From cdd27801890b748fae12c9fce0cb55eeaae01975 Mon Sep 17 00:00:00 2001 From: zeaslity Date: Thu, 5 Jan 2023 17:29:13 +0800 Subject: [PATCH] [ server ] octopus server bootup --- .../source/kubernetes-dashboard/.helmignore | 41 - .../io/wdd/source/kubernetes-dashboard/1.yaml | 803 -------- .../source/kubernetes-dashboard/Chart.lock | 6 - .../source/kubernetes-dashboard/Chart.yaml | 21 - .../wdd/source/kubernetes-dashboard/README.md | 121 -- .../admin-user-dashboard.yaml | 23 - .../charts/metrics-server/.helmignore | 23 - .../charts/metrics-server/Chart.yaml | 26 - .../charts/metrics-server/README.md | 63 - .../charts/metrics-server/ci/ci-values.yaml | 2 - .../charts/metrics-server/templates/NOTES.txt | 7 - .../metrics-server/templates/_helpers.tpl | 78 - .../metrics-server/templates/apiservice.yaml | 17 - .../clusterrole-aggregated-reader.yaml | 21 - .../metrics-server/templates/clusterrole.yaml | 32 - .../clusterrolebinding-auth-delegator.yaml | 16 - .../templates/clusterrolebinding.yaml | 16 - .../metrics-server/templates/deployment.yaml | 94 - .../charts/metrics-server/templates/pdb.yaml | 18 - .../charts/metrics-server/templates/psp.yaml | 28 - .../metrics-server/templates/rolebinding.yaml | 17 - .../metrics-server/templates/service.yaml | 22 - .../templates/serviceaccount.yaml | 12 - .../charts/metrics-server/values.yaml | 116 -- .../kubernetes-dashboard/templates/NOTES.txt | 49 - .../templates/_helpers.tpl | 78 - .../templates/_tplvalues.tpl | 27 - .../templates/clusterrole-metrics.yaml | 34 - .../templates/clusterrole-readonly.yaml | 157 -- .../templates/clusterrolebinding-metrics.yaml | 37 - .../clusterrolebinding-readonly.yaml | 37 - .../templates/configmap.yaml | 34 - .../templates/deployment.yaml | 188 -- .../templates/extra-manifests.yaml | 18 - .../templates/ingress.yaml | 89 - .../templates/networkpolicy.yaml | 45 - .../kubernetes-dashboard/templates/pdb.yaml | 39 - .../kubernetes-dashboard/templates/psp.yaml | 82 - .../kubernetes-dashboard/templates/role.yaml | 52 - .../templates/rolebinding.yaml | 37 - .../templates/secret.yaml | 47 - .../templates/service.yaml | 62 - .../templates/serviceaccount.yaml | 29 - .../templates/servicemonitor.yaml | 50 - .../source/kubernetes-dashboard/values.yaml | 357 ---- .../io/wdd/source/mysql-9.4.3/.helmignore | 21 - .../java/io/wdd/source/mysql-9.4.3/Chart.lock | 6 - .../java/io/wdd/source/mysql-9.4.3/Chart.yaml | 28 - .../java/io/wdd/source/mysql-9.4.3/README.md | 552 ------ .../mysql-9.4.3/charts/common/.helmignore | 22 - .../mysql-9.4.3/charts/common/Chart.yaml | 23 - .../mysql-9.4.3/charts/common/README.md | 350 ---- .../charts/common/templates/_affinities.tpl | 98 - .../charts/common/templates/_capabilities.tpl | 154 -- .../charts/common/templates/_errors.tpl | 23 - .../charts/common/templates/_images.tpl | 76 - .../charts/common/templates/_ingress.tpl | 68 - .../charts/common/templates/_labels.tpl | 18 - .../charts/common/templates/_names.tpl | 70 - .../charts/common/templates/_secrets.tpl | 165 -- .../charts/common/templates/_storage.tpl | 23 - .../charts/common/templates/_tplvalues.tpl | 13 - .../charts/common/templates/_utils.tpl | 62 - .../charts/common/templates/_warnings.tpl | 14 - .../templates/validations/_cassandra.tpl | 72 - .../common/templates/validations/_mariadb.tpl | 103 -- .../common/templates/validations/_mongodb.tpl | 108 -- .../common/templates/validations/_mysql.tpl | 103 -- .../templates/validations/_postgresql.tpl | 129 -- .../common/templates/validations/_redis.tpl | 76 - .../templates/validations/_validations.tpl | 46 - .../mysql-9.4.3/charts/common/values.yaml | 5 - .../source/mysql-9.4.3/templates/NOTES.txt | 75 - .../source/mysql-9.4.3/templates/_helpers.tpl | 161 -- .../mysql-9.4.3/templates/extra-list.yaml | 4 - .../mysql-9.4.3/templates/metrics-svc.yaml | 29 - .../mysql-9.4.3/templates/networkpolicy.yaml | 40 - .../templates/primary/configmap.yaml | 18 - .../primary/initialization-configmap.yaml | 17 - .../mysql-9.4.3/templates/primary/pdb.yaml | 25 - .../templates/primary/statefulset.yaml | 379 ---- .../templates/primary/svc-headless.yaml | 29 - .../mysql-9.4.3/templates/primary/svc.yaml | 52 - .../mysql-9.4.3/templates/prometheusrule.yaml | 22 - .../source/mysql-9.4.3/templates/role.yaml | 24 - .../mysql-9.4.3/templates/rolebinding.yaml | 21 - .../templates/secondary/configmap.yaml | 18 - .../mysql-9.4.3/templates/secondary/pdb.yaml | 25 - .../templates/secondary/statefulset.yaml | 360 ---- .../templates/secondary/svc-headless.yaml | 31 - .../mysql-9.4.3/templates/secondary/svc.yaml | 54 - .../source/mysql-9.4.3/templates/secrets.yaml | 21 - .../mysql-9.4.3/templates/serviceaccount.yaml | 23 - .../mysql-9.4.3/templates/servicemonitor.yaml | 49 - .../wdd/source/mysql-9.4.3/values.schema.json | 195 -- .../io/wdd/source/mysql-9.4.3/values.yaml | 1203 ------------ .../.github/workflows/lint-test.yaml | 35 - .../io/wdd/source/nacos-2.1.2/.helmignore | 21 - .../java/io/wdd/source/nacos-2.1.2/Chart.lock | 9 - .../java/io/wdd/source/nacos-2.1.2/Chart.yaml | 27 - .../java/io/wdd/source/nacos-2.1.2/LICENSE | 674 ------- .../java/io/wdd/source/nacos-2.1.2/README.md | 250 --- .../nacos-2.1.2/charts/common/.helmignore | 22 - .../nacos-2.1.2/charts/common/Chart.yaml | 23 - .../nacos-2.1.2/charts/common/README.md | 350 ---- .../charts/common/templates/_affinities.tpl | 102 -- .../charts/common/templates/_capabilities.tpl | 154 -- .../charts/common/templates/_errors.tpl | 23 - .../charts/common/templates/_images.tpl | 75 - .../charts/common/templates/_ingress.tpl | 68 - .../charts/common/templates/_labels.tpl | 18 - .../charts/common/templates/_names.tpl | 70 - .../charts/common/templates/_secrets.tpl | 140 -- .../charts/common/templates/_storage.tpl | 23 - .../charts/common/templates/_tplvalues.tpl | 13 - .../charts/common/templates/_utils.tpl | 62 - .../charts/common/templates/_warnings.tpl | 14 - .../templates/validations/_cassandra.tpl | 72 - .../common/templates/validations/_mariadb.tpl | 103 -- .../common/templates/validations/_mongodb.tpl | 108 -- .../common/templates/validations/_mysql.tpl | 103 -- .../templates/validations/_postgresql.tpl | 129 -- .../common/templates/validations/_redis.tpl | 76 - .../templates/validations/_validations.tpl | 46 - .../nacos-2.1.2/charts/common/values.yaml | 5 - .../nacos-2.1.2/charts/mysql/.helmignore | 21 - .../nacos-2.1.2/charts/mysql/Chart.lock | 6 - .../nacos-2.1.2/charts/mysql/Chart.yaml | 28 - .../source/nacos-2.1.2/charts/mysql/README.md | 491 ----- .../charts/mysql/charts/common/.helmignore | 22 - .../charts/mysql/charts/common/Chart.yaml | 23 - .../charts/mysql/charts/common/README.md | 347 ---- .../charts/common/templates/_affinities.tpl | 102 -- .../charts/common/templates/_capabilities.tpl | 139 -- .../mysql/charts/common/templates/_errors.tpl | 23 - .../mysql/charts/common/templates/_images.tpl | 75 - .../charts/common/templates/_ingress.tpl | 68 - .../mysql/charts/common/templates/_labels.tpl | 18 - .../mysql/charts/common/templates/_names.tpl | 63 - .../charts/common/templates/_secrets.tpl | 140 -- .../charts/common/templates/_storage.tpl | 23 - .../charts/common/templates/_tplvalues.tpl | 13 - .../mysql/charts/common/templates/_utils.tpl | 62 - .../charts/common/templates/_warnings.tpl | 14 - .../templates/validations/_cassandra.tpl | 72 - .../common/templates/validations/_mariadb.tpl | 103 -- .../common/templates/validations/_mongodb.tpl | 108 -- .../templates/validations/_postgresql.tpl | 129 -- .../common/templates/validations/_redis.tpl | 76 - .../templates/validations/_validations.tpl | 46 - .../charts/mysql/charts/common/values.yaml | 5 - .../mysql/ci/values-production-with-rbac.yaml | 30 - .../charts/mysql/templates/NOTES.txt | 99 - .../charts/mysql/templates/_helpers.tpl | 192 -- .../charts/mysql/templates/extra-list.yaml | 4 - .../charts/mysql/templates/metrics-svc.yaml | 29 - .../charts/mysql/templates/networkpolicy.yaml | 38 - .../mysql/templates/primary/configmap.yaml | 18 - .../primary/initialization-configmap.yaml | 14 - .../charts/mysql/templates/primary/pdb.yaml | 25 - .../mysql/templates/primary/statefulset.yaml | 368 ---- .../mysql/templates/primary/svc-headless.yaml | 24 - .../charts/mysql/templates/primary/svc.yaml | 41 - .../charts/mysql/templates/role.yaml | 21 - .../charts/mysql/templates/rolebinding.yaml | 21 - .../mysql/templates/secondary/configmap.yaml | 18 - .../charts/mysql/templates/secondary/pdb.yaml | 25 - .../templates/secondary/statefulset.yaml | 338 ---- .../templates/secondary/svc-headless.yaml | 26 - .../charts/mysql/templates/secondary/svc.yaml | 43 - .../charts/mysql/templates/secrets.yaml | 21 - .../mysql/templates/serviceaccount.yaml | 22 - .../mysql/templates/servicemonitor.yaml | 42 - .../charts/mysql/values.schema.json | 178 -- .../nacos-2.1.2/charts/mysql/values.yaml | 1026 ----------- .../source/nacos-2.1.2/templates/NOTES.txt | 41 - .../source/nacos-2.1.2/templates/_helpers.tpl | 105 -- .../nacos-2.1.2/templates/configmap.yaml | 17 - .../templates/deployment-statefulset.yaml | 310 ---- .../nacos-2.1.2/templates/extra-list.yaml | 4 - .../wdd/source/nacos-2.1.2/templates/hpa.yaml | 46 - .../source/nacos-2.1.2/templates/ingress.yaml | 60 - .../wdd/source/nacos-2.1.2/templates/job.yaml | 78 - .../nacos-2.1.2/templates/networkpolicy.yaml | 43 - .../wdd/source/nacos-2.1.2/templates/pdb.yaml | 23 - .../templates/prometheusrules.yaml | 25 - .../wdd/source/nacos-2.1.2/templates/pvc.yaml | 38 - .../source/nacos-2.1.2/templates/secret.yaml | 32 - .../templates/service-headless.yaml | 23 - .../source/nacos-2.1.2/templates/service.yaml | 42 - .../nacos-2.1.2/templates/serviceaccount.yaml | 21 - .../nacos-2.1.2/templates/servicemonitor.yaml | 45 - .../templates/test/test-nacos.yaml | 18 - .../nacos-2.1.2/templates/tls-secrets.yaml | 44 - .../io/wdd/source/nacos-2.1.2/values.yaml | 803 -------- .../io/wdd/source/octopus-middile-wares.zip | Bin 0 -> 430614 bytes .../io/wdd/source/rabbitmq-11.1.2/.helmignore | 21 - .../io/wdd/source/rabbitmq-11.1.2/Chart.lock | 6 - .../io/wdd/source/rabbitmq-11.1.2/Chart.yaml | 26 - .../io/wdd/source/rabbitmq-11.1.2/README.md | 718 -------- .../rabbitmq-11.1.2/charts/common/.helmignore | 22 - .../rabbitmq-11.1.2/charts/common/Chart.yaml | 23 - .../rabbitmq-11.1.2/charts/common/README.md | 350 ---- .../charts/common/templates/_affinities.tpl | 98 - .../charts/common/templates/_capabilities.tpl | 154 -- .../charts/common/templates/_errors.tpl | 23 - .../charts/common/templates/_images.tpl | 76 - .../charts/common/templates/_ingress.tpl | 68 - .../charts/common/templates/_labels.tpl | 18 - .../charts/common/templates/_names.tpl | 70 - .../charts/common/templates/_secrets.tpl | 165 -- .../charts/common/templates/_storage.tpl | 23 - .../charts/common/templates/_tplvalues.tpl | 13 - .../charts/common/templates/_utils.tpl | 62 - .../charts/common/templates/_warnings.tpl | 14 - .../templates/validations/_cassandra.tpl | 72 - .../common/templates/validations/_mariadb.tpl | 103 -- .../common/templates/validations/_mongodb.tpl | 108 -- .../common/templates/validations/_mysql.tpl | 103 -- .../templates/validations/_postgresql.tpl | 129 -- .../common/templates/validations/_redis.tpl | 76 - .../templates/validations/_validations.tpl | 46 - .../rabbitmq-11.1.2/charts/common/values.yaml | 5 - .../rabbitmq-11.1.2/templates/NOTES.txt | 154 -- .../rabbitmq-11.1.2/templates/_helpers.tpl | 227 --- .../templates/config-secret.yaml | 20 - .../rabbitmq-11.1.2/templates/extra-list.yaml | 4 - .../rabbitmq-11.1.2/templates/ingress.yaml | 64 - .../templates/init-configmap.yaml | 16 - .../templates/networkpolicy.yaml | 40 - .../source/rabbitmq-11.1.2/templates/pdb.yaml | 23 - .../templates/prometheusrule.yaml | 23 - .../rabbitmq-11.1.2/templates/role.yaml | 21 - .../templates/rolebinding.yaml | 21 - .../rabbitmq-11.1.2/templates/secrets.yaml | 39 - .../templates/serviceaccount.yaml | 24 - .../templates/servicemonitor.yaml | 57 - .../templates/statefulset.yaml | 426 ----- .../templates/svc-headless.yaml | 44 - .../source/rabbitmq-11.1.2/templates/svc.yaml | 111 -- .../templates/tls-secrets.yaml | 81 - .../rabbitmq-11.1.2/templates/validation.yaml | 2 - .../source/rabbitmq-11.1.2/values.schema.json | 100 - .../io/wdd/source/rabbitmq-11.1.2/values.yaml | 1313 ------------- .../src/main/java/io/wdd/source/rabbitmq.sh | 13 - .../source/redis-bitnami-16.13.2/.helmignore | 21 - .../source/redis-bitnami-16.13.2/Chart.lock | 6 - .../source/redis-bitnami-16.13.2/Chart.yaml | 28 - .../source/redis-bitnami-16.13.2/README.md | 898 --------- .../charts/common/.helmignore | 22 - .../charts/common/Chart.yaml | 23 - .../charts/common/README.md | 350 ---- .../charts/common/templates/_affinities.tpl | 102 -- .../charts/common/templates/_capabilities.tpl | 154 -- .../charts/common/templates/_errors.tpl | 23 - .../charts/common/templates/_images.tpl | 75 - .../charts/common/templates/_ingress.tpl | 68 - .../charts/common/templates/_labels.tpl | 18 - .../charts/common/templates/_names.tpl | 70 - .../charts/common/templates/_secrets.tpl | 140 -- .../charts/common/templates/_storage.tpl | 23 - .../charts/common/templates/_tplvalues.tpl | 13 - .../charts/common/templates/_utils.tpl | 62 - .../charts/common/templates/_warnings.tpl | 14 - .../templates/validations/_cassandra.tpl | 72 - .../common/templates/validations/_mariadb.tpl | 103 -- .../common/templates/validations/_mongodb.tpl | 108 -- .../common/templates/validations/_mysql.tpl | 103 -- .../templates/validations/_postgresql.tpl | 129 -- .../common/templates/validations/_redis.tpl | 76 - .../templates/validations/_validations.tpl | 46 - .../charts/common/values.yaml | 5 - .../img/redis-cluster-topology.png | Bin 11448 -> 0 bytes .../img/redis-topology.png | Bin 9709 -> 0 bytes .../redis-bitnami-16.13.2/templates/NOTES.txt | 191 -- .../templates/_helpers.tpl | 291 --- .../templates/configmap.yaml | 59 - .../templates/extra-list.yaml | 4 - .../templates/headless-svc.yaml | 30 - .../templates/health-configmap.yaml | 192 -- .../templates/master/application.yaml | 473 ----- .../templates/master/psp.yaml | 46 - .../templates/master/pvc.yaml | 27 - .../templates/master/service.yaml | 58 - .../templates/metrics-svc.yaml | 41 - .../templates/networkpolicy.yaml | 78 - .../redis-bitnami-16.13.2/templates/pdb.yaml | 23 - .../templates/prometheusrule.yaml | 23 - .../templates/replicas/hpa.yaml | 47 - .../templates/replicas/service.yaml | 58 - .../templates/replicas/statefulset.yaml | 471 ----- .../redis-bitnami-16.13.2/templates/role.yaml | 28 - .../templates/rolebinding.yaml | 21 - .../templates/scripts-configmap.yaml | 627 ------- .../templates/secret.yaml | 23 - .../templates/sentinel/hpa.yaml | 47 - .../templates/sentinel/node-services.yaml | 70 - .../templates/sentinel/ports-configmap.yaml | 100 - .../templates/sentinel/service.yaml | 103 -- .../templates/sentinel/statefulset.yaml | 688 ------- .../templates/serviceaccount.yaml | 21 - .../templates/servicemonitor.yaml | 41 - .../templates/tls-secret.yaml | 29 - .../redis-bitnami-16.13.2/values.schema.json | 156 -- .../source/redis-bitnami-16.13.2/values.yaml | 1623 ----------------- .../java/io/wdd/source/shell/server-bootup.sh | 754 ++++++++ 306 files changed, 754 insertions(+), 31843 deletions(-) delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/.helmignore delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/1.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/Chart.lock delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/Chart.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/README.md delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/admin-user-dashboard.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/.helmignore delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/Chart.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/README.md delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/ci/ci-values.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/NOTES.txt delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/_helpers.tpl delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/apiservice.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/clusterrole-aggregated-reader.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/clusterrole.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/clusterrolebinding-auth-delegator.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/clusterrolebinding.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/deployment.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/pdb.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/psp.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/rolebinding.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/service.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/serviceaccount.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/values.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/NOTES.txt delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/_helpers.tpl delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/_tplvalues.tpl delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/clusterrole-metrics.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/clusterrole-readonly.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/clusterrolebinding-readonly.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/configmap.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/deployment.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/extra-manifests.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/ingress.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/networkpolicy.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/pdb.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/psp.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/role.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/rolebinding.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/secret.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/service.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/serviceaccount.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/servicemonitor.yaml delete mode 100644 source/src/main/java/io/wdd/source/kubernetes-dashboard/values.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/.helmignore delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/Chart.lock delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/Chart.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/README.md delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/.helmignore delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/Chart.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/README.md delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_affinities.tpl delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_capabilities.tpl delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_errors.tpl delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_images.tpl delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_ingress.tpl delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_labels.tpl delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_names.tpl delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_secrets.tpl delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_storage.tpl delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_tplvalues.tpl delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_utils.tpl delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_warnings.tpl delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_cassandra.tpl delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_mariadb.tpl delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_mongodb.tpl delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_mysql.tpl delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_postgresql.tpl delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_redis.tpl delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_validations.tpl delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/values.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/templates/NOTES.txt delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/templates/_helpers.tpl delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/templates/extra-list.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/templates/metrics-svc.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/templates/networkpolicy.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/configmap.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/initialization-configmap.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/pdb.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/statefulset.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/svc-headless.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/svc.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/templates/prometheusrule.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/templates/role.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/templates/rolebinding.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secondary/configmap.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secondary/pdb.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secondary/statefulset.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secondary/svc-headless.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secondary/svc.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secrets.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/templates/serviceaccount.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/templates/servicemonitor.yaml delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/values.schema.json delete mode 100644 source/src/main/java/io/wdd/source/mysql-9.4.3/values.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/.github/workflows/lint-test.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/.helmignore delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/Chart.lock delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/Chart.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/LICENSE delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/README.md delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/.helmignore delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/Chart.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/README.md delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_affinities.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_capabilities.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_errors.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_images.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_ingress.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_labels.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_names.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_secrets.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_storage.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_tplvalues.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_utils.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_warnings.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_cassandra.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_mariadb.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_mongodb.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_mysql.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_postgresql.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_redis.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_validations.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/values.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/.helmignore delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/Chart.lock delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/Chart.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/README.md delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/.helmignore delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/Chart.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/README.md delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_affinities.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_capabilities.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_errors.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_images.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_ingress.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_labels.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_names.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_secrets.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_storage.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_tplvalues.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_utils.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_warnings.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_cassandra.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_mariadb.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_mongodb.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_postgresql.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_redis.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_validations.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/values.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/ci/values-production-with-rbac.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/NOTES.txt delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/_helpers.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/extra-list.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/metrics-svc.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/networkpolicy.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/configmap.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/initialization-configmap.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/pdb.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/statefulset.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/svc-headless.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/svc.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/role.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/rolebinding.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secondary/configmap.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secondary/pdb.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secondary/statefulset.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secondary/svc-headless.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secondary/svc.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secrets.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/serviceaccount.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/servicemonitor.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/values.schema.json delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/values.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/templates/NOTES.txt delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/templates/_helpers.tpl delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/templates/configmap.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/templates/deployment-statefulset.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/templates/extra-list.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/templates/hpa.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/templates/ingress.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/templates/job.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/templates/networkpolicy.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/templates/pdb.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/templates/prometheusrules.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/templates/pvc.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/templates/secret.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/templates/service-headless.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/templates/service.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/templates/serviceaccount.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/templates/servicemonitor.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/templates/test/test-nacos.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/templates/tls-secrets.yaml delete mode 100644 source/src/main/java/io/wdd/source/nacos-2.1.2/values.yaml create mode 100644 source/src/main/java/io/wdd/source/octopus-middile-wares.zip delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/.helmignore delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/Chart.lock delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/Chart.yaml delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/README.md delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/.helmignore delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/Chart.yaml delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/README.md delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_affinities.tpl delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_capabilities.tpl delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_errors.tpl delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_images.tpl delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_ingress.tpl delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_labels.tpl delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_names.tpl delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_secrets.tpl delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_storage.tpl delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_tplvalues.tpl delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_utils.tpl delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_warnings.tpl delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_cassandra.tpl delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_mariadb.tpl delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_mongodb.tpl delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_mysql.tpl delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_postgresql.tpl delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_redis.tpl delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_validations.tpl delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/values.yaml delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/NOTES.txt delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/_helpers.tpl delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/config-secret.yaml delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/extra-list.yaml delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/ingress.yaml delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/init-configmap.yaml delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/networkpolicy.yaml delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/pdb.yaml delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/prometheusrule.yaml delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/role.yaml delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/rolebinding.yaml delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/secrets.yaml delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/serviceaccount.yaml delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/servicemonitor.yaml delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/statefulset.yaml delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/svc-headless.yaml delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/svc.yaml delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/tls-secrets.yaml delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/validation.yaml delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/values.schema.json delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq-11.1.2/values.yaml delete mode 100644 source/src/main/java/io/wdd/source/rabbitmq.sh delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/.helmignore delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/Chart.lock delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/Chart.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/README.md delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/.helmignore delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/Chart.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/README.md delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_affinities.tpl delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_capabilities.tpl delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_errors.tpl delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_images.tpl delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_ingress.tpl delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_labels.tpl delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_names.tpl delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_secrets.tpl delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_storage.tpl delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_tplvalues.tpl delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_utils.tpl delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_warnings.tpl delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_cassandra.tpl delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_mariadb.tpl delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_mongodb.tpl delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_mysql.tpl delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_postgresql.tpl delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_redis.tpl delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_validations.tpl delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/values.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/img/redis-cluster-topology.png delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/img/redis-topology.png delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/NOTES.txt delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/_helpers.tpl delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/configmap.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/extra-list.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/headless-svc.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/health-configmap.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/master/application.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/master/psp.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/master/pvc.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/master/service.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/metrics-svc.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/networkpolicy.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/pdb.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/prometheusrule.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/replicas/hpa.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/replicas/service.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/replicas/statefulset.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/role.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/rolebinding.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/scripts-configmap.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/secret.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/sentinel/hpa.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/sentinel/node-services.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/sentinel/ports-configmap.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/sentinel/service.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/sentinel/statefulset.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/serviceaccount.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/servicemonitor.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/tls-secret.yaml delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/values.schema.json delete mode 100644 source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/values.yaml create mode 100644 source/src/main/java/io/wdd/source/shell/server-bootup.sh diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/.helmignore b/source/src/main/java/io/wdd/source/kubernetes-dashboard/.helmignore deleted file mode 100644 index 91b6b75..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/.helmignore +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright 2020 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store - -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ - -# Common backup files -*.swp -*.bak -*.tmp -*~ - -# Various IDEs -.project -.idea/ -*.tmproj -OWNERS - -ci/ diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/1.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/1.yaml deleted file mode 100644 index 3e15d27..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/1.yaml +++ /dev/null @@ -1,803 +0,0 @@ - ---- -# Source: kubernetes-dashboard/charts/metrics-server/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: helm-chart-metrics-server - labels: - helm.sh/chart: metrics-server-3.5.0 - app.kubernetes.io/name: metrics-server - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/version: "0.5.0" - app.kubernetes.io/managed-by: Helm ---- -# Source: kubernetes-dashboard/templates/serviceaccount.yaml -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: kubernetes-dashboard - helm.sh/chart: kubernetes-dashboard-6.0.0 - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/version: "2.7.0" - app.kubernetes.io/managed-by: Helm - annotations: - name: helm-chart-kubernetes-dashboard ---- -# Source: kubernetes-dashboard/templates/secret.yaml -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# kubernetes-dashboard-certs -apiVersion: v1 -kind: Secret -metadata: - labels: - app.kubernetes.io/name: kubernetes-dashboard - helm.sh/chart: kubernetes-dashboard-6.0.0 - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/version: "2.7.0" - app.kubernetes.io/managed-by: Helm - annotations: - name: helm-chart-kubernetes-dashboard-certs -type: Opaque ---- -# Source: kubernetes-dashboard/templates/secret.yaml -# kubernetes-dashboard-csrf -apiVersion: v1 -kind: Secret -metadata: - labels: - - app.kubernetes.io/name: kubernetes-dashboard - helm.sh/chart: kubernetes-dashboard-6.0.0 - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/version: "2.7.0" - app.kubernetes.io/managed-by: Helm - name: kubernetes-dashboard-csrf -type: Opaque ---- -# Source: kubernetes-dashboard/templates/secret.yaml -# kubernetes-dashboard-key-holder -apiVersion: v1 -kind: Secret -metadata: - labels: - - app.kubernetes.io/name: kubernetes-dashboard - helm.sh/chart: kubernetes-dashboard-6.0.0 - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/version: "2.7.0" - app.kubernetes.io/managed-by: Helm - name: kubernetes-dashboard-key-holder -type: Opaque ---- -# Source: kubernetes-dashboard/templates/configmap.yaml -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/name: kubernetes-dashboard - helm.sh/chart: kubernetes-dashboard-6.0.0 - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/version: "2.7.0" - app.kubernetes.io/managed-by: Helm - annotations: - name: kubernetes-dashboard-settings -data: ---- -# Source: kubernetes-dashboard/charts/metrics-server/templates/clusterrole-aggregated-reader.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:metrics-server-aggregated-reader - labels: - helm.sh/chart: metrics-server-3.5.0 - app.kubernetes.io/name: metrics-server - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/version: "0.5.0" - app.kubernetes.io/managed-by: Helm - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: - - apiGroups: - - metrics.k8s.io - resources: - - pods - - nodes - verbs: - - get - - list - - watch ---- -# Source: kubernetes-dashboard/charts/metrics-server/templates/clusterrole.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:helm-chart-metrics-server - labels: - helm.sh/chart: metrics-server-3.5.0 - app.kubernetes.io/name: metrics-server - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/version: "0.5.0" - app.kubernetes.io/managed-by: Helm -rules: - - apiGroups: - - "" - resources: - - pods - - nodes - - nodes/stats - - namespaces - - configmaps - verbs: - - get - - list - - watch ---- -# Source: kubernetes-dashboard/templates/clusterrole-metrics.yaml -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: "helm-chart-kubernetes-dashboard-metrics" - labels: - app.kubernetes.io/name: kubernetes-dashboard - helm.sh/chart: kubernetes-dashboard-6.0.0 - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/version: "2.7.0" - app.kubernetes.io/managed-by: Helm - annotations: -rules: - # Allow Metrics Scraper to get metrics from the Metrics server - - apiGroups: ["metrics.k8s.io"] - resources: ["pods", "nodes"] - verbs: ["get", "list", "watch"] ---- -# Source: kubernetes-dashboard/charts/metrics-server/templates/clusterrolebinding-auth-delegator.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: helm-chart-metrics-server:system:auth-delegator - labels: - helm.sh/chart: metrics-server-3.5.0 - app.kubernetes.io/name: metrics-server - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/version: "0.5.0" - app.kubernetes.io/managed-by: Helm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: - - kind: ServiceAccount - name: helm-chart-metrics-server - namespace: kube-dashboard ---- -# Source: kubernetes-dashboard/charts/metrics-server/templates/clusterrolebinding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: system:helm-chart-metrics-server - labels: - helm.sh/chart: metrics-server-3.5.0 - app.kubernetes.io/name: metrics-server - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/version: "0.5.0" - app.kubernetes.io/managed-by: Helm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:helm-chart-metrics-server -subjects: - - kind: ServiceAccount - name: helm-chart-metrics-server - namespace: kube-dashboard ---- -# Source: kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "helm-chart-kubernetes-dashboard-metrics" - labels: - app.kubernetes.io/name: kubernetes-dashboard - helm.sh/chart: kubernetes-dashboard-6.0.0 - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/version: "2.7.0" - app.kubernetes.io/managed-by: Helm - annotations: -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: helm-chart-kubernetes-dashboard-metrics -subjects: - - kind: ServiceAccount - name: helm-chart-kubernetes-dashboard - namespace: kube-dashboard ---- -# Source: kubernetes-dashboard/templates/role.yaml -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: helm-chart-kubernetes-dashboard - labels: - app.kubernetes.io/name: kubernetes-dashboard - helm.sh/chart: kubernetes-dashboard-6.0.0 - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/version: "2.7.0" - app.kubernetes.io/managed-by: Helm - annotations: -rules: - # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - - apiGroups: [""] - resources: ["secrets"] - resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"] - verbs: ["get", "update", "delete"] - # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. - - apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["kubernetes-dashboard-settings"] - verbs: ["get", "update"] - # Allow Dashboard to get metrics. - - apiGroups: [""] - resources: ["services"] - resourceNames: ["heapster", "dashboard-metrics-scraper"] - verbs: ["proxy"] - - apiGroups: [""] - resources: ["services/proxy"] - resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"] - verbs: ["get"] ---- -# Source: kubernetes-dashboard/charts/metrics-server/templates/rolebinding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: helm-chart-metrics-server-auth-reader - namespace: kube-system - labels: - helm.sh/chart: metrics-server-3.5.0 - app.kubernetes.io/name: metrics-server - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/version: "0.5.0" - app.kubernetes.io/managed-by: Helm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: - - kind: ServiceAccount - name: helm-chart-metrics-server - namespace: kube-dashboard ---- -# Source: kubernetes-dashboard/templates/rolebinding.yaml -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: helm-chart-kubernetes-dashboard - labels: - app.kubernetes.io/name: kubernetes-dashboard - helm.sh/chart: kubernetes-dashboard-6.0.0 - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/version: "2.7.0" - app.kubernetes.io/managed-by: Helm - annotations: -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: helm-chart-kubernetes-dashboard -subjects: - - kind: ServiceAccount - name: helm-chart-kubernetes-dashboard - namespace: kube-dashboard ---- -# Source: kubernetes-dashboard/charts/metrics-server/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: helm-chart-metrics-server - labels: - helm.sh/chart: metrics-server-3.5.0 - app.kubernetes.io/name: metrics-server - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/version: "0.5.0" - app.kubernetes.io/managed-by: Helm -spec: - type: ClusterIP - ports: - - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/name: metrics-server - app.kubernetes.io/instance: helm-chart ---- -# Source: kubernetes-dashboard/templates/service.yaml -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: helm-chart-kubernetes-dashboard - labels: - - app.kubernetes.io/name: kubernetes-dashboard - helm.sh/chart: kubernetes-dashboard-6.0.0 - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/version: "2.7.0" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: kubernetes-dashboard - - kubernetes.io/cluster-service: "true" - annotations: -spec: - type: NodePort - ports: - - port: 443 - targetPort: https - name: https - selector: - - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/component: kubernetes-dashboard ---- -# Source: kubernetes-dashboard/charts/metrics-server/templates/deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: helm-chart-metrics-server - labels: - helm.sh/chart: metrics-server-3.5.0 - app.kubernetes.io/name: metrics-server - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/version: "0.5.0" - app.kubernetes.io/managed-by: Helm -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: metrics-server - app.kubernetes.io/instance: helm-chart - template: - metadata: - labels: - app.kubernetes.io/name: metrics-server - app.kubernetes.io/instance: helm-chart - spec: - serviceAccountName: helm-chart-metrics-server - priorityClassName: "system-cluster-critical" - containers: - - name: metrics-server - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - image: k8s.gcr.io/metrics-server/metrics-server:v0.5.0 - imagePullPolicy: IfNotPresent - args: - - --cert-dir=/tmp - - --secure-port=4443 - - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - - --kubelet-use-node-status-port - - --kubelet-preferred-address-types=InternalIP - - --kubelet-insecure-tls - ports: - - name: https - protocol: TCP - containerPort: 4443 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /livez - port: https - scheme: HTTPS - initialDelaySeconds: 0 - periodSeconds: 10 - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: https - scheme: HTTPS - initialDelaySeconds: 20 - periodSeconds: 10 - volumeMounts: - - name: tmp - mountPath: /tmp - volumes: - - name: tmp - emptyDir: {} ---- -# Source: kubernetes-dashboard/templates/deployment.yaml -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: helm-chart-kubernetes-dashboard - annotations: - labels: - app.kubernetes.io/name: kubernetes-dashboard - helm.sh/chart: kubernetes-dashboard-6.0.0 - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/version: "2.7.0" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: kubernetes-dashboard -spec: - replicas: 1 - strategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 - type: RollingUpdate - selector: - matchLabels: - - app.kubernetes.io/name: kubernetes-dashboard - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/component: kubernetes-dashboard - template: - metadata: - annotations: - labels: - app.kubernetes.io/name: kubernetes-dashboard - helm.sh/chart: kubernetes-dashboard-6.0.0 - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/version: "2.7.0" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: kubernetes-dashboard - spec: - securityContext: - - seccompProfile: - type: RuntimeDefault - serviceAccountName: helm-chart-kubernetes-dashboard - containers: - - name: kubernetes-dashboard - image: "kubernetesui/dashboard:v2.7.0" - imagePullPolicy: IfNotPresent - args: - - --namespace=kube-dashboard - - --auto-generate-certificates - - --sidecar-host=http://127.0.0.1:8000 - - - --enable-skip-login - - --enable-insecure-login - - --system-banner="Welcome to Kubernetes" - ports: - - name: https - containerPort: 8443 - protocol: TCP - volumeMounts: - - name: kubernetes-dashboard-certs - mountPath: /certs - # Create on-disk volume to store exec logs - - mountPath: /tmp - name: tmp-volume - livenessProbe: - httpGet: - scheme: HTTPS - path: / - port: 8443 - initialDelaySeconds: 30 - timeoutSeconds: 30 - resources: - - limits: - cpu: 2 - memory: 200Mi - requests: - cpu: 100m - memory: 200Mi - securityContext: - - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 2001 - runAsUser: 1001 - - name: dashboard-metrics-scraper - image: "kubernetesui/metrics-scraper:v1.0.8" - imagePullPolicy: IfNotPresent - args: - - - --log-level=info - - --logtostderr=true - ports: - - containerPort: 8000 - protocol: TCP - livenessProbe: - httpGet: - scheme: HTTP - path: / - port: 8000 - initialDelaySeconds: 30 - timeoutSeconds: 30 - volumeMounts: - - mountPath: /tmp - name: tmp-volume - securityContext: - - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsGroup: 2001 - runAsUser: 1001 - volumes: - - name: kubernetes-dashboard-certs - secret: - secretName: helm-chart-kubernetes-dashboard-certs - - name: tmp-volume - emptyDir: {} ---- -# Source: kubernetes-dashboard/charts/metrics-server/templates/apiservice.yaml -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1beta1.metrics.k8s.io - labels: - helm.sh/chart: metrics-server-3.5.0 - app.kubernetes.io/name: metrics-server - app.kubernetes.io/instance: helm-chart - app.kubernetes.io/version: "0.5.0" - app.kubernetes.io/managed-by: Helm -spec: - group: metrics.k8s.io - groupPriorityMinimum: 100 - insecureSkipTLSVerify: true - service: - name: helm-chart-metrics-server - namespace: kube-dashboard - version: v1beta1 - versionPriority: 100 ---- -# Source: kubernetes-dashboard/templates/clusterrole-readonly.yaml -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. ---- -# Source: kubernetes-dashboard/templates/clusterrolebinding-readonly.yaml -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. ---- -# Source: kubernetes-dashboard/templates/extra-manifests.yaml -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ---- -# Source: kubernetes-dashboard/templates/ingress.yaml -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. ---- -# Source: kubernetes-dashboard/templates/networkpolicy.yaml -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. ---- -# Source: kubernetes-dashboard/templates/pdb.yaml -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. ---- -# Source: kubernetes-dashboard/templates/psp.yaml -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. ---- -# Source: kubernetes-dashboard/templates/servicemonitor.yaml -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -NOTES: -********************************************************************************* -*** PLEASE BE PATIENT: kubernetes-dashboard may take a few minutes to install *** -********************************************************************************* - -Get the Kubernetes Dashboard URL by running: - export NODE_PORT=$(kubectl get -n kube-dashboard -o jsonpath="{.spec.ports[0].nodePort}" services helm-chart-kubernetes-dashboard) - export NODE_IP=$(kubectl get nodes -o jsonpath="{.items[0].status.addresses[0].address}") - echo https://$NODE_IP:$NODE_PORT/ diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/Chart.lock b/source/src/main/java/io/wdd/source/kubernetes-dashboard/Chart.lock deleted file mode 100644 index 4f72eb3..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: metrics-server - repository: https://kubernetes-sigs.github.io/metrics-server/ - version: 3.5.0 -digest: sha256:5e472fb28387489d7ff5946178ecfa44d5fd414364906f3b5a0312ddfaabb8fd -generated: "2021-10-05T12:13:00.705224804+02:00" diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/Chart.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/Chart.yaml deleted file mode 100644 index aa4987b..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -appVersion: 2.7.0 -dependencies: -- condition: metrics-server.enabled - name: metrics-server - repository: https://kubernetes-sigs.github.io/metrics-server/ - version: 3.5.0 -description: General-purpose web UI for Kubernetes clusters -home: https://github.com/kubernetes/dashboard -icon: https://raw.githubusercontent.com/kubernetes/kubernetes/master/logo/logo.svg -keywords: -- kubernetes -- dashboard -kubeVersion: '>=1.19.0-0' -maintainers: -- email: cdesaintmartin@wiremind.fr - name: desaintmartin -name: kubernetes-dashboard -sources: -- https://github.com/kubernetes/dashboard -version: 6.0.0 diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/README.md b/source/src/main/java/io/wdd/source/kubernetes-dashboard/README.md deleted file mode 100644 index 1c79aeb..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/README.md +++ /dev/null @@ -1,121 +0,0 @@ -# kubernetes-dashboard - -[Kubernetes Dashboard](https://github.com/kubernetes/dashboard) is a general purpose, web-based UI for Kubernetes clusters. -It allows users to manage applications running in the cluster and troubleshoot them, as well as manage the cluster itself. - -## TL;DR - -```console -# Add kubernetes-dashboard repository -helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/ -# Deploy a Helm Release named "kubernetes-dashboard" using the kubernetes-dashboard chart -helm install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard -``` - -## Introduction - -This chart bootstraps a [Kubernetes Dashboard](https://github.com/kubernetes/dashboard) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Installing the Chart - -To install the [Chart](https://helm.sh/docs/intro/using_helm/#three-big-concepts) with the [Release](https://helm.sh/docs/intro/using_helm/#three-big-concepts) name `kubernetes-dashboard`: - -```console -helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/ -helm install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard -``` - -The command deploys kubernetes-dashboard on the Kubernetes cluster in the default configuration. -The [configuration](#configuration) section lists the parameters that can be configured during installation. - -## Uninstalling the Chart - -To uninstall/delete the `kubernetes-dashboard` deployment: - -```console -helm delete kubernetes-dashboard -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Access control - -It is critical for the Kubernetes cluster to correctly setup access control of Kubernetes Dashboard. -See this [guide](https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/README.md) for details. - -It is highly recommended to use RBAC with minimal privileges needed for Dashboard to run. - -## Configuration - -Please refer to [values.yaml](https://github.com/kubernetes/dashboard/blob/master/charts/helm-chart/kubernetes-dashboard/values.yaml) -for valid values and their defaults. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```console -helm install kubernetes-dashboard/kubernetes-dashboard --name kubernetes-dashboard \ - --set=service.externalPort=8080,resources.limits.cpu=200m -``` - -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, - -```console -helm install kubernetes-dashboard/kubernetes-dashboard --name kubernetes-dashboard -f values.yaml -``` - -> **Tip**: You can use the default [values.yaml](values.yaml), which is used by default, as reference - -## Upgrading an existing Release to a new major version - -A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an -incompatible breaking change needing manual actions. - -### Upgrade from 5.x.x to 6.x.x - -- Switch `PodDisruptionBudget` from `policy/v1beta1` to `policy/v1`. Requires kubernetes >= 1.21.0 if `podDisruptionBudget.enabled` is set to true (false by default). - -### Upgrade from 4.x.x to 5.x.x - -- Switch Ingress from networking.k8s.io/v1beta1 to networking.k8s.io/v1. Requires kubernetes >= 1.19.0. - -### Upgrade from 2.x.x to 3.x.x - -- Switch Ingress from extensions/v1beta1 to networking.k8s.io/v1beta1. Requires kubernetes >= 1.14.0. - -### Upgrade from 1.x.x to 2.x.x - -Version 2.0.0 of this chart is the first version hosted in the kubernetes/dashboard.git repository. v1.x.x until 1.10.1 is hosted on https://github.com/helm/charts. - -- This version upgrades to kubernetes-dashboard v2.0.0 along with changes in RBAC management: all secrets are explicitely created and ServiceAccount do not have permission to create any secret. On top of that, it completely removes the `clusterAdminRole` parameter, being too dangerous. In order to upgrade, please update your configuration to remove `clusterAdminRole` parameter and uninstall/reinstall the chart. -- It enables by default values for `podAnnotations` and `securityContext`, please disable them if you don't supoprt them -- It removes `enableSkipLogin` and `enableInsecureLogin` parameters. Please use `extraArgs` instead. -- It adds a `ProtocolHttp` parameter, allowing you to switch the backend to plain HTTP and replaces the old `enableSkipLogin` for the network part. -- If `protocolHttp` is not set, it will automatically add to the `Ingress`, if enabled, annotations to support HTTPS backends for nginx-ingress and GKE Ingresses. -- It updates all the labels to the new [recommended labels](https://github.com/helm/charts/blob/master/REVIEW_GUIDELINES.md#names-and-labels), most of them being immutable. -- dashboardContainerSecurityContext has been renamed to containerSecurityContext. - -In order to upgrade, please update your configuration to remove `clusterAdminRole` parameter and adapt `enableSkipLogin`, `enableInsecureLogin`, `podAnnotations` and `securityContext` parameters, and uninstall/reinstall the chart. - -### Version 4.x.x - -Starting from version 4.0.0 of this chart, it will only support Helm 3 and remove the support for Helm 2. -If you still use Helm 2 you will need first to migrate the deployment to Helm 3 and then you can upgrade your chart. - -To do that you can follow the [guide](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) - -## Access - -For information about how to access, please read the [kubernetes-dashboard manual](https://github.com/kubernetes/dashboard) - -### Using the dashboard with 'kubectl proxy' - -When running 'kubectl proxy', the address `localhost:8001/ui` automatically expands to: - -- `http://localhost:8001/api/v1/namespaces/my-namespace/services/https:kubernetes-dashboard:https/proxy/` - -For this to reach the dashboard, the name of the service must be 'kubernetes-dashboard', not any other value as set by Helm. -You can manually specify this using the value 'fullnameOverride': - -```yaml -fullnameOverride: 'kubernetes-dashboard' -``` diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/admin-user-dashboard.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/admin-user-dashboard.yaml deleted file mode 100644 index 7d03e67..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/admin-user-dashboard.yaml +++ /dev/null @@ -1,23 +0,0 @@ -## https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: admin-user - namespace: kube-dashboard ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: admin-user -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: admin-user - namespace: kube-dashboard ---- - -# kubectl -n kube-dashboard create token admin-user \ No newline at end of file diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/.helmignore b/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/Chart.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/Chart.yaml deleted file mode 100644 index b6bfe6c..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -annotations: - artifacthub.io/changes: | - - kind: added - description: "Initial release from official repo." -apiVersion: v2 -appVersion: 0.5.0 -description: Metrics Server is a scalable, efficient source of container resource - metrics for Kubernetes built-in autoscaling pipelines. -home: https://github.com/kubernetes-sigs/metrics-server -icon: https://avatars.githubusercontent.com/u/36015203?s=400&v=4 -keywords: -- kubernetes -- metrics-server -- metrics -maintainers: -- name: stevehipwell - url: https://github.com/stevehipwell -- name: krmichel - url: https://github.com/krmichel -- name: endrec - url: https://github.com/endrec -name: metrics-server -sources: -- https://github.com/kubernetes-sigs/metrics-server -type: application -version: 3.5.0 diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/README.md b/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/README.md deleted file mode 100644 index 03cfda2..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/README.md +++ /dev/null @@ -1,63 +0,0 @@ -# Kubernetes Metrics Server - -[Metrics Server](https://github.com/kubernetes-sigs/metrics-server/) is a scalable, efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines. - - - -## Installing the Chart - -Before you can install the chart you will need to add the `metrics-server` repo to [Helm](https://helm.sh/). - -```shell -helm repo add metrics-server https://kubernetes-sigs.github.io/metrics-server/ -``` - -After you've installed the repo you can install the chart. - -```shell -helm upgrade --install metrics-server/metrics-server -``` - -## Configuration - -The following table lists the configurable parameters of the _Metrics Server_ chart and their default values. - -| Parameter | Description | Default | -| ------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------ | -| `image.repository` | Image repository. | `k8s.gcr.io/metrics-server/metrics-server` | -| `image.tag` | Image tag, will override the default tag derived from the chart app version. | `""` | -| `image.pullPolicy` | Image pull policy. | `IfNotPresent` | -| `imagePullSecrets` | Image pull secrets. | `[]` | -| `nameOverride` | Override the `name` of the chart. | `nil` | -| `fullnameOverride` | Override the `fullname` of the chart. | `nil` | -| `serviceAccount.create` | If `true`, create a new service account. | `true` | -| `serviceAccount.annotations` | Annotations to add to the service account. | `{}` | -| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the full name template. | `nil` | -| `rbac.create` | If `true`, create the RBAC resources. | `true` | -| `rbac.pspEnabled` | If `true`, create a pod security policy resource. | `false` | -| `apiService.create` | If `true`, create the `v1beta1.metrics.k8s.io` API service. You typically want this enabled! If you disable API service creation you have to manage it outside of this chart for e.g horizontal pod autoscaling to work with this release. | `true` | -| `podLabels` | Labels to add to the pod. | `{}` | -| `podAnnotations` | Annotations to add to the pod. | `{}` | -| `podSecurityContext` | Security context for the pod. | `{}` | -| `securityContext` | Security context for the _metrics-server_ container. | _See values.yaml_ | -| `priorityClassName` | Priority class name to use. | `system-cluster-critical` | -| `containerPort` | port for the _metrics-server_ container. | `4443` | -| `hostNetwork.enabled` | If `true`, start _metric-server_ in hostNetwork mode. You would require this enabled if you use alternate overlay networking for pods and API server unable to communicate with metrics-server. As an example, this is required if you use Weave network on EKS. | `false` | -| `replicas` | Number of replicas to run. | `1` | -| `updateStrategy` | Customise the default update strategy. | `{}` | -| `podDisruptionBudget.enabled` | If `true`, create `PodDisruptionBudget` resource. | `{}` | -| `podDisruptionBudget.minAvailable` | Set the `PodDisruptionBugdet` minimum available pods. | `nil` | -| `podDisruptionBudget.maxUnavailable` | Set the `PodDisruptionBugdet` maximum unavailable pods. | `nil` | -| `args` | Additional arguments to pass to the _metrics-server_ command. | `[]` | -| `livenessProbe` | Liveness probe. | See _values.yaml_ | -| `readinessProbe` | Readiness probe. | See _values.yaml_ | -| `service.type` | Service type. | `ClusterIP` | -| `service.port` | Service port. | `443` | -| `service.annotations` | Annotations to add to the service. | `{}` | -| `service.labels` | Labels to add to the service. | `{}` | -| `resources` | Resource requests and limits for the _metrics-server_ container. | `{}` | -| `extraVolumeMounts` | Additional volume mounts for the _metrics-server_ container. | `[]` | -| `extraVolumes` | Additional volumes for the pod. | `[]` | -| `nodeSelector` | Node labels for pod assignment. | `{}` | -| `tolerations` | Tolerations for pod assignment. | `[]` | -| `affinity` | Affinity for pod assignment. | `{}` | diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/ci/ci-values.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/ci/ci-values.yaml deleted file mode 100644 index b9e9ef7..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/ci/ci-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -args: - - --kubelet-insecure-tls diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/NOTES.txt b/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/NOTES.txt deleted file mode 100644 index 0ad6bb0..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/NOTES.txt +++ /dev/null @@ -1,7 +0,0 @@ -*********************************************************************** -* Metrics Server * -*********************************************************************** - Chart version: {{ .Chart.Version }} - App version: {{ .Chart.AppVersion }} - Image tag: {{ include "metrics-server.image" . }} -*********************************************************************** diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/_helpers.tpl b/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/_helpers.tpl deleted file mode 100644 index f558169..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/_helpers.tpl +++ /dev/null @@ -1,78 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "metrics-server.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "metrics-server.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "metrics-server.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "metrics-server.labels" -}} -helm.sh/chart: {{ include "metrics-server.chart" . }} -{{ include "metrics-server.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "metrics-server.selectorLabels" -}} -app.kubernetes.io/name: {{ include "metrics-server.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "metrics-server.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "metrics-server.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -The image to use -*/}} -{{- define "metrics-server.image" -}} -{{- printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }} -{{- end }} - -{{/* Get PodDisruptionBudget API Version */}} -{{- define "metrics-server.pdb.apiVersion" -}} - {{- if and (.Capabilities.APIVersions.Has "policy/v1") (semverCompare ">= 1.21-0" .Capabilities.KubeVersion.Version) -}} - {{- print "policy/v1" -}} - {{- else -}} - {{- print "policy/v1beta1" -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/apiservice.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/apiservice.yaml deleted file mode 100644 index dd37b5d..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/apiservice.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.apiService.create -}} -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1beta1.metrics.k8s.io - labels: - {{- include "metrics-server.labels" . | nindent 4 }} -spec: - group: metrics.k8s.io - groupPriorityMinimum: 100 - insecureSkipTLSVerify: true - service: - name: {{ include "metrics-server.fullname" . }} - namespace: {{ .Release.Namespace }} - version: v1beta1 - versionPriority: 100 -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/clusterrole-aggregated-reader.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/clusterrole-aggregated-reader.yaml deleted file mode 100644 index d5e8fe1..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/clusterrole-aggregated-reader.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ printf "system:%s-aggregated-reader" (include "metrics-server.name" .) }} - labels: - {{- include "metrics-server.labels" . | nindent 4 }} - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: - - apiGroups: - - metrics.k8s.io - resources: - - pods - - nodes - verbs: - - get - - list - - watch -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/clusterrole.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/clusterrole.yaml deleted file mode 100644 index 0636414..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/clusterrole.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ printf "system:%s" (include "metrics-server.fullname" .) }} - labels: - {{- include "metrics-server.labels" . | nindent 4 }} -rules: - - apiGroups: - - "" - resources: - - pods - - nodes - - nodes/stats - - namespaces - - configmaps - verbs: - - get - - list - - watch - {{- if .Values.rbac.pspEnabled }} - - apiGroups: - - extensions - - policy - resources: - - podsecuritypolicies - resourceNames: - - {{ printf "privileged-%s" (include "metrics-server.fullname" .) }} - verbs: - - use - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/clusterrolebinding-auth-delegator.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/clusterrolebinding-auth-delegator.yaml deleted file mode 100644 index 826c3b7..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/clusterrolebinding-auth-delegator.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ printf "%s:system:auth-delegator" (include "metrics-server.fullname" .) }} - labels: - {{- include "metrics-server.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: - - kind: ServiceAccount - name: {{ include "metrics-server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/clusterrolebinding.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/clusterrolebinding.yaml deleted file mode 100644 index 512cb65..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ printf "system:%s" (include "metrics-server.fullname" .) }} - labels: - {{- include "metrics-server.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:{{ template "metrics-server.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ include "metrics-server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/deployment.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/deployment.yaml deleted file mode 100644 index 7db2fec..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/deployment.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "metrics-server.fullname" . }} - labels: - {{- include "metrics-server.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.replicas }} - {{- with .Values.updateStrategy }} - strategy: - {{- toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - {{- include "metrics-server.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "metrics-server.selectorLabels" . | nindent 8 }} - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "metrics-server.serviceAccountName" . }} - {{- with .Values.podSecurityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.priorityClassName }} - priorityClassName: {{ . | quote }} - {{- end }} - {{- if .Values.hostNetwork.enabled }} - hostNetwork: true - {{- end }} - containers: - - name: metrics-server - {{- with .Values.securityContext }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - image: {{ include "metrics-server.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - --cert-dir=/tmp - - {{ printf "--secure-port=%d" (int .Values.containerPort) }} - - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - - --kubelet-use-node-status-port - {{- range .Values.args }} - - {{ . }} - {{- end }} - ports: - - name: https - protocol: TCP - containerPort: {{ .Values.containerPort }} - livenessProbe: - {{- toYaml .Values.livenessProbe | nindent 12 }} - readinessProbe: - {{- toYaml .Values.readinessProbe | nindent 12 }} - volumeMounts: - - name: tmp - mountPath: /tmp - {{- with .Values.extraVolumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumes: - - name: tmp - emptyDir: {} - {{- with .Values.extraVolumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/pdb.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/pdb.yaml deleted file mode 100644 index 1320b20..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/pdb.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.podDisruptionBudget.enabled -}} -apiVersion: {{ include "metrics-server.pdb.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ include "metrics-server.fullname" . }} - labels: - {{- include "metrics-server.labels" . | nindent 4 }} -spec: - {{- if .Values.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} - {{- end }} - selector: - matchLabels: - {{- include "metrics-server.selectorLabels" . | nindent 6 }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/psp.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/psp.yaml deleted file mode 100644 index bf8ace1..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/psp.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ printf "privileged-%s" (include "metrics-server.fullname" .) }} - labels: - {{- include "metrics-server.labels" . | nindent 4 }} -spec: - allowedCapabilities: - - '*' - fsGroup: - rule: RunAsAny - privileged: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - '*' - hostPID: true - hostIPC: true - hostNetwork: true - hostPorts: - - min: 1 - max: 65536 -{{- end }} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/rolebinding.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/rolebinding.yaml deleted file mode 100644 index 3fda743..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/rolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ printf "%s-auth-reader" (include "metrics-server.fullname" .) }} - namespace: kube-system - labels: - {{- include "metrics-server.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: - - kind: ServiceAccount - name: {{ include "metrics-server.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/service.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/service.yaml deleted file mode 100644 index 7470218..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "metrics-server.fullname" . }} - {{- with .Values.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "metrics-server.labels" . | nindent 4 }} - {{- with .Values.service.labels -}} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - ports: - - name: https - port: {{ .Values.service.port }} - protocol: TCP - targetPort: https - selector: - {{- include "metrics-server.selectorLabels" . | nindent 4 }} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/serviceaccount.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/serviceaccount.yaml deleted file mode 100644 index 12f7724..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "metrics-server.serviceAccountName" . }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "metrics-server.labels" . | nindent 4 }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/values.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/values.yaml deleted file mode 100644 index c028f82..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/charts/metrics-server/values.yaml +++ /dev/null @@ -1,116 +0,0 @@ -# Default values for metrics-server. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -image: - repository: k8s.gcr.io/metrics-server/metrics-server - # Overrides the image tag whose default is v{{ .Chart.AppVersion }} - tag: "" - pullPolicy: IfNotPresent - -imagePullSecrets: [] -# - registrySecretName - -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -rbac: - # Specifies whether RBAC resources should be created - create: true - pspEnabled: false - -apiService: - # Specifies if the v1beta1.metrics.k8s.io API service should be created. - # - # You typically want this enabled! If you disable API service creation you have to - # manage it outside of this chart for e.g horizontal pod autoscaling to - # work with this release. - create: true - -podLabels: {} -podAnnotations: {} - -podSecurityContext: {} - -securityContext: - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 1000 - allowPrivilegeEscalation: false - -priorityClassName: system-cluster-critical - -containerPort: 4443 - -hostNetwork: - # Specifies if metrics-server should be started in hostNetwork mode. - # - # You would require this enabled if you use alternate overlay networking for pods and - # API server unable to communicate with metrics-server. As an example, this is required - # if you use Weave network on EKS - enabled: false - -replicas: 1 - -updateStrategy: {} -# type: RollingUpdate -# rollingUpdate: -# maxSurge: 0 -# maxUnavailable: 1 - -podDisruptionBudget: - # https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - enabled: false - minAvailable: - maxUnavailable: - -args: - - --metric-resolution=15s - -livenessProbe: - httpGet: - path: /livez - port: https - scheme: HTTPS - initialDelaySeconds: 0 - periodSeconds: 10 - failureThreshold: 3 - -readinessProbe: - httpGet: - path: /readyz - port: https - scheme: HTTPS - initialDelaySeconds: 20 - periodSeconds: 10 - failureThreshold: 3 - -service: - type: ClusterIP - port: 443 - annotations: {} - labels: {} - # Add these labels to have metrics-server show up in `kubectl cluster-info` - # kubernetes.io/cluster-service: "true" - # kubernetes.io/name: "Metrics-server" - -resources: {} - -extraVolumeMounts: [] - -extraVolumes: [] - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/NOTES.txt b/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/NOTES.txt deleted file mode 100644 index d4c7eaa..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/NOTES.txt +++ /dev/null @@ -1,49 +0,0 @@ -********************************************************************************* -*** PLEASE BE PATIENT: kubernetes-dashboard may take a few minutes to install *** -********************************************************************************* - -{{- if .Values.ingress.enabled }} -From outside the cluster, the server URL(s) are: -{{- range .Values.ingress.hosts }} -{{- if $.Values.protocolHttp }} - http://{{ . }} -{{- else }} - https://{{ . }} -{{- end }} -{{- end }} - -{{- else if contains "NodePort" .Values.service.type }} - -Get the Kubernetes Dashboard URL by running: - export NODE_PORT=$(kubectl get -n {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "kubernetes-dashboard.fullname" . }}) - export NODE_IP=$(kubectl get nodes -o jsonpath="{.items[0].status.addresses[0].address}") -{{- if .Values.protocolHttp }} - echo http://$NODE_IP:$NODE_PORT/ -{{- else }} - echo https://$NODE_IP:$NODE_PORT/ -{{- end }} - -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc -n {{ .Release.Namespace }} -w {{ template "kubernetes-dashboard.fullname" . }}' - -Get the Kubernetes Dashboard URL by running: - export SERVICE_IP=$(kubectl get svc -n {{ .Release.Namespace }} {{ template "kubernetes-dashboard.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') -{{- if .Values.protocolHttp }} - echo http://$SERVICE_IP/ -{{- else }} - echo https://$SERVICE_IP/ -{{- end }} -{{- else if contains "ClusterIP" .Values.service.type }} - -Get the Kubernetes Dashboard URL by running: - export POD_NAME=$(kubectl get pods -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "kubernetes-dashboard.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") -{{- if .Values.protocolHttp }} - echo http://127.0.0.1:9090/ - kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME 9090:9090 -{{- else }} - echo https://127.0.0.1:8443/ - kubectl -n {{ .Release.Namespace }} port-forward $POD_NAME 8443:8443 -{{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/_helpers.tpl b/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/_helpers.tpl deleted file mode 100644 index f52a302..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/_helpers.tpl +++ /dev/null @@ -1,78 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kubernetes-dashboard.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kubernetes-dashboard.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kubernetes-dashboard.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "kubernetes-dashboard.labels" -}} -app.kubernetes.io/name: {{ include "kubernetes-dashboard.name" . }} -helm.sh/chart: {{ include "kubernetes-dashboard.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Common label selectors -*/}} -{{- define "kubernetes-dashboard.matchLabels" -}} -app.kubernetes.io/name: {{ include "kubernetes-dashboard.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} - -{{/* -Name of the service account to use -*/}} -{{- define "kubernetes-dashboard.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "kubernetes-dashboard.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/_tplvalues.tpl b/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/_tplvalues.tpl deleted file mode 100644 index ba8fe55..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/_tplvalues.tpl +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} \ No newline at end of file diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/clusterrole-metrics.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/clusterrole-metrics.yaml deleted file mode 100644 index 46760dd..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/clusterrole-metrics.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ if .Values.rbac.clusterRoleMetrics -}} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: "{{ template "kubernetes-dashboard.fullname" . }}-metrics" - labels: - {{- include "kubernetes-dashboard.labels" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - # Allow Metrics Scraper to get metrics from the Metrics server - - apiGroups: ["metrics.k8s.io"] - resources: ["pods", "nodes"] - verbs: ["get", "list", "watch"] -{{- end }} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/clusterrole-readonly.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/clusterrole-readonly.yaml deleted file mode 100644 index cd6e5e0..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/clusterrole-readonly.yaml +++ /dev/null @@ -1,157 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ if .Values.rbac.clusterReadOnlyRole -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "{{ template "kubernetes-dashboard.fullname" . }}-readonly" - labels: - {{- include "kubernetes-dashboard.labels" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - persistentvolumeclaims - - pods - - replicationcontrollers - - replicationcontrollers/scale - - serviceaccounts - - services - - nodes - - persistentvolumeclaims - - persistentvolumes - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - bindings - - events - - limitranges - - namespaces/status - - pods/log - - pods/status - - replicationcontrollers/status - - resourcequotas - - resourcequotas/status - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - daemonsets - - deployments - - deployments/scale - - replicasets - - replicasets/scale - - statefulsets - verbs: - - get - - list - - watch - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - watch - - apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - daemonsets - - deployments - - deployments/scale - - ingresses - - networkpolicies - - replicasets - - replicasets/scale - - replicationcontrollers/scale - verbs: - - get - - list - - watch - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - apiGroups: - - networking.k8s.io - resources: - - networkpolicies - - ingresses - verbs: - - get - - list - - watch - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - - volumeattachments - verbs: - - get - - list - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - roles - - rolebindings - verbs: - - get - - list - - watch - {{- with .Values.rbac.clusterReadOnlyRoleAdditionalRules -}} - {{ toYaml . | nindent 2 }} - {{- end }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml deleted file mode 100644 index d33715d..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/clusterrolebinding-metrics.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ if .Values.rbac.clusterRoleMetrics -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: "{{ template "kubernetes-dashboard.fullname" . }}-metrics" - labels: - {{- include "kubernetes-dashboard.labels" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kubernetes-dashboard.fullname" . }}-metrics -subjects: - - kind: ServiceAccount - name: {{ template "kubernetes-dashboard.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/clusterrolebinding-readonly.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/clusterrolebinding-readonly.yaml deleted file mode 100644 index 4edc0f9..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/clusterrolebinding-readonly.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ if .Values.rbac.clusterReadOnlyRole -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "kubernetes-dashboard.fullname" . }}-readonly - labels: - {{- include "kubernetes-dashboard.labels" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kubernetes-dashboard.fullname" . }}-readonly -subjects: - - kind: ServiceAccount - name: {{ template "kubernetes-dashboard.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/configmap.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/configmap.yaml deleted file mode 100644 index a23f8bb..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/configmap.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - {{- include "kubernetes-dashboard.labels" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - name: kubernetes-dashboard-settings -data: -{{- with .Values.settings }} - _global: {{ toJson . | quote }} -{{- end }} -{{- with .Values.pinnedCRDs }} - _pinnedCRD: {{ toJson . | quote }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/deployment.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/deployment.yaml deleted file mode 100644 index ce3beb5..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/deployment.yaml +++ /dev/null @@ -1,188 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "kubernetes-dashboard.fullname" . }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- with .Values.annotations }} - {{ toYaml . | nindent 4 }} - {{- end }} - labels: - {{- include "kubernetes-dashboard.labels" . | nindent 4 }} - app.kubernetes.io/component: kubernetes-dashboard - {{- with .Values.labels }} - {{ toYaml . | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.replicaCount }} - strategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 - type: RollingUpdate - selector: - matchLabels: -{{ include "kubernetes-dashboard.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: kubernetes-dashboard - template: - metadata: - annotations: - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: - {{- include "kubernetes-dashboard.labels" . | nindent 8 }} - app.kubernetes.io/component: kubernetes-dashboard - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: -{{- with .Values.securityContext }} - securityContext: -{{ toYaml . | nindent 8 }} -{{- end }} - serviceAccountName: {{ template "kubernetes-dashboard.serviceAccountName" . }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - --namespace={{ .Release.Namespace }} -{{- if not .Values.protocolHttp }} - - --auto-generate-certificates -{{- end }} -{{- if .Values.metricsScraper.enabled }} - - --sidecar-host=http://127.0.0.1:8000 -{{- else }} - - --metrics-provider=none -{{- end }} -{{- with .Values.extraArgs }} -{{ toYaml . | nindent 10 }} -{{- end }} -{{- with .Values.extraEnv }} - env: -{{ toYaml . | nindent 10 }} -{{- end }} - ports: -{{- if .Values.protocolHttp }} - - name: http - containerPort: 9090 - protocol: TCP -{{- else }} - - name: https - containerPort: 8443 - protocol: TCP -{{- end }} - volumeMounts: - - name: kubernetes-dashboard-certs - mountPath: /certs - # Create on-disk volume to store exec logs - - mountPath: /tmp - name: tmp-volume -{{- with .Values.extraVolumeMounts }} -{{ toYaml . | nindent 8 }} -{{- end }} - livenessProbe: - httpGet: -{{- if .Values.protocolHttp }} - scheme: HTTP - path: / - port: 9090 -{{- else }} - scheme: HTTPS - path: / - port: 8443 -{{- end }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} -{{- with .Values.resources }} - resources: -{{ toYaml . | nindent 10 }} -{{- end }} -{{- with .Values.containerSecurityContext }} - securityContext: -{{ toYaml . | nindent 10 }} -{{- end }} -{{- if .Values.metricsScraper.enabled }} - - name: dashboard-metrics-scraper - image: "{{ .Values.metricsScraper.image.repository }}:{{ .Values.metricsScraper.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} -{{- with .Values.metricsScraper.args }} - args: -{{ toYaml . | nindent 10 }} -{{- end }} - ports: - - containerPort: 8000 - protocol: TCP - livenessProbe: - httpGet: - scheme: HTTP - path: / - port: 8000 - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - volumeMounts: - - mountPath: /tmp - name: tmp-volume - -{{- if .Values.metricsScraper.containerSecurityContext }} - securityContext: -{{ toYaml .Values.metricsScraper.containerSecurityContext | nindent 10 }} -{{- else if .Values.containerSecurityContext}} - securityContext: -{{ toYaml .Values.containerSecurityContext | nindent 10 }} -{{- end }} -{{- with .Values.metricsScraper.resources }} - resources: -{{ toYaml . | nindent 10 }} -{{- end }} -{{- end }} -{{- with .Values.image.pullSecrets }} - imagePullSecrets: -{{- range . }} - - name: {{ . }} -{{- end }} -{{- end }} -{{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | nindent 8 }} -{{- end }} -{{- with .Values.priorityClassName }} - priorityClassName: "{{ . }}" -{{- end }} - volumes: - - name: kubernetes-dashboard-certs - secret: - secretName: {{ template "kubernetes-dashboard.fullname" . }}-certs - - name: tmp-volume - emptyDir: {} -{{- with .Values.extraVolumes }} -{{ toYaml . | nindent 6 }} -{{- end }} -{{- with .Values.tolerations }} - tolerations: -{{ toYaml . | nindent 8 }} -{{- end }} -{{- with .Values.affinity }} - affinity: -{{ toYaml . | nindent 8 }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/extra-manifests.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/extra-manifests.yaml deleted file mode 100644 index ac2b6f9..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/extra-manifests.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -{{ range .Values.extraManifests }} ---- -{{ tpl (toYaml .) $ }} -{{ end }} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/ingress.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/ingress.yaml deleted file mode 100644 index cb1b05e..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/ingress.yaml +++ /dev/null @@ -1,89 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ if .Values.ingress.enabled -}} -{{- $serviceName := include "kubernetes-dashboard.fullname" . -}} -{{- $servicePort := .Values.service.externalPort -}} -{{- $paths := .Values.ingress.paths -}} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "kubernetes-dashboard.fullname" . }} - labels: - {{- include "kubernetes-dashboard.labels" . | nindent 4 }} - {{- range $key, $value := .Values.ingress.labels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if not .Values.protocolHttp }} - # Add https backend protocol support for ingress-nginx - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - # Add https backend protocol support for GKE - service.alpha.kubernetes.io/app-protocols: '{"https":"HTTPS"}' - {{- end }} - {{- with .Values.ingress.annotations }} - {{ toYaml . | nindent 4 }} - {{- end }} -spec: - {{- with .Values.ingress.className }} - ingressClassName: {{ . | quote }} - {{- end }} - rules: - {{- if .Values.ingress.hosts }} - {{- range $host := .Values.ingress.hosts }} - - host: {{ $host }} - http: - paths: - {{- if len ($.Values.ingress.customPaths) }} - {{- "\n" }}{{ tpl (toYaml $.Values.ingress.customPaths | nindent 10) $ }} - {{- else }} - {{- range $p := $paths }} - - path: {{ $p }} - pathType: ImplementationSpecific - backend: - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- end -}} - {{- end -}} - {{- end -}} - {{- else }} - - http: - paths: - {{- if len ($.Values.ingress.customPaths) }} - {{- "\n" }}{{ tpl (toYaml $.Values.ingress.customPaths | nindent 10) $ }} - {{- else }} - {{- range $p := $paths }} - - path: {{ $p }} - pathType: ImplementationSpecific - backend: - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- end -}} - {{- end -}} - {{- end -}} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | nindent 4 }} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/networkpolicy.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/networkpolicy.yaml deleted file mode 100644 index d1961fe..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/networkpolicy.yaml +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ if .Values.networkPolicy.enabled -}} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "kubernetes-dashboard.fullname" . }} - labels: - app: {{ template "kubernetes-dashboard.name" . }} - chart: {{ template "kubernetes-dashboard.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: -{{ include "kubernetes-dashboard.matchLabels" . | nindent 6 }} - ingress: - - ports: -{{- if .Values.protocolHttp }} - - port: http - protocol: TCP -{{- else }} - - port: https - protocol: TCP -{{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/pdb.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/pdb.yaml deleted file mode 100644 index 918d5ee..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/pdb.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ if .Values.podDisruptionBudget.enabled -}} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - labels: - {{- include "kubernetes-dashboard.labels" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "kubernetes-dashboard.fullname" . }} -spec: - {{- if .Values.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} - {{- end }} - selector: - matchLabels: -{{ include "kubernetes-dashboard.matchLabels" . | nindent 6 }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/psp.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/psp.yaml deleted file mode 100644 index bd605c2..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/psp.yaml +++ /dev/null @@ -1,82 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ if .Values.podSecurityPolicy.enabled -}} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "kubernetes-dashboard.fullname" . }}-psp - labels: - {{- include "kubernetes-dashboard.labels" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - privileged: false - fsGroup: - rule: RunAsAny - runAsUser: - rule: RunAsAny - runAsGroup: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - 'configMap' - - 'secret' - - 'emptyDir' - allowPrivilegeEscalation: false - hostNetwork: false - hostIPC: false - hostPID: false ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "kubernetes-dashboard.fullname" . }}-psp - labels: -{{ include "kubernetes-dashboard.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kubernetes-dashboard.fullname" . }}-psp -subjects: -- kind: ServiceAccount - name: {{ template "kubernetes-dashboard.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "kubernetes-dashboard.fullname" . }}-psp - labels: -{{ include "kubernetes-dashboard.labels" . | nindent 4 }} -rules: -- apiGroups: - - extensions - - policy/v1beta1 - resources: - - podsecuritypolicies - verbs: - - use - resourceNames: - - {{ template "kubernetes-dashboard.fullname" . }}-psp -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/role.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/role.yaml deleted file mode 100644 index a8aeb73..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/role.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "kubernetes-dashboard.fullname" . }} - labels: - {{- include "kubernetes-dashboard.labels" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - # Allow Dashboard to get, update and delete Dashboard exclusive secrets. - - apiGroups: [""] - resources: ["secrets"] - resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"] - verbs: ["get", "update", "delete"] - # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. - - apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["kubernetes-dashboard-settings"] - verbs: ["get", "update"] - # Allow Dashboard to get metrics. - - apiGroups: [""] - resources: ["services"] - resourceNames: ["heapster", "dashboard-metrics-scraper"] - verbs: ["proxy"] - - apiGroups: [""] - resources: ["services/proxy"] - resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"] - verbs: ["get"] - {{- with .Values.rbac.roleAdditionalRules -}} - {{ toYaml . | nindent 2 }} - {{- end }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/rolebinding.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/rolebinding.yaml deleted file mode 100644 index 80a7d06..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/rolebinding.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "kubernetes-dashboard.fullname" . }} - labels: - {{- include "kubernetes-dashboard.labels" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kubernetes-dashboard.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kubernetes-dashboard.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/secret.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/secret.yaml deleted file mode 100644 index 2d1bfbe..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/secret.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# kubernetes-dashboard-certs -apiVersion: v1 -kind: Secret -metadata: - labels: - {{- include "kubernetes-dashboard.labels" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "kubernetes-dashboard.fullname" . }}-certs -type: Opaque ---- -# kubernetes-dashboard-csrf -apiVersion: v1 -kind: Secret -metadata: - labels: -{{ include "kubernetes-dashboard.labels" . | nindent 4 }} - name: kubernetes-dashboard-csrf -type: Opaque ---- -# kubernetes-dashboard-key-holder -apiVersion: v1 -kind: Secret -metadata: - labels: -{{ include "kubernetes-dashboard.labels" . | nindent 4 }} - name: kubernetes-dashboard-key-holder -type: Opaque diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/service.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/service.yaml deleted file mode 100644 index 5c49ae9..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/service.yaml +++ /dev/null @@ -1,62 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kubernetes-dashboard.fullname" . }} - labels: - {{ include "kubernetes-dashboard.labels" . | nindent 4 }} - app.kubernetes.io/component: kubernetes-dashboard - {{ .Values.service.clusterServiceLabel.key | nindent 4}}: {{ .Values.service.clusterServiceLabel.enabled | quote }} - {{- if .Values.service.labels }} - {{ toYaml .Values.service.labels | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.service.annotations }} - {{ toYaml .Values.service.annotations | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} -{{- if hasKey .Values.service "clusterIP" }} - clusterIP: {{ .Values.service.clusterIP }} -{{- end }} - ports: - - port: {{ .Values.service.externalPort }} -{{- if .Values.protocolHttp }} - targetPort: http - name: http -{{- else }} - targetPort: https - name: https -{{- end }} -{{- if hasKey .Values.service "nodePort" }} - nodePort: {{ .Values.service.nodePort }} -{{- end }} -{{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} -{{- end }} - selector: -{{ include "kubernetes-dashboard.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: kubernetes-dashboard -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/serviceaccount.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/serviceaccount.yaml deleted file mode 100644 index 5809186..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/serviceaccount.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "kubernetes-dashboard.labels" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "kubernetes-dashboard.serviceAccountName" . }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/servicemonitor.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/servicemonitor.yaml deleted file mode 100644 index 04efddd..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/templates/servicemonitor.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright 2017 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kubernetes-dashboard.fullname" . }} - labels: - {{ include "kubernetes-dashboard.labels" . | nindent 4 }} - app.kubernetes.io/component: kubernetes-dashboard - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.serviceMonitor.labels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.serviceMonitor.labels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.serviceMonitor.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.serviceMonitor.annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - endpoints: - {{- if .Values.protocolHttp }} - - port: http - {{- else }} - - port: https - scheme: https - tlsConfig: - insecureSkipVerify: true - {{- end }} - path: /metrics - selector: - matchLabels: - {{ include "kubernetes-dashboard.labels" . | nindent 6 }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/kubernetes-dashboard/values.yaml b/source/src/main/java/io/wdd/source/kubernetes-dashboard/values.yaml deleted file mode 100644 index deae571..0000000 --- a/source/src/main/java/io/wdd/source/kubernetes-dashboard/values.yaml +++ /dev/null @@ -1,357 +0,0 @@ -# Copyright 2020 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Default values for kubernetes-dashboard -# This is a YAML-formatted file. -# Declare name/value pairs to be passed into your templates. -# name: value - -image: - ## Repository for container - repository: kubernetesui/dashboard - tag: v2.7.0 - pullPolicy: IfNotPresent - pullSecrets: [] - -## Number of replicas -replicaCount: 1 - -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} - -## Here annotations can be added to the kubernetes dashboard deployment -annotations: {} -## Here labels can be added to the kubernetes dashboard deployment -labels: {} - -## Additional container arguments -## -extraArgs: - - --enable-skip-login - - --enable-insecure-login -# - --system-banner="Welcome to Kubernetes" - -## Additional container environment variables -## -extraEnv: [] -# - name: SOME_VAR -# value: 'some value' - -## Additional volumes to be added to kubernetes dashboard pods -## -extraVolumes: [] -# - name: dashboard-kubeconfig -# secret: -# defaultMode: 420 -# secretName: dashboard-kubeconfig - -## Additional volumeMounts to be added to kubernetes dashboard container -## -extraVolumeMounts: [] -# - mountPath: /kubeconfig -# name: dashboard-kubeconfig -# readOnly: true - -## Array of extra K8s manifests to deploy -## -extraManifests: [] -# - apiVersion: v1 -# kind: ConfigMap -# metadata: -# name: additional-configmap -# data: -# mykey: myvalue - -## Annotations to be added to kubernetes dashboard pods -# podAnnotations: - -## SecurityContext to be added to kubernetes dashboard pods -## To disable set the following configuration to null: -# securityContext: null -securityContext: - seccompProfile: - type: RuntimeDefault - -## SecurityContext defaults for the kubernetes dashboard container and metrics scraper container -## To disable set the following configuration to null: -# containerSecurityContext: null -containerSecurityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsUser: 1001 - runAsGroup: 2001 - -## @param podLabels Extra labels for OAuth2 Proxy pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## @param podAnnotations Annotations for OAuth2 Proxy pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] -# - key: "key" -# operator: "Equal|Exists" -# value: "value" -# effect: "NoSchedule|PreferNoSchedule|NoExecute" - -## Affinity for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -affinity: {} - -## Name of Priority Class of pods -# priorityClassName: "" - -## Pod resource requests & limits -resources: - requests: - cpu: 100m - memory: 200Mi - limits: - cpu: 2 - memory: 200Mi - -## Serve application over HTTP without TLS -## -## Note: If set to true, you may want to add --enable-insecure-login to extraArgs -protocolHttp: false - -service: - type: NodePort - # Dashboard service port - externalPort: 443 - - ## LoadBalancerSourcesRange is a list of allowed CIDR values, which are combined with ServicePort to - ## set allowed inbound rules on the security group assigned to the master load balancer - # loadBalancerSourceRanges: [] - - # clusterIP: "" - - ## A user-specified IP address for load balancer to use as External IP (if supported) - # loadBalancerIP: - - ## Additional Kubernetes Dashboard Service annotations - annotations: {} - - ## Here labels can be added to the Kubernetes Dashboard service - labels: {} - - ## Enable or disable the kubernetes.io/cluster-service label. Should be disabled for GKE clusters >=1.15. - ## Otherwise, the addon manager will presume ownership of the service and try to delete it. - clusterServiceLabel: - enabled: true - key: "kubernetes.io/cluster-service" - -ingress: - ## If true, Kubernetes Dashboard Ingress will be created. - ## - enabled: false - - ## Kubernetes Dashboard Ingress labels - # labels: - # key: value - - ## Kubernetes Dashboard Ingress annotations - # annotations: - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: 'true' - - ## If you plan to use TLS backend with enableInsecureLogin set to false - ## (default), you need to uncomment the below. - ## If you use ingress-nginx < 0.21.0 - # nginx.ingress.kubernetes.io/secure-backends: "true" - ## if you use ingress-nginx >= 0.21.0 - # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - - ## Kubernetes Dashboard Ingress Class - # className: "example-lb" - - ## Kubernetes Dashboard Ingress paths - ## Both `/` and `/*` are required to work on gce ingress. - paths: - - / - # - /* - - ## Custom Kubernetes Dashboard Ingress paths. Will override default paths. - ## - customPaths: [] - # - pathType: ImplementationSpecific - # backend: - # service: - # name: ssl-redirect - # port: - # name: use-annotation - # - pathType: ImplementationSpecific - # backend: - # service: - # name: >- - # {{ include "kubernetes-dashboard.fullname" . }} - # port: - # # Don't use string here, use only integer value! - # number: 443 - ## Kubernetes Dashboard Ingress hostnames - ## Must be provided if Ingress is enabled - ## - # hosts: - # - kubernetes-dashboard.domain.com - ## Kubernetes Dashboard Ingress TLS configuration - ## Secrets must be manually created in the namespace - ## - # tls: - # - secretName: kubernetes-dashboard-tls - # hosts: - # - kubernetes-dashboard.domain.com - -# Global dashboard settings -settings: - {} - ## Cluster name that appears in the browser window title if it is set - # clusterName: "" - ## Max number of items that can be displayed on each list page - # itemsPerPage: 10 - ## Number of seconds between every auto-refresh of logs - # logsAutoRefreshTimeInterval: 5 - ## Number of seconds between every auto-refresh of every resource. Set 0 to disable - # resourceAutoRefreshTimeInterval: 5 - ## Hide all access denied warnings in the notification panel - # disableAccessDeniedNotifications: false - -## Pinned CRDs that will be displayed in dashboard's menu -pinnedCRDs: - [] - # - kind: customresourcedefinition - ## Fully qualified name of a CRD - # name: prometheuses.monitoring.coreos.com - ## Display name - # displayName: Prometheus - ## Is this CRD namespaced? - # namespaced: true - -## Metrics Scraper -## Container to scrape, store, and retrieve a window of time from the Metrics Server. -## refs: https://github.com/kubernetes-sigs/dashboard-metrics-scraper -metricsScraper: - ## Wether to enable dashboard-metrics-scraper - enabled: true - image: - repository: kubernetesui/metrics-scraper - tag: v1.0.8 - resources: {} - ## SecurityContext especially for the kubernetes dashboard metrics scraper container - ## If not set, the global containterSecurityContext values will define these values - containerSecurityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsUser: 1001 - runAsGroup: 2001 - args: - - --log-level=info - - --logtostderr=true - -## Optional Metrics Server sub-chart -## Enable this if you don't already have metrics-server enabled on your cluster and -## want to use it with dashboard metrics-scraper -## refs: -## - https://github.com/kubernetes-sigs/metrics-server -## - https://github.com/kubernetes-sigs/metrics-server/tree/master/charts/metrics-server -metrics-server: - enabled: true - ## Example for additional args - args: - - --kubelet-preferred-address-types=InternalIP - - --kubelet-insecure-tls - -rbac: - # Specifies whether namespaced RBAC resources (Role, Rolebinding) should be created - create: true - - # Specifies whether cluster-wide RBAC resources (ClusterRole, ClusterRolebinding) to access metrics should be created - # Independent from rbac.create parameter. - clusterRoleMetrics: true - - # Start in ReadOnly mode. - # Specifies whether cluster-wide RBAC resources (ClusterRole, ClusterRolebinding) with read only permissions to all resources listed inside the cluster should be created - # Only dashboard-related Secrets and ConfigMaps will still be available for writing. - # - # The basic idea of the clusterReadOnlyRole - # is not to hide all the secrets and sensitive data but more - # to avoid accidental changes in the cluster outside the standard CI/CD. - # - # It is NOT RECOMMENDED to use this version in production. - # Instead you should review the role and remove all potentially sensitive parts such as - # access to persistentvolumes, pods/log etc. - # - # Independent from rbac.create parameter. - clusterReadOnlyRole: false - # It is possible to add additional rules if read only role is enabled. - # This can be useful, for example, to show CRD resources. - # clusterReadOnlyRoleAdditionalRules: [] - - # If the default role permissions are not enough, it is possible to add additional permissions. - # roleAdditionalRules: [] - -serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: - -livenessProbe: - # Number of seconds to wait before sending first probe - initialDelaySeconds: 30 - # Number of seconds to wait for probe response - timeoutSeconds: 30 - -## podDisruptionBudget -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -podDisruptionBudget: - enabled: false - ## Minimum available instances; ignored if there is no PodDisruptionBudget - minAvailable: - ## Maximum unavailable instances; ignored if there is no PodDisruptionBudget - maxUnavailable: - -## PodSecurityContext for pod level securityContext -# securityContext: -# runAsUser: 1001 -# runAsGroup: 2001 - -networkPolicy: - # Whether to create a network policy that allows/restricts access to the service - enabled: false - -## podSecurityPolicy for fine-grained authorization of pod creation and updates -podSecurityPolicy: - # Specifies whether a pod security policy should be created - enabled: false - -serviceMonitor: - # Whether or not to create a Prometheus Operator service monitor. - enabled: false - ## Here labels can be added to the serviceMonitor - labels: {} - ## Here annotations can be added to the serviceMonitor - annotations: {} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/.helmignore b/source/src/main/java/io/wdd/source/mysql-9.4.3/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/Chart.lock b/source/src/main/java/io/wdd/source/mysql-9.4.3/Chart.lock deleted file mode 100644 index f54e771..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 2.1.2 -digest: sha256:1c365a4551a2f4098e9584dc176b289c10437c679c7c3e2ec6153cabf863e1a4 -generated: "2022-11-08T17:35:30.280445479Z" diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/Chart.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/Chart.yaml deleted file mode 100644 index c23b557..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -annotations: - category: Database -apiVersion: v2 -appVersion: 8.0.31 -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 2.x.x -description: MySQL is a fast, reliable, scalable, and easy to use open source relational - database system. Designed to handle mission-critical, heavy-load production applications. -home: https://github.com/bitnami/charts/tree/main/bitnami/mysql -icon: https://bitnami.com/assets/stacks/mysql/img/mysql-stack-220x234.png -keywords: -- mysql -- database -- sql -- cluster -- high availability -maintainers: -- name: Bitnami - url: https://github.com/bitnami/charts -name: mysql -sources: -- https://github.com/bitnami/containers/tree/main/bitnami/mysql -- https://mysql.com -version: 9.4.3 diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/README.md b/source/src/main/java/io/wdd/source/mysql-9.4.3/README.md deleted file mode 100644 index a45905d..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/README.md +++ /dev/null @@ -1,552 +0,0 @@ - - -# MySQL packaged by Bitnami - -MySQL is a fast, reliable, scalable, and easy to use open source relational database system. Designed to handle mission-critical, heavy-load production applications. - -[Overview of MySQL](http://www.mysql.com) - -Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - -## TL;DR - -```bash -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/mysql -``` - -## Introduction - -This chart bootstraps a [MySQL](https://github.com/bitnami/containers/tree/main/bitnami/mysql) replication cluster deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.2.0+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/mysql -``` - -These commands deploy MySQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------------ | --------------------------------------------------------------------------------------------------------- | --------------- | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override common.names.fullname template | `""` | -| `namespaceOverride` | String to fully override common.names.namespace | `""` | -| `clusterDomain` | Cluster domain | `cluster.local` | -| `commonAnnotations` | Common annotations to add to all MySQL resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `commonLabels` | Common labels to add to all MySQL resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `extraDeploy` | Array with extra yaml to deploy with the chart. Evaluated as a template | `[]` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - - -### MySQL common parameters - -| Name | Description | Value | -| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | -| `image.registry` | MySQL image registry | `docker.io` | -| `image.repository` | MySQL image repository | `bitnami/mysql` | -| `image.tag` | MySQL image tag (immutable tags are recommended) | `8.0.31-debian-11-r10` | -| `image.digest` | MySQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | MySQL image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `architecture` | MySQL architecture (`standalone` or `replication`) | `standalone` | -| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided | `""` | -| `auth.createDatabase` | Wheter to create the .Values.auth.database or not | `true` | -| `auth.database` | Name for a custom database to create | `my_database` | -| `auth.username` | Name for a custom user to create | `""` | -| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` | -| `auth.replicationUser` | MySQL replication user | `replicator` | -| `auth.replicationPassword` | MySQL replication user password. Ignored if existing secret is provided | `""` | -| `auth.existingSecret` | Use existing secret for password details. The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password` | `""` | -| `auth.usePasswordFiles` | Mount credentials as files instead of using an environment variable | `false` | -| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` | -| `initdbScripts` | Dictionary of initdb scripts | `{}` | -| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` | - - -### MySQL Primary parameters - -| Name | Description | Value | -| ----------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | ------------------- | -| `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` | -| `primary.command` | Override default container command on MySQL Primary container(s) (useful when using custom images) | `[]` | -| `primary.args` | Override default container args on MySQL Primary container(s) (useful when using custom images) | `[]` | -| `primary.lifecycleHooks` | for the MySQL Primary container(s) to automate configuration before or after startup | `{}` | -| `primary.hostAliases` | Deployment pod host aliases | `[]` | -| `primary.configuration` | Configure MySQL Primary with a custom my.cnf file | `""` | -| `primary.existingConfigmap` | Name of existing ConfigMap with MySQL Primary configuration. | `""` | -| `primary.updateStrategy.type` | Update strategy type for the MySQL primary statefulset | `RollingUpdate` | -| `primary.podAnnotations` | Additional pod annotations for MySQL primary pods | `{}` | -| `primary.podAffinityPreset` | MySQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `primary.podAntiAffinityPreset` | MySQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `primary.nodeAffinityPreset.type` | MySQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `primary.nodeAffinityPreset.key` | MySQL primary node label key to match Ignored if `primary.affinity` is set. | `""` | -| `primary.nodeAffinityPreset.values` | MySQL primary node label values to match. Ignored if `primary.affinity` is set. | `[]` | -| `primary.affinity` | Affinity for MySQL primary pods assignment | `{}` | -| `primary.nodeSelector` | Node labels for MySQL primary pods assignment | `{}` | -| `primary.tolerations` | Tolerations for MySQL primary pods assignment | `[]` | -| `primary.priorityClassName` | MySQL primary pods' priorityClassName | `""` | -| `primary.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `primary.terminationGracePeriodSeconds` | In seconds, time the given to the MySQL primary pod needs to terminate gracefully | `""` | -| `primary.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `primary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MySQL primary pods | `""` | -| `primary.podSecurityContext.enabled` | Enable security context for MySQL primary pods | `true` | -| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | -| `primary.containerSecurityContext.enabled` | MySQL primary container securityContext | `true` | -| `primary.containerSecurityContext.runAsUser` | User ID for the MySQL primary container | `1001` | -| `primary.containerSecurityContext.runAsNonRoot` | Set MySQL primary container's Security Context runAsNonRoot | `true` | -| `primary.resources.limits` | The resources limits for MySQL primary containers | `{}` | -| `primary.resources.requests` | The requested resources for MySQL primary containers | `{}` | -| `primary.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `primary.