qg>dxBhW4*Jpt_i=E!d0IQggeYs{Y6zL-Tb^ z5$kL@^1BO5sY>pGlWH~Gg)C1_ElrKqG44WEDM?;>tFA$HC5eqCnil)2vS|2o=fcr_ z+Pb)S%eiim~p7Q@e4xkmn9;p#TIWWly=$!@}t0^TUgtBviu@Rhz*Vpk^MpDLO~8P)fg zGMp>~qc5|$6Pf)Bg)C=j zc~O#l6&nr2Sss$aViqq>F&0;^#-J?749`LEv|ILW{Ka24CvGf09p4{x?eKIztqsB%*Rps}%t9b+G|Uc!vN45sKjkMSu^YJ3)I(l814S ztL*{ZphoFekGlNbB9*&iWbf$3Y9(`*bGb{6WHNWBu5RG>r&kxJ=g)rr?)7!41Y5b# z(Do8Ss;@9Z5j7r)N;_!`al(0IZLe3aU*G(Ed3t^Q!|SW_kI}sz&5RJ%O(CWCB#T^G z?VnTCb?{?n2I;bM1Ug+5c78HSopLn(rchcZ497Wos}21nhS3Tqpu6TIgYL5Pr(exE z{;dPLsqtHB27c>+6ekPt&m7|a{GX2jlrqTH^uKbb5dkztCQ=p|0Uv)o6CS5{C_y~ZU2uy{&N4vr}@O=1RnaWX&>bdg87E7~?K%aWJHG=u5&?@on!>OkQUL1cE&r!zb_pp}5mNd`&XmeO zOLDa1!N8yhoKld!0Z)PSu^G*J{QVq-TyAv0A@~4hqd|m1<1)XZ|9ya!BvB1SyHjCD zG{dn3r_|q`z$!Ruj$5iwRtzEELL!;#)p`YnUj5M2Hmapo0~RBLlCWGV%}rR*Tiu%_ zF}u!UH5Pfe%`frE@$sMUPX2uNfBt;eRlS@9fj1IIuJ#5~|G%LqlLg%r(&fGCcBx9VBS*QzMCNOm~w5@PmFq?z> zS2PPPNa82@ODt3T#TeJDfyWso-d9(sRdqBS*0;zsNC1@$nu+^&o^Zm^^e7_47}Q!Tc6!$ANx<1)cAP*zu~YF z|L1#O@;^SwXFva+Tmg^d|0`8!sq_D-26g^F`DmN}Pc7E%{y($PHvix2S1(>a)c+^@ zYU2M>y`G=moIX3fes1<$ORW4q=T(xJ|4b*IEcY1Adf7TTlYpN7vy63oN>RyrwRZ6SpL6(*RS~h24CX8 zKFQ}Z^Z(_tp}qf4f~fcZ)kv04>i;uk!GrvN2B6=||EEOpBp|j2$ixz$C?W}uXKQ3q89y8psHW*z-_{PmUH-rRsN(+%`d{jQeUi^!{=cHS^W(SxE7hVKTX_Y94ybw%4fr)q#Nz1| zKVs2nyDQOdS9lXYdk36yv~_B)o#_a_8%P&FW11ltZ9w-8sHNNZGZ!Sk{RX;AnLZ*X z^ta#s%kZUv{}OJr&VP^}?T`9t#Q$450C({Jkv|$){J-yyzr_E2lF#Sm|0@ZG)-FIx zIP57MKBXh@F?@jgx&P9|$8i1`B6OGkPa&``H1+2;ur;0UaNRl3tw6IoZveIq@79jN ze9UT_xai;R8Qe*y?zM$`uz+papT@7lLC`N*pxf1l?RIGGyL)-xx(TU-m1z*4H|BNW zj{A6YtZYL%Hs{#9?nI>I5Q|~>0+z{mYSe)CeZ*? zLm#6(J?(nh*VFhoy}A62d`*1BE?rK?kJD|v=kc>+{;lZ};-Q|nKPqVsN9#xBVqbi& zf1uAE_J4*V+}`-#qyD$=2e$ur(En2Z@soT$FZ*9CwTGDg0zj?RFG2ra2EXY2;WmE( zW{24y%`Sw|dh$(vKSIarSc4({HNr+8$vGgvZZqJ^4R#pWRcLL@>Y6UMnaexuT>;Hh z3FHr>U_32p1I94#&;jxZYahJ8dw1=J$FZBX0^7q<5$`K7E$tIIqRs3H1MSA}_q8G( z(ud1-*fpW8I&xVI4LbXx)cps2YW2T0!!bSnS=|+fA9(%C&hwv9zjFWA;LH6lpXMX# zf8XKNiL3#KW5gNxH!D6Y;S!z5Vvyn{tAi`V)>#4|pk&TKLLzjkZx$3vow(2Opytkf zV^)%O@;T$1y#qROw|tZt zG;ab>b=6hjO3|lT5OP1R(K7%Vg#vY%L$O|(K$UNlpw`@@R>uKT66x_j=6@#)H=mD` zL>4~`$tooYN?1M@=snBe_k7X5)P|-~@$4s}dL~2fSzf1jk9jgs$PMlsiING~0lnfu z-nN2-@rt175L6Lu&zg%-=bKt@JYj;D@665Fw(L?CXRQ?Om9~3tRT^G3iid_h?|Yz9 zu{f`Gyh_=|7_>vXX|8Rr z|DWQspZ#z02DU^X&A2fngSUZVC6x`JmXG+a1D?vl{~hu5iV$WTnnSkiG16m8BwK^d zA|^8!3$eL{0hD{lC14S&uPfm9@?MQV{^A7&7gj6&%Ll;7wYVZXZ&_RdaUz6=)sq0U z)pFp2SBx51Qx2W~NR_8&n7Hk^@t;gxOM;;pF`zJfyG%h-7-v-v3>NxGL`$?15|_0?=Ady$bY4! ze{A{h4FmiB_t9|trT)t&`81IKf6t8wKp9LTZgk5f;#~S_1?lESxi4n`MJ?x0b`>Ln zhmr(DD2>TRUbL$vooP;rKoxoymRsz?vt*BMM>U7}(uMi&J+u3Lw(Wn)NG5U`AIJc9 z>HlLp{>vYGUhrlAe~M3Y{oj<|*K&n`vl!A^S*({($Qu*_*tj{T-V87=qAH95uvN}l zeRXxH!k^Rwfh1QYL9cWbnEA9&D9M_oYo@}gx<)|R(_G~(A!&jsuFKc4RHaU=>jR&n zUqGkZDL1NIL#*)m26X<}`Ddq7z2;9tx;{I7`Mmp&Z?7$g!0?fkAr`S9_Ten zi_}R=LGSK2YWmF0toLV2m@$T$w!K=n9@O1<4lveG z9l9G*u_u6gPd&yCux}|YGl0_CZMoWO+=UNTIJU`umd4WLdY}fdOaC8vV_W_Q!!P>( zC;2pz|J;D3@>;w#k~h_I8yMoGFv)udZzx=#lR9mnSWwa!E))XsbG<4ce%jmEu6AKD z6i(g+<-0D!$)ckIH0+ZYmd5&tK5_w0aaX+Zw5QK^WG#-v`nNx$*vW1C{~l%uP8JXL z0PNWRz84Ja{qK+ZU-ti}_%zu6Kgi_(;Eb%9a$RR6j)e;wF1Bs_d?l&&H*m4V{eMLW z+qTDRp_wYWI3l(^z#l+{7U=!AIEg@~oBi{j(f|6>2fBp);pjwOpZmk<)vJqFFHXQ! zK^2G)lV0klzy1nL*R!evBn$o=9)VP-2E1>@8nL{`n`I5UK zFUftEk>j=C*$gI8SM}26y>yM1rt|&tU`k&;pX{Ufe{YH66&8UWkKe~`|F3=i+aG^9 z|NS(dC*Tq?hO$I>SLF%-_e+$3*&4?Y=SnFIZ^a45!4n`d1?f6XNyaFkOBBa|+eR|x z2Pcaokf9hde22uP(#G#Fi4LBC1TCOoYfsY*&GCB_$--v;r9MCHe=w*}t=6@vr`2xj5$k=&$rH zIW7RrV0gPuh3umTf9cWt^x!YO8N5CCOOLJi-z39}gTMU$2T#CTn2CJ2i}UC7pqFOk zUnpb;Jscr;ESqQKUkANA8j=Vd{}C9d+W%+YoxXbU{N?Kxy;bz+eQe$TzBlv(JO85} ze98a#G@mEnYzdPEipk=yv+QpN2M2$JA~xY0rEPVmJ-_Dfcc)PV%nQ2tL@JYh16Q${tNoBE=BmGCu6!58ert+7i(-Ep#cY!juJ-H8 z__&dw$lMQuf=qu4nVySGuPvEVi%Rc7D^ij?oHiqQI6XXUzuKpcG1(7^njx8#hh%Dw zh-c0F4-hjjCmFyAW|I2;s2TPBk$b`?4%#MdX&aSko7B?Qj$y+n0_!Xmx*%CI@JkFJ z1(d81fN2UMf~a8PF}_7W4_44{cLZB@$H*~Q`^`tqU=7QIH8KXvA6EuzPO?x3hslB& zAVZlvZE&GHbfCPS7^^{fP)2#U9p!y?vp?N$vFR!Dr;~klvx41hulUm~d&Q;Sv{r8{ z?Z#AY{9(JXY^b03+w>EcdeTZeVTiJB&$Q=UjNcK*e(L@`yFk7rwD3QF& zA2nROqb-ZqrLnbF*vj*0s%u_5M&J#a(d!Mi(CgIK+R|%lYbL$9CGstTOf083Cih@P zG6XK)T$~@jxi}YxO2UCcH%TZR8ZY>>7Z>M}{Ggdu;{{VU`7S-Kr5fki)9q~~f3{ww zBDyYxEL^Ht?}{ucihwFHnhz6Q!VEH59K+zX8-_{GAD4NyS00DJ z+UL)%o}d2x;?)ZvJtyFMzUzg)f|9%L9n2^oYesQ|0GadO07cTDF9u>yojV^0->V-8 ziFeIN$Oo;5!mu?Zq-|rt&Fq_hfEmKc0^F$sT|x=4P=DLHB4sg)66fG}uCS9fyz)TGBnL%(Z9I zJ*e=?n1r{r#PYomW{58Y{#f!-ZU*M(a%wypnK-!QD{5E@uQXkZ8-lYYI% zrT_TdtG5^D7pFhJy|})3_VW49=g;3>oISrj0i8R7qmJ@OB?P>5AkW#$hMw%EA zzu{K%-Ryec5>bQJB5GiXsDUA({FbLp{&>=C7mO#{c7a1g4O)w+fhD2_hKTaJecKLK zb{1G+%HS;$p@cZ0492lAIM(SRgAtO)O+^5plOBhN7_=4lD1Xeg-0RhePCM3=WPRwC31>#j%4D z$8L9u>W}-44#9Z)EepoM)q~btyAN;vzxAf;Tbr(5-gK2Ql=;{3hA;Sa3Pc6EF3c8r zaIPY{;llCU3#aeeEdAD-rEhJPetEO>Ed~&gP#&O)1ay)y7;`OVju$H^kEFzn)R=)3 zW)z8pEWXBM8!;fGJ%iZvfQ)>%yRGlqN&VJ4$*&BES3e-ePP)1I?;~)1bAItk48g_a zw{V5|!YHkShI`6$A1BnGKgtI!$@a|1A_>VRyA~C%Hfl#cXpKr)L-mZn9lx#fZ!~G< zxEW2{jvLRV%zCYrS5 zC9&$Ya~g~W4QU>1quC)7D8PKD0OJU{Xl^OAr@j8rqIqP}+;W$D4d>Y#?|qUpYrfX7av1&OGI{Zj#<+hbqI7^H7B&=c2czHZbk=eT&|HExqkh z7`T2Uha$JTh7H4ahVJkkj=XC;T51Z@Uf;9E!#BsHou)8smX*QVZ=tzfQ{WHU((F$y znoUi?Z|Aum`pq=Lq3_fPIf4$F_dK7gqj^%M*`LH3lJhX4av&_Guc4?PdRy4E?^5af)+(KEsdT=n z(s?$UX4yuS6@h>vac31OwA)2S)~T4l{NmjWU>U@TlOUJA=C{_@d`n;RN3{gGCy&qC zVA5>U4JO+*olA+@Q}eAO(o&*)Q;Bki7g*2!;fpSfZ zyMw=gFh($0r}83gEHV zYpvN?irv&kqdYmy+0VykiI2!V9E0vsKwIgb{6$OkG&N6e56!bZM{^M9(l}cyoR&Z@ z)J?w|IK4lQ!DSr;x|Fllx|yY#4GjYO_PGa)@8O232usK{X}CfvnN6kekU0oZ#=2Bp z;zANVC~_#89Xb!(IUZBTN!YaQLD;lsxxEJFP}ru044GEigf;+UoZKR(`R8(4wf9+- z@eNFTogRzw+6*Sm0_}o{Gth48IJ26zJ+hkGqNQI;pqdcH(CrG+V1Yz}WfGwbMMnOe zq`sM^9c**NI+c#L)LR}Y-=yB@oUy03S+qmoPM(}Pj;f|@PpT&N^m?@f>T{}#RT?7^ z^CFxv6tB`4&v7V9=&8KfXR`jMB)#E@bKpL4o;c=q(sphq<++`d=hm-qT}o6AxdBis zuhg)4WPM_sEC5abMcEw=jZ4!U6x2`Nr0wKcslJo)r?j9z=_hD(u~ZwO&7zB7y*V?h^*y-{5^uVCjk^qypqi-vkZ-nvMIRik2966E_Hx%J1*G?o6?sj0Y1Qnao}VHKnp zmIQfCErDxk8E^8$B6&e5H=U14I<-=@#o?L0IZO=3q#0A_Pqr|HdZFLCRE1TkVptOT zHG?5C<)R2POcEFa7-L8&l5$_T5b~l!%hK4$acCwK`V*($)>UJob%}|AJq}*&IOv^= z6DDp^QGOG2`SwgsKmWG*?y@{E=0M1DesVY(azA&1xGSH!bvkum#WD?cjK^sd>FHN) z2TrG~i20Jh=oyS*5~2*8@^Mk*H&X%oZcl083Tz5m2Q~#(U{hcQHu+s|Pk&*5)XX8; zA2}VOfh*i8Xc_J#-W*#*PD~>AJaFna49)DjLo)+cj8o7$#woC3oB}h($s|&Ts1@c6 zNFu_-QKT<+H&-^IgpyRcNR1TG{-~K+)E_ww*T5AO6||0u3aqH8z>JFWw%mxI?teNi zRFV@>IKtB*ZV_G}%J>M4#=&?#7|GFScmmlk$5d?3eCh`cw^XogOV#VxLF?G8z>3WZ z%-F1LLv3xTpy7H7wymdnEjM^*Y?fycIxq>f3(~JC%00JST9z(q723KCEHt!VAw7&x zLXrS^*{T?!hUvC_ce-s*f2D?e(0Up4tDx^ zA}VMb5oHDA2S!AcqM{xRmloMtiL`XcaqVE{TTZ(S3~9E`VwK{d(>?u$iLbsp@ilOG zLW8!RP^+9)&@&ZAclwUID4yTYH zwpth1vg&IEJyTT^+4%KnxYVN7T9Ks`1^c1l(g)hB17$S&`=Q~K<~&#>#fsSNOSpi;kI zyw*mIXBjn~VbttErG9$6)+)DGR=GVx<=&1-y~^vgQ+btN!Y^wsUZMALTqaIj>J?Y7 zt>WsH6<4oNTsayeCmQvNtJhX>wd!Aah2pv$je2#mb@40Do|MskXw>ULt!pz`rJ1}! z58`OJtO-|rq?YB8@^v~W;}YzLi;Iu6XCq}a`um|#FKJqr7P2Y}d4;6ej)sesJtPIo zw^xa`8<#Ohxo)+}2W_w!TXIiAGEnjD%U)OT76B2pZ#yd}VpJq|${cNSpNP~=BX)l} zZDgNKrw;RM>=L`<)?#;TiQTa+cHNhSluWc~v-9Vv>-c%>66fRA;(Tn0^RX??eMfr6 zJa1%>8?N`AWqL^7RQB zxJMu&$=6IA7(Cq|b_mFt0Ww!t>N`oQ;{@Z@O3k>e)QoMVra}>aKSm728+{SkI$2W` z<A+sDXU26Fe4t-^cXkC4;?gtU?U!gga$##EHN874AW(+r6`ZJ;hW?pPa zZZpai1BxRQaw6n>Gzt%yx-POBJ8YbBTN`IwwsFRmjZ+;=QE{9LQmzR>5mtE#*)p%w zBIWBG$4CS^BN&Nf@mxBK!Dz+_hCyv@jBK5p(pMz8B1FtZ!Gr8@SEdsyMdY$IG0hAN z*F{)kht)T3YxRw+%W%e)#aC1-HkauYqAXj7OcuQmi(TA(!+E6LoDR0UWxReY|nVknw^S9hA1mSm#~cZoi?jHGIbRmQ3yJzZa?8un`p;` zmn#IUQiOyU z_s@H)=wtNZd7d{K48;GQ=h^@J!=V3_Kj;U8(QrHt{I5K}?*-mh!21};*q=3JF#F1T za9=iYe~`};aG}y9xG+38_;#JhIKUXsGMH_ICUcXm(V2>%+tuJ2i!>V$6X6izN>K4s z-s;Z9ulhbGLKA_2;uVfz22#iv%910%mYC*!+(QaxYa9#FoFS3av4S{ZD1p4YkWdC@ zh}|QUNWDvf7v3tankk{rvJHUY5~Dkg;)1}K<0vn#Kfn6#9_O9lN?s_%nI%0q`1^W> zvIH?iPr$psedCLZpS#{W(e&Jq9tQ^>z!gdf#f)Sd@BxTmy$|3m%D6QEJ{)}L8lMlP z|M*`5;zgbgC+HBvbZ~IP2Ln?8!FMQLftPAnWOnGm52shJE?&Jj0XN@WT!XXkPOomj z#Wi^K`UZUe{PfigxOokpJqH)Bu5V6XzI=WT&M&T>pWVFtZ_(qm%!fTV=z>d;qX)tz z3U7rW@Z&FQ9Nu>M7GYqq#u1{0C@A=Uk7SGE6-?GJKK_5j8`u1eKli;C;+2-<{0Ktz!Ks6C%3A#THmxNGsc+l;34^HD4T;au%QLb8|><&es3vS9wTm=dL zK_sB!|4S6Fy2^F%=t5vC|M$ItKO9^9KM4ARFZ};gd^iu2amJjpbl-|4aByI(XG}qw z;T6nqyb(+|;!Id5lpC?`U!7j7cx2Aqdk5ch{H8As0k4ETW?ufKL!;$_1vn8LL7qKmrYKmZ*wdT>;lrP83c18z5Xdl+ zM;23LxUtJ0W*dMRTG1YO4#Q==iA zU^l{<7_1`QmVubadS-GfO7NvY)_|nfkvd3_&c_IR05d}PWWJljm?Dn(bLE#@CrNb* zi=~Ydb+usR?BcF&pNZlC8-S8KoRLIusXLfq-X~Qz5Ek8uJ?8}fQcgfV4`SfC+ED;h zmmi}@g1X0X%-5MT*BMc6$9$TUf6pLOD_feS%E4E>$_Js5dQZyRWz>^QUDB*8LHs~JsVTlqjBW!6*9F(`#9*J?z6ha&kSsX3RP>8rK zfgG%>jM}w4)2*WR{5_^(yQouNHSzoxdjxK@r3BFXR2=hRVPVaX+=vOwc@_fiaP)IV z;kzx&wTF{MhA7=*FTw<<#)hxl=Buu5RQh^NH(Zf7d&x@$Ht*z~WVbk3oa3xK$j2R1 zxN?