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `primary.startupProbe.enabled` | Enable startupProbe | `true` | -| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `15` | -| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` | -| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `primary.customLivenessProbe` | Override default liveness probe for MySQL primary containers | `{}` | -| `primary.customReadinessProbe` | Override default readiness probe for MySQL primary containers | `{}` | -| `primary.customStartupProbe` | Override default startup probe for MySQL primary containers | `{}` | -| `primary.extraFlags` | MySQL primary additional command line flags | `""` | -| `primary.extraEnvVars` | Extra environment variables to be set on MySQL primary containers | `[]` | -| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MySQL primary containers | `""` | -| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MySQL primary containers | `""` | -| `primary.persistence.enabled` | Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | `true` | -| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MySQL primary replicas | `""` | -| `primary.persistence.subPath` | The name of a volume's sub path to mount for persistence | `""` | -| `primary.persistence.storageClass` | MySQL primary persistent volume storage Class | `""` | -| `primary.persistence.annotations` | MySQL primary persistent volume claim annotations | `{}` | -| `primary.persistence.accessModes` | MySQL primary persistent volume access Modes | `["ReadWriteOnce"]` | -| `primary.persistence.size` | MySQL primary persistent volume size | `8Gi` | -| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` | -| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MySQL Primary pod(s) | `[]` | -| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MySQL Primary container(s) | `[]` | -| `primary.initContainers` | Add additional init containers for the MySQL Primary pod(s) | `[]` | -| `primary.sidecars` | Add additional sidecar containers for the MySQL Primary pod(s) | `[]` | -| `primary.service.type` | MySQL Primary K8s service type | `ClusterIP` | -| `primary.service.ports.mysql` | MySQL Primary K8s service port | `3306` | -| `primary.service.nodePorts.mysql` | MySQL Primary K8s service node port | `""` | -| `primary.service.clusterIP` | MySQL Primary K8s service clusterIP IP | `""` | -| `primary.service.loadBalancerIP` | MySQL Primary loadBalancerIP if service type is `LoadBalancer` | `""` | -| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `primary.service.loadBalancerSourceRanges` | Addresses that are allowed when MySQL Primary service is LoadBalancer | `[]` | -| `primary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `primary.service.annotations` | Additional custom annotations for MySQL primary service | `{}` | -| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `primary.service.headless.annotations` | Additional custom annotations for headless MySQL primary service. | `{}` | -| `primary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MySQL primary pods | `false` | -| `primary.pdb.minAvailable` | Minimum number/percentage of MySQL primary pods that should remain scheduled | `1` | -| `primary.pdb.maxUnavailable` | Maximum number/percentage of MySQL primary pods that may be made unavailable | `""` | -| `primary.podLabels` | MySQL Primary pod label. If labels are same as commonLabels , this will take precedence | `{}` | - - -### MySQL Secondary parameters - -| Name | Description | Value | -| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------- | -| `secondary.name` | Name of the secondary database (eg secondary, slave, ...) | `secondary` | -| `secondary.replicaCount` | Number of MySQL secondary replicas | `1` | -| `secondary.hostAliases` | Deployment pod host aliases | `[]` | -| `secondary.command` | Override default container command on MySQL Secondary container(s) (useful when using custom images) | `[]` | -| `secondary.args` | Override default container args on MySQL Secondary container(s) (useful when using custom images) | `[]` | -| `secondary.lifecycleHooks` | for the MySQL Secondary container(s) to automate configuration before or after startup | `{}` | -| `secondary.configuration` | Configure MySQL Secondary with a custom my.cnf file | `""` | -| `secondary.existingConfigmap` | Name of existing ConfigMap with MySQL Secondary configuration. | `""` | -| `secondary.updateStrategy.type` | Update strategy type for the MySQL secondary statefulset | `RollingUpdate` | -| `secondary.podAnnotations` | Additional pod annotations for MySQL secondary pods | `{}` | -| `secondary.podAffinityPreset` | MySQL secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `secondary.podAntiAffinityPreset` | MySQL secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `secondary.nodeAffinityPreset.type` | MySQL secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `secondary.nodeAffinityPreset.key` | MySQL secondary node label key to match Ignored if `secondary.affinity` is set. | `""` | -| `secondary.nodeAffinityPreset.values` | MySQL secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` | -| `secondary.affinity` | Affinity for MySQL secondary pods assignment | `{}` | -| `secondary.nodeSelector` | Node labels for MySQL secondary pods assignment | `{}` | -| `secondary.tolerations` | Tolerations for MySQL secondary pods assignment | `[]` | -| `secondary.priorityClassName` | MySQL secondary pods' priorityClassName | `""` | -| `secondary.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `secondary.terminationGracePeriodSeconds` | In seconds, time the given to the MySQL secondary pod needs to terminate gracefully | `""` | -| `secondary.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `secondary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MySQL secondary pods | `""` | -| `secondary.podSecurityContext.enabled` | Enable security context for MySQL secondary pods | `true` | -| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | -| `secondary.containerSecurityContext.enabled` | MySQL secondary container securityContext | `true` | -| `secondary.containerSecurityContext.runAsUser` | User ID for the MySQL secondary container | `1001` | -| `secondary.containerSecurityContext.runAsNonRoot` | Set MySQL secondary container's Security Context runAsNonRoot | `true` | -| `secondary.resources.limits` | The resources limits for MySQL secondary containers | `{}` | -| `secondary.resources.requests` | The requested resources for MySQL secondary containers | `{}` | -| `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `secondary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `secondary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `secondary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `secondary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `secondary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `secondary.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `secondary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `secondary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `secondary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `secondary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `secondary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `secondary.startupProbe.enabled` | Enable startupProbe | `true` | -| `secondary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `15` | -| `secondary.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `secondary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `secondary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `secondary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `secondary.customLivenessProbe` | Override default liveness probe for MySQL secondary containers | `{}` | -| `secondary.customReadinessProbe` | Override default readiness probe for MySQL secondary containers | `{}` | -| `secondary.customStartupProbe` | Override default startup probe for MySQL secondary containers | `{}` | -| `secondary.extraFlags` | MySQL secondary additional command line flags | `""` | -| `secondary.extraEnvVars` | An array to add extra environment variables on MySQL secondary containers | `[]` | -| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MySQL secondary containers | `""` | -| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MySQL secondary containers | `""` | -| `secondary.persistence.enabled` | Enable persistence on MySQL secondary replicas using a `PersistentVolumeClaim` | `true` | -| `secondary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MySQL secondary replicas | `""` | -| `secondary.persistence.subPath` | The name of a volume's sub path to mount for persistence | `""` | -| `secondary.persistence.storageClass` | MySQL secondary persistent volume storage Class | `""` | -| `secondary.persistence.annotations` | MySQL secondary persistent volume claim annotations | `{}` | -| `secondary.persistence.accessModes` | MySQL secondary persistent volume access Modes | `["ReadWriteOnce"]` | -| `secondary.persistence.size` | MySQL secondary persistent volume size | `8Gi` | -| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` | -| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MySQL secondary pod(s) | `[]` | -| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MySQL secondary container(s) | `[]` | -| `secondary.initContainers` | Add additional init containers for the MySQL secondary pod(s) | `[]` | -| `secondary.sidecars` | Add additional sidecar containers for the MySQL secondary pod(s) | `[]` | -| `secondary.service.type` | MySQL secondary Kubernetes service type | `ClusterIP` | -| `secondary.service.ports.mysql` | MySQL secondary Kubernetes service port | `3306` | -| `secondary.service.nodePorts.mysql` | MySQL secondary Kubernetes service node port | `""` | -| `secondary.service.clusterIP` | MySQL secondary Kubernetes service clusterIP IP | `""` | -| `secondary.service.loadBalancerIP` | MySQL secondary loadBalancerIP if service type is `LoadBalancer` | `""` | -| `secondary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `secondary.service.loadBalancerSourceRanges` | Addresses that are allowed when MySQL secondary service is LoadBalancer | `[]` | -| `secondary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `secondary.service.annotations` | Additional custom annotations for MySQL secondary service | `{}` | -| `secondary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `secondary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `secondary.service.headless.annotations` | Additional custom annotations for headless MySQL secondary service. | `{}` | -| `secondary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MySQL secondary pods | `false` | -| `secondary.pdb.minAvailable` | Minimum number/percentage of MySQL secondary pods that should remain scheduled | `1` | -| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MySQL secondary pods that may be made unavailable | `""` | -| `secondary.podLabels` | Additional pod labels for MySQL secondary pods | `{}` | - - -### RBAC parameters - -| Name | Description | Value | -| --------------------------------------------- | -------------------------------------------------------------- | ------- | -| `serviceAccount.create` | Enable the creation of a ServiceAccount for MySQL pods | `true` | -| `serviceAccount.name` | Name of the created ServiceAccount | `""` | -| `serviceAccount.annotations` | Annotations for MySQL Service Account | `{}` | -| `serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `true` | -| `rbac.create` | Whether to create & use RBAC resources or not | `false` | -| `rbac.rules` | Custom RBAC rules to set | `[]` | - - -### Network Policy - -| Name | Description | Value | -| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------- | ------- | -| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` | -| `networkPolicy.allowExternal` | The Policy model to apply. | `true` | -| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed to MySQL | `{}` | - - -### Volume Permissions parameters - -| Name | Description | Value | -| ------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r50` | -| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources` | Init container volume-permissions resources | `{}` | - - -### Metrics parameters - -| Name | Description | Value | -| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | ------------------------- | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Exporter image registry | `docker.io` | -| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` | -| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r55` | -| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.service.type` | Kubernetes service type for MySQL Prometheus Exporter | `ClusterIP` | -| `metrics.service.port` | MySQL Prometheus Exporter service port | `9104` | -| `metrics.service.annotations` | Prometheus exporter service annotations | `{}` | -| `metrics.extraArgs.primary` | Extra args to be passed to mysqld_exporter on Primary pods | `[]` | -| `metrics.extraArgs.secondary` | Extra args to be passed to mysqld_exporter on Secondary pods | `[]` | -| `metrics.resources.limits` | The resources limits for MySQL prometheus exporter containers | `{}` | -| `metrics.resources.requests` | The requested resources for MySQL prometheus exporter containers | `{}` | -| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | Specify the namespace in which the serviceMonitor resource will be created | `""` | -| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | -| `metrics.serviceMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | -| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` | -| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.serviceMonitor.labels` | Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with | `{}` | -| `metrics.serviceMonitor.annotations` | ServiceMonitor annotations | `{}` | -| `metrics.prometheusRule.enabled` | Creates a Prometheus Operator prometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` | -| `metrics.prometheusRule.namespace` | Namespace for the prometheusRule Resource (defaults to the Release Namespace) | `""` | -| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRule will be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` | - - -The above parameters map to the env variables defined in [bitnami/mysql](https://github.com/bitnami/containers/tree/main/bitnami/mysql). For more information please refer to the [bitnami/mysql](https://github.com/bitnami/containers/tree/main/bitnami/mysql) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -$ helm install my-release \ - --set auth.rootPassword=secretpassword,auth.database=app_database \ - my-repo/mysql -``` - -The above command sets the MySQL `root` account password to `secretpassword`. Additionally it creates a database named `app_database`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install my-release -f values.yaml my-repo/mysql -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Use a different MySQL version - -To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/mysql/configuration/change-image-version/). - -### Customize a new MySQL instance - -The [Bitnami MySQL](https://github.com/bitnami/containers/tree/main/bitnami/mysql) image allows you to use your custom scripts to initialize a fresh instance. Custom scripts may be specified using the `initdbScripts` parameter. Alternatively, an external ConfigMap may be created with all the initialization scripts and the ConfigMap passed to the chart via the `initdbScriptsConfigMap` parameter. Note that this will override the `initdbScripts` parameter. - -The allowed extensions are `.sh`, `.sql` and `.sql.gz`. - -These scripts are treated differently depending on their extension. While `.sh` scripts are executed on all the nodes, `.sql` and `.sql.gz` scripts are only executed on the primary nodes. This is because `.sh` scripts support conditional tests to identify the type of node they are running on, while such tests are not supported in `.sql` or `sql.gz` files. - -Refer to the [chart documentation for more information and a usage example](http://docs.bitnami.com/kubernetes/infrastructure/mysql/configuration/customize-new-instance/). - -### Sidecars and Init Containers - -If you have a need for additional containers to run within the same pod as MySQL, you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -Similarly, you can add extra init containers using the `initContainers` parameter. - -```yaml -initContainers: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -## Persistence - -The [Bitnami MySQL](https://github.com/bitnami/containers/tree/main/bitnami/mysql) image stores the MySQL data and configurations at the `/bitnami/mysql` path of the container. - -The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) volume at this location. The volume is created using dynamic volume provisioning by default. An existing PersistentVolumeClaim can also be defined for this purpose. - -If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). - -## Network Policy - -To enable network policy for MySQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. - -For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: - -```console -$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" -``` - -With NetworkPolicy enabled, traffic will be limited to just port 3306. - -For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to MySQL. -This label will be displayed in the output of a successful install. - -## Pod affinity - -This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -It's necessary to set the `auth.rootPassword` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Administrator credentials' section. Please note down the password and run the command below to upgrade your chart: - -```bash -$ helm upgrade my-release my-repo/mysql --set auth.rootPassword=[ROOT_PASSWORD] -``` - -| Note: you need to substitute the placeholder _[ROOT_PASSWORD]_ with the value obtained in the installation notes. - -### To 9.0.0 - -This major release renames several values in this chart and adds missing features, in order to be aligned with the rest of the assets in the Bitnami charts repository. - -Affected values: - -- `schedulerName` was renamed as `primary.schedulerName` and `secondary.schedulerName`. -- The way how passwords are handled has been refactored and value `auth.forcePassword` has been removed. Now, the password configuration will have the following priority: - 1. Search for an already existing 'Secret' resource and reuse previous password. - 2. Password provided via the values.yaml - 3. If no secret existed, and no password was provided, the bitnami/mysql chart will set a randomly generated password. -- `primary.service.port` was renamed as `primary.service.ports.mysql`. -- `secondary.service.port` was renamed as `secondary.service.ports.mysql`. -- `primary.service.nodePort` was renamed as `primary.service.nodePorts.mysql`. -- `secondary.service.nodePort` was renamed as `secondary.service.nodePorts.mysql`. -- `primary.updateStrategy` and `secondary.updateStrategy` are now interpreted as an object and not a string. -- Values `primary.rollingUpdatePartition` and `secondary.rollingUpdatePartition` have been removed. In cases were they are needed, they can be set inside `.*updateStrategy`. -- `primary.pdb.enabled` was renamed as `primary.pdb.create`. -- `secondary.pdb.enabled` was renamed as `secondary.pdb.create`. -- `metrics.serviceMonitor.additionalLabels` was renamed as `metrics.serviceMonitor.labels` -- `metrics.serviceMonitor.relabellings` was removed, previously used to configured `metricRelabelings` field. We introduced two new values: `metrics.serviceMonitor.relabelings` and `metrics.serviceMonitor.metricRelabelings` that can be used to configured the serviceMonitor homonimous field. - -### To 8.0.0 - -- Several parameters were renamed or disappeared in favor of new ones on this major version: - - The terms *master* and *slave* have been replaced by the terms *primary* and *secondary*. Therefore, parameters prefixed with `master` or `slave` are now prefixed with `primary` or `secondary`, respectively. - - Credentials parameters are reorganized under the `auth` parameter. - - `replication.enabled` parameter is deprecated in favor of `architecture` parameter that accepts two values: `standalone` and `replication`. -- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). -- This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/main/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -Consequences: - -- Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new release of the MySQL chart, and migrate the data from your previous release. You have 2 alternatives to do so: - - Create a backup of the database, and restore it on the new release using tools such as [mysqldump](https://dev.mysql.com/doc/refman/8.0/en/mysqldump.html). - - Reuse the PVC used to hold the master data on your previous release. To do so, use the `primary.persistence.existingClaim` parameter. The following example assumes that the release name is `mysql`: - -```bash -$ helm install mysql my-repo/mysql --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC] -``` - -| Note: you need to substitute the placeholder _[EXISTING_PVC]_ with the name of the PVC used on your previous release, and _[ROOT_PASSWORD]_ with the root password used in your previous release. - -### To 7.0.0 - -[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/mysql/administration/upgrade-helm3/). - -### To 3.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 3.0.0. The following example assumes that the release name is mysql: - -```console -$ kubectl delete statefulset mysql-master --cascade=false -$ kubectl delete statefulset mysql-slave --cascade=false -``` - -## License - -Copyright © 2022 Bitnami - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/.helmignore b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/Chart.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/Chart.yaml deleted file mode 100644 index 6f0c3a6..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 2.1.2 -description: A Library Helm Chart for grouping common logic between bitnami charts. - This chart is not deployable by itself. -home: https://github.com/bitnami/charts/tree/main/bitnami/common -icon: https://bitnami.com/downloads/logos/bitnami-mark.png -keywords: -- common -- helper -- template -- function -- bitnami -maintainers: -- name: Bitnami - url: https://github.com/bitnami/charts -name: common -sources: -- https://github.com/bitnami/charts -- https://www.bitnami.com/ -type: library -version: 2.1.2 diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/README.md b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/README.md deleted file mode 100644 index a2ecd60..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/README.md +++ /dev/null @@ -1,350 +0,0 @@ -# Bitnami Common Library Chart - -A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. - -## TL;DR - -```yaml -dependencies: - - name: common - version: 1.x.x - repository: https://charts.bitnami.com/bitnami -``` - -```bash -$ helm dependency update -``` - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} -data: - myvalue: "Hello World" -``` - -## Introduction - -This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.2.0+ - -## Parameters - -The following table lists the helpers available in the library which are scoped in different sections. - -### Affinities - -| Helper identifier | Description | Expected Input | -|-------------------------------|------------------------------------------------------|------------------------------------------------| -| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | -| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | - -### Capabilities - -| Helper identifier | Description | Expected Input | -|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| -| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | -| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | -| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | -| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | -| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | -| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | -| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | -| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context | -| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context | -| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context | -| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context | -| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | - -### Errors - -| Helper identifier | Description | Expected Input | -|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| -| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | - -### Images - -| Helper identifier | Description | Expected Input | -|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| -| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | -| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | -| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` | - -### Ingress - -| Helper identifier | Description | Expected Input | -|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | -| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | -| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | -| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` | - -### Labels - -| Helper identifier | Description | Expected Input | -|-----------------------------|-----------------------------------------------------------------------------|-------------------| -| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | -| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context | - -### Names - -| Helper identifier | Description | Expected Input | -|-----------------------------------|-----------------------------------------------------------------------|-------------------| -| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | -| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | -| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context | -| `common.names.fullname.namespace` | Create a fully qualified app name adding the installation's namespace | `.` Chart context | -| `common.names.chart` | Chart name plus version | `.` Chart context | - -### Secrets - -| Helper identifier | Description | Expected Input | -|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | -| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | -| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | -| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | - -### Storage - -| Helper identifier | Description | Expected Input | -|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| -| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | - -### TplValues - -| Helper identifier | Description | Expected Input | -|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | - -### Utils - -| Helper identifier | Description | Expected Input | -|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| -| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | -| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | -| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | -| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | - -### Validations - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | -| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | -| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | -| `common.validations.values.mysql.passwords` | This helper will ensure required password for MySQL are not empty. It returns a shared error for all the values. | `dict "secret" "mysql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mysql chart and the helper. | -| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | -| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis® are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | -| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | -| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | - -### Warnings - -| Helper identifier | Description | Expected Input | -|------------------------------|----------------------------------|------------------------------------------------------------| -| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | - -## Special input schemas - -### ImageRoot - -```yaml -registry: - type: string - description: Docker registry where the image is located - example: docker.io - -repository: - type: string - description: Repository and image name - example: bitnami/nginx - -tag: - type: string - description: image tag - example: 1.16.1-debian-10-r63 - -pullPolicy: - type: string - description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - -pullSecrets: - type: array - items: - type: string - description: Optionally specify an array of imagePullSecrets (evaluated as templates). - -debug: - type: boolean - description: Set to true if you would like to see extra information on logs - example: false - -## An instance would be: -# registry: docker.io -# repository: bitnami/nginx -# tag: 1.16.1-debian-10-r63 -# pullPolicy: IfNotPresent -# debug: false -``` - -### Persistence - -```yaml -enabled: - type: boolean - description: Whether enable persistence. - example: true - -storageClass: - type: string - description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. - example: "-" - -accessMode: - type: string - description: Access mode for the Persistent Volume Storage. - example: ReadWriteOnce - -size: - type: string - description: Size the Persistent Volume Storage. - example: 8Gi - -path: - type: string - description: Path to be persisted. - example: /bitnami - -## An instance would be: -# enabled: true -# storageClass: "-" -# accessMode: ReadWriteOnce -# size: 8Gi -# path: /bitnami -``` - -### ExistingSecret - -```yaml -name: - type: string - description: Name of the existing secret. - example: mySecret -keyMapping: - description: Mapping between the expected key name and the name of the key in the existing secret. - type: object - -## An instance would be: -# name: mySecret -# keyMapping: -# password: myPasswordKey -``` - -#### Example of use - -When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. - -```yaml -# templates/secret.yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: - app: {{ include "common.names.fullname" . }} -type: Opaque -data: - password: {{ .Values.password | b64enc | quote }} - -# templates/dpl.yaml ---- -... - env: - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} - key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} -... - -# values.yaml ---- -name: mySecret -keyMapping: - password: myPasswordKey -``` - -### ValidateValue - -#### NOTES.txt - -```console -{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} - -{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} -``` - -If we force those values to be empty we will see some alerts - -```console -$ helm install test mychart --set path.to.value00="",path.to.value01="" - 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: - - export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d) - - 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: - - export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d) -``` - -## Upgrading - -### To 1.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -## License - -Copyright © 2022 Bitnami - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_affinities.tpl b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_affinities.tpl deleted file mode 100644 index 497068f..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_affinities.tpl +++ /dev/null @@ -1,98 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a soft nodeAffinity definition -{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.soft" -}} -preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} - weight: 1 -{{- end -}} - -{{/* -Return a hard nodeAffinity definition -{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.hard" -}} -requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} -{{- end -}} - -{{/* -Return a nodeAffinity definition -{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.nodes.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.nodes.hard" . -}} - {{- end -}} -{{- end -}} - -{{/* -Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} -*/}} -{{- define "common.affinities.pods.soft" -}} -{{- $component := default "" .component -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: kubernetes.io/hostname - weight: 1 -{{- end -}} - -{{/* -Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} -*/}} -{{- define "common.affinities.pods.hard" -}} -{{- $component := default "" .component -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: kubernetes.io/hostname -{{- end -}} - -{{/* -Return a podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.pods" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.pods.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.pods.hard" . -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_capabilities.tpl b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_capabilities.tpl deleted file mode 100644 index 9d9b760..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_capabilities.tpl +++ /dev/null @@ -1,154 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "common.capabilities.kubeVersion" -}} -{{- if .Values.global }} - {{- if .Values.global.kubeVersion }} - {{- .Values.global.kubeVersion -}} - {{- else }} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} - {{- end -}} -{{- else }} -{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for poddisruptionbudget. -*/}} -{{- define "common.capabilities.policy.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "common.capabilities.networkPolicy.apiVersion" -}} -{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for cronjob. -*/}} -{{- define "common.capabilities.cronjob.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "batch/v1beta1" -}} -{{- else -}} -{{- print "batch/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "common.capabilities.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apps/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- if .Values.ingress -}} -{{- if .Values.ingress.apiVersion -}} -{{- .Values.ingress.apiVersion -}} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end }} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for RBAC resources. -*/}} -{{- define "common.capabilities.rbac.apiVersion" -}} -{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "rbac.authorization.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "rbac.authorization.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for CRDs. -*/}} -{{- define "common.capabilities.crd.apiVersion" -}} -{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiextensions.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiextensions.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for APIService. -*/}} -{{- define "common.capabilities.apiService.apiVersion" -}} -{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiregistration.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiregistration.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Horizontal Pod Autoscaler. -*/}} -{{- define "common.capabilities.hpa.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the used Helm version is 3.3+. -A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. -This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. -**To be removed when the catalog's minimun Helm version is 3.3** -*/}} -{{- define "common.capabilities.supportsHelmVersion" -}} -{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_errors.tpl b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_errors.tpl deleted file mode 100644 index a79cc2e..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_errors.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} - {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} - {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} - {{- $errorString = print $errorString "\n%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_images.tpl b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_images.tpl deleted file mode 100644 index 46c659e..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_images.tpl +++ /dev/null @@ -1,76 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := .imageRoot.registry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $separator := ":" -}} -{{- $termination := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.imageRegistry }} - {{- $registryName = .global.imageRegistry -}} - {{- end -}} -{{- end -}} -{{- if .imageRoot.digest }} - {{- $separator = "@" -}} - {{- $termination = .imageRoot.digest | toString -}} -{{- end -}} -{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "common.images.renderPullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_ingress.tpl b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_ingress.tpl deleted file mode 100644 index 831da9c..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_ingress.tpl +++ /dev/null @@ -1,68 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Generate backend entry that is compatible with all Kubernetes API versions. - -Usage: -{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} - -Params: - - serviceName - String. Name of an existing service backend - - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.ingress.backend" -}} -{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} -{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} -serviceName: {{ .serviceName }} -servicePort: {{ .servicePort }} -{{- else -}} -service: - name: {{ .serviceName }} - port: - {{- if typeIs "string" .servicePort }} - name: {{ .servicePort }} - {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} - number: {{ .servicePort | int }} - {{- end }} -{{- end -}} -{{- end -}} - -{{/* -Print "true" if the API pathType field is supported -Usage: -{{ include "common.ingress.supportsPathType" . }} -*/}} -{{- define "common.ingress.supportsPathType" -}} -{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the ingressClassname field is supported -Usage: -{{ include "common.ingress.supportsIngressClassname" . }} -*/}} -{{- define "common.ingress.supportsIngressClassname" -}} -{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if cert-manager required annotations for TLS signed -certificates are set in the Ingress annotations -Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations -Usage: -{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} -*/}} -{{- define "common.ingress.certManagerRequest" -}} -{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_labels.tpl b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_labels.tpl deleted file mode 100644 index 252066c..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,18 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Kubernetes standard labels -*/}} -{{- define "common.labels.standard" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector -*/}} -{{- define "common.labels.matchLabels" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_names.tpl b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_names.tpl deleted file mode 100644 index 1bdac8b..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_names.tpl +++ /dev/null @@ -1,70 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified dependency name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -Usage: -{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} -*/}} -{{- define "common.names.dependency.fullname" -}} -{{- if .chartValues.fullnameOverride -}} -{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .chartName .chartValues.nameOverride -}} -{{- if contains $name .context.Release.Name -}} -{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts. -*/}} -{{- define "common.names.namespace" -}} -{{- if .Values.namespaceOverride -}} -{{- .Values.namespaceOverride -}} -{{- else -}} -{{- .Release.Namespace -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified app name adding the installation's namespace. -*/}} -{{- define "common.names.fullname.namespace" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_secrets.tpl b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_secrets.tpl deleted file mode 100644 index 4267d42..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_secrets.tpl +++ /dev/null @@ -1,165 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- if not (typeIs "string" .) -}} -{{- with .name -}} -{{- $name = . -}} -{{- end -}} -{{- else -}} -{{- $name = . -}} -{{- end -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if not (typeIs "string" .existingSecret) -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} - {{- end }} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Generate secret password or retrieve one if already created. - -Usage: -{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - length - int - Optional - Length of the generated random password. - - strong - Boolean - Optional - Whether to add symbols to the generated random password. - - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - - context - Context - Required - Parent context. - -The order in which this function returns a secret password: - 1. Already existing 'Secret' resource - (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) - 2. Password provided via the values.yaml - (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) - 3. Randomly generated secret password - (A new random secret password with the length specified in the 'length' parameter will be generated and returned) - -*/}} -{{- define "common.secrets.passwords.manage" -}} - -{{- $password := "" }} -{{- $subchart := "" }} -{{- $chartName := default "" .chartName }} -{{- $passwordLength := default 10 .length }} -{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} -{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} -{{- $secretData := (lookup "v1" "Secret" $.context.Release.Namespace .secret).data }} -{{- if $secretData }} - {{- if hasKey $secretData .key }} - {{- $password = index $secretData .key | quote }} - {{- else }} - {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} - {{- end -}} -{{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString | b64enc | quote }} -{{- else }} - - {{- if .context.Values.enabled }} - {{- $subchart = $chartName }} - {{- end -}} - - {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - {{- $passwordValidationErrors := list $requiredPasswordError -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} - - {{- if .strong }} - {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} - {{- $password = randAscii $passwordLength }} - {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} - {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} - {{- else }} - {{- $password = randAlphaNum $passwordLength | b64enc | quote }} - {{- end }} -{{- end -}} -{{- printf "%s" $password -}} -{{- end -}} - -{{/* -Reuses the value from an existing secret, otherwise sets its value to a default value. - -Usage: -{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - context - Context - Required - Parent context. - -*/}} -{{- define "common.secrets.lookup" -}} -{{- $value := "" -}} -{{- $defaultValue := required "\n'common.secrets.lookup': Argument 'defaultValue' missing or empty" .defaultValue -}} -{{- $secretData := (lookup "v1" "Secret" $.context.Release.Namespace .secret).data -}} -{{- if and $secretData (hasKey $secretData .key) -}} - {{- $value = index $secretData .key -}} -{{- else -}} - {{- $value = $defaultValue | toString | b64enc -}} -{{- end -}} -{{- printf "%s" $value -}} -{{- end -}} - -{{/* -Returns whether a previous generated secret already exists - -Usage: -{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.exists" -}} -{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} -{{- if $secret }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_storage.tpl b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_storage.tpl deleted file mode 100644 index 60e2a84..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_storage.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} - -{{- $storageClass := .persistence.storageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.storageClass -}} - {{- end -}} -{{- end -}} - -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} - -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_tplvalues.tpl b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_tplvalues.tpl deleted file mode 100644 index 2db1668..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,13 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_utils.tpl b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_utils.tpl deleted file mode 100644 index 8c22b2a..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_utils.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} - -{{/* -Gets a value from .Values given -Usage: -{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} -*/}} -{{- define "common.utils.getValueFromKey" -}} -{{- $splitKey := splitList "." .key -}} -{{- $value := "" -}} -{{- $latestObj := $.context.Values -}} -{{- range $splitKey -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} - {{- end -}} - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} -{{- end -}} -{{- printf "%v" (default "" $value) -}} -{{- end -}} - -{{/* -Returns first .Values key with a defined value or first of the list if all non-defined -Usage: -{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} -*/}} -{{- define "common.utils.getKeyFromList" -}} -{{- $key := first .keys -}} -{{- $reverseKeys := reverse .keys }} -{{- range $reverseKeys }} - {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} - {{- if $value -}} - {{- $key = . }} - {{- end -}} -{{- end -}} -{{- printf "%s" $key -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_warnings.tpl b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_warnings.tpl deleted file mode 100644 index ae10fa4..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/_warnings.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} - -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_cassandra.tpl b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_cassandra.tpl deleted file mode 100644 index ded1ae3..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_cassandra.tpl +++ /dev/null @@ -1,72 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Cassandra required passwords are not empty. - -Usage: -{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.cassandra.passwords" -}} - {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} - {{- $enabled := include "common.cassandra.values.enabled" . -}} - {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} - {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.dbUser.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled cassandra. - -Usage: -{{ include "common.cassandra.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.cassandra.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.cassandra.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key dbUser - -Usage: -{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.key.dbUser" -}} - {{- if .subchart -}} - cassandra.dbUser - {{- else -}} - dbUser - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_mariadb.tpl b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_mariadb.tpl deleted file mode 100644 index b6906ff..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_mariadb.tpl +++ /dev/null @@ -1,103 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MariaDB required passwords are not empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mariadb.values.enabled" . -}} - {{- $architecture := include "common.mariadb.values.architecture" . -}} - {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mariadb. - -Usage: -{{ include "common.mariadb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mariadb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mariadb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.key.auth" -}} - {{- if .subchart -}} - mariadb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_mongodb.tpl b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_mongodb.tpl deleted file mode 100644 index f820ec1..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_mongodb.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MongoDB® required passwords are not empty. - -Usage: -{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mongodb.passwords" -}} - {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mongodb.values.enabled" . -}} - {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} - {{- $architecture := include "common.mongodb.values.architecture" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} - {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} - - {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} - {{- if and $valueUsername $valueDatabase -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replicaset") -}} - {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mongodb. - -Usage: -{{ include "common.mongodb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mongodb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mongodb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.key.auth" -}} - {{- if .subchart -}} - mongodb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_mysql.tpl b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_mysql.tpl deleted file mode 100644 index 74472a0..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_mysql.tpl +++ /dev/null @@ -1,103 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MySQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mysql.passwords" -}} - {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mysql.values.enabled" . -}} - {{- $architecture := include "common.mysql.values.architecture" . -}} - {{- $authPrefix := include "common.mysql.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mysql. - -Usage: -{{ include "common.mysql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mysql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mysql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.key.auth" -}} - {{- if .subchart -}} - mysql.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_postgresql.tpl b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_postgresql.tpl deleted file mode 100644 index 164ec0d..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_postgresql.tpl +++ /dev/null @@ -1,129 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate PostgreSQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- if (eq $enabledReplication "true") -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.replication.enabled -}} - {{- else -}} - {{- printf "%v" .context.Values.replication.enabled -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_redis.tpl b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_redis.tpl deleted file mode 100644 index dcccfc1..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_redis.tpl +++ /dev/null @@ -1,76 +0,0 @@ - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Redis® required passwords are not empty. - -Usage: -{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.redis.passwords" -}} - {{- $enabled := include "common.redis.values.enabled" . -}} - {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} - {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} - - {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} - {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} - - {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} - {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} - {{- if eq $useAuth "true" -}} - {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled redis. - -Usage: -{{ include "common.redis.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.redis.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.redis.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right prefix path for the values - -Usage: -{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.redis.values.keys.prefix" -}} - {{- if .subchart -}}redis.{{- else -}}{{- end -}} -{{- end -}} - -{{/* -Checks whether the redis chart's includes the standarizations (version >= 14) - -Usage: -{{ include "common.redis.values.standarized.version" (dict "context" $) }} -*/}} -{{- define "common.redis.values.standarized.version" -}} - - {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} - {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} - - {{- if $standarizedAuthValues -}} - {{- true -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_validations.tpl b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_validations.tpl deleted file mode 100644 index 9a814cf..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/templates/validations/_validations.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" - - subchart - String - Optional - Name of the subchart that the validated password is part of. -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} - {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/values.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/values.yaml deleted file mode 100644 index f2df68e..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/charts/common/values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -## bitnami/common -## It is required by CI/CD tools and processes. -## @skip exampleValue -## -exampleValue: common-chart diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/NOTES.txt b/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/NOTES.txt deleted file mode 100644 index ecf604c..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/NOTES.txt +++ /dev/null @@ -1,75 +0,0 @@ -CHART NAME: {{ .Chart.Name }} -CHART VERSION: {{ .Chart.Version }} -APP VERSION: {{ .Chart.AppVersion }} - -** Please be patient while the chart is being deployed ** - -{{- if .Values.diagnosticMode.enabled }} -The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: - - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} - -Get the list of pods by executing: - - kubectl get pods --namespace {{ include "common.names.namespace" . }} -l app.kubernetes.io/instance={{ .Release.Name }} - -Access the pod you want to debug by executing - - kubectl exec --namespace {{ include "common.names.namespace" . }} -ti -- bash - -In order to replicate the container startup scripts execute this command: - - /opt/bitnami/scripts/mysql/entrypoint.sh /opt/bitnami/scripts/mysql/run.sh - -{{- else }} - -Tip: - - Watch the deployment status using the command: kubectl get pods -w --namespace {{ include "common.names.namespace" . }} - -Services: - - echo Primary: {{ include "mysql.primary.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}:{{ .Values.primary.service.ports.mysql }} -{{- if eq .Values.architecture "replication" }} - echo Secondary: {{ include "mysql.secondary.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}:{{ .Values.secondary.service.ports.mysql }} -{{- end }} - -Execute the following to get the administrator credentials: - - echo Username: root - MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace {{ include "common.names.namespace" . }} {{ template "mysql.secretName" . }} -o jsonpath="{.data.mysql-root-password}" | base64 -d) - -To connect to your database: - - 1. Run a pod that you can use as a client: - - kubectl run {{ include "common.names.fullname" . }}-client --rm --tty -i --restart='Never' --image {{ template "mysql.image" . }} --namespace {{ include "common.names.namespace" . }} --env MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD --command -- bash - - 2. To connect to primary service (read/write): - - mysql -h {{ include "mysql.primary.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} -uroot -p"$MYSQL_ROOT_PASSWORD" - -{{- if eq .Values.architecture "replication" }} - - 3. To connect to secondary service (read-only): - - mysql -h {{ include "mysql.secondary.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} -uroot -p"$MYSQL_ROOT_PASSWORD" -{{- end }} - -{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} -Note: Since NetworkPolicy is enabled, only pods with label {{ template "common.names.fullname" . }}-client=true" will be able to connect to MySQL. -{{- end }} - -{{- if .Values.metrics.enabled }} - -To access the MySQL Prometheus metrics from outside the cluster execute the following commands: - - kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ printf "%s-metrics" (include "common.names.fullname" .) }} {{ .Values.metrics.service.port }}:{{ .Values.metrics.service.port }} & - curl http://127.0.0.1:{{ .Values.metrics.service.port }}/metrics - -{{- end }} - -{{ include "mysql.validateValues" . }} -{{ include "mysql.checkRollingTags" . }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/_helpers.tpl b/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/_helpers.tpl deleted file mode 100644 index 322826f..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/_helpers.tpl +++ /dev/null @@ -1,161 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{- define "mysql.primary.fullname" -}} -{{- if eq .Values.architecture "replication" }} -{{- printf "%s-%s" (include "common.names.fullname" .) .Values.primary.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- include "common.names.fullname" . -}} -{{- end -}} -{{- end -}} - -{{- define "mysql.secondary.fullname" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) .Values.secondary.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper MySQL image name -*/}} -{{- define "mysql.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper metrics image name -*/}} -{{- define "mysql.metrics.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "mysql.volumePermissions.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "mysql.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }} -{{- end -}} - -{{/* -Get the initialization scripts ConfigMap name. -*/}} -{{- define "mysql.initdbScriptsCM" -}} -{{- if .Values.initdbScriptsConfigMap -}} - {{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}} -{{- else -}} - {{- printf "%s-init-scripts" (include "mysql.primary.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* - Returns the proper service account name depending if an explicit service account name is set - in the values file. If the name is not set it will default to either mysql.fullname if serviceAccount.create - is true or default otherwise. -*/}} -{{- define "mysql.serviceAccountName" -}} - {{- if .Values.serviceAccount.create -}} - {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} - {{- else -}} - {{ default "default" .Values.serviceAccount.name }} - {{- end -}} -{{- end -}} - -{{/* -Return the configmap with the MySQL Primary configuration -*/}} -{{- define "mysql.primary.configmapName" -}} -{{- if .Values.primary.existingConfigmap -}} - {{- printf "%s" (tpl .Values.primary.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s" (include "mysql.primary.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created for MySQL Secondary -*/}} -{{- define "mysql.primary.createConfigmap" -}} -{{- if and .Values.primary.configuration (not .Values.primary.existingConfigmap) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return the configmap with the MySQL Primary configuration -*/}} -{{- define "mysql.secondary.configmapName" -}} -{{- if .Values.secondary.existingConfigmap -}} - {{- printf "%s" (tpl .Values.secondary.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s" (include "mysql.secondary.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created for MySQL Secondary -*/}} -{{- define "mysql.secondary.createConfigmap" -}} -{{- if and (eq .Values.architecture "replication") .Values.secondary.configuration (not .Values.secondary.existingConfigmap) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return the secret with MySQL credentials -*/}} -{{- define "mysql.secretName" -}} - {{- if .Values.auth.existingSecret -}} - {{- printf "%s" (tpl .Values.auth.existingSecret $) -}} - {{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} - {{- end -}} -{{- end -}} - -{{/* -Return true if a secret object should be created for MySQL -*/}} -{{- define "mysql.createSecret" -}} -{{- if and (not .Values.auth.existingSecret) (not .Values.auth.customPasswordFiles) }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Returns the available value for certain key in an existing secret (if it exists), -otherwise it generates a random value. -*/}} -{{- define "getValueFromSecret" }} - {{- $len := (default 16 .Length) | int -}} - {{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} - {{- if $obj }} - {{- index $obj .Key | b64dec -}} - {{- else -}} - {{- randAlphaNum $len -}} - {{- end -}} -{{- end }} - -{{/* Check if there are rolling tags in the images */}} -{{- define "mysql.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} -{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "mysql.validateValues" -}} -{{- $messages := list -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/extra-list.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/metrics-svc.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/metrics-svc.yaml deleted file mode 100644 index 4d3339b..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/metrics-svc.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - app.kubernetes.io/component: metrics - {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.metrics.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.metrics.service.type }} - ports: - - port: {{ .Values.metrics.service.port }} - targetPort: metrics - protocol: TCP - name: metrics - selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/networkpolicy.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/networkpolicy.yaml deleted file mode 100644 index 6b62bb5..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/networkpolicy.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - ingress: - # Allow inbound connections - - ports: - - port: {{ .Values.primary.service.ports.mysql }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "common.names.fullname" . }}-client: "true" - {{- if .Values.networkPolicy.explicitNamespacesSelector }} - namespaceSelector: -{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} - {{- end }} - - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 14 }} - {{- end }} - {{- if .Values.metrics.enabled }} - # Allow prometheus scrapes - - ports: - - port: 9104 - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/configmap.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/configmap.yaml deleted file mode 100644 index 82d0774..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if (include "mysql.primary.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "mysql.primary.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: primary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - my.cnf: |- - {{- include "common.tplvalues.render" ( dict "value" .Values.primary.configuration "context" $ ) | nindent 4 }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/initialization-configmap.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/initialization-configmap.yaml deleted file mode 100644 index a34f80d..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/initialization-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.initdbScripts (not .Values.initdbScriptsConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-init-scripts" (include "mysql.primary.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: primary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- include "common.tplvalues.render" (dict "value" .Values.initdbScripts "context" .) | nindent 2 }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/pdb.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/pdb.yaml deleted file mode 100644 index ca22a0e..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/pdb.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.primary.pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ include "mysql.primary.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: primary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.primary.pdb.minAvailable }} - minAvailable: {{ .Values.primary.pdb.minAvailable }} - {{- end }} - {{- if .Values.primary.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.primary.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: primary -{{- end }} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/statefulset.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/statefulset.yaml deleted file mode 100644 index 188247e..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/statefulset.yaml +++ /dev/null @@ -1,379 +0,0 @@ -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ include "mysql.primary.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: primary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: 1 - podManagementPolicy: {{ .Values.primary.podManagementPolicy | quote }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: primary - serviceName: {{ include "mysql.primary.fullname" . }} - {{- if .Values.primary.updateStrategy }} - updateStrategy: {{- toYaml .Values.primary.updateStrategy | nindent 4 }} - {{- end }} - template: - metadata: - annotations: - {{- if (include "mysql.primary.createConfigmap" .) }} - checksum/configuration: {{ include (print $.Template.BasePath "/primary/configmap.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.primary.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: primary - {{- if .Values.primary.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.primary.podLabels "context" $ ) | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ template "mysql.serviceAccountName" . }} - {{- include "mysql.imagePullSecrets" . | nindent 6 }} - {{- if .Values.primary.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.primary.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.primary.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.primary.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.primary.nodeAffinityPreset.type "key" .Values.primary.nodeAffinityPreset.key "values" .Values.primary.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.primary.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.primary.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.primary.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.primary.priorityClassName }} - priorityClassName: {{ .Values.primary.priorityClassName | quote }} - {{- end }} - {{- if .Values.primary.schedulerName }} - schedulerName: {{ .Values.primary.schedulerName | quote }} - {{- end }} - {{- if .Values.primary.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.primary.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.primary.podSecurityContext.enabled }} - securityContext: {{- omit .Values.primary.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.primary.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.primary.terminationGracePeriodSeconds }} - {{- end }} - initContainers: - {{- if and .Values.primary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.primary.persistence.enabled }} - - name: volume-permissions - image: {{ include "mysql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - mkdir -p "/bitnami/mysql" - chown "{{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }}" "/bitnami/mysql" - find "/bitnami/mysql" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R "{{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }}" - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: /bitnami/mysql - {{- if .Values.primary.persistence.subPath }} - subPath: {{ .Values.primary.persistence.subPath }} - {{- end }} - {{- end }} - {{- if .Values.primary.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: mysql - image: {{ include "mysql.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.primary.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.primary.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.primary.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.primary.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.primary.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.primary.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.primary.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.primary.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - {{- if .Values.auth.usePasswordFiles }} - - name: MYSQL_ROOT_PASSWORD_FILE - value: {{ default "/opt/bitnami/mysql/secrets/mysql-root-password" .Values.auth.customPasswordFiles.root }} - {{- else }} - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-root-password - {{- end }} - {{- if not (empty .Values.auth.username) }} - - name: MYSQL_USER - value: {{ .Values.auth.username | quote }} - {{- if .Values.auth.usePasswordFiles }} - - name: MYSQL_PASSWORD_FILE - value: {{ default "/opt/bitnami/mysql/secrets/mysql-password" .Values.auth.customPasswordFiles.user }} - {{- else }} - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-password - {{- end }} - {{- end }} - {{- if and .Values.auth.createDatabase .Values.auth.database }} - - name: MYSQL_DATABASE - value: {{ .Values.auth.database | quote }} - {{- end }} - {{- if eq .Values.architecture "replication" }} - - name: MYSQL_REPLICATION_MODE - value: "master" - - name: MYSQL_REPLICATION_USER - value: {{ .Values.auth.replicationUser | quote }} - {{- if .Values.auth.usePasswordFiles }} - - name: MYSQL_REPLICATION_PASSWORD_FILE - value: {{ default "/opt/bitnami/mysql/secrets/mysql-replication-password" .Values.auth.customPasswordFiles.replicator }} - {{- else }} - - name: MYSQL_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-replication-password - {{- end }} - {{- end }} - {{- if .Values.primary.extraFlags }} - - name: MYSQL_EXTRA_FLAGS - value: "{{ .Values.primary.extraFlags }}" - {{- end }} - {{- if .Values.primary.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.primary.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.primary.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.primary.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.primary.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - name: mysql - containerPort: 3306 - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.primary.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.primary.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.primary.livenessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -p"${password_aux}" - {{- end }} - {{- if .Values.primary.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.primary.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.primary.readinessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -p"${password_aux}" - {{- end }} - {{- if .Values.primary.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.primary.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.primary.startupProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -p"${password_aux}" - {{- end }} - {{- end }} - {{- if .Values.primary.resources }} - resources: {{ toYaml .Values.primary.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: /bitnami/mysql - {{- if .Values.primary.persistence.subPath }} - subPath: {{ .Values.primary.persistence.subPath }} - {{- end }} - {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d - {{- end }} - {{- if or .Values.primary.configuration .Values.primary.existingConfigmap }} - - name: config - mountPath: /opt/bitnami/mysql/conf/my.cnf - subPath: my.cnf - {{- end }} - {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} - - name: mysql-credentials - mountPath: /opt/bitnami/mysql/secrets/ - {{- end }} - {{- if .Values.primary.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ include "mysql.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - env: - {{- if .Values.auth.usePasswordFiles }} - - name: MYSQL_ROOT_PASSWORD_FILE - value: {{ default "/opt/bitnami/mysqld-exporter/secrets/mysql-root-password" .Values.auth.customPasswordFiles.root }} - {{- else }} - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mysql.secretName" . }} - key: mysql-root-password - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - DATA_SOURCE_NAME="root:${password_aux}@(localhost:3306)/" /bin/mysqld_exporter {{- range .Values.metrics.extraArgs.primary }} {{ . }} {{- end }} - {{- end }} - ports: - - name: metrics - containerPort: 9104 - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.metrics.livenessProbe.enabled }} - livenessProbe: {{- omit .Values.metrics.livenessProbe "enabled" | toYaml | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- if .Values.metrics.readinessProbe.enabled }} - readinessProbe: {{- omit .Values.metrics.readinessProbe "enabled" | toYaml | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} - volumeMounts: - - name: mysql-credentials - mountPath: /opt/bitnami/mysqld-exporter/secrets/ - {{- end }} - {{- end }} - {{- if .Values.primary.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if or .Values.primary.configuration .Values.primary.existingConfigmap }} - - name: config - configMap: - name: {{ include "mysql.primary.configmapName" . }} - {{- end }} - {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - configMap: - name: {{ include "mysql.initdbScriptsCM" . }} - {{- end }} - {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} - - name: mysql-credentials - secret: - secretName: {{ include "mysql.secretName" . }} - items: - - key: mysql-root-password - path: mysql-root-password - - key: mysql-password - path: mysql-password - {{- if eq .Values.architecture "replication" }} - - key: mysql-replication-password - path: mysql-replication-password - {{- end }} - {{- end }} - {{- if .Values.primary.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.primary.persistence.enabled .Values.primary.persistence.existingClaim }} - - name: data - persistentVolumeClaim: - claimName: {{ tpl .Values.primary.persistence.existingClaim . }} - {{- else if not .Values.primary.persistence.enabled }} - - name: data - emptyDir: {} - {{- else if and .Values.primary.persistence.enabled (not .Values.primary.persistence.existingClaim) }} - volumeClaimTemplates: - - metadata: - name: data - labels: {{ include "common.labels.matchLabels" . | nindent 10 }} - app.kubernetes.io/component: primary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 10 }} - {{- end }} - annotations: - {{- if .Values.primary.persistence.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.annotations "context" $) | nindent 10 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.primary.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.primary.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.primary.persistence "global" .Values.global) | nindent 8 }} - {{- if .Values.primary.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.selector "context" $) | nindent 10 }} - {{- end -}} - {{- end }} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/svc-headless.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/svc-headless.yaml deleted file mode 100644 index c430d94..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/svc-headless.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mysql.primary.fullname" . }}-headless - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: primary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.primary.service.headless.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.primary.service.headless.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.headless.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: mysql - port: {{ .Values.primary.service.ports.mysql }} - targetPort: mysql - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: primary diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/svc.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/svc.yaml deleted file mode 100644 index b61d453..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/primary/svc.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mysql.primary.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: primary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.primary.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.primary.service.annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.primary.service.type }} - {{- if and .Values.primary.service.clusterIP (eq .Values.primary.service.type "ClusterIP") }} - clusterIP: {{ .Values.primary.service.clusterIP }} - {{- end }} - {{- if .Values.primary.service.sessionAffinity }} - sessionAffinity: {{ .Values.primary.service.sessionAffinity }} - {{- end }} - {{- if .Values.primary.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - {{- if or (eq .Values.primary.service.type "LoadBalancer") (eq .Values.primary.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.primary.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if and (eq .Values.primary.service.type "LoadBalancer") (not (empty .Values.primary.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ .Values.primary.service.loadBalancerSourceRanges }} - {{- end }} - {{- if and (eq .Values.primary.service.type "LoadBalancer") (not (empty .Values.primary.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.primary.service.loadBalancerIP }} - {{- end }} - ports: - - name: mysql - port: {{ .Values.primary.service.ports.mysql }} - protocol: TCP - targetPort: mysql - {{- if (and (or (eq .Values.primary.service.type "NodePort") (eq .Values.primary.service.type "LoadBalancer")) .Values.primary.service.nodePorts.mysql) }} - nodePort: {{ .Values.primary.service.nodePorts.mysql }} - {{- else if eq .Values.primary.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.primary.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: primary diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/prometheusrule.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/prometheusrule.yaml deleted file mode 100644 index 64fa44f..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/prometheusrule.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: metrics - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.prometheusRule.additionalLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - groups: - - name: {{ include "common.names.fullname" . }} - rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 6 }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/role.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/role.yaml deleted file mode 100644 index 1ccc00a..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/role.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and .Values.serviceAccount.create .Values.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - {{- if .Values.rbac.rules }} - {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/rolebinding.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/rolebinding.yaml deleted file mode 100644 index 9b05208..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.serviceAccount.create .Values.rbac.create }} -kind: RoleBinding -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -subjects: - - kind: ServiceAccount - name: {{ include "mysql.serviceAccountName" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "common.names.fullname" . -}} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secondary/configmap.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secondary/configmap.yaml deleted file mode 100644 index c94724f..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secondary/configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if (include "mysql.secondary.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "mysql.secondary.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: secondary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - my.cnf: |- - {{- include "common.tplvalues.render" ( dict "value" .Values.secondary.configuration "context" $ ) | nindent 4 }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secondary/pdb.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secondary/pdb.yaml deleted file mode 100644 index b4a5aee..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secondary/pdb.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and (eq .Values.architecture "replication") .Values.secondary.pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ include "mysql.secondary.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: secondary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.secondary.pdb.minAvailable }} - minAvailable: {{ .Values.secondary.pdb.minAvailable }} - {{- end }} - {{- if .Values.secondary.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.secondary.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: secondary -{{- end }} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secondary/statefulset.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secondary/statefulset.yaml deleted file mode 100644 index 5696534..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secondary/statefulset.yaml +++ /dev/null @@ -1,360 +0,0 @@ -{{- if eq .Values.architecture "replication" }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ include "mysql.secondary.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: secondary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.secondary.replicaCount }} - podManagementPolicy: {{ .Values.secondary.podManagementPolicy | quote }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: secondary - serviceName: {{ include "mysql.secondary.fullname" . }} - {{- if .Values.secondary.updateStrategy }} - updateStrategy: {{- toYaml .Values.secondary.updateStrategy | nindent 4 }} - {{- end }} - template: - metadata: - annotations: - {{- if (include "mysql.secondary.createConfigmap" .) }} - checksum/configuration: {{ include (print $.Template.BasePath "/secondary/configmap.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.secondary.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.secondary.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: secondary - {{- if .Values.secondary.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.secondary.podLabels "context" $ ) | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ include "mysql.serviceAccountName" . }} - {{- include "mysql.imagePullSecrets" . | nindent 6 }} - {{- if .Values.secondary.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.secondary.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.secondary.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.secondary.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.secondary.nodeAffinityPreset.type "key" .Values.secondary.nodeAffinityPreset.key "values" .Values.secondary.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.secondary.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.secondary.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.secondary.priorityClassName }} - priorityClassName: {{ .Values.secondary.priorityClassName | quote }} - {{- end }} - {{- if .Values.secondary.schedulerName }} - schedulerName: {{ .Values.secondary.schedulerName | quote }} - {{- end }} - {{- if .Values.secondary.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.secondary.podSecurityContext.enabled }} - securityContext: {{- omit .Values.secondary.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.secondary.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.secondary.terminationGracePeriodSeconds }} - {{- end }} - initContainers: - {{- if and .Values.secondary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.secondary.persistence.enabled }} - - name: volume-permissions - image: {{ include "mysql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - mkdir -p "/bitnami/mysql" - chown "{{ .Values.secondary.containerSecurityContext.runAsUser }}:{{ .Values.secondary.podSecurityContext.fsGroup }}" "/bitnami/mysql" - find "/bitnami/mysql" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R "{{ .Values.secondary.containerSecurityContext.runAsUser }}:{{ .Values.secondary.podSecurityContext.fsGroup }}" - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: /bitnami/mysql - {{- if .Values.secondary.persistence.subPath }} - subPath: {{ .Values.secondary.persistence.subPath }} - {{- end }} - {{- end }} - {{- if .Values.secondary.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.secondary.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: mysql - image: {{ include "mysql.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.secondary.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.secondary.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.secondary.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.secondary.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.secondary.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: MYSQL_REPLICATION_MODE - value: "slave" - - name: MYSQL_MASTER_HOST - value: {{ include "mysql.primary.fullname" . }} - - name: MYSQL_MASTER_PORT_NUMBER - value: {{ .Values.primary.service.ports.mysql | quote }} - - name: MYSQL_MASTER_ROOT_USER - value: "root" - - name: MYSQL_REPLICATION_USER - value: {{ .Values.auth.replicationUser | quote }} - {{- if .Values.auth.usePasswordFiles }} - - name: MYSQL_MASTER_ROOT_PASSWORD_FILE - value: {{ default "/opt/bitnami/mysql/secrets/mysql-root-password" .Values.auth.customPasswordFiles.root }} - - name: MYSQL_REPLICATION_PASSWORD_FILE - value: {{ default "/opt/bitnami/mysql/secrets/mysql-replication-password" .Values.auth.customPasswordFiles.replicator }} - {{- else }} - - name: MYSQL_MASTER_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-root-password - - name: MYSQL_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-replication-password - {{- end }} - {{- if .Values.secondary.extraFlags }} - - name: MYSQL_EXTRA_FLAGS - value: "{{ .Values.secondary.extraFlags }}" - {{- end }} - {{- if .Values.secondary.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.secondary.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.secondary.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.secondary.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.secondary.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.secondary.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - name: mysql - containerPort: 3306 - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.secondary.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.secondary.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.secondary.livenessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_MASTER_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_MASTER_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_MASTER_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -p"${password_aux}" - {{- end }} - {{- if .Values.secondary.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.secondary.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.secondary.readinessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_MASTER_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_MASTER_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_MASTER_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -p"${password_aux}" - {{- end }} - {{- if .Values.secondary.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.secondary.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.secondary.startupProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_MASTER_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_MASTER_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_MASTER_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -p"${password_aux}" - {{- end }} - {{- end }} - {{- if .Values.secondary.resources }} - resources: {{ toYaml .Values.secondary.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: /bitnami/mysql - {{- if .Values.secondary.persistence.subPath }} - subPath: {{ .Values.secondary.persistence.subPath }} - {{- end }} - {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d - {{- end }} - {{- if or .Values.secondary.configuration .Values.secondary.existingConfigmap }} - - name: config - mountPath: /opt/bitnami/mysql/conf/my.cnf - subPath: my.cnf - {{- end }} - {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} - - name: mysql-credentials - mountPath: /opt/bitnami/mysql/secrets/ - {{- end }} - {{- if .Values.secondary.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.secondary.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ include "mysql.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - env: - {{- if .Values.auth.usePasswordFiles }} - - name: MYSQL_ROOT_PASSWORD_FILE - value: {{ default "/opt/bitnami/mysqld-exporter/secrets/mysql-root-password" .Values.auth.customPasswordFiles.root }} - {{- else }} - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-root-password - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - DATA_SOURCE_NAME="root:${password_aux}@(localhost:3306)/" /bin/mysqld_exporter {{- range .Values.metrics.extraArgs.secondary }} {{ . }} {{- end }} - {{- end }} - ports: - - name: metrics - containerPort: 9104 - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.metrics.livenessProbe.enabled }} - livenessProbe: {{- omit .Values.metrics.livenessProbe "enabled" | toYaml | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- if .Values.metrics.readinessProbe.enabled }} - readinessProbe: {{- omit .Values.metrics.readinessProbe "enabled" | toYaml | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} - volumeMounts: - - name: mysql-credentials - mountPath: /opt/bitnami/mysqld-exporter/secrets/ - {{- end }} - {{- end }} - {{- if .Values.secondary.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.secondary.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - configMap: - name: {{ include "mysql.initdbScriptsCM" . }} - {{- end }} - {{- if or .Values.secondary.configuration .Values.secondary.existingConfigmap }} - - name: config - configMap: - name: {{ include "mysql.secondary.configmapName" . }} - {{- end }} - {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} - - name: mysql-credentials - secret: - secretName: {{ template "mysql.secretName" . }} - items: - - key: mysql-root-password - path: mysql-root-password - - key: mysql-replication-password - path: mysql-replication-password - {{- end }} - {{- if .Values.secondary.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.secondary.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.secondary.persistence.enabled .Values.secondary.persistence.existingClaim }} - - name: data - persistentVolumeClaim: - claimName: {{ tpl .Values.secondary.persistence.existingClaim . }} - {{- else if not .Values.secondary.persistence.enabled }} - - name: data - emptyDir: {} - {{- else }} - volumeClaimTemplates: - - metadata: - name: data - labels: {{ include "common.labels.matchLabels" . | nindent 10 }} - app.kubernetes.io/component: secondary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 10 }} - {{- end }} - annotations: - {{- if .Values.secondary.persistence.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.secondary.persistence.annotations "context" $) | nindent 10 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.secondary.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.secondary.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.secondary.persistence "global" .Values.global) | nindent 8 }} - {{- if .Values.secondary.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.persistence.selector "context" $) | nindent 10 }} - {{- end -}} - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secondary/svc-headless.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secondary/svc-headless.yaml deleted file mode 100644 index 44cfa4a..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secondary/svc-headless.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- if eq .Values.architecture "replication" }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mysql.secondary.fullname" . }}-headless - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: secondary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.secondary.service.headless.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.secondary.service.headless.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.secondary.service.headless.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: mysql - port: {{ .Values.secondary.service.ports.mysql }} - targetPort: mysql - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: secondary -{{- end }} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secondary/svc.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secondary/svc.yaml deleted file mode 100644 index e6e662c..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secondary/svc.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if eq .Values.architecture "replication" }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mysql.secondary.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: secondary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.secondary.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.secondary.service.annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.secondary.service.type }} - {{- if and .Values.secondary.service.clusterIP (eq .Values.secondary.service.type "ClusterIP") }} - clusterIP: {{ .Values.secondary.service.clusterIP }} - {{- end }} - {{- if .Values.secondary.service.sessionAffinity }} - sessionAffinity: {{ .Values.secondary.service.sessionAffinity }} - {{- end }} - {{- if .Values.secondary.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - {{- if or (eq .Values.secondary.service.type "LoadBalancer") (eq .Values.secondary.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.secondary.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if and (eq .Values.secondary.service.type "LoadBalancer") (not (empty .Values.secondary.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ .Values.secondary.service.loadBalancerSourceRanges }} - {{- end }} - {{- if and (eq .Values.secondary.service.type "LoadBalancer") (not (empty .Values.secondary.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.secondary.service.loadBalancerIP }} - {{- end }} - ports: - - name: mysql - port: {{ .Values.secondary.service.ports.mysql }} - protocol: TCP - targetPort: mysql - {{- if (and (or (eq .Values.secondary.service.type "NodePort") (eq .Values.secondary.service.type "LoadBalancer")) .Values.secondary.service.nodePorts.mysql) }} - nodePort: {{ .Values.secondary.service.nodePorts.mysql }} - {{- else if eq .Values.secondary.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.secondary.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.secondary.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: secondary -{{- end }} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secrets.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secrets.yaml deleted file mode 100644 index 6da5327..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/secrets.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if eq (include "mysql.createSecret" .) "true" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - mysql-root-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "mysql-root-password" "length" 10 "providedValues" (list "auth.rootPassword") "context" $) }} - mysql-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "mysql-password" "length" 10 "providedValues" (list "auth.password") "context" $) }} - {{- if eq .Values.architecture "replication" }} - mysql-replication-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "mysql-replication-password" "length" 10 "providedValues" (list "auth.replicationPassword") "context" $) }} - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/serviceaccount.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/serviceaccount.yaml deleted file mode 100644 index 5044961..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/serviceaccount.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "mysql.serviceAccountName" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.serviceAccount.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -{{- if (not .Values.auth.customPasswordFiles) }} -secrets: - - name: {{ template "mysql.secretName" . }} -{{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/servicemonitor.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/servicemonitor.yaml deleted file mode 100644 index 47a9dad..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/templates/servicemonitor.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.labels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }} - endpoints: - - port: metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ include "common.names.namespace" . | quote }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: metrics - {{- if .Values.metrics.serviceMonitor.selector }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/values.schema.json b/source/src/main/java/io/wdd/source/mysql-9.4.3/values.schema.json deleted file mode 100644 index df59156..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/values.schema.json +++ /dev/null @@ -1,195 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "architecture": { - "type": "string", - "title": "MySQL architecture", - "form": true, - "description": "Allowed values: `standalone` or `replication`", - "enum": ["standalone", "replication"] - }, - "auth": { - "type": "object", - "title": "Authentication configuration", - "form": true, - "required": ["username", "password"], - "if": { - "properties": { - "createDatabase": { "enum": [ true ] } - } - }, - "then": { - "properties": { - "database": { - "pattern": "[a-zA-Z0-9]{1,64}" - } - } - }, - "properties": { - "rootPassword": { - "type": "string", - "title": "MySQL root password", - "description": "Defaults to a random 10-character alphanumeric string if not set" - }, - "database": { - "type": "string", - "title": "MySQL custom database name", - "maxLength": 64 - }, - "username": { - "type": "string", - "title": "MySQL custom username" - }, - "password": { - "type": "string", - "title": "MySQL custom password" - }, - "replicationUser": { - "type": "string", - "title": "MySQL replication username" - }, - "replicationPassword": { - "type": "string", - "title": "MySQL replication password" - }, - "createDatabase": { - "type": "boolean", - "title": "MySQL create custom database" - } - } - }, - "primary": { - "type": "object", - "title": "Primary database configuration", - "form": true, - "properties": { - "podSecurityContext": { - "type": "object", - "title": "MySQL primary Pod security context", - "properties": { - "enabled": { - "type": "boolean", - "default": false - }, - "fsGroup": { - "type": "integer", - "default": 1001, - "hidden": { - "value": false, - "path": "primary/podSecurityContext/enabled" - } - } - } - }, - "containerSecurityContext": { - "type": "object", - "title": "MySQL primary container security context", - "properties": { - "enabled": { - "type": "boolean", - "default": false - }, - "runAsUser": { - "type": "integer", - "default": 1001, - "hidden": { - "value": false, - "path": "primary/containerSecurityContext/enabled" - } - } - } - }, - "persistence": { - "type": "object", - "title": "Enable persistence using Persistent Volume Claims", - "properties": { - "enabled": { - "type": "boolean", - "default": true, - "title": "If true, use a Persistent Volume Claim, If false, use emptyDir" - }, - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderUnit": "Gi", - "hidden": { - "value": false, - "path": "primary/persistence/enabled" - } - } - } - } - } - }, - "secondary": { - "type": "object", - "title": "Secondary database configuration", - "form": true, - "properties": { - "podSecurityContext": { - "type": "object", - "title": "MySQL secondary Pod security context", - "properties": { - "enabled": { - "type": "boolean", - "default": false - }, - "fsGroup": { - "type": "integer", - "default": 1001, - "hidden": { - "value": false, - "path": "secondary/podSecurityContext/enabled" - } - } - } - }, - "containerSecurityContext": { - "type": "object", - "title": "MySQL secondary container security context", - "properties": { - "enabled": { - "type": "boolean", - "default": false - }, - "runAsUser": { - "type": "integer", - "default": 1001, - "hidden": { - "value": false, - "path": "secondary/containerSecurityContext/enabled" - } - } - } - }, - "persistence": { - "type": "object", - "title": "Enable persistence using Persistent Volume Claims", - "properties": { - "enabled": { - "type": "boolean", - "default": true, - "title": "If true, use a Persistent Volume Claim, If false, use emptyDir" - }, - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderUnit": "Gi", - "hidden": { - "value": false, - "path": "secondary/persistence/enabled" - } - } - } - } - } - } - } -} diff --git a/source/src/main/java/io/wdd/source/mysql-9.4.3/values.yaml b/source/src/main/java/io/wdd/source/mysql-9.4.3/values.yaml deleted file mode 100644 index 9e90ff2..0000000 --- a/source/src/main/java/io/wdd/source/mysql-9.4.3/values.yaml +++ /dev/null @@ -1,1203 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: "" -## @param namespaceOverride String to fully override common.names.namespace -## -namespaceOverride: "" -## @param clusterDomain Cluster domain -## -clusterDomain: cluster.local -## @param commonAnnotations Common annotations to add to all MySQL resources (sub-charts are not considered). Evaluated as a template -## -commonAnnotations: {} -## @param commonLabels Common labels to add to all MySQL resources (sub-charts are not considered). Evaluated as a template -## -commonLabels: {} -## @param extraDeploy Array with extra yaml to deploy with the chart. Evaluated as a template -## -extraDeploy: [] - -## Enable diagnostic mode in the deployment -## -diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the deployment - ## - args: - - infinity - -## @section MySQL common parameters - -## Bitnami MySQL image -## ref: https://hub.docker.com/r/bitnami/mysql/tags/ -## @param image.registry MySQL image registry -## @param image.repository MySQL image repository -## @param image.tag MySQL image tag (immutable tags are recommended) -## @param image.digest MySQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag -## @param image.pullPolicy MySQL image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Specify if debug logs should be enabled -## -image: - registry: docker.io - repository: bitnami/mysql - tag: 8.0.31-debian-11-r10 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## It turns BASH and/or NAMI debugging in the image - ## - debug: false -## @param architecture MySQL architecture (`standalone` or `replication`) -## -architecture: standalone -## MySQL Authentication parameters -## -auth: - ## @param auth.rootPassword Password for the `root` user. Ignored if existing secret is provided - ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mysql#setting-the-root-password-on-first-run - ## - rootPassword: "boge14@Level5" - ## @param auth.createDatabase Wheter to create the .Values.auth.database or not - ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mysql#creating-a-database-on-first-run - ## - createDatabase: true - ## @param auth.database Name for a custom database to create - ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mysql#creating-a-database-on-first-run - ## - database: "serverInfo" - ## @param auth.username Name for a custom user to create - ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mysql#creating-a-database-user-on-first-run - ## - username: "wdd" - ## @param auth.password Password for the new user. Ignored if existing secret is provided - ## - password: "SuperWdd.233" - ## @param auth.replicationUser MySQL replication user - ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mysql#setting-up-a-replication-cluster - ## - replicationUser: replicator - ## @param auth.replicationPassword MySQL replication user password. Ignored if existing secret is provided - ## - replicationPassword: "" - ## @param auth.existingSecret Use existing secret for password details. The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password` - ## NOTE: When it's set the auth.rootPassword, auth.password, auth.replicationPassword are ignored. - ## - existingSecret: "" - ## @param auth.usePasswordFiles Mount credentials as files instead of using an environment variable - ## - usePasswordFiles: false - ## @param auth.customPasswordFiles Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` - ## Example: - ## customPasswordFiles: - ## root: /vault/secrets/mysql-root - ## user: /vault/secrets/mysql-user - ## replicator: /vault/secrets/mysql-replicator - ## - customPasswordFiles: {} -## @param initdbScripts Dictionary of initdb scripts -## Specify dictionary of scripts to be run at first boot -## Example: -## initdbScripts: -## my_init_script.sh: | -## #!/bin/bash -## echo "Do something." -## -initdbScripts: {} -## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) -## -initdbScriptsConfigMap: "" - -## @section MySQL Primary parameters - -primary: - ## @param primary.name Name of the primary database (eg primary, master, leader, ...) - ## - name: master - ## @param primary.command Override default container command on MySQL Primary container(s) (useful when using custom images) - ## - command: [] - ## @param primary.args Override default container args on MySQL Primary container(s) (useful when using custom images) - ## - args: [] - ## @param primary.lifecycleHooks for the MySQL Primary container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param primary.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param primary.configuration [string] Configure MySQL Primary with a custom my.cnf file - ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file - ## - configuration: |- - [mysqld] - default_authentication_plugin=mysql_native_password - skip-name-resolve - explicit_defaults_for_timestamp - basedir=/opt/bitnami/mysql - plugin_dir=/opt/bitnami/mysql/lib/plugin - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - datadir=/bitnami/mysql/data - tmpdir=/opt/bitnami/mysql/tmp - max_allowed_packet=16M - bind-address=* - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - log-error=/opt/bitnami/mysql/logs/mysqld.log - character-set-server=UTF8 - collation-server=utf8_general_ci - slow_query_log=0 - slow_query_log_file=/opt/bitnami/mysql/logs/mysqld.log - long_query_time=10.0 - - [client] - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - default-character-set=UTF8 - plugin_dir=/opt/bitnami/mysql/lib/plugin - - [manager] - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - ## @param primary.existingConfigmap Name of existing ConfigMap with MySQL Primary configuration. - ## NOTE: When it's set the 'configuration' parameter is ignored - ## - existingConfigmap: "" - ## @param primary.updateStrategy.type Update strategy type for the MySQL primary statefulset - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - type: RollingUpdate - ## @param primary.podAnnotations Additional pod annotations for MySQL primary pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param primary.podAffinityPreset MySQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param primary.podAntiAffinityPreset MySQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## MySQL Primary node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param primary.nodeAffinityPreset.type MySQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param primary.nodeAffinityPreset.key MySQL primary node label key to match Ignored if `primary.affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param primary.nodeAffinityPreset.values MySQL primary node label values to match. Ignored if `primary.affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param primary.affinity Affinity for MySQL primary pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param primary.nodeSelector Node labels for MySQL primary pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param primary.tolerations Tolerations for MySQL primary pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param primary.priorityClassName MySQL primary pods' priorityClassName - ## - priorityClassName: "" - ## @param primary.schedulerName Name of the k8s scheduler (other than default) - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param primary.terminationGracePeriodSeconds In seconds, time the given to the MySQL primary pod needs to terminate gracefully - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods - ## - terminationGracePeriodSeconds: "" - ## @param primary.topologySpreadConstraints Topology Spread Constraints for pod assignment - ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## The value is evaluated as a template - ## - topologySpreadConstraints: [] - ## @param primary.podManagementPolicy podManagementPolicy to manage scaling operation of MySQL primary pods - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies - ## - podManagementPolicy: "" - ## MySQL primary Pod security context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param primary.podSecurityContext.enabled Enable security context for MySQL primary pods - ## @param primary.podSecurityContext.fsGroup Group ID for the mounted volumes' filesystem - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## MySQL primary container security context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param primary.containerSecurityContext.enabled MySQL primary container securityContext - ## @param primary.containerSecurityContext.runAsUser User ID for the MySQL primary container - ## @param primary.containerSecurityContext.runAsNonRoot Set MySQL primary container's Security Context runAsNonRoot - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - ## MySQL primary container's resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param primary.resources.limits The resources limits for MySQL primary containers - ## @param primary.resources.requests The requested resources for MySQL primary containers - ## - resources: - ## Example: - ## limits: - ## cpu: 250m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} - ## Configure extra options for liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param primary.livenessProbe.enabled Enable livenessProbe - ## @param primary.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param primary.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param primary.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param primary.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param primary.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - ## Configure extra options for readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param primary.readinessProbe.enabled Enable readinessProbe - ## @param primary.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param primary.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param primary.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param primary.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param primary.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - ## Configure extra options for startupProbe probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param primary.startupProbe.enabled Enable startupProbe - ## @param primary.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param primary.startupProbe.periodSeconds Period seconds for startupProbe - ## @param primary.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param primary.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param primary.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: true - initialDelaySeconds: 15 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 10 - successThreshold: 1 - ## @param primary.customLivenessProbe Override default liveness probe for MySQL primary containers - ## - customLivenessProbe: {} - ## @param primary.customReadinessProbe Override default readiness probe for MySQL primary containers - ## - customReadinessProbe: {} - ## @param primary.customStartupProbe Override default startup probe for MySQL primary containers - ## - customStartupProbe: {} - ## @param primary.extraFlags MySQL primary additional command line flags - ## Can be used to specify command line flags, for example: - ## E.g. - ## extraFlags: "--max-connect-errors=1000 --max_connections=155" - ## - extraFlags: "" - ## @param primary.extraEnvVars Extra environment variables to be set on MySQL primary containers - ## E.g. - ## extraEnvVars: - ## - name: TZ - ## value: "Europe/Paris" - ## - extraEnvVars: [] - ## @param primary.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for MySQL primary containers - ## - extraEnvVarsCM: "" - ## @param primary.extraEnvVarsSecret Name of existing Secret containing extra env vars for MySQL primary containers - ## - extraEnvVarsSecret: "" - ## Enable persistence using Persistent Volume Claims - ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir - ## - enabled: true - ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas - ## NOTE: When it's set the rest of persistence parameters are ignored - ## - existingClaim: "" - ## @param primary.persistence.subPath The name of a volume's sub path to mount for persistence - ## - subPath: "" - ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param primary.persistence.annotations MySQL primary persistent volume claim annotations - ## - annotations: {} - ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes - ## - accessModes: - - ReadWriteOnce - ## @param primary.persistence.size MySQL primary persistent volume size - ## - size: 8Gi - ## @param primary.persistence.selector Selector to match an existing Persistent Volume - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @param primary.extraVolumes Optionally specify extra list of additional volumes to the MySQL Primary pod(s) - ## - extraVolumes: [] - ## @param primary.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MySQL Primary container(s) - ## - extraVolumeMounts: [] - ## @param primary.initContainers Add additional init containers for the MySQL Primary pod(s) - ## - initContainers: [] - ## @param primary.sidecars Add additional sidecar containers for the MySQL Primary pod(s) - ## - sidecars: [] - ## MySQL Primary Service parameters - ## - service: - ## @param primary.service.type MySQL Primary K8s service type - ## - type: NodePort - ## @param primary.service.ports.mysql MySQL Primary K8s service port - ## - ports: - mysql: 3306 - ## @param primary.service.nodePorts.mysql MySQL Primary K8s service node port - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePorts: - mysql: "33306" - ## @param primary.service.clusterIP MySQL Primary K8s service clusterIP IP - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - ## @param primary.service.loadBalancerIP MySQL Primary loadBalancerIP if service type is `LoadBalancer` - ## Set the LoadBalancer service type to internal only - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param primary.service.externalTrafficPolicy Enable client source IP preservation - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param primary.service.loadBalancerSourceRanges Addresses that are allowed when MySQL Primary service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## E.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param primary.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param primary.service.annotations Additional custom annotations for MySQL primary service - ## - annotations: {} - ## @param primary.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## - sessionAffinity: None - ## @param primary.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## Headless service properties - ## - headless: - ## @param primary.service.headless.annotations Additional custom annotations for headless MySQL primary service. - ## - annotations: {} - - ## MySQL primary Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - ## @param primary.pdb.create Enable/disable a Pod Disruption Budget creation for MySQL primary pods - ## - create: false - ## @param primary.pdb.minAvailable Minimum number/percentage of MySQL primary pods that should remain scheduled - ## - minAvailable: 1 - ## @param primary.pdb.maxUnavailable Maximum number/percentage of MySQL primary pods that may be made unavailable - ## - maxUnavailable: "" - ## @param primary.podLabels MySQL Primary pod label. If labels are same as commonLabels , this will take precedence - ## - podLabels: {} - -## @section MySQL Secondary parameters - -secondary: - ## @param secondary.name Name of the secondary database (eg secondary, slave, ...) - ## - name: slave - ## @param secondary.replicaCount Number of MySQL secondary replicas - ## - replicaCount: 0 - ## @param secondary.hostAliases Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param secondary.command Override default container command on MySQL Secondary container(s) (useful when using custom images) - ## - command: [] - ## @param secondary.args Override default container args on MySQL Secondary container(s) (useful when using custom images) - ## - args: [] - ## @param secondary.lifecycleHooks for the MySQL Secondary container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param secondary.configuration [string] Configure MySQL Secondary with a custom my.cnf file - ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file - ## - configuration: |- - [mysqld] - default_authentication_plugin=mysql_native_password - skip-name-resolve - explicit_defaults_for_timestamp - basedir=/opt/bitnami/mysql - plugin_dir=/opt/bitnami/mysql/lib/plugin - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - datadir=/bitnami/mysql/data - tmpdir=/opt/bitnami/mysql/tmp - max_allowed_packet=16M - bind-address=* - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - log-error=/opt/bitnami/mysql/logs/mysqld.log - character-set-server=UTF8 - collation-server=utf8_general_ci - slow_query_log=0 - slow_query_log_file=/opt/bitnami/mysql/logs/mysqld.log - long_query_time=10.0 - - [client] - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - default-character-set=UTF8 - plugin_dir=/opt/bitnami/mysql/lib/plugin - - [manager] - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - ## @param secondary.existingConfigmap Name of existing ConfigMap with MySQL Secondary configuration. - ## NOTE: When it's set the 'configuration' parameter is ignored - ## - existingConfigmap: "" - ## @param secondary.updateStrategy.type Update strategy type for the MySQL secondary statefulset - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - type: RollingUpdate - ## @param secondary.podAnnotations Additional pod annotations for MySQL secondary pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param secondary.podAffinityPreset MySQL secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param secondary.podAntiAffinityPreset MySQL secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard - ## - podAntiAffinityPreset: soft - ## MySQL Secondary node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param secondary.nodeAffinityPreset.type MySQL secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param secondary.nodeAffinityPreset.key MySQL secondary node label key to match Ignored if `secondary.affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param secondary.nodeAffinityPreset.values MySQL secondary node label values to match. Ignored if `secondary.affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param secondary.affinity Affinity for MySQL secondary pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param secondary.nodeSelector Node labels for MySQL secondary pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param secondary.tolerations Tolerations for MySQL secondary pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param secondary.priorityClassName MySQL secondary pods' priorityClassName - ## - priorityClassName: "" - ## @param secondary.schedulerName Name of the k8s scheduler (other than default) - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param secondary.terminationGracePeriodSeconds In seconds, time the given to the MySQL secondary pod needs to terminate gracefully - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods - ## - terminationGracePeriodSeconds: "" - ## @param secondary.topologySpreadConstraints Topology Spread Constraints for pod assignment - ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## The value is evaluated as a template - ## - topologySpreadConstraints: [] - ## @param secondary.podManagementPolicy podManagementPolicy to manage scaling operation of MySQL secondary pods - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies - ## - podManagementPolicy: "" - ## MySQL secondary Pod security context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param secondary.podSecurityContext.enabled Enable security context for MySQL secondary pods - ## @param secondary.podSecurityContext.fsGroup Group ID for the mounted volumes' filesystem - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## MySQL secondary container security context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param secondary.containerSecurityContext.enabled MySQL secondary container securityContext - ## @param secondary.containerSecurityContext.runAsUser User ID for the MySQL secondary container - ## @param secondary.containerSecurityContext.runAsNonRoot Set MySQL secondary container's Security Context runAsNonRoot - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - ## MySQL secondary container's resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param secondary.resources.limits The resources limits for MySQL secondary containers - ## @param secondary.resources.requests The requested resources for MySQL secondary containers - ## - resources: - ## Example: - ## limits: - ## cpu: 250m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} - ## Configure extra options for liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param secondary.livenessProbe.enabled Enable livenessProbe - ## @param secondary.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param secondary.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param secondary.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param secondary.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param secondary.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - ## Configure extra options for readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param secondary.readinessProbe.enabled Enable readinessProbe - ## @param secondary.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param secondary.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param secondary.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param secondary.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param secondary.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - ## Configure extra options for startupProbe probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param secondary.startupProbe.enabled Enable startupProbe - ## @param secondary.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param secondary.startupProbe.periodSeconds Period seconds for startupProbe - ## @param secondary.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param secondary.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param secondary.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: true - initialDelaySeconds: 15 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 15 - successThreshold: 1 - ## @param secondary.customLivenessProbe Override default liveness probe for MySQL secondary containers - ## - customLivenessProbe: {} - ## @param secondary.customReadinessProbe Override default readiness probe for MySQL secondary containers - ## - customReadinessProbe: {} - ## @param secondary.customStartupProbe Override default startup probe for MySQL secondary containers - ## - customStartupProbe: {} - ## @param secondary.extraFlags MySQL secondary additional command line flags - ## Can be used to specify command line flags, for example: - ## E.g. - ## extraFlags: "--max-connect-errors=1000 --max_connections=155" - ## - extraFlags: "" - ## @param secondary.extraEnvVars An array to add extra environment variables on MySQL secondary containers - ## E.g. - ## extraEnvVars: - ## - name: TZ - ## value: "Europe/Paris" - ## - extraEnvVars: [] - ## @param secondary.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for MySQL secondary containers - ## - extraEnvVarsCM: "" - ## @param secondary.extraEnvVarsSecret Name of existing Secret containing extra env vars for MySQL secondary containers - ## - extraEnvVarsSecret: "" - ## Enable persistence using Persistent Volume Claims - ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## @param secondary.persistence.enabled Enable persistence on MySQL secondary replicas using a `PersistentVolumeClaim` - ## - enabled: true - ## @param secondary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL secondary replicas - ## NOTE: When it's set the rest of persistence parameters are ignored - ## - existingClaim: "" - ## @param secondary.persistence.subPath The name of a volume's sub path to mount for persistence - ## - subPath: "" - ## @param secondary.persistence.storageClass MySQL secondary persistent volume storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "hostpath" - ## @param secondary.persistence.annotations MySQL secondary persistent volume claim annotations - ## - annotations: {} - ## @param secondary.persistence.accessModes MySQL secondary persistent volume access Modes - ## - accessModes: - - ReadWriteOnce - ## @param secondary.persistence.size MySQL secondary persistent volume size - ## - size: 8Gi - ## @param secondary.persistence.selector Selector to match an existing Persistent Volume - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @param secondary.extraVolumes Optionally specify extra list of additional volumes to the MySQL secondary pod(s) - ## - extraVolumes: [] - ## @param secondary.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MySQL secondary container(s) - ## - extraVolumeMounts: [] - ## @param secondary.initContainers Add additional init containers for the MySQL secondary pod(s) - ## - initContainers: [] - ## @param secondary.sidecars Add additional sidecar containers for the MySQL secondary pod(s) - ## - sidecars: [] - ## MySQL Secondary Service parameters - ##s - - service: - ## @param secondary.service.type MySQL secondary Kubernetes service type - ## - type: NodePort - ## @param secondary.service.ports.mysql MySQL secondary Kubernetes service port - ## - ports: - mysql: 3306 - ## @param secondary.service.nodePorts.mysql MySQL secondary Kubernetes service node port - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePorts: - mysql: "33306" - ## @param secondary.service.clusterIP MySQL secondary Kubernetes service clusterIP IP - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - ## @param secondary.service.loadBalancerIP MySQL secondary loadBalancerIP if service type is `LoadBalancer` - ## Set the LoadBalancer service type to internal only - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param secondary.service.externalTrafficPolicy Enable client source IP preservation - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param secondary.service.loadBalancerSourceRanges Addresses that are allowed when MySQL secondary service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## E.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param secondary.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param secondary.service.annotations Additional custom annotations for MySQL secondary service - ## - annotations: {} - ## @param secondary.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## - sessionAffinity: None - ## @param secondary.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## Headless service properties - ## - headless: - ## @param secondary.service.headless.annotations Additional custom annotations for headless MySQL secondary service. - ## - annotations: {} - - ## MySQL secondary Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - ## @param secondary.pdb.create Enable/disable a Pod Disruption Budget creation for MySQL secondary pods - ## - create: false - ## @param secondary.pdb.minAvailable Minimum number/percentage of MySQL secondary pods that should remain scheduled - ## - minAvailable: 1 - ## @param secondary.pdb.maxUnavailable Maximum number/percentage of MySQL secondary pods that may be made unavailable - ## - maxUnavailable: "" - ## @param secondary.podLabels Additional pod labels for MySQL secondary pods - ## - podLabels: {} - -## @section RBAC parameters - -## MySQL pods ServiceAccount -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## -serviceAccount: - ## @param serviceAccount.create Enable the creation of a ServiceAccount for MySQL pods - ## - create: true - ## @param serviceAccount.name Name of the created ServiceAccount - ## If not set and create is true, a name is generated using the mysql.fullname template - ## - name: "" - ## @param serviceAccount.annotations Annotations for MySQL Service Account - ## - annotations: {} - ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account - ## - automountServiceAccountToken: true - -## Role Based Access -## ref: https://kubernetes.io/docs/admin/authorization/rbac/ -## -rbac: - ## @param rbac.create Whether to create & use RBAC resources or not - ## - create: false - ## @param rbac.rules Custom RBAC rules to set - ## e.g: - ## rules: - ## - apiGroups: - ## - "" - ## resources: - ## - pods - ## verbs: - ## - get - ## - list - ## - rules: [] - -## @section Network Policy - -## MySQL Nework Policy configuration -## -networkPolicy: - ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources - ## - enabled: false - ## @param networkPolicy.allowExternal The Policy model to apply. - ## When set to false, only pods with the correct - ## client label will have network access to the port MySQL is listening - ## on. When true, MySQL will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed to MySQL - ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - ## - explicitNamespacesSelector: {} - -## @section Volume Permissions parameters - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image repository - ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) - ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 11-debian-11-r50 - digest: "" - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param volumePermissions.resources Init container volume-permissions resources - ## - resources: {} - -## @section Metrics parameters - -## Mysqld Prometheus exporter parameters -## -metrics: - ## @param metrics.enabled Start a side-car prometheus exporter - ## - enabled: false - ## @param metrics.image.registry Exporter image registry - ## @param metrics.image.repository Exporter image repository - ## @param metrics.image.tag Exporter image tag (immutable tags are recommended) - ## @param metrics.image.digest Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param metrics.image.pullPolicy Exporter image pull policy - ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/mysqld-exporter - tag: 0.14.0-debian-11-r55 - digest: "" - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## MySQL Prometheus exporter service parameters - ## Mysqld Prometheus exporter liveness and readiness probes - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param metrics.service.type Kubernetes service type for MySQL Prometheus Exporter - ## @param metrics.service.port MySQL Prometheus Exporter service port - ## @param metrics.service.annotations [object] Prometheus exporter service annotations - ## - service: - type: ClusterIP - port: 9104 - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.metrics.service.port }}" - ## @param metrics.extraArgs.primary Extra args to be passed to mysqld_exporter on Primary pods - ## @param metrics.extraArgs.secondary Extra args to be passed to mysqld_exporter on Secondary pods - ## ref: https://github.com/prometheus/mysqld_exporter/ - ## E.g. - ## - --collect.auto_increment.columns - ## - --collect.binlog_size - ## - --collect.engine_innodb_status - ## - --collect.engine_tokudb_status - ## - --collect.global_status - ## - --collect.global_variables - ## - --collect.info_schema.clientstats - ## - --collect.info_schema.innodb_metrics - ## - --collect.info_schema.innodb_tablespaces - ## - --collect.info_schema.innodb_cmp - ## - --collect.info_schema.innodb_cmpmem - ## - --collect.info_schema.processlist - ## - --collect.info_schema.processlist.min_time - ## - --collect.info_schema.query_response_time - ## - --collect.info_schema.tables - ## - --collect.info_schema.tables.databases - ## - --collect.info_schema.tablestats - ## - --collect.info_schema.userstats - ## - --collect.perf_schema.eventsstatements - ## - --collect.perf_schema.eventsstatements.digest_text_limit - ## - --collect.perf_schema.eventsstatements.limit - ## - --collect.perf_schema.eventsstatements.timelimit - ## - --collect.perf_schema.eventswaits - ## - --collect.perf_schema.file_events - ## - --collect.perf_schema.file_instances - ## - --collect.perf_schema.indexiowaits - ## - --collect.perf_schema.tableiowaits - ## - --collect.perf_schema.tablelocks - ## - --collect.perf_schema.replication_group_member_stats - ## - --collect.slave_status - ## - --collect.slave_hosts - ## - --collect.heartbeat - ## - --collect.heartbeat.database - ## - --collect.heartbeat.table - ## - extraArgs: - primary: [] - secondary: [] - ## Mysqld Prometheus exporter resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param metrics.resources.limits The resources limits for MySQL prometheus exporter containers - ## @param metrics.resources.requests The requested resources for MySQL prometheus exporter containers - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 256Mi - requests: {} - ## Mysqld Prometheus exporter liveness probe - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param metrics.livenessProbe.enabled Enable livenessProbe - ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - ## Mysqld Prometheus exporter readiness probe - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param metrics.readinessProbe.enabled Enable readinessProbe - ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator - ## - enabled: false - ## @param metrics.serviceMonitor.namespace Specify the namespace in which the serviceMonitor resource will be created - ## - namespace: "" - ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. - ## - jobLabel: "" - ## @param metrics.serviceMonitor.interval Specify the interval at which metrics should be scraped - ## - interval: 30s - ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended - ## e.g: - ## scrapeTimeout: 30s - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig - ## - relabelings: [] - ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] - ## @param metrics.serviceMonitor.selector ServiceMonitor selector labels - ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration - ## - ## selector: - ## prometheus: my-prometheus - ## - selector: {} - ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## @param metrics.serviceMonitor.labels Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## - labels: {} - ## @param metrics.serviceMonitor.annotations ServiceMonitor annotations - ## - annotations: {} - - ## Prometheus Operator prometheusRule configuration - ## - prometheusRule: - ## @param metrics.prometheusRule.enabled Creates a Prometheus Operator prometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) - ## - enabled: false - ## @param metrics.prometheusRule.namespace Namespace for the prometheusRule Resource (defaults to the Release Namespace) - ## - namespace: "" - ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so prometheusRule will be discovered by Prometheus - ## - additionalLabels: {} - ## @param metrics.prometheusRule.rules Prometheus Rule definitions - ## - alert: Mysql-Down - ## expr: absent(up{job="mysql"} == 1) - ## for: 5m - ## labels: - ## severity: warning - ## service: mariadb - ## annotations: - ## message: 'MariaDB instance {{`{{`}} $labels.instance {{`}}`}} is down' - ## summary: MariaDB instance is down - ## - rules: [] diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/.github/workflows/lint-test.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/.github/workflows/lint-test.yaml deleted file mode 100644 index c82b30a..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/.github/workflows/lint-test.yaml +++ /dev/null @@ -1,35 +0,0 @@ -name: Lint and Test Charts - -on: pull_request - -jobs: - lint-test: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - - name: Set up Helm - uses: azure/setup-helm@v1 - with: - version: v3.7.2 - - - uses: actions/setup-python@v2 - with: - python-version: 3.7 - - - name: Set up chart-testing - uses: helm/chart-testing-action@v2.2.0 - - - name: Run chart-testing (lint) - run: ct lint --charts ./ - - - name: Create kind cluster - uses: helm/kind-action@v1.2.0 - - - name: Run chart-testing (install) - run: | - helm install test . --atomic --timeout 10m - helm test test|grep 'Phase:'|grep Succeeded diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/.helmignore b/source/src/main/java/io/wdd/source/nacos-2.1.2/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/Chart.lock b/source/src/main/java/io/wdd/source/nacos-2.1.2/Chart.lock deleted file mode 100644 index ccac61a..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.16.0 -- name: mysql - repository: https://charts.bitnami.com/bitnami - version: 8.9.6 -digest: sha256:c09de12ce9c0de62b0099d589caea3dad630f145d4fd39a1be445654384c251b -generated: "2022-07-08T02:49:22.471726316Z" diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/Chart.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/Chart.yaml deleted file mode 100644 index b372712..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v2 -appVersion: 2.1.0 -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -- condition: mysql.enabled - name: mysql - repository: https://charts.bitnami.com/bitnami - version: 8.x.x -description: Chart for nacos, an easy-to-use dynamic service discovery, configuration - and service management platform for building cloud native applications. -home: https://nacos.io -icon: https://nacos.io/img/nacos_colorful.png -keywords: -- nacos -- dynamic service discovery -- configuration and service management platform -maintainers: -- email: ygqygq2@qq.com - name: ygqygq2 -name: nacos -sources: -- https://github.com/alibaba/nacos -version: 2.1.2 diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/LICENSE b/source/src/main/java/io/wdd/source/nacos-2.1.2/LICENSE deleted file mode 100644 index f288702..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/LICENSE +++ /dev/null @@ -1,674 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The GNU General Public License is a free, copyleft license for -software and other kinds of works. - - The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -the GNU General Public License is intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains free -software for all its users. We, the Free Software Foundation, use the -GNU General Public License for most of our software; it applies also to -any other work released this way by its authors. You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - - To protect your rights, we need to prevent others from denying you -these rights or asking you to surrender the rights. Therefore, you have -certain responsibilities if you distribute copies of the software, or if -you modify it: responsibilities to respect the freedom of others. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must pass on to the recipients the same -freedoms that you received. You must make sure that they, too, receive -or can get the source code. And you must show them these terms so they -know their rights. - - Developers that use the GNU GPL protect your rights with two steps: -(1) assert copyright on the software, and (2) offer you this License -giving you legal permission to copy, distribute and/or modify it. - - For the developers' and authors' protection, the GPL clearly explains -that there is no warranty for this free software. For both users' and -authors' sake, the GPL requires that modified versions be marked as -changed, so that their problems will not be attributed erroneously to -authors of previous versions. - - Some devices are designed to deny users access to install or run -modified versions of the software inside them, although the manufacturer -can do so. This is fundamentally incompatible with the aim of -protecting users' freedom to change the software. The systematic -pattern of such abuse occurs in the area of products for individuals to -use, which is precisely where it is most unacceptable. Therefore, we -have designed this version of the GPL to prohibit the practice for those -products. If such problems arise substantially in other domains, we -stand ready to extend this provision to those domains in future versions -of the GPL, as needed to protect the freedom of users. - - Finally, every program is threatened constantly by software patents. -States should not allow patents to restrict development and use of -software on general-purpose computers, but in those that do, we wish to -avoid the special danger that patents applied to a free program could -make it effectively proprietary. To prevent this, the GPL assures that -patents cannot be used to render the program non-free. - - The precise terms and conditions for copying, distribution and -modification follow. - - TERMS AND CONDITIONS - - 0. Definitions. - - "This License" refers to version 3 of the GNU General Public License. - - "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. - - "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - - To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. - - A "covered work" means either the unmodified Program or a work based -on the Program. - - To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - - To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user through -a computer network, with no transfer of a copy, is not conveying. - - An interactive user interface displays "Appropriate Legal Notices" -to the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - - 1. Source Code. - - The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. - - A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - - The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - - The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - - The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. - - The Corresponding Source for a work in source code form is that -same work. - - 2. Basic Permissions. - - All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - - You may make, run and propagate covered works that you do not -convey, without conditions so long as your license otherwise remains -in force. You may convey covered works to others for the sole purpose -of having them make modifications exclusively for you, or provide you -with facilities for running those works, provided that you comply with -the terms of this License in conveying all material for which you do -not control copyright. Those thus making or running the covered works -for you must do so exclusively on your behalf, under your direction -and control, on terms that prohibit them from making any copies of -your copyrighted material outside their relationship with you. - - Conveying under any other circumstances is permitted solely under -the conditions stated below. Sublicensing is not allowed; section 10 -makes it unnecessary. - - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - - No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - - When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such circumvention -is effected by exercising rights under this License with respect to -the covered work, and you disclaim any intention to limit operation or -modification of the work as a means of enforcing, against the work's -users, your or third parties' legal rights to forbid circumvention of -technological measures. - - 4. Conveying Verbatim Copies. - - You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - - You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - - 5. Conveying Modified Source Versions. - - You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: - - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - - A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - - 6. Conveying Non-Source Forms. - - You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: - - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - - A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - - A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, family, -or household purposes, or (2) anything designed or sold for incorporation -into a dwelling. In determining whether a product is a consumer product, -doubtful cases shall be resolved in favor of coverage. For a particular -product received by a particular user, "normally used" refers to a -typical or common use of that class of product, regardless of the status -of the particular user or of the way in which the particular user -actually uses, or expects or is expected to use, the product. A product -is a consumer product regardless of whether the product has substantial -commercial, industrial or non-consumer uses, unless such uses represent -the only significant mode of use of the product. - - "Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to install -and execute modified versions of a covered work in that User Product from -a modified version of its Corresponding Source. The information must -suffice to ensure that the continued functioning of the modified object -code is in no case prevented or interfered with solely because -modification has been made. - - If you convey an object code work under this section in, or with, or -specifically for use in, a User Product, and the conveying occurs as -part of a transaction in which the right of possession and use of the -User Product is transferred to the recipient in perpetuity or for a -fixed term (regardless of how the transaction is characterized), the -Corresponding Source conveyed under this section must be accompanied -by the Installation Information. But this requirement does not apply -if neither you nor any third party retains the ability to install -modified object code on the User Product (for example, the work has -been installed in ROM). - - The requirement to provide Installation Information does not include a -requirement to continue to provide support service, warranty, or updates -for a work that has been modified or installed by the recipient, or for -the User Product in which it has been modified or installed. Access to a -network may be denied when the modification itself materially and -adversely affects the operation of the network or violates the rules and -protocols for communication across the network. - - Corresponding Source conveyed, and Installation Information provided, -in accord with this section must be in a format that is publicly -documented (and with an implementation available to the public in -source code form), and must require no special password or key for -unpacking, reading or copying. - - 7. Additional Terms. - - "Additional permissions" are terms that supplement the terms of this -License by making exceptions from one or more of its conditions. -Additional permissions that are applicable to the entire Program shall -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - - When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - - Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders of -that material) supplement the terms of this License with terms: - - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - - All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - - If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - - Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; -the above requirements apply either way. - - 8. Termination. - - You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - - However, if you cease all violation of this License, then your -license from a particular copyright holder is reinstated (a) -provisionally, unless and until the copyright holder explicitly and -finally terminates your license, and (b) permanently, if the copyright -holder fails to notify you of the violation by some reasonable means -prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - - Termination of your rights under this section does not terminate the -licenses of parties who have received copies or rights from you under -this License. If your rights have been terminated and not permanently -reinstated, you do not qualify to receive new licenses for the same -material under section 10. - - 9. Acceptance Not Required for Having Copies. - - You are not required to accept this License in order to receive or -run a copy of the Program. Ancillary propagation of a covered work -occurring solely as a consequence of using peer-to-peer transmission -to receive a copy likewise does not require acceptance. However, -nothing other than this License grants you permission to propagate or -modify any covered work. These actions infringe copyright if you do -not accept this License. Therefore, by modifying or propagating a -covered work, you indicate your acceptance of this License to do so. - - 10. Automatic Licensing of Downstream Recipients. - - Each time you convey a covered work, the recipient automatically -receives a license from the original licensors, to run, modify and -propagate that work, subject to this License. You are not responsible -for enforcing compliance by third parties with this License. - - An "entity transaction" is a transaction transferring control of an -organization, or substantially all assets of one, or subdividing an -organization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - - You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - - 11. Patents. - - A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - - A contributor's "essential patent claims" are all patent claims -owned or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of -this License. - - Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - - In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - - If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - - If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - - A patent license is "discriminatory" if it does not include within -the scope of its coverage, prohibits the exercise of, or is -conditioned on the non-exercise of one or more of the rights that are -specifically granted under this License. You may not convey a covered -work if you are a party to an arrangement with a third party that is -in the business of distributing software, under which you make payment -to the third party based on the extent of your activity of conveying -the work, and under which the third party grants, to any of the -parties who would receive the covered work from you, a discriminatory -patent license (a) in connection with copies of the covered work -conveyed by you (or copies made from those copies), or (b) primarily -for and in connection with specific products or compilations that -contain the covered work, unless you entered into that arrangement, -or that patent license was granted, prior to 28 March 2007. - - Nothing in this License shall be construed as excluding or limiting -any implied license or other defenses to infringement that may -otherwise be available to you under applicable patent law. - - 12. No Surrender of Others' Freedom. - - If conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you may -not convey it at all. For example, if you agree to terms that obligate you -to collect a royalty for further conveying from those to whom you convey -the Program, the only way you could satisfy both those terms and this -License would be to refrain entirely from conveying the Program. - - 13. Use with the GNU Affero General Public License. - - Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU Affero General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the special requirements of the GNU Affero General Public License, -section 13, concerning interaction through a network will apply to the -combination as such. - - 14. Revised Versions of this License. - - The Free Software Foundation may publish revised and/or new versions of -the GNU General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - - Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU General Public License, you may choose any version ever published -by the Free Software Foundation. - - If the Program specifies that a proxy can decide which future -versions of the GNU General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - - Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - - 15. Disclaimer of Warranty. - - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY -OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM -IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF -ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. Limitation of Liability. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS -THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY -GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE -USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF -DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD -PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), -EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES. - - 17. Interpretation of Sections 15 and 16. - - If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -state the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - -Also add information on how to contact you by electronic and paper mail. - - If the program does terminal interaction, make it output a short -notice like this when it starts in an interactive mode: - - Copyright (C) - This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, your program's commands -might be different; for a GUI interface, you would use an "about box". - - You should also get your employer (if you work as a programmer) or school, -if any, to sign a "copyright disclaimer" for the program, if necessary. -For more information on this, and how to apply and follow the GNU GPL, see -. - - The GNU General Public License does not permit incorporating your program -into proprietary programs. If your program is a subroutine library, you -may consider it more useful to permit linking proprietary applications with -the library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. But first, please read -. diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/README.md b/source/src/main/java/io/wdd/source/nacos-2.1.2/README.md deleted file mode 100644 index e46be6f..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/README.md +++ /dev/null @@ -1,250 +0,0 @@ -# nacos - an easy-to-use dynamic service discovery, configuration and service management platform for building cloud native applications. - -![Build Status](https://github.com/ygqygq2/nacos-helm/actions/workflows/lint-test.yaml/badge.svg) - -[Nacos](https://nacos.io) is an easy-to-use platform designed for dynamic service discovery and configuration and service management. It helps you to build cloud native applications and microservices platform easily. - -## Introduction - -This chart bootstraps nacos statefulset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.2.0+ - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install my-release nacos -``` - -The command deploys nacos cluster on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - ->tip: ->The default user is: nacos ->The default password is: nacos - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -$ helm uninstall my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------- | ------------------------------------------------------------------------------------- | --------------- | -| `nameOverride` | String to partially override nginx.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override nginx.fullname template | `""` | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | -| `extraDeploy` | Extra objects to deploy (value evaluated as a template) | `[]` | -| `commonLabels` | Add labels to all the deployed resources | `{}` | -| `commonAnnotations` | Add annotations to all the deployed resources | `{}` | - - -### nacos parameters - -| Name | Description | Value | -| -------------------- | -------------------------------------------------------------------- | --------------------- | -| `image.registry` | nacos image registry | `docker.io` | -| `image.repository` | nacos image repository | `nacos/nacos-server` | -| `image.tag` | nacos image tag (immutable tags are recommended) | `v2.1.0` | -| `image.pullPolicy` | nacos image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Set to true if you would like to see extra information on logs | `false` | -| `hostAliases` | Deployment pod host aliases | `[]` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `extraEnvVars` | Extra environment variables to be set on nacos containers | `[]` | -| `extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `extraEnvVarsSecret` | Secret with extra environment variables | `""` | - - -### nacos deployment parameters - -| Name | Description | Value | -| --------------------------------------- | ----------------------------------------------------------------------------------------- | ------- | -| `replicaCount` | Number of nacos replicas to deploy | `1` | -| `podLabels` | Additional labels for nacos pods | `{}` | -| `podAnnotations` | Annotations for nacos pods | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | -| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `{}` | -| `priorityClassName` | Priority class name | `""` | -| `podSecurityContext.enabled` | Enabled nacos pods' Security Context | `false` | -| `podSecurityContext.fsGroup` | Set nacos pod's Security Context fsGroup | `1001` | -| `podSecurityContext.sysctls` | sysctl settings of the nacos pods | `[]` | -| `containerSecurityContext.enabled` | Enabled nacos containers' Security Context | `false` | -| `containerSecurityContext.runAsUser` | Set nacos container's Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set nacos container's Security Context runAsNonRoot | `true` | -| `containerPorts.http` | Sets http port inside nacos container | `8080` | -| `containerPorts.https` | Sets https port inside nacos container | `""` | -| `resources.limits` | The resources limits for the nacos container | `{}` | -| `resources.requests` | The requested resources for the nacos container | `{}` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `healthCheck` | 简化的健康检测,支持 tcp、http,具体查看 `values.yaml` | | -| `autoscaling.enabled` | Enable autoscaling for nacos deployment | `false` | -| `autoscaling.minReplicas` | Minimum number of replicas to scale back | `""` | -| `autoscaling.maxReplicas` | Maximum number of replicas to scale out | `""` | -| `autoscaling.targetCPU` | Target CPU utilization percentage | `""` | -| `autoscaling.targetMemory` | Target Memory utilization percentage | `""` | -| `extraVolumes` | Array to add extra volumes | `[]` | -| `extraVolumeMounts` | Array to add extra mount | `[]` | -| `serviceAccount.create` | Enable creation of ServiceAccount for nginx pod | `false` | -| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | -| `serviceAccount.annotations` | Annotations for service account. Evaluated as a template. | `{}` | -| `serviceAccount.autoMount` | Auto-mount the service account token in the pod | `false` | -| `sidecars` | Sidecar parameters | `[]` | -| `sidecarSingleProcessNamespace` | Enable sharing the process namespace with sidecars | `false` | -| `initContainers` | Extra init containers | `[]` | -| `pdb.create` | Created a PodDisruptionBudget | `false` | -| `pdb.minAvailable` | Min number of pods that must still be available after the eviction | `1` | -| `pdb.maxUnavailable` | Max number of pods that can be unavailable after the eviction | `0` | - - -### Traffic Exposure parameters - -| Name | Description | Value | -| ------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | -| `service.type` | Service type | `LoadBalancer` | -| `service.port` | Service HTTP port | `80` | -| `service.httpsPort` | Service HTTPS port | `443` | -| `service.nodePorts` | Specify the nodePort(s) value(s) for the LoadBalancer and NodePort service types. | `{}` | -| `service.targetPort` | Target port reference value for the Loadbalancer service types can be specified explicitly. | `{}` | -| `service.loadBalancerIP` | LoadBalancer service IP address | `""` | -| `service.annotations` | Service annotations | `{}` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `ingress.enabled` | Set to true to enable ingress record generation | `false` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `ingress.hostname` | Default host for the ingress resource | `nginx.local` | -| `ingress.path` | The Path to Nginx. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` | -| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | -| `ingress.tls` | Create TLS Secret | `false` | -| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | -| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | -| `healthIngress.enabled` | Set to true to enable health ingress record generation | `false` | -| `healthIngress.pathType` | Ingress path type | `ImplementationSpecific` | -| `healthIngress.hostname` | When the health ingress is enabled, a host pointing to this will be created | `example.local` | -| `healthIngress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | -| `healthIngress.tls` | Enable TLS configuration for the hostname defined at `healthIngress.hostname` parameter | `false` | -| `healthIngress.extraHosts` | The list of additional hostnames to be covered with this health ingress record | `[]` | -| `healthIngress.extraTls` | TLS configuration for additional hostnames to be covered | `[]` | -| `healthIngress.secrets` | TLS Secret configuration | `[]` | - - -### Metrics parameters - -| Name | Description | Value | -| ------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | -| `metrics.serviceMonitor.enabled` | Creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | -| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | -| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so PodMonitor will be discovered by Prometheus | `{}` | -| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | -| `metrics.prometheusRule.enabled` | if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` | -| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` | -| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -$ helm install my-release \ - --set replicaCount=3 \ - ygqygq2/nacos -``` - -The above command sets the `imagePullPolicy` to `Always`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install my-release -f values.yaml ygqygq2/nacos -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Use a different nacos version - -To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/nginx/configuration/change-image-version/). - -### Adding extra environment variables - -In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. - -```yaml -extraEnvVars: - - name: LOG_LEVEL - value: error -``` - -Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinity) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -### Deploying extra resources - -There are cases where you may want to deploy extra objects, such a ConfigMap containing your app's configuration or some extra deployment with a micro service used by your app. For covering this case, the chart allows adding the full specification of other objects using the `extraDeploy` parameter. - -### Ingress - -This chart provides support for ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/master/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/master/bitnami/contour) you can utilize the ingress controller to serve your application. - -To enable ingress integration, please set `ingress.enabled` to `true`. - -#### Hosts - -Most likely you will only want to have one hostname that maps to this nacos installation. If that's your case, the property `ingress.hostname` will set it. However, it is possible to have more than one host. To facilitate this, the `ingress.extraHosts` object can be specified as an array. You can also use `ingress.extraTLS` to add the TLS configuration for extra hosts. - -For each host indicated at `ingress.extraHosts`, please indicate a `name`, `path`, and any `annotations` that you may want the ingress controller to know about. - -For annotations, please see [this document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md). Not all annotations are supported by all ingress controllers, but this document does a good job of indicating which annotation is supported by many popular ingress controllers. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami¡¯s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/.helmignore b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/Chart.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/Chart.yaml deleted file mode 100644 index bd152e3..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 1.16.0 -description: A Library Helm Chart for grouping common logic between bitnami charts. - This chart is not deployable by itself. -home: https://github.com/bitnami/charts/tree/master/bitnami/common -icon: https://bitnami.com/downloads/logos/bitnami-mark.png -keywords: -- common -- helper -- template -- function -- bitnami -maintainers: -- name: Bitnami - url: https://github.com/bitnami/charts -name: common -sources: -- https://github.com/bitnami/charts -- https://www.bitnami.com/ -type: library -version: 1.16.0 diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/README.md b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/README.md deleted file mode 100644 index 3b5e09c..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/README.md +++ /dev/null @@ -1,350 +0,0 @@ -# Bitnami Common Library Chart - -A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. - -## TL;DR - -```yaml -dependencies: - - name: common - version: 1.x.x - repository: https://charts.bitnami.com/bitnami -``` - -```bash -$ helm dependency update -``` - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} -data: - myvalue: "Hello World" -``` - -## Introduction - -This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.2.0+ - -## Parameters - -The following table lists the helpers available in the library which are scoped in different sections. - -### Affinities - -| Helper identifier | Description | Expected Input | -|-------------------------------|------------------------------------------------------|------------------------------------------------| -| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | -| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | - -### Capabilities - -| Helper identifier | Description | Expected Input | -|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| -| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | -| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | -| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | -| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | -| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | -| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | -| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | -| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context | -| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context | -| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context | -| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context | -| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | - -### Errors - -| Helper identifier | Description | Expected Input | -|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| -| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | - -### Images - -| Helper identifier | Description | Expected Input | -|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| -| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | -| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | -| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` | - -### Ingress - -| Helper identifier | Description | Expected Input | -|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | -| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | -| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | -| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` | - -### Labels - -| Helper identifier | Description | Expected Input | -|-----------------------------|-----------------------------------------------------------------------------|-------------------| -| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | -| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context | - -### Names - -| Helper identifier | Description | Expected Input | -|-----------------------------------|-----------------------------------------------------------------------|-------------------| -| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | -| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | -| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context | -| `common.names.fullname.namespace` | Create a fully qualified app name adding the installation's namespace | `.` Chart context | -| `common.names.chart` | Chart name plus version | `.` Chart context | - -### Secrets - -| Helper identifier | Description | Expected Input | -|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | -| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | -| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | -| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | - -### Storage - -| Helper identifier | Description | Expected Input | -|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| -| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | - -### TplValues - -| Helper identifier | Description | Expected Input | -|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | - -### Utils - -| Helper identifier | Description | Expected Input | -|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| -| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | -| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | -| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | -| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | - -### Validations - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | -| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | -| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | -| `common.validations.values.mysql.passwords` | This helper will ensure required password for MySQL are not empty. It returns a shared error for all the values. | `dict "secret" "mysql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mysql chart and the helper. | -| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | -| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis® are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | -| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | -| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | - -### Warnings - -| Helper identifier | Description | Expected Input | -|------------------------------|----------------------------------|------------------------------------------------------------| -| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | - -## Special input schemas - -### ImageRoot - -```yaml -registry: - type: string - description: Docker registry where the image is located - example: docker.io - -repository: - type: string - description: Repository and image name - example: bitnami/nginx - -tag: - type: string - description: image tag - example: 1.16.1-debian-10-r63 - -pullPolicy: - type: string - description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - -pullSecrets: - type: array - items: - type: string - description: Optionally specify an array of imagePullSecrets (evaluated as templates). - -debug: - type: boolean - description: Set to true if you would like to see extra information on logs - example: false - -## An instance would be: -# registry: docker.io -# repository: bitnami/nginx -# tag: 1.16.1-debian-10-r63 -# pullPolicy: IfNotPresent -# debug: false -``` - -### Persistence - -```yaml -enabled: - type: boolean - description: Whether enable persistence. - example: true - -storageClass: - type: string - description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. - example: "-" - -accessMode: - type: string - description: Access mode for the Persistent Volume Storage. - example: ReadWriteOnce - -size: - type: string - description: Size the Persistent Volume Storage. - example: 8Gi - -path: - type: string - description: Path to be persisted. - example: /bitnami - -## An instance would be: -# enabled: true -# storageClass: "-" -# accessMode: ReadWriteOnce -# size: 8Gi -# path: /bitnami -``` - -### ExistingSecret - -```yaml -name: - type: string - description: Name of the existing secret. - example: mySecret -keyMapping: - description: Mapping between the expected key name and the name of the key in the existing secret. - type: object - -## An instance would be: -# name: mySecret -# keyMapping: -# password: myPasswordKey -``` - -#### Example of use - -When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. - -```yaml -# templates/secret.yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: - app: {{ include "common.names.fullname" . }} -type: Opaque -data: - password: {{ .Values.password | b64enc | quote }} - -# templates/dpl.yaml ---- -... - env: - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} - key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} -... - -# values.yaml ---- -name: mySecret -keyMapping: - password: myPasswordKey -``` - -### ValidateValue - -#### NOTES.txt - -```console -{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} - -{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} -``` - -If we force those values to be empty we will see some alerts - -```console -$ helm install test mychart --set path.to.value00="",path.to.value01="" - 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: - - export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d) - - 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: - - export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d) -``` - -## Upgrading - -### To 1.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -## License - -Copyright © 2022 Bitnami - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_affinities.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_affinities.tpl deleted file mode 100644 index 189ea40..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_affinities.tpl +++ /dev/null @@ -1,102 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a soft nodeAffinity definition -{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.soft" -}} -preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} - weight: 1 -{{- end -}} - -{{/* -Return a hard nodeAffinity definition -{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.hard" -}} -requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} -{{- end -}} - -{{/* -Return a nodeAffinity definition -{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.nodes.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.nodes.hard" . -}} - {{- end -}} -{{- end -}} - -{{/* -Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} -*/}} -{{- define "common.affinities.pods.soft" -}} -{{- $component := default "" .component -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - namespaces: - - {{ .context.Release.Namespace | quote }} - topologyKey: kubernetes.io/hostname - weight: 1 -{{- end -}} - -{{/* -Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} -*/}} -{{- define "common.affinities.pods.hard" -}} -{{- $component := default "" .component -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - namespaces: - - {{ .context.Release.Namespace | quote }} - topologyKey: kubernetes.io/hostname -{{- end -}} - -{{/* -Return a podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.pods" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.pods.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.pods.hard" . -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_capabilities.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_capabilities.tpl deleted file mode 100644 index 9d9b760..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_capabilities.tpl +++ /dev/null @@ -1,154 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "common.capabilities.kubeVersion" -}} -{{- if .Values.global }} - {{- if .Values.global.kubeVersion }} - {{- .Values.global.kubeVersion -}} - {{- else }} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} - {{- end -}} -{{- else }} -{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for poddisruptionbudget. -*/}} -{{- define "common.capabilities.policy.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "common.capabilities.networkPolicy.apiVersion" -}} -{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for cronjob. -*/}} -{{- define "common.capabilities.cronjob.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "batch/v1beta1" -}} -{{- else -}} -{{- print "batch/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "common.capabilities.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apps/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- if .Values.ingress -}} -{{- if .Values.ingress.apiVersion -}} -{{- .Values.ingress.apiVersion -}} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end }} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for RBAC resources. -*/}} -{{- define "common.capabilities.rbac.apiVersion" -}} -{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "rbac.authorization.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "rbac.authorization.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for CRDs. -*/}} -{{- define "common.capabilities.crd.apiVersion" -}} -{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiextensions.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiextensions.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for APIService. -*/}} -{{- define "common.capabilities.apiService.apiVersion" -}} -{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiregistration.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiregistration.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Horizontal Pod Autoscaler. -*/}} -{{- define "common.capabilities.hpa.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the used Helm version is 3.3+. -A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. -This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. -**To be removed when the catalog's minimun Helm version is 3.3** -*/}} -{{- define "common.capabilities.supportsHelmVersion" -}} -{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_errors.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_errors.tpl deleted file mode 100644 index a79cc2e..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_errors.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} - {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} - {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} - {{- $errorString = print $errorString "\n%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_images.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_images.tpl deleted file mode 100644 index 42ffbc7..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_images.tpl +++ /dev/null @@ -1,75 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := .imageRoot.registry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $tag := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.imageRegistry }} - {{- $registryName = .global.imageRegistry -}} - {{- end -}} -{{- end -}} -{{- if $registryName }} -{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- else -}} -{{- printf "%s:%s" $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "common.images.renderPullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_ingress.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_ingress.tpl deleted file mode 100644 index 8caf73a..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_ingress.tpl +++ /dev/null @@ -1,68 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Generate backend entry that is compatible with all Kubernetes API versions. - -Usage: -{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} - -Params: - - serviceName - String. Name of an existing service backend - - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.ingress.backend" -}} -{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} -{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} -serviceName: {{ .serviceName }} -servicePort: {{ .servicePort }} -{{- else -}} -service: - name: {{ .serviceName }} - port: - {{- if typeIs "string" .servicePort }} - name: {{ .servicePort }} - {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} - number: {{ .servicePort | int }} - {{- end }} -{{- end -}} -{{- end -}} - -{{/* -Print "true" if the API pathType field is supported -Usage: -{{ include "common.ingress.supportsPathType" . }} -*/}} -{{- define "common.ingress.supportsPathType" -}} -{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the ingressClassname field is supported -Usage: -{{ include "common.ingress.supportsIngressClassname" . }} -*/}} -{{- define "common.ingress.supportsIngressClassname" -}} -{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if cert-manager required annotations for TLS signed -certificates are set in the Ingress annotations -Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations -Usage: -{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} -*/}} -{{- define "common.ingress.certManagerRequest" -}} -{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_labels.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_labels.tpl deleted file mode 100644 index 252066c..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,18 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Kubernetes standard labels -*/}} -{{- define "common.labels.standard" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector -*/}} -{{- define "common.labels.matchLabels" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_names.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_names.tpl deleted file mode 100644 index 1bdac8b..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_names.tpl +++ /dev/null @@ -1,70 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified dependency name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -Usage: -{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} -*/}} -{{- define "common.names.dependency.fullname" -}} -{{- if .chartValues.fullnameOverride -}} -{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .chartName .chartValues.nameOverride -}} -{{- if contains $name .context.Release.Name -}} -{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts. -*/}} -{{- define "common.names.namespace" -}} -{{- if .Values.namespaceOverride -}} -{{- .Values.namespaceOverride -}} -{{- else -}} -{{- .Release.Namespace -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified app name adding the installation's namespace. -*/}} -{{- define "common.names.fullname.namespace" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_secrets.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_secrets.tpl deleted file mode 100644 index a53fb44..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_secrets.tpl +++ /dev/null @@ -1,140 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- if not (typeIs "string" .) -}} -{{- with .name -}} -{{- $name = . -}} -{{- end -}} -{{- else -}} -{{- $name = . -}} -{{- end -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if not (typeIs "string" .existingSecret) -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} - {{- end }} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Generate secret password or retrieve one if already created. - -Usage: -{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - length - int - Optional - Length of the generated random password. - - strong - Boolean - Optional - Whether to add symbols to the generated random password. - - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - - context - Context - Required - Parent context. - -The order in which this function returns a secret password: - 1. Already existing 'Secret' resource - (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) - 2. Password provided via the values.yaml - (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) - 3. Randomly generated secret password - (A new random secret password with the length specified in the 'length' parameter will be generated and returned) - -*/}} -{{- define "common.secrets.passwords.manage" -}} - -{{- $password := "" }} -{{- $subchart := "" }} -{{- $chartName := default "" .chartName }} -{{- $passwordLength := default 10 .length }} -{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} -{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} -{{- $secretData := (lookup "v1" "Secret" $.context.Release.Namespace .secret).data }} -{{- if $secretData }} - {{- if hasKey $secretData .key }} - {{- $password = index $secretData .key }} - {{- else }} - {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} - {{- end -}} -{{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString | b64enc | quote }} -{{- else }} - - {{- if .context.Values.enabled }} - {{- $subchart = $chartName }} - {{- end -}} - - {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - {{- $passwordValidationErrors := list $requiredPasswordError -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} - - {{- if .strong }} - {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} - {{- $password = randAscii $passwordLength }} - {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} - {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} - {{- else }} - {{- $password = randAlphaNum $passwordLength | b64enc | quote }} - {{- end }} -{{- end -}} -{{- printf "%s" $password -}} -{{- end -}} - -{{/* -Returns whether a previous generated secret already exists - -Usage: -{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.exists" -}} -{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} -{{- if $secret }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_storage.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_storage.tpl deleted file mode 100644 index 60e2a84..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_storage.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} - -{{- $storageClass := .persistence.storageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.storageClass -}} - {{- end -}} -{{- end -}} - -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} - -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_tplvalues.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_tplvalues.tpl deleted file mode 100644 index 2db1668..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,13 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_utils.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_utils.tpl deleted file mode 100644 index 8c22b2a..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_utils.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} - -{{/* -Gets a value from .Values given -Usage: -{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} -*/}} -{{- define "common.utils.getValueFromKey" -}} -{{- $splitKey := splitList "." .key -}} -{{- $value := "" -}} -{{- $latestObj := $.context.Values -}} -{{- range $splitKey -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} - {{- end -}} - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} -{{- end -}} -{{- printf "%v" (default "" $value) -}} -{{- end -}} - -{{/* -Returns first .Values key with a defined value or first of the list if all non-defined -Usage: -{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} -*/}} -{{- define "common.utils.getKeyFromList" -}} -{{- $key := first .keys -}} -{{- $reverseKeys := reverse .keys }} -{{- range $reverseKeys }} - {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} - {{- if $value -}} - {{- $key = . }} - {{- end -}} -{{- end -}} -{{- printf "%s" $key -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_warnings.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_warnings.tpl deleted file mode 100644 index ae10fa4..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/_warnings.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} - -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_cassandra.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_cassandra.tpl deleted file mode 100644 index ded1ae3..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_cassandra.tpl +++ /dev/null @@ -1,72 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Cassandra required passwords are not empty. - -Usage: -{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.cassandra.passwords" -}} - {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} - {{- $enabled := include "common.cassandra.values.enabled" . -}} - {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} - {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.dbUser.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled cassandra. - -Usage: -{{ include "common.cassandra.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.cassandra.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.cassandra.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key dbUser - -Usage: -{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.key.dbUser" -}} - {{- if .subchart -}} - cassandra.dbUser - {{- else -}} - dbUser - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_mariadb.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_mariadb.tpl deleted file mode 100644 index b6906ff..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_mariadb.tpl +++ /dev/null @@ -1,103 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MariaDB required passwords are not empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mariadb.values.enabled" . -}} - {{- $architecture := include "common.mariadb.values.architecture" . -}} - {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mariadb. - -Usage: -{{ include "common.mariadb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mariadb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mariadb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.key.auth" -}} - {{- if .subchart -}} - mariadb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_mongodb.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_mongodb.tpl deleted file mode 100644 index f820ec1..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_mongodb.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MongoDB® required passwords are not empty. - -Usage: -{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mongodb.passwords" -}} - {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mongodb.values.enabled" . -}} - {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} - {{- $architecture := include "common.mongodb.values.architecture" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} - {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} - - {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} - {{- if and $valueUsername $valueDatabase -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replicaset") -}} - {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mongodb. - -Usage: -{{ include "common.mongodb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mongodb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mongodb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.key.auth" -}} - {{- if .subchart -}} - mongodb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_mysql.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_mysql.tpl deleted file mode 100644 index 74472a0..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_mysql.tpl +++ /dev/null @@ -1,103 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MySQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mysql.passwords" -}} - {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mysql.values.enabled" . -}} - {{- $architecture := include "common.mysql.values.architecture" . -}} - {{- $authPrefix := include "common.mysql.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mysql. - -Usage: -{{ include "common.mysql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mysql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mysql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.key.auth" -}} - {{- if .subchart -}} - mysql.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_postgresql.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_postgresql.tpl deleted file mode 100644 index 164ec0d..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_postgresql.tpl +++ /dev/null @@ -1,129 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate PostgreSQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- if (eq $enabledReplication "true") -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.replication.enabled -}} - {{- else -}} - {{- printf "%v" .context.Values.replication.enabled -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_redis.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_redis.tpl deleted file mode 100644 index dcccfc1..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_redis.tpl +++ /dev/null @@ -1,76 +0,0 @@ - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Redis® required passwords are not empty. - -Usage: -{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.redis.passwords" -}} - {{- $enabled := include "common.redis.values.enabled" . -}} - {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} - {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} - - {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} - {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} - - {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} - {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} - {{- if eq $useAuth "true" -}} - {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled redis. - -Usage: -{{ include "common.redis.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.redis.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.redis.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right prefix path for the values - -Usage: -{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.redis.values.keys.prefix" -}} - {{- if .subchart -}}redis.{{- else -}}{{- end -}} -{{- end -}} - -{{/* -Checks whether the redis chart's includes the standarizations (version >= 14) - -Usage: -{{ include "common.redis.values.standarized.version" (dict "context" $) }} -*/}} -{{- define "common.redis.values.standarized.version" -}} - - {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} - {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} - - {{- if $standarizedAuthValues -}} - {{- true -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_validations.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_validations.tpl deleted file mode 100644 index 9a814cf..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/templates/validations/_validations.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" - - subchart - String - Optional - Name of the subchart that the validated password is part of. -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} - {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/values.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/values.yaml deleted file mode 100644 index f2df68e..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/common/values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -## bitnami/common -## It is required by CI/CD tools and processes. -## @skip exampleValue -## -exampleValue: common-chart diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/.helmignore b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/Chart.lock b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/Chart.lock deleted file mode 100644 index eb4df7f..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.13.1 -digest: sha256:1056dac8da880ed967a191e8d9eaf04766f77bda66a5715456d5dd4494a4a942 -generated: "2022-04-26T23:27:43.795807925Z" diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/Chart.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/Chart.yaml deleted file mode 100644 index f42519b..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -annotations: - category: Database -apiVersion: v2 -appVersion: 8.0.29 -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: MySQL is a fast, reliable, scalable, and easy to use open source relational - database system. Designed to handle mission-critical, heavy-load production applications. -home: https://github.com/bitnami/charts/tree/master/bitnami/mysql -icon: https://bitnami.com/assets/stacks/mysql/img/mysql-stack-220x234.png -keywords: -- mysql -- database -- sql -- cluster -- high availability -maintainers: -- email: containers@bitnami.com - name: Bitnami -name: mysql -sources: -- https://github.com/bitnami/bitnami-docker-mysql -- https://mysql.com -version: 8.9.6 diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/README.md b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/README.md deleted file mode 100644 index e961827..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/README.md +++ /dev/null @@ -1,491 +0,0 @@ - - -# MySQL packaged by Bitnami - -MySQL is a fast, reliable, scalable, and easy to use open source relational database system. Designed to handle mission-critical, heavy-load production applications. - -[Overview of MySQL](http://www.mysql.com) - -Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - -## TL;DR - -```bash -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/mysql -``` - -## Introduction - -This chart bootstraps a [MySQL](https://github.com/bitnami/bitnami-docker-mysql) replication cluster deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.2.0+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/mysql -``` - -These commands deploy MySQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------------ | --------------------------------------------------------------------------------------------------------- | --------------- | -| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override common.names.fullname template | `""` | -| `clusterDomain` | Cluster domain | `cluster.local` | -| `commonAnnotations` | Common annotations to add to all MySQL resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `commonLabels` | Common labels to add to all MySQL resources (sub-charts are not considered). Evaluated as a template | `{}` | -| `extraDeploy` | Array with extra yaml to deploy with the chart. Evaluated as a template | `[]` | -| `schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - - -### MySQL common parameters - -| Name | Description | Value | -| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | -| `image.registry` | MySQL image registry | `docker.io` | -| `image.repository` | MySQL image repository | `bitnami/mysql` | -| `image.tag` | MySQL image tag (immutable tags are recommended) | `8.0.29-debian-10-r0` | -| `image.pullPolicy` | MySQL image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `architecture` | MySQL architecture (`standalone` or `replication`) | `standalone` | -| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided | `""` | -| `auth.database` | Name for a custom database to create | `my_database` | -| `auth.username` | Name for a custom user to create | `""` | -| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` | -| `auth.replicationUser` | MySQL replication user | `replicator` | -| `auth.replicationPassword` | MySQL replication user password. Ignored if existing secret is provided | `""` | -| `auth.existingSecret` | Use existing secret for password details. The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password` | `""` | -| `auth.forcePassword` | Force users to specify required passwords | `false` | -| `auth.usePasswordFiles` | Mount credentials as files instead of using an environment variable | `false` | -| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` | -| `initdbScripts` | Dictionary of initdb scripts | `{}` | -| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` | - - -### MySQL Primary parameters - -| Name | Description | Value | -| -------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | ------------------- | -| `primary.command` | Override default container command on MySQL Primary container(s) (useful when using custom images) | `[]` | -| `primary.args` | Override default container args on MySQL Primary container(s) (useful when using custom images) | `[]` | -| `primary.hostAliases` | Deployment pod host aliases | `[]` | -| `primary.configuration` | Configure MySQL Primary with a custom my.cnf file | `""` | -| `primary.existingConfigmap` | Name of existing ConfigMap with MySQL Primary configuration. | `""` | -| `primary.updateStrategy` | Update strategy type for the MySQL primary statefulset | `RollingUpdate` | -| `primary.rollingUpdatePartition` | Partition update strategy for MySQL Primary statefulset | `""` | -| `primary.podAnnotations` | Additional pod annotations for MySQL primary pods | `{}` | -| `primary.podAffinityPreset` | MySQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `primary.podAntiAffinityPreset` | MySQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `primary.nodeAffinityPreset.type` | MySQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `primary.nodeAffinityPreset.key` | MySQL primary node label key to match Ignored if `primary.affinity` is set. | `""` | -| `primary.nodeAffinityPreset.values` | MySQL primary node label values to match. Ignored if `primary.affinity` is set. | `[]` | -| `primary.affinity` | Affinity for MySQL primary pods assignment | `{}` | -| `primary.nodeSelector` | Node labels for MySQL primary pods assignment | `{}` | -| `primary.tolerations` | Tolerations for MySQL primary pods assignment | `[]` | -| `primary.podSecurityContext.enabled` | Enable security context for MySQL primary pods | `true` | -| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | -| `primary.containerSecurityContext.enabled` | MySQL primary container securityContext | `true` | -| `primary.containerSecurityContext.runAsUser` | User ID for the MySQL primary container | `1001` | -| `primary.resources.limits` | The resources limits for MySQL primary containers | `{}` | -| `primary.resources.requests` | The requested resources for MySQL primary containers | `{}` | -| `primary.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `primary.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `primary.startupProbe.enabled` | Enable startupProbe | `true` | -| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `15` | -| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` | -| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `primary.customLivenessProbe` | Override default liveness probe for MySQL primary containers | `{}` | -| `primary.customReadinessProbe` | Override default readiness probe for MySQL primary containers | `{}` | -| `primary.customStartupProbe` | Override default startup probe for MySQL primary containers | `{}` | -| `primary.extraFlags` | MySQL primary additional command line flags | `""` | -| `primary.extraEnvVars` | Extra environment variables to be set on MySQL primary containers | `[]` | -| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MySQL primary containers | `""` | -| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MySQL primary containers | `""` | -| `primary.persistence.enabled` | Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | `true` | -| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MySQL primary replicas | `""` | -| `primary.persistence.storageClass` | MySQL primary persistent volume storage Class | `""` | -| `primary.persistence.annotations` | MySQL primary persistent volume claim annotations | `{}` | -| `primary.persistence.accessModes` | MySQL primary persistent volume access Modes | `["ReadWriteOnce"]` | -| `primary.persistence.size` | MySQL primary persistent volume size | `8Gi` | -| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` | -| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MySQL Primary pod(s) | `[]` | -| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MySQL Primary container(s) | `[]` | -| `primary.initContainers` | Add additional init containers for the MySQL Primary pod(s) | `[]` | -| `primary.sidecars` | Add additional sidecar containers for the MySQL Primary pod(s) | `[]` | -| `primary.service.type` | MySQL Primary K8s service type | `ClusterIP` | -| `primary.service.port` | MySQL Primary K8s service port | `3306` | -| `primary.service.nodePort` | MySQL Primary K8s service node port | `""` | -| `primary.service.clusterIP` | MySQL Primary K8s service clusterIP IP | `""` | -| `primary.service.loadBalancerIP` | MySQL Primary loadBalancerIP if service type is `LoadBalancer` | `""` | -| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `primary.service.loadBalancerSourceRanges` | Addresses that are allowed when MySQL Primary service is LoadBalancer | `[]` | -| `primary.service.annotations` | Provide any additional annotations which may be required | `{}` | -| `primary.pdb.enabled` | Enable/disable a Pod Disruption Budget creation for MySQL primary pods | `false` | -| `primary.pdb.minAvailable` | Minimum number/percentage of MySQL primary pods that should remain scheduled | `1` | -| `primary.pdb.maxUnavailable` | Maximum number/percentage of MySQL primary pods that may be made unavailable | `""` | -| `primary.podLabels` | MySQL Primary pod label. If labels are same as commonLabels , this will take precedence | `{}` | - - -### MySQL Secondary parameters - -| Name | Description | Value | -| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------------------- | -| `secondary.replicaCount` | Number of MySQL secondary replicas | `1` | -| `secondary.hostAliases` | Deployment pod host aliases | `[]` | -| `secondary.command` | Override default container command on MySQL Secondary container(s) (useful when using custom images) | `[]` | -| `secondary.args` | Override default container args on MySQL Secondary container(s) (useful when using custom images) | `[]` | -| `secondary.configuration` | Configure MySQL Secondary with a custom my.cnf file | `""` | -| `secondary.existingConfigmap` | Name of existing ConfigMap with MySQL Secondary configuration. | `""` | -| `secondary.updateStrategy` | Update strategy type for the MySQL secondary statefulset | `RollingUpdate` | -| `secondary.rollingUpdatePartition` | Partition update strategy for MySQL Secondary statefulset | `""` | -| `secondary.podAnnotations` | Additional pod annotations for MySQL secondary pods | `{}` | -| `secondary.podAffinityPreset` | MySQL secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `secondary.podAntiAffinityPreset` | MySQL secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `secondary.nodeAffinityPreset.type` | MySQL secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `secondary.nodeAffinityPreset.key` | MySQL secondary node label key to match Ignored if `secondary.affinity` is set. | `""` | -| `secondary.nodeAffinityPreset.values` | MySQL secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` | -| `secondary.affinity` | Affinity for MySQL secondary pods assignment | `{}` | -| `secondary.nodeSelector` | Node labels for MySQL secondary pods assignment | `{}` | -| `secondary.tolerations` | Tolerations for MySQL secondary pods assignment | `[]` | -| `secondary.podSecurityContext.enabled` | Enable security context for MySQL secondary pods | `true` | -| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | -| `secondary.containerSecurityContext.enabled` | MySQL secondary container securityContext | `true` | -| `secondary.containerSecurityContext.runAsUser` | User ID for the MySQL secondary container | `1001` | -| `secondary.resources.limits` | The resources limits for MySQL secondary containers | `{}` | -| `secondary.resources.requests` | The requested resources for MySQL secondary containers | `{}` | -| `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `secondary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `secondary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `secondary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `secondary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `secondary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `secondary.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `secondary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `secondary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `secondary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `secondary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `secondary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `secondary.startupProbe.enabled` | Enable startupProbe | `true` | -| `secondary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `15` | -| `secondary.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `secondary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `secondary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `secondary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `secondary.customLivenessProbe` | Override default liveness probe for MySQL secondary containers | `{}` | -| `secondary.customReadinessProbe` | Override default readiness probe for MySQL secondary containers | `{}` | -| `secondary.customStartupProbe` | Override default startup probe for MySQL secondary containers | `{}` | -| `secondary.extraFlags` | MySQL secondary additional command line flags | `""` | -| `secondary.extraEnvVars` | An array to add extra environment variables on MySQL secondary containers | `[]` | -| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MySQL secondary containers | `""` | -| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MySQL secondary containers | `""` | -| `secondary.persistence.enabled` | Enable persistence on MySQL secondary replicas using a `PersistentVolumeClaim` | `true` | -| `secondary.persistence.storageClass` | MySQL secondary persistent volume storage Class | `""` | -| `secondary.persistence.annotations` | MySQL secondary persistent volume claim annotations | `{}` | -| `secondary.persistence.accessModes` | MySQL secondary persistent volume access Modes | `["ReadWriteOnce"]` | -| `secondary.persistence.size` | MySQL secondary persistent volume size | `8Gi` | -| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` | -| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MySQL secondary pod(s) | `[]` | -| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MySQL secondary container(s) | `[]` | -| `secondary.initContainers` | Add additional init containers for the MySQL secondary pod(s) | `[]` | -| `secondary.sidecars` | Add additional sidecar containers for the MySQL secondary pod(s) | `[]` | -| `secondary.service.type` | MySQL secondary Kubernetes service type | `ClusterIP` | -| `secondary.service.port` | MySQL secondary Kubernetes service port | `3306` | -| `secondary.service.nodePort` | MySQL secondary Kubernetes service node port | `""` | -| `secondary.service.clusterIP` | MySQL secondary Kubernetes service clusterIP IP | `""` | -| `secondary.service.loadBalancerIP` | MySQL secondary loadBalancerIP if service type is `LoadBalancer` | `""` | -| `secondary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `secondary.service.loadBalancerSourceRanges` | Addresses that are allowed when MySQL secondary service is LoadBalancer | `[]` | -| `secondary.service.annotations` | Provide any additional annotations which may be required | `{}` | -| `secondary.pdb.enabled` | Enable/disable a Pod Disruption Budget creation for MySQL secondary pods | `false` | -| `secondary.pdb.minAvailable` | Minimum number/percentage of MySQL secondary pods that should remain scheduled | `1` | -| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MySQL secondary pods that may be made unavailable | `""` | -| `secondary.podLabels` | Additional pod labels for MySQL secondary pods | `{}` | - - -### RBAC parameters - -| Name | Description | Value | -| ---------------------------- | ------------------------------------------------------ | ------- | -| `serviceAccount.create` | Enable the creation of a ServiceAccount for MySQL pods | `true` | -| `serviceAccount.name` | Name of the created ServiceAccount | `""` | -| `serviceAccount.annotations` | Annotations for MySQL Service Account | `{}` | -| `rbac.create` | Whether to create & use RBAC resources or not | `false` | - - -### Network Policy - -| Name | Description | Value | -| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------- | ------- | -| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` | -| `networkPolicy.allowExternal` | The Policy model to apply. | `true` | -| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed to MySQL | `{}` | - - -### Volume Permissions parameters - -| Name | Description | Value | -| ------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `10-debian-10-r408` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources` | Init container volume-permissions resources | `{}` | - - -### Metrics parameters - -| Name | Description | Value | -| -------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------------------- | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Exporter image registry | `docker.io` | -| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` | -| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-10-r52` | -| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.service.type` | Kubernetes service type for MySQL Prometheus Exporter | `ClusterIP` | -| `metrics.service.port` | MySQL Prometheus Exporter service port | `9104` | -| `metrics.service.annotations` | Prometheus exporter service annotations | `{}` | -| `metrics.extraArgs.primary` | Extra args to be passed to mysqld_exporter on Primary pods | `[]` | -| `metrics.extraArgs.secondary` | Extra args to be passed to mysqld_exporter on Secondary pods | `[]` | -| `metrics.resources.limits` | The resources limits for MySQL prometheus exporter containers | `{}` | -| `metrics.resources.requests` | The requested resources for MySQL prometheus exporter containers | `{}` | -| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | Specify the namespace in which the serviceMonitor resource will be created | `""` | -| `metrics.serviceMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.relabellings` | Specify Metric Relabellings to add to the scrape endpoint | `[]` | -| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with | `{}` | - - -The above parameters map to the env variables defined in [bitnami/mysql](https://github.com/bitnami/bitnami-docker-mysql). For more information please refer to the [bitnami/mysql](https://github.com/bitnami/bitnami-docker-mysql) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -$ helm install my-release \ - --set auth.rootPassword=secretpassword,auth.database=app_database \ - bitnami/mysql -``` - -The above command sets the MySQL `root` account password to `secretpassword`. Additionally it creates a database named `app_database`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install my-release -f values.yaml bitnami/mysql -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Use a different MySQL version - -To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/mysql/configuration/change-image-version/). - -### Customize a new MySQL instance - -The [Bitnami MySQL](https://github.com/bitnami/bitnami-docker-mysql) image allows you to use your custom scripts to initialize a fresh instance. Custom scripts may be specified using the `initdbScripts` parameter. Alternatively, an external ConfigMap may be created with all the initialization scripts and the ConfigMap passed to the chart via the `initdbScriptsConfigMap` parameter. Note that this will override the `initdbScripts` parameter. - -The allowed extensions are `.sh`, `.sql` and `.sql.gz`. - -These scripts are treated differently depending on their extension. While `.sh` scripts are executed on all the nodes, `.sql` and `.sql.gz` scripts are only executed on the primary nodes. This is because `.sh` scripts support conditional tests to identify the type of node they are running on, while such tests are not supported in `.sql` or `sql.gz` files. - -Refer to the [chart documentation for more information and a usage example](http://docs.bitnami.com/kubernetes/infrastructure/mysql/configuration/customize-new-instance/). - -### Sidecars and Init Containers - -If you have a need for additional containers to run within the same pod as MySQL, you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. - -```yaml -sidecars: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -Similarly, you can add extra init containers using the `initContainers` parameter. - -```yaml -initContainers: - - name: your-image-name - image: your-image - imagePullPolicy: Always - ports: - - name: portname - containerPort: 1234 -``` - -## Persistence - -The [Bitnami MySQL](https://github.com/bitnami/bitnami-docker-mysql) image stores the MySQL data and configurations at the `/bitnami/mysql` path of the container. - -The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) volume at this location. The volume is created using dynamic volume provisioning by default. An existing PersistentVolumeClaim can also be defined for this purpose. - -If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/). - -## Network Policy - -To enable network policy for MySQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. - -For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: - -```console -$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" -``` - -With NetworkPolicy enabled, traffic will be limited to just port 3306. - -For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to MySQL. -This label will be displayed in the output of a successful install. - -## Pod affinity - -This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -It's necessary to set the `auth.rootPassword` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Administrator credentials' section. Please note down the password and run the command below to upgrade your chart: - -```bash -$ helm upgrade my-release bitnami/mysql --set auth.rootPassword=[ROOT_PASSWORD] -``` - -| Note: you need to substitute the placeholder _[ROOT_PASSWORD]_ with the value obtained in the installation notes. - -### To 8.0.0 - -- Several parameters were renamed or disappeared in favor of new ones on this major version: - - The terms *master* and *slave* have been replaced by the terms *primary* and *secondary*. Therefore, parameters prefixed with `master` or `slave` are now prefixed with `primary` or `secondary`, respectively. - - Credentials parameters are reorganized under the `auth` parameter. - - `replication.enabled` parameter is deprecated in favor of `architecture` parameter that accepts two values: `standalone` and `replication`. -- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). -- This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -Consequences: - -- Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new release of the MySQL chart, and migrate the data from your previous release. You have 2 alternatives to do so: - - Create a backup of the database, and restore it on the new release using tools such as [mysqldump](https://dev.mysql.com/doc/refman/8.0/en/mysqldump.html). - - Reuse the PVC used to hold the master data on your previous release. To do so, use the `primary.persistence.existingClaim` parameter. The following example assumes that the release name is `mysql`: - -```bash -$ helm install mysql bitnami/mysql --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC] -``` - -| Note: you need to substitute the placeholder _[EXISTING_PVC]_ with the name of the PVC used on your previous release, and _[ROOT_PASSWORD]_ with the root password used in your previous release. - -### To 7.0.0 - -[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/mysql/administration/upgrade-helm3/). - -### To 3.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 3.0.0. The following example assumes that the release name is mysql: - -```console -$ kubectl delete statefulset mysql-master --cascade=false -$ kubectl delete statefulset mysql-slave --cascade=false -``` - -## License - -Copyright © 2022 Bitnami - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/.helmignore b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/Chart.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/Chart.yaml deleted file mode 100644 index e8d2db9..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 1.13.1 -description: A Library Helm Chart for grouping common logic between bitnami charts. - This chart is not deployable by itself. -home: https://github.com/bitnami/charts/tree/master/bitnami/common -icon: https://bitnami.com/downloads/logos/bitnami-mark.png -keywords: -- common -- helper -- template -- function -- bitnami -maintainers: -- email: containers@bitnami.com - name: Bitnami -name: common -sources: -- https://github.com/bitnami/charts -- https://www.bitnami.com/ -type: library -version: 1.13.1 diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/README.md b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/README.md deleted file mode 100644 index 88d13b1..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/README.md +++ /dev/null @@ -1,347 +0,0 @@ -# Bitnami Common Library Chart - -A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. - -## TL;DR - -```yaml -dependencies: - - name: common - version: 1.x.x - repository: https://charts.bitnami.com/bitnami -``` - -```bash -$ helm dependency update -``` - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} -data: - myvalue: "Hello World" -``` - -## Introduction - -This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.2.0+ - -## Parameters - -The following table lists the helpers available in the library which are scoped in different sections. - -### Affinities - -| Helper identifier | Description | Expected Input | -|-------------------------------|------------------------------------------------------|------------------------------------------------| -| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | -| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | - -### Capabilities - -| Helper identifier | Description | Expected Input | -|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| -| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | -| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | -| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | -| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | -| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | -| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | -| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | -| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context | -| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context | -| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context | -| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | - -### Errors - -| Helper identifier | Description | Expected Input | -|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| -| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | - -### Images - -| Helper identifier | Description | Expected Input | -|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| -| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | -| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | -| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` | - -### Ingress - -| Helper identifier | Description | Expected Input | -|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | -| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | -| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | -| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` | - -### Labels - -| Helper identifier | Description | Expected Input | -|-----------------------------|-----------------------------------------------------------------------------|-------------------| -| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | -| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context | - -### Names - -| Helper identifier | Description | Expected Input | -|--------------------------|------------------------------------------------------------|-------------------| -| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | -| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | -| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context | -| `common.names.chart` | Chart name plus version | `.` Chart context | - -### Secrets - -| Helper identifier | Description | Expected Input | -|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | -| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | -| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | -| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | - -### Storage - -| Helper identifier | Description | Expected Input | -|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| -| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | - -### TplValues - -| Helper identifier | Description | Expected Input | -|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | - -### Utils - -| Helper identifier | Description | Expected Input | -|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| -| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | -| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | -| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | -| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | - -### Validations - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | -| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | -| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | -| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | -| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis™ are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | -| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | -| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | - -### Warnings - -| Helper identifier | Description | Expected Input | -|------------------------------|----------------------------------|------------------------------------------------------------| -| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | - -## Special input schemas - -### ImageRoot - -```yaml -registry: - type: string - description: Docker registry where the image is located - example: docker.io - -repository: - type: string - description: Repository and image name - example: bitnami/nginx - -tag: - type: string - description: image tag - example: 1.16.1-debian-10-r63 - -pullPolicy: - type: string - description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - -pullSecrets: - type: array - items: - type: string - description: Optionally specify an array of imagePullSecrets (evaluated as templates). - -debug: - type: boolean - description: Set to true if you would like to see extra information on logs - example: false - -## An instance would be: -# registry: docker.io -# repository: bitnami/nginx -# tag: 1.16.1-debian-10-r63 -# pullPolicy: IfNotPresent -# debug: false -``` - -### Persistence - -```yaml -enabled: - type: boolean - description: Whether enable persistence. - example: true - -storageClass: - type: string - description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. - example: "-" - -accessMode: - type: string - description: Access mode for the Persistent Volume Storage. - example: ReadWriteOnce - -size: - type: string - description: Size the Persistent Volume Storage. - example: 8Gi - -path: - type: string - description: Path to be persisted. - example: /bitnami - -## An instance would be: -# enabled: true -# storageClass: "-" -# accessMode: ReadWriteOnce -# size: 8Gi -# path: /bitnami -``` - -### ExistingSecret - -```yaml -name: - type: string - description: Name of the existing secret. - example: mySecret -keyMapping: - description: Mapping between the expected key name and the name of the key in the existing secret. - type: object - -## An instance would be: -# name: mySecret -# keyMapping: -# password: myPasswordKey -``` - -#### Example of use - -When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. - -```yaml -# templates/secret.yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: - app: {{ include "common.names.fullname" . }} -type: Opaque -data: - password: {{ .Values.password | b64enc | quote }} - -# templates/dpl.yaml ---- -... - env: - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} - key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} -... - -# values.yaml ---- -name: mySecret -keyMapping: - password: myPasswordKey -``` - -### ValidateValue - -#### NOTES.txt - -```console -{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} - -{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} -``` - -If we force those values to be empty we will see some alerts - -```console -$ helm install test mychart --set path.to.value00="",path.to.value01="" - 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: - - export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) - - 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: - - export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) -``` - -## Upgrading - -### To 1.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -## License - -Copyright © 2022 Bitnami - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_affinities.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_affinities.tpl deleted file mode 100644 index 189ea40..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_affinities.tpl +++ /dev/null @@ -1,102 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a soft nodeAffinity definition -{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.soft" -}} -preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} - weight: 1 -{{- end -}} - -{{/* -Return a hard nodeAffinity definition -{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.hard" -}} -requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} -{{- end -}} - -{{/* -Return a nodeAffinity definition -{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.nodes.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.nodes.hard" . -}} - {{- end -}} -{{- end -}} - -{{/* -Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} -*/}} -{{- define "common.affinities.pods.soft" -}} -{{- $component := default "" .component -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - namespaces: - - {{ .context.Release.Namespace | quote }} - topologyKey: kubernetes.io/hostname - weight: 1 -{{- end -}} - -{{/* -Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} -*/}} -{{- define "common.affinities.pods.hard" -}} -{{- $component := default "" .component -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - namespaces: - - {{ .context.Release.Namespace | quote }} - topologyKey: kubernetes.io/hostname -{{- end -}} - -{{/* -Return a podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.pods" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.pods.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.pods.hard" . -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_capabilities.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_capabilities.tpl deleted file mode 100644 index 4ec8321..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_capabilities.tpl +++ /dev/null @@ -1,139 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "common.capabilities.kubeVersion" -}} -{{- if .Values.global }} - {{- if .Values.global.kubeVersion }} - {{- .Values.global.kubeVersion -}} - {{- else }} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} - {{- end -}} -{{- else }} -{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for poddisruptionbudget. -*/}} -{{- define "common.capabilities.policy.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "common.capabilities.networkPolicy.apiVersion" -}} -{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for cronjob. -*/}} -{{- define "common.capabilities.cronjob.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "batch/v1beta1" -}} -{{- else -}} -{{- print "batch/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "common.capabilities.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apps/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- if .Values.ingress -}} -{{- if .Values.ingress.apiVersion -}} -{{- .Values.ingress.apiVersion -}} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end }} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for RBAC resources. -*/}} -{{- define "common.capabilities.rbac.apiVersion" -}} -{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "rbac.authorization.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "rbac.authorization.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for CRDs. -*/}} -{{- define "common.capabilities.crd.apiVersion" -}} -{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiextensions.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiextensions.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for APIService. -*/}} -{{- define "common.capabilities.apiService.apiVersion" -}} -{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiregistration.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiregistration.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the used Helm version is 3.3+. -A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. -This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. -**To be removed when the catalog's minimun Helm version is 3.3** -*/}} -{{- define "common.capabilities.supportsHelmVersion" -}} -{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_errors.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_errors.tpl deleted file mode 100644 index a79cc2e..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_errors.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} - {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} - {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} - {{- $errorString = print $errorString "\n%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_images.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_images.tpl deleted file mode 100644 index 42ffbc7..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_images.tpl +++ /dev/null @@ -1,75 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := .imageRoot.registry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $tag := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.imageRegistry }} - {{- $registryName = .global.imageRegistry -}} - {{- end -}} -{{- end -}} -{{- if $registryName }} -{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- else -}} -{{- printf "%s:%s" $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "common.images.renderPullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_ingress.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_ingress.tpl deleted file mode 100644 index 8caf73a..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_ingress.tpl +++ /dev/null @@ -1,68 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Generate backend entry that is compatible with all Kubernetes API versions. - -Usage: -{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} - -Params: - - serviceName - String. Name of an existing service backend - - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.ingress.backend" -}} -{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} -{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} -serviceName: {{ .serviceName }} -servicePort: {{ .servicePort }} -{{- else -}} -service: - name: {{ .serviceName }} - port: - {{- if typeIs "string" .servicePort }} - name: {{ .servicePort }} - {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} - number: {{ .servicePort | int }} - {{- end }} -{{- end -}} -{{- end -}} - -{{/* -Print "true" if the API pathType field is supported -Usage: -{{ include "common.ingress.supportsPathType" . }} -*/}} -{{- define "common.ingress.supportsPathType" -}} -{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the ingressClassname field is supported -Usage: -{{ include "common.ingress.supportsIngressClassname" . }} -*/}} -{{- define "common.ingress.supportsIngressClassname" -}} -{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if cert-manager required annotations for TLS signed -certificates are set in the Ingress annotations -Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations -Usage: -{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} -*/}} -{{- define "common.ingress.certManagerRequest" -}} -{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_labels.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_labels.tpl deleted file mode 100644 index 252066c..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,18 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Kubernetes standard labels -*/}} -{{- define "common.labels.standard" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector -*/}} -{{- define "common.labels.matchLabels" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_names.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_names.tpl deleted file mode 100644 index c8574d1..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_names.tpl +++ /dev/null @@ -1,63 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified dependency name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -Usage: -{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} -*/}} -{{- define "common.names.dependency.fullname" -}} -{{- if .chartValues.fullnameOverride -}} -{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .chartName .chartValues.nameOverride -}} -{{- if contains $name .context.Release.Name -}} -{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts. -*/}} -{{- define "common.names.namespace" -}} -{{- if .Values.namespaceOverride -}} -{{- .Values.namespaceOverride -}} -{{- else -}} -{{- .Release.Namespace -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_secrets.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_secrets.tpl deleted file mode 100644 index a53fb44..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_secrets.tpl +++ /dev/null @@ -1,140 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- if not (typeIs "string" .) -}} -{{- with .name -}} -{{- $name = . -}} -{{- end -}} -{{- else -}} -{{- $name = . -}} -{{- end -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if not (typeIs "string" .existingSecret) -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} - {{- end }} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Generate secret password or retrieve one if already created. - -Usage: -{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - length - int - Optional - Length of the generated random password. - - strong - Boolean - Optional - Whether to add symbols to the generated random password. - - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - - context - Context - Required - Parent context. - -The order in which this function returns a secret password: - 1. Already existing 'Secret' resource - (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) - 2. Password provided via the values.yaml - (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) - 3. Randomly generated secret password - (A new random secret password with the length specified in the 'length' parameter will be generated and returned) - -*/}} -{{- define "common.secrets.passwords.manage" -}} - -{{- $password := "" }} -{{- $subchart := "" }} -{{- $chartName := default "" .chartName }} -{{- $passwordLength := default 10 .length }} -{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} -{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} -{{- $secretData := (lookup "v1" "Secret" $.context.Release.Namespace .secret).data }} -{{- if $secretData }} - {{- if hasKey $secretData .key }} - {{- $password = index $secretData .key }} - {{- else }} - {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} - {{- end -}} -{{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString | b64enc | quote }} -{{- else }} - - {{- if .context.Values.enabled }} - {{- $subchart = $chartName }} - {{- end -}} - - {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - {{- $passwordValidationErrors := list $requiredPasswordError -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} - - {{- if .strong }} - {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} - {{- $password = randAscii $passwordLength }} - {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} - {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} - {{- else }} - {{- $password = randAlphaNum $passwordLength | b64enc | quote }} - {{- end }} -{{- end -}} -{{- printf "%s" $password -}} -{{- end -}} - -{{/* -Returns whether a previous generated secret already exists - -Usage: -{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.exists" -}} -{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} -{{- if $secret }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_storage.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_storage.tpl deleted file mode 100644 index 60e2a84..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_storage.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} - -{{- $storageClass := .persistence.storageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.storageClass -}} - {{- end -}} -{{- end -}} - -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} - -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_tplvalues.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_tplvalues.tpl deleted file mode 100644 index 2db1668..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,13 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_utils.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_utils.tpl deleted file mode 100644 index ea083a2..