}PB@oO_#7C$-Nm7)cNM$OS42=oR>S7KO!erK#Too`)<;z;bQTusC)(K1DQtwh> zI2oKkMkjpFTba}(h|wh>l}*_~=;fdaiN`Xs<_lZ=tS<7+OS@pU6x;WbM0-lZ8oV3v z^c=%o4BddDb`F^J5-4nViKMkI1jZ?0Z)Krcm$;?=t}*?Y-bhDpBQ z-(J4TWyxoy_~(I#-Mch7w8-vB1i!^GDzC_n+5w#tE=`X*`cS)b(mB3MlVkmEr+CDT z;m%2i!xAQgkVN`@CLiWt#EQREHaAqoaq+*Aj9<~iCRdg?IhPuVHsSdaczgM(=O(9@ zAH$agcL{lp#1BgxF2y3#Ym2|BP28E1yJZ8`)tB-I82yRSFmwgESW4|-6mb<;E`S-D z^EJUT(UK9_yWCljEqh{d7VcJ_?HmB^;tcHndiDJ+K}(l@obzU~{pvjGG4x!h*Cz6X}CnuI>yPOi|(Xb?U;9sGE=o9Y4{1bzu^9 zVZv}%|Du?5oZ_5rRzApBry&x+xTMsim*#*>Q%=4RCXbE1cv}p z1;T=!nWtU`^u;pF_z0P&E8?~7UD@CnT$JJ7iCRhh|3jCsKOCL(rzi>r6AyX_4TAX? z&PNk}j-p{Sn1_9TIP^zwHuuAUk6?sG(_k{|kD^I94g2AEI0?36BYNi;)#;e8?@*R; zF(!;R-a^}%+JGx|g#fZYxV(e}jtQrIO9v#O z^~$&^^{H3Hrq>-`oElHL{TLbEO?`(zE!YS$SOc$kOEeIHy9u+-EmR0=AMfatAu!C}zkvK-#j-ljY8kkL#wp$cQJ=Qg!C}PJEL@Sa|#J2QOtECAu z)+jvs@E+YBJ{4=MMn$)`-**l#N42?xK8o`yz_Ywzpss5ufr# z1XK1>m@zD6iNRkJ9P5EFhy+*WtH5}5TMu-dEszU(F`5?e6?_lWo7;e|6L<%4EY?z+ zE=up0JK|a-LyL_IZh7f~b-Ku4gh2k)trh#t7GZuk;0EPnC2y6t1-r zmeSjBttR0b)dG5*oTC^qRDHbw-2>-hiEYLrzgx7+$A&~VOCt;75-Q2ChM3!}Qs<#^sMSn%PJWaRJ0~4c zt+jL15sR;L((yaL{dCl!2xj3D(R^O?aUnQ=b*;~T=~1q{>hL&O`&D)WR&WC{L`i&y zKtf|eZr7i|3#{+w6& z;Rg`bqX zwd$>|I_JU3;#fH#x-gYVQGBYqs^Rey>F?)uFk2%1^P!@#&K>nV#7RBgJ#bS|&#pyk zo8}cK;PepO{Nn_?xj6&R4#DN=_4NKg#Po}LTwdquqKhc{_lLx+AU0*2K4^=;lWlqE2}NEpiIFho`R@(o2QA_}XVWXPBZ z%@GF-B9cPxd#r)e}D_dqgB!3 z5QQ_%*+v^EJ#d*vi)of7QRMuJ_qT}24930rI*vJ0$PJ$@ViF|`XGmmN@P2Sos0|7l zri%GiH;dV9pAKOHh;E`OkT>Jz$FB-?0hw=QQ8C>yf97+g&8z$1P{J}Se?3MlJmxJa z=zolhpM?cjbn1Jox#Fqj^1-lgjw;L4jtmK z@HX#;f?4mnz}p-ar8mts`HQymq4b9K3y5#m`i8)g`Xn9+%}IKD@>Woe0AHjC(hW#) zc&p9xxkxEZX@K~iPL%gM_rKAr8u^H6!6vK)k`6gC0i7$JmQLVLKxt}P-orz z?Hl0t{6W{-rz0I#=8`yCbC4@vZ*9>!FZ7_eA*S+Nxk0ZYHFxh`MeDtLRbPrC;#-t0 zv#pG0(*g8(CpnW+xl+_LtVEL3w2Fh%7gxieRoi`e^QxZBXeCxd{R1e_uEXw_(Mm@$`D0TfXTIl}op@WS$g-Ul2=WjbC-Ro~zHoH`(hMtM2sYj;M-%@WxV zgnFkUTp7w%IFSpKWD&}C=a8t&0=JT-(nE?SIy@v>Cr9FH1z80mZ*e5jPm=}Lm@uDi zruz{~PWBw*ISMzS9V_+QyNX_1wA7Q!*P(T8r!OOQXxjR*aj{DE+*UQ}t+P5eL|FE0 zioFCAX(veEjL;GJrc`Y9&DG0m-gHfo5wOV#IDghNd)#{FoL{r*K5#a{v^#Cqoz$Ca zCHM`FnbmtcdaLwMJzMs@-nbX&!{t#h9t1PrgW+)0pH1eY0M4Qyn#2BJ)Sphm(P%sg z=V&%X z_SBSNH<%m!;;s&>om8er@D`?LXXp*1U=VmH8i#%~2<9mAC($hO{qcA<9-(kHnuo!7 zHMO+1B;aGSWYH}r2ZGlb|nD#JjQbc>|Jb|7R$^}yYs~@_kkemsL zOizr>SznQetKqS_Fv*A)d-OoDM1-+OOr#G^g}80q$20#<*}Z+1tI; zO@rO8-s?)>`}JMvZ^y=;g#jFnX8q8g4&h)n2+=Scjps8j?0eIBF!6%Xu;w19~W44RmoU=6xQYa(?jQ2Y!8Owre`@I>hkSb-mD&E z3r23vrqI`2pjDFLSq$;2&iuTX3wQrLOjOMlQ6Mh?`b7}(H;)SIR2{A4&pCM|SCJw1 zY7m-}EJPL0h7=6qnU1Ry1%L%~(d`f1I7nn(o3MoRNl&KjWk-ijZw8;LI1k?1Jxk)W zzLKq=hVchsiIs8zRQikZTa;~!Ug@y<-SJ;JjX#t5&uoc)mM{M8-BErj!U*`f`?ZQL zpeFR$nw1xZkzweZgGY8r=w0pTEkiI8k?l3hTeD?6H;Jm`bpQ^dTNrsYy-@sbYe`L~ z(-$~TD}r)j$UNsCnwSjzvPP8U6xDJpSFh&9n{}=_)t78gE;gCNzL<;CHog$L?~XvU zN#F{HlD|<*5_M^yjy*2Dkl#i4?x+-fn!k*)8b`O9LK6}tDO@b|qdvBY;hwFbE!3jtlvy23GwMQsF`0j_q|<+uM!7 z$7Zf#(R9@$@3S!EDs!v~1KNMYf-vd%gfr2T060`CpDYzF zhv4S*`D>t}X@wd?gf9L6fhDA17V|D6yJr{Wu0+-uPFm!z*7i`pT{^uDZIm?I zxoO0@gz;MJ<9C{#cl8KG=x#4=kPnN*=W!;^g^_C#B6Rl{lVJAXaBTfP`NOrCI+n|) zUL|#0QJ+d$Oi`fFh$ZHoP{b~c`LU z{%g_v6YhZmzkH!896rj1sOj$W-WLYKpTqVr(D~@Q#OSNMS@H$)akk8wW{;#9tZDX# z)DF}LxP+4;>oNAD?rE#0Q10)eFLY^>HZm<$HMDvQq71L6d?EY#pU zqEf(Ina*j|+m3#u^WHcV`?Yh6Hl34>t^(0H>ZG#r%4*XUb^DK3n{NK}x1TJ-$85BHH z94u`pL#sp6ZzkqWIY%|fC1ilVrH-meRO5G5cvAdtq;q8Jjx;!cch~seNaFZR;3Can z`VPzy6j#kG_!Ni&E2=KZhOEU|2GtQ)K)97fuATq{6jf?OtN1ara;NyWo^!#i&?+Ue zlA9X0y1wgXP*2onG>rn)&vp{;V5Taa{UP?QLih9Eyc*HZdE&FRQ(OHE=RI2|e~=xo zko{bz{=pgGkC?WdlIV12nUI>A9lDfd`Tdp!Kn!3n_pi-Sd8>KZ4FklryTsYMUpsU9 zf-Bmcli_G`q`#es(&I8ns&mqLEw0)79@7}i?RZndTpxYuwRK1mQnzk@Y&7=fVL0%o{UDt7=Rx3w)1dE7`t#9f7$7h35t>JS82Wv`AHZnl z_r19nRtvOMu*#$CGEBtI-j?TdCQq+)TM*_!6h+o7<1$%PAy5@ZRk)@K-u zF&KmNR!C>L^F_#KF4&FVV|<4aL}`~>gjoC~iifY$uEar~n~5(y-Q0!QOZ{B5uUo5S zI6Zy3Ut`J&_JXB}FTILb#e8A96sn7wv5me`RztlMo!51@v!J_7uqY8x2ggoG>>PKb z9st32H#e8+O&xKhOWcSxz@H!Uf3EW?35P~zoqngTS85%c+V`7?=W~qY{p@_MY2opz zmJTcpS5HUO$*@Kgfp>ClPDJsLck04434KZ8h-z56Sb}2L7SuXA?BJ5l&DkX%KbnV@ zh~X2>L~Z+oFy+0?PwFdklP_S`2wkBF;(Zop4(V}MXAZWqJc|zZTAu}_?m_spE41kL zk(X$B%pPrx+F)x*`6#PYF;~|RU8~1CR;YsVxa(5^t*lPn*4SnZ^$arS$I zq9U+A_K`PxC6y2@oXD%bS++UZoXZqorSNH}t;8o!?5H6Wyl{<)`3SRz#(a)NYAtZYsJA z&}!kTTmTeiW?o-RA0=0YIWG>!2uMk~jwQcQ?eiiON=OPBD0}RIXR0=w^szFLF>jOu z<&p^{VYW$Cf|Qc1M=~x$oK}j`4I;4S4pXek4Z&nHBhf~7u4mCW)>jt?%yFz_s4li? z&FbZwi*w~Td-MJ2_1`-u{nE@_su~P$D9XUaIe5xnI0PuU>)yc(=;}K0rqoHjzfVMk zTxR$V$7q3`(-6jDnJZt~QO7I*%9l^IlIT$<)$d37Yx*4ciV*f~?)27|q6q)sD+^xdAo;I?$Q-*Ohi9!<*rgEyENk}IYT6C;z32%i|X9DS>|EbTQ|g$=jOt+85VmaV4D0Nw$(Aud*{F(6-xR z$ymB=TL|cF7q6@%wFP8CB6R5}HdP9U(d}eNmgW^N35=e>7$zaggg|(u+vzD#N%s#e zQkmD1@Q$~AcO?J6=6~FrUA`03{qD{A<+~n`mOlSM+59QI zPXGirXP2d_hYQ4tohr)I^8NGX>ZN!p_O)@Sw2deRvjt+iR&G&q(P(cuSEQrA#OlQW z%rml*`g2j!SUeGKgm(qNcOuD9Uqhvw2`4X46|&m!ELg|i?@|F+OoAw$r1UF3 zM3G`RT01M!*K__STo|rZQ9duNXMhGL-@yl~eKg!Lv~*EbiyC1&c8!L==f z%AHGjTN_F>CsUbe7nh}o36o2jf_jz4=qYEeGsRpFk4n7u2;}gN3Z84AajNaRtsaRQ zW3c>w>w8)9UGE013fVhDBe~*qzeIe_&ElyFV4+QE%eJNq$L(o1l?cx=Y-xS=^rgI1 z#6m>6^1iCkegvQdf~jU&C{j*5W)_Cdt6drhHr#_-b#wuiMIr>gGL+}Kv|2HiM$nMF zRhvX0TPL#QsDf0w`bI(!)7)ERFhrLq!y*nUa%Nt8w^YYP47$O)h0gAA=EoCk5a?#o0oRLUuWZar4S#Xn= zU972M@2GiT-THE3Ud!^%xVQu-5x&FG8phmIxz#1hMJY+jV1DO)erw~_V~-zjhF*xf z9k-l<HyS_$WH6Kl!lwXmIqAzqzx|ntp2HZF*j>@AZ9e>JRezR%3_;^NHtAg2`}# zqERrO&PMaed_0;@(0nlWXM^!z*6;Uc6K^<1-qfE#Z#F=~`KUjgPIqD^PeBe&;}~4w z#gb8QC9i*pKv#&{n{18F1ij!gBYYwczWVa{ygu^k=wt07?X9B6@5A#vZ!{Q)|2@yM z|Mv!?@mKz!9}Gsr@i_3m^8EgI=zRse$4905SyKkHue=BMWfS)Y`Er$k_@221bcfOX!NFg}6$i@<&A;hr!CUaO9?2HRKXUzL7lgM)() z;1vPiV_IVNT$ZepNZ;MV`Q=G>*XM)iv5>*KM=st)kbwE94x8V5+P-|ge7=0Xd>;Jy RzX1RM|NpW5^f&+{1OT+C2nzrJ literal 0 HcmV?d00001 diff --git a/incubator/kopia/0.0.1/ix_values.yaml b/incubator/kopia/0.0.1/ix_values.yaml new file mode 100644 index 00000000000..48e0a4347f1 --- /dev/null +++ b/incubator/kopia/0.0.1/ix_values.yaml @@ -0,0 +1,31 @@ +image: + repository: kopia/kopia + tag: 0.10.7@sha256:2a4f9e0804c0897d8793cfa10d0a321e3c936544d89631ca9bac41ff9a68d903 + pullPolicy: IfNotPresent + +extraArgs: ["server", "--address=http://0.0.0.0:10238", "--ui", "--insecure"] + +secret: + KOPIA_PASSWORD: "" + KOPIA_SERVER_USERNAME: "user" + KOPIA_SERVER_PASSWORD: "password" + +service: + main: + ports: + main: + port: 10238 + +persistence: + config: + enabled: true + mountPath: "/app/config" + cache: + enabled: true + mountPath: "/app/cache" + logs: + enabled: true + mountPath: "/app/logs" + rclone: + enabled: true + mountPath: "/app/rclone" diff --git a/incubator/kopia/0.0.1/questions.yaml b/incubator/kopia/0.0.1/questions.yaml new file mode 100644 index 00000000000..6e7fa3f2a8e --- /dev/null +++ b/incubator/kopia/0.0.1/questions.yaml @@ -0,0 +1,2923 @@ +groups: + - name: "Container Image" + description: "Image to be used for container" + - name: "Controller" + description: "Configure workload deployment" + - name: "Container Configuration" + description: "additional container configuration" + - name: "App Configuration" + description: "App specific config options" + - name: "Networking and Services" + description: "Configure Network and Services for container" + - name: "Storage and Persistence" + description: "Persist and share data that is separate from the container" + - name: "Ingress" + description: "Ingress Configuration" + - name: "Security and Permissions" + description: "Configure security context and permissions" + - name: "Resources and Devices" + description: "Specify resources/devices to be allocated to workload" + - name: "Middlewares" + description: "Traefik Middlewares" + - name: "Metrics" + description: "Metrics" + - name: "Addons" + description: "Addon Configuration" + - name: "Advanced" + description: "Advanced Configuration" +portals: + open: + protocols: + - "$kubernetes-resource_configmap_portal_protocol" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" +questions: + - variable: portal + group: "Container Image" + label: "Configure Portal Button" + schema: + type: dict + hidden: true + attrs: + - variable: enabled + label: "Enable" + description: "enable the portal button" + schema: + hidden: true + editable: false + type: boolean + default: true + - variable: global + label: "global settings" + group: "Controller" + schema: + type: dict + hidden: true + attrs: + - variable: isSCALE + label: "flag this is SCALE" + schema: + type: boolean + default: true + hidden: true + - variable: controller + group: "Controller" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: advanced + label: "Show Advanced Controller Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: type + description: "Please specify type of workload to deploy" + label: "(Advanced) Controller Type" + schema: + type: string + default: "deployment" + required: true + enum: + - value: "deployment" + description: "Deployment" + - value: "statefulset" + description: "Statefulset" + - value: "daemonset" + description: "Daemonset" + - variable: replicas + description: "Number of desired pod replicas" + label: "Desired Replicas" + schema: + type: int + default: 1 + required: true + - variable: strategy + description: "Please specify type of workload to deploy" + label: "(Advanced) Update Strategy" + schema: + type: string + default: "Recreate" + required: true + enum: + - value: "Recreate" + description: "Recreate: Kill existing pods before creating new ones" + - value: "RollingUpdate" + description: "RollingUpdate: Create new pods and then kill old ones" + - value: "OnDelete" + description: "(Legacy) OnDelete: ignore .spec.template changes" + - variable: expert + label: "Show Expert Configuration Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: extraArgs + label: "Extra Args" + schema: + type: list + default: [] + items: + - variable: arg + label: "arg" + schema: + type: string + - variable: labelsList + label: "Controller Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: " Controller Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: secret + group: "Container Configuration" + label: "Image Secrets" + schema: + additional_attrs: true + type: dict + attrs: + - variable: KOPIA_PASSWORD + label: "KOPIA_PASSWORD" + description: "Repository password" + schema: + type: string + default: "" + required: true + private: true + - variable: KOPIA_SERVER_USERNAME + label: "KOPIA_SERVER_USERNAME" + description: "Username for WebUI" + schema: + type: string + default: "" + required: true + - variable: KOPIA_SERVER_PASSWORD + label: "KOPIA_SERVER_PASSWORD" + description: "Password for WebUI" + schema: + type: string + default: "" + required: true + private: true + - variable: TZ + label: "Timezone" + group: "Container Configuration" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + + - variable: envList + label: "Image environment" + group: "Container Configuration" + schema: + type: list + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: expertpodconf + group: "Container Configuration" + label: "Show Expert Config" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: tty + label: "Enable TTY" + description: "Determines whether containers in a pod runs with TTY enabled. By default pod has it disabled." + group: "Workload Details" + schema: + type: boolean + default: false + - variable: stdin + label: "Enable STDIN" + description: "Determines whether containers in a pod runs with stdin enabled. By default pod has it disabled." + group: "Workload Details" + schema: + type: boolean + default: false + - variable: termination + group: "Container Configuration" + label: "Termination settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: gracePeriodSeconds + label: "Grace Period Seconds" + schema: + type: int + default: 10 + - variable: podLabelsList + group: "Container Configuration" + label: "Pod Labels" + schema: + type: list + default: [] + items: + - variable: podLabelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: podAnnotationsList + group: "Container Configuration" + label: "Pod Annotations" + schema: + type: list + default: [] + items: + - variable: podAnnotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: service + group: "Networking and Services" + label: "Configure Service(s)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the service" + schema: + type: boolean + default: true + hidden: true + - variable: type + label: "Service Type" + description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: "Simple" + enum: + - value: "Simple" + description: "Simple" + - value: "ClusterIP" + description: "ClusterIP" + - value: "NodePort" + description: "NodePort (Advanced)" + - value: "LoadBalancer" + description: "LoadBalancer (Advanced)" + - variable: loadBalancerIP + label: "LoadBalancer IP" + description: "LoadBalancerIP" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: list + default: [] + items: + - variable: externalIP + label: "External IP" + schema: + type: string + - variable: ipFamilyPolicy + label: "IP Family Policy" + description: "(Advanced) Specify the ip policy" + schema: + show_if: [["type", "!=", "Simple"]] + type: string + default: "SingleStack" + enum: + - value: "SingleStack" + description: "SingleStack" + - value: "PreferDualStack" + description: "PreferDualStack" + - value: "RequireDualStack" + description: "RequireDualStack" + - variable: ipFamilies + label: "(advanced) IP families" + description: "(advanced) The ip families that should be used" + schema: + show_if: [["type", "!=", "Simple"]] + type: list + default: [] + items: + - variable: ipFamily + label: "IP family" + schema: + type: string + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10238 + required: true + - variable: advanced + label: "Show Advanced settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: protocol + label: "Port Type" + schema: + type: string + default: "HTTP" + enum: + - value: HTTP + description: "HTTP" + - value: "HTTPS" + description: "HTTPS" + - value: TCP + description: "TCP" + - value: "UDP" + description: "UDP" + - variable: nodePort + label: "Node Port (Optional)" + description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: "Target Port" + description: "The internal(!) port on the container the Application runs on" + schema: + type: int + default: 10238 + + - variable: serviceexpert + group: "Networking and Services" + label: "Show Expert Config" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + group: "Networking and Services" + label: "Host-Networking (Complicated)" + schema: + type: boolean + default: false + + - variable: externalInterfaces + description: "Add External Interfaces" + label: "Add external Interfaces" + group: "Networking" + schema: + type: list + items: + - variable: interfaceConfiguration + description: "Interface Configuration" + label: "Interface Configuration" + schema: + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: "Please specify host interface" + label: "Host Interface" + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: "Define how IP Address will be managed" + label: "IP Address Management" + schema: + type: dict + required: true + attrs: + - variable: type + description: "Specify type for IPAM" + label: "IPAM Type" + schema: + type: string + required: true + enum: + - value: "dhcp" + description: "Use DHCP" + - value: "static" + description: "Use static IP" + show_subquestions_if: "static" + subquestions: + - variable: staticIPConfigurations + label: "Static IP Addresses" + schema: + type: list + items: + - variable: staticIP + label: "Static IP" + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: "Static Routes" + schema: + type: list + items: + - variable: staticRouteConfiguration + label: "Static Route Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: "Destination" + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: "Gateway" + schema: + type: ipaddr + cidr: false + required: true + + - variable: dnsPolicy + group: "Networking and Services" + label: "dnsPolicy" + schema: + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "ClusterFirst" + description: "ClusterFirst" + - value: "ClusterFirstWithHostNet" + description: "ClusterFirstWithHostNet" + - value: "None" + description: "None" + + - variable: dnsConfig + label: "DNS Configuration" + group: "Networking and Services" + description: "Specify custom DNS configuration which will be applied to the pod" + schema: + additional_attrs: true + type: dict + attrs: + - variable: nameservers + label: "Nameservers" + schema: + default: [] + type: list + items: + - variable: nameserver + label: "Nameserver" + schema: + type: string + - variable: options + label: "options" + schema: + default: [] + type: list + items: + - variable: option + label: "Option Entry" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: searches + label: "Searches" + schema: + default: [] + type: list + items: + - variable: search + label: "Search Entry" + schema: + type: string + + - variable: serviceList + label: "Add Manual Custom Services" + group: "Networking and Services" + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: "Custom Service" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the service" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Name" + schema: + type: string + default: "" + - variable: type + label: "Service Type" + description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: "Simple" + enum: + - value: "Simple" + description: "Simple" + - value: "NodePort" + description: "NodePort" + - value: "ClusterIP" + description: "ClusterIP" + - value: "LoadBalancer" + description: "LoadBalancer" + - variable: loadBalancerIP + label: "LoadBalancer IP" + description: "LoadBalancerIP" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: list + default: [] + items: + - variable: externalIP + label: "External IP" + schema: + type: string + - variable: portsList + label: "Additional Service Ports" + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: "Custom ports" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the port" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Port Name" + schema: + type: string + default: "" + - variable: protocol + label: "Port Type" + schema: + type: string + default: "TCP" + enum: + - value: HTTP + description: "HTTP" + - value: "HTTPS" + description: "HTTPS" + - value: TCP + description: "TCP" + - value: "UDP" + description: "UDP" + - variable: targetPort + label: "Target Port" + description: "This port exposes the container port on the service" + schema: + type: int + required: true + - variable: port + label: "Container Port" + schema: + type: int + required: true + - variable: nodePort + label: "Node Port (Optional)" + description: "This port gets exposed to the node. Only considered when service type is NodePort" + schema: + type: int + min: 9000 + max: 65535 + + - variable: persistence + label: "Integrated Persistent Storage" + description: "Integrated Persistent Storage" + group: "Storage and Persistence" + schema: + additional_attrs: true + type: dict + attrs: + - variable: config + label: "App Config Storage" + description: "Stores the Application Configuration." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: "Type of Storage" + description: "Sets the persistence type, Anything other than PVC could break rollback!" + schema: + type: string + default: "simplePVC" + enum: + - value: "simplePVC" + description: "PVC (simple)" + - value: "simpleHP" + description: "HostPath (simple)" + - value: "emptyDir" + description: "emptyDir" + - value: "pvc" + description: "pvc" + - value: "hostPath" + description: "hostPath" + - variable: setPermissionsSimple + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "simpleHP"]] + type: boolean + default: true + - variable: setPermissions + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: true + - variable: readOnly + label: "readOnly" + schema: + type: boolean + default: false + - variable: hostPathSimple + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "simpleHP"]] + type: hostpath + - variable: hostPath + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: "EmptyDir Medium" + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "Memory" + description: "Memory" + - variable: size + label: "Size quotum of storage" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "999Gi" + - variable: hostPathType + label: "(Advanced) hostPath Type" + schema: + show_if: [["type", "=", "hostPath"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "DirectoryOrCreate" + description: "DirectoryOrCreate" + - value: "Directory" + description: "Directory" + - value: "FileOrCreate" + description: "FileOrCreate" + - value: "File" + description: "File" + - value: "Socket" + description: "Socket" + - value: "CharDevice" + description: "CharDevice" + - value: "BlockDevice" + description: "BlockDevice" + - variable: storageClass + label: "(Advanced) storageClass" + description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "SCALE-ZFS" + - variable: accessMode + label: "(Advanced) Access Mode" + description: "Allow or disallow multiple PVC's writhing to the same PV" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "ReadWriteOnce" + enum: + - value: "ReadWriteOnce" + description: "ReadWriteOnce" + - value: "ReadOnlyMany" + description: "ReadOnlyMany" + - value: "ReadWriteMany" + description: "ReadWriteMany" + - variable: advanced + label: "Show Advanced Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: cache + label: "App Cache Storage" + description: "Stores the Application Cache." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: "Type of Storage" + description: "Sets the persistence type, Anything other than PVC could break rollback!" + schema: + type: string + default: "simplePVC" + enum: + - value: "simplePVC" + description: "PVC (simple)" + - value: "simpleHP" + description: "HostPath (simple)" + - value: "emptyDir" + description: "emptyDir" + - value: "pvc" + description: "pvc" + - value: "hostPath" + description: "hostPath" + - variable: setPermissionsSimple + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "simpleHP"]] + type: boolean + default: true + - variable: setPermissions + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: true + - variable: readOnly + label: "readOnly" + schema: + type: boolean + default: false + - variable: hostPathSimple + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "simpleHP"]] + type: hostpath + - variable: hostPath + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: "EmptyDir Medium" + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "Memory" + description: "Memory" + - variable: size + label: "Size quotum of storage" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "999Gi" + - variable: hostPathType + label: "(Advanced) hostPath Type" + schema: + show_if: [["type", "=", "hostPath"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "DirectoryOrCreate" + description: "DirectoryOrCreate" + - value: "Directory" + description: "Directory" + - value: "FileOrCreate" + description: "FileOrCreate" + - value: "File" + description: "File" + - value: "Socket" + description: "Socket" + - value: "CharDevice" + description: "CharDevice" + - value: "BlockDevice" + description: "BlockDevice" + - variable: storageClass + label: "(Advanced) storageClass" + description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "SCALE-ZFS" + - variable: accessMode + label: "(Advanced) Access Mode" + description: "Allow or disallow multiple PVC's writhing to the same PV" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "ReadWriteOnce" + enum: + - value: "ReadWriteOnce" + description: "ReadWriteOnce" + - value: "ReadOnlyMany" + description: "ReadOnlyMany" + - value: "ReadWriteMany" + description: "ReadWriteMany" + - variable: advanced + label: "Show Advanced Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: logs + label: "App Logs Storage" + description: "Stores the Application Logs." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: "Type of Storage" + description: "Sets the persistence type, Anything other than PVC could break rollback!" + schema: + type: string + default: "simplePVC" + enum: + - value: "simplePVC" + description: "PVC (simple)" + - value: "simpleHP" + description: "HostPath (simple)" + - value: "emptyDir" + description: "emptyDir" + - value: "pvc" + description: "pvc" + - value: "hostPath" + description: "hostPath" + - variable: setPermissionsSimple + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "simpleHP"]] + type: boolean + default: true + - variable: setPermissions + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: true + - variable: readOnly + label: "readOnly" + schema: + type: boolean + default: false + - variable: hostPathSimple + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "simpleHP"]] + type: hostpath + - variable: hostPath + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: "EmptyDir Medium" + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "Memory" + description: "Memory" + - variable: size + label: "Size quotum of storage" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "999Gi" + - variable: hostPathType + label: "(Advanced) hostPath Type" + schema: + show_if: [["type", "=", "hostPath"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "DirectoryOrCreate" + description: "DirectoryOrCreate" + - value: "Directory" + description: "Directory" + - value: "FileOrCreate" + description: "FileOrCreate" + - value: "File" + description: "File" + - value: "Socket" + description: "Socket" + - value: "CharDevice" + description: "CharDevice" + - value: "BlockDevice" + description: "BlockDevice" + - variable: storageClass + label: "(Advanced) storageClass" + description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "SCALE-ZFS" + - variable: accessMode + label: "(Advanced) Access Mode" + description: "Allow or disallow multiple PVC's writhing to the same PV" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "ReadWriteOnce" + enum: + - value: "ReadWriteOnce" + description: "ReadWriteOnce" + - value: "ReadOnlyMany" + description: "ReadOnlyMany" + - value: "ReadWriteMany" + description: "ReadWriteMany" + - variable: advanced + label: "Show Advanced Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: rclone + label: "App Rclone Storage" + description: "Stores the Application Rclone." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: "Type of Storage" + description: "Sets the persistence type, Anything other than PVC could break rollback!" + schema: + type: string + default: "simplePVC" + enum: + - value: "simplePVC" + description: "PVC (simple)" + - value: "simpleHP" + description: "HostPath (simple)" + - value: "emptyDir" + description: "emptyDir" + - value: "pvc" + description: "pvc" + - value: "hostPath" + description: "hostPath" + - variable: setPermissionsSimple + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "simpleHP"]] + type: boolean + default: true + - variable: setPermissions + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: true + - variable: readOnly + label: "readOnly" + schema: + type: boolean + default: false + - variable: hostPathSimple + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "simpleHP"]] + type: hostpath + - variable: hostPath + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: "EmptyDir Medium" + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "Memory" + description: "Memory" + - variable: size + label: "Size quotum of storage" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "999Gi" + - variable: hostPathType + label: "(Advanced) hostPath Type" + schema: + show_if: [["type", "=", "hostPath"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "DirectoryOrCreate" + description: "DirectoryOrCreate" + - value: "Directory" + description: "Directory" + - value: "FileOrCreate" + description: "FileOrCreate" + - value: "File" + description: "File" + - value: "Socket" + description: "Socket" + - value: "CharDevice" + description: "CharDevice" + - value: "BlockDevice" + description: "BlockDevice" + - variable: storageClass + label: "(Advanced) storageClass" + description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "SCALE-ZFS" + - variable: accessMode + label: "(Advanced) Access Mode" + description: "Allow or disallow multiple PVC's writhing to the same PV" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "ReadWriteOnce" + enum: + - value: "ReadWriteOnce" + description: "ReadWriteOnce" + - value: "ReadOnlyMany" + description: "ReadOnlyMany" + - value: "ReadWriteMany" + description: "ReadWriteMany" + - variable: advanced + label: "Show Advanced Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: persistenceList + label: "Additional app storage" + group: "Storage and Persistence" + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: "Custom Storage" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the storage" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Name (optional)" + description: "Not required, please set to config when mounting /config or temp when mounting /tmp" + schema: + type: string + - variable: type + label: "Type of Storage" + description: "Sets the persistence type, Anything other than PVC could break rollback!" + schema: + type: string + default: "simpleHP" + enum: + - value: "simplePVC" + description: "PVC (simple)" + - value: "simpleHP" + description: "HostPath (simple)" + - value: "emptyDir" + description: "emptyDir" + - value: "pvc" + description: "pvc" + - value: "hostPath" + description: "hostPath" + - variable: setPermissionsSimple + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "simpleHP"]] + type: boolean + default: true + - variable: setPermissions + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + show_if: [["type", "=", "hostPath"]] + type: boolean + default: true + - variable: readOnly + label: "readOnly" + schema: + type: boolean + default: false + - variable: hostPathSimple + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "simpleHP"]] + type: hostpath + - variable: hostPath + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: "mountPath" + description: "Path inside the container the storage is mounted" + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: "EmptyDir Medium" + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "Memory" + description: "Memory" + - variable: size + label: "Size quotum of storage" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "999Gi" + - variable: hostPathType + label: "(Advanced) hostPath Type" + schema: + show_if: [["type", "=", "hostPath"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "DirectoryOrCreate" + description: "DirectoryOrCreate" + - value: "Directory" + description: "Directory" + - value: "FileOrCreate" + description: "FileOrCreate" + - value: "File" + description: "File" + - value: "Socket" + description: "Socket" + - value: "CharDevice" + description: "CharDevice" + - value: "BlockDevice" + description: "BlockDevice" + - variable: storageClass + label: "(Advanced) storageClass" + description: "Warning: Anything other than SCALE-ZFS or empty will break rollback!" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "SCALE-ZFS" + - variable: accessMode + label: "(Advanced) Access Mode" + description: "Allow or disallow multiple PVC's writhing to the same PV" + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "ReadWriteOnce" + enum: + - value: "ReadWriteOnce" + description: "ReadWriteOnce" + - value: "ReadOnlyMany" + description: "ReadOnlyMany" + - value: "ReadWriteMany" + description: "ReadWriteMany" + - variable: advanced + label: "Show Advanced Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: ingress + label: "" + group: "Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Ingress" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: "Hosts" + schema: + type: list + default: [] + items: + - variable: hostEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: "HostName" + schema: + type: string + default: "" + required: true + - variable: paths + label: "Paths" + schema: + type: list + default: [] + items: + - variable: pathEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: "path" + schema: + type: string + required: true + default: "/" + - variable: pathType + label: "pathType" + schema: + type: string + required: true + default: "Prefix" + + - variable: tls + label: "TLS-Settings" + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: "Certificate Hosts" + schema: + type: list + default: [] + items: + - variable: host + label: "Host" + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + $ref: + - "definitions/certificate" + + - variable: entrypoint + label: "(Advanced) Traefik Entrypoint" + description: "Entrypoint used by Traefik when using Traefik as Ingress Provider" + schema: + type: string + default: "websecure" + required: true + - variable: middlewares + label: "Traefik Middlewares" + description: "Add previously created Traefik Middlewares to this Ingress" + schema: + type: list + default: [] + items: + - variable: name + label: "Name" + schema: + type: string + default: "" + required: true + + - variable: expert + label: "Show Expert Configuration Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enableFixedMiddlewares + description: "These middlewares enforce a number of best practices." + label: "Enable Default Middlewares" + schema: + type: boolean + default: true + - variable: ingressClassName + label: "IngressClass Name" + schema: + type: string + default: "" + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: ingressList + label: "Add Manual Custom Ingresses" + group: "Ingress" + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: "Custom Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Ingress" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Name" + schema: + type: string + default: "" + - variable: ingressClassName + label: "IngressClass Name" + schema: + type: string + default: "" + - variable: labelsList + label: "Labels" + schema: + type: list + default: [] + items: + - variable: labelItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: annotationsList + label: "Annotations" + schema: + type: list + default: [] + items: + - variable: annotationItem + label: "Label" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + - variable: hosts + label: "Hosts" + schema: + type: list + default: [] + items: + - variable: hostEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: "HostName" + schema: + type: string + default: "" + required: true + - variable: paths + label: "Paths" + schema: + type: list + default: [] + items: + - variable: pathEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: "path" + schema: + type: string + required: true + default: "/" + - variable: pathType + label: "pathType" + schema: + type: string + required: true + default: "Prefix" + - variable: service + label: "Linked Service" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Service Name" + schema: + type: string + default: "" + - variable: port + label: "Service Port" + schema: + type: int + - variable: tls + label: "TLS-Settings" + schema: + type: list + default: [] + items: + - variable: tlsEntry + label: "Host" + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: "Certificate Hosts" + schema: + type: list + default: [] + items: + - variable: host + label: "Host" + schema: + type: string + default: "" + required: true + - variable: scaleCert + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + $ref: + - "definitions/certificate" + - variable: entrypoint + label: "Traefik Entrypoint" + description: "Entrypoint used by Traefik when using Traefik as Ingress Provider" + schema: + type: string + default: "websecure" + required: true + - variable: middlewares + label: "Traefik Middlewares" + description: "Add previously created Traefik Middlewares to this Ingress" + schema: + type: list + default: [] + items: + - variable: name + label: "Name" + schema: + type: string + default: "" + required: true + + - variable: security + label: "Container Security Settings" + group: "Security and Permissions" + schema: + type: dict + additional_attrs: true + attrs: + - variable: editsecurity + label: "Change PUID / UMASK values" + description: "By enabling this you override default set values." + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: PUID + label: "Process User ID - PUID" + description: "When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps" + schema: + type: int + default: 568 + - variable: UMASK + label: "UMASK" + description: "When supported by the container, this sets the UMASK for tha App. Not supported by all Apps" + schema: + type: string + default: "002" + + - variable: advancedSecurity + label: "Show Advanced Security Settings" + group: "Security and Permissions" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: securityContext + label: "Security Context" + schema: + additional_attrs: true + type: dict + attrs: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: allowPrivilegeEscalation + label: "Allow Privilege Escalation" + schema: + type: boolean + default: false + - variable: runAsNonRoot + label: "runAsNonRoot" + schema: + type: boolean + default: true + - variable: capabilities + label: "Capabilities" + schema: + additional_attrs: true + type: dict + attrs: + - variable: drop + label: "Drop Capability" + schema: + type: list + default: [] + items: + - variable: dropEntry + label: "" + schema: + type: string + - variable: add + label: "Add Capability" + schema: + type: list + default: [] + items: + - variable: addEntry + label: "" + schema: + type: string + + - variable: podSecurityContext + group: "Security and Permissions" + label: "Pod Security Context" + schema: + additional_attrs: true + type: dict + attrs: + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID this App of the user running the application" + schema: + type: int + default: 568 + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: "OnRootMismatch" + enum: + - value: "OnRootMismatch" + description: "OnRootMismatch" + - value: "Always" + description: "Always" + - variable: supplementalGroups + label: "supplemental Groups" + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: "supplemental Group" + schema: + type: int + + + - variable: advancedresources + label: "Set Custom Resource Limits/Requests (Advanced)" + group: "Resources and Devices" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: resources + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: "Advanced Limit Resource Consumption" + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: "CPU" + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/indepth/validation/" + schema: + type: string + default: "4000m" + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/indepth/validation/" + schema: + type: string + default: "8Gi" + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: "CPU" + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/indepth/validation/" + schema: + type: string + default: "10m" + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/indepth/validation/" + schema: + type: string + default: "50Mi" + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + + - variable: deviceList + label: "Mount USB devices" + group: "Resources and Devices" + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: "Device" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the storage" + schema: + type: boolean + default: true + - variable: type + label: "(Advanced) Type of Storage" + description: "Sets the persistence type" + schema: + type: string + default: "hostPath" + hidden: true + - variable: readOnly + label: "readOnly" + schema: + type: boolean + default: false + - variable: hostPath + label: "Host Device Path" + description: "Path to the device on the host system" + schema: + type: path + - variable: mountPath + label: "Container Device Path" + description: "Path inside the container the device is mounted" + schema: + type: string + default: "/dev/ttyACM0" + + # Specify GPU configuration + - variable: scaleGPU + label: "GPU Configuration" + group: "Resources and Devices" + schema: + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] + + - variable: autoscaling + group: "Advanced" + label: "(Advanced) Horizontal Pod Autoscaler" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: target + label: "Target" + description: "deployment name, defaults to main deployment" + schema: + type: string + default: "" + - variable: minReplicas + label: "Minimum Replicas" + schema: + type: int + default: 1 + - variable: maxReplicas + label: "Maximum Replicas" + schema: + type: int + default: 5 + - variable: targetCPUUtilizationPercentage + label: "Target CPU Utilization Percentage" + schema: + type: int + default: 80 + - variable: targetMemoryUtilizationPercentage + label: "Target Memory Utilization Percentage" + schema: + type: int + default: 80 + - variable: networkPolicy + group: "Advanced" + label: "(Advanced) Network Policy" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: "Policy Type" + schema: + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "ingress" + description: "Ingress" + - value: "egress" + description: "Egress" + - value: "ingress-egress" + description: "Ingress and Egress" + - variable: egress + label: "Egress" + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: "To" + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: "ipBlock" + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: "cidr" + schema: + type: string + default: "" + - variable: except + label: "except" + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: "namespaceSelector" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: "matchExpressions" + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: "Key" + schema: + type: string + - variable: operator + label: "operator" + schema: + type: string + default: "TCP" + enum: + - value: "In" + description: "In" + - value: "NotIn" + description: "NotIn" + - value: "Exists " + description: "Exists " + - value: "DoesNotExist " + description: "DoesNotExist " + - variable: values + label: "values" + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: "matchExpressions" + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: "Key" + schema: + type: string + - variable: operator + label: "operator" + schema: + type: string + default: "TCP" + enum: + - value: "In" + description: "In" + - value: "NotIn" + description: "NotIn" + - value: "Exists " + description: "Exists " + - value: "DoesNotExist " + description: "DoesNotExist " + - variable: values + label: "values" + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: "Ports" + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "port" + schema: + type: int + - variable: endPort + label: "port" + schema: + type: int + - variable: protocol + label: "Protocol" + schema: + type: string + default: "TCP" + enum: + - value: "TCP" + description: "TCP" + - value: "UDP" + description: "UDP" + - value: "SCTP" + description: "SCTP" + - variable: ingress + label: "Ingress" + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: "From" + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: "ipBlock" + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: "cidr" + schema: + type: string + default: "" + - variable: except + label: "except" + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: "namespaceSelector" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: "matchExpressions" + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: "Key" + schema: + type: string + - variable: operator + label: "operator" + schema: + type: string + default: "TCP" + enum: + - value: "In" + description: "In" + - value: "NotIn" + description: "NotIn" + - value: "Exists " + description: "Exists " + - value: "DoesNotExist " + description: "DoesNotExist " + - variable: values + label: "values" + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: "matchExpressions" + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: "Key" + schema: + type: string + - variable: operator + label: "operator" + schema: + type: string + default: "TCP" + enum: + - value: "In" + description: "In" + - value: "NotIn" + description: "NotIn" + - value: "Exists " + description: "Exists " + - value: "DoesNotExist " + description: "DoesNotExist " + - variable: values + label: "values" + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: "Ports" + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "port" + schema: + type: int + - variable: endPort + label: "port" + schema: + type: int + - variable: protocol + label: "Protocol" + schema: + type: string + default: "TCP" + enum: + - value: "TCP" + description: "TCP" + - value: "UDP" + description: "UDP" + - value: "SCTP" + description: "SCTP" + + + - variable: addons + group: "Addons" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: vpn + label: "VPN" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: "Type" + schema: + type: string + default: "disabled" + enum: + - value: "disabled" + description: "disabled" + - value: "openvpn" + description: "OpenVPN" + - value: "wireguard" + description: "Wireguard" + - variable: openvpn + label: "OpenVPN Settings" + schema: + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: "authentication username" + description: "authentication username, optional" + schema: + type: string + default: "" + - variable: password + label: "authentication password" + description: "authentication credentials" + schema: + type: string + default: "" + required: true + - variable: killSwitch + label: "Enable killswitch" + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: "Killswitch Excluded IPv4 networks" + description: "list of killswitch excluded ipv4 addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: "IPv4 Network" + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: "Killswitch Excluded IPv6 networks" + description: "list of killswitch excluded ipv4 addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: "IPv6 Network" + schema: + type: string + required: true + + - variable: configFile + label: "VPN Config File Location" + schema: + type: dict + show_if: [["type", "!=", "disabled"]] + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: true + hidden: true + - variable: type + label: "type" + schema: + type: string + default: "hostPath" + hidden: true + - variable: hostPathType + label: "hostPathType" + schema: + type: string + default: "File" + hidden: true + - variable: noMount + label: "noMount" + schema: + type: boolean + default: true + hidden: true + - variable: hostPath + label: "Full path to file" + description: "path to your local VPN config file for example: /mnt/tank/vpn.conf or /mnt/tank/vpn.ovpn" + schema: + type: string + default: "" + required: true + - variable: envList + label: "VPN environment Variables" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + required: true + + - variable: codeserver + label: "Codeserver" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: git + label: "Git Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: deployKey + description: "Raw SSH private key" + label: "deployKey" + schema: + type: string + - variable: deployKeyBase64 + description: "Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence" + label: "deployKeyBase64" + schema: + type: string + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: "Service Type" + description: "ClusterIP's are only internally available, nodePorts expose the container to the host node System, Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: "NodePort" + enum: + - value: "NodePort" + description: "NodePort" + - value: "ClusterIP" + description: "ClusterIP" + - value: "LoadBalancer" + description: "LoadBalancer" + - variable: loadBalancerIP + label: "LoadBalancer IP" + description: "LoadBalancerIP" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: list + default: [] + items: + - variable: externalIP + label: "External IP" + schema: + type: string + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: nodePort + description: "leave empty to disable" + label: "nodePort" + schema: + type: int + default: 36107 + - variable: envList + label: "Codeserver environment Variables" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + required: true + + + - variable: promtail + label: "Promtail" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: loki + label: "Loki URL" + schema: + type: string + required: true + - variable: logs + label: "Log Paths" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: path + label: "Path" + schema: + type: string + required: true + - variable: args + label: "Promtail ecommand line arguments" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: arg + label: "Arg" + schema: + type: string + required: true + - variable: envList + label: "Promtail environment Variables" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + required: true + + + + + - variable: netshoot + label: "Netshoot" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: "Netshoot environment Variables" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: "Environment Variable" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + required: true diff --git a/incubator/kopia/0.0.1/security.md b/incubator/kopia/0.0.1/security.md new file mode 100644 index 00000000000..c915c1c3343 --- /dev/null +++ b/incubator/kopia/0.0.1/security.md @@ -0,0 +1,111 @@ +--- +hide: + - toc +--- + +# Security Overview + + + +## Helm-Chart + +##### Scan Results + +#### Chart Object: kopia/templates/common.yaml + + + +| Type | Misconfiguration ID | Check | Severity | Explaination | Links | +|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------| +| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM |
Expand... A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.


Container 'hostpatch' of Deployment 'RELEASE-NAME-kopia' should set 'securityContext.allowPrivilegeEscalation' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv001
| +| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.


Container 'RELEASE-NAME-kopia' of Deployment 'RELEASE-NAME-kopia' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
| +| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.


Container 'hostpatch' of Deployment 'RELEASE-NAME-kopia' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
| +| Kubernetes Security Check | KSV011 | CPU not limited | LOW |
Expand... Enforcing CPU limits prevents DoS via resource exhaustion.


Container 'hostpatch' of Deployment 'RELEASE-NAME-kopia' should set 'resources.limits.cpu'
|
Expand...https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv011
| +| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.


Container 'autopermissions' of Deployment 'RELEASE-NAME-kopia' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| +| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.


Container 'hostpatch' of Deployment 'RELEASE-NAME-kopia' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| +| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.


Container 'autopermissions' of Deployment 'RELEASE-NAME-kopia' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| +| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.


Container 'hostpatch' of Deployment 'RELEASE-NAME-kopia' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| +| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW |
Expand... When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.


Container 'hostpatch' of Deployment 'RELEASE-NAME-kopia' should set 'resources.requests.cpu'
|
Expand...https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv015
| +| Kubernetes Security Check | KSV016 | Memory requests not specified | LOW |
Expand... When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.


Container 'hostpatch' of Deployment 'RELEASE-NAME-kopia' should set 'resources.requests.memory'
|
Expand...https://kubesec.io/basics/containers-resources-limits-memory/
https://avd.aquasec.com/appshield/ksv016
| +| Kubernetes Security Check | KSV017 | Privileged container | HIGH |
Expand... Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.


Container 'hostpatch' of Deployment 'RELEASE-NAME-kopia' should set 'securityContext.privileged' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv017
| +| Kubernetes Security Check | KSV018 | Memory not limited | LOW |
Expand... Enforcing memory limits prevents DoS via resource exhaustion.


Container 'hostpatch' of Deployment 'RELEASE-NAME-kopia' should set 'resources.limits.memory'
|
Expand...https://kubesec.io/basics/containers-resources-limits-memory/
https://avd.aquasec.com/appshield/ksv018
| +| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.


Container 'RELEASE-NAME-kopia' of Deployment 'RELEASE-NAME-kopia' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| +| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.


Container 'autopermissions' of Deployment 'RELEASE-NAME-kopia' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| +| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.


Container 'hostpatch' of Deployment 'RELEASE-NAME-kopia' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| +| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.


Container 'RELEASE-NAME-kopia' of Deployment 'RELEASE-NAME-kopia' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| +| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.


Container 'autopermissions' of Deployment 'RELEASE-NAME-kopia' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| +| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.


Container 'hostpatch' of Deployment 'RELEASE-NAME-kopia' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| +| Kubernetes Security Check | KSV023 | hostPath volumes mounted | MEDIUM |
Expand... HostPath volumes must be forbidden.


Deployment 'RELEASE-NAME-kopia' should not set 'spec.template.volumes.hostPath'
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv023
| +| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW |
Expand... Containers should be forbidden from running with a root primary or supplementary GID.


Deployment 'RELEASE-NAME-kopia' should set 'spec.securityContext.runAsGroup', 'spec.securityContext.supplementalGroups[*]' and 'spec.securityContext.fsGroup' to integer greater than 0
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv029
| + +## Containers + +##### Detected Containers + + tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 + tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 + kopia/kopia:0.10.7@sha256:2a4f9e0804c0897d8793cfa10d0a321e3c936544d89631ca9bac41ff9a68d903 + +##### Scan Results + + +#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2) + + +**alpine** + + +| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | +|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| +| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 |
Expand...https://access.redhat.com/security/cve/CVE-2022-28391
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
| +| curl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-22576
https://curl.se/docs/CVE-2022-22576.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://ubuntu.com/security/notices/USN-5397-1
| +| curl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27774
https://curl.se/docs/CVE-2022-27774.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://ubuntu.com/security/notices/USN-5397-1
| +| curl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27776
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://ubuntu.com/security/notices/USN-5397-1
| +| curl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27775
https://curl.se/docs/CVE-2022-27775.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://ubuntu.com/security/notices/USN-5397-1
| +| libcurl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-22576
https://curl.se/docs/CVE-2022-22576.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://ubuntu.com/security/notices/USN-5397-1
| +| libcurl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27774
https://curl.se/docs/CVE-2022-27774.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://ubuntu.com/security/notices/USN-5397-1
| +| libcurl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27776
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://ubuntu.com/security/notices/USN-5397-1
| +| libcurl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27775
https://curl.se/docs/CVE-2022-27775.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://ubuntu.com/security/notices/USN-5397-1
| +| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 |
Expand...https://access.redhat.com/security/cve/CVE-2022-28391
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
| +| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 |
Expand...http://www.openwall.com/lists/oss-security/2022/03/25/2
http://www.openwall.com/lists/oss-security/2022/03/26/1
https://access.redhat.com/security/cve/CVE-2018-25032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
https://github.com/madler/zlib/issues/605
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ
https://linux.oracle.com/cve/CVE-2018-25032.html
https://linux.oracle.com/errata/ELSA-2022-1642.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
https://nvd.nist.gov/vuln/detail/CVE-2018-25032
https://ubuntu.com/security/notices/USN-5355-1
https://ubuntu.com/security/notices/USN-5355-2
https://ubuntu.com/security/notices/USN-5359-1
https://www.debian.org/security/2022/dsa-5111
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://www.openwall.com/lists/oss-security/2022/03/28/1
https://www.openwall.com/lists/oss-security/2022/03/28/3
| + + +#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2) + + +**alpine** + + +| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | +|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| +| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 |
Expand...https://access.redhat.com/security/cve/CVE-2022-28391
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
| +| curl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-22576
https://curl.se/docs/CVE-2022-22576.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://ubuntu.com/security/notices/USN-5397-1
| +| curl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27774
https://curl.se/docs/CVE-2022-27774.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://ubuntu.com/security/notices/USN-5397-1
| +| curl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27776
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://ubuntu.com/security/notices/USN-5397-1
| +| curl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27775
https://curl.se/docs/CVE-2022-27775.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://ubuntu.com/security/notices/USN-5397-1
| +| libcurl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-22576
https://curl.se/docs/CVE-2022-22576.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://ubuntu.com/security/notices/USN-5397-1
| +| libcurl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27774
https://curl.se/docs/CVE-2022-27774.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://ubuntu.com/security/notices/USN-5397-1
| +| libcurl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27776
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://ubuntu.com/security/notices/USN-5397-1
| +| libcurl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27775
https://curl.se/docs/CVE-2022-27775.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://ubuntu.com/security/notices/USN-5397-1
| +| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 |
Expand...https://access.redhat.com/security/cve/CVE-2022-28391
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
| +| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 |
Expand...http://www.openwall.com/lists/oss-security/2022/03/25/2
http://www.openwall.com/lists/oss-security/2022/03/26/1
https://access.redhat.com/security/cve/CVE-2018-25032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
https://github.com/madler/zlib/issues/605
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ
https://linux.oracle.com/cve/CVE-2018-25032.html
https://linux.oracle.com/errata/ELSA-2022-1642.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
https://nvd.nist.gov/vuln/detail/CVE-2018-25032
https://ubuntu.com/security/notices/USN-5355-1
https://ubuntu.com/security/notices/USN-5355-2
https://ubuntu.com/security/notices/USN-5359-1
https://www.debian.org/security/2022/dsa-5111
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://www.openwall.com/lists/oss-security/2022/03/28/1
https://www.openwall.com/lists/oss-security/2022/03/28/3
| + + +#### Container: kopia/kopia:0.10.7@sha256:2a4f9e0804c0897d8793cfa10d0a321e3c936544d89631ca9bac41ff9a68d903 (debian 11.3) + + +**debian** + + +| No Vulnerabilities found | +|:---------------------------------| + + + +**gobinary** + + +| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | +|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| +| golang.org/x/crypto | CVE-2022-27191 | HIGH | v0.0.0-20210817164053-32db794688a5 | 0.0.0-20220315160706-3147a52a75dd |
Expand...https://access.redhat.com/security/cve/CVE-2022-27191
https://github.com/advisories/GHSA-8c26-wmh5-6g9v
https://groups.google.com/g/golang-announce
https://groups.google.com/g/golang-announce/c/-cp44ypCT5s
https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/
https://nvd.nist.gov/vuln/detail/CVE-2022-27191
https://security.netapp.com/advisory/ntap-20220429-0002/
| + diff --git a/incubator/kopia/0.0.1/templates/common.yaml b/incubator/kopia/0.0.1/templates/common.yaml new file mode 100644 index 00000000000..a6613c2ce21 --- /dev/null +++ b/incubator/kopia/0.0.1/templates/common.yaml @@ -0,0 +1 @@ +{{ include "common.all" . }} diff --git a/incubator/kopia/0.0.1/values.yaml b/incubator/kopia/0.0.1/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/incubator/kopia/item.yaml b/incubator/kopia/item.yaml new file mode 100644 index 00000000000..9c432c8fb5d --- /dev/null +++ b/incubator/kopia/item.yaml @@ -0,0 +1,4 @@ +icon_url: https://truecharts.org/_static/img/appicons/kopia.png +categories: +- utility +