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_utils.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} - -{{/* -Gets a value from .Values given -Usage: -{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} -*/}} -{{- define "common.utils.getValueFromKey" -}} -{{- $splitKey := splitList "." .key -}} -{{- $value := "" -}} -{{- $latestObj := $.context.Values -}} -{{- range $splitKey -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} - {{- end -}} - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} -{{- end -}} -{{- printf "%v" (default "" $value) -}} -{{- end -}} - -{{/* -Returns first .Values key with a defined value or first of the list if all non-defined -Usage: -{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} -*/}} -{{- define "common.utils.getKeyFromList" -}} -{{- $key := first .keys -}} -{{- $reverseKeys := reverse .keys }} -{{- range $reverseKeys }} - {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} - {{- if $value -}} - {{- $key = . }} - {{- end -}} -{{- end -}} -{{- printf "%s" $key -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_warnings.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_warnings.tpl deleted file mode 100644 index ae10fa4..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/_warnings.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} - -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_cassandra.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_cassandra.tpl deleted file mode 100644 index ded1ae3..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_cassandra.tpl +++ /dev/null @@ -1,72 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Cassandra required passwords are not empty. - -Usage: -{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.cassandra.passwords" -}} - {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} - {{- $enabled := include "common.cassandra.values.enabled" . -}} - {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} - {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.dbUser.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled cassandra. - -Usage: -{{ include "common.cassandra.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.cassandra.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.cassandra.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key dbUser - -Usage: -{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.key.dbUser" -}} - {{- if .subchart -}} - cassandra.dbUser - {{- else -}} - dbUser - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_mariadb.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_mariadb.tpl deleted file mode 100644 index b6906ff..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_mariadb.tpl +++ /dev/null @@ -1,103 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MariaDB required passwords are not empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mariadb.values.enabled" . -}} - {{- $architecture := include "common.mariadb.values.architecture" . -}} - {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mariadb. - -Usage: -{{ include "common.mariadb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mariadb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mariadb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.key.auth" -}} - {{- if .subchart -}} - mariadb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_mongodb.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_mongodb.tpl deleted file mode 100644 index a071ea4..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_mongodb.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MongoDB® required passwords are not empty. - -Usage: -{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mongodb.passwords" -}} - {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mongodb.values.enabled" . -}} - {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} - {{- $architecture := include "common.mongodb.values.architecture" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} - {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} - - {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} - {{- if and $valueUsername $valueDatabase -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replicaset") -}} - {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mongodb. - -Usage: -{{ include "common.mongodb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mongodb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mongodb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.key.auth" -}} - {{- if .subchart -}} - mongodb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_postgresql.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_postgresql.tpl deleted file mode 100644 index 164ec0d..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_postgresql.tpl +++ /dev/null @@ -1,129 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate PostgreSQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- if (eq $enabledReplication "true") -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.replication.enabled -}} - {{- else -}} - {{- printf "%v" .context.Values.replication.enabled -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_redis.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_redis.tpl deleted file mode 100644 index 5d72959..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_redis.tpl +++ /dev/null @@ -1,76 +0,0 @@ - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Redis™ required passwords are not empty. - -Usage: -{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.redis.passwords" -}} - {{- $enabled := include "common.redis.values.enabled" . -}} - {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} - {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} - - {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} - {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} - - {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} - {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} - {{- if eq $useAuth "true" -}} - {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled redis. - -Usage: -{{ include "common.redis.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.redis.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.redis.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right prefix path for the values - -Usage: -{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.redis.values.keys.prefix" -}} - {{- if .subchart -}}redis.{{- else -}}{{- end -}} -{{- end -}} - -{{/* -Checks whether the redis chart's includes the standarizations (version >= 14) - -Usage: -{{ include "common.redis.values.standarized.version" (dict "context" $) }} -*/}} -{{- define "common.redis.values.standarized.version" -}} - - {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} - {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} - - {{- if $standarizedAuthValues -}} - {{- true -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_validations.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_validations.tpl deleted file mode 100644 index 9a814cf..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/templates/validations/_validations.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" - - subchart - String - Optional - Name of the subchart that the validated password is part of. -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} - {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/values.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/values.yaml deleted file mode 100644 index f2df68e..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/charts/common/values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -## bitnami/common -## It is required by CI/CD tools and processes. -## @skip exampleValue -## -exampleValue: common-chart diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/ci/values-production-with-rbac.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/ci/values-production-with-rbac.yaml deleted file mode 100644 index d3370c9..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/ci/values-production-with-rbac.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# Test values file for generating all of the yaml and check that -# the rendering is correct - -architecture: replication -auth: - usePasswordFiles: true - -primary: - extraEnvVars: - - name: TEST - value: "3" - podDisruptionBudget: - create: true - -secondary: - replicaCount: 2 - extraEnvVars: - - name: TEST - value: "2" - podDisruptionBudget: - create: true - -serviceAccount: - create: true - name: mysql-service-account -rbac: - create: true - -metrics: - enabled: true diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/NOTES.txt b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/NOTES.txt deleted file mode 100644 index f42e081..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/NOTES.txt +++ /dev/null @@ -1,99 +0,0 @@ -CHART NAME: {{ .Chart.Name }} -CHART VERSION: {{ .Chart.Version }} -APP VERSION: {{ .Chart.AppVersion }} - -** Please be patient while the chart is being deployed ** - -{{- if .Values.diagnosticMode.enabled }} -The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: - - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} - -Get the list of pods by executing: - - kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} - -Access the pod you want to debug by executing - - kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash - -In order to replicate the container startup scripts execute this command: - - /opt/bitnami/scripts/mysql/entrypoint.sh /opt/bitnami/scripts/mysql/run.sh - -{{- else }} - -Tip: - - Watch the deployment status using the command: kubectl get pods -w --namespace {{ .Release.Namespace }} - -Services: - - echo Primary: {{ include "mysql.primary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.primary.service.port }} -{{- if eq .Values.architecture "replication" }} - echo Secondary: {{ include "mysql.secondary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.secondary.service.port }} -{{- end }} - -Execute the following to get the administrator credentials: - - echo Username: root - MYSQL_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "mysql.secretName" . }} -o jsonpath="{.data.mysql-root-password}" | base64 --decode) - -To connect to your database: - - 1. Run a pod that you can use as a client: - - kubectl run {{ include "common.names.fullname" . }}-client --rm --tty -i --restart='Never' --image {{ template "mysql.image" . }} --namespace {{ .Release.Namespace }} --env MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD --command -- bash - - 2. To connect to primary service (read/write): - - mysql -h {{ include "mysql.primary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} -uroot -p"$MYSQL_ROOT_PASSWORD" - -{{- if eq .Values.architecture "replication" }} - - 3. To connect to secondary service (read-only): - - mysql -h {{ include "mysql.secondary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} -uroot -p"$MYSQL_ROOT_PASSWORD" -{{- end }} - -{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} -Note: Since NetworkPolicy is enabled, only pods with label {{ template "common.names.fullname" . }}-client=true" will be able to connect to MySQL. -{{- end }} - -{{- if .Values.metrics.enabled }} - -To access the MySQL Prometheus metrics from outside the cluster execute the following commands: - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ printf "%s-metrics" (include "common.names.fullname" .) }} {{ .Values.metrics.service.port }}:{{ .Values.metrics.service.port }} & - curl http://127.0.0.1:{{ .Values.metrics.service.port }}/metrics - -{{- end }} - -To upgrade this helm chart: - - 1. Obtain the password as described on the 'Administrator credentials' section and set the 'root.password' parameter as shown below: - - ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath="{.data.mysql-root-password}" | base64 --decode) - helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} bitnami/mysql --set auth.rootPassword=$ROOT_PASSWORD - -{{ include "mysql.validateValues" . }} -{{ include "mysql.checkRollingTags" . }} -{{- if and (not .Values.auth.existingSecret) (not .Values.auth.customPasswordFiles) -}} - {{- $secretName := include "mysql.secretName" . -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" "auth.rootPassword" "secret" $secretName "field" "mysql-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- if not (empty .Values.auth.username) -}} - {{- $requiredPassword := dict "valueKey" "auth.password" "secret" $secretName "field" "mysql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq .Values.architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" "auth.replicationPassword" "secret" $secretName "field" "mysql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} -{{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/_helpers.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/_helpers.tpl deleted file mode 100644 index 98b2346..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/_helpers.tpl +++ /dev/null @@ -1,192 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{- define "mysql.primary.fullname" -}} -{{- if eq .Values.architecture "replication" }} -{{- printf "%s-%s" (include "common.names.fullname" .) "primary" | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- include "common.names.fullname" . -}} -{{- end -}} -{{- end -}} - -{{- define "mysql.secondary.fullname" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) "secondary" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the proper MySQL image name -*/}} -{{- define "mysql.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper metrics image name -*/}} -{{- define "mysql.metrics.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "mysql.volumePermissions.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "mysql.imagePullSecrets" -}} -{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }} -{{- end -}} - -{{ template "mysql.initdbScriptsCM" . }} -{{/* -Get the initialization scripts ConfigMap name. -*/}} -{{- define "mysql.initdbScriptsCM" -}} -{{- if .Values.initdbScriptsConfigMap -}} - {{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}} -{{- else -}} - {{- printf "%s-init-scripts" (include "mysql.primary.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* - Returns the proper service account name depending if an explicit service account name is set - in the values file. If the name is not set it will default to either mysql.fullname if serviceAccount.create - is true or default otherwise. -*/}} -{{- define "mysql.serviceAccountName" -}} - {{- if .Values.serviceAccount.create -}} - {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} - {{- else -}} - {{ default "default" .Values.serviceAccount.name }} - {{- end -}} -{{- end -}} - -{{/* -Return the configmap with the MySQL Primary configuration -*/}} -{{- define "mysql.primary.configmapName" -}} -{{- if .Values.primary.existingConfigmap -}} - {{- printf "%s" (tpl .Values.primary.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s" (include "mysql.primary.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created for MySQL Secondary -*/}} -{{- define "mysql.primary.createConfigmap" -}} -{{- if and .Values.primary.configuration (not .Values.primary.existingConfigmap) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return the configmap with the MySQL Primary configuration -*/}} -{{- define "mysql.secondary.configmapName" -}} -{{- if .Values.secondary.existingConfigmap -}} - {{- printf "%s" (tpl .Values.secondary.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s" (include "mysql.secondary.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created for MySQL Secondary -*/}} -{{- define "mysql.secondary.createConfigmap" -}} -{{- if and (eq .Values.architecture "replication") .Values.secondary.configuration (not .Values.secondary.existingConfigmap) }} - {{- true -}} -{{- else -}} -{{- end -}} -{{- end -}} - -{{/* -Return the secret with MySQL credentials -*/}} -{{- define "mysql.secretName" -}} - {{- if .Values.auth.existingSecret -}} - {{- printf "%s" (tpl .Values.auth.existingSecret $) -}} - {{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} - {{- end -}} -{{- end -}} - -{{/* -Return true if a secret object should be created for MySQL -*/}} -{{- define "mysql.createSecret" -}} -{{- if and (not .Values.auth.existingSecret) (not .Values.auth.customPasswordFiles) }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Returns the available value for certain key in an existing secret (if it exists), -otherwise it generates a random value. -*/}} -{{- define "getValueFromSecret" }} - {{- $len := (default 16 .Length) | int -}} - {{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} - {{- if $obj }} - {{- index $obj .Key | b64dec -}} - {{- else -}} - {{- randAlphaNum $len -}} - {{- end -}} -{{- end }} - -{{- define "mysql.root.password" -}} - {{- if not (empty .Values.auth.rootPassword) }} - {{- .Values.auth.rootPassword }} - {{- else if (not .Values.auth.forcePassword) }} - {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "mysql-root-password") }} - {{- else }} - {{- required "A MySQL Root Password is required!" .Values.auth.rootPassword }} - {{- end }} -{{- end -}} - -{{- define "mysql.password" -}} - {{- if and (not (empty .Values.auth.username)) (not (empty .Values.auth.password)) }} - {{- .Values.auth.password }} - {{- else if (not .Values.auth.forcePassword) }} - {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "mysql-password") }} - {{- else }} - {{- required "A MySQL Database Password is required!" .Values.auth.password }} - {{- end }} -{{- end -}} - -{{- define "mysql.replication.password" -}} - {{- if not (empty .Values.auth.replicationPassword) }} - {{- .Values.auth.replicationPassword }} - {{- else if (not .Values.auth.forcePassword) }} - {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "mysql-replication-password") }} - {{- else }} - {{- required "A MySQL Replication Password is required!" .Values.auth.replicationPassword }} - {{- end }} -{{- end -}} - -{{/* Check if there are rolling tags in the images */}} -{{- define "mysql.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} -{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "mysql.validateValues" -}} -{{- $messages := list -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/extra-list.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/metrics-svc.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/metrics-svc.yaml deleted file mode 100644 index fb0d9d7..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/metrics-svc.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - app.kubernetes.io/component: metrics - {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.metrics.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.metrics.service.type }} - ports: - - port: {{ .Values.metrics.service.port }} - targetPort: metrics - protocol: TCP - name: metrics - selector: {{- include "common.labels.matchLabels" $ | nindent 4 }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/networkpolicy.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/networkpolicy.yaml deleted file mode 100644 index a0d1d01..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/networkpolicy.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ template "common.names.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -spec: - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - ingress: - # Allow inbound connections - - ports: - - port: {{ .Values.primary.service.port }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "common.names.fullname" . }}-client: "true" - {{- if .Values.networkPolicy.explicitNamespacesSelector }} - namespaceSelector: -{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} - {{- end }} - - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 14 }} - {{- end }} - {{- if .Values.metrics.enabled }} - # Allow prometheus scrapes - - ports: - - port: 9104 - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/configmap.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/configmap.yaml deleted file mode 100644 index 540b7b9..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if (include "mysql.primary.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "mysql.primary.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: primary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - my.cnf: |- - {{ .Values.primary.configuration | nindent 4 }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/initialization-configmap.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/initialization-configmap.yaml deleted file mode 100644 index 83cbaea..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/initialization-configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.initdbScripts (not .Values.initdbScriptsConfigMap) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-init-scripts" (include "mysql.primary.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: primary - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- include "common.tplvalues.render" (dict "value" .Values.initdbScripts "context" .) | nindent 2 }} -{{ end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/pdb.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/pdb.yaml deleted file mode 100644 index 106ad52..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/pdb.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.primary.pdb.enabled }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ include "mysql.primary.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: primary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.primary.pdb.minAvailable }} - minAvailable: {{ .Values.primary.pdb.minAvailable }} - {{- end }} - {{- if .Values.primary.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.primary.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: primary -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/statefulset.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/statefulset.yaml deleted file mode 100644 index 6f9c99e..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/statefulset.yaml +++ /dev/null @@ -1,368 +0,0 @@ -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ include "mysql.primary.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: primary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.primary.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.primary.podLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: 1 - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: primary - serviceName: {{ include "mysql.primary.fullname" . }} - updateStrategy: - type: {{ .Values.primary.updateStrategy }} - {{- if (eq "Recreate" .Values.primary.updateStrategy) }} - rollingUpdate: null - {{- else if .Values.primary.rollingUpdatePartition }} - rollingUpdate: - partition: {{ .Values.primary.rollingUpdatePartition }} - {{- end }} - template: - metadata: - annotations: - {{- if (include "mysql.primary.createConfigmap" .) }} - checksum/configuration: {{ include (print $.Template.BasePath "/primary/configmap.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.primary.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: primary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.primary.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.primary.podLabels "context" $ ) | nindent 8 }} - {{- end }} - spec: - {{- include "mysql.imagePullSecrets" . | nindent 6 }} - {{- if .Values.primary.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.primary.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName | quote }} - {{- end }} - serviceAccountName: {{ template "mysql.serviceAccountName" . }} - {{- if .Values.primary.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.primary.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAffinityPreset "component" "primary" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAntiAffinityPreset "component" "primary" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.primary.nodeAffinityPreset.type "key" .Values.primary.nodeAffinityPreset.key "values" .Values.primary.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.primary.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.primary.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.primary.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.primary.podSecurityContext.enabled }} - securityContext: {{- omit .Values.primary.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if or .Values.primary.initContainers (and .Values.primary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.primary.persistence.enabled) }} - initContainers: - {{- if .Values.primary.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.primary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.primary.persistence.enabled }} - - name: volume-permissions - image: {{ include "mysql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - chown -R {{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }} /bitnami/mysql - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: /bitnami/mysql - {{- end }} - {{- end }} - containers: - - name: mysql - image: {{ include "mysql.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.primary.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.primary.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.primary.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.primary.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.primary.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.primary.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - {{- if .Values.auth.usePasswordFiles }} - - name: MYSQL_ROOT_PASSWORD_FILE - value: {{ default "/opt/bitnami/mysql/secrets/mysql-root-password" .Values.auth.customPasswordFiles.root }} - {{- else }} - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-root-password - {{- end }} - {{- if not (empty .Values.auth.username) }} - - name: MYSQL_USER - value: {{ .Values.auth.username | quote }} - {{- if .Values.auth.usePasswordFiles }} - - name: MYSQL_PASSWORD_FILE - value: {{ default "/opt/bitnami/mysql/secrets/mysql-password" .Values.auth.customPasswordFiles.user }} - {{- else }} - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-password - {{- end }} - {{- end }} - - name: MYSQL_DATABASE - value: {{ .Values.auth.database | quote }} - {{- if eq .Values.architecture "replication" }} - - name: MYSQL_REPLICATION_MODE - value: "master" - - name: MYSQL_REPLICATION_USER - value: {{ .Values.auth.replicationUser | quote }} - {{- if .Values.auth.usePasswordFiles }} - - name: MYSQL_REPLICATION_PASSWORD_FILE - value: {{ default "/opt/bitnami/mysql/secrets/mysql-replication-password" .Values.auth.customPasswordFiles.replicator }} - {{- else }} - - name: MYSQL_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-replication-password - {{- end }} - {{- end }} - {{- if .Values.primary.extraFlags }} - - name: MYSQL_EXTRA_FLAGS - value: "{{ .Values.primary.extraFlags }}" - {{- end }} - {{- if .Values.primary.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.primary.extraEnvVarsCM .Values.primary.extraEnvVarsSecret }} - envFrom: - {{- if .Values.primary.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.primary.extraEnvVarsCM }} - {{- end }} - {{- if .Values.primary.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.primary.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: mysql - containerPort: 3306 - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.primary.livenessProbe.enabled }} - livenessProbe: {{- omit .Values.primary.livenessProbe "enabled" | toYaml | nindent 12 }} - exec: - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -p"${password_aux}" - {{- else if .Values.primary.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.primary.readinessProbe.enabled }} - readinessProbe: {{- omit .Values.primary.readinessProbe "enabled" | toYaml | nindent 12 }} - exec: - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -p"${password_aux}" - {{- else if .Values.primary.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.primary.startupProbe.enabled }} - startupProbe: {{- omit .Values.primary.startupProbe "enabled" | toYaml | nindent 12 }} - exec: - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -p"${password_aux}" - {{- else if .Values.primary.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.primary.resources }} - resources: {{ toYaml .Values.primary.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: /bitnami/mysql - {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d - {{- end }} - {{- if or .Values.primary.configuration .Values.primary.existingConfigmap }} - - name: config - mountPath: /opt/bitnami/mysql/conf/my.cnf - subPath: my.cnf - {{- end }} - {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} - - name: mysql-credentials - mountPath: /opt/bitnami/mysql/secrets/ - {{- end }} - {{- if .Values.primary.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ include "mysql.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - env: - {{- if .Values.auth.usePasswordFiles }} - - name: MYSQL_ROOT_PASSWORD_FILE - value: {{ default "/opt/bitnami/mysqld-exporter/secrets/mysql-root-password" .Values.auth.customPasswordFiles.root }} - {{- else }} - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "mysql.secretName" . }} - key: mysql-root-password - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - DATA_SOURCE_NAME="root:${password_aux}@(localhost:3306)/" /bin/mysqld_exporter {{- range .Values.metrics.extraArgs.primary }} {{ . }} {{- end }} - {{- end }} - ports: - - name: metrics - containerPort: 9104 - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.metrics.livenessProbe.enabled }} - livenessProbe: {{- omit .Values.metrics.livenessProbe "enabled" | toYaml | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- if .Values.metrics.readinessProbe.enabled }} - readinessProbe: {{- omit .Values.metrics.readinessProbe "enabled" | toYaml | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} - volumeMounts: - - name: mysql-credentials - mountPath: /opt/bitnami/mysqld-exporter/secrets/ - {{- end }} - {{- end }} - {{- if .Values.primary.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if or .Values.primary.configuration .Values.primary.existingConfigmap }} - - name: config - configMap: - name: {{ include "mysql.primary.configmapName" . }} - {{- end }} - {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} - - name: custom-init-scripts - configMap: - name: {{ include "mysql.initdbScriptsCM" . }} - {{- end }} - {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} - - name: mysql-credentials - secret: - secretName: {{ include "mysql.secretName" . }} - items: - - key: mysql-root-password - path: mysql-root-password - - key: mysql-password - path: mysql-password - {{- if eq .Values.architecture "replication" }} - - key: mysql-replication-password - path: mysql-replication-password - {{- end }} - {{- end }} - {{- if .Values.primary.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.primary.persistence.enabled .Values.primary.persistence.existingClaim }} - - name: data - persistentVolumeClaim: - claimName: {{ tpl .Values.primary.persistence.existingClaim . }} - {{- else if not .Values.primary.persistence.enabled }} - - name: data - emptyDir: {} - {{- else if and .Values.primary.persistence.enabled (not .Values.primary.persistence.existingClaim) }} - volumeClaimTemplates: - - metadata: - name: data - labels: {{ include "common.labels.matchLabels" . | nindent 10 }} - app.kubernetes.io/component: primary - {{- if .Values.primary.persistence.annotations }} - annotations: - {{- toYaml .Values.primary.persistence.annotations | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.primary.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.primary.persistence.size | quote }} - {{ include "common.storage.class" (dict "persistence" .Values.primary.persistence "global" .Values.global) }} - {{- if .Values.primary.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.selector "context" $) | nindent 10 }} - {{- end -}} - {{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/svc-headless.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/svc-headless.yaml deleted file mode 100644 index 49e6e57..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/svc-headless.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mysql.primary.fullname" . }}-headless - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: primary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: mysql - port: {{ .Values.primary.service.port }} - targetPort: mysql - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: primary diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/svc.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/svc.yaml deleted file mode 100644 index b46e6fa..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/primary/svc.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mysql.primary.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: primary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.primary.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.primary.service.annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.primary.service.type }} - {{- if and (eq .Values.primary.service.type "ClusterIP") .Values.primary.service.clusterIP }} - clusterIP: {{ .Values.primary.service.clusterIP }} - {{- end }} - {{- if and .Values.primary.service.loadBalancerIP (eq .Values.primary.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.primary.service.loadBalancerIP }} - externalTrafficPolicy: {{ .Values.primary.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if and (eq .Values.primary.service.type "LoadBalancer") .Values.primary.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.primary.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - name: mysql - port: {{ .Values.primary.service.port }} - protocol: TCP - targetPort: mysql - {{- if (and (or (eq .Values.primary.service.type "NodePort") (eq .Values.primary.service.type "LoadBalancer")) .Values.primary.service.nodePort) }} - nodePort: {{ .Values.primary.service.nodePort }} - {{- else if eq .Values.primary.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: primary diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/role.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/role.yaml deleted file mode 100644 index 4cbdd5c..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.serviceAccount.create .Values.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/rolebinding.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/rolebinding.yaml deleted file mode 100644 index 90ede32..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.serviceAccount.create .Values.rbac.create }} -kind: RoleBinding -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -subjects: - - kind: ServiceAccount - name: {{ include "mysql.serviceAccountName" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "common.names.fullname" . -}} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secondary/configmap.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secondary/configmap.yaml deleted file mode 100644 index 682e3e1..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secondary/configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if (include "mysql.secondary.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "mysql.secondary.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: secondary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - my.cnf: |- - {{ .Values.secondary.configuration | nindent 4 }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secondary/pdb.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secondary/pdb.yaml deleted file mode 100644 index 49c7e16..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secondary/pdb.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and (eq .Values.architecture "replication") .Values.secondary.pdb.enabled }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ include "mysql.secondary.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: secondary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.secondary.pdb.minAvailable }} - minAvailable: {{ .Values.secondary.pdb.minAvailable }} - {{- end }} - {{- if .Values.secondary.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.secondary.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: secondary -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secondary/statefulset.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secondary/statefulset.yaml deleted file mode 100644 index ef196eb..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secondary/statefulset.yaml +++ /dev/null @@ -1,338 +0,0 @@ -{{- if eq .Values.architecture "replication" }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ include "mysql.secondary.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: secondary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.secondary.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.secondary.podLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.secondary.replicaCount }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: secondary - serviceName: {{ include "mysql.secondary.fullname" . }} - updateStrategy: - type: {{ .Values.secondary.updateStrategy }} - {{- if (eq "Recreate" .Values.secondary.updateStrategy) }} - rollingUpdate: null - {{- else if .Values.secondary.rollingUpdatePartition }} - rollingUpdate: - partition: {{ .Values.secondary.rollingUpdatePartition }} - {{- end }} - template: - metadata: - annotations: - {{- if (include "mysql.secondary.createConfigmap" .) }} - checksum/configuration: {{ include (print $.Template.BasePath "/secondary/configmap.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.secondary.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.secondary.podAnnotations "context" $) | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: secondary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.secondary.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.secondary.podLabels "context" $ ) | nindent 8 }} - {{- end }} - spec: - {{- include "mysql.imagePullSecrets" . | nindent 6 }} - {{- if .Values.secondary.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName | quote }} - {{- end }} - serviceAccountName: {{ include "mysql.serviceAccountName" . }} - {{- if .Values.secondary.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.secondary.podAffinityPreset "component" "secondary" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.secondary.podAntiAffinityPreset "component" "secondary" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.secondary.nodeAffinityPreset.type "key" .Values.secondary.nodeAffinityPreset.key "values" .Values.secondary.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.secondary.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.secondary.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.secondary.podSecurityContext.enabled }} - securityContext: {{- omit .Values.secondary.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if or .Values.secondary.initContainers (and .Values.secondary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.secondary.persistence.enabled) }} - initContainers: - {{- if .Values.secondary.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.secondary.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.secondary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.secondary.persistence.enabled }} - - name: volume-permissions - image: {{ include "mysql.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - chown -R {{ .Values.secondary.containerSecurityContext.runAsUser }}:{{ .Values.secondary.podSecurityContext.fsGroup }} /bitnami/mysql - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: /bitnami/mysql - {{- end }} - {{- end }} - containers: - - name: mysql - image: {{ include "mysql.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.secondary.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.secondary.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.secondary.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.secondary.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: MYSQL_REPLICATION_MODE - value: "slave" - - name: MYSQL_MASTER_HOST - value: {{ include "mysql.primary.fullname" . }} - - name: MYSQL_MASTER_PORT_NUMBER - value: {{ .Values.primary.service.port | quote }} - - name: MYSQL_MASTER_ROOT_USER - value: "root" - - name: MYSQL_REPLICATION_USER - value: {{ .Values.auth.replicationUser | quote }} - {{- if .Values.auth.usePasswordFiles }} - - name: MYSQL_MASTER_ROOT_PASSWORD_FILE - value: {{ default "/opt/bitnami/mysql/secrets/mysql-root-password" .Values.auth.customPasswordFiles.root }} - - name: MYSQL_REPLICATION_PASSWORD_FILE - value: {{ default "/opt/bitnami/mysql/secrets/mysql-replication-password" .Values.auth.customPasswordFiles.replicator }} - {{- else }} - - name: MYSQL_MASTER_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-root-password - - name: MYSQL_REPLICATION_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-replication-password - {{- end }} - {{- if .Values.secondary.extraFlags }} - - name: MYSQL_EXTRA_FLAGS - value: "{{ .Values.secondary.extraFlags }}" - {{- end }} - {{- if .Values.secondary.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.secondary.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.secondary.extraEnvVarsCM .Values.secondary.extraEnvVarsSecret }} - envFrom: - {{- if .Values.secondary.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.secondary.extraEnvVarsCM }} - {{- end }} - {{- if .Values.secondary.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.secondary.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: mysql - containerPort: 3306 - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.secondary.livenessProbe.enabled }} - livenessProbe: {{- omit .Values.secondary.livenessProbe "enabled" | toYaml | nindent 12 }} - exec: - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_MASTER_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_MASTER_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_MASTER_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -p"${password_aux}" - {{- else if .Values.secondary.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.secondary.readinessProbe.enabled }} - readinessProbe: {{- omit .Values.secondary.readinessProbe "enabled" | toYaml | nindent 12 }} - exec: - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_MASTER_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_MASTER_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_MASTER_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -p"${password_aux}" - {{- else if .Values.secondary.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.secondary.startupProbe.enabled }} - startupProbe: {{- omit .Values.secondary.startupProbe "enabled" | toYaml | nindent 12 }} - exec: - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_MASTER_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_MASTER_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_MASTER_ROOT_PASSWORD_FILE") - fi - mysqladmin status -uroot -p"${password_aux}" - {{- else if .Values.secondary.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.secondary.resources }} - resources: {{ toYaml .Values.secondary.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: /bitnami/mysql - {{- if or .Values.secondary.configuration .Values.secondary.existingConfigmap }} - - name: config - mountPath: /opt/bitnami/mysql/conf/my.cnf - subPath: my.cnf - {{- end }} - {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} - - name: mysql-credentials - mountPath: /opt/bitnami/mysql/secrets/ - {{- end }} - {{- if .Values.secondary.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.secondary.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ include "mysql.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - env: - {{- if .Values.auth.usePasswordFiles }} - - name: MYSQL_ROOT_PASSWORD_FILE - value: {{ default "/opt/bitnami/mysqld-exporter/secrets/mysql-root-password" .Values.auth.customPasswordFiles.root }} - {{- else }} - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mysql.secretName" . }} - key: mysql-root-password - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -ec - - | - password_aux="${MYSQL_ROOT_PASSWORD:-}" - if [[ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]]; then - password_aux=$(cat "$MYSQL_ROOT_PASSWORD_FILE") - fi - DATA_SOURCE_NAME="root:${password_aux}@(localhost:3306)/" /bin/mysqld_exporter {{- range .Values.metrics.extraArgs.secondary }} {{ . }} {{- end }} - {{- end }} - ports: - - name: metrics - containerPort: 9104 - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.metrics.livenessProbe.enabled }} - livenessProbe: {{- omit .Values.metrics.livenessProbe "enabled" | toYaml | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- if .Values.metrics.readinessProbe.enabled }} - readinessProbe: {{- omit .Values.metrics.readinessProbe "enabled" | toYaml | nindent 12 }} - httpGet: - path: /metrics - port: metrics - {{- end }} - {{- end }} - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} - volumeMounts: - - name: mysql-credentials - mountPath: /opt/bitnami/mysqld-exporter/secrets/ - {{- end }} - {{- end }} - {{- if .Values.secondary.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.secondary.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if or .Values.secondary.configuration .Values.secondary.existingConfigmap }} - - name: config - configMap: - name: {{ include "mysql.secondary.configmapName" . }} - {{- end }} - {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} - - name: mysql-credentials - secret: - secretName: {{ template "mysql.secretName" . }} - items: - - key: mysql-root-password - path: mysql-root-password - - key: mysql-replication-password - path: mysql-replication-password - {{- end }} - {{- if .Values.secondary.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.secondary.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if not .Values.secondary.persistence.enabled }} - - name: data - emptyDir: {} - {{- else }} - volumeClaimTemplates: - - metadata: - name: data - labels: {{ include "common.labels.matchLabels" . | nindent 10 }} - app.kubernetes.io/component: secondary - {{- if .Values.secondary.persistence.annotations }} - annotations: - {{- toYaml .Values.secondary.persistence.annotations | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.secondary.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.secondary.persistence.size | quote }} - {{ include "common.storage.class" (dict "persistence" .Values.secondary.persistence "global" .Values.global) }} - {{- if .Values.secondary.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.persistence.selector "context" $) | nindent 10 }} - {{- end -}} - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secondary/svc-headless.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secondary/svc-headless.yaml deleted file mode 100644 index 703d8e7..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secondary/svc-headless.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if eq .Values.architecture "replication" }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mysql.secondary.fullname" . }}-headless - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: secondary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: ClusterIP - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: mysql - port: {{ .Values.secondary.service.port }} - targetPort: mysql - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: secondary -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secondary/svc.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secondary/svc.yaml deleted file mode 100644 index 74a4c6e..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secondary/svc.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if eq .Values.architecture "replication" }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "mysql.secondary.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: secondary - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.secondary.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.secondary.service.annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.secondary.service.type }} - {{- if and (eq .Values.secondary.service.type "ClusterIP") .Values.secondary.service.clusterIP }} - clusterIP: {{ .Values.secondary.service.clusterIP }} - {{- end }} - {{- if and .Values.secondary.service.loadBalancerIP (eq .Values.secondary.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.secondary.service.loadBalancerIP }} - externalTrafficPolicy: {{ .Values.secondary.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if and (eq .Values.secondary.service.type "LoadBalancer") .Values.secondary.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.secondary.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - name: mysql - port: {{ .Values.secondary.service.port }} - protocol: TCP - targetPort: mysql - {{- if (and (or (eq .Values.secondary.service.type "NodePort") (eq .Values.secondary.service.type "LoadBalancer")) .Values.secondary.service.nodePort) }} - nodePort: {{ .Values.secondary.service.nodePort }} - {{- else if eq .Values.secondary.service.type "ClusterIP" }} - nodePort: null - {{- end }} - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: secondary -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secrets.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secrets.yaml deleted file mode 100644 index 9412fc3..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/secrets.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if eq (include "mysql.createSecret" .) "true" }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - mysql-root-password: {{ include "mysql.root.password" . | b64enc | quote }} - mysql-password: {{ include "mysql.password" . | b64enc | quote }} - {{- if eq .Values.architecture "replication" }} - mysql-replication-password: {{ include "mysql.replication.password" . | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/serviceaccount.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/serviceaccount.yaml deleted file mode 100644 index 59eb104..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/serviceaccount.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "mysql.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.serviceAccount.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -{{- if (not .Values.auth.customPasswordFiles) }} -secrets: - - name: {{ template "mysql.secretName" . }} -{{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/servicemonitor.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/servicemonitor.yaml deleted file mode 100644 index f082dd5..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/templates/servicemonitor.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- else }} - namespace: {{ .Release.Namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: metrics -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/values.schema.json b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/values.schema.json deleted file mode 100644 index 8021a46..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/values.schema.json +++ /dev/null @@ -1,178 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "architecture": { - "type": "string", - "title": "MySQL architecture", - "form": true, - "description": "Allowed values: `standalone` or `replication`", - "enum": ["standalone", "replication"] - }, - "auth": { - "type": "object", - "title": "Authentication configuration", - "form": true, - "required": ["database", "username", "password"], - "properties": { - "rootPassword": { - "type": "string", - "title": "MySQL root password", - "description": "Defaults to a random 10-character alphanumeric string if not set" - }, - "database": { - "type": "string", - "title": "MySQL custom database name" - }, - "username": { - "type": "string", - "title": "MySQL custom username" - }, - "password": { - "type": "string", - "title": "MySQL custom password" - }, - "replicationUser": { - "type": "string", - "title": "MySQL replication username" - }, - "replicationPassword": { - "type": "string", - "title": "MySQL replication password" - } - } - }, - "primary": { - "type": "object", - "title": "Primary database configuration", - "form": true, - "properties": { - "podSecurityContext": { - "type": "object", - "title": "MySQL primary Pod security context", - "properties": { - "enabled": { - "type": "boolean", - "default": false - }, - "fsGroup": { - "type": "integer", - "default": 1001, - "hidden": { - "value": false, - "path": "primary/podSecurityContext/enabled" - } - } - } - }, - "containerSecurityContext": { - "type": "object", - "title": "MySQL primary container security context", - "properties": { - "enabled": { - "type": "boolean", - "default": false - }, - "runAsUser": { - "type": "integer", - "default": 1001, - "hidden": { - "value": false, - "path": "primary/containerSecurityContext/enabled" - } - } - } - }, - "persistence": { - "type": "object", - "title": "Enable persistence using Persistent Volume Claims", - "properties": { - "enabled": { - "type": "boolean", - "default": true, - "title": "If true, use a Persistent Volume Claim, If false, use emptyDir" - }, - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderUnit": "Gi", - "hidden": { - "value": false, - "path": "primary/persistence/enabled" - } - } - } - } - } - }, - "secondary": { - "type": "object", - "title": "Secondary database configuration", - "form": true, - "properties": { - "podSecurityContext": { - "type": "object", - "title": "MySQL secondary Pod security context", - "properties": { - "enabled": { - "type": "boolean", - "default": false - }, - "fsGroup": { - "type": "integer", - "default": 1001, - "hidden": { - "value": false, - "path": "secondary/podSecurityContext/enabled" - } - } - } - }, - "containerSecurityContext": { - "type": "object", - "title": "MySQL secondary container security context", - "properties": { - "enabled": { - "type": "boolean", - "default": false - }, - "runAsUser": { - "type": "integer", - "default": 1001, - "hidden": { - "value": false, - "path": "secondary/containerSecurityContext/enabled" - } - } - } - }, - "persistence": { - "type": "object", - "title": "Enable persistence using Persistent Volume Claims", - "properties": { - "enabled": { - "type": "boolean", - "default": true, - "title": "If true, use a Persistent Volume Claim, If false, use emptyDir" - }, - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderUnit": "Gi", - "hidden": { - "value": false, - "path": "secondary/persistence/enabled" - } - } - } - } - } - } - } -} \ No newline at end of file diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/values.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/values.yaml deleted file mode 100644 index 3ff7a0e..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/charts/mysql/values.yaml +++ /dev/null @@ -1,1026 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets [array] Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname template -## -fullnameOverride: "" -## @param clusterDomain Cluster domain -## -clusterDomain: cluster.local -## @param commonAnnotations [object] Common annotations to add to all MySQL resources (sub-charts are not considered). Evaluated as a template -## -commonAnnotations: {} -## @param commonLabels [object] Common labels to add to all MySQL resources (sub-charts are not considered). Evaluated as a template -## -commonLabels: {} -## @param extraDeploy [array] Array with extra yaml to deploy with the chart. Evaluated as a template -## -extraDeploy: [] -## @param schedulerName Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -schedulerName: "" - -## Enable diagnostic mode in the deployment -## -diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the deployment - ## - args: - - infinity - -## @section MySQL common parameters - -## Bitnami MySQL image -## ref: https://hub.docker.com/r/bitnami/mysql/tags/ -## @param image.registry MySQL image registry -## @param image.repository MySQL image repository -## @param image.tag MySQL image tag (immutable tags are recommended) -## @param image.pullPolicy MySQL image pull policy -## @param image.pullSecrets [array] Specify docker-registry secret names as an array -## @param image.debug Specify if debug logs should be enabled -## -image: - registry: docker.io - repository: bitnami/mysql - tag: 8.0.29-debian-10-r2 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Set to true if you would like to see extra information on logs - ## It turns BASH and/or NAMI debugging in the image - ## - debug: false -## @param architecture MySQL architecture (`standalone` or `replication`) -## -architecture: standalone -## MySQL Authentication parameters -## -auth: - ## @param auth.rootPassword Password for the `root` user. Ignored if existing secret is provided - ## ref: https://github.com/bitnami/bitnami-docker-mysql#setting-the-root-password-on-first-run - ## - rootPassword: "" - ## @param auth.database Name for a custom database to create - ## ref: https://github.com/bitnami/bitnami-docker-mysql/blob/master/README.md#creating-a-database-on-first-run - ## - database: my_database - ## @param auth.username Name for a custom user to create - ## ref: https://github.com/bitnami/bitnami-docker-mysql/blob/master/README.md#creating-a-database-user-on-first-run - ## - username: "" - ## @param auth.password Password for the new user. Ignored if existing secret is provided - ## - password: "" - ## @param auth.replicationUser MySQL replication user - ## ref: https://github.com/bitnami/bitnami-docker-mysql#setting-up-a-replication-cluster - ## - replicationUser: replicator - ## @param auth.replicationPassword MySQL replication user password. Ignored if existing secret is provided - ## - replicationPassword: "" - ## @param auth.existingSecret Use existing secret for password details. The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password` - ## NOTE: When it's set the auth.rootPassword, auth.password, auth.replicationPassword are ignored. - ## - existingSecret: "" - ## @param auth.forcePassword Force users to specify required passwords - ## - forcePassword: false - ## @param auth.usePasswordFiles Mount credentials as files instead of using an environment variable - ## - usePasswordFiles: false - ## @param auth.customPasswordFiles [object] Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` - ## Example: - ## customPasswordFiles: - ## root: /vault/secrets/mysql-root - ## user: /vault/secrets/mysql-user - ## replicator: /vault/secrets/mysql-replicator - ## - customPasswordFiles: {} -## @param initdbScripts [object] Dictionary of initdb scripts -## Specify dictionary of scripts to be run at first boot -## Example: -## initdbScripts: -## my_init_script.sh: | -## #!/bin/bash -## echo "Do something." -## -initdbScripts: {} -## @param initdbScriptsConfigMap ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) -## -initdbScriptsConfigMap: "" - -## @section MySQL Primary parameters - -primary: - ## @param primary.command [array] Override default container command on MySQL Primary container(s) (useful when using custom images) - ## - command: [] - ## @param primary.args [array] Override default container args on MySQL Primary container(s) (useful when using custom images) - ## - args: [] - ## @param primary.hostAliases [array] Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param primary.configuration [string] Configure MySQL Primary with a custom my.cnf file - ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file - ## - configuration: |- - [mysqld] - default_authentication_plugin=mysql_native_password - skip-name-resolve - explicit_defaults_for_timestamp - basedir=/opt/bitnami/mysql - plugin_dir=/opt/bitnami/mysql/lib/plugin - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - datadir=/bitnami/mysql/data - tmpdir=/opt/bitnami/mysql/tmp - max_allowed_packet=16M - bind-address=0.0.0.0 - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - log-error=/opt/bitnami/mysql/logs/mysqld.log - character-set-server=UTF8 - collation-server=utf8_general_ci - slow_query_log=0 - slow_query_log_file=/opt/bitnami/mysql/logs/mysqld.log - long_query_time=10.0 - - [client] - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - default-character-set=UTF8 - plugin_dir=/opt/bitnami/mysql/lib/plugin - - [manager] - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - ## @param primary.existingConfigmap Name of existing ConfigMap with MySQL Primary configuration. - ## NOTE: When it's set the 'configuration' parameter is ignored - ## - existingConfigmap: "" - ## @param primary.updateStrategy Update strategy type for the MySQL primary statefulset - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: RollingUpdate - ## @param primary.rollingUpdatePartition Partition update strategy for MySQL Primary statefulset - ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions - ## - rollingUpdatePartition: "" - ## @param primary.podAnnotations [object] Additional pod annotations for MySQL primary pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param primary.podAffinityPreset MySQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param primary.podAntiAffinityPreset MySQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## MySQL Primary node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param primary.nodeAffinityPreset.type MySQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param primary.nodeAffinityPreset.key MySQL primary node label key to match Ignored if `primary.affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param primary.nodeAffinityPreset.values [array] MySQL primary node label values to match. Ignored if `primary.affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param primary.affinity [object] Affinity for MySQL primary pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param primary.nodeSelector [object] Node labels for MySQL primary pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param primary.tolerations [array] Tolerations for MySQL primary pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## MySQL primary Pod security context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param primary.podSecurityContext.enabled Enable security context for MySQL primary pods - ## @param primary.podSecurityContext.fsGroup Group ID for the mounted volumes' filesystem - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## MySQL primary container security context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param primary.containerSecurityContext.enabled MySQL primary container securityContext - ## @param primary.containerSecurityContext.runAsUser User ID for the MySQL primary container - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - ## MySQL primary container's resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param primary.resources.limits [object] The resources limits for MySQL primary containers - ## @param primary.resources.requests [object] The requested resources for MySQL primary containers - ## - resources: - ## Example: - ## limits: - ## cpu: 250m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} - ## Configure extra options for liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param primary.livenessProbe.enabled Enable livenessProbe - ## @param primary.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param primary.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param primary.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param primary.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param primary.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - ## Configure extra options for readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param primary.readinessProbe.enabled Enable readinessProbe - ## @param primary.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param primary.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param primary.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param primary.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param primary.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - ## Configure extra options for startupProbe probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param primary.startupProbe.enabled Enable startupProbe - ## @param primary.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param primary.startupProbe.periodSeconds Period seconds for startupProbe - ## @param primary.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param primary.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param primary.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: true - initialDelaySeconds: 15 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 10 - successThreshold: 1 - ## @param primary.customLivenessProbe [object] Override default liveness probe for MySQL primary containers - ## - customLivenessProbe: {} - ## @param primary.customReadinessProbe [object] Override default readiness probe for MySQL primary containers - ## - customReadinessProbe: {} - ## @param primary.customStartupProbe [object] Override default startup probe for MySQL primary containers - ## - customStartupProbe: {} - ## @param primary.extraFlags MySQL primary additional command line flags - ## Can be used to specify command line flags, for example: - ## E.g. - ## extraFlags: "--max-connect-errors=1000 --max_connections=155" - ## - extraFlags: "" - ## @param primary.extraEnvVars [array] Extra environment variables to be set on MySQL primary containers - ## E.g. - ## extraEnvVars: - ## - name: TZ - ## value: "Europe/Paris" - ## - extraEnvVars: [] - ## @param primary.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for MySQL primary containers - ## - extraEnvVarsCM: "" - ## @param primary.extraEnvVarsSecret Name of existing Secret containing extra env vars for MySQL primary containers - ## - extraEnvVarsSecret: "" - ## Enable persistence using Persistent Volume Claims - ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## @param primary.persistence.enabled Enable persistence on MySQL primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir - ## - enabled: true - ## @param primary.persistence.existingClaim Name of an existing `PersistentVolumeClaim` for MySQL primary replicas - ## NOTE: When it's set the rest of persistence parameters are ignored - ## - existingClaim: "" - ## @param primary.persistence.storageClass MySQL primary persistent volume storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param primary.persistence.annotations [object] MySQL primary persistent volume claim annotations - ## - annotations: {} - ## @param primary.persistence.accessModes MySQL primary persistent volume access Modes - ## - accessModes: - - ReadWriteOnce - ## @param primary.persistence.size MySQL primary persistent volume size - ## - size: 8Gi - ## @param primary.persistence.selector [object] Selector to match an existing Persistent Volume - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @param primary.extraVolumes [array] Optionally specify extra list of additional volumes to the MySQL Primary pod(s) - ## - extraVolumes: [] - ## @param primary.extraVolumeMounts [array] Optionally specify extra list of additional volumeMounts for the MySQL Primary container(s) - ## - extraVolumeMounts: [] - ## @param primary.initContainers [array] Add additional init containers for the MySQL Primary pod(s) - ## - initContainers: [] - ## @param primary.sidecars [array] Add additional sidecar containers for the MySQL Primary pod(s) - ## - sidecars: [] - ## MySQL Primary Service parameters - ## - service: - ## @param primary.service.type MySQL Primary K8s service type - ## - type: ClusterIP - ## @param primary.service.port MySQL Primary K8s service port - ## - port: 3306 - ## @param primary.service.nodePort MySQL Primary K8s service node port - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param primary.service.clusterIP MySQL Primary K8s service clusterIP IP - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - ## @param primary.service.loadBalancerIP MySQL Primary loadBalancerIP if service type is `LoadBalancer` - ## Set the LoadBalancer service type to internal only - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param primary.service.externalTrafficPolicy Enable client source IP preservation - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param primary.service.loadBalancerSourceRanges [array] Addresses that are allowed when MySQL Primary service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## E.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param primary.service.annotations [object] Provide any additional annotations which may be required - ## - annotations: {} - ## MySQL primary Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - ## @param primary.pdb.enabled Enable/disable a Pod Disruption Budget creation for MySQL primary pods - ## - enabled: false - ## @param primary.pdb.minAvailable Minimum number/percentage of MySQL primary pods that should remain scheduled - ## - minAvailable: 1 - ## @param primary.pdb.maxUnavailable Maximum number/percentage of MySQL primary pods that may be made unavailable - ## - maxUnavailable: "" - ## @param primary.podLabels [object] MySQL Primary pod label. If labels are same as commonLabels , this will take precedence - ## - podLabels: {} - -## @section MySQL Secondary parameters - -secondary: - ## @param secondary.replicaCount Number of MySQL secondary replicas - ## - replicaCount: 1 - ## @param secondary.hostAliases [array] Deployment pod host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param secondary.command [array] Override default container command on MySQL Secondary container(s) (useful when using custom images) - ## - command: [] - ## @param secondary.args [array] Override default container args on MySQL Secondary container(s) (useful when using custom images) - ## - args: [] - ## @param secondary.configuration [string] Configure MySQL Secondary with a custom my.cnf file - ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file - ## - configuration: |- - [mysqld] - default_authentication_plugin=mysql_native_password - skip-name-resolve - explicit_defaults_for_timestamp - basedir=/opt/bitnami/mysql - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - datadir=/bitnami/mysql/data - tmpdir=/opt/bitnami/mysql/tmp - max_allowed_packet=16M - bind-address=0.0.0.0 - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - log-error=/opt/bitnami/mysql/logs/mysqld.log - character-set-server=UTF8 - collation-server=utf8_general_ci - slow_query_log=0 - slow_query_log_file=/opt/bitnami/mysql/logs/mysqld.log - long_query_time=10.0 - - [client] - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - default-character-set=UTF8 - - [manager] - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - ## @param secondary.existingConfigmap Name of existing ConfigMap with MySQL Secondary configuration. - ## NOTE: When it's set the 'configuration' parameter is ignored - ## - existingConfigmap: "" - ## @param secondary.updateStrategy Update strategy type for the MySQL secondary statefulset - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: RollingUpdate - ## @param secondary.rollingUpdatePartition Partition update strategy for MySQL Secondary statefulset - ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions - ## - rollingUpdatePartition: "" - ## @param secondary.podAnnotations [object] Additional pod annotations for MySQL secondary pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param secondary.podAffinityPreset MySQL secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param secondary.podAntiAffinityPreset MySQL secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## Allowed values: soft, hard - ## - podAntiAffinityPreset: soft - ## MySQL Secondary node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param secondary.nodeAffinityPreset.type MySQL secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param secondary.nodeAffinityPreset.key MySQL secondary node label key to match Ignored if `secondary.affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param secondary.nodeAffinityPreset.values [array] MySQL secondary node label values to match. Ignored if `secondary.affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param secondary.affinity [object] Affinity for MySQL secondary pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set - ## - affinity: {} - ## @param secondary.nodeSelector [object] Node labels for MySQL secondary pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param secondary.tolerations [array] Tolerations for MySQL secondary pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## MySQL secondary Pod security context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param secondary.podSecurityContext.enabled Enable security context for MySQL secondary pods - ## @param secondary.podSecurityContext.fsGroup Group ID for the mounted volumes' filesystem - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## MySQL secondary container security context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param secondary.containerSecurityContext.enabled MySQL secondary container securityContext - ## @param secondary.containerSecurityContext.runAsUser User ID for the MySQL secondary container - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - ## MySQL secondary container's resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param secondary.resources.limits [object] The resources limits for MySQL secondary containers - ## @param secondary.resources.requests [object] The requested resources for MySQL secondary containers - ## - resources: - ## Example: - ## limits: - ## cpu: 250m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} - ## Configure extra options for liveness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param secondary.livenessProbe.enabled Enable livenessProbe - ## @param secondary.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param secondary.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param secondary.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param secondary.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param secondary.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - ## Configure extra options for readiness probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param secondary.readinessProbe.enabled Enable readinessProbe - ## @param secondary.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param secondary.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param secondary.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param secondary.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param secondary.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - ## Configure extra options for startupProbe probe - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param secondary.startupProbe.enabled Enable startupProbe - ## @param secondary.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param secondary.startupProbe.periodSeconds Period seconds for startupProbe - ## @param secondary.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param secondary.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param secondary.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: true - initialDelaySeconds: 15 - periodSeconds: 10 - timeoutSeconds: 1 - failureThreshold: 15 - successThreshold: 1 - ## @param secondary.customLivenessProbe [object] Override default liveness probe for MySQL secondary containers - ## - customLivenessProbe: {} - ## @param secondary.customReadinessProbe [object] Override default readiness probe for MySQL secondary containers - ## - customReadinessProbe: {} - ## @param secondary.customStartupProbe [object] Override default startup probe for MySQL secondary containers - ## - customStartupProbe: {} - ## @param secondary.extraFlags MySQL secondary additional command line flags - ## Can be used to specify command line flags, for example: - ## E.g. - ## extraFlags: "--max-connect-errors=1000 --max_connections=155" - ## - extraFlags: "" - ## @param secondary.extraEnvVars [array] An array to add extra environment variables on MySQL secondary containers - ## E.g. - ## extraEnvVars: - ## - name: TZ - ## value: "Europe/Paris" - ## - extraEnvVars: [] - ## @param secondary.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for MySQL secondary containers - ## - extraEnvVarsCM: "" - ## @param secondary.extraEnvVarsSecret Name of existing Secret containing extra env vars for MySQL secondary containers - ## - extraEnvVarsSecret: "" - ## Enable persistence using Persistent Volume Claims - ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## @param secondary.persistence.enabled Enable persistence on MySQL secondary replicas using a `PersistentVolumeClaim` - ## - enabled: true - ## @param secondary.persistence.storageClass MySQL secondary persistent volume storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "" - ## @param secondary.persistence.annotations [object] MySQL secondary persistent volume claim annotations - ## - annotations: {} - ## @param secondary.persistence.accessModes MySQL secondary persistent volume access Modes - ## - accessModes: - - ReadWriteOnce - ## @param secondary.persistence.size MySQL secondary persistent volume size - ## - size: 8Gi - ## @param secondary.persistence.selector [object] Selector to match an existing Persistent Volume - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @param secondary.extraVolumes [array] Optionally specify extra list of additional volumes to the MySQL secondary pod(s) - ## - extraVolumes: [] - ## @param secondary.extraVolumeMounts [array] Optionally specify extra list of additional volumeMounts for the MySQL secondary container(s) - ## - extraVolumeMounts: [] - ## @param secondary.initContainers [array] Add additional init containers for the MySQL secondary pod(s) - ## - initContainers: [] - ## @param secondary.sidecars [array] Add additional sidecar containers for the MySQL secondary pod(s) - ## - sidecars: [] - ## MySQL Secondary Service parameters - ## - service: - ## @param secondary.service.type MySQL secondary Kubernetes service type - ## - type: ClusterIP - ## @param secondary.service.port MySQL secondary Kubernetes service port - ## - port: 3306 - ## @param secondary.service.nodePort MySQL secondary Kubernetes service node port - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - nodePort: "" - ## @param secondary.service.clusterIP MySQL secondary Kubernetes service clusterIP IP - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - ## @param secondary.service.loadBalancerIP MySQL secondary loadBalancerIP if service type is `LoadBalancer` - ## Set the LoadBalancer service type to internal only - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param secondary.service.externalTrafficPolicy Enable client source IP preservation - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param secondary.service.loadBalancerSourceRanges [array] Addresses that are allowed when MySQL secondary service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## E.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param secondary.service.annotations [object] Provide any additional annotations which may be required - ## - annotations: {} - ## MySQL secondary Pod Disruption Budget configuration - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - ## - pdb: - ## @param secondary.pdb.enabled Enable/disable a Pod Disruption Budget creation for MySQL secondary pods - ## - enabled: false - ## @param secondary.pdb.minAvailable Minimum number/percentage of MySQL secondary pods that should remain scheduled - ## - minAvailable: 1 - ## @param secondary.pdb.maxUnavailable Maximum number/percentage of MySQL secondary pods that may be made unavailable - ## - maxUnavailable: "" - ## @param secondary.podLabels [object] Additional pod labels for MySQL secondary pods - ## - podLabels: {} - -## @section RBAC parameters - -## MySQL pods ServiceAccount -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## -serviceAccount: - ## @param serviceAccount.create Enable the creation of a ServiceAccount for MySQL pods - ## - create: true - ## @param serviceAccount.name Name of the created ServiceAccount - ## If not set and create is true, a name is generated using the mysql.fullname template - ## - name: "" - ## @param serviceAccount.annotations [object] Annotations for MySQL Service Account - ## - annotations: {} -## Role Based Access -## ref: https://kubernetes.io/docs/admin/authorization/rbac/ -## -rbac: - ## @param rbac.create Whether to create & use RBAC resources or not - ## - create: false - -## @section Network Policy - -## MySQL Nework Policy configuration -## -networkPolicy: - ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources - ## - enabled: false - ## @param networkPolicy.allowExternal The Policy model to apply. - ## When set to false, only pods with the correct - ## client label will have network access to the port MySQL is listening - ## on. When true, MySQL will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param networkPolicy.explicitNamespacesSelector [object] A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed to MySQL - ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the DB. - ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - ## - explicitNamespacesSelector: {} - -## @section Volume Permissions parameters - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image repository - ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets [array] Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 10-debian-10-r409 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param volumePermissions.resources [object] Init container volume-permissions resources - ## - resources: {} - -## @section Metrics parameters - -## Mysqld Prometheus exporter parameters -## -metrics: - ## @param metrics.enabled Start a side-car prometheus exporter - ## - enabled: false - ## @param metrics.image.registry Exporter image registry - ## @param metrics.image.repository Exporter image repository - ## @param metrics.image.tag Exporter image tag (immutable tags are recommended) - ## @param metrics.image.pullPolicy Exporter image pull policy - ## @param metrics.image.pullSecrets [array] Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/mysqld-exporter - tag: 0.14.0-debian-10-r53 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## MySQL Prometheus exporter service parameters - ## Mysqld Prometheus exporter liveness and readiness probes - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param metrics.service.type Kubernetes service type for MySQL Prometheus Exporter - ## @param metrics.service.port MySQL Prometheus Exporter service port - ## @param metrics.service.annotations [object] Prometheus exporter service annotations - ## - service: - type: ClusterIP - port: 9104 - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.metrics.service.port }}" - ## @param metrics.extraArgs.primary [array] Extra args to be passed to mysqld_exporter on Primary pods - ## @param metrics.extraArgs.secondary [array] Extra args to be passed to mysqld_exporter on Secondary pods - ## ref: https://github.com/prometheus/mysqld_exporter/ - ## E.g. - ## - --collect.auto_increment.columns - ## - --collect.binlog_size - ## - --collect.engine_innodb_status - ## - --collect.engine_tokudb_status - ## - --collect.global_status - ## - --collect.global_variables - ## - --collect.info_schema.clientstats - ## - --collect.info_schema.innodb_metrics - ## - --collect.info_schema.innodb_tablespaces - ## - --collect.info_schema.innodb_cmp - ## - --collect.info_schema.innodb_cmpmem - ## - --collect.info_schema.processlist - ## - --collect.info_schema.processlist.min_time - ## - --collect.info_schema.query_response_time - ## - --collect.info_schema.tables - ## - --collect.info_schema.tables.databases - ## - --collect.info_schema.tablestats - ## - --collect.info_schema.userstats - ## - --collect.perf_schema.eventsstatements - ## - --collect.perf_schema.eventsstatements.digest_text_limit - ## - --collect.perf_schema.eventsstatements.limit - ## - --collect.perf_schema.eventsstatements.timelimit - ## - --collect.perf_schema.eventswaits - ## - --collect.perf_schema.file_events - ## - --collect.perf_schema.file_instances - ## - --collect.perf_schema.indexiowaits - ## - --collect.perf_schema.tableiowaits - ## - --collect.perf_schema.tablelocks - ## - --collect.perf_schema.replication_group_member_stats - ## - --collect.slave_status - ## - --collect.slave_hosts - ## - --collect.heartbeat - ## - --collect.heartbeat.database - ## - --collect.heartbeat.table - ## - extraArgs: - primary: [] - secondary: [] - ## Mysqld Prometheus exporter resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param metrics.resources.limits [object] The resources limits for MySQL prometheus exporter containers - ## @param metrics.resources.requests [object] The requested resources for MySQL prometheus exporter containers - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 256Mi - requests: {} - ## Mysqld Prometheus exporter liveness probe - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param metrics.livenessProbe.enabled Enable livenessProbe - ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - ## Mysqld Prometheus exporter readiness probe - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## @param metrics.readinessProbe.enabled Enable readinessProbe - ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 3 - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator - ## - enabled: false - ## @param metrics.serviceMonitor.namespace Specify the namespace in which the serviceMonitor resource will be created - ## - namespace: "" - ## @param metrics.serviceMonitor.interval Specify the interval at which metrics should be scraped - ## - interval: 30s - ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended - ## e.g: - ## scrapeTimeout: 30s - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.relabellings [array] Specify Metric Relabellings to add to the scrape endpoint - ## - relabellings: [] - ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## @param metrics.serviceMonitor.additionalLabels [object] Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## - additionalLabels: {} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/NOTES.txt b/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/NOTES.txt deleted file mode 100644 index 5556419..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/NOTES.txt +++ /dev/null @@ -1,41 +0,0 @@ -The nacos has been installed. - -Nacos can be accessed: - - {{ if .Values.ingress.enabled }} - * The application URL: - {{- range .Values.ingress.hosts }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} - {{- end }} - {{- end }} - - * Within your cluster, at the following DNS name at port {{ .Values.service.ingressPort }}: - - {{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc - - * From outside the cluster, run these commands in the same shell: - {{- if contains "NodePort" .Values.service.type }} - - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT - {{- else if contains "LoadBalancer" .Values.service.type }} - - WARNING: You have likely exposed your nacos direct to the internet. - Nacos does not implement any security for public facing clusters by default. - As a minimum level of security; switch to ClusterIP/NodePort and place an Nginx gateway infront of the cluster in order to lock down access to dangerous HTTP endpoints and verbs. - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.ports.http.port }} - {{- else if contains "ClusterIP" .Values.service.type }} - - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:{{ .Values.service.ports.http.port }} to use nacos" - kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME {{ .Values.service.ports.http.port }}:{{ .Values.service.ports.http.port }} - {{- end }} - - # The default user is: nacos - # The default password is: nacos diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/_helpers.tpl b/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/_helpers.tpl deleted file mode 100644 index c354d91..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/_helpers.tpl +++ /dev/null @@ -1,105 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Nacos image name -*/}} -{{- define "nacos.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Nacos initDB image name -*/}} -{{- define "nacos.initDB.image" -}} -{{- include "common.images.image" (dict "imageRoot" .Values.initDB.image "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "nacos.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.initDB.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "nacos.pvc" -}} -{{- coalesce .Values.persistence.existingClaim (include "common.names.fullname" .) -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "nacos.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* Check if there are rolling tags in the images */}} -{{- define "nacos.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.initDB.image }} -{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} -{{- end -}} - -{{/* -Return the secret containing TLS certificates -*/}} -{{- define "nacos.tlsSecretName" -}} -{{- $secretName := coalesce .Values.tls.existingSecret .Values.tls.secretName -}} -{{- if $secretName -}} - {{- printf "%s" (tpl $secretName $) -}} -{{- else -}} - {{- printf "%s-crt" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a TLS secret object should be created -*/}} -{{- define "nacos.createTlsSecret" -}} -{{- if and .Values.tls.enabled .Values.tls.autoGenerated (not .Values.tls.secretName) (not .Values.tls.existingSecret) }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "nacos.mysql.fullname" -}} -{{- printf "%s-%s" .Release.Name "mysql" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Return the mysql primary Hostname -*/}} -{{- define "nacos.mysql.primaryHost" -}} -{{- if .Values.mysql.enabled }} - {{- if eq .Values.mysql.architecture "replication" }} - {{- printf "%s-%s" (include "nacos.mysql.fullname" .) "primary" | trunc 63 | trimSuffix "-" -}} - {{- else -}} - {{- printf "%s" (include "nacos.mysql.fullname" .) -}} - {{- end -}} -{{- else -}} - {{- printf "%s" .Values.mysql.external.mysqlMasterHost -}} -{{- end -}} -{{- end -}} - -{{/* -Return the mysql secondary Hostname -*/}} -{{- define "nacos.mysql.secondaryHost" -}} -{{- if .Values.mysql.enabled }} - {{- if eq .Values.mysql.architecture "replication" }} - {{- printf "%s-%s" (include "nacos.mysql.fullname" .) "secondary" | trunc 63 | trimSuffix "-" -}} - {{- else -}} - {{- printf "%s" (include "nacos.mysql.fullname" .) -}} - {{- end -}} -{{- else -}} - {{- printf "%s" .Values.mysql.external.mysqlSlaveHost -}} -{{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/configmap.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/configmap.yaml deleted file mode 100644 index 1277350..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - sql_files: "https://raw.githubusercontent.com/alibaba/nacos/{{ .Chart.AppVersion }}/distribution/conf/nacos-mysql.sql" -{{- if .Values.config.enabled -}} - {{- toYaml .Values.config.data | nindent 2 }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/deployment-statefulset.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/deployment-statefulset.yaml deleted file mode 100644 index 23ceed7..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/deployment-statefulset.yaml +++ /dev/null @@ -1,310 +0,0 @@ -{{- $root := . -}} -{{- if .Values.statefulset.enabled }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -{{- else }} -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -{{- end }} -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - replicas: {{ .Values.replicaCount }} - {{- if .Values.statefulset.enabled }} - serviceName: {{ include "common.names.fullname" . }}-headless - podManagementPolicy: {{ .Values.podManagementPolicy }} - {{- end }} - {{- if .Values.updateStrategy }} - strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - automountServiceAccountToken: {{ .Values.serviceAccount.autoMount }} - shareProcessNamespace: {{ .Values.sidecarSingleProcessNamespace }} - serviceAccountName: {{ template "nacos.serviceAccountName" . }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - hostNetwork: {{ .Values.hostNetwork }} - hostIPC: {{ .Values.hostIPC }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.dnsPolicy }} - dnsPolicy: {{ .Values.dnsPolicy | quote }} - {{- end }} - {{- include "nacos.imagePullSecrets" . | nindent 6 }} - initContainers: - - name: peer-finder-plugin-install - image: nacos/nacos-peer-finder-plugin:latest - imagePullPolicy: Always - volumeMounts: - {{- if .Values.persistence.mountPaths }} - {{- toYaml .Values.persistence.mountPaths | nindent 12 }} - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- toYaml .Values.extraVolumeMounts | nindent 12 }} - {{- end }} - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - volumeMounts: - {{- if .Values.persistence.mountPaths }} - {{ toYaml .Values.persistence.mountPaths | nindent 12 }} - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{ toYaml .Values.extraVolumeMounts | nindent 12 }} - {{- end }} - {{- end }} - containers: - - name: {{ include "common.names.name" . }} - image: {{ template "nacos.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.lifecycle }} - lifecycle: - {{- toYaml .Values.lifecycle | nindent 12 }} - {{- end }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: NACOS_REPLICAS - value: "{{ .Values.replicaCount }}" - - name: NACOS_SERVERS - value: {{ range $i, $e := until (int $.Values.replicaCount) -}} - {{- $nacosPodName := (printf "%s-%d.%s-headless" (include "common.names.fullname" $root) $i (include "common.names.fullname" $root)) -}} - {{- $nacosPodName -}}:8848{{ printf " " }} - {{- end }} - - name: DOMAIN_NAME - value: {{ .Values.clusterDomain | quote }} - - name: SERVICE_NAME - value: {{ include "common.names.fullname" . }}-headless - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: MYSQL_SERVICE_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: mysqlMasterHost - - name: MYSQL_SERVICE_DB_NAME - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: mysqlDatabase - - name: MYSQL_SERVICE_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: mysqlMasterPort - - name: MYSQL_SERVICE_USER - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: mysqlMasterUser - - name: MYSQL_SERVICE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: mysqlMasterPassword - - name: NACOS_SERVER_PORT - value: "8848" - - name: NACOS_APPLICATION_PORT - value: "8848" - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - ports: - {{- range $key, $value := .Values.service.ports }} - - name: {{ $key }} - containerPort: {{ $value.port }} - protocol: {{ $value.protocol }} - {{- end }} - {{- if .Values.healthCheck.livenessProbe.enabled }} - livenessProbe: - {{- if eq .Values.healthCheck.type "http" }} - httpGet: - path: {{ .Values.healthCheck.livenessProbe.httpPath }} - port: {{ .Values.healthCheck.port }} - {{- else }} - tcpSocket: - port: {{ .Values.healthCheck.port }} - {{- end }} - initialDelaySeconds: {{ .Values.healthCheck.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.healthCheck.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.healthCheck.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.healthCheck.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.healthCheck.livenessProbe.failureThreshold }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.healthCheck.readinessProbe.enabled }} - readinessProbe: - {{- if eq .Values.healthCheck.type "http" }} - httpGet: - path: {{ .Values.healthCheck.readinessProbe.httpPath }} - port: {{ .Values.healthCheck.port }} - {{- else }} - tcpSocket: - port: {{ .Values.healthCheck.port }} - {{- end }} - initialDelaySeconds: {{ .Values.healthCheck.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.healthCheck.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.healthCheck.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.healthCheck.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.healthCheck.readinessProbe.failureThreshold }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.config.enabled }} - - name: {{ include "common.names.name" . }}-conf - mountPath: {{ .Values.config.mountPath }} - subPath: {{ .Values.config.subPath }} - readOnly: {{ .Values.config.readOnly }} - {{- end }} - {{- if .Values.existConfig.enabled }} - - name: {{ include "common.names.name" . }}-exist-conf - mountPath: {{ .Values.existConfig.mountPath }} - subPath: {{ .Values.existConfig.subPath }} - readOnly: {{ .Values.existConfig.readOnly }} - {{- end }} - {{- if .Values.secret.enabled }} - - name: {{ include "common.names.name" . }}-secret - mountPath: {{ .Values.secret.mountPath }} - subPath: {{ .Values.secret.subPath }} - readOnly: {{ .Values.secret.readOnly }} - {{- end }} - {{- if .Values.existSecret.enabled }} - - name: {{ include "common.names.name" . }}-exist-secret - mountPath: {{ .Values.existSecret.mountPath }} - subPath: {{ .Values.existSecret.subPath }} - readOnly: {{ .Values.existSecret.readOnly }} - {{- end }} - {{- if .Values.persistence.mountPaths }} - {{- toYaml .Values.persistence.mountPaths | nindent 12 }} - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- toYaml .Values.extraVolumeMounts | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.config.enabled }} - - name: {{ include "common.names.name" . }}-conf - configMap: - name: {{ include "common.names.fullname" . }} - {{- end }} - {{- if .Values.existConfig.enabled }} - - name: {{ include "common.names.name" . }}-exist-conf - configMap: - name: {{ .Values.existConfig.name }} - {{- end }} - {{- if .Values.secret.enabled }} - - name: {{ include "common.names.name" . }}-secret - secret: - secretName: {{ include "common.names.fullname" . }} - {{- end }} - {{- if .Values.existSecret.enabled }} - - name: {{ include "common.names.name" . }}-exist-secret - secret: - secretName: {{ .Values.existSecret.name }} - {{- end }} - {{- if .Values.extraVolumes }} - {{- toYaml .Values.extraVolumes | nindent 8 }} - {{- end }} -{{- if not .Values.statefulset.enabled }} - {{- if .Values.persistence.enabled }} - - name: data-storage - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "common.names.fullname" .) }} - {{- else }} - - name: data-storage - emptyDir: {} - {{- end }} -{{- else }} - {{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: data-storage - {{- if .Values.persistence.annotations }} - annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }} - {{- end }} - spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - annotations: - {{- range $key, $value := $.Values.persistence.annotations }} - {{ $key }}: {{ $value }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size }} - {{- if .Values.persistence.storageClass }} - {{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" - {{- end }} - {{- end }} - {{- else }} - - name: data-storage - emptyDir: {} - {{- end }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/extra-list.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/hpa.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/hpa.yaml deleted file mode 100644 index d837da3..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/hpa.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} -kind: HorizontalPodAutoscaler -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: Deployment - name: {{ template "common.names.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.autoscaling.targetMemory }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetMemory }} - {{- end }} - {{- end }} - {{- if .Values.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.autoscaling.targetCPU }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.autoscaling.targetCPU }} - {{- end }} - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/ingress.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/ingress.yaml deleted file mode 100644 index c5ec875..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/ingress.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} - ingressClassName: {{ .Values.ingress.ingressClassName | quote }} - {{- end }} - rules: - {{- if .Values.ingress.hostname }} - - host: {{ .Values.ingress.hostname }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ .name | quote }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.ingress.extraRules }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} - {{- end }} - {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} - tls: - {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }} - - hosts: - - {{ .Values.ingress.hostname | quote }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/job.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/job.yaml deleted file mode 100644 index 7d2f2f1..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/job.yaml +++ /dev/null @@ -1,78 +0,0 @@ -{{- if .Values.initDB.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.names.fullname" . }}-init-db - annotations: - "helm.sh/hook-weight": "-1" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: mysql - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} -spec: - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: mysql - spec: - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} -{{- include "nacos.imagePullSecrets" . | nindent 6 }} - containers: - - name: import-nacos-mysql-sql - image: {{ template "nacos.initDB.image" . }} - imagePullPolicy: {{ .Values.initDB.image.pullPolicy }} - env: - - name: SQL_FILES - valueFrom: - configMapKeyRef: - name: {{ include "common.names.fullname" . }} - key: sql_files - - name: MYSQL_HOST - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: mysqlMasterHost - - name: MYSQL_DB - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: mysqlDatabase - - name: MYSQL_PORT - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: mysqlMasterPort - - name: MYSQL_USER - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: mysqlMasterUser - - name: MYSQL_PASSWD - valueFrom: - secretKeyRef: - name: {{ include "common.names.fullname" . }} - key: mysqlMasterPassword - restartPolicy: OnFailure - parallelism: 1 - completions: 1 - backoffLimit: 6 -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/networkpolicy.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/networkpolicy.yaml deleted file mode 100644 index 7010a89..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/networkpolicy.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} -spec: - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - ingress: - # Allow inbound connections - - ports: - - port: {{ template "nacos.service.ingressPort" . }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "common.names.fullname" . }}-client: "true" - {{- if .Values.networkPolicy.explicitNamespacesSelector }} - namespaceSelector: - {{- toYaml .Values.networkPolicy.explicitNamespacesSelector | nindent 12 }} - {{- end }} - - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 14 }} - role: read - {{- end }} - {{- if .Values.metrics.enabled }} - # Allow prometheus scrapes - - ports: - - port: 9187 - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/pdb.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/pdb.yaml deleted file mode 100644 index f82d278..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/pdb.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.pdb.minAvailable }} - minAvailable: {{ .Values.pdb.minAvailable }} - {{- end }} - {{- if .Values.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/prometheusrules.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/prometheusrules.yaml deleted file mode 100644 index afa4843..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/prometheusrules.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ include "common.names.fullname" . }} - {{- if .Values.metrics.prometheusRule.namespace }} - namespace: {{ .Values.metrics.prometheusRule.namespace }} - {{- else }} - namespace: {{ .Release.Namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: nginx - app.kubernetes.io/component: metrics - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $ ) | nindent 4 }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - groups: - - name: {{ include "common.names.fullname" . }} - rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 6 }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/pvc.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/pvc.yaml deleted file mode 100644 index 219f7db..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/pvc.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if not .Values.statefulset.enabled -}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.persistence.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.persistence.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - accessModes: - {{- if not (empty .Values.persistence.accessModes) }} - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - {{- else }} - - {{ .Values.persistence.accessMode | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} - {{- if .Values.persistence.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.dataSource "context" $) | nindent 4 }} - {{- end }} -{{- end }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/secret.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/secret.yaml deleted file mode 100644 index 7086174..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/secret.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: -{{- if not .Values.mysql.enabled }} -{{- range $key, $value := .Values.mysql.external }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} -{{- else }} - mysqlMasterHost: {{ (include "nacos.mysql.primaryHost" .) | b64enc | quote }} - mysqlDatabase: {{ .Values.mysql.auth.database | b64enc | quote }} - mysqlMasterPort: {{ "3306" | b64enc }} - mysqlMasterUser: {{ .Values.mysql.auth.username | b64enc | quote }} - mysqlMasterPassword: {{ .Values.mysql.auth.password | b64enc | quote }} - mysqlSlaveHost: {{ (include "nacos.mysql.secondaryHost" .) | b64enc | quote }} - mysqlSlavePort: {{ "3306" | b64enc }} -{{- end }} -{{- if .Values.secret.enabled }} -{{- range $key, $value := .Values.secret.data }} - {{ $key }}: {{ $value | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/service-headless.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/service-headless.yaml deleted file mode 100644 index cf600f7..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/service-headless.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.statefulset.enabled }} -apiVersion: v1 -kind: Service -metadata: - annotations: - # 1.13 以前版本 - #service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" - name: {{ printf "%s-headless" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} -spec: - type: ClusterIP - clusterIP: None - # 1.13 以后版本 - publishNotReadyAddresses: true - ports: - {{- range $key, $value := .Values.service.ports }} - - name: {{ $key }} - targetPort: {{ $key }} - {{- toYaml $value | nindent 6 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/service.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/service.yaml deleted file mode 100644 index 6f58b3c..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if and .Values.service.externalTrafficPolicy (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - ports: - {{- range $key, $value := .Values.service.ports }} - - name: {{ $key }} - targetPort: {{ $key }} - {{- toYaml $value | nindent 6 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/serviceaccount.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/serviceaccount.yaml deleted file mode 100644 index bf2c50c..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/serviceaccount.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -metadata: - name: {{ template "nacos.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.commonAnnotations .Values.serviceAccount.annotations }} - annotations: - {{- if or .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.serviceAccount.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/servicemonitor.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/servicemonitor.yaml deleted file mode 100644 index a9cc17b..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "common.names.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} - {{- end }} - endpoints: - - port: metrics - path: /metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelings }} - relabelings: - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/test/test-nacos.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/test/test-nacos.yaml deleted file mode 100644 index 4e79a59..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/test/test-nacos.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: {{ include "common.names.fullname" . }}-test - annotations: - "helm.sh/hook": test-success - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - containers: - - name: {{ .Release.Name }}-test - image: nginx:latest - command: ["sh", "-c", "curl -I -m 10 -o /dev/null -s -w %{http_code} http://$NACOS_SERVICE_HOST:$NACOS_SERVER_PORT/nacos/"] - env: - - name: NACOS_SERVER_PORT - value: "8848" - - name: NACOS_SERVICE_HOST - value: {{ include "common.names.fullname" . }} - restartPolicy: Never diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/tls-secrets.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/tls-secrets.yaml deleted file mode 100644 index 29ef17b..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/templates/tls-secrets.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- if .Values.ingress.secrets }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- end }} -{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} -{{- $ca := genCA "nacos-ca" 365 }} -{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-tls" .Values.ingress.hostname }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/nacos-2.1.2/values.yaml b/source/src/main/java/io/wdd/source/nacos-2.1.2/values.yaml deleted file mode 100644 index 2bbe328..0000000 --- a/source/src/main/java/io/wdd/source/nacos-2.1.2/values.yaml +++ /dev/null @@ -1,803 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section Common parameters - -## @param nameOverride String to partially override nginx.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override nginx.fullname template -## -fullnameOverride: "" -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param clusterDomain Kubernetes Cluster Domain -## -clusterDomain: wdd.io -## @param extraDeploy Extra objects to deploy (value evaluated as a template) -## -extraDeploy: [] -## @param commonLabels Add labels to all the deployed resources -## -commonLabels: {} -## @param commonAnnotations Add annotations to all the deployed resources -## -commonAnnotations: {} - -## Deployment or Statefulset -statefulset: - enabled: true - -## @param replicaCount Number of replicas to deploy -## -replicaCount: 1 - -## @section Tomcat parameters -## - -## Bitnami Tomcat image version -## ref: https://hub.docker.com/r/bitnami/tomcat/tags/ -## @param image.registry Tomcat image registry -## @param image.repository Tomcat image repository -## @param image.tag Tomcat image tag (immutable tags are recommended) -## @param image.pullPolicy Tomcat image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Specify if debug logs should be enabled -## -image: - registry: docker.io - repository: nacos/nacos-server - tag: v2.1.0 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - -## Kubernetes svc configuration -## -service: - ## 支持ClusterIP修改为LoadBalancer,反之不允许。可手动修改svc,并将nodePort去掉 - type: ClusterIP # 一般不用修改, 支持ClusterIP/LoadBalancer/NodePort - loadBalancerIP: "" - ## Enable client source IP preservation - ## @param service.externalTrafficPolicy External traffic policy, configure to Local to preserve client source IP when using an external loadBalancer - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster # 支持Cluster/Local - ports: - ## 多端口暴露时,复制一段 - http: - port: 8848 # Service port number for client-a port. - protocol: TCP # Service port protocol for client-a port. - ## Use nodePorts to requets some specific ports when usin NodePort - # nodePort: 30020 # 默认会自动生成 - ## @param service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param service.clusterIP Static clusterIP or None for headless services - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address - ## e.g: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.annotations Annotations for Logstash service - ## - annotations: {} - -## @param extraEnvVars Extra environment variables to be set on MinIO® container -## e.g: -## extraEnvVars: -## - name: FOO -## value: "bar" -## -extraEnvVars: - - name: PREFER_HOST_MODE - value: "hostname" - - name: TZ - value: "Asia/Shanghai" -## @param extraEnvVarsCM ConfigMap with extra environment variables -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Secret with extra environment variables -## -extraEnvVarsSecret: "" -## @param command Default container command (useful when using custom images). Use array form -## -command: [] -## @param args Default container args (useful when using custom images). Use array form -## -args: [] - -## @param querier.podManagementPolicy podManagementPolicy to manage scaling operation -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies -## -podManagementPolicy: "" - -## Enable configmap and add data in configmap -config: - enabled: false - mountPath: /conf - subPath: "" - readOnly: true - data: {} - -## 使用已存在的configmap映射到相应目录或文件路径 -existConfig: - enabled: false - name: "" - mountPath: /exist/conf - subPath: "" - readOnly: true - -## To use an additional secret, set enable to true and add data -secret: - enabled: false - mountPath: /etc/secret-volume - subPath: "" - readOnly: true - data: {} - -## 使用已存在的secret映射到相应目录或文件路径 -existSecret: - enabled: false - name: "" - mountPath: /exist/secret-volume - subPath: "" - readOnly: true - -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} - -## liveness and readiness -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ -healthCheck: - type: http # http/tcp - port: http # 上面的端口名或端口 - httpPath: '/' # http时必须设置 - livenessProbe: - enabled: true - httpPath: '/nacos/v1/console/health/liveness' # http时必须设置 - initialDelaySeconds: 60 # 初始延迟秒数, k8s默认值为0,最小为0 - periodSeconds: 30 # 检测周期,k8s默认值10,最小为1 - # timeoutSeconds: 3 # 检测超时,k8s默认值1,最小为1 - # successThreshold: 1 # 失败后成功次数,k8s默认值1,最小为1,只能设置为1 - # failureThreshold: 5 # 失败后重试次数,k8s默认值3,最小为1 - readinessProbe: - enabled: true - httpPath: '/nacos/v1/console/health/readiness' # http时必须设置 - initialDelaySeconds: 60 # 初始延迟秒数, k8s默认值为0,最小为0 - periodSeconds: 30 # 检测周期,k8s默认值10,最小为1 - # timeoutSeconds: 3 # 检测超时,k8s默认值1,最小为1 - # successThreshold: 1 # 失败后成功次数,k8s默认值1,最小为1,只能设置为1 - # failureThreshold: 5 # 失败后重试次数,k8s默认值3,最小为1 - -## nacos containers' resource requests and limits -## ref: https://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the nacos container -## @param resources.requests The requested resources for the nacos container -resources: {} -# limits: -# cpu: 100m -# memory: 128Mi -# requests: -# cpu: 100m -# memory: 128Mi - -## @param updateStrategy.type nacos deployment strategy type -## @param updateStrategy.rollingUpdate nacos deployment rolling update configuration parameters -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -## -updateStrategy: {} -# type: RollingUpdate -# rollingUpdate: {} -## @param podLabels Additional labels for nacos pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## @param podAnnotations Annotations for nacos pods -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: - pod.alpha.kubernetes.io/initialized: "true" -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] -## @param affinity Affinity for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param hostNetwork Specify if host network should be enabled for nacos pod -## -hostNetwork: false -## @param hostIPC Specify if host IPC should be enabled for nacos pod -## -hostIPC: false -## @param nodeSelector Node labels for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: {} -## @param priorityClassName Priority class name -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass -## -priorityClassName: "" -## nacos pods' Security Context. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enabled nacos pods' Security Context -## @param podSecurityContext.fsGroup Set nacos pod's Security Context fsGroup -## @param podSecurityContext.sysctls sysctl settings of the nacos pods -## -podSecurityContext: - enabled: false - fsGroup: 5001 - ## sysctl settings - ## Example: - ## sysctls: - ## - name: net.core.somaxconn - ## value: "10000" - ## - sysctls: [] -## nacos containers' Security Context. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## @param containerSecurityContext.enabled Enabled nacos containers' Security Context -## @param containerSecurityContext.runAsUser Set nacos container's Security Context runAsUser -## @param containerSecurityContext.runAsNonRoot Set nacos container's Security Context runAsNonRoot -## -containerSecurityContext: - enabled: false - runAsUser: 5001 - runAsNonRoot: true - -## @param Pod's DNS Policy -## https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy -dnsPolicy: "" # ClusterFirst/ClusterFirstWithHostNet ... - -## @param hostAliases Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -# - ip: "192.168.1.100" -# hostnames: -# - "example.local" - -## Autoscaling parameters -## @param autoscaling.enabled Enable autoscaling for nacos deployment -## @param autoscaling.minReplicas Minimum number of replicas to scale back -## @param autoscaling.maxReplicas Maximum number of replicas to scale out -## @param autoscaling.targetCPU Target CPU utilization percentage -## @param autoscaling.targetMemory Target Memory utilization percentage -## -autoscaling: - enabled: false - minReplicas: "" - maxReplicas: "" - targetCPU: "" - targetMemory: "" - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - enabled: false - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, azure-disk on - ## Azure, standard on GKE, AWS & OpenStack) - ## - storageClass: "" - accessMode: ReadWriteOnce - annotations: {} - # helm.sh/resource-policy: keep - size: 5Gi # 大小 - existingClaim: {} # 使用已存在的pvc - mountPaths: - - mountPath: /home/nacos/plugins - name: data-storage - subPath: plugins - - mountPath: /home/nacos/data - name: data-storage - subPath: data - - mountPath: /home/nacos/logs - name: data-storage - subPath: logs - ## @param persistence.selector [object] Selector to match an existing Persistent Volume - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - -## @param extraVolumeMounts Array to add extra mount -## -extraVolumeMounts: [] -# - mountPath: /logs -# name: logs -## @param extraVolumes Array to add extra volumes -## -extraVolumes: [] -# - hostPath: -# path: /home/logs -# name: logs - -## Configure the ingress resource that allows you to access the -## ref: https://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress controller resource - ## - enabled: true - ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) - ## - apiVersion: "" - ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) - ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster. - ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ - ## - ingressClassName: "traefik" - ## @param ingress.hostname Default host for the ingress resource - ## - hostname: nacos.107421.xyz - ## @param ingress.path The Path to nacos®. You may need to set this to '/*' in order to use this with ALB ingress controllers. - ## - path: /nacos - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param ingress.servicePort Service port to be used - ## Default is http. Alternative is https. - ## - servicePort: http - ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## Use this parameter to set the required annotations for cert-manager, see - ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations - ## - ## e.g: - ## annotations: - ## kubernetes.io/ingress.class: nginx - ## cert-manager.io/cluster-issuer: cluster-issuer-name - ## - annotations: - cert-manager.io/cluster-issuer: cm-cloudflare-7421 - ## @param ingress.tls Enable TLS configuration for the hostname defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Rely on cert-manager to create it by setting the corresponding annotations - ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## - tls: true - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm - ## - selfSigned: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## e.g: - ## extraHosts: - ## - name: chart-example.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths Any additional paths that may need to be added to the ingress under the main host - ## For example: The ALB ingress controller requires a special rule for handling SSL redirection. - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## e.g: - ## extraTls: - ## - hosts: - ## - chart-example.local - ## secretName: chart-example.local-tls - ## - extraTls: [] - ## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate are expected in PEM format - ## name should line up with a secretName set further up - ## - ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates - ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## - ## Example - ## secrets: - ## - name: chart-example.local-tls - ## key: "" - ## certificate: "" - ## - secrets: [] - -## @section Other Parameters -## - -## Network Policy configuration -## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ -## -networkPolicy: - ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources - ## - enabled: false - ## @param networkPolicy.allowExternal Don't require client label for connections - ## When set to false, only pods with the correct client label will have network access to the ports - ## Redis™ is listening on. When true, Redis™ will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy - ## e.g: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraIngress: [] - ## @param networkPolicy.extraEgress Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param networkPolicy.ingressNSMatchLabels Labels to match to allow traffic from other namespaces - ## @param networkPolicy.ingressNSPodMatchLabels Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} - -## Pods Service Account -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## -serviceAccount: - ## @param serviceAccount.create Enable creation of ServiceAccount for nginx pod - ## - create: false - ## @param serviceAccount.name The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the `common.names.fullname` template - name: "" - ## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. - ## Only used if `create` is `true`. - ## - annotations: {} - ## @param serviceAccount.autoMount Auto-mount the service account token in the pod - ## - autoMount: false - -## Pod Disruption Budget configuration -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -## -pdb: - ## @param pdb.create Created a PodDisruptionBudget - ## - create: false - ## @param pdb.minAvailable Min number of pods that must still be available after the eviction - ## - minAvailable: 1 - ## @param pdb.maxUnavailable Max number of pods that can be unavailable after the eviction - ## - maxUnavailable: 0 - -## Uncomment and modify this to run a command after starting the core container. -## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ -lifecycle: {} -# preStop: -# exec: -# command: ["/bin/bash","/pre-stop.sh"] -# postStart: -# exec: -# command: ["/bin/bash","/post-start.sh"] - -## init containers -## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ -## Add init containers. e.g. to be used to give specific permissions for data -## Add your own init container or uncomment and modify the given example. -initContainers: [] -# - name: fmp-volume-permission -# image: busybox -# imagePullPolicy: IfNotPresent -# command: ['chown','-R', '200', '/extra-data'] -# volumeMounts: -# - name: extra-data -# mountPath: /extra-data - -## @param sidecars Sidecar parameters -## e.g: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: [] - -## @param sidecarSingleProcessNamespace Enable sharing the process namespace with sidecars -## This will switch pod.spec.shareProcessNamespace parameter -## -sidecarSingleProcessNamespace: false - -mysql: - # if enabled set "false", fill the connection informations in "external" section - # init containers will import the flow sql file into mysql db. - # https://raw.githubusercontent.com/alibaba/nacos/${version}/distribution/conf/schema.sql - # https://raw.githubusercontent.com/alibaba/nacos/${version}/distribution/conf/nacos-mysql.sql - enabled: false - external: - mysqlMasterHost: "mysql_master_host" - mysqlDatabase: "nacos" - mysqlMasterPort: "3306" - mysqlMasterUser: "nacos" - mysqlMasterPassword: "nacos" - mysqlSlaveHost: "mysql_slave_host" - mysqlSlavePort: "3306" - - architecture: standlone - auth: - rootPassword: "nacos" - database: "nacos" - username: "nacos" - password: "nacos" - replicationUser: "replicator" - replicationPassword: "replicator" - - primary: - persistence: - enabled: false - storageClass: "-" - mountPath: /bitnami/mysql - annotations: {} - accessModes: - - ReadWriteOnce - size: 8Gi - - # extraEnvVars: - # - name: TZ - # value: "Asia/Shanghai" - - containerSecurityContext: - enabled: true - runAsUser: 5001 - allowPrivilegeEscalation: false - - configuration: |- - [mysqld] - skip_ssl - default_authentication_plugin=mysql_native_password - skip-name-resolve - explicit_defaults_for_timestamp - basedir=/opt/bitnami/mysql - plugin_dir=/opt/bitnami/mysql/lib/plugin - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - datadir=/bitnami/mysql/data - tmpdir=/opt/bitnami/mysql/tmp - max_allowed_packet=16M - bind-address=0.0.0.0 - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - log-error=/opt/bitnami/mysql/logs/mysqld.log - default-time_zone = '+8:00' - character-set-server=utf8mb4 - collation-server = utf8mb4_unicode_ci - - [client] - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - plugin_dir=/opt/bitnami/mysql/lib/plugin - default-character-set=utf8mb4 - - [manager] - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - - secondary: - replicaCount: 1 - persistence: - enabled: false - storageClass: "-" - mountPath: /bitnami/mysql - annotations: {} - accessModes: - - ReadWriteOnce - size: 8Gi - - extraEnvVars: - - name: TZ - value: "Asia/Shanghai" - - containerSecurityContext: - enabled: true - runAsUser: 5001 - allowPrivilegeEscalation: false - - configuration: |- - [mysqld] - skip_ssl - default_authentication_plugin=mysql_native_password - skip-name-resolve - explicit_defaults_for_timestamp - basedir=/opt/bitnami/mysql - plugin_dir=/opt/bitnami/mysql/lib/plugin - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - datadir=/bitnami/mysql/data - tmpdir=/opt/bitnami/mysql/tmp - max_allowed_packet=16M - bind-address=0.0.0.0 - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - log-error=/opt/bitnami/mysql/logs/mysqld.log - default-time_zone = '+8:00' - character-set-server=utf8mb4 - collation-server = utf8mb4_unicode_ci - - [client] - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - plugin_dir=/opt/bitnami/mysql/lib/plugin - default-character-set=UTF8 - - [manager] - port=3306 - socket=/opt/bitnami/mysql/tmp/mysql.sock - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid - -initDB: - enabled: true - image: - registry: docker.io - repository: ygqygq2/mysql-exec-sql - tag: latest - pullPolicy: IfNotPresent - -## nacos 自带 metrics -metrics: - ## Prometheus Operator ServiceMonitor configuration - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled Creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) - ## - enabled: false - ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running - ## - namespace: "" - ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## interval: 10s - ## - interval: "" - ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## e.g: - ## scrapeTimeout: 10s - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.selector Prometheus instance selector labels - ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration - ## - ## selector: - ## prometheus: my-prometheus - ## - selector: {} - ## @param metrics.serviceMonitor.additionalLabels Additional labels that can be used so PodMonitor will be discovered by Prometheus - ## - additionalLabels: {} - ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping - ## - relabelings: [] - ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion - ## - metricRelabelings: [] - ## Prometheus Operator PrometheusRule configuration - ## - prometheusRule: - ## @param metrics.prometheusRule.enabled if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) - ## - enabled: false - ## @param metrics.prometheusRule.namespace Namespace for the PrometheusRule Resource (defaults to the Release Namespace) - ## - namespace: "" - ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so PrometheusRule will be discovered by Prometheus - ## - additionalLabels: {} - ## @param metrics.prometheusRule.rules Prometheus Rule definitions - ## - alert: LowInstance - ## expr: up{service="{{ template "common.names.fullname" . }}"} < 1 - ## for: 1m - ## labels: - ## severity: critical - ## annotations: - ## description: Service {{ template "common.names.fullname" . }} Tomcat is down since 1m. - ## summary: Tomcat instance is down. - ## - rules: [] diff --git a/source/src/main/java/io/wdd/source/octopus-middile-wares.zip b/source/src/main/java/io/wdd/source/octopus-middile-wares.zip new file mode 100644 index 0000000000000000000000000000000000000000..1d835849b5432e77290fc5d546993d085a6b7d4b GIT binary patch literal 430614 zcmb@t1yEgEx-E>myE_Dz;2PZB-8Zfq*Wd(qcXxLW?(Q1g-4g;l&N=UP-|qMK|El|4 zs#eviU9~1P$ERb=Zz{@wLtub_fWUyT$9k)!z^LVY0RsV<1qT5k`S{h^#TWpz12_Ym z7)*_vER5}qfTm20762PtOLIGWAON7;Yq!pf(1m^c#o?rg@H6j-Bd>>42rfe=sXY2U z+X#n=Qxm0J{GM5;&kOb78Qui5tPBP54{{H1_#%an)1h8(j-1|Rq1G#SHZ($QNzY|! zlY+AfeBT{^=|n8LV?Zzz0rV&BL>uvG3|9+!8rVAvs1^ak&+SxhIeY_B4>Mutk_Wjh zBRHlzf(&5YiKT?GLCP-el%z62{<`R=k<{6+d{H>%4gvj;pDY9jx1a(X$SvR5rcPoU z`4B`Xz;-0lci z6Iiv0x5=mmYT6stO(maj=$U)}0+V`#c(QEH1OpDYB6VBrVKU3zZVu2kGD>vjIw+b; ztD8tc(`uzxdMS}FoQ~*x4;L&r8TnPFO{M9Pn#=?23$A!~b|fXflj9nO;kYkJ9=m44 zPgJ~LPzTjWoYtkW!Db?I>wnay+j}nQZ4Pc%gG63SlC!AnO_m{wL-(M0+lA1g?P~R%Oew(JJnvk16zp9BFo!W7d~f0rT@9(nTG~6uN0a z{0DFu{o`-67&kamDa#sXKFw?U0u>alzd;rM!TDU#0VwD2ARu_QARzev%K2CrJ&bH^ zE_7|}_c+krh)CZ3udyt=zS)?scQAU7K)WSe;%&M_u6T(lVL)r=+j7L0#wVh;9DnV> zm9E#PUsXoKZj1VD#EB-c?{Juw7Fu{dk3L>6ub>}S22(T%wa<~sdcr!Hc%ayn4o{nv z-IcFgkv-hF-&~K8U`^$f?%^*ZR3FOOI$3HPF|)jh_^>gLj(7deT-JIGZR+Fe2^{w^ z7c7oDW=7-Z_ZKJ=VJFPYM%h(CR@G!#ZkUKw_Z7u(JjrYulSC(9RjZKf0Uedm`QiM& zdLa?O2Gf2r(XM-+pXd6*lyJ~Jx6tBLt~OeoK;!m{%ezE+sz5;R^KiO7)IR^cr}j81 zwCr1WCuXns?SXW{^6TBzh|S36X{`k09P?P0HV{(Ni(Y4seYOS#Ux(q0!7itbmPFPLU_Ykq4@p-y|t9nKPJL z5moL|NI|0LAxY*#apU}?V(9M6!5|6GhYpCARWo#W?*jaZFech0tKhzWPD~kcP0M|# zvFqXKBgSf~>G;7Ot{r;|`aAAsEJ5=pK}JXigBJdwZ7MP6ghA49+GOr;jZdIKX86A! z0>9LiY(bEC6VCh)c^nB+6o`zE2=%yVc+z*5rg%YJ4&KdKQ!;m$>22N@lwe!es@W5%S z3h;ySs5bVHqF^z?m^~EjkjnXEsY8d?Tqfkq z%VNn=Nt$s)R$S?)>I7J1Y!I$#KgaVxOXy(#|7)X6J{th@RT( zy9rk5Fxj?`VaUP6cq$%9er_7Lx+3wFkhW%c=bd=ZW_wy}d@@lsY=X|FM>Ts?TuWRo z?mUXSrENK|8W@6?vt2K;ZEx+8#fVO6GN(ZJo{jJ-?$8ACwfHlNW9-2*-iG~@9m|wk za$6Dnx@PwZ#}G#FMG=Q=jF4lS4z001TdAEIP^l?A`Y`OP*u3n1IlT!z8vfDv+-y8~ zCevP*Q~-313u2<3IY)!i=VO0MqI6who3nEKo-D1Z^YC6(=l!-UPxCShCV<3=VEBui zb4wUj*Mt+aGfNnM8;j&+>F+A5-~^&m1=!bXQ7^U_gEu0wZ%Hy07Od3#?R3Bhi@25q zoppetb~ze;gBPM0@;?1Bg^AvwwITdU@6r^qd9Z{Y&ed*hQ7{98w?Jd9S%~%OP6E9* zew90M!hE^h+sK4#>E#ex!PK%ZlF=olEx8FJ^If>UQ6#6NIC>{0Oxb)3q%kWgYJ{B_ z82If)%MTlS$-H2O4bZf%EDBEcr0+FU;;t{PU;_5mq{yPzCbDYKYHH7x)&L#47y~+d z^J4AA>xP;z01yYS58AWaK4i8h7`hpF4uy3GVE z_~MMG;E1#pF9XaPFlAvCAfO7jK^OK3>A(mV@;uo|_|IQrvYL$#WWT^2)5>4J+Hj;D z;&P^uvW)h4fzIGziax!Mxo_SQ`f`=1Z=db)cOl9@iG%dH@2_bs<#tq~= zB!jsS#ozZx%n`jCWs}HCI_MQ9R%E|Fj2B7&c~|3kZj2mbp<#Vtb@5!$1kJiYJE#Bq za8+h?-g^eDF#eYntdvn(*d$f(SwPE|H1tJVyxZefw!{(rUuily-t8f((RCpFUdU+mVmS&45r#@i2c<~g2IlXbG55LDWv%@-v{jh3&k?Nw**$MaO3VDj zoh%WVyQ~w#g@$E1M4Hu_z#d`4@gbSuU6(xqu*lJfDTN8h7*_g58qU$wD#;x>Sa1J= z9vX*xI9G$-yGJ3CpJB0$SM(R_mJoPQ3+k-7AhpseEjO`TMv!gjZK#2B^vSfm-jE3c z)5+Z0N(z=b4?KmLUROplEHq3T^i4K2t8Y}p#Vn>`r7}7VKN=S zih+{oa;@2P95dRPoi8Tt-Qf{i^UH|KDlZ8jA(Tczzx@*|^ZIC^sVI8+{FH>GTB z`ees`Gh1zOKe(8U z?DIIrx2f}f4BcMr42&P6X_|!!Q3)ws_8zHE3<-e>d*u^dqWzjpJce}dYhQ*c{ZegP zLe{GC$n6mMadJmnFmy7TxqMu?Ae$-5AORsv4%{~ZwX3_gSAz!?#WO*UiksLFqa1o~ zueCNIQWkCKw;aqmkPM%7Oa<^wp{6zJqVOVw-f6OyN{OzJqBAJ4=`E-@IwOIf@oMIf7MmVf!&LLe+t!_?=Y4}YHM&&& zlL2C!>6{5&CiX|-_07y_{+&6t&kFmIRnPs`i(fY_>~E(O8EdCA+@s544B`m^NQclQ z5qm(%&t@aXYTI_d!;^6mRY&ecO_9#}Vmft~^j;BA7{8^>H1_H|?nCCr zc+I?gQ3yWi{=;wS)hf)Dn&=u}uCrm1*ZzjyJo;vumDLYz@dQ!T`bz_$ucL!KMdS0~ zE!XnVZ25W^NkiSwl%ew<4ygmlf!%pQ-iB!d)&V0RdE@CTr+kmN$my$Ib(x;>*^5eWWcr%(6ZAi1W4K;_b7nSDh~Cs++ef%Jid5oqX}7Yq75%2}d;V z5=P&}o^?Y07F>Dj9m`wg~I47om{UzQ1)VaX%c0gZhMq+*-(%)%;pBCHN+eZak*3vl zM*!80B@$PGsyS1LWlj}lEw6p1+p4WXij*Jjb09{~K89zYFN|I>Ijvj%S+|)TuK6DN< zRkQ8J3F|+?T8%|#i(%+t6W3*M+F<2VzXm6i6i%228`V{r9 z%_u<}p~vdN{^@G)D=E(e6x*CMdMI{1M~n&Ti-N|LBkv0tYetv=;BD}n9vB$=GqQmk z?yaD#zH@i?3l@rj2%6jzVAUp6U*pWzau{g&_5UXl|79ut-;wxF@nmB8w~+cPs-g4| z`p7>V;g5&!-*bqMwM;A-T#am808W1vX(OPy6AvOB2?+xU1H&Kb!3N;WU}@(BFmV9_ z7@TdK5aIsO8`}_yl{=t7Kr%T&K-m7hf37ShBq}GyXlr_qu4KQ?finC9{+?HNJ+w;j zB3F|*#0Y1*7!s>dCaQRy8AD7|#ypLh(u(3>AmeG%O+q^QLfV!7+$iaJPW)Fwyf07o zo5U~JP8xFyptHpewzK#UR`m@1ET8xFb?@+|NKUsNm&OY5)RgiG)`1Pd+4=dMnO|H| z8UMI&O5B6qRCYik$@d}Qu(UpNzq__b%0r||M!Cq`Bb2iZ*t7!Bz{OcBoK))upO^+^ zTF!XxZ*!JJs)sZf^@6{U*I0hs$HaV86+_eXUpE+V5zKh614r3>{t+8IdEQ@I1i1`g z_MR7H3S~$uonh-ngrL%v2P$vO?I;MxP|+RmMB|_5XD`VmoM(j_w)dt>>v=8Ue_7jL zn=8E9iYu9(eDi$viwPCr+r2bYbld9ZtKRZkc=`T1;_W}Wq4c%=%syH33sMO0Beu2A zT=6bo{s8S=~pZsHd~>~!m*`>3z51X#I+E*u-e3`hOJ z%mL!!Cfu^m_YZcG`Wj3U`){L#{t!p`sz}MgNot~%M%ppp&}(@5c~MdH&*I3iFY7o$ z-`!%G&FTxh*jjTcr!OcV{B0;$<91Vz%9G?X)E4fMwgc20O7J*KJvYBC99_|n4i%H) zUzQx&*2@>p<{5!&Df7d77|g?nE2Hi6sg~gK$h~s{rOI6FoSPqdQN%zO29-H}@)*Fy zdH&|&DK1~*Sj|_pDo=_;9-^9z7}yZ+e6g zI(&SYQ1ycF%?`T$H-7?){H|t78~(g3wjD7OAdp*hDiMc2FgI74ei*;hGqALsQ@<4X zLneG@$+C|!70b3hl1ZtG>xUx^=U;4Vu<_ol5?C|ZWU$PPw_+JSG!#Vu}Kzb zB31&+Fssq0fxK<&49GdVzU0=VTkIIx$z=BD0TIx+Q=PGsTb>V!Gi8=Nk;ke~PXnE?wvFARWrPf!*4OK4B z0jSwh3B)T(MAuN@z3WluYDx6dmWSK6B61U3xnm`cGtao3B(-`YYbKgIB&%nen2l#0 zUFp7{2K^71#$DF6Xld;NBuFgQg^#95wU70qlee|=(vU3Uv@K<;Gmr3w)_XX*TAx=6 zG?VUYa0dqhd&ZOkR}wY{R#Y>Z2kY47JXt%rHtj@D2P3e5hz&b;L)OFFZc_3*l9<@s zH1bxD^SE+gZX)WY^)E@ro)q5daJH+$dZd4mv2+-=^GC3Y03!~{XC7Idyh(3IqZ{d$ zw26C;QWj|G9;o2Q#iM@Z;&U_30s!PuMZw+4n_e!5nRllAS^~m(ys_;1br`v?3!$^ z^(G5vr;j}(8Kd6y7<2DPQ~}%Vx~1k%?!~Zo6kQWz2%?*#C4>627qv@^lIk08=@Gom z5~JZd3e6K<c2v`!{~tYxZ6?mpkE4XeQ4dbz*xjms~N^ zwha(eW#RE#-(gt0>y+ghYB6bMExE5LUuP-@&OUv#3NzI^K2>7L?MbxBSQ89Uj!JeUXQY=%_3Y?>F{ZB-5MZ^0yz2WHGZ^>_1(%R)dWykUbw9ZW!~t?@$Ks{P}|+eS-x75&HM)>))3&_&7Co005mBogHkF)bteA z1yQ^ucE40sl2NL5C#s)39mcD` zuS}H-C%F{8(Z(}0N7|kfuD52iUSPcEJy0bRYXw(Xr1gKg+ECiR;~5`d5Ost=#6e^6 zYJR6*Zh&hO+O|!qOa>x;wPqBfVusXDmWM=r5AODpVQ!90Dm3zktzi#f{I7OJV zxEApVCCzFZGXSHF8Nw3oR>UHeerYQ8ZoDlD(+akIz*M@3@pGvn*>Z1Rp<)PpQCHYo z8uPV+q|||bIl4;u?lGr#4*MF^(*%~*neAQkLrWMg0?r~x8F8#WH|g-FJ+F0ldpusbX6&#=YbEM+!{uXU4gu*~ z$T5~l*PSf+ry`fEr=v5)r)aafL_X4qWmM6g0&GjWCQJ``!{{2K-eqX0KDtEi`HD1j zM}!PSn4}RN!o*Rqm|iZqELmA4A9#SK%!WRw{dY?(4x*KmM!1!nM^9Fz31M@Byv
)jqI|w#_>yGp{Y&_d`OmZRK?wWZvJV9m6 z&Th*x;KacqY)HFdh_?xR=-i0&?j^d<1ra+d3?bh~f?3ueg0a{Hty3Eh*>E|t#BLps zi}_*tQ|3Y6u5l4{F;CiN)b#MA-!w~PJY79qKqs3#)fLkiahSxuA&-Fw?_G#z)w1f} z2FLcn?1~+eYBn%60t)J5$+V{JqVs8F*$#uG&ng;;Z;tz63F=xTZt&@vB8+=}gN8KC ziP*kacU|ndjke8NpcBCxwad0;4A;%(6e5hP_8)L7hIYWTH;sL1sJHqu=Rx0TJJCC1OB}$lbuf# zKJh67_#1QUx=SW8|ta5?Z1^1I{fP(RMR##HSi=l~7(I(AfkgU9|2^ zbzp0bS~d#kq3+Ao^hfJKYOMreoqVE<8S)1U^{N%Rl{DDwqQK~3C#=x5gG8p(86U;4 zbgn_bx_gJxEcp3Ez+BKzn|h;$nWdh2P1&bp$rE~VM&?kUU>|N$W$Te#3~fBqySFl0 zSzX*ZLI-)wpoCm*bVSQg^FNu4qkB?iCeUTpYT+X28S7swmS`Y4bD=U8_bWL zKQ&%FD*TgT=yuKQF8%@W+(!lz`%hsuv2k&71^|KfHh9ikQm)qFRh_7JVSi^+5?Q$;B!RSVP+81(Mx8t0=aLPI zb6y(K4SkdZ%Yfl6IZ@rc3s#+k$|D^>7UfRaYI^H+tA^i11O;DeXLt>sTSq!sKta)F z`kt~HmP)k)F8f)6>iZ`3Zb7kBUJ%Ch==!nQAX>QbuiF6*Pa!AsV{W>ik&#LFgw5uGGn*MsgJ#gzYK}ZMMl@R~5OytK9wdS-xF>ybxm@t?=X7u#L{^=?&pq-D8a) z(CKLc)#)6cdAY)l)wm*6*^kmjr$wd)zZ=hOBucRaJ z5R2yu!IDo&b-@q*p){Vh$xk_cBhujs2w(MRi3$kD zo$?{{W}0T=HE3R>w9t+ti@!m+&$JmEo-=rg7#nR``WKqfx;L3ta~|EGc>b()JZgnI zGL{&Fi=&33``tzerEo2t_QR;zB6zsjS+Mc)rR9O_doaEdI%mO)W*2s*tN`AxDGL8+ z35RQU6Z8*DV1HOb_J6<<#+G)bmUiZU!tWEOAoC%?4_*cPhUSqR=b`on-WL;fUgY&{ zna`IE$tA=~VKrX5xuswJf?nl^q`KL+*qV>h@pV4)IOc}Dw;0chX@3p8->x&LJO=xPU19O3NVgQN2ug@eG+6~$bazhPA z7wDCu1ftqGNyf%AJaCI}r$VJJU3WG z6?;|r03CN;^w(%4-%PY$J@+h*P#@y+wCjUpty~DqcREFYo3|GR{|LVSHDkvgVF335 zzRv#~_zXra&K3-&A7aW!MA-io3O;dvX0ebbNsmw!3JM(KpaH*nP;i}45|1#$zlHi~qFFyul$e94f}W^(>fZiw{6EQ8p@ z6Zqn3Wv_&Edo{?MfI7}<>+M;pXbf%p6CtP}+i~OEZ-nADV_@HR1QBJ?BYRs{L|l3i zd!)@Q%$zsliWtO+XjZ2> zMEibZ=+yE3;6sfgq((6@vZtz;xV5-xS+e|3+Z@}6g8&t_teAMZe?@x~sq2-h`bz7HaK$-?6r& z-|ZW9DtsriZw1l)IdCdnQ!zH*(Zz<5SNn7|$G{3EXoHrv*8iIq3ejS) z7x(ruUhU|t(Nub6cvvP?+o}254SUjys&ycklpl-VN)=TNn5`OXIFnOd0A$$%o-#C! z#tdgyb!0AfOB_vRaTyJpKEGQ~$Yn=ATRUccJS{`!z(v|D4Dt%-m8O123TbOX@kC9~ zQ{KvmhhfDOga0cdLSKU*aJ8>8YMAc3*WTq}?qF5G3U@sff*$C+hsv&yq+B3Ve!y~I z)p}T#kLeHJ_?v6lhAj$wqqk=jrt#We*NL|q6}fW-bm<(-$DT$OhIYInjg6DG*5|=+ zEw^2A4nrPrNFG$1qo{|?_QmHEAWpzIZerr}GTB{93KMpGn&AqdLW! z+UO&)Tq@(aeAz!0G`%H8b9;RPY~iTwUz1Pt=ONJTLV*?5m|Yvd=zglKneKHg7C9Y| zgJ4}7O(9+bC9zz_Upy1{P9Nz(u?OuCaeC)Y6AahMw3@i6;ok! zc6Xki%ZJ-Om{Y!%W1tz6WmJceXP}i~P$q%*L&!(kK2TP4n3ANYRRZBD=3@OaEuGh{ zErd*8hz*6RTv`Q5<3vv_NUbcW43#LTc9NEnnq96KpK1r`%Ag1^(+A31N|y&HGY&kp z4;ubB0|cnj(j5DQKUud!pc1+yPrsGsnnTC0^1h^zip)W$9>{t3SVM?5GCZ-sJSCudn7I}fbzimk=XXxcrAu6&1=I1!GH{vpD%hA77 z(4oZcAWxPDUl_!+<9Vp!)K<}f3}s)AT@|o+SfW8Ouf*L1hs4>uiA_h~{stquLxFau zCEJRp2eWKT(7(GwZ5o}_MVpYI{2l1+N~zB5#Tfj3nsew3rzd1w$j(w%?8a0wq*rh4 zf@S1svh(UCO5yoX{O-({(aGUY6kXzVWcmeBf`5Sj zL>3V&7bX*15A95%RYrjg_xVAAPRO&W_c#Y%_r57to=E1gw#n)=tMf`BHmccwgCik4j~7Kr=`<5w#%_f94Lz_*9O=~aB%L#0C@;lh~ ze9>kR`k)cPFT4EgP@lX55mKoM`4C9eP1qq|%$oW=X&R}+Mp54&OPJfT?&pUD@DCnp zZ1_S0J3ZQJ;XRI~s*!^g|Gar&OmlJGBIaxwlMo*X!bQ3zD znI4?IS}Q8DnnmC@O^?G2*1DG#v%!%5^y~;PDGTbUG$9+1fS1YJY3nq%d%y zelK}CCcZXsZfpEQhzH|Y@mOA83xpRLkhrw3b#@fQXjzz@P6o!9v(w-Z+cxD9Y0Q~nq<(PTV;n6=% zs{f!wLjP%w`S1EbQmoJ)-FNU+@LOo!6BL9(o99DqF8#TqtORE&6)CG;T>JZGqh-+u z)_rQ)Q@4i)&P5#B`Zl}n<>~3>FZq7-q6l_X4SrZx>e4f~?R3o$^Z# z<5~(*T}V@M`A`_TH3mmVSia_c&O#EfDB;3TA6QpX(Kx{x<=X7c zEDc}d9Ox^AH?7?d^Zh22EfdHlRUH26TGc+X9Zj0U@Z3&+ZsAXvvrUFo{>mL`ARj{ne}q zgxMh^&r_I~nA>fF9}4o%1oB=`rc$zYr@VV5ScFzRJG_*k zxXD;u<2%zmT)!iqIp;jqOM-dp1Rt00b?;=J*=+?HiHIFV>j(1bYbR8<8T)WHsNk)dzHQBFs$e0VRXd=IfULjgF%4TrLY>Mu?L~|G$ z$#PUC0FLs1FJo->&@q+~L@%hv|IE0ZZ@biPu&W@j%G0IKKHjGvbazOWrO}i>JRUS< z8vzdVB|(LsOj7Ye50^ktepjIKyW-V?EArHYog!<&qhkEwh*xHv8y}6x`yDkJassJJ zQ@L4ISPy2BpM*bko6wS8Ez&^->#GfrfPDs!t_SBLIABVZB!DwIb$}K@k;; zWt{f1?%6Gt&8}s!?^7*SDJ+elab?>9LRO(DGLI3^vF%M2W;lx*Ayi01lvb44?r@GC zOGsrP2#vDVjYY5*#&0?xJ<)RwIc4Cxt=|^e19ZJKG@0O7*PG9fy!(uYGw#f9Oo|NH zo{(xXG}dXS{F4M@dC*puQrRc*Iy2$|746#fV!ld5@W12!^xPHgP z47wAWV@$W6zZnP}x1N1z$d|4$2W~4sxvPImE+Ku1?P_>1%AEF@=z99c& z-zlL}_iGXc1mq1H1cc~c6@$M`hjeKg{c+#y^^f~z76PUXwM7&i{O1R?@U0n*_|9I4 z@iq};Eu|I_%^q>0gi_o$Jw2Qv(#hzQ*t#`OG)Odv=0xUOowM1kw#8%WV|1KTMLP0P zjXy7^E~h4AHbb~G!G5>JMN*R;4$)?jI{%9Yiz^6hMFGx5TB z*$EYjRN9__jE6(vTQm*%j`~_D=a-oug|lyidzPyb#$J?$u1!&R$tBNx&RT`rD5HFC zQTSN;xyT9;M(dzYXI>WmAbH4rjb1{Shrj^io)hn^r?5+9kS}lM>2cuUs3%K*?uvfg zjB5-7?#wv;D9{hK0ww2hsM^gfxt!WVXrzS5UTMRI3RTgTgQVDbzpNa-0V+9XYU5UL0q81&i-tBx zrRRX4@$xwAM-jkA7;lrrNt7n%#OhQ=<)`er}To zX6!wdT^c(MQBTkHmU;X=<>bYDe}x^hibkgVHWtEer4hFBI@L(Kdt_0UBRI6lsv0{A zpf1%1%c&D#U~pmk`jsSe7Xdrib*rvPTRZnWtvVS^9Y9%J&KeDz#K&I=zp+r*8~CMs zQle5}$vIEZwheBN_`|G*K7@%w+nuFPJ;@C6cx~abz;bL&l?%3GDlILUNXRt|-%4OZ zxtD3C9C3AHh(B#Ikz6Hl2$CV-R~U2UWA4uYuL1OyZ^g{4OS@#@?3ewVO|d$ML1|Av z&NQJy4QPZ>p*QLAvMR9epaf*9olQgF;-wAa|Btf6ncKtKL zv+kl*@sV}jzD*lV8Ig(k9?PZnM)`wRvoq_dukU0~V?>A-7}?~n^90IWuh!g4fEKnD znY`z!F`t8I0@0EL(@*p0W_-~G%Ck?6Oto3?)eaL)S5upWL=8mo|5-*Q7zk!L8Sz^Vv zrB<(}Xd(fXsM$u7gU^DKxO@Fn7WhlEd|T4tX(*Kf+)yCj3vHmX>xQTtX%zK0a^Gns zzi9+_4-OJg4v*rqypgC6j~W4C{B;i~Ox0|#VMb`xCz;FW$TW0$C@NF6DeXt&EMhhN z-XOnlZbOeojfjC+1S%Ta$YbHQ*w3Hb&ras_LdhH5=v*c+m>tr11>fisCp;If$LF|UTRGJq^0m@2*qRo_!f~nvgNRL_$ z4IIb?YgGs-ci89VoF-Y-0GU!-i$+K5b& z&wReCVIeE=WA15(NTZ0H6gi4si4-M#E-iDq1w=vBGZ<;1UAIjWjmFtG7OB0WQr&~J z6H_NEwpMH8y^4!836z0orjD^TXMhro==Fq<+)(>hI`J+?SI&Mo1mth%?L`4?EtQP5 z5J&#(jlL8}>}org*HwCFOk~)K)Ujh`OgD}TMpUI&#o>|d;3V`8zfg>_cn^GHC_+4` z26*evw6tCHTh}wYXA=lLWNvt8y;3JIt8ghLHTwQjVKUe+dIkpHNV4jfBi!u6y-B_` zD@btUl9L~c=ILzZN>YF7&B!!%OYb&i+e(ZN{;V7|#GbD@);J<4NC+dbC5DrsvrC=c z9)e~RQ?n-6m!*xBJpuV^}QHgoZ^t-Psq*|8*Szpx7BA2FU4wDd19#ouKUZS%WM>d(cJuh5d z&;UP;S5sCVwVP?HGA1LVxBd>O$@5O`!Tb4cVq4|wUL!8zr?=zaq!qf@*$6HYw#?>& zPFtOcq+t%wNd}8W+b>pJ8A0rrQC7BVaUtI194b`AYnRGcx9G$7{LC{D_c)P?ETM$@ zru~Is#v%pw!FVYcXFP!?4a{s3R_%)TgPLmQLYf{o4ZuZK;t35L`z| z5DoaY2%You@f$drTSqVFt#KMHfvpBt^LIUHz8Bal&@TndKKtDB66!e27^49RZlR$P zmIV#a3&Gv=VV<4bu=yn9(>u?BoPesl1m)`Y^j3C;<-N-uwkfStIqpkR3wd`s0Ox#V zaF$aNyo$K?l|D?~^$Oat*no;?*lv-L)z@PJK|yCZ;ojIrWW^QPg^ybJ=R6#68WE$h#IdfNk911;7pf9--_|)FNM*twKXG8DNW@ zWHB|!qCMazZ2E*kFfXla#lU;c4 zOs1)65Gj`Mz?LLeTok#>g@Fl~7U6TH5w%=XT3L@N6=^v;t7f57g zNVURjY32hgWh|;rU_MW@6=wf(`;lJ|nMS50YhLFRWw=lWXsSh-=9}mP9nMKBopqn5 zJSg!9aX?mI{v7kjW30@iU;vGih@t8#J}(oP|F=ktWt@Gatiz*&ptV_8XZgWTIvNxj-&Nq) zr^_rMKhI01(Vm11K(O?)+F4cyh#vja-+R2!KkAwliZDt- zDGq$dn6|j}b#Lp?eL96meWsPf?j(MGBzgxMm3Fdp`lg>gD}&D82cH+3*DUA$e5mB* zT7F4&Uc5S`>S*w@I3^&;5H@^g@kxGmhoZv;X8B^(L4iRVR{V_LlThfM{nzOE6L)z% z1=sXC!Xe=VzAoO}b1&_o)p=w3_f5i!d)0;2m=rk#q(VWZp<)~_F{o#bG03A5gi_)v z-rs!6JsRyMSZrD9YIJ9J7ILHDE9g01+L~hmAiPmI!!&7yCZzb39Rf9&r}%3x{6T?g z`Tc^1Rwqn@+rXrW;=zM={RV^hS1G%QDN6tzsb+e)wsuRU2(D|+^C&8W}|!W<&ul&b zBF`6?F;#uE`k*O_Eag^AcC~Y?QIUnCf0c`enpDvwS)~enmMblRW`Zy3Cf~qu0JCM+ zsuB$*m&ecBW%pBL8VPOirUgO;$jK zw6JB4Df|E`9htYBf8lv1#+-AEaaRi(W#n-Wm9v7WLE4$1wJe_ci;V$etJ4*< z))aKeek)>9SCL-rEe5>|Kr0fVBB(n0hN|{?D^)JCR$a4GTvgrdf1C{hiFjaO`uVqW zk;se@X*nS9PQd?vPKo~&c>j&I^&giA`u|X}{9|)ltGZ~v$%N)7aY$IV^sNOYq%Er@ z@>^-kR#BS}NsAgG{ux9Mg}XVg;@Inp9;FqqTWy;a6!ZrF%eG5=Ja<4MjfVEjDTaK! z0{?((oTC_Kkvh+};KU_G% zeyhapBBey5GCGt#ml0~bb!NmrVLxH&?dK^R1Ymq|HRuOJyF>}Ga4>=or zPE9~6SyXdK$*C>0G-$R}32SxEc`1hagcf4V)K!v|D_bR#dUQ#XPu@4Fl1UHXW1QrD zaORLkNDCpnv2PO2nDYH`4rPv*vJ^sW@QlV-3WjWPbHi3#ahA{6LFWVv!{cCix@bcz zIu5-V(Kv3rKiMPTK6KJFEPZpCZXSDBFrGzEJY(6|IT!Y9yYSVcIM_uh0&C=RUzIrT z2>EdgDh3Zrw!Dy7@P{m?UBq$88n>tyno_hluH1phXdR&lq#7ifS!JkwJrUdl%*^ws z%2WiZAGQO(-5E7sV8+tSI~~&vZm+lk{dCK(%XliUXJ&UCe?*;VK`RY?*)Q{{+v^hg z&5+VlCG(3};Tukf!?f=rPQ;uUA_6t@c94dHPrpTpwblKi_Z>o<{;EjGb(WNO%&Zy0 z-U6Y+G`6R4>A@A+3sflwEVsGR3lnOGOqH4ia(F`C*+Nj6 zyCMG-^W1%#17;IC-E;iAQ^z|{>cilG@iVRylIrGaCEW_?!|b{U+6XfUlnLlviY1eXS#W4q5( zL+~yQMR#8N3x5gA%~7C^StqKx*IUF#=>Dz?=ng~aAqr#qwNDo@+;JvrKYa0W|BPlI zJV_Q&b|40K1RXQB=*0y;j$Gd-jI=XohL!sg&|#7jzEArPsNWIyJEnGX|eKk_g6YT%B@hS|TM!7TBo3Mc-UW<&I za}UAl&I{X=Q8;SU4oc)CBw`3AqsyzEH}qa!cw=FC8Y!In+e-~i{%0WKmYo4>rZJ0! zlA&;D`=Q|qb;sv z-82E-!$=86kN4JlH>re-jLpwMNG|WxaQH2D>F@u@f_?Zrvs>t1n|J@?tXqF!uh|*W zC%Nh>Uz32GtI?01>6Q$d-$IpkUF#0XBPHn{1VL4!X~7kN)aio>Pkn8&D>T3520YR>{ z&AIczv)BI);}QL!WNyOx;W%OCyID>2doTWXCmNTfIGB|#BG~!;5)^L#t_dJa(_A*3 z`Xj$92*H)mqTZK4V>{~3@=+C{kXzAkixWR~g4nFGNHJP24tH*4+zQ-Wd4%}#i~9sI52-WlM3;uA z-n2B_xiuv8=qa%=Ux{)Q6@gC?RT-x51Y2X~KS8+`kwoupIshVH&=547HxdPyK zDT^ zM0r^2g8+Y5X{TX&1Nem`I?|Z-tBnIB z3shRtjK1$b+xt2c`#n4$I|Y4-Rpl7kGAE97SLc$yu}1YFdF1lK-QK?U+Ehj}BM=t< z$*VB6C}G~zUBprPw6qypztyFiJwGkjqn(Tv_GG?!0iu`2AwAs8>##c5_`Z&4Pk=F0 z%R*|4%xGN-!X+H@{%+KnhzgEC&Z1mb3VL%B=G#u!;~8lMipVE0xJ)DI(<5a0llaRC z&h~2Qe3|2f+g!&aIKr>gzH3qm%OOOsP5K78wZB+^)w%7L>rc|2q1|Zjj0RrVS)Go~ z(R+g@iui^v>No1^e(H91MvH1s$Vla~!8HXddolEF%LcOe8~w(HGF$wvQSPRzn*pZd z-n9IhN?Ojb^@{0pJPf}rv@8EWMnI6XUcWD#u0#5e8vNLP zyF2_GwV$joLFH^}bhRUmi~HhJ{|c%>LT*M4TF=6=|HDhycLY-mfSLp-D?x7s<^#Lg#jkmm5{ zqDSDe7|0(y`mz`n#FOij&xFnM>vwK^`SIoJ$o%vA{fKpb7b`)0`s z2_%V*4{Y|pW?a(jB7zciq=+KMZB z8I$wgYqSdcz7LKGBd*`R_39KhA?vP0atZZoBn-ph$Gv?63I&fPIvmA!T0PhFZ;y8- zFtyZ(6i*(NVKj4$BMJ)-4>Xd^ViqHg90@6@eE{CxL-h2(_FhZ1J|jT+13#l7J~cRx zbm<)-BU3?)-SOFyFol^>@zA^mmvcU9{`IN92Xwl9iTwVVOis z&COxFGx}D=I%YKpv8I_69h(bSY4WHdt930C(~2%UVfsR(;?m>Svn!Eo>;+*KJYRQHuIFZb8^f0tJcVP&!uAuN)Iea1g;p4^QF}n=Da)o2eGANAGzAMs`rt* z)n%H*`SO#kEJn*|mV1d~#L~HV^SGTZP5;BT;g8v7Jl-=Mqc21!NC^2}8Ugb*pB=c! z`0~W zi1!x*WIitA&!#PJDwOa`2*t~R``KyvmyVC0n&?bNh45DRHqN+q_A;~5NOHq6=#L+{ z-aLIYEnD_=nk?H>*ai@6k@F9P1&3K&Wi9rRT?ektzAc31pcc6t+Z_DSHNTEtDr=*5 znnUKCJa!Y-FM!-R(snd|hNXszDdabVHBzsa54)egprP^PUxqKZTt8)qVbO?iBf>A$ zbtBw=;GRIhZd@wO8##P?QhUEu+y5I8tYvtDUK7x1Uja4de=+ErIM|z8S=brwUe;$1Rt(;Ns3; z*-GvCz3l9igJxWMo0v9|aDC(d4K$5DB$iyDBxy-(Ygrom93Bk%{Xn^_g3f%Q0uCN2 zcv!pS<3d5)F?LM4c7H`6Oa$`ojr8`sxcJ981WhAwDKt*>3^Dz2ljwk36nmg*!etdh zsUo#7t<~zug;owq$2GUBaL_>zsI~sdyCBj^wEKKi1p-BKo1Nbx^siQGiW3ZL%Jju2 zUyS^CEmuO0gUTn@4t@9-u&_jjkVG5)AwXcFDaX*o`EjrEkSWUhi5-rB1BYws_gUOUTKUZYN zmVbZA8q%!O5n*mYDtLo+Ht1%j3r?rfWpBLJ${_AbOuVim)i$Pj%5t)#x)=dcxPW*C zC?wWwsV(+ZY2fB@Whtp-LOW~KU0jQfMAjQR!~x;S2mA6>bcXGfx)^(+-|$o=Nl?jx z4uH69f=aKy0}~LAZ!fgivbfLhG-HovHdKqkCjZvyfaL!GO3NrD@kCTm@VV!HT`#g- zc)Kc-uAXK%CO1zviN333AZ#Os(31n8LSJQ&`mJBP=Es&|9TbSWgNqK&Oh)|}QMLVc zdUue$2aG?y(0Uc#>!(sHm;%}%SlT4#KHRy^B`!(2ySrujMV@r`qLnF&;JCo|^6S%j zZ^OLyEQb)9^54+4=u?MmySRMHe0G2Hj^+RB4jP}zhz#J|v1=z9#_K!WSAV<{fzHAxYS}KBhiSusZXq_j7jOj|eo9wm?lwNputl4W=_< z5dPN;%YEio5^3Q%V?v|ZXO>5mf(*%hoj_vqtVHf&aA?2mt*`-C=fYoA07cLbHxvU0n|4ceM8wvIyl;_*u zmfyAdd#n@6g|DM_^ac-JpIdX`@5Y^P5iSt=1k!e6L}?0Q3k9(pPF+2L7T(4fMu^`(fMU^DmPPY!br{+}%hFf} zP4{P)nb_Ls@Al6Wnv+IH%K7r(prK0PeGzssG0H0Vid4xCKj&&RHL=FNXFwb?a6Y=C z)IGSN$hp&dO7Wi9SegyjN*F?uti2ZK+`;w)`3KNoDVE)hIZ0N`y~Lc7Q`y8MS^kO@ zBQEvDVl!oh%au-n=2&Cpbhr*I+j(@K=40Ry&nKa%CSW_bmZE)m7>W61doG9mxZ$Hk zl-Cw3{!Ocu-29uc8687l^kASQG?9UP5v4aH$0&vra#%^rdq_#ZD3)ThPezHeP|~@! z$P2R$GeH*rO7OI=umj4Qvqdpr8W1&r)gls?eV@)w!a>_Vs%eQ1s6kS!wV--Z;nCm>##vJ&W=6N`-tl!KP zIyG@Fr-jD%-RgC?jbnFcFje+3&s2dYU@m@0TV-t`Ugi!tEZK+Oc(Gp2qPOf(1IAgt z;KEpO;*iIjN+;WrO4oKaYF-uHvCr;6-$}bG4(u#8A3Ap=OfB9TLTQ`k>PSZH9SOb|IZ!y9J9NYai>6*Q zX@9yKzx4V&FTJ-!h6M>I-UO2?FE7LeOF zA_SE32M`{Wo@`kP{j=o9Z)B4wwXs`Xn`LN`yN8&>P19!?p4%8_&jWf6Hp0||(`50pZhpOXWgzba9 z_8vuLcjVSvdu`ZgDx*eJT0Mei(zm<&3a~^N!17TN9pF}o`FD<$gOo|pwkpD9swZkn z*|cvqyC^^9sLp);Y&g%LOPi6qzDe`DUNuks3C@Gvvqv(!2vvMOjgom-R3-dL@caY) z^7=s92080R`h*dF?cAj;arUf?bd#~k`5f%W-^Zz9rfcbH06n-E0C`yd{WxXj>FR7m zZ)aq0Wp3u;`cL;Fvm~LvmI{9x_PT? zg+G17n_!^916z0<_P#r?X=rMBJakoIw{sfw8Ec^4bc1?{$O1c!w>}eh^>idbBJxn8 zRtQ?aJQyO6%bz@C(YWv>B5vYri*vs6L7A&qx&QHN;Mzc_=L%t*tIir7HsOqeJIic!QLl_2{a>hCxI!eA9|6ZD9^Jt{B#)J`{GxiaJ3BRvzzJY z2$NQMX4hbW^APy5!h{3L1#*9({BjI(21%(7Hsq)Ze^yMTtZc*&@Tu3zwvIEDxk)V_ zEL#Zd<#+ukH2AtBd-e%*mBpSpgp=YJj^~nT`fd1-bM@Vhz{4}HeT!>{{3l#Cy?XW& z!v=Y_s=5Gjxz9G`#SR|XPLj|0`A32v)ANE9%~+e6C?S%xk2p-6v)-j{QD&72dSR2l z83-9N-f#8rgLnvFI*4rX_AK;xov#xfg{f)S9#7;V%2ii15}qcF{?tWsa0E}k-X2Xl zjN$}6(qQA4Dmx^-qh-w$KbFzg-+wzTXq7Xy-T>}d+;IP^TQ)$?>TKrn&wqZczGp)s zh4dZsgD@(x0s1_H4z_*98Bw3ZBM}U>s9R=Ve=}1V*P_d(+lMV__UrrVH&&ivimRb- z_>_T~J8A}g&&}TgWhyzc<}opL^9?>AlEH`M_{HcKiUNh~F_p6$c6bT}I!>5jf}xK| zgy7RsAfrZ~>U%DRG*-f7fNzIgxZGfbywG#}oRM%dMaDRYNfX0M0dsg>|hJ?WT_S6GxSObaBlR?!1Dl3L#BYSfha`}ONZPNBn<=ijXg zt>4;*r>hrVt0YQfiWy17OazZ!a%^BcyMW6gRA|*0ZVQkF@6=3r2t_|a6@d;XC3=IQIC|xn6ucC&` zBeU&V*z9~y5ZyCSiR}%W!6IF^3PhvIEI<-t^p}c)Vx-Lw^CS1LwW>mE3 zrV3QfhTj-EKnOXGJgKc&Zsec(JFRjn2fb!# zX-czfy=AY>o03TqrT+m=R;$MqE0rWemzopG{%*SKWh5uMd}z&ohhwB}OSeB=vloUo zXy2QqlMu51{8xQ;^-xikVptjpz3nSYDJw65 zCOSV8R~pB5V!!F0OJey<=I@E#`jT+D4{rf3g>hOo(D4<=i0Y(t!f8R0ykEwV#INLZn*jkzV#{oul&^}ub zsaNMgAVv}~()6gLYBMUYBAJE?BQ7SHYMdRe0p@CHXLQ8*@irIy@P{2*sWLs8O&X`e zZcpY3R9Vv|Ro)2%e_oznpjn)wTD>APTg70#97C#mcrdBA;g|^;4r+y15DZ-4A3)Vu z@5dgbrIh50gnGp?F$;i=Fw;T@RE@#| z3WuLhbn4LCFL=&oScBN)s%WL}f`(<7cK)5rshpW?az{<-4YX<;)I1e=GeH+(Sb8y1 zuKBK{Fe^A{pEaFDVH&uG=#fzyQ6(5Pz?A`JFc-Or>aN8d2PC+GX_ZzP!ZOK@c4!8x zrvuFvkt@IX19VM5@C1U0ocFs4!51fzw!x>Tf6t=ae2fkurVomNJ%Y=g9e6dsof3-) z3?SYf&_K;g1RP_n4vtH2AV^ZQ+Z!)wV-gccN}5qhX<$93jIU%(Sf>G0`f@sg_(Gvo z$D8tM$pa%xXg$YanZM5K`zjV38+Jex27ArKVmC|etV_H*(vJ7X#EkT04L_dP@EW3C zc#nh-i;HfCHLjhxwesO1(I^Q*-qD7IBE!gMm>jr(kZME`D@ueeQ?WO@!go;OQOh1v zO=+B#yQt{afH7_D3fwg`&(pxJLiUE8CxDR7WHVpL+6Ml}hJv%~NO@rD?T3l>i!4x0 zo?jtKhFHt#-zsihd+ynF36!EWx3!AIL`3rtd*KhUt2N#zqis_2ILhK;<2r7doVkfl zVL%X8CL=n6^arGo2^sA#3(=EYnNXZJc}ySn7OwjT{!v(bZ}}?Q-i=guBu|dWiH}wF z10`p5;`iCb@BTSYVu1faupReRdUw{xWY^PMOaGp6Nxghe@I#f_%9Jiz<}KqI%)_$& z&yX8sNjs!>Lyo=&n<}=!?4kpC1(j5SLXmkC#l@-A#GT&=33P-BAllz}>E6LX123 zUtV)eEF5lQC3?;Ki1-lW7(uz9iTDV91${1rZ~2BK6^pM%RZ5EoO<_?y5wP`&6)=ra z%PQw(gDik3*Rh$wNl&!nKWq1LWVaIGgLW3tNr)+bCsm>j%8A1oW6EE*$uG$Wm}r$Y z0m~&4rPIJU>C2`{@t`_*-}jZc21z{^2#}s~Xb8%NDoquk$Kjlcl7*os8SJyn?F4Bc zWoGT)$(s$JQzuq=?GRRz_SE&#*Rp*R2e<$pgV!?}!-cNw2G#5+;}9>tU}MM#6uWo- z>AFLl!}!eX9X=;8o$K5vcZfX5pAi)PI;87BV1yX9HyPI^w1VJ-s2Ux7z$X%^N_e^e zQxhlMg4YK5PCLk2m0ZV3N;4dx$@JX(7=0IXwH+K(+9ZiXiCv5{=tE;@n!`FKhd3|Q z(kDNc-L)4rxxG~@dI@d9EG=qfS6r~qiDBGI%g=~W zF-zN~>BnH{D~x@DJQeF6jBJkey0AQtKi8PRfK;8Z0DE1CpSj7K#o`krnW)VAT@jxg zQDO`lYFU+%pG_lF!(;K(R@UIk{Sp1X7Y;(BcbO8TDfUc8ihoMmMO{3mHbO_An8VJB z!=aDQa(c%WRiP*4WNrDCiJWO)-mFO{tOOjsX`btQbjj2E z`q3oNWy|V{?^^5Zia_^CU3wBkNsAO#h{9~NqDv>JgOn-OM|xd|sh*^&1)Gz%B&_+w zQt4`XQc}{JXNTPRpa*%ArHCX-8X*CkBUbFW@<7sl|GK{K4cETti1j>ve*y&|!bSMR zc<97;{&+zt`iHk8>K&8*AKTE<#y*g-l)mf?^;%rw8)DgKh)HbOV^s>>tSRY4VpH!q zl>ziXAsxvxgH>k3OEYIJNfgyg{gu(ktk`FqW3(aM#PoCF;$_$iTPxoQtxR)CVw$~a zv`s|B*)XQ2yc`CsSwDTZQ_9(~UR5j1@BK0M957^wFep3bpc&ploz6a(n6}7NZ{|fxLo9I6O2M`e8(ASS-KY@b)YwZ+(UArv9PpL;-i-fC%AB z4BGY1waPr(UGI;Ne`?lBeXChm535R`$%4()u<4TOwy9e3XZfx(GIvi3)!3tc$UT;K zZ<4UimRHC%!%S@VlbZ^Rym{9h^#i1@8;tknJ^QXUY45aZ?UC?bW4i%{T%{N=15E*( z{{Aej={2njAU!XJTP`7@8;zc5`nI1A`wwt%T z1&q4)D5aw?Jv9pfq$je?N#8fKRbC^;oXHR5-f;9GLWO+TJ)czqeo!OQwt-dxEagK6 z=~r}#_S;0S17xUHrD5kxBO4CvvH!GC5u?0r8&?c5|26$wsP1Wioo*HkTU_K2z=vng zQkXICt7eWWvQ@czvh(-PSfoRP@8Il62CfAS?tSAF?f3z_jHWsX1EbaePX%gglyH*+ zBjf<*q01mYShZ=FF$kpM^b?M;$0wngLDcxWL15Du8C(-~j0LD?`s`TqGSGt+-`De- zIYNHZ1>5x5(KNQM!odemKi2&CI(P2(FuE_e+wtF{)I?^0<*9o1K)}#3akl2@$}AFL zh+;JbS#{$vJ7Z*)u4kK|W(B(&Ff&N3`KVn*RVh$45b0|a?`hFFW6y+A|H}#N9nMm` ztY=H5`YN1^0`;aGnwe925nN^sQD^thmyA=py%@pq_k*_@!SOl3)sUeYS(X6w$%nS9 zKEtH=JEC9{dR#yb4_Vuc(%#O^78hXog%OoWQ`?IqM z1!I5@YPAA7k}rr|rO4w68#uB1DVUq(ReG$(=2fx$+mcPWe6)+18B3WbAbo|PG*}1? z@sl92rgXR#cfjNB(vlDCM_y*hqz%pbL#t+3pp0GiUJ7)t=|!N|)M^5BA%~`13`}#D z3dA*(e4l_(Y{)24%{8OA*AB&~r_dj^XO`y7 zZSYL!F9*7;a`rrkM$ggGJ%aw17E?ztyo?CRUlo_y(1cYB+mw#NofW?iL6<3gkW*I* zcyp{cwr_&6sUpd9T`N0U$WfVVU!0p%*G|qkrndQ$;waDJ$&&9!^^?dZhYLBtX;m-? zQ9mV~l6F6_aBX@C?<-MW<31OsemjKm)|6PxwHE#;(;T;q&`>!(stMW*ToEWW^t;DR zV^EaT{(+svPQMjHu`csMk8lM#?R#4_-0;N5A$WlX&Z2$hMHy#3Uw8dgU%{p#r`(;y zu`G&f^7EV+mbQ#r;Cr$q!6J==^cCHC;Ll$cs;5|T7tr)P=zBBL78_R!r&ZSsIT5BT2!wEts!SF2|C7g_96zw+wJsY=@J=A`pXzZq1bO4mw%h7OOQ#}9ECd&nxaAkA`7 zP}T{T$YUPt1xbSlYZ|Fv&@`Ddjtk93q1fZXFq(IAp^aT#z{W6=1ffRU6Ey z6{LYp6&l)yaArWd;}~56Nl&QqqUK7b9!lEEj9)I`qHx?XtQcWou{c&-Qt7jYn&Bwf zu`sveK7UD{HXGqPkh~~jv{qRbz$M6yp`avAw9jEE5d>^F;-hS&xwL?3BUPtRifDeI zq(G=!lI5z!Jt@0Pn=Ssu7Bl@%w*Hm)taen&?=HZFL<;H<8jcd!H;QstYCcdGzT9A* zvCI)Ye*E5&hc9#BH&)!7#Q5;Vov)}uJ~4sb@P(u6HfTu{0FBVMP6PHE8getf7Zee= zXwGUXEaYW;XVj$>(NXA7q1p>*isFhzc`ip?))9uMhG6+F(>0jirlLXIcs)D@Tp}1U zD;7j~jI2_uO)-dj`fuGeC$pun12k9!tUk&iW9|7fBC0}z9IWow zAnqW3wLcIKoMuXCw{$55``^V9&U{i{xcyjXUPr$+81{rTCSE~_+luRmrCs<{K*PH3 zfg?SksJOLed!7?9bq7Anv2?8EF#;s4ZSpBrUBw3aiUGFw6RCx!YKhw0$mFZtUX=Ct zSpi%tYlWkmuhN>d&R5E-z}?lr)}yrifwemk0nd! zXI<(>=@zw%{=zqU1KonnP(FRFVvciGEBc2p^(Pg^a~3;FUJ>chwOk*=tq^Fr zD(u_=z%s1XUZeGio$k%%`@G}5L#;ZKCAqmuORi(|-9w5lVb4r$k^i$jo}-)u*Br|Y zMpk5_&f;5Eu)y$T*6iq5Dqo2Dd&9=H|LrU8zxLkC{$S=*0Iuu;klGmkJ+Az_yGpI< zKUwvFLuLbu9}u+@keYQWe`b6e#>78Z^}hO)8aV(~eQtvCr_YORIZ|tZx*Zxd_a1=D zww?2`zoLp;eF__NG+gY#q(h{;f~_4Jf>4x&G1k?vw{^s*OB1^+! zZvnJ!nahF`H!SkwC7@sn27%u*Dz?&ynxg<-=sJNrC0IBW%9F8?L=mS%OT83Do1_Mv zK8qheS_7mVKYUUWz-AK~tv=*N0&^?+VwR|&}^~6>7n?a-C@uQkRcnTwR7QYXl&`|Af&MPcmQ=xH9duyExSl6 z>uoI|%;Q$CV#d;K<#vZUH{Qrvn(x5BrhHF_BvLm4>%|91o6ZStJ1*hu2|lPhADG~D zh#o*=BfxOe^0oyc_5>d&HrMP51IsX+D5sj{@sBJBeSf$e=sT`}-gQ^i`?EZNcTl>R zE;q?wzEvz1qMBMgNBSfV(J)__04DUv_4yLG{LZ}SnSzlhU2 z2(TxZxB8OrJTb{PUbH-&@NFuq(}#`;|8{a>uyk;F1uJd6gX3O8y@@Wtm$bB!rQPbk zIdHu~!7F5|h1Z{4$~(&`O67(8)sR!;BV-1iLYnI1Q6k5fXRvG-$yv$!3Srv ze_E`}CM*5bcgFWA zSt3T$l(v0&eEzv*@Nq2q*_!Ajr3WX(|GlCUyGC2r8g(j*b zcx2tBGE6E_OH$NL9&t2j;1+SXexhOLen6JSMjH|s{K5@&#N~$TW}6)m&%R)`ul6rx z-rflLxzqd1`2~@MR2sm0!=8JR!(kdWNbDly#-kObmO{8lokIMi*9Cu3Nqj-nEdW#! z200pf>`rUTa`X9!D_@-fwg04&$N;D$BjlZtX?qwNG9A#2jKjZKc%qG*pedt&TeZYs zxaj+ZI(~;eTl{bZnLt1CxohN@12&P?kdy6R8jawE%DhRmjg6c!9a>Y}jld&bN8|&) z`UjPyt~w1^CH+6BBo2MAB;}p&+~VJ9Y#Wz`O1=k$U3rpObHh!+5yXuZ^Hwfl50gW5 z+My=_KFNkB7+lNHlDj`}UY>8An=%JA;+hO5SnqZ)P#@@Wc?A^z5a12Kd?82rDG0lP zV0A0E#n3D3yxVhh;MEfmLgR&vXTyA*bR^H6wijpdIQ5YDV*tt6Gc_C)!KU!F`n;OQ zCz$ht{5^eP%jzplHxkC82Qq}uHc0=c{8~!sa@VIV$NaM3&#Yq1)((f)>U+Ph=lezq zpS>rht#`=s_7{l7eBO@XR)h1Tt$Y99KTbE@9{(nAa=tht;syYuZ-7DQe<5uA?-on7 zY5-A*G}2$95^;M%ZR(7+uBBApe9NpVb)-lTyVUVP0>jkjx^7+sq0Zkgyf(NX(DE*& zMUo@k7IQh=K0Q5wDmwN#+I3j`ey^{bGwNVxt2sHu6o|!98f(8h_IybFnbfhd6}VL? zC?V17l_*6G7@Sz+)>3sTBQ`H>QI77v<@8Ilhid-caPVdH9b5ZpkY zhn>8=IWqI$MO}5Cb}SzV@cvY#BnO`14k(M7abZ^CtQ+F*FC|_z!WXT}H?mBl-nkFj zxT0A)pKMfmjY8(xkxw1J13AINixyLtEJN|fmt8!OC49(Q>@oDs@1LDtTC-)ATBvk% z1T9BTrn{!;%N}3Q0`Rb7o_t>pP^8IH_>D9s1yUwWhm@DyPRhC9&=5zGuT-XXg{(O1 zG)y{}j1Mh!LSzA%1{I2Ur24cpd zccS+U&!hSU%c3P8c2J)NJ@k7l-mI}{I6=e)EOmgnPjCGd@={vbmsO7rhcDSC96!A7 z9^UR(H$NX)eJvR(OFBTAKNZEP)BExQsu*p7Hk;r>HF?I4(FN-{6D24|acfQ9hqe}z z&w<0YxkqHo@NB1YNL4}>mvO@t)PDDg{?6xtq70^B8+6UoDp~!a(!ZPRFb> z?Z{s%T8H^-uOh$u8z+C{fM~VYH0W{joVY(`%IMX1kAART-kDsKwK-$!O~T7>{cyFT z3~YEbKR@)vsT)>#Dxo&{iF1=)e+a^@6Z`e#_W={X`GL=~jJ!eW_Kx}m`LA$Dg(+}M z4A3m90L(*{|4p;_hY9+B_vNZh2GIMN(86v3Zh(*;nDk`wIuOBEQ#QQj+ISJmY5G$S zk)+l#d9HYzC4X*towqrRb_|(N9m#snR$cgg!7$5qHPvdM<`m}p28=@;cT6qWQFtP7 zw6T8<9qdQ=I~J2!hjX*>NWhL9R$wF<{F#KhS>Q2a%Ly-cyaE^UN6Ybj#=u<`B>xK# z9VL8A2`;5UzLPSRD`1mUS^WzTwM41!eCv&-3=H2LHYL+!;3_y>bvA$s^0xe{iMYHl zU23zV;@MyLVXS;pV(*MPztRXt*YXE2&I6+jQT=4rkDPtEC+1umMgw0#v+Y*mn zDRhU`Xyz^*8RY5rBzfdLZwN{cKY6LWXL*V7N#t7S*SI*YQBi^vYGzhy``k?mZkvhXr3_te_0>Dsh|(hr7>) zC#IAwqWuMm#sF<9utH6MRYenUONp00Q#sv6#6qAUON2#PJ^;#K9$s?u2X5P9PB%!C zn`{2{%F%VC+o5J2GCQ2h7l4!(h&rW&>I>ojqVvH^J+E)}B!}r-;nizW4pqsp-i;L9 z2Lg=e!bvW)U%M zGRAhn+3f~IyvZ2%^(i2Qi;<90_RGkJ7O^zBKDH925FdF5<0Tk zDjopy5yXQ%JTt+tV;^kV;Wq~o*lN+RgSct3yhWqtND&GiF6VUx`-%s{dvEjLdChFm z&k~#31s})P?vyy(JUSswjMOM-88u_zvA_(TV^$WSry;2%?@bT~XKkqPK#JtNoSc-F zqYZHqk3RUnPQ?a;nEFoh+>*EK{|! z9$27~>SCOgDg)yR=|Th9dk0NvkRd^p$g5@cruB=5UkMCAm{mact;iyck$snsF1-kG z;>c2hzB<}c-MNo;`4K%`wS?*xx*@4UYTRVqC+~#CKoT_1r%ElP8e04(CZ`sfkSa*Q zv77d^lB1MbJ|GC`W8 z83$xdVwQg6E{_NW`(;l11F8~kjnhYDh+3~$t*6v=@T(itz#|9Z-XHmdlw0iFX{)A4 zp!XwYdi=PX(vwiqM>CLP>1}^VAoT^hK!kcM%H^ny;-M7!Dk)f@iz{azw~w=jS8cT& z^}D~N%qc@*bSokd&=4IE5Yhjwj{i3Y!B*{e7u1;aa%ezk@l#6 zwp5N}4;Fe#!Tvg|?$t0riqu(-NbNySy)SZtVQWEk(W5D}cUJQ$q)p6L)3eq(k*;Yq zV9A#ZB}3kmz%f51Pm{5&xVPIipel(MUiO!{{kiDapX{ zfdvYm(@!ULirZ*4KDJHK)1B57zR;OFxS~`S)+AI{GZet+U$Cj}t;2vE%Iq|dsg95> z%x(8xdxg&?M=td82d<%@ZRE_0nsim@!BwDK1|@lLa(@2&*rL66^7Z28@6O7R9sOO( z#UsF*rzS&RTH?LM(?+7sC5*v= z5t4+E6|{IywtH+45m~mr(BR^uh49sFw2T^Vd2eGoov}TQGmY6rtKD9#cN3@gk7Ru) zMogkl^E-k*?PQq{x7j_QfJ7bnWsD)xfV+!~Jo|h5RB!RleE#!G z?1)1Db}4rqQpUaEdw#xrZ#!*+A;m2^g2FGTQ%5&EyofL;lCKL{I&Dx1eOiu!?Xp~| z^g)RJD9a62NEJNHPzr*ks~#cAZc9tQ6}25t+Hv=TiCC6IvnmqPiET&H%U z-Q!rbiyi)c*LH-stl5I}CWjaPDijV?GOzGKA4I9rDjPdFv7o`;S_*wXXoaeu`xYaN zqJvK#Psav(v5cT>&ayEhuoAw%r=z<+>g1qzRBBq+cC0ow(fok>V0GFDRU#=(JvUc5tC$-0Q;T*m3GyIm+ zn1!b(f0Z{OAZkoa3wv*D@7O}_Y-}Wbi z34gxAu(Kho30*)~zN6M?SmrfUzcK^*R*AB!!^Y))cvq4-V{Ybh8#-Ml@~P*dx?lY) zZNjzv;iZoQevNE+1kK5yM@ic+_ z?SNXDdXvwsBmZR)_Iwd_zHh85PcULCRryLIv#HnLxL7GUBS7mn!M^4Hgi&(JN6+_d z!A0hQQ)NM#nNS?|!~Sgw1oCm~mX=o_7?uBa2FpfCOUeNcUdu&8{tW(z;C6)j9a;HO zU-=Tmdml_uxfr|naUbpJeF4ZZ6KB^6e}y4}C}SNy{DH<-uM%Bj3F=ryE*>QD^N^EQ zL;Od}It{x~j2;@u;h)u2aF58c`@_p&Hc!0wRt?nvNGP@#7D&7I&aeYzB_D-E@%k+m zL}1fc&Q9t*71~U}SQd~WCd39p!F-U*AKSC1(H-|TP&wUka&vm^u|dZq@Sg8=|Mc?$0gVUU4TnG8xy7e z0__9wG#O1-R$gxWkRz>h1g*K!Zh@PZ1gLs}owuc& zK1Yk6bK-Wa84j#?@{jnS_2VFfNFObj8hCRuD0pNt3!pZNTK`I?OF6kP_0j5Xlt8ob z`f4N}s^wg5Hr;-Y16L1BnapjIoe6n@MOH2{jx1yfuc0}qSYPSOY%vgE$riIT-q3e4yv&{bxeR#0_qE#I-C6?h){&VRS{GBBQoDvZwEC>XuN- zYZYMI%Ij8lhuShiIi+Q5VsDl~h3y4KgK1BoJZ| zkv6q~6G-;PtX@?EwW{UBv!la9R>+Vm1V+wyH%#Vah^w)z34N&HA?)@bu%h3ToL>-C zc2{bTTvIX6G)Umwh+(|(V^C4#&5@$aE0X}BO7k!GmgCb~tcUpO6{&GLtC7B>G*d2B zE?RVT+~p2VelUFmn%smR5Pmm2b_h>n;!_I`IgRdF&4r&=HGVQP2JjKe1zMExh=0sn zLJz@>NJLRek7KYKT3a4YGqgEVcn;=pBZ}s=+(fCIg~$ro4-p8&vQD~kO%el`;3R?a zUrN@7xwNdBz-beI#%!iwvvHR&JSEq}wjJpA(>KzP1pb7uf=mpCeLMasUK-5(#@VKduWh8DpjYojzFT5`Q@l27f*lzxr(|55gi!L^3VqHb*4wr$&*u`^@awrx9^ zv1V-Bwrx8(S$pk+z0SG2*8MT6QX}=HD*bi$`?j7&hlgqqs$c-f;Sr_itBdyFvWXB@ zuZs{O8qDYP6a6if7tSY$O07Ju{do9btT*;WVUaqJEvPLd1(YEk$%FzG<>liCg+u&S1IQC~oa9JeM;CE)tl; zc57E4DscWJU4 zb7T|@%-F38CE`clEX1}&P>8>^t13{8<}qoMCXXJ)ij@~+_aou!{1CnB~UK(d6v!PPtbw}4n7!$JQeUo z+5QEQwAZ2nj$#ci)C(0`UIK|^3_b$FOs$dvhT8!c^{-hK=nH_-=CKytsK|W+rfX@I z0<2y}dQBzs@qyrRQM=2&mKQC(fEzQz2M;WA%XtQkeN*wv3s~@HQ5}K(`rqrTH_=3M> zP+xyu;C}kDXLxu748$KdH)DD2K$`*;+Mt95Szn-ePfCDsX{=-UQJX!YI^p32@G;yY z)Wzqrne?gu(nb2E+NXCjH_ALG;GkR#Zm74q!S>la>H65=WJ6|}mdn0Dw(Tu0gg;1(ouyH#4-qf~3B$S>z zP^BTo>E!(oAo4&EoYL2;F9x-UY({(z+7B@|%;eOts1-J)WJ zaf~L!KBPOHye`Z}6bXR|=H+&FP3<#n*{6}Dc^EUJGn)vjXN?q&jS7*vqAf+b$kpE1 zoR6t$nQ{A?D1eDZ6{}PjolFHp=2}5cy&e+R35!TgEdj}!-Db|iuzN|iy96Ly62(FN zs1u&tj8baoDoJXdq*@~LH@ub}PZM(_6m7EamPQHkR{4X)%Kn%V)l~FJK!eB=HmtG! z_2K_AfUq*xyWc_ia{|YqQvdqXYg3#v?x1mj)DXbk=0ioAL5RRdw7AfT3q4M(6$I6>dII~zaq4$y#WtG}87d+9!ByS`6{on3;iVEvZ7GNS3xuagpv z8?Gfrvp}w3t@81{#XU4_Gwvxtd+SauQhTiA~)9 z;uC4$3J;X?Tke?ePu!**OQjc7ZHc<{pxXd8qN@PdtviriS zzlrOh8hF4-Hl+r~5?(GZ7>Zpg#8?Lmta72@ipkNn+j;$~__qN$y=>YK9hMQn9&5B& zsaJ{E1#e>>YOj=bHFJm$XAn-ED>GOMY!auIpC69 z@5xCn1|!r`A9b}z@I|lqMy4lvrDGi_dR5B`t8B~5#jmfhQt|{K4U_UbMq^zIM{zxj zk;)Ds^BC7h;6K_~veD^|8Y0k+Z$3fdzU}SA`&^-2E@Ajv=3BEE?{)$1?|Qn?>iYgK z`+mF$&XSIQLjB)AlT<%Lxd7Jgj`mixoOCR7%=C0WYhbO-O>Jx)jAi9}e|9Lsbjq*s zyRCuFEcgrz`6Ek+wio=pMQT_GM{)&)^WvV0DABpo&B@KZr0u{&oX{2^irY^^G>L`z z6zN6cmN4PK4lUNGX}Y;86G&Hz&`5HF0n`rTjS>T^dBQb<5jzQ3qxh0zx3UB(oOdvC zlfaaJ2u3qe+CQrESA*L|cwN&>4G6*nVm!Mzn(=ljIA4tO#u1O^xZg`gCCa!k`f#HhxZ*IJL32>BZLS1w%D0FfydoOT&0LKZ`~h0^9OlS{#=D zeXRK`^A2Z}IL5M%S!!l+?;cn0$kDfAsCq>aH*&2RB>OIG1-m8Kz zq`trZ9GIZ@U$dkg_1RsKKkpvnr-1hV{vX{9tgWJz+G92tU@l-^@LvEeU-vrq_Ly3j zC<6daTbZWG6L5qjDBwvqc>Ji815y$#bjIn#S^m-0K1RjMHa&XYM@gFz9_lY)&wku z>iAoB(Mrj_a~Ly!#WsU#rC~Aq$_sTSEwc6C>o>7{+mR1Vw~r4vnt+?|tgyuuhI|Yh z0oo>7{#8&G=7naS~Z-~|63VhykhFm=F720xEq($QTZr-TK56QEY zBmWwZSh)fS(jtmA*VQpgym#92C8tFe`P8EqE3)m>L2g=K;fton%ZEkl7o2O#^P>ad ziQS%005>tYl6pg(F`|kEr?~(;zP{#n-Q$xl!-M)2zxFt5M(lml6}!vNI%C%W*7#dv z`*(T0$p+4pLH_^w`u=YsEb_mosNp|U^ndS%{=Xl<`hP!QXlwnG1^*X6am($z^^Xl& zRzJEz`rkhH|L_{bx9~YGfGmypb@n?TO0(4z)*S;h&IJS3{=nNY4F%?@9jV91rk>EY zVj#@uaX+aKlb}IjVSdHh0k{OrsUZXNtLy(yuVE%;jpAE~-NfoYYtG5UQxrx1CIk&# zW`DoZLmg@x=4DLgX_V2d| zs!IAe0&V%zzZAqW?fN4aeayw__MOlZHnt9kY>X z)SK{_X|?xK`~D#@H?y=P32Y)oC!y*I2EW?0pSmL-{)P(^tp%ZfgoPYkycPvW^oE5C zns+P!Bi|KC)=vN2%ci_!di0Pt6bYr1LI3V=#uo7dHOJ@)y|Gh)AFd1$rK>eJSNc&G zW$9m6vvy%Eg8?=Sbo^-92-PXoQ}ErbO$1=t*+fhStp_DOk5c`YwIU7+=Rs#eyz*Fb z4nOj=8S(=x$dH4`Zq}}eS=C$%FL84fQb~=$C0M2MLq2+OY<-jO*mv_rTOJmpjMcrE zkKv=?nR=Q@Tll{Ttf;ly_^K7_x$rlz|I-rwNmr74N4Qb^j+^mpp#h#hdCkIC*OkSUso|fv|z6&FU zAK|}!_{Q!R@SM4bU(i+*$(iym56Bj8=#R>~L(~^tTxzGPG16pUn3*M=nNSF0(K7Sl zMD-4ti;-qs^X%FI#J5)wmunt34M6u7>VvTaPos(MV8i4Pg;hdmLED}avsEJNJp|2`Mf)ZB#>7C|wT8!3r3 zs;y$l6vnh@%L_1n^|TZ%S3sO+&otAYYuwh!s@fV5}(gV+i zA+v{(t4W05`vLg!?y~=?JcMkv281>!*1@cS(+Fke=T<72lWvA|gmqfq>C8Kqa!Nfn zA>&+B8JC0IidD*(7pPtW(3uwP#DSC#vP8jHM}^c1cu`8lRwl79VGqSeC@(3OLSpzc zPTvtPOghBm?~8f+XdJ!RNNB=^AO6fQ`zBRVM*H4wZwmyF*S`l66*lQrnV>yF;s87& z&x}CQNWRf62ZFG4*l(_@yYk&fe6G}BhCiP*uX~6NI)vS}J%W8M~+xqfp;Ir0GUyN1#X3#X0lr^4w z97$&<6TCQZn&5YZ0JXmV)~`fA5;TNhve8A_kFRny&@VpqG#Y8A*Pz;3lk5@YC+7|I z=9Dqu0EQ9CENEVYUM;1tGYBA)?twgmNmt;cl)T|zL3VqDS70m?GIyD$;D-xaTA&m% zis_Qf(f4K=$tBd=fh&Klz|1(Q>H5}CW~AUP3A89O0WBOcu(PmthJcD>0jr*B;hHp8 zVHDzOWHjC(mfrEM0?mzAVP-1ne{y6IM}E3pJbZxss~M7L<+3}QFf$C1s{N}NGl}DB znSN?1lK`@^mHn?&>X|?h^BGX&m@+EW4W51#KfeGic$YhG2lfSf#Hx(L3gJCR{PWQWqe5)=*!} zJGzR=eK+|z?S#Too1+=)5NlIwU==3Kn-ippK84W5r52W{yz`Gy-jS6y-!!xKxUL(y(%EEMTG?!+hnVLIQTc zhY`c@B?dNc%)+D#LG7Y}_g~u=+taRp2`Ea zCbCalpRc}LYPFDt)%LbKlhf$^AMHL+s}Ch29L%)|t?RffbMeL(Qv!rj9!q{JzTp{h z;HmKCF1pv(FL^DFlR4*>dxbONYn)k}{SvoJb)sV7bK_6n%O{bey#V;s{M=dKfcQcD~Mn+MKJ zVViUpv|b=nj-Rc6s@LZ^H~aJZ%;|g9|D{OB+C>Z-=|q)6`VVA`e&uZx;GNA zW0d2UEgj`WXw=-Kwr{;ZSmiX|>8|+ny_afe&D1B-#2j76^*O?Uc4uJ2yD#uby$&%Mg)`?PR&b-QX+sdeoX|y+C_muLj$7m*}845r&xH#V06Ous?#hpHC!# z**!Ws@YM;-^;KYkST#CP#V~ofVb7gCp6Q?CuG@53c$nmg3E+`n>15AXC@n<;8#q>? zYW(oRqniRInhhGJD6#ZS<4k#Nv1^Ao-Ec7xnwAzdXaA5VD6jjVkf;BKAGyvpXl#99 zh-bW`>qC_Ty4qS?3L%);Rt{0Y;EOPn$s-tGj$<`X$54g`ZH9L;_$!!q6_iH_kprco zPNm!e?MX=N0N}m^${J(HG&*esx)MTw;OQAT!1!S7+4chkFQsjf4ZPU6PVdra@jNW0A%G)O zM-~j&8#;c)O_xV?S<0;S!nx|RJNNnp4s$LU+BBAq`qZ`Xi1)d*2;Udwrs}mewgA7B zq*pJ(s+%PKijws$ITQ5a@>z9edbyVq)5la(b~e3$mld;r194JR;+KT7Mt^gR%~k%S zMiw*)5^ZV(W@nYDojcWgU3=A`D|nU8Y=jEaggEW&W@!A~1WA7i#>mQVBFZUXo3u4Y z$|28y^=n8Q=`H+a-X}m(aJG;mU`+6e!&o;dM5)$m4s1$&OR;lmi*i^QOJVV~k@=dTutd!^LM3dl+d}!c~byB}xy$1Ai3V zsje&R2dDKc=F&WED^=yrCA{u!YD$mev&TBE+q|s^|iaZGuhkf zL+}^x@MCUOlH{eit2GG#?eqV)VTKeuQ|a{>FxAF$@p!*zuohn&85z zMRBXWKf46~UK=3PiU#+KRqvQ>@<8bg*f83GO64FJaT1bn*y8^~y$>Z8eBQ0? zjInFMC!d>4$%>$cvFj$4C>e?|%oy&FLolW>+;dAZ<=i&XhXw47n#ft)sr7W7-N36?pxe76t$Oq%C(TGfa;5Tz{8XB5@`GqhX@n60XFN+C zx8b!QJ+X37$-5d`AVvF(>g@241kxzlzGR_|GX!r873=Iar2+xq{EDHc{ z-UYhmr;iKH^uY#SzwrVP2FWfnS7;LdIxnX@WfJ) zeW{D-Y5>k90smD(7_MSGgrYI5k0Fs;PsDqli-_@iYe@iAFK_lAz|F1JD0mw}D()4* zXbK5+oIdNudAc``*-rzItCk+@87T$F+ogfTy7KFh>s>}2@{B4M=mxDZe+K9yiNBgx zKy)`~i0ae@oJbr8m|&6{`7Ge&k8&8S`mwbLPC*YqaLHDt5Ntfpxx%Zb2s}24`bM;*`0H z1TREB_@PO_hxmp*)t48l9kk{6sUlmmET7l$RU8n!9kAv`sSEq?JR5HOd7Wk&e20ro zX>-JnXoqjrI@aGILodatk$@eJNUGQ5;hrlOp`)ts3%KP7Yr0nmoH;!XY(Jxc zyFboe7cfn<;uJ256TXs@Q>*_OwC@Jg1GL|Dj52?pVi>Ouk@vW1V6n9iIIV zFq_?M!i!h_5L`JKC@6t{=2!a0?p}0k!T02L??YdIX!t1VqcXWb(vZqUAc6h~h|L-P z>+xO8WaNHDh3j!@%@}kL$tHj#mmYqm9{#BE%n>rCO(%PT}Dil4{WC10 z;65UB@^X3hEV1;*paxj4KWEz|Q|vVnSa^gMI+*&LOaTI=#J9a4ai-}*-DM`z-~EU* zM7Z?!V=0mY2-n0uOk@K9e3svM1;#OyjqYO6GzEK(GP@&P{+69_*G8l9+)&UjNX zIq?Hxwn-aNTtj>f>e=m2Li=sPJ_UMze17pDnwpdkdE1?~hkEYmf9v~BZ{j)cz+?8a z$PWJ=Mk(BN&T=U#xKn;pI4+dTrBf4AbV;SV-g)#!US|tri~9r1$IeCD-qHXgc%=RX z<|A|%LPbI>!VuQ%7(7%M7iiUMJV8rY8i$+61=f$7Un&Pr}tOLQ3yKymf~0m zuy+VF>YC2-1TlT$Zns`XPstCJB`xuE6MUS+{|zjEpGfIpN0jv-GB zJZLY!)VG-UfNtAKmgLW~d+iU(o;OH=Bj*~-jozu`s+%$EFux)2H$XOb5eKYIs*r65 zA=Uv^07b-!GT26kW-!W?iml~-kZ{o=y#$y`?ndKyCuv?us32^$|HsU#ed9Wa&U*M8 zmYvzad7H#7U_?@(?R9%M!CZpj4Ny72u9(0f-w;q1|;@fztd4fGl$lvU6uCJB{OyNY`iDrF>{$Y|tBnby4>TuXPUMLydxhN_(F zOgaV{_#xfB3)WxpPkS``JD8Jz6dAHK3M)$c&fBz$bM9b=JqzJ5GG^-tYTd|lcss~H zYg|lYdoNoq?t>r-aha$bQaltp>NBlW4wc*x&7D6vO3sak1WE)H+xo4{UV-^H3Kd|3 zEd4N%taiQ767X(0cwgLe!iLs{Up!5{2!9!ahp)J-?Q{LY2KZuudl-0);sJ~OAwW>b zTI+O)K2A6+F8e;bfDG_@thn7A&3II-L2mrM@S5y_8+CyCH?EYqtpcXX-<&!j)fBA< zg2b%k;n!O2V?%M-$2(^U2yn7;(wuTmcPY?)p?7b!vgYABp7cT0*pZNBoXNXz`a7V% zH&S_bYutGto(3H&XB=`h+qZ3O^KYUAxfKz}lemg$saxA%RiwlKAixt*!4G}V?7jUE zUsKO}9~kpQkJUIJt@i-??);%$NQ_N9PdD}3($P}fCw5t|AC3OoE!C`NzR0X)R z!Ys z-cw&rA1)Si6a+}M)jDKPrCHb;S=?|de33Nk&XOm$ikr{5T-S;r)SYHA#SFu*n42o=1X zXeP|oKXEK#hscnnTx2NR*tH1_aA7BegC2A4Ox7F_U<-?z3DWRYW zv{K$#L|`%WF900$V<|LCpE+`Gu*KE8L*Wq`0J>=q7GaQX*HM(AJ;n=cq7t`N_$pv| z(bjjc1B(k{*2_?xSuNs99mD9jpD}z5Y-Ow>CT3RBoqJ1ttmOm)8HZ2aDEcP;N9c}? z_&uq>62_efK@m^7F61m{S{GY7kQ~85OJr>%n(|($Tpl}QCLLo#%h@u1zUk{DS%nXJ z)pm?9D;;z;O)bWqCTA-+n^7wpk7Vf#RC0xVFSzM|E8qC`0By3IgfXqQm}edcsh4P|=W@gRd40;^s~ zG*waT5@Q*Sbz03|_pM1jdo{^qyGe5VB?un=J*i*CY3M;;_0FFuben=ottdc>D7!lD zkz)D85Jh-Ps)!whJFoz2fSIYi4$HCmc=m6+4^(W-aMpI3l8+xSl}Ec9cK3fRhF#ib z((z=w?>Ka5%_^&Y5e<7^RRY&r9)i8AU07(_+m2TAR?qk9NjPypd24ejx8ENFT&xac zd#5*W+b$Je4WwU^aN_W9of+&H;vVSCwA8@8(wHGQhpP4B|5p>>3N8?$Gbtm72^m%lu`Xb2buHW z4NqNZU*baw7PJXGk8)C}Y zbv(hHI)3+j_e90Ky4J~a)(n_LpqVFja6d*`K%&J;%VQH7{p>83S9v5H%#VXWR1?iN zn$Q?Uiif7288E!-&~6i%so@svcHu-G)0}PuSqEuYQu$G+S zBdIMV8!fD*Uaozk(GkOd4j%Aqc=w@9ZD+0c!PpPqy2D^5{)A(wL*xzX+LS!^3Lt1dt)k=^@h`Q)D%Oc zusCFYKCAZ^T_b9s??@z>P9bA&rNz5W)>(t4vFp4h@z5I0fQkQc?Bjt8sjd9y#Z_7J zrgz|9M7wpkm0n*r-?NE!H)jv9BGW^b;TwZ_$bIW830xi~nqOR*l(b#U-(D*TN3wui zB_1xfTv?>c=GaNN5DE2F!}+9xxLvrwJiNZ|fR7?}FhdfE7O7|~v0V9O_9Rh@-GyV> zTe!&H`zkd>#jY!k$$e!FV|FQpa9~-p^4n42vq4IkRhUYk976nShFm6K zB@GX;dd=dP`L;yW12r%d8oq$C+EsenN4^QDSK>620MngTWxPL;U_JKwfIMc=aG%JGtdg7y!5~K>r{+Tlm z8CTqm5)+KR!lnp92~J$cnmZ4M3$-^c`^y^bz)oHyNM4R7!-xBr>&t`A%-F%f*5N;n zvPR|YA1j9Osag2$g%YkcZ*{6ke)7|ofcTrA0!eu5Ae(ix;}gVPT8#C+eM>6a)`$uO z;vPm9b9vqHnSFg#&#X?#9P9^DJSUNfMK6miafB+jOVi$sAA7Z8&GV+*j=gfK-Y|6pZYm z7EE$@p)!yrqwfJZcGO0Rkg$QdU%A2wI(vwYs8wjzKz7riz$rNQ;tb=~ zPUO%Bc7k9aX=C5+x=R6om@+bvSuguBp#(pUivhZX@q{Lh1c3(_(?5z}D7Jmp!$t7h zLd`7A*~SY84c_0s`M%wlJy}C5RxeE0g5|4EZA>pWrR+nZEqM;2ZMEv!Cq312%2&SN zcwa%!NRL&rPU7R;d%hemA=-8Psl^gV^G!jF-LcI#Rej;)(0fwz^(~~%0K{wx;Ara0 z05DTwZ9LA^Dm75hEFS!mQN}emH!*^=rH%W#cR$;1Va_oBIBhxoz(k`#HUdZ@L&6c2 zMV!-2G|{XB8JWCNi`poOp~=r5195?+h;JSjwz}XGFfVhN|l3qGD$q^EBG#1 z(yFPqHclDRtG->>c5N-Z+VB_Kl4C#NR9=Cl${vIPi7Q-Ja{7n=MaR{r&|i3ebbR(_ zLjT{^adT?}(|=yqCRKWE)_23AZq*R+F^vDFRE8%h!#>n!r{=2 zKA&e(vehGWiUgYII9HG;@8Z4W`EXL;YZFz#;2@XkMb@yjRT_!oZ5abY568zZC;c~V zZ1LhPD*T!thAaZnj7Zraq?A`){FL1_&>NV6Txu3<+@7WhTedp2>fKzL(7QCd=$d_ zen~3p^Hc!l5xl#N(yu)>gkn~0I0F=xO4yu3tyt;+geYo z__3%`*jNcn7*xcdV2#!T8OSjA>9c3=IR3q0Z~N$KyD>9m`bL6tH7{Z5g`pOHCs^2k zr?62(1BRP>SB`ulnpz3J9k3H(SxyGKN;9D0T6(BH#DV}HXiTm|d&c^nR(5noJx1HH7LmvZnU(JV`Ug?*Dc99KuMcR{WNZXkmaZ$mT(7*ECA!oSBG^jScw6D;X02bc z`G8?-P58wTHgMkQ1lL4ntdLM=^)|c=$Id6tCsu*vb{IaX18$CxMM2ISIig#Yd z3oocv07zUQg8|InUIF3H1OkR=o4=~!)=J8GHr>=x;u_L&_uvY4DG0tTAt-}G=mSvQ zqFa&vgveNC0^SF(rLFr|5r2Y-nrmF5EpX8E4xr>H&5#f z8Qpb3{*_)lNvl8?9 zjW0Ffkf5cE0ig#*Bz9H-F%V$$m?BTZZkzZhh`2*c_bN3HAbIZ;Sb)9A$IlUomE96H z2HN}r@!-U1S!!4Vo^lUkU-sElLl?{Eb??SYtyb~Me)PJ$#onMU7#IHz2e0$Nrv4@a zySC==yz!DeACC~PzAdR~AeKR1|Y3Z*3WE{ZM#4L4?D!Ra9{E*3fTEE56kXQ#sA zK?g}USLD=G|8Xzyoo*!Hl`}6cMVrO(bX28`X zqmVzhh212sK7P-`B>2EEqhI9O-|XeCGUO+mG*QS{yf0H$gQ+^B(b-D-jj8zbeix0u z##sAJ*cd&8&ni6-wU#d`3(eAMP#Z8S)2K5BZ);1HoeVnIa+ha=Jdurjs@Ox*8Tve=Bgh~pe0^;p!o;YpmxupA3qchU zwzG`2mF?Nd2`>op@gCqgM(krg>4+oj@HI{4X{Fvv!|%D*nvHW?O^rCWj*&^-z|j)U z{!Nu5r4I!ajCc_v3res8H|T_mwjq^$sC|afA$_PvRihQFwVkSwOE@f38%Naj*z$QdCf+ z$nOv$fL!~RM0SFbc5ivo#s1TjeybNivO!CUa;{;yJi)JG-aciEp<)X?pyiu^;Jk+` zpcA6BV!hjJglz#&u|50COpE3xIan;wiFUwz%{n?O(#*_PG#ke%6?=mKTRA4zw%zsD z52yrhHJ82Ch5G{4BW&Mv>v0HXt{^6!ubQim>J?xcncf~_iikhg(BZmSZ$E?-05Fdx)1=0jv^fxjE+nExu|Z6e4y1?d{T$} z_MR@2c6}U-Ax3}*55;tL&3-@RF8#RL{P?vpY6U1|CSgSNkdMNyQN^NXI|#&={rz@+ zILJ-X-ti)LP_U;-aM>nwmt{)yv*o4ZC3g?Ij({odm8;4S&`QThBVIg3SyW_PA8EW1 zj0~@6j%j-%T^MXuo~J4}LaMqso{p#!RWTJzod!v_^vyHLQH?y@OTVXH_`ZeCffi3; zX%S^)Z#)v;ZIC%w6>uVt+!}0}3;)Qqtq=XDYj2@`#2u?QRtwMw;RI+VPb}zOH^1WO zeQM2TM*|AG6`8XV?kG>Sfap>HN%e?VjI0F@xL5KM9c9i#|csL@?|k5wJ5fh8sRG@=)#t_LZf4cn4 z3_B-clg}o8>CAG|*yzvISaT^TDwUQQhi3u)8n;@VT{a_;(K%&T_&wtUbP=Dyt2E(_ zXW#|jR({Xw^%(4)l>RM|1Qyb8#xh6IQg72ADu9*X)FKq3t1wsrGNw47p} zQ;EH*LVLU|G(C7<*ANIS#{QIx6HDWZpSs z-X)TO&1f_qxA57w)a0k@>J~nILWa>a>=7mmRv`6QL6J<*D!Vi5wV-s-8_g2RB!^G1 z=2ls-y;&zI#WZlgp*2v(dJsaArr+61xV^pwZ5alUJa>dgS#AjaG5<9kO z1z#Y9)~8gqtnl+}mUA8ilyGD!*e1t?Ss<37q0UmcLo|7=Jn6KX*$kY6_HBF-d*>b? zwm{dKPDLl)y`WoH-gB_T7K>*H{ip^t$>u7#*$AEpV1n4o7G<_T!E)+IV8j&}SZlEE z?d%zA*k(-_+nSioVcQZM~z^?T}2S{eQ>RO5Ihch;`U`1UPnmQbxh zL?3Ufii#<0%cxN?|1D;R513ur@{BoSl_6)vhMM~%S{a=L!FS&K>ycSfs_p1#FCDoj zs{^z?Yxex^-H%QS`nwYe5mYl7$G`8;9cz%JFLH2_G-*TQxt4RJ@@9iZclW2`E_iz# z?BIIWTE`4=gl+kcLd5py)jht=^_6b7CSPZu>G)yAVc&$oGU0Pe!zObWvBA9Zds)Umay8KbT%{n@O>RhhM})W=ch47enGSkhWaBkwJ(E zi-#q9br5!Qm@MYM*JelLFqqfQ8hlh*7OV6?)eWM57z>^Q-;k3D>wh;K+?cZ0maorc zlpUh+^_5Z&6 zzWNpTxdQq6_@`60bhjoRCqWB~PgwHSmLwA*ZdG{#M1YSeH8Dp0gG+;AbohkRJW-a0 z!rzaTcG@ZfI!Ssp0unpB<9R~@QeHZhgOVQ%p}sWW8US9+&uY+3H)SsUURU1#{4%zy z{OqLUR`>d#-o_Q4jtP66zmCH9Reak~JsHpYd^9_L#zXVD3^Enu*jd;U=)y~O@AO;$ zAuQYO+Tqsg36r53@O@70F|eJ5bSu8U+lWSMzX^i3GotWw*2A&#yMgv{wm~~L$1o1r z5DcS55bDCz8ZSrBLDa6SUvF)Gan?s>(^#-}wBOtiRZfAxOMejFy!@KoG4wnP%--|9 zLO-^po`{#_#b9m2nshuq{Qj@`(EY~qi0_{}ZRF4W_TP@s9e&=(t|5KmyGV1_CXxMGRFLPZvaZqD^o5TB3K8{R800WdS#qGk>;ipDrasvHp@ zZGD|ljELQ9r0ESRnqp`}fHwZ%pq+|Pc+b(VF#ZZlSn_6`@tq$5)il`r-Pk%LX+v4M z8L}-vNt=GjqYRR%x~>p#G$XjwFOPpJ!O}fC#Qas^bK}InX1+W2{-WQx%4B< zq@P)&e}MV^tw7;Ni2uoW`uWLQelntu0ig^14G!M`o(kg{6kopv8VXOCsnP!<$%IO3 z*>$^wwKi1em}SDNd){ef*Tg$eBx;FkPh4J{pG>u_5UjobUPEmjrlNu#DkKCXIMadH zpL=kIv9_MjfAm?7akPz#)VY{!UO&*KkPrg5Ggi>y8qFc0zksaPzb=C?rNNJ<=33XD zoKxz`jMq54$H~+`me!#>!5Ut;3iev&2{YWCX{~95mLFMUuQ%lUqK%E}Pe4}im~_|1 ztyZ}9TjpQ)x~|^af{yjCet58A;jPrPe@P0ROXzd&{-_)O4`Kb^4yT-*%>NmRX8$lm z=NV9bQbN8h5nQu!5#$Ja`AWJ1QK5taz)wGiUdesRO0P@3oX&T)8rLPeWuLZhm3$fKK>k-Vh7X4r<%+%( zYl~Ge9ItQ>SGOV{>vU1w_(YxJmWX-K^J>+?G(;FT5fRu`z*nkqy)XuFQGs$ zZdD&4%MrF*6N<)if1TFGQ(WF2NvJ=jS;((I_(RKX$4lYTSPc=6dfzW=E>irRY}Z7W z)|_J_iftDA8f~Kx$pa4&S}afJk5%01QS_8ie0u@y`^NF$1t4Ws+UETaL!Vp8EZx2t zd3DHc@K0c)K-4S&$Y9ElHF6WwJ*3XI5<6QE!a%Q#c=-nf9!qa=RX!b22}DNz<1M*W zGa}@xJ=oy5<3pXfPE#^8?phk;dh&Oo2J%^SvrQR3>(cq7F@o~!W1V^K?l-Lv{=c{g zBq2(pef5fHYN(XdN&vmpp+*VNQP6`pf=G@QmZKY9JeV_V6IQ>29QTJx?KU6lV6a-y z3WTMAECSJOQU!LIdzu{34PAM*-}&#C!AJKvLpSMmWdU`n|3T^0Qg&fYP|wr<%LE!(zj+qP}nwr$(CSJ}2*t5&&c zm2KVn_I~f)v(JloapU}$KSsxxh-{JoeKR7t`!|&UvdA*BmiNyGs5dlQ5e2Rw7PSBu z(FmmVwM(&AOQi?7o{)jM%-=in#bB^#Z~b-^A?v_ztd*f^QD5Vvuc*Sri(^d`IO+>I zP7FVSX^R60(P8|~dqxTd^E=OU{DyZS6aJL(fY#;?aopQ*r~fBt^#85={l6vFA0DtY zF?6xCxBEYJ#QzSYXZj)b=KPp|8WaEk-~Xi<{MWnb8yh-18`_yT8U8yVXX@vK2caAL zhMy(^r6D+~1A3g$)*e)=Sa4CAzNMup;>Q_}d}G@sa} z-L;(|={*7qmV`-|nev{mo;7h1ig0_6w=ZsdYl{t!7g}aasNf4l3z}#R2!+n7k|7K# zuNS3ijUYux5leulDVq-uR(xKIhJl6RPieT?7z7Q~eK*ZZRcMN7p{-8waU%E$E?KZ7 z4Kc8camhRbz7HbjX0{hzsnEi`h)E|PJxtx{ml;&rmkdRswGjYZj=oU99dMdq9%52-!e7?m2)7@S#aWa}ZM_gDfIS^Og*SUNSaq@J?)@kaX}!6Mpj}WnZPzP|Q_gY>z0olKh%^ zC9O2fL0h*T#-+OJanb0LaTZr*kzHcuk;5?}_?9MaXotmndLMoDntI^rtiw$Y{DNI3;GS z!Vnaat=B(rZgF$-$?aGYzmxkprFq#eT1dRanf8VHh`!v1cmM#N z|B2n(8ai1Tni&1d>ec_#>a#kq#|s7Lr5D&F5*`+ziEC+yyfRCYFf6}%N<_{~Cz2LG zM0cTS6Nff3kDMOwoZO(|dGvxsKmp?wE}3}ZohviY_p#*W^z=`f(Rpq8x{MK@GlgDe zLCn+92^_MW1Nls3Cd*Y`kTL`$lt3}et;A27UoX^}VC!JPZib_s@B=+8ampcmX#hR5 zB$#Iv7uN;epId}T8g4qu10)_msP@75HDZqC{jNi0{+<9vn*iog_^f`*rx{e}GY%M4 zK7(rrcBsJHrR+|K!PnVBpuiB609GJucb6lG;@VC$L?~3L)W5<=uv-({%GnjGj(C`6 zZqm{U@^(usL1-3<^D`r}L{oe~DcVz1$+m~+SczuVsFw{&NbMm3r-@tXhH>R{+N>SnG0n0-R>Iajt2v77Fm-}Bbv1dJGWKv{aD0&b4VtoxP-V}ds`cLB(F5UT&J z)RE?kTg>SNFFn;32BD^#r&r zg%T;*#U^2g9}f)EFiytYK1#E%mq;aycschs(6yfjAnm1Lp0bO;hST4UFZerw$R zlUVwBu?$v`NW96Vh1OBs2?yQsuNYR{@j~W?Yjq8o8~~GnwW?i3Ehxz@#_4>dY+7og zmnt={*gcL$TH$Khi7x+|odD>Z*`&)7hdNJ^OYqt3^as^qJH-6zT)0{Ts+=xEC2p$g zl5I6Es~BBW&>zAD26KkH;3RxP_xQ!{DmQJ*a5FX6k~J)p$_*-s5=W+SLQ=5VbqBns zY5cYFfn(m5Gh$Y%t&nrQ9dn-O1hiAtqpGdc2gkFibv4AQ3Kx%5-Rbm?O!1sZToBKF zOtu20`SP;%SJ0i1s-O0-^QtwvRijv0l<6g~w?A>AoS!`DXyD9~3GQi%H9U5^{!Bu^jH-1&*sIw&aRni}cFkbunTowMv z740is7HFogdS~qCSB{fy-a^l$ioVP#yrbY8F|`b29sC|p+3xF(V|Ert*j%=Gr(&Sf zi2SpsotEDXbZdk$T)%57KjB*cJa9eyH%VLMucw@}AH0Sm{!j60Z)a}*|Ke59KAQoh zSA5dnLufliCE9y#S-9FQ-BNqmYTFbY94}I}f0@m;sP5aB4Z{cmq{u9s5*>Uizwg?2 zE`IF%e1wyy*#iy~fn zM{q-F3a?O(GC=&{EPG_$L2wK5p@<8p}62oM;82jthN)AkgWsIZeDb2=sJ8a6**(h3fbw2vBMzUJVQ$&@mD zJ!gCZnb!j`>!zj1?i$u(N0A>|a)KnTE|vRM2g4qzLoneC5i7k(ym+Z5GX#UlL?dHf z<~D%YH>O>N3K!S2D8g~NcW){HTD+N+>{%BNf$MY#9WiYw{&bxUPzE!akn|QzzsInx zoE5yti*?z&dS+`q{;2MskjZqPkxSeYE5ic|0_9wFDv;}7lEKV7E2zx?zkd)rz$IaZ z{|x+FK{Q>34G`$P9ltw+!+Al$YwW923U94*yI_e&@<*6tL>f7``Ztx@{XW zof1v5N$Al4?w!aZN4d%Ln6Z3q)L30B0$27Nycxj)sb6GgA+j-OQ_kDgvS#G^RbHtQTPsLT^Jnn&$J191Frki#+y{RV-q&|wF5p@w7Q*1M) z>Larx|5B+e{+M*0MHIIst;4NOR*+Nv`L28H3aWhOJS)W~-23Q{vrXudd(BKk*k74WPH9 zdb5rR@@Sb{NqY~l7OhTy1IrMS>y@fynz{SU^@r8|D5+re1u;ESY&1ryRs^$1`}KhR z0(!|mu8^%-)kQ-=3g`=7r5Dy@;Vh(T`+In|8FIFsS!A{l?kB93&iNM>otX-qLU?Dj zdeB54f#osOE`f|r=i=DA3I)n#fxeHaTK|Au|L=`o#ShpC@TpQHpX)TQ8+!5v7C08no*FRplT0gh2ISXa~UfXqK zTj_K9vadeV^19^GVBGHAZ%5kr)x2`m_n-VMB!-73|AY78AAaWgAMx`)0$BfM=ZSxO z(w-lm6y_hF^k3{Ox**-g@{dm%!_yRD!JJMamgP@RnYc-#$(Dse>r+U2cRQ1QXl@wrJ_I z08nTMO$aI>emlY;gW6h6)HTUe%;bN779Wu$2HX{Ibvg2`gv94)cFZ+nXjrT5J6JPD zQ2azJ>X5IX=me#UNs}KtWHcBlefkqlHE5-o%aN~>L2DQePaUJ^E;IqW-$3v?RK%jI z7Y~nKo=i zxPPOixe`XLQ5NG!DU;+lP6M z1rZ5^(Jrt420r%lfTYzKm;t$(E%hQRIA`pckx!1x-xE83FM`4-3K3^|Z^pILGv-CN zxEKSg-~YY1@T#uC*8^bMU9IX@NdF``#K2zC4bv8#5ir?rBC~J=sxMw;bAgccwnC?5 zTs-BW?E-d{FY)yjz%bjjz$QaCpJl`h*3JJ{)_MHzK(KzpLS`lgc7uiZuO5eRpq`R< zU2G~^&e8W366W38As@v;oD%<)hU|^KMmC!Lb)g_(cbVX;j>$N zY&M(JF7=-F`$-$60t}Ye&fa#+jk7TrLRvD*s+5ibe6PkhpY`q^TpZz^U6{ecaEP#o zcT7DxC^5(f{zc6nJb1j3wg(Hek(Lr1gG8o2sRxg9_6Y~A1)O0Ch@*ImJSGB8AtXlu z*)i82w-!8|h9;rTkiaaE`$Qr)K`zab$lrQ~i!6ptx&-&kp|h=x`hi{yke2-e#u$g= zyv;9iY!v<|QwFk5w>(6Q)Cv{6f&u3$~;3iNmiK>Am69K*+jhXn^a_^*TQmeYDLQd!=@hOgQ50gOz-C}zFMwF073;_4 zSgB#W=S_8eM%+AB8I>PP3{kT}@}tDFl#%QRs*ngyFvyE8!B#jt2(mk-{F!jTi_*Rkvg9)j_6Kbh@KUTw2MZ zh7=&#^x;h%i!S1{_{ETg#1T|LR>TXhx;O~~XPus#Wvg{cBdksEuAMw1S7FD`V5wx& zv4oMCb!5p)lx^hcjbnCX@mIM@+})je@c`B2N}W6*F3<|4HM>owg#a(``Rb3gYPoD~ zTw^*ec6B%BFAXJ%`m0M_nQ`+b|CYLxG2}%@W>$Q@74o=FX`HvwSAKk~;Nmy-ZPUKT zFvGlx_#r^tvTkSYvsU>@1N9w0OQDuB3E5vyjAMUF#BXXBRt%q(vD|*-^oFi6|VntLwQr1L8%>pJbD;Crrv+B*H0HgU(fM zHXImm^(cBrD+2)&LnRRi!HjatyvEoO6wk8h4uO#pL330+fMSUdETGUr5!{y{_PnCk z;&wQ7oyBkCyb2_arS{T3`B8)RxsJn1qH6%;hBBA-WhE17t`7%528Muyu>$qK*W0xT zL6nezrs`tlE^^=Az~gDk5R-GsQP;z_E^xTKTz=E{Af967*Vf1k@)#dFgdNGVpr2?_ zEr(Y2>C(hx!E+e*L<`E;#}2#5%z+TbiMZu|hu48H&XK2IT!rMyo5d#@-Qb3|p#xZ_ zr|R_`+0#Xgx1ybbxs8?lqEiJkY*&)(H5=4Gi5v)4(9QCHZ`iz}-^8B9Wri zg}ry2hxA)D|96Hn_l2)EgF678Lp53hTvQ;SybXkMZ6=h;1~)qJ;-hoD}(*{O6# zKFP0x501RN%80At_@81M0Q%)H&!XyqaPo+m3q(o7^E=GQBB zXx^E6N|L!rKaa9t{1JPjn_gR(cj{UKJk?y%UEMZK753`F{@>BK!$8PhC0g}&hI8Jp zX8mi{B{{A>+yX6#jf}RE-!Ycyi^X)SkWEfHYKz|fg6P@g!}bW4jZMlQMe9)_8G4b? zG%Pv-Cjz7jaD0?$)VAih!zx|9V3*BX%+p;bq0tq*>F{t3b}3puDq1%D>gSXdou19< zVYFw$^JB{CQ#G*QhLgv(#+)hsHJ!N8Es~0T7?(5X)I*G&%1dg%tM+m$afh1?=8|vM z+*5m~dyy^L#a>|VOE;FGd$CO3x|l+hzL;W>Z(5#~soOxG%J$l5Vs>Kz@XQ|Xc0Mv{ zTu__&ck6csTL-1VWwLGd=7m8V0tE{*Wry$B zkMRHLc;}w&#V`K^ghzjJ5(WMzjQ(Gu!~eM7m;V*JAhuCjvh{#YRIO71uP_0FJfnva+74sKbI%~OXJk*Xq z6}$X?GUW9rY`Hu)Qis0@Y&=&A!LUJ_7;i!XT&>+~xH9E>t$GJieUk@mu=9A<(cNQd z(xf$N_n6Q#1BZ`Z1G+$x(z25>!#b$nY8aI*-iE~Wwzh-}QoAf_^|4aRr%amymeW0u zuAZ(3x3BgD#%s=gyaVgA&P1AkXfdmNb>?y@q+3)zcOgR4?ivtDccolq95ggxtPeTV zSu}%N_%1+N_3qUYZULx7O58pS(!(&gd|;M!sKaV0w%VQbNk@K7?1LBBAyG*6Rf#qAhpWwpdi|Avt0u zxnXgyP&&o4=(|HeT?(*!_e&Tl+@1WPIM9Ut8|R(XF&5M@vhHkv4e_Yy*dS={_S>>?MzMxT9|JniHv*_}}sieHlb!bS!%+UR-eyqYBDS%q9}a$jw@DwXv2^Pv*v4 zd8L8R=6XDD9ULyU<|3sVV6oa0*Q(0g(O`3a+!zCYjNc)#10D_`#tM>j7LX@blE}&e zOzJXo{~-JdkXHYDGy2YU5jPmCPvP65_BXC+EiNH9w)VRedkmqxOO7%nFDsfif)GM3 znt(2)LEx&A8K-RZp_6_H2EL1O}|h{$0lA-4yS34hdn}Un=RA zrL%t9jiI6+%{b|^DjFT}H?Yq1L&Jx$ObGwA{JN~lH+@qJ-(2!b#Yl5Fm zT{zjsmVpC0E6?KoMbH=IeHrA2mms7}1Ir z06-TU5a35+^FI##{&A-`C#{@4jdzn*5N* zA0a)udY^OHtJmL0TlT%5$K0>xXfgcY%6Lr+NuL<0^Gt(l`=%-l0kT0w7mYb%iVRVn z@u&v`Xx~st3AY6rO-!cILCq`&kkpH!e8=m26vZr%MrdHB3{bnijWkkx_zmja5oM4* z$Zsu?+Fg?3BGl58qP5l)Ju}@=*Bsti;H5C zD3yLQ5CdDplAvOOv)FM`KML5)A`gRYibGNtYI0@X;EWAAE_I2-sB{7Yh-oH>bR#rN zG_wzgIir%mKd%%8Y%MfMwWd*XB^FS_j@4lF30I$L|Oz$+Fv-|r!;#K0q zg*U)7+xNZFXZ-en`)fi8J(w_)?)%0*s||?Eo(Jlw2_u%|(f{aCq9Obgn^Xj|ui+BQ zSyzX1lu?$`E9Ucr%PlX}6VL+1asL3zCbiTQFfpC5U{`Y_%u=SvsU34MhabOG0#g)n zGUAx&?8g(%{~-N#gP2sR5fXa<+MqKlH5lK&a0>Ksdo4}Ab?i{CyyFl6i;J3~zA0KAO z$J0xMtP;4r3GywV;AjXT+l5RFzNOYkYk+0nwCC*iuZSoJia~Q5c^=r^erHs3VgmVH>GpggkESV81r!*lxNHj;t z?PN(7-NWH%p|IaNV4Mn(=MP(Z?wMZ)5vV#694R88u*QD|^93tCBx0d*Q0SZ*QAAQ- zV2r-epB_$KQ+R#72LJRsz(}S&pe5ypv*5ol{*v{VEP7heu1Fsvj8S&7GN4Z#sfw*8 z>&nD?QmKvvBRM&x-L1eF$umyK=ud)_kyAi9#TYK!lnyI(fVnLlJf`U(eTazy-)YQ0 zZ~>vBa@MO^2X!(cu2Jv~Oq;Z5^f4IW1Gx=qMuq!r54?I?hp7V3c;g_I0#n2(5%KH; z1)WVFzW<&yu73K$%tYB5kclXp#fXQ8Be3(9sfqEKEDy`&M zz%U6Pu1vr$Nx;C!tU#KhiyJy2RX{SZO&nHP)qxIJc2+x7er$G|gZQ=Mc~*N+4SLl> zAIGInYyF3Cw%;XkzNz~_8rSLx13$f?iGZGRrIdt01H^uR z&dm?34qnPK>^BNcjnI~#k+-^~z=bD+Tw=%wf z(`rncmJ~ZDXqz$Qm0ukBwTk5@6Yw4zb19etmx~V9p$QfKwM^D7RcAGT#|j`B=WJe~ zuW^_*pu*3NYwJ`9${lljFDe;?^MxWsdqRQgffOWG9e0BOK=SE$V{>!o$$wZ(A@Mes z|9pQk7Y5g1$a3UhQSZ_+fl8a=(F5G0H64V$^Sws`0S0iPwAnz3doXc88EOPC>%=hT zEu?Qb5PPsoa)ox5mhWYlm>u})nK`=9o|@SRI#nS#q!AAuP;x&Zs-+i{3OZ?Lp{Fvw z0&cT?OLcHy(PUzD{k(?Xf)BWSN%J^pX2z$b;$BaPo{@;vz!8e8J-sN3Q-nxr+Z@)2 z4|i6U?Im~!_UeI_n&VSyhdeUv2JOZ{BgJqY#35VYnbll)w1US6WC%*KfuThY(h=>% zHm+>&R6udH$g?b~Cc{e<4%dO$xQF0-@EVXC%otfGtKt16sy8XYCN3FTcY1S9|B0n2 zdI%Kf0OUzZ-xXGMFor3m))FiVOynsbro~tg_vQz43_Pa^4=GOemhvKW1PRD+72~jRlzkV zwKgu$tM(9ds|cp36OqlmVStt(FWkv!0q=7>1w;ygqwrQS`Q~;1@LyL^&J*+Mqgblw$zgDR3wlkv=)74j)D$Z&%DCJ5KM6 zeTee0aI^h6$WE;C^vG8;pV5}9gx!e!Swi$xt%HjwALUpZG_Jm=i!V-p zC4ib@i^-s`DhtdDg#ohD+~3uA+XUFk;;$u-FlrY3LB;5N2G?dqmGbLz>;+x#HCHvg zV+Wp~)ZhKu8xZ9j`Oh8J=PZrXnU<|>{$H@bj@dE9_0QILXJ%l zp*5&nqENkQWwp9n7o4Fhk)sHLtZRuL{ zabsE*o@_(~SJx-tWVV2O67)?7u3uCk^Y@mH3Uth3laOUtt;V4?k_@LN#T1ZGI68+f zBafF>0XTZ)DQ9JUJSpr-U;BraXZV+N+_>D;=wNT z0$O3o^EA2w)+VAS8@gNz?6#=8ea?Mz-7PMeuE+&g6uXs(wh0`vVUfK;mDvl3ZyBKM z-e<(I(+yYth1@moyiJAe9@PhbXNq<26Pqw5cd^Oxp*3D_iv41r1UM@~8Pvr3cELriYpBHIU!?wm!g!ZhDFp3|@r8^IPJK-^qDuQy)} zPc0ts2xO=CS9Q^1I~-J-K5BUFfcdd@;vD*fWubk|_-XDI@{ZVa-L4+9{J4I}gtt>^ z{W|J;H!TD|WyaaeGSK=qcA_>oA9Fo%5x65ud==87ixOlJlaCgQ-Fj_S(fgGq{?;f# zd}Khkg`hs6ysU>sVk7;BZ$iAH_+3%^FvPhSC1rS0(W0fkb*u1=AvU^a%X%?^-^hW% zX$FJ^-aNI87IfOAQi10VJa53k^U&K8++nlX6j(Tt*qnO57La7N;iV<`orPm*bW>$1xg9Tb$F4?W)7t)i`ZeGV&bL?=iqKVF~f=}F%<+QPUvYNv1i^UV_3;O=V6WXoGN z;CVUjT^*MKeX1>&Xl$Q?e}Ujz9uVwUZMH~c`x^Bz&b4K+)h?R(|F!42|JhO9vO#}0 z^rrj_AjiIDZ}VRD2Q<72RE{DWCeAoUt?~SxTGrLv<dNpqB({q{J3)PFJ>EPx9T) z#mcyDiyr*xO#HjdDthLtrl}Z1vtRZ15ipmksOdm#EJxNNk6Fze5ywM--1!Vp&R2?r z9DH+=N7duEi*FcaaCcM=5xu)^i_Gzgf2{7b9jr5)Wz*Pgxb8=cTrg9bwcsyAdM8B? z3G7kwP+;C75Nx~m3nkn;3z}BVrPncDwK$2bD<)TBE6qs$8ZRc8R|sAwL$*uxlF9Cw-EdIx?^Z6~^YGLuFfzYk}OH}?|fIyy;mlnk)xErJ1$+tpcezG+d z0snBp(4p*?TW#Z2h+`_7-};=|^9+U8tP}DJLHtqt=r$UuYZVdw`z5?T{b8dVoy}@1 zht5i6(BclmzL*PYUlorDS6?FneBt2R*l zAsIsWkAPpo^4j}F3sogxb^#l=l_G#5)Aun7HPZXWJutgq*pzO4l zB6~pNGU$(KG^YdS;`czK@8}Pii>j^M%Iap0%)3$V(N|VrtY) zXry0xyS=%U&~WhJVeWdBNpLMaNSAyVo3kyM#gjOnMPV)Uj#;`3^y6tT4Duc> zZkzHxZF!5wQrmYWJdsT%yFQ_T&GF06rG`uCgcjSf`Os51$o%c2$Kpmi6ju2!HA#(R z(e>aCcq`dY*YV!OkXe)!jHyfXZKs_TYtpS%vX zfvVyW`s9%D#E|%gD~WJ+5*TfyA?)S**_o@jkAvfRsytVKe%13*LHa^|$dX;b-gQFW zT7JNr-jdVLx}mzHC+zdC-?*3N#Fq@B{?95ei8mI=kBA=_rwe80#5G(=7F!Y?B9iYA zKO!&HY)E*DXMBT`=YD$&WH&#vi&p>4T7E$IRo_@7zaoB+EEdb2ir*wl#IrTx56Bbo zZa(;h)IJR!NZ$Q>bOnFF9u?1akUuD2#H+>f`{%yP-)Km9%6I=BAq7BaU5AdZL;x5> zi+RYH1SEK=9mM-NR2sPU1<>`x<#|^8=@7tTBQ!_{4RR3!ppV2xgKTiKo}fAXIDVC z;#&alGy9Vl4e=v^2WZm^6{LRAh?Qh+cl~&S6~(9mxgc}KAUUL`#HAgr zgnzCif3Dp0vis-y*BclF$sxJx6&f%h^Nt{4Ab;BVHBdsv*GT{lRuwA7T4|uFkDgWH=uBC(QyR}xd6xq*GR-nNM-(1J!qQq%` zqcsit84U|tSay=csA)vUUDpH?(KtFCx~pr%jysUbzO#MN@!}Ux6kIj$ zZLhcytGqDY602R>$kfaw2YtoW{$#h`0CYoz2pe4!fZ6z=cMw419B|2y?Q`o{w49ok z%(I3O3fqL?^Y%>9ZA_qMp7KW|M`|-8rYy0uU1(#7fy-g;rt6}jU!-qXV&hz=WU=!v&)i$(ROX&05bFa2gQ?9(kgJ2dFFYzO_qy$;YVi~H3 z%})fbSjhuZOA#x$hcKxyE=wuJ=4U6=O^CuK+Ta}dy`?6VL))0Y1 zv-4QP=?H&E;fh~<6rs3Lf&J&J)0|@<_9e%ME`8;Gf;GZ?Q9&i}-;;gnjj7uqA&56U zP&~KfA}+x_BHjmZ2YTiM(bwM&NFcxfZkWzAe?V8!&{uX_FfJiaY&VcW_mxmjLJxKy zSn}^zk&|fmHMk8wAqVUnAP8_fv;lPH$k8n&Nl9~njLsoDiU9I~9`{qbl~LYn>z`c+ zjRGWKjUamkLai=w)MBq>yq1I_*aBtf^HDb%k5qzH4_>qXXoP}!W{Mx!KK6!ytAAg1 z`XgV`?+wHT(1DO3&yF;?VqJRyVSpAi1=K~pd&uVmLPm;@iwdfPcy{d7j+o8cfj2;L z!oKzW3GPv&xYoXA7w%%67mG6mWr!uxN(QnsB@b@`|VW834~J+?KK+7uN=d zE#__Ln75-=nNVbx(lunPUd6yT*zIOXdVicHeXe5U5$m-k0cWgeUFPLdP+Puaswn{r zxX#bxfB$T_)g|WCl{-n5g{Vhrn)ki?GO?KXXm26{Hq+&XCDWfO7jAB78=AK~4hKaLjdYToy&mB{ZRkn@OxxTxn z0M+SXrEhzwolh$BNJ@5|kyHp+6+eCL* z7X?cm`4oSOaaQ$RL>Y}YmzS@&;aO-5QjtKLVUD3p_KPVx4WcU~wXMEDD9+>K52+O?{q09&6vLabySuA) z@>0fCSCy2-ij*krHMZKH-XJK>W){hNE1uR3?p14N>H?`)4QvRv_=v_0Sesh+{jzZ< zDo+_XR+oB4$++3{qK~4)1mv_X7O5zv2u44AlLw@fgvoK_!eW%YG9mY)lgL0yvXsSC z8jx0|06Ta#&(EmpGYVV%gwmB|=3_tAiC72epOkhO2j8L#xxP7&uot5eQ`sATBW9QrYIQ ze+IsVtC=tcYBT}qZ17B?BuyX*HJ2i9(1p%MJCMIG9n{h^9i4o5Kn+_k_Ua!hAv%o@ zO8DrUXX6=-PuEZVSPb|9-)BRwat)ZsEO%raEN01tkch;(J{vlJ$&EqR=#%A$Q#cymb>0Udq$3F9R2^35#5xNWDT)S0uykY6&`6XSAnvGc z6ifs|S{ikbaQ;SjyS;jQgd8fOBa$%S83M?K;6(6GPYUP7LH-*3h^3*8iZCKq!t9Wi zD0W1TwG_=qsRDp4KpbomAqe({iF;%gJ1S++^P^)DLV>-}qj}Odlm)xk#OrbpYXeUe z^RMvdYYxw2HNc&RgB3M}a`SjC5~QB>pM5tXAZQJ5-z%(>+q6I&F~xr}L6{Zn zo~J()ZR5bDBtVhPkgF};;Eko^1;`$r!lN1Im)q$@?9-xPf{wf=#{8o3pOCUfCnhaX z0F(5<4ov~VQ{-S}tluORnO39O$sf0ePaEK|+uP`CD3`A09R|Abh)yj2++sqq3 zg7tiA?aNs@Cho;6dWMU3hV+|wHTjA8FH-4|9g6niIc_FGilRuDlx!TwSfq&n;-_?L zTXzJagxtJy4I)m(Z^0FvG70KL94=|NgOFnCg+d+b}eU48DCX?}IlY{Dto*D&kiiyjZ8 z<|JRC@#q{VXULqT8YC4KqhqJpWVef$0WEbgv_*m?81eJktZ)enIxtb9Vv5Ed#wBpd zq+z)T_lbo?IH?$1;CB&F7z4qj5Injhkp=DKu3Q_EMi4duTta>#5qy#;;|YaCk$&3I zWM0yH!OSQCT?ea4X~F9i+zEtI5)XnR4=aC~OU6@cn8YL$@&+@}fJ;)yTV~7$Y7>}s zbUrvheSeVwPa29@`cD*SEEev&Uxa|1EjU(jcO_bCu zY@k>apA5G-?br58ENeb*NmlejXr^x zEa*1S3`WtMpxtpA&gpl5^sv1ISTUG7qgY$b$`I~b6?R57utaO5 z5@-3fZ3NE>ov;8TpLxZ3uUc#Hr*4f2@Ki6%I=HD0NJI>&bPd6XQfjJ#3Hqu<+Y=%j z7l9b{+gX`X!D5=F!xyE5039$$>()6L7b>GgYxr zrC2A^Awo2M%!}isc)H!TsEk7gu8G`MFjn4`JMsrjE+Tdu{sk_YQ_k?=n`jJK6-cUX zAbDC2CAfCT$>mkqj@IdQi(OK24nC20n^Zv29*8^y7F zo9icl^x2hs4%UIQEjGt;%@JM;Yoq7!?d{mS|W1#%^|!8+>2jDu5Lb4Q)gGvX)NF0KH4 z0LNg&oFee6l&<90q3&0(vx zirR3~#^v}R=!xoFtE&!B%U^S}Z{kO^x^K^Y-`j7YjoBQ>IuR>+jy6@D zOT=j%J`C$Wp@+~AENLOzTIooddKy36`q&|FmozzcWG(;tTm7T*<5=?BjzE8+2!*Ex z9p1s!e-{s4>I`&V!8B^$3bek;WfHjr&69CNh z)`s&NA2N0XS(h1k`*&A~V)|tXyY=K{o!dL&Eas4XxA=fy^m`=VJEi4-NCxH%2hW}nfxYV^_+Fh&cun1|rX7ZuEtV3S&LiCVVh+ae0vn1zybh>o&4-5~SWs;al+`^5 zT`~f)4%HKulOh(*FKk|}($&v15yIyzM+T@@&dh$VAqgNttuj6wZBy3452Ai3OLsv+ z$^znR1utf>RI@|m#z_q>dvFehtn&=TC?sM1r37gsuv|tjBeVi_5H@g(A;8gLhXHFN z!QniT=rJ3q>M5R{BSI`mciwbe+*A5i1l%vn{L%`639^}D6n}`US+}{pklA1#9^^W} zWv2F_^y7vbkwaTPM#J#^S#Wl2i`*@WpFaelfN`%tt*Jti`dt*}fv(Mgw)$}EoL+7! zW#qnSu|$QbFt+VnRt$oz&VI?$qAW{pMw~GTvje@1tudjdJ6ihW;7zH}HELB*Z5U(w zp|gouTOG!#ePw5U^<&jqgx#=hPl#JvYzGuqs&xw8cc)FQj8^p%r0!!BQAil&DEXji z(&FDD(MmNOE9?}`yF723;DkaCKj>MeXL%u|;p}L#!v9~4ePeJXTDNVSj&0kvosMnW zwr$(CZFX#TY}@HLotJaY{q9%ax%a&He(b9KXI1T*W3Rc^nq$r}Y%N9C`!+?7As*Wm%@$?E7phD-sS1P$B}Td^t*pSg=iaq+Z%NeL$~I*;JV z9sDvsu)xoB@UZcw1lD#Qs7*BQd7xJvbcjv-I;AOuWc(irbR_Yqv-Ym@L=iOtlwa0rZpe? z1fVl3EqafN{EiOu(#9G|S$~6kU6Ls#`bq#qL6NdOuzgEIP9nj-&r1QGEjrV=+diaF zNzowKk7F1B3`=82J8<*OwrbpvFF>R6o;&wwuxiAc7|0BUKq^v4zFXE!YL0FfNR+>?NT2<{K)N*la~i| z`l^eHMAVE5n?+(VG8fXt?+sopwm!X+lJ;ZB!M(2=v*b?DdBb;t2>j?t4iv6@m;>^Gx$RKka4av~Y z*7;qwYef8u6vIWg$9Ln{Znwuhby;>-8{L!0i||)_*a%OHB<7RR zUTo{xZ@dXx>fh(~$0zpbI4cgjM(wWUQ~`_2@M;RNzwzYT9oTCO4PXQWs|8ky; z;SAq@(UMBYyDk1!o+m$BPFrjI0HR1G4k#*i>jrcp9jMi5`BSUg=P9J*`3OdhE8MPG z9Y{CWDLxARH#5o6Nhd*Sj&yHj-ms(#*DJkr%;EEaxTm>x4KQ$*67&vDS|5J?c0PV= zQus&$q^^Cv3Wlsw9{DC@U#V~WJjjQcfJ{WqkqsdM4M!n8w3dWdYYGiBmqY`zR`%$# zoRKE4`XD)ZnWS#Sqz_(+ZKqgX(Ho3G_#@Ld^gby3&&v&M) zezfu1Ko}#4np1N+=ihmJN!MI?63E&+p`s*k{XHx%Y}jn|X)-@+ z*nJ#*9$)v)oIiti`gK8UPrczxx}YBl5lQ=SFqit6Qv=YL#27m0(+dop6@Y*TxI;!? z=E4eGCb=no&SJM<%6UO?v3DCBtAbyQEL7fCZnbWEargc{@6@eX9a(s~mZhti(bcVY zyvx_ZhO)qwdMMg9P{1xU(MP7Q`iUfZ_U~N_W$|Un!n_G zfXO(z7C`_2)W7C03IB18u9>lwo$+5rBU7q#HtVd&-f(fgZSV>|U@bt0LbyRrgyL$1 z>WC-yYGmE>DaK8N;w!{B>=S>#(TaRcbrZ`;_%3CDZ|svi=0S zLtk;e7#GfuFiFb0Z-wO&h$KRh zwU$J|`;gsPAs+yAdJS3%>>ooP2V=~!hQC4jideZwnJcH9*X5dpF`BuX%nLD;8PDX7 zb>p=6d;D#@3&=)7!Cj$M1q0OSvmzwa!ImpebyfX1r!mxa27r4nYQx*p@-%s#v{Us9 z!xVx2Jv$V~K~NC*ROrzxL7u0%4C5;AEI>3Z94$7 z+k_FI#GpBSJkhUFfZ4N90^0{k4W|ndL)2vO7 z@#x+%fpa;C=gX0ZIrFtC^4z4ori~?l(hLpqxmLYb4kIzbdhGjt%i0^JwZT0ZXsw6# z1*dI4r=6*F3ub_8YR$T2qtzG%uweOk@ogrp0R^ceM{5B*#Kl;SO53MKVSCF6X}_cG zM)5))P9cHT@Rc?Od9uAJwE>RTVOw zJ9Hg?68*R!x5MVKAL+)_s}kjMfl1I({_-4eA?Am*sT%OAeYI?Xd3>~gz}|Oy?3!it z<_e)~eI(`!qM9$Agqa~t+b%-Hj3H-3u{Vc^)B=c znf8@o`ysK|<*3r3l?~rxtKWVA(rSWVpEdFZZDubm5r4*ZsVul#nO2S zf5K&zdutwAos#q)hl#H{JUpoLR)3Ncw5uy&M?6{=_B^@O(sVv(ZO6|Yc3%NkKyZk) zje7-qt!FRO6vO?3)}&Tx6^$g_Px%(n>Xy8LSdFKQ>OEW|{KRPrV7x65PqG^@DLi+} z?viBu7ytxkWxP(X%=H41vKJKx>B4u_jN8k{UFL!M<}rQa5C~+Z#3VFKdAn2nF`0$& z{lT#$L7|?ro~VyF%X^Tw=LCy4OVDlTV1s(tO<7czS@rE3+Vl`qG4365z+osr03wG| zYIKs`+p$l~Kp6Vn_%*E2LXei|#h5STC%?Ilp3AG{;0ZjiCdRZ#2R@to9>p(Br*18~ zdcB7}nQ@6IsE|)4k|1pup`#8fwGU8mP8xIhE3Yjysq=Obo&+g_B-lnuultr>MT>in zW+dTdoaTiyG)i&%Mu0xnZsC?3d6&X{U>`v~vq87(N78102AlAlEv)XzIhM(pa?%5N zz~bu94W7o2#Og^(w&qj;sEFwI5o#kpN z@Y-veG%RI^qf`bpeFqEfvR2okI(^esN*PV2A7NphHG{bNE^*G;Z-_y8X_}4m0`{Nz z8+FmP+5bz0ujwm?lm27=wl;QhFgJ9hada{K^S34^G06U@jVkd1SNe^ZbMRX@h33$> z9K_E}=Ni4m`e^TR{`^lIE*VL)g)*av%O{@P?IH7ZpaZa#h)OV?%J?kgoctrpV3doe z)hNw&!QXzZbJs5|ulH*r9W1voI+szTMey;<-XMk-isU+vxe!=jgd% zJ6f)`s247X^+{*E>6t~tDnWSf$*<-Pv^Ao>{p25RW*wwxTFymoMXxII248bvE~U8l z9cIl~OZvngJZHqdynV^9t#PZEi@X)AJ$tk}poyUMcx^a!(TX62^Z>TR#=%r^Dimjg zj42MvZu1nioxbiU@5c5qaB(yVNN*!?E~8{+*-HN&Ywp5n5ehQ?21ebA>w*;l z2n=~KIyy%gDzNs+yV`&_Vn5g1L0s~Hn~N)s0}Cam3C~uB7158#*J1ZGVNUWC zKyAakc=OJkyGfy0yX(=$mz%H3hFsv_0uu^Mk5L;BL3tWwuOjx)Ca+Q7vBN7s1+NVz z6ve_=bIb$~8B)Tro=x5oy>!_NG#z##Z<5xa!1fE>nR}r>XQ#(LoPB`BMr;JNvkl;w z2LZ!6I)7R(6PjS6?hFE7NLI(>W(L;N$3%EWhtEhXZxDm>8KgM@S{bdT1OsV}@vLR!&k$;Bn;oxex|@^ey$a7PbS>XQHl zv?l@uH@SF0;J3!ur&qOHL+Jz|Iw|}X1)qzwfFS}qtSk%&^iHLvBu(RwYcHB2m9csj zC2WQ8Q0BrGOdfo$TptwO)b>b`gB{vSPS~Rz#A@~@@Ms^d7o-Og9UmML&fM^>t>Z0E zPMda26kl@V10xUEz=Yci1e@68-w)-WVYcPr@W%YIwJpa_hpCH)6ZF^}|9#8*>&8}I z$^QJuZvXK$6_59ie-;^8B@snhCpV{V6>HmdR`}mK_@BFaPL|kGck?J%dep!H#F|jl zEvB9nkL7vAjYGkt$_WjIMlaW$g~XZ?*=Qh|2>9}&`~=Wo3vJaqFwNb*9KN(k6YLF3@4={pN{%oom@hfh>#w67h0J;jE zNj_i1m>LP9&iq6WI^||5h)#ho3@My5axrP~U_>A-YjGSba}(6eHjH1N9VDJB9xx4> zgp9#j;@6yq+(n>286g5?gGEEv3tygk!?cV7?Hhdh289kY<4d4Qk3_qVk0&OWauuMj zHeV_gR14|<4NYMI_0ZTmK2Wl1vb$2Q0VP?yx(Shif99ZvEiordEw&V3V8p3!V znVD+BRfAxFxQU+8p~8xE?;$xc(($1RH(io}ZE@jqJAz@W#7Y}2Eax8gnqy}G&6b(abY*j4Gc!8qQy+)B1y(U4BP z*h8_+;*QG5Y9)jtQHn;`d3u3wUF7q{KYub;-3$vF#IHvnS2%b2D$s*%f?Gx%A5Qd= z`o8}*=f;-diwwHiG7V|&`n<3~f{ zv~?CFodhc3F#2JCJB#w8c4!9)3fJ#v*n%dkh*3LhOTlqrIlP7+rK@EUuk0cA`2su9w>`f1K}+wh{-ZxM4d&tTekQK?|30Gj&~-04;|h4 zC<(uS^zrEQOG^$&w7w&pE&hJnXcRm8#k68p0AOoqwxE$rsKgj76iIk_D;d2BW?5`g zcyay&69$P2DeP{lTaZ26bpP(tXZ~TA8(}@wG8Pu4l462k?jxT=4d z00v0eb{=4t)g)psX}@(C$&vLJzlG_v{eW7i*($usD& zUU`Gi%AM>vH62K{?nfGu8C>S@CNo~@(Vm?f@Nl=O>8+$YBpy^q%b4CmkqDjkWb6fG z^Ktee5B#d3dNPuFkk>{UQ`m>i%%o8!>ot@!)+~xo*gn7o?e&)W3#rb43EyL*%8#0I zg^sb%l+n#ay&IC9D|5Va6OWLbuW>wofb`HHNkUfQ-}7ESd5qZlM)a2E?we*^E1$2= zm6NQvNYBmElwTX3*5lgtG)Xc_)r>enIDsnGo2gyBe?tB1bo`&sTHJq3cyWNO4{;6r9MI<^4pfHB z?nAFydflf4NR38G)&mBzH=B@Zrv~L6?Z5sUlvku>A(S zSca2dsya~ZwQL3jZ`r1G2VK39a9*?v86)f7lDeT3=VWVkFO@g~#-rj6_M@ykK;KVS zV@;=A9%;|e!@&vl+_q)S%vxq#5Ux_U=s$4RHiQ=b*r`?-gT&}Wl6_A<7q73L|<*8ezrPXDE? zdPnQ`0LZa(4AffZHn^8EU*&_RG^wN#Hwq02?aP)&BqRm ztxj8-_sehLv@7E(ydM@nG`CxL@O;X{`ctaY>6zw^@uo?}SE>$k=dDF|YH0pV-$|46 z?`k^xqcRs}U!Vy7UtbFU+D3L?N|%4g3?wUX{Sp5ys$XC62Sc|&9gM3Es|SYKqTY|K5a$< zlAKPSOmaGVv`vC;NjOMKj(jh|-Iq`^huX@g&GIYz0O|4dt2Us4PbPyhgG(*M(l;NK6>e_`e5r0-;G;%wz; z{MSqL65G;tef0JX@C6Pe9*z}qd~B1&Oc`5l$bLT0G=$!iJyQqL8Uv}nci!yc58&uv@Ja+4@HJN7t1X1+%>C^T9CMc z%=8D~blQ`5;E#Jb`N^vZ6jBV6I<>6aAMb=S02Ws)LCbNAgqF6CfFxg@^AlOBl};;C zL3M=gWu@@Yl}OuMcLnT5Il3@!CQ#0+4D>M#@}Wu?jJ`hY7vgG-;BLTLDf0X~EE8`1@YBz*KRo zQ6(Sp6)`6km%y{%ihy-P3HHaVvhDQn_ zi)I76*Rl^8V?)cbaY4P9b;mTOS%Z$cm|^yJf@+nATnr0OPAjxwJtnM7?qVSQn2!-` zp`q5<%op5XP&N0zs|03ttL zSVu47X*!L^0`2g~9)S%hE~x}m2}v>E77y)y1V~)hHJbQt(@Blr8-d?l5O*k$LR`5F z#FX4%O?;um$EEel9R$l<{j_G7a{xnwL@i6wI4q-=J31YhbH?`Oh2J7k3{Q+{fH=Bw z9BvDq+^Cjb4NsSChEQC<+fMY&eyA#Oe4p?bof$-=C#P4)=LEk>=8@(^C?|=6j3}DI z7Do=IKxo(#DruK`5DdmcXSNB+B1)iMs67yn)y>72vc^e}QjSCWoc`v0QqEcf}AlBVr4t>MyZzD}ikx52&cgsb4Le#?sqyUDSF3d}0Vz1My%7pcGFPKxZw-H*6jk zze5ne{oW;*%bkNpaY_`rfe%F*RrzcRA?|Wm_%3`^h87oczw`QJq;sGQ!`*=0;e52k zbQ_Jx>Qou{Ktd-TR&HRj*;apXJwQ~%zfCFjORX;#a}|`%v&>|vx%BSH&!o`{h;HgQ zr^*{;7WFEaTwp?3`CuaGw$$Bl>ol7_Ev+RQV>GF-oOl06wX(oHO!mWM^N1rpvRnsy=Y={TVJjD&T$)%LD7R!674eAhNWT-*BkW+>hZ5qhzvB0+K z2YkjKKT!g2PMEjJEpbNSW$~!Bw58hGZqd+gZS`<^zWk2v2vsU#u@*`I{1RLIMz*9& zG)r9vpxlLxNYq7n4L13(f=I*CUYKBQLUJ9X_$nz=uxwvo49%rN>!bDi{QdFu?(XQ( zqF(Fw+uiHp<$3F|sY?xEm#8riC;J!_>Gcs=la0+%E>OZTH901uSNe~-B5GL@OjGQw z(d_w3tb-q7@0JOrj=!XvWdX)M2iGmTSi4YTn10dH=a#$r4jtp#W=bokg!q4-`pr3Y z7xeTE)l^e@EJ)Fn8$a`DqS3OGH=3NUv|ifAlt`+oYT>P0>LRkG<~C%}(9U2{H?o1V z#uGH1N2yxP2d%mAW8Sm5O}$Ht+7sDkc+E77hk7TL%Zqqp5IVGq7=QDqC|wy16U<ci7F6i)MS>R9eeB z{J4 z_%65XBgaSZ-b-_#7w5R;fE_>laD86Kpq6snHIkuk+P7x-KBo+^veM&jz8CDCB3xMb z&4{Dc~>FoTB7Q`b^Cn!T9qj&X{XM_%U+7o&S>)U=?#@&kHCUtCr5+>tn5ZasgXuPZG( zOrp!nIiIf%ii0aEtEeWJp3f9qsyBIV+PMAmO>g@m(Q1Akdroi4U!%zrniW&hLY;rKJcH5 z-1kPU&D>C)sz(On`lTW;!i6k0l)3bm=?Sk^TsZQF&|-Uw@TGBjs`BsE=_;${$yMxud>lJZ^>Kc0x{alEHLGJjahh`}QqIh@ zhv{xSdCwY!Vq51Sl%y%2%%oPNtR%?TdBM5=MOleg+o9U>PEu2)hD2AoRi<(_kWm)v3BArE-@F8EIMLk+YJE zN$ID>M52*}9**Mp&o6rq3H=d9H)=~p9yFq~S8AQ(1GVNxa_B3E)!THNNxO;;_R=Am zr$gB}rLDlcz8hs?lw6pKxdERiSEWZVI^~=1d-M9k{s>a!#ig+Zh<7}M>3vXAmrSL$ zj?Mbi0`?Y8;LXx2Qzk6ni&8^=LcB{az+t8!FniY)P0~Jd>2K`L`Mn(lFO)~yuZv6e z$tQF80)&#*Y3?gyl^-loOZUJZXk6SxA7j6JBMQ7kye?uz&1w|rET4zM2C{?&Eh{yZ zRitvPe~%$mjzpdzmB@^)&Ps&RTh7H?g3G}g3XgR2ozByF`ppZD4pY#fIv0hZKA*v68GWhThow*P6jkdPxHQ-z3bjHrR5Xhe1swg;n{MImUyH(GS#X?``7t1)4YEEO^?)4M8ZVVcF9>cK76FvqRGb3@5L@=IF9D`;4 z{Ye3tWCHS+J~987aO|e1D>p6#iKk$3Ix+=^k7lh-+Nk24-`Oa6jVdVSXdi!v4gz7` zkEE_1L{jov2V!~qdGMU12$VdTv6{WEVPRqdTU#2TRDN(~%1FV8!4GLpDd{&!*ktCD zQ|z4h^9;}Xn2mSICcyZ>ajb^AD|z(0O>lgWaYpy@9C-+4m8h}W6kQ2@d5YU%tRke< z_yY(xA2tC>Ih6A5S8BG*W%w=MJJK0%O@Ec$r2B}aV$zy+#@+yHk=Cm9mQoxJt6S2@7n z<^6w2F^yqlZx!Ji(gy`%EKc!U+odJ&grq1Zwcregb$xe_OD=eZ8pL(pAmso{n{9ET%9gPUa?wU9Zw+&U-Xt zM7tFnOm*0|Xg@)I$ne1RQh#^*(uSAImD!jm{a{g#0POwlDsqf@PHlRbL*_o~S2t4{ z*)~xt=NW^-9=g1h7fGs5_dfZI#ko8hk69jY&G#8Z^<#E>s`13Iw(W1UKpROmcg)xG ze&p+U|92nt|K-W(Vn}0VtZ!sx?D&_QV6kGK#NeM^;C#?Sfw-)MZfDlF#G{0eTc(L~ zFeTzrC6SS@*CpbbsMQL$X=7baq_%gn=ird?T$%&F4cgt7R2J=I^=nCJ&|nxSjjB?i z03u-)Zyv$cBo-(GDmVtwh`eTDLIT~aqE9_2;css1*AOU$7+_~lpZtpc|l5c>n=C=yKL+Kqa#Vo491%uC2~0 z@_hwPCkbQmac7%H;clH;u{;2%wN@%GQlOP-RTrWltkZSc1CZD=v$_@} zfiANM!~0zQmpDabI-_-)mcO$FKbE!TH0h^|<6WjZnWoIfTRKX;>6dR? zr}4bnW@^jAae8(SPt=%4Ul^8)f}vUl@?m(jg_iKyK8 z0w_q|0}+W-hCqJkNuoI6kSm@OLrCD72+yGfm?bQED+Qpt-SgY29aD(Ikm3kTiX(v` z+IHTNuz669wP4jis<+>;iJ z`^bj28opR5z82u@Gs%Z$wYo;s^|wJ(^veF#&wX2ycSbGigQVSr1EIb?d7iGg9IS^(U(*R?9sSz`d+ON;mTyR!>_lf6wT&(z}m0x9pS=K0UGoP+IuL6ejpHi zraVmO`~Wy4x-8bMc2+SoYBdb3;_MrB0M)F_<(|7UR5woTvuUh`tUwlR_VX2dM^uJG9ymr|piuLheg6)wg#Vqen zv@h=5pDE!9M{)upb>!70F|!v^gk*5WmW^M6-SqMI17d1ZfZuHIgV&mCuF*PZ_x~39 z_hiU9>95dxeTDv?&*eWtZ(wd?^kqNzS7kGS?~lsn(38XmY-t!^h?@cb*Ht0_J>uub zp4N|_^@^Y6ezSi-V7&%bVH0!hGjmN_YpwuKl1J%RE$7iNnXn2e12x^O8e=bXVy4T& zakp#JnmMy1h=M`gTr^^bcxKHzpiwodmahyZ4J>GX3KbA^UNIkGU&Vl?z|Js=;|HQv zsu4c`gky4#;nyEQn!FZZT%6j#17ihZ75&aMB18fAdk=6=Y z8bKe0l-AdL^)$UEpBkyty34os#YiIZLn%SB>6hnyKcLG^qGf2=5Fv1S`4PAqGHUF=Pm! z&!xGip{O!-+FfGly_zr6(zM2ig@xZw7@(_N?N*&A#SS{cMSXrywBG;^UrN4{|@|ra|DWiaWsE& z1R;z+slx~~5e&gmJ9IAtHP~A$bt_c9nu*BFg%p627>=Kewrd?_Ct#>=+M*n@pGmP8uo$<8Pg}_!-9e-k~q4HkV`l>G^ z*ylvT-n;nCpZ9MMmGtO08;XQT4(=nJLrEU5ZLcL{eOcCo_zT?Qe0l?*dGr7 z9haE5wzZ9|nqQ+v1`9|!NeS0RD6#fj{C>jvvgIWFRhQijTJt(PJa4zfl!Y_t9o@<|mbhJCUEhpoZV+z87Aue=gD3iD%(EIWDjv;eun!xbPEf5_>2tIH)$7_wCAH0m>HLY$uH7R!3+yV4bsW`M8($6}be%_SvS{7Zz4(b!;XQ`?i z<}SKaBajnQSWW@JUmOk*>oFKaRWTgyJFp)9GSOX78h&-JRtGkiBM@{O`6dY0S7|70 z37YAGcoU2R)FeK;Y{?U-8_aF4GKxIBvJU)81>%W%A%j4!U2}A|M zvWYX3D5L40*ixf4SGy#D6mia-4YL?(hQwTCz3=Q}zs*{J#i(vuKJ(Q_T$qBy<&fQGY>Bdij>(eX5FOZt z`HtLuOQPbxtHRGOyCt3?ulwllELVHj(i5#=*v3Du%2y%)z}!Mb-pfJ_F~)kI%GCw- z2`-~-Ck&s1Sl1`7K8@uwd{&1LlP3q?)%74=;YzOv3-$EwU2EFl6f``FG8VL%P~SYW zXi&Y)hu$u~jwCjYHNdez8=@H-Ct(iw=?ufriw_UhMYOEe+$N5m8-o0m? zuVV@#!HiW~t3#QiNenI%I};V;ge+u_7}vM)ZO6yOD2aqF2S8*RXB9RGd~}>|B<4Vxq<0 z@&<;yWcblRj^Ai8D4}HyrH1U;G*UT~#9>m4FbbW*ksRVDv#^%=UnkPXf)F7X8_4x( zz$0=pOz33|@-nO-60~CKCb4fig*t%)7le6CDy=uGQ}8bW)%M|2atf_m2<#QZv=M|1 zkpMw9vBzIS#80a*^J?n1%;B{SF57-oZ2A4Zq|L){P&A8INeXm1Q75P@1b)ptNJZxm zt-ZDEJa3u2a~tOs5Qi?1va0UvF`L>l70>BMEKQ|asR%@ccOXL0r(pJ}-LZY2eTUgZ zdMBDM+OJ11wMyh?jJFMy+x~41Q|yV*0LR{GJUT^ry7_Wl4WO>WgHqmMMlL-o`4XNY zy0!&wER$f$tDn)y@)Ug^NXxBI{tz9~l+8A%OqdxS65hPg8KuTxX!cU0hX48op}@lr z-ee1?(4+TKk%m%M6<+CKPzeIIOAlewX=A#g1_X+{JsdY!#urHXqu;AL8T)_}vlz0pnTJ_| z2-7N(MZ!w0(~CtFK#LZ7=NE-fBJFZuh6%J+;V_DDLnQPv~ueurnZ?)0lz5 z0%61p3P$`YFV?Z0IT{VeF_o*ak-j>#$7su6LrtY@cs0DVrmD7d)E6AogHMB}{mhxP zHnc|*cr~bOE*Q<)Kp8h;=mp+7^FoKO7Cw#d&*qOu1~z0WmSrUh(k}T16YTepuwWMD z1)RMd9qK+BYUZ5kK!+!C&aU_gX(JrlZu9o`@{wz8OM4Y+nUO@u!#?5-J2)_!$_A-r z%L_w$x~liB6Rvo));WMxU`EmR@IaT;;_Vuv;f7cY2y}eyf_yd__WNaCuN?d0MPEIi z&j_$yUOuiKctbADQW!`ns)_9*ntkN6oz&r^uZab1fDFICMjsnkxl^`)%3^_wk$BWr zc^~6yxf-f11QrVnFCRvdM)e#6VKiTQ4OIhqNCvJ2H`Y>|NwnYJOn9|>ITwnccNIye#mJubobm(oslHHua1 zc+1-HTkEG*#JxIB0)~Kd9=hUJ#Ap#-V<>6})+iDG#j?~htg(Lw6~mNMS|VmRU--f8 z06&*6vw~yH*w|8j(|5N*7)5dC6gv{kQm%3x7%6LAxL$Sq58MiwcAW^r7cmS(nSkGXboJyxm!OnKn4? zbiVhdC-Tq*lc5t{r`dJeqyDB=LTlAR&!l`Dl9RZ#Ms3%g>@BI($V%D!`^dwQ(~G^g zJ#PDgThB9FI)E{g}7D&1$-HVqGhK11B)KP4c#4dRBO-f1%xjAY_4j~mgL;8M!0gs z5==;#@Va~<+(x=gc`a6!-q+$O9V}gBzENNfdiN*GYZZz63R(0;IGB^Y~{j|^$Q_7DlMPLJt_Ro=V;R~RK7)0ReRj($hmHKBGGJQ zQ;Cv5mRoyA80F_}6X~OGOmeqiK2N1_)(J`x70#Rrb(pZw6_cx2$m~UWa+OL-7m9G9 z-NE7fL~`RW={Uq81QrI|?kV2mN}()vxc!i+dwl{vqqke{b?}Q4?*H(W7kqoXc&1xv z?dl}9dbat{*Qw5H{^is`U!uqSDJT3rZagFv6;Hm!MfW|&geC{*vOCCeghrH8mjI-3*9O_UWzBhem!Un*0OZ`LX^fSnvh4}2wb z^BFV>`MHfoebPMJg=UaXtkD7?T%$kBMV1S@m zzy-9kOqg7el!7P>+w~Tb_*jFWCSw9YVcDBc3^(qzof<+9K^@5{5eiFMlEq^`4ZWr% zet3w4ohXee;}<({k5TB0bWfw#IeF6amK3ewNK zvdC5UnTjcib=x0E@(OM~Hp9>Vt-9i&*$0TGuK-TM-(yT|3aYc_k~ z^w~hgio^xC0PvTyAZpRhWWpc~nZ2m6B$ThUU{Ad9PtU^OpxsP~@+vN_MC}_-N9Z@H z1@AS>>|RF?YK(nJn&RBc*M>o7j5Nr!b%)McFOpnUb3q_+G0gLOLGBV$>XY>>YLDed zXxj#x!bD^E(;K3m7|!pGBS@G$c)%s6h-{fKsT)_oR&|^P1k<++M3y9M?;JKGpOLPy zVmQ*&g>C*i0z+pM8AbDn)9*5KduS+1j7{xXATQOBqscAW$$3l{eoEYC5k2ZPHyG$# zHRL9>Vrp(F77BW{`l+yjIe^$7ltNYIPuY%5BZM4u)LgV#cl>tOh z004&nkAlwE-}i6yf>NKw#(&WZC83XXkij`#njVx%@R+0CDj7~9M&eY_DYQ1fyBmx; zCHIg+aal5+OdfJ_-+aJd5l%q%0Hq7a=|>Aq60(2`xcO|^PJRIgr_Io0 zeSMW(t3bV?$Z9USEFlsNj=FRK)~hf4^8ai~CM}m**4`Tn6Ps5L-X+9MWDrsXCTzTp z2^yD+LSpwwqC+n_=QI^*M{%6-`-CYyNE=T90E08y^V{qOTINE)2&GX1U4MsffYucS z0(j8jE(ZQ0AVSSu6K}UxHx~QfL)O++amWzP^RA7jCtI5!JsoS}_}zWXc8JJnFftTu zQZSg-7(e#Fcz=`*ZHB6++i}N!d1EhpG~=tB4;FRvTjHRN>_?uyRc1N)yLCH%{+@Etph{`9NLQvlx=_v-Of3yCCm~>;Q)0ow$eU zCY>Q+%oiUGwUKYQRVZZyGwf6PrrF8&Zv#pgg(iWKU-;{M;s4K5!e5mk2VS^ml~@~Nir}AVZ=kD#3YKt5$fDvO&z^gJaZa50Mw~1Ag-apJ|tIKni{(z99A%tcuL}U96^WSRw|YWNrQU^OYf(Fwe^8B)(_D3 z_}ynmMXBh^VOS-)d{IllfJP^f2Rs?1EE7BDxSm?~;W^!_CV$K#flTtBMhHBN7-TTy z(=15dJwqRDpNR(zJQa0NS>h0t249fujf^#6^eS;(-6S5=>utR>jbX)RhK%pQNAem* z?qJh#4?kZ7WNf%zFrggwkdI^1@RGVWQnSJWW`CsBChd@|g%fO#bT5<>yp37{q8;OV z*=bgb8G|FX&oTV!4_R&)*u2ueuSdJrf1mu6HT=*g^mWL1ya`IBLWsh`!pU-3erVq3dr4hX202ga{bS(ysel}A@l_$!2gv@ax`{uF*h{UH#D?$ zw)v~8v^tUD4>BqEzuMu2K!Rnq8k{JLXA?dsb<4x3Ip#U6?eDj#BuVYFNa06K)UQ3C zh&P=#fqsIAp`4|3-5j(?%qvK&W1`L@F!tG`ny!?gaMV^&=zHdxS{hd%>cl>{s~{N$ zM;Ye;qF0p%)c_k8*-!-({JzEFp}50V0u56mX6O;%_?q{$v=rVz@sy7J=r3s&5(S99 zF7lqCmDy<`<1Q?pRfb^QMK?mn1p^j4*%d{6M_x6Y8qC4!mJTc2IfYCUC?*y{@J0LN z0$Zc^b_8^#=gTBRhqYuLW^`}^)72U6>ps4a0R3tw_-9)0zmTxDwJ~?Hb@-FHXjcCB*k2URnvfPW zdPHCAW-HE8zN@H-N_9h#xC1@@xi6meP)*iKWTFWf*1OxaJo3<{4X6WfndB&*{NllV zL_lKyaglxX$;#E3b#We@=>OsCor7!bo^9dSwrxAvv2E?xwr$(CZQHhO+uF%a^5y-` zxxagK&-!cCs;6t#>e)SN)_g{fF{!78|MJkFm6sfQ)Wy=_NA+I(6%Tzl=JuuRy7@Xe z+_+>62oIcg9I#(Mr`3%|omsg?KuJAEOp{dCNG=UzaK?e5F(*j@zewFb;Dy`4oAqc>Ot z+@rV5X24;9l-duQqzE#m;mDR4uC$5oz&Swa=&z^kip2XL?DUDgbV@rLz& zfbYTA9ipw|1m#)t(C!LcOY03b>)z}pRlxH%*JQh;9(M})=gPeByF%tnG={M{p3`Yt z%b%6*4jEaY!2V{Q5e{4axdM=L5htAZJd`%8atJy!rDrli8aLs}-#ey+GEXX)2h)11 zp9Pp?Jvv9Pvx&Ezfx%uOcjeo@lVH+!v$WK{in~!TeCn$P`rwXKSb*VO-!Y!eb3HJSZ zPTXS5C99FqfCiLr?;JbxIXB-u^ZrO4)KxnWOVGdb>w$=J@v(nThhd|&l01qY{N+A! zmD#ObQXp{s0MDykUHX@lzZ8&Q`ih4Ht-+0$FqQmBzJ?1$&`}T_Z7?eWCidjC#rq@H zG6a?Km|FpVf~h<$7=f3pq6Ee=$RURbJVIVC#|(c~VS8K}7>5bUNtiv$Y23)rC>Eb< zo4-lM$4up&4!k?uMy9&m4)wy6Q4=dqtKjp~hy}EKyS^}QA)&g-*2Aqt(qL|s9fWjJ zI)JRbfq`^A0(=zsP8Cq%Ty)i89vfLMaEe_xsg7R$pzvh{9vK9Skb85n*Hku)ipK0K zhH{SuSU0p(x#Hq*$KYqF{r79#w{;8N^Ng(H?C=d_*<|M^W@2K2!E|2-h()w>yakc+ zN)McM*aMPa*03VMID)7aWE80x%hdp)OVE zaBI4Majp%XE#G(3pQ=i&-MI9t!KB?#Htt(YOg(Gq=zhqvttBObJSJa$Ve+^bxT*yB zD5PFrVN*hv?3rebErS*!;TfB%XVfnrHma;2g^Ff`*rZx?sdy+*{2k9c_SwGD{d!f_lOSems!V(Bd~;uo3k8tK{Ph6 zI)N-^LrueMjIvTlE^lSCFSvX=mr7p;P{>MC+_laLOMK}k^)qv#ZFUsa_pn<#;qC~a z7Ql%j5c%2O^kkaF2^E=y_%NoSP$PXB)O(ooqcf6)zu{k$InPGqkL`<@A$n|- z|IUpW^Az8|y2m6SDc90Q+TjRGxdL&wKwW*`WkjdV%R;LTE6Hf;Hr#BYh{iF~8@dfo z1JNY4fn^u2bc-CQ{*!{Ft$Z6{rO$CiYG?Fpv5g)(4Op{*uEbZO!#z+s+~dkSH2F8i zu&W7QwAk2~?}(t*$sXs}wmSBZfiH_UW>5>8Z;rur;|M#(@w51=Z1%sLn&*y# zna4Nc%}mV*HL#t2`#hhWa*q*KbGWSZ(}}zk>S$|gZ)zll90xx~D}D z(F`V68LNN(k^A`QcrwT9jxQEh-4|@h%qnK8I?5k=(1`HBT)B%^J|L4&ir1ZNkT#%6 z&E5$m8ZT%HPqZR5P#>d7QBM-5h<&)CQfDcS63LD%IrxGuIp&ncmPnJ!Y)De49k^tW z7<9MDfQjQeO!(~(uk7sZImS1e!NQZOKzS({q)t=8NuU450!ytIhwvG#M{$M>FJ2oY zsq$-SUF7_Al}AKmnFx5npQcDU$Qbj*-wASMZ)UrpvJ1tukB?u}{xhv~S`ttB6>%l^ zdr02I_bc&km>JpAQw`!RM+Ob~xmo60IvE-Z>i{bYfqIIhBvdckZOJD~exxzyWaK1C43|#zXl)V;P?X^`y93b=k zWhY(mZm?rI)`8;J^AAPaY?EZX)ftmFStMgO0=bD(Z~BrHJ#y17nMi_hRSA}gPN4y? z960TiSKm7&{yrwrF8)|0Ti75u5Ud=s-%VAo9V5j01xUmEqmbg2nmmDER0so3zDgv0 zwpgR~WUb_Yw+#(Jmw@7L4K@XA=FPq!es)DKfh4ne93F-s3z(k! zJ4qfQ6~z$m#tv0-gIXlIv;k;gdzs5n*e7fU2-+D6D9J(hU+dGY1;+QFRq=>-rr*~7MgU%R5dj~2v zZ@=nJ#DVTiX0Si-k)uFH;8TV1P7&h_BWt$XfRflk*Fqbaq(DMesGuVN1>q05;T7JvWdjUD!-FaL9iimRo{x(B()otO$#r#&zQ zU`%j9m&|IE{rg)NPyVt*aWK1)KzU4&_o2up= zp4sj|lruOG)X9ZV;{|;f*dWgaa;=%J8#prR-O&W#3XBG!h54l1I=R|JSDaNKc1Dl& z!2pUV_QSpt7n7%W2;hdUNoc4DY#6_SXshybPCJEm|GV1jOXtw5Xor{#G?0fN-eh` zopNmQ*$YG9<cTdT$g7Bvlpp-hc+_L&Y|rk+?yNlFucxetY^LD%Q|eH{i?i!9+?XLts7@1hDIv}XVh4jM1} zB*>Vne&NxWiGTxx5cZ^!1a$XNWXFhA_7DS|L5+VNySt!*1UMSf(8=iy20{xzU7OrE zXJ1rIE7UkZr<5I+=d8PvtL58B)JxG0CE1-3cr?3;6jR#WiqKz|hJ={RjNPKO zZWUX@J$hqJ4^^b`FWzRuVbQzi?nzO>cl~nF_zk2;) zLAWqfr8FrDjp<%;0uIvy$y-3Kv#-jh<3sgv7fX+E^=03=jURlV91pm*FMxKN;4N9oVv z9O|y|bB(fewK-(^IK4ZK;Mk3H9X5uNobZSoUSIg;IH^ z7_t-47Mz`#z=|mQnjXyw%o5O=JCGJ`QY7yl{mGnY!?%<_yf+3;n?qdT;?>bRMe0a| z$I;0jgz1cLuz`|_h>cqAj4dG#c+BvooI{t8KcVbM zkRYi9xacqI0`!*|G*=+YBWV1uQ5{;K4STDL?5fT^|L z>CSock-;A{bilfNC_87s2qy({YDlUksy0NdP!39bxyOQ+Pstk7EA&s95_6_p2k2!^ z`pZ#xd_3=bh(X}8j#|TRs-&*^=mUH!)cyNR14ec~SzxE7jBJ&+7b5A!zoH`qBm+Kw zhoOfp5{3cG$RWx-{^CdMk(A_XNEvebn{4q;qXVj?b?IXLDOljy<9h8w{$>aW$M$1J zygRwPhp+8@S5!GQpTH`t$aue)j0^^8L?}U5C;)-P(f(T)e|!xJ;N!LQ+k^^4co~|TlH)4&H$9Kx01S=2J9?8f`-`?_QMN4` zFZCVD6O`2pDJ^+{;diyd-0x8#%}`IBOV1T9es&dWn5ypcxRq@zGr9~QvNY~mz&foh z*^5oV2>db_RV+Fb-Q&XDioXb{VGxZP#kVA13_#b+w%rx1;tU=oXM%HU6yGBieT?jF@h?753u6aK4 zWR=*=zA#=Hg-Z_Uz}1y%qmihO#S3=FHhD8B4*+A?>^cE7gUx=$=mn~eQq05q0UP}( zB*X86_?wtD&XWsm(+!JEldaFI+-+i9bob$|K&&?^}OEoCIh?CX6{~+ zYv&!@Au0uW4(~ZO%qg4~=pNFRJ$6vd#!~TONh!K&~pmSv^Zk` zZSBUy4~Ymu4NkA7F!d~_xhD?Mo9cyKl&|D;F{@S7z%tMZ*ohwmrxmkcZhPf0>d6Ju zt6}s3MM&Ja3h@STaqrBz1N}jaZRfz|{ENJ}R;sFFW#{>UL7gI2lTb9~Y9RUZ0}wjl zW2W0L942@+5F@R@R&LkX0(&cZ=pIWD{{Hz}zW!cwcL4Lr3k3&0DfwHaRj)ub=S>qJ zS<_$u-xo+GWk)_!Bk(r%}P9{ zqH(J7(G2R**N6v|`6aIhX~fkHlW!6cC3~DK$d{rs%P5#d^w5ihkr2yDwO!?qRjQc8 zDDF935s4i$phDvu;TQ3W{J5CaC7fH=L>NQKyBuO5dXj@)48WMy_;%Mq?fY@9ANlhi zlbEqzC@R37Gz9ygZX^^CYejZtnpu(9c0<}WSvE2wIFIYwKPn+2YP2X`Y8-V67~irH8QYYS8sq}5QJ zB@1U0e*H~$(Ljtw?}Ucnqb7TA=IZ*{JFoPs$zyREuD;|21?l17u`#MP`%pz8h&Awd z-uHsp*_AaDpRWB}cP!Lg`V86EXopK$;`Sg$I%_;Xa>gVu&3Sq6@k%z`n61ZHZhk#- zg1a0pz8$wtB?({q%K$TVGM>fHRHIL$+6G7^a>iIY8s8ZcdM~B>)h^9E<56I`ZZTY) z-M8R~xL;l6tYfQxA3ybUf+e5~e7iwpbWhA_dJcfnwmOW++w`*LjMUmrwdyeGd_0B+ zCuL_LW`>As9*1HlkX=Oe^9E~aeVcw=Z9X*1v8ubQW75!+2iwmg@`0lezMYxvyK@+k&FBzn z%Q6_#P#M>j%E--E&E{7eMXC=;T_Sj&A|tY=KpoU>flN@e&a{B=vf&8Asr0y-npJ`sINI%Cs5<>+0C`+H`5Gd6w7gA4Y*tDixnp zlI&LCk7dc=eU9cwND+8%@8>Qg33u%FCW5 z`FIdgQz%cu)jEoVFg%Ry#NFkND#~ng$%;!tzh7u@u*H`Jl){Fh=y?6+fVuhQX4@=O zVRll1?X^jN?hRRL^umNA{-Vt^#-h2>)nC$`Xv0;S_=Lcd=v1zj4drr9i)LiB=YgZR zO$*ox$1#HY$pr+kVYO#k7dvy>I;V!ukIM#0G8E?V^(xA-9|+OoLhZhMrfNRz+LT7* z+FyZsdVjv;J(;8nOJ%R*A>GrC0ExD7Ym=vK3FGdV`^l7?A%H(GR9U<-0txR=WUvf7 z@!@(kWrYnfk%DZGiA{2oH@gC8{B`T0ghLw!&SE9!%f_z|D<>6QIf@|T^tm{cM;lPGa#3Pd1SU4nXv|CwIOVgPdXj| zg~`syohVA#<$CW{jZXA+q4Vp!fR5Hs3{6OXd$=@0fy3p{C!&zi#K(++rVdTa1SGE%+%t$s7y6)rv-! z0?P~BS^#d-iBQD(o+_3>)2IrMINBXbIpjTAu71aOwp0vYiR-K97uI6sl{VPMxG#g^ zQeW|KjcDlyC)qprix19TmARC871jfxVh46-QLlGc4;d7z(mVNBjVp?sb8^xH*$oE2 zmJH>z8%%1S|Dbni76b8u519?d8$-VYVlyh~;7DrR_pS8cKPk%~d@KPC$UMmAHs?ZIo#0_wbv_eIK z(x6IFKWqHhRTdd}VceWv&!w%|XBUf}z|yNIXW(FJpU;&e0L#UX2E`Oy<0|0Y^M3$(3zE!qpj;sktLM&mVP&I1m%Cw2!jryY9X(ilWtbgbWM^+#z8?x>vM-{`@GVGQKFy&o zj_|J}o~116Il1c00GSw?lHE;N}QR-@trjt5Cx!>DJ<^tJO<;REx~6S#zkNDX!mZSY0; zxH&Z@Qvxn8rr7IjCG1NJqow^vt&O+i=M-64BH!z@oEB+WbzLuWfsiAA`(91~SFPPb z%Xnod8w=@lxh)Jq^J+CRE>-N3bsHLLu%%l{YVi zqXfz(st|*0i%a|kO}$@?#e>2o=ZM?WZ%#%$m5KDLRTV6G#iXd@A%XKwnf&jJ%h{}N zh0~v@(}5&cC9X6ozV<*$UKAB9oyo5%IAzu#NnDMbh5216tY2JOXw{xA<8|9H%=RoG z-%7IldhKhZe}Zv+UJ>*&y^sUX>1p&gN&DP<6W*2d)I3(m`Z4&wu}k{x#O6S`(}V{S z-hM?7ow6Y1E{c1}65E%WlT`6+u*L_O3RUaB?Uj?zkaLkG*7XdNr^pUC=v>9g4>WX7 zD%I~26$j16ezUZNo;;hA;>;SAqCagy7%KbtUoVopse`Xj_|%g%3riVcCrWt@I9$$! z9^pcfR2K&kKgg*)zCaq~*|Aw!I?5|sreBN;-uGQ0?+U>E5cE7O!U&>y?m=phNXmr~I3IJfn!_HQ-L^HN6&>e&9WP3bJ^emN}5n z`HO4#Ly?PNt&MV*l`puF0nVuGF5G7q2Ni7>pFk>@`NcJ%bl{bbw_Fs-A{p#jDZGXc(U9(B2 z1ADh+?`#3g3nYLM{ACYh1{SGb`YGKw>+w*P0!JsX1MvFrJtYtHl*T>m3g5gnTlvX>s zL-2aD!ua&+_T`Owwm3P&qP~87oegKqsd|*7qz*|={TT9;)`6jpt50WSvH9v`10DfT zcZ~xslxpe!d=N72KRbO0JpQT2-RU5G)7^d z-qc;rV9|6XHgM6+5WB?bqUf%^oYBp1eEwZn+Ps_TtSb(0nk8#z2`iaKgA1>`pEU0epj0V1b<{X9nvM( zSfN}~%2fFFH(_g!Z^;})&nT~PK8FO`y&#hA);)A2K4Iqs?qD@HLvna=w#fAF7oxhR z1Qm)bub6YZpLHY(kC(R^7Fd9Zb7wy~afB0XxhP(9 zR6930?PdJl9FNnNL*y`dwnLoRaImNL_C8_wRo&=Bb&h;HHjx^)qDAi3fUmpagWk_` z7?boA5nLbR78kn88=-brk1$IZC$_i8&c`ao5&f(EFm>Ur&QHU+aJSL_6&|lYN9O7o z5aoD)7?;me^;@4M%>}6UkAquwFQDn8@NcZnS}>dxLFNyA8F(LMGlL0*Q}^amkK@gW$X8l<=+{$`x^C~KXQj@Uno?y!D*rMx8$Xbq zE;rLhY60IbSepgwNwBB#^Bf);=3g%}H|G|1B7!<6k1`c&Dy#L|KI2ksACw{cBuC-4 z?prxb!x2tMIq9k3A0IzhN;%l4Vh~iH&4DjXEDy_sB^WEt`-ywM0^~hd4Up849=L!Y z<)a)`opl=7t0a6lRl2M|4GCmQB1&B;U$5*tboX&Z-)|O74+;eVYJrEkVN$L? zh}8N3?`j50j&-Zb;ho2N13C0}PH-$e`v;!bnG=-V!>2 zAVCZ+n+AYqEQB0V3~pl9v4{guBjqvEBPDfgR+Zj>E(-f@cN*o3GQ{MfYP%InDBQ-u zQLsGNSjF1VJ2`9iCt*taUBCOjuE`BjVYc6-4RlZ4-8qsIdO?f1-@CJ4jH@gS+JmZ?JO73U zwR%}3=MEV1!$qXGNfCZTBHQirHK!k9cp(VZCzWE?&*@?_WViQ4Z#yEzOQ!`^H_d#~ z^txei^SF()NQ(IwGBe2mkfJ~SRZOxO9?I0NJa7(oB!K>b3J`Py%>RZ74%8}9ba12v zeB5Gr>1x<;2{l9f(Lj9UbyPn(5p+Z_N~9`-TFEO=KWp-?zmVQUpTqxqNIl{@e-QP`**av6GAty*3V0S|7 zf+T!&a0f&U&_BJ)BYoA>tu1GLvoxpkw+y$eF44!7WFH=;Wqj4$HLCRrvrlo!tD}ee z3frp7c2l%k?;nvApaN=&i6hP;F-MxYa)JGA_Fu$j_-3^>y5%{$6Ph;uQb9I`B4wVg zbXJ{`hU`?CtPP{uEt_FIS~*CwZ=NZI=t+lCS;=S7G{#Ev{qEuPTU#w*2Ez;*CA!I2 zfpQ8tb=@P6&j7cXk#uMFU>ZU;>BpuSJlba^+fM>ikE;Ri z{!s;T5r$BjM=%;)bbh<@GxixBeJXUu=P_iXzS%hLD>w6|mahWUxVJVRQ<3eVc2iLo zOlAqvYP`L(&j$z2uQG~}D@NlC>1yZI(9jL9)sZ;>?>zxG&)@~hS&zJ-rKT|*aD&dW zNFMJRm=$x;`usQQN3&TLx2es83sA3z3aZJHTpW8R%Awj6tN;wm_qn5D7dfju<3~vQ zG>{xrD#{^AyU_4tFYlWSOWnG@sEPRIr%dO`OP#Ksp9Xo*+ldYeGENURJ#-~g16{i# zNex~vePG7}VIV8BjjAV)&KOrJeJ&g`o;3(w);c854e3fDI@CGl&`CaDw;-S3L=X(K zR4|;`Xu5NcUS8q=b$zXKLRYL=i z9^4p=V%LovTYyO1o5B`P|y6)5NS-3u8 zy#OYC%}+wsWc$6d0h$w~C65+p4S2N#S1Do#og0 z!8SfB&o9&|vWW7xR|a<35LU~O?(7ZXgn0)`7p5HSQxj-#C8Uz_+DGnMaRAH|u4l7@ zv+%+ad->f)1D~yeRG2o&qP&4n+{E}Er%J$9;ud1~l$-e>HqBJD6R%`=jE0$q>!II^ zSsO>wC=)Xfg6|VsUXYLTcItk9q>AA--PHsnB&Unn(1mdrZT9unX|uu7ApPrWvwLnA z%d7r8_-h40tn26d$r$>(<{<7L!EbhPa>u{?xUlG&JPY`45qxP7hKpD&QoQM0*)-K4 zB-QH;bm8LwLDwgfa1d-WX}EeZY0O;wxW6o2{J0%jRJNRku)Etks4R;?w z5`ag2_#>hzZ0x?>x$MUCf~k)hz1M-mXFnxskE?$U9yjXSlVL|+ANnPmeJdxQ;TQ+6 zC!W9>AY-@7v@Vnw<&RQ5ziSceki}U+8Wq7r#4?>S= z7v*b}#Fj4^;hT_LpGpDpLE9Avrn@aO5KwR@gCNak5LGApa(!yO)QgxCr0h;9&h&O1 zemQ~V)NA&@!mR`}l1sld2qDLnWuo0SS@8E<=B51+y&(#kK0h-Bwh3l)L=$9iC;Yym z8LfycD@}rJwCNXGJyd;hpxIwss6$&IV?DOoPM4j_HM{2 zI(S$r)2|fUe|A%7<08o(_uJXg&`q$^jB@4ht-_X{PmWhs$ zj)|Vm)ZEF;+2CKQdIu&(e*dt7X?|Fp|0tIK z@3B_qHcqro#{X_X6Rr3!(!C8ejO+#zfqO+#us@)J%MquT;RQ!OFS!5v{hEY%W{Wb7 z!p+UL=k1M^a5N5HG9g0Ak8ul#2q{fFi$vmxomuxvEgGK}#qgGAqXV}LfRmX4N`p6u zUbj7s%Ud%0Q99aE>re)<)ixY>U*A)MNU+1A+xs-ITWCyRToKlxLwhBC#~;9l^0I?a zggsaZ)v6)3BYiB|7?l+9Jxw=$?OaH2&&YP62ii(O@A>H(2xqhG2w)f2b#FF4Rjdy@ zh)wzmEXVB+KYh;={=cUHOgY86ZA_Po5(OV#L3)9idAZY#(3b8mCeo1X_XVxsCwB61 z3GYI{hCFKmDY=fQXoL0og#*Y58=;n)kzmAnx0Wxqx)U5o8o3&qc(zOrgK!Y_$PIhy z@=Da0KH|$5I!IF`&+5NpV{)%I44@NBB{_}~2{k+@5v6DrkHG&=IsDrOc@tbDo&Ic$ z!OtfB!|MA_8}#FoW^Hb2W9winBiH{U@B`B=x54MO0XnzjGc@9lEH2Vn&~%T~xD<}$ z3JT}NH4{;y{h*VRn|n>$g^4(&#ZMG>n1*N)3-c-5kHjTz!hs!HtX|u4cT>)vt{9=7 zD7O+9_CChGQ2~@b~VB{u_DfbkNW}i4`+gpz;ipksE9!`~r+qZGxgTyJ($=B>e-5u5kC`9UC>YPpMaL`uCo25{9lBt z#k9|E8OxR=>zLo(B%930Xeq&duonf&D%VV+Uow=Acfd5{lnf)IUW&FCDo{f4U4*si z4+J9Mc(|~6fsXxBfN>NdQ=~=Ceo~Z-@ZPobX_BhMsS_qD`<~YP-8MT~KETRq$~ip!2{7 zx?D(|9LX3g6X)Y7X{#=$)I%%UdYa};b54R}$}#iV;d6vyk$*ja77Q!GZk;gASiyck zHo-QQmjt5+XhaxyLmHC~lQt#aZd&)FfK#fqj^*CxY&XH*a<0YAG^)(YDSFMllan~! zHX&{7Pe#WO<#2ho#-YHir@pVyccsgNUIAP>RnMNEK5ulmrMT@WUL7J*hWqyPTuQn~mSj{bKHM*c6QX!uVl{$Jqz?*Ul-G4_1;(PcU7eJO~{CfL65XJc#3hS;R8s~x` zYk%O~n8pJ0)UMRiQ&Uf9TTu{Z^f-tk4wIl^Vj(_-x*@m(%$X5=^PAiMCpwskTBG!S{}4f8UumJ%3%@yBp>aXjPYoPV|$DXC(id$f6w*FFC zD1d5=QhrPDTOX3-w1yLDir|P7Xv*XnIJ#KY*xoIJ8Q^S?b6_ePK zQ`Ay>P1cxsu8aUFQAU|SC_cVX^8LXB?*}i@La`~a5eW|`a&SNBzK_$jfJX0xHXe>f zes6>%b`XtM#FQPGSTEgpU430`c>g7aDtm$NvyN%1ZV=P4&FJ+w)rLLPb8cc^u%8>( z_;q2Zx@c{fqs-X^BO?hW7ZIXQ>|croM8t38q&+=l^&Kli(xyKdb>@|4 zl8{#4jrJCzF|Y>`4Z8O#D3BhbsDquGb)yiskZbe7g(RpN&r`}Fz?%C_Hl&7SrltQ) zC`J&6G{;wV&>a|VwjeG5X0I@(q;;ZDLS6xfIELlM2^PdfucNDV<8eTmkMah6&aUXk zHhU00G*Yvx1*uz{j%R_dlg6_Yj+l_>fg(mx^M?Gv75k_R04q2J4FQGQF0N9+dxRCF ziRrakE_mbK?du(VTecXwoF$37 zz)nEzQ}=E&EK(wg!6%#Nc*iq0NT>&#f^qztv32;~t}Nd(1JPI5Nxl~#Jt_|8PE7{i zKW0SES+K}9i#OtTD`XRlnQS4+?8-4ZKA`03SJTZ0uKA$>gve7hWgKX87X?`Jvo!bA z`&_S7^07IHMif1WPh(JappRX;aezR#{|obchr(lunYXVGobPyATFRP0PUK4D;UwDE zr<`Rg{mm$l2g*|2UgT^HX*jT03Ta0lJ9u&AEP+8~9;#a23rP$=611=nj`0PWkMDAA zKrcLWqH#D~E&{aWO1Sh9e`vI`B_)sidPb>=#XA3E%EAaJn@lBE+5J}S+{PeaU(Cnn zFq|ePe_;AJikN>yc*{=2+J62LJZpyZk9~M(`kc^yH)(KL3xOU+qybA6W)zd(*yW=e zd6ipOr~kV-&LJC0XldS*q+xuefK>(?um;?Hq*^9W^->+!y5I&( z*?6Ay-I5+yOnlR@`z-H}xpe&X0II1Z5DPL^%1#k0tXp_kQ$wTz=Jn)Zu9{v(e0iFgqAEy%@$f^JU` zLm0%^1GCzWlnKP@o-l;as9&WhcIhX`l5heAE+Q<=NDRtm0~4%&Kgad=T}PUF5to0x z)FZjXz9XOgd3?L9R1#ZEB6>j-PWv%Sm%|$?k2P4H#8M|GN)eNSK7PcHG0;y?Cc!F3 z^o|9Y88<{wge=r8GvFJg?YB`egI7^0RX`oiH-*Qb%EA-StdHA)6U94%^|@aOirUo2 zOluKXa7(rEAxjPo);t~F)><#pm!~dJ{q>2|MqWa{Fm2M-DejOo&!p! z2PYyi8KNxki~Z912o>|{5^ni3Jhdypa2W>R{M+D}t@Y2Ho$XyX7pa3b>A#)54X09dcsstqj=vHLv@Cv$D@n6v zmfjv)Nc9s=dMMRXc*8T{#7gGQUT~{xSoU0)Cw9pt_XuakN;@|&Y2FHfk$if;d!o)$4t&z4_wn==OCXEQ2CDduBMI-cL;H56V2#A4Zpjdq@!f2`sMK6!(qiSV1Gixs+uEzvTi)G-q9aja^ z_&95#g8P$L>RE1~?u``S7-8u3O;>Rd93>~Y{Y|etygZQWM){1iVr zr#xEI7qAPOF(N5c5fB+C8cUQpTP^aShzE1zl092))$FDZNJW2pH@DSgm_85q-BoS} zwKL`qh5ZI1cL~aEc7A9cTH73nMW_IF+EnPbT1N%vWxPIMjG(o*#dcg5X2LEybtQ2n0*vBMcEYj0Riq=KeIT4v~<)Yr?h zXz5k+bK>SldW=}>w3W0pv5XWkv~TF53|S1ciHP7T5R=H1c;?;SJ0&-@3)M`Rq?BQw z=0ufQVvQB312dOo_|SJWqWbYJx2l=sIj8kXjXyt4P$MYX;c##@Z%+DYv(#nFm-=)V z3)I7E`=ao4NGoxdO0-EYQRJx@?Q?7Z==t%9`sCVKa){Cuvs_GyV@2Rx8_RP zMd`FTv5!=rOmUU6N17{;8J?8JXzYIja1NK&EdtfY>kOWc3;sfxG$g#%pkkyHUXmP@ ztVk#-QN9ZrEK%?zzb1{5$fwJvofg-V+rB#1``A)OrpJ7C5q=wvqCV0QGi0C^0F2ZL8!>EWU!B&AR1N_4$e^5YG!r`{J zfjZtUf=*ib!&Kw>Ld&{fPmhjfg8l(`C+^xScQ|gzYTC<6Z9RangWf2X=Nh=n-$yIO zas&*Ylw!Q{45%~@@1m3axu=`SVO04ORF7`kRE{UYK)_DfHeig8z=Z3X&~=Nyl>7lD z8vMAy5wB(DFe8LGtT1|9^J2KZ9Fp4YaXZ$pv)ucm4@b+k%ff6hd5)aXEP6g}wX4g= zTE8=S4k(ht;(h+|EnIG*Q&McUX~Ap!Q60n2`i>86~)uNlBv!;jhv{!$th}k zAAPtKeqMO&RYnAeis{1UTO`XrniZnEyfOZhQN&)lX{JH@k9C#Oml)u(Nq`LHRgAVu zBiU^lc%!XI&q%<~S-NTApfR(7s1|TY8Em{UB3?C*mu!R4ie8*hcMK%SN6il!wLk7z2aNIQh_ekYq;$Az$~+ zP;8-NM`2Ok_8ev3euIKezB8!u3V~|o1qJt`7DO`FZdj_J^bwW$ik^}u5Vm#`C*hm} z5rAl4aFR2)?Srf}ey9=~4I-!3{56AVaA^7p&eY@xWO(6z5$>ELCe*)ms;zGu#-s+c z@g^!%Y;8v`M2T^?4UqY#pPe0zc2 zhXAB+woybJOiML=1e^5c;)XK+VxP6cY6b`-@e)0aYcTZ`%t!6}oJsq1azisk-=p%6 z;BicI8x1Y@OE9N8eN!^E7{FiI<7q9S$bvr16Vrm1eMQTzvraxOwTM(UNxe}3nmAUu zfIr|+X3`)-dY!<{B5M>?WmsZwqDDN%pCXTv;{mJ?Ct^XaD`8q9W>_`bE_pdF7RvcV=GcH5RPw zxe4`6dwzH~mqNN9Ia*aP7Hc6>OU3nio&L5$v1?;-on(ddG$_QCKl|-v!61LOz5k@A znVexqS4FNl0fRq&oW6YCK`CqqyjTnm3?8O9SLUfMti{|U9NCG5?V7F*&WvbvOjl6# z5%WciJJFuAan)|?EU|%d@5hT!pVaRI-y#WQCrKv_@aZ{$|7HLZ%575)qa?GfG4hTE zX~lPBJOOKLln*oLLHX=uohA)&rL36jJc(5FwVpprJJu}4`t>f9)H7kz)#Jo_W9)v& zeFX7vI&lVch3QGDs*bV7j-jR8Di-oP>fRqk5^-d^wE3si8G3t-yH-FW+ zkW1F`hS`wzA4=!tk(kUcGSsfF8;c6=w}Q5@gsNr)2nMH{)O~cF!JDGk%c1_9osu5c z`?6dOpjI(>C*1P}XFcZi5Fg*_BegXW$BL_PCUcReX@Y!-&^;jJ0O$pk;YgVtn+FPE zeDtcH`K8SF=#0>8n*Flk#r>RrY-X5>yJ~@^3g=uPN3wC3y0~-(pTGyM!M(r%4G8hG z&B^VPt%e(q!0m zpIs1d@MhYcc%H6A^)`I8N7y=3j~2o9eC(5&GP{kU?D#eqx*Zxt#mSmt7HQD*RXf0G z=LB~nOAv%rEp}I59;#>=J6)IHC5;Tjx3*qCo~BPt!;7wT&CA^BcrLD5hxP^*w0t(l zfiDHO^yd1vw&x6MrGmQQan9Qz>c`1TYa(~7ttG&#^2~mPa@ntf^^8V~d-L{#@XOQ# zx~3@&Py!!g7(js)5~m2Z;D^dsE8iR4kJm&fUH;HOL5BU#i7nV1XV3Lnwz{BKMAxrp z;nf*?v+;DbQ6T#PB>@rO(b5r8n~ndBUL`2tIkn8z7k?OGt^Zc!?wNVpLPX^etmixd zHK+&2SFU=$slnsnyE-FGGrbYUkSJDs$9@^EOpR5D8nrEpN8ER%-Ro_E-5n|WIVVgD z)%|jGRfu}d4Fqd)%oh&VO@r;FAQrksNhD$)0e2WOD$ogQm+c9>!e_s|KDvE1L+Xg3 zuxJ9r;B)1mfOk%Kezm$@gs?$uj8%G~c^>?ott)mRT1_!mn()LX8}S(DJDRC?kPB|@ z)ubFHft$Z5{&oADH+%KGg*swic&a4dRru3a08B9Fu67^<>ostfAHh1Bby8#*Pz zyi&Z0mX2mq3FnJ1xH!1E0)7%Y9Q60t@~RfzPi(DSvY}s|pLkJj*N@+~WbFm8C?Yyb zGTvm(AI3rbWwGc8*qQiXD2rba3rCMYTVoO$?vL z^*c8VK-l^2t=d9wMOtm0-J$eGBVTbifA6{K6+Z)s4a~LPZRVj`jx&28X!$z~m#pR2 zclC3~j_fd*tx-0UFnZ!CeBZDL=*k=SwAEkH>(+CcuFKEK?}KRL3K9*mYo)1eCNZ50 zq2fa3X?7-90(O5=r9U|03r$(TccBO!7Fx|3uZFl#^684=^n!2^lA$2opt7;p_uA)J zU2cUj9bSA!k}KtAsPUk$5$L1Nw>lwGhgf%SnWUx=6tYuyNdCz8Hx~L+nPa>uv~k40 zkcrhveb_8@JlL z_FZ5X|747R8M2Rw&m;l3BmfEwjiQ5Do<#R-#p>emi*6Km+0>%L!`XsU4Ij)y&<~NP z&3}!$pQ*KT5hlyUT+O#*E4Z;7;W1eITo#dA%Z3oK(=FM%NJx;AlP@C4vr=MT_Wf7b zsJ){skHcCJw#}B{LEB=^vlHAt!@F_sIkfw){eV_RHztuuU#kn>&hC%_R^SU!p()F= zWR9N)r%M{p*uX@1aO!x;ok~MXz~TqnEukL%xUVMyc#=nU8;z^MQ`w{e$-o0sW~>S* z%8c?7oAGxUmstx*8s-|c+>pHGUw9#$#AbKA>Zd}vi^m7~LVi`)v+@#!u0P1-Yqj?PF79M;>v5@b;f!#`uLt8QmXR@T zrbfX)FXB$d(aHDm_Wt$$9nRN>F?QyYUOz9ldjl1wJoqlM6)6rN3;8C)D}7S&}G)&-Gz zBqsc@v?@du_mg!@BS6(Ef?oweev8;g@yV;NbdGeEic)`dvu>@_?*mCesXp{;Uv&Lh zw|Dz*GpPIiFaG z1U`a4N7v*1>kvMSY0pMi{_bTA+=oNlGWih8IM?{TeXJx?SJ_o5VfNIf(52hQE6%82 z4D5rT4=NkI5@{0tQ`u9`LB}ErpP5GxeetbVNxqcBpLCfMBW8(&2i@}?t04<`l0Y9< z6SIhI;-)2jeRqPNfw@0^r)_|@xe29-k~FrXN-7Xd7)gowf-q;P?I-jlVlu7qH+r!#ftu%MNBX zBKh7hp>ea30$6#?Na#sU(zRkLxek|GRPCq zx*-m@b7cQlA!2OgVD#P6#?r;|Z;)K1%h)dnB8^_9yyA;vps*peS|)fvA(Y?=LRHX| zV}i|l@kOMqbT09u1dh9#b41{VQCwu=046z-a+W`j1oU~-Tvvi3sB(jZU_}y&a#Eff z97b4jcb$*%r~kZpzj>o$Uta0uyJ`piLZVwBb@Kd!@*9O7Cq17-c>JTgL_zI=c(@=Q z3Ry#}z+_5m93=skc6P}4woA7|bhegn2x(6ym4^lEkj9AX89jeyY0)eheiC=;RgPy0 z-i}jweCiNmuhFdjYU$Gvzf8WKr$u%dw^RDJQsNo(DWgv2@Pu-eGOXE0b2%t{N~m&4 z1=Ctes;`u;v|Nmcj%KCqwN_Vb+p1&`xaFQKI{5HOe0k9AmJ%w#4Rl(s6|pf?B9x5FO8)*2Bkx%a!Xau@enBst&b!;n=+! z6;#+oKCzmV_sT>=-)0}qb_TRGrpZP{t7ga1Vr4pKc3Q3!cB3q?lu*Go~R5+4F zFZLEqB=U#!r^9~03PeL%Rdd+bykZ>ptd$Ijz6a&t91)g}>7*ucf6C+-e30(u)Z=_1Axe-0F*%L%) zCvk6Gaf&Y3?$?+&M+i9`;$85IsXPsa)*cXPTqXSSu;_h|aYe2SaewWqkS1?JbaJ9J zVY%{o%g{-s-Dq*4m`hx$V6>2=b)5OL5QH#C(~2hc7^iQP#X^*o1hV}24|zWP$3Cwt zUmIC7S98TSM1h240f_3}IFMC-!9VgtBJGs66#kj+e)#@wNCVKF2LwQj=wHRMsgskv z(?6)LS#=wLVmRO0-(USOB6XJSF10C-{)UoJO$DjY#5YcI*+)CR!8~OpIB(lGO& z=pbO8;S8}CSB)PzSCUCoxOx{mn*isuZo__bhLt3 zIbp6L7@1xtrUmCHnMm6fR%?RvBAPq~V46~!hCr2MLb5PR$aHmgsQYssF1QCMWymBU zsBRh|WQXT!L+P@HUeFUq9n?sP8`%3lSGd6E4l$8+iYyu_uDcYugyuiJqiiItq*90| zy}l zsNnrcdyQD_VJKndv=X!sZU)`Ux|{^iEEy@n_O(tP{T>fW*u@qQ1|L7bPn30ZP!z6w zECSvYg{S+{hbw$GTF`5621NM1RinA%?`s#1_s(!FxFKawP~f`vKe0 zV#ICXR<_n0)87Y;K40JYzdTsI*~6+<&&@bO6lzZF%r7>j9YbTRc@JXjb?Q5Rd28fW zu6!c!y?~#R|53|6PDt?V`*gm5>eK_Qx=181Fb6aB#I@X1_d}4!>`N;!w30pr61OWv zplhfA!cK#?^E%V`sfC7Nbsvy|HmSw6i509XV>-~g`_XX&cZyx^vgJbat0V?&BakdA zGy+*w)HU5qYxkB2Bl0I(GS!g2EHdwg zD*g+$^cvc&jT5Gf>Mu8rU3;q^9fXS=DRCbNYA>MD755^*q*d-Kxr3ws#m2>mwnpZEGu1EEzgLlB9{UkRLr6vr_q(yhuQPPQiNK!Mtjd0uZ2^lwz%co^ zDk86n{mnV%e@==Swg+JOw zK9z-S5}6gZWK;b1J!&=*!W-_lEp;ahF|FD{IfuL5nE>`wL8VOKREC1I62yxJF^{-~ zP-nL4bO9euL$&I5@YIeGFkeugF*Lf}sT<8GOFjXdowdx-b;h_*eds&8ErBkwHmy!l zW*_9Aad?z~sqBP}>d5)ft4 z``}?_BTWG|W*V$IQ#PqP^Pg>}qj>Xs7BTh0`7#(b(Ea`jwzFoZ4VWkiV zZuQ7NBG(Fm%X3i1>X*hA*xOe2NG6LnZLCO|lvR5zu4d3#BWXX8M$6wp+ftZuV%@%- z?o|cJe93Wdlz3J_9j#b!ixyz`3R*@*COaf=m1%ciHX0(`Nu3PY*mdHxnTJ518kBV} z;6T9+HA`(_cuRfRw;UbmC|0IkL+X9(e( zP629tPJd~X0#b)=H92cQ>d=k*P6)vc$wO2TsvKyEKpyga9wVu^y|yHwTT`35la_Mi zm*3UY>0n|G2LpY#)LOa7&_zMq$l%No0Z&y#Ps-HU`XcbZxe4NB$sqD^h1u z5Qq=EA(S#W1Z6QxY*LTlghQHmtBSewe1?O5s?-GVnfxsP+eN_fU7s$zR`X~5S-YG$ zZKcw{$U8oaxE=(;!#r1Oa!Qc+k4 zG|=a6{3!~>ufJm7DXwMFZhO|)WEqWI+BPN8z7wlhl4oL=sfUMOOxRqs236oR4V8N*AaOPcFpe%Y}YRrmyUD3 z%jH>N5D0=6J&FkQ5dRK34Og*Ry~x8bR4)`{LH{--O;0}{7)S55cMfwF~t21+9 zUpH-s{x(@N7wIv z4FLR|(^(KR^!o!2ZXe*d{t~48zjt{4r?Q8gk?p@#JOFO%Z|MU+ELmZ9m2*58KDq-x8Sa`WOG3&TS5G^-)u2s{dudRdw`}5|kc@akOmRz$f-frwX`DKmku_Sn^-$>2@ zuj#vT%2dAw`0RF0Uk^>&IgxGJpIye%qXn;!$z+h`S84|NCSB`vRTT+IqT5BU2iT;P zv9anJ6cFDrLeYgq9IWH)<@$DVBMO6keTI1dAP=w}cf}KT`I)Ejw$tvV6ZYNd%*A`G zrbV9F#>%E`;OU6ue5c8kHiUr*K|YU_11DNR7snv1&8k02tB;x8TX zC+&M!yJ*aW6rkg<*#8hJkWyDgGAB`4x4$y^eE)IUu>A*6icwpsYMybW0+C7y-+-#s zNQspJ$ny12NdEmL$T3NJiNQ?{(zc+t_@3iMmR0McJUourR3~tOc0Gd)c~;g7hMjY@ znxj#my*!J1$L{*eJ4~XFhTC5I@4G_vBV4}>+es)^?qC+)&)UoPniWtx+5SFLs>t%I znbM(DH4S7$c7XCk^~WAN=eF-7{=89kNY|Q-Pu(~*JAnm^-p_vBe$i#PhEq00+N*X3 zZrH3pWfAI?Vy6^YoAMPjoP>U$KXl$D5#oAFp~nuW9d-a#T6G=+hW;xgU>E*sDD7rr?eN984IYCcwxnS z;0A~#WFU%5-o}{;Gs*d#e5;&u){d%#h7dc+Fk$Cq$&7_tGEP@_0r|)%^8GKiOrqbU zjt2<@)QI)}K*Ikn>;NF)3r!vSbq+LN#P~0VzLN6I#oKv1AEs2J)irpr&K8H3Bl12$ zou*&vC~64}#%v!~JYA8Arpsah7p92NWH-9K&LslAcmn?HGn7Obf#5UgYpLfXwIzjj z=vjS1H)RTCl!OWA_XqCkb&)ioO?NQku$heq_kb6pRGLlUxIgCIPkHS4_AzHAvQ$-y z%+x-jLuc^dO{WTv`Yx6*u*6ojstj4_O7#eo2<`e}IZ!fFSZ(uD^ojOLOjutT|AX~w zPRx++tyE_=P-}Y&N#B|Z+eNE@#Ag#Y0?n%t_i5F3VSWAdXc%BJ$*=!J25>+n1F=zs zJ8a3gEdDUiS#M>VF&tn1>A$*!_d8Kdo5up0^)8nrNj18Z2qSdF6THw6TGuRNMN%^y zrp-w<6M+7ff``qNn-FN+FaKb)q0?{OEVn$XEM#939r6W zbEP@7a;&*-0TO?1twqU!rdo82bELZZuY`!hZv?uE#adD)YsWWqu_zY+`|irYbs9zNG6OoeqU>dg=!i7Ie! zwlb>;JyME4nMBZiM4n_IyvflXFlaodu)3VS)p$|w11;5CNssOOVIUFyzU}?_Yb&UH zbhFeFoEu|HM(#i-a+j|ZIK7-Bqsr9qg;Lz8v+m6bX2(#iSt~S`(!mv~X-U9B3x|@g zf}A5%FW;NGlW)jvN%K-m1fIQi6zzMwvnqb7>O@RA(>_h#Q>1a#@=0lTu~tZX8#tM0 z?EQ+@1Bq$k0!W3(jkHG7rI87)QyG6ia*F0%a!E^50ziiAx{=nA@iY6}*E{%7jzyhr zF|zN)ouW`!!bQlnh?F8CCv)j;cTx1Ur7mgg8O!|E2Y2NSsszoI-Mmh#J~E@xpG_W6 z;Wh>0QzXTo^ARg-U$@u|OAB9$Q(sfCb=*u1sg5Z7%|^da;-$SLVmR(pxXk%N49k=R zR^yo}H2&wxk+iyansg}2NTbd;yrV&`n#sH>29DpbL;RO2uB}3LtxQ@mwQ7^37(t!0 zla1=lE+#RHcvQ>JGjtK+l*hzU>M>h>)Qo$1KY2IFs2=(XR8$db+;1c8eIemxm!uG@ zcH$o57^?GQ8d&)$hz)~M_)Xz#{uKCH&ufAUA4dt9>R)YFqzw802_ z6&H)dz2(|(M9sUU%Ed9cO_|v<<9G6LO7>9_*B}sPcosUSr(>qA@qS{+rXsMD#i783 zlS1{>a9ya&faTd0$Q?@Cw?LNbHAC|4;6SQW7I;{0!0&;J1a%a~7MLM+=CW#31FK7{ zTs`iCm6nQMbIc~oK{8+6k)zq{TU%kOVG1t;n~Wd*=>Iif3|tS%jI>oO-uTGCave@? zsT9)IY1(>2j_0IAF)R z2`Gc-j+>05<$kG0=(fHx>A7YW(C2s}#Q+kgMvYn{?($Vdi%rJD>J8azeM*F?RwFNI zbasta+3+Vr5?_nuC5L9zAh_ z5}y>VNRRPkW97g_dzsaHAURA%8wWk|EZkMOXGPO6k6nyc;5|n;b7rx+soNf3>d?3B zSg|Q6$x|n-xn!}AIczql^cJ>6(2@Jp=khFcJJT~WU^C5Yh%>(+AHRI_F;n##s%*rt z#|O2X#>kl)P`J~EjgpQacaX`jce%&Z2BUcAY4^-KeS{X1R+Wvty5*h2H*$?54JIdN zXMA9g1M|SwIqZ96Uruc=XG_*)4oGp4IT}F#4Mashr0wO(H|=+c!zOIhU&qh($e3>& zT@JT9?rd?nPM(a=|3M?KW5;aX(4)8LDw`m+&q;lDcK`KtU-(qQ^JTt_d*yt`8t%MP zRcbjy6vHB{=DL0LqdM(BYbO0Q3%B2V7WoB;7NY=>M}0n3mj+g$V^H{Sp0wQ$VxhZ5ozP;~31-QCzPP%DGMR%Noijyz!#HFv6nO_BwFfGG?{{Hq6DLd-2&CqQ@ zYWj=|URAIx^>xL-qgkP)K?TASNw(hc5!TNt-)k3vP5au8mb`zi9Uu%ncrO7CGZ`>C z#PY9(;DAH?H<<;%Cm)4hkpoOfJ(#Zughq%oSXbbLhPALT1R^ZW0q@CXG}6oN+okMv zVS0bqrhfD;xUB4&`2>kZFLCclC`brUsCN`W05VZ6jRm->Dn^*lP_U3JC(;0(;aTRo z2I7G6Cwb=a4sLSS5{d=GAh#l7DE#g?A*U-0r^LZRin@UMOybl=f8N?FeMd?z=}QYf z(}+G7^ME*dr^-ZIM3HLvE7?cv2v3%^mN9w(RMEZu(6jRn4w~}7?2rkWo{bxw2;JAL zCeQkw{+q(C_0K^>h!T;lv~+=gKBY5BL!MoLxd}l1KO`!yE|z~Mc{yrxb_)P?n7k&x zwn*+d`AABny#i%@!RRnzLD0v@u7lFM)Rlg>26?@&9P82X4L8$}Z=?KwUbmcM*B4LE z(YTdn`tw7SRV@f{rcReMbGLW!m$ zFcy93%!Z}gx|X>$C5;Ly`87gz&>7Ij=4GCyN&IcBC%P=|x>IdQ?Y6J4tX8$ZTB%|8 zkwQlO=T0hX*mXCuVGhz$W@NWFtR?fAgoxICH-cG@J$M0NtU3c?`%c(}YFx(P7znX- z=olVPwt{dz6xX?y%?E#HLY;Y=*57@Ykjtp&TT0zD-abZNNWt5@Njh(7lU&d%sHH>C zU^O1S_mMhmk7p0nJQ>l9)Y1HVft~xN36O>6$eKcXli7?SHgE@oAj(#u4G(LN=X4)sNeg!-4kCZuVKGehEv|$vANP}1f zVcMk$?y~l^IAI#Q^KQQh+$}?n?{S4~4ARjk+>V}L`3-NVV&CMA?|p)`lZ8FC;b;68 zu-LeWiCg{KB;sG1hW}Dl?{4H|2PjGYqbL%RASW{@h!lDi@)<_#VNtc}pC9HA$ry== z_)wIlzjV%qE$KFJS**SG>2AI*4URZ4;Cns&Hr3U+iNUI=q9H6AfZj}%MR3(Y99fM+ zXQY1qv_GeAx<5Anq0j^I)*sY|w7})CUaDtfJ5tnYVNI7rFs5;_gVYe&8QcBBiy`4$ z>Cx;8akSY2D!!m&8C{nE0q=UsY>pv$KERfev4WvE<_DZ?-PD70rQ z5%L}M5l@QKrj+R>G7}3Q$c^Zog!orukUzUGU%Z!zrzXSZ;V=Wo5bA1NwSzolwX=3DJX>a!*W50hFcQSmD zd$IvOQyrkf#{Vyx!GC_5fw7UZvyq*NlhNPpEt7xgwRYiN3($q5)dfYi!;TT#+JkEs z3C+teHZ?VbpPD8**|fbpF_0^#nvNpoizyv9B#!M)@r$q7UD+9t-yyN#NScJ2sqFgb zTay-|iL`Zl`{2j5G}-WaVPr&y2t89ZVTk<%qtabcHiARv^P*P!DMS@q$mZ{9%JG92 zCoZ>1)6ham5JO3Q6pD`Ku8Z!uG9=lwz*e{DC;{>hK1Gle9Vw`+aq%n@;SXf4wJa}! z65+W!QIif}M!1@jPcxX*Pg$x2>+e8Ff}JUW5=AEU`8!#t{rvzfFMp}IT5l<(2lQ4t z+?2KCrZYYwgJ73(0~D7o(9vc5a|`9?0y-r1egCP^3 zXDyiuyku=!5uG?fpcxQR#(igpOFv6wU|1`~IUdmPr3AD94 zu@;wR5uM`Z5kt|Ugq9|5sq1{e#mV0O>21Pp z0c~3Z(n{|qFjPvJ2hh3|^6PJpOWzmZc;oGHC7*0p2KtB-0$J$n0Cv<1;D62(y^UI2 zyndzs>WOdUW6JK|Kg93i(Qe%S=UAco`MF;ma2xZE2n59YKe2mTBPUBElkfkqdX0a! z`pkCRu>zr4nK=&0`1^TS(rP*quZ-eEEX&XCV$oC6@x(bWu^m|Ygu&H}L#KyZCpVZl zUi~0ZaNsz_3l`ou=ZbX9JskNNeS<%Zn0&VUoyN#d8N$!gVCHFaN?% z{3Y+fX!alkG^39ce6K=ekN*HinE>Zd{aE@^NHr`sVDA53@dT+U)UJwXm%KABj#y(0 zg$74d3|x-1*;R%lhHpDw7p_>TTKfVg`OTW>M&7PSZP>#!V~w6(h_6d>0ZOY-LVy*O zEsE+LM#-M4Qm!pn*Geqor$*_3r1UNdXsU#jUMP1Sm%aLqabJ?Lt6s(;kl6<`zjH+s z$v4xTvpc?8JpW9$mMMZ_ngwxiBpRmmK+%xpj#>BIS(=I^+(`MX|xEbP7X;s!Z=X4x-kmY zwh_8L{RA2jF z?F7MR%qCnGI5l_^U4l-hr`~Di+n{EbX2R6#(B<`*D)3WW7i_EW*~J+m1Gk9hn9P}O zgAxge-Q(uJD&2G}!_3rOiMi_4uH?g-%r^qb8C}gp(JtTtljXkRIBI8ch|6u8dm;`#g)A_A(qZ{k$FNKs&Asun z;sc>&>z?}_^PlmG`uUih3cza^^8XaC_IBp>|BhE7`z$83znU;Tgg28_qr7K+i&VL# zS?c_@+BC(4B#2P!`^{lnSo7t>f%P2oQrq0uOsU~BV|jl4??0eZ`74!>PttWJC6MmwAi$td zykN~EPMecBVj@mLtZCHf%eVr-iHmr=GC$Oj^RxyYO(sbKcN75SBX ztzlDQeN|V@v)Fqsp1_!tUtRP=X${@6V6~A<_2~1k*y3x^mG2qFc^As1aYy8{Y-0FL zsqJnxazb1RPq$s8moR0&&N7pKgn1usIopIRxc~fB7kUhlL35PjC}8o7Y}Wexu3vk` zpJrjEG3bFGx#!fzzS(Fh?#_0JzdG}2R&px;wKnk?uL<&cSZmfkP8lVeBW3Ra(WKqs zXJ{ErcC}dfn{MWAZRLKcFH$;4V@_P(6c>Y;rUl6?!hXenFP~9r%N4psyQ*+7P!V&^ ztK{68B8-h(eQ%fGCSBgvGn2v=%KZ;}g>&AyMMs8WhcLluwLUD#dq7z7ZBm7bMD4?+tMyY8hqG|j#`2CM$6~M3r+w9_w$}x>Ci7;` zUK`44bK~M=??2;RSeyVu0f6@*06%m8kNDZs+0o{2b{_vLChZ2qq;P-5r2k-Nu{oJm zw!dQ1Xx@f!3)VC;@k~EP>V!2qEsjhy`X2@4w>Q7C)D#rV%N%Bs$R$;gZm||QM(;#r zh6AC}9K0Uid2@I(Y!}Aiqh2DZgBjPWuJVL-#GM0Z$1;);Gc=_PL5P2$875ZI=g5~P zS&uKZH9_?)5G~Pyp_oV|mfZIQ?`zRqXcrZatJ{6o-bGHY_Q>~_gac4Brh!)AV_XkB z3B}Z1{BQ%1JUV~o7o~Gu6Jxqz1Y0X8T|TcBhKBUDi!DalG!P61QUj7|uK}daCz|v!tYxTIN#H-34o(~+8P2tUykEfx+f~J*s^$+4Ut;4X_7S2i(dQnq zL7HOH8`f9SnIR4zUE^4hMRkqxn-aX>irPIP#}vDf#B)ZK(s?#8QeBB7m-8IFGfYnh zPR#qAQ2A)UZpHsW%xRCndNODg@J$@yZgHc)5Sj;&tZhTQM?%O%A{ZB!#{mz0ykMy{ zhGrnHW(z&2iq7e~W|R|S3U{Q=U-RH_O2VWW-fOXKjLf-FO)kcu8h6L%=U!Dm3H5pb!@DjuYFT`(b>_*47oO?2{}m#*<&4^*MZpWr?hVn;tF=J=e(FA{pz>&EOBE z0=#0s#k#9;f5t98Z&&*Pw2#iHL&c-o60gPyf+A1v+q-S3#brS*nfLwiWtLr{T0|4Q zMiu-tGZ9LI*}=yQZ1KL*duD=~u-mWsPWBI_nWg5&ZRhH5-MKID{|r;J4SLgF089x0 zn*jy>CopxecXs)!#p&O%s`nQ&`@|)GIfQUiS75vnR3K)xbla>os9)$m?)8z^OZyux zaGbtwn;U0gF$FhelvXMq`ukjtay{wa-McsUI)4~N}+z~8_lyBIq4DIv4%{y)EfkNF+p4Q^&4XyjPW%-%X3iqp-mdfIoVYEt)iI#!6qibqcQ+Z3F4ziS?4a8kYi|Y!w`}Y6(e7>XZj#oqaj~(gB+S; zQ|?!AJ`&6t{OVu7%23OlX&PN?a#N)fD7B0xL#`ssh|U}0f7dQz%3dF#3JQ#PM`;nr zK4R(T|1l7b#++AGK1wRG1ScGAaT`cCLk8p@%sD7A(Ka^IEIs(%AeI|apmb)=dwmuT ztu;cDYNTl8j9T>L4c$HJv`@HG0PYdNeNn|MmVm=4L`yb^B_uB{LO65s$(#pn9!e5r zKop55p=4p~1C6517J2Uj!*A<%*Kd7KUdGuh92fj}>IE^il7TnPKGzFpGmVsdsn}&1 zakYvb22#dCtf)RcwLN^7Cltxlg0X~sy}V`envkChCUacT5qtN7MAf%eG zDFr^9%Imr%O;LGkrjy;iZX zNJsy~F_}oONuG^F2#J@(hx6IjA_=Zx$KIohN~`2_%aE|Jm`MvQNVfKaFJ&~UkjtW( zDHDY=FrT834^eG?0uI4CEhp1f`-DzJhv-cw>6d)DodA=ivQ7H}Rz~KbB_B!FcTaCT zvqOtxl}ZVBciQ=VbdyUB%J|p-E3}rZR@o*Zf`F&XEo-$hxt!SgG<@8uF0N)xWvbfC z3q9E}^9H}Bn&eT`c}G@uLjFa{*bW)I*O3LR?M z&VwVF_2xJ-x+|HvdkePPesJ$|QxzaYnEawpT#&eur+o1P{%7AXt9)On5AY3efN`n+ z5rsRMnppnb`l$YQn=RxRpv~4zCQ@wJKZnIcu+=CHSf{RV)f98F6t&<}lAKFU{k}J@ zfo#+*r{g5FfUmsy`T1Eg5)a|>YG%febeDQaq?j2-n?11lGB{Y*#eqlX zK|)f4>}yE&n>J$diRh*U358VCx#ZFbn|cR@c#_?)V~K|Y4-QfzlF`x1P|(CkSrker zz05MVK4uurvvjImaJX2=993N zh+*4I`#}ZC6%cA&sY}~$WfK|hcL!i5Cja=+e2wF)&Fc6-YUlt{4e>G;`7dwKu~ZeP ziJ7FxtDzeg1bjYj->Ew=Pw}!VYg8r$tan}F_M~a>4~)pB11tM98B&U%8LT^!IThR^ zhaFVb04U=G{IcVr6%ed5)Tw7zVfnH~iSc?jgrQAXfA*=#S_8*#X`;sKQBFZT-<7v) zNtMP;k<<3RiNhvGf*gxgWz@wqGnYfS5N@ke$+h=1QIku?uQ7}4QC$pw=JL618=!OU|MJy8b&oGoedDVTPj*4P_?*x>lx!E|5D4_NO$Hr_t9Z; z$N6S@Yn0s0=U(E}q}?-;TcGlBdWUW`+okLwq#tK?BGaBn*1Z4DnVVY?9&p(o{_1X` zKd3H@r^zGJdrXP-7FWZ{*JX`S7VPKwXK_%5g$&I6YS9kEJ40VtDkl-(%7O@o?Z035 z*uuThRud7Z<&f{_wQ8w;t19T*h{7KNLG>!uuDvyy@qRJuTedFFcKyL4*o0iqY%BE@ zZJ9P-#IOY2;H0ZQ@9igqnMFBdk7QZjpz>b05-FOl9}z{zrYrbIkX#XgpE{M+)*OFG zwX+A}qH&#ds`F1sR5@Q7B0`;Avi1*EZ5siNGwSjV&&IS+`cskFQI)jGpYV`I6Gyhj zT*-bvJMg2Lq?CHGE`DLs4l;MBEU1Gn*~>4+9<0@wOTAw4OzxuZMl|UZc|p7_Tw8|h z#;|znVGCFIV2ek*YI|CyY=V5K*y~`3+l~4ovUI=m7 zXS2LE(W-N81!3mscIDP^eZM5ARIb(DydaQMFn{h>>A@TB1L8lUHs^FV?l+(yJOb$U z6a1er`hThp{}p~;{AcWf*+y#1)dD-wv`qTLuXN;kDcN#km`&D@mBB`SJSiE(<`hpt zz^$0_QNs+6K0S}!KRg`4v=r(Gh=Ycd&z@`RF6VIY(mH}`d=v1MrL0Bc$l<+~KG-0# z@mwr`zy)t$z7FgiAMNgA-h&E;LebdRA+mC>x;Wx>n{7&?6M?*vOs z%}UG&ZKr+x$*f}WIw+yPzAkK-(rHm`fRj=-Y1-ibJIw>-^6_e5^Kw^k?B^*UI^}tmzil7Kg??I9uE#Cp7j2Mz?4hb7v5wQxSgm zZUHNqr$ZnF50=<(^{k^R+JZJ(&Yc6eE)G2n7YyT#u=m#BGc<-RVU3dCiS=xK^DQ0R zZEj#ng>WT2WdFM+)x-}0xsR}-mp=u1e=zzy0b6{ft!lsk0(ts8--;g?@JHMfw8m4g z3BMHPdeccp8Q6AJy|`ncMifc7wvd|rWi*bjN8UKj zV+UdksC=5#k7FB_W8-sTs=rEbN0G`p<*Ac%Go$#ziJ|19h!~RVBwyn}>sp7LYcI3h zo!M8e&83wQ)S$ubMhv$8V>sM|?JVU#n`!KTV z?-sntfX7Gji}{D3QCQ%rdtt4SaxUu|1~5AO?-pHz^B#k*BVEyV@OtdnJVq*?WP zJ^hQh%KeNJ>^C{{{gmEMjHte0#Qf#1SN#9}Q~&q7Bkcb(xNZN+n;HN8YyUR*{GWC{ z|6fL@|Nh$lVa4nJuNFWDdt#y00nT*~@FxB5&i6mILDNt20k*p$3GNa^@Z?{_0N?q= zs-BqfHCn?2fm@Vp@W&=!qHl|Il#?uW&yHo&7Y;~ionP?k9Lk2vYv7u;d?pPu|6#xF zxP-jtI%u5I!SvjJ=>3XCd{ENlzmRLuYXaTb>8&+l?JPP?$t8!!QfYh&BMii%Xsu+u=r0x>4&rsW(1Svl@wO{S z^Z!z&VNm^pkpj3y1_i`<|H2>s%kq7c`(v{Ko52CQe?R?+Z7kJXxvDGq>=4yTw)pzN zt%;0`S@A!6paWL99{dk@&jI^?i=6e9R(UKZLHY`nuLjo!XlZhl%IO>cQ_^HdO%As6 z-aWm&8I%jWX<`zr?XlUW(xT{`+2!D8W#gTqcovTX9ZHCmjZLn$kZ?3dQ#g&QLkC`Q zDk0zV*wyNa79lqukgmr!rsy9qaXpsc-|9bKUm)oGuOY=0>R-k@2u{GhJ5C{YAV8Ud zKh!}5#DV%hlWR)9WKnXK>Th0xjnPOa1!$mL;=5M3g!7X24<+8KDg`^8I|c?^cc>SQ zA{^~>4pRt+Z^hhvnYB?z^;4!H2zV_SaS6QE>8M&0RhDtWhP>5UraYC$+2Xw9d)%Xl zQ7uIlc1z0FdY(F~+Bz(1tE8<;i z{a$=d8gU6I@N@8PO8fdm(ZvQT62qda2+GwTWIzV3LBL*avMDf=P1kR#Uf$<#HzEu( zKAs#j`8W3hIjs@A5-fNRZQkqWbx-OjAOGr@|NCYF??1bZ|4T`l^nYOQ|B{vd2Q!}j z+~oW=rvKiUeo*)&&Hh;@#Xq0o{=v+S|LD~H6`T%=ZTq81680c^*YnnmWI5J6m?4rM zCF346z@(;y-D`M#0QATxpUvk>MGfIZ#TGD}U75;fBd)oU?Q#Nf01? z2}&3?O@|!Jd!}5sVWbQFe|c(Byyc-I^><;dZ&VKi$4;-qbC% zt*|}UTDCzD87cSLh%b>6el! z<;-n>OkIKG81w$4cuJHd*B=2TpWJkCT(1RYbNVMY-6L;nrH8#x#3{Ux_9Zz{C+fw+ zohxHc63k_`t8yKldTe&RiUzc*#CPL8PhRuG`;GPA_L>f?$sCrS=5&$nKb!&iA6~HbTa6zt zoVc^z%V2AKarejIsuw4Fo~KyHVp3NEhhbP|cKRZO@u94($s?8|(!mU4O-+qWQ3D}a zid>~Wk47dx4okSrn?f$BtNWY{1=c2|N_TX|m3&}pO08IHCM%E9Bw-jBrJWcM@S{=E z{NRLT4ipN$%s6C!=6M&jVHvnfyU^C&b!b}47?Er5KrT@vj+GFo_%(B%gg^~=HXnP6 zyahoom$E>@{v~6ZrTM@mMIv&cWyDytmv9@*!2o<(c#V55)OtI!zVED}3M7{x{K`Z> zU4%hpAr&T9@{SX}JHM{ODKGvA!ZiK%Zo5LVsY!$)d0O$yE6m$P7j#D86`Oo+&kvBt z9K%XsZrnF&K7%9x|+~v>*l88JJKv;werV&P@$UaR%t;VLxkW~gR z;nb9{s08F$2SSxRCNM{Yv9H;vb2)G!1PR?3#DmJh1gySqLIWhoVW}L_J*4~OBP0HX zzrq!RS?#m?#Yiq`3IC)|v-B$-3SRBpH5VDCuGV&8J_M`w?}B^}ov_T0(;OzU2cDLh zLnUe;UGI_xL0J6htB4m0cAE%EpMV0U63ROt3L+1589>A1N{5(AB`3?T`Stc|@*dF= zp%VC~J`K7G@E3g=Y?qjy{1SE6CL3VY&RXOPc$>Eau|VQMYn7m@-h(VDn3#0$Fwr0S z^i@WR9f>a({UYce`t-13Ax{)DL{sf!r4nchlH>awY$stpd_aKi2j-TnF`lXzY7!ji zo-dJl7v1bk%LCs`!)+%Sf_yI=)H2+UL@&M~R7fa(K4R`D`c zdf}1~nTAi6dn)NiRg6poHqTOBnB@Za$xlbufz+evK)n8h-~@i#W{Cg^@Fv9mnQND4 z3_J6<^NRHzM_&V56TpQUi8_=F`})!qxl!4Si!z;83?f2mn02S8sXX{PqB>{%|(@eSahJ`d^PSY`t*c75BcuTmTXVWbil1wmhfEp>K zMtH*O&()%5AAIG7KW+6@c2@;l(OiL%P3v3UE&*iyiKm4+Z4O_iTb4Kh0QxkV&=9TL zak0bmBPnSDV8We26R1EHcX|wUh;;i_!!}Kz0kS;}5W{%Jo^1*2PXzULq7fsX0&wP@ zC3^WOQ21Ob)DXI)Qe~ZoZ`o%Fpm}V}D-#0*?WaH|?#nP@RB3=vdD1>=Ofu zLp8Et*n()^=$*jUDNE%YIj4~l`RXHlzIN=;keeS02l1uf3#0m@Vaw%D>TllBV8W8s zV^ZT98$(@n;sKCf7CoRO*JIA!;KE>dIR9ndNDuf`S@HZnW)SIhY66%h}u_6 zZ(s6pzcQ)Ul$XyZfJ1Enr*UV`@2eo`JnAgvsb(14#>r9fH5-!^lT^^q$PRu(P-rw+1?j9r_Z=dkB3qihtTcMZiNm; z4&YMID|yh^_B9}xq}|Vl3Ca`4SJH&BN2(v4COjPb@{}>i!gvO8QaP7LD44Q-MVKAI zwSq;3VKt+#V>*R%=Hl1J+nH_?QB+lbSKBvw9e~rFM@mhC*sol(%>t|Xpi4a5Nn_NY zqCjO*1MRom!?s+do;+nYhDHTXrO8q!JW5Yr40vki7iNQM5zIGz&7G6!_+N{^B*q?| zFU*B?*j99F@!joP;X4AsP%<{(2R*dQkvlHg8`_Gb@kVyiNA7Nby53xtk=6w>j2Yyv3)wz)7hO;J*U#max)PV*I+$I|FtTra{}8t;ZhVoz((_yNU6&< zzByGhF(q4@sT2O)lP7APP5gkcb*n75#0nN#D!zjQY@Ae`NlHrhZeAPmbbr>`qFrWB z|Drn}ocg@W`njdi4*wry0pAA1`!xiS!8>a)w<#g4ZD}{}YVGBQ{pjM{*bGH-R<=pk zGel%Cnr9A_Zn}ZQfy?wi^9P(%(2X9gimO)5b@;S|crGF5UXisdYr^0V15>I^qGMTR zeglYgE`BzQgw-&U76GX9qdIa|8p1f-7Bb{3;xyyrO_xDC-nAu7(LWrxAlX?;d1OnX zkK^tg5C<}}d$XI^IkKS;1iD0<1Bb|g5fV@riQ~!hyaUh?0e^h2-U*e}TJpC*!k%-r zWW8!SM^;45tfUp7gYpDq#>bvoPfm4s~;&<(Z)sNb_TWp5>Zz|C^T1m4P zA``9W4&uD;WZP@ceLUgb>E}Q`c-Zz1bB78O&A_C%$WJ3{aKO> zVI1U`knp9%<&5yxI9gjmP>MJwV?Re#C-rYDGqLweehr;7p=@C@ISUgikKp052$|rD zj55Z|23O%}^Z1LYEASWkx8YA;W8p8=82lkx6>%LU9lXGf5n}UJ9AATFy@Hld|ISd5Yfa z8?8HvsGVYs8$s}CXdK5(3tLmqR7p(%a}(4gNkG{L@A3}7>g4rCQ2K?RkjD)R&b8JM zs6>~{#sw?l@|_Bfpu=X=4@%mr8YsQr<>LprBHbAKt?H}!c99BO=137>M&3K;#aj&I z!-*HvX<}~8ttGalnTy13;5nK0*uKC3fvFzQc?jpv3^5ZSa6k-b?p33NIrbO^pc#b9 z51&u9Xq)H>TjI5+C6gjOFvIK=eQhT_Z6)zDFqGq~>~3&Nl-wLCk7y1@HNf7J?hy(& zZqlONo=eueJvw>2)LVY;|-rNZ^?Yn+d_Lakf)t?QIqe& zz01#+Gs(0V9Ea>os=OEQn;$r5)u#7ll@wO(fh)jc=m4fwnb|qYJ_)c&b3Y(|VIEVQ z!zjNNx(XeI=F&jezCiqEGVXpNYMr+5q1-Z9T27~5pL}$%j$Y>`GCJ8Qddg|}9t4i4f8ekO)#&jDAB`1hC9P(~JrHJv znf4AVu_5K5#aJ`xke0>g-vXJ>!7Gqq7yTzb`U=Wp#i6Yb?dB!i;ggRh5YW5?E90O< z0(}@Bz20G;JjG0a1QpbzJUp&rC;;1qBE*t0V>m|GVsf?@o;$>FW~)OS1LW!%6b>#9^t_$3swDV}D!I1g5P? zu5ysvc|W(K(lo^8e++67q4UHEPBcP3)g@^JkR-AAwU*#S+L=6bRT1d!=Lh;HDjF** zBDM?-q6+-yRUPjACl$Svg25&KP?}9E?FaJ<^=D4Nu7e%IH^lX>WHtY_1Ph^i3!$rM zsCt!q*B6PXx+VAaw9E-K9W7Gwgh1@ zmo11fr_0lbu$HCP2N3#^gotu=e3)2`_M}szS2Pi=MC%7vN$L;h&za5)(<9Vyfb*Ig ztS(?m7G6&NlTG|Z$R(Lc;$?MPqn+ISG*=+dS<+e?j5XQtcsFRM!V2ve!SZCLkasI~ zT#1Y?FiX2ox-o%MM?#|SmNI1ZKtI^S7i3;cNV)(_AQgY5goMq3S%Q+K7}*E&I#r6i z>VdW&PJSI=)Z;#adLZJ2p!d&ZL z)0xvxpWs86MaO##vhUSjau$3ZQ~QS%?YQfcE~`mx2W@v!PQf=vW!Oj(Ik5^W=U_iC z)qA!y ztNhD+=FJWQuBH2>P(s$>YO;SXw$$eIe8*3eG&NEgSb=ENk1lanj0xjB81E7VQI#?m z{R`WESuvdzyl!y-tQP(}159Frja0sJpQogg9?f?}J+upuPM+0*xS1E2uLtY&{U;yg z^t;IOtA;;(-iyU`jCeFR*fTS1!{Rer|vq5JA zc5G&Y#hh-#HJ9psnCC|RbZ1^PNfctq0z6<`H6M;P_Wq8^>_Mr}u61sj!}*ZYY!=n# z1P6AWFpaWaTdw(99M8FhzQq8=)BsV2yA zS6zFBV2Qp5_TEca9nikCgM?}4zgW?7nWQrY)+0zX9-C5be21_Yj5<>aPl!qd0H0R$ zt)ekRv+ExG%*#FQA6E3<@_xAcrxh)+M{&=OK<5bL5*+>N;Fh=ZhZX(uFIMz9;2&1B z=pR<}Le|Tt70oq;_LA{3hkmGlHul4KX{KGBul)i$u2F~;YsRLu_09t)X*e{{xkf#x z_eO%%gm_W5S-&G4kD~ta*X#3wQp}e7DOi3rov@9~+q;LwlluM41J23_wg>9VOGF#0 z$=w7rye;&}c{qx`&ya716WA|HI^7}oP(d0xCp8eAHD5B-Hzw$hakn9oOYTCZwLN^` zOSN!V*i5#kR?vDI#|j|VIKz9xat7(Es_QAOYjGB=WPt8Fu$}Fg)`i-HUG=?{hseQA zETtV}%D%dm)+v-G)qA1QLn6bkVJ2gukE3gTIyKO@@gbhu*oEbMnm1ryIxtPp50m)% z2!$pn2_;>?=!zY0-#)46FHGYG=9BB-Uq=XL-C%w6^S{E(Fzm8gd;z(98N2{gAIv6* z_hFfa0%F;E2X+rvgz)aK1UHC6%K%5rQy>;OED4=?0_i_m=l_1~yqNXYfWJ8paG9aY zyF9doJBegxOkzF{{LtypObT}ofB&$a!3F+)L?XH3xNIwQg|Ufk8bU!a^$h38gY|GU zsrc2xWy1>T0t0g`>A1;Pmin@5#&2byLIQ$K^plH5r+9eBqsLF>|COPkh~tYjYUpc% zaiuJe?B@KcsM&d<7?X?S3R0)X0I;5=N_GK$Mj7@E6-BM;=v-FhF6NEl1T=A;eK}!G z9_E0q+YlRh?`hm`oZv9`E0KrOd+^V&!>KI=xNKmr@CcMut%NZ`+PIyrEZ(6)>UQ(Q zy1EVUF`_G#QHDv!z_RmI$AKtDa-r}|7y*uMUkq%7@Q}>+#Hg4y&mp?l?9Ia-{jB+0 zgx+1(M$GNV_LSC-O5>yuXQTlD4i_;y?FE{k9amP`VPtKQZ;liJHrg!$P%dT3I(A@~ zvnM7*z-{v9QOoB*vhjV{U@AJ^maJN5DEv$Ixt%~*7+0+{^69Zz_C)7zkB36)_Fpmu zk?}O`fa#8?O)LkG5z>b=L-LjP>ES1awRY)9C~{GI)QFn6qZ!=N_M z6}3@>MsuO%t_hq^7J1Vd&uu8XnE(-C#=wzOuA7(zkw zNBJ4JtW`vPj--9`{nrf}08G3f3c4&ts0g249Ofx;Z*)}NVkO1YkSllncPq>)_V1*n zK>#?@TYV_jMU4`=Ki1C7Lr$~n%6YUfdXyBQ>2nY@;scbe*Z1_+ChTpPARxd?Nl7w{ z-08*#mhic}LmXE9mT=0qPek;;x6Jh?8~pIv$$F_JeLZjk@9A9bfr5P~sd?GBM}eAx zs7C^|lWbvIt&J;NlPxd=@wKH>v-3SSL0keyi}h*4k%VXLKX$%#{CUW&A~n3;h9riL zH}1#*OT>@y!*V*RCDW>lo!iaH`L5KdJN|h}{CkALz%3-n+Qy-ji`5wU`Ta0|;qqqR zFT2M|g6(Xb9387`o9;gDZ*xym zOS^AZ2M1RxcgJO)=`F~mC#SSCKYi$|o+{k_tCg;S)49524*|eL+sG@Hf(R%8A@1B` zoMEQ}Yn-b-R1d^@$8teF3iR)G8MeOQK4xQtN-Ge7v62L)7x&8LqN`fk)uD(m*FOIe zx&8O!AO8~(^uO{)|5DsvhEM;-jpq9w9}xL#alaAi--vYe|2>E_9qG9l_ve6e@#k6} zfq$yL{CiP)%zBmYYw&|udta-VZBteFz>COtu!R$*m-cvy%hE&1F?H#}1jx$Skl_1n z%r21GTJE7Zfhtr^hSM@i{qkfYzC0G9Wpc_?xO5gOXLQWXyJEzQ$?6bo3;Ht2?|SG( zk~Qp&-;*OZh)c;wE+9u~El45`T9jK*#!;qnVdfPu?2(6hO_MdAiS6m7%#S#OS|mVm zL&ieOkj&@^r5u%#7^M)SICs*dJ$QYw@!d}JakT>5#zGal>Ji4{&tW+c)fXYp5jRb- z=OZGCc;(%z@wTBYcbpojn_Oguf}2o`=*>N6sKb$Kap5-8WQ(84?JM?Oklk)5&)!BB za+*WcG9TqBBP~df4KhpZf@eR@%9|f=PTIXVs?G{TBGaBzW^jya4#{$O>r1D$3L14U z;oWA^DreAalndTSqz^V5sy$50zZjVPG+^wzv2?g@j$10?@pM0NDyvFn;YzZKhI{Yx zsN}wQ-4jO@n;JEXdZ$f`LfbMHF5MZXlR37`t$*wZzu8G*!iAD$TsVIs^-0nkTFWly zk4dn4;;H%T<_7Mz?=Z7kN4{6`tis^bf!is!Nnih<7rHMj zEiN`xy;Qax!EywyK$_xXAc@07bgkRSk+WJHKO~C)r+dUWrK!Ivc%{f@+_WC$#HEkw z)l1)9-CNk@7vLMj4rIGKwq#iCq=jd{ffDS0cTX2BJa8IoF71ueHkO8(Bnu{eyeMuinV;qxT@G-+fk~fsDOp8$- zQ`s6kXqjD99Mw{C36iE;LD#-$g12$jSlTLNtvJ2~E%5|Jd?kX^RMnbZ)_OgZ1xYPA zLOgi;JK_CrRp@`PaP~hM)%=^z>^Bkpn~45Dl!*T4Zus9`^lvZvzvo4B|5Hyvzwzkb zc=T^P`hO`N{m*p(za{BE2SR8_ZOCOlXC+R30&SfCRFn2^SZPf9KWX^E#C}9ZtRVvM z!B`S;g5=H9)3>UIXJja*1!odz%WO{<*y5*ebnmM2?neWr1w|>WHk-p~6L-j5WBOny z*bpVt72n#)%}>#Ec3~AsoVS5VWUzA21;jF{5)%f=?ZA={yWet+Tf>Yf25HE}<$*nL}i7`{YsJ8xZV4#aAPO z`zbvwTQ-%4HT$S*@8-!16GedQWHrY1YR)MD22hHnmk_%<=8cFOkYdu;Zr4fr+;^XA zMxLRNlfv!7AMyS6RjyqcYLo@#C>w&em=)y3C?XP#ia%B9FnZzUZBK%!tzIB@Ldb56 z-KPd^-GZ5%NO?JgL=9bJ|F|H>ue0d#66(#SL~UujuI2MGy5IJb6HX$spT9D!EeBwp z{g`ju0y*9mrVu_h04_$Pn%=tR#_tR{M-vZUWL=wEh|^Jt5su+uGt{&Z!y7^@+jW^ zZsp?ND$)O3*ZZ4{{!K>zCZm6o(Z9*)-(>V}GWwq&qyNcn_qQMYU;5GifNA+Jg0}zH zVbWN_B@zdp?<&Io^t;O6$kJLif0m^`Y>}OEGrr2;^$QlX`=Y@M`hxvJb{mm8q^=1# zGt6jxcd5iCby!P8-o$#ze6gEsIWu>1hRP^D)SVU}r>KXAHFmO~nzFHlD>6B~yP65_ z{dcl7#4u#01;^jW(%|`z?dH&dL@G`dL>3jrFsFOye%wTUX888d;yzh0A&S?jIPvnj zN?aT6k{p^pCDb*)m@)t_olQGHfhGxbs&ZiWl437a;*HmFTfM~nt1Mmf7g-wpud;Lz z8Ny#==_{(+Ntzk~>liO|9o!w4vhuNgVBpM7dC(@2k>Is7DzzGajY-YGi%6hFNWCiZ zm9{3u%5F_$wo`B+wOefXxKCYLPu4j<9c=6AQPTKq)U?{&344l0ZY>goo{~X z(x~?1pStvyeyxAerG5C! zbCu6}OUAqm=b=)58?`VxxkLd=(wvltoH$HXv#>#z_SWYbt7aL!TY8#ePLv2H1Y$9x zJxR=5)^nAr{HHg6|3T?(?qy6O$nt53C^T8(b`JU~faLiOe18vo7{vV{*TA@l6Sd=j zrspdL`|uc0nmzAENu&-#U~4Q#Nz4cDS$6uGeJdkuFYaN|Aa3VYp*8d8Ale`jb}*g| zvIqa42mFTwXwt_B;zDfJuil7t?WLhwDZxj5nqolgd2EFJBt#5FJT|`umeLkI<#+{bd7;LxILvcnRi($2!HK3rf@GZw&?0!Z4^!TuPZ;heKbhzXm&%G7$`4x4g zGA@;f_>N9{?h@l*zdU3$_WE~kP=BjS{{vR|zi4oNQ`7%@QPclahx|7d$ls9yf9pwK)l-%G*d_?`+BrT1|#n&zTy=Y z`Pog3Fh!6QO6T^YjvVd%8-*#=-4g&KS>s7h#uqBJ)1Hb%zHR^@cz&yD&4+gWnHbIK zaU+R=yFprCLvHY?FIh_cCP~%YE7$XV7L$beVK{FRkDM27OB$)g+2 zG?K26RCM`j`9FhxT@^D~fB^rjd`Yl z7sF=EDHHp43|>c>2JrKH!St*)m@d~g3uyy5!7Hr7QJLi068s*GjljXT&b|92hlYAP zrkIjRN@V{B@h>})Zp@%od|kxh{rS4sM0L?GfGCPH$ca+E-8|>uM=`N*NwyJY{hsb2 z5+7z@eHo`At+R8iZRvKtrLW5Y#RsEOF1<$K!g1wt8)A@i75J_ zbI(0gAgLg9GcJz$=DK?%QhNT;9!p~{Wj>qr=~Pql1cFmMj&})2ET+nKYN5$W*o&=% zUXxL}21blF&{qYPRfIid1d^6Pw*tYjEO`_@B*!Lg3CDSEkW5l?;1x!d85Rn%lXD$h z7d36YW;d-Q#9KSsEe}{4JGa;tjOF;P{Dt9eChPDR-hnIBJY7qtty9FQD+_emA-T<1 z)>03aDKprS9-{YkU1}w*b6t(KyhKU9-cMy}*4HBh3MR9dnSd2Z=eVjE_#++-6wG5c z?JO)E%+H|f8a9eEdi=!^rXBM4%<+P$Uns9^ zqg^G78abrmSpwT`Qs-M_oS8Nx$+Ykv?v$%Q5#M_Z29aC4(OT~EU~S2!$>+K|pCzb= z4)_;n9bI|nsBXSo^HDMx%@gIBxQEvKCWRL#2z zWk>p=_RykN!;|?Liw=*CRql$3^l6d@X4iD7yQ=i)hHxkm)Fs?qc`cDD1@MT1HF+!* z>^A2{jyK$YJF)w3^;^mRcK`jG!u?I*{-$vMe@WqDm^;+yd_F6{eNwoh|Lun2{}UIN z+AZ+nGl3R9kx2DViH!pW`EFu?B#Umx3KvT@G`PyII=k}#e#5=_p$PtTGILx8m=P4$ zk|_>;;o<>P6zu>au@KB4P=a9`mmxM>!Z)IJ*pwCutM8V0W5wb>vZi}(}WE+q8@;`^yjy)iR9*v5zq|S zd`BTe2Az&jX4J#9Fpz~k;_0lAO||zjQ;>+kFd9676R{`-#1^zIl@?EMCIh6s4QHMR zu&Y`y0B%2np_#7j?nW^qT?*nqpUs{okh46t_KbCtcrW8=p+9t9ereP_XR;pM?;~sT zIF~puZSaib7A$&RIHa75$Edt{W-|FA?T0^^6QRn9> z<@na!W?ffott{x*g31{RN^&dKpncGn`EWhqTeT#{e){O_Yf7kZup0M{K1Wj^s#T6; zc+gy)|M2cl!y*&9g*U5jboeM-gB(WJ@dZ`QwApvkPa+%3Q=Up?b&?~r#MujW)uhSf zhszW+s+&&gY$X=Y3u?QIf7Xr9Dk|FR$KsN1Wfzi!!W|ZO=D(f9#e}J8`)`!_HI^FwMX*t z2a->X0tLC3J;er|N=8n~cVc?t5TBja0*J-ZqV0(y+@wSIV<>*1UCUbrG}0!2SL~_F z(w5uB08rev8#YP1`Bq0<{gxlxx1lFKsGDh-z(g||V#u-Rl^iJdq=B5`&&s-@eM?VN z#hm`W!~3>E8&BLxs-6LTi{z)pGJdt8#HqbAm>i@T>%Bq|;ip7pmAJCEP}7p}`geQPp;Z_sB&2Ey~s-ksi{w%bKYb6PD?A>w_K(4qYZr zuOD?cutQ7xeF~EW>;3L3ZzwwRh!=_HY22jOWRLiTXE@u~w`yUGk72S<(-=4@oNjwh z7UoC#rR*DOv?ockW-XO*%U3FCp?<^kA|$^%H?I|o}ZW6G)5#Sg!dA|x+p!Y zIU86Ukf0hM@&ac&M6k60JaoDaJvK>wbU%5%%`Q)oE@R3g^?JP8unS}_UDyb@BZX?9 z$RLY%;Y`+1v9t4Zc64AYAQH(1@6<~hlNFo0V`X$naa6v)&8~}ls3o1}iljvNk zX4e0yCWb1U5rrzw7P4yRqi7CbSq3XqfrNlpx}cjD7+%%GPtUuza`W|I0X%>6h6^qD zX-~8Z_-8P*Z+!pv7XTT#kr`44lAfZ+p7(F2jPz-N8e|c}da^CKZn8d;zD~O7P zB0{l1Iv~_0JY7<06GWhe!?wNC<3=!jNr@RiNa-EfYFO$P)RjS&nWV{42Ubu<3Hj z32$}%XzUkb_p(Qh!!JB=b%2 zy6s0WY0e5o7m|}Tem$C0&?8RFU;WNwmrBIa2oybq9Bn4MP_K*x&_Hz)j=q!O*`Nk~ zA`uq{_;gi(LQ!#LFaRBrB67~0>`8y%_JjY%6l454VNkfF`xH78D3Q#u3x`Mi7p|xz z6fs}17_pN=dl0XiF-hPtGRVM`0`pg)#Ale?4@!^cTMDsE9&SCGY|daJ3-^M|bet<- zUgP@lAu?0kj`en~`v0!V+^=y8ETrzL2YFLNgJ57r9oL5r~D^qeRt|02ct z>0eR3r>CKZeUTbrmcwyxEHpx<>f8E)XG~XpJgcy^B-BZeF;xs^E23m3@(UY_Z_RxO z)eTKMT%3a8c!8r)OQMv24jmj?1XR*(G6rN64Y)+8VbKpKsA9Q6#P5X4`$1 zE@my`V$go*z{Vzk;~T^gPEx5W*@JAWsjPcsztn&ci%8stT43)#PV;v2PVH430Ez{eFHT3I#|ti3B#h_YX&k| zdyUPdpfiP|-7bKWyD;FRJDflc5|XY=8HYXU$u*ye`FwWd6HpM>ZBebbebwFx7)zQF ziIKC-)cx4y<3U^x*U0KgB>-IZojPBo&EM#8F;vPEFj=F;_Mquk!Y!5>acO^&Cn5pc z8Gpjr0(RB~l}Iv&3`AP`cu-adfw0tJyG~6sU5PAm2p%}1cfT?=9erx#GGOWM6gZ*t z)+`I^tM61U8cKM4Qw^;ML9bDDbkaWa8!07)ZyI#nEyB>(*BN>kVzY4i#n}1p-@Sga z!58{x?sbMzob>6YUCVNmoAnoR-qp9yH0=s_;nBnpDyko4sSQn4anzODg9Pv`kYwM6_-FkK_3VFyj_Vg%# zZ9tK-hZZe4wN%QTTm0T>PA7)`2vPscUDAMrpM!_d<_I8?b z2-kp~l`Uv2*m6k>RDaCfYT`g7}tr-joI;;@D_E?SG4bN zD)^YOO2`VRa$6V+EPkr&Qr{kyk$tX7LEH_gLas}ecA7Q@SYoPi&N0%6Tz}2NzU~# z@{=Uhs}ZOJlZefsd@5au0|80MB8a>TkoLs`J>jDfDaPhCyYKSh1w+duO61CC=5bhI zYaJ*CixKLgbKTcWcaEHO-)S2QOf4T;%b_~Zi!yK8V^;;#8ssgA^k_w!hn6vlM|&{cqa7hG>74b7?6NMgz5Wn`c9CLQ9bBHjD%sDSMdvHD zm)#edWK+9}3+Utm>MDn=C8==mVaQtafe&)!_Ng!EZi$oZz zZP{C>swBs*xjKp-3q@gDqOzQZc;bxxVuHEU6sjn+%7H(PNtDpf(j$}|m@loE>5#zP zFQ_AKXl)Hz)NdZ9txIxD)ncX2ZZnlAENjWzEKmbZjK$oN(bFIc(y+==l>7DAh8(1c zg#3^{0agHi&E@A*+C09^sIR>FM5$gKtr#J$6=^gkw5*iI!&s^}22<**m{+jb4A2cv zpRp>Zb3Z@#<$Aut*01f>siudy(7Wdv3KpVk{K|^&qR-)n?cLk4IkfZ1iyseF1mpZh zBTY7DrC{XCr6E=aA}4I$BZ~P> zaBU3fcwb%%MLO%@d3ZkQR9!Zb7ooi=(>nTVqT8Y$SGbp4Fn8~YZ0 zchh>)FRJUHbw}DBrvC?N!A@;{gTwU8Td zpq?^jfpj{)#&dzn0q77R>D2B5e4B~p876R&ve(Z!u^vYt-2W<6%+&$?r1(x9=`eJs zPVe45siUT2lqTP<#!Rl1!FBll;7T+XYJIG`!ds7pxCl{!SW54ot98k5dHEp z5#s3!2yc`pmOnD5%G8x5Pmu%2V=!AMrar(nZpZT++*2ZMe4S|PQP?kie#3J+RwCBfBAZjnp4=DbjoOOj!LF=JxQRc zInmt@g)!o4*>FPLnqH7C#S0j{m7Js5_3)~|60uTw-|-S4S4*E)v!vDaMv0O!~01=E_KEMYjqE`qH_2C zDafbOqo1Uijr!o25-WjH;Duz)JSdLqL+3eLX*Xp!h;pb;D{JaT3%M4gDtUb&z0)C% z8Ycv`%cl8)@yg8)3d#?;{zym?^w@7ew>W;*%bNDCjH+SE@6ZtG{iM zfHv#`V%%rV;UQfBVj1^3i+#K7f<>u^x3^rGw%r2)=z7!GR?2E5v{}&t(UI#Szfap} zQE$r$*l4xYOX)5PJADv;8yIcM~ zkjbKmU(`1zb;-(K$x&uWh5ouo)*v?n&Q6m$Rqj-#q)dHj7zGW7*}_tTt|Rl#lE^cB zbsr)g(j-h>I_#9U;dc>)Rdo`uqQ*JD+gQB)bfv+?z<)NcR$qY%P<+9_-gOyX6ghmw zQj;s)kmbDZ2)(ih4dD57y^_^FIw!L4`g1oI)C<*~kuD2LNP!`Si3S}C`3XYSL|npUFkf+y4E5;+zEOeN?+Mm8FVQL@`FX* ztUy2v39mg;-@-YQW7w_x*k}D<_wzYUH*fJ_o=Z~_N1?Cv1iA?VTjC*R@0wXYd3h@b z^z?)P<1TJnp*1b#dB|&AnhR4w67dQTekkr6P8K$YfX$51o&9(9QZuX7w^tfpeAZjT z>!|DNu}&jwbPJpjUw$d!&1oKJduF}3`Vkd$>~1}9ThyD6hn5oRfXp1j!XGiL*=x;B zX;eQ%c=qIa(xV*Hv;9CqaMc7&88aS35HEB*@uE0Vr*aUNtFlwQ3#I&G|9)W5zg7cm z|8C^9uWpaBK2*kF_0e#S`Pm);;g)WNC|Suph|DAMsSlp^`LbCM)6};Zo^xwh0yu&^ zmlk~YK`D+Q`7zFFMw+WMImRwZF)b5w9`6*m<#E(bNTo5#{fx09s+!tWdhjhZhaPg& zq}lZ{b=jAx&V`9IJWO}Z2Epf8qt)2i&xiNMt=e&=2I%A7p*!46Mg6uSLwW)JBZ;x6 z5j68|fOmzgtkk!qti9CwMRt43*jg#<>0!L`B*Mo6T{%c%RV4Qd;cJDOa@6~}dgj7G z66Dd)2eq*VGGTS*&5C?$`!U0NC%X!xYN2w$kNRiiZ;~fim`r zityCwz7F!Ehq3NPgs=Cj4k>h*|3?&8InAZl=-{J-s8hCG zV`UVwZ#jmp;q|l?-X*%IjKsZ0`S#eAxLyG!aLx<*e4J%vWNVcb=>7P>7!Cc6_i1a& zl7^}*syu?_^(AgD$Y{Y%xe4~8)6iK@?Jm6Q%)}ctNl6q(1oPc%&F_G&oQg&U{&ttregY^ArTlnBVZCg(Fd5H09lvj^< z%s+nvLr;Y{{IR(ornkc9eNUnR^Nsi2hSOyH-t)p~zjW!@?li?fgHRXyRbvcy4dc1< zacP8rvipoD`upWW=*PntF(-4^TCNZ06bU`^e$qE* zMG1(IS^;=wEWhIn^85_r81RrYj#RwdXaXRfM|Zquo|6#ZQ@{oG90E!n6RL-?`#(q< zHrYL=kP~hQo{t(CkgqqF<98m^*3j8#n%CjUk1MyIGdTsN?T?4JSUZ?xH_1!P%JoU$ zOj?{Rxh*8Q63OMM`<~*;n{tcy9&C{Au~ICA>Fk`M!gPS4hu285*%q@Uz%kA{J&tHL z1LDu21R&k2zHM^e^%k17Pj|{8OvtZ-DALfBXWm^DV5%TI%R6*2HB6Mx(sXBV7fk~@2)3h_xOV@#Q|_oI^X{1%oG zJ7w%>t%aGbKK&J#(lLfREI{nTzJ%S$OJAmk^(80i0(P04)G;9(-IH1=g3c+h53oWV z7D*JN1f6lhTxTsGfQvWN6XlpJwBtIBvzoL9M%SC**{M3sIMQ^H62Jz_FdNF>;O#q z)9bW^HDfuR3+8OLgV)&->>M3EzysCSg~tokBw<2HVzdkMh1iNRPQ|%oZ(QO%Sh>7l z)r|-_x{2Smj=4Ru)?Bl0E)C_^VlHaM^QG5V6hP9?JE#sj>qZ1M3`v#-%~nrh;6=Tj z#TvcOPYR1qTGU3+%wjHsN}<*wCMvocL1{pO>&Rl=2R#EKG&9WMbCwg`N>#Jg3#vik zU>3?YJ=&Q0oYneg1sk0Way!cn!JFoamNS_Rs6(@VgiWV$Q|%rwO32ijgEuJ@Ef;DV zP<@{)Z(rf_;x=CPprbdLW#wv}U^|qGmrElpXwMd_GN3H(Fx+1#jH~^Yp0rZQ@SLgz8rP&uuw`gqeSX? zOy208-y?{^%Qo)%Go9pVrqileO{aU-c7ehb2K0*3MX`DiRNLNhBULVVvzJj>HQp>| z?qlg6p+t*J&<6CSj5Of?g?IW(uKA>dSLAGGC#e8oa$A zzSNp?ZhHjOom)km6`dL%v10CONC+WgmOYqqqrN#UH?K*2)VVq2lBE_%0(#T8@BMd6Tmuus6(e3V*TS~2E??f^WEVhL8y%r z;q}36z&XX`n+o<$EJ`~E0UmxLMx0%Ip=qFRKTdvbGdbr+%lycbdA?z)cH9mW04cqg$Zn)1BwTze z0)-LQ<=Cce=u(h3%Gkxx_2{YJn@o&d=47!Thcq4PPA^PKQRrv76QCpX?INxzOb2$K z*CUtliV>7Cd`X?$r{tk%GzHv!Hx}FiyL2tz_HNhbtr9%@+z%{S&@2-y4&<#Xq9?<5 z*$q17U39N5u62?WG#=6n$FJ~RCwfs>*aeKZL|?|xe1~_-O_~k;c)ot;w>F;1CcjBJ zB)AQI@G-jB)al^S`$0W)6aq-%u#OEaJ9-J_v;$u)^N1O}LR^yo`2SG$j?uY&NxOG! z+dH;x+qP}nwv!#(cCusJw(ab2$9dCFpFVxM`yD<0&xiZ#8uwV&nsZkDW>sBR7K5(< z5COwR@_oUg57-urZvdh213-8^IP~^D$I(b4xAsedxSLGOqXBrAJp*act3Nk>Q9oY0 zR@emC*?Ioh9S0H)gY#LL&JlNYzfIz%lyMTFy5mC?T0%tN;avgujt{?yc1a^Z1gjc%hd%PTPP*F%yp2Bhl!Jp z{c2vAs12L`A!f<8wOvs&jPz17R|eia>hCpg-KBT2(Yhv=dfC~OsY?E1mejEbFbRsX zKWgOu*)?rwgo7Q7!kgqS?DhJZ;EBQ65~wJtIWQtr4ym*P`0`EFWVx?fE5m zmuu}2f6(bpf|y#ah!Hy^FAxsJlGlO*oCm4!IJ=CZN>*;J)@@gn(7A{f@z2!Jy)QlJ zP&7|D4@2-*mtmlz(A20ST7(wO@gjHwa?q443R-bW#nx`JLKyw+n={DHau5a1Bq4$- zhP&5ul<7DzECff#m{8g1hyVn9u<}_65mUwwNZ9~w3eFE1#Yl#nN@loRt}|HrjCO#E zSta01oikS*0^v2>ku3Ji_K-Hf7j`hqP2a4oQ%x&3qYYO^pg+^iX_2=iQDO@nrgjJ7 z7o2AE2M+*_HaeD_8Vdwbm`1zI<2b&Zn zC-qnd1U@!p8lK+9BlpqQfPKW~Bs`Yf7Q8_;464`b;Urz#s}^~{rOa_KT*+i5zQF>x z)daOtVL2#O6g8zZMG2wSl^4dag~1>5_(FW2&x%XbG4?8@Mw%=y*|@GQHRU>#QV2H~Z2X>HFw@hE8-+Y(JMJ=D>Xt2E}m) z1=ZHD$J*F>{d|Lp$p}loaHc+2m}H8{$p;`}j)Swc^G^5)0zE}isBYos_qm9knAX@| z70bzPMWh`sp=iQQDM}2-O}UF(98hSbaO1O=w6Yf?R5yS3)Th~_G%*6DlQo&dC@>}I zC+&e@LjGtYH64oFc+3kRmqEd!UP6rLjzk&yX5V8>iaPqBO;E2yl4}+P{8sLv#O<%? z7+v}80&orpZdsb^YVt}>(3%5fAq3u zII8XbBkQzzIP8-5RN+vS5vW@{FqMfDsh~E?oiG99QatmEU1E5$ z!*x9*9V;p8KTSZz<{jO@|D)R*87tufqQePrU z`E+cq9S@OZ^^aeNW^Az?`@N32NBd~cBkGjT97jyl3_IEU4gN>9>qtlkCgcrJTNDAI zT~a~JR+=+;p>~Hl@jw}5yt2lT0WGi9^FnoRNuqydvK9aXzM9}y z-zo*}(&YrN<*p$j_g_BSR`!kv^LzmhPrf#Hm{$ zVF&3EEmB_*z5{a?s6}*2_8S^@FXzQP4rmVQW9`Tq|Jy2IBF~UbMONb zR*qL^WrRT0C}l9x@=X{uDuzbn0h^8FfeB3Ih2(vPLLDX517sOO7_s66F=6AvroqKD zk^VH`4t^q!plE$?+1=*;@saR>_w|ybXdad23koL;K8en;WfD2uN|kORTHB?__#!DR zWk#3Bep}34g*?)MWNvh(oN4k#rvF6d@-D7LzOfXs97}&;j02^ePlQgEKBeUL2Y-_A z4Imsl#-Ny+vaxe=^5*j<6*#;5aiS0M6EGKl@%ITGIGjZf&imUAxayye=!N`A)Tzq= z8Q||f>1->(QT8P`ooE!yX205pKSC7n(-|LD2~6fdL$dQtHpIJ`tfW)*VWTW@pIAoo z@JM<$5?SCh6Kzp$Q{R~~mJnvjlvBhe_!Y4kRfV4TIY3&ln|VUge)W!eYzdS{+HPfU zX7)_OsAN0j-bzvOe!W-2qd2gsoeK30T0HjgeT46G@0~ohIXes~s1Z>5`%aN{xEcXH zIKb~J+;0s2vh-=9ChOG$9f900T=w!7`M#N8SW&V^v^aUboKr=MIv$FzKRELAGpfq+ zLOhQ15Jvs#Pfao{`B$`Zf?jP*F|0zR9`_aVJhOIQks@F$HCdOkt<5Ox?-ei?dst>_ zj|9octKUn0N!Ie6WnZi4Au^{vA0t^fkny6MHRGlMrfOmOr+EQ%?q#Nt1tV#Eo2By$ zsvXQb;*p({gc5Q(NwQYVp18|0Q^T_$+ndMVlZoNZfCu=;aojD--qI!&H_vm*@p1eE zBB1Z#R*XHN5DTs5+}S(}eaYq@l(+f$Xm>s|FQsv%2N`Z$+%E#GCMVQlpEL(=y-1&vpGN4iC2I2x? zw$Ga@*D&%hT=6Vw<*z9G3l{c>_Me=_w>9vJ9v7$ z+`qxs`Zf<67sC=K%0P4AOnbvj>!g@z{s`9J_&o_+x35&3D;JVes?HcSa(Ja_q63Au zV7{tCD!phYHX}Oo`-Y$cg^fJT*7-_x*HT-!i2+D@BvUm}__wkP-w_+b$2(1E%f7fc zDh&j^v-5ChG0 zr3tyQV%aeotkzwDDA^!7(z?TPyK@Xc-}#07;0;R|FaE5Gb*JUis{*dlKusc%#dM-p zTlK_ev{EL#KFS@p!8B8IkH@eN_tzA8B%_NqR3$YVmVl(*MyMN}9NFVtL;0pYn}R26 zGUFx;cBE-LAj7QOFnU8yxI=H8Y+?K;(&lc2kRty#?l~w2tfVA?mO+(>ij76>BE?hw zEOsJ}6;~80KOop7A4x^HO%N8>Doq?d1|68CAR-{4*dR!?Br_~w%qw#LK@StJ!#%Kh z7mR47#ps7>G#rgA5M*U9<;SEJXSup*#NzJLS?nq*{y$wJREls|6kLM)v3I#<81s5) zFJDUP@-LTICigk4%hW%Ya)n?uFe8ZyAHe9(c#Vpvmu{u8@fqI;({)}o$L+xdtI3@Q z;ZYf{VJun1D)wPI;ko(qI}WX322oy~O)uQ?esNQv1$1<9BAxdy!BJjWWlU{Y{WMIVLmGiZU?cLB z28K6uhQR`#oMEs(P!}F)88gqJ=_jg2=7l&w(0z9LZ)F~-O_LYIcqHElgqXiPZ_QY;bLZ^-(H1-{y7 z=xaj#_To>ScAOo^2kpmwD)7_(T9g^^QR{YRU4VyUr~~>>S6l36WVmEinX;da+HePF z2=s7$PH*VynM7Sr)ajl$9we|xse2i8PuuKHxL{XWXdSE|a_L#ogsR%PIS>UBSwMzd zk5@GZD95x{SWY`?(u&O8%38vU(4jESvtx{DmKIRlJ^D)dENudEvaH_sqo z&X8&6U;6AV85b#?*t6_80D~zb=PN1Nq90R4nBQU9852;(^+_j~)25i7-XPyk^z6~P z=`X~q@-Eta_bmF!e#iMT>GPdIJ{mqm;~Itlf1K~0(#8FlE4w9$DWAXSMdM^7>dqS& zIaLO-XX=e97JPU4LGSyu$WwL%q%I(ANm^Ai>>g_FK*fLKwY9w+%T9nB-~>I5yp%Lz z_w82E)8WnIonQ33Fp-AqrY~Vd43#`8dZ)l@%B)e<=)ruS9)e1Omfk^aqr>3&rsHlPOQNnZA=*77#ERn)5@PG6<{ih!W(SIwu`{$JJe>~vtgCEiA ze*x5k0st6c0RYhbwFl^#n^@bMI6D2UI(kceNA8dn!B=eGFHJM6N#Iw087jQ^AOAeH ze4t|cE;8ND2)C6m&xrT&S(Ntr5r~5F+rYi`Uwxgdl7b;U~!9ni0GJd zhC?NNcm&^)0)5IN59X5$k@nF!4zu)K#3k(#5K8dqpXU_uZkF$|h#0rbNFve83DQXE zp`_h+qENv2N6#R-0w*F^eRFhAiDbWqoX2wmqPr*<^3&M*WNvvzm~GoEfQ9SDOB}$7 z?Z)ch*qO!rT*2QuxY%GAv`Fa61Fie5xrc z6()&b2e-Gx%O!NY*-+9UIr0r(R=2=^!z#&P9OIS?B+=RY`Z*}sT20(24J4|RzM;l_ zgjKhnVMxlsEvZ0k9lZ>x29+w6?m3&?;?$<=X$|ck+p86@FD?4#*~u1oyAD&0Q?HjM z%JEWM%~Zo0|BQte%dCdgG~=bkxBFOich+jq#;g}iJV;E|EWSdhCd#xcjj z#na+7!HF5-Gqz6Ic~AMbpEVumQPrMui4t!|QM!rRYS7jzzVBO&f;vNmkd{(!&(d-z z#<{e$<2LmAx+By2>T}#g=X=Up^H;F%?sSU{J&2gl(Y<{Adx98@`M0&xlC8rqwUAlP zGz>X2=##Z8opx#UvUa)+%7D|zZ?UMLEma}*+;y{`29(WPP7KS)==~^RXh2d_0S?TA zp=JwJ^GwL(;5-gSq2flwF_^OHR{?;miImaI1UaqeM!lA;l}Di}OZ`NG7qe1UCkk=A z#$FfU)=rOP^^ytA0pcD4pVKv>d3BMyM^e%I*oYfRaIcQ!$R4>AbnljjeFsSb($W(wX?3Gz37)hOR_?t)_{JN{6>)%LU zF3J58)4r$Q9&DM*TacR#G=rz};{SqAE6@6DXmUo_^O;m6;_w7Xce>b-G|xYAfh(TY zy13!lw7RchU-@O?>`?0!qzTIb(VF2+;+>hk0$a@Fg4rTJSt<%mDi9?ST{=C@Wmc&CPPk z5N`$pFAxDB#QZp|URwLNDi4#)`kz|a#o6!X`kY=&@y#=O0Mj&VObg3KShtFI~&+*D) zI)?y+jUg+{TB;_puXtW+u2SP-dgR^$-IxeAI)oED zM@;5OYPhv`@wl#feuuA?3M%D108&`yn_5g*Lj|kxGN=&LyEnsMCs`zHYkh~cG737i zh(%%q4>~dod01p!c&rc0!dkXTm6SUw4>K{(nqne^>ypxXjc?;ZD=&ym9+9&`T|Y}<{m5%dsoOrcp$UpuwJ z2i`O0@`${dDd_AoeA#R3cA`v*IZm7>$d9^K25Lc!x4lbs7}t++Vow%i37!Jzs6?jbdT8Rjyj*IceYXzZJr3CTKOAfA9Jp-@pG_`v1@4!^GX$ z(SXL^H)syfVwieF6K|Q%f{ogE8Q{cs~mS0D$SQomw^~&W;vFPBc!gf3MsBsWc%wK#$O= zHqKW?7=M~CDxT#iq>Wes@YwCrqQ6v6F!3VwZbG%g#f*X z4OKw+Bnc(}mYN~Cdes2Q*^K`qnFZAPreRDoy}@7YPK$&hQy3~`RNWXEAP5yzer30l zu`}?UbCPok$2K{^QwiyCUiBwSfdF{@y7^X>Bf`Q{A2Bk{coB)NI5HU0%-aE6iGu_u zbK2@)f@?c+z+Cd_1UcM}zTufM#x)n9_~Ond@=N*A=Mc_Vu}LwD>sV zQ5)XH4`!boFC}+^{;h{=L1iU&_FGZK?^uN8uPJJ4;_PPUXk~9_ZDHi`_g)O;KHCj? zm@e>9K7?zy4FW+X5a44i_zu{iSs+kXV`EcPN~u8MUlg04Z^RpsxO7u3cSxCpJ6_&~ zn=MrGTnKJu*iiild>UWB2P{c)K`}QiD|R1U+T7(!DEB-)zpZJM+zx{pN`hNJOV%xn z0|nRHTSUd3TU9jcUxB@>Y51LCSQu1C)oIZIz^pi9(q#izSu{&aH(~M|q&S_YY_P_~ zx0H>v{HTEn%V*WfZ$PDSB4Gwhd(GpvPPJ;I>!WdghUUYJNP8qkXZv0faEpNH^@^1x z8_jok!A{ZFdN)-dj?6(ZEKy>GPW>%H0SsdT2&$OB!ScH)dDOo zOO55#3~`i?Qi2c_#u>bgD;%!7ekhIEdxOa%$aB8+z9olY=4#AgyaeZ~y^yM0rKut~ z&__FfLfY#|uGQ^U?RHOA2#q71WXJ%WREXH&iER1xt4~kAb>r~_bM6-E>6Z7;cBAFR z)a6~NqN(h#T%;N!j?bu~hORWan*Vc727rL4^TSHldwch0v~s%V>pS+pE_$c6)xNdw z&tnY<0D$_heIl}Q$|6d%&hF05YBqKotO%dFd0%_@#!VjYBG=Dv6Os#xFM=g~VEp$?HN|DCRnM*Uy_ywVp4Y++Cp)w?i)o*Vp)-=}-p+ zQuTtZJ$|o;#XY`WyxCoC?bec=B1Xlky5`*J&Joe~ofMA`V{4ewj3{UZvGLGk3LNUC zj6(Jlf|Hu~G+UC*!65h2cJu*_Osd@-&;qpho>UD$Hp$}k%Iln%dZ!>n%7!@!)O^le z%|D@7LoLmu=5MM=tJG14HNe{DoSKU4gMNlK6^rC2B4z7VKmS=S=@w{Yo#%M%N}NIeo>*47KZvaL(L!`7FL&VZe2K0I%E>^9^)*y+5MkxLD*rvH-d?2u zIbV>nosch@%CW9Kp{)^>GNpjAjHz50f_}CQd$O3w-cjBHMiu*w0b8Dbl5|C}ZL}m8 zi8&-v(mjhbZ7rkGDqRh}3z=4yXS%^s6~_kX911$*Xxut^ppK~Kq7dS6#MIoDc&Ne? z^FVoE@cRtH-VtxHxa<@2@Ia-Bq&@&Aw;PjxScOjLiuf@3xoJGX$z1yoIa>N=a8Sc) zBPFa*Q|?1QT5+{IQe8&xK#BXJjUlKimeQ^*|1;msC=})B5K+w9=Y>Uk4fDo1^t{LL z%RAE=0{Yt$@+zp(hx|pJn5w+2D#m`D-#Q*zFR}`?w&xV}NgqPgYGef6Z|3v;;N#)^ z{Pn|_JF}}JqZ=#xA;Uuu0rta5I^%c9fJ%WBMdkpWwtGa3wGjLPaKvE+}?YLb!Jr(P!%-6nLKeYZif0D{js1> z`j6K~ID@`300TT{4m9SL=!1#ut!IOsM;pkNZ20DJR7|Q?(5*xb#X#?0ZX4 zj0_`H*_UCJ=7%shtX2|lxHMVT=|KzO3qzsq;dq|g>&$AW(a|_4d>hT`%yehm7pT|U*2scwNcXnP3wy5?M~CZ)%5d3YG!o>yglu8&W4ZFZS>{mi7S8kx*F zZ0f^}T(j7+ zK-5+4FbO&mOW>9j`0Uxd`Tg$HW#^@>a;Npd3B^Eijfig%hFq4o7Cb=ge~a?;d1iXKQL< zW@BLgKOxD_L`2NhzmbTfCM1FI zxzs=1e=fCmQt`D`#cNbn5KvwZ`Mw9JS~`;{aP{-gglfIy&!OSB*tZ>GYPJ!b6z@UB z!h5*JZz{(-*P7o;EA@f_t9pR-mX!x~hv_M<%a#iu-xBd~bPjQ@4RTQk%I(|W$uWj_ zDf-SPtGU`Vu~N^o?EyOm)nKlg?XD)V_a1-%@LLV#ZzLH(9fmOfnX`ixQvp@#E4o}z ziomU)rBs@nNNbo~js&TU9or`_=>TG#9p&U_h>dbFbau+CmG8y1R?CFfKxEHW+u&iy z^e6Z%X(QAnyO?>JY54`|r_xQ+c^MijHEaWV;@G{ESVz6rs+x^$zsjgNkrv6-Q$YcY#8_Z}pY_!>%W4ixi|h$;h?J&Q3t__tNT3?3L}{;derUr)RKvApb!4gbC#6uJJk9=53-`LYPXFf7pqXAu+T@f^-h#cKp_7%YN+S6+A zByU9>IOk9l^as5;0qM&u%nRN2gk1JiixpXp%Qol(g|=r`p(*Nd{hdFmG*QVAp@98VPgD46i)R zH2H+}5dHxM7vughwsljPV%jZGe!kp-^r4^>GvVHIZP`0?RoQn_6SU{C!*D&zQABue z?z8QkKRmjFt`jli(h82f{M=17P%Lsi^73!p+0Z7nbwyC$+12+t`mgpr|IG9MA)J%5 zfwPIJi?x%<-xK~T?F+ljR>Utn{4ZdF!=Mj?qr+>gCM}%Vm;(@jtJOzN3;3|0z9mN+ zLeKOf?={jtJ#J+ycjaMfqCvY41og#xlXjs@1DJ}8(`RD+>{H+I>K*7Db7T~YfIu>d zL`o>)^ljv@vV6Y~Z5@6l;jwUVD=vB-!pH5%0$HwkdrqN=Oe69BSyC`W=P=MrF0TOj z5agT*v6e4-7)K$b=>`JWP-4lRTFfp-Y=yxdNd)9EvG>kq&6r^)Aww!N6SUu>G@;x| zS~bZ{EjefrG3se)2B0AO%z)fbWL+|Ze6pz+J@1TSUPd97zK90YTHbG>Sm?Z}!K@TT zOWaYCOQZz$^{{Pd0@qJn*fW)Ama=|a`ETa$ zCJIOQ8g0lu^o3oSrwlR3*zqREosfe@M>g^oIJ`8lo&qrm9C>@Xvo23!bCx>tP`j+4 z5|16=+R=>tL@s@{cCs@gpLtMD;hLU@?UJyEBjr~12FyQA5zci_@JAL;4BS&q4?O_< z4fMkkO?L@kKrNn@uC7(2Pl2Ws4-ToHMs|O<&Y90Q%I|qXYPTkWSt+U@gb04MzB2k0 ze!ZLd08*R9_G>-pv+p8!+TC266ZTk}PBhITj-_yhn`k+<3lLt9uU+An#hRe92)cM1 z0eZYj3L{HIto6m*2kU_$qEa}Kir3Ngu1fg=Ttyn-wvAj4V6ITRIy!@aql)}!)0-yg zqL{acn+U0R>8R(HhOmNaQGv;-@rWsub;B0aqJewo+H7)Uwcy%j#_(aafBsWSWdiWz zG>1vbd9Zq1LNW8~9a_G&)0RZ7saqe!;wDKhXc7V_-h?ZB%e+dSaQK2+@h-|Iu$pmCjg=IrW>2pS`dJWI*boA& zaG1mh6?k&D(!ScrbO_&J{qLELlWhq+)n=wN7ST9~A|F3WQ1YI-xgaqipB*_yr zV73ZPlZSX9=)^JNLWRpyoOm5rH+^6Jo}~*Kuus76&5iPJe(Gui43%syl(CK8BaULg zN%&FpYF3uO6cUfGc}MsYtx+%;H`Qpac%%l~iCp{gx{h#tfliM(%4g;x3x%l1zm9`2 zBPO-<9v7<Ag044Q0|1 zpnqsN!qU#@IQ+?jRK+ZqHqRYm)?0PT~E*NXdypI(1%gcIH|wFM~c3a*F=^U}&tDRp_<=3Qcj~F=;dklSXy&UVdri zY;2Gc4s(N}$AV}qWv7%2nz6rrI$h2cW85~f&6boZQ-Qb&SQuF23wYY%HroCGtGr27 z+rZH49p!kv9XX-HwI!^qR=`aeiDl>_qu6^7G@;s&k0~iEUO5$gy4@|#{pqxJ>}c0I zHqmjW%G1QUU9quzoY|S->=6?+!v{Xo&2IVlGC3)-1d8_YsK&g3|EJFJBgtsauIB?c zLMyR7ZB%OD_ay)lN8N)144jTN>!QoA2Zl~r^T@*vcTlm$0&4?P4t>?3b1c`#!6ikn z3K_TBiOWoD9l@~U&FN?>C_|813q9#mVO)WHr?nulAn(or8jrQ=2=1S{ zwJC^&ZM!2fV!OVVLE7w(Itke5s+dJZP#E_iaT*G z%pfS17Z1m+9#4AQvOVG= zvb~=^7aH1_eY8|O^2lhL_2dU_oLtQg-L$MPT+zsMjN`)( za0j$K^=<^d)D4p`F#(eSN@Q)e^t>$a&;@KmGQIQzbox@6<*;%}CZor%-|cly9W&GW zcZ{s>pHKTQa_#uAAR|RK3Veq$_J>=jZ%!)W#MWSd^Ojfj4&RE6&`fMadt@71+q@D)bpp zHkTR>sB|dB4MST88LOUts_D9IcNH~$qH9b0@>Y1_;XR#4l;9mf-UeFs`HQ6L;B9U;aFRb<>vcb5$?t$0*8;go@bHp#mnKEc+ zk-`sjXM2f^JujrcrS482{IbYN=*2Hs&&#L&;{=$|qpV|CgFF?S_(mC(tP{F6lMq_X zF(_gL9TWP1A{3YntXVNsU@fMv1DM_cM`ibW?ngx_Bmd55-nH9*)nF2;;~@y#ENZu+Wmp73(=Q~OF3g7nkEy4;%f$q zfggX03V(f96?l@yL6Qdz$tjnaR64e&RN@gNCtd&MH<`c93{LoAib_jY!4-DlLZK%5 z(~*sWX&j<(dolD(nQ6M_j%a8zV_l+M;6vQEh~{JGw%+I-o64p8>Fu7IdJ$`6>&+oy z`|7DWHXkC*+7@_K@29_8XbdxDSjU74y0LTIV5O>MUe0T$IkwFvc!rM+lx47BpQ*|&-x;yX_XyGdI!WyRC$VxhqA@oyFt#>va{8atxH?fl3YY;QgqaahbvQ=a{~9>)%a;^I)^T?_LEYvpkOExFwS~`eL$EV{Tb$ED^(#Ox%y)+{cjBD zAwphS;oX z`YHm%QTwz;dEJO6_LS%2HVn{VwEIE}NADOWWmGH%wlQ}ysQ*x`Yxx5HC@U6Iw(7T@ zcq*=A$e8{7cP2kmS%O&7>93UeW<5xOOJ!%-kl%oV?S@O-C|{3m?aw&pZPM$4aB2)C0z7(dfp-$Hu` z?SS9R$tU$X10TG&J<#90b911AN6qB=L~6~sq@uSiCJ3Z}Up%>dNob>NICB5>t=FL1 zgUNiqb>r_f^A|7g|Mu1mEo_ayebfJys!D!*Q&qrFPecB-@%}(gl=8QsHve)X@Ha)k zZ;V7HyWRvVxRur6m77afYk`&r#h(?caTM$#lP$pwGNgejcSK3H){TEXdwDTq8i~-Z>UCIYAX=gml zfDgPsISt%I#Quq_7pGI`iR8_zkD`7%h%JFyBEi}C7&Ai|>;f5?J+PbKD`fAd*ZkHz z#>A+>T9630YDua?@y0Femj)j8lgpEAqR*cNbcCcw$Hd|1@d^H9y-%TB5;vCdVCWZZ zrMU#5^_;BgN)*FqOW#IWAGgq?;}e}m{N-^=SSQm21D>R*}dU&ZK|%zww|+y9Bte=B3#&Snc=K>+h$+a869 zYWc7BA0?WZAH`;+hElQf9&P6rU%+!!|xV`RwlpB%jdz6!&g zr?$n*kQGqqT}4TxQ)cj%Kd~*3+#x-}mD>6jePoS4&_WjZyhA$@K`_Y2 zARZjFne`>)y2@_PL6w_O{}Ecv!?Taa`|BsnB``iVd%l_cpHogrs6yW+LCtn?c@d~- zOO%T?PF#kFCbJ-i%0LSg2G&@Z&aP@Tj7y%O(h)L?{#KQn0PZu*sEb9$qCV6lVFKMG!ZSZPh9(wT3~Zgq`1E1%!$ z9MAdq7#2TVcxFr@6i{mcRL{J)jI zf0vd2t{6q+8|h960Ra402e5xe9{-f}KcFtQh8=d>3lIM%FvDoj2mYEDv$+bj{E(RC zVuQ+13OVlv2T7|cilxbMf~6?WRLT)6zF7l^JdK~=RGejtIOMKISZ2ZrL| z$Q)GSRy-Xvh;jsjo)Gfs33M0}3cmQ<@0v~>e^C1fAWD6(P>>gg80DvUp=VV&M2!w-z{paXfx&3gV82%wcxVJ>Awncl{Q`SPIy~g_f#9a zO6oiHnQcr9q#@sBhoKgM?~|EP`~_`BSWpyrdV>^V$%Xlw9zJME3N@h!jDB8P95oYm zB=k!zJ8Do@2c0MhW|xH>JcbN1?&O6WMDIIOHSvL0NQd$PP_4 zsky2b5;!32>)fVsV)*;slDQ0?8V+1{v&Tn_i3m`n}Q9dGd@};3=9&Tu%zmv|G$_m9U+YjdM#I z_NJ#ryxK8Z7Tz&Zp<=UaxFDngj*`U+`bfzQ-nd!%%#e&i<$AtIXsNhd;g5aSFrq0JWJ{+Db+sCCdxdr~1vFQ4Tx9ansByh$(-BUJ zDtBby<#+&SKZQVN&N#|W@4=xLkr^RYH$0d*;(w>K$Ck(dELYR!R!Ts5Ddb$A+*9AgO?gNsT}WR4i}|7r_Yb zprUb&X{1Gz-yImLQyeZx450|C(>;pUA@?K4J%#h-nJl8%E&Ctd61A z7~@~kE$GK@@3xq9yW=83z!eXb0JV*fc7T*}q=`NB5-e&YiJeY~w|xW$KD_wVUBNa8 zNB2nr6ogrKt?)7b*`6Sd6>~;pSIHhnbfFk!vhqL_u@Fp$$jxL6<()#IYAQK{NjZSJ zg~*4Lx)BlEwi++AQzc9C*!A}LlhPY#3 z;Mb3h4SsJD{UdpRMG{ojY{Kg2Fb6bMeHYLUX@V~Gk0F3~YdGsqW=0?bK8~!48F}1H z9atYaS=gAu)3t;(-c9b!7&5k~iAwmmACD-h^~pytq2hxcdmChgX%EZsRzZ!lERG(W z8u=#e77SPAL<@`BGQL?~Z>|g-8Qa_1(LZdjZ_tw7CaA!@@L+eD?lS0QhVR2F*Ys4W-zCD>fRbI?%$fOe;_J}X z-q~!|4s2`}v`Pcxu9@BsE(g_&?ire-`(i0 zYmGjU{KD_6a#r1gS_Pz&#Ex?&*8t}qbxYTjncsX=@0_8HS1C?LR**)F*7dS^Y16R444YZ6lwkBV8 zDF+b|?A(e`VCJhVFp0H+(%UKRCcv03C~Q&b%pZ#f8XID)R}MEV-ZYX3A!_Wkddv7@ z5DNo8F&X`4Pps-?oQ;EQ?pc`1sqcAaw8x4;7`wdV0VAefuKyKoguQwDS z@N_SF2+x%z!+!+~xACwO)w|gh(w5=E*YmZRTQ4`-eh|%!y1NpdAjLPMA6XnM;E+YM zdd?N%)4YJTXrD}7!~11zdYGjA7JngpeWeqWp;TJ+LhgT~6`a5TW6oD^!60%@l5B+j zDB+0vHXn2_U$nqNeI;lC6cUbjsbn=&fs!*Y+L{e+Ptwf;x1U^m1@3rEuZL`t3weoKT!F`9TpxLx8F#-4JTALbxS+jDZsrG`qk-oO=bCK9)nVxTgYz^5 z)(d`h{XIQq2MBky0=u&M{_)6$3g^I(pCZ^!Rm zQnR?6@l+-}!|ckIVi#uj^Z=-3K?17 zDHZ5q7Ja8g8Ia7NF(mr|!#xvUw?7YT!Y|h{n9CiOrN<_*yPHpOxDLtLhIIy(AQ%+f z<(eFp68q2Bzos3B76pn_--(~`w@df`I_>yJk^aANSAzfGuHPf}|HfUHzq#vLL^h|x z`lI>F?d`1sp<4%N8R{(7Ankqg`NQ#xU0qeCf47$tUAdU<#msKpe!TI4mJ<~HPo#lZz9uR zzO6}5=yQLDzoY>jgQ448$#P-ZY5R2J33g(C$o3$D7(tJeK3IApjD$}X3{$B2z(d%# zzxBPql}Zi&s&^qn$_3ubL-h6!@Kv+O>-lcA7wqD&%Dsc1NY85(Go|i&px^x_TGJZ^ zZS`c0%JHE^6r7uKX)Zb25ow2#sei+=r1wnfYXup^Z#RfKBMu*ME=4&dvuKUEWpkq$ zCy5y~Tm<=5$0~o^MV)_;#K7b`?FkfiyR~Xkv^5!c+K7dN8U25hy<>A|QJ5|m+qP{x zC$??dwr$(CZ5t=HZ96BLbobOu-M&+|dcN#G@YcK6S`P&;S4&K=n2&*5bX6B}Xmg6S zSmchtug`=yjzop)d63zTE!}`a`iY=Cd2I>XjYn9>A+J7Kzdn^oa31E zz?ngGF_51lC=rthB==dLapPSg4U*?~Zubf953HVSC^y8h^+P~80`xSQQ4dn)O z?B`kyIviPQkNvYq>DxJs5`sdBK(aOh!NZ48rXM(P>(n(s6ayQ6`{@(fjn$sx12yVH zPokeJ)41i0#fnbiyGq}@zOaqDDM82lZ*N!alt4`YRyrlI zix!gc@(R1AxY+oU;Qkb5IH&QI=A?d`6ms=)Vz$}}N_~e+61&MHP$8QPl_5<+gZO`1 zfaYB6`=zv0R>Hsgqg<+7`k>fhj?C{^C(n>(iy?U<#vHup7u$)hy=1nAX~moB<8IO0 z-5P4SGD0{ldW0f^7b}-G0^*@U3)(oHxOS;xYJzQpld-a*q`F86$4j7bg_;x`%lMov zZqD}4%%YnO9wW@M%m1blOyuNxrT-mI-0yhU{-+3{qpO9HiGh)kor~>%>C9@9c>hBv z82bMRXCWgfwb03w3FABQUkGV%xYyEv{&PzIP&JDsw?FTDXM0*_b<_fVK^p`Y6%hhH zHKjDg&o!q6Jq5|utRG;odx(Cab<}FR$15Ezm4U~EKeLvG%HzK{pZ`cE)fv}+vLq;MUQ< z#E2~jf8&i@?lgSRt2*<5lhMk=0VR_UAhWzC6UvaILng*{>Uk7&d%*iT4X-8T|2F~~yI<+7o#TI^ z>^aIZcK>Ck@*{}GZ52|6!En8^d9@8|rKl$+Zm5#iKqBF!h=1;jOMNIPez`bGPCxSU z{zPcoL_H(tuj1z^Jg1C|Rh(mjYHVkF+QFl=ZZ6K7xi}gmyt=mO;IG4{6u!2G*15O( z5EDlq7x_N7Wz$QGLbp+YekEs_0$u!V%DHv~)Nd$4Yt{OljxHh#jHxIiN1^*g4CXg0 zfuru;oc0*FCi6y7G491(j*|`qo?>DIvbNiQa9Mgr6jiQzV5`#eXzykvXnElgVL<}0 zE#IJ1J;Ygio3VR3$DrO>4P}gGPZL=(0U#?v1p%}9&C+wmPRujo=2>T~tap&T(ifa) z9BxeI$+F$-=Cw(GD!pxME6X`qV_ZMOTIlxqyH;bxrr!MNv-xxOix`&zi^wzZQL(!h z*+yEGTYzo_57IO@l%t)%M|rIIoz4*ZcUVptWBO;&&1w@VfIU6ua6A5}oFRYU$S4V~ zLV3BagfzK;l~+3n$0TV}Q_A;Jh1NOBs1@EuI^Cs&$lS2Io)FC(Qu*d3d$lLOdJ~f> zUA;66k>ox0Sikl!``KCG4B&Hfdni=3FBWM^iQbM#^_A*VI$UpTGeo$h9#*0&p})ZY zuh%qCwO=dp?=`Ikp%&h}bW%W9JW#TWmI55g|)e4+QH zrnv}4bsS=QibA*{&InfHA@;~cW5O?wu7P$}QBr3`P!~z$^o+Yr?%%`RH!k747^+$P z;#szE#>&XM_qURS!+{&0#MboJgAj|;x2KlBOX_7F!sVA~KqJ5sOfnbh$Mt{&(o z5D-0LBn>E(o5^SQ_>?I7Y7+=ZX(ocKI!ecmG^qLc9a`wh63 zcr}c7IiX1cR|T0>$G!@?7eE@a4j;o&J$GeT7d+>daXWK@WK!W$#-3i3A)$Pp&E(r# z8}IMAS60N(8R=a|4mPE5?LLk)q-G!jt2myI_k^$S)g?##BG@Y)B;Sw>vXsYA8!tLz ze3HwolZ_l0Q5nA`w5l+}oSfX;=W9$UBm|+o(KD7}$tJgzZK*N9i>XFc_PokWcR)?c&cVs5vn9+ukLE&RA=M0p8x~#6s8@0dSU7K}h!3rw(r7n1@Pty4?i8E%y?;j7HV&l<0y+-Pp z!||?BJ~pjtLqk9qif-Qb&McUQe_Jtd)wa z*!&r;Ng>Rit#{O>YW=fLr852Q2=iIuI?l>`&S;leYagv9`$?5$TJb(9*z>LDf z$gBrm^XeRI&Kw{{6nJPz=%pS2l=4qoNb1FicIGz!UY zBul6E7h?NNFVPs$XnCQ23zu|7A7Pxb^-vHdY<*lgGeRp7&<<1RG$fq$zvDvl#i*;*0zesqT7;=SHTjd#9qRGIXNp)m?Vr zITaYFN_@8%pQNJBf2VnoN+%%vhdmHKM-CS+3y1n(u&a-KJnO6QmemH!0R==|fh}bK z#gC^rZq5&Go@EbeYuiTK6sQA;55UxTeXF5O{#ouFUEljD$e-c!4(hbdVgwGp2JuEm zRu%Et#2J@iZ8mK*AsX`)`%C+)@%Nn->~99G&)PL?=LYaomsS`*(MTb^jiK>p!H*Z? zClCLv0s@6T0>@KLz#qdVjs*nFL{KA_A^`a@M3sA31E>5$v@i2XQM30$;tfj9NRE?e zz{Vv|LntzEMF5TuOD3XkDQIN~OdCi_JHt$pkrQD@Q(OlWxM)-gCVfD2X9SL<;FKB2 z^fB%jKWlvtum7Vp;=St$)^snlprB9RwKe^7>ZPxou`B|x;HkU?i7`X`SIMwRoqQoa%h!P{dFCma= z8FfwSqAlVv%^Opm4V8&INb}q)KH(ac&?ni{7zvbWoR6V+58{Tzpbivy?h4tHyq@6X zhA+z@0QbRwQy_mN(z@r^rKz8%7(GzquL_)s`J;+kd@!i{yoSLNVLqDbtNl>JLg{Yy zpoaip109dIM}mc`uZ0edA_y5$8b{U^%{kk4@EoNA$<$8uIvjq;+6ke`9aAZ@$PWz* z?K%AvRSrarHlf=L*<50)Lr+F%6F6RJ!Kf3iuxPCGjT8h@8_ZK-fs`JxLr=Swvsr(U zYi0rxxQmmYxhVwDu!!D=FCw9+MxrH-j+qd6_%xpZiQiUmq(4#D$N{B2yf*Dr?63?54~IzKmr`{0(+z=l3}j; znZ;FfAGMO7zYA3VaBWdEAUWzPj|rxJ`b11ZwcGd;*- zXv9Be3)x1LcY1IpJx12>gHY^?fV@~4IYnxy(PR^mm+BZFa!pMeV(uj~REXIIN>Rn4 z#EEY&4tz!`-QK9~k>;rxH2r{Oc&ocR+!in?wWh)mX!oNY*<#8{;`BHB6pwtHFBz!8 zP({H>drL;Oi92zG!*lFjVxnW~&j6T-h+r?^5H3E58juGh!v)Z15_;L=kEqZe(6QI$ z^J6K(Lu%(?l8<6UMd5j;-;SrrH<9{SDh9`X#)@{?#d#SGKs>$~Mc*NSP1tfE2w(*_ z;x7@e;phy&U~vH6nt<}=L||-kT7Q5zY;HU@nMjx;SnrdrYKV+);BBAmL)bsP14hb> z2J{AU{Z6P1X?qhVY*pCOEe%13$4^XT?q zSY*5%Ep+v=bM_$WG<4m3H zB`dt>Q(f>xJW(q9L8wKEf(Sr#C3=T(gQV~&NUx@o%At)iSPff(=DXXsQe*aE3AG=) zSeK>|rLSZj+jRkU$ws}eyA#7vU!cwL!V3jTHrM{;M&Geob-Y(*Jf9ZvJ6FT@(}&_P zhyE0QEB@U*c1>2pkc}PaZz$5gM+A@RmdIduHe%G5x@~ zlY=8X6ouW5Xy-hIj~RLpc1c_ficf|6|9JMDlX>F<_5ufc`@QQS+a>Bj|8DFPc{|KS zk%ejzw(3EfCpq#O{gC4i_`&@EN859S_?X*ZdDPFW4RD$(fqlAR~`ai z6qgZ)7jOV%9CpIVG~b=mi5(lcf&{iz8x_P3vWfeknqg2!7ZgH`;@csJ2?PTsEA)XA zM+w6Bu+%g)a>Wqe8Npbba`^+6UBnxp*JCe<0j)a<0x5KW^SZ-fy~3Gi z|1&rPTq6oRp(RvUl!XiI-k9#ujSeR2yvE|4I>24Lkq671-)KIbg<0E>vnzQiVk_H%RJIG2-wA$r7)IN291#diEdgcmg)$*-jLt?D=MnA^;myZ`}d#FX1`R>&m zudhb3_kiUZb4eBWXb-9!C406Ls&Ma}d7OeRfiw&Ha(P3y$e}4M0>92pU3seKHa z9)v7qR*vjRPr?;tA<(9TC7Yjp9zS*guiSOzFEWQ&72;hRMgXA|U%x-YRU6&~EPd|J z+eud4@gYrY$kw=+OUvg!&yfL?w|f@^3D?2yTE7a9h7Pd)S-DQlx{s523AF55HAkAs zkw@}jB+6_7oB)hopYRk^pfgVG`cgja@#LL1%JlvNLUZi47n`VJ97BUZq&1=Q@l1`f zgwdCc#`jT{@~NReZr=%u9|`O1^GQiFoef;H3mZ3`nIbtsnfD%`{_mDUzQuLb%DYuE zGtUDmbM(J#Na>&tlz4K!8|d28OMsSW_B$b~3g{WYPKY`{Sy&*Q91_wxph(&grdN)_ zo{x;O$j=$Ww&b>O0LCDQOY4pknpflhW^n6+qUC4VvSOG6eQkW$#hCGn0!F-eCS!9Z5*1%7@!XoJcROUDL?%PyhLNX zEKDI1455!YkO!ZgZ0+79YKqkCgF!)ow&Am0%Y^#!JYsvu|lnVa{b2=g(CzB=&iVuT*(r2&Z5 zG}TvVF8~g~ln(1Rit1k85jB2$6GG3Jw4l9MUb*Kf@ka$Etak7X=LG8f?mdyj^tpuC zrjlEvC8yVHt)%gEZ-Hi~8zhB9f|ck(Ck(>lcd}W;@}e zTD;-ssHGQ0q?anL5H4y>J>hU>kVp<`6CJNweNGCG|Dp$JA^GQ*d||8JBUOGb2-gTV zd}o8zpL>6)+_<5x3>f$m$MFn|`RPszS^X}#R_xEl&(`sa?12Hz6@lYCU48asQadfusWQl%?gZ>I1@O+<|9CJF}fwai+b zU3s@|nh3@2r;#`F`jo;z{kEM7%{(35@j=k)Lv)~+>d$y*hgG`UStNobk43MPnV5>|P6 zYIs`Xu7t2I8o{BKmzD;2hduI;feTcF6w^gQe?FY0A5E<=H3k}${Kb0gv`m+kE#bw3S1O|$e>!jS36xM#-(_E9kNl74%!q}fwd3)>353NNQL=a3+qN&S95-8fiZQV}GFfL_&)%0tSfXd068N?XC0qGO zBpyxa>b78q*Ah6~rxoe))l-V~G>=`1U= z?5Oct5Z42$gpZoSB#2X{O;0}APS23JZa$~;3YAUvB95{h5Tog!HZ#970YZKqE1uAY zjmb`YP&0x2Sg?Pk@s^`>OoQ(TthNK2_h^X?XfD^M(roFs%K3AT*eD0OBnz;E*2|LO zUWq6BEPy>?)CrQ-Hpd!yw+KPwYq+9iNHB`BD-3W=i9gWzgYk`$uFq5XMFx8PTl`c{ z6+lfNwhZ|9(iLUoJ@Y;6JMIDXp?Y`I(B*#Z270B--AC&M8_mUzfK9Owxn~-PHzp^de2)*Xh+sH*miL##I}Ast4D6%8WVH924J)|F z#i{%j=~<=ShFH^8ome6Mih(31&E-v%*`8vy0bwf04}18wo4fc+Xs;D1cT*(W&?%DG zz@G+OLeq!JRGa5FIseD~tiMzb8!L=p42sPMonbPm#wj`&?(e z8;}sjMzTJw#p4xW@hAnlD-X;&N@(xZC~bBOIUk_S)@IqiLma!UmB6areWmMq>eO{7 z3g}~dwFFC6g0faTiUsxkA}&p>YtKmb9PRCGEhLVX*|bsqL*VfEbJ_JS`H$h@+PNm^ zrsIRj<`Y5&KP8&YKU9^?Rw&jWeg}ss6lwgZb?-(d>MF14HR{TTmWc+un^JHkYP~l` z-R+hLOP=V|*m(Wkzkgp<(Q~#*Bx?jVuFG!Lpz7exe{;jEXYWq})T9Pp?4fo96Zak_ za<&mn12Txp?VzSDA&;ieiZ5v#do#N4L0ymcegj7~`mWEfV~--P(O*+dJ)o?x9%B^VX$!R|-bGN9b3uS#GTp1xFD3r5@X9)B z;L~q8H<6Pg-}fb*FY>)k6$10yf^4D{E-dk(SVD;KH35 zFz*8*N6Zv8mQVabEf@BraO-4x60w^l8-}=1TrKGHa8_Z^AH~>o|K!^D3mqDBCWD}} zHN7B8H(cI!{?JsS5J@>{-X5J75k)L0eL-U~?d>dO;+FF97e((~usWjY4WwDFBYl4c(J{3DWXYVa6W46~S{u4Ypp^!TDEJ%zts zbzu#|47Pj}Lr=S<5WOBBl^tafH6M0_%S=*37z}L57K8W(QpxtW(57ya zrcJi8$nmjvA^&7fud5@)S*d3|-&^eK1g(+vJFISRiz{UYYi35nrse>Lw+UWxY`xUb zinOe2nMYk^mt1@5JaTf*a^~Yx4ZDMSNXO2&nU!8^*IZQj!(Br&dkf7 z-LBfE#lP5r2S(-BEW=haz9ds6VJ{BKZf9DZ+sr&pWE?m{wOF%o*{1vd@^93R*8?t` za!&DkXBNlHZ` z4NY0T@Ygpro5H69Pg=eBbJY)+yVFGw$$)NCEzt0w^%#B=VrNL9uC}W$ub>)#fo*qZ}ZRHN-*zwq2xv4 z!Jtx*wO>}wQ(nhBsT8~%23K&oc4LlA|s$SKxjTzP1t*H^2ug00rr$Fjmp{6b~%mgqpxisH+7Yenf6 z)#A`4rPrM|6KV>q(r;r{3R;$!ii+#Pv%v)wH(O3aN=m5a)8XvXPK%z63E!;t+2&ch zn~w<}Vh?Jn6R&ZvSWJnCSJ&i%{A12eA!_mcajK27>cFw8vJn;iraD$jniivvu}J#$ z1j`gd+suj3iczb?W%W4A(^uE3aVzHNPfit6+te)Y1yjs0CFZ+!Mn@G>Qx8U;l1-^b zcU4?D*Pmpp z4Wz~zkjLk!MdmTUCg1UFGIn$*S1gdT<%LB9Ae^gi+=R}k7cc|4kz1!!xIxwHvM+n0 zR^S#;h2DrnUFR$8VXbaQPLlrgJ2CoR<)1Bf|J5`8woGjz4EnTWmS98>mW0_@ShZP}3Q}zO7gI z`d&GJeR}$c_%Ejzi3nhkfr9S?72Mm-G@H4k!DaM2CEYB^sK zJD#FM)=19!f)=I;b!ciE^!EZX zB}_nR7>W120py?zv+jfpnA!(uqnjY=!+A%mtqI}ObA(AV5RrR6pV>Rw9Rcf}T19S` zk^A0nrhgPH%2V7a`xLBQFft~^F@a%fP!s&53HHRv_G^7I0NN*)bX}%__(ncj`Dr%Z zp-Cg@?$5kZVs{QfDPw30h=B+t%@Mcl(Jvwh=kUH z*aOA-Se(7|y2ptXCR(>)9yI7xAc2Yn>L0bg>#yCKcv@4jqx84+X^fWVO~UO8>K1F? z2a+J6b{t!DTMxHOhhg%fBXUB6;LNSK(;+;#hFQ!~q*F_>rFA)St4dXzdZ0yAt0lQt zJ1(1?!$cqpQf%Xxl9jO_ruNAsTS;inW^wytuOm02R*#%JOn2XjfZr_HYC3gcwx%^( zl)jQkL-hhB?k?zD6 zMJ!qD@p$vVSi$9HZTW=}jS<${K*||Y#B%C5WabZPAD0DH; zS56xCgehUxBWpyg@BV~g(8o)pv}Q1lwhkn9>0APed4#O`iFs5IbU<o`vyHAm0wg+=J*jFVOgRJ^`%Ag)?LQ0e zfbmYBQI5kZxfPskn$Bk$wcuLC+_0(LxU=xY1RUBVKrb}%!;bfamcs54GteKfV(0cW zF7*Gh1D_rT7#U`IKCO)SOQYdVnrU=ZXDv00j^cISm(lzRtVhNN75iQ7XwAF10b=T( zcL(MZK{5zVlWnNcSJQ1Ofpvou&N7Qm5#}S()tovUp=I#3E@U?tR_+vb+y4NcN4mVy zN)nm~RW<%3FU))3Q`yq}{5uj3y}UM$H#bQA8d0GP8Z1ln;W5N_enpgr_x(zd`IfDH zElyJE`*NN83)X4FN2_`)+`~NkH39A^lFq?#AXPO?sELti^%u*#O6u@$&?ZC1+l6oY z3GTgyTBn*qOD*~n9m7zq1#mKzVsj%5?}^9T2{}Swgr3?uD=MPl2~mGwj1Fzbq61>d zTPAtR$b$RiA}R$mfMk=sLrh(MMVJ4$t;$R7&Wa7H88qL{yLOp|t8>JHiEGUM_i*0$ zA|LzY4*H;c9WnD8>!>q|(=m^k?8ROst)6{_dsN-W{Qub>?L zB)`vlJlt|TFkCiiE{w05ozV97kN!JDO=BJYTcy-;+-@PyTvTE?gRAkY1jfKbSLbNa zH>-+jENJ~I!O{0!fSYf#lcBo2A8jZ6Ic7<^%Np&e>nViy-&X~;U?9y6L>;5MA6J)T ziJJCPZ6zL%C(PTE+7IEP=r64uJDXu6&pOkwMb@yz5g_jlo7v`ayKChNY<^VUB&~=o zj^h;*y7p(dLk{hpog}WDG`gR>RwK_I=m9O9`siGOqLRzgUny>sAW%OPIYZZ)M z{W$r|Ui`S_tX}+h^e4*KmUpx0^k)BZ{*-9+P`iWvQ0`7@0#TA(K$3c$Y=|8z_`eXrUgf52JCS zuQObcRYyB)Ci)TFdgT(fn$_&7lLK?pX=JIceLBahq+tI*TiPL$WdD~UDW39~Kncnp z5MIejArGtoFcp9T!7rI*!&ICsIksd77t=qD)ag9uo~_>myiy=G+4hs!7n)j7su~4Hs~=`HE;5i&u7B zM%9T~>q!hVd^nyY3EpKCUd4ufxKax(%`H{c_CVY9!p)MMX_bucuqN(XsvW-Try>ovt%uJ43hiT-JvE z=p^>T*VUbai+}Bb^W*a(qqUUs;c?;nFYJTQ=XhK0w|ejL9b3WNXM3gUhSI9rOYc=B*X8MZ>2K9>#mA}8s?El(@0-DLt?cE=ci65)`g)OFD=Vya zv+ZG)%e>1UH=XNLmfoq#tz(f*){(;7?jkdEmIEw58gHq(-*bR>uF9n0N##;Um;R%r zuCt;Ded~d+>L%)92Nid;?qbHoM1$}BGkNuH+HW;xb|q?I%E=90_wAH=*SMtX2A!p- zYfi)BYP!b!S&6Lcsftd%xiagpXeB)mba^|-ZmX?uQfux$ta z)&f*z)!2r;#Npd{U1a&4Dh;>mwu!7L@5^0M^T%Cw1MG^dI4UE4KJwy&OsmgRgt$h) zdvlSx*&#;H43szI9!WNk8>8e*bG3~HMd2re4S)q7P1qAj4hNsNsk+~-5E{CHa@Rl8 zx`|Ta$^4@Aq{L)d^%aDN#8N7+MIT}q=~K@-W3>7f&$9HvYP-us^pB=@T-_`g4*U);Q;_tU6EdATEv#mNxpNrx5dn-h+bA zwjOv}XvIJ%E)K6z3^7$W9qAY)XRBbYXUWFyMg`M6yoFj7V~H2_dT4@0T5wAJ-vOfC z>t7_Jlbv~2f1TG}BVJudRyh*OC#MHGJV{|L1pZs2&4|vDxiAGPwfC|^Vlvi7+~Uyt zUX^Dh430WR3MqI-&NHi+H157D;gfZO)^5rabXi-hA8{}VV-Q8@=qaC;5!HJ^V|5SY zX47l-FKjETU6#4}&{Yz-oW_ED+&V%4cLXgb@8%~Nu}VQ{YxZKbkwS_nIIqI#oh}W^ zs?zj6^#+zisG||6hxg4Je_;&YFqbkQz>s|tDzBYI`){w-on)3LC*kI=2f_`2gWaGp zjxn((BQ*vs_1*2s%g9w;$}=*nb34>=gPS)K0bma@1wBu126P{@*i8F70cjcZ^?IH`_EnD>^I7U`pxxA5c0Z;kYBing7E{N!ga z#X;fn8YF0Mp9Z-FalcORRo;Yb=Ung0`}wI=auNY!cy3pbgMxv=0XCr-y>Dm1YVs<= zLNKS26aO_`o=lk3@7ycUu9MUO|9>YIok=V^@Ybv<#))5J!yfAE(7Bp6`_NiQS*E&F zv`!LW&4fc|eRh%Nrrd}h2)|(1Fgnz3Cu-MO%#p$hY(2@K{v82=QlwAw0mdO(M6^Us zUGeC<0ue%-BXXGWa$KMG^n^t#&1VGQGGNt|qjpDvG%6qe?yKwHkV%_Q3}t(rsN#;+ z0xG4*ikU*7djWU`&X8rqhT7_mw1u@{wzP=tprZ>{T0wAl>H@vCUPhg?6u}whGY_8& z0(V3@p$Q94_y>>ysl&2iWH33Ev{8j&wQQ6W6dhjzeUv2Kd^Ith76FR2?j4|4`5*#{ zRW<{>mL&o%)dgM{V_sMQVff%EDJmv_!T!daHMAM~y*?QKVuI(;#ar+lmK+tXa0nz| zd^o7sAQ^86TlBa7bh*@yO`TUbWvS7ER964ILW}j=<1ZY}oUrn91D#`n?1OtVC|y`L z+e32#Nq_u0Ndv$72T~M)NpKV)<(;vU1PC6X;}b*y^RCI?7v=fjd{AqxW_jZ|FJ}2_ z2p;0|;*E^nlnCTv{UkM)XQ(9-z);EVPEt`b)(Y`4Fd#$7N7>9wb@y<%EcpfsDbd9z z8n)vO`3qau$NQBWonEI?wY1w4x5ug}EsxJJr3bgF!bA&~=n0*J5VAlEk0zN0U${ya zgx*bg!aq3>s(K&Msp#GZRgL-A6iwu;A3&oPl?KkD9LNdt$}(^f#d_%a=;zcpcmXZJ z?s5jiO}r(zfP(34Mwj9I0z*8BYTHeLEVC=BR|HJhY}BD2i+Dp1#)jD0USfB1ob?d^-Kq0GAqul zgzl$r;V2Qod{+4N8V70y55!0j9EO$IWH)LT_86~37$mDA^$wH>qB?-Iz4Yq=3?86I zeKZ4bq`db|$R&}XgcJ(u)}s)KKdc(|(V^swF8`7pkEUf(Sz*QG_S=w;!|0RE6+5Y< ztGaTf`wx>yQ%cTvkxhl}o4gc{bbL=~m~c$P@l9qE6pDlLF7VI@_79M=#M$V8>Lh^l z)gw|@gcK)&=Hg5S3daD|6>92fb7e}y@wMtm`H(CbTq}Zj&QJ4gfGRXjGoF*D54Ig1)~=L zgo~rv(J&Xz4vZlkq!Hm1j*5?|uRPooEl_u5HwuUHjkp)}DPu2p?at> zwDIyTsc7ZEK2F*eNMvp}!E?_gfdCP9YS_kZ-B3hLgh~Q?Q-;I=y=&nWuZ`F=BvjLL z>W%@{RM5x95-vG@sT9e`5y>ltf{i#x0%=Q*#%1^)&)VlI|gmG@>wM#_J#F|UT9Fk^Gsj5%N4P=0t6=U1b9f-O8M_zDST|4!S5j(*4ZL4PpJnbFV* zwf=_SIG`zV#m{_qI3_mnSp61->}c?p*xH(OPujXx@Kd}oG)w<%X1X4n#C2RiB7D!4 zH2hU&9QXwSzG~6Z4JQ`akGPi1lxhH)BnTob<}AG&Kmgh*^MzZXR8gujP%Pk@qu=Oq zmL3DqA{gcxVuBu=xmCNSL0f-8nuh8n=Z>6^bl}6F}pFCG4 zUTerPItWUM9ZhXL1ZyhPk-$Pl`BY~6%6-s#>*Pv#bjs%8FHI8PX7wSWA14roAew%{ptgvT zbpi@mlsP6s8RqN^Tc2o#Yc<(fM}v1Vr$J&EVm%T#m-U*d)lZQSS)3?FV++m`yU`fe zqo^)kLMaTL%4(}AvBtXN41~Fw`DorP8FAuThCeMhkYd^8`Lu|`|z=037zc^W?$UGvx4-9 z@ei3%=z-Ggy0sc2SMOscF;5gwaVeP6-<4SqUA)ZRvA1s0Q0Ia5t97 z_&s-i4aI>1gbeB|peZ5!t3+JlTXi5QlTK3ASTm-)`0s^ICh}h`V!N>A6U7d`j9wT~ zuB4Whkn6Ch)5a5_7m5f;)QrL&!jB?{;!92OHv^c$=!x!nafnR15L2eA)ld)_lwngw zwgpwQDj?}tj4)da!HbfjcM-&|X&_K!=D0tfHN>Cu8GrEPkT`~By*vchm@vWHVmEYH zM)Jh`l7tKbv=JvI7?53@*F6jEn~+*fNyY6u#h4}Bue{|{bUOJtGmYG0jbx%1?W@5! z;Appap*-ZJ9w~2ZBnd==5u}7uZ?cvb1=~U4sWkH1V=vcKP7uDo(LD7F>mC>=i0IlP zpdR4#5OzIBS$q9t?jb?m;C7&d+0ndiCd1k|m+?+yZg$GEKJKoagbw=6325A-AG}{Jb){5C zJ)K^1qCqcjWmx--cseg7*CU!~b~$tY?o$QCJR*x!g_QQ#ZXQF{}Prp|NUg6AI2!xZ-W5B}fo^&X-_FvNk z>iXNLf39HFGv?PQAI9Ws!<11=wAkpX+dPHT!b214<;(SKesxB3rVqnHg;eZ-6_yHg za=zLdxPHu^T+Pex<&M;!9x$zJ4Y0Xch!{XD<6D5UJOY|}V~xio_Mu+c_13m1oW`f+ zw%&1c8A>Pl>ai4PI;BMaU5E=n;PB^&krgrA6}5OgBBGdAq;JP=xXM+D#;XEVYM+a2 zLY^hi!5p9998U%4I@yaY<>lnZ{*N93f`3%H*!*Src?0$F79SH4+ofSi<&HMfJXsg@ks zSC;rX-=8mdF*_vcp8!!x8j9;&HEx{k7Deb?aOQZITIx)5nmSpJ`DkphlcsbLXIfsq9Le-oyhW*rT}jy5NT{@bo3gHPdQeCnyMDZB9oUTxPYNxS z@nDNz;C6Y4=E$2{Ro0n1jPg#25`<2uv4Fa83>ubDiaw0S_TVn*~T#Ljzk05YKPJt@k08W?T zIVCX?7=P7H#-4~3W?2Y1F<`5?FKsKX`6o>Q!i63xxbFv>f+ob-kF^4$N9S}gA(Mha zdMS!2Ny!=nl{HC9p`PNHmqfp)&yCkcaS)tay5D+I0i3R)GzvNJQgn-PYXh_&-xzxFkZo4*|~rP#m(DK(SP#Mbt$xEwo=45t(kvj~BPjUYN*6lEhxZuO^Zi4?L4pLRO1YHe$apM-I9OvZjxHh#|SKbw!oY#mH)OrTl=S z7|276tcdSLHKCOt?ta|%GcvotI0Gc}50@I05W>Z0G8w>FAZU%X@>mmTWbqVkGmG0` z0&R!$SQo_Ut|am+ifc$Tkko|wfl+b>HZK*5WD zPY;0zBq;b(jq18d_pUXhTmPpzl-^b@m%}!Jna*@ilm6VrJafcmK5tdX{WtjKj zCr$oE8r`#w*y~O#EuJbU|BH<00CCRblHy8Me+j_6NmoOUFa^ubkPXkot4+Llkd)MH zp5`Xt@wAj-t%pLK>(}R2J%^^dV?b zvet72AvSIx9-i{$%7`Ta3Mjn*#GF5*l6Q)UvWA3f5P`3ZGR?dR0&BVDkk*Sab9l`p ztGVvKO_PZFs8}uc9l_}_qIyrSbOdq61vaBYlH8nodW6qYLo{T6ezP}Gz!W-Xz#BQQ zA8+MU6!`0p;B*I%q4<=+sa5(WKM?iIowo4cJi@MFgjH$4^~6-6~ix>Afa{m_|kWU~~Ylk88&sGE1p z&d*8Q+ItJo17V=2P!ZKJLn9Q;t&9wK{$G5(1FR@Px2?Nu+qP}nwr$(yUbby}FWa_l z+kQLuB=6k+BFcy; z`9^PU+vLB#p~SfJo{mwP3m9SfmKS8eX0RP2k?WhVz>``Z0FrY;yU3DPjZ^=qPb5ci zPB>R&Tz||D17qi(vn=vJ`dCeb(fB(9bs_Z6`jk40#%p{~2-ly`3a~f5OA2ieM z`aWtKHl_~}!P%vzW7fpTCC0^rk>fiR6+JE=BBX{|2>eUCcf^eX@A(!ZzyCQYCa~kV4>)Rd0N2i01^NlYQCqztE zL(jekDKbJaH48}3a6!Y?Juc_Rs$Xl&v20ua2n>o&l`juBM?rkTwH+X6?Bq7N%_ zOqF}Lv-@%tH<<29@*_I@;9nQLoSknS?wVZl?T%{BDAW01ap2=iPW0g}a3l`2cB9oT zEP0OMI;KX*%>L;r=is&RRF&rC>W_Z%8a+K=&>cC=X$6+W9xs!Sq*d_kbGzY&iE#o< z;xWml5*Ckzq0~D*xi}oRv}u+?PY5vxU+LX6OfQgO!x(I)!<|I}7RUrOC|0f2X#0dk zTHfd^5G7YTC>IUHlx@V>t|l;4Mx|nG7G7r=r~9!{d5cHjn7^QjpF<#g%{KJ(x>Ge0 zQ@I@Xcy~g@;uTV54G(-==o+q##ucP7jS_9lh{zl*r0Yl0)Yq4qEXcO2Nwb*Osc4Fo z4P0-m*kr?{WJ%yD!Zad>yJ_t=mwYM#UF+^pxoe>D+tlco%NTN07h$`p#d|t{K zwwlX{qui8y_|#DCZ)h7yEG9%)l5=1)wESSn?hS^pevQv2Fl49FO+qC<;S??QV@&;u zNc}b$+sZ)eZJsKzSqj=}N!7q`84!^$jyiqxyVqd@wB-~@W;-lfXT(nN7Cl(^tZndvU!ppv>55BRI7;P+x8N`+Su*esP&mj4|}( z2n1OJHo(20-FJ`%J|wDX(cVVKLTnreI{#o2G8Y8__7XoXu zxAShuy`&}A5?dpQ7TY4W%z)9o#yW;NrA0rv7wx135ItPRv0d?;>AEJ*=RH`_svy4| za(H>j1-`jC*EibDCUT8OG-&r=2r;}duP)k%5dR^j1?mZH`;=rZJ6d1y=QmkRd&lw@ zCA??_SBYK8VUXUDN4ZaI%vm$f%{(KI!H|Nc`-eMgeYH1w++#3ZMNd1sEz1EZ%{cdj zk)zGSg>u|UdYqo+)FM)?4eh4c0Ei|wf;TzlnAUxwhw0CXUkw+HHo>zXL9&d{OQE!S zJx`!4#J3j-8=(ibht%+FJUjZx0(3<*bs}|2)WY-a*I%! z&?<_1fhRHEK-gg+jbavKt1}?ECF>*}9-?HK!$+h7DmN3hmh+`5l^ca%ef8klzBW9& z4T;r6O-m}9LADy{$a6dJC^z~`v)ix<2~l^V%J!qpX^xEkRjTUcc4k4yJ$%A7)jiJ^ zS$vh-jgMg9aNu>2vc30eNQtjKJu;06xNBt_0P%14!!QiD>oIo(l91sn3qk-op-(ML zs6fEV90_rYCEU$OW3FADyYfKBQ#I;OO;scm{%4QF#mVVv+}n)UZ^`?Eu+%7{?yLC_pTEC^vE zolhL-P6S)KGuVcle{c!WB5*c2^YK3TM)RmNDD3Do|2k;csu*GRU6OEdV9T<(Msh71 zgJxmu>PS-)eWu`~CKL;%%RLfkchf?m zA4v?2*7yw$n&r?5)rHFV&O*$T`J&nwv~BBRc6y^kX9X&p59`h0v%>>Bzic2;;U}80 ziTzj{Bx6%>=I%n%a1YPH!XZL=YJtcp9U8Blar_Q(LPwU$CvU2~ze^DXSFql`Dr2$!j8@uq|mOTU?ww#Wm* zlQ+Bzjb~~D`@PQ}M+d6q+(6(9N*+BE50A4l^OwBVH6W4k-!W;f&2(I$>dEeJn(&T_ z`}gEm*!U6#7^$*Y^irCJJQs@kcb7J7l;&a;MHrqXq`t7g3pb%2#2fq6TGfJiuZ6lA;6+l3d7BvY} z9rtt}A=2r@)wxY}2%K&^JFBnostZoY{b*C5e%4);a=7Q9U-`wC&G7=5mblgN(XG1o#MO@{xh(dIkoYk1ZFtIws)(* z`1G@;q@cp{ar`!B)jy?OoPxo|4(PE_|L25?U9c7bP=iKLmPAh?N~z$6lzE(TMT-tY zx=s*zj;+lY@ebg%T#A@cH1`Fjbp=vnoq247{gp`coYdOp74E!lhk^ulW5r6XeH+w@ zxOb_dL(5mHLvQWWq)Iu82$u1T4Gunk9D*xr%?sA2Wr^4pU=!U((rji_nzVP2RUJxb z%FPnoL68uxsCykzfTRf5KiqsQs#QW(HyMWrptU=BQRFn3kRaE4tbIbzq8|IN;WL2;NFSW zPezp-hwUcuXAsp+w<*Zch70K1hYQQGXLYa4uxUa;!VR8QS&NyIROz(Tyo^H`Bqi&l zzD6Yxn^mYWOPzjR$7Qwj6pjA7x};l^9oY&g3sA;fL%hJrApGY75V1HNVs$d&qEXLx zM(M$!&q3M}(cQk+_7xB3GvOLLg49LE0`83fOcfR{Ha(WqdtC}sdUt=__z15ha4ObZ z@laMY&dpUR;St=1O@#%-Cx|(F3(y3fct$Pbmlkwb{yCxB99jk>X5 zU<#UM!@*WMbBJR6wIYZmskYvpfoLr5FIQ4&Z)wju-%Cev3srfW|i}_&6*3~_ZOTxSB zd$`EZf{7aqn(dX5_M4IZqj~m5CJZ{2ThWHrNT|%V?;-0e=`^4yIVK;kY4}N~R&ZWL zh*1j>$*f?bij#hr_b(N;H@Lv%_QFe|%-dO&j9e>|{HER{?1O|C<{9Lb{54tEZjuA_ zuLCjnO)mlp5*_XG=VJ-_Z(opmDw+ui@6RkS{9-aV0zF+R;lz8q3FTV%2BA9qrQs1j zC|W2RG;CH;`%Pa$f{OFIow*lnHa@;d@e3-b;YG1Ke^Zu}q09hF(IRetk~20)?$JmZ z5g84}wnZem@`II^h&TC?_?Y@PnpdQn$hH0kzS4&C z20A!*92(sfGRZG;WC`C5m5)!VVF#cR=r7s(du)ShUHq68^s>e3A^r)ezC_u?z39}MS zd`^%hyenlJ8Y#-l_G_xEhKOun4$C#0)Oun;}zgDez@J#}b*q^w4mJy;F=u= zn<~mkSMfUvh;kc(eS1g_h48^*{^I`*|4e6XHh+uOvk5<7xhU_a$CCyoy;WChoQYfTi?hIlhdBeFN|Py-0b3 z&rcVKW&s!zK1D9f!RBspg$bRW40$J14C*H(7>QH6hM9^%iX)pnaKw;MP$~yW+cU`eI73 z^0X~I7ghm!gAzIIh-V3}=jS8uJ1Yli5U-$wb+5?XBW#xK%Onl?<7CE=dVU>Eh^Jto zlR5@$jt0V{0tK!F%p{eZzC)DNBqtE4(NtWtB)wLn&*+kE22*`F%YCk}(__MPq!Mw+ zUCgTv+q~hNRKdCm%dmM?SiZ`iSE$Wvq~zmr1OsUC{naW?_sgCWjp!d+ms!zMQ7`~X z%nge8sQP6;iKf|feb{qb%F_u_HhK;+b5BU!y-LE7LD$_N^ths7Ml*|JRdsR`VCsZm z=->^`juL7d!o8y2$oAIKl5jf$;cpn&HnV!+$M1Z)u)x0HVu8L{54;jU3u3;o9zSQ@ zHGkv5sclyH*sAP)Xjv8cHY@48pKAiW=6dFxvQSaA+Re(PN4BdaobkwL>)f=A|4~V5 zjrT`_An)fDWmN{L4jkApWy{B|l{9grIjfMeqh5N!12fSQ2R%^kJZK1-b7n3%+h(qA z<&FgVvoxj8qTW|wpUIFEZ9JzXnu$P*w+5fvL|%pW#tr7$YE(Q`yv0pTIIe(EYv(SQ z*_JqLom|&n@}Wkh|w#PMT%DCK!nA{Tq#1U=>ClYfpYg9 zW6^*J5xD^vkc;mRQuF2ldVJ3v6oBX0N&pNzw6cwtHs6vOT7x1-2`UAQc`Mww$I~xm z3OBaoz@sm<{y}jsfq%TC+6NP{hxl~Tzy^t?u_62{hPP5 z!R6u3by)wZEAY&`U6)mJcK641T8eibe|G5#r=%urBAU*^tkQY4GJckx0`G5>7+Tzwxe@g}}No;<@wll4*YW=)O8Pp@Z4ypR>Yd%Hdi2J4fZ z>7Ch`+mk$VWgf}LEx!*A<-s}CDLV7VOq z?Ja}!D(R$heK}nA*>I-GP*&qC!uAk`X+B{UK3%;4LiVQLFA?gnzP5rcgV-j1JF}@f z5w6&{o~cMK8{>FHaw4W<_cM4!k)Fh6-S#;3+mqV{UMit~l}35y`u3*iF`PrU6usv5 zb$xlQA`{t^L|A<^HhY~-apwM0cF36h#U{ze&^OBN-n`s-hxktb<7ANop$=CMsi{%C zrTS+SH_>d^!U77W|EeJQ60`&`=w-t!+`i~YUrn=p)djYPm#=AWk2;$=nMXwye|vKF z@3YoP8KYEhuD-q&VJq-+`=~``ugR6h-b-vCQ>Uo-dp*S)E4fC6zJ6@{?$6C=Lef9~ ztVJ+tq9t9&liSHlcoP8I{p6By|K?|%f>nMm`{sXpa2Jiv?D*z3xm}2eoan3vfj%Hi z$RrKv%O3;(OWt6zS$1u6W->q7zxQE<6$yAW<3zaf7#m!7n3T1?DSE>e=(yO0Te3 z>7Z?|doTdlbD|XwwdZ@Ukqr6njl@W45{26k9ISW`G8~V2uhN!k&d$rTv zdCH%twDTCeTM_;18!zvj!&r9H27W!`b=o^XuZJ|EO0*&PE!BHE)DJSa_jyMM^`+Ts zQrm*5JI#y#Gb9UTk+8oZPcO(E?C`yX`_nBz45yC}T000Xci_GB$H8^JV}tVxrSc0QzbJ{ED&m|t+8`o z@3ga2UKfXV$uM&&GY7m_=D_G!a>)e>IlpuFb+PcV#bkMN_XsxaMOiFHr8tt#*$ei& zUhMvMc-=&l=#)-R@p^lEyWXGMx!tqIgznt^T3Nk4q}YcpJ(4_h+rXp9%x8!F#Q z%aBOU1wgp4kvX9v~JtIvf)Tv^{$cTC9mo&6o8YepM z7jb*To2ch>YBAbClD=BV+uj@&vEB|1j555(5C!t{P3yK*Yw^$blRRe+I3NRQkPt?F zbh6HpN)2^4SzsSW@>+U#lm6{qqG?Al)*e?0APe#!---@%z z8<4bNf@pm_+{iS2Yn${|eor70j4(Y_Edg2DN5?7!4;@Y0)@HH%MjcMUIc8>~C{8X` zo+U+ZPPmp}m$J9s9GcDD)ZaLAkT7atW@%+*rK(a;?S_g=qVW=B#`g-{V3Hp4GQO9B zUO3Gs%2A^Jx9%kj{wII=Q>xW=R zyEi0u5q(TxdHVcXPvzmY(MPP(PkGIHcq-6NTPymXrrJ_PDVF7^004&i0093k0CtAP z_Rh3Sbc}RN^h%3d$R6U*guL84V5^rmCYV|1nvy(MtVC1Yxx zG%DjVGf~l}N~8>QRNSl2< z##1Kf%o;itk~GNPDbTs_>)x1hWjtBXjeR+H`$cE;59h3$GA(JA;gUMqAxV)E=A3dP zBI?h#u{NRzJDJVEIf3_-r`0MA+L^eQdU;vkt1~FMGinWh15CRLVSSz=a7jE%3xi%j z@N;MZY8?8TvSm{yTyq^YmJxIZ`JyxttrM6-QgVJp8BsNf3~r~u`hRqi<1CT}+UDBF zGzt=O--YTQX9J;@{fJ~oyc!0T@bmzB(5|NdJ+dQZz6#^D29n=whALIp#Si0tzQW&N z$W8O2`SJKa4I?r8ut)9IeTO0$RAe&MpSJeAKxu^enGpxUAp1NhHR^R@u7dYCV_|~~ zCY}%WgZYJ>XeJ{o{miP$%hu&I1ZmSG;v|Y2wA!a#uz|57FTFV0*%!JZhoaFP^~{qQ z2Qy}^XM21e%3r*}IU>&{j4GUElS+7ihYZ}l#toJB_9`e&!D3_nz_d;onV|{G@J*XS zdEcF9fFs@U1XSd47hBUS*Rp0ejNJ-^cqWbcEuh>SlLWy|gSy_G8?++EiIPiBK=Ks2 zBoZS_bA&pm&=9|&C`_u5)&q4dYlR}c@l|>Z)khOr$^i4sP`>}&vV7b_{G?G+#`7lW zL$`jx;;d<^S(h#tlqnS%BD9^}d1ynhi9wG0z}md4?QBOhJ1~$-k3L3%yNFB&b~ml+ ztF}+@sThDhg1rLdHtui{#`)RZ-8@w`foSf-3=O}7aAabHPqRw&u zo;DrnTFaE~#Shj9RtuZ{0Hyyd0K?KXi;KcHvQ1Y~qo$U8GB9Z(glGgX=+gu2v*Jax+S!44*qjEpfm ziqwj}KUYVRXBFp(wRK@WZIzqU7ONAXt%8Ta2jT8H;26Ax4?%&xM>JI_(!0})Ulo($ zBir10&rlvfH#7DsQZcJ|ODOlDBHEO$AUL~0cd$<9qZgsgvZ-Sl7{vUKe5lFN7~7S zK+jqZz(anDZqAVRNEuNZ6F~R1Fk<)#V%43hzmHHs-9pvGLQJ=+->UZ`EB|E(*pMC& z3Co+dp5X3c9=CrUGAK!V1PPPq@6A8{(QvZwPFekpgx0gHF{BWbdG>oHj9B{hdhH}x2`^;s=*pnlbN&VYi+kkkt+29$jYYRqP~fs?{M~Pu$6(YsK;pT z*m2|7J4o$85l% zpi$ASTM3lImXRmnT?`t*j>N|}NDlKMNa1kpNk=wW`n?AC^16mcflCj%v_haz2r0rI@405jeF@_Nge@`f&TW!n?~1991T_> z7=4f5e}3ODqOXn=19Q+R$0Rs0iwd4ei5~HirYQ*C?LVJR*v&&D;yR zIWy_=asDcRw1{V6Lxm{NSN3IRoMj}RLtvhf}vW?hm0S85WU!nwo z3YC}!-GhA;i4v?1bJd<f;HDnTmDV_xB&-8V28iyZ=)(-{{67;}Kb$ZctWV6^AgdN@_o9@1og{bqn_%ozChkZC;B{ybl# zdvzvH+8Sua=bxU<>}z$J&vdIKln*k`s9S35Hm=S!w9CSD?qHRk(76V<5K4uYK_W4- z1;csF^npO2Ywuw$fCZS$L1GQ^#LI*uRoZSg*QiR(P(3(>(GKElxopkl?qdyJ7XJf& zWs<|WpQ{Y*g;&z7u~cu6ZUZi-cVE0{w%RK}7wZfYZ4xD0tZ6Ra=L$+OS1{#+4^JpS zg7Xf>+KQtosnBAU*MT>~wS$;R3MvGKf|`wMkXVGVz%HquRFJpeGqWeI7vNsPT3jy3 z-GW+{@=vNHfIS@cOkl|Z zMGJ2QR$4;^F5vCR^pNdSF@L-qStHe=7gtNXJYmc7x#l<=$J0He46+69x03C%1wUz# zl1piB`fy0Nt+8p?2rGj4*~|f*YnZm<9lGkxal!~Jz~}=XnsDmTC`PxynT(EI!{)!; zH{ly!6`&W>Wt;~V-(r=P>QDi@9cs{-?vM|xy5y*fzRH**9WJ+b5*o;!>js9rRtmiW z919fEwagt}7gzH_P?Zc$#$97DoEj*MrWe#;7bEu*w?me~#WS&= z{AFMj)Ple}jrtCSpbv@}?D>4H>-j#x@BJ+6{eHRJ_4&-}_5QWj@BWR`|K0WXef+`q z`~1nO)5I(NeOz80`?>?Mz%&Cn*}U45Vo@>ji!=Uf6s4}G6dW4zUXRU zmbNm*lEA?&Tfoq+EvO_a`&Nlw{FLj`&wWsraP{c;Cvnd)G8>N}6{g>)jn)7(#V;TAu zfz`<+q;clfzqM*06JY zynN7#9>-)G(CmTn)_R2C9Wyp+#-(B7J>;({aP6JW4Yy*u+KpFL7-Zx30PtKvU;#-y zn3=YMvz7uN+|Gqa=zPypLx88TyzXCi49iN3^7dTBYle5sN|fWJ8vr^1WQd%CTqlI% zs-#|4pmW=0%9dQ%)#cW9Mdoo+c@dhmoYNS%8uh(I1b^$*Uuq@2UWtR%x7RW|lf@Qy zlJv3v%I5^QGn%|9T~y~Yd`A%p75HVXY>|RM(gbu%(-{}b%(27J0LmXHc1r(C*4IO3 z%rJt3UUA)=82W^1B1`B4o*FEY4t8LIi^sopvP14dplAZ+5UhW76SYIKxZU*a?9^6O zr8U6>I}_eXSGpubTI+Xjou*9ot)yA?U7gr>iL~!hXZ|zbg>a4B#=J8lL94MCfxCXi z&j*YT|07QCF_knYCbw0E1$7qjX+L=n7dksT6C2a{6S#>r2qXCV?*WP;huyxS`2N#p zA7H@Od>kJnm;SOs9{`7_{Dp574wTcEExAktNgU#@gCbzwMl$i|#tYpv$dPFGHkW1d zgob5rWge&#xRwdUH^|11%#;WjfLO2q>_YJ6ijh4$ zeC#CR<;Mxv9bD{u>Fiu>+pC&p!?ijqir3Zp1}R*%rdKvDRJ!2GK5J2id0}p{(Mhqzu=tC^mN77a zY|r0m<`?}IjEa|y81cN{^mK`aRTk9G463!nIt?O&SxR|$UR_DU*3qQ0xcT-_Jm*s-pVf&E)59qn%^v-m}-GpzxNqvhh-EuCJO!t`Dq-Wsu_5BKIhR;6RdXd7t z_0vjEM@hptaZd;VAoE%4y>DMC{wyi zf_WM9<_778_(L;mUfGuv%~R3*V8BJOLek=O>-t82nID9V4+9lxrrj{vJGfPu#!KGu zCajo|PoZoBZp3V3*imp2EY45qP_&?K;sjfk6)h;+7W4&{SJ0$HaHToBgj3(vIV9Hg z4pIx+YuZYp(=LsQ)}K1URBli-)xiuMXe z#ffH3IPL};Z(hI=_~|xjfyecXSI>QBZGmZ0anr)0jj`c5l_33MR#254R=D-}@ywyX z=tK(E(JB9EbC{I1VD`1gv=lB8L1ydGs?6BTW!-c!;WTpb1@jz zp)u*ay#;zq{vi=8@w~O|o>smUgihuPE4KQB9_2SDyu=Jf&7FA;>YEqlIKyyQ(U!XJ z9qgvu4C7+%M5$tU*hPRhE$2pBb`j^X>!-+xe%v*6McwS0+ zhJ&*2_iRb~jTE{fL-+FZsiOXH!(>(2&;@n{Tn+4Zv46&)dl{ow)SeT)2=F&DYKpJH zvT8%rLC!`n#_7)`)t(nN4J5Y3wwTG1VmEpNqlSr#QYT{yIJBUQUj7$e?FiV~>kXcU zgF{F&9WPwN-5*~xlW{*d0@-#+>R)aZM*kadIpn?56L|K~eE zV>7{D>eW0Sqa6mds$Vr~;Nh}9m}BvCtu-J`K~3+m?N`EL?|W4J^8hRE>tPq#2-ejD z)G&F!zwRz$W=Paz1neEqM$CENVKcbG^t{tfHIa7(vt98npz72yq9vtv&8$V3kB#l# zYzN9OPv;pjd3?Td>Ua=|ktAy8SEoBP`h53(S8GD*pEW>ke%B0L9S2NwQ3g4A6v5k@ z%5DnOtcociQ7Aas6(Z(3N~pb5>b8vv>P0%T6g|;@6<8*wLWr}CkDf{1;G8~q7-v;qRT`EWjq>mhJC~$H|w^ zfQ)ls)5|4_Dr+&o-&u;XL$*{%2=u%S+4{#A#5HG-98II*=W*I{-r6J57QiPn>~4hS zPnwiidahb0?;Zu95=i0fx})&_23^X=H%$_a6wK|E4bb#-EdRP`Df*`=KgiO7^3qgSaQ4yzvZeW@US&vSP+N7H9ug>vlG53saX zSU@_#nl284`{kV$lTw_&aB_bgH1+cNJija#C?b%|&U*0GyEpmHR_BvB4j^SY0gAnqJ zaRtnmG`B%{iuY92R;nLo;_s-pRR4+fvX~q8*h*HQekDq!33(B*l#n(|$lfsclEHB}rDdpE!tXt>> z;53jo7D#kUUz;{Fo7JI4c5bwAO*l~pM_&!W*|GpeSsE%I;5>~09@x|hnEvRCu?SU!g<(|#b*G9+pRJDOLg z{dZ^=0H87{QuSXn_y0f8{@wlGq22#RB>pGzrbf{&HWKI$w=wtn z&53c7O1D5s`R6?kzWq*@NlQmpK>Ju-UtzF}gv%sQ-Qxn+h`9$SdRni4UT!snn-`Oa zIu@v1m;#1wejwoCM$p(gieLkdygb_*p9}*s6rmzs5||9o_q29F8x8qW<|WT6RZpG4 zDRMt9$-Z5Ai!{Oah)Fx308@(B)Y0Oh$FBFEI4dOkShTv3PT$p%H69M;Wu*QlU*=G{ts z#4{S5M@(iq-YsRu(-yWiGbGwkDtbk;3K2hO#(UMkG zZ{v8*t%{Yx3}~rYj@1&UJ(lFZqIT9_n-KURUGmK1m28=9$)i_*kWZ~z?`_q|waVJy zg<)cqu_fDi1e*FJ+XFTcn}bAKQ}O(7Y>`~T#q*;Ul$IiUYfHDb1gubSaE@cX$%Z`c z@}pWR-$|IF6j_;2J+|Dl+*01>Xc#(SR^$2xM8(PjpGn~x^0a?7bynjoXU6!rlo;Q5)i4FmT_xp7l}TJH zr%^-cM;veLErPG{;Mm)nzBD*V9Xp8DL98y__oExNKuMG+N>D=JZ0LtB9t*uqmRXt( z34Oe0I{S8Gc+jAC(I&WU@!>v_{-m&Os>7QRk4gXbUu#mDdxAj-0=4ua$5C(-~F{kFvN~r5|`DM6EFmb+Oy5;}R$?3nZ>o5P00Qmlo?e;%; zRR2ApjqUBsEX{2V9sUpRFD0=-?!S5T=oeSHd%kh%xb*83bIJtzw2 zoyO#pv?UOX8jZ8BzpvZtXHP*sb2+qzz8U7T8|J*1d55+Etf!8TS()x9t8 z<-o+M=Bkdq0oj}qP1|x|43gOh&@Db9nEu#LV*J2JKpq1ek zZ7_8=1TeR~rI2IEohG@kuee3yg!c*$`5rwn{78Ch?9(3!@71Bh)1Oq#hY`hUFm@`S zg^sGXFLhm1@x|lo(3S;(V(A)&h7NZ?i+bI?L-9^xpO)&QZ9|s;d+R|*F*YUXO=Z2Dh7%wug^`^&$mKV3lI@FDR)?0r`?!i+i? zYv8jpD+UdR!4Jdb`u?B-aO@NuSzi6&N^*sMRq?RE^afUKVeSzGWAhGruxTbBd{W&g z)A@k5JCw%9m?jwmKbS{KW|UNKwIBd}k8y@Q^Idc?;Pg-rRvPIlm<=F40GM*15>F0D zV#!9{xZ2)PCo>bTmKqVV~Iv06R6JlXzz@i;JoYkG8rr zPkSMDq$LHH7(-GDFMpI-ZVzw!vHGJ4W>5tLn=q&Lk(Cfz@|EIqh;{b5NsUe0!iF}5 zMu@ba$o%=<5)dQQEMe(YyhE%R zv|c0B%Ju$EG_ePH8RRNs;x)?MDQ0aQ@@_K@ggZ|U@+yUD>72)5X?Z2@C$HY$#Q9UE z5WR_4sI4MD_toTMryNQrH6603{&tqlQn)L{a^Hsku{T==gY61~p~a9jMVsAT&<)&! zDT$|b{1L%QW=mw&)D^FM0+NJNzL;cjUxAwpT)wiN7*0264_V7?5F3nKXSK9>gNwBk z%OyP+~&X7LcZ5|#-yt+F76XIme)9v`Z`Luw7tWFT2hNe|im zS&nqbK?TZ_27#_j!{D4&Fvmo3l!3q=lVDH*A@CIIRHJ(Dd1A9KVJ1;j%`B)e@{S!c zpUBM#`8&dUaXDNpNI812ug4&hf#N8XPYH!)d6=^a%fjIgMz2k!P$jkVG$A$F*xy)w zwZGUnlaX(I(jrMiAz0lor%_ZkZatVMtdpTBoov@q1e3YSS{dGnA_m;iUkD0DLMlfj zO8wbNY&zwn=bn^bSOK1sznSC)_jdx(?0x`yy_e1eo@UulLd47YxqM2sLnwQ)J5ALM z{5Z8zAOcqHPZBItqwl~wz-eOwiHSV5;Zg{3zWHy|52poF?9#`CXs|q_mZqT$-ym+Q zq#otEUHlEW&HK`!c;E)FQ{V#%tm|$=fYCLZ6l&V)A90Qvq?cBL=-p+|kVL_uz2FjI zbk9tgZqfUpe-$moJWL6^YjEw=x%7Jr?kDr~M+)vVwv(G@D;)OCjTe;29CHwt?1*68 z&NUw;yRcCoruoqoqfOQ|Gy6)lxr4_%U~76y*f$X2q2xUM)X6tW2bUUg;0Ie#3A{rU z0~G#)V2Yex8xy*Mqa7)2a+4}qj9^w$!_Jv z$-i2FLZaPF?@w-QJ-Pmwapvld!K?G~f1P9vl{*q#NtKpg<|g7+ld6E%!flo~`fTKy z+j1@>Q={%lcousxwxcuAv}CD-B3$Q981?9W-M!g;cQufG!hJ zj6(Cw>LJ2KSO{VjHKFz>wq!1vw2pp_!Jp=EcOZ)B!;%MY=(iNjDKLI9Ut=dJI(N zl99rjakyvZ8l8!Zcr}ZjG;iwl6zMw4L5t!j8f#oE2F}Cug3eAbd}&4IZN!()dJ`-{ z%nP!}KPkAWYJ(KI)yAw+9EB+arL7m+)#*0S}da+$r zkg;gzHEGNWxHjo<+Uggj*zjJfI^|eV*}fdVUzrxx#4X!Eeq_#^TwC&IJ*yDA^(1@) z>oun35#-)_b%R~GH0&hL(P+}$_`K2=Y>8?=wY{kCsQ;;AwGy;jEdGfl&wnTB|0BZ>|4S&5 z#t1?U5}=5@0^TzCbV#6i{mCuxo|lJAuhURQ;%oP=-i95_Vy{G7p3K_U zH0~=~qf6wIQXIq~_tTA1k*3TU7)4Mnci?31=H}MEOD|v(pj%Kq&RiXQk5e+IErzw4 zNaf*?K0Eh^+DQ*Xcfb!`$XQbz1e9G0bDBd-2bwY{0;iXzk+3(QRRIz&QwR5q4do7O z2I;(IP8Cu=2HE`{>NvC_)z;VPF{3a56^!PT86f75(z(Ed6pZlo$w-qdt?8pWfb4q@A>(Xckke+XSDQNy&PJ#+d=F=B@J1Aib|vY;KRE)R`&?B98A)d!#t) z#JPgUCy&+GxdKY|UQhN`7b6SFX-^W9-Ku+6Kz&m~C#t71w;U(b-iGr!C>OTM0Q~&l zd~#Ren=Ohcx{t?q-p@P7dpf(JB;fYiRhH=eYV~Cw%^Rl1gH$@^ z%X1Ut0*cJyAT+xlZ^>>M>Hm+gZ;Y;WTegjD+qP}nwv83rHdm4rTPwD0+t!M0zU+N2 z-Z}4`d(+y?ztQIWM(&0{0Oq;xrQoKpe77Ipd6oMpBr{%Yyg~fx@Mz>66K+HPmlcWkb_R zM3NTI!Tgh8I-4p5L@j&MK95nIy~wlZ%j{ zreWWXuzLT76#(TOtOWX^sQtr*d#6>i3`I1%k_<>gkXIX;>y7(Ni^a11tPRc(c1VD4 zT*HSvk+j-xo z@U_L5ztCAGuCW6ML`xedn(6_p6oSyYV0GbtcB@ZkO{Lp!im%i0(E&ZxPX`@}9%-6G zZ5z?B3(?zkyR|tFx?)YMHVG*3os^pLxYkNSl*FrOGOn0iexXmSWt^al)9-eNX$ev1 zHI$q@`-$q@puL97WF2Aq8O~I|>y(cMhg2g(AJIh(ppDd>o7K^!XIZf%Wvfh`T+K4{ zR(I^Vbsu_LC(46y1q5MJ9CX*^HqWs2l6Z~#iu}5XvRDSOak~F;+cZ6x=;WAXAO&UC z@nxg)dKHnaFX8O<#)S;Sj9lVK!TXC)SQ%?MnNREV&vN1C=>+`4X92FPa@gmwr{jd& zh8*j(PG2AUb))7IG&N47TeQ*_N#?l%-(Ii4!*`@0?c`mM&N_oiZE}LV=^(??H@7MK zW@;pn4gVT8W~D%5 zWq8>jBa#ygAtfcgaVYm-MfrhY2*_D7a97|TTgkU9!PP{UPmT*Dr0KyQcmU*_p*0!+ zhmaXX5PC$nI@djRr34v_W?#1i481-XQ}V`V5*+C17D-~Q0svbens}w7yCUIbU;g)Y z`JD(nemjkrg(C_D`VeACt+i2%$VfiTsS?h4{4MmX(ntd+^Gp-@l!BvP9YYRODxuiJ zbD-_?A0)RZMc`M2MG;`rv|ieM=?FUe_!qt09RA`vVoC>Ce5^?6rQ`NuMkZ7?gA`9d zMUe6lGL;>+fRc(J^P16#*ku#8QNsKB5Ox(pBY#fW*NH|)4&9|$QxM&dg;3L4pk~w1 zqrW?&qzhm!u5un;bq+U0>mz@Q3eYJ<%lMFKjc8rJI&zywV@_P?N3}t_12%PNK94(ok0+oZGLokjA&F!`4H7nVU#Z1GXdU(6u;rPH(Sm z+ej_T6{kc$HN?mv8ElEc+1g+G%L_4`u~4;s8D|kla~0yyY(;Hwj~<+g6<6G9Tl8Lc z{^s|Pu^(MTM*Ht7jUsyTHs8^tT&F|jvvp* zk6Fs?fj9`K3rG5o+PFQ%uIMCgVE?G6@vd**7~X7bZn!{*)vZS}sn|}Schfw)nBMOf z&5Y?D`;oe;`v@kBdC(Rg)=IW6hKD6DLm={w@xb=)+(tzeNCZ9qbyJIP3OKZTXo- zqMTq#oUVK)!%f9~cRF~7{?D%h+uP30i|>d*5DWl-;@?ILcBam5_Kwy+>}@QKJ^r?# zN)_4f7XnNt_=q1t2kw$EhzZ5xt~Pu-s%R}BsH=&I87h@@phz=j$LG_mD~?~o=u&>i zK;Fo(_^qT%Cr~}8OHfmOATud272kM!gML zZR1MYqex^*>YZNrW)8w^jijf=cbJ}T6-Wit3}~?L_&?@2IYaMw#dvWwQ$1JBVu{UW zaL#>F5hSmT!0>Y!(h03MSMS^tFVb8yd%ZZg`$Tu-7~6kLG1tkom4pS6`$1RjL(vnz z>uXB~IDZdjjKW9CTOEGn7l^2^rw_}@-Z-UjZ(EV~VjKF1O!h2v`(aq=hj2Bd-lu`( zq||;=2dx2_H{$cWW9el`6(ov=1lNczso24uzR)$)H~_oHi?AIib30->5IWh6tL$tc z9KJ zI@P(Kk)^(#<;u(Je#N;;T2`lBN_E1{tG8H5?Qx|}w1h^qC=(fHMhj2g>@kZ+b4HEc zm|&rhx3p?tAu-r%Nn&?Zw>O^DL(%ZIAK*VzMiwWdE&99Uf(Hozfd6kPBPXvSs!ZqX z?wqBz9=pzl-~%7;hfxaFL}_I=mkLDpXqd6t1cp?(%Yls|ia4{dVw6e*nows%^L~|; zNB2M*uK3p5z>&%6WHzM`h0`l_$a65)k2D+D#3y0QfK0F7;hiufOG;}Sr~=hFY}3ar zkn_iUh8iJmZs9nj=`8XQRI9b{u4cV<5xypuppGU+jmg4%cmI8}ke@$PYK=Afc_a(I z>kc43Orfb(Y&f*H=2wYs1CFDkkF2#I^($vBo#_a8HBKk5^J};0r(~Fp_DWkDkf{}Z z%`2jbzW`=sCSw)h@Q+kq0wm~ztU1*H%M)O)3N|f6c!QyJ5XT$=>1^g;k=FblYBl8a zYK@E?QbtsPyi>Ee_Y_KO6h%T?*Vv0eAC-=vEnM!hTNu0kE#WKN8oY*8TKqO`3@rvZ+lp(ee!0G_cq(|9&8=HRFyc6i`1y?zzq~!(%F@QtH z+&iCIYz(f~ac(KUos)Q=_4AR=7r!1}?G3p}+CjJ=K9xT8vV=0HVgc&BzPb%g{Y6D2 z`XC$8nZ{d|Fmhb{TqWZK59uD6Sx-xanJ{51E?n~SJaLovvXWM-=OljDyqa?BW6eWOH~x6uAW!+$5%U50VpSn9Iv8U z%mo+@|F}DqYSrWQuo2^atpeBH;IIOAMT#DbObL9{8>9>{3JU!Qxey?=4MzqSg1QXE z@K!axj5$td*r}LRKk!{VQWaL*rr1z}=I`2e4#fNf65C&Ezdz854FUF#loWMvDWCd3 z-W^^aqnYy8rJWrNcYr^1c%SMRz3%Vt5>X4sHy1f?-oxA+&31-r30K(Y;KSY{8bY(B zcC`CWSJHVmeB|u6xA7fR+s@|*jR^9z6|XJTu(y>ixwg6ndM0l;xe~oyu2C>d$bzDs z@nh2u6uodg=eFMO>)mCy*;5sVXtmxhQ3)+OA6M%})3n+XR9!WP3bN~+&<`xH#|g5# z+W@UMqf0+CuYWk_f zYv0F!u$k}-Us5W}y;F7?A5%_TUM^+Ie_qgdx?<-os1oqC#X&|CfHIKM(f+jC{`(B` zm^GXjx>ifQ@5sqGiek)g%cd+|sAH31 zM5u2oE5~*x%g}Mh#+;Nrs}{&_oRts?goeDi0BbZ9tov2mk%^u8YLN!on8zDqa}%W$E%?<$wqXaGUfOoWe9Q`w1DL=0LXMUi;iHL{L%Fmd33-x;J9B#&9g zFkbT8^GPyADJzz7m`g#+(fGz6Y*i~YwDT#CDOJ zV?33m0x9}YXC=#L*m~Q_zt^9hf&UqbjI^sD({Cs`KmY)!{yh|q_O_#!|r7VAX)?!1m$;!t4*(~ zy{0UGEucCOM)A#fbXL$3D*AAT@8D*G3prJP;aRibM4@T@5L1hl{Ljx_B&&WZj1qTJ zs{N7Y=dzNFKRnvhDWu+bvj>_RxdZ;D*?g%n;d|Z05e*(c4!A_LMYV}EPIu^8md6mDE8H**fdW+$u%Dxx02F@ml=C|Pi5g9 zW(iw?@C3`L1QKGS9EQS=1lARLfO%rLcw*0|w$MYPl*$plv=`LJuwYMORzc3)A0>CM zMxT?b(R{adu_E3!I*O<|D}FM^JXmtJe*6M#Nn7evqnjX5)OUVJCwYIk{}-^{1s+_7 zzrj-cj+y=kyKy!CN2H|6``6KV6ZZS)91QdLeYGu@C3RbqXad02^uZv3R032SR3g>O zRi4ObvFVzizfIxuR{QW5(ViF3ptHKA zm^E(H0l=sz3#i*!;%T2* z23v0=9O1QdLL*MUieN^_Ju>R`f}Hg-dgFrv40+3zg&*hxKcO%uJ;nG&qKFI5qt*bG z1&0|u>l~m0ue*Cbf^PJ@=I0P_T#CCbnOcXCsUZ4Lz)bgjNXX?Y1y)vVyk|a>F3X$p zX9O{qq$*vL`qD@EExEMqhYrL$qXee;X-n2ZY&z7atFV8P+V78Ok)Og%X7dr@Y}ked zq)*BZIl3#FW&Q@Ng5ok-=Mq#N=JbS-@?8U}X@+~+uQA`NdCiGppueP0hKiZUtE;Vv zP-yBrx9 z+Ng7o9IkEoP`Kn_ai)f|?qW2GP;19fTG*$s^g9swL-+vQgqPo>5Ir*)q8bEy-ME_5!%Fzup8}b}w!IS_)10fObZ6@U8R3@N;f2y-qq5 z?dK``7~fpruqxe_=9F-|j%NO8wI?POKa`grZj(WCY9822E&FJI;4SFe7U^MLhqWlf zbN{9bAtNMf=vv+6=zqZ5(bdw}^l!6oRF$<}|IX-OzvF}L2EoSUDtIE?&pfI?^pcRy?3=L4iK?}a zU5+e}yj*QQNY&9)M$Z?rUrcqd+jli+pf;P>fJDrgmZ_f7vTZIXy;g%LxqDb5HVGjboUlp?NuQ{CZMH~u5LKdl(&0P?CkViSbolt>yt zdJtkHez+i+J6jCihaqe9SSiI3+f2o9*>Z7VQ)T8Wr6=fqTo5cQXOq_4d)HemG0wS3 z@`-Ky?&Ty+vzX-=XP3gA?`qP_Qet<&t<(llhR8_lSynrV{jwT z4qvlEPhz4krudj!1SdYWe#-ie^r6xng zHAJZ1mrOE^RB*?xhD>3vRI=g3D4cAw*IcUswGXFk_a)@A$hAW%uwVGR@Y3lo*ih+ZR`F(jf`Rl z)rLx{ajK(a^aCK>*<}vEun+|3jW~etrRq(wyZ)UlYc%&VS!~)^pn20Du%cz4b%dE8 zGB9>%o~bZZJ7$eJ061U9ZcDU3xXq|3c4vGaw2&o(Wr<#Fo@L+p=?o(~osqZc9?n|) zY&?SeEU)Ib??3+KXsU?>wUhq6(F@7|;<4Wv7aHQq-j-JOuwXuc>dpt)S1#FCti|)HeIy|} z;*%WxxsuH)kY*64fG%P-8j6Na5`O2`MO{ zfXF)mn^m3^OxCSR;Jb|T?r&&HPJI-5dBDcXzIuGRdHt>1L)<#j#W|-9wzM;xwdZP? zQuGj$VD9g7A^S;tXVaUicP*0WVHex`Cx@}`{f1Zp$ADMgZwRXkjN3>!l^>KBH{|!w zZQi>U1A0$N$FX>iFlzIwNQ=$$*eD)OmA`x=&$enOdjCaJws91yyz&jP`L~Sef3+oB zdpk>Kd&mED$bV<7u&@0HqVbl5RbVhedz-h~@s{%4)XdcL>PRGH6bR1zs%gkS!?Ok{ z*OF|N;=HdSQkvFLOUVV41Kb5ViwUfZs!b3~t`+B5@J8&D3%8djn!2K!B{8A=oq^%99_o2J+558c8uR)XHL zU|c~p=m4VNNA^%OIi<>a_R`3hQd`z;9_M4?8-))2%aud4l^iDCyf;DSOM*a_$y1@J z&dTJ)+sP9G{A|eSx!%d*MD7X`2S{GqX$s9v7mQE$Gt8~K`DRknl;fO6E1*7me|CXw zEePk<2~r(=))Z~vl+oX_#}Hr3v2daX-mk4lCh-3FSZ~o}nMWXQPnrXl`d-l}d+uN` ziU6i2$l@iWpV`LO#Mjp+aER^QT8EFj$dnSSY-#(SOEbB&b+T1TjUtc8i|?b} z`Yb5t{Vnc)y4wF&LyY}zJ%F>RlQaE)F8oIcVLge0PVSpmYTvHo-=Dz#UijBP+P}rg ze-kT4QP#TuuTh@ zZzuUl1iMvGrScNPvAAWOx)_s&)-N(vPrBAWG_n9N)d{`30AmoFk|0Fi!FiHskLkMH z83y9Wj(Z_qRve98^uq?Y3wtR*Jd{gTD^+#HCNfxUVw)U<^JOX&m12STnnvY-c&XoD zrELOSnuWtm7q)K@gcM9tJJ{fiyvBYjlVR_!G`+QnD8dn3y~l`7989iN7qqBZ$prWO zJJ3LkN5h|AEs-05c|=|L)~qv_Ggx9z0<;H6ZyO-u{#?2CKfFpi?4=Az@d!g{rtOd7 zk_O9lWTPf+m}qm*ezUfZ$woQ0QY^LZ_O)epWP%CI`>ncf9f0qH0N?Al0g~_E^ryWK za=L}uSNLUf)~)Tp*?%~;$j=Pnt+Tv<{4*-`LZ*`)->5`=AGOH-J)Aa9wEu{;|KZCA zm23YhY;S@d%5JB9XIV`&hzJx-2Vk%(^DhQmtZKW|xMw|euT$6_LGo165A%$xZy`C;RzR3q zyOau)QD3(mq{^nGA0cgH3IgQ;1}7W{mIG*!lSEQ1v(Fje<7@+`n4i=>puasJP|b z<-TM67nT}1_vNa~$#2)LVG+Cswlv_@9M5<<_6Ljk+5N*Z7;?``#irXDdiZ>snm(&_ zRimY5Xj+(#`}6VAFGleKW*n-{jSrrF@@P+9!N<2*AG+oj>DN*n)1^$aY!H| z5hz)tX9)t1Aey0j8UY}~t?d|1-gP8r!v`sDugTr<<)_2#$?&3NN*-T6QBlPYLVNg;$sxkN1m(hQ2|G$O^&F!h z<6t~N_<1JchA6crG;=I4HM$FC^z{sn1w0V@z-ZwK;lPM*dH$~a5pTPK*^&OHkmE(^ zez_KycNFNs9>ns>i00989vC-zCSfv!%>`PngMt+G_wJfL7e|T>w2r#gnsz7ric`9yl8Rz*l)9lQ@3hmHQmH!8Wqjm*ka} zLLPukzI*p1li>$3JOu5>fbM6h$ zrcQ(pwEP1G_XpWE`ZX!RNwduy3b%hU0w+pRjm`ltqGS^u2#pdxATR{*MP(mIt}QtpCM{m~x6v8!5WS^m&zS;4 zutcnMMyWf?)dIk>W49H8ak092JNR2YY69G4AhL#eS9w``bC%Am8{kz}bfIf4HT;ws zmJ@Ym-{cX51xedb%j#*sg~Q&JA7nUichS*MiC|;s0Xv_0Sx{3;z0o_zuE;xPpsY>x zh%PMhOeqHTB=0qT6DS!SUQD1+S_Gai0U^M{I;GruH`K%)&#Ouh&J^GNpuF` z+*@WSj6Cj9pyDy%vlN!BK{2bIn}oF7Z&f=g zRQ07fij!T9wzc0$kSFNT}B^LP8+9t}6! zf9x9d1&MnM80!~)eVoXXRd;*7?W@~ud%E22#a-%kKj=??Z5}*elk@wU-rj~;K^bUg zd%w>f9PtlG60}LC%j&%y95mu5jo`)gG-%=Yr*3vVyl+}}gSoqHEdZqaE^N?6T1#b7 z2}b9{)z)2h%C84gV-e}BvH=7RCQdGOu4okyevn++u=ob5>&Alr@Wc1mda|xeTkuY~ zUX3PpJUZ;aXm3A$AlH&$$AZA97zYGFFQ}p+{(HjVs~IHzQ}2LeT--?dPCm~Cbi+?) zFR-96jE-!>z5HT?I6{c-lH+@nEIkgY!ruw_uJ8`u^I#Xr@ZvT4@F)d~4`sIe{!Ddm zr*(XeC%O5)4Yqf4zWj+(NZayral9Z#2uM2XRwlL_JS_m4HT*Np?~Zr#eV;?V8X7fn z6kStsma_Qxlxz~s_t2F7NA|YHlVUe8fZP|R*F3Ea3CrTWFwRq?U;f}_$q1uBuIpK* zRl!Ik(1ra|l@%402J_7TIHzh3s84hgL@33Ai4wAg@+RUy1bx9jQLi@Eh~fEfZ6628 z?YBEWKQH9BTi@oYcX~EG?mCmK?ODcasTI8%D%*L$T%s}zU zEdVT_=$49ZReU(4Nh-_l3rOGv=*f(0V9S=_l^sAt8qfonuD5+wU_il|!bp}Os!Gb{ z7s8hU6!qtqtY3MX+UAtLDjSyZXh6JAMQ}+LHP5s^Lbiw?1ZDx|oGBwfBNhd&2?9ma zJRIfPfoyIEDUxiNr-MEVNO*($t=86}NT}Vt;{wd+IU{!$JasN?v$#|G;AYh;woYos z>g#ltmt8-8=wDW?ok2 zgK!^QH|%J<1JIbYXR_g zBW^`84OYdT+4xk%-bP(mqFMa~d=32-X=ZWY`^rW;&hO@Fea-X8ivSG_V2b7Q7lI!V zkC}(7Xq1|V0|5fCQSPwC>cTP*t){?CR-cJ!KdSawEk$w<=Mi)qew;LUz|1G`uc2C4 z0W;z%VJ8`UAho193P)?V^I$t;Si0CGdB`_X@B&?m*C2}z zlWCX*4=92*^S|Nfbd6s5F~7t$lVAC||H(q9c}!~lGIhKQ8EwpP^L4ep4P(E0KYu-_ zZ%ZjTIvq=7r!TbW{ci63Ku;9x zUJhc^1<@AFaiaSdx@a3yVMwmm$aA`%2kF1%s~>T0eC@IO`AG9WcYhy@M(f-6lsON% zqoPwJNi-}Xt${7jIKwQcgr6Kj6YXKZkvjlDz3-yl){`&$^1bZ*gp|1ZbG7-hlOwm) z);a+w~7kEEw|<4>v-q#o-Yts1((zV#4Qf@I!d3z|FTJ)YoG`@jl%Rt=q(pi>&xgyHW~_wF-w9bM z(?jZsK+tE?M%Q1`FcSN-RcKw9Hu;i+zjriGt@Kgg`fd0~PfQSd>2VH|CFf6kezy5) z`Man|@@7yMD?tyfkhNR0c4SML^!Q6$*D5qBm%Hb3yc#A_?-5M&8DJRW${-QZ(l*Hl z5&tqEWgT=xrSb4bB>5P!5lA1#sN=Y7RIzhIG1DZu?_;GLZ&?NwfhUv;r?IH5>! z1%>3^bFd_xYT!}(JsIBO8|c8}p0h?X$Poo4-f%KaRbQ988&@f#m-i2h8{i8>2YoGgf)W{AthR+WYlxttdSY9K z&0X~B@m2q$Zt)Tq#%87YPvy3sTC-(gr^(?3J!^U_3)JSNGIge{w_L89pcG4Ow5mBU z8(H~!79Cc)Yy%f+IR1)HEo2ohvBC}uOPa{=^4TTQ*|s6MKHZRM>1VMswS2@kHzkCV zlIbY-t)|k4L!h*HF<>34VuiFu&oFBnpe$|Bi=Yp09LFtDqubFg$Ph}-Nm82Txo&WK zAoTvhKCXk#dc7tD4^?L}ghg!r=ISPM(^Up*XHdtTJ7b-U!mq%H2P)7=`|(mawsfZM z2ubA8n)8oF7(oj2Zo;wP>Cm6kLhDM`xhSTJl)V^(-9cvpQ4 z(9~ea9I1eio88NRE|to>_TTp?_lz2!nE&uzuwNj+T+xhJ z)`>(I;m9#Lr$#6)v}1LJxK&q+zO33|80+?C7e!VO{YO@|S8L0;PnkveX;t3&XU}hLY?MIQcM^m9MGdi&4 z8(o8#fe$Ty9H?mBT0MK}@*zJDlt-0P``O!4SG(HCV)5^2f_HSxtwm1z>z)JBV2v`E zDk_(?G*5ABF-=n!Ejq6l+4yc(Onc&Oi&5 z*_D9|yBDpQJLf@O87jjq`HvgR0&^E!mMRmy(hTKbDQAi!@*R{J7G%-~n=X|rK^Rqi zGJxv@U?VS_PxM;A-c6s$UkQ%f!eEKyKE{)V1n3Q`=@4)fB7p8659e&?3{jo~HZddJ z=z*0SRv5QgPm5wGKQ%NVdou-~&Xx26g=cAOf|PFp<|hJUhg+;9YMjhI!HR3G<3S0A zNMZ5;@8Egzs1$|6lduJK~Mkt`Im*wPVt7Fj(IU_$8zVTry7 zVo0-&Ei~7bUY?+4;AxN1O{PJqqkjDX(}Kx?LbOlb1{PuNm|>VIvy?=x@lh|r?;f^+ zFn7Xq7FTuX^v!3r04|Y$pV7%uYm6a)Bd%fWH}1ebhES!{aB3vn{^e4SL#qRfVMd8A|tCOSqzP*;qv9^s8E-W%Vu@1lznKHB9m)Yi)kdBXa)tAHm@ z0w$iW{=-Q4`5YC1M@OLD!24&JivNzmBV5UO;0@J<3!h_zY)m!PD<~1OJbxr0|3d=! zvYNJfT#n^X5P6(bq&wc|(jH5j$eNKK@H<}LOKixR3Da4;_`LlA4M<07ulh1?=wgZuoYRpVXoxJ7=EpdQ}!qffXo!JPNN)Pp) zL$9k-K3b^8Y>O56Ga<%a6VA=2>AqTqn9FjU5viJDoQqp8Ugh=upH%5yDHD3l*L7K4 za(|*&`c;iuzngah!d=pBFl`vZRAE6fQAl4H)byiebVZIR{38uB@j~h#CNN&_3q;0d z7A>Y&LB07G)Oph7`P>$D<~E(tyK~IkX>O zId>v-#RCee{`dH^^VUDktx?H2)5guEPMY1%%_`J3w^Evq3-d&z$)K`unYsb+)%&*z zG-RQeXSf-`1#Mo5h5q)*1NY*PR*q^wQdi~B20Q$Zyc6rdIZ`&x3LIwj=bjjp#n+3k=ja%imOm8i~~DQcEX}Kh>r9R~eV~&}5ti7V++qIV22; zwBzD*r(#MIaDxFPlRzHk7N*KyxHNJD4?mJENTi-UA%3I z89vgejn92pfC)GHE~SE|?qrs+yHHRZppc3?NFHib4|&#eHIdSupOVqB)`r5m4+8?H zB+7$f3@#?bjuz8TXh@U_b8VN}iQ5`ah@!-Jprkz9;gIO8t=ba=MIbEK@#x-R zKUi+%QXfc6w}#;x0rEGEKr(N#Hf~uNzQ-edT$eTlNM=iVuL-aU-yfV@CFD+6&gh

vi+?LTks3uW06tobnR7+n9 zU}LnV=TWY1hKJ0FW*q%`2_exNi_T(^0$|ZD;EjC9o6kdxM_uzH65@U`WgHk1 z7zo#t?qp3D%=nTF{@NZ^bp#fKjLiiXw3PE~pp~?X)g$!hq=>35(W*-ZbpsgHa-1fj zkEL6TA*Bt>yqQSnlBO>AQ|^3#^lx~WM=MH=yXlOSXqPbmFFROzIIhd^(%PI8@T4^Gt;iCXvMr(CpLbN!xk-CAGMlk%HhV|QwPA21>a1vfNV^R_ zQ;Ganx1E=_M>-i5&3AKKuDy(|v!7*Ds*fW`MF8hHZv;PY`7d;>?bgK*_yn&66hIg9 z$qq?G4KNntNbI5jTntyHs)^z$BkRJ$@eQAHt|MbAjdz)`BVU zwcuQOYAC8n2mcUQt7DKVV>qvfzR1YaU*99fxLOCiSfn@(gvwa7u(`obrr|XxU^39ers1p(hoSrCexcU79X3j! z%6szlbjXAR&J#2405<`41g1!Ljrt<7A?iSo-LBearmTPwizFNv-R}6)c`)eGC+JsQ zD+cHk0~V6mx1QXK+)|e{x%imZ9xV;Kw%cR)uGPvBy<#A1JF4{vi{>Z`5}K4tT0a~T zKhHpo4$ZoRGh(2Q#m{VqMLv(+<_L0C>pZk4Nyni6daJk3{??NAvGWI6*WnowSz#;Q zpW{bWJIgGw=Ae#!ijo<@F5-2xMdK?4u&bY(wPIeWMghM@+7JhYof3Lu4Q?O6c1bF8 z7;0ZE+eyKOIHRKElJDdm#|mk2$-q>rLJ906(9lM~A9m-`Itr2~By_94&@n4IfCN=TIWY>|xI2>dVW+p-?5nTraVmHmiQY#Y;pf8u|FaKl z|NeZ9&`oCI3$n6wW9@M?G%3trTw$~ZK2b@R5?FctGbz)b`xQgbiSD_N>&OENg9N8? zq?^WE2---43obi4t=l=abF*vz5dj!H{mp72wt{iA;#w>U+;^fhhtrIH6`bk^e6;AL zjz5wHxw&dU#)$qRjS_L5p6E}jh{Q9E^$54}u>cEwtcn9HyFf%Rd!g`o4iPCIHo1kN z1Xm3*^VYG;)8^y)zG)HU9UGao^A@?xD^wS}jFJ3^Lqdx~a? zNsc9Gl2i+|K!_0#A1({0d zuu&jI$axRrC0Q=y6j4HkXOIERufzd$I3ND-N92dr;TYZ`2$~_lo~ryrOmI{4Uu*LbQI^;aMcF1zNhW2#H9V*tGlL6cp9&NMgy~ zSZXxXGhB;VBb%}h1M+?cH}j(kFy5WJr)r`--*X$FfQxBSGwz4hYK{y{$QKh@l-KrV zrzzQi^!*E=sgFFW*whLcmf}23@}tm)Tqd;nlFj3C06SuOoxR>?eD5lx>;-6b$oY+i z7+ALyb^GSA7KgX+1NgqMUAFcbEnhPlG8Y?9Y+SA{d=?zzTxp?cj zy}+0usR3#TG~ZoVA{HBvIh!rxP?7CxYk_i!2m6puApxtNOy1ZX)4bMW*nqBXeRX2c zk4NWi3f|WBw{4T+W7h8ROgF_bUP0vaLa>A}sx^E_X1H(FnybL_BP*?M*Rdw)gXpyH zY<*69wvWrp{Op(b=w9gg0q03%c6LqLm$u^9ddrvFvi7o1%dpz0j9=sW071 zY_>eM9-m@Z%dFqWiD{Y^M!%c}oqHJ9tpPbS>F>g_8vq1Rs|9Rdtpf_x<>~Uzt~OO^ zS>5_DbUwrO^oW3Zc+{+UZi#DHQ{gm|GU_7QfvN$)!L2iURisZmtr0$oq6cCPKY;Vm z7lbt8A5t~?p3mbhzz(!p$H+xD(q!%=Rf-LpFi2nWY396*(=0lYd`mmRGgO;1?Cmc$Jnd#k_m4eZ zC*ce)K_W>MXwO|=*9pE1&$MshoCW`UUVh|)*KKH~?0@nVPpEf|-VDIA>8qj>FUYc~ zCR!vtED0<}XVz`C+iP>2W&#%=ZH%1tJKv6fp5M!#A*{&h8Y6=?3xzlCp&eI&H3k?e z&Jw2wHA+~^(q?XR@@}Hlj@!d4{tgC_LhRkmtkzeMcYM^-PjY3gPcuMC za{dYc*=(w$#x;D@Qm2q}XcR?~LVal|DiOA{IGMcz!@Ze)NZVnzYPPN$Ykikw70xGK zl{-@wuZi>dSYz^QQ~zNhvLPvOev%88(6ENw96ie=2!BRD*q)kileOL;2qe3h{B)Zl z`|;-W#(weMi_v`*veh5-weyktW<%H{Qu#z-{j<^*FOE`}6p~luT9MJaC{fLZ>R!G( zjogqQHZHlN6~%gNUDfPPz0rz6b^Ea9YH09}BAV-?KR8LO41* z-oo6#M!Pw_m!q&;kj80Av=Q8v#a;!8F)V8$nbW?=*uQ9-X?I5h*qM*2d zLKT}GiK!6)Nn#wyP#bS<40H_KFKjGyASo~a0Q|Si=C23vAvjI`^Zmn(z8~N()zp7J z04*cq--C7NzVA=8wKTW0cQloi@BO}?4W?6mjo*C@bY{VKU?>1tLbN@<;RdOGAp*$_ z6waG_DzaGjRxdjz=YqBa6LCUEfGB=H4bdzP=0l_xiCe;q13Ropv%2Z}vP|HYQlw_G zI}D&sIB&EVSoI^W35?ir;2OoJ9J`G*P{F*TiMs@*{Cx&ePu4H?UWAN=Kc{B6|$<^AK7xGxhdV7zaeHKzC zMQ$h`tEn8Sr&ASy@yCbS*Q`mTazJXoQ&zU)`+#6_g6RBbhN@2W=fCWaL(>jt&G)`+ ze}Az4Kl>wWVd&^gXJc<{O*_tLH$Z?OFpC$#oqJ)+Y~15Ml|Y4yH(f;ulOjlc__!)@ z;(PN+mzt~#Wo}uxXduNE0<(NqAxdp**J?H1xy5f1yHzbVKOo-bh26Zt&lQKy^YOHO zlhS^uHL?RiY}NQDwLz{J7t)7dhx7TMBP>|ne3{~RoSnHwU#Np=jh!9`4K+OvG!*zX zbIAo}KTUk58a<_B2_5$@aIFDA1AsTv0D|~tVvYffo435h|4Rh-7Y~35qUOTCIe_~u zRQ~tR>0xMV6Qjf%mni^q@!btZhfE2h$%eXFB<-L?C+f-kY|y~aziP(+>0_1x+Qd~P z(1+LkbZ%boB&eu+t@H=eU$ltsx-wM%GfOeq{5SLWtMA|wNxGt9SEtB*ZLfe6XM%BB zD}AK-pt3+j-G4a2s>To}Nd8_%8KJ~2K+h$yjm9>v!U(IRcI}sj4&NuTP^~r>^-cn< zYunwLfN9lH`u$*C#(nl%kgP~YR{*jAJmGhvsaX>Uu7?p$q~*~He6Ix23L*=R+(0g` zm5?acvWHdDg4Yg57&^I>Ubo;?n{NxMyBNCxa|O!va7aSlulNC6iwp=$v=g z_`*l4KpUv3KWPhddi$xq%H+9+4;>k;`4|sZU1e|5;K{O||4SST0Pq)n-_-oCzrW;C z|7yp^fAQ4mzd-+g7yZ@F^lug!+uMH2Y5!|2#NS_d!|k$l_PxgDn>2r^asTJF{~tF( zd;_2D3dqukU+b^~qBL7YVcRi4dm0A?+Q5WC6Eq!LohIwr$&|Y~z$|+qP}nu2Z&c+csWx-`Cym_KTU0JM%9i zGa`TN*xu_~D;{HNNZ;)0`u{PFn2K5<`xIa`v-r)LaWHZhMv}b=LPM9?-LLdeh1i68 znpOQ4=!5Y?cXD<(;pLotG#}xOE)d0j#!(v+sfaGr*5?s)`%YL#sg8HKJnVupI(j0l zUDhlCA%iN-la*Fi2-?b|8d3B4yXeE5wx_gnc%xNPg3V`#U}QMk_-%}$oHmX?Q~m`0 z-Uwm+QV$67K!IMaW7aR2{qv413%e-F5Lo_|X$K_0|c^k{0Dt8?1%q;U$OrwrLm zvp@mCw;J7EJvt@@N))k2F)_oyzlg#R#TZ;P0M&@tk!o-{hoLj5xi!-;nixmD2#y(7 zdoQ)_9};phN{SP~CX%(|tDa!+s!jT-I`iOfI5ALL5&B1%$od|HtW60Qj$x>&? z4lp5u4BO+~jK5>v&6;eunGMrd_o6?BkA`RJ zsV8mV8{=6}YPa!JD%Nx0Z(#q~>@rVDXC^;-aWn=10A&B8+5b~WZj<{*$dR>qn`i&q zH;yZVy@`B$>vYqp#9`QOZfSnuscF;j$=I1PG>~`!xfdbP&}#nMdm4C0D4u4_IsR!c zKswGflWhtRu9isWj62SNMrOj*66sd-nJH~@a8%s*^=av8sm}GgAbj`{{@a^(?0x~) ziIeCBbw!?xG4Jw#bn%AnsQhoR+M=^_?Nl{-suTS#Mjo7q?jchV(yU9a zZ3lqZ_A27CO}Cd**mReU4ejvllS-jNk}xG?Q@z-_reGszqoP=~swdHal95Wrfw*J9 z`cCq;5haVtF=+-KWQ;G?L=+A`8qTv6QM=#!Ty%3wH&SRg`A|-T1m>ugvIS!((D7xAqBfBv~91%@A=9JS)1?9(s-jA%f2b z;LE%7{;Sf^FVi(3)IrfsCUxv4C{th85{c|IQ=}uz)A}wap1I^xs<{a%r^3qEY^*lS z5{BFWwPJv-)F?-Gq&$!%a)vreq&C2d5=z!G@r4OHC|&|t37KSK1Jy#t&Nv~GAx1wR zjN3<}sKq7%V@|xVXFlmS$>K7a_YON7Ab{NdJ&?%INzcl7tr22-;2Bva1mY&LjlVJ= z2unx4iD(rOQbuR}!U5dm5!Y)#!xKoLe+5k2zdtay<>^9t1!}*WY{;2*K%ECclmVa+ ze1eHbjQCUtmr#c$#7GDZmCjPT0f}FF%R&okClYJ(Bmg~La8G*y^nj@=35VQLT?TIT za(`u61iugof`3Bm8N{Fa1rM9QlIu|X+;9hFg!k{{JG-Uz4SkQ8CCFae-}Z=n=eqw^ zzI%(Uwqp1by32SN3RK}U;Gg=j1ayMGXqS7&liZum4Sz{GOF1AKW{T*WI z9rr50%xD#6rjo87MK1ivSErks7m#l?T>`aSdS?@6hCV{2e-(WuVO%xCS2cMOKw7%8 z|CLfL11Nkx9f}M?O1Zkh!?)t+2haj`rq#(o#!hKKCmu^M;-9aA5foEJ{GxJ%^fkC);Qn@_6(=3S@voM+XBm;M&t$wEST86hMHLi^8WDw5yG_z* z@xtb^1j!Lw^b+G3Gb#vBR)HFT0R~}~ykbY~n9&+@Mh8h=fb3a8eKGCm$S3vPy25Zro3c61{`$dH;F4} zepeAj_fc~!Un#@HK1z;?uLX~+l%N8aLcUKDTCRl&Ot@o^r*u?+&j$D~Vi2}O&+3Iy zka!`WRXFgjxP7rb?NTZOHr=@s?5mb4DF^^fx~+^}2(Xa^#gw$ZB?+UGb_4b`OMc@9 z!I(7(%7$ptxgx{qjNHmb>i}T_2pcv zi8QRbx80SLO6T`z`+-t@C?0NarbS>?$7zv+JHD9gFO>XP{73!`*N`1onKx(At-gNA zb8(#1DW}{si~;Wl;dA=OIyB6NpT&bJ72jJfY;45g`RsH+r&VQ#HrM?w8J-g`I0@rV zY@f$gDRR37M<7Q*RMt{Ys>tXXsAVlv=WnnoyCv8uz*7W?J zIYAgY#w=fDYyFwoJ9)7)N+^0fyTGmZbD+kjStDiaJ2JXwg~hrzVz6W6hClcJi6XXRn!)));C7wh#mmVrp;oK7wufLO6Ee!Wt-~2#r}cC01k%2 z*YxH)JwlgvPaUI*NoZ&}H@A?Gqh*}&aNL_|O{kKcsEdkLzaPB{ot}VZ-fZVLjgB(J zUq-glTw$*86?;9Z%`~2%y|7n<9Xd<2P#g$DjPPO;_4Wx4M2bf}6%+k=6;6Yp99rYUpa<2k&DIl_;l+`GeTA@7%i0lE} zmOxpe4H!qKEkRd;@ew>cB4!+zFsY)*p7g&CKRM3`=bbd(#4kUfhYYZiSxArKiVx!^ zzk!O1eXdK&(M|z1NMTBTXEIl zR#}!bZM$%)`uv-7{Q`$EmjrDRLrZn)QgFoc+*XL^gM3rNuEuV)4qkjW&Qbb%)TuHsZCEEHbZ&E!Iniz>DB^;xx z%EZ=<^1ZI3>d*zeN_#e3nQ=mlW_B|q?rws(KN)>w~1!%kujTGcY*%7nzm%f-Wl9<0hPfsbf zaZM;QSgR+PAUHvy1@;nQ9B!&5f&q*?)aob6vh-5o09ap#n;WB@jUEJF(GHLLG7DrT zegu#`X!Yc|;hTyv&wz4g<_S8RL@}loIHx;9Qd)5V+(DBAZ;&C~pI$jc_48o??P^oMHhY(Zz%{y<4i-H~F`T}1+GUx$4| z7lgO~xTjaoX&B#yM;9$eMbhX!?|&X49;&~wAX*K=g57ug=9(usv1^fCYwyo4!N1oA z2sER>ePh%*XPe!Td;K>Icc4<(@kbm5#qGEFN~!jtM1#)T+2gcK?WYXlQVTCFRBzRs zn|6&_qH#D@DsHGIme&bii_;J_X>(>OStwAL+vc_Cm?wY4T4h;h^20K?eTCtq0p2qsYuK z7N6L5y3VHW*~|aet24EF^dvjgP)=f{vh!l8B+a<-O)OG)zh>M!J)lAROuI}xlSXcttcFJfELfF5N3LK85+s)K77GNI0f z1Q>COZjv`}cY2_6VFkNE@(g<;(G6{5Ji*R3&5a~eH#L9+KPM#W9328=@o9F=C9La% zMzP-pZ@9;32+>nF)dZyfSYK6ri2*K?9J?B4 zy)D}B#@!V6x>b*^Mu*q$N?AZR`vZN2ZbArr@OTeD`H%Kd)&$aqzI846ydL0@yan;O zDhj6X%@3GM+q|B~ArX@C*YJ%kO~?rlyFcVAn=hVj#g2KX7To9xT1bF9JUg}U^RX5n z3QK4bDdn1N;n3Vtbcw#pOMa^~g+qy9^vzs>XLdQ!1$s~4w)|)tkx%Oon=PRPg{I>c z*a0W2V=Y8Rxh6+2{jIq0!Ve8pNYw^XlXK^IJ}sn+8+pZ2SBG4A0*sS=gb)DB^7CYt zz@mokX70Q6jFnh}~u4u`0Ovl-CREI~-$>0gobN&{fE2^JV(lA8E3#H)TtL_GMSio*x{ zggn)k7pNYzXZx!BvSMC7uj8#az<)bn$%#}G^5%Xv*eHFSW*mHni%D*GzzgqyZ__;1 z+aX0O!LAX99gg8_`voWJ-}1IJn?qj%&`D&Df9jEf#D)y@9Jg)=md7Rixq+ zE|LSjl7mCD{~5IJ2Gkw2-(`#?GP}F&2++(NA?h0 zDG4Yro^M7mZDV&YDklGXa=Z7TuRkPg6y;Hgj6ZQm`62*c?*zp94Da>$E_yOzzoNqB zIHhKc&L0?QqnoF^8zuS;pEkw3_U06K&n=tbY5ICvSbKt(#vol=?A{#kw%bK~ZF0+2 z_%Gg7vyQ78AraErpg9T@9p$Efl4-8(pbEHvlIia1>*IL^{@=$XSaE&*@U5-4&*!Hz ztI&dL?)rJI=B%e@%|CYgro7%IY7uV>u>xMm7V8G6wzU&7`imD^k*I;||7|LI57ABi{zx=A% zAizTwE}M%k4lt*?Et;NCOQCAiFtTYDyqY_?n#mM+1BnX6xixwERJY(h!nJdAxc4kD z^~RtESgt>3J0z0rG!U4%1s6IQ`y5RG0wl$@y&kcr=|bG3Cez-13Dt!;b@yY)ll%$R zL_dtB{Q z_!`u;-JgW^-GqG#@cQ`t;zl$vE+6u;J?#kb*wg#g^O@enb=rZ)=x3H5{xghRuDk|@sLVLaQ==E!zHGnm?6qc8blcuA!0Y>0R?F-CX@GzK?m`IpD zw8bH4te~AJ4d(X2Dt*Y+c${Hxcn?ai#2GoRhbR>)0dVKbSHkV^ieEyjx^~1-Wcik{ zJmexmo~|@?s;pS4@DF(i;E_rhx-1gBkxC}UJ+X(^SMX6V8r_!sSTV3yFf_`V_VNS~ zUBd2P-Oiq3tIn>}gwsv%abmwWl+4o$z0IuCu;Z@_%=mo15PCTJTv71Ay}S~iBBBG@ zZAWS1(r35Y4Kfy{4FP`uvbYM_VXadHZ8`}s4=DY~!%vjJ zHaazekgt?&EcOG13K!|b!JKn8n#Q|Ga*IO*V5|K;W>)Q*)_XG@*naJ0p-?Z>S2`-*`hn(#B0Q*a5EYNgrSbSr)4fL1$`E+ zksMP)uR%gt299D7Q#y7iyH%l3M9>P4My!-+-rK^p{w*=jV?9P!k#U(xLq`Qaq`h~> zY!v&nL$$kuIq^@HB26W?q_FF{O}#kh3bNlb7YZe1vI?iti8zP1g)Cj;WE|Uj*>ZLp z1d)r)Kw+2UCf`w;X`{5SrXlqd9Ztg{BWC$9*;==#6UU<%{^5a^CyEke73H zB75w;<**ny(M9B!2-r7a+`x}i=r zd3|%|=*Pk3m_T0lK=(;DLr&po$M7VT|4pb>weTsSQ;+}-dsC&t&y^LrbeqK9WgeC? ztXiV#v95V7Q{%(^eW=mN)!oU>+rjJQMKVPuaBTnM#`nMeMOWY0 z*zAWk#O&v7`Hx)OqRO_#50`*9{DBX<6qvMn=A#w*+e{tY7%SA}N&lA8duHfbJkhAO z(9*Y;i^?9mU2?J68Ur7C-n&;$cY<-lF2lw+H&6teLRwx1s%v`6QkZKbA~rl8UPqR- ziD>xd6iWLXIf9qJxQ>;cEqd1C*kw3x!=X4WP&~k#Q5NiX02gD9} zTwTBpTnQkEE-l@u4_!SHO&Ft@#KY+Y<<9qX?smuzy@F!;BpB~e0t011pI-Qo-d!8B zLR58GYvF{c6N5tg7OziF>j7rIHMkzY7L;=2BA8E`?d{8lAMsLreidk?tdlVRVn`zZ z9Q0!eG;^QXuihZ@t9Sc?BUAu1lR!*@K%MTRNCP|c7uW;^F3Yf0!1BVa?;v|-XT;2x zp*quA#FaYw(Q#iR_!`*C7BJg}w7TO#dQ$`z-QXz7!k8t7GHR>T znnt&+NnSfui6q-eGQ1@SZoWN9#iCTSz^{6z&t%$70fjbXAbI3nZMO)~JR*of+$9yn z&Vn6SfHlC3lwSMgm^@s&H=YMdRwg(rTMdcF517iM-3{COM)P6k_L($X>A!dE+BBw> zRf>eeURRaC^%jR<@2VH(T6Q+0)jZYny*~u(>`-1>97-Mc#{d_r16f{a4O})$1y=)U zm&6>{d|PMwI|euh+B2;+aIe&+2u>lYy?Fl|2Ao0V0d7C%T+v?u06(f<|HHlM{|EyE zeOvuMW|sdM2$!k9ZRYtAhOd*}a70m&m=Rjc;#?u%im>@1$|y_GK<3~d~FVitwV-pgxmcNepbhwnARszDvvjYU6h2jdbl3wa!Y6Y8T#anMvV z0|s}UTJ6F!H9P|dd%u&p7|{KHs!Ef$E7u7|@7*f?f?nhisZRPRkJs~V z@?vkJMNXj~Z;&%@vKuZ`pmt!Pk_(nK=_kot-nrd$Yf8bi+HjnXoT85q5`*l|WAXZ; zZ9)m~8Hpg(E@0@bG=JC5JZrEpa+%j48d{?sF!no+c|33?v620}xGHPe^a^N1v|Wc= z>Gg5-Ih*Kkb#ezQG&y7*zR{nD+_$Ba%(=J9z4d=$2Y84^b{PeEml;mj+uBaU4BTQHWjh4ag6U%95R z$YsSLsjsYI%r?0I4lFaN5_EMxq1li_S!|AT1p?b6ba=U}YOF+afA_#u-+}7Hg0=&3 z`)a$M3#`&Pf@r8^6hmqk_DJND4io~I>~>V>Y>+}~6{Zp>n*i^cK8F!lLET-nUZW^_ zzCA(ZKoty`n%BRqc9qWNk#_>>l_=HN-(;taNq~eAGE(Pn7mNgnJWGxke@xYy-I_n% zKn%uWTV(_-=4ctVXvqk~->zpm>_$WCdgKL!a`V|CZIPK%cu0Fu4=qvBPUx<;s2Dpi zX-$G%(94M&Roa$rAW1BFoYIiUeV|b}jxarxayQGuu{ zEb>6)poDeIx$_{n5Idu?MwTdhHnKtivT|H0UYy4qFWwWcH^%RcjOpvyLQ8yqJYqk1 z6%S1C3ZFpF+@Nr4`7POhj%QErh5D4AvgZ23h{N=+#IupTz0E%qP@9yteB(159HKEV8Is`EUOMw=$2*X#qzLnU`<6tyy$J;f#4VII`trKrGwb@Q zo=J^@DaaS3Xihu>lTP}V_z{ZCE_KIWyqK#MEABTrw`FQ7{_Cs|ry$gH_fw<13#4>} zZBz3#ei|V)E?p2ciA_C#a$*4~s3k<|+WTMov#yR<2S_D|gh9WYRfC8RFO&yTrS#k( z$Bx=55aKs5_A6I7KxYrp5H$--8%S?D@X6f&BtT*TAK{v@YyA%R zkf&S_!J2C;zVLuDTMi;Zru#x0jNr?4tt)WtDauko*etXi!GkN~uB5v8(d5($L|<@O&`e zUS47&d1&21j)WWtr5Wkqer?rcVD8>}Q$oeDN3+<|og>rP_qs^zch|3w2R8g5px;J5 zf9o#!0iw%Dg=al~UbV&hvR@3)#*fE0v&Zv4z?hWEgCX1WSq&G$Zwt0Cw`3VD95i@+ z|Ka_1W%6JNsaU-*W(|_9KD9Qv+?2EnjzMRV%`RX0g5!AwJtH|*&OC{W zbL;tXxP<7?_M;MwC&@DbF>=E)+f?y^lR@iA$ zMm2x%OF|x3=h#FK)cS4I_jmWR{TAj7qttQBk#e#q3S`5dI3hRZf2!#@{iVS zQn~ks1`4JN?Sv0O6q$UFem zkc1UNQfcMISIJEs4ML*2Lb9Tfh3i{f4=iW`GT!;Ml!YYr3&Cg-S9FGzB+K6P8g{gJ zflnl@XA>I}geMvlxi#6Gayb9Fy`eQO`r->KAixszl)-8(1IVTzi{^Oh^_LFMyufsHNDAj>9gCF9{_*?h3$M{CBq( zGhCn9S0=vh<^`_i3rL6Ya?^VDR1{O{BmdfwTxSS^Z)y{P_b%GsK4W$0*m>kfH5C1s zA4Fcv=kfYdzYq39%+^a@CHT7%baji10aV#`oI8Pqgf3C@Y^)|$e3@0qtu6T{^edu~ zF-Plx^re{k^w_d?92zg!+CRG6Z%j=Xzmecv%!-+NVW@=O@fSAW$*tv4f#K%fl_H)9 zr&hv#^a}-6(EPRt4 z{3o#LA2=r*-4-XVpDxPl#~Yddm8|<8B1%7#M3;)T&Ac3pS5D)%9w@FxA+eO8Y55MI zUmzu~QeEBi`ha>(`bMBd$-2_Z^~$Shf^#haf{jFtmnB|K=K3Y8HyD=Ygl{ZC1IL|q zP)$Vo3Nck?Z^O%Q%zVOpLKR4McBfd#7Jc6wv4tZ=u7MADCnHQUK1IY>t@aTFTe7O& z9X9X6?*}*x$SvxlS^?Q+M`Vf5K{fP@877{I*k z6%f7*AYh30`Ku}}&BW|ylTA$p&LK@Vcg`T^{Gi)n{4zL%J^+<1+Lhm*5b4W|!219; zG<6>c zFkQ7UF2y4RgOcXvSggS7w${Gs_V_n*B}oi5vtm}dn+tajGON(L(B2hQ!_5A_%eL`M z;wwJsQInFvHc~s2rN;68M|YinDW(-o(r6aq zOz@KVmReY~4=08dO+tEO<$)swR>vuIa%d7}H0ZfwlK^#6d}_3`^QOcf;tK4n?%jB**2-Vmjb4|x+UeH?;o#k2<90n**WaXL)z%!IH(iqD;S%81 zwoGiZ)>yLH8e<(m)i$h_qn|5*KOGQ+y<&qJ{6&>(ZJ(ZhC$XM zTzyHDbbqjBALl7pb{G=(9-4SCd|sKtR~743xh;)JdGM~_L=QW$uxa7wUZ!E@5AJl_ zl$U-tk5_n6U=A{Q62jf{anP*(uKYrL{|C$Kzo8s+{~n^=`~;!aPkH#4S|CgPKSq}S zKGj#nPD&2aBZxi+b@$I42FX05c>)av@d~6*H1&SONkEfqxcoJSzgSx5SSI= z@)vct=<28O<(lE|01<(BdD975bCFr8r!|?8NtgFRrUus8217t~#W#oxk%1#D#!GeT z7SjCz!Fx(tYu<*zK$3b=pRoC&$aKb|~qfU}t;gm#S|9=J~CQ~n4!;p5`c`tNvkQv%vv-yh@c|70`9es$Trt;i3%^#(mc7u|&qx|E=c;srJo5A}iE9Im83G^})th($~Tkh(Js$Es1n_g372 z%|%njoDiL8bGGpocNa#E%(CjuNCGVR0)m6zTk5W~0{LVgkM+*k+o4e#JECRVi{nUY zB>y!c@o$8=mFj+;ai>}>B{@98$Ts1dK4u984D{N1S@;jsU=%?iTZ7JeJu>3%8 zuL163#6G5z&RBv@ACnaBHmbc;yq;eXM z^_C}I>_1KEwRr+0>9-auE31`Z1a1F z?%7>tn72I1z+#F_bO7dQ)X`d!WMsUeT02xJ+v)q;$S}IJ@2kS-S{8I8AVJTc4(6`bIeezOz0H%!dwPpClmAZ`<}AfhFW2C2t}`OYk3!rvB9? zDmTy68qLfdcz$_H;R!aE)K*Ypz^7Q`jvn=i|r6%;O6-4aJj*o7jW0;Wcdq*Lt1R9ek4ij|`6|N<0n^8QdBcPy!-(*0@IRU{AO!imL7{(+v zpiE!=_A!H}<_{>kJF`}`A>|`MJ?V$gkwl$u)l!kh#4%P`%Oj=W*sG*DGU4$#O-*C^ zxn!u@kkJ-ys+9NMXG^%18n{HS4N;zFwE*S0Ph1IjEaU~KP4p^Ih%7% zmnAJd=SC4>xG!<)v5uF7{Ek-~%1GLKa%xWz#P2@(Sm?F{s6Rc%cQXWUYGY~Zi zM{uLb$})&U)5`b;aGb?gfpIOHU6-v|+@RDI7ft;a7um2e3SKvDxYA80)%l}JZftnx zfgQ|QY*o0DTL~X=2Sr33PFcz?Aq#!1`^iNdNpKmBUFGFWms%q2)2VW@UXDK?{bLm!NY*mIIb4w7bCaEo7w%=&X7M zmh{-2LQH8lv+y-ixM`1ucB?6#MV4q~EGa};3gR5GR0Oe^m-d9tZ5n|W2*LF!L1?Q+cEuvICSzBGD0b;xb>jSJP-o=IJ`>ry^_OB%(LYY zluV69Z1DcGOIse%XDm`=ELc!;pM)!;lOT9bdyVcH#U)w}4tBpI_N29e)@Mzh-@W?L zXh8pTAt8clBw_pY9lBu-68A+6PLd>Us6W?oj8xuiQ0wge!198&*TD|1cdfKd5l2{; zOXb41N3ZVjtgnBFGc|a-0!+paD-Qc6^p^>qTN^f+LZPKls`BC9(!*?~uN{uO9^Zb^ z&VM)%O~lQ7Z<5jp$(42>H0JokLjek%i8ZuQV9J?42qlUEM2IdXu7%vE8@w`FW0y-}BWk$Hy7K+s8MZ zyrr`>@i+-uP;|nayS5||AAYOC?Jo>`Ore23>K9ZJ7_H4KlEA`% ztL~rB^*4?u*gyHDODQnv!2s$@9j*c3)$FVW&16&R()V@cy;RZ2w(_%!f=kWwgK8T` zXgWIdb^baM&qw}kN9ANZ_w&*8_!$?~`!di(fPH6SkG~r?$*s$G-CS|rX4e*{URQ_| zMW6R`YLA}vEcmbd`@6MBl-8R7cn1SAA4feL3!f`!FGoAHQ%f|%kTw1=YB+%oOs&y! z)Eq?Z%KG)z<`+kOL>9FkC4f}0n`*&PFq!+@+kuPd};8>)#oX&!Wz zcFakKUKDZ%Y8F zwhEiwZep6Jh^ovx45V&P(q5&NkKHFHmi#pxgbT{D2Joi2#plQ_ZFEF;))X*0bC>Mus zDQAkpAFyJ9w?au8ie|?7lpmLe)Em~zKLIc^+Nx>>F^bACMWPh$|J&+1y$BJj*HFU? zR3zEJ8XtB1!Cor`q2QjqUvB&rmZ12}Ed4t#9IAQnhe*3^NWz+;WHWf1pMoasl3NKR zLuFmg|7b>Fsb3cFRGj(m=n&Iah4+mk-=GqW3K?=$R*A_F4#_K19;2`xM-#so z8vF8iD|n$Q*lVdLj4(IGwdN5TzF)$7y}{=f?W~lg{+U5zzq>bXHN&)ip6|QWb@$%p zcdmc+!-EwGZKb6Cw`I|}xE|N;kK6J6NL2hw2Vl%MX+ z4N_1t#lxI9TT;v3-ocicUOL||KaCKm-+dzetx~y@ z%oK9dg{YT>@SGmrVVla=We|@;znd+ob_#nRH76+Vea-RZkTXQoQcymtcS=mx{Nb#RzMTF?mzD zpLSc*DGpDM1XQU>=C4;EyrE^+Rvcp^^6lpP>g}Tt zNdphzn#@nLGEm5#QN@5CVE-z|A|zcVBvot@7@Sj3+eo8*k02nh_>j?ZE=a86WD( zah#H(cGFZR)0Mpw(U;Anoo!C{UjLmp8Z98pHrAEv=62Ht;it%nF9A^!<)d3jT|=p$ zS`6r=1~rP0hKv@-9!Pw&upHI!;?9(A6TkW$=&(OjV!QcR2ZPy)nlB^?WFCNKox;D% z)YEK_X5hlT{mys43_iNY5wg)wO(}afe2VTfxS@n`n=`ui1=2l&6++-@TCwVz8{!L27mf!1SdgN# zbis@v?%a1(sIm6tVzMp?3g6e~eKYkw(b=(y%A}^KDk$uS(nOwtd)-bDUWG}muX6Fc zKdWN2KidZ;+YR>K8_tZivERM28-L7jj*qI$W5P#@kA-Sx_iD&|n`+T;Xw zwAlvYCof+~K1=M4v^dhmTap726mf}(b zy#vHru^vgOA?z-iIMvugJoEeK1JoO;m9QMAKeLLjqev*y%JQY?tC_-sOjlrUb=t=E zOaT}y>RXR>Y2XU*8%tS`O8D0Z$t#Kw(cEx7IkxI-rais6ZsuGsLPRj1!|oqBy_xN2 zT0Z@|z)>HH7(fdX+i0#$xYPeyCjH-Noqwg!{?r6BLw!dx8|(jiko=EvKFu4kJM+gC zRGkt_=upgB~HUvH{g75SaT- z*VtGedS(=FZ`u0#OiQAWY%~m?DPELaw!>pbvw><4&PmDL@{W&+O}F#Ole78I#?p zre`Y8k1DS+3_(qK-%0&a9+YU5XQfqe6bF8cLmD7KO$01uP&h-6=ZVO%mf?@bEIug{i_z9yJp(sE95Vm5w2HcZv9L`IfwbP!&as;Pq4T7->pB znUru=T5S?H?kguKf&pQ~ITQBECjja$*s=oF*rY**|IJsfH5Wuk+utC-ZE)%VZXyyi zf+mX)gxe2^f^-UnmTrh+GHcfkGl)g%m&lAXMVnp9GtdM8kCKkU+TJ|aK=3%o88iAk zcPYyjczf0$NLqNLQSX_-;;*9LP)y~btdGbz5`5~}h0WAV{_D4{21VK{(Gh54(WY0% zVI86-VFQuEcxHyq$?H6!<${tUaV{Ys;83*mL7DE_Dj0V|%A9;RBNr=eTv$7_=~v4$ zcd#ETj%-_(xMxihg>qQpXN2{ZJ&CosQtB>p_HpS;F!*_-D>V-s>s(yCGTUZE?_}Qg z$?i6Drs6NrMt_4mMPBY_;@9G^a{K7imPowZ+;>c?zKBl_<$UT9HL0w{k=r-08BM^)}S8vaK5Gs-iJ*u-@a2P zyJH)8=reow4{D%u{V%(RZ~aRVBU6>o*Yl>FQZ|NC>JAaU(YTZymu z0|@0F7@u0?k*xQ1kkrXBV1yxH7P;rrw`{UrsV+nBpR#9gHGwuIc|8Udb8@p%aKd@(+zU(6BY zA5ii(fm-GwX_czQed3b4NWjTr=GwuWIUF`BI|e-o22R>(ivY%-kh~6Mjf8AQ zJLmU2HQ2s`25nGg9w>loLsBbVg+dtM4NM&XQmzE5CuLf{d86ktyTOZ2bs($e?m=?F zH&AY!1j3iMZC$d8&&JM7cNnvNQv%#cD9pNwXska0Zb~ADNp!G^TjRw5!_Q6@sQp&kai&`zvH2wW{XAC;D^Dm^@7PFVr)rOl zW_BWqS$#B{w(3+-Nh$-tsAr*UU0MZ7yn}u^6DFOUROhZt#Upx;t(Kg(RD7(>w`|Q1 zI&D1WIM1%i9q$-$HZ}1KT+(~Q(|AV2Lb)DzuCr~z z9TAIqs(e_!p7daMHol^QSYGPrnxs9E@{uN%8HNMmwuix*t1wei-1-W-9a!FZMlhpX zsa-yVnNE>X2z&dpv%yObrr5wz4dwmSSiCv`atzgF(SpkpdIR3IM;wg%-X3SE&#%(f#ST+cqgS0Xw(~2yu@(=( zXA*fYrbM10aQ4V5deSyNSEvk^6}w?;(?cvytL#%z&F)nW(90A=#jg{#(Z1_Hxrd2Jf;_fDx6cy zG#AV_jnKex!<2g#SgrD_zr9$||3HA`8;4M!fv@NMz4n@p89qNBTkXw)MV!V#Vz``{`(aqty6O`q;87UnU>L{3@pLZzv3afW^xa>9jzQO8LcG zfg%-~NPciR4~larQ?LlN12Odgz4va|_krAKrIBQFkxYritS`OsN};$?Ku1(J#BV@J zs&L)&=#x2?r!{3W(?Xb|*qrjMv)|LjdM|XPxpfQ2z!SME<>1efwT4CDE-FAjayr}~ zO+)sZSFN zrFafr;vAdn@0;Q)W~owwTn7;MrQMlBt@(QYTh#V)iW}oS18>NQq$sfh0=>85Cq!~!5?}`Sg38$|^nS;gm0spCc!MiLvw!O!;ZQHhO+qP|c_Uy53+qP}by!oA%dvnjtOI~vRSjoylr_)Jw zefd&dMSQbVxkx?pu)g}Z+#4wwq&6q2Yl4NwK-r978ezBUzn@PhvF!rctXWk!5Gap6 z=UH-TMH^f1L1bUQsI<$Y2Kb8-!6!IUabpF_!&?ZP30WG;CLa1 zwJV>mR2ty(l%n|`!0Vmf`j-C!9v`nV^l0tkv3Svi{+m{QTbX%|di+sOWQThp1Sa}! zM8tO`Bu&qLsYP>cDEpo;_dcmYNv!7S+QsUnk=02sYjb7Sfpw|J@!PKIT+{Q4Q=MU} zd%qQFt*K$@y63-RUQiSlP3{--gTFk@`#2|EW*^i={>8 zq*|E&Q=dk2*N2-kr4fr}`q5D&tW#^SW}?t|7m(cFO=YRb$(fbe&m@tEDSMUt#lq$k$M`0#ZdJ zNl$Ik>I@X#z42%2G*V1u$Tvx#f9Vg;93p8iH2}QcLGap?MWd?b50BnrR5Jaxz*?VP} zocEuZ^*JK*P=efx{ue=~Jp<}Up;W*&vWC0HjR1nFAA&Qr4sst0AmR(5U0t6BJoR#e zr2f-41#&T6=th=zO5Zaj8y}T>AaeSd2Zd1(B+Bqwk8P!6$c<`rHUd_AIK8~|tonGWF)atZhJW$ zM<@mLpxxDJm7%$}2%6ZgqCxi6G@Q2_(@^N`CeEzQWd5ex2anbvcEY#RUfm$pP{!Gh z1sYjvjY>E_3RN!`7VwD~+n4)gbk5w`8LH@$EGoj4Uzhbg^nhW3sHu|ut|ft2)@^Q+ zk{2l%rp8g-xe&*FENxA&XraI6Ki+FBJ$D4ECst{FiIDleM5}02G~ur040fF-{{8Mx zKix6MDos0^X~+cD$#*K_Gq*ptak%56#YcAH*WgiCARs5lYMM=Xk{INvLw0k$; ztx$kn?6*{VGv-g%$>Zf>*N^hm5p^VgTvOuNFpgW~;dTG81F^Ki&mr}BFt)yk@3-DNvy3hN)Bz2Ph z`U|Y*?>lBjSs3)ejTxntibwuF*CQM+x(|=e4sb8dOyHr|gqTD-Chlz%7-W6_MbV$! zxI7Uy2XizL7UJyvgeKl82TwD0@dwTM9HH@u!?^R@#{7=K#7F*F(KnxW=G^TD#vx9S zz|4^Qgu=Ih&J7aCKe`6<%m$7+_zz4W)6I2y0iN`b7QKB&7>A=g4X?7SID%hWKXZ5D~Hf}Oha%UPx)*D@wsrgDRqKOf!@G_$F26;a(-*gqC3hqs{LFsb`1*{DavC#Kv1kXPP7jKI=ttLkbiw%(!na z!XY(=2~!Q^EuD~yygyLgqRx8-JNRIp;oO##Ok;6b9YZvvgBU~d;vxhyCtl3BVCEsj zk@|%ZxDrYhM!!%Gh!*piKAzvNHJmH$Z=N$O zAv;jBX@imO7Ag)huMKomaOBj~E?80|FThNOO~=5R1F=9W(u>WuRK@tno#^-qzkRAS zEISq-pkjgKLy2Q9CEgKGCKec@mlIilEw_IZU~@>`9&>1mTp(dEI+*3RmXd4q(-Tlm z*pdJo{b^v%%y9b>lCyS|>!eeJpZ_9Jr475~f6F9YcVXJW-0CvheH2r;@h1KGu3oQL zSfZwRVVy{%Q76epzyrrl;=%mxZ59Vrvt{YlMy675yr)fASjwb=utaIjYLRZl#|?P7-nLRHlgWv#OT)pc>f~rrS0t~w zzS5B%HLLe){Fgj}Jnz87g2%f=7TYd`{XYE0hld$d^vBM#3 zEH|#Nw&QCd*jOqq)AYdkq;NnQXKVLU}DzaVxaOZMjXf62*a6(1{gfA7^DGe)fTRqpf8mo7krD8aLA}W z_Qcf_kGSTvpM@6ilsCP;zKTa;!(HFZ%;*!%Q~ZjfqClQ(V;UOeGsCE|``6wE25LK5 zv8mk&3I8Gb>Ju+gMNGWl-!&s35veQ$0auHpbFkFsH#Sfd zh7d?Ev&gNB8A95&`OZ=Gp7tRTDrK&~xyZe3I~mg4-h2c)O>j~~fbJH6Sejt``O3@}j>EpwLr@d6%A zRe~6wNs7D~ymN-b;o?sFiOBFI~`mF!ni=5e033&Eo%@Pt8;}L+=BLJnVhK6b6`soHrj}C4B|3W z+_oW77&Adk+h-GnPL2dR6{*UojcH;i2Xn^TQ6-mY>u#hV5szU!a0D-6S@Mr1U{@(4 zmgGwINB11cJnm~*U;CGYD~K5$9J=kH%}mMc4q4y@+^lnDs3<4p07Hihr8_amUnf9(&6=%D6bMZGK)-l*f z{6t%%%@@%wL)JTLtIm7*37}_@4cZ}C)YU6}7OqALr|U*UQ8R1vpYW5&!|_t2QrVc{ z3@UeYgIzUjFim!xghZ9|q`|}0+9qpyD{ETwsa;T%w|g|Ch0>f0&5kIgP5gxgHyA&* zG2%$}``eBa)hMCRgK;&5PBp;LuC$;Eylf}C6nnT{YbNo2!!@yox);%?Rpbfwv2be< zvKPbXrSnIy!sm}@#Ji@4MamY?my(?pnyBrFKRlEBhpo4?Dkob?&v~@$;Q5z@ow6?g z^T}3uO`>JT`YPPa@%`$({>DK`P^nCdomoL3JAeM%RO#Ud))V}HFT!)q_u>|R8^y!F zI!59DDYO3{UE}|h;#dDCenD&^HDzi59Vwe9{9#wyb3GMoIMGZe{t=f!M}EC1=*8v~ zPk_O!n($CS4UN3Kjy^s;9YZx2>IR4chm_A=YHF|KuyRv5{2l}5^OYv6L1E3|zLh-O z#JBcXDgeU*t!KCm_II&zwdTx_?Y8XhOYuqSx5molUPX6{p-z=juij%s&j=Vidh_o9 zNleX3%m{6xdjHFyWd1%Nrn|8rsGrhdUag0jQZ`{y@4uMlj&%Ke)4z4S$3Ob_{I^Q5 zI&V*)_Ky;^%u{13lSH~h<#iJzFzNgYBH^Z(qlAryCWQGZi#m;_e+S@g(F1&DiP~3#ex^BhK8CfEP1e?)Nr!XB#u& zk~Odxt+5*wC9Wv28DB1pzHOrqNG$)yLx_?5MD01`@ufu4Qh(!r89CbsP5x49r?UpqKHZ+laY+3;+I*6Ucg*cITdwrwy=X>>UzJhl zh?~ILlTSl;^&MdA&)N%|lTNMTN*{QO+A~j{rUL`2wJ!0#*8jpt*EaO+(OJ0X_b&s# zA^$sS-X9-A&41D2^?OnL|Dxs>9{($4TV{#@>eu>NbZ={y>vNZ5Dz_q@wvFFy2vK>l z8G9n&`I+Qu{wZh#8nEh7P-D29!|IL}gc`@tyc2KUec*k#Gx`BmhviSXb-4^tR-I0F z-%_q(AKf_1UCw+Tnb!*)vTqmxZ@J42?|+}}h^xsC|1U2)u>b=6`Tv;i|Mu#<)Vccg z>ipFkXMDrA9-11y5OUD{>LX4vw%J|RO*7H?>au))4U&GnI=M?BQt_`&WnX%Bu7U6c zBI2zzQ@64p8K0kV3z<`GzyyNdO-1~TM=fqR(e)_7Izq1Y_(m)^IE8%e2NMRnwXd{5a^ly#vZn8jx(8t z$_@WRH~j?d$_lE`gqfDsi9ikdM*;4&8aR!>9$FP5C#p3WJut;ZWH$6~GE^27lRv*d zyODyvj(Sb|q_m7l2T(luNe0S0153@kI$VY+wSr)SG+=TAcg}#(s~>l2#o;S1Sb8M2 zLI~QcsefPylR;)pfj_#1>2M#3RD=<2 zxW_-~AEFGVrex51WM&pt?3TlprUHj?cEvki6L{sMgh*CmXz}9&>@HZXidQHC=W;kR ze>AQqAZy50CD085o+^)#oEGwuLleN6-p0KbczyAn8st`T6b=Hgm4B{S5=TlW3$iWc zt@ObDX2CgV2Gpa?608QTTIBf#JhOhTz8BJen%Cl3|{JKHOK`DguQB{yMLil0T zmM&eM-JZe!{7Rf?X2NDd&`Hv3R0%wMyv>Il#G0BDgQWx7VeQ@9qJf zFAfo=gfrC4BgJg1%T@-8{$;?;lXVBA8R~vFx-roGG0L+L7zmV(FSX1p8!px4acl}? zB~dYG57IQ%4ch-1?S4C!KHl+u271VcZN#@p6yn=PAJl z>*?Tjxw_=g`b#kv;X+_~4rJ^+zHbCminPcGY~Q*}3C49gtW>00+M`IhYoW$NZ7Dnj z55G23fqAzWgo#JJ%C$Hwt66JQa3FZRsG(K>`Z2m7SqrMl4S}fj@Ha~vQpth2AQk2a z=I$HuN%L-#0XCy)-HL zoa8!T*4Gxhs9lgC>d(A{?^{XLhe@MUwZvH5CSH!LRg(8ndwH3gBZBz>AbxVh9|380 z_z1giw`U7`4+4auiDp4%a^OQr|pt01?ZbR?@T^tU1e$V?&nQCqt@32R9--~&#DihtamDR@mdcyz0e zML~c%aeI_V*p)H=$}0bK6K9#B$n~|Q9dIyta;{pVek3-OQuTcJP>QNlJK$qM$Ww-E z^*-{KO{xshs-%$aLS#dG7l!EXL%;5w9#j~b2Ep1(p`7k7L4sgBpnL_E>|g==fKbAs z>J8D;snv6F`3ON}yty=P%iT`ip{8GhJ|!$tGQg$2Eb9tynFl2C%hHq6l`B&8xn#4k zmd1XK(2G+HlY~huf)Qe&;8=|x!ML#k(8bD>Vxfsja*M}wCD)3)d5!j1ne0Lr)Jb==o(c9x z`5NIqA<7t61Ok?ZY~2TOdRlJkiFz;62fj868DKj@U+9A#c#6bs2rPjY z?;+Q4!2uNV2jIg_9zh~zG6#wIr00iheQ=2sFNDpTcwPkn29HVZh6OKh5-+B2-_ zXo#*@4!L>(QC?i9on?w8sf2L8hO(V1(}l|^7k(o&yfdZn_wM*{0WxShY#KP2=14^M z3j%!VYZTy{#ub>$?8`pd)I{o+pu z^i$lriHcEee${rJHq{Z9Dl;Krz$luro?LE}LG+}LU3+?}%!DJOnoFaWXbGB1EC4=| zbO69_sEsTE`U6sh;Wf}|{{o4aP0hi4g-$1ioyrSmAsqyf@rJPk#glp~pFLEb(BVBN zWMRN(CVRBn25}jrhzLCPG}B$z^e3-d%Ec0VGw7T;%7H%PCc#_xaTL@o+$|K)jkVG? z8kyC<&^FQk3Sq$>1*{czG9@<=LKv5H5QC4L90u327C4oFCXHYRx(dD>gkyj{MZTmp z^o|^vk9$R#;Qn|iSF9HGgh+oTr4B4IVKrjKqj_>6a<3OT8xp^S7>=X9E1)^X>#Lw`Hd>I}@U2zJCJVCpU}j zIrqub&AdJ++ZZf38JEc$>CJo0qaW5=0~Nlux;;n0T>k5;$ml-a5k-Py)5jTj;bAb` zkA&2^5FV$Q>CKnfC9Ea1r&fogy-a=>(#a2^Z~DO(75MNcwKF8YXSU>zJ_wi2IL_R% z!fS=(LJ@_H0WE}Yg@@Mb>tg;X$90VmeG3{me!(I=^%E1IS(G!-s}tMNZXkeQy{Lz374RVHMJ5$ zVtQuPy`QPED!TB3?*FdWGS4RJOF= z2?p)MzBff}Wf4W%X0+%X4QkN=;pIGP=LJSpkISWCLH3EROcZ}og4L+5L?$mG?>uGo z>`EcNrvCQJP}5->2aRVZdo)lrq%eyfKuDC8nc^0!fKx6^PYi2a(`bHt*^;p9rLvbd zsS}>5q+4chssPy-3~qCoOfP7tQS1Vr93WN0q%qQ&j>Z>Trl3dSEFlqT=f?Q$V8R#? zdmW*U*O|%O-$Usxg)9T1I z6L#3fUJ^rXhu#L!s_0e-u4>8pXcla*R^*vTF_}m~?n39i9xYZ6%e;ie73iY$A>@NPGIEKQ!}iJ!5zNWoH0$OneiN z^g305RE@WKej<(uEON0IGW|^+GPY?6ZgzBr%9hUsmlXXuUJG9?29TiEl8u9AvGA); zAt|mqM1jZHx7>WatUk6NINwU($X>whwe8nv>JCEUwYNO|B|R&P35(5>Bie@Wbz|l2hCU^MywA?3SjoXlEO)>EUQy51E{a>#1+c1^z=f;2@Wz0wyR+Q2Q@*0NxebRhIKoM4vgEmt8`UvR)jWkkMw3oG#fpf#? z8ttl9_9qHr(+*RA+}u6deQp3VA0F3|%#pRCI?c~jT<;Rxs+$q>VoKZ5;=T?~Nyo&t z<}kH?5ci7gA6d`$tIWndk^76kx{liL#3EVLuR`Bv5P6}fHWWkcP(v1$RVPUyW(#85 z+L}Q{LsOlrrTV41O&ZqlLOhA{$U6yxX1=v!2hnp%Ziob&x<9^m@i*DS9u^g{AEc6fij z!_1NM*I3Qlk6-2dyr+#azA_;WY(ZCs?sKVwz6+EQa? zkOsrKx-6FcsBkL5a_#MG3KCrTvW?WEmb3ixF=5KuKAUeOZzOt)AIZGKH)a$F{>v`=wFnhti0V=IFaV%7K=XsOnQE6}1Xb9>vx zS`oHliyiq{7lIg(L+is?0EJtIMReRVXR3Lw#~U_+3wWTp+Pl6|NMMFMQ2#!!nr|$B zi@43v-#}`7-WH^vS{t9T>b$ zb`R*$j2ODd&mt~P+AyXp7EBz6=^Wm75j+6P8b8nFKiC5Gg|T7+-L4l2FW=0aBELU! zM|ouD+#>6FClem-$Ozt_5 zRm0B7DD2L*80ff1NR{OyaF~YZ$%+u9*3yHQ{WWCo8UZYHi=2m5C^x=OLa{i_X5pz4 z0|Wt^UFK{b9M0TGc*)Nkk$zY!=mSgphu6UFH7We(27c{gKDh*1I{&eV_#>OrMfWJL z?-s=ogkgmUTgQiI>PM_k+>;2Ul>@2t%%&z4d#w3p)v(%bb&%ptp^WK!bbp8}4zOQa za8?7t$)blt%~wFpYZCt)KN?QPyeabiSv57Fm)_wiBYLYZPi$mRH0P-ThJs%Z&c9d)B9RksT&zKT8s|8u}kylHrX!qqni}}vo zlvhGVE%XD=6IibLL`?VcqP*!mDKa+_g$fSh`3$l;vC#X}uq z`vVYQ4%SRkc<&TJZp7sffo^rq;DY~f^&WPM;gJL$Xw||Z6K-!E!3cJBBgg@oJl{Qs z9RTVWDS(#P8f*bYZf+i!w{M{2$kMqfGF=ZZN4bl_SxazFjX@8zP!uqCduEv}@mVBb zIev-_ew5Vp4f`oD0BtPi5(DUaLgprim0jWH)l-NnzI7tLW?8 zSqSAE>xApApFBNUzs2BaT5wfPX--Yq6>7Nf#kM-GUxL7%=qRYI|2d}#?z!7b+Z?;h zd!N><&qcI{zG38)n|&1Ob89Y^P{}snNiWN(16HW>JYYKqS5b}FsM3VQ`(3H%brdTZ`1u7(|@Zak5_D0JRtFaZG zP93Hek`tK(Ep$F&j})@o)OT<7Hs{HDif=52{c943c>{0F2wPjayT3PRkinn%r&iXY z!J{#=$1WE&AJ-`M=$gojseeEx|Zr+pfiCK&BQy$7{5OraaD77UM`qw)`pzMKjwpB;#i8$S&B z=Bo@h60NI11bKb#2jQcl4_!!aJP)&MCYFFpT3~!29`X-GQgAFG_9917>8%Ie{raehzR)8^bsfgQDRhS1lvY=$`_>c8?2{qb=gyPCl|b~T=J7Iwqo zp)j7o8e`DWI`zMlbu>hbSP9ia=OyOIJ(~_*CVTzLor(bcJJi$fiiI+t+I;xTJXk0G zw#nB9JEWH-_Ud89TLW)HwBNFsJ~XazNjvtCvT*F;;Dq3lMyLfukkGyegr1|#jsN*fV51&* zO{lqq#ADV5ay@lReA_~6l0?_ed!%COII>0?;W(S-fnzb2QL9h{Ka(lZ&phJ@EsLs~ z(8FfjPUG<@G0!t++t4y{0o3=g0?%nFvqSLGb;#6UY%UmY3DGO6U}zF9X>ikhcjzTu zoyn$#C6w}1E~+=O91Ju(sKtk6lDN%eyZV-3?7^6s`6ID9Y~s-L2l#`-a29j(FIQ@N zxpedN1ZAIGmy(Xw)HdYQH~E{i=@U9`=84qMPGIG38V=*Q6Nmp9E1LgjaI@Q)AxryZ zpQ%1-VE4>5qlE1|JVBLs;safeiFfrS^e5wp3UQu8yQj}^AC!triH?hI0-BDO6Yavq zz{Eh&Hid4eEz4Y$>=9ujS5m3q;J-0Hno24+Q6Us`Mzm*`wNQms@0@;Edij6_RoJVN znTt(~R{K7$GW`p?8Cx^SR+KPT)V}_#^5p^9zEex-Pc5u4CKuXME3vR!Z+;l!EE*lW z3+jX!6D7Tc{eNQ7HB(|heVHf2LRM1E$AK9y?xH!2a`t8$714`NVJYWrOQ9u1xOzj~ z$SgZyg}+)#_l{jlLrcDUM5k1cLM$2=id(3s3yfskVgw}iPG8!y2dwzl&r=mBs@ zPTkdMx?UZo2caaV{)S_?NlmuzmNqjRORTYHugZHo<-=teeHz5XthHd8=5c~a7_Lq< zanrI^CG}>|<-z98L|B7JJinO+JWmWPAg?EbQ1$9-r}mF*-kV%7J>$j7O?J25^yC7c zPQVsq@=%-Q_|ugR1mXe+JVawB4d6r&n#0K-DorxRoSk? zb<{KVGDqJBfgmnirc3g z_(ligP&G}!v_S?5-)C#dT{@nV*FA3&5IEgG6&2#rQ>AwrFV!POXi%74R%w(E8*i** zP>oE~182bH_hN6zQ?vPvZIjiCSZym90E1+2_x)-uakHH zPFTZUFL7NYYq+UvFJ(A(^g7JrzIhVb**6;J&SZ&HU*5Gdx{hTnQFzpOqROY`1yimL z>V6nX>zzaI+rvw{Bx+IhMQgoK53_+MM}VY;ahD7YZN)}NmCXVwdB!)27zlzC0f<=`2jy0(( zK_hgi`Nwez*2583=N~2L+ihrBw8KPX94s~!eh8M0b2pCb=TxZS%Jua!09vj?`e)liwDBxXdK72(2m9|@-s+5K$h=iavV4KaI7hUHC*SZMJ8fvk z4~+oPDSVE$%p8*?zuUtwN2l6CG4@({=@~$BIwBa^)T<-OjKvp~=RcXwoK^T9mgI%h z`8V~B!wzf}-5Z*3C4;O8Z!A8)n$OIuXCJ2nt~;Ics@KqJEh@jfWM7&W{ zk}vYMOu@n7MVYd-4jB@pjT>>l^zEMzU&AN$gP~o(|1dbC4Hp8C16I1Sh~TUQZogTa zsTf*R==dGsW06q-GHdP?x^;+AHQ`gg17xq7lwB`zQ#V&o+l6(QZzNiZFy<(_7zhW) z+1_+yI&=>>ooE7xyVKGk8Pmzg=n@$iNL>7!4_2ME+0X(X8!J@E(wv7gEt79*RzO zcGNmvnjINhnqDAOk4*wLf`jE)AxUo(=2o3879$p3C0T%J0mei)yb6d-wsu?8W1+%UL_nExwbQ|uJ-->M~Dg1mS3`KPSx|z@M zb5$R_magjP4>(j?JIH#>Jz?Mw%@A_59Anjo7>=rLwY*zUxa_FDm@o{(VrD>n_`_1NIk`3!5Z(B~0{1T~9hz5>N4tyZ zFoo#dRv7E%$FWB6yT$Fy(^bsDcvs@6a6+q7oVWy&SHN{jl>CN%0ae2^j{0RY0#tgz zCDqR)YvhxW-}dl5;3Gq+>%bwGYX%w*nlYtft)fWBdwiI#EI^yE0t|XTw$V~{naT4Dd@C>Jv&E^gSwGGVUV7AAHZ zUGsj?krC08M8O}yaH)O&IWqNvdq!D>(Hel_ZB&&uBwv&S?CMj97d`f$yisWsVKlf-laIO-#H z?IZT?0GOQoh2PD8HJ2gyj!**I4dWhgqRaFuwpR##)8&P6e zhh8N=IS90MmsX2MEg}LBKrd(Ryt-?8Z5M!jD%Q-#*e6RWRGF$dNG^<~xVSPqE*NIG zpuvvL|NXWK`k*>9F|;Q=rx9*__OC-Q72G~PreTu~+6RlB53EZd6*XewN*7I2nR!5J zA}k*oX(YMh&>UDi2nqkifN8S;oM0)DEN9m$Q94lSFK@oqG*DQqKA7p=iEcC|TOadcVVB^NN~lk%mf=Oyi#7XYt%9AmpwCL8{#=tUv-2)8}wjVmpq zy<;YOps84Fm$To2?>Sh23A*H-M&XgXSCFLL7kM)&QM!G*s4|NCD@B;nieBSYS zEw^B>9i8DIFj@1{&*Rtu!zIPzS|pma-Fz$~QOzvn~OG)Mik&1CnW$yKR>p zKKOzmRLwW{$&~cB%Ppb!FLAId02yGQ**v%uITSd)WMg-NR4h( z)&4jZs562sv>^>qwmTu6#>D#e6k11Kik5w{hXbMMqcn$sq~)#y_0NI z3M;goyGwKE2uDkgA@)rF*caSS;Pgr}1o<>*_hL*I+Z&wOVGZ8Q6BOH@;L(6f ziG-MTMD!^?=PsL%o~1NvR1v^?nqFQ`p)6I!UeC9bQIOgwq%sNy>;^#?_A*7%$rBR; zg|zf6q-jsO!25#H8C{)`<3gu8K5qKf*DW|Tv^I+66@n$pB!DGmvSWSyjy{c2Sf2DZ zpnLl&(EVS-e1W{p)yp;gNY${x)I@5zFsDk3*8)z})Lp?Y%fo}!5S5(L*YG>w%GNlC zWctVteAAu62%Zr+X&`xH&-_)UhSLVHBJcmitez2e$1DN^y?IAZ%;zb%1LlHJcu%gV z=D>}b1cd}2){}Lp1w@caE7mVn=<7ziB@i)`{f$B!#h0HAiG3B7gcOYwDDMWajpM1? z4cqlQl+ZWOKxcy+9&5UEJ_jyC9>Oadrm)qvbPZ7+Fu-T$70JkOT_E@bfKUXGDXxk@>y2;%CUpAsCn0YR60&4(71-zHI33&EJ;|ng zR%H{S<_Dm#t{ndZsqMi!)L%ZD-$jkV>E9R^>YL_Pe_R6 zm4?60S$wychGsv|;l45k)vE5|2;^7wTAIF3$_>fxiKohJB_Zyi=w@PCb;c^WZph*W z&sn9r$^*86VC3@fD7V?dFWor7cvF_2uR84!W)*R=i7(2g&FCuIbLN6(jGSvXzPvED zF_K^$QtH;5~&A6;RH5X$7Da2u?Gb zjD4D67b+Ma+JPl-CLQWy4#jg4Zq$phFXMU|q8-aJsFOiX6kqBIINHk)f}Jc{36)tB z&D2;F$HB>(y&oA@Ii@a0pJUQKz~7QK>8#D!HP*gu;^}j(j!NR;(A_)W^!jhV5hE9w z>OK?OXB(FN^qC3A6z5~kh&^WC9*|i$4bUkRUay0BPsp>ih91k}E=Uu410?AT6bo?* zI?WmiQXm~x5sJw=nUi}O3$`J4bE}?7pseh3XSz7nrrlgmcXzBb7*L@e%78gN4y@iN zuEcx6f|&V-KCy@`jZkLRoV^|a7tUZSlYcUfs1^cfjYYQ1UsZ&N7aBLt(hlqf-O7fd zDezD|_vApGn^=Rl4;K9K&uR|Bc}%I$sjYxQlE)6y%C0>dNb_Gu*+g$FFm4_AaR7)1Y-%#K-LKIMhOi?{%g=wH0$uG#adP>S{-ogv=(8|N7o&PS)=MJD8Hf2 z&Zmb0i?IXY`8vB4HvJ>^fp;X(lwM;f!m&9HbUhi;T|Bos834%65EF=!kM#p!^la)! z+0$WD@zyC^cxt>H3lusE8!FEdT(_03N}sV1mFOi1Lp}L%W))YZWr0i zgJ>D{6{UGdMm;*@2gjOn2&{IIotFj1bn}9c9f5#ulYFK=x`a$&D{8jDntB*rDh*#? z^J@ERdX)j8kvkAbcZ36lgUg3$0~gPjza@b@;a^B@*&mhS5&JjfdzHyS$YxB_f_7nS za0*?2zRyEaj59D?>BKwd7Nk-DbwP}F!4JdwV>0X{xI>)S32p*$g|WI~?OF$T>-r-> zNOsDUVniBF5lFnLNLqQOIo-N&|b+?O#_EFiK*o>d^H)v?++eh5DyffJ-`YC@lf+rmdxY7|2`v+$tDKo-COFx zpNEy@l^*E)W_;* zYdGsGj%qlXJbb^K+pj(=S(7><1Wj{CYaPXI0bVLCKN~5fa>vx)8XpiA&QC1#udKT~^@FB0uJ( zVZ@0aT4&%`PdY3K*FDs)$qorvT7n;J_yV;rK;~!#=+#^$5Nm5sIe|7c=Uv2?tMeOY4 z#SYC!oj?|IVcO`8j~ssMM_k`b5_0v@h$hK`7;#5aalkOSCH0R8?mO4GhPY~s;-o-k zMM9W2G&zX6MzKDz2RABvYK=|`Xfmnc$en$a`ZuP0=^U%w{i(N=ms-)@4fPUJrfA}& zr>}K`+9-NHSc=EAm*~n)iHAF+J-tY{tHv-!fI zts+1((dE8#1Y4Ms#mp%~ro)p1p4C^8z&z?BDg*ciDR-B(LF&rLT;Bpi4pR;Ui^RmZV=$t|21$F0oZU8M6+(T> zS^5I9bB$1!_EXVWPbu%Ccr<(ErcUB9>Oo7i*Mikm*bcSW>A&CwJ1F^jr<7TLDu6m7 z3;+R}!;|6O_!jb!9HkBSqxSPlCN?eCW6f(r#Aw6 zZnzpqQ@dKc&QQzyNs~)yOydAK4G0g0)TvJk4jG;ugmtYn#_x*m8Mfp@AnS}?mbCDE zHXWDuBI_zU1Hb;kC4d1`bUO59EXCT&o@Tax!oIz>VUc%fe^Ae-QAExz42<70l*CSM zCv`GyclIvc499!px5>fF_j&i}eqwIt*5R|y_FTjryG};dgNy4|X>kDRb%}k`1n> z=1Ky9TS7oyRkXj?+5eb@yE%KzOo^%a%5-f}tALY4%f4SIxcd_V&&Gkb2bDmV;iKU9 zgboRh^6d1uZHca9ERpLmw%RoMoELB7WmuK7s3MBWvR*a8{76~-@Yt)LVDtwGfh80B z1}i=|-_$(sDZ~imRyuUgqy{9ol4j_pxA9Q1-f*!z`cU*!1^ue1UZ5=wRx61q&(0 z%(J~1Wk)Lv7(4cawM+VJ^UGGV$G$pN0`#A9M8Z@n3V&d;_%IVFks{tK0qz}}Ha1LnrUUX%6D8`%nkAFV8vcsNIujKqk=+FGoCEzDz>Ho!8Ts$j^{8qto|of*^qGv zX-sqgkdVxs3;}JsHLb}Af;8}d8vw2HK)cIoe~jbhl{smx5{_M48|f>IIupOJglo!f z#(2UD1jTu*Wh73t3s3$;kcclU#on|A!DrbDpO=fUPh4Gl%6-Wf>HI&0y;G2AQL-&s zu3fgh%eJ-4wr$(CZF84x+qP}n#;fkW=bq^EZuI$BpDSWT=E|HSGiQzg;mgQGr1>;O z#%^3N738>8=&vE7({#>mH)?!8T#;)n`QXfcTVkTzTZ9vb*#9n%sAp_&H_|_fdE`3c zlogcdD~06GCya-Q#+f@n%0$Oh#HE*=k3d(U1A=zTA)^-@Mg&j+9jt$>WrmeTCZErX znd0k0j0GN|aD;2B0a7w-n2A3RxdLs0{E?{@aF!T>A~@m4(i07hQX+8;Od_DK4cAJp)3~nfl6Wyf)yr$R@G8qlUYR zLU4RAAr)0D`JDH|W=aYYd{U*ON6mx)!R-K`pxRhje1C4yKAw-snp~{r;yH+2=qH5? z$E543zzK7k0=CIDKwGfM9?)pig_LLs90EpYakK)N*I1-X#yxG-v(QToJquoJo0lhL z4d6&oll1b^h|u9Ao(Rh&|HVhJ$=yQcP0h zy`h>1mQ_b|7XkmxvhV{8;Wc?5ByWSVWFXP;$&FjKuo{uPpz`J*vq4&%rl7VDnjjB4 zmo_g8F5bi+SWGYts0A4M7>Hnq7#3!nH}1 z8RSP|a8ktYFvm%x=Z!Uk(=W|++Ex33#;&tI*I@_WyKCSIRI{oaqiFaqBY~bOd_a^ieqxYL zjE)+>lu$kR#9g-@D?(mA#e23@r-UYX92KdD2>Vhm1}2zWOcfKUoO~|b^A_2tt@N3K zO|Eo^CJ?xfZ`xbCLgyg@kOn)tUvy+cnKd5CUg|S>QVW%u0zAEE>YmuxyY;IODW(Vn zpn<@A69$M$Y?za0d(=oKaFr&Wku*pTBKs->4S2^tO0;hNp2zawJ7mWA{3SZ(EoNj^ zdu$CvtHAdB_ng)UXX$tG_O96#(X`vz(|8H`Fw%^A5iLY+ioneKmpve+%QrD>b40Vk zgGmcJHbk8PvU!njBdjouESv8w=S_GCxoqTb!HF)jnIx+%5gQil-6E1vY5i~Ge6i81 zl1o`T5dy1xBr#Zc4v;@d0{P;RSNN2)W=$$Hpi-xl{8jq+m_`XUsoar9ewz!s$vE*t zuPP#%#3fbvPY7^~E1Rh>0N2|Y&w)o`eeD+$C4NTC_plgpO1K$fzauy%jxeuF5jaL# zu@p~ejM*O&mx)R;2I2YcFKnUHM^UgAS+|<}S*y1@tZPxd9*16v=?TLd9GHak$js

!5n=RdN*Q=fmBO-|l4Z}T)0E3Wc@HuNYfIaYx3^x7A-k_3j^~G&2Kg_dmxEH7=~q~1+Xe( zuit?tUM>O0*fAY1YPa}sI5(++H}lnn8n~7F^(bFC|8s;gP8JmQKIy~N94Ef^BDJE3 zIjfX#9d&8v_owjyUf}F?DfZ(2Zfm~xfYxH5 zK%yRbIKp{>tQ#u`F+~P?6wYCfA7U4lL+_gzPNl=rKJj#&9?`SkIVa&gZdS#xhN0LHv5{|bg({Wj(AUxKe&dQ z*BM~7&eb83V|_w&iQ0&zEKW?MzL>L?;aN+6G5d?uPLB3v$DH@T+n*R1NS9(un68GA z=yP>c6;dqtuJhzfz)@u2jQg~$%vZs8UZq%$-KJZKZ zb@9*6t%NntlR%|S$5+km6X<8Y$f0`C?$8h%p7+YjjrIOznKm<3wCRb*_&4ZOW-+ri4gVifgxGh_V3m_|DCaYURNFf6)9tF*}14fV-hfe?AECES|ZrL zP!o+yvS%}RgCAavq6IS%%|4s1Xh&Gr0&j#^!9GDgUaC%e@JvBK@VgEW&4{hRP~Wkx zY9%Vuf>Jf(B=_rLd?t|tk$i>cw@dk5m-LL4Cu zjx2%lSH`gf<^k6=OxL+*#*KBLjQB!;#~AZ4KA5sRvtkCQ^d@CyYVqR$YqpC>hGNrB z>B0|bpLBG(lOK{nOs}F~sk62x{3Z{rsOSG^`qjvpV&g=ERwTFs?Kn;U`nR+U`Y%CU zEXiD2!b735vw(D1-K0q^QrWd6B0&XBt9=OxQB>>Ff_mZg0qpugbHlPi zE!%^pVD@zgMs}aR;AtMEx)A8|djGS2OX6~-85#7g7`^JU1&##1;0{n~hK-D=5=u$d zgWHL7s%*&y5%5gB^>0o1)QFeu#c5tWZpD!4z5F5vCJz%r*HL0}(bXfDtLKIJg;2RQmoQ^&)$~$wTN1N#!vskJ*c8yzw z(vCRKetemQy;yQ+1AdN(C5}rp|`ofYO2JY6kvHV|NlW z3?*8%UCr&C4z_hjU3ybL*8!psLfcu@i4jH((RK0%slXm1Fr3Hu0%|7d2afc^0mr9v z(r!3yvXL7W!ln(rKo{!gcp#i*l>K8a6E+i;?oGO{vcEiEUYTARy*!~mTwRWd*tlSu z;NW;Jv#)S*d%C@$*TB0$yDxA(%|XS&14Bq`=b!)uJM`nd;LQh?c9}Uu!$lr|nCK>D z_gV(>J*nLNZ)JJ_zdkT9l!=&H{N)~e{%h_0|4(a-`Ttlu|8J$_|9bCV~Y=WRb1{*91N3jfxrw%{sFr z6`Dn6Zj=yPw;hEUO{#Rb@7|8pyn-`pjMwB{@UCg#+_pX1pRg5uyS+VxQYAWtM_#0p zLSGz@jGogpL!3N?*Y5auy1d!B*+Bq>gR3f?A_nI!junfOgIG3X5PMkkArKpl1R^Ep z=CaKl9tIq6Ot*#fYtTPko(Tt~vjvL12|c8T6#Oj(>QbGQayBSdKv1(?6*L1FnDcAA z699yfgd|WYX7icnWtTi=Q#J#qTRyuoBRk0qt11P10OtX_pL=#EHU1Ya?Wv`X(f<+F6wn@cz0KQv-6{#qb>ZGw| zbRw42Q2A&6p^?97Yc-6r`@eS?;mGsq2V6BtkgAH|Jx%n* zOe{&MMLv&qq_)(RuIU7%k~r-|i3vTMzypp^YruVAZ=P2yPF{v>T|C_Ck?hjRP2OND z{#u?s&a+v}*3cRRgo=NDbi6wKIa+v;qVhARO8kPW&Pyf&|vrgt1wApUPt@>O)f10dKV(?0}tGo20v6h)x*6OIp z<-c3fu)%At@#`cY*|38`)*NH;2v<@u$)*j3iK`kWMV>mLME`}H&>hFZni;IJn7?$7 zHkQc%1Z}bB16N?i-#QI1yBH}GPcxNNLJDOf9`q2s2+Ck~w^xylNEMcc;sPnyIJS(m6w?1?6k4`22!mdZl)s^myKZ+$NxmaET-~A&;+G+a zd;HW%e`Ee`BKxvnx}7&d-F-=PnGSD_ z0N~dNxpBm1Qyogx(%RoM7YLXm<!c?MI5%XAa#w}`K{%NinuZ|7M0%Sr5Njy|E$VG&3ben2SlVk=yyV^~I4knO*rhS?kX=%8oq9 z0rCjlVT3cUGlE}5)Dll|B}1E<{+K^K9KOfu;YBkkZbswvLH9m#W`8W{wiLWvyY{5e zbSf`mC@(Dr1haK><^W4FNsHa&ma%wfc*H!CS~X4lNS!23IztqAiN8zBUiTeZ>;R-J zFfYgFVc$2%qt9;f6ZEGm`@J@RQOm3UC8GSRstvQ` zejKHcf!;>kb$-sfKBV#2eCj~Qb+W6>`HZx0xiZ>@{Y4QGqG$Sqy_loF70(BQNEuaW z(PpX4nqBRWKE=01zm}{C1D!P3)*e9U08o%HQdHVm@Zj1Z_|F*lCCZ>ZW`7M4wIV@v z{;b139KqdA1^Y@S>b4f~b$7!_$_LAJ)zlbUTlO*C7bbzz*%PROaeI*nQxZnG zNXr@VVH6lgU-AIYmiCxlwz_Q_&XT$IIlJZA?iR#CW&ddO(w0|zS{MuWAt&_$Y_-Jpst+r(1z+Bb1#GcOM_-Vziu7UkM3zLFIc*dA`~0pYB2 zy)#3xO|+VaekdNXKp%3SEt&8OM_!K^lY}~b;PRaBY%lMK!#ZM?TawtpTm8WmF=QGf z#)`SxUtjB(Q-Od&i-ZMi3{0dy{p}a?wI}|ny6y9TAT^vRxNSHm^SB^_!ux@7W;!$#`;eu_l%R+D zTV%w`FzD3%2`ypxyBpqUxtbgknG4p@uC*6*yN`YeA`^*ObKQ{RCeHF!#iU%^$+?4r zip0jfzb14^?}UhAGep!5V_Q>kVmBV+_jatV^v5)cHp(bbzx23P*}BBdl>tRSw_UC} z>|#}EWX~VBuq>N$OyO_5e+Mz2gGq)=KY|=(KeTvM{}IF(*jO8znNa^rNRh@(&&skg zzSlgE?nj5i|C%lkwGBL|Z!VyD&f;%K-`21p)nB^>Hu3SRE|2{)>&>M?s)wRc&u`B( z5Q}z#?X_^mlk5GH&AQQ@qz2Nk{CE%;NMk#Y9#wg;b?Sw!I^Mo zzd0o}y7#+wtl#A!##3o^GVQPco^qyYW^eV)3+Yt6vXWayyo0gO&f6JK+ zgd>VZ&eh(^YkBv!alsVk$dUfBT00_%uF+;5LY7N=Nx?o7!;Q#Svap?|Ngmdc8C%aKP+tGKm3XR8S(y?81_GY zlSyUnAD%?`P2dAwY!I{>@KS1Z!y8mbGvB3O`h0BKP#_`*C8wYPWD=bmuplvnIt)!H2q^&= z3ipvKb`JGu>*f?gO0W@X7|!W_0=A?=75v=0{Y}xM86i@&;~@qB+7PAz_+?bP$;|DZ zR9g)6Th;**?g)NX*3U%8!&*4%2r?%LoKZFMY&P&P)i#?V&++AOuC$q_*m$?KE~`wd zgZj4E6ff-ZaXm>I^kt3uA&_hwS^#T9zUpZlANuecPPjnRjJFT_d52ujapHZ9GIpY# z3PpUYp{MW@Eka&AXXU7Ow%VmW7t1-0kxM^0M3I8905$~fD2WkVh9?-%?HRdD29S#^ ziMkx{kMKf(Wt51L1qGk=XkQUs6ik=59ejhA#)l{6q#M3*UUOTrS1^5K z&E)n3rv9Ilq=bB+i2{WITS@>8M4mkIjVi@*)o~#wsaUdX(@@Iu)n02bW-mEH>&Gih zlSEqJ`r{-};=lx)aBCs6oEb+cguv?=uO;5bcTAs-@#SkqyK!!WAtICX*Lvg6>!mcD zTItWn3?hTnlbbb))+MEwAtowfFDAyxH{#{+o{&VL;F(0|o2i>T@e-_ngFC%6>ddQ~Qg2b?k$3PA#z^)S>oFYlv zo}f-32LxK)jPcCsruI{L0**aC;hqpr7Y5cced>9#m9d_R3d)2pkNL+>b|HK6Ke@vcc)@F{>|H`0Ndba-z;lg++iGhD)&wr>Gk+p1n`sG4;SHB4k5`r!iorC{N7-s)A;2Qo$75Z<~t4 zP9t02TC*eiV_npzhRV${ni_b%@}4%(i;(Rx>^?+&)fh#n;pKOq9T{0bR|2hIE``)T zN#z@veNEE89`@;al#t!YZTJ&Z(4`i#MSAe_b*ii+>8jl|zECTk8Ke-$ujXwUzlTRo zJGXxCxfy*je5E?8?KY2$_uP}ds`wvXf3!Z;-BJE~mQeyFr@#5JY7yA~b|hIFIl9=` zTiDuIni;tL>qtucCnsz0HQ*iIFB{-B0VZU!;J#*{^Gd96tCOs_ROL{rR>Umlk+*Hq zRq1>->v`z$(Z4UT)h~Y^-ND=e_fVw-_*C~qj#F5tOkXu(2U`h1r>EyfhgSu4Uszf^2YK-tD%}9~R1|#=9AfCR{a(DfnukVsJ2@4#;;UY_-y(I?i zNW#S<3|O%#(2#UP&R>lRyrZ#($KzMpD0Lm(JR8*$HqAylZ=QBvTtPD-p8zRCEyJc+ z?IdNP`c{$|i7v49C4=`vUKVEH)(+=?ybFoLmXu_*3eO96R9LsWaQXBfWxE~kHV3LL z7q&pjabDQ+_#<2n7)x?0R*qG+z$BeI-SzKKrNC%9%E1<~pWN@qJ-R&N?*uLz4?&T0 z`Xn)NJg|%JcKYow3ln8)Viewa6|s3kO^!Jm@hVPoL&Z;-B2B%Sg8O(}U1da;A1D+LeZ*k+v0(@I_;oKi|y<*|f*2VBOmO2UY*c5v_apk2>@&HUI$O ze~d?I8ATxl8b?>hOEoKp^&y0>DvZw%9AO0sT)+m#w1)oDwK9fvQ}eLMffhW5w1Z#R zVG(dHBb$84B8NWHS2zGb$b&P{drgeBR1sj#&)J(^PoOh{D#xryEj-^_BA7c2RjU~5U(J8ds=^wV(<9Rh-G#U$JdzYEnvk#GbpXH zM5`RfEE;&A6NZ$BM$lC(G=O+n(_<4TG9@5_W)-aEcB54=`@kY33jwpH9Nsoo7F;%{ zB5h%LX#>Z>0ujyG#gTxN!>ANsx!cN=E+E~|Zm_E4t=(-i!w2}LbuPINwY*r;<)XLS zak1sJ6aQeL_tAE&158X@)@MtAx!}3G-pE{edKT2cK0rfe>H8-4T)WA0NE)J~JRc^K zO7~$Oc1j|XSN!lO2YQHa+fKviVCr>W*E6-ky^DI15J%r{x!3!hsJwVVSPvLo0%cY?(-DDf)e zH4&zUs!oQset~8vRk{ZdKhjrNN$8@-Myx_-240zG!TPII?JamZ5E1rWy7=Z7kqiS& zrwvsjv}EWvlDcwxZ{p+UV%hQ%7NZ3kdZYUFNsAQLI8p%blQ`U#X?X4vCoI^RfGBS1 zbwcT`NIA+=!9~S0eDOqW%Tjo_xc8#Kn}PFdiq4R15ZXMSv_Qu&C>K*IA%aSmz~Q*9}zkeqn~co4X`v zKv?AS#ulD+m_@ScdR7%t9r|a$GX;a+_mbifJaQH5N*6AR*10wHfkh2kGK1cFx*aje zrvrPh=IJXb$$259@miDWjiOLIazzc&v3ki^uql)am|;n|RLy>-sX@T^Dp8>QCToFZ zEUse5Q6?>riFzF!|*TM!lg^>kDX)2ZHeS7{-pX%AiF@3@Is0L zB`S_3vaZg!9YzXTJX1LAVX#w@_G1Dv0j5* zcEwrQ&MnH8y>6r9g=V1EhN$6_E)UYut^8@S$mtfT$JLhRDRX7{=M^1ZQCJV>^Qn5+ z=U$MV(}OSLG$P?zUuh83Lm$Poowie&1Ni!g+S$D>{Lo1e)ZTXCv1t1|azlD=dr$R~ zGofKA^;p__odvN+LNkWsh0FfbGsgCUyV!UDEfy*WN>uj~RZHEt#Q8ckR&bvU1aN12 zf;esY*C;F{eaA^;SG$)>`CylrYc1dI`tD@=cmy@o*82rFoUp;j75|*{vH;E-3)B5h zD(Znpi5RU0V1)-j2L~S#2*JlMPQjQimm2fS^&LB%jls%@nOd4*ZdX|2-FQ)LMjv|q zJSy~PP9m^Ur^3-B4k(<{PI*7}^XrW0VT4sgqL==JS+CDmynU6IM|T&?a--{;o%t8o03YJq2Yo4|q!+-s+mTRkWs+u5>yw46>xK0FR#X)%Z z4PRc4R4gQaStAvtmA?EEk!Y^q>}fNl+46Sa#MlbV>jlFnGr|u?dVv;(tSY0V-%;oF z#XAdB4kla^@Xn2^G$W|HspegM%Z3?#v9+<&+hIi%zul)lwe?Y}v{b-J&0iX+D#WxA zNKWsMUg80~Sjx9rNhY65aR^0!Xq9+#+*WqOMQQP(PsQx~qa7G)Q_z)^g!6jMW$CqX z^6gdN6CT$U_U>%Y)A~8-s{kX2Ec1T8d%ZfyYi{>C^VI0}>-BYjfTw4=4)?R`>7%=f zyF0$k!%}2g=%+!muH$vQRq`5`u_{8t@@+u5#&}e^|H`BGR`B-Td$M(%aAG2y%yhbg;@ zQdn*Ro?z9GefJxBo9xgcxv4q@YqOyH;2Kr>t+8`?q_rT3fH*;O?X3J>2t-CTc)>^< zISez8D04?3jza>JM7N$L*7@EW#=nC=rhRB-!5(? z(=gEfcV%pAsQ*vsmlV&f@WWXg{JizZdtwhww}3PpTZwG|j@nk<1j&QFz9L?&dE!GF z{T|m~#@-}2cYoGcP?YAU9iW<5N)B1A%n!y-vT|93^x!T=U~VE|iunWN)c*zK`16L7 zSkj&Nvu5u!GGl=RN$*N4DRvi2(QpJVTcx;{&$3)ON<-xc4A`>(R4Ysyq{IbltD?ko zz*nIKWA0F$D#TXcJQuCMnE(PP8R%>4q1cWE4I3Z>#%iqa_>*_-XaO*|rD*#jqH&fo zN9$QLB0mMC0@hh0jytbGhKSHx<5XM0r}s`8(VuDDhZYsh@H}1j-B)9&E823zobgJ^OPB3H09HRbI{)G9ah}snaOOxcl zvrm@*U43~1V(JDn(Din%I@q`O7GH1rEBzuhl3D^$lyhCDO)c=Nhk?gz%8qq%t>8#n z33{#{a?m)Ao6pxhwA4=>M`+wC?#q1GLeeR{&;=Cebu5`tjKU3iZ+p;Jx;&+%h|;GS zsc_<@Y}VM1-vu!g-HppV3)I=dq+gbiMwX^AYq!W4IyZQ%bQiW(Fao_@d3j#2SSA98 z_Xb}Iw@+&&nje|YwQQYaMRju{1~z#=>?{Bc(5&yg&Ag4N#Rw_=_pJZ!s@HHsRGuGK zasGtMe@4FcHvh*#NeQ*mAO!Hi?-ExyB!WoQsubnt6_yoLRrIL!bS9xx_!HWaOCBz2 zE05Az`Ob9x-?!6r&;r25aP}ch#Y6@X;$@;EAjA9akCvHReVxq>+In=H;iIn2L3#lD ziI>cNvR&sL36Q`|Lzpa#$3*b>P*sG&QIYG9kUe@LLCAS_9pH9pnD!hm9Ts(z>}*~;#XB1#rh7ojmW&gSs^w^r+`1>ya;9XYw84VXg}ucH zy`~I6$(#ah`Ad~4Z_ca#u`Zm#yTfOp`HV1qC?e|kK!vkpHPsFf3-8-#k6HK0)e!si z$ZME!gljkz>wb>)w9U)pUF+_OhPaV5=171emKR=KJ~#ocg;QMob$%XV<}u0SD)3;F zVRop+g-j|iHT_u#djB!(_WuwT2~k&&F#0in+K>4u{$sZKhxzr*tPOt}WdABy6X<3B zDLgO!30M4!h+_Z=_)HlUbwIY@3hf=TC^~B`1rp(H+wP*tOag&lzdp+&XFE%$tqP$@R|D`jRx>n}+7Fm5Z&4$LGzBLj=(*RL_?+hy{brQ?pCi-ncZPMrYP=7gDg`)RQ;E*0BRhOOc8hq zPYp-V(^0Dz+5}HIZD57O0&&q1;{zp4lGmC&D3aa}NPg{~LN1K|s9s6eGzNAL?&!Ww zo?e2tsqnC1tsaHr1;WK4*kh&-Sk>nw#h2Bmv~cwY6j_U=ZFXzRn3gRNq|b8fbrFC1 z%+qFRC-lW|TaA;*_LdsnPTD?1^ZHI`fzDp5HxeHn?lD;3K>r>qSGY?4@IM_J@SoZJ zf9_)btJm%DPe(N>_WlUBL3e_W@WT5;4fIguZq5Yw;RIVX>rt}gx(pd>64V`t+Aras zcgr+kv#Mc}o-aiZM0g(TBaL3N0M-In=@vBrd&ks~jMqBDW#R@o@uTEK2`YW$PQ*rt zd|b_}<*XfWP8S!Sf>7GY3_(`PtLn&*O8mV;_8)eXkMGCEDVm4y?TeRRvF0n0Tw(_t zcT_VU#0of!P#-%Q@NJF*?om#S`s3!wF24sw%%>Tz-};;J(0;EM(w)ZLm{wc-mui19zOil6ka2JA4(2rUZNat2ttWZ_UlkpeSbT?N06PQZB$#m$!Wgx$*6P6+8shCW5d`&Z^;RP> zVzZ772ELt1$=w5|B$V6iQN)+gy^ui$?b~;`4ckGhkiGu1P<8i*uzV(=m;1ZgF;?-* z0@G4q1*}-m5l?FL@dv9&|1H+P|5Ge?agA(034rK-Jt`fH?48XFjPwi)Y@DqB)y%I< zkh1s(a=G^V07r0Mfn|nv9;9Bh5FfY_w2KdAbhlwKc*%@&28g=fC67YQf_Z^u4pTH8*SCqv9;8+LF(B{wrr^> z$H>&D_+=l|B~CY-0uR;k02Dj3T}1TKXfVu<13xxKS%XI z4$9RtFU2cY!~1-d+0D#s=!dF$xtc>e z7Ekp%;(iwb%kELgwnGfhT4v+(TjLO|MVd`kQ(H_xOG|BVmg5rB!mTDyAjIwIe~7=0 zXeT`5{e(3l^#6ud{*Mc+Y<`-uHunFDZe^K&$h>unjJde-b2fy~NtG3atzTWjS}e8$ z(?+oxFuo&5iN9}}*yaxT4H=G-AFOu!z^%J>>i}*8B!Cu7OD>qsA&T8^6p*c|@7QhT zZrx(zB_0$w@?KtAwd$hy2wSzpV&2tmSw{pViQKWJy0b;E{1!3L4@va-(&K_Hq z308SgpzI6C)3rb@iqpVpbu=g?SXU{E7&@X9#lj-)-Sh*%c61o?CB*Uv;w~GQvNLV? z&Ebbd<|-ZAa7ZNIHz(HDo!CR#lI3WLQiRCH`HaTIrJH#kBUTz3rxi`|-gEu@Y?i`w zIX~ru+s?95SSfNcF|JQBv3~R|fBwYWg!K@p$;!H7pIk4mDgVr(B1B{7sRWOWde0}j!^6f2mVf6Ib@EiUnqf9;#$}n{`}Kd!Oab9u z{%-$_z-|=&x6|IiQP0uH*vZnt=wFe(scB`i&w}`+o%`)a*CZ5~o%zFTjM7T`vyHV- zV(?yJc#YcGXGFB7OemoqC%(MA`Ry&xnU*ISmYjuqrI~v!doaP+@3tQiMEE1mQ;G(r z@=FAv)6@I&)kH>nN1Gr+Pk1TJ2I=Y5gtMh`&3g}V!J%)H z1{&-G5T^${$LIVn;M+qf`X9mzrYMT{8$G<)cOpX~ysLeYJq4bnGMK4s7_xr92m@9u zY+nE(-IHl{z(g3W{9cU|B9Jm1VqB`boO(NYz&<-Tt(NS5Sz4=0W?4{3 zKteoKxXv>RJ3uL%Dd<0}p`u~6{Bph_k~ieDFah`=y}f~up)WIe*$srV;n-{V5x!=E znG3q)VL99(6Oipu`n0+h3-A8w8va^2vXJoVm907Vq5RLV;I0DBJ#GkZ+4VA`s3j=V z_i^-LJG7FNoA*OUxV37~-`mIyWl?E)YA>+Yo|`SkR(8y<1A2O%Nt2(j zj3%5`&)k1?7C*bjPZ{bWJbh(nPz)fx9iOhRB{-E{U?=C88b)Dg7(k|^+K$}j)2E7(5^%p;DKXt7OvQwH1{Nap$=Kk z)}MethT1KOF7g|jP6kc9DKOp|E-t~m3R=vl)ej*?GX`Q)znF+&a&bLj&sg~4dCA-O z5QH%uaEd7(MPrtr^YXY`K6~$6;t$Z`a~~w)OsRoI%bb5$pYK>e!Kxa>1%<0rj)Kr^ zEl-H9tXm-c%j8Iizp(i4Mw7)tvHlU~CW7kBct=kX!L;4M0fp1JQu+z%Hz5z^BqAeWD%r{tF(~1{blQKb$+^ zu)xi2Tb38(vIl?DWZ+k*!%(15Yxg{0KMjY;FS*8C63!ZR2Ab2z2>k?*l>=gvY$%Nq zD^C8L&4AP0rkA%xD55erL7QEhGbCI{KKPG| zNH*^QW80Wk77Jmwo*Fa)E=|c)p%GH@bI+E7E?&7Jq|p43fu4=#--i)i>-mlFW0f81 z0_!~1aSlF=d*l7=^zi&S4Sn-k2oO?UNqFexonrZ*{?qMBQx~sOHRof)=Ox`2dzgp& zVN%)s3W^b$7cWQwP%bI-i7tA3IQ7 zr+WDY$A_%@p167t=hq_`QxC#sFg(wIFAG>*`kKgfDUoqG;eGYSx~>gFhj(KPS{|v( zJof!}WKtb#NM)BYD`;8!PdE3&m|2Ysp);&MtIu#5_jZ$5jk1#6D^*GIqf9iuio);> z(L;9Pg%|)ic5spUvG3{qzx!IT^3JS>?&~)tLeFTq$0CG|Yu_p(2Epb-dQ9 z`f8gRQ#ECEStb|gsJtD}SxXgi#=~1W&!7fdI{ZSzD;#mtjiPg+rx3Rt7 zfX6DR#CROWw!>0aYqvk<=5_3m@QoSd{`|9aISL1Tp^o55(N$QlB8JAC2Cm20iBW?( z`1yJNa3WR?Xs&WY7e#OAu`<&jsdn4}Zz&m&BJ*AYsn9`PipAu>6K;NV^8i=#Xwr~_ zWheawx1!!;ckNz`(c_f^_KVJQD0>=amc}|Bos6&^GW&z%IpNikO)Dy8e$jTdAn*65 zw^2Ur$s!upbFxO(r0ZLFw%(2hUt!Fm*5(s>k&E*>vgZ6)T@dVYuPM*BoxLJoqSmkX zxC(2=oSc0^!sOo zX7lY89to)g)bKi4N+5;j!Lhi!8?klZiu==w5*5$4UA>F%cVVaqwj_;98=axo37l<2 zopHd%2J!=%dwd2r+cwLIqc>V7S6BCE`|Y6t7n{E6b+)jH>sqYEZN!Q+JPKL}OIw67 z4rAUfBS>e@lP5tvfDgjaQ@Frb)m_M?No)`-%1Hl))pn!O)zUPp(Z?yy3I z3*mLZiBC7nElu0=MDE+$!D}vEE&&=PqbJi4P5Z7-qXUkcRpYv(SJBJiSvFBER!(GB zv;xTTIfI_E9%x2zq8C`y)lb+3!2nSHP99h$lD8w3$5J}v@ct>m<^%6_H7nm^P7n57#@ptrl1~Z?fTM&AyY_t%!J{0mKrp15g!}lU63JPlNj2( zmz6^^musuz+6?2U_+n21&}wFVR`qua?Oc~fgo{kyw6s+yms;k0Ap?(dnu=Afl{>jR zZzZU@dptUqrg=}k^Uq7!0T{Ei2MmBO=;cz7ZW202cEwq`0$vtPmkqgp+YggJD<`nh zi}>vB{Y={3cCM@8w;L}&I4cvkA*)JoZ4FNr6jf`M#7*M1axJHv`shxfE9KlCLN zinMSG4WMiX-^m_;lA|5*z^@9k2X1YXJZRK=lIuBvk1&(=^_pGtA>EsH?O|Ui#3>Mn zUKSjFj^mXq{S{)qDDLLXg~^T1T@>i3T@9=@#z)arCW}nw3sPXb_KSiw@h9Eb%mVgE zM+dcyb(wy1=(Q7ews-j-4GJXwpEm~)1cNcKeRE;v~i zk#E1$ZwiA@A4=v->4xe_dX5fE^udSi6~&g+OVR)ksw9jY+q9C+8)oMg&VvZP4IS22 z#GYiH)9|G4wij`UR90-Kx=(mUh!zM;PmSSEp~v9w5eE#P@b%5pRJgPp=nU}_Xa=#0 zT#DI-VnN88-;}z&*lH5@ckO%&iEOfW*5#nWs~NaL^04@$)q;7KoXp!E0bv9+=lU-yf8XS0W zURTyJ?8rpwB@Y}6_8M+k;ZPNaYY*^3nw2X-I?Eo*&ShG*Up#x1Iitd4DEH*IKJ7r{tY!Cb=L38V?gB+ILqNMBCL6 znB#}YHHtOO$qOMtC{B5=R3mx}9dO%LS~2nAM?~oKl*Y5tv!}05p1hO!D)!-x&*3+? zpN8<&j~e}d9$`5+8~n2iv8nohZ%V@RgL~BY0cCX*@&yC%=`!*8Mx&ix{3;YpD+mBH z`|=P|Xdn+yCTEuDB<}EtxxTs`_iyv$Cy<9<*fxjAr>BeA2Ly!-QGP^ z-AToJg2C-H0@sG?pg3{cNb0KRB2esRRNkONVDRl~6!TuId{M*7MVBoBq9JODF#$rk z(fyq0JgrRXAB;1-9hX5)cU>Gz{7c-G}?$%?ah&K}PJ z@OC)14}eB~(gnG#bD6Bj^7X5nXR^_*hvu;-2*Vl)Z|t;GmLP~bN*-A0Og z;$ovOR4Z#HMz*sAcWSxxh%@o}8u@jbgn-$SKsNh{g5}K0F(*%RtcYzD0XV;x2GZz& z0{={$W{GCe&bTe7Q$iUj?ej)N?1x&3fr3ps*CN%EMU$okjgR7n)Y*5N(#n6V-Yb)WB2Hc$p#_L#D_# z1Obvxti^So()L!fleqf1u)0B+eRo0_i+wJ|_3s3kteNfICmwg&0-}(0-V?F`6abQ~tDf^i}8Mbi`*w#`HQ zb(hsZpcEv@FCQ+J$EaI2(^b(JO5GY^`n4mloT~<4Y&(s!ZOOaLOY1Ydeb?sY|BtYD z3KBJlvUJO~ZQHhOp0aJ*b;`DF+qQMewrx)Jbk9We#N4?L`S!>EkdZqhWAC-r2P|8w z5YB|}p~=1rDCY*yGcWsCRoy}w)6lWl8KA~3^|g*(cVKPyeE^Rg%l38<`lUxStnGmK zmA2{)UnOuv|7@jwnYgR>-^(dCR*G)nKU%E60x#tm^%BV*WOjs*wBnJD- z>rz(_)8_K9^6 z4Bl3f`h&egjYFSHMX>IUVtHjS=bb3sV22U!IV1k=2&S-#U(5(5s7>0pJqZ8qaRDBo z^-t@075ChmDG(%<5vJzx!Ht$MIH_GMCao5HqMWlIT$W9LFtE>Z&aY8>2z`X*XuwS( zXTMj?+pnOfsH#QR*n{k)PSU^zHblPIWpkR8?|Ml=NkVHSQqUwHP89o7bV!q}(2IC` zDGh(|0u5rA@=L=o^4^5Gfnk z;@J;Hltvd~JIT)$6mg9@PK>d=a3;YB}K?Ux2>ne@Set`e`(I7~O ze0%$C{g%M}|25>Ct)2eM!SJ6a<4SGE>Q|fY3xDX>mX4MXz$@0t1M;lEwK_P0w>c_>tX<5?GR)L6KwQz9@>&r)zLK(v4-Pz5s93q}A#9I8cv8u9&6xv0fo71h zY9+2M-t4brqcKkv#IQ*`kqFOhgSJPWq@@f9`Yn{as4aDeF>}(0!vU|OhIEt(l?fND zvFN*kW*Z$WKvI5NnJeb%4sSc`dc9q$BPs>fcv*}-Nck=r5kIbAsi+}!`@roXQ84KcEM?muW4bQ+O;IK#wn6YR#GPR*X;{R4c*x`k(wW6O@}cz(kyJh zj5x@XJ>-y9mXLE9<@++{)~y9ZPbr+fuw!@QWWyQ;@T+3{LkS z%ov^0#yhEO8Ct6JfsNg{Vuy>UOX+)8+(L9#&@`DVH`~wTAwEr_qi}mDVtd(E!vJ5K z*EH;XZJC1dpOQnnr7i#~6tmW7X*avIJl%XgU?EZVZF;6?`H;Coz79aBSPn}6fqXs7 z_0Ch2Zwckod;`DKQkP4InNxW)X$RU%ZAkI;tr;DkLrP&cc2cawYIfQ2GOn0|?8QXO z0t&z2hu?Ydu|I+Bt z{ntk(YX6fcPDDUQ;Nt@e1q=1xt9Fi|VEpK}YK@@(@9(4Ezx)S}+{wt?#KwTm(#g)Y zSxwq*i2Jqhja#^6FPjw|8JqXgFL7FSQeW3P=#$GJ#HT;5cEc*5jYScnFPx$F^Hl^N0by?jJCJGS$e~N z_S}6ctiO?Ey+Sr8*N_u^G*0NM4VsX!$+=YELfffce$Ja|CdFWI9`io`PCD1%1}G`V z{bBVg|A2vqkIN79`+DxP!)aw2gdXhHw@$iZdg{lR)L{_2XBXa@GPsyOxr@qeWSKlL z<3r|9b6|z{fo+g50|$+a?zwrh$o9dfTB3Y>AB$!-1jdSDM1>v^mO{hvWW5+zS7G|` z$fBRJg{RE^Il%w^{y!{NtKRNO@N578F#iAmu>UWwp8qP6|L|E&@m$z$jAZ;kKjNBZ zqiZnO+*<{QbQ$cA?Bv+`E_kQm819N+3h_6(jj7!m}xQ%;M z6sd_5O;VFq6j$xWibQUZ$cp+FPB4W#Xg|5)hm%AuaLF}44~)olBAg1EgEB6x_7QoGD<|j4uLHsvg1rB{|dZ| zXxXEGukz3jbB+NJ6pr~$EP58hJrX*NDU9g(60Q?rMRxPzfOyvqh?@IeF7UG*2!R+j zw|My}SmpRZKR!T#@9fapfUydXTA_I4~L<$rB{SZq@7qOStFfK@^3#rF&*`Y^0FrxHs+V zP~a>R0x>9SCHg)PT99!0#2-TRi!QWQkL(d5*&5Ut^WxxljbtPeV6?`BBF|g94EiW$ z0{5c3VrHa5Ny(YPXO+={N>vVcA*{&Jy*r0j4uA%vbkNaJ!8e4HR}G%Z#UJ?y$gvlI zLONzz-5hQ2zkIeJGrL#gYcGLA4FcfSECFp+QOU=nhIGm{Vq2PHBMGz9hzp0tvev_4MixSr zh7V`neN_;{>5FjlH&z%Hffk2@{yZR$a^7*#6SFip0-`+yDU)M^4+~bu2i~Z3AjQ)h z(nuykDbca~KC{ik#6t0w=!C}B2*N4kop`|UCxgjBW*M@U_v^Q?OFT%F@hRTwlvRt~ z{$y!58I7jQegj&H!I2(=wn{cX!sjY_5NL?=CP?;?W8O-@DMA030nivpu?ix>!qsU8 zt=!IsFrejLzf)|FVY;&ze7ADzZ|~~&Oi&DshHD$Q*Ca?(InE&$-ou!S>Ou>$OwQ;h zH(Lp-doihiaBc_h0YK7Dc$dh4@ei_Qyy&||y~Z1VuF)}g!km2=95BKZxZYxvj1Od{ z{RDMoSrG8f?41!pY6OEp)yMM5mP(;&-36xm6Yb*n!V_P+of3SKX)0B3=-NT9$}NC6 zt3)b;11037l>lH)&!^BD0Gx)aD4rpLbY_w$arwV(bajDQ;RQs10yKee!&PJn1y>XR z>|FrJhWNt3R3KhNiEFHA?8{_&Up-!hFz_3G0mNBs`3PE3Hv?o#usCHIIynIHb8H%2 z$m)_8w|H*LwD2Oy$WVwN4I?Ada-zOlg_&mkYU9GX^wEDqcqq`KMA1&HpUN1uM}f%Y zpK;v4BA$Tgboj~zL75e_29?OCq|&Z6c;Q0QuoQP4{f!li&?2&NCq&TlSQQ8jER2;` zM@Ym}%a9jcef z93fHZswiQR8Oe;`?mhHRfJ;VxNhoaBuxC+J%IUOZ9=_QWcM-mT9cS!P?z_Qi1TH*E zN+lfWv#8D8OkoC_fc|mGJC2Poh5Fg~{TN${On)M9TECM|E}fdg9f(PfJxY;nBh6Bo zO}T)!9d-milDtP4TU#AYBCP0V>Q&H^ts)@Y1$?RVys%nZTl1;8Z)KX~22Gl!z=za} zJ2IzqdfE{>=pwqRf>#(f>M(uBdR6UbRPxqy?fFLOgoZ@xq)r0l&@gEPZ{q_UZRF02 z+5565NrorhwaXoWCg)*IeTfgk2#+*PE5tL!Q=lFUt5QxBC`ifAy-;e11EgfIL|#M zRVEBP%&Ri1;HE3eG^C?m7Oq~_sBU2N0?=>#^@SxKmZI5g+7UW0!XFlin~d9-QBzvx z(^XWgWOO&%cX@d(<_0y>g=s0h=6QVGme^CcGuu+%NHIg2#T8bOyu>izV}r|Dh4Mh6 zn*TcfX1Zzr^nG|Vc|$+@&FAxQy%9;h2a0SEB*|}alTP73x=or%`H4hO1E2++Z1L{* z28sl24OZ=$FPEsQ)IIIcZ9B%Fh(BzF5hx`qZla{p-mdeiEPUK;9cZe)8ztMA*4{mG zPYNql{Lm5QZ(%%^1WbGF|6(Se%jes&QbVD3Z`4qszWpyfCWWd-Sw=mzIDzpb(Idt1 zem)asc#@SYcl8`qa+oeFGkdqdBc4M4>+n-t%5bh0pEWwuBZd-s-ClW0!HqjXzlk*u zB(EhB>p7$eWPGIfT^5Xs1so^@NBko`9}Sv4j~KSXxL6DnX9`N@5-f&X)82u@^YQj| z?R2kje(=Q9ZkGepK^?5e*14fM2H!5xo`h)|{#?#88A8 zAN@me^lixm8rF>hRR;=~9=_8WiQPR37DDk@3bC?gP1AVZwa)bB ztp|5XRFwI7r*ZwKrlAnsk;>4PL0cKw=-`UC49dU%$cm5rOU8tn@28r>J1n!lD#t!EM9~>vJ0We?#5I&&7lv z3v*QLODas!mK}a&U`g8qpY#V^yK%4MK;PCRQ!qFN(}*#{g{8AIx@<~pJ_P#JxTcX! zy822FU_{K079j?s0Ss!e4tbotpjJ9Ye8kEK6wGQs_3UzS@B9+hOfkqk$Bun*yVRC> zxesH>?cfa13b0YtGX1oZAqDzZBMh?XBjGW1(H%Lue$^Z5VA{!Q7Y}gC$lQAroUeCZ z*gj!RMi-pD({*ovQ$yAqbW2d@USlk8)1qF%Y|O;Q0b#|E?dur z&{NbMi5OfU1n@r2M~mV7Qi3n+3j9PIRd!0dIko40OUJ&rK|CWeQ+%+u)LwpZ0Cl!N{3`z-&N_S9ra|TZqlw!YIqX6P*vi3 z1(hBCg@N|-Qwy>p2PFxCxG1hw^<*zNN#Le5m!D!q#TkMEV+6x~H@<%)JL-ihUz^pM z3w(Rmj5^E-K9v;Vk+MVE=U63Lz)@C0^yl_gaI|o6VTo-|`TD2t0&h&@_e7>)DfY2&&d?HL0`RxNA~HW1GnXV;)3)4-a*?(n*f3@n&O zeMg^RO^z6UxiY4JZ!)sPLU(NjQIlilc0A#}%;j8mggw3(Z4bvg$02ig*XUo&)6vOm z?y}pb5kq_t2Q%5Eg#OHVw6tbV;$jho;kVil2+8!JnNBMMox7Mw4Qt@SHj(ILf1f2n z>^#`GNpx**frgQr-(GqwU{gGF-eF8~zp(U^q072AOT!6Np14fR#O1<^=qtB-XqxCD ztZ%H$=n(1D+x81Ra2MoVEW>@Wq*t2b7N2+W^qR`F>L;WfZQTZ2aj`f|8uIV*3~Fd5 z<~^7!%Jj>Hu+f|xZd28@buf&~4{Z2A_wjlGJ=j3z|KRW_#H;{tn${eLpqR2mQT9Jm z%nI&j_dQq1v`g@f6EKH3q8n7iB7%ssL>&Bu3%F`N z2YO%^5e3C`gw%TCicB%dNiTw8K^7cKxbdqlEalUNvxFO$rlGc2D67_v9lk64+g)_7 z>iUpKW23~n1a^4Z1p zg8$a?EQ99TP|D`CFv`J+EyFrp<-p9_g{LIV8nfiy!3#M zTpDoVq1pTnE5~U;mQ<-1=~eP8kO9c^{52Ig{Zq8n%#Tp*g7pua;%V@(vx@1WQ{q6A z&;9x!{@5Vx84Cz7!V$PHb3O17hAV5v6?`Hrdi9y|$QAZ~jqBYYAtDaHtp*U}l&7j~03)B>2&Rpw1*Ez(65$wks5Ray?F1F9U1 zvfOj_In1yHC9%78I@7nO|C`~mDuI(e+WNX+taB)-1}b6815LP0N^0!&jLU3Xk{AEH zMhN2$qqU)3UCO~_Vw|rVGt8eI9|8Wu7RY5=lsX+3kP$Z zrL5l<-Q6Mag$Z;LI$-j%2nH`1o7WTIl{gafaqQhJx~!hf%r@>B1-?}i#tAnEjtS;E z`rXRBxj*;fmI{T z{>F0Y3WZUw{gXJ^0+RzQcT}FoZ6#pYi}v&c5WlV9rx=nyahaz$7jefUny~+;S+4HQ zFvtWN!vK(U1mYZ}Y(^<+(L79pSP+Y390gSOYLv5r>#Flmpltvo5Agy{k7q6U7*>izN4?70x95?t}OvpqHov;m3HBfZ$``|Bk)u`(p z%QX6;mS)0^#~vNYm7Kb+Hd`%MjzFa-%h9HGs^7Zxsc%qKyTZchw)t-5-z(cJ|FMyqD7h4AXhR{ZxJ);e$ zI8{51|MnQi>42-+oEJasXly4A2<|ot)oNFX!2$N1YNO@vBavk-Uo4^T#Q~NF>W2J8 z@hm;X)B+i-c1c_&yfbn{bIm#v$OY=~)Chx=Fs-&ziT zwkw`Olkyh5jTus}QW@i!1A4d6u)LeGYVwQuc853*7zY{zk-EOtFr&F8RKlVN71Y2# zLTX4XBlgHJV{8frhimc?!V=a4b0`v`J(JHdJu$727IM2lv*g2`{9@w@ir~CP29@Z$ z(_0xvL3ajHvfKGGKPU0cE^G1wfF&a6k}-7;Umaau^X2C&tJuG??gyftC46>WzqzLe z+GX1B_5m+!+ZvrjVHeHr^??VKRlZce)6EUtcQs4-fGaCDQoenYDb0=V$XuFuIBL7}9nf?g z)dabg8`)S{==ue3X~SrzvPu`OrQ!x~X%?=hM=nZTiJcNO2|tZJKr_2^{11Df-6L@v z>@)cqL6kjLaC$Dk>3Ij8j2&u>W#b)n(?fELNY!d@-R~M`dOAe)PzbN};(ECCtv+_p zCZ|oiWhZ<$S5YBD8~QBZG2t#kSR`t(+t>@OvQWnfO4r(&W}d zbm=-sC3BtX%6DGCYp8|LR%T?ayRgsNtvr^t{cIVFo$nQU9e{r z44YjG)YQ!y8MNg+16;snZ{YwuY+KTp4CDoFD8OSrvUGcGkb24lh``gy(~<5Et9U0i z&lu`t5|Arz~(q@Rh*!|Y#qrcf-r`#U7+cj7z9(_wL=e~3@) z*Vi#v1lT`sOI?mcySxOwo0t^6n_q@lC0ZO-B+Pk+W126%xVXkAYS}HBH{4ie4NnDG zOsHkmG^QWJpxC)DCAer${EG(awotGihLPnALC@3CwmrJQesO7~=DUozpbSPm;#P53 z6wh}4X9Q$_HwQwAd!ZEtdG&85vli7)ZuDg3==8FoGN+rVAU+Dxb7vJV{zQ1_{43@{ z0{saAX8k!qMXxEGs2`15SOI-Ji=1lm5;gBJ3*RD-*YG&GrY3uKZ2GsYmq@|zhRbz; zhU(ebjus;?#a_>vXcVln|6hR0rfuL*$d2?93_)ApCQ^b(7^RK-F)ItQE$9@l2s|?2 zhW|LK&u3{e=&Qc}sclOcv3#i)0Cr4pN+og$0P$jcSOal>#VNy3FK+1b0{Ty#mtWrV zrZ}cuM5Dys&-bj~V6UIQ?&k%wmE^iTPtX?IPEadaTdxIVZ|nv>48cdJe7pZ#BD$pW zVGh*;J64u&6#=Of(~H~pr6&rlWrh*PzM)gtot5=u!`n#h9`R<~eDZi&zP5HwSMN}@ z?m(zg=W1IgWjNigxaY8=!(GW!axRAeq~rpJwc=ay?jBfM2?JwZ=A2|Mli((y*|^@$ zbtV&ZWvNfF9eCaK`VN3!8`f7k516>sAAyHplaNT2E=f4PuIFJUi&*f473;tQReSd9y zJi4F4(`RTeVJ=_CH+mtaZ%vyo_xW{0ueo#$tJj~3&h=w9Taqtc)i-#G_h;i1mZD2- zB~G;jDor&cRT@q52}zqPn_*%{lIe^?24>;O_3qCX;a))4DHu+b%jp~>X%f>pbAaep zv6sag4vV}YKY`dkAzqsf@j%{-Hd4$^mnEmgi=`GGkjkodEV2Z5+TsjhV}}1izeK_3 zIPHA?)t_ZgNGwA+50xj42a@4!6zxGLbN{7LA+D};RM}c5SBXF z>XV!JB<2{0`z!pU)7qMZu_k_Ic0wvt*YFMWEDMqf5$(<^Z+A){$Pg^ZU;hw)4rRSk ziyXJM3tDM$nBeqU+0Lxi_y1sV=(Y9@NIgIDiG>2Kl9V$&?utMoVLYt? z8-+n|8+{xe_fc*5a*6U6m;!Z+rx&mxZraI_y>&xatiJ1uylPV07igSOYd=Zc^D#8b zmot{F;|#^Un~ZCV*`81$4aPCgY6gY+n5sfu-T$wI;@qbxMt6RKTb@;bDwoxTui|68 z*%b1sp4v&dWD#cXb1cbGY(z(YA(jrV)xA0Lvc!}`T{Q^N~o-$Sh8Pif|MF-F>@=h&P{HU5w#O?NnVz@j7=~_<21X{ks)J7B ziPfK(?Mt#3JRsun?fA$(h-(+ylrSR**Stb;^NWz35ZtBF;%Db`rOz}t%hhENHZ3h? zb4&aNTF;j!aq~zq)lo2wL!DDhf^sp{ZwQ*fn=p2X2n^_E)M<2cC|jfSJtAK_^^ir~ zDrOr42xqJ@_!;i9eS4~%=qUyh)bd?geSFw~l$o40wGVDQ>7-GT?)GfX`7^lHOH~LrJp?1@$grx^N!2vp?Qg?n)hjz50*lZd9Vs?+a zK!g-PJq=Ie=VvoinNYivIK=B@-tUmo_sW`)XUr!k}maQC^3CkXvYz0v*fZvwKo57EUxnK za=2r84LMQU)Z_z^xpKCsG$lH=>*A@^?wvE0-I8^T9G&S6Xx4WDq{Tc7t*@(@eGm`L zm<$g9f0dtARjFs5_kr>KOViX`t@)YUy?nh-jU3Dc_j8#QX@o-!#SS{(mScpjHrr9K zjLd4+MUrF|%$$hat6TY^L+=8Ek!y?~R`!VNt>!IA!2w9rH8Mu%VIh0G&)r)U6_nBj zAiTRo_vtKq8Tc^$7~qlKp>$%}?anwJ&PdDLMtfs{uEJim1_w;LC(YUhK*WC(SAK{7 zF4(PwSvK5`&9*zU(OZT?Owe3o|F>=nVRKjN>hhNiBQP|^#oq0VsVsb=MOVp2bB|OY zSORzM`jYzW($1^l(=pIj%4i-*MB3Q!vZCD>N|^Wvr11!kEvIB^h-ql+&OPdE&&mdXHzHYq!!Y z}zVT$EugpQ(G`1~O+J~IuQoq!vYB7>wkl9)zYx2;h7S zWVSF=M;X`*FKfQhp|%mD2U3#Js>$SkGlTu%=e;xT_I9msVYg?Y-kq@F+s3VM5!*?g zFp=9$o^VmykDhSRWV{+$&g*nR2QRVFv)rR2gJR&o{9hMQu%=}$#;0c49>p4wQQk_G&7Aa|m%x#DP`aOOqPNmDTO44W;>}BVrsZ z-bX}fU>QSNXn6T}rZ(jKinP`UFhIZ}yN!O=bw>l6x1>M46q@StjoV;a&W9x=P8^vA z2^l4G7$;k3;HnIrwggaNsZ{<>cr-uuA5F|Z*o&a>)x8Gn6?DBKZ} z06 zinepQkx?zBV*}TcwS#AB3NA=8nT#Je{`iUE(9FRN!hP>vX=i3Af2$oh67-Ix!sXz_ zz5|5!ie%QrXTz306TkcKjuGJ3+i2x!4O7s)u^6%c#pUw+cvM3?3+7cj z+~%iXNC>($pg^jb%&!(|5&i-xpERmB7lVj|(i$NHGsIR9l?`T*)6P>~I$|jG7>*BD zawM+bvC}pu5h4Mdn9(gKC8@fto{r=85Cc|zMQIr|xnt833eF?yFE#!Wt>pkOz|u3k zV9VMnI+a!NVku%ef*dH^za}#-z~-9q$4e$Y_phaGq2Kmp+dnO;Peus$Fc1aXEHgbu zc%kn$#*QWzzibwIbt}B5%5JzF7?m(4lmt;VgxTArUIEBltFt`X+?@v9-z{QGFmFns zhW`5!`2aLxR#|`uQ&aguq{;7Vvhn#@B>g$aIdEM=9qiPAyO2et_HDtV^+BGE&JF-m zre}P{|8q9>u*@;uj1EXv=Nci>h)JMNmZVQXit(XAlb-bvFhKzIA*M_OoK@?x(8>p` zWdNHXs8tgnTf9rsC8KKU3cn4Zd>;{PJ_>gQI|c|wcCU{|?X*G;CJvI))WqE1ldXhR zoPWMH!HW!Rx8jMfauAX!XN-P10mj?z;oay7W_df9Oa6g!NkrRkxPtipJ$m5dZuz~{ z^~XfIGcl`2HNcIP*eFmO$Zn`VG$ujX-VOWul6IkZG~2~cJu}x?UedL8YPic9_ZSJ5 z<0^J~AMY76VrzH5GjbTEG*CIp9il))IVeAPIw4p&dNu~8pA7~MgFn?HJAm{)G+^Lg z>s2~EfI{HFTyqOFD|8R#7hHx%LrjaZ{;~^abgf*3PZgBcWMT+w4b$!rgD|!S0!%-K zKvOYs8<(Q6veSlksPk~vEaZI{T%`g5Yj$I$ek*h01dvoH_66OL?Fu}|))nU>9i4hT z{M-Ou!M$@(a7`^v>2u>?W-@7RI#~UYW|~De8K0ARuiM@UFIz6NlJPBn^cYbAMunwXHNqQvvC;ZVlQHzI&OuzAz0|vlg>gmadC>P#`i+e z|CVh6v_4~YY9pXjIIA;_QKNNRXjn7OD`>4hwv#V+RlX(T^xB9+`~RHc7+|bh^zX^R zfWe{n*1!m&;}~o))I|@ej3R=}lLF0&uQTk0pH3s>qwBL%&B*XEYsd85&BZ)9oAfa5 zx>mesMx?`b3JmS=se3c;gOe2Mv9S1x?m7?xi6%KHV@73EM>+@xT|Tnj*{{6hA6&PG zm-jE0U;#|HQGbk{l+y2ZNmJCyy%W{NFt{nqi5!)!Lyw9J3mlV_TcRyw1M^fdB8!Dz zr6YE$uQbMF_G15jo^q zHIJ907mJai5X&7bT8JxD@WpCCmJ$>8T}M>|(T=7Wn)@cI=||dIc7iv;+X-k*n<7>=+0pk6!n01Uh&j2MXT| z0Sw|Fi-}kT)>`T~z~AXrX;HBP4;$5%g?44?Wi4;7(g#D>Z*lhqnnWwFw)RHrs5#(; zXSr+!Olo$Fhj63eWXaW2DsL6_Y#(?YUW|nw@Itc+L2hPOw%RM8+kl+hEcHuwuD2+nOoWzo7Kh`UZ{38z(>QnqBpq!AJaQ;JdgxpM9e zHL6Tzdd{g*eJIJaWmR8C)Tm9A*G1Rx)k59Dd#fcE)HHD6h6*KZtL96P0HwhpYTxzF z2h_?O&~z4y@f)AP1O>Fgei+`E$TU`B(@raFd@9g_5sO+2GSA5(>eAbnm?lYEDPQL@r6D zM}kDv{G2#8HauM$oOeBkO;Twp$z0$V#w)L%#`6X(TW#dLMJUX^0#1G0JP2%{v_#{1 zYGvF(q@rl7fD9Gy>({R4G|7N-rdd5BbDUNIEm}3MfacHy)xmK$ z9_`M6B`P!yFyj-~3-#H>H-sr4TqKI2 z=KT`l0i+D_=>v_F^M1+Xl#vngXZ-C<{)(JKX^ZwJH0H?304)IT1Ecj{RTMde|oj$>VYpYA6T` z(b_AQo#9zhkHIrIzUoO3%$8=PfW{44msBfAB@LV;3si}3`O*f*pn63-n%jqyFNKvJ z4y*;{?6P{I?!=HVQY@Q;_JqiXR`E2}1`6Yz1|+>8Lo%_MYV4!F>ZFg-mUHX1wq1ON zGMg};GCGL5baDx@i@@FLq7y>L)pvnWP$t!@KMi5@xSRp+u4B5+=lQmH2r^X+5D{zfPP2)z9e-$$>oN?*=lXK|HY5tg^Fxnf}*-HXV#=*$G74 z^+D?hHtG%8uFagr;_s1cLWNyGfYhiW8F>@x0_MB9PI*;Y#xm0*c+hVNf6P7v#~Nwb z)6@i-f?#72LeJI6yau$&R#*GcUDZ?)dmPT@02kMzseaf;4b?`K+rF-Yh}XFdbMN~I zgI!#49Db#^sm#7ZNE@SLvZRg6ip*Hoo=!I>Q7Sw#7FaruA-lHj80T3{*A7U+kt#6` z#fNX#y|zErNwOf2d9<>k)>i%KkSU5fEM;9zL7|wRQAfd|9th7+ciHiAyBMt%c+ozU zThF006BOWt9YYcno_!Ez+T57ZpVEe;<5YmwRLSV!!6G^Lgs4=94i**|il_7SNb#_g47etryC^9AE zd_xOuA<5q7HYPlmuBLP`@OoKz8^4*{0ewRG1@mmf9gerz*r~wu`4kfn3pU&J>Iulx6hoycL~b;4^` z?YpfkN+oVzdDGx7cXm-R}hytsT{=lmf5va=W`SaJ|mX_cz8@ z8(N&$vM5QN13gV`YDjiWT%8OdOXPuB<|4LQD)V2cqc@;r&RGix!&>TY(jMF$nvD`p zw{TT981fe;_t&lay6FW+N5cBaAnY*CiYN|_R~f)lWAj8Nv#ry8$@HGWy?cgOyxO`X z2S!l012WP_9O=?7kYY&y#SAdl0jH$41EG1D8Yxa)TIGHHsXl%YW>D6}YT*`Td#3z^ z%s}SGaOK%;t5#Paf}=>XHeEaWXWl5`=B3-NhS@+nku6JOz7_||l8P@5oS`ZTf*zDI#z&ZSZKkbi<-yx|97)+kzCP}!7S{KGcvbL&1-D&i(l-gPB{y`2QD z`G(jC(?Yc4-Qb6cbRh0#isxs@rz9tLoto*GFr0cc`eXX_D^;sce{!;dKSuLPbU>N6 zs7wqzuSVV>^e_ay=-1nL{{kpkeONx&8SZKaZHnkP$ILr37m$hP!geKyAJWpAKV0-= zuZZ7(ZZW#hHOjxO63~M2&#q(OZw$2 z1iWd@kyA%#zL1o+!uMFH9nhWjm=j?jZH=KfR-x@N%b*A%7?A6q@R1w|n06$I1m~Z& zmn~0VsN@OO%15ZTvd2&BmCUA^*~j&pRY}s)u~?Mk_5NO|coWC28$LtcR`nZpnyL8Z zO{WUwR*w|-qJt>i^8z=_Kde)@+yzhO$SJH$QCVKM8mD)4=>rAFoe_yWT*V9P*X8V} zYx}CgOk(c}y*K{I05@%Kmhn5ms%Dww8$G-y%^dZLExx+e@T)DnM6_Mjswy0KM3BAe zf}q^&&U;q2!YgfmAO4InfV+gQXQ1^OVWTr1$XoD$S0vIxPFoD+wR%<@ z#^gB^C^;gdc1W5N`+k8f`W3{bF-qGeuARGFrCaQnN*Vv*DY{YaHs~E>qD)O6%&}h7 z^fN1Pb?@VwT!!;`)cB@W!(Amlfch6%hJbh`cVj(_o}Q7A;0zZ(7wQ_J2YX={+|Gy> zk*ksI8*swjnIc%in5%}~+e2}ka?VL{saC8m|I?uR6?Bqnx7&Ag&H|t>)A`YF>WTpl z%p9z|Vt1TrHzg?Wj72s{k0!XjNzJ8=HC2s30vEN`(C`=pm^%!H$+h8GF98UkWNB)e zm+c*;rng&U-u@Ts6FZs9`7A~6<3>`%Hf7C)O`HRX(Bpl_+$h$0BO__ri2Ki@U*;#D zYqfSwY95D|gz{*VUv*F&cz?C;2d(>4?h3IX`{y1PiLK15homPgcfJcdfGa^1v$bt? zGa{`w^j0eeCle=DB!S&cK9P zG4kr8!7bC;AYRur1bkqs`lfpILPCd7MiIKV+p|%;t`Ka=A_~tR(O>G&T z1A@ozHK>D=ZrePCR?*6q|Jpr6G@Jw+b2jzk0hN_5Y5~{X3^N&7Gju=|Y>`tj31fH> zyC6f*X1^`UhlM;;X&>%oqudl>&t^W~VfDntQnnt3zTB$$lesUN1DRN~pGlRCGZUq( zZVkh}rfn;ud*)!)86Ghs428$T_>2$Is_R^;_#2<8i)3#pY&2f$R@x$U|h0bqJL!DvPW$6RWS z1XoWSUhAvL?3kMD8;8kOkI~UbPs{AF6H4Dl4X%yIn5CiL3y|nri^z`nC7!1s>IpP^ zGPB9&k~LmZ$)|>YsrdF!fH_kW`w$_cflc+GLkIWsg-R~f5zx7uBb zoDUFOXKUx8KDG0%ZuEDaP}p|tah zVy?MgNR1sF+7Zz+xAJz zJ7idbqPeE$c!^#68d}3*%anKY(yBIpb9_%22a^s@(?Xq~ga*@;wT{K0Y_OcED~N6L}Eo)0sAK(3_Md7WQClrh$$I1mG(Wf{(W z|G1`J>cOEqFh|ybA<7P6cR!afz(MY-(E(-&%^gykO(=pL(N9}u=FZLve91_yu?wL; z>rXqGgn`S(4SGiW%9quwQ>ECE*;OaI`FL z(NKB#^S>RQ|A{K{AvjMu`Sp(({yOLh|HDUSVr=0=`x~ilYhYtR%g9E@$o!kCPWKC{ zwXra>wR1F)mGA$}?}q7?U*~sU2c28;9U2KhmJsbMXu3mcTna~W1BLVEo{1>Yx!29f z&Ap=S!bF_X79ff{NJBJ@h4~WcN8*++<-q=1tXbP~dtEM&t`wn}Tpyqgw}bGu{wFms7!!!`{PK9t$GPC* zUz`t)cr?c~cU@AX8m?q#pJVX-H+d`cCdtkEg%|Qf$VO+Mu3a`#7DZktAFGKRs;5&8 zfzj8O+RwakgmOUYpi_2^!sZ5! z&UDsxMpm>@oiV={Hc&6=Z}22O47#)xH|u1$LDCWi4S%Am9eQd}u3;2r^8IL1LrBa{ ztyFT#Zy|A^?wUW#A#tH@R~}2x7h{|wTU#w5i>>o#@uN-5+4s*!Kl?$|Cx3AElBg$^ zNsrl|_ayjvFDFRH2Mv@L>hQT%4-FEK610wz_YBpksQQD0jgwXum;&ORJp2Rn2Y9@V z`j5fI#PRw7a%BDoY2O@NYqaDW+qUf!+qP}nwr%^wwrwXTJh5#%IZ0kFX6D^HGxg@q ztNqVcyK1dndwt!%#_I0huMd0sPM1U_25H7>*e<;DyMG!{LS3+cl<^md_#RX8|N6gw zX)%mZgHcsa5DcGdKEpiB4{{HaLW9AEj2PNmR68Na&~*m zlNj%W7_ZFu>~g3L(4RjmcJ1rm2ZwPEb@Tuofx6JCWOn`fu7){VtTdC8qGi8nSLc<9aek;SBAf|(&jL^$LoOpHrQCM?;YimcibzrmDznrIN@TX}|Q>5xS z@g;Y&;1Vtt58%ejH&ldT5-F2S${;jk6 zKQmh6{zvYVlf4IYcfjh*v z@VTyl%+2`q4m%)fA&EfmFh##NsXsf;bsG2jvO_)1zwtx0sdJnV)tIeH?iTh=NC zA%`l6FfpEM`Z7gT$(Tf-t$6w;U8FB& zHe>xhGsW+g_`mew|JMlp_m}qflm8nM{Z%s)du@jZU`E_Xw)*MqC2EDjtZmX%&(vMW zha}`*$&KhH*3lECYR{a36JvhG&EQj915>m1m&!r`RAZF#TY+EulBA?J97$7zL>@s? zrcA@p#j(WozP5AlvA`?Bq%&uXtsgOYr{|(n--IsppI3z&zi)O8=XodKI3PoP4Z<_8m0B3TN)>)SgJ>FnD zOnri~aWkI`Ug==Oov&_+NEkSw`qbC1#5RVAY88Mjr;QZiv?MP*>5TAA+{0cbot3ZV z?g!-V{~pV@7(OSWMN@N|-d!WR_!5~oK)K&uwRZtV*=bUcRtOV6zV#y?<-K1>2r7g5 zYK#kRJ2Tb9;?t7=w6@;=^0P@%`|~RR|KDW)Z<4Fx4jnvz3IOnC^!EwU|D}!m$2XuT zA|NayLT6*VsdMhM&f4;Ih4}@KQQlau6xDE%b5+BY!xfvY3%FI7k#5x6qL zI&J87;aLhjrA}ndJ>$nD#ARb-kq|tAdtwB9Fl1f&RDVHIFBG;_CTPI$!RRVN^nuNxXh=l-LQdM#Q&!)xG$d{IeWEVB@{AJF8rv~GLNtaBK%&97 z-US8HV-$6;vor1#;+Ar4zPOMCRpWU|xdd3VYGgy|SmxRWUxZ==@kq0LWqaL05$5ya z0$>gbvr5`W3MJ$faEN1A?wnx3T=cqn+E<=?r1>Z>(5GyQ{;V^55kn(2+uD$N#Tj^( z_`2ylzatP6lRQzxC~97i-?`%Ml>uM{r=TIAaNEUIDtHgDg0(Qcm&*mOJi7gSVy?>; z!nOihznZBjln`i&pryhBUHKDDR}9I(^O5pd`TMN3B}1|$ap&0xsD10+Y==ckBr*78 z^PFyYW(NuNfm1OK)qb=N-`bbudu1Z}2|LU80%SzT*=6%asTf9)C7nz2jQ!8$yUYR8z)-Hg{2gH9tyoPrc3dN~IiHfM`b3gZMTE z=LGrMXP5*EbO$^!&2=c;r<(it`NH{)r>Cc`2;@dBMeR?beSXMUwbEaW0(qkRuG@*4 zi6xBy7E2}V=wkyfj+!Abtjt4I&wCw5G4Zdq$ z?z9#N%18!_yj-+2Z%WcAp;Ev)lNDGK?lww23#j^c9oVYi8cf-Ep3Ti~e{5*+@9&oC z;IwFMz)%jTRYtf2A8SJ28LFkT0A;}E^#T-`!98F1UO=*afo+p&S^GON<@sP$_pMlpscnqAqKazTz}qlrKuNi`BzIlQ%W2<^4T88H_J*T zvBe}}=0)Lj?z8pSeX#OaLgY!TbaSH>F)8R1M*M#S`3uS4*5Q0ncn+$}KLE}6y6-ttydl_}`j?=nPrXmK7J-GdRGaKG=R#sa z0*N!BJZ$ZFLsAkGqa_OZ)WR5`VcQ36szKvFJ*VkCx{C1ZQ99o_6N$+XWrLsXmd-`0 zSX7sA%b(z>UjUYq^=7^dd_Cx(R}R9!F-C$ykh6gv7Fo=aPOw83(4;xQ5bYS|3!56z zNAZ*;tRqz`V89!PD>i^TBp_YO>D24Ft|gO)nC0>a6M%&x;p_MBbXI^v`gbb&RxmE; ztp=sl`vHH+Q{Q-iFy>5yq9dBIdr`X*07#(9UV)0SYesk?Q_7N-qMHcq=w?Ze>$~M& zhfHs*er#=RZo|1s?X^k&>FjMdma4#@m@-kQ=L zU7p9|11iTqJq6P+e!y#s0=2`6J(#0VrDBO8R%^Hu`sQeNnZJbAD!G3A87{Lic7@d) zM?SA7cL3SAt$-0?U*TE5_qq1!ldq%O&y|q(R9P}BHkPwn_BzXUxNC+`x1AP^(3^pm zy8J9K7Mg)#`MwCFsV)q?JhqRjmEpv^y^OdX6Er=Jf!}Ui6;Sj2q=^ddHL29A+)~2_ zDbOj>$oq?~;w&UuPIB{$UU_(N;HNv~BhrSiiG6!eBfU~H1WcXsXiZ<>HfZLEq)>$QPxbg$ekh{%z9N<@1xjod@SO66E3y9n~D7X3P zzC~DVa}*Y#0@!g=q5pCn6`Z%p>VOG?_Rf~?^1_+~A+!MzliyUdU}L{rTXbwLvwh*r z!h0@YqNivG{|b9`+5knNU5PJ`+}GzR-kr{JROtEC0>oI5aF9|Gx6Hie+zu_J^@v)Y zm|PB|?kpqUK!Lb!2(!2ZgNSFkZYC*Pyl2Enynr z9bF%$ERfr^wUrRW16zVG>Y$iIG&V)qKIK>@voy>^SRfZbhkdI+-j(nyN?@TNs#FM+ z+oSH7KMp^hi$Kg^y!0KD65u)lPy@;SLl{SAr~ zk-Djd)m44HzfLdXm9HUjx3QucdffJ)?NFfx|Y3P7c_v?4A)Q>G> zZC^Qijk{0w>w0Jkj=Bg7?)dyx&Cl>sl>FrL*v5LGmJ;UPf)dV90~=!rZ1y$IHwO>7 zs^aalZf(C}Ww@~&wV<(T?D%r&L4nuF=pNYYE0=8@%gk#FC7q%S+T6H%st?BaO4$Rg zCCE%KN)t4;KY=*=zgI1TG{)-;9}f%uK$$iqKG&dPq!yl&9F#0cC@N9D2^#*U;7NI2 zWZyrQW3iY@j9(78z(R&5;oVgLc>@U~T-{FNq(YC9tS{281WnYXg@M#AKeD;_GZ?+k z4Fe+7*H>n3S{u$B%I*Uu2u_$xd$CNEz?*K3U<9K8wfe!aAaj&F1UAs=;mPP=rw_qb zyu+ih$O1W)AcEHpw0v7>{-#>ub5ZG@aE^d3QG%rn&MC&2QeILBchG$A3pK7gM8>N_ z*ruH5eG}{CsrlhjOl={;XASd15mSP-0$B!FN&DxW0;&=Yw}UOz;bswZ^3p3~jn@+` z%e(_UI+`i^JK&ADTd&;yxD|_8FAKHJ0Kyh}qgb9>&^CV`trYVCFnn^V$+2z*hL*#PaUR))yFOD{_fDg z;x697+^_yPwQoi~cTiTVjnE?)_npzu^`90b-r0%Zm7Mg?;#UbNhrqF2#SY3>#Tfh6 zyzoC$2p5snFm~A`lO)10Mj0cXxCN3MV*`@7r<@zc2C#s2&|1ALL8;}KvPbd>!NA;4 zSXOwq3L+Fzi*mARypc!HVVoyNqt;p4JINiGtE^Y5x-J&OGEAG^luDXmgu#DcBrn+d zPz{GgR|2^#%jy`;$*E6HqLaiAx2%iZxU9-GvU3%0r9=*Of}Xt{G?lId>?((o|E6#U z0xZgT2@fMXaW;KM!_>~qi6LwlV49Q$(Eig%VU2OP1eGBz19A^&K?{6*B-GZ|1I}RY z``Bxj8|_1l8P49z{EjgAGr~i{nsGx#@pz|Xs&hv(H#%r?irT@~04|lE7an{02LeRJ zufpbQB&%1g3ej!e*nr7sVsE{4v*6wPx=QJD3~Wqx!uJ@U)RL!vfO7T~k~cqHO~k`idp} zAX9}$;!87B%;7uO#_e2-#$KkB`^63z1B1;t`Ox~1WCsMHpSR6WtYKpZ;n6-0>}6m6 zgM!X})2Q+aLFyI-1-GM?L^7A|SgK+4k(K$1UXn);cJ>oT5u5{&fM}m^lGC{DgDf@v zs1j=pBF8rTHG}DJXa)){)Z_?ccoF`Q9-Jel)M~obHrEYfQUf}86BR0UcB5ya#JHP= z$o#(^U7Sqfn^o0j&VBYDIRmiFF9j;p$drPaY}a|4J-Fgw4geE zQ8Kd}z+c+oX)U41hThK;(}tIQM$4(QNjWaHj8ZmDyHWs}I8-@<-(y#1)FeZCp1{o} zYZO&w_|4Wtjd+MZMIJ533FPtfCLlV!#+->IH=(|1&kyJJNZsi0ys^3l;1iY&4PZcfIWg4DL!$R8ANOP(X631}mOJg7l;@)u95G)b^)Mfqf> zNrb|$^}J!~v1SRTuRj7wJrmYlJ&xSBMsA0kM_`X<6XyWe=pN+Cs%UF0Xc~&GA|bz{ z9{iES;YYShnyW0&QQK?m_$wn=GtVEpc`GjjoU@iUOoud&$(@!*Vlux-kh{8W&C5C8 z^V`M}Dx2ZJ=p1iT_ffS5Zwq6uhWc}MihEohN^{i!T18+Tu`e2&bbhRd`1n>IsjLw> zlwXH4mBk?g1bMKrSc^M@scrKavUJqE=SrmHc=>rH5oz@0S)W>SsT;o?$5J zss)((=4k{U$;Mvl;?Np=1|7Ho^#mPUKa8JkPTq&#A>VX?FD9NdqRU5lnhL|c^Pk2> zG407EzXPt21k68x|E+9$Rd+ig_T%N~THkYbR|wB6(z4>4@qEDYnrFty83_F`Zo|pL z;AHrAak2A$GVKt(9}tpm8&72$O3DWzO^QYP#Tot-kz(XTwKxgt;^IXc1)3 z$1bTUv)drbmS=;m+rCj)l%y$UkqSjuxdW7Xj(<0@7*0^xe0TNrv67m;(`5-(+(18k zYwPXfdHT#GyzpAvtkjK$>+-sFXm4Oa!)J3G@QQy+XRd#1drrSrBB&b{>!Ka3ew?(V zCUVEhN({8}r|GXy4!c#5p3!JgFYbOIUa5MtVPJASq`;>bI$%J##3{Tj*r8IUia(8R zCu>6F&c{>`;9Xq5=Dyc zS+2qrDKQF=qqe1S2>Y%zd%estyCbDP=LD%Cx?hj33y?230icafc*0@2sW3g|L_)X7 z354t-U=Bk@`8uI(vpoP;cXV{Z`$W9R)zY2MM!QSN{D0u+qm=y=7gUQ1DA$2Ew2B3}CAbqU989MYE*4+0v9NRb{KT|aX&*3U zmCe1LnOnQ0L%%#eaiUyro(#97?f5XrB07sR-lfgJ&#$EQF4`Kc#3TE02G~ykQ91MI z@HpSps06R>nm2_5J#)Y(T@>epAVLOTYr@jBOV2*fXEg9SY*2v9He4fH`!5wwVwQD+ zw0A$Ig-aQCj#jCP?0Y@6uR+d}VzT5X)%Aaq6}->}$! z@44s{y#R;|%(dQc{zSGI|KSd&;cq`&yp~tr)z2zDvcq7yM&3+B?|~y{xM3d9^>f_A zMt4Q0TgP#_E-xpq53G$NNI1l{m8!Ox$Yd^rf&-DO*$Hn6(Ct~7_TY#oG-UzTnJjcz zU^Q#J8thWRrz?ux6US_U=@{=acpn3gaROj*00amMS;r4q zBJJ}P%gd)Pno;a!6Y~ytCv$ccTo8ADKX|S-|24{fhSttSs4QnQ72l4n;Knkzr(n$s zX?RWzYkc@l*JQ6k0e*INo`@um3bB3ZKfl68?Hr`J?AL-Yt+)6O+7@$O9AWn9{uuRM zK)U_f4``)#We}S5wY>E0><$@V0=yI!n6fxeX019nTT+9>1SG(LQN>B_R2W(U6g}8( z33d0!emmvE5kIosXj~1R$|ep-1{|0&Ws*Zuq?Z-jjK9yg%34TLGgGVO1m`aM!Ug>~@;8%$`D=Svu z;!P@BtGV|Lai@!0PfMK(=lC;zJ!sdl^z?BvHFA175%*FKj=oQK4{r~DV0?Y(V`n~T zb${k|Zy-aJ1>Z-uLh6(QB0L6%dJ!zAbQ6!V=vDE}I@dqtE6q`iw)Z3El9Zan3Kt_I zh%!dxb+2pX=blWhjTPew5P$u9I{rW3q5MzN@&7?e{f~)dpN1XH`R}y;^EYW6&;KyB z{~vql8JL<{d{Y%#d=JBQwzpnXm6BWMN9Ylo@Waq37na{o)-s6zRw)mD;|KaJWEaIF ztGd!T(pe%*`PI#|wNk$iAOWHL*sponb-ZrpdVGINxH0}sM2%*ck(XoQo{csVX&(uQ z6N``c*6nL28~L#Xx<;f%(08&DIFFb+RIfZgO)%g{*bKA;Rz6S^j?g7vTCUn-ABhw* z<2qu7j)x=6*tD~`GX;D-`O5KeEv%SFs6Yf8!JDJ){^#ouHjH76rb1Ohwn|2vw;PnCZG&@>Y0H3{|iWWp=cfB_b|Vj|Yr~EWk-TU2JvqLgtCvmiYDE30}G%{qZ|(1Kiaed~fjm zK3Kof05puohy&ssjXg<)(e*pljA7iNc}J@URB0)OXL9(>_Skd`4eKtKar3MHa3-~E zS3Jt?%TG^Ai=m^@Y-?g_55dYvwnw(7D?=-R8{Pu{p>TE6wvsmHknH)S{N^ z#Di(+t4a{o`S_l&9ca{oDk8Y5a8ayZz9CU$ptQsiY}-JeaWHwrbZ8|>cF~Rn23t@v zStk(j&`(8HTztErnuWfJgXET?jJWLmU=Y$5MO?$I5@{iNLa)VkaWaofk`mL8tZ}rB zvYbxc^v%V#zeeTnhSCMd&!&IRsD9P)gPB0KH%wsMbR-{Imb^S5E8vh@8>8l@>gI}M zkvSuxp;yPCz8F>TeYZ;P`6D)E8=DD(ds9~ld2pFx)nWr z^2o3D8F0y{?NlP4l=rE`fFDRA7)j5Pu~jO;QKt1Uh$DQEff zh)ch~6zcl!9<>)i_#^XghB&qXuv7Xr-!v7^T^ z(r+YMtn@rq!SRpoVmXyZ!r}aQ2t+lJeB&vNaij!j>e(TqyDsex;n`ZAA%s1tR4zu0 zLn;G~7u39&rA5!nWz+)~+kt`_NK>`uww3W?{C zXY^W`!xM^?iqNJX&1Jx_DWQtRl!FZ#F%XK82!Ci8>i1Ok&_bM(P(nqr%V#N%=)c(oA0Kw2I- zt%pwsS1UJJBByFH6dfw{g0XwIO32WQJR&tIe<~97eVcvQ+v!l!7$zI#Et?%iixg>` zSg7Sg<;(_2vzK>nH$9ruuxvJ*XQHPWqJ+dC2lH8cKIxiKgZ###$aD&S^jBHF>tvrb zTA8>lXcCXC(F~ae9LGH#xRTn*eOz3Xw{H3bH6hxs!>#oDx%-_>b-KHFf)$w^GLPOE zEI{ttT#4gyGtww=W>M1iFnxKiBp%5Ca+Y|y-g0J>E?ZzH<3c1hRFCG94&(OV0(0~D zy#qc9+rx~ABU+}RF~@P{mphO|FZLErw2os+@4_C5 ze9(hJ0F&R23!M#9O0U9H0p$|nUo-q<1Xk4W6m8Hfj$PkMh(8pEx!7J6MTa$Bjw4z+2GQI7 zOpnuKOw)k!8==B-ZbV09_7on{QPfLYl&lN7`zZclAYY&hlwgPTh zSoA*7xI9OOsJ~`qNRt;nDk(vlpiJ4kMd+l$ZnUUC%oR38FiJ?$I@bJo2wa$hNqG}X zj3XO)kpOuGo-{A+<4+&n6Q4K6uZ^sk>$xIpfb;nE|8n7&rY zqlWRo_+88aVX*N7yaZWC2ZiB^CqkfIQ8?PKeb|EM!v&5C5*w)_>rV2d6hNpgNC)?8 zt7b#<_qLl7s?L2{CElJK*{=TA#bQ$3$YBp`1R+3DCVsv3m;3;+;t zLv)Fgi7o7j{0}f@WeQ*@b^|t}Mey5#t<0@CCch6FeZCBNzucL;Si&k-FHBiO#Q9;;-ZBqVtBeL7u2bm|09izbrhn}L{k zU|Vde`oYPf_oe0QTS}e*h}ssw(KM6;V5Y&^dY-FQX`rB4J_MwoOloj!VgzeTnGE#q zestWzoMDzZZ#h%_Dvkl!2qcLLjX+cuc1btY*u5h_i>zXf95rts)qGGiOVKJlVBBNr zoW-Czrl^+BVy-PJRSxOPBJpad-R&`m_EMm8bK0uo|kBw}Yp43;=n8`ivk^ZO>e(Mj7+) zU~H|Vj&3r>1?ofpu-M>fBWhA>C1v)3ACJQ#t%EH6`~#vmV|?byC3p^d(1WE0c|*^O zX9%JS2x51xE~l-L3pUb%l_UmM8odu1W;)UoU~Q_#q%~!ox-kw;UYv%YD!ldsIqx+jL={v;e#{Pp3#sbboP#&rn zXaPqWVmObMRMcKuoY1YVN!dwFKJv@&dg^R2F^83owp(H?gN?~9ck9Y^m&4ka6*LG9 zDWhN$%{?P!B+@)Yi5>pu&#<6feX)SSelz8=5E1oo^B5{HWmUWWnqW{1f{8{!^>%SY zykeaIaiumo^fFXU<{JmzAXrOcClesB58EN6QW!Wz5erOW_uzy>s(8!tx%51`gMNzC z1kjnht#4Zx0mE~1w(wTXn{~W)HFMTVp@#PJk1U`8@~ zZ2u9$B#D3w&7i6=<&e6(jI9tE0q!wSG&MMgoR1`yQv_$(TSaL}soYd9Jll)BWQ+rV zn{qFQEJfOTeLAW(mOb%&BCA9c1{@XSg)480T+!RF*gs@9(kOR5Ys}L02F`7p;wXlM zN*1J{>Ld!FEd<~t@ru_b|O{+l zl9Jg7mN+ywihVtk$c+B<(K&eElBaa#Fpgi<=4;Rpk_zwn6sL>DmSHvhSVebwow7*Z zk0*fF&{5bj7RL~yaZo~&P7y747tOggWrdSD?($F(ABWs|hK)Hj)>E@`z)b3w4w3}@ zRs9^$NmucTEKqrtycSi4teoIHbr?0Yl}Fpm*e3y7{}`=S&M@*ir^u3HtMT57BPEwNLvS{{I(_j@&JI&~ON^K;~3)|DOa2XwnV0UJI*5BC5bF>m#mhW7+9VNHUw5zT}+(*kX>^ z99#}aj#*6E%|}hO_Mx*g-wR4k$szd>*@&{f@LZVX#at_aIT5ZvQBSMxL0W&VS^iEC z5r~&J-LN$`*_8%5vsu|p1s@a|VBKvn1T=R7ql7S7IHD5#beA3>JvPf$Z%JFN+Xxs) zGH;p_Hh)yvu6WD$*Kls7?52&fVE~S1o%Sd%bzJ^C2F3ulVFdr_6KKVc_)TwL0I|3v9!PDt19|9yn}-(bf6uY=ilRr}wwCErlC!GO?B zf8mEAE$F6nfdj=ub09yDCusl;D-$PT71s!);Y!P~YLfJ|m2hBp(VR6eL@(NsYr4hV zjrmh{S?y*l36|nFf>Xd-`mT&3#jgP#+nuwwLz8xPMCVicHx@=W(h@1jJgIn_&;c&sDeWFR&jPReLJ}k1;M^PL)^!R1577f@q}G| zW@+5*)O+dpefL^(@$Rc>k>@tC(rFtwT0%L7RJoG+P*5R=7qK#+1S@dE&bVkBk~xRk zXBb^lhk8`CT5($2X&OHXN2TlHiFzLU-cLVtY^s(R=z`e?Y6BthoT#EqGQO#%Ujyhu zc=BY32KD;kghY}2B_od048z)mV8SzC|iycTj~KV-wcK1JzN2u5TzIE-R2-{^LvTzIb3F0wm!+iVu?(3 z0_JPh(^->dWxb-=I#sJU7zEnMGP-r_uD||)O7u~4-E04SU!Zz~?U!LQ3Bkk}%*g#& zd-bPg1=v=)zt4msvg~@MWGGcd4H2FNP^O^zV~>S>+xH1~-XJ@qYfZ|hZk&<@&m2mp zs$aWbcp0YQj9H%gx}A;_I_tPJLbXEVj4W$YwwTe#hNbNTYVYF-EBf7T?IH-_G|9zd zeTItZ3-t{6&h{+006L8Q7a^fR`?miWED;YGMKck4Qs8(j4RX7v`~p*3EHiiT`Q&pHi_WM$89xfJj0Hyr}qHoT(s#jNd6+#hjC7R0SlM$Z3W#3pZnCEX*3Ai+Yha|bx?sY2W^Tpxw zXPF@<$Or_TNncC7AgV1cxJS+E3%V_pD<#KIxOg~lQ>}}n3T?XoW+u#RJb3v2&`YFQ z7mWL(-&e_E#{>H7`9TJTSKhvEhMou6|@Ui0*KBgum+k{!|zk8>_Yqc z=}^%@Ws=?;M+UG$Bm*#0gxhaPIWKzaX|1<1&*+aYSNX3l;rvci(d06RWV+8KN>Yw4 zAwUZq@c=E*htxLBSP@qbhiY?_&V(Zdn(pi8ijLlmHe_I?VdC`b%~zoU%oiJcjW*M^ zLADxb?NSeitV*UjH0IWIY_2eaRE#y#&PU+Qtu-$`P*;hLaf(z`{gn`L$c6`4xdzmU zjP_><_{a%VTN6Y$!6txSe^6g!c`bp(RAnhdr9e1Y*VHhpQIJ$M2bzhOXEB30kn&yr zKC+lq_fvg8KZGJREn`}}q)@n-g<|ZusXiC|J<;W$eENY)nofWAm#q&$l1Pq8Dyah) z3~i%{m|hZI`r15wp788%pfMhf4)TcijX`(tii#)>ZVzibkE@;}1!G3)`ITVUQ0xv; z)bP1JK?;l$VK2G>ab&&+)0J6u$dMA<$t1k)Bhn;2!A;iofI*`=gax$0hcNc}LW86{h4LI^W-J~Jo3c2b3P&k?d#^dVQJw@ajI)_HV&JqA=MG3znN(l ziaj-#g!IQ93zpem385L1Kx#Zv1;&rB9f+%oriq854Akn3!aEvdsu|2GV_$K~B4<3v`pLSANA=K_ zBO?o0VY7|2_l1O)UJ-+>+KRf1lI{_nXK<{pCi=q4DU>mM*caX@m)to&%t|}M3^r-p za*Q~HSfaIAn4depE~yweH(RY6-?rlswB!z!tx2dYw}Z{pzj!5TSRu2tp!_j%^2c1MQB6-;(FDQom0v6r^^$476*lXZC=*5JH2J}j8NZWkMJt>OyzLh1q3cBDjpz-*TcmJ;e zBfxs_9|&7TqK!{ z-h7k3pn604Mwc9}vem#-5|u@*RXY6H1=6@$taJMYSdY zy}qq|C{gPi4=s$9nwKp~t;>zYWB0j*=U^8I)#+X5qQu?F!^P#p^X&mDSEjVK6q(6S z$7Ext##M*_6@#cdupb&tb0%-)NHf5&L?Z(>Up$zH&SOqC>mXD_h=h; zD%X4F+gAt2x6IF^fu9zG2(xd`!lXW-F|xqkl{Y|lP<+-=if=P~efk7V0sYY^)f#Y%jI^6G#e`(Z))PI16)K=26}>%w-$n z8Th~&{v)$U)x>p=Cv}J|J62>0Lj258V=h_bV-AxUBE5w<5qRVw^`$He)z;+P6wp-t z2JGA~$j2|wY|KQph9Vn2?CDV@r!jKo78vHNVWYSs$PH*R?2pV-YJ)+%)3jUWy)Imf zajVkCUfuG};XA3?ks5=elM^l=(1BUt+Z^TtqA$Cqr;`QKGAp>K&>R*2w;70veoWiT zm2KMZ5`|9KsK1Gy?U6FuIJz2cci7qDaG5+Ep*=<+tz$uN-q4{n?<$=jw#!L?7?(?ymsk60=MY$IGkug2S?5|)$F3p z^f%uPxiindj|pg*bOZ`aEH*a|#0ASI5LnBbqw)u>SmCcwk%gmMa6T0zg?j0Xt`mFT5apv2! ztLa{rSD@+{%%>~{?{G!@8kSCb>a7ukKC`wfp1<<^fx$s19&QoYfyas zT4*RdA;#u_Kgp(4lFM$}B`kGeI>*dY-n|RXE4!vXLBi2XoO@z&Vtiz(9fe@uv8#sK z0!(EkJyd8YNJy3=aRArw?2ozz!hrE-*&pK_oTM(rWDEL1u7!jUxZQCAj@M|8iGu}X zbpiF6gsF}G+_l%b4&)q?SLQq>5q-{P0dcgB6^S(odKX9*k=(W3+t8!h8Lp z=NBEURAqtLArn$P8@E~!+HYA+9`!x_w*_76pM&sV#X?(Y>3siqUgzTaT)W>Q$OrMi z3TRxME&di3=BUisE-;|@{A}`Ti{zY>jU-3d%U9Ipj}9Z`2Y!m|Iw-kMUFmmikk$Fh zu^JuUa5V{G8|6KI+j5FsUp%`&;Z&IE&kIphHpj=BI$KiD-QK~Gomo2HFGTH+jq9-> zq=m4kvUQ?PX4Xfg2_K8dwbFF%vP{6m|6ukGa1tZ&)@=qAOswosO>9ukr-|6L^xW_ zZTU#y`z^MrN?i@J1f&Dd>K`=d1_jRGS1Ekb(G>AQZ;(=1J$kZr6d zx-{;lQ)NlzuCK4OR=K}gp<(xlOiHzCCzUDerW;W|2jMw0vfB&V;>Wp|kj6tdoN138 zXug8$K?d0Ny`VG2xRl-r0DSAv2`r9uIsSYowo@&$5AM!{>W^(|f45D(nvGC^;^7WO@Z)i|``bA>Ev&>QV!$zJ*TVA-R|M#^H=pA2^hrRKnPnrt0^yG=yB{w_NMSWb zKI(nFthq|^b+cX*UD|L=j459r7-vUW#-i*yTd<$jRR3L2O@(hL)OYpQTLI$*op6KK?ni8{=myWDDYf* zi?8_$| zj%}hl&%@)U9U?%9lRyHZG{#S_h^CfGQLO~fM;&UM038KAm_3-}==X9=ngx@{W&E>mBNBf60r_x3yA{WAFY9!J>5APtq=-RLQX z-|&Vq=Izh%y-$#KlCbAC+>C!x8*66~QOmz~MRNV?Fym(6X#1Vm{AYo?p4^AJ64*yt~rn_{(j4AFqa8;za_UUG}E(r=hFyMPL{XW&zxrxT4 zuB0X?9Dv$Pk%f2NK^R$$MPs0P@w`8$YO+5!04CQ1_TC@Vhp@n5zh0taZ8K8XYHmf7 zgg2&kxr5LU*%{mY%8e%GRN>z20(P|70xY_qWf5JM00!%F_QMQK`~cq<4o>ah>vl5f zg`yNy{aRnK9$ku8@JV3LMl8e-_z6dX-MWO~HZl_f_j|0yA0onEjY0k_zC7`s#vbZ) zn}@@6tWR%8EmI{6-}N8wulEc0Mv(VT5Njp+q-DmiyXfN76Ay{Z?;j6PZ)i5c@|=Op zs{YO*;YcgXm!hv0iVw2g!TmKE8{4ymV6bR!eYR!6E5L6oJ?^Zf`>p?prehVuHe+s|}-26w^Zew1;5R%Z6GT$^yG|B=f1&y_U)x&i*S z5`QP0{*PAWzqM;-_#*aXedlQ6m)oSSZ?3?Prl2|sK|^)lMe|Y-l5CQ1qg{BE0Dg>179>GK z3@mL_G|PbRjmWW<<%w4;ICn2>+yO`rQ*-)h3YGdPO_5+_2!O!fnGz^gXk4GSlZD*h z4|CaY7n zEe%uP`mMWBvCc|t6#7K0`ITuzr>I%PP_!_ zl9NMuzXrq&F%@r^tT+5P*6xLsVDjobg|Q&hja^s9c~`22zYE|>ZL z(*PR-M+*aE!@tVE+CR#FW;^y+zQC;19IJTz!#p%`H4TwxMo}V$#bL)ia$^ab`%vdZNb`>A{kX`B?ID;yGX#PVwO6goIg42RCkQ} zl8jt*G8O?$KOlLX%A1JTOm@!id1`U|hmG2yEWA(w*G8mQe2RoH!5f)60i@jt)lSN_ zrFdiKvwOgcPjw-y=kG!Cz&B8DT?8VRx9#0>O3o(E%y$@bq^JPyBoyb|MKsr+05>I3 zA|yIl#clE9fMM#!$e7wjX!djysDuzNXHEiK`nUm7U+QKlI~h#!lGLTtcU6g&@E0xv1*RyGFDwGtH@*l81=1GY|E-aNp>(!XCq`%Q|dic zsCh*1anw`umr9Ox_?B(?L1#=SoEO;DxD%a&&ZejSP|deN%r4D@sn(&&>M)e!rnoHF zRN}IT(nSVt5zaA~G28_u;uE^X&3{$6YFUJts=5>{W1*C8A`c_yqG9y=LS(TjQGTS1OGO@dz`^(O(wb8nBc%n!M& zZL!lF&E!@0jP3l&VWQPb@R?M>hbft71e`s(nt`mH&mAhuZN*{K*8C8g(J|nxKQ@MX2=sX0<7(`SM}KFoXapFb$(b2Vei$d+jq5 zH+p_P%)#C04u^yqOe5GVbIUkgRPc#)Z0~#f#ERE__U-8a$Efq84zT4`z5IF<3#gnS zxS=!x0v0b%rq>2RD&rS#1BzB^CjG97c~F{1orXoI8;WZH=)d>Cxew+>FN-Fhk7i0H zVSVXOR1U|J20Eg?A$bEzQG@GQ!1(pk`n0xuc18$m9EVe(ZSHHPME`}pEU*6eG4NF0 zN(K0{WSwy_xSJ{vATR_sNb`u}<|LMgkfXr=A?+Pwe2LyJ(Y9^(Y1=w&+qP}nJZ;S?vgnK6HODdF_^@OmuRv; zF`A6mGv#J%0-1ed+oh{;aXpJ79i@5qqyS;WnOVvHBs2bUoeH5Rp(`Prs<8n{XTcDX z{s-6RF=Q)eg(&i3T{@?p(Naq|qPrC`k>)deiGOTmxNq@GIY*ru>^hiqAmh#oW<9{~ zKiKW(k}xBD2Hj8)O;ce926=BI%oi5p(ip%mMZQ1frT#3#hI6kWJd={&zH%A?uDCNs zEKH?o-Gok~!jNnbdNe?IC-%rzZZJJ!Dq9&bR@Vy0mpzAUM6y8X6WN}R_!}6L#Tp9D zcd5&8-TLLZ=+wX?{WBJSp93h%t>$YEn-b}%xN4loK5%je#iUGk(G8_FbjO0#Ml#l; zFTi4ptw&dUWEAIJD*f21lFhM-;y0zXyVb}Fa>_s7b&X!Zlue&!Cj0#HKHPG)30-ur znyw2wfykgf%5mhkctJL6efiLnN>YGd1MG!=7ay~1Cc{W2>#llxwu z_=?v6c{{8%YageGlF5;@_kd{9>hL$P3?aP+R4mcX-mkAdEcZo91*^}C>6zkUFj2Q4 znMK&I2JGcCNN%}8w`f%s4hAV;&U=+ySd;%@B~#nmCAdwOv-Qj*w}o;)X8Y@$cVW?y zq0k{ja8|7cOZ*X77ER+4$mDb`j=Q6fuUs1F` zP}auEjw3su*Xhf?@=VL?l1qbWvuCdjWv#gpaMk<2B40?107L!<`9nXPE%JZK*`Cgh zHvi4ok%G9A=ZqBvg>@umJ3%_af56K~QN9UQZu9IXoG*i{tQ7uaQ(C4F4*x^8|Oq zoC9gbGLjK9G$ai`h^EmD5-aI)zjKL%Kl(Ybz*iK93cK zy3~z}Ek@c55DW%V1CmOJ-?nhbfVNfxO;r*#3&j@5!Xt`Azq{hC?(f_yA@Nz-ZF9|N zTDD62cDD3kG(QoG8q_NodO_(TvZTj$84V^XpT7804LWI-GSurN@G8cGQ^!d93r!&J zH!#9>6|tzwg@eP_*tm&(geXh&`6q0UrkM1Gf2-+C5Qk5$aV*FpI)?d830`nT?VgZh z3f)LzIirf{+#49Fu0)Y5c@Ewgre_1E=KW5nywqTKV*f?fX-~kq(rAC-o7ltM;zogg zLVF-t+J<H#tDELZd?qI;tDR8_T!`aKR(%Y|x1p#$X!c{{(*E#P;WY8lSPYb%iPUCX0!3 z=htU_4c}u~B5SE;ziCSnmi1WJrsPFR{ZZ$v?ploFIg+s()* zcRTz6=`McP#igd>9C-(jvh3Ur`Y0CQ75f9~uEzryx_G@^?FZ04JEIO2j%rK18Yc*f zJiYJkx1j(l0-Vwx`{OIjyT57?O>`TT@zczNDfH(CpE9t;`br;|2x|V^eJ^yfeJai_ zH#crOS95gdzQX^nfHm8oGwuBWECCu2kmUazU>)q8UH&7o`X8v({SRCF#wC9{gmO{+ z#dst5icB%KY*GE<_6=1N)e)hI)Zk&b17}AtcTA_3p;CnU7`K)*U;Npnz z?7{*WhDVG;vTf?oPK8C$|6g?d!9&0sVY@$17hx&!dw|%~CuRR});@l}C7&}a9(jad zfyYF^DTMSeAS?R%SV&ogPOkYH6G~~-}kVA89iv7R8p9tpkr~Ch1XQ<}RHjS<~xv9|dms&=X zB3BY-MCT3heP|UiX8#+Z3=WF;KxyI6K4R|Y^BD+7W6G;6A0-i9h7*dmxC^44B?Sry z`8_B;(Ka^QEH(JiAetLmpm=W1b8{XJtvN!RYN%l4j9TRLj_w|H)+f}-5BG%N4p26W zC17_7)szWl4$X^;5XzivnQ%}j4j9rlyQ~ldRPr^`$71gJ!x`*%bj3SX*FqW{do3}z% z6I!)sGS3+;?mKg|uvcd^Upmk-Z&X6DuWs88C(|Qb9Bfe+9A}glU4$=pco5`p zOx_xIY>!+dV=~^K6R?q%Z}Qg{R7u#B1RnctWX;TQ{}h(Dag*<2P(obzBvYgRb0hGY zNxtsNvW>IZZNBp$u6XT3{{2ES^VQcP0j_Sx)}w<; zqv&);pRfqXq=6P7UH9Ql8I3CBv}k6`MEM<*PhQB2sJbu#hhUwSlWD7UN-M1W>s>o( zTCUuVpV3murhO4BBlFObmpIGF(;Lt1(Bee7LfqY*W?>)QaKN!a#l7&r+zVR6@4-iD`7JSp24X9$@&igyX*9 z8>ilS5Ar$Ed>MV3%sV&pGXGf@;SF^W63L`H&z{j;!Nk>Du-)dvwa-OafDmCaO|Gyg zel17w>i@s_YtAV>ROtQe5^z69y#6m~{lARg{zL2CYX2?%g&g}4|GG&>iVg?lFq;Up z8m0kj*A=drVggE03%(@CIAzrydgB^MN8NHdPQwa#%bQ4RFKnbRoS?1Qq45N9LPPGdR7YmxB>j4!>gy4XL7Kq@# z407Zaz81A1sOv0z8|Rjz{9bG;>6ITbXq#<6_)B~Zgj!eX(zc{zBF**T0L;i35I>r) zesaB89Unvm9cZd9R^}r2?F~AXsth$Tn-qCHbnAkE&&%aEbr0q#R(5TT$|#TZp+nT3 zGz0#L5!rNLWuGQZLLNMebx%C6jC#dmd@?{>Sg!+`r+0SN-8{?k0MJYC?D#+|s=#6j<+ZH9rCA))-|W{+`ExL1|`E zF!O7G9fo&?o|0rv;?JfQOgL4ze+UHCt5~b{ z&T!WI)vRyDx;Wd_hg+Ztxt_^Z@;llxZJ~&M8M?tqM{U8|Ul22kV#prJvc5t2qi{7+ zBwa5eik4MJ;8=i60fCPymB!W_e@LaX2ja5vAIntdacERIZyF*(on5k)kBXKJzxp{< zd533XS{U7#@Z6|!+GG_xq~XMotube^e^m#5RFkA)FV^KWCe0vIhw`Et=(4>WAogIr z&Rp{CntO5=eK(>>yT}XTeeuRJbT@|CTNhjCuP?S(#G96+xoJZK74@`YOWg(cS8u!N2{I;8NLEd-H;z-vasb z)1?RRxQ~ecE6eAc?Zz$rG?Pbu^oCOZcP#%ub(a5w;>-UT#bCCPTC%mkPSh=v0r0CG zxn7F4To`7PHKb**k)O|s`ms61lMryLro2=z!=ukHV-JsyM=&jgdVyk~q2+TIS~@E^ z>^wA%;OZRwelirbXzV#WH&O>1zid1K1rWI44NNy70j}0=He4BUJyt#aDZWVqHn_Pw ztC;RFw5ie>)w|4?8G%EGuK}H4iK$tM8DZ@-Z&ggn7H@;%djI|j8KiVtRO{oUluep8 z1T3X_pjQYg3ReC|R-rd?HFlI}`5%6J$U z!Z;st=rb4ww}_p z5%{&0)&eb>f=bs9&clTS5#slm@b!GnY7lx%by7mgZ9YU-B_g5rK-R1IBBD)qxVAXd z?jhM?COKiTuP{1AGnhMrAe{>EyZ4J&$=n_Mp?I)F{%hwQmC+V7(X#IBz;$uxX}Dk* z?}WW~`d?u&tO@HBd`>Lq|2E&#!QJKurj!X+!$bFtG$<#0_+>x;6ull7=pJMAdH%Q{ zOIg)`&E`GnadQ+u(&LY~$!m_MU=x1J&-bPikJ7X5s(5k5LX9XWJF%EZB%wBH#a72y z!aSK9bLExE@lU&Ic?=u`SOshz|&ti;CW#8iKm;Ep1db;?mC=VnIn zh7&=_Mg5{ru9J9+2d!%za<09~a(8;~Lr3P3a?lvZDI|8-j?d{vW+vS8?eR*ELmAlC z;g?FhW$mclbYm>8^dK|uO=!95*(plu1a&D7QekWYgnSJy!8yr-t zbB*`2srf^`_RqiplZ|I#?;_|6`hUgF+rxdB#Sdn@fA0Ukj;}u;as5%~{>QphcA5$1 z$7xz@cXNmPV~2A(_isFXyMX&JvdU5m-elm@6WQg$WAG>}aOH!L=14iG^({RZExwUO z7vX}(;M+)7^gX;T8+N%(xhzRmy>3rGAXllMVS?>8XQ7|M`;Buo)!4?>*~Qd}&c)ur-p1bC zliuOy7?hW}in8{KoeB~%7&7cH-As7s0vPfIA=r>DkzdfHAzN8P8c1kJXre`hz~J?; z>~(=ILntMb;V|J+Odwt$#6-6 zG_+y`3ep#sRhtUsuMLz-Jg=g#1t$AZcYJ74q!j%l6hzFSQgKj%mPS>6-wR7Curaan zb3+=|XXi;qMlQjpq*{1X%z7Nuq`;9oo+d7gIZ}wwU%KM@^7{5gx&30SBcRn~5%r9W zfeg_-H3>aE+t+WTS`tg!_&8^0f`PH95khfN;jxIi@10^2AQ4ZUAbN2kQiEWfxY!!6 zVQ&gLaI%Bn1Z-5K^tlB1kDWML`YS4!F<+mgL~P^-?v4%;C^;xW$woE?qW<#u6?5OY zHu>Oe3pld!B@1(5^TkN-a~Au3+c_c$#NSs#;76UvpPi_}wF>49mOc&5Q3UH`3zVEQ zT&!fY%n@jqs518>Z6bd{I!4Mu-xj*yZB7yB>-3~$eR;-XOiHYAuCm1L z902l9kAY6oTG>QfOTVV6>1WoaBaQY;;)t|`Ob5|MHLP);DSdc2sfgg-8WEmYOG6fQ zY?DrFc9$%0&^U+5+eFtDigNz4N_BZNju53F$+${2tvoNc-qjb3qCnReE+KJiiIk@` zr;+gXbFYEeVqplovWj8sV?u88c|aD5R|Quhf0Tx38Rx6Fwi&#PE)M)8_njV~f%g7Y z;nfDMq@=(BER)g^(XY~k9oPuQ385zO@+#^0D9sTdB&b>Xncxl%fpPHQ;A2Qfut|j1 z!wHIuBqs9sJZ{qY+}w`zx6IfPiMhy6-dJcqr-QLh&mdgm?unO@hJ>DzwTYFMlJ0b0 zUO+!Jc~qoDDe_FOO;eCB{i9f4<5(Mp!9OK9v@*o1HjiF`9>%j6m= z(^}{55DmfM#OBfpO^TL4gCobdzO+m`$T$*-aCfY8kd}p8{5fX==lVdhCOY(+B2479 zq^)GYYX7mQXw1(gj#A&)N5uhddW8w1=o&Z6MBoV_!daGtEZ%n`XuqiF<6=)KMwrr& zUU43xAi)qVZ)l0Kiz-v1q3#KO{@$s%a870r&-Rh=ZPz6WEsC=B_s`eO-C&HhwK>kW z+TSu~%V|b5 zVYGK2VWjjrDwG4JB(kBk&a4d=tC ze8a6t;ZBswHD8WeN79Uq;@sfu1M@F66bATgjGfZ+Vt2U<)r`wot-``OLOvL8O79(c z5#IHI_4Rd&fRc)u8b9i=Iu)^_x}*pU9xH%Sa;SKJgXiAONtj1ecyzRk{K&WPw1^LT z6)hb@*-cr`6~9Ma#6M@$oT0~r#dE5Db5y0?axkksZRInSV_4S zUniUWN$wx>&$dlw1@UVzK{*B}fRBUg@{NOqu`>&{m$j|!rc{~!K?=8x9ojnGzH!st z(C|xMEF=M!7ppLVuqt3))5XhqFZca<`t1DtQAoeMAy+Xkmt7nE>r6^FH*u|C@Q-_5 z9v{3wyCjZ0u)kojjAJHKlP@nzwkxsFW}%+N{7xtrkHl3yUg^y} zicVD}ndk1ujZk0Mnw3q|I+P`CbCi(ZPX|(Z#TaH$6O3*gAeN~9X{S9hbYf^uQ56&% zEK8oU&n~lu;nLXaW1!l$z8a2!$LZ8Q^6|*2Z8>l{O#`yn8v$efO&t4yo_cc`EIX8? zy|+T>qwmAu$#cE_^nL~bF)5ENieZ2lOMry8oZdjkI;+VV(UE=t>kdjW&VEPPpOy z@lp}cgghOdi_6Y}qq&Kw#8l__NkX#6;q7F<$&AI>5S~S-6VcgJJgjvZc|9G9xJZ6J zduZHPSt%>F7qyIyUA@s@T#=C2OXlpwWlFl`kDWI_d!n|hpE}09(@L}xxB;+Lo!(4I z9;A@3F+R`@7%x9PXAp+@H;Fg-yMAxuHbq(ZbnH2fkX*|URp{$w=N*4vw)F&`sV+9* zB}Cpf^jx`T%kOiqDhBM~gr&$r)Qr3p3jH4ZI{D>!`VJw4PP^qolvDArzx4=U%SNH) z+t}FnNW6^|PODQME7mC#{L9QJDn5(hL}~ASrT~XbekWnvvv?$k9U7(r%pwa z^LoCh`cUSyvj)961MLVO##u6ok@|@ON7gbm`|CAnNqx|QVI?BOZ7>JZ^lvr`F7}$; zrVWG&1yk8s$QM;e;dDflwUyNZ6QsQTLpM=_^YP4St*URyP+FL>u+zr5;--z1E1vR- zN|a1NS5@(<-^a^*tZYm0X_JPe{dgPx*LtAua>C@_3xp3C*XuAQ*O=y9B_{d59G-U_ z#bvY)Ul$i3RVnTq@3oQZTFm#a2I)I?6xQ>FqH$LuPpM8u%LC>whwZevAKl^u#H)o~ zhR9_O4aiBQ>SE1H5C=-BMA9pji2>!EE$plKEnzy zz!tc0M`k7yzUPhXDz>S%uAo^Nxg-Tp~z8H&pHU4;FNafbEiP+fSe*w?L} z#Gd=;gU??_lo5Y#SLJ@mlfCFXcAzh(;M?wr-8`oFJ4f||CA?N;`8H?|>um?NTe~}x zfI)mS#g;g_t(e+RTs*Y8X}O2(5HruR@i4U;2repO`g?6s#(q`Yt3q`Dnqh4 zV}?tv)$4LNa*{Jbw@$3j7g0ALne`7E!jZw#(YZQ1e`jp4qBLS_TDJ5xW{)mtb}sML z&dyH!t}rvaEZMWQwJphpZBS-)HX+aPEsLX`ES$GU1?~=@Ahh9LP26T)cWuAeR+S)4 z#7}@ao&Yeh>HvSu%blYg8z=9s@`#P*{JTSFYVE`h=_Q_$7`Y6RKwvUqQyIq?tKF-u z*B`x4g}1b+R5Vcz|8sx;b-UNUSA`}dXJg$kJ~7kkH(g}xk5H$Lvw$t% zrwJRxYM|E4cPN#{QTcGBj=WA-G&{gOgkrYqqx)}iO?+7pY`TxHj=Q&({mg#dzq5{x z6|qsoqr=_PhvrT>@Rs`?|83{o+`APPV|D-U2R*#^A?Vw$S!%)H;9zfcy9d~_c4Q@d z?zXx9`P+Y4H|L;j`urt}i;IYYNFOuqipWVyJ_m9eh2wqtp$eYG$jkQxEh3)BtbfNy zm+zjnoPLhBLe#2t*M83>vmpN1`lBH&9g_q8(wHAiKCVyQyCkLiEydt+=;>^l`Iu^_ zpees7|Lgm^JC%wbU;tUPwMhbP?w@&)&8E23FUrBrj)93;fLJyes01;fsh|%3! zVwyk1*SOmW+(Y`a3G#>k`qF09!`qu1MzovCKk4maVJfaZH_J$aR?U1cEP8!itMz2J z6Pjdls?`QqSofBr$)yUxvK|43`Y3{8D;$3)Dm*e(MSW7R=yZG~Fr|P2u;|HPn^5OX z6`=4gZIMb!y#V_$cuC^!eiadX#|!2K{Cq@A{T7*W@VC+16jz^-3_U>0DY`%FHE{El_l#N`t7P zu&@w{TTRYHUs^cNL#%mZzZ+|2ClY>}pBMOkYpO&MIreb>OAv^CO^kIF_IGj?icB&!PY8Q?~I`84?^8 zd|kUuQPAjUj4BX1b$5sj4nD~TjiB z8LSQuMC-mSPY?&k({CJP^|j|M<6kC9?(5rleT!@>-g5r-*F^Ixfy)prgHw6Hv_86M8&u93 zq4cI#%@?B=5zjW0R#jD&-)(q^v?QP&GF5X zjk+y81vs=bruFo)-TYn0UgLW}75k2XQr$dN2B30<<))0rAsC4N$#kGziJ)@898|%S zbPoj1uX}L0Tj0G2GMT!rm!YKPZ3M>BA^(dZZ0LaMdU2cTUJ;lIv=F)5J==`be#zI*4JL>2;tmo4{91f;Ms5^j zzTR9LOV;OI4N_Zs1X`C%HC9v%r&BL~nKmd0G&M3N#o1ckqK3vokAH0GG-yLQw(R$6LepU90U{N^XC@90TbUTNLL~@EM`7 zxYx0tIN72ie!nj`Zd(hKZ%rrXfjVlE#R`-k?@dTdusg}Qeq=fdOa=zJ5g~bZj#l0} z*w~A}Lmgt&3~f9iYa1JzFJbGgtznbngXB+1>mkJ*)_1uat?G0A>WMKoR?x(=!O=@psl6tJ@L5POuvJbjf_`?(f$Ukk-n=EbfAU6K0)=0ru0fqKRj@f6 zmP6ssh(6||ahL*gh#u)?v-Al&PJV9BwjuW4QEmG$4V1hAoV)XM>vv&>lg;7g?2OE{ zsyks4GG!I%;Qc3`WcuqGsbWER(Iu>7K3w^D=>!M{k6}9F*pp zC@641J=7L>hse)G%Cph$k%42uNjbaKuIWWRFd0DvOkcmUg%Ui^m?8Wp$XQh&1Jt4t zjv)#tB)*4+{&~#wEuyAB5#@k_2#bEnlKHibt2Bs2H4|aA+A73b0U0kW_L6V9i#fh~ z;pd3|+R)QO9J2gzKx(9lYFioYSPPn1_eRrTS$C~vb;Ehw*KL^aJYHPOe-I$I*mI!1 zI)-))BJ_RDU(Qd!cgMqlS6kjH3(ynjJQ8q(o|3hb&J0X$Xh%3fMn9r`Ns>7^x0V`Z z2R~!J!wXJVt!qSksi_WSH&OugB|i-I7a6QKe{#4QY)`Yz7VHBiJL>2}N;g^b}`iYFQkEXUIst^2Wq06Zy9C`1m}Tn}q*Tz~o+~ z{Ugi46nUcdSyouN+UfWYU)9-Jw2mojWu>L)^b+TEAWxWFW*3xT6N#~d$a&nVdlhl{ zXj^+lU?p~-B4 zuyn$%jO?MTtn9hZmw=;jmmh4QXWTKT2fk?B(zq)Hj~4Cix@g0?5m?2=;J+cyDTzr(RDj! z1%d#BWwpyBL?gY9kP`(*P|>Y^=Is&Q;i*PqNYh8%Rql%>-GVL;$Ty0z5RGw%xp2Lr zT_*TFC^h<(0)7ya%eAX*FACey9vz(03eAmAC~YW?|D(WXfzpYIr&H9u7lW|XuBLIC zTnl<-52o9FB%3ejRkssCSLpQaD+1Lo>8sYtPvH`#d;bG0E=^I@)Mm%TmH+fSN;>x( zo_O113TtRO>tEhKrjT7Z1r^wE5n_qxR{(#MVueN1R0fNAsd=VZF2 zU>fZ}4OP0f2PD1xhM5pSy>WUaV`_fmpGJLSJGQQmZ|pPwu(xl2%4YEcDFB^zvR7rH zEeSEZ0;f5Gnv&L7oZIvww;)iDA#4Krc+ytni6;BcrTZQgSJ~tLjklv}ah(&BmDC3H zn2dHE-Ej%dmh@|>9oj4TAonlThs{qD?LHxF@K7587H@Vxr>m}6PRa@TU0^%NW&)*3 z0m@xT9}20q_&k2hjwG=R6Pq)2koJf1~f>*c$H zGT5rxe0)ZEl+Mto)y@ESe-$){u2J)T0?$4m!qht+mImkmiNUmXF3gPoMY8?}oumm9 z@CPlnDXke%H3}$rZ`3%!{tH1=b1+#yh_F5YX{zsEGU(yO4 z>KerKcP0f=l?Cz|+iIdez30d0*XR5D8bx<_W@ctoaS1Se6t`95)|m?=yULyyO#-Qv z>LV@ec;)QOjGD-^VIc38BmtrX)+Ji6rgdORBna3_wuPUc zP4Kl3X$d0$cT zjV1A4aQduvh$89HJrQKc-(b0{^z>D!lHB8JfG+G7+=ia{V(GpHF7j7GdvfwKlzEVn ze2ov-3`BNGch_6$5cQ_`Y%cG+3QGnJmSzB@*Eb3&cZd1xhb7;3g6({0yu<1>e?t)& z-SY7bWU$?Pieu#9PsdX)d3`e0Ao2<7$3!0b#yA^hLUZnLG5EDjNv&O7TYdYO3Su_zyKLU197Vq4K2X)6$A76xOemV+G(Ag2{ z>gpv+;`4Xw0St-5Hop#CdInF>CO4NukXtEzdtAZiAGJXX-CM0|ckZfj4adt@8g)|t zNnYx-lMu>M=8d9iG-fb}O~R%`fNYU&+B~0`6qM%Qb@lp_GD z)Yb5Z6te2{FY_WBZ|ASTxB2i9Lo{*L*8XX?wc+iJGXx?a9j=hyxcrmcc~X;9*18iY zcYZH0yT1ZA`so~0mRdxHZ(SqE*i2&b-~9&V!5fL!BB!A#s;Zjo;|Ie=plP;8(Q}d~ z>FdV?B@{ua3VU!%h>wrwXURi&h18(s9FPR{Mw&bBfp1YD7w`PiPKku+Ubu7my;596 zA#ZlQ-3#U75hg&u+2WcszD`89?DD2%;Q32XwpEBUPE>*+ODuS9<^ zzQE_1uq3{&sUGg`XyHA+&~#NWxwBw>3++!_T2e_`MI;`p4vdPT-d_NZ#~~RACX&!f zlMO`LedBJdoXU>LIdnxTpb5S5#EA2kJk+i(FmRkcYlFnuako zHRTf!BXK-9MU>?XuhZ=EsE_LPr@zPSMH~tFZH=&@1$yoxHBJg4y20$}LJw)I6OnWr zYb~2n*|*fF;x^IGg=jbn{%gj`HS4x|F6}-KZ+nS(F8=Urf1l-bGAqIiidPurJg{n9UZ+Gf$x_NiUW^ zFL>(*M|yn~c*? zTw4a1mp2Q7E(+KOeX+mkO>dEIVy!#J@3N~L)U2Rf?@53^dV?yXl$eb+V!$l zyQR>FG!s;Z9+XzB(5Pa@h^jV1Dl2wuWa?g#2j-Jo*w*+7`rR0kwIsRuoMVdsqHKJE z+*jRg?px3{)1?;>fv|;jHc0dIUU3?2Ct3U-tfG8&%Img3T-~+ zYwq+3RN&ve>(t}=+-)o-XQ};|KR`txf%dH-_a#Q=sjjt)WPkG<-2DyUPcaND%ppTIUEO2s@jBhm^KQUOwR3s` zk7}TFh+Ys&NI5vr*alRq7Jp?(ucL#_I6jtS&nRskdqvK+#55~DypglDu7M>t&v09Lc9c6rc zKyLz-jA(sNUQfG^PXXNE&mPt}Ss`7U&MSiqtDtnmlm{Ik9t=5hkYUO&&OPW~IBp2j zWHs3&zfIfrof<+dl{Y|V<*>OMAU9xQ@jN}(yceO!4O{zELjC>o`jWf-oW^393Bk*6 z!hMY;Ku_d8M@Pjcelw`az-Ks**19)-S3C*R_a6Jm;c!>Ouol3zZE^ndA&omzMt99@ zebOsZU=p88p44FmPPK=4ry zw2pWseUK;iFgZRnJvx?_cl2InZ1`vG=ckv$_+dmK(m>+Rto%DvSG+00yy)EugHCh7 zh5N&mY8229P=y$p$iO!)6)nAe!4{pK@b6-0?CTH!KLR74_jvV^We-RodDm$xFQ>G2 z-s6HQ(S*W{NZW|%N&re2i+VY{s#)%OmDSlCN$z!&Wb>935P>G!)WfXRGeSDPw!3w(b_n$RtBD7+i zM45IM)+q6@q5*@mT44t#rjFduxL6Nm{(ij;&&k;&x-g!e*iNW^(&IlDQnRZe6>0sc zXQ04PW8KE%-n{FBVPgunuF^Dv8J@Z>hM6N&S4IscexLQBWQAZxBeesBjVmoJ!tqoX ztN4q}T*HSu`gmP!>O+PM9X|JrRD;V~odT5T@;{|G%|EG;Zh0@ND6>?M?@Ua^)Rx!M0;^8E|%|P?p=BTA7MrQ2hkIN{Y2Dl&u*0}hWAd*28#|P$$Y3b;Y*L)}% z(l*-kN6HduVbBf`p{*8t1=QXZ6cw*-9LmGfS2^n#9CEwkg6W8ih^QpDvs9E;$Y!s+ zBhE`y>e}V=Pz3fWaByoubn_eCE_u-AWPiC)OO)Q<8pBen!v1x0)kepj2{Og0E$K0v zp41{|QJ;5N>j#Xy?05V_PJkJ-w6Lz7Uv9~fo1x55?fcDIvweidn*o@i8(oBEpoJn=PrTDoVKZ@rYhu ztTm#}PLCj$u}Bj%LX@ICwrI&Z)C*YA6DE4^e2+|;ew$D8AVhxq^~%9<=%(ehJ7c)d z9__uFS*a7i@IA55EU(Z8KYjdfVyD&&egQdRAfQV!AfO+;)Bhop`adG6{}wy_&myO4 zFZbVo>+kP*0j0!lQ&JLdb@36-k=>o&e~eAIpZK1v#@wQX3Pf@ak^w>`A`-!*+$r5C zWZ0s;$DS+ZI=zmcU#}hXqnx$gUAeXIep_+3JW6zRVcr@qnn+MX1jZzwcp&`(0nhpw z*t={;e?n+L>V+eti4#9bB)9wspd`^h`L9V+(7Qo|#}la`5+^3;1qJV}w&-(-=)Vf? zfC)_6z%IW6ueM0-5uf>elhISq5osz2)Rg*Zs3a>+D#{0<8XCG%I}$hZzJ4@H!2T2} zN$Mf6f2MRcxfeMc)=ka1IknZ*g-ZE}6%E*MPm59Hp|4qgMRCs)NCs&)C4Pf)u;Tn- zhjUkDYj|80DU^0V3hRCkp3Q1Beli3tsft$(<9@Z>PLJS;mhAaT=Co2zsk6g#YJ*VKo!+Q2zd_Jf(WI2>Z0owMl&I|X!t6d8vC;FvNcH=1aK_F zhX&aSX(xV83(=(r!}0K3>X7itR?`WCOhpuUeen^wQ3f^qX}9t;zB$wD zKNCrY|72R4nszN3%QQ6M)>R7O)MC?GW1XAQM?Dr~k5M3Pf9>B;iy!bJeR*V#B89L_ zx7HLv=1~pK54EX@Xo0@FcWqUQWo|6|Q$T39OMq`w9aR6++9w3WNWHqeIk&>Qu|6cu zGBCA0Orf<2Dh;Q`G!M4|bzip-qo(}a+VBuQ$3}(%e@PtP^F`^(i*BRgP+l13nVwcH zUKf#uyf(E+Xl`+EgoB54bpBUJ2=(F7&`MvWJTuKRJhG&fV10UfP$?A6?Bx2?4#~oz zFw%)-uJ3FQARAmX0AK~FN|qq9!`aecGo`ay#v^?Bz(iG1D7ofhAVDgGG6vQ4F}WQGXCUYum~B(>^pROV%74OoRF!M#AsH#% z(OJmf6z#;FN#56+Qty@^I6Pgk$0F$0_}g^BNBVCX$BMN3f=yDji-e$X*ymSgfa>_g zZ|>_5rR6)wJBL#6o(#5UP9^$*d5A1CS&hWoY`7g}f) z5rH8dJ#gM~5D8`m`4?LCdEF$3{x^jpd-;T1JUYBSh9@>gd$HzUq8Z|eF^PAISI zEdX#$zgxS6CkTLDj{yuMv)o)R`}+y2((C5iJ;S@VFXa4>myfZwIyyRk5D4w6>!@ex zsm7`4F+M&D6o0X?rD*I=0kPyahOk&$p%UPPDM4$tXYF7V@-^0H0J{80!lh+cvPLtp%Mz;49O>VZs)3(pE!5m|2)LI)hQ0i+TyEX=uC`kJrXl&DFK9WpPzH4?Q)rD&&_y#Jm6O!m`z$6K(d3(Tl8eFUBJs z7IzC-vd1cxdmpXClM@gm7S~K>sMmzQ!EcH6`%Jwu!$GBPcBX9PU9$)j^{Se`?^ajM z6c;mIueLYtrfGdP7deHPjit;F4_94pk8h^Fgv!g$PCaZLWSmhe&Y7(}!eJh%#df=N z6pIvxWV57?kiA29M3R0qkUC%SOXhU`G=jf4;ybf>cutd<_Z!V;muJ;^tDp(Q-L?7b z$reCzz5lX%|1DJ%Yp>1HG|m{CM%W^p4}K;FVbZ_b*F*{`COvIwT!W za8R_nyi+C5(#VQBhB?*$eI{oiR}+?kB3vvAak2Awz*@;fW(uI)Dl?w#x?42OO;S|U zEBSWUy6<(~>kGTqKb9^w4=^w@ zo0#sZ+@Wj_=!62Uvb7P2o}fqPo1K-`t_H}CZ$xcJvv(KE{%Sm8Hh|irrKNp;xNiybV^VSiZBk~#9z53uBPd8@lZqAGKVx-)D%d$=^YtpO^_-4uI@DzAmv zj90Ak5#bC&l3Xv>*}ObJTY250A|kMxqL=|Y(5fr7EN_V0$0%I;d`z647(zkm^-dvO z4^>r9aD3<|Bj#?BS=K$hnc^o?$L7CjWXr*Ar>4;L4_-rpvs zB9|sN8aRnbNNST)&k{9%(oT`I{AvBBtT1Dl$Qr}4=>hTtS+#y3lOOHS;^n-ZS%28w zY^aTH2MP8!UI2chb#--P_V`LApZBm5wQ~VLub2$_a-}MGFgae2tm-JByLf@+pJ7*C zh)dw9Q#a%;Z8YacAmxk|qb9ogK6l!`)rDHS%x^?SR9(!RpH&CPS#j*A&e9}fZ8Fr_ zh>{#g_l!5r$gngO1JhWSogJxkvHvI^n#=CXZA0%YtLJ3o`W-t;&MqIxk8vpOf5tk} zfOW;hj3k5*0Dqky9=-uS)#Z8M$_8=x`S}g(yaJ6MYPQdHq1E4xot>NzWIkNv>?O@` z31u-}SAs`;EDeMT6in@UNoQS2g}7q2&)sca*XDVN;8)qTzA+Ls!2`8Aio1_*sa2Y7S|?jeA=rj9&*> zXl0}SKXiR#aAi;QZERzbOl(eUn-g($cAhen2-X5~? zs;Vb_lx&D+%+mV0Iue645(C%E^>kSea!y?w04`RMbh`&8=espxX3XujZS3&C;6m{~ z2134ZSq~ZS+tsCiqtrTS>*DU(1q6@v53XK>_t#V6TLk+z^vPYW9Tpb*%~7Ka6T^&jzZ6#06nz3ho&@W;LuBsD z1f91SbTsVj+eR~@pa%Bo>8WuoLMuiSSybr$!PU_e2&A7uhhXDcjlD3vJ(BETDZe)x z^;s;l_>Gl?MTBIV;?}lmoVvL&|0uU@?Dy4WWrIZ^;rax*-@%8^rIX4bK#Tb6=s^Cl zm^3Y2G@?88_*Pvn2-?vxk|#;x6$q#1{3A^UTyFtY`B>J-C-=>jTBJpAhBo;VoZ#O( z=niWqy1IeVAD1PR=J^lEPoH9MeCbodXh_mD+c}P2ylB%w|=a#)e9Ur6Q~?cv9q$SKEmcU zTq4zd@m(O+3z!VL-ZEH&Ga$W%;6!%C zR^i~Y5XbeI#5z0TcD~IJ?55lpAFY;oi^#o36$6#Y3-jk|tE&)cYaaqHxDPkVmbeL` z#e_;KDy*y=2Y+a+dU4Kk8XITgH(GnC$>}4j#m6#GcO4xaU&J8Owd3UqY`~kpw7Gpv zHtCCgn*Q+L7RIc=X@eBawBE^GA zKMib#a6=n^2`PItZ6;}ZU>_Sr5H1lKyOTWy$PDAJ!|6NBNGBV4*LKa&Q`J(mZ{Wdx zb2+?Q$VSro=Q2+JEMLjOf_=_maZv_Goqvc%s*8OFjthAeHOr;kUB?)9_>;sqe)hM* z=}t+{8u!cd=rHqf4X-kO=PqPM6&8CsZXCJ_x2w$K>#h{~)<;EsHSk=NFd=TKv1sXS z3n#>5ImTxz)$5XARO!4*M*@g<{OAJ#(M~G$Gm>KkHHQslgXisVLdM^s`LJKldB$O* z~a{Cog(kFp)|Y{j@e3plBOjNF@W} zlOOkQk0h7M=G73iO9-iXXo@hIp6<_0_WEe}_jlA01<>h1BlX#Sn_#ObjI5Ct4lobbwN!ne0+&Z( zGeSjiNXHj#cPF$yeUwp(I9S(tZ0fy1^ zKzCA|3n!-X@`9-7 zE`kjFw(0kJJJ!eWiqP*h6u*HhD)-jMj}e|EnSNYp?+x}6!lISpk5oovHE>^|Tho6e z3#DY1fdj`PymgWMM1CJFm=`^@c=QZ6zw#$Q#R%9}-Nb;l8^)djSDOt!Z-EGf<$c_l z`AE9+c<7ag(B*%MW6Ry!1yZN86H`-& zY5ZDu&#e@6&@hUWC3-@oywS=py$vY&g#1>YZ?oJXNRxM!9p*|_u^CyfR$XL!(;lT; z2pliwT({FTMA$#9akubl4ttcamUhzlxt?jIF9;=< zK}!~0Fa<_C>+L{*xP?U_-*hr@%)qQXdjv>DkLW_YMt3Gy6kv#(d)5h$^g*V$XnyiT zGC%3Ek7$S!Y=OLFsJ`euJ{(%`QxD0gP~c4{f|L{~JA|oNATHcP(6Asu>sbMEVxfBE za`DvXQ9z6%pjvFZd~0ld#^(R|UBdpVRBK{CbM6PxeDC>rqA-Ek z{XJy;dm`2so)Gk^DBcp)Y!+C7K8tmd<^7k)R2O_Gl?zkva@bk4Zx8y2_(%B%ZBq^z z-vX-~VFjXd#75eWA;G8(z?T!7oUHkeJAENEpUp#`9_E*gJo&~B<}4L4DqPu%u3?J9 z(=a;tHT1UCD6oqq=qFry#6r=oL82NF2dB2S4sllQ_pV#j{WF^j+%lBSLY{X@UUW2aVqlFS|FQGvIJWPc=}i|3TgI;ubOS1xk$EqC`BQBD+nZF&dEuXpV9{! zzCBbwTT$!4!LA%&VMg#Q?E~v`Qlj4b*y0)BvU+x zX;kURkQ(QUij?I|#ODwQa}%7N-fF(tpLVrWV-OF=Sw6FjPZ>SNh>o4qEs?r3x0@)5 z8|AB{G=XHlQ}2S9opzE!mzCbyN}BHd*ogcxaPvA1oGG43VdY{T9ZepEUF-3mmus3iT48&nl;M0H=Ec0QLyY#Aa(2|t2zaJYOP5~TskFkBT${yJP8$b1M za_jW6f)FA@w&%h^eaQ!(T7dlG42!zC6O6&qVeBLHoRQ+C&n-K?mz9O2<9i~Kqau!5 zv#Wk!Z%EF$HYuXw5QoZQb?)!({58PhfPAjn7b+SZ=_~wK3p=a0yDicVwe+yKs8Tx$ z@g3ZEhwTv@PS3B}N1!Or5cgZjVOlMoc~T~gIz~IOcY;>WeM%?UFp{u7S$Z-v(HZl* z*~&o0t{7m6C5#g4a(-=1u6bVnU0w7p1B`~0pGa|D2Dh6%8F>9v^yjbnc?KC^g=;~9 z*H_HV%_mB46H>oxG~WmxqJgP1%yIWmoWr;UrDrw@YlQn&Eb6-L&5g6>OHjx)Imm>s zK(qVpm!W)oV)}f(iVqb8E8pcA?&;E0Y3Pk=a6F_WR8S z<%pNVkE+ghy68cS4H|wvJ{_^7NCLTJZ3sqMNQo4BmKTp}l->P7$-A20@mt>#h0d~x z;@n8%hgqBP-{ve*@LmXKk8snpAfOKF6{-p@1)TH5S&o@27by5D{qrCDU=w? z$L4Q}1JGZxeC{ITO1MQGuO*Mnt=>K$d~eNP!pR@)jayul-oCcbgMW)5Oy^9(fvbH) zbCIKbki<2_P#`2=zN4qtn>iDm=I-qfHJLm;rIUYP-{X5TIaKVQ`oM;Tncv^FT87AP zu2!zzBpIp|Q{O&}6RQu`+=`o;_}V&l7ppDq9Ayjd$OdMErs1xgTBy@D}FXXg}@LD!0rb!FILIHlC(D6^0amja$ zQBHKwTcbX^Ln|Bnlcy3yOh-P(8r=P&UUG&u>~{^y@f+; z94Rm7kgBxBf&(^)%>u_4Yv~WXsPiq;YtNtRYR@%6?o-V|#|JyS6YD<}w3oeeQ*((+ z<9usMhU13DmIIaxJ85ahFNuhPB+|1&doFVM08IwcxsVwfhbFKDfG(fr9N*lFU(zC( z?qCZR7Liuegh-;BwpThemQQkIh=hQYk(HJEP=5HM-46i_kxzt@*)F>>H1oyTHe6|J z)qp%0HSyltL)rU8(22*LIG!FqKqHODPFf~ENw$xC!JSNK3=J*b3H#uwtlb;G6DyxQ zB2N*#S2a~`&(E3aD<5>2xVdy)0b?J|7nTUxqKf)#PlokQvJ@SYmuy%v|;6K-vqJ-UW zx5Jzo`Q}-qH3MX&aHax3K4@)50HDs|U%`pU*Cs^arwT?4`yaBr>g!HdESuSSIII9v z?NhyY6mIRg(bE{}v1}=Z9}I#%xu`5q$O3H6ir?;P|8S0NmmesHRv0%0^5cpB`-^M$ z1=0wEBGW2>m_27%r3%@zQBNxTP5_9RbOLSSXy@9(^yuhly?}|g`F^Estqq)Z!Czn) znc=UsgyT!`b>99Hj?XOTk`iy}bxZWvqmjS>`|f6T&$r zG&MCvTKzG#)m8mgp%qEK>%*MrQk-4%u&MVIRA5IXVN-qNGZ|3F6wKze1DLVte`Y>$wmnRkXTg8YhX^19L)gj7C@yia8i(xF!Zy&ouNmtX+ZwJMpNlia zrI9bW>2|os>!Tx}XnX;le`}i*=ot2;?kxUt_pYt4zvmJ32YBTzt@iUcc@{sQgFStA z8_(+@?`EwASa-n9Bh0EZ9}ZdQ5!easTNJoW-OsGtV6fvBL=z*nyEr=!-}-nRBM`)} z^HE!nRXO7w(Y*|HGjC@o~190y`uIT>9ta>84In%3HCwrCl?*ej}54wj%)0$+$^;P-kC$q(tK7}8d z*_hV|&^3`>q6u?hwQf=+VdEy1RTu;7FAO*lnCv0pmEY$JM-V8nFO=wB{$h|bApIog z*Ix~Q(y79{uk3jDd_JDT2$}(*6j8RQ^nHj&RI>@$7%Ts%lM8_nfb?cy&qxO z?}QsKFXD%P$nS30=A*Idtcb?Rl(){f1T=omdqaJOMS`%Ao6*D*kjV!!-|rTF#avPE z5o{_1{f;ZS*2tkDhEXOLdfXXs792mKb%vkKBvJnbC$=M<{=HYck7DwjdGN9KiI-0a zQz#Sa+5*d*=Pe$Z2Z9~KaFzgO$nOz-JNC+`A(Oc!_~b{F-&W@S^ZC;?^FZ#4k?3+K zLcP&`=p0G%0x3KAzI7TUNuH`7*3b95dOU^B2`L{J3?{Yj`ifu?-VpW>Wr8G$Fn>@; zbv(Rspsi||5m90tsx4gtxl!MxCk{^-Mj*6WxV6z73!y%+scSR-(Ga|NfORvfampDB z^JV_2hs5qDf3ju{W$gJNZw9v!0Uud1D1U&tyH?Zdd>^YsZQ;y0 zLN=V}{x~&Qpa?4gJ3-=fU{`?zf#I+RVG}C6VSO|3y+lns$$#6pL*8R}ER>eV>0}Rs zAWjW5*m=)e2_wm^sOMHpL`Q=)^cT{T2XoC3Lr$Q84ZOB!ks+?kjI7lSeKr-WHJbK& zkQ}*oihKB47&#EkmFs%cgBAv7J~)Y?ED82SG@>3>-a?=XLuLrdAzU$}F`D&!-tcPa zH>Gr6S4_9EO3I1*h-uMFHr@3Z$!kg&#_}ou+00|xgN&L%Oa{0M0 zoWR61sik+1A|gTO*d?kn<$;0Gb_HsY*A_nUfzt-xt%?&$RBzIv9x8U&ndo4L0YO?C z;x)MOOf>IUnv6U=GREiLByKO_k4dBd9PdB-?JS73&Js;w{Z&YGv|3E&Tifq}S?QFd z*GZjGekR&0_TanOFsr8-$1ueCcB{kty+q3`ZSxEohqinhR1Xo|yM z<%LEOrPqo=OU5c+zLz7rqK5=LOAZYBlZb$qEB0iL0H21v5qGc_;%IuUT5Jjw_1x$n z)9>Xjc&GPk2dKUM@rHBk=Az$wyK>D1QhQdVAof;p+#Uz5ONiIp&%aWTL~7dE^RNiIH!3i%k zzLoLjxNvU74?P0mYkaw(laC?GuTOeSn4u0diy-Md#Twq6XW+ZP!k9|G4|bRccPtPAFki)gYKbWyFYiJV2zAJKZp@{@ zhQ>O}-Fn{>vcBkY2eZmp2K>O6_nMX*g3a=~x zXjA_}0Yse$bGlQ!?`@>EuDQqULLubn%{OsY)fuX?K1fOZ4x?B90hCG72{eLG@~j_I%K#$Qb5; z%Q!g5^@2tqeB~G0sDZueXpD-`Ox(Ww{8h};>P z=*qtQoechw0+KX=_+raH{faf|=D*#5_1QuBP#8*2ecaM&AhU1^@}QJIj@KT0`XZRKCE@gVz3|jCRTRY9s#b;D2!R?Zz8SHN zpLevkVSrGtx(O@}P|q8)MCRwqXmoCfxbwZnL3UIAZ>xG~#Bb*=tNjul(ZUCz_wXi9 zI3Bad$!;H2ye?wa`uLrr{Im19zw8}qINN9ssb+ss+^QjqxP(^Ii`fC&(`$F3HVBZX z*@rP7tnBF(t6Vh;idR<~L=R|OzRD0~tGtKk+B+LyVkShX>2i<>r{03ln12aK@*Wd) zyZ$lPPBe6Gk1nLoY7vJ2Rn-~e=x@e&Dxs~C~bM)99}S`3U$By8v*~k*uT(e z=%71ekOUlQ4c?mT0cs@xNIL@COM4zgb|Surd)SAf2Bsl;JTRa2 zD)kC1x?#E^3_%OHLjazf7~3Cd218ukFP8N4lxZu73q>T$jP23Oqg2efUDhW(Dv9gn z93G5G(L&#yzl3NxuKYKWmsXg$05$9RC~Vzra{kGD<00U>hR(v>`@PJB4!?rsryDt5 zdYQYJ!k0oSE5X&ay526Q^ykR&&3P|wSD@R-*O2&3Bv+WOz8e->o&J3=?KtbkP%9_il}YNRRG$Vh%`@T@}gbg<}=g)IBn zu=bcoa6-w@Vx6iK4&v!Sy~I6^HY9pAVpj~Rgg=f>q?rBFsb>EKp7!%*Um}_5Vz;Vm>|SHNq)zNw_RPn(?YA}1}#!46mz zce3bsGDsYU^)W-E@vPR%id&K^y{My)^mCmiGH&xgoqC z|1j7h^Jt+C0$pha%(w7{Cz(xv05GfX6?f8cE91l(mfxS)x{AFi@xs`Ab5$*CgGP)8 z%k)MBn%HA%M}%ukTAlB1_jqG@3Q~8eGmVjYLZBfRQ+sd54o?8V-jaIh@$nCufQA9 zP_Xz*;LNQR66Ae~R?|dy47?)<-ZN~$l>|-6+_b7oIbNF>+Wim>XuaAiRdh-D=I1$@WgV3-8bUSeVDh|_Ld8xp$r+MRO* z2e!`EL$eJqaDjKhkMpOU!JK%k8&38rGoOd$7NFo(ng>y4+qkG2=WO6K=C}4n?Ox3P z+?dTrU~^sN=ouwEOrKOGZVGuQBalamrkK)%H?OjA75 z6ZRW?Aufxd^9?2>l zJanTCchDrktnmt5QtmcNFMI?`m}I{c4AS4zLOzRvbr?dPR$J4F}bDmFvX=H+;yblxXW=07ovZ;Cp23Sw3 z2WOfAnLRctbxMQUKF@Z&Oa-~<4{I`TmHg1AWq&Z2^@oc}efg>H6|oM%YlSV?dXnu8 zu_w{CZJn>rP~?4mFPp2ayXV2^%H>>LchreEK>XIIE0=%Lja%I2Q-CaM5NuYaw)uy< zTO`*R7d;ydE|!qvC>`k$K$SZNWVt5yCEhb%E&OkM!10bN0JN=pqtp-PQo$e27e2*T zR4pVV6|M%gSyii%iO#arKpM^nn<-4bL6f7+Nf%#aCtUlc$uSeitr8O$1t})8O@t!tSohSIu@hsX2xH#P7#aX&qXS9f*g`(~2iC zI-*_3;|z#GPybvD>$>fhH;iff5;G*H+N=esiG48<@?*{YqPAyO#Jsc$jGE|Y--E-|8z z)ps^&(~Ye_wl}};gAF4>#UIQq0652imUaG?l6NY9c#TTxYsQY{eXw6aNbvJHN)clM zKZNh=1Q?r16ZImjP5H*nG#``4W7sYjvfnpvR`gg`%`{(bjx06Jz2s!uSC+|=ebz$y z4;uOD0tD6tD>wYRB@8e;XD&O55*9a*pU|v~@n`^)yHq2Y_ zJ%8Iw8gAJpylw>glzLpAWlcx-bgikm;aq3qZ3~#SxA#;nLS{w{xK+hAQaCAtRda4h z6pQwZhf0{kJwMpC(p6PK+eCR+-IKO=L9s$h7X(y-4lC4jn&ma|1yCC8aJ9|7yiY$c z@iT2#9h2)vXJuT~u|e^^?HO##?Q~JKkZITf8$Ld(a1W46k|ebT&gS%-f$u#B=$z26 z0rV7T%Nx&r(S||}@lX)2$HUgX^C({(WemywX%i*)Z2l_$lU<8pp>UH{LCGA?O*k^7 z#%vT#{+wn-WrOt4mmrviRUtp@(NxsJEVoxz8j8m_MVYnQf<45@(%V3{ zvMu9lYBFzcSo;K{)N0~r)rxd&VIUq#+i9ER2jDgtI2|q6LAO_q2jUOADFZ-Sm+ckW zN(J|azcreRD~DVzdZA%DU}^OXWA@t`5$Oo_b1HGPvi7r|>s;j$HdQz}20#N(_-HYT z2H5iE3Dn__lzvZr?TPibiltXmHQQ55#Ddwm9bWIDLe6t>Y|GY~dNgy_K1+JF8eU_) zh9jUkw)Popkn3$!eF~&*FkWYM zNbN9d(bBH!>7Wo_r|oReW)pW%R6XWQ*ViLg_6Z>rx%#<=p9+}v|Gr=X%kh03)U`y1 z`~bdOr62~m{HRt2>d{}N7DyytcGIjhI+*2Tx2U};)9s^TuH@+1R33nVJS1GQ0YJRw zM{-tynu%36LXbh5zfVGV$Fyj}Qz|34*ntl*m0VS*kCK(|)6fK*P_Oyc+{}>YRlC!! z6rF>h%hD*wfDOIj{NIhlEeS!6n#Dw_ETPCC-(yb{{J{5VO2Wl$3TsUl=J6+yQ(iTY zE91Em^I|;lFo(Kk8369wN`CW${@uQ6u=UqcyzLcbedPW);SD#<{Fa&=n> z#Wu_p6kiGD(0HAs7s5^W{d!urNrC3`?WktthdM7rU}MvdOs zdfKdZW%yZoYx#TiE@E~gAhAXHpJTJEKJkq!Df$LKs(|2x?)Yx+ud%etQ2cN zXbDYuF3x?Wk_hhMwmH>3jLm4*Ljh2%fWWuW=@Vg-9 z*mq0!VcFop0qa5JmVzY?Z9cnc)r;V{6MpIm(jie&T$vOYEfI<^DG&hJYqA*pZtEfT zW$RuNL~^&c8Hv+*HxMrso8gc-QCRkF)s4t?-Wtth_zp9j8$Ffy1`!lEdXTIAdry{N z!mW+oVXVcv^GL5D*<1^nYkAXyPyM@I@=Si}$!T77UpA+k;0OmZBYq#AJkGts68tzV zME(1M7Xa+t8D!|SAZ51xVVzSX|5#JZ2u=Dy-MRVvpvUF^F>LLjHi(=os|`7#Z*vO0 zSh0>4gMBEdVu&EgZzaTobR!e{6rOsgiW{5Q>EkJ+%6vWfhj(`|!B!h24?7hWc?MZ~ znMqR3i>B~1EZV(S#RE0SFBD4*DExwhF8u{ z@fvR9K*&Xl4I{DV2ZD^H>$0d!{bZDcs%=h0l_!(Y;hAcD=%AB@&fAcbFr)HO2ybGop>kdh*ae@3Libuz*Ebv7zHdD4=%QM4Q=b}mL_G3d8ky0HgzNB*E{ z)1yY06O?7PQnN^k7mig~)%D&B7HleK%S+FZy$b!~+4bL<8Vn9Bd%a#ov5s)77 z(1b(#T18NM?@V^;x~gTb9%;#9{{{L2)7MqJOM7&V$FrQ9&9J~f$FnJwyFxad{fwz) zeoXhy45=-BYzqt1gO(z|z%`&1-6p1Sgu@w1fZgB)2$89+;h=&pbfQJT-9<9BiPR2N zzjvnihvov6)mQTw|9{QeasM^5NT)VAH_5wcu-t6o7W3tL>zYyOtvafMTE49lwLKKc zIUP~PRtgu(tzk8X0*y~*IR`HC<@DOv-2_|PJ<}csXf~er_vkWCX4k)LMb(#`THB-R z{^}@bkE&ZZS8UtyWrydATd&skDjrV0?t?6VzC|DqCNW8Gv&G|i*@6eR z_ycLfzwaS9UvG7GrF1$%NAn)Q)xlXtbn!Jwx}Q3}K;+7FGmbY`<;n5<*17%86n?hX zPI(<54xdwv%giZMrz9;?BZ{4M>Ll}5xa0{^YLl+Ieql(alTWnDuV~r3sm_LCCnQNc zu6L)_LN+@-9>vPlSpgW6b_jCR>2((%uibrTfv?w%ZT%~F?W9l5`nTofYs!|3OlsP|$EhPD(01k5gTzvrJ1Sby z>F(zkFGfSKZ7|OFOzqqEc3Wt6(P)P!`@}modi6?KiL^D^iecQF=8(w?bcWKU?B?Ru zY%9@VRzsKC?xpExY)Wt08D0(wBI>Qq9uufi=0ov;R}l#U?dbMEtL4JVGy9uvuHNlb3AMl9b?yz9(Xr4XflDboC)7ucj8KoZ23Y4iuSL zTmQk3$Jk9d43csaw+U7|6+eIw;?U>|5h76Q6!D~St|%Lim|{WT)n!_=zIJ zh1pr^EndU==jCF*?|J1}ap>M6DVlIxg}Kpj@~V2i-8(>5_0Iw$>OB90{TuUc0y>Mp zhudw-An3Hrnc1{2${Ni#u^d$>Cu?-3HCID|@=I9@7+vPvMS){6Jo45c6crFpwL+0D zMc)4XI=fL)4e+B=UGHzb?oVw#|CRE~Es0gLN=IhpQpFIlJM5a}+!DQipqSdwuPyNM zh+zb}->(*&GG2Xnj4+J&uaBR6FX_{H@c5h z1BBL77Z=|nKTC0mEP^KYE;)uW^;jPwvq~gj0iLDb{lhFk7j>}$Dx?gIDWkR&5S%4W zTwv>L);mIVj4M)HQU3_kNe+Ui8&MRAGH5y5#IL7c-qU_m>LZy5z#(CLEcP?9Ud7hS z$*YbFSZJjqlQ#>BqQ}1m?ckfD)JSM|;Ok~iMhK`<^BS&ocRgLd-0h#V%h_&n4fe#mHsr5Z};L`}=uRLZ&<~mR+WkOLu>EEys-a z9(I{{b6wI8s?D2y*(D~4NXRGVz^bUYHt0a*IRQeH1qFjuKC=U!Y8wT|Ved$ub`>p@ z9o7X6JAY_y*raZE&h@%U<~eg%crJ5;ZTkOB1baHDD0@i0c7<+i2em0Ey*jEFd4>~R z(x>S-VONJNt8&lwy~6^yATE%u>@e+5|I9M$syZE_@+p?AAemaYTa1*scIupwzG>RY z=%ig~%y6Iec+H-;YxeuCiLJRp0Qow2hsSs1H zoY>+E-yPvdp}cAKoe@au1-VfN%#W$h%phM2nmRPFeJ)({!a^@Cx>1XO#?<4x^sZfD zUV#2?ePK0?OKzc{c8(~5)wZ{DJ&Z!-O^u?Hq(VhTIVOCbP-9->J@SA`6zAZuC!3F(#BA-}jHb`7lq$VG+Neyhp8zWI|}L(SZw!Y6Y{772aGi0dKF7+*rG z*(|@rg)ChTvY*3VW{lQ(fD}56vuRo~uMhiS!OF^(EnH!_@^8~j?;~&LAQzee`Ht#3 zWEd&lrvbSLwtF0XgA1BGJ2(2`wCuL2Wxmx zlXXw~QD=1d@Xx%mag-1VlQ^H}AJl?j;R;WyFvJP&D_>}@3>*b&gMw_aKYe%VV*YJf}ZLwt-#}uO2rpPO5-d_3dERxo` zjO(+to9R`!FYC!}X+}f8F{0B5Jwu41TJjOt%g z_&?U?)&UQaEYJQd_-!><%)Sg1MCNVGU~s~oAyG(kFmE)h$*BBZXt9E1VKE8>-M2b3 zoIUcx*eH#&99{7L>VS==ll)P=pMz%#`)$~@$Fu$#V-wLAv#Y2kC)JYsNOyjS43<+! zMeb!^3XdQNk7Ew<)QO?J>qt#v^mwtDex|B`G&G6?CSHXg zJb=;p{Zafl^dqiI__FMlOc2erHBa@JD|OBLw|X@nX!NJPaF@p(W5T0rPl0ipkj|GJ z;DQiQT6f^jrN3bmb|M$)r1 zjhnRm4lVEqCT1S1L{9u}ykwJ&(=8#gLd$I8)}bU#MwFgM$G|1r_X2j9Jf+3+_#>Bw zW_*>7u4?p&=^6e`+L&;IXxtgm(I_Jgo%4Ei{UV5}0vRYKc+sgzyBlldfJFx^hTgvv3u zqoq4&1cl-~P;zA~S}!maUJi`p`y7IxqajuOj@5cf<~ ztI*iyP=I}fVmZoMx+q2f)&Rf3qMnGUuQpYH$hl$TMeDn2;x3DnLGkY|#+HNXjsK>D zO-V6>Emf#YISa-%wGJW8Yy}8u}?Uv|DrdcG3-_`ffZUhXhDSrdU~&o zCHC=X`OuDI#Cp=AF88r`E@nb);VJXjSYjARA+DJw?R%=TFvKG{C`vjhG&T161%y%e zL)Y`jZbO$Pe9Ny;#<=#t;7zR?5VpX5#AJOPi^DDuL4=&JAa8>sH$SOV<|cxrjp^4Q z2&|c4YvY^aJFDdW`mHQwkwzS@j&mvb(u0SIMWTn{{=~|`xdNf1)R@TPL{311Wn)dV z!8^LJ#WMRjgC&qkWt3zMbZt%;z-2)=M*bS<@85{ZEOmTBa(4CwuM7M|hy{MR_=Ih< ztlx;+ePB-m1&KCdl#nv`SC_PLvnh1|X%=>V(57IglGx)uKuIQvnbm!;)LTqw(1A%~ z*x1N@ab$>%6@}#yvHi)3)z2*byOtuPFoGgz z7lZR(fwa$2uLhO~TIRSG70qkX%ow_gG3ykICrT)-?1sNSC=|=pbC^M!F-zGjhXD*J zJQ>z{6ba!4#b%8JycWK|@t$BE$YyHElI)G1|7e|d=%f|nmKO}BFg|6J==AB-qYDL3 zk6={~k00;}ewLH339$(im>GF9-m~2tQ1Ssm+0Wjg;A71Z#&0zj%EF)r?n0Xnp$QF# zLwYO4<*@i~c^VHv<|o?_F|`&q{Lw$QO{h~{#&%zZU0BMVB?HheP`!6lTeJqwv&r^Q z)n(YIdlhr2zn>`V&~Kv?w19^krw**Q>wC>MtQ|Wk>~J^lv(hvrPa9VwZpC3fk zAj%-M@QH{p7*#FIkpM2T?6cbmZ$f(fk4RRwZD*X`xUKw}@Z-u;Hse;ayc@kqd~GSp0qdPw7R+ zW47yV{@ADWg_WuYV%8??iv!;Q|8;uDoLMjL8*^X1*N1(DADWDgJit{K6f*;n=1c++ zZRBDGA_z3JhOX#NhvJ}nV!~)yyyf0BO>C6?B9+ez#y5&C!DO(j=Q#*7PX7fyUMace z-^AFxDpItU5YNnW;~rOo>@)cFK!#N8)=|ue2laE!Z3TS;)WuLj zbF|HWv5QCk1}mF^{QYC6YRQHW6D;zSBG`D`Yr}0kW*Zj`FP-i8yHJ=7Ui*lcsuERA z{cde<^Q~Uqg^Mq7Ge`znp8zAls1*4lvIv2;oL~iTme|Skr90 z(11>M63cu`WI|NgQ-9jXftXDgPye?thdxH3b1jz9Bli`ApO+v=!u@B5yumw1A^u$P@Ni= z`V=>1bY)X@*tkYUX(}06!ntL6mH9y)fZq_Lm({3x+IvlMcuXJOlI!d)SJSWF`4unT8}+E9`cjT{2g=r5%h8lix)j6GN7y<#B0`HXr}w9WtKC#?~A zfXElIY$s?(e%-)DJ!c^}Q~W6&VaLuIWtL-3Y8Rl$!U9Hb>=g&XM%loE$Nl2eIuT-O z(&SlHSidhZoxR>R?t_VMH)p{=aX^YNP)FPyZ^Ph1=0=QWRM|1#ZymCfs5oPq*^>hpS7@!}AG453<5lZ+v4QWkbrQ_Aaw|tNj|rm1(d+zWWKz zjQb?5k*8JyB7zIKM>88P408u9I77D(L#hy{75yoaIrD+RsAvfX(sbacH@yAkv=yog z9!8&2@x-o-LfG&8_#nrhGwNL8Y)U~wi9H6lw)o54w(Bn&_{0I-n7x%CXc0eC3*JMa z3OoCBtI6wAL?$e;1B1>iixrz+O;(+8;qC8W2@o}eVp@BYoEeD4-|}kFDvL8FomAzn zXEru*Y?_h6RNiUh!UQf-F%iv6Jn^DccgBR7IT^T?x=%PXI0T#+!{;Yfm`HRUU$%?T z7g)VC>mC~#IdyA(xc!{#4mG&vBkkyEn0g2ER|vq@euzkI)HluFJP|*59NFIkDC&4) zx=-u;w0x$_v4#y(L*_L~YxQmAp{?B-4L9at(@EZxKk^iLH=P_oNgN)v&5k#(mPq4B z_6sL?wrC@r3ukt6{e=A-ZiS|4@QiM z$eJwJ0sqSXi92VvV!(#)h^`)|(Y{^fCWEMjP&EZY9N$tyIRX+|v*7%()QzQlJl(1q zWYlQ4QKE%Q*bjtwpVOz8#i!a-OOPbFIpFcq;NOR^LNIYFkK~SuGgyYYPFzTsd-@zS z`>U-phM4z1%YnrD15jw7@_f$&gMQ4MqpE zJh<*$2vduE`{#lT0KBZD{N@q@Iy=E|k1jl@o|pIP!Iu#MK>NF6sY7t%SEV9- zr!W*c$xo1>Qi=&wP~8u+lnpszMrqSnryKE&yH18_pG9@sWP^NJ2B=kc%s^0ajJwLI zU5ASD#H(%uIUCagm{{OeiezuQR9GOtV7)-{GtsAOw}4Q#B!S_NlBCKVmQ)4Kmm#7=!)}k z?aYk{9w_r}C8%T+82QNi3QIpFt6Cu8FG!tX4kPij$mmT;Uo_AtH>3!e1^yn-3#Crv z(}Qq0XT_d)7qs>dwbqE%x6|+A4?M1ki#L)LT<*t&c{{3ivh z99Cq8mx@5Eo8lhnrsOz6@ep8EXru3vO5xIr0`~+~ffR6Ah!9DS3-14q2YA0Im`z^g zK}Ebfv_s05cm_r979(G<+7f}^_9@!I3BqLxn}eQiKCmc{6-Fqs z`A#>=#Pr>VEx4O_J3dC(*93^VBBM0n6NoeE2Or%GABE?fV2%dI5Uv{@I;M|48|4c{ zeFe{vZp2ODAvPF31`dMl88c$(D;yBlz0DT-hZr(YvFL7&;bzoyu9VUvcYc5z~mb>S*lQLsf%TwGf z4tjvENU#GnMnP(9ul}o78g$k7V53)r9{#x@K)GB7?I zBGq7T>jW1Z8Gs5>1vR?;Iva2Q2~Pf#lB^qwTDnKz@A0si4kxQOhs(D0I19OuwMVX~4nD;LVi$!wWUx;{=ZV=AiE z%_hgC3C3jyj;;MbV5vPJW!J+o%zhKsA6yvApAGImb|3SZ9crI_)5_e(wIWt;szKjQ z;8O4_etZ@DRE>X}BII8hKz4hOo2{NX+ZgNXd{r56Gb!xGOQn(Sz` zNSNQbW_MEIu%f$rV83@K@J9tSs19@!;g+uZ%*e66h$S`y{iJu-`a>`>uh}la$oLz! z$^e2rS_5XMzB2(!TyhIeK4D!f8nw4RB5;=ok@unqh_VW;!Sl#1h&W57 zqT6_yicgBSCNK3$^2ENz%zJYH4p=WSEy5-j)JS{(KzCQc)%*4c|7ZRboJnnxURsYF zx)Du4e3#o~A`tHZ;Z7JLavMF!6hzgF&2_ClT3f@pmZ}sC`&Ey=(Ehe6*6i#1IuE24 zrPzdqo=dDHv9W(sK~Oj>c!A2~{)9wyU8EVdBEl+H9eVaoARtL72-K7dA=9msRb`>KJdO8tCfZTw#T zSORl0m;z!ca>o8dMMp)I`IxcKu#Ndw#odJ6+{M3(tE21V@-tksr}J$@p!@56_3$Uu zRm?X$^ylnuASa(DNUxn~dIjP+av>%|5kswozOCS!DC_4VqDyx2a#(u`j66~e3S&>` zpjg({n(VY3zetDINE|&ZY;M(o!btB(OsP@X!oA zt`DoQ<^EPMcP^Y(!L8}{}qgZ%FygU63C7O+|LU7 z^3)I>G9J6=ElJUW1VH)rdyt9DTNanZC=YxV%MKCgYR#!K{o?Vxt$ATO@6$ZJo@{Xx z$;aq5C2dzQkKe@02f&@nH{xoY6Uz$2Fr6RP6D16=*Y|v(7U@1DKAsC^g{qiG2E3@$ z^{^vd)dH%ES&o$bqR%b}GC2UVMfGHdnwP_({d2oqUG?nnNQb9++82T3yCS83&efTv=qQZ(8(MV80;> zE6eNZo9C;vhGW|B7lmdTS_m^)tC|H9rP~aHy$8rqc9)JxkkS~m8sp`0Y7-zOfX9w3 zlNC-f`8UG~uubSqO(8E%bxo!UO+k=Ckm8y1#Z&3kY@>J^yiH(urs}vO1t@^VQtWr& z@W2U*fz=cOWARj3`g7fY_4VT_!N@-6$#7?F=rPgc(fnKLr9RScD}0;br+o4uQbDP>jIrV$(5)m%{%pq<6O{Z_M$ zYHC5Swk}0|gfLyRwg|;W9|2gH{Qp8fk2xj(@+J0k^EHP}z|x!g(~8isr()O>yCX<7 z2G+?18OX@ipNCj}N-u1PI@^}BMM^b5aPT%3qFG_h-SrhCNQMQAC(XAGY1Od;!+QSH zMlN_&uIhyN9ahwzu>6Kg&E@e8+ngkhnCz1lYt4K2W&3_>?Zo#Rx1k;DG$aq4%exk| z&@DD&Zyhk?E2vcDRd9;KsM^?78OHHC@*9f|?t&J}zcvR74pEyn?!>X@mZk*{-eL#6 z23K4W`nYvgnq!?J@%5y1jkY$1$&b?l)dfPM*i(Fch>p5q`xKt1saB|;TEZ{_`roKb zhHEq}51MGsDAK&)(Md!n`f+4qHPc^u@k(g7F-I%kkFFxZ=uyvT;w?^Zdi_+6%`w6; zvTezJvqaE$*YQFxfa!r|re$I>@f8R@nPqLAa8jJ>T`L(ey-fLwYuSc_#?fKxs&39N zwB?j+;!^@Q2MBe(6;wTW;|vg9KZkslIGyC@m0!m2Bdbt6b@Y4hRD$yuO^wf8?2s0S z6TGcMhvD8j^IyWF5l4U_qpSu9)yY?@PUY|N7EvdkkM3u+Ir<1k?-3Ds5{K0V8dkkX zgjCMQep3-?*Yin|+FDq6}$fJi%u#MNhR=Ebj3z(Q#9d zm!Vj3O3+*>Z`SHH_7d`d+Vl^3CuG`02ZBHk;%+#FC`>^R$rE$}<8%J_IH{ z>4I^#)8a4{-y%FdmKZsh(!|=4V^dT~_j+DQlO&$15k~#UFaBOw9~u7LEM0eg2JSer z@ZTxWBqB{}96-xLIpI7FqN-9XMhq4Fu()n4E4q^B$b9$ULs)%PFdSz+h~YX z!_MaBJ&-|mJC=G269##q9M87Zu2T}y+cRzMXpFPTYOTGu^7xiEi$I&{x0r)%k*n@Zx z38hFNckltCUem^eKuw2OG063+!XT~J-fuzplnP`72na#hF`p~nYG4rod-~>aUxH0! zTauy8K4PaIwejfaK|xvuE?(B{IOi?XJq0rFd(kB`Qls?}VE{77(=QY~1(a#!<-c3Z z?@jZOMvByxkcj#eLDosS(s@R9yBj!8iVc>Qx)C>cWCm}Q#2e7?VqSx_r^Nm>$b4y{ zZ-5b0-q!9HRBg~7!QK9ExJ@x^-zk~4dy1j@)^wJoVZo3*w1hTL=?))%&L*4>S_vG+ znt+A!zk;zTlWKdgJBksCA;rj;{6#OGOK59fAo$C8l_EFOs$a|{@>7rQZLbE? z2H(GnzLjEPWzE$$MK^(DJu}()de^}X3NM* z&8hWc>6iA)79T|n1s95sJ zS}Pg^nPRbUOS-Ke8GNVw3T;f6^`LNf#2T35yF;1BHx(Xrsfpzy)B`A!=?-snD1RVq z)-=hC2r5k{>BZQHHUC2v^ieyAN~Jy!J-DnsOJDWpHmp9C$hWBBw}B{l%K{f)f|uZj z?MtZ9@D3O6P|e*haf|Cep?Bl850iWA`?4x9@)MaVTJ5SF*S2o9n}~* z8*8M$(Dg5oKE`}-S^NPji4GtSZ%|ItJkhxp460qGE34=df`@?S&2I^$J48g`0BC8`v%dN6tDuN+eZ;3~lyqcexu7GE+=spMy{Q)(M4lQt)7F|)n486aQGNlw*8 z;&+9o3rpkr>PD+}BJ$u1fv$|F=;W}`9>*a-77@T>j!&f6QcV$c#mpN zyF>~@{|(~b$h>$O69bJT`lp~-3}GNGk$U(Np5kB@S{!z!)_5>7;5X?RIH}19>Kh+= z;56~Ru8v)rROwq?wHD&g&QXv(eBnd6p!Wb7{*v?CrbHnY*Y z139YftFM)E$$OQifUzRg6DKxgSyOY^`j+0N+1wBVR&j?QU#;8ox)-X#RgWj4aW-o{E$abCs?-h@(LeESGjt3g#f8W;`pNG0*aBY)<1 zS_!ck_^WS5U^c2D!;OzVcqDs0f7BkzFFZH#qm}n12+jdc(tym%$r|8()(7ubV+`N; zw3f5U?(d`hZ$4>r#kfUO0XId21ysK7mvLhI2|#I_=y}2|h2ZPHsX&*Myzee;%oa`aIfV!Oa9Ct4g3>jgp>{LD$<#o=bJFf zyOYr`gYK`WX1W04A(`Ibq}q%SMyzU?EIE*Wcyp6M$TKVw`Knb;p{BhA9$^XAZo>MY zzf|N{cw8J0>>V6}UXWDiUHBnWkmWi-k?>M!FJ|4jU;c)6XvMBHwNg?k?_j z&g=YnJKtVE88y$^k`W0Nrs}5j4Jw}r7f#>rH7ztPuBUem92Q1j1sArbrVQ{;=v;P$ zb)}==+9JZ*YtbsomKB(gA4G*{y7P*({z@q0Mt@p9C~)Z+1c#{aqz{XG9?O&wz^S9>EnD|%)Q24+?U7DiVyJ4ah1S2LIYqgGE| zbMDR{6cCUa<^Nl)p8xx814}boM>A&^23JShzd8mE>s%-ShzZw1P#qzEBMxz>yrVbF zgL+rpqcQkNN1rMfo5j|3RSRWQ6uPW>-X{~1 z7H4BM9Rg=PkI|#-;9%3Kr@foMd4Ildx^J=|;uGvNq0ppehLvC;XDuDUkM5x01Gq@2 zWYyoZw(Y%o2^n+jQcRgfjEQFTn~O#P-v1~+vmYP&x9HeJk=nQ%3_;BR z1sZHrWYG%Uvr~>Ry_AMrtXYyWc(ngtg0MQsI)+ikq8q^wO`_)vbJsC&PQ2pp1V!yW z3g2OQYNbIWQ+Z(5CsQr!KI~cvRr8aP^%UsIA6jYuoht!D0E84d9UP93H?i?`$^>il zve?iLPRE`(ztu3^I)Ek#j9SQkh)=<@TWj!AA=PHRo`mubVZ_Oa&_R{HP&9* zg}bw}c7xAGStI_(YK`$v>K!|^ncvDpOXDRjbM3A(){rfB!DV~8^KTO(*&NW`}E?8Q*i2*)Vp{)gl9NJu=}-PW%~=^ zCvV6V^1&e>Uu%x%s~h6BUs;VuEi_l{bjZ3V&&0;RDqD}jLR?*y7NO<0MB)S>8tBpG zug6)-181CXRf3n!@+r*m{a>)xIo%9}mZGpK_2NnRD)`_%(V19zO@|-}!=YpD2bz_} z4hQH-gd7|-*UOpI5`WzW+nBjZ+qSxM{eOOXUy088ZW*`*adu3!pJz7>WUS}>hA%(J zUvOW@&y;ZlodGBm%-Eg0lzOY8EO0mfQv zG3^+58h@im<^@|+2Vp53EbB+15;iRMICn85kkdZF`PboVCYb(NVo1h~r@ovr4v7MA zoFUeD*DRKcIUSBepTC*Qj^sGF8V;VEx0wX~U*cWKw5iEL#6_&|X&vK^z>(Gmkuma^ zW#G6o;YD{t!;_f3z!1WBBRTjQm)-{O%#`WMW2=e0jVh$c`&hZ{t~hNq13g7IbyX0i zjR;#|!NW+^if+qwV|eX}`^&kb%c;#B^a2cps=wZq&XfX1e(HXvo3einizl(!cr{+Oeyv0GXNm~bM6%il_))Hed z>2yehuxOAxZxp48nJVFOZDQDbqHN>Aq;1ee7(DDZLFv|Au3n_j^UzL|)DPC%FeT|X zc@p@dBtIV-!C6jl&60$xq|1?t55kEViJL56NN!|=ZFZcjP~AgASw}2=?gWZS5QL|5 z$iAed`eaPr>LD8^>nzg%1=$ws0}6iOGb3^^+y>hgGs6F7P%Vpy{_Zi?8-RW<5vYm7 z+7}d!qVp23Z=y;rgXcQJV$nW1`W!&;u4 z!Gpim1{AQM+tf(|+agikowEyr-PzNC$$42a2lB?<~0X)QJPh#Sts%~ zhgpJOHA<1k4gU>>_z_!GhwofG^$1fx^=d;yrl^$eLfgiBta*aB>>;70Xl0`a26krk z5Ipc=C~}6kvtI>q+~mPzHWu`RSJ$`Xj=iyWzPV0;UC%?Xv#D)CnODvTtLzE4nF?9q zr>~_EXRh?yeG?V@AfOBlx4ouoLnvRM-{8&H&Q7anG`7GWbocLCU~y`Nt;P2dtL6W7 zQydDM{J|~h(=+iw3d=s@8!r|q*tmm)cApN_b!ccO(~g7!u~`qx(oL({S2jdl=)JXM zY7YzR5))w-irSCo~c(U@|eZG?wRVZP;hDjGdyh^kMG7f zs&h2cXeq4%5eHsuPdZ$v4#%=D_m7eZh`=I^kJs3~$`QBgD|U4%R`YVLdRO8igO+uh zVC$%p!jVyF7h)zF?OcN$u3^gzM`G?t9p_>%4I{gtFvQDE_$2u^evJG1PTO$atL;#} zlzqY3SD1TvChoPOy38Pv!g}_1(#g}j-${m=#QhXzf9)`13A*#7|N8F6QVMDhWf`^B z{1NIW=i)6Fd;TvwXze!>fFJDQZ(4+l?HUOnh?jxsp#)vzA}}qy{clXZv&A)8CN)S1<+jU%?d7BU3~M z2oR7UED#XGe-KQWIM|z8S=bplGI$x;+16-`$IUaLZEBtgY5|j(BZHz;T}XiPLJ&ik z2T*ooHr&9jQx_hpvKYDz5c z=?6_>^%!PPIsfT|%CXfa^T7t|Y`vo|T6C^cQA zPLCt3b3utEiT9T%k6CUFdFpejv??Y$Djw0N@RNQ=q4be{^D#6@J~c4|L$-(VrgRUg z1oPs2a$bR+!03vTpjA_&F9iK1gwi6^VfBY?Bv$mhDPwTQZ4xD{)_o*Kh@4kWt41+1 z)Nacu!KT)M{J>{d8T5W!5Skx(uOooUP>W;*I#V>6Q3Mh zA?cah#Pm;ZO_#T!#*6xFQx8@2Yl~bSmHzuneBq{dUa$!(N86nVdZ2=3KR#CdUCbU^$ajG>-7`MwIU3*yKz zvPlmi-XVY*AYc$0+S5`&-%k{#<i_s>3PgY^MTLGgG51`zNKZzBC3JD zwLFhCP}{yPDqj? zuv8PtAQ4&?#pXtlG3j_)kg4KOFetV158aaCo4F`)zqE+U^+PU+bt=CGAb1b#8uiLq0N#IVO@6Gy0oY725M;|sZ7J{Y%`Y7SCTU4JpCrvG?x~+_^%NEePHIXU&<5% z0|9k`0Rb`p2S06TW@Kt>=Hf!{;%@Rk$EIqZ^#&8tU&aeTxYDqr`d|^o?yx5nDp@I_ zXKkxiS{m6XHhq-251-+r&05Z@((pIa_@lpG4j-YjTdHFmFBoxz%Ty4YGz(2w1 z>5-I@3#oFONu(3St*Y4m{i1{!L+;_c&R!>*y{|Fer7T6988L9k^_YkU*aER&N&p|F z=M(Q)wZ3f__bnHR=~;YQvP4G;C+H#T-=!(pW)i|arIPkL_`09!@knvoCw_*euaF%V zUdoq``K8EDgkbqe-6h_&UL1Uh4cgFYNs`ZIK4l7Y^qMF-#;7_(oE7x13$}C3}Y!>OoV#ufk__w zsBE2DdGgZqV?=HN!O2II3KmK9r8R170C(v?-yQfrhuMLFjBeCzG&4%$Z#!9+I@NjF zPKWl)v2?ZE#Od_>!#Nv-)4i6fghzmWWeM6R$bav0m5)t5x}WY|!~9w3{%2io>uO2= z-(B*hmYu_z6w(&~^|w)@9aITDcH;W!!I4~UxRH@;1%73iSTid=m(80Pp$e#RvltRT zo;jrw0T=Al>V??B`alO(#RguNbbS`h->n#?CYE~AG&FcPTv%Ya;7h%s!JHmI1$x6u zZ&I7sN5#3ki4JQNpmn~_I-Ou}%%IgMcmgUyB+R3dVh(_n8WN?zy&+$un=2m9&Ob-w)r(Rbvj z$(#7}f7*d;;KKZ?RtZ+h9{YB>mL1lHFBM?BeS^{&gErsv3yAELNW(q_1JRDS{bg0i zpj(Binvq9=?OoU0KW$&STg|HzL2SizF*Il|Y=8szRF5Xnv{3X#0U-G%;=OnbHHqV> z$bsxZmfRG1Y5=~bK^UJjXzx>&;RmsUqhVRr3qzH^UrgZE00SMSey6@d#~8HiH-I%^2GO@al zcjv=GCbjxhy5?lNU%pQvMp|lejJv1na$K9!#oRA z0M>yR^L9hElvxtb!O$1MGFBkQ@=uzKwv{$Pn@&#{g3cfFgAVRn7y4R4>xjj7e0**z zMP@J=a*Um#J1YT#wc*)2?d*HWJ~s9FltS9#Pe7h+!bZiz+*U z)uaDiW6zJL~8A5LThgqh=MgMh=5T}U}9Bs{>o584kx61;a*(Y=!_?^XY7GgNs*WGcuDuC6J< zn4{{H!ZOX}5BxsSu`=acpn(Q zy7En*D?}3M7d#luMKG*9zd?PL-X4?>+Voax`fUD*Ng9(bTznTUp0a>@r4`MU6aIcL zDe&@{A{wZB2FHV59}qF4yhYn8JO#6PAhjGqkbt}~mRo2ji1E(fdTnlOkuhzCVq^3E zzPS^H1SGirSJwif2kfkabV~C$A$-=4NckC5S3|HVv)z6a4A*7$o$7kfGJPt1W%Hjw@~?E}6+!I1f(=cHw>_t=+= z*i?$3BoTrf3AU-$_7DAJ?P)_$)(Npmd{&gVW?h%&^LRkQkaxL+^V58Dby30&Q7D)s zQ~Qh)O5MQZlxztV8eu^6=dT~y)5&1MQ1Ck&qT7S1yE@nY1$woqY`ooUF-7KO-!t(+ zd-80}^T(j<&WcsK4BJ6Mgx%(0)a^XM9cjYXnz+FP5RS-jt)?~T3nOo!}`9frA5?&t09TiBYdayPk`po?5 zI8{geAZ6UaO3+Vh)wr2Pp`UCR+bhMHBvPc)f`-ryV)6(OkKXmj6BCr)m4TKn;glEE zQ+2$+t_~`TZ_3B=3mJp03o*2z8D!+Cf;$|2BMnTnC!-0uWeQAwOkz6tYqc%*WjYxG zR`NHclP}jlF6eqz0fBbVf(gZf>{};G=jdmK5F@Q!o&~dZEUU%o#dGds^;u8pki+pJ z&j8Ul8!)aN3+d3v)(2@#N#P&*J-Tm}*r<7r3;+q9=-2&kIGKV{nlxroYI9Mh!Yrk7 z=4d1@FHTXmP3%epo56FSl!`*&z_Q;?SKCv?{{}TPi!(f4Rwg*VJ34ge77w7VtTI=Hy?^b8o%EXs!O ztLCFUmX9$hVPW~05zQs;o0_8YYcY?G#20H^%XQr#IN4BXPXQ zaIstJ4w?Jn#?Nh|qI4mUR(m(`2$qN}*C|fhCbL?#t9C13`h==|u*<_nqT=WGMcQG- z{1i4a^(fvNO=n2>CfzdFYuRme4X(V-ca-tl7W)zkSrPd)bsg{3X4M=;Anm#!NABfDQpH$ly;fw7us^fqw)_Hettu z^+B=1z`u7%HO=nSG}si(;{{6`z%6L-IP89>5pj<1fuMad`|$@pLqAx^NvKQQ_qmVM z`;GtrXLaL2FUb=nXa&tF#Vz2_NgGG}U_6lU(n$#?cB=7o|NC`AcG5WC@7$un-{QNa|DJ0wzD(xb{q)qvVUGwf_SShpsR6f%YeI!1c;Z3r+ z!1;;e#@bde(B_es1(Rfe44^^R$0!APBc$Y~`7giNERF2VX{KYC?olq|r?+H+^py4zDdDZs1<lZWjNR$|T*WRRqL9TZPojQYfVk0VTvy%q-V$e7as*O$VGiT3y0x z-=19swSS&x6;gPyzTJvHdR28)Us=TiDidMn@5dP}|43|WO*wZ9_k6uMoNzf+C+#Wv zvWjqbz3z^xO3{q;UkDvGAUvvpfGr1eQutCtK*}?E|M=~1A;r5$2}!{dz>ugn!<5~u zD-3ck^-etDi>C0?>pkcgHs!U~3-xV?VzW=q3e5cEw8C*s8O`C74*^q-O0D+1O=9rti0h=ydHXZ>HzDn8u8YTy~ zscq+i=)iI&jrkj^eq7S;@&)sI7g8Wv)=4fcpGjaXC`WIv-6Cd_y%T!Wmnv$>MFi5q z#`H##`<4aTak7GgeN90Mt_1&^?c){d^L+K*;tpxN8SWyV{cP)8LKf6c<|clo@X1CB z@}Qov6+4Ol3AvNFDg${9P>WH)MGFghQ3ZTmuJ$Wj^S0%m*D@mLYbqu45HR|E;{l?O zYSuRaaHZnwaj?f3&}VqaTWOeG#Amow>tI7CDXqD_VD54D+Aukx^<2vNbP z1nukjWRm&$T=0Bt?=XA+|rXF4ct)kcSOodN&)%w-Dq_HY(jdqXJFe)bk(l78vu})YQt|2aBIM z&<~Oc>g*~7#er@=Rc`hIx;+6Q3)9-~1*i)}A*vsRozYiU1>(cieDKuSU+hv|#j;1wS>ipEm-OO>?1U%X ztm(g|PCFOB#!*OriOf#7uKpa#JWgUyr2_%ctnq3}e9rIjTqU?PcaeT~4r!Iv%@4wQ zi=#$$_WLp76N)R*dd%`elOLWVPp4!By`slTiv@_Qpf>{+;~mYOJNzx>3&v3P{s^oG z|55E;U#OXjH#wD`e@)crA2HB)U`l7nMc-EofNDObmq4uud(UYB=NFB6chz7z;~TB) zpNgMCiVKA)1F`}&4&mxs5bRS`0_3nhX&!f0b;s<2*48Fw>O#}MV?C~dc0T&7xl%4m*AF*!R ztfbR`N4LLW|GS{&G9eZr^0T>M3Gtr^um5XB>FDx5cNZ4b55TOl%| z^$iA#rhrtYq?Jc(Q9iX-|1sEHl{X3ddaf0mYu7*mcOou(xtz%6bTIem%N8V&m*mM8^|+Fktoe^!XqUGAwe;f`&X6t0Gaxt@EQqcM&N#3`EtAHZbu7 zJsg0QA|me3a%dot7cfAC&Do?7mujo}7V&ZIR+S`@)Xi-mdk6F2)|^nW)=!?EKb}VM z<;6+1iD3Ttywm-}sAF*Ni6K&;*eI42`#v6kAM_|~9*wEum5`ttQ<+&p=T_CA-%BXKN4o`VSOnd&t+sF*X~PQ z>tsy%tNRS#zirN&rCd=tZs|%98=`Z)qeep+HT-tIAd-%Eviynl?*irar7gE7`}OW9 zPVsmg`-qEAv>yu2228)kvh9SZCqL&RTM}GF^SLBfe>%I+v{F>&Yfr9Td%YEwWy;qX zdBp&ne_tB1sGIo87^t)$)Lye_e!W&JpyRk^qj^7orS*$?<3s%kap23B`?{hoQTFb6 zXcJ-P@KqbJffq4~0P9-sR( zYe&GoF~1dB*2YY184sh={UDtjEMVZM<4NLKPBYdOVM#{CX;X>ge&@S!wk1*cv6M41 zv!uO4h}SDPW6$N{dAqo}Zt91>*6LqiVsu%D+ub1sptv0G=?skj@8$^oT{^b#BdLpn z|Nk?`|1GG?$It%=>Y8T(SmH!>h|C~PW9V_6P(f;u`wN-wHEtIRtlIP`pVu+TuG#Q2 z^eCJGU0&CdxbKcseRja2@S4q#O%mJ4xN=WR(AuXc!hMC$Cng2Pk8n#wu;ebs&0Q~2 zHSycHFiFa+QnHb`wZY_~z?^y3;9*oQwHCdQdL8xeJG1Pxp1!&ajcVZe@kH8^+w2RV zX|T4NJlp@2`aahW3yJ%1z^e{Hhzv#1@epPxFil~_3)h@7ug8~l5$?csI}H6aZI(GW zp&+UKGEZRtPT zEY7|aY+5JZ_#XiEwz7L{{#GGU{>9L(9Hl{tS{w`rhvS1Y;ZLTAfF~4h+Dr6xW@%4( zfyWJ?9=*0_g*+V};k6%qG7++ge5F|Ww}_m=ba7HWRdGTc*{JA;ai@ktggnf!s!VJaUbjQt85Xqd?H;_vgY` zr@pWC0p@=mS9tc7;3Ev^v z(fh#I&OBNv$yiEmGv1Y;rjo0x^vf)LcQ=`pDUhr~<6lgsU3I^A&u>bvU&f50&r>jc z0a?f9`78)qtKqTJp&wm5y77U~63%#8J>=Li3>8sU+;ewIwk3iL7lD8tAQ=h}FqZ;) zx!3J8-BiNS#|7TBfdvZ2SH!FVOWcie8HG$)=|g#SOERej*!%M|`eL^jVxfB;*krCM$lj(414M5eOP5>%c_APnKE4;9bJd18aOr0*j? zYGzH@EtG}WHinAXq5lVE?-<>Cw5)5!ww)E*wr$(CZQHi(tk^bIY&$Eq(>eQ`-uLc( zdvxy}BOmhV_hrti|E#y3dMir7w(=KOJxZMZ5@`o}@vaG{I<1JlMss!v;<(m7TBQLp zNkfzBAnM;M7ttI2B3I7!OBN1)oHr3psXqmVs+MIztk!0d_Py%AB`7^_W@V&D`*EXu z$&QRxoibX!yF?U9c)M0R(B~^Cp5r9-182LR)?xxaxXAwmqR50@+R4O19|$f#P>dJG z0zNMETapY9kW=Ws{S+zt?6AMH`=}Cp>Ae1BfEpY zA^IpvZR{$m*yIuT;Myz8AMqWT(F3l;oYhje&iDlH5I)df+&rF6diE3wE;2H!xYw_v zbHm=iL9K|^9U5hdZ%XOSL^OC#h{VTkV>MN9bkfbvV_4ZXYkXQl4$R;j&yOCNFQ$z` z1*_3^8p!^}+9V1UIqC#oxvEkcakAQkTfchVYnoJFiD&uCHa{(zw<&u<**sxXVHnO6o1a!b|oy8S3<6ZZ9Q zzt~D@32`q!DKZBf0D%5Ki2xI4M+>9>)pYDu`QMw47X~U&Jg>_SC=dn`g88Ew9;}E7 zBqCUJu(n^_jV5&4)hk0y52jLf+g?ob(dVA9mf-t_ zS0Dzwk_e;G`7`P@Vm|l~#q5iw<9Qg$yuz57+}E>`W~UT3Y$s z7-=2~w$BJFzt6QptCFKpb7Ec6KoKHQ1&;TyZg7;xv8q|WCqU==1JRzj!~CcD$9J=j z85P|b+B8u}0!ZkF#YDqrL`m+fkLP17vdgm5&iP;4Og@HA-|(`W;4ErOV0P`R@aNQ; zCeE;T{4C#uIX)yi&B_WyF2^ly)*m~vMty49@#G;FhU9sogoJjd$Y62X)4(>;>RTuiam*^P9nM+;2< z>O$fa!pAE1`fFRJO7)6Sh`54fsl6rbgFN?dlV<}`uHBwC2qE*%{9R>Ayev- zhOe%dWK9uPPlE8xs}a$GA-j~SCT{=HvjzIHsk04}EzI+*{Vx%w@xT%e&fRsdeLdS` ze8&tq!xU9Q$13`=V0o}DW;O%a;mQiduLt+P?E%%bTv29GStY)+3N(7ROVZL`@s}oZ zWJaG|naN~XU~VNKgBPAlo3^3&nL932Wv^w@Stl&5$r=UAeqx0aTyz7lB4{2Ir1061 zh&J^ZzsI3pR(Jw(__B;DP|Z*T_+v2}dJk5RdSP6l*Qnrf^ggWrcus5iKD&jxHOm{> z4{ZLz+1@|!Vy6}bF0`YAEeoZ&(PWDa)Is%p#+!#Pn=IDk)XuMnVFPd0V%w?a)H0$- z*y-T+IeRPEY&3p-I!k__!Y5**i38ON_*H|21cb@Sm#uKSKH8YJb?O`KV z3144cJo27nCSEsY+@XSI-nS{V^@6;5^c!5kt;hF{k8g{dm_7>Fav#Ei_M_psRRu#$ z70s9{v*sfT_p3+aa{0m(`ZD(I#|aEIZ{!C(34q`{`}>Pjexbxh+Qae20k!Y(a{I|f z)zxYJGTrsn7Z^zS3(X2&GC$x&=W}%zuLH)O#+rHDh!!1uYfmM$d*V$(Z9(B22vDf5 z>lgy9%B@3?oH8c3V@Z}K^_D%EOodlxRKVh^3*F65LPL-x#-Be>fKJQ{9+o@tXGx*H z@okj*!Q-MYfsPwC*5mwwOQ(e`5|ZV+8rR(srdNnu9!&5hih~s(>f~JZnIs^L&FAA3 zb_FbtpB&Z^Ea3q$ANFQ;Q;HdjarlU`{V*3!KlXk)Ta`*UwIbYOGv0IxmJR0lVj&CL z9JH@+tYp|>jHQy?SSwia_n!l^C6fwC+}Q(3%o=;L)iID|7?owD2>XmFsq>WPqET3u z1)wiUU*N$NdY_G;x%ziDZKyP98gX-c3M8WCrXS}hWV{86IYfCu_hQ!vaV@l`9#!E_=DC1${N#`#OB0tJ;h*_BqK%z4rKp)B!8`A$m*bHnW5T9uZ4 z9Vn6fK!Nc(D9t|NoIm_Is-)Eox*Mn_pa~tKi1!@w8SP42O3Es};Ur3#qwcBhB-~f$ zGQn`SvW(xT(BZtNpc%~Cc#=7F#u2*7v9Z*B6o-Lg!yaQ}&CzwDNHLw`XgGrkpX|^; z?N>gcIf7_7WfQGePxx2|MrPcn@Y}|r9?gKL4suhhD9Sll@-q|Z>HJEuJOB|y& z3*@EP7V_B3{!r1++y045Pb}aJU=iDiFku(Vpv;(UFC-soQc&EZ-46Vi;ebctwDUX6 zXVMIq0T9{{A6f7JQ|AvV%0Z+0F;xAe9uA*E9ZAt&U<8w)idGtvas#Ojh9MaeXCXt; z)DEBin0*ly6lVm37yQwU;WNr*$$KJw^1Y43^Mod7bSP!`5JN3lz#>_D8&WP`&u$Rb zo|6F(jjS4I05KvhZO}wXa_~zge@NH?6qpJ~j5|}p5k0VlD;)sTIDOdB0wY)hhXyss ztR@SbU{mDY1Vui7S}_mu=!zN==qpQ$Xz1LUTwiiNm*v(cnSF6h& zC60#UPS$%vL42tti{;5Ju2hn?+k_v)Lfguv9B&L~()j3Jo7dA}x%#~!T-2>v(RyQW z2;fTdBsd4mpTryNV?pa8G_#rJzf9BBxSAP}Y;dW6)no4XK7nZb!oZKU)tN)e2}wAd zx+I@uFYo6=90D~O*riikavdT#AQhp!h(c3KMreV_1_5p@UERGPs6f<)Hc`gSX2Ecl zJix$fLhe1<))|CfxgzR+?K(FYJL!VAVUE??n&4tAKU3~<5BPH<6QmNe4F85x4&jFw zY>#F|+du1s)GsI*o^l3>te4YDp)}Q9glS}L$geTkC_GMlL5eN2>5h&pa%-GM-MQES z1@E;@x}WKBDkka-9=W7NsSD1Za)w}9$XtuGh2OP!FKbw|j$lOgV?kC@%97oc(&_t> zH7G+iZ>FC%k{6Y;#R99*Y{3Z8i(=2ujESdxsO0Mum&b-|VG-(Io85Vovr`eUCE!vQ zUVrJ`sfz(FLdxSrUuZRx9WKbJ5j!CbS}t^u3{YLnub)WN)|hMjjqC>0u}(i#!->mF zmR8{oIc>V}O3~iRa4yCytkeI>qpwOXijUXQRo?4Pbd_Lg9mlld$d;)G6yp?D>m@F9h-~a4?@eXMIQcJR-*Dcs`vIg1)_x zBeX=i9Zf(#6X(3rr2?SEMNdXbTZv4mU8bb@(#p6nP{$sm0o5LOW?$a1Rm(x*>nG?Fsv?B z4u1Co^eb&uxrfwtq`cpLohzg#lw`x-RPEHA{=iB-lD=R&%$8$JD6$cdfuE0vZ2GEK zJBsu3eQc_PddmWncFoQ1rh3t;F0*GygN^m$cVv{b=K=iZJrp*hj-bL-Q8`~TAN*GyKXcSHuWbUM2k~KXZCX`a=y;jNR8yGx_BCJuO?R9BWIm$AUgCh|@-)Q22In^g(1^ zMnIN}f-Y;|TxRJTLy4UA^RDo-0va!jaTzD}2oj9MyC&G>%gpZwoEBu_K? zP$>zcabFBw{sMI?A!i7p-M4@DUU;0r>=`_nuAII6cc$^5O8T7xjdb`=-rhS6MyoxR zg6UvB@yPRChHs6MNGY=(rOT zPD-A&i)6RXiU>u5Bi@{V_3H9ggUas6M9#boNJAZrq`od45s2Iq!pPUg5Wo>DaG|&# z%2zjN06|oY1Wz+Fxrvs9^qL_hk$7D7GLDTfao~XBiwA8;9&?UiJY;tl)1(TLmdukd zR{|E}@y+(EwX5|s3#m+PL1BLP%z$1Qn|=+UF3Z9KmK|LdW&J&I*o{2YqH54rlEh-UVVb~Yx?<|ZyqjxN^!Et=&d@yQL+BMd)_ zzry_-5T<4Dkbh$XQ81^nVb@67@<2n-H%f8S4lWs~4OE4o2GYre*Yz{4;{r8*vVSD7 zR>6a@hR96#0Hb1C>O-e4Hg2lco$DD1ZX7P0MPRdfLW5ux4rNX7f@nD`RTF{DU{%M~ zR>^plJaU4L6kd$)n(;FpIf1}%f)Y|y}7Ve zj7zJmQ3h&KJNYi2-v_$@oDJ!Ghav3?b?OrOYi#=>{M3`xOmq4mZauH$p2w$7L;) zP}|MKngp3bB9j?_qgXlS9*zCx-SC62J!Gwrd+@`alLLU0TIN;b@<(VM119DaGL2p;lg)-d!^rAeS>J zwPNoiEv765*$VVQ2iG75S!i*5UEmdxLdr=sB*o#tBC z!ojceg)m!+!htHS-ILK*>T%`n*wgc{Vy;t(UD(97D>+GL4e>XrGbl9*S#q-Q|7cOm?LO8Q~DpK z;^%UxI||NQa^MJg_Q0V86-E7cQ8J};bL5uLT<7>qWl5~G$VQ5;o>(#SBOZ>~Cnxp1 z7%@3TGp9D9*3`g}qHG{j40~QYK=UaJxGY$8G8c7$yR})YFy4TOML|@|CW()lCWdx^<(HXMLnyytcm@Y!h2m|O<+ z#~AGDFUtr3`ORla4a8*>^`sU(^xIg|s!ryD!H4sqLrW#(u(sc3%WXh!AEp3d648CDp}mwr*k!)!FyyL+Hw=Mv%b3mGxw-$ zrrWAsGYzco8Z@3?8Eu}^r=&`48n8a$inDWuM?ph%53AcS6ob8(`QWkc`dP}UYqb^6 zIo-3w>*t?pd-&s~|#t$Ys*2UjlmCnk1I0p+*lFA_v(LL^!7;A_Es{G!>s-VY$Mez8PF3_cM#Ir8u>`g_0xbh}mu z=3D!~>p*&az|lT>qQBI|!7@+wM9kw1JRk{tB9n$wiS=~7t4N_fQ#TKjbO@0*sfWyo z%;Bq8F<+vipq^T6X@!z1rAiY5FGWBHfGPdI4^dw1DcdT!~pQ*#qD1$=Y zVuBN+u`FjpOtfl;2a6|(9|45%z@<<=O27Ca$i@!|I*BZVF>X+X$N=(&5Ti2-1wk0@ zBu>k-9R-dF%M=Zm7zPq=6#R=p%FF2S$Kbg`MPDxyFp2oZqP-1?9)NJMIZm1Y3~o2Z zwy1%K#$ij15wEY)%W8;P8ADi8O+qaMyDElSt*3^o31sq(Yat(A$UDNuu$mHEdIBG;}vqu7DKc zL0ZH#FwP3@bE+`lP`<5l+k8<~Z0>9vHp#;!3CF<^cV1*&`A{Y5$Q#01@iw8H8+0xW z5TnXdzUB)O<~;8~8V8h5a=f;uxCIV(pa7)ej45)l?;VafwBNsD9rDUwLwnGLsi0{R zYga2mPudv3BeOGL(b8`bDB>A22CoH&=4@r^=&#f51&protPmG!gIF8Msm0*C;_o38 z>1Gzka4Ay(cpwthf6@Tge0^~Ra%EdolY%U)JJP&)X4&b1d!=sFxOq;hnSfw!38n+n z3jc;ye@ksI#9r2q3T0z3`ArWHl~Bgt@i!ZRg;JB0Xgb)2&>3|D7KM0r-v3e-RF#Bc zf~JJ&@;L#7=rjdL+91yuC+sRhDGbZELF z97%xr>=a~hXhANo^E`-dT@Xb4c$K7s6$Wx8MB6&NvJI)})657@Q^GJ%s9GR>swz&S zjv=HeXorYozVXy;_>`G4Y9$f&H(hV7NFcX&y}mgZNir}!<}k0raXh@Ok%B1sOV&+* z`2)YJY>|Psfxx0g7ltM3+}a1nxru_HMA6a4V4FZpd=*ujc;9|}@wy@T7H+6t##H?U znFGeobt+_W8LzM%6et$4sEYx$Q7F>%$UuCcAW&MO2$q*Hh|L^OqAKo!lhKFW;Nc9? zVVN(Or%GzUx(^dH%NTGfK3`!oVW!>^50M43FuG$QKxGp0b7(^;PlWFBpm+yt;pW_S zN&X6Gz*4Rmo5Nw2mT(LLlIaX=I*Y`Srh~RK*L||7A9ew^5X&*oYm#TB65vhpa(?H> z8gT{Q&s@D;$o%0`2LA3lMB<;m&R_sbaU>FU7sCO4nXVl4#Ak;Oe$@1zh|p9sUrXIn z1DjdOEI+Fin2@ZwgkFz^qh223ldV zuSqH8xLK5u?nc4qm-|P|j*#YL7cP55qbuZ5 zz-Y~||I-9Bk#4$;=3G~MXS24JSGy-?XEo%HvkrB76uZghCxMnF%ktXr@MB!n>(TyG z*^*(4_LsYl)A6o^0*r4{Qj|${gAA&hjdDu4PLKm;)-4=MN$+UIw+{jmi)m$&22|7A z*T=xIf05?Y1X+!_pVF;WHVTRut*4i4r0OKAlnwE>50+ioc@j4b@Ec$J7OVy~o>Ump z11oXZ;zr!vBfl$beTk^wm={az*X>H;92)kf;mGB%BTH{)cXxVco9$I|J8)X%!yj-!glBx|GP7sLudapEEv$D zti(j7v>xHj;76J7i&mFZs=;#5z!Ygvzx~HFP?@`w2SnU?4L+5U*>(SkooU+SRaZ_o z`XMJ*u28uT@1X7el)M1HW!}EW!wX{BTP3?Nsshojrc9Hvog$Dep_Av@i~5BQWqN@+ zeXw7c1h8R8ZFg6aYXtIrq5=&DE+T%uR?(kqm4+FdzB16?IstE6!5hsbstcUnAC(@# zowFD*7UeBEy7{K#gfZ9F@ptjQEN=-7Mv-PDRrM1D} zN77w76Vk9e@NmRBA$HNslsWY7#E6U8GMcq93dc-4*+YAnkhirJ9J*yj{`1V~O{|-L z*^#9>b+oBh6WNUzIWOMnwCtA)n2VY3U$$p2NlBcM!+Le{!Q{u zlze_D0P+;U*NsN>&4ZepUiiVz8+!z!{xKDIR9840=SLTlwn~x!rO&qpHp|~hF zFD!@C+A94Py3;)q-nDdq znkXK;#49@$c%kH9Qme1z7o&kD8EOsc7MVNXm92OyanzI!=UEV+xMFJc!C?A*>-<1) zxQc)q04Lm#PKtdk16xm9N=ZIRUQ;mZINfQnZWl(y3qhVt_(=A12Rje*ib%ugXfHo* z5e^NV{l5;9C1B^?nj#^!P{#!`Mok1?-ySd~{X252zjH?AC7exHrjoECqE8s4J(e*( z3qrBd1!UM+wFVu${;2u`N0jL79 zioHn{akh{j_5&`yVs#IhqDyzq5(32XGuZP3MvUy$;Q;x14*a0%XY=64lCz^fZw`Ke z=joi;(+ic`x;pS$Z3Z~32H9yxVLiwF?ebRFbes2S9MKqyPPU{A#b#pooEp;eWNV?2 zvLD0KX3QIKpP8|Snp`VcNJ1Xm&*19>Js`c{!Qev3c=}6uKiSvSMYl@b_puZ87rRF- z=epu(BVo41%dCw3BGlN6MStITIW1~LX4rNEJ`^WbZvt$HPp`*w4WZ&$bh)f_senst zGc@E?^iYD-B9Jh$$uAqg}8%Az8q(x$wREVm=>f?UOjL5-m05Z8w8 z;*N`sP|%yw)U;oZC!g7m0)mn4m1SGZ#s5jLu3|wS*T_$Av7@PJMQ`{4+qK^V{H;k? zxP~!J-&u?Y4U2s7_VoI+^$)J*H`H6Ms=R|;7Mh1SrfM)xbkZmNno0Fhm#rudloxd3 z6H>32j_5k{Z^OHn1OxSgR0P{Xua||H>ZQU3>dZO#~)A zUs!ME8Q+}a?;hZU?&tyrl)9T8_s?@RWAR1f6KQFlz5)KJ6CbL18H#)zN~bIHa8Ro^ z+L+%U0B{NYs$^es%uCzgj%467Njaluq-y zijBV(3Vc+Amz}OWnVx_!D=|0ur1(R{oBTG0>DG%qm>ZSiB>Y}S;I-07Zq7@jc8AZ7 zV%5J>P-5Ub?34PQVhp7cNa&)p091P_LJ-QMFJ}Uk4Wy%ObS$8gW9b|*R?c_%4heVL z^PseOERGE0iZ%eMdNBjveoK#m^U&+3>1UP z)e5eHP)T(RsZ+1#c zgt5KBisjiuO8iBv^ZSZ*FZcuQ50m z1}PEPCo@J5uu8%kX@rc4$sb_J&6@s=>@-z>T88H*1U3w7{CK3_D1TcC+i1f?A6h@^ zWhv$a@5eSyowS3s_wsb+j#rlBnWH6l1>%7QNH=4DR{Hzu0I_8pj%6 z{W~L8z~>U)_#^n%{RqDQk!)!9f6Kf|GEzhTaHR0Vh%EFnm!FfG3v$09B!to(8f4B1 z(a#+6rk*(WWBY{Ia8(oWvLw6T?&|W;sdGY*(vKqt<}j5yjMfsAyLsivD?p4h&iPa6 z|A-a5&!`N7x#CiTdSG6UqUfGbkIfHOUE+>dNx7>ll{ss9r(Q5>$O|m5t~7aG!P=OS zZk~lankq1HOoQkGVHWR3?<$x02eDJepr(BQjU zX{$tWy(kV_9LYgx&1M9D36AW8)PsB#OrlnNiRWPI2ufr#n3$Y)_m4t1p;w7j5NjkC zpDCHys{+cs(S@#{MAjG$T72A8#CuM(WEw+<=P$hKn`<{ssIM7u7TEDE9K-aw8n{yA zEp85+XrRvN1bQ7yc+Py1vY;bo!btTMBblI>w6l#O=%aEL_DuTb47y#4N(NQ(-eBvU zBNon`TD$YrW&Gyw{oFF>bxGxSsa7lO+;27>;FfDcr$!=Hp%A@)l@!F=rA4HF4qp1F z{qmo{fsQ{1Z)jm_Y+-Bm51ltBu|f7n<_~?A^a)cM0ubV1$hS5z5WtOG{M^^>Uu+2S zsYS5(QTb()Q34UHpI*PNzqs@ks`)PkF66=Q22jaEoP(w9dFjyAt8h8$s>cf~_%SPl zB;qBsRF)wkSkNS?RD)bmjDK+s31l#a)hs#V%S~|8p`$XSj-}I~1AtMT?@FuGYzzQ* z``jAhH`&So(@}WGFpdwUG8d3FU=G*^w(7sb0WhN#`($;#E%SRK=guXcPPB|bN9Uz zFYJ#9EQ($9IP6xebpfhZBNxln0kx&+nwPJ3GU#`~41tZ@F8bd^F)`FIF1lo!g%RAh z*^w9du0-P<7466RpNS9>3z`zx&;@m~zF0}r=L13yCIdO_caVQQnd3Kgyj}zV0B&ml z0M`FN>~S)3w6J$}`giLP94n`dAEn3i4j(~N=8!eHM%&JIgoj1Nru{bi(w&;EJB$73 z50bHibOH>%tG3wprz>C}hr8D~*T%$4QXm){+GvhvS~sUugt&deFyn@{0g8n_wz2 zI!8eo#&zS55r{cmX`W$F)0ia*pFjO)?NRNuhp+W$J!7B!6W@XS7?UNz!!v&Eb?eC_3^7ss<3(KNtqPZJ39E`)W?)0|rR;rtoj8sIHt#o*h#ZMSX)N`JPKA_2Wje@*i zB8HUCkAQEm0?rUc!5<`ig3}mqF7Pie;9X5B?}m^4O|`YP7Rj-BL%{jDd-K-#Z{N^tjmuKoJ&N6U^nW>TB&Q>F^lu8nKCa(Qi76zP(e-@7HZ2&GnO|Czy3=y$=R9h+l|fF<+C%226Jgkq|2|X0Ye|k()UQmBb{AIwUcgL1QZ1 zYiBCNEhQV_O+N)xsu=Dv-|WnFVE*2fvlEEr~T!7 z@9N&PvxAM180z3pn34+!g|?uvyY4W(43<1i(L72UQyA;3lr_sW_gYSLMn#Q8d6CKo z>~f^ICv89Y=&vx6!}4-Hw`H7@QIsd=*U;Gdu%BEDKz9&ZPt|M-xFOcwCxAGQJ&IgRBQ0`L@sErCC1XAM zIBVhlHgiJCG#m_mK3} zGAt?4T?voD#T0p@Tq_v;I}htgk@FvK+1l3QXFC&m^d!1`i@4DO4@V2bu7>EVl$a}Q zz2*&+?ZnWk6zg%%<{~K4YK>^-iUfS-Fz4i8S?~7oBy!x{GW<_CGtyK{3q9Z~CTRv; zlD~u|q7XP>LI`+zP`=P`66kmg@UJ`?nSqM_?L6^i;9{+Pv1OR7uYE(;U17+h!6?e1 z8i21i0Y6mZDH&Q&74UBI+!tH!BD1}d(bAt?**F4d36v33^0RvT!0baP@vzt#`!jwf zLH1SAAz5HLUP7nQ)cAP}<-V+61@nNqyiAcAB@pW8B4HvXC<`3#z1N?d?97o5Ay`lo z9k@aWCQ?4)M(U@!e_aG5q(+GA{1|-v!=zhiC4r)~I{52F59Ttn=Q8?!(taMNz&g6w z;V@SALiQ^B${4B?PSSGRJ^EyV4vXXi<&mz)LmnH!1kX%Mp8p&O0gu}UF_MG#-%3f4 z`cX#tkl(^ass?tPD$QTfg3U8^ju%WbbjIwz#T=TN*2y zXvsf7@dLf2JB~|Vnf6L+6!$y_ezMC(w-Q+JJYkDGh7hPi*Y@77zMI)^zovWFoprBH zmQzfUbVr;7*~=x^(&N_#?&jneljGDYj!79>$4e(o0EG|ITC2K|K1+U*v<)reP!6nu z@ycYiG1l@=6hWue2BCO;%4&4P$zw)>Dv3Qo<@VpbpDio3x7UiXTq(Z=&5M8x7(9nJ zu2=Y`^v?5~`KC;aRw6op3_#;451|r=3y0n>{ELX0?fN^u8wB34KIK?8A{b!8%WmKo z*2Bz)_?BmX8Kzds?nz-+K@~&BGob^Mq4=4OIwzI+!kvopdeU+SyULa0V03;DVyt zsPX_g+tZ$=0VX^Mq^sdbSgf!=(yiM0vwB@qTgjmWainFe$zIseFnDKVCF-2VA%YEDxVA#?z3OsIFVjLIK~e z_SY$PY0sUZ<0z0=1=9O??<0p2ThKD(_~Cb5CC+TcJzD<3r-Q0eKW2*8`>d*|e6(?YnCcL?O>W4j1uY;kjRZi^BD#VtV_Kln!H$IMV zp5i|}hn^=#e$^^V($(6hmL{y!osW@jYB9k1v&R${_>-bdnx#OE=ZOcCz;n>;q;49G z=-3W|u2EvnHA)M;F*x{xawV>)6-P1uop?qYsx+vEC{1A=MGoe5#Hl9%=Kk%@#l#I&+eEV1v=f!d`n`)v}Ftp`lXh!c8B9J&$5epOHy}rfO8^$j#&g5d4VAf#hz5{Ty z&S1#O0|Z)lO$p5n%c6uHlv_3r7aMA&jVDOfAQ#<@LPuR$&46Gek7@^BY^SwWUbFa~ zCkkTiBw0y4BO<3gpxsvC;#OS;<%(Dr$BQm{neKwUl~@akff;CWE`k3WFe?aOo-R@w zN#>H)+k}Nd0n&@bui)4F(}r@JeVUEFyET^wM3sHkfO=(|A{CiN^ z8L*f`9V|$-(qLfCX>_~Q(%-{Vk44>;mmQ#I!L)jDaDcPQ~T~h9S)3$jsGW zM+ha}>UM~&sP&dI1X0RLx0N$~XK&j)$=w+m`o)!_4=IbCh*ws092QcH?IDxRm`n3% zchKvfVp*H0bh!9l8p3_^FX;y)J9~OTIo0Pz0oJg0FTz?H787^#dx{Q>ilv!yduXp! z6D_LYPOfLsN_gvMfI-aUf=i795hg8kaMeR&6?eD={re`33R9(}3yRoSce(%^e&BP( zF2}Fv9#p19(z(dVckYQL(7%A)s9Z-OSIu7Me&;5N{dsOF9~dOv)pn1*v<5^A9YA#% zi7rqnG-h`cEy;#RNFfSa6kfY8bYJLtr4eUKItqL(CR{F`b}`AB*@F|APOm{C|E?E& z>&x`9<)Zb(CLIia`2abXdl`VAt)C5RpziP?yyMQ&%N*W$Ub3Z6bXBbNF|a`F>{mkxlEx&S6i18N==-;%NV@DUyPZXwo*Gx%g+} z8?=U}$-U}P%tSFZjcSJ>{k6(oo)tC>T8AZE&b4JB9e;cb#B#bFxQ95=4o@%kW(X-{ zf?2oC#fn{;dA-t>#zAo6*<4BoI-8<$aW0md@@bNyRI{r2y^55p1heI^JcNZ8<5m8e zAVG)pipX9kYf2%F;YysA@{p;jVkISA$@5ThQ5e=1nPWpoALtFvu&@0+=i{p)$!SyN zbQq66kTZoJ$Eu%MfzY|mcyC59BC7?NfInS0O*L?hFWMuFVS0WQnlN0bCZcMjaE76B zazSmbO5>|~l{bI0BA$Q_+yB z@!=yPPm3?7bmW0=1&xcgpDijelvq|Zyyw2VEOW`kx$@zFbCjmWhPpc`>m5oat)6nq z_C%@jBjd>LNDxaj^7ujeXw z5s1(pVl+QH_M#`!866uPbl|ri< zAlvran4=Y`buDN3&6rCBFVfz3v=^h)r;Z0?!?5Jt<+wU21oqqn0@muiG;2U+JBsRG zpFrzryJLkQN*4p9hJ4>K;P^m(q9~Zgbtd({sRGT6?76eVWyP(mF#8M-6me=4c`3(Z zPwEN}i=&Zlrg7pzSb9V9*TI>cKW^iDHw8QXibpuR^kmTW;ibK!$lj2ll;V>VAqG?F zi+tcBtSW^7STnkkB2PFz*304+`ClVL*mlntQKB$OI8bsL&wH`Gsht=ndIyK2y&n6* z7Z6&467^iGzrtTG*V_)$sDq)e~;MOy}7)~ zA9dpqIVJ{q9e@N6vNLoo5scsT{z4-Q@>0+gqPphrQ)=z$!u}TWOrvp{u{aR2J-wla zym^An)*!B!!sVJK#S8mZtw1TdFFkK!YTEwZR5=0LUsjHf+^U52(CP5Lm zAxP<^3f##Fp$j>x*85vSkLk@2qD_{`FzQzR_l{J6Zm7=D)l6cn_hduMEuKP~RlvPy zrIFd`g|Lo~C-^ycBm_Mz6(AL+R}gs~F=pGd63^>0Ew_?GGoE@m+A@)Hc|r4`QON>> z!S-9HEV^BkkEHhEpioewH-WFGNU05PXU@Z0tSmO|eZuP=UfM6S+i?)^ic$W%uvd?4 zXy1E*k28EHYiQ^BF$+!R_5JPy`0MNzod$1Kn2i&e9RvG(@?yKNn?6v{73eeou^i(eCc#``@tC81rglr5~|s z<43Ie8NK@dbTf1^F>?GL;-y)M=f7~&t)Jn;Y{F32aFXIk0&FfI$l|M&7bvvYr1dn# znL6{ zn^dTQ1BySt4!jHaozQ4^H0HQdNo#=NxYas{=`WR;c<0&i=g3@}bl2=Y*r~d=+rZKH zIUNgdjun=-?H2=rcY-#BLMLML-7^ws4pJ345ic%3YG29^C-4!THqH{i8!ptZ?wxyV zKULq9Jj%^Q6tTh4dg2r*D(9=BrpArOe#fu~JZP)V4z2icy42p;`OooxnneDePLuzM zg6w2s>uh0bV*St0{I_>`heLxk`49Ye^&f(#|NP89!BeG4+n-_mF6R_~TcvC$N z$Zm}Ghd*cm3x_?a%e07*#uAj_2gf^|NF*Au8H?mVO}rYDTRD4E_N`e#+Q8>XLoAh< zUG~N))bjec(RA_>-H62wCFVOnz8Mt~u;B3U3y_)~GBZ*|POF#v=YmTl0;=hijG8Fs z4kRfsiRd5oF!T>*H()=^Y3ctkry8CAgid+?8#;~te}+!mSxIi+MvXI7{|TK&as5E2 zv`GIAo%Z|>bb9$;(CGpfUxz(6GH-pysU+B*!Su7i?QXRefd6u2mZylUlD_PG*O7-6 zv)j?13`8!sx$5m;i2D)|%$AaHkSbd*JIt*HJcY}a%o6n2>U0thHu0|7cUea*a~mKq z*EX{7cS+4A5H9VAA1%BJS%O-bMBJ_MiYHJ>3F@fd!@?VcQx;KpLD0eB&X?+ zbZ%5P|ETOHyt5kkp`5*h^2qthC--6KAaK%%x*rI6E3gh$$@u+m&?(n{L8qs=L8jkR zb7c@b2Inu|cK<52jxs~8?)+T4>K~T~uKy^r{Lk&RwKF!M`5*Aq=^u)CvntOI`HZjy z`@)9<0v-=u0sBXSKa@}@fE6OMg^MUhhmd(ZJ~@H#*6%uj(L|#Wxk{F7vg^R>ns@Br z-U-YbP+B#9pXjhRy?pL?D!I3PaDEAlfT0|eF5^Iw^nQ7?&{?~1Org;$;2of5u2AD1 z$>~`Pc|NA{MioFv5VF zsajaPnIIRG7@f7V9fBdISf1u)Az>6N=K-3V8N z!Snh|#pi+44x-^%RS48gKzM~Gno3c1PieHKYU_kGilGY=XlbT`OKc-8*(s8Yk;Dn( z{G)CvptNKfAY^z8-_r7Xn)y3qMDZD|z9(B2Ph1|*O-4_KjLLbctT$a2fLj3&C15ZG zZK_*!e7ZE@`rs&_Vh!Ju$RFoC1KqtkWw54K|G9XL%PeTy!n)nXnKPq;`v_V*Pv-nm zP745_)a6Tlrzqi6oInlVyjL}`3+e_4yLFZ9R-Tzy4_GY9MLcxD5O)^Q0ek28=lzb0 z*qeuh6MZkWPC(`#cI) z<4$2+ZfMi0$PdX+Fi{ke4{&xKhAxM3gF^6rm7p7#x?_8Dsd8e*i{DtI<=geFW#Ql2 zN3|sCZGJ!2J3~K>3ZDNzabs`i_xKZZsVlIC+39aB^B|b} zIGZ#X`==P|e!dR}@BgCgoq|M*qHN2wZQHhO-n4Dowr!g?ZQHhO+qjw8SyeCkb-jr0 zsQx?OJI=;hYmPbb%aZJZU7yjIVg`sH%B76@soKP?`z#Z-gEoW)z3m0Yph{qv1f}`y z)O10#7dR=Oj4!RyIT>|@m+sLu>2pCMD-0ny8K`Dgpbw+SMe7NE`@;JT$((#Ndku{< zN>nbpZ1GpMND{XHKzZ+fcu03wMq8s#s|ymqmC)`1fsn?L!4+c&QAPj>Hn&(r6be9! zFAK$HxwZlnZE2B_D4R!1O9W+y)~RH2UY;MRnj;@MTS}sWnlaA_L;V>t0aesQkp62h zyDm1HED!D=QNSd`Whsq1CBT%PC~6`p5X=q#@~GBN6=3gFu_uK!ij7T@>MJhB(z7msBTCi9!>RJ2{IXgn^;)V&p>c#xvp(@Np|9AwhB`w?|ZT z2vM>0D0OSrCQl2VRD1Uxe4Akb+-@YOQUTcb2Xv{g&TC=+%^g=$L80VG{4NlUr9HM- zQX%(Z*Z-Y0yaj78TN@bu1fm|vM3!|RcJI-QN4fzr-a-`a!#1E_+T8cGWh)1RYfmbLG`eObzH(^O6a?)FZ`weYN=$ zw$Rm}j#B|XU*g-GSMehPtwPa-yXVHpga>DCt?R+N2>z^_Ig4B8oKQE8>$E%_yCHkA ztMoGlKbP(IVMTPMMJK1)N%CH<{ak1(76D>1&m8pSlpaq3RPWlr+R0c!3FVrZD zcyG%@XmG_)=z`U?Fll4Ov{%YET}h0@iO^})Be#Su=y-u&E=U}En{BT9i671_<+MbX zO@$AJVAlu9Qn{mLK$F6Q!$XtEL27CPQ-HLlQr@6bYEW4NpM)jojT3V$H*Nw9sCEfC_n`Efr!ZM z_(rd%p(p<5U9m%Mz!m{|hhXoKjr4R*+{w^l-@s~|RUph&(*|(!AN#|QL%ut;Qg8L3N6$}exJuQ-?%WE-5S%W; z({y7xf*bcrufYxE1l6?{;AGU+?ce{wWmaADPM7}HSuCjkGYaSbeu)1+DV%Bb z-xHkyrU(7(mjZ(`hkIeuF9YCp=0!aV)vxWOVy;#YT_7n@pMU9%YcLddFdnsttY#l2 z;`jBAygxL8TgFKaIKYN7MvIdERNBQ*CCZixK0rs7ZVC}Sr-}%~oAMd1w};0f{H&15 zraWwr>@C(FUmMWZ&=||hi;KexG9Z)Y7~ZXBV*c0SIJUij&>=`mHKSc(JOLo(N?RA~ z4^F;;t-%1h$jpH%wN1-v{EE*!Mwgte#;%t>vsdi$M6H#-9Gz6Op}a6n=wXJ22yXLn~2t5NIb^ zrY_qqRe-&!x;X2k%()Fuz*9jY9A7m6K>Et?_5)Uoh+jZKP{}I_OUJgi`glnd=AHtW)0He9V?%h+d-R3>8q}|}nB+Iu6>jT$6U*|Ai44j*7#qd+- zSr_{f_4f=&GENUx%pyb`f_^+s@$SJP_`#FM$XS$a0Qf=cB&wX5KPzspFPP`3B|%GQ z8@x|ekrJnlY!+Rc-n>^UrB~Q@hn<>OvAgMAf>}=#Xc)IzRn3!=x&jvrmlqr{5JRHG zTdF#hd@^1(CjMr%EuxpV?M_sR8VYkks;Acs0W3p;ECaU5WXLlMuLg#ZFo|uaYAn%W5_T<%c+mFD6+!rekhiNgZd4Br?CUGd z$_=Z2py>ZcFE2c=TT% z_EC)GdcTk*y)X<~=F6t6Y624f!}Zcj>l6*xqGW!HG403ch0WuGdy_%Nj?MeukrDq@ zfsaRr8AJX)=dQy3XOPkV-uV9~WQ1#Fx7qUY>Hh^ja5jv!x3M0%xxKA@6_n*}Q%Ayj z(DZvUWDqUZBWNf}Qf1k#{`g8NB)+3P+ov`!`m-ju>+-~j$@kZ=~BAx<4oz(^#MB?pQDkoC*Lr1|edH=NOm zq{s3A-R=faKptjKF#P%@lgW}9#DlUc;3R|-5&#BN@{GjGxY`plP%>eFkU~R>kXg? z2!22*2}9wNM&`PJV0d}2Q>0y1cEU0PjlfEYfKD8K#Q_nN!kQlkn4}=lSKh+QU{pK{ z?%N%Q-~j{|Yr&+Ato!%%HKR@HyhtJ`X+VaW)_)W0v7yOCqiBAhd4y@kKvPx9VlsvL z-9n_ZRrSsL$0;(DxPOU6D6x>34?fF3__EQI8DV5R_0EO2B)3K0^ERY^W0gUD1mTbk ztrkO-)FW4+HxN4T?8mP4SpA(WEv=XzG^-7Ary7PDU892sK5-Atmg0=3|;|60w-fIh(BV%oW)pDz zS*S3I35b_66(DC~u=A@Vw5G`WX^<=1a(YJ~5w*$Yy<5v39b8BHUk=GFsaki8wWW<- z3>)j;sq?lLN~CL54;pN(l1!P^g z=Zrx;PoQ+NEzv;$T(p!o@q}dt?AwF(3DY8jF{WzHf^w97iLj4)Gr4_KY+;i=3mk)~ zJW%+{R5q_U#?e+m3R&PXl@tY&g9@b`tdS5apx$QzHZ3wUx0w;%g>ikbK^8j~+UhTc zRL+^6a&`i-pracQR>n)raFE3c{ix?d84^I`8gFiX1Cs2+X>8QJZWNUDhK%TVGBN#) zyX6^EdMLHouY33|Um3m=Ix9~vx)9ARo?AR%aR5xR#{LU^>FxoRE!Jo2=K@t(!--YCMn zX!7T|f<|EBmqJ1^jteo%(6_jqs`tS8|T4s(%qSSguoG zq7{~h$)VQCF`0B{n!G}*rdz!BHw3fcMhJGizH(h4~ zvuT9)eylm->gnq08Gg0#@qJlt_3_;Be(-V9cTR@0>wvrW@E7aq+v_7I{0 zNCxB?eRLKNzecl zM)e_#KSj71Te3aw1 zM|_6rtEY)wL`#@$3=y-Khmih^VAordeoLiX?<9=oZmNc5_*J4%nx8#$=7M}kzoBrt znN#x48o@B(_REl53@I7nZB3Q)UbhCAfADXV{Vlo z;DVaFS+>IY&^)gU!3Z6#v{CXq%?y9g8^}oiin1U3BBOu>)>IX%5A)2F;@l~E1RKM2 z1V0z1z+l*8d=8CHHR8}Ei>{}>vLH)#B|)SU$glJ2@8?KnYxjZdU|GSO4V_b*;JT7) zy6E_|%kY{@cBmjv|E1|oj?>mvycrQw*)-f)BGY{L8wt05OlGzs-qJiZs?=axNnlf} z9@Sf@z07~WMt=!>L~1mgPM)UO9=EQt(~#I&@8QmJq1L~@*9WW|GK=J?Ggn^Q(^FkP zah)R2s#3+z8@Ry^s&PsjkL0L>? zzk3qzsq8^LAtcM0PwHtc)R@wwXRFn#Cs%!~Cs44-N~Ix#MAxzD?;NvJM0+Z&*)fNe z+HkBala9%yTeW^vTnf0A;UdwAGj6KmbmedJ_*09|#?3W6X#6x}RQgbt}grA<)!kaZ6 z`8P^)w|6f*vrD{=Fh%~%K~s!40t=dG(}6o&h8Y@CVZ>;N}vAKZhRRsLSVy-J>YBPg<7#`Hff;3Li!pX zx9d*P)%>A1HH+)S7ddd;DV>#-1AbFba@l<~S3lUBwM0uuU$a^b7qOVVCT>uUtBw;n zs1X;A5ObfCFSz4+wbVYl!lq-B4hH>^9UD1Kzz;R5}YFORHd{OlsQi* zK_7bS@?s8;$+iV9sKg$cGuw}9kBbdEhp-6Rs1f_JHIkOd$*z=5io+!mE8$>IfnTFOC_LwepOGj=+;D3R50US6vVdNgIbA^W_L(W6rTEN|){5sV zbh0SG+3$D11hyFF$1B$vl5FnP(#&zGtLyoBLB{?Y@Xxy(3T^ieE$+rv-Y4xF8Q9&5@23Hl!pn~6T-)HgQ$wW9lO^iv$> zU1?CT%nVTkQNpLcfTKxKj8kmL#_pmV!S(DsUZ7ixOWAxA(d%^ZlWfQ@Z~K)8iv5_~ z=q~J{$Jx{O8#7vM4|)=C7kw{H?;Cmyi;Rk*bMIF4T8VG@^JQEKOUEB{KOoW!^_(#T zNZV-(p?+OJ&=I;niM#EK++9(IjpIZ0mHlK@$(ILi#OMMPCh+@#_A?>K=WUMI>b@cW zJM6w&3tST?(rHbw->4AhO~T8$YIN99uyvH}*E(tIR`M%^KD^6RiH5bW>+maM zur&l$>%0W!@bnDl=ix*VPA^pQkzp-Ii-&QfkI18L zu6#Bgwf#P>k?#xV%Zs%xdg`*>yAd$eUcMRxgUYFAHqR(wBy5T?_gE~}+W&&cVpZjx zejzdkb5zwf-sr|{hItd$&wrXCJ?R&wO9q2>f(u>GcD>!f)1Q-$4}08Lff610`(*7U z{2Lj~nk*AZl)gcPK;Yo|B5K*r#UVs5ys=NMAkp;wwev{Pk9u*DetL=tgW3L!+d+#z zBb8>oK*BZW3Me!%LrZ0(@vbKIu79V_YYEY+?xd4XFhS3VgKR242{J8f;NO#qW|Zcw z6sZ3bBm?H&pp5=75k;qk=D2Xds9iQX-iIync>(qF3tU_{Qw_ETBKPbI} zRR!0uRte?tj(zT7YIJtrDzJ#wyQ$gTr^(o1wc~w;soaqk4ek&i^Ommz!Eb)c-MgW} z4Nv*=7xm}!-6==%OSu`=4d=fovK=M%+p_m>4MYny_bd6d=rj9m2(M*I3mGbyC9=?Q zv1_x+m`G(HXLX;;X%Yu%H5U)!PBo6gDOFW8uA%=XD*mX?0k!p=*i=ZCD`4kBLPna zrKOo*$36&o!B=R6A(`rB8^N!eL>;~XzwmlNE<3@k*j3QI?Zpg6ya)3~e_JbR))&+? z-(^#StwJF5sT8dV)@-hy4f1GRLtA8u>pqrhN*t{_MIR3_Uu=-MlFv=^MAFE|X?B3o z2@l`1^;bpf18tum-y4mLjs81L<%^5UhGD<$C8dYDk4sAZ2r1Z+s*#ukoxCa z2?_bJT}$2%{C^*{1~i`A6a9)f)_$9d{}XSq|J6@4Ffy`pvHdUmlIn#2gw8^5L%zcb z+~*0%3R)B753s z$ETDk)JHn299KzjB4Shv)qY@+*EtXxW8R1ZkX)|XCcPWn&9FlAtd`26$t9daw}F+A z3Nr>r~==p zrF*_?^RxB{^0T;I+&l_P1XX z`U>Fj+s&DSn=cTU@7H>@3hO-ZkBy#Y85mEbnimY%>h`jruFn|~yvkP!%sZHkL!!NY zrJlnU&Q%Q;b7#?a05Kv2-oadin0r&R?ZRDRgBEqZ)4hs)j-z z6Mg@S=bD!mrDijUlPhPP3SB>ng!y<3)MqHldG*?->=7grFWI7AL58$k%2xWG7GMco z7JXJPVL@tB#|Co|0b@Y&e2CGr{O1(d?yk&Lk@Fo}J1HWj-8!9CM(0I_vXp3&&5#1S zoV{*=R3nrg99ZISmKK0|YNiSJJWoqY*|}NDdX|nOG|90L7{0U)gK>4{bPZ`w>N&mH z-TvY-UhzV6F4Bt69)pzc0Y_gDrFW6@Zk0>4?54QLRmweZt|WJrJ+ub|4lnBUThv}o z3(n)xGE^6I_F(FIEu2{fky4q|l!(Bh4N9MaC4c(+`DqeE3JDq@@7EG)dnWig`3Fj= zmDp>bO^(aHwKE{t1xmR?l2-yyvszSww6nQeJT~hzb*G+shKB7IiSHMDzNGI(I~W{# zJ?B)~h*Dpt^goT7A0cnJU4;;B>&-F(ezKYk;cjoTL9 zT1s`pb%1NUp&@SSOUE<52Lq%3)BHW(I?J2&R~`ZJ`vd(?($<}=f8zuGxA>|$S;20D z0bz7E;SG+wGG&aUq247Ycqy#HYjY{g<)X75-qIj@swbc5%x#wwk|dxBRS^`4@OyXm zwDZTK6E`ShaE!wQI);G95?S$B0qMJWAMiZ^q!_ZR3kF;(RWJBqyIY%3#*W~1WFBY8 z1cQ2Z0<5HAnab(!Z@=L*r1}1D)PNcCSlckJCsYDkgGLLDBf@0_fWz7syk;`sVw=TS z$$%@GWCf|@TEIv<4NU-BWF~KN^d4wO=jMmI5hnKAv<;IZ^Z2@IqI!yg9UrOP{%}BJ<*vx9|&2Qo^OfXJMzp;Q>l$Inz~+WKNh%0 z<;|CV8k`FbLfRbWmgT6k$51wr>$jnjWlbyzF52!`wrz*+KSjiC6@c;~Gg*RE zL4IlVI@5@`j-53^JWPv?d6m!t$+e>V2}QX3PF1`lwI_ppAAWYOturPh5z^gq3T$>C zQ4Xdp*SI^={Q(ah^+4F((>Pr8ylM}Mzw%mbXgQKKw%NUE(|hR~#? z@o)59eM0`=YR4~e-r?C9S@konD)F~X>l~ce&_R2)_1Zr|wdmCS{P!bF9fBGl^Y_NU zNBaM=33WBFb}@0Hb22hFu`!^tbh5L(R+E<7VnFEmkAR;NULo|FEd*s1m3dXsrm%_y z&m>4I`>Q2aca&?t+qFLp4tRA@{>WbbIsJF5 z?bv_#DSY^#^>#_Qb$54C&ytr9fRwcGQ#Dh{X~l&Lx!pv`^*>JjU83r#yafYh03Z$2&JA@e6u1FD7fOADesV1Rp%Wjf0d_^9ofM&&*Qe z{?72uFqT{{tO*&S2lu+w>TeIjgO#h0)$|OsReThvgL0|&T3Q|FX{dzAX znqf}(3XJlg*3)@0$(Ij#XL6tC=ke*1dOJz^eDdlyn}4=eQG>gRizl(x95- z@#>~&^R?vlCikF3n%oV)yK8fUL;J|2{M`%;Wu$rfYl8MDm0g(gYS<**-Qpmw5d)74tW}zw7T|Q5>L- zK^3v$XJ>8R7Mzw3K+ z-#2rMj0z}E20k1_+szaCXO0b1^Ia8_I!LJ_MM4|?6 zR+9>~L_K-`SO()?kdVt}NCf^(LEr2TnX^)`neCgiy)Km*jdA=lmHv7De(t~9{d>n! z=N?298pwM#Y|UpKV*dTcBj{C-5o;f?$o>c-*)_z%=Hj94Cf9ADt@!JQ;i&cCgSAn) z=;>JD^m7KE^8^0h_qTa<*`_Hi06+*5AOPY2tB~k_?QahQ8|!OcE2l%T*j=TRpE(n~ znOt5aEbdyZ?duh;mLwUItNR$Tb$G46jI@eKb`*-EVZ1xPapJ&px28!%$D^i+8B*4j z>mYOHELbsM`P(`#X-v5)lDYM_3;(!e*12c~RJ4ah-_OZAI~$%^^17p-Q>z9mlVQwv^_0erqubxOVs-<~(ct%Dx=4;nb$4Vk3-_D~I@+T@?vt193CSuBZhic^D;8Wa zW}@0DG*d*XsvdyTycIQ%nT-62cei z>L>;9#ga`R?5vw79{qFy-~gB!FG{&9mF~UXCjp?=auf4dI~~(e5<*@v)jx1eU+7A4 zFUS8TQcj1LBT5dN!vW8P!$a(X91z9x z@=Dw(@Pp7HphNmSo4Dhaks|j32x80&g*xmB$vtwbuf0G20HuM7Prs5~;rFr_;F;y? z31z1wX865^*>)Wl?m^oyL+!)?+jK4Fb5|Qwqn5o>$uKFA3<0CvlV^6WU?Z>FC7(1h zuo8~mRub`)6f_tqL(t?sigDVKq&@;Y**B9sYYY{ab5a3==uv?D&=AvNk?s>sPEuvm ztH1#PiVy+7*@IpL4bE-P6r^ca1&V#{Q;>}*V2Ao-cey0!jT#=djqs8Bfu}GXj9Lu! znt&75)miZ@S_%+k)_J6-I*`jE?L@r6@+esWoCoNX2S)fmUmW_2P~=0{Ak{I&9J-M2 z)T#UX@5fy;9DG9Q0CAh7D!bKOFfBbp&(_d(_$4V5_(rV%4#Ih94&H-lD=l^Yj2xQy z@J5>Z3H8K8-Lv|+$aFYsheSDAPf!G4{;i%8-P^`H=DzHb5wP;wO`OfV1%#YNuXEtn zsJ@6i`n^iN2??^UH%#ME~=}8 z<^bu~MZTx8@chR@9Ag|~L^-zqf;vzXR@z90V&eX$BOKV6$XW}~ZZS$oZap~T45UTP zN*lE)A=NQ|AXDi091DJdD8Z>6NH&@ZT-8%nARkizFHhxG1-%a^OLSQ`ObB zZl*|}`kN6hG>$OF>L@x6G|;^%9&7biID(e+p39IL&D$5x`wrAhIlWO~_vTs| z?Y@D#EgWP#4dhBbM^mm?+!whEn0DoVP%3$Ff z=+CH^f@*%lFx~hT8Q|j$dI?SvZm;b?Lgo*-_yyS>aE4K(7teOzz^y5b^#O;8CKr+j z=MSt7T_*>!pbGmylTI$G0V+z{7I4zq2%02%W8F333{M-#`)Q`KR1c05Yi*d!LqeFPrV#en?2;3x5d-aIZ4B6P^->1=1AZO*Ly{?2&N^bb>kx zSA}Yu2-s_<7 zsga9oLpzoMRR+1iwTJwN4cs2DCaWV5f7syH_|}Cf2|LuIqP|XUjUN~*NIPe=w#O!< zId#WhqYJxc{tL*Gv>Q6!1R}WA0GS30?m0Q@=<4~LeaijI{|*DT?oHn>`lgtzK&KwY z&hWI2;xrrH5Vb}tE%^XZPsPncrw-G4;(cPD;e#`pHLV{^b%OX;*64P?uB#K`EOogt za%ZzMtH81QJtN;Z^c)ak=x13n056|Hstwf$ z*(BQ+Vm}zSMcyd(s5r_dkgLDDRCJLnEfY?fY8#XW0*Rc*;hSn$qosiD*yt!8K_Guk zxDbd$F8uC-D`XuAQMGLRk{bi+riDPofkSHn4k)ojQ_amV?+(l1CSK6+0timG6Nl+$ z>78e9#Doc&WI2<3#yq6cKkuN&=l$^MbJ6ZCT*Dr{>W?fm|!x((!p`uWmEKw>U@pLp3Cn{nMwPIsIcIdw9W(p58s|1t2U zF_2?aYzEYq@p>WUAXWijBPxBnXpih*2x+uI5D?fSZX>756CEz#cHIK2`A*^gGH;vQFaxAdc^Jegly{|@Jep-XpB*xBA$Od&oP ze(g*{R^GtC0h*i0dyCp)%1X7hb`K=W$vv1`1mx$-GWGIEn?YQtwtAa(0s@zrt}_>> z8M-0-gSCLrk)+>P!2yC6Nk2}S^z^t#r7cS*q*J3{lDVHi;0BC%chKFkZw9)(1X)UW zHX@ZiZ1vG1&|rWEyApUatlSulU`|~v-_J)}AVj;$@WOceNvwvM`-WEw_~j$n%pA<{ zaAb>wP+nV%}fzbH8&#&DSf zRv|NiIPFJZYXDQ27|Z!z)OO3B4oo&pY7deE-GwqQ|H{6n@k^-zuR;DD;5{B0#q=O{ z>AJ#H53G7S4`B7(1{03ChTMR4Rm*&(ojOE{Zx*ePHFn(9Xb&=*f!N%~Ftk?6R>z-eL&(GZKH5-Q$whLmpV^8CqlF>zPOvj;jpezhrFiuhSp%p*8fzm->-QKk?KVIXu ze|8^2OdytFg}Nd+;*hURlUnP+?yD4Z0C^⪚D-;xGN#uL9UEMrh1=5frpLFqpdOsx6v>o5r6yM6>(kVqkb-BJ9;nV3{WaI+Xb*>z^B>Im_AL0SJapof4`^;A(!I ztn%6LAmSBt&PUa$HgI>NyH3jCW|w=~iGhf$N_{GW&x7BR#5wF|Mo ztB44E)lhHkZP+SqR(Tz)?jgPw7n60h!5Tf%E3^a&yOJ$$37TGTzI{vAj?MuD)Qmn{ zY@|Ye0K2U{h{gJvWzq}sbcZ6k*#3%1dZz@?qN!EPbXau25018i=KI}XJqG;Z2S9>K`Q}V1#dh*L<_Jb;r#w^lNJSk~O*k49 znRkZZ8)8=>5CRe>S5jS+pV|@jzA>8`2aI0cYZ15Xj;DvZOa8(Vjm#gcZ&Vv;l~3&$eCdVphhVfI%g~lIWV6AY56ON$aIx ze&|;==<`uE1W=KFWMX+^|1%~(sAQ3qFj7E2l_x9Ik$!sXY8p*%Diuah-s|4As(x%nm; z!V7BTpbCi3(&235H0*Kt?s6`W9+I$OMfV{wUe&S^$J){$yo>SMSHe&$7@+k$l1v-f zAl^=Xg{n)XXJ*mcfnBFa4(?B}I~+hc=^^cuwI%KXuUN4h#TeE_G+tm2>Xix zbDqM*ye1qRJeyd;VoGm#hvmfNVB=n(NXWbi;RoqbE?L-U&v=T~nt;LP%esBb<5=pP|o1(CwijsNG z+u|*Y1lzN_O_@_dc2bsOFi|^7F&$43Bph3aih;kbmn3KnGW$j2S)q0iW3fniAMFkJ zS$bnU18+Q^J<_vaF9U3}g_-t6oW%bcq;q8lbU#Nl-V?C-JgH#EFygZ{N6KQ8ml*wF z`x6m+v_+lf1#V5BzCY{UGPOR#6bcL&BM4-1;EV0CTiXO&8ecVh?RNi%4RCn`-7W5jN^0Y zvmokbfp9H$+DrVxz#@AS0tE)J31EC1EyJ8&{sC~4k}Ol7z9A{Q*_bphOTKG;r}04S zGm-`@>r;7(n#IgnBVIy51*xNTLA_{_sJ%dIymgBQ&r@_P>}uD+U#D)8@cE(O8&IXE z2B;@W7LVHB&Ii#o=aoAwNFHeH45bwWAnm5!XG=Sh_#_C6;KH>~t-bRy?^4Ju9ngEN zgVd)iJpqo&L`ryoL_~7_e4*9Rqg-oqF0Z+FDtJh?+|JP07xA_t!>g$>oT(WjRL|;b zH>>%XMB>lo$^|dHi(OQzSvisk4*HKur z=U^uI3}RV;t|%0e`wq|YRP1OwFxhD7sV_4@mf!)@yzX~NH*C-mECC5eNzmh!MrM(D z|A0dh4{!%B^Tx~KR0aCO+}~HT-T=+@6er0;egU{$Qx(`lLe}3 zTIM#--%J5)B>v=X9DGR$WTeKyjg5`9C)Y!mgibipOtQGEdX0WbcoUc-M#>mrlkO_I z;+7S%)zx;b6BRI|r?VNl*oMOvJ`m*mCl+o%-jFtzFrEuG0d7#-W^Y9U)N?=kcYOh*b7kRgkH%GMqtcvc3K@$z%w9R|Ai z!l}~1{yx(x+rl6X4#$j&et18b!UAoivMhn_E%K}K-W|krdet?~+<@9X2|HQ)QHWqu z`%PEDo)=-p0w*#~3#KXNFtc%A>)p} zEGV$1`&~B{Lk3v@f(dSWAU}8gzB(7vx9EGCqtQ(78AtsnwWj#NtEAUMuTXK~_cOp$ zYk)34R94^2Byz~4jG4!nv9F|(bDp&?eG0xRAHN>97+vpueZoX7`Gcg>JLyK5+S>OQjR;V0OW!1-HGK|9Dh z(t{6)EItKsFTCtxYPNR}UBl7ryDRmr7)6&}Zo{x@#9HlR*MND@v*w#QyHN4n5i>Xn z>w%a4pgWP>iYh56IRFk01SA%z7*E{%bPz1NvsTgvq7EIL2eL!9p=61dONb3z5qTfZI3dOv~}#I=4p@31SwR&LTa=rmjkQS>oW?GQxhD;{eM} zyx+S3mQjc@)Y$;N7h%~eOeKKyS))m;8HprWgBM6p|F=cPVe2^x<8j7JYF8vsMGsm{IrYnYVQ6Lc3g} zn}k>p!!x4*U4y4yj7=I@#!J~6JD98UI%0& zw48#m*DkQ0SCgmI+e5reYah$);h7FmN>6@nufmi@glhes^0?5X&zE>9G+gpc$qfws zel(`@4U`h;n=)Cdsy^hks5(}HQMzNf`Nbhzop7}929WRh>waB8h>i@{R3a1$pUdIq z0Uz}eB4G+E8l(gBaj%ug24}O64AAI|w)sRNqpM>3No!yOCZp zT1?{`oQPH0fFZ9uD7-+dyevPIk^Pdmrm7~q;88n(rHl9VN6Jb9tT4pBFoUJ7B{VOr zyLs}qt7C+8CS;8HY?xy(SuvwWxYCN^voV9JtGz2U(=HNky{0cTBX&!4i5PY5uD~-9 z3R?%nTF8DXiOjvExzR?qM>V~=2@oQ!CKJHTf zkWAS}2!@^;R;e2ezF0FX{yDs+?OMceU*z+8fD4# z>nM=B)^ZGT#(EE=u=IA!2}Mh7*M6ZgDm7cmPP_<(f7VsS%wdfbh;QNnc6Fq(BjL+( z=~*^VilNfiiIiR2)Vlg>VSo0n@G*281g}pBQW}KaSIo$hwMxLC=(28LQNV2w#lSpk zPYV?ew%A8KoVXS)T-y5JRd+0Ao#cfDuoTtAn-Og+_}}6BfO>L#YeqQEx{LY>2MUjs zSE#o}Wc=DuL1VmC6}rQ9n%NF8)C;<5wA%Ty3~*5$83xN2>r_{CzvqHL!k*N_(e!tf z>JN+Y{4B1o#F$0@d_^<1J(yjq?EOz0drJuaM)U#B&C?14MnsX_;e2PedZxHm260U1Eq#NoeAt44Uk2p45}$%RGE zf>8xyrqqI|P{q2^6zRkdQdg==M`|H(Y1&I&6J{J@Kav(1}+|kkI8f z0D*F^Ny`;AZ%>A-iFE>dL}?VUxh{cvl~GY}G;8A=PcA@NiuVzY$W4iEmmuiFtItAI zM&ERHntwa}{*B+7zA2_GG8+gHC2I4MaPYuH3ZvQ& zl^(n>In(6hF@4^}=inhEwnw)rq_)s%x7xyY(5WgUPsSzUofVKU^Tqc4{=2 z5!g2PL|ftBgp@Hm`A3fkH?A_Qp#GT+p;h-KREZov^}I9eX?CCm73dgE){^-c zPmER$fl|kP#xrx{p@Eas-l>i{A}cl)qJz75vihWl^=Ov;S>Cp~Klz<5-4Yf(*`Q6d z%695ORMA#^uv)%??Ni;KVqw)L&Y0YHN1j7V{`=dJFQ<|g`3&&c%SEqWq!xAOch(p> zlqa{QF!|Z`jOd*KQJcVcX*7z{kZC)G;+-pDl56+*5uo~S7<*4WiS5;Bsf zK7O-W0DzMe&fT_nhO_A&`J7I!PGsm2?R)$Vem}w;HW@Kxl!`{AjRNW&1Z^xD39FBW z@+~(9h|MI9jMOAt>JrrMd5vgx+12*8x7DLXZJYqbJyIGm!@n)wE+P{)2Lo#3kZgvc z=rz{lzB(|P)XTY<79og)^<1l8Y6u*x&D+=CbxG;PI#gdGKWEJ?I*istuyk7B`Ft1z%`!!u(5|t74I{ zX*hJy)PoSDaD*puc)gj}Tz)^k1*+w0|OQ=p+d=CDt?yYd|(X5B(%SRj-O2$aKU zGD4PC%_rzZMIZp$y5lWrb24R)vi@3BaOy#tl%_KWuk#=u}+X7dJ#PIvWwsq39Dh{7Sb_1Np)`qkw?t|TOCrm*nN7k z89Yi}SSr_I4c&TwyIL%o0-y{@&FhAI!H*wMf?BK6PE{mx>gH9pdP9}G_Br^UVnDM) zfvyy~Eq+1ElC03cYmL_btF4!dq^LB=5RHg3r->$%D87c*=GrN;l-_vBjtnLm=>RLv5a=D+*VTxX;E1%Don_@?-6uA}j1+YQUdsns7D zKj~rRG^4C^yGhAkUX2P{+qnCxIlZJgDCKgHbLPc5=P@&4Drd}!y}I+kTzU7;yBp|6 z-#6UfeY++qz3;@)pM28|BL9X@Pna30(>QP_<8yJ-D#OKBt~lEr3$GY+Fed16d=kUk*wY{fjS(`DD6Zb^O9V!KT0$s~6MO-0{U zVaJp`n=F<;9{cK-k?k&%zpPJ(tIzAMd~H2{#rw$v&Mp(FT$)vQQ!cQt<}Aq>GapC= zW}g+?KEEi-M7~XS&Gx+(BFs!TC+2)t1)G(v^Mze2tDgK&{y0cyU!Ca0d#Y*5(e)y0 zT?&^ayC&}sv%V3&PJ6`j>b(o1?`Dc-uLBjX~h$I!|emlQ%t=qn593B zHmiNFa}GP&Crqp5xusTf(A$QyhlVZ)e{g7M^BMbR3wke#e6^tWYmuZ$j|{I}C^|C0 z_)m(#qa6m1s=uF-jw+R@oX|4uk>$9Iwjrz9^}>9QJv?HaG3}>oNY=v}M@ubs-O6d1 zs2g_oF83eJBYVn+A~U5=BkXGC+W(HcqZjXW`s6dk^SdtD_&s|g z?R>Yb@Z({nA!*jH`pD=E7V}#uG&xJgeC#aqI=44r^MZU`uQ@V>!`j2<)T{hl*6)eX z?X$@i=XNd+*0ksYr4|@BMnjZiLLHW`uR<( zcZyStpWln=@Nvu~U(wdHKYR}E*l7Q!ti-4|N;2t(p>#`odGl{IzXms%>Xxad>fZ+o(OCTLzmSBhq1saxR?8NL=1jYqm&xh9gD(8-yE-zE_Pf4y-7#6?t(lq1^X6SF z(Tx5zCrIg@;tIEI9;$PDS%t?*=xwXDlhdvnck;oFz`NguYV57PJnzND2Kv14D`Sqa z-Wf0V^(_p{ER$QTe{S#PQP)>~mrcyhw%Fe=Qu~BL^x(KbPuDEnFl>0%#&gBmBd=}g z7p@uQFl_10g#$Ny`F{PohNzRtw2^xmyA3MmnU|ekJaS(}(1zfqriaqoS5C{488M-) z?9r$j#cduv0xgQr@)mNI6TEO~Qw>QphsS|?YPh-#C0Yo80{ z`YMJ{S$1OLv;JFIc*65Qt#(*ivZ?hGqmSv67Z>d^E#LOY zG&A*t%C?sB^Di{^`7L9`p1AT@a?4>2nLghgtfs#l5L-QO`SA;@LMnTY+g@X8uKIPJ z-3496u{oB;tRZbSgPv;T%bL{c3r!lABO21$Ztniua9~wrQ2+ddOLk%V&hPnZFB)Ez zoAGPGl7pMfjE0=cnIfMzR$OLN)`vZDx-+YHzOY}{Zr1FuIL`j6$)ut?wu&W|d8Vq> z^;H@#)khbZWuNj2n!mbC%I3bd%kE6Ye8VY98{3A(&$_mxnC_t%oUZ#UC_4Rs-loqc`9<~n%KK_u zxzPK!YF=~U+V6u?N)#Gh=Wf=2SUYUp`}P$n4z7t?neuZq$cP?oJif*7JjWi?cWFeI~qTfMuoK$2V4M^!?%oY6Pn_e3dm!y6$%}$Zfy(`imtS z`IX!Jwd0L{@WO8cWGx+J;LiW>$QO@wJam zbUaY{apHk-i|UKwSeJ@_s~a=*vh9vVIF8DE@vOuvFj#NbFqgp6xLd)+yCuBJZZf9# zw_A6)Hfwu^MQMuWy_1EnU#6|Rn-dZ?YW<&8!-_r|8}uu_C2O!aLGz-@tcTu@o{rmf zwg0Q)Wg|+i7s@Cf|Mc!&@Aij9ALJCC7z{o?Fi9*x`=wLjqGrjh*XB;o$g#Sb60^bc z=qAUjxq6x*!!JKRdwCOrLUzo=*L z0<(`?6qjI$y&Bo)`MQ{k^n%?>Ok$>-%Z`jLJ-x3W&^#b*qhtO_v0-18O8b`A{}}pr z)Ae7MKHT1{9MtD(-p7>t8>U}T*&4iX-M8ZXhh3LOO>5os^q%s-M2TsRvc6Uo<~b8L zJ8YHsVwJvFLZ`UdEH|)sYjrqXuD8<2DL3y&yJ+ju4ce@))mj&99>Dyjf7g_mdW~q3kdc>N6t79x1gVN$6rraO@ zt#7Qv4hL=5FAtx*kxQ#H&DiOl{h;>{Srz94E7v+Jx@7%qN!dAI=#MkaRHhySFEEc%>NE8jESbujJkWHpBL zvG}2R&!?o+#mf(J_+E5J=*XJY@&`w^*Z)vY6UiO*DB5IM#-?Yz#=BNKNXXndo2)kD zezC4gv)PK=x>EnLIWMY=Y}VL%?U-W}bjIBJ@HClK>M@i0e_Udlyr-f-_Tg-wFxP>5 z{8F!P9wYAOxWAHVwNH81OytX5CICaDy|$h|P=;(OC8>Br=Z zFEv!YoY`LF_`Ur6eq$G%#&?4vSHgeFjo-bQ|76A4-A&*2ToZetw=__8y@{^o{d1dN zN~VWgE1XawEjnaS*1ou7&n^}07(MdE%U>6q{~8~^GNZArR(Xusy2fz#*-I;9|9rJn znO*gB{hx-pA1?_TOR|&F|cbb6y@lxv{ZDsq+4hv;#BtJh*Q<;ZsqrSXGts>G;?8KPE~Hna*HH?zD+$ zkV=W1W2I*Ay!|cHe%tDEQj?NKN?0beH%#~ZF-z70Ggyoel zPt*t9KIO4STHeCx@+oDbK~~Ar9aSd3G1b^U@2}L_wD(8nzb_I!e9m3zluSm@*$_r+ zZIjdc+|ri~J5!X4jPLw-qjeyP<$tx*X2*-9RiUdlC;Yrvtf_l+K}o~AF$=!>rAG8o z9kSKOwjn(}V$PStYQHiD=}J~7HJ|=l5c@@Tky`DHb51)9idOuZ;~s7kWnOzpVMU$p zT7@j_{w0r_bXEqJMm~~nk{#81<&{hTnMf;rnwMeeGEIr=; zd8)M6mYl8UHBQW2V7^yWZ9v>2@df2G!n15*N+tR>d{WF=GEAv-?3e6t%gWDzgN37< zD+e5!xXEq1&Y)_!Ev|Wb2X%^y^B;T)S8-1%lAB;vX)kqpPhMKt=g*Zho*qBpFsSjA z(%?IZCuGEI3OL_0GYI($>dCgSKZGFc75*e;990xvPQK<@vwVMQ;GFbYlWqEQ&w)uR6AVt z%pmAh)h)Htu2VCHxUGKq_`477r%zzpD{+Y>Qj4!!|M7jVy5Cw@IJC9E^}a@i>wWuA z^3l;ZAIVR48lq70Nd9?}cI|ABS*Kd==2zxO4UaO2KPuF;@$Ts7?z9X8>C;MCat~rk zXKwRf7W!jwLg-z;%5|StUH;K_C(3eCV(xx1m45pYCXN@6lh^AzS!k^9s1f7y)?4?n z3M{oqJL)!U(a0@hgXY`WJ*t~8a^%@YR*CnQnKI3XoUa|*I^pM(zI&_B1kS6l9yuUa zdT+0|R0D%!mxVK@4qUze_}k_;(}YSRq?Ld7T9{DEC>*;*UVKbYzZz=TWQ{uU*E8N$mWl-mY-Yex7=>V-oGr=ONJ%`1=;w^ zfp&`8@0|e`fy&`3h6?;&>=F9k-~7VdJc9!~Lp?*ZJm?`lZY+ARhmN+7C)1zd9l#3q zTM4nvS1h6z0OlX~QAV)84kW=g_Mr!dYBS+(3%8;1HSl2^Ff;%RMZucj zl}m(%;$T?Gdly*uS1v1dT1KM*4$U2I$q<6MW0r-$JD1tr+8qgdu{Qo-NSS<){5?a1 z8SdC^ui&Mg!5qMNyx6|Yy7LKOLZQvrN6fGXkC%GEfO$lbwWR3TV89oKnAFE9Iypu| z;PP?jb?;2V(_pYQnhh6>%Yqa!2Y0h3T>R=$>jFL82%EKO%CN~(ph@Q4sDfeo?ip1`AR*Pukc~e_0F^3G zp~F>Fw}({R-&o~#gGc0h0}>8O zOCLM4!eVvJr%gXNyKJKRZAQGNUId}brmIE}U6`0WOmt4r7g%#k%@b;$@&x1;%>6$c1E^otFf;pC>0p}d} zLi1Ur_UkrU9D~_sKbVfazXW^m;XrfYi|rX68cf&nrw1^+JVQe9Z**{vH^(g9^PgZy z7>aX`w>DS41n?>BV9yX@;5jvw(Zyi(1n>;Z%^eSJ`FKyhz_62E#tQZeWHA};#G!e4 z!id{D0X`lkvC#;;xes4>(uG=Ms#Yn6IvR|I1c<|Ebw9qSWJ~fXu@QFr!Ns>AZ%09C z0sKKp7GKF2<^>x7UDd7q?}GS(lBUD&^VjNahxT8F0gt`y1bgsKiwdKJ$}8Edn3{XX z9l+JWxnpqbPH^XNzTh11RN)Tc;D)yeD@nO$GV|iW2zlsp6vJ!>5e7d2NxIVxJZBM3K`|)kMne&RiNpZzEPv>$ zZkzfqQ^H<-fZu0AgGO}X;0_7kiNiw`N)Nmqrw4F0*jPg#Gg1lL)@d4%2!wA?ZN6`R z?*(#?mOC!iV4%2>1JijSQc4-wCgSeD0MWr2OP%iTG?6@SbS*escLo~F9KgL$wo*iN zp?i5T;I&^2c#RH0k~ew%(X|l}ab^%MY=H;&!SA!wOm=an2h!abOj3%d6%Wr~t4}yg zkm&4NdXXXpCUp?YIS%*aTBiYcIn0tM__50r!5RK^Z(`>txm*mJ0?vsBaM=5GJh*f8 zuTll?%q0k1zbC(La1&tu2j-)u=Ut1g)$yMQ8i0NtP1 zE%VcMZYYGweGo{1s9Q>lC}QL59--y6=Rd^#1-Hb5^(gw2J5y+1E`3y*4P`_K;r-&aG${_AjW~ix|FW7Ah_-O9Atb!u; zGJ0?Tq_T-9gojmx(}(r!!pb8pocP80o`TZ)D@C>8DRKA*a4%v$rU|7he;hd5*L4ZFoO=l6u}slZvURK1DG~Qax;y5-V-KP zfH#YnX_ncr!E=GB2--9m0vLPnxoB`zPnfX8hNwkeFSI=KfoGTu_fGt3O%HeiSs|g= zZi<+!%=X(+XCM=Y0Boh$h%XynDlBTLP&94_e#8+<1bAsS>X9S`37%ugsJrR0R2U*f~N zpP~?woRFs@y+;}5KI%iGIYMx#A!bY?#o(o0Elyf;9`jTL{Ge%~tty#K`1YU42q6~0 z2R~w+Uk#JwIWTi1V&WfC$p0N1E_Ejqj25&jKYRU0-Rd!9V1dDq`UFRGOWq3{rd`&A=8l4q345%L z2M;#IvHY;yd1^|+?YCQ}0&h&=kUB2A2VA=Mm5nCY- zV8M0<)#6g=gjn1f*wJkp?f*9@;V+P;bUuUNPuC4Xv;ew0D@1FYwx0Gl9c^z$s85(1 z$NC4NC>H{|Nu6Vy1OZd^y_l?J=(Y#L$}hZCvIxAc2`)m{(tCWdn2dl>Ehw4kp6Fo6 zhQeFp-@U;=LCihk_6bml(#M=T~lE>S;9$Tohv!3=2+& z6G?I1U5*NugEyfVoyu8P=yV4_g-df{00Q9>YYe$?xsoRiiExQQ>KvTljg<&u+jjNN zaKwF_4a+m9e^6DB$XlWv0cs!Ke_bJL1Ae)43zs9d@IoZq8(=1OTGjCf+eAF#M<3z^ z*p--e^#^WZ^qK0#70}=xklc<(8tqFFk%w@JnM^KRZaPBEWS+t$MnNuII%ZR(AQmn$ za5K^7Z^OVr%VA53W@pn*Q3NLzE-`TZboh`2%s4gx&X#iUkUM;aDmbxliJ_AVm+BWN zq7w_37&y6bNxw)DoKU#Lu+^N;EmQ>I@~k|!TeL1y#3m6gF?4d_a%TZmbYkHWLnjw5 z-xN|rClxL+d~)GZtcW5$p>T;|lM9!VN-1KK36~f==j_Ffc6|0~xi-xDTc;Sysa7cL(^=m`^%aEbAd3zyMP zdcZ?2Tw-M8!e#379*_|VmlzMZa5=ZC2Rs~c&MjPGY~;e_>Ka~bgu-R_yllw-1}c_~ zYt|A%c5L#x4MNUjmz|*C3z|DG7#>;Kx(IohQ(#67{0#3j3`b0O!^1En;iyUB?%Y-$q8I(?Wb&vwO<}kV1ky3PDSvfJPx(Mo-foQwQbINk8m9 z+8BaQ=Rl%_?%X9C_`9IfX!1NdWYW&bOvt0NT)Fds)c2I(DJ9ix<2(D0){7|b$3wrf z|2mDQmSNBA>`**__w@vxPr9u;>JwucMD}4g=$eJFRrKybV+6{*(MvQek)H5TOTz3{J8)b|B*5aKIvLsnpaa<-AI zx&cdRG&YB)Wx%Ar1}1%!Hhj!K(~|EPI5T-Gq_vT7)#2Y-%R8+f>Kk&}1sW^?s+Bpy zd|=$aGE>U&;b^hr!K2D&;=ht|^fbSOAI;yg3@KAn%>ETSn}&}~m&v^FIWN`XyKs@m zxIh}g%V zWG#>K3=H3Fuj9DY(1#g)xOL&hzLfBJ)oNe_5A2_8E&~Ev@Q^;zeVR;41iTA3Fp7|; zl?6`${;3rAna*5z4FKu<)YYSeRU8=d|Aq+sW$gd{f$f%qLn$G%izT?__&M(+Otru( z_hI!n>;%Sx`ifw{JJ@?|Jgn0XR0bg*KsOD{*jIO`*ft-NNhq8za(ZJyh!tzWWU#HF|2YVVz(^ z1T`TTfwqI6lLxpe3>G08*wcozW&(*^uAPPwgTT{h7JwTcavFk3f7QcChGy8=)q>cxNpQT6!&nMyCXmf7l z2k^mE7%J>yA{?@j6w)V<-mMN9i`*Lu#>q+G%WwU;`$tBZ%sjHo%ov_&llT61z-tlb zwyjQ;49}O<{S6%$mjBnQR~w<7M%`+pl}C_a@lUm_71J*#Ktv9MLI$)R)E26fImc>O zR1;*^ohP|V!)mZ_JdXh)y{j;m42*2?OHcW{))TODVSOEgU>$-|FJi-B3(8Ud+P(M> zb7R}gmZfkePMZ&IL~XQ#f({Z~k|nJ~Q7Q?mdo+f z7eq2TJD80lha-veDY8uj_W z@?N!H)W_IW0bIqVlX zPm|d$$A57IsDJEV)Y8+#%S4IGCo!O)3)P0FfET198oTNc2Qqc-4n%x*jN$ZFiLZ!- zRw%(xKykF7wwBuI!_wAywe?oJq6()YVM>U1P8>J zL7e53=$LWli$!uSjKOl=1s~nnXx#5xU{}cPFZ4u}$a`J)!M!01!|sERLQqA#_@NT! zW!zoDHWl~g*+_n%U29rbAK|8Q-V2|EnEF!yR32x(nCYA)mZ)e%TS?t?o=3eH4QH7p zx}PswBLEHY2`@&#c}E;2$XPD{0r9~uM!`6bHGx>FDa;^2`pX@*uqv%BK_=DXM z_>4#2O`QVPeM)!9XCaL^+d~HO<5#RjoMo9a5x$fAde$PcQ&)_QvosTBb3fEmHsZrp zjE%EAb2`$tMMrzeMpUASad95(8Y5i2PV|tA{5%&Ue=rhlGU3xEL2_siq0i zxEHYDq&mZKhP?~NKe$hCF-FdEO*FZZy2Ou>M_OIF)U#?Pcq;@h1r0$OQa}JpDe+e&(AwR)t~s7N)iE$XV7MB#Tff)Hl(yLz4FaUejv zhH`@8NO1Oow=HsyvaX&Z6ooLr3AN%2O~BOa5DE}s9S`n>yOO*BiG(2xuPl!);R<+( zAPk{ioiEK34-tn5W9w&}$6)MoH1$EVi@6L@dZ&xDifyl~ms9a;^IV@~{rN;|6lvF^%MT({r zwPftZJobamvs3hW;dU*lghQ-Mci&B{LejmP!hVVXwsR3BIcvh2Ul|piJP`H@;*YpL zi1EmvyO}%|WlqUT6`!R#U;m@T0wCjAs4_n?;B4>Tt`b4oQ9eVhBhY#3JL}6B5Goo0n(hinF7<0N@AS1kx{4Z-y<*! zJ9XkCjG;VohXv=MCXb=DWdTP7=AkT-q5ZQ9UTQ307*LYR&|0lW*#fgr70lQjgwLNT zCj}+y%5Ttjkzh*z=kYIgelXH%@9o8mj*sy8LgP zROGZdh-Vk&{SzZ~Q4MWqbm2eIb_`r1p^H;mvp^a;t>m8=IYtW+FQ>qUCVLS#sqqqK z^xf0kp`DGwN4@qfGH`~!H*)Ncjq2sz*W%J4xy=EgrAuyC0YopJIQTT#`JE1}P!@cZ zfaM*b9T?!vor7IWoiWo!jYeyPk|?&CgD3iSpLtn|Gw?!wuw;;ZD#Xx{O+sAdJs%{6 zNhWeiX(-lw{K3k03l@@rb!BYajox)Gv$`1civ@5J%x*NEc>bk;#!GxuY0-^Mfj#C7 z*kiKOWgJ<;mA{?j^>J7*aLSKp#C~<-kIhGf+@;@WaR9b?Sj`h!e3#|UADsOMAqTXR6; zx$eaMIT>f_p!C2%_$Wxnt1StIiI6)cv9lm(d_Yk}JJv6pvgLs!U)|{U_t33}(6Oda zD29UnT239DL|Xc^by3b~u)GSw9X+~Mh^7qA>vL9ii;@ys!TLgZ%(kG#VYEKtuLD%GsB!OsxRc3IsxQh)zCC4VKq&L;Wv@ zVfnDmPi1o7MtFFHKYECJFe5NDgmmS=h5SuE$35T`q_pSI0vM?rlgwNAsu1y(vn#p4 zcjsIaJHLoun@a^aAe0f{$?Uc$T@E_U91S7)sawR~5(Jhk;!7v=tE>X}<1neCdt;+~ z0jv&Sd3bhwX&Am$)V&@W8(JquIOME^WvK}I7uEkF3I!kvWWiUG`E>E|#%Xte%hCp^@H9Acne?f(Y?}?e}ApiB) z`EE8u7fPV~iZTJObF)3n^eBCZFHs;sGZNQo{sdizM_fY=AIlD+V`)%KMN^jIe#>x8 z4HN literal 0 HcmV?d00001 diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/.helmignore b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/Chart.lock b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/Chart.lock deleted file mode 100644 index 1d417a7..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 2.1.2 -digest: sha256:1c365a4551a2f4098e9584dc176b289c10437c679c7c3e2ec6153cabf863e1a4 -generated: "2022-11-10T01:16:50.1422882Z" diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/Chart.yaml b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/Chart.yaml deleted file mode 100644 index b133020..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/Chart.yaml +++ /dev/null @@ -1,26 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 3.11.3 -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 2.x.x -description: RabbitMQ is an open source general-purpose message broker that is designed - for consistent, highly-available messaging scenarios (both synchronous and asynchronous). -home: https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq -icon: https://bitnami.com/assets/stacks/rabbitmq/img/rabbitmq-stack-220x234.png -keywords: -- rabbitmq -- message queue -- AMQP -maintainers: -- name: Bitnami - url: https://github.com/bitnami/charts -name: rabbitmq -sources: -- https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq -- https://www.rabbitmq.com -version: 11.1.2 diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/README.md b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/README.md deleted file mode 100644 index 3658897..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/README.md +++ /dev/null @@ -1,718 +0,0 @@ - - -# RabbitMQ packaged by Bitnami - -RabbitMQ is an open source general-purpose message broker that is designed for consistent, highly-available messaging scenarios (both synchronous and asynchronous). - -[Overview of RabbitMQ](https://www.rabbitmq.com) - -Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - -## TL;DR - -```bash -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/rabbitmq -``` - -## Introduction - -This chart bootstraps a [RabbitMQ](https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.2.0+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm repo add my-repo https://charts.bitnami.com/bitnami -$ helm install my-release my-repo/rabbitmq -``` - -The command deploys RabbitMQ on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ----------------------------------------------- | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | - - -### RabbitMQ Image parameters - -| Name | Description | Value | -| ------------------- | -------------------------------------------------------------------------------------------------------- | --------------------- | -| `image.registry` | RabbitMQ image registry | `docker.io` | -| `image.repository` | RabbitMQ image repository | `bitnami/rabbitmq` | -| `image.tag` | RabbitMQ image tag (immutable tags are recommended) | `3.11.3-debian-11-r0` | -| `image.digest` | RabbitMQ image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | RabbitMQ image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Set to true if you would like to see extra information on logs | `false` | - - -### Common parameters - -| Name | Description | Value | -| ---------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- | -| `nameOverride` | String to partially override rabbitmq.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override rabbitmq.fullname template | `""` | -| `namespaceOverride` | String to fully override common.names.namespace | `""` | -| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` | -| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | -| `hostAliases` | Deployment pod host aliases | `[]` | -| `dnsPolicy` | DNS Policy for pod | `""` | -| `dnsConfig` | DNS Configuration pod | `{}` | -| `auth.username` | RabbitMQ application username | `user` | -| `auth.password` | RabbitMQ application password | `""` | -| `auth.securePassword` | Whether to set the RabbitMQ password securely. This is incompatible with loading external RabbitMQ definitions and 'true' when not setting the auth.password parameter. | `true` | -| `auth.existingPasswordSecret` | Existing secret with RabbitMQ credentials (must contain a value for `rabbitmq-password` key) | `""` | -| `auth.erlangCookie` | Erlang cookie to determine whether different nodes are allowed to communicate with each other | `""` | -| `auth.existingErlangSecret` | Existing secret with RabbitMQ Erlang cookie (must contain a value for `rabbitmq-erlang-cookie` key) | `""` | -| `auth.tls.enabled` | Enable TLS support on RabbitMQ | `false` | -| `auth.tls.autoGenerated` | Generate automatically self-signed TLS certificates | `false` | -| `auth.tls.failIfNoPeerCert` | When set to true, TLS connection will be rejected if client fails to provide a certificate | `true` | -| `auth.tls.sslOptionsVerify` | Should [peer verification](https://www.rabbitmq.com/ssl.html#peer-verification) be enabled? | `verify_peer` | -| `auth.tls.caCertificate` | Certificate Authority (CA) bundle content | `""` | -| `auth.tls.serverCertificate` | Server certificate content | `""` | -| `auth.tls.serverKey` | Server private key content | `""` | -| `auth.tls.existingSecret` | Existing secret with certificate content to RabbitMQ credentials | `""` | -| `auth.tls.existingSecretFullChain` | Whether or not the existing secret contains the full chain in the certificate (`tls.crt`). Will be used in place of `ca.cert` if `true`. | `false` | -| `logs` | Path of the RabbitMQ server's Erlang log file. Value for the `RABBITMQ_LOGS` environment variable | `-` | -| `ulimitNofiles` | RabbitMQ Max File Descriptors | `65536` | -| `maxAvailableSchedulers` | RabbitMQ maximum available scheduler threads | `""` | -| `onlineSchedulers` | RabbitMQ online scheduler threads | `""` | -| `memoryHighWatermark.enabled` | Enable configuring Memory high watermark on RabbitMQ | `false` | -| `memoryHighWatermark.type` | Memory high watermark type. Either `absolute` or `relative` | `relative` | -| `memoryHighWatermark.value` | Memory high watermark value | `0.4` | -| `plugins` | List of default plugins to enable (should only be altered to remove defaults; for additional plugins use `extraPlugins`) | `rabbitmq_management rabbitmq_peer_discovery_k8s` | -| `communityPlugins` | List of Community plugins (URLs) to be downloaded during container initialization | `""` | -| `extraPlugins` | Extra plugins to enable (single string containing a space-separated list) | `rabbitmq_auth_backend_ldap` | -| `clustering.enabled` | Enable RabbitMQ clustering | `true` | -| `clustering.addressType` | Switch clustering mode. Either `ip` or `hostname` | `hostname` | -| `clustering.rebalance` | Rebalance master for queues in cluster when new replica is created | `false` | -| `clustering.forceBoot` | Force boot of an unexpectedly shut down cluster (in an unexpected order). | `false` | -| `clustering.partitionHandling` | Switch Partition Handling Strategy. Either `autoheal` or `pause-minority` or `pause-if-all-down` or `ignore` | `autoheal` | -| `loadDefinition.enabled` | Enable loading a RabbitMQ definitions file to configure RabbitMQ | `false` | -| `loadDefinition.file` | Name of the definitions file | `/app/load_definition.json` | -| `loadDefinition.existingSecret` | Existing secret with the load definitions file | `""` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `lifecycleHooks` | Overwrite livecycle for the RabbitMQ container(s) to automate configuration before or after startup | `{}` | -| `terminationGracePeriodSeconds` | Default duration in seconds k8s waits for container to exit before sending kill signal. | `120` | -| `extraEnvVars` | Extra environment variables to add to RabbitMQ pods | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables | `""` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra environment variables (in case of sensitive data) | `""` | -| `containerPorts.amqp` | | `5672` | -| `containerPorts.amqpTls` | | `5671` | -| `containerPorts.dist` | | `25672` | -| `containerPorts.manager` | | `15672` | -| `containerPorts.epmd` | | `4369` | -| `containerPorts.metrics` | | `9419` | -| `initScripts` | Dictionary of init scripts. Evaluated as a template. | `{}` | -| `initScriptsCM` | ConfigMap with the init scripts. Evaluated as a template. | `""` | -| `initScriptsSecret` | Secret containing `/docker-entrypoint-initdb.d` scripts to be executed at initialization time that contain sensitive data. Evaluated as a template. | `""` | -| `extraContainerPorts` | Extra ports to be included in container spec, primarily informational | `[]` | -| `configuration` | RabbitMQ Configuration file content: required cluster configuration | `""` | -| `extraConfiguration` | Configuration file content: extra configuration to be appended to RabbitMQ configuration | `""` | -| `advancedConfiguration` | Configuration file content: advanced configuration | `""` | -| `ldap.enabled` | Enable LDAP support | `false` | -| `ldap.uri` | LDAP connection string. | `""` | -| `ldap.servers` | List of LDAP servers hostnames. This is valid only if ldap.uri is not set | `[]` | -| `ldap.port` | LDAP servers port. This is valid only if ldap.uri is not set | `""` | -| `ldap.userDnPattern` | Pattern used to translate the provided username into a value to be used for the LDAP bind. | `""` | -| `ldap.binddn` | DN of the account used to search in the LDAP server. | `""` | -| `ldap.bindpw` | Password for binddn account. | `""` | -| `ldap.basedn` | Base DN path where binddn account will search for the users. | `""` | -| `ldap.uidField` | Field used to match with the user name (uid, samAccountName, cn, etc). It matches with 'dn_lookup_attribute' in RabbitMQ configuration | `""` | -| `ldap.uidField` | Field used to match with the user name (uid, samAccountName, cn, etc). It matches with 'dn_lookup_attribute' in RabbitMQ configuration | `""` | -| `ldap.authorisationEnabled` | Enable LDAP authorisation. Please set 'advancedConfiguration' with tag, topic, resources and vhost mappings | `false` | -| `ldap.tls.enabled` | Enabled TLS configuration. | `false` | -| `ldap.tls.startTls` | Use STARTTLS instead of LDAPS. | `false` | -| `ldap.tls.skipVerify` | Skip any SSL verification (hostanames or certificates) | `false` | -| `ldap.tls.verify` | Verify connection. Valid values are 'verify_peer' or 'verify_none' | `verify_peer` | -| `ldap.tls.certificatesMountPath` | Where LDAP certifcates are mounted. | `/opt/bitnami/rabbitmq/ldap/certs` | -| `ldap.tls.certificatesSecret` | Secret with LDAP certificates. | `""` | -| `ldap.tls.CAFilename` | CA certificate filename. Should match with the CA entry key in the ldap.tls.certificatesSecret. | `""` | -| `ldap.tls.certFilename` | Client certificate filename to authenticate against the LDAP server. Should match with certificate the entry key in the ldap.tls.certificatesSecret. | `""` | -| `ldap.tls.certKeyFilename` | Client Key filename to authenticate against the LDAP server. Should match with certificate the entry key in the ldap.tls.certificatesSecret. | `""` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts | `[]` | -| `extraVolumes` | Optionally specify extra list of additional volumes . | `[]` | -| `extraSecrets` | Optionally specify extra secrets to be created by the chart. | `{}` | -| `extraSecretsPrependReleaseName` | Set this flag to true if extraSecrets should be created with prepended. | `false` | - - -### Statefulset parameters - -| Name | Description | Value | -| --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------- | -| `replicaCount` | Number of RabbitMQ replicas to deploy | `1` | -| `schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | -| `podManagementPolicy` | Pod management policy | `OrderedReady` | -| `podLabels` | RabbitMQ Pod labels. Evaluated as a template | `{}` | -| `podAnnotations` | RabbitMQ Pod annotations. Evaluated as a template | `{}` | -| `updateStrategy.type` | Update strategy type for RabbitMQ statefulset | `RollingUpdate` | -| `statefulsetLabels` | RabbitMQ statefulset labels. Evaluated as a template | `{}` | -| `priorityClassName` | Name of the priority class to be used by RabbitMQ pods, priority class needs to be created beforehand | `""` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment. Evaluated as a template | `{}` | -| `nodeSelector` | Node labels for pod assignment. Evaluated as a template | `{}` | -| `tolerations` | Tolerations for pod assignment. Evaluated as a template | `[]` | -| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `podSecurityContext.enabled` | Enable RabbitMQ pods' Security Context | `true` | -| `podSecurityContext.fsGroup` | Set RabbitMQ pod's Security Context fsGroup | `1001` | -| `containerSecurityContext.enabled` | Enabled RabbitMQ containers' Security Context | `true` | -| `containerSecurityContext.runAsUser` | Set RabbitMQ containers' Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set RabbitMQ container's Security Context runAsNonRoot | `true` | -| `resources.limits` | The resources limits for RabbitMQ containers | `{}` | -| `resources.requests` | The requested resources for RabbitMQ containers | `{}` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `20` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `20` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `startupProbe.enabled` | Enable startupProbe | `false` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `30` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `20` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `3` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `customStartupProbe` | Define a custom startup probe | `{}` | -| `initContainers` | Add init containers to the RabbitMQ pod | `[]` | -| `sidecars` | Add sidecar containers to the RabbitMQ pod | `[]` | -| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | - - -### RBAC parameters - -| Name | Description | Value | -| --------------------------------------------- | ------------------------------------------------------------------------------------------ | ------ | -| `serviceAccount.create` | Enable creation of ServiceAccount for RabbitMQ pods | `true` | -| `serviceAccount.name` | Name of the created serviceAccount | `""` | -| `serviceAccount.automountServiceAccountToken` | Auto-mount the service account token in the pod | `true` | -| `serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | -| `rbac.create` | Whether RBAC rules should be created | `true` | - - -### Persistence parameters - -| Name | Description | Value | -| --------------------------- | ------------------------------------------------ | -------------------------- | -| `persistence.enabled` | Enable RabbitMQ data persistence using PVC | `true` | -| `persistence.storageClass` | PVC Storage Class for RabbitMQ data volume | `""` | -| `persistence.selector` | Selector to match an existing Persistent Volume | `{}` | -| `persistence.accessModes` | PVC Access Modes for RabbitMQ data volume | `["ReadWriteOnce"]` | -| `persistence.existingClaim` | Provide an existing PersistentVolumeClaims | `""` | -| `persistence.mountPath` | The path the volume will be mounted at | `/bitnami/rabbitmq/mnesia` | -| `persistence.subPath` | The subdirectory of the volume to mount to | `""` | -| `persistence.size` | PVC Storage Request for RabbitMQ data volume | `8Gi` | -| `persistence.annotations` | Persistence annotations. Evaluated as a template | `{}` | - - -### Exposure parameters - -| Name | Description | Value | -| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.portEnabled` | Amqp port. Cannot be disabled when `auth.tls.enabled` is `false`. Listener can be disabled with `listeners.tcp = none`. | `true` | -| `service.distPortEnabled` | Erlang distribution server port | `true` | -| `service.managerPortEnabled` | RabbitMQ Manager port | `true` | -| `service.epmdPortEnabled` | RabbitMQ EPMD Discovery service port | `true` | -| `service.ports.amqp` | Amqp service port | `5672` | -| `service.ports.amqpTls` | Amqp TLS service port | `5671` | -| `service.ports.dist` | Erlang distribution service port | `25672` | -| `service.ports.manager` | RabbitMQ Manager service port | `15672` | -| `service.ports.metrics` | RabbitMQ Prometheues metrics service port | `9419` | -| `service.ports.epmd` | EPMD Discovery service port | `4369` | -| `service.portNames.amqp` | Amqp service port name | `amqp` | -| `service.portNames.amqpTls` | Amqp TLS service port name | `amqp-ssl` | -| `service.portNames.dist` | Erlang distribution service port name | `dist` | -| `service.portNames.manager` | RabbitMQ Manager service port name | `http-stats` | -| `service.portNames.metrics` | RabbitMQ Prometheues metrics service port name | `metrics` | -| `service.portNames.epmd` | EPMD Discovery service port name | `epmd` | -| `service.nodePorts.amqp` | Node port for Ampq | `""` | -| `service.nodePorts.amqpTls` | Node port for Ampq TLS | `""` | -| `service.nodePorts.dist` | Node port for Erlang distribution | `""` | -| `service.nodePorts.manager` | Node port for RabbitMQ Manager | `""` | -| `service.nodePorts.epmd` | Node port for EPMD Discovery | `""` | -| `service.nodePorts.metrics` | Node port for RabbitMQ Prometheues metrics | `""` | -| `service.extraPorts` | Extra ports to expose in the service | `[]` | -| `service.loadBalancerSourceRanges` | Address(es) that are allowed when service is `LoadBalancer` | `[]` | -| `service.externalIPs` | Set the ExternalIPs | `[]` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `service.loadBalancerIP` | Set the LoadBalancerIP | `""` | -| `service.clusterIP` | Kubernetes service Cluster IP | `""` | -| `service.labels` | Service labels. Evaluated as a template | `{}` | -| `service.annotations` | Service annotations. Evaluated as a template | `{}` | -| `service.annotationsHeadless` | Headless Service annotations. Evaluated as a template | `{}` | -| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `ingress.enabled` | Enable ingress resource for Management console | `false` | -| `ingress.path` | Path for the default host. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` | -| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `ingress.hostname` | Default host for the ingress resource | `rabbitmq.local` | -| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | -| `ingress.tls` | Enable TLS configuration for the hostname defined at `ingress.hostname` parameter | `false` | -| `ingress.selfSigned` | Set this to true in order to create a TLS secret for this ingress record | `false` | -| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | -| `ingress.extraRules` | The list of additional rules to be added to this ingress record. Evaluated as a template | `[]` | -| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.secrets` | Custom TLS certificates as secrets | `[]` | -| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | -| `ingress.existingSecret` | It is you own the certificate as secret. | `""` | -| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `networkPolicy.additionalRules` | Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed. | `[]` | - - -### Metrics Parameters - -| Name | Description | Value | -| ------------------------------------------ | -------------------------------------------------------------------------------------- | --------------------- | -| `metrics.enabled` | Enable exposing RabbitMQ metrics to be gathered by Prometheus | `false` | -| `metrics.plugins` | Plugins to enable Prometheus metrics in RabbitMQ | `rabbitmq_prometheus` | -| `metrics.podAnnotations` | Annotations for enabling prometheus to access the metrics endpoint | `{}` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | Specify the namespace in which the serviceMonitor resource will be created | `""` | -| `metrics.serviceMonitor.interval` | Specify the interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | -| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | MetricsRelabelConfigs to apply to samples before ingestion. | `[]` | -| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | -| `metrics.serviceMonitor.targetLabels` | Used to keep given service's labels in target | `{}` | -| `metrics.serviceMonitor.podTargetLabels` | Used to keep given pod's labels in target | `{}` | -| `metrics.serviceMonitor.path` | Define the path used by ServiceMonitor to scrap metrics | `""` | -| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` | -| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | -| `metrics.serviceMonitor.annotations` | Extra annotations for the ServiceMonitor | `{}` | -| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | -| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | `""` | -| `metrics.prometheusRule.rules` | List of rules, used as template by Helm. | `[]` | - - -### Init Container Parameters - -| Name | Description | Value | -| ------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r50` | -| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | -| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | -| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | - - -The above parameters map to the env variables defined in [bitnami/rabbitmq](https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq). For more information please refer to the [bitnami/rabbitmq](https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq) image documentation. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -$ helm install my-release \ - --set auth.username=admin,auth.password=secretpassword,auth.erlangCookie=secretcookie \ - my-repo/rabbitmq -``` - -The above command sets the RabbitMQ admin username and password to `admin` and `secretpassword` respectively. Additionally the secure erlang cookie is set to `secretcookie`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install my-release -f values.yaml my-repo/rabbitmq -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling vs Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Set pod affinity - -This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. - -### Scale horizontally - -To horizontally scale this chart once it has been deployed, two options are available: - -- Use the `kubectl scale` command. -- Upgrade the chart modifying the `replicaCount` parameter. - -> NOTE: It is mandatory to specify the password and Erlang cookie that was set the first time the chart was installed when upgrading the chart. - -When scaling down the solution, unnecessary RabbitMQ nodes are automatically stopped, but they are not removed from the cluster. You need to manually remove them by running the `rabbitmqctl forget_cluster_node` command. - -Refer to the chart documentation for [more information on scaling the Rabbit cluster horizontally](https://docs.bitnami.com/kubernetes/infrastructure/rabbitmq/administration/scale-deployment/). - -### Enable TLS support - -To enable TLS support, first generate the certificates as described in the [RabbitMQ documentation for SSL certificate generation](https://www.rabbitmq.com/ssl.html#automated-certificate-generation). - -Once the certificates are generated, you have two alternatives: - -* Create a secret with the certificates and associate the secret when deploying the chart -* Include the certificates in the *values.yaml* file when deploying the chart - -Set the *auth.tls.failIfNoPeerCert* parameter to *false* to allow a TLS connection if the client fails to provide a certificate. - -Set the *auth.tls.sslOptionsVerify* to *verify_peer* to force a node to perform peer verification. When set to *verify_none*, peer verification will be disabled and certificate exchange won't be performed. - -Refer to the chart documentation for [more information and examples of enabling TLS and using Let's Encrypt certificates](https://docs.bitnami.com/kubernetes/infrastructure/rabbitmq/administration/enable-tls-ingress/). - -### Load custom definitions - -It is possible to [load a RabbitMQ definitions file to configure RabbitMQ](https://www.rabbitmq.com/management.html#load-definitions). - -Because definitions may contain RabbitMQ credentials, [store the JSON as a Kubernetes secret](https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod). Within the secret's data, choose a key name that corresponds with the desired load definitions filename (i.e. `load_definition.json`) and use the JSON object as the value. - -Next, specify the `load_definitions` property as an `extraConfiguration` pointing to the load definition file path within the container (i.e. `/app/load_definition.json`) and set `loadDefinition.enable` to `true`. Any load definitions specified will be available within in the container at `/app`. - -> NOTE: Loading a definition will take precedence over any configuration done through [Helm values](#parameters). - -If needed, you can use `extraSecrets` to let the chart create the secret for you. This way, you don't need to manually create it before deploying a release. These secrets can also be templated to use supplied chart values. - -Refer to the chart documentation for [more information and configuration examples of loading custom definitions](https://docs.bitnami.com/kubernetes/infrastructure/rabbitmq/configuration/load-files/). - -### Configure LDAP support - -LDAP support can be enabled in the chart by specifying the `ldap.*` parameters while creating a release. Refer to the chart documentation for [more information and a configuration example](https://docs.bitnami.com/kubernetes/infrastructure/rabbitmq/configuration/configure-ldap/). - -### Configure memory high watermark - -It is possible to configure a memory high watermark on RabbitMQ to define [memory thresholds](https://www.rabbitmq.com/memory.html#threshold) using the `memoryHighWatermark.*` parameters. To do so, you have two alternatives: - -* Set an absolute limit of RAM to be used on each RabbitMQ node, as shown in the configuration example below: - -``` -memoryHighWatermark.enabled="true" -memoryHighWatermark.type="absolute" -memoryHighWatermark.value="512MB" -``` - -* Set a relative limit of RAM to be used on each RabbitMQ node. To enable this feature, define the memory limits at pod level too. An example configuration is shown below: - -``` -memoryHighWatermark.enabled="true" -memoryHighWatermark.type="relative" -memoryHighWatermark.value="0.4" -resources.limits.memory="2Gi" -``` - -### Add extra environment variables - -In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. - -```yaml -extraEnvVars: - - name: LOG_LEVEL - value: error -``` - -Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `.extraEnvVarsCM` or the `extraEnvVarsSecret` properties. - -### Use plugins - -The Bitnami Docker RabbitMQ image ships a set of plugins by default. By default, this chart enables `rabbitmq_management` and `rabbitmq_peer_discovery_k8s` since they are required for RabbitMQ to work on K8s. - -To enable extra plugins, set the `extraPlugins` parameter with the list of plugins you want to enable. In addition to this, the `communityPlugins` parameter can be used to specify a list of URLs (separated by spaces) for custom plugins for RabbitMQ. - -Refer to the chart documentation for [more information on using RabbitMQ plugins](https://docs.bitnami.com/kubernetes/infrastructure/rabbitmq/configuration/use-plugins/). - -### Advanced logging - -In case you want to configure RabbitMQ logging set `logs` value to false and set the log config in extraConfiguration following the [official documentation](https://www.rabbitmq.com/logging.html#log-file-location). - -An example: - -```yaml -logs: false # custom logging -extraConfiguration: | - log.default.level = warning - log.file = false - log.console = true - log.console.level = warning - log.console.formatter = json -``` - -### Recover the cluster from complete shutdown - -> IMPORTANT: Some of these procedures can lead to data loss. Always make a backup beforehand. - -The RabbitMQ cluster is able to support multiple node failures but, in a situation in which all the nodes are brought down at the same time, the cluster might not be able to self-recover. - -This happens if the pod management policy of the statefulset is not `Parallel` and the last pod to be running wasn't the first pod of the statefulset. If that happens, update the pod management policy to recover a healthy state: - -```console -$ kubectl delete statefulset STATEFULSET_NAME --cascade=false -$ helm upgrade RELEASE_NAME my-repo/rabbitmq \ - --set podManagementPolicy=Parallel \ - --set replicaCount=NUMBER_OF_REPLICAS \ - --set auth.password=PASSWORD \ - --set auth.erlangCookie=ERLANG_COOKIE -``` - -For a faster resyncronization of the nodes, you can temporarily disable the readiness probe by setting `readinessProbe.enabled=false`. Bear in mind that the pods will be exposed before they are actually ready to process requests. - -If the steps above don't bring the cluster to a healthy state, it could be possible that none of the RabbitMQ nodes think they were the last node to be up during the shutdown. In those cases, you can force the boot of the nodes by specifying the `clustering.forceBoot=true` parameter (which will execute [`rabbitmqctl force_boot`](https://www.rabbitmq.com/rabbitmqctl.8.html#force_boot) in each pod): - -```console -$ helm upgrade RELEASE_NAME my-repo/rabbitmq \ - --set podManagementPolicy=Parallel \ - --set clustering.forceBoot=true \ - --set replicaCount=NUMBER_OF_REPLICAS \ - --set auth.password=PASSWORD \ - --set auth.erlangCookie=ERLANG_COOKIE -``` - -More information: [Clustering Guide: Restarting](https://www.rabbitmq.com/clustering.html#restarting). - -### Known issues - -- Changing the password through RabbitMQ's UI can make the pod fail due to the default liveness probes. If you do so, remember to make the chart aware of the new password. Updating the default secret with the password you set through RabbitMQ's UI will automatically recreate the pods. If you are using your own secret, you may have to manually recreate the pods. - -## Persistence - -The [Bitnami RabbitMQ](https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq) image stores the RabbitMQ data and configurations at the `/opt/bitnami/rabbitmq/var/lib/rabbitmq/` path of the container. - -The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) at this location. By default, the volume is created using dynamic volume provisioning. An existing PersistentVolumeClaim can also be defined. - -### Use existing PersistentVolumeClaims - -1. Create the PersistentVolume -1. Create the PersistentVolumeClaim -1. Install the chart - -```bash -$ helm install my-release --set persistence.existingClaim=PVC_NAME my-repo/rabbitmq -``` - -### Adjust permissions of the persistence volume mountpoint - -As the image runs as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it. - -By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions. -As an alternative, this chart supports using an `initContainer` to change the ownership of the volume before mounting it in the final destination. - -You can enable this `initContainer` by setting `volumePermissions.enabled` to `true`. - -### Configure the default user/vhost - -If you want to create default user/vhost and set the default permission. you can use `extraConfiguration`: - -```yaml -auth: - username: default-user -extraConfiguration: |- - default_vhost = default-vhost - default_permissions.configure = .* - default_permissions.read = .* - default_permissions.write = .* -``` - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -It's necessary to set the `auth.password` and `auth.erlangCookie` parameters when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Credentials' section. Please note down the password and the cookie, and run the command below to upgrade your chart: - -```bash -$ helm upgrade my-release my-repo/rabbitmq --set auth.password=[PASSWORD] --set auth.erlangCookie=[RABBITMQ_ERLANG_COOKIE] -``` - -| Note: you need to substitute the placeholders [PASSWORD] and [RABBITMQ_ERLANG_COOKIE] with the values obtained in the installation notes. - -### To 11.0.0 - -This major version changes the default RabbitMQ image from 3.10.x to 3.11.x. Follow the [official instructions](https://www.rabbitmq.com/upgrade.html) to upgrade from 3.10 to 3.11. - -### To 10.0.0 - -This major version changes the default RabbitMQ image from 3.9.x to 3.10.x. Follow the [official instructions](https://www.rabbitmq.com/upgrade.html) to upgrade from 3.9 to 3.10. - -### To 9.0.0 - -This major release renames several values in this chart and adds missing features, in order to be aligned with the rest of the assets in the Bitnami charts repository. - - .dist - .manager - .metrics - .epmd - -- `service.port` has been renamed as `service.ports.amqp`. -- `service.portName` has been renamed as `service.portNames.amqp`. -- `service.nodePort`has been renamed as `service.nodePorts.amqp`. -- `service.tlsPort` has been renamed as `service.ports.amqpTls`. -- `service.tlsPortName` has been renamed as `service.portNames.amqpTls`. -- `service.tlsNodePort` has been renamed as `service.nodePorts.amqpTls`. -- `service.epmdPortName` has been renamed as `service.portNames.epmd`. -- `service.epmdNodePort` has been renamed as `service.nodePorts.epmd`. -- `service.distPort` has been renamed as `service.ports.dist`. -- `service.distPortName` has been renamed as `service.portNames.dist`. -- `service.distNodePort` has been renamed as `service.nodePorts.dist`. -- `service.managerPort` has been renamed as `service.ports.manager`. -- `service.managerPortName` has been renamed as `service.portNames.manager`. -- `service.managerNodePort` has been renamed as `service.nodePorts.manager`. -- `service.metricsPort` has been renamed as `service.ports.metrics`. -- `service.metricsPortName` has been renamed as `service.portNames.metrics`. -- `service.metricsNodePort` has been renamed as `service.nodePorts.metrics`. -- `persistence.volumes` has been removed, as it duplicates the parameter `extraVolumes`. -- `ingress.certManager` has been removed. -- `metrics.serviceMonitor.relabellings` has been replaced with `metrics.serviceMonitor.relabelings`, and it sets the field `relabelings` instead of `metricRelabelings`. -- `metrics.serviceMonitor.additionalLabels` has been renamed as `metrics.serviceMonitor.labels` -- `updateStrategyType` has been removed, use the field `updateStrategy` instead, which is interpreted as a template. -- The content of `podSecurityContext` and `containerSecurityContext` have been modified. -- The behavior of VolumePermissions has been modified to not change ownership of '.snapshot' and 'lost+found' -- Introduced the values `ContainerPorts.*`, separating the service and container ports configuration. - -### To 8.21.0 - -This new version of the chart bumps the RabbitMQ version to `3.9.1`. It is considered a minor release, and no breaking changes are expected. Additionally, RabbitMQ `3.9.X` nodes can run alongside `3.8.X` nodes. - -See the [Upgrading guide](https://www.rabbitmq.com/upgrade.html) and the [RabbitMQ change log](https://www.rabbitmq.com/changelog.html) for further documentation. - -### To 8.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/rabbitmq/administration/upgrade-helm3/). - -### To 7.0.0 - -- Several parameters were renamed or disappeared in favor of new ones on this major version: - - `replicas` is renamed to `replicaCount`. - - `securityContext.*` is deprecated in favor of `podSecurityContext` and `containerSecurityContext`. - - Authentication parameters were reorganized under the `auth.*` parameter: - - `rabbitmq.username`, `rabbitmq.password`, and `rabbitmq.erlangCookie` are now `auth.username`, `auth.password`, and `auth.erlangCookie` respectively. - - `rabbitmq.tls.*` parameters are now under `auth.tls.*`. - - Parameters prefixed with `rabbitmq.` were renamed removing the prefix. E.g. `rabbitmq.configuration` -> renamed to `configuration`. - - `rabbitmq.rabbitmqClusterNodeName` is deprecated. - - `rabbitmq.setUlimitNofiles` is deprecated. - - `forceBoot.enabled` is renamed to `clustering.forceBoot`. - - `loadDefinition.secretName` is renamed to `loadDefinition.existingSecret`. - - `metics.port` is remamed to `service.metricsPort`. - - `service.extraContainerPorts` is renamed to `extraContainerPorts`. - - `service.nodeTlsPort` is renamed to `service.tlsNodePort`. - - `podDisruptionBudget` is deprecated in favor of `pdb.create`, `pdb.minAvailable`, and `pdb.maxUnavailable`. - - `rbacEnabled` -> deprecated in favor of `rbac.create`. - - New parameters: `serviceAccount.create`, and `serviceAccount.name`. - - New parameters: `memoryHighWatermark.enabled`, `memoryHighWatermark.type`, and `memoryHighWatermark.value`. -- Chart labels and Ingress configuration were adapted to follow the Helm charts best practices. -- Initialization logic now relies on the container. -- This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/main/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. -- The layout of the persistent volumes has changed (if using persistence). Action is required if preserving data through the upgrade is desired: - - The data has moved from `mnesia/` within the persistent volume to the root of the persistent volume - - The `config/` and `schema/` directories within the persistent volume are no longer used - - An init container can be used to move and clean up the peristent volumes. An example can be found [here](https://github.com/bitnami/charts/issues/10913#issuecomment-1169619513). - - Alternately the value `persistence.subPath` can be overridden to be `mnesia` so that the directory layout is consistent with what it was previously. - - Note however that this will leave the unused `config/` and `schema/` directories within the peristent volume forever. - -Consequences: - -- Backwards compatibility is not guaranteed. -- Compatibility with non Bitnami images is not guaranteed anymore. - -### To 6.0.0 - -This new version updates the RabbitMQ image to a [new version based on bash instead of node.js](https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#3715-r18-3715-ol-7-r19). However, since this Chart overwrites the container's command, the changes to the container shouldn't affect the Chart. To upgrade, it may be needed to enable the `fastBoot` option, as it is already the case from upgrading from 5.X to 5.Y. - -### To 5.0.0 - -This major release changes the clustering method from `ip` to `hostname`. -This change is needed to fix the persistence. The data dir will now depend on the hostname which is stable instead of the pod IP that might change. - -> IMPORTANT: Note that if you upgrade from a previous version you will lose your data. - -### To 3.0.0 - -Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. -Use the workaround below to upgrade from versions previous to 3.0.0. The following example assumes that the release name is rabbitmq: - -```console -$ kubectl delete statefulset rabbitmq --cascade=false -``` - -## Bitnami Kubernetes Documentation - -Bitnami Kubernetes documentation is available at [https://docs.bitnami.com/](https://docs.bitnami.com/). You can find there the following resources: - -- [Documentation for RabbitMQ Helm chart](https://docs.bitnami.com/kubernetes/infrastructure/rabbitmq/) -- [Get Started with Kubernetes guides](https://docs.bitnami.com/kubernetes/) -- [Bitnami Helm charts documentation](https://docs.bitnami.com/kubernetes/apps/) -- [Kubernetes FAQs](https://docs.bitnami.com/kubernetes/faq/) -- [Kubernetes Developer guides](https://docs.bitnami.com/tutorials/) - -## License - -Copyright © 2022 Bitnami - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/.helmignore b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/Chart.yaml b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/Chart.yaml deleted file mode 100644 index 6f0c3a6..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 2.1.2 -description: A Library Helm Chart for grouping common logic between bitnami charts. - This chart is not deployable by itself. -home: https://github.com/bitnami/charts/tree/main/bitnami/common -icon: https://bitnami.com/downloads/logos/bitnami-mark.png -keywords: -- common -- helper -- template -- function -- bitnami -maintainers: -- name: Bitnami - url: https://github.com/bitnami/charts -name: common -sources: -- https://github.com/bitnami/charts -- https://www.bitnami.com/ -type: library -version: 2.1.2 diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/README.md b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/README.md deleted file mode 100644 index a2ecd60..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/README.md +++ /dev/null @@ -1,350 +0,0 @@ -# Bitnami Common Library Chart - -A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. - -## TL;DR - -```yaml -dependencies: - - name: common - version: 1.x.x - repository: https://charts.bitnami.com/bitnami -``` - -```bash -$ helm dependency update -``` - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} -data: - myvalue: "Hello World" -``` - -## Introduction - -This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.2.0+ - -## Parameters - -The following table lists the helpers available in the library which are scoped in different sections. - -### Affinities - -| Helper identifier | Description | Expected Input | -|-------------------------------|------------------------------------------------------|------------------------------------------------| -| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | -| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | - -### Capabilities - -| Helper identifier | Description | Expected Input | -|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| -| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | -| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | -| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | -| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | -| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | -| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | -| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | -| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context | -| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context | -| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context | -| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context | -| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | - -### Errors - -| Helper identifier | Description | Expected Input | -|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| -| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | - -### Images - -| Helper identifier | Description | Expected Input | -|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| -| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | -| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | -| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` | - -### Ingress - -| Helper identifier | Description | Expected Input | -|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | -| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | -| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | -| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` | - -### Labels - -| Helper identifier | Description | Expected Input | -|-----------------------------|-----------------------------------------------------------------------------|-------------------| -| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | -| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context | - -### Names - -| Helper identifier | Description | Expected Input | -|-----------------------------------|-----------------------------------------------------------------------|-------------------| -| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | -| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | -| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context | -| `common.names.fullname.namespace` | Create a fully qualified app name adding the installation's namespace | `.` Chart context | -| `common.names.chart` | Chart name plus version | `.` Chart context | - -### Secrets - -| Helper identifier | Description | Expected Input | -|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | -| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | -| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | -| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | - -### Storage - -| Helper identifier | Description | Expected Input | -|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| -| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | - -### TplValues - -| Helper identifier | Description | Expected Input | -|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | - -### Utils - -| Helper identifier | Description | Expected Input | -|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| -| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | -| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | -| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | -| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | - -### Validations - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | -| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | -| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | -| `common.validations.values.mysql.passwords` | This helper will ensure required password for MySQL are not empty. It returns a shared error for all the values. | `dict "secret" "mysql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mysql chart and the helper. | -| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | -| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis® are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | -| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | -| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | - -### Warnings - -| Helper identifier | Description | Expected Input | -|------------------------------|----------------------------------|------------------------------------------------------------| -| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | - -## Special input schemas - -### ImageRoot - -```yaml -registry: - type: string - description: Docker registry where the image is located - example: docker.io - -repository: - type: string - description: Repository and image name - example: bitnami/nginx - -tag: - type: string - description: image tag - example: 1.16.1-debian-10-r63 - -pullPolicy: - type: string - description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - -pullSecrets: - type: array - items: - type: string - description: Optionally specify an array of imagePullSecrets (evaluated as templates). - -debug: - type: boolean - description: Set to true if you would like to see extra information on logs - example: false - -## An instance would be: -# registry: docker.io -# repository: bitnami/nginx -# tag: 1.16.1-debian-10-r63 -# pullPolicy: IfNotPresent -# debug: false -``` - -### Persistence - -```yaml -enabled: - type: boolean - description: Whether enable persistence. - example: true - -storageClass: - type: string - description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. - example: "-" - -accessMode: - type: string - description: Access mode for the Persistent Volume Storage. - example: ReadWriteOnce - -size: - type: string - description: Size the Persistent Volume Storage. - example: 8Gi - -path: - type: string - description: Path to be persisted. - example: /bitnami - -## An instance would be: -# enabled: true -# storageClass: "-" -# accessMode: ReadWriteOnce -# size: 8Gi -# path: /bitnami -``` - -### ExistingSecret - -```yaml -name: - type: string - description: Name of the existing secret. - example: mySecret -keyMapping: - description: Mapping between the expected key name and the name of the key in the existing secret. - type: object - -## An instance would be: -# name: mySecret -# keyMapping: -# password: myPasswordKey -``` - -#### Example of use - -When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. - -```yaml -# templates/secret.yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: - app: {{ include "common.names.fullname" . }} -type: Opaque -data: - password: {{ .Values.password | b64enc | quote }} - -# templates/dpl.yaml ---- -... - env: - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} - key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} -... - -# values.yaml ---- -name: mySecret -keyMapping: - password: myPasswordKey -``` - -### ValidateValue - -#### NOTES.txt - -```console -{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} - -{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} -``` - -If we force those values to be empty we will see some alerts - -```console -$ helm install test mychart --set path.to.value00="",path.to.value01="" - 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: - - export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d) - - 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: - - export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d) -``` - -## Upgrading - -### To 1.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -## License - -Copyright © 2022 Bitnami - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_affinities.tpl b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_affinities.tpl deleted file mode 100644 index 497068f..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_affinities.tpl +++ /dev/null @@ -1,98 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a soft nodeAffinity definition -{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.soft" -}} -preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} - weight: 1 -{{- end -}} - -{{/* -Return a hard nodeAffinity definition -{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.hard" -}} -requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} -{{- end -}} - -{{/* -Return a nodeAffinity definition -{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.nodes.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.nodes.hard" . -}} - {{- end -}} -{{- end -}} - -{{/* -Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} -*/}} -{{- define "common.affinities.pods.soft" -}} -{{- $component := default "" .component -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: kubernetes.io/hostname - weight: 1 -{{- end -}} - -{{/* -Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} -*/}} -{{- define "common.affinities.pods.hard" -}} -{{- $component := default "" .component -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - topologyKey: kubernetes.io/hostname -{{- end -}} - -{{/* -Return a podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.pods" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.pods.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.pods.hard" . -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_capabilities.tpl b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_capabilities.tpl deleted file mode 100644 index 9d9b760..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_capabilities.tpl +++ /dev/null @@ -1,154 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "common.capabilities.kubeVersion" -}} -{{- if .Values.global }} - {{- if .Values.global.kubeVersion }} - {{- .Values.global.kubeVersion -}} - {{- else }} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} - {{- end -}} -{{- else }} -{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for poddisruptionbudget. -*/}} -{{- define "common.capabilities.policy.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "common.capabilities.networkPolicy.apiVersion" -}} -{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for cronjob. -*/}} -{{- define "common.capabilities.cronjob.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "batch/v1beta1" -}} -{{- else -}} -{{- print "batch/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "common.capabilities.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apps/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- if .Values.ingress -}} -{{- if .Values.ingress.apiVersion -}} -{{- .Values.ingress.apiVersion -}} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end }} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for RBAC resources. -*/}} -{{- define "common.capabilities.rbac.apiVersion" -}} -{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "rbac.authorization.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "rbac.authorization.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for CRDs. -*/}} -{{- define "common.capabilities.crd.apiVersion" -}} -{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiextensions.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiextensions.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for APIService. -*/}} -{{- define "common.capabilities.apiService.apiVersion" -}} -{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiregistration.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiregistration.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Horizontal Pod Autoscaler. -*/}} -{{- define "common.capabilities.hpa.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the used Helm version is 3.3+. -A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. -This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. -**To be removed when the catalog's minimun Helm version is 3.3** -*/}} -{{- define "common.capabilities.supportsHelmVersion" -}} -{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_errors.tpl b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_errors.tpl deleted file mode 100644 index a79cc2e..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_errors.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} - {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} - {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} - {{- $errorString = print $errorString "\n%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_images.tpl b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_images.tpl deleted file mode 100644 index 46c659e..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_images.tpl +++ /dev/null @@ -1,76 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := .imageRoot.registry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $separator := ":" -}} -{{- $termination := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.imageRegistry }} - {{- $registryName = .global.imageRegistry -}} - {{- end -}} -{{- end -}} -{{- if .imageRoot.digest }} - {{- $separator = "@" -}} - {{- $termination = .imageRoot.digest | toString -}} -{{- end -}} -{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "common.images.renderPullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_ingress.tpl b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_ingress.tpl deleted file mode 100644 index 831da9c..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_ingress.tpl +++ /dev/null @@ -1,68 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Generate backend entry that is compatible with all Kubernetes API versions. - -Usage: -{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} - -Params: - - serviceName - String. Name of an existing service backend - - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.ingress.backend" -}} -{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} -{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} -serviceName: {{ .serviceName }} -servicePort: {{ .servicePort }} -{{- else -}} -service: - name: {{ .serviceName }} - port: - {{- if typeIs "string" .servicePort }} - name: {{ .servicePort }} - {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} - number: {{ .servicePort | int }} - {{- end }} -{{- end -}} -{{- end -}} - -{{/* -Print "true" if the API pathType field is supported -Usage: -{{ include "common.ingress.supportsPathType" . }} -*/}} -{{- define "common.ingress.supportsPathType" -}} -{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the ingressClassname field is supported -Usage: -{{ include "common.ingress.supportsIngressClassname" . }} -*/}} -{{- define "common.ingress.supportsIngressClassname" -}} -{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if cert-manager required annotations for TLS signed -certificates are set in the Ingress annotations -Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations -Usage: -{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} -*/}} -{{- define "common.ingress.certManagerRequest" -}} -{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_labels.tpl b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_labels.tpl deleted file mode 100644 index 252066c..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,18 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Kubernetes standard labels -*/}} -{{- define "common.labels.standard" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector -*/}} -{{- define "common.labels.matchLabels" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_names.tpl b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_names.tpl deleted file mode 100644 index 1bdac8b..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_names.tpl +++ /dev/null @@ -1,70 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified dependency name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -Usage: -{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} -*/}} -{{- define "common.names.dependency.fullname" -}} -{{- if .chartValues.fullnameOverride -}} -{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .chartName .chartValues.nameOverride -}} -{{- if contains $name .context.Release.Name -}} -{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts. -*/}} -{{- define "common.names.namespace" -}} -{{- if .Values.namespaceOverride -}} -{{- .Values.namespaceOverride -}} -{{- else -}} -{{- .Release.Namespace -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified app name adding the installation's namespace. -*/}} -{{- define "common.names.fullname.namespace" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_secrets.tpl b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_secrets.tpl deleted file mode 100644 index 4267d42..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_secrets.tpl +++ /dev/null @@ -1,165 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- if not (typeIs "string" .) -}} -{{- with .name -}} -{{- $name = . -}} -{{- end -}} -{{- else -}} -{{- $name = . -}} -{{- end -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if not (typeIs "string" .existingSecret) -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} - {{- end }} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Generate secret password or retrieve one if already created. - -Usage: -{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - length - int - Optional - Length of the generated random password. - - strong - Boolean - Optional - Whether to add symbols to the generated random password. - - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - - context - Context - Required - Parent context. - -The order in which this function returns a secret password: - 1. Already existing 'Secret' resource - (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) - 2. Password provided via the values.yaml - (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) - 3. Randomly generated secret password - (A new random secret password with the length specified in the 'length' parameter will be generated and returned) - -*/}} -{{- define "common.secrets.passwords.manage" -}} - -{{- $password := "" }} -{{- $subchart := "" }} -{{- $chartName := default "" .chartName }} -{{- $passwordLength := default 10 .length }} -{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} -{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} -{{- $secretData := (lookup "v1" "Secret" $.context.Release.Namespace .secret).data }} -{{- if $secretData }} - {{- if hasKey $secretData .key }} - {{- $password = index $secretData .key | quote }} - {{- else }} - {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} - {{- end -}} -{{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString | b64enc | quote }} -{{- else }} - - {{- if .context.Values.enabled }} - {{- $subchart = $chartName }} - {{- end -}} - - {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - {{- $passwordValidationErrors := list $requiredPasswordError -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} - - {{- if .strong }} - {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} - {{- $password = randAscii $passwordLength }} - {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} - {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} - {{- else }} - {{- $password = randAlphaNum $passwordLength | b64enc | quote }} - {{- end }} -{{- end -}} -{{- printf "%s" $password -}} -{{- end -}} - -{{/* -Reuses the value from an existing secret, otherwise sets its value to a default value. - -Usage: -{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - context - Context - Required - Parent context. - -*/}} -{{- define "common.secrets.lookup" -}} -{{- $value := "" -}} -{{- $defaultValue := required "\n'common.secrets.lookup': Argument 'defaultValue' missing or empty" .defaultValue -}} -{{- $secretData := (lookup "v1" "Secret" $.context.Release.Namespace .secret).data -}} -{{- if and $secretData (hasKey $secretData .key) -}} - {{- $value = index $secretData .key -}} -{{- else -}} - {{- $value = $defaultValue | toString | b64enc -}} -{{- end -}} -{{- printf "%s" $value -}} -{{- end -}} - -{{/* -Returns whether a previous generated secret already exists - -Usage: -{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.exists" -}} -{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} -{{- if $secret }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_storage.tpl b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_storage.tpl deleted file mode 100644 index 60e2a84..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_storage.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} - -{{- $storageClass := .persistence.storageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.storageClass -}} - {{- end -}} -{{- end -}} - -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} - -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_tplvalues.tpl b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_tplvalues.tpl deleted file mode 100644 index 2db1668..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,13 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_utils.tpl b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_utils.tpl deleted file mode 100644 index 8c22b2a..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_utils.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} - -{{/* -Gets a value from .Values given -Usage: -{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} -*/}} -{{- define "common.utils.getValueFromKey" -}} -{{- $splitKey := splitList "." .key -}} -{{- $value := "" -}} -{{- $latestObj := $.context.Values -}} -{{- range $splitKey -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} - {{- end -}} - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} -{{- end -}} -{{- printf "%v" (default "" $value) -}} -{{- end -}} - -{{/* -Returns first .Values key with a defined value or first of the list if all non-defined -Usage: -{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} -*/}} -{{- define "common.utils.getKeyFromList" -}} -{{- $key := first .keys -}} -{{- $reverseKeys := reverse .keys }} -{{- range $reverseKeys }} - {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} - {{- if $value -}} - {{- $key = . }} - {{- end -}} -{{- end -}} -{{- printf "%s" $key -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_warnings.tpl b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_warnings.tpl deleted file mode 100644 index ae10fa4..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/_warnings.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} - -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_cassandra.tpl b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_cassandra.tpl deleted file mode 100644 index ded1ae3..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_cassandra.tpl +++ /dev/null @@ -1,72 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Cassandra required passwords are not empty. - -Usage: -{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.cassandra.passwords" -}} - {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} - {{- $enabled := include "common.cassandra.values.enabled" . -}} - {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} - {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.dbUser.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled cassandra. - -Usage: -{{ include "common.cassandra.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.cassandra.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.cassandra.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key dbUser - -Usage: -{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.key.dbUser" -}} - {{- if .subchart -}} - cassandra.dbUser - {{- else -}} - dbUser - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_mariadb.tpl b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_mariadb.tpl deleted file mode 100644 index b6906ff..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_mariadb.tpl +++ /dev/null @@ -1,103 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MariaDB required passwords are not empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mariadb.values.enabled" . -}} - {{- $architecture := include "common.mariadb.values.architecture" . -}} - {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mariadb. - -Usage: -{{ include "common.mariadb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mariadb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mariadb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.key.auth" -}} - {{- if .subchart -}} - mariadb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_mongodb.tpl b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_mongodb.tpl deleted file mode 100644 index f820ec1..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_mongodb.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MongoDB® required passwords are not empty. - -Usage: -{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mongodb.passwords" -}} - {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mongodb.values.enabled" . -}} - {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} - {{- $architecture := include "common.mongodb.values.architecture" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} - {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} - - {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} - {{- if and $valueUsername $valueDatabase -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replicaset") -}} - {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mongodb. - -Usage: -{{ include "common.mongodb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mongodb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mongodb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.key.auth" -}} - {{- if .subchart -}} - mongodb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_mysql.tpl b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_mysql.tpl deleted file mode 100644 index 74472a0..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_mysql.tpl +++ /dev/null @@ -1,103 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MySQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mysql.passwords" -}} - {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mysql.values.enabled" . -}} - {{- $architecture := include "common.mysql.values.architecture" . -}} - {{- $authPrefix := include "common.mysql.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mysql. - -Usage: -{{ include "common.mysql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mysql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mysql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.key.auth" -}} - {{- if .subchart -}} - mysql.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_postgresql.tpl b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_postgresql.tpl deleted file mode 100644 index 164ec0d..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_postgresql.tpl +++ /dev/null @@ -1,129 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate PostgreSQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- if (eq $enabledReplication "true") -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.replication.enabled -}} - {{- else -}} - {{- printf "%v" .context.Values.replication.enabled -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_redis.tpl b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_redis.tpl deleted file mode 100644 index dcccfc1..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_redis.tpl +++ /dev/null @@ -1,76 +0,0 @@ - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Redis® required passwords are not empty. - -Usage: -{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.redis.passwords" -}} - {{- $enabled := include "common.redis.values.enabled" . -}} - {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} - {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} - - {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} - {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} - - {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} - {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} - {{- if eq $useAuth "true" -}} - {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled redis. - -Usage: -{{ include "common.redis.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.redis.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.redis.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right prefix path for the values - -Usage: -{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.redis.values.keys.prefix" -}} - {{- if .subchart -}}redis.{{- else -}}{{- end -}} -{{- end -}} - -{{/* -Checks whether the redis chart's includes the standarizations (version >= 14) - -Usage: -{{ include "common.redis.values.standarized.version" (dict "context" $) }} -*/}} -{{- define "common.redis.values.standarized.version" -}} - - {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} - {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} - - {{- if $standarizedAuthValues -}} - {{- true -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_validations.tpl b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_validations.tpl deleted file mode 100644 index 9a814cf..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/templates/validations/_validations.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" - - subchart - String - Optional - Name of the subchart that the validated password is part of. -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} - {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/values.yaml b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/values.yaml deleted file mode 100644 index f2df68e..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/charts/common/values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -## bitnami/common -## It is required by CI/CD tools and processes. -## @skip exampleValue -## -exampleValue: common-chart diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/NOTES.txt b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/NOTES.txt deleted file mode 100644 index 2d26bce..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/NOTES.txt +++ /dev/null @@ -1,154 +0,0 @@ -CHART NAME: {{ .Chart.Name }} -CHART VERSION: {{ .Chart.Version }} -APP VERSION: {{ .Chart.AppVersion }} - -{{- $servicePort := or (.Values.service.portEnabled) (not .Values.auth.tls.enabled) | ternary .Values.service.ports.amqp .Values.service.ports.amqpTls -}} - -** Please be patient while the chart is being deployed ** - -{{- if .Values.diagnosticMode.enabled }} -The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: - - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} - -Get the list of pods by executing: - - kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} - -Access the pod you want to debug by executing - - kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash - -In order to replicate the container startup scripts execute this command: - - /opt/bitnami/scripts/rabbitmq/entrypoint.sh /opt/bitnami/scripts/rabbitmq/run.sh - -{{- else }} - -Credentials: - -{{- if not .Values.loadDefinition.enabled }} - echo "Username : {{ .Values.auth.username }}" - echo "Password : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "rabbitmq.secretPasswordName" . }} -o jsonpath="{.data.rabbitmq-password}" | base64 -d)" -{{- end }} - echo "ErLang Cookie : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "rabbitmq.secretErlangName" . }} -o jsonpath="{.data.rabbitmq-erlang-cookie}" | base64 -d)" - -Note that the credentials are saved in persistent volume claims and will not be changed upon upgrade or reinstallation unless the persistent volume claim has been deleted. If this is not the first installation of this chart, the credentials may not be valid. -This is applicable when no passwords are set and therefore the random password is autogenerated. In case of using a fixed password, you should specify it when upgrading. -More information about the credentials may be found at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases. - -RabbitMQ can be accessed within the cluster on port {{ $servicePort }} at {{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - -To access for outside the cluster, perform the following steps: - -{{- if .Values.ingress.enabled }} -{{- if contains "NodePort" .Values.service.type }} - -To Access the RabbitMQ AMQP port: - -1. Obtain the NodePort IP and ports: - - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT_AMQP=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[?(@.name=='amqp')].nodePort}" services {{ include "common.names.fullname" . }}) - echo "URL : amqp://$NODE_IP:$NODE_PORT_AMQP/" - -{{- else if contains "LoadBalancer" .Values.service.type }} - -To Access the RabbitMQ AMQP port: - -1. Obtain the LoadBalancer IP: - -NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - echo "URL : amqp://$SERVICE_IP:{{ $servicePort }}/" - -{{- else if contains "ClusterIP" .Values.service.type }} - -To Access the RabbitMQ AMQP port: - -1. Create a port-forward to the AMQP port: - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} {{ $servicePort }}:{{ $servicePort }} & - echo "URL : amqp://127.0.0.1:{{ $servicePort }}/" - -{{- end }} - -2. Access RabbitMQ using using the obtained URL. - -To Access the RabbitMQ Management interface: - -1. Get the RabbitMQ Management URL and associate its hostname to your cluster external IP: - - export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters - echo "RabbitMQ Management: http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}/" - echo "$CLUSTER_IP {{ .Values.ingress.hostname }}" | sudo tee -a /etc/hosts - -2. Open a browser and access RabbitMQ Management using the obtained URL. - -{{- else }} -{{- if contains "NodePort" .Values.service.type }} - -Obtain the NodePort IP and ports: - - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT_AMQP=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[?(@.name=='amqp')].nodePort}" services {{ include "common.names.fullname" . }}) - export NODE_PORT_STATS=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[?(@.name=='http-stats')].nodePort}" services {{ include "common.names.fullname" . }}) - -To Access the RabbitMQ AMQP port: - - echo "URL : amqp://$NODE_IP:$NODE_PORT_AMQP/" - -To Access the RabbitMQ Management interface: - - echo "URL : http://$NODE_IP:$NODE_PORT_STATS/" - -{{- else if contains "LoadBalancer" .Values.service.type }} - -Obtain the LoadBalancer IP: - -NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - -To Access the RabbitMQ AMQP port: - - echo "URL : amqp://$SERVICE_IP:{{ $servicePort }}/" - -To Access the RabbitMQ Management interface: - - echo "URL : http://$SERVICE_IP:{{ .Values.service.ports.manager }}/" - -{{- else if contains "ClusterIP" .Values.service.type }} - -To Access the RabbitMQ AMQP port: - - echo "URL : amqp://127.0.0.1:{{ $servicePort }}/" - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} {{ $servicePort }}:{{ $servicePort }} - -To Access the RabbitMQ Management interface: - - echo "URL : http://127.0.0.1:{{ .Values.service.ports.manager }}/" - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} {{ .Values.service.ports.manager }}:{{ .Values.service.ports.manager }} - -{{- end }} -{{- end }} - -{{- if .Values.metrics.enabled }} - -To access the RabbitMQ Prometheus metrics, get the RabbitMQ Prometheus URL by running: - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "common.names.fullname" . }} {{ .Values.service.ports.metrics }}:{{ .Values.service.ports.metrics }} & - echo "Prometheus Metrics URL: http://127.0.0.1:{{ .Values.service.ports.metrics }}/metrics" - -Then, open the obtained URL in a browser. - -{{- end }} - -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} - -{{- end }} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/_helpers.tpl b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/_helpers.tpl deleted file mode 100644 index d1aa125..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/_helpers.tpl +++ /dev/null @@ -1,227 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper RabbitMQ image name -*/}} -{{- define "rabbitmq.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "rabbitmq.volumePermissions.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "rabbitmq.imagePullSecrets" -}} -{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) }} -{{- end -}} - -{{/* - Create the name of the service account to use - */}} -{{- define "rabbitmq.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Get the password secret. -*/}} -{{- define "rabbitmq.secretPasswordName" -}} - {{- if .Values.auth.existingPasswordSecret -}} - {{- printf "%s" (tpl .Values.auth.existingPasswordSecret $) -}} - {{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} - {{- end -}} -{{- end -}} - -{{/* -Get the erlang secret. -*/}} -{{- define "rabbitmq.secretErlangName" -}} - {{- if .Values.auth.existingErlangSecret -}} - {{- printf "%s" (tpl .Values.auth.existingErlangSecret $) -}} - {{- else -}} - {{- printf "%s" (include "common.names.fullname" .) -}} - {{- end -}} -{{- end -}} - -{{/* -Get the TLS secret. -*/}} -{{- define "rabbitmq.tlsSecretName" -}} - {{- if .Values.auth.tls.existingSecret -}} - {{- printf "%s" (tpl .Values.auth.tls.existingSecret $) -}} - {{- else -}} - {{- printf "%s-certs" (include "common.names.fullname" .) -}} - {{- end -}} -{{- end -}} - -{{/* -Return true if a TLS credentials secret object should be created -*/}} -{{- define "rabbitmq.createTlsSecret" -}} -{{- if and .Values.auth.tls.enabled (not .Values.auth.tls.existingSecret) }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper RabbitMQ plugin list -*/}} -{{- define "rabbitmq.plugins" -}} -{{- $plugins := .Values.plugins -}} -{{- if .Values.extraPlugins -}} -{{- $plugins = printf "%s %s" $plugins .Values.extraPlugins -}} -{{- end -}} -{{- if .Values.metrics.enabled -}} -{{- $plugins = printf "%s %s" $plugins .Values.metrics.plugins -}} -{{- end -}} -{{- printf "%s" $plugins | replace " " ", " -}} -{{- end -}} - -{{/* -Return the number of bytes given a value -following a base 2 o base 10 number system. -Usage: -{{ include "rabbitmq.toBytes" .Values.path.to.the.Value }} -*/}} -{{- define "rabbitmq.toBytes" -}} -{{- $value := int (regexReplaceAll "([0-9]+).*" . "${1}") }} -{{- $unit := regexReplaceAll "[0-9]+(.*)" . "${1}" }} -{{- if eq $unit "Ki" }} - {{- mul $value 1024 }} -{{- else if eq $unit "Mi" }} - {{- mul $value 1024 1024 }} -{{- else if eq $unit "Gi" }} - {{- mul $value 1024 1024 1024 }} -{{- else if eq $unit "Ti" }} - {{- mul $value 1024 1024 1024 1024 }} -{{- else if eq $unit "Pi" }} - {{- mul $value 1024 1024 1024 1024 1024 }} -{{- else if eq $unit "Ei" }} - {{- mul $value 1024 1024 1024 1024 1024 1024 }} -{{- else if eq $unit "K" }} - {{- mul $value 1000 }} -{{- else if eq $unit "M" }} - {{- mul $value 1000 1000 }} -{{- else if eq $unit "G" }} - {{- mul $value 1000 1000 1000 }} -{{- else if eq $unit "T" }} - {{- mul $value 1000 1000 1000 1000 }} -{{- else if eq $unit "P" }} - {{- mul $value 1000 1000 1000 1000 1000 }} -{{- else if eq $unit "E" }} - {{- mul $value 1000 1000 1000 1000 1000 1000 }} -{{- end }} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "rabbitmq.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "rabbitmq.validateValues.ldap" .) -}} -{{- $messages := append $messages (include "rabbitmq.validateValues.memoryHighWatermark" .) -}} -{{- $messages := append $messages (include "rabbitmq.validateValues.ingress.tls" .) -}} -{{- $messages := append $messages (include "rabbitmq.validateValues.auth.tls" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of rabbitmq - LDAP support -*/}} -{{- define "rabbitmq.validateValues.ldap" -}} -{{- if .Values.ldap.enabled }} -{{- $serversListLength := len .Values.ldap.servers }} -{{- $userDnPattern := coalesce .Values.ldap.user_dn_pattern .Values.ldap.userDnPattern }} -{{- if or (and (not (gt $serversListLength 0)) (empty .Values.ldap.uri)) (and (not $userDnPattern) (not .Values.ldap.basedn)) }} -rabbitmq: LDAP - Invalid LDAP configuration. When enabling LDAP support, the parameters "ldap.servers" or "ldap.uri" are mandatory - to configure the connection and "ldap.userDnPattern" or "ldap.basedn" are necessary to lookup the users. Please provide them: - $ helm install {{ .Release.Name }} my-repo/rabbitmq \ - --set ldap.enabled=true \ - --set ldap.servers[0]=my-ldap-server" \ - --set ldap.port="389" \ - --set ldap.userDnPattern="cn=${username},dc=example,dc=org" -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of rabbitmq - Memory high watermark -*/}} -{{- define "rabbitmq.validateValues.memoryHighWatermark" -}} -{{- if and (not (eq .Values.memoryHighWatermark.type "absolute")) (not (eq .Values.memoryHighWatermark.type "relative")) }} -rabbitmq: memoryHighWatermark.type - Invalid Memory high watermark type. Valid values are "absolute" and - "relative". Please set a valid mode (--set memoryHighWatermark.type="xxxx") -{{- else if and .Values.memoryHighWatermark.enabled (not .Values.resources.limits.memory) (eq .Values.memoryHighWatermark.type "relative") }} -rabbitmq: memoryHighWatermark - You enabled configuring memory high watermark using a relative limit. However, - no memory limits were defined at POD level. Define your POD limits as shown below: - - $ helm install {{ .Release.Name }} my-repo/rabbitmq \ - --set memoryHighWatermark.enabled=true \ - --set memoryHighWatermark.type="relative" \ - --set memoryHighWatermark.value="0.4" \ - --set resources.limits.memory="2Gi" - - Altenatively, user an absolute value for the memory memory high watermark : - - $ helm install {{ .Release.Name }} my-repo/rabbitmq \ - --set memoryHighWatermark.enabled=true \ - --set memoryHighWatermark.type="absolute" \ - --set memoryHighWatermark.value="512MB" -{{- end -}} -{{- end -}} - -{{/* -Validate values of rabbitmq - TLS configuration for Ingress -*/}} -{{- define "rabbitmq.validateValues.ingress.tls" -}} -{{- if and .Values.ingress.enabled .Values.ingress.tls (not (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations ))) (not .Values.ingress.selfSigned) (empty .Values.ingress.extraTls) }} -rabbitmq: ingress.tls - You enabled the TLS configuration for the default ingress hostname but - you did not enable any of the available mechanisms to create the TLS secret - to be used by the Ingress Controller. - Please use any of these alternatives: - - Use the `ingress.extraTls` and `ingress.secrets` parameters to provide your custom TLS certificates. - - Rely on cert-manager to create it by setting the corresponding annotations - - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` -{{- end -}} -{{- end -}} - -{{/* -Validate values of RabbitMQ - Auth TLS enabled -*/}} -{{- define "rabbitmq.validateValues.auth.tls" -}} -{{- if and .Values.auth.tls.enabled (not .Values.auth.tls.autoGenerated) (not .Values.auth.tls.existingSecret) (not .Values.auth.tls.caCertificate) (not .Values.auth.tls.serverCertificate) (not .Values.auth.tls.serverKey) }} -rabbitmq: auth.tls - You enabled TLS for RabbitMQ but you did not enable any of the available mechanisms to create the TLS secret. - Please use any of these alternatives: - - Provide an existing secret containing the TLS certificates using `auth.tls.existingSecret` - - Provide the plain text certificates using `auth.tls.caCertificate`, `auth.tls.serverCertificate` and `auth.tls.serverKey`. - - Enable auto-generated certificates using `auth.tls.autoGenerated`. -{{- end -}} -{{- end -}} - -{{/* -Get the initialization scripts volume name. -*/}} -{{- define "rabbitmq.initScripts" -}} -{{- printf "%s-init-scripts" (include "common.names.fullname" .) -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/config-secret.yaml b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/config-secret.yaml deleted file mode 100644 index 80e93e6..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/config-secret.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-config" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - rabbitmq.conf: |- - {{- include "common.tplvalues.render" (dict "value" .Values.configuration "context" $) | b64enc | nindent 4 }} - {{- if .Values.advancedConfiguration }} - advanced.config: |- - {{- include "common.tplvalues.render" (dict "value" .Values.advancedConfiguration "context" $) | b64enc | nindent 4 }} - {{- end }} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/extra-list.yaml b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/ingress.yaml b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/ingress.yaml deleted file mode 100644 index 2f23b10..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/ingress.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.ingress.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} - ingressClassName: {{ .Values.ingress.ingressClassName | quote }} - {{- end }} - rules: - {{- if .Values.ingress.hostname }} - - host: {{ include "common.tplvalues.render" ( dict "value" .Values.ingress.hostname "context" $ ) }} - http: - paths: - {{- if .Values.ingress.extraPaths }} - {{- toYaml .Values.ingress.extraPaths | nindent 10 }} - {{- end }} - - path: {{ .Values.ingress.path }} - {{- if eq "true" (include "common.ingress.supportsPathType" .) }} - pathType: {{ .Values.ingress.pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" .Values.service.portNames.manager "context" $) | nindent 14 }} - {{- end }} - {{- range .Values.ingress.extraHosts }} - - host: {{ include "common.tplvalues.render" ( dict "value" .name "context" $ ) }} - http: - paths: - - path: {{ default "/" .path }} - {{- if eq "true" (include "common.ingress.supportsPathType" $) }} - pathType: {{ default "ImplementationSpecific" .pathType }} - {{- end }} - backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" $.Values.service.portNames.manager "context" $) | nindent 14 }} - {{- end }} - {{- if .Values.ingress.extraRules }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} - {{- end }} - {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} - tls: - {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }} - - hosts: - - {{ .Values.ingress.hostname | quote }} - {{- if .Values.ingress.existingSecret }} - secretName: {{ .Values.ingress.existingSecret }} - {{- else }} - secretName: {{ printf "%s-tls" .Values.ingress.hostname | trunc 63 | trimSuffix "-" }} - {{- end }} - {{- end }} - {{- if .Values.ingress.extraTls }} - {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/init-configmap.yaml b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/init-configmap.yaml deleted file mode 100644 index d84a353..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/init-configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.initScripts }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-init-scripts" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- include "common.tplvalues.render" ( dict "value" .Values.initScripts "context" $ ) | nindent 4 }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/networkpolicy.yaml b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/networkpolicy.yaml deleted file mode 100644 index c319ac1..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/networkpolicy.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - ingress: - # Allow inbound connections - - ports: - - port: {{ .Values.service.ports.epmd }} # EPMD - - port: {{ .Values.service.ports.amqp }} - - port: {{ .Values.service.ports.amqpTls }} - - port: {{ .Values.service.ports.dist }} - - port: {{ .Values.service.ports.manager }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ printf "%s-client" (include "common.names.fullname" .) }}: "true" - - podSelector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 14 }} - {{- if .Values.networkPolicy.additionalRules }} - {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.additionalRules "context" $) | nindent 8 }} - {{- end }} - {{- end }} - # Allow prometheus scrapes - - ports: - - port: {{ .Values.service.ports.metrics }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/pdb.yaml b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/pdb.yaml deleted file mode 100644 index 827b49b..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/pdb.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.pdb.minAvailable }} - minAvailable: {{ .Values.pdb.minAvailable }} - {{- end }} - {{- if .Values.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/prometheusrule.yaml b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/prometheusrule.yaml deleted file mode 100644 index fd7208b..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/prometheusrule.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ default (include "common.names.namespace" .) .Values.metrics.prometheusRule.namespace | quote}} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.prometheusRule.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - groups: - {{- with .Values.metrics.prometheusRule.rules }} - - name: {{ template "common.names.name" $ }} - rules: {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/role.yaml b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/role.yaml deleted file mode 100644 index ab8be2f..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.rbac.create }} -kind: Role -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ printf "%s-endpoint-reader" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - - apiGroups: [""] - resources: ["endpoints"] - verbs: ["get"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create"] -{{- end }} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/rolebinding.yaml b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/rolebinding.yaml deleted file mode 100644 index b086f16..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.rbac.create }} -kind: RoleBinding -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - name: {{ printf "%s-endpoint-reader" (include "common.names.fullname" .) }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -subjects: - - kind: ServiceAccount - name: {{ template "rabbitmq.serviceAccountName" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ printf "%s-endpoint-reader" (include "common.names.fullname" .) }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/secrets.yaml b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/secrets.yaml deleted file mode 100644 index 97d4890..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/secrets.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if or (not .Values.auth.existingErlangSecret) (not .Values.auth.existingPasswordSecret) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- if (not .Values.auth.existingPasswordSecret ) }} - rabbitmq-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "rabbitmq-password" "length" 16 "providedValues" (list "auth.password") "context" $) }} - {{ end }} - {{- if (not .Values.auth.existingErlangSecret ) }} - rabbitmq-erlang-cookie: {{ include "common.secrets.passwords.manage" (dict "secret" (include "common.names.fullname" .) "key" "rabbitmq-erlang-cookie" "length" 32 "providedValues" (list "auth.erlangCookie") "context" $) }} - {{ end }} -{{- end }} -{{- range $key, $value := .Values.extraSecrets }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ ternary (printf "%s-%s" $.Release.Name $key) $key $.Values.extraSecretsPrependReleaseName }} - namespace: {{ include "common.names.namespace" $ | quote }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -stringData: {{- include "common.tplvalues.render" (dict "value" $value "context" $) | nindent 2 }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/serviceaccount.yaml b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/serviceaccount.yaml deleted file mode 100644 index 43c45d1..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/serviceaccount.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "rabbitmq.serviceAccountName" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.serviceAccount.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }} - {{- end }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -secrets: - - name: {{ include "common.names.fullname" . }} -{{- end }} - diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/servicemonitor.yaml b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/servicemonitor.yaml deleted file mode 100644 index a96ae90..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/servicemonitor.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ default (include "common.names.namespace" .) .Values.metrics.serviceMonitor.namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.labels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.annotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }} - endpoints: - - port: metrics - {{- if .Values.metrics.serviceMonitor.path }} - path: {{ .Values.metrics.serviceMonitor.path }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabelings }} - relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ include "common.names.namespace" . | quote }} - {{- if .Values.metrics.serviceMonitor.podTargetLabels }} - podTargetLabels: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.podTargetLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.targetLabels }} - targetLabels: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.targetLabels "context" $) | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - {{- if .Values.metrics.serviceMonitor.selector }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/statefulset.yaml b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/statefulset.yaml deleted file mode 100644 index 1e2afa0..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/statefulset.yaml +++ /dev/null @@ -1,426 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.statefulsetLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.statefulsetLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }} - podManagementPolicy: {{ .Values.podManagementPolicy }} - replicas: {{ .Values.replicaCount }} - {{- if .Values.updateStrategy }} - updateStrategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} - checksum/config: {{ include (print $.Template.BasePath "/config-secret.yaml") . | sha256sum }} - {{- if or (not .Values.auth.existingErlangSecret) (not .Values.auth.existingPasswordSecret) .Values.extraSecrets }} - checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - {{- end }} - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} - {{- end }} - spec: - {{- include "rabbitmq.imagePullSecrets" . | nindent 6 }} - {{- if .Values.schedulerName }} - schedulerName: {{ .Values.schedulerName | quote }} - {{- end }} - serviceAccountName: {{ template "rabbitmq.serviceAccountName" . }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" .) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.dnsPolicy }} - dnsPolicy: {{ .Values.dnsPolicy }} - {{- end }} - {{- if .Values.dnsConfig }} - dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.dnsConfig "context" .) | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - initContainers: - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "rabbitmq.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - args: - - -ec - - | - mkdir -p "{{ .Values.persistence.mountPath }}" - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} - {{- else }} - chown "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" "{{ .Values.persistence.mountPath }}" - {{- end }} - find "{{ .Values.persistence.mountPath }}" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \ - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - xargs -r chown -R `id -u`:`id -G | cut -d " " -f2` - {{- else }} - xargs -r chown -R "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- if .Values.persistence.subPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- end }} - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: rabbitmq - image: {{ template "rabbitmq.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- else }} - lifecycle: - preStop: - exec: - command: - - /bin/bash - - -ec - - | - if [[ -f /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh ]]; then - /opt/bitnami/scripts/rabbitmq/nodeshutdown.sh -t {{ .Values.terminationGracePeriodSeconds | quote }} -d {{ ternary "true" "false" .Values.image.debug | quote }} - else - rabbitmqctl stop_app - fi - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: K8S_SERVICE_NAME - value: {{ printf "%s-headless" (include "common.names.fullname" .) }} - - name: K8S_ADDRESS_TYPE - value: {{ .Values.clustering.addressType }} - - name: RABBITMQ_FORCE_BOOT - value: {{ ternary "yes" "no" .Values.clustering.forceBoot | quote }} - {{- if (eq "hostname" .Values.clustering.addressType) }} - - name: RABBITMQ_NODE_NAME - value: "rabbit@$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" - - name: K8S_HOSTNAME_SUFFIX - value: ".$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" - {{- else }} - - name: RABBITMQ_NODE_NAME - value: "rabbit@$(MY_POD_NAME)" - {{- end }} - - name: RABBITMQ_MNESIA_DIR - value: "{{ .Values.persistence.mountPath }}/$(RABBITMQ_NODE_NAME)" - - name: RABBITMQ_LDAP_ENABLE - value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} - {{- if .Values.ldap.enabled }} - - name: RABBITMQ_LDAP_TLS - value: {{ ternary "yes" "no" .Values.ldap.tls.enabled | quote }} - - name: RABBITMQ_LDAP_SERVERS - value: {{ .Values.ldap.servers | join "," | quote }} - - name: RABBITMQ_LDAP_SERVERS_PORT - value: {{ .Values.ldap.port | quote }} - - name: RABBITMQ_LDAP_USER_DN_PATTERN - value: {{ .Values.ldap.user_dn_pattern }} - {{- end }} - {{- if .Values.logs }} - - name: RABBITMQ_LOGS - value: {{ .Values.logs | quote }} - {{- end }} - - name: RABBITMQ_ULIMIT_NOFILES - value: {{ .Values.ulimitNofiles | quote }} - {{- if and .Values.maxAvailableSchedulers }} - - name: RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS - value: {{ printf "+S %s:%s" (toString .Values.maxAvailableSchedulers) (toString .Values.onlineSchedulers) -}} - {{- end }} - - name: RABBITMQ_USE_LONGNAME - value: "true" - - name: RABBITMQ_ERL_COOKIE - valueFrom: - secretKeyRef: - name: {{ template "rabbitmq.secretErlangName" . }} - key: rabbitmq-erlang-cookie - {{- if and .Values.clustering.rebalance (gt (.Values.replicaCount | int) 1) }} - - name: RABBITMQ_CLUSTER_REBALANCE - value: "true" - {{- end }} - - name: RABBITMQ_LOAD_DEFINITIONS - value: {{ ternary "yes" "no" .Values.loadDefinition.enabled | quote }} - - name: RABBITMQ_DEFINITIONS_FILE - value: {{ .Values.loadDefinition.file | quote }} - - name: RABBITMQ_SECURE_PASSWORD - value: {{ ternary "yes" "no" (or .Values.auth.securePassword (not .Values.auth.password)) | quote }} - - name: RABBITMQ_USERNAME - value: {{ .Values.auth.username | quote }} - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "rabbitmq.secretPasswordName" . }} - key: rabbitmq-password - - name: RABBITMQ_PLUGINS - value: {{ include "rabbitmq.plugins" . | quote }} - {{- if .Values.communityPlugins }} - - name: RABBITMQ_COMMUNITY_PLUGINS - value: {{ .Values.communityPlugins | quote }} - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} - {{- end }} - ports: - - name: amqp - containerPort: {{ .Values.containerPorts.amqp }} - - name: dist - containerPort: {{ .Values.containerPorts.dist }} - - name: stats - containerPort: {{ .Values.containerPorts.manager }} - - name: epmd - containerPort: {{ .Values.containerPorts.epmd }} - {{- if .Values.metrics.enabled }} - - name: metrics - containerPort: {{ .Values.containerPorts.metrics }} - {{- end }} - {{- if .Values.auth.tls.enabled }} - - name: amqp-ssl - containerPort: {{ .Values.containerPorts.amqpTls }} - {{- end }} - {{- if .Values.extraContainerPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraContainerPorts "context" $) | nindent 12 }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- else if .Values.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /bin/bash - - -ec - - rabbitmq-diagnostics -q ping - {{- end }} - {{- if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- else if .Values.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} - exec: - command: - - /bin/bash - - -ec - - rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms - {{- end }} - {{- if .Values.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} - {{- else if .Values.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: {{ternary "amqp-ssl" "amqp" .Values.auth.tls.enabled }} - {{- end }} - {{- end }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: configuration - mountPath: /bitnami/rabbitmq/conf - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- if .Values.persistence.subPath }} - subPath: {{ .Values.persistence.subPath }} - {{- end }} - {{- if .Values.auth.tls.enabled }} - - name: certs - mountPath: /opt/bitnami/rabbitmq/certs - {{- end }} - {{- if and .Values.ldap.tls.enabled .Values.ldap.tls.certificatesSecret }} - - name: ldap-certs - mountPath: {{ .Values.ldap.tls.certificatesMountPath }} - {{- end }} - {{- if .Values.loadDefinition.enabled }} - - name: load-definition-volume - mountPath: /app - readOnly: true - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.initScripts }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d/init-scripts - {{- end }} - {{- if .Values.initScriptsCM }} - - name: custom-init-scripts-cm - mountPath: /docker-entrypoint-initdb.d/init-scripts-cm - {{- end }} - {{- if .Values.initScriptsSecret }} - - name: custom-init-scripts-secret - mountPath: /docker-entrypoint-initdb.d/init-scripts-secret - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.auth.tls.enabled }} - - name: certs - secret: - secretName: {{ template "rabbitmq.tlsSecretName" . }} - items: - - key: {{ ternary "tls.crt" "ca.crt" .Values.auth.tls.existingSecretFullChain }} - path: ca_certificate.pem - - key: tls.crt - path: server_certificate.pem - - key: tls.key - path: server_key.pem - {{- end }} - {{- if and .Values.ldap.tls.enabled .Values.ldap.tls.certificatesSecret }} - - name: ldap-certs - secret: - secretName: {{ .Values.ldap.tls.certificatesSecret }} - {{- end }} - - name: configuration - secret: - secretName: {{ printf "%s-config" (include "common.names.fullname" .) }} - items: - - key: rabbitmq.conf - path: rabbitmq.conf - {{- if .Values.advancedConfiguration }} - - key: advanced.config - path: advanced.config - {{- end }} - {{- if .Values.loadDefinition.enabled }} - - name: load-definition-volume - secret: - secretName: {{ tpl .Values.loadDefinition.existingSecret . | quote }} - {{- end }} - {{- if .Values.initScripts }} - - name: custom-init-scripts - configMap: - name: {{ template "rabbitmq.initScripts" . }} - {{- end }} - {{- if .Values.initScriptsCM }} - - name: custom-init-scripts-cm - configMap: - name: {{ tpl .Values.initScriptsCM . | quote }} - {{- end }} - {{- if .Values.initScriptsSecret }} - - name: custom-init-scripts-secret - secret: - secretName: {{ tpl .Values.initScriptsSecret . | quote }} - defaultMode: 0755 - {{- end }} - {{- if .Values.extraVolumes }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} - {{- end }} - {{- if not .Values.persistence.enabled }} - - name: data - emptyDir: {} - {{- else if .Values.persistence.existingClaim }} - - name: data - persistentVolumeClaim: - {{- with .Values.persistence.existingClaim }} - claimName: {{ tpl . $ }} - {{- end }} - {{- else }} - volumeClaimTemplates: - - metadata: - name: data - labels: {{- include "common.labels.matchLabels" . | nindent 10 }} - {{- if .Values.persistence.annotations }} - annotations: - {{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} - {{- if .Values.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 10 }} - {{- end -}} - {{- end }} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/svc-headless.yaml b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/svc-headless.yaml deleted file mode 100644 index 430befe..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/svc-headless.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }}-headless - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.service.annotationsHeadless .Values.commonAnnotations }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} - {{- end -}} - {{- if .Values.service.annotationsHeadless }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.annotationsHeadless "context" $) | nindent 4 }} - {{- end -}} - {{- end }} -spec: - clusterIP: None - ports: - - name: {{ .Values.service.portNames.epmd }} - port: {{ .Values.service.ports.epmd }} - targetPort: epmd - {{- if or (.Values.service.portEnabled) (not .Values.auth.tls.enabled) }} - - name: {{ .Values.service.portNames.amqp }} - port: {{ .Values.service.ports.amqp }} - targetPort: amqp - {{- end }} - {{- if .Values.auth.tls.enabled }} - - name: {{ .Values.service.portNames.amqpTls }} - port: {{ .Values.service.ports.amqpTls }} - targetPort: amqp-tls - {{- end }} - - name: {{ .Values.service.portNames.dist }} - port: {{ .Values.service.ports.dist }} - targetPort: dist - {{- if .Values.service.managerPortEnabled }} - - name: {{ .Values.service.portNames.manager }} - port: {{ .Values.service.ports.manager }} - targetPort: stats - {{- end }} - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} - publishNotReadyAddresses: true diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/svc.yaml b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/svc.yaml deleted file mode 100644 index ba6e796..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/svc.yaml +++ /dev/null @@ -1,111 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.service.labels }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.labels "context" $) | nindent 4 }} - {{- end }} - {{- if or (.Values.service.annotations) (.Values.commonAnnotations) }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} - {{- end -}} - {{- if .Values.service.annotations }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} - {{- end -}} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if not (empty .Values.service.clusterIP) }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if eq .Values.service.type "LoadBalancer" }} - {{- if not (empty .Values.service.loadBalancerIP) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - {{- end }} - {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if .Values.service.sessionAffinity }} - sessionAffinity: {{ .Values.service.sessionAffinity }} - {{- end }} - {{- if .Values.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.service.externalIPs }} - externalIPs: {{- toYaml .Values.service.externalIPs | nindent 4 }} - {{- end }} - ports: - {{- if or (.Values.service.portEnabled) (not .Values.auth.tls.enabled) }} - - name: {{ .Values.service.portNames.amqp }} - port: {{ .Values.service.ports.amqp }} - targetPort: amqp - {{- if (eq .Values.service.type "ClusterIP") }} - nodePort: null - {{- else if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.amqp)) }} - nodePort: {{ .Values.service.nodePorts.amqp }} - {{- end }} - {{- end }} - {{- if .Values.auth.tls.enabled }} - - name: {{ .Values.service.portNames.amqpTls }} - port: {{ .Values.service.ports.amqpTls }} - targetPort: amqp-ssl - {{- if (eq .Values.service.type "ClusterIP") }} - nodePort: null - {{- else if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.amqpTls)) }} - nodePort: {{ .Values.service.nodePorts.amqpTls }} - {{- end }} - {{- end }} - {{- if .Values.service.epmdPortEnabled }} - - name: {{ .Values.service.portNames.epmd }} - port: {{ .Values.service.ports.epmd }} - targetPort: epmd - {{- if (eq .Values.service.type "ClusterIP") }} - nodePort: null - {{- else if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.epmd)) }} - nodePort: {{ .Values.service.nodePorts.epmd }} - {{- end }} - {{- end }} - {{- if .Values.service.distPortEnabled }} - - name: {{ .Values.service.portNames.dist }} - port: {{ .Values.service.ports.dist }} - targetPort: dist - {{- if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- else if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.dist)) }} - nodePort: {{ .Values.service.nodePorts.dist }} - {{- end }} - {{- end }} - {{- if .Values.service.managerPortEnabled }} - - name: {{ .Values.service.portNames.manager }} - port: {{ .Values.service.ports.manager }} - targetPort: stats - {{- if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- else if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.manager)) }} - nodePort: {{ .Values.service.nodePorts.manager }} - {{- end }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: {{ .Values.service.portNames.metrics }} - port: {{ .Values.service.ports.metrics }} - targetPort: metrics - {{- if eq .Values.service.type "ClusterIP" }} - nodePort: null - {{- else if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.metrics)) }} - nodePort: {{ .Values.service.nodePorts.metrics }} - {{- end }} - {{- end }} - {{- if .Values.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{ include "common.labels.matchLabels" . | nindent 4 }} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/tls-secrets.yaml b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/tls-secrets.yaml deleted file mode 100644 index 20bb5c6..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/tls-secrets.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if .Values.ingress.enabled }} -{{- if .Values.ingress.secrets }} -{{- range .Values.ingress.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ .name }} - namespace: {{ include "common.names.namespace" $ | quote }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ .certificate | b64enc }} - tls.key: {{ .key | b64enc }} ---- -{{- end }} -{{- end }} -{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} -{{- $ca := genCA "rabbitmq-ca" 365 }} -{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - {{- if .Values.ingress.existingSecret }} - name: {{ .Values.ingress.existingSecret }} - {{- else }} - name: {{ printf "%s-tls" .Values.ingress.hostname | trunc 63 | trimSuffix "-" }} - {{- end }} - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} -{{- end }} -{{- end }} -{{- if (include "rabbitmq.createTlsSecret" . ) }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }}-certs - namespace: {{ include "common.names.namespace" . | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - {{- if or (not .Values.auth.tls.autoGenerated ) (and .Values.auth.tls.caCertificate .Values.auth.tls.serverCertificate .Values.auth.tls.serverKey) }} - ca.crt: {{ required "A valid .Values.auth.tls.caCertificate entry required!" .Values.auth.tls.caCertificate | b64enc | quote }} - tls.crt: {{ required "A valid .Values.auth.tls.serverCertificate entry required!" .Values.auth.tls.serverCertificate| b64enc | quote }} - tls.key: {{ required "A valid .Values.auth.tls.serverKey entry required!" .Values.auth.tls.serverKey | b64enc | quote }} - {{- else }} - {{- $ca := genCA "rabbitmq-internal-ca" 365 }} - {{- $fullname := include "common.names.fullname" . }} - {{- $releaseNamespace := .Release.Namespace }} - {{- $clusterDomain := .Values.clusterDomain }} - {{- $serviceName := include "common.names.fullname" . }} - {{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname }} - {{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} - ca.crt: {{ $ca.Cert | b64enc | quote }} - tls.crt: {{ $crt.Cert | b64enc | quote }} - tls.key: {{ $crt.Key | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/validation.yaml b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/validation.yaml deleted file mode 100644 index f72ef7f..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/templates/validation.yaml +++ /dev/null @@ -1,2 +0,0 @@ -{{- include "rabbitmq.validateValues" . }} - diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/values.schema.json b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/values.schema.json deleted file mode 100644 index 8ef33ef..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/values.schema.json +++ /dev/null @@ -1,100 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "auth": { - "type": "object", - "properties": { - "username": { - "type": "string", - "title": "RabbitMQ user", - "form": true - }, - "password": { - "type": "string", - "title": "RabbitMQ password", - "form": true, - "description": "Defaults to a random 10-character alphanumeric string if not set" - } - } - }, - "extraConfiguration": { - "type": "string", - "title": "Extra RabbitMQ Configuration", - "form": true, - "render": "textArea", - "description": "Extra configuration to be appended to RabbitMQ Configuration" - }, - "replicaCount": { - "type": "integer", - "form": true, - "title": "Number of replicas", - "description": "Number of replicas to deploy" - }, - "persistence": { - "type": "object", - "title": "Persistence configuration", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable persistence", - "description": "Enable persistence using Persistent Volume Claims" - }, - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi", - "hidden": { - "value": false, - "path": "persistence/enabled" - } - } - } - }, - "volumePermissions": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable Init Containers", - "description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination" - } - } - }, - "metrics": { - "type": "object", - "form": true, - "title": "Prometheus metrics details", - "properties": { - "enabled": { - "type": "boolean", - "title": "Enable Prometheus metrics for RabbitMQ", - "description": "Install Prometheus plugin in the RabbitMQ container", - "form": true - }, - "serviceMonitor": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "title": "Create Prometheus Operator ServiceMonitor", - "description": "Create a ServiceMonitor to track metrics using Prometheus Operator", - "form": true, - "hidden": { - "value": false, - "path": "metrics/enabled" - } - } - } - } - } - } - } -} diff --git a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/values.yaml b/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/values.yaml deleted file mode 100644 index 0358c04..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq-11.1.2/values.yaml +++ /dev/null @@ -1,1313 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - -## @section RabbitMQ Image parameters -## Bitnami RabbitMQ image version -## ref: https://hub.docker.com/r/bitnami/rabbitmq/tags/ -## @param image.registry RabbitMQ image registry -## @param image.repository RabbitMQ image repository -## @param image.tag RabbitMQ image tag (immutable tags are recommended) -## @param image.digest RabbitMQ image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag -## @param image.pullPolicy RabbitMQ image pull policy -## @param image.pullSecrets Specify docker-registry secret names as an array -## @param image.debug Set to true if you would like to see extra information on logs -## -image: - registry: docker.io - repository: bitnami/rabbitmq - tag: 3.11.3-debian-11-r0 - digest: "" - ## set to true if you would like to see extra information on logs - ## It turns BASH and/or NAMI debugging in the image - ## - debug: false - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - -## @section Common parameters -## - -## @param nameOverride String to partially override rabbitmq.fullname template (will maintain the release name) -## -nameOverride: "" -## @param fullnameOverride String to fully override rabbitmq.fullname template -## -fullnameOverride: "" -## @param namespaceOverride String to fully override common.names.namespace -## -namespaceOverride: "" -## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) -## -kubeVersion: "" -## @param clusterDomain Kubernetes Cluster Domain -## -clusterDomain: cluster.local -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## Enable diagnostic mode in the deployment -## -diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the deployment - ## - args: - - infinity - -## @param hostAliases Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] -## @param dnsPolicy DNS Policy for pod -## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ -## E.g. -## dnsPolicy: ClusterFirst -## -dnsPolicy: "" -## @param dnsConfig DNS Configuration pod -## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ -## E.g. -## dnsConfig: -## options: -## - name: ndots -## value: "4" -## -dnsConfig: {} -## RabbitMQ Authentication parameters -## -auth: - ## @param auth.username RabbitMQ application username - ## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables - ## - username: boge - ## @param auth.password RabbitMQ application password - ## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables - ## - password: "boge14@Level5" - ## @param auth.securePassword Whether to set the RabbitMQ password securely. This is incompatible with loading external RabbitMQ definitions and 'true' when not setting the auth.password parameter. - ## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables - ## - securePassword: true - ## @param auth.existingPasswordSecret Existing secret with RabbitMQ credentials (must contain a value for `rabbitmq-password` key) - ## e.g: - ## existingPasswordSecret: name-of-existing-secret - ## - existingPasswordSecret: "" - ## @param auth.erlangCookie Erlang cookie to determine whether different nodes are allowed to communicate with each other - ## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables - ## - erlangCookie: "" - ## @param auth.existingErlangSecret Existing secret with RabbitMQ Erlang cookie (must contain a value for `rabbitmq-erlang-cookie` key) - ## e.g: - ## existingErlangSecret: name-of-existing-secret - ## - existingErlangSecret: "" - - ## Enable encryption to rabbitmq - ## ref: https://www.rabbitmq.com/ssl.html - ## @param auth.tls.enabled Enable TLS support on RabbitMQ - ## @param auth.tls.autoGenerated Generate automatically self-signed TLS certificates - ## @param auth.tls.failIfNoPeerCert When set to true, TLS connection will be rejected if client fails to provide a certificate - ## @param auth.tls.sslOptionsVerify Should [peer verification](https://www.rabbitmq.com/ssl.html#peer-verification) be enabled? - ## @param auth.tls.caCertificate Certificate Authority (CA) bundle content - ## @param auth.tls.serverCertificate Server certificate content - ## @param auth.tls.serverKey Server private key content - ## @param auth.tls.existingSecret Existing secret with certificate content to RabbitMQ credentials - ## @param auth.tls.existingSecretFullChain Whether or not the existing secret contains the full chain in the certificate (`tls.crt`). Will be used in place of `ca.cert` if `true`. - ## - tls: - enabled: false - autoGenerated: false - failIfNoPeerCert: true - sslOptionsVerify: verify_peer - caCertificate: |- - serverCertificate: |- - serverKey: |- - existingSecret: "" - existingSecretFullChain: false - -## @param logs Path of the RabbitMQ server's Erlang log file. Value for the `RABBITMQ_LOGS` environment variable -## ref: https://www.rabbitmq.com/logging.html#log-file-location -## -logs: "-" -## @param ulimitNofiles RabbitMQ Max File Descriptors -## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables -## ref: https://www.rabbitmq.com/install-debian.html#kernel-resource-limits -## -ulimitNofiles: "65536" -## RabbitMQ maximum available scheduler threads and online scheduler threads. By default it will create a thread per CPU detected, with the following parameters you can tune it manually. -## ref: https://hamidreza-s.github.io/erlang/scheduling/real-time/preemptive/migration/2016/02/09/erlang-scheduler-details.html#scheduler-threads -## ref: https://github.com/bitnami/charts/issues/2189 -## @param maxAvailableSchedulers RabbitMQ maximum available scheduler threads -## @param onlineSchedulers RabbitMQ online scheduler threads -## -maxAvailableSchedulers: "" -onlineSchedulers: "" - -## The memory threshold under which RabbitMQ will stop reading from client network sockets, in order to avoid being killed by the OS -## ref: https://www.rabbitmq.com/alarms.html -## ref: https://www.rabbitmq.com/memory.html#threshold -## -memoryHighWatermark: - ## @param memoryHighWatermark.enabled Enable configuring Memory high watermark on RabbitMQ - ## - enabled: false - ## @param memoryHighWatermark.type Memory high watermark type. Either `absolute` or `relative` - ## - type: "relative" - ## Memory high watermark value. - ## @param memoryHighWatermark.value Memory high watermark value - ## The default value of 0.4 stands for 40% of available RAM - ## Note: the memory relative limit is applied to the resource.limits.memory to calculate the memory threshold - ## You can also use an absolute value, e.g.: 256MB - ## - value: 0.4 - -## @param plugins List of default plugins to enable (should only be altered to remove defaults; for additional plugins use `extraPlugins`) -## -plugins: "rabbitmq_management rabbitmq_peer_discovery_k8s" -## @param communityPlugins List of Community plugins (URLs) to be downloaded during container initialization -## Combine it with extraPlugins to also enable them. -## -communityPlugins: "" -## @param extraPlugins Extra plugins to enable (single string containing a space-separated list) -## Use this instead of `plugins` to add new plugins -## -extraPlugins: "rabbitmq_auth_backend_ldap" - -## Clustering settings -## -clustering: - ## @param clustering.enabled Enable RabbitMQ clustering - ## - enabled: false - ## @param clustering.addressType Switch clustering mode. Either `ip` or `hostname` - ## - addressType: hostname - ## @param clustering.rebalance Rebalance master for queues in cluster when new replica is created - ## ref: https://www.rabbitmq.com/rabbitmq-queues.8.html#rebalance - ## - rebalance: false - ## @param clustering.forceBoot Force boot of an unexpectedly shut down cluster (in an unexpected order). - ## forceBoot executes 'rabbitmqctl force_boot' to force boot cluster shut down unexpectedly in an unknown order - ## ref: https://www.rabbitmq.com/rabbitmqctl.8.html#force_boot - ## - forceBoot: false - ## @param clustering.partitionHandling Switch Partition Handling Strategy. Either `autoheal` or `pause-minority` or `pause-if-all-down` or `ignore` - ## ref: https://www.rabbitmq.com/partitions.html#automatic-handling - ## - partitionHandling: autoheal - -## Loading a RabbitMQ definitions file to configure RabbitMQ -## -loadDefinition: - ## @param loadDefinition.enabled Enable loading a RabbitMQ definitions file to configure RabbitMQ - ## - enabled: false - ## @param loadDefinition.file Name of the definitions file - ## - file: "/app/load_definition.json" - ## @param loadDefinition.existingSecret Existing secret with the load definitions file - ## Can be templated if needed, e.g: - ## existingSecret: "{{ .Release.Name }}-load-definition" - ## - existingSecret: "" - -## @param command Override default container command (useful when using custom images) -## -command: [] -## @param args Override default container args (useful when using custom images) -## -args: [] -## @param lifecycleHooks Overwrite livecycle for the RabbitMQ container(s) to automate configuration before or after startup -## -lifecycleHooks: {} -## @param terminationGracePeriodSeconds Default duration in seconds k8s waits for container to exit before sending kill signal. -## Any time in excess of 10 seconds will be spent waiting for any synchronization necessary for cluster not to lose data. -## -terminationGracePeriodSeconds: 120 -## @param extraEnvVars Extra environment variables to add to RabbitMQ pods -## E.g: -## extraEnvVars: -## - name: FOO -## value: BAR -## -extraEnvVars: [] -## @param extraEnvVarsCM Name of existing ConfigMap containing extra environment variables -## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Name of existing Secret containing extra environment variables (in case of sensitive data) -## -extraEnvVarsSecret: "" - -## Container Ports -## @param containerPorts.amqp -## @param containerPorts.amqpTls -## @param containerPorts.dist -## @param containerPorts.manager -## @param containerPorts.epmd -## @param containerPorts.metrics -## -containerPorts: - amqp: 5672 - amqpTls: 5671 - dist: 25672 - manager: 15672 - epmd: 4369 - metrics: 9419 - -## @param initScripts Dictionary of init scripts. Evaluated as a template. -## Specify dictionary of scripts to be run at first boot -## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory -## For example: -## initScripts: -## my_init_script.sh: | -## #!/bin/sh -## echo "Do something." -## -initScripts: {} -## @param initScriptsCM ConfigMap with the init scripts. Evaluated as a template. -## Note: This will override initScripts -## -initScriptsCM: "" -## @param initScriptsSecret Secret containing `/docker-entrypoint-initdb.d` scripts to be executed at initialization time that contain sensitive data. Evaluated as a template. -## -initScriptsSecret: "" -## @param extraContainerPorts Extra ports to be included in container spec, primarily informational -## E.g: -## extraContainerPorts: -## - name: new_port_name -## containerPort: 1234 -## -extraContainerPorts: [] -## @param configuration [string] RabbitMQ Configuration file content: required cluster configuration -## Do not override unless you know what you are doing. -## To add more configuration, use `extraConfiguration` of `advancedConfiguration` instead -## -configuration: |- - ## Username and password - ## - default_user = {{ .Values.auth.username }} - {{- if and (not .Values.auth.securePassword) .Values.auth.password }} - default_pass = {{ .Values.auth.password }} - {{- end }} - {{- if .Values.clustering.enabled }} - ## Clustering - ## - cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s - cluster_formation.k8s.host = kubernetes.default - cluster_formation.node_cleanup.interval = 10 - cluster_formation.node_cleanup.only_log_warning = true - cluster_partition_handling = {{ .Values.clustering.partitionHandling }} - {{- end }} - {{- if .Values.loadDefinition.enabled }} - load_definitions = {{ .Values.loadDefinition.file }} - {{- end }} - # queue master locator - queue_master_locator = min-masters - # enable guest user - loopback_users.guest = false - {{ tpl .Values.extraConfiguration . }} - {{- if .Values.auth.tls.enabled }} - ssl_options.verify = {{ .Values.auth.tls.sslOptionsVerify }} - listeners.ssl.default = {{ .Values.service.ports.amqpTls }} - ssl_options.fail_if_no_peer_cert = {{ .Values.auth.tls.failIfNoPeerCert }} - ssl_options.cacertfile = /opt/bitnami/rabbitmq/certs/ca_certificate.pem - ssl_options.certfile = /opt/bitnami/rabbitmq/certs/server_certificate.pem - ssl_options.keyfile = /opt/bitnami/rabbitmq/certs/server_key.pem - {{- end }} - {{- if .Values.ldap.enabled }} - auth_backends.1.authn = ldap - auth_backends.1.authz = {{ ternary "ldap" "internal" .Values.ldap.authorisationEnabled }} - auth_backends.2 = internal - {{- $host := list }} - {{- $port := ternary 636 389 .Values.ldap.tls.enabled }} - {{- if .Values.ldap.uri }} - {{- $hostPort := get (urlParse .Values.ldap.uri) "host" }} - {{- $host = list (index (splitList ":" $hostPort) 0) -}} - {{- if (contains ":" $hostPort) }} - {{- $port = index (splitList ":" $hostPort) 1 -}} - {{- end }} - {{- end }} - {{- range $index, $server := concat $host .Values.ldap.servers }} - auth_ldap.servers.{{ add $index 1 }} = {{ $server }} - {{- end }} - auth_ldap.port = {{ coalesce .Values.ldap.port $port }} - {{- if or .Values.ldap.user_dn_pattern .Values.ldap.userDnPattern }} - auth_ldap.user_dn_pattern = {{ coalesce .Values.ldap.user_dn_pattern .Values.ldap.userDnPattern }} - {{- end }} - {{- if .Values.ldap.basedn }} - auth_ldap.dn_lookup_base = {{ .Values.ldap.basedn }} - {{- end }} - {{- if .Values.ldap.uidField }} - auth_ldap.dn_lookup_attribute = {{ .Values.ldap.uidField }} - {{- end }} - {{- if .Values.ldap.binddn }} - auth_ldap.dn_lookup_bind.user_dn = {{ .Values.ldap.binddn }} - auth_ldap.dn_lookup_bind.password = {{ required "'ldap.bindpw' is required when 'ldap.binddn' is defined" .Values.ldap.bindpw }} - {{- end }} - {{- if .Values.ldap.tls.enabled }} - auth_ldap.use_ssl = {{ not .Values.ldap.tls.startTls }} - auth_ldap.use_starttls = {{ .Values.ldap.tls.startTls }} - {{- if .Values.ldap.tls.CAFilename }} - auth_ldap.ssl_options.cacertfile = {{ .Values.ldap.tls.certificatesMountPath }}/{{ .Values.ldap.tls.CAFilename }} - {{- end }} - {{- if .Values.ldap.tls.certFilename }} - auth_ldap.ssl_options.certfile = {{ .Values.ldap.tls.certificatesMountPath }}/{{ .Values.ldap.tls.certFilename }} - auth_ldap.ssl_options.keyfile = {{ .Values.ldap.tls.certificatesMountPath }}/{{ required "'ldap.tls.certKeyFilename' is required when 'ldap.tls.certFilename' is defined" .Values.ldap.tls.certKeyFilename }} - {{- end }} - {{- if .Values.ldap.tls.skipVerify }} - auth_ldap.ssl_options.verify = verify_none - auth_ldap.ssl_options.fail_if_no_peer_cert = false - {{- else if .Values.ldap.tls.verify }} - auth_ldap.ssl_options.verify = {{ .Values.ldap.tls.verify }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.metrics.enabled }} - ## Prometheus metrics - ## - prometheus.tcp.port = 9419 - {{- end }} - {{- if .Values.memoryHighWatermark.enabled }} - ## Memory Threshold - ## - total_memory_available_override_value = {{ include "rabbitmq.toBytes" .Values.resources.limits.memory }} - vm_memory_high_watermark.{{ .Values.memoryHighWatermark.type }} = {{ .Values.memoryHighWatermark.value }} - {{- end }} - -## @param extraConfiguration [string] Configuration file content: extra configuration to be appended to RabbitMQ configuration -## Use this instead of `configuration` to add more configuration -## -extraConfiguration: |- - #default_vhost = {{ .Release.Namespace }}-vhost - #disk_free_limit.absolute = 50MB - -## @param advancedConfiguration Configuration file content: advanced configuration -## Use this as additional configuration in classic config format (Erlang term configuration format) -## -## LDAP authorisation example: -## advancedConfiguration: |- -## [{rabbitmq_auth_backend_ldap,[ -## {tag_queries, [{administrator, {constant, true}}, -## {management, {constant, true}}]} -## ]}]. -## -advancedConfiguration: |- - -## LDAP configuration -## -ldap: - ## @param ldap.enabled Enable LDAP support - ## - enabled: false - ## @param ldap.uri LDAP connection string. - ## - uri: "" - ## @param ldap.servers List of LDAP servers hostnames. This is valid only if ldap.uri is not set - ## - servers: [] - ## @param ldap.port LDAP servers port. This is valid only if ldap.uri is not set - ## - port: "" - - ## DEPRECATED ldap.user_dn_pattern it will removed in a future, please use userDnPattern instead - ## Pattern used to translate the provided username into a value to be used for the LDAP bind - ## @param ldap.userDnPattern Pattern used to translate the provided username into a value to be used for the LDAP bind. - ## ref: https://www.rabbitmq.com/ldap.html#usernames-and-dns - ## - userDnPattern: "" - ## @param ldap.binddn DN of the account used to search in the LDAP server. - ## - binddn: "" - ## @param ldap.bindpw Password for binddn account. - ## - bindpw: "" - ## @param ldap.basedn Base DN path where binddn account will search for the users. - ## - basedn: "" - ## @param ldap.uidField Field used to match with the user name (uid, samAccountName, cn, etc). It matches with 'dn_lookup_attribute' in RabbitMQ configuration - ##��ref: https://www.rabbitmq.com/ldap.html#usernames-and-dns - ## - ## @param ldap.uidField Field used to match with the user name (uid, samAccountName, cn, etc). It matches with 'dn_lookup_attribute' in RabbitMQ configuration - uidField: "" - ## @param ldap.authorisationEnabled Enable LDAP authorisation. Please set 'advancedConfiguration' with tag, topic, resources and vhost mappings - ## ref: https://www.rabbitmq.com/ldap.html#authorisation - ## - authorisationEnabled: false - ## @param ldap.tls.enabled Enabled TLS configuration. - ## @param ldap.tls.startTls Use STARTTLS instead of LDAPS. - ## @param ldap.tls.skipVerify Skip any SSL verification (hostanames or certificates) - ## @param ldap.tls.verify Verify connection. Valid values are 'verify_peer' or 'verify_none' - ## @param ldap.tls.certificatesMountPath Where LDAP certifcates are mounted. - ## @param ldap.tls.certificatesSecret Secret with LDAP certificates. - ## @param ldap.tls.CAFilename CA certificate filename. Should match with the CA entry key in the ldap.tls.certificatesSecret. - ## @param ldap.tls.certFilename Client certificate filename to authenticate against the LDAP server. Should match with certificate the entry key in the ldap.tls.certificatesSecret. - ## @param ldap.tls.certKeyFilename Client Key filename to authenticate against the LDAP server. Should match with certificate the entry key in the ldap.tls.certificatesSecret. - ## - tls: - enabled: false - startTls: false - skipVerify: false - verify: "verify_peer" - certificatesMountPath: /opt/bitnami/rabbitmq/ldap/certs - certificatesSecret: "" - CAFilename: "" - certFilename: "" - certKeyFilename: "" - -## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts -## Examples: -## extraVolumeMounts: -## - name: extras -## mountPath: /usr/share/extras -## readOnly: true -## -extraVolumeMounts: [] -## @param extraVolumes Optionally specify extra list of additional volumes . -## Example: -## extraVolumes: -## - name: extras -## emptyDir: {} -## -extraVolumes: [] -## @param extraSecrets Optionally specify extra secrets to be created by the chart. -## This can be useful when combined with load_definitions to automatically create the secret containing the definitions to be loaded. -## Example: -## extraSecrets: -## load-definition: -## load_definition.json: | -## { -## ... -## } -## -extraSecrets: {} -## @param extraSecretsPrependReleaseName Set this flag to true if extraSecrets should be created with prepended. -## -extraSecretsPrependReleaseName: false - -## @section Statefulset parameters -## - -## @param replicaCount Number of RabbitMQ replicas to deploy -## -replicaCount: 1 -## @param schedulerName Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -schedulerName: "" -## RabbitMQ should be initialized one by one when building cluster for the first time. -## Therefore, the default value of podManagementPolicy is 'OrderedReady' -## Once the RabbitMQ participates in the cluster, it waits for a response from another -## RabbitMQ in the same cluster at reboot, except the last RabbitMQ of the same cluster. -## If the cluster exits gracefully, you do not need to change the podManagementPolicy -## because the first RabbitMQ of the statefulset always will be last of the cluster. -## However if the last RabbitMQ of the cluster is not the first RabbitMQ due to a failure, -## you must change podManagementPolicy to 'Parallel'. -## ref : https://www.rabbitmq.com/clustering.html#restarting -## @param podManagementPolicy Pod management policy -## -podManagementPolicy: OrderedReady -## @param podLabels RabbitMQ Pod labels. Evaluated as a template -## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} -## @param podAnnotations RabbitMQ Pod annotations. Evaluated as a template -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} -## @param updateStrategy.type Update strategy type for RabbitMQ statefulset -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -## -updateStrategy: - ## StrategyType - ## Can be set to RollingUpdate or OnDelete - ## - type: RollingUpdate -## @param statefulsetLabels RabbitMQ statefulset labels. Evaluated as a template -## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -statefulsetLabels: {} -## @param priorityClassName Name of the priority class to be used by RabbitMQ pods, priority class needs to be created beforehand -## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -priorityClassName: "" -## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAffinityPreset: "" -## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## -nodeAffinityPreset: - ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param nodeAffinityPreset.key Node label key to match Ignored if `affinity` is set. - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set. - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## @param affinity Affinity for pod assignment. Evaluated as a template -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set -## -affinity: {} -## @param nodeSelector Node labels for pod assignment. Evaluated as a template -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## @param tolerations Tolerations for pod assignment. Evaluated as a template -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] -## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template -## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods -## -topologySpreadConstraints: [] - -## RabbitMQ pods' Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## @param podSecurityContext.enabled Enable RabbitMQ pods' Security Context -## @param podSecurityContext.fsGroup Set RabbitMQ pod's Security Context fsGroup -## -podSecurityContext: - enabled: true - fsGroup: 1001 - -## @param containerSecurityContext.enabled Enabled RabbitMQ containers' Security Context -## @param containerSecurityContext.runAsUser Set RabbitMQ containers' Security Context runAsUser -## @param containerSecurityContext.runAsNonRoot Set RabbitMQ container's Security Context runAsNonRoot -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## Example: -## containerSecurityContext: -## capabilities: -## drop: ["NET_RAW"] -## readOnlyRootFilesystem: true -## -containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsNonRoot: true - -## RabbitMQ containers' resource requests and limits -## ref: https://kubernetes.io/docs/user-guide/compute-resources/ -## We usually recommend not to specify default resources and to leave this as a conscious -## choice for the user. This also increases chances charts run on environments with little -## resources, such as Minikube. If you do want to specify resources, uncomment the following -## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for RabbitMQ containers -## @param resources.requests The requested resources for RabbitMQ containers -## -resources: - ## Example: - ## limits: - ## cpu: 1000m - ## memory: 2Gi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 1000m - ## memory: 2Gi - ## - requests: {} - -## Configure RabbitMQ containers' extra options for liveness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param livenessProbe.enabled Enable livenessProbe -## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe -## @param livenessProbe.periodSeconds Period seconds for livenessProbe -## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe -## @param livenessProbe.failureThreshold Failure threshold for livenessProbe -## @param livenessProbe.successThreshold Success threshold for livenessProbe -## -livenessProbe: - enabled: true - initialDelaySeconds: 120 - timeoutSeconds: 20 - periodSeconds: 30 - failureThreshold: 6 - successThreshold: 1 -## Configure RabbitMQ containers' extra options for readiness probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param readinessProbe.enabled Enable readinessProbe -## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe -## @param readinessProbe.periodSeconds Period seconds for readinessProbe -## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe -## @param readinessProbe.failureThreshold Failure threshold for readinessProbe -## @param readinessProbe.successThreshold Success threshold for readinessProbe -## -readinessProbe: - enabled: true - initialDelaySeconds: 10 - timeoutSeconds: 20 - periodSeconds: 30 - failureThreshold: 3 - successThreshold: 1 - -## Configure RabbitMQ containers' extra options for startup probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## @param startupProbe.enabled Enable startupProbe -## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe -## @param startupProbe.periodSeconds Period seconds for startupProbe -## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe -## @param startupProbe.failureThreshold Failure threshold for startupProbe -## @param startupProbe.successThreshold Success threshold for startupProbe -## -startupProbe: - enabled: false - initialDelaySeconds: 10 - timeoutSeconds: 20 - periodSeconds: 30 - failureThreshold: 3 - successThreshold: 1 - -## @param customLivenessProbe Override default liveness probe -## -customLivenessProbe: {} -## @param customReadinessProbe Override default readiness probe -## -customReadinessProbe: {} -## @param customStartupProbe Define a custom startup probe -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes -## -customStartupProbe: {} -## @param initContainers Add init containers to the RabbitMQ pod -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: [] -## @param sidecars Add sidecar containers to the RabbitMQ pod -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: [] - -## Pod Disruption Budget configuration -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -## -pdb: - ## @param pdb.create Enable/disable a Pod Disruption Budget creation - ## - create: false - ## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled - ## - minAvailable: 1 - ## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable - ## - maxUnavailable: "" - -## @section RBAC parameters -## - -## RabbitMQ pods ServiceAccount -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ -## -serviceAccount: - ## @param serviceAccount.create Enable creation of ServiceAccount for RabbitMQ pods - ## - create: true - ## @param serviceAccount.name Name of the created serviceAccount - ## If not set and create is true, a name is generated using the rabbitmq.fullname template - ## - name: "" - ## @param serviceAccount.automountServiceAccountToken Auto-mount the service account token in the pod - ## - automountServiceAccountToken: true - ## @param serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`. - ## - annotations: {} - -## Role Based Access -## ref: https://kubernetes.io/docs/admin/authorization/rbac/ -## -rbac: - ## @param rbac.create Whether RBAC rules should be created - ## binding RabbitMQ ServiceAccount to a role - ## that allows RabbitMQ pods querying the K8s API - ## - create: true - -## @section Persistence parameters -## - -persistence: - ## @param persistence.enabled Enable RabbitMQ data persistence using PVC - ## - enabled: true - ## @param persistence.storageClass PVC Storage Class for RabbitMQ data volume - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: "hostpath" - ## @param persistence.selector Selector to match an existing Persistent Volume - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @param persistence.accessModes PVC Access Modes for RabbitMQ data volume - ## - accessModes: - - ReadWriteOnce - ## @param persistence.existingClaim Provide an existing PersistentVolumeClaims - ## The value is evaluated as a template - ## So, for example, the name can depend on .Release or .Chart - ## - existingClaim: "" - ## @param persistence.mountPath The path the volume will be mounted at - ## Note: useful when using custom RabbitMQ images - ## - mountPath: /bitnami/rabbitmq/mnesia - ## @param persistence.subPath The subdirectory of the volume to mount to - ## Useful in dev environments and one PV for multiple services - ## - subPath: "" - ## @param persistence.size PVC Storage Request for RabbitMQ data volume - ## If you change this value, you might have to adjust `rabbitmq.diskFreeLimit` as well - ## - size: 8Gi - ## @param persistence.annotations Persistence annotations. Evaluated as a template - ## Example: - ## annotations: - ## example.io/disk-volume-type: SSD - ## - annotations: {} - -## @section Exposure parameters -## - -## Kubernetes service type -## -service: - ## @param service.type Kubernetes Service type - ## - type: NodePort - - ## @param service.portEnabled Amqp port. Cannot be disabled when `auth.tls.enabled` is `false`. Listener can be disabled with `listeners.tcp = none`. - ## - portEnabled: true - ## @param service.distPortEnabled Erlang distribution server port - ## - distPortEnabled: true - ## @param service.managerPortEnabled RabbitMQ Manager port - ## ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables - ## - managerPortEnabled: true - ## @param service.epmdPortEnabled RabbitMQ EPMD Discovery service port - ## - epmdPortEnabled: true - ## Service ports - ## @param service.ports.amqp Amqp service port - ## @param service.ports.amqpTls Amqp TLS service port - ## @param service.ports.dist Erlang distribution service port - ## @param service.ports.manager RabbitMQ Manager service port - ## @param service.ports.metrics RabbitMQ Prometheues metrics service port - ## @param service.ports.epmd EPMD Discovery service port - ## - ports: - amqp: 5672 - amqpTls: 5671 - dist: 25672 - manager: 15672 - metrics: 9419 - epmd: 4369 - ## Service ports name - ## @param service.portNames.amqp Amqp service port name - ## @param service.portNames.amqpTls Amqp TLS service port name - ## @param service.portNames.dist Erlang distribution service port name - ## @param service.portNames.manager RabbitMQ Manager service port name - ## @param service.portNames.metrics RabbitMQ Prometheues metrics service port name - ## @param service.portNames.epmd EPMD Discovery service port name - ## - portNames: - amqp: "amqp" - amqpTls: "amqp-ssl" - dist: "dist" - manager: "http-stats" - metrics: "metrics" - epmd: "epmd" - - ## Node ports to expose - ## @param service.nodePorts.amqp Node port for Ampq - ## @param service.nodePorts.amqpTls Node port for Ampq TLS - ## @param service.nodePorts.dist Node port for Erlang distribution - ## @param service.nodePorts.manager Node port for RabbitMQ Manager - ## @param service.nodePorts.epmd Node port for EPMD Discovery - ## @param service.nodePorts.metrics Node port for RabbitMQ Prometheues metrics - ## - nodePorts: - amqp: "35672" - amqpTls: "" - dist: "" - manager: "" - epmd: "" - metrics: "" - ## @param service.extraPorts Extra ports to expose in the service - ## E.g.: - ## extraPorts: - ## - name: new_svc_name - ## port: 1234 - ## targetPort: 1234 - ## - extraPorts: [] - ## @param service.loadBalancerSourceRanges Address(es) that are allowed when service is `LoadBalancer` - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g: - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param service.externalIPs Set the ExternalIPs - ## - externalIPs: [] - ## @param service.externalTrafficPolicy Enable client source IP preservation - ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param service.loadBalancerIP Set the LoadBalancerIP - ## - loadBalancerIP: "" - ## @param service.clusterIP Kubernetes service Cluster IP - ## e.g.: - ## clusterIP: None - ## - clusterIP: "" - ## @param service.labels Service labels. Evaluated as a template - ## - labels: {} - ## @param service.annotations Service annotations. Evaluated as a template - ## Example: - ## annotations: - ## service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 - ## - annotations: {} - ## @param service.annotationsHeadless Headless Service annotations. Evaluated as a template - ## Example: - ## annotations: - ## external-dns.alpha.kubernetes.io/internal-hostname: rabbitmq.example.com - ## - annotationsHeadless: {} - ## @param service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## - sessionAffinity: None - ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - -## Configure the ingress resource that allows you to access the -## RabbitMQ installation. Set up the URL -## ref: https://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## @param ingress.enabled Enable ingress resource for Management console - ## - enabled: false - - ## @param ingress.path Path for the default host. You may need to set this to '/*' in order to use this with ALB ingress controllers. - ## - path: / - - ## @param ingress.pathType Ingress path type - ## - pathType: ImplementationSpecific - ## @param ingress.hostname Default host for the ingress resource - ## - hostname: rabbitmq.local - ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## Use this parameter to set the required annotations for cert-manager, see - ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations - ## - ## e.g: - ## annotations: - ## kubernetes.io/ingress.class: nginx - ## cert-manager.io/cluster-issuer: cluster-issuer-name - ## - annotations: {} - ## @param ingress.tls Enable TLS configuration for the hostname defined at `ingress.hostname` parameter - ## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }} - ## You can: - ## - Use the `ingress.secrets` parameter to create this TLS secret - ## - Rely on cert-manager to create it by setting the corresponding annotations - ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` - ## - tls: false - ## @param ingress.selfSigned Set this to true in order to create a TLS secret for this ingress record - ## using self-signed certificates generated by Helm - ## - selfSigned: false - ## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record. - ## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array - ## e.g: - ## extraHosts: - ## - name: rabbitmq.local - ## path: / - ## - extraHosts: [] - ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host - ## e.g: - ## extraPaths: - ## - path: /* - ## backend: - ## serviceName: ssl-redirect - ## servicePort: use-annotation - ## - extraPaths: [] - ## @param ingress.extraRules The list of additional rules to be added to this ingress record. Evaluated as a template - ## Useful when looking for additional customization, such as using different backend - ## - extraRules: [] - ## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record. - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - ## e.g: - ## extraTls: - ## - hosts: - ## - rabbitmq.local - ## secretName: rabbitmq.local-tls - ## - extraTls: [] - ## @param ingress.secrets Custom TLS certificates as secrets - ## NOTE: 'key' and 'certificate' are expected in PEM format - ## NOTE: 'name' should line up with a 'secretName' set further up - ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates - ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - ## e.g: - ## secrets: - ## - name: rabbitmq.local-tls - ## key: |- - ## -----BEGIN RSA PRIVATE KEY----- - ## ... - ## -----END RSA PRIVATE KEY----- - ## certificate: |- - ## -----BEGIN CERTIFICATE----- - ## ... - ## -----END CERTIFICATE----- - ## - secrets: [] - ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) - ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . - ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ - ## - ingressClassName: "" - ## @param ingress.existingSecret It is you own the certificate as secret. - existingSecret: "" - -## Network Policy configuration -## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ -## -networkPolicy: - ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources - ## - enabled: false - ## @param networkPolicy.allowExternal Don't require client label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to the ports RabbitMQ is listening - ## on. When true, RabbitMQ will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param networkPolicy.additionalRules Additional NetworkPolicy Ingress "from" rules to set. Note that all rules are OR-ed. - ## e.g: - ## additionalRules: - ## - matchLabels: - ## - role: frontend - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - additionalRules: [] - -## @section Metrics Parameters -## - -## Prometheus Metrics -## -metrics: - ## @param metrics.enabled Enable exposing RabbitMQ metrics to be gathered by Prometheus - ## - enabled: false - ## @param metrics.plugins Plugins to enable Prometheus metrics in RabbitMQ - ## - plugins: "rabbitmq_prometheus" - ## Prometheus pod annotations - ## @param metrics.podAnnotations [object] Annotations for enabling prometheus to access the metrics endpoint - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "{{ .Values.service.ports.metrics }}" - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator - ## - enabled: false - ## @param metrics.serviceMonitor.namespace Specify the namespace in which the serviceMonitor resource will be created - ## - namespace: "" - ## @param metrics.serviceMonitor.interval Specify the interval at which metrics should be scraped - ## - interval: 30s - ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended - ## e.g: - ## scrapeTimeout: 30s - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. - ## - jobLabel: "" - ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping. - ## - relabelings: [] - ## @param metrics.serviceMonitor.metricRelabelings MetricsRelabelConfigs to apply to samples before ingestion. - ## - metricRelabelings: [] - ## @param metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels - ## - honorLabels: false - ## @param metrics.serviceMonitor.targetLabels Used to keep given service's labels in target - ## e.g: - ## - app.kubernetes.io/name - ## - targetLabels: {} - ## @param metrics.serviceMonitor.podTargetLabels Used to keep given pod's labels in target - ## e.g: - ## - app.kubernetes.io/name - ## - podTargetLabels: {} - ## @param metrics.serviceMonitor.path Define the path used by ServiceMonitor to scrap metrics - ## Could be /metrics for aggregated metrics or /metrics/per-object for more details - ## - path: "" - ## @param metrics.serviceMonitor.selector ServiceMonitor selector labels - ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration - ## - ## selector: - ## prometheus: my-prometheus - ## - selector: {} - ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor - ## - labels: {} - ## @param metrics.serviceMonitor.annotations Extra annotations for the ServiceMonitor - ## - annotations: {} - - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - ## - prometheusRule: - ## @param metrics.prometheusRule.enabled Set this to true to create prometheusRules for Prometheus operator - ## - enabled: false - ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so prometheusRules will be discovered by Prometheus - ## - additionalLabels: {} - ## @param metrics.prometheusRule.namespace namespace where prometheusRules resource should be created - ## - namespace: "" - ## List of rules, used as template by Helm. - ## @param metrics.prometheusRule.rules List of rules, used as template by Helm. - ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html - ## rules: - ## - alert: RabbitmqDown - ## expr: rabbitmq_up{service="{{ template "common.names.fullname" . }}"} == 0 - ## for: 5m - ## labels: - ## severity: error - ## annotations: - ## summary: Rabbitmq down (instance {{ "{{ $labels.instance }}" }}) - ## description: RabbitMQ node down - ## - alert: ClusterDown - ## expr: | - ## sum(rabbitmq_running{service="{{ template "common.names.fullname" . }}"}) - ## < {{ .Values.replicaCount }} - ## for: 5m - ## labels: - ## severity: error - ## annotations: - ## summary: Cluster down (instance {{ "{{ $labels.instance }}" }}) - ## description: | - ## Less than {{ .Values.replicaCount }} nodes running in RabbitMQ cluster - ## VALUE = {{ "{{ $value }}" }} - ## - alert: ClusterPartition - ## expr: rabbitmq_partitions{service="{{ template "common.names.fullname" . }}"} > 0 - ## for: 5m - ## labels: - ## severity: error - ## annotations: - ## summary: Cluster partition (instance {{ "{{ $labels.instance }}" }}) - ## description: | - ## Cluster partition - ## VALUE = {{ "{{ $value }}" }} - ## - alert: OutOfMemory - ## expr: | - ## rabbitmq_node_mem_used{service="{{ template "common.names.fullname" . }}"} - ## / rabbitmq_node_mem_limit{service="{{ template "common.names.fullname" . }}"} - ## * 100 > 90 - ## for: 5m - ## labels: - ## severity: warning - ## annotations: - ## summary: Out of memory (instance {{ "{{ $labels.instance }}" }}) - ## description: | - ## Memory available for RabbmitMQ is low (< 10%)\n VALUE = {{ "{{ $value }}" }} - ## LABELS: {{ "{{ $labels }}" }} - ## - alert: TooManyConnections - ## expr: rabbitmq_connectionsTotal{service="{{ template "common.names.fullname" . }}"} > 1000 - ## for: 5m - ## labels: - ## severity: warning - ## annotations: - ## summary: Too many connections (instance {{ "{{ $labels.instance }}" }}) - ## description: | - ## RabbitMQ instance has too many connections (> 1000) - ## VALUE = {{ "{{ $value }}" }}\n LABELS: {{ "{{ $labels }}" }} - ## - rules: [] - -## @section Init Container Parameters -## - -## Init Container parameters -## Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each component -## values from the securityContext section of the component -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` - ## - enabled: false - ## @param volumePermissions.image.registry Init container volume-permissions image registry - ## @param volumePermissions.image.repository Init container volume-permissions image repository - ## @param volumePermissions.image.tag Init container volume-permissions image tag - ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag - ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy - ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 11-debian-11-r50 - digest: "" - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Example: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init Container resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits Init container volume-permissions resource limits - ## @param volumePermissions.resources.requests Init container volume-permissions resource requests - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## Init container' Security Context - ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser - ## and not the below volumePermissions.containerSecurityContext.runAsUser - ## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container - ## - containerSecurityContext: - runAsUser: 0 diff --git a/source/src/main/java/io/wdd/source/rabbitmq.sh b/source/src/main/java/io/wdd/source/rabbitmq.sh deleted file mode 100644 index b32c9ba..0000000 --- a/source/src/main/java/io/wdd/source/rabbitmq.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/env bash - - -docker run \ - -d \ - --hostname rabbitmq \ - --name rabbitmq \ - -e RABBITMQ_DEFAULT_USER=admin \ - -e RABBITMQ_DEFAULT_PASS=password \ - -e RABBITMQ_DEFAULT_VHOST=wdd \ - -p 5672:5672 \ - rabbitmq:3-management - diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/.helmignore b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/.helmignore deleted file mode 100644 index f0c1319..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/Chart.lock b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/Chart.lock deleted file mode 100644 index ced3e29..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - version: 1.16.0 -digest: sha256:f41cb9ff725b7c9fa2725634196a6813566d630342f86a74903ed114b282c8c0 -generated: "2022-06-06T12:59:41.280407782Z" diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/Chart.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/Chart.yaml deleted file mode 100644 index e89b016..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -annotations: - category: Database -apiVersion: v2 -appVersion: 6.2.7 -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -description: Redis(R) is an open source, advanced key-value store. It is often referred - to as a data structure server since keys can contain strings, hashes, lists, sets - and sorted sets. -home: https://github.com/bitnami/charts/tree/master/bitnami/redis -icon: https://bitnami.com/assets/stacks/redis/img/redis-stack-220x234.png -keywords: -- redis -- keyvalue -- database -maintainers: -- name: Bitnami - url: https://github.com/bitnami/charts -- email: cedric@desaintmartin.fr - name: desaintmartin -name: redis -sources: -- https://github.com/bitnami/bitnami-docker-redis -version: 16.13.2 diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/README.md b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/README.md deleted file mode 100644 index 5113c05..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/README.md +++ /dev/null @@ -1,898 +0,0 @@ - - -# Bitnami package for Redis(R) - -Redis(R) is an open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. - -[Overview of Redis®](http://redis.io) - -Disclaimer: Redis is a registered trademark of Redis Ltd. Any rights therein are reserved to Redis Ltd. Any use by Bitnami is for referential purposes only and does not indicate any sponsorship, endorsement, or affiliation between Redis Ltd. - -## TL;DR - -```bash -$ helm repo add bitnami https://charts.bitnami.com/bitnami -$ helm install my-release bitnami/redis -``` - -## Introduction - -This chart bootstraps a [Redis®](https://github.com/bitnami/bitnami-docker-redis) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. - -### Choose between Redis® Helm Chart and Redis® Cluster Helm Chart - -You can choose any of the two Redis® Helm charts for deploying a Redis® cluster. - -1. [Redis® Helm Chart](https://github.com/bitnami/charts/tree/master/bitnami/redis) will deploy a master-replica cluster, with the [option](https://github.com/bitnami/charts/tree/master/bitnami/redis#redis-sentinel-configuration-parameters) of enabling using Redis® Sentinel. -2. [Redis® Cluster Helm Chart](https://github.com/bitnami/charts/tree/master/bitnami/redis-cluster) will deploy a Redis® Cluster topology with sharding. - -The main features of each chart are the following: - -| Redis® | Redis® Cluster | -|--------------------------------------------------------|------------------------------------------------------------------------| -| Supports multiple databases | Supports only one database. Better if you have a big dataset | -| Single write point (single master) | Multiple write points (multiple masters) | -| ![Redis® Topology](img/redis-topology.png) | ![Redis® Cluster Topology](img/redis-cluster-topology.png) | - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.2.0+ -- PV provisioner support in the underlying infrastructure - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install my-release bitnami/redis -``` - -The command deploys Redis® on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -### Global parameters - -| Name | Description | Value | -| ------------------------- | ------------------------------------------------------ | ----- | -| `global.imageRegistry` | Global Docker image registry | `""` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | -| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | -| `global.redis.password` | Global Redis® password (overrides `auth.password`) | `""` | - - -### Common parameters - -| Name | Description | Value | -| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | -| `kubeVersion` | Override Kubernetes version | `""` | -| `nameOverride` | String to partially override common.names.fullname | `""` | -| `fullnameOverride` | String to fully override common.names.fullname | `""` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `secretAnnotations` | Annotations to add to secret | `{}` | -| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | -| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | - - -### Redis® Image parameters - -| Name | Description | Value | -| ------------------- | ----------------------------------------------------- | --------------------- | -| `image.registry` | Redis® image registry | `docker.io` | -| `image.repository` | Redis® image repository | `bitnami/redis` | -| `image.tag` | Redis® image tag (immutable tags are recommended) | `6.2.7-debian-11-r11` | -| `image.pullPolicy` | Redis® image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Redis® image pull secrets | `[]` | -| `image.debug` | Enable image debug mode | `false` | - - -### Redis® common configuration parameters - -| Name | Description | Value | -| -------------------------------- | ------------------------------------------------------------------------------------- | ------------- | -| `architecture` | Redis® architecture. Allowed values: `standalone` or `replication` | `replication` | -| `auth.enabled` | Enable password authentication | `true` | -| `auth.sentinel` | Enable password authentication on sentinels too | `true` | -| `auth.password` | Redis® password | `""` | -| `auth.existingSecret` | The name of an existing secret with Redis® credentials | `""` | -| `auth.existingSecretPasswordKey` | Password key to be retrieved from existing secret | `""` | -| `auth.usePasswordFiles` | Mount credentials as files instead of using an environment variable | `false` | -| `commonConfiguration` | Common configuration to be added into the ConfigMap | `""` | -| `existingConfigmap` | The name of an existing ConfigMap with your custom configuration for Redis® nodes | `""` | - - -### Redis® master configuration parameters - -| Name | Description | Value | -| ------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------ | -| `master.count` | Number of Redis® master instances to deploy (experimental, requires additional configuration) | `1` | -| `master.configuration` | Configuration for Redis® master nodes | `""` | -| `master.disableCommands` | Array with Redis® commands to disable on master nodes | `["FLUSHDB","FLUSHALL"]` | -| `master.command` | Override default container command (useful when using custom images) | `[]` | -| `master.args` | Override default container args (useful when using custom images) | `[]` | -| `master.preExecCmds` | Additional commands to run prior to starting Redis® master | `[]` | -| `master.extraFlags` | Array with additional command line flags for Redis® master | `[]` | -| `master.extraEnvVars` | Array with extra environment variables to add to Redis® master nodes | `[]` | -| `master.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Redis® master nodes | `""` | -| `master.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Redis® master nodes | `""` | -| `master.containerPorts.redis` | Container port to open on Redis® master nodes | `6379` | -| `master.startupProbe.enabled` | Enable startupProbe on Redis® master nodes | `false` | -| `master.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `20` | -| `master.startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | -| `master.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `master.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `master.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `master.livenessProbe.enabled` | Enable livenessProbe on Redis® master nodes | `true` | -| `master.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` | -| `master.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `master.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `master.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `master.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `master.readinessProbe.enabled` | Enable readinessProbe on Redis® master nodes | `true` | -| `master.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` | -| `master.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `master.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `master.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `master.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `master.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `master.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `master.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `master.resources.limits` | The resources limits for the Redis® master containers | `{}` | -| `master.resources.requests` | The requested resources for the Redis® master containers | `{}` | -| `master.podSecurityContext.enabled` | Enabled Redis® master pods' Security Context | `true` | -| `master.podSecurityContext.fsGroup` | Set Redis® master pod's Security Context fsGroup | `1001` | -| `master.containerSecurityContext.enabled` | Enabled Redis® master containers' Security Context | `true` | -| `master.containerSecurityContext.runAsUser` | Set Redis® master containers' Security Context runAsUser | `1001` | -| `master.kind` | Use either Deployment or StatefulSet (default) | `StatefulSet` | -| `master.schedulerName` | Alternate scheduler for Redis® master pods | `""` | -| `master.updateStrategy.type` | Redis® master statefulset strategy type | `RollingUpdate` | -| `master.priorityClassName` | Redis® master pods' priorityClassName | `""` | -| `master.hostAliases` | Redis® master pods host aliases | `[]` | -| `master.podLabels` | Extra labels for Redis® master pods | `{}` | -| `master.podAnnotations` | Annotations for Redis® master pods | `{}` | -| `master.shareProcessNamespace` | Share a single process namespace between all of the containers in Redis® master pods | `false` | -| `master.podAffinityPreset` | Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `master.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `master.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `master.nodeAffinityPreset.key` | Node label key to match. Ignored if `master.affinity` is set | `""` | -| `master.nodeAffinityPreset.values` | Node label values to match. Ignored if `master.affinity` is set | `[]` | -| `master.affinity` | Affinity for Redis® master pods assignment | `{}` | -| `master.nodeSelector` | Node labels for Redis® master pods assignment | `{}` | -| `master.tolerations` | Tolerations for Redis® master pods assignment | `[]` | -| `master.topologySpreadConstraints` | Spread Constraints for Redis® master pod assignment | `[]` | -| `master.dnsPolicy` | DNS Policy for Redis® master pod | `""` | -| `master.dnsConfig` | DNS Configuration for Redis® master pod | `{}` | -| `master.lifecycleHooks` | for the Redis® master container(s) to automate configuration before or after startup | `{}` | -| `master.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® master pod(s) | `[]` | -| `master.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® master container(s) | `[]` | -| `master.sidecars` | Add additional sidecar containers to the Redis® master pod(s) | `[]` | -| `master.initContainers` | Add additional init containers to the Redis® master pod(s) | `[]` | -| `master.persistence.enabled` | Enable persistence on Redis® master nodes using Persistent Volume Claims | `true` | -| `master.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | -| `master.persistence.sizeLimit` | Set this to enable a size limit for `emptyDir` volumes. | `""` | -| `master.persistence.path` | The path the volume will be mounted at on Redis® master containers | `/data` | -| `master.persistence.subPath` | The subdirectory of the volume to mount on Redis® master containers | `""` | -| `master.persistence.storageClass` | Persistent Volume storage class | `""` | -| `master.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` | -| `master.persistence.size` | Persistent Volume size | `8Gi` | -| `master.persistence.annotations` | Additional custom annotations for the PVC | `{}` | -| `master.persistence.selector` | Additional labels to match for the PVC | `{}` | -| `master.persistence.dataSource` | Custom PVC data source | `{}` | -| `master.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` | -| `master.service.type` | Redis® master service type | `ClusterIP` | -| `master.service.ports.redis` | Redis® master service port | `6379` | -| `master.service.nodePorts.redis` | Node port for Redis® master | `""` | -| `master.service.externalTrafficPolicy` | Redis® master service external traffic policy | `Cluster` | -| `master.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `master.service.internalTrafficPolicy` | Redis® master service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) | `Cluster` | -| `master.service.clusterIP` | Redis® master service Cluster IP | `""` | -| `master.service.loadBalancerIP` | Redis® master service Load Balancer IP | `""` | -| `master.service.loadBalancerSourceRanges` | Redis® master service Load Balancer sources | `[]` | -| `master.service.annotations` | Additional custom annotations for Redis® master service | `{}` | -| `master.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `master.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `master.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-master pods | `30` | - - -### Redis® replicas configuration parameters - -| Name | Description | Value | -| -------------------------------------------- | ------------------------------------------------------------------------------------------------------- | ------------------------ | -| `replica.replicaCount` | Number of Redis® replicas to deploy | `3` | -| `replica.configuration` | Configuration for Redis® replicas nodes | `""` | -| `replica.disableCommands` | Array with Redis® commands to disable on replicas nodes | `["FLUSHDB","FLUSHALL"]` | -| `replica.command` | Override default container command (useful when using custom images) | `[]` | -| `replica.args` | Override default container args (useful when using custom images) | `[]` | -| `replica.preExecCmds` | Additional commands to run prior to starting Redis® replicas | `[]` | -| `replica.extraFlags` | Array with additional command line flags for Redis® replicas | `[]` | -| `replica.extraEnvVars` | Array with extra environment variables to add to Redis® replicas nodes | `[]` | -| `replica.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Redis® replicas nodes | `""` | -| `replica.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Redis® replicas nodes | `""` | -| `replica.externalMaster.enabled` | Use external master for bootstrapping | `false` | -| `replica.externalMaster.host` | External master host to bootstrap from | `""` | -| `replica.externalMaster.port` | Port for Redis service external master host | `6379` | -| `replica.containerPorts.redis` | Container port to open on Redis® replicas nodes | `6379` | -| `replica.startupProbe.enabled` | Enable startupProbe on Redis® replicas nodes | `true` | -| `replica.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `replica.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `replica.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `replica.startupProbe.failureThreshold` | Failure threshold for startupProbe | `22` | -| `replica.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `replica.livenessProbe.enabled` | Enable livenessProbe on Redis® replicas nodes | `true` | -| `replica.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` | -| `replica.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `replica.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `replica.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `replica.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `replica.readinessProbe.enabled` | Enable readinessProbe on Redis® replicas nodes | `true` | -| `replica.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` | -| `replica.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `replica.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `replica.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `replica.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `replica.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `replica.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `replica.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `replica.resources.limits` | The resources limits for the Redis® replicas containers | `{}` | -| `replica.resources.requests` | The requested resources for the Redis® replicas containers | `{}` | -| `replica.podSecurityContext.enabled` | Enabled Redis® replicas pods' Security Context | `true` | -| `replica.podSecurityContext.fsGroup` | Set Redis® replicas pod's Security Context fsGroup | `1001` | -| `replica.containerSecurityContext.enabled` | Enabled Redis® replicas containers' Security Context | `true` | -| `replica.containerSecurityContext.runAsUser` | Set Redis® replicas containers' Security Context runAsUser | `1001` | -| `replica.schedulerName` | Alternate scheduler for Redis® replicas pods | `""` | -| `replica.updateStrategy.type` | Redis® replicas statefulset strategy type | `RollingUpdate` | -| `replica.priorityClassName` | Redis® replicas pods' priorityClassName | `""` | -| `replica.podManagementPolicy` | podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods | `""` | -| `replica.hostAliases` | Redis® replicas pods host aliases | `[]` | -| `replica.podLabels` | Extra labels for Redis® replicas pods | `{}` | -| `replica.podAnnotations` | Annotations for Redis® replicas pods | `{}` | -| `replica.shareProcessNamespace` | Share a single process namespace between all of the containers in Redis® replicas pods | `false` | -| `replica.podAffinityPreset` | Pod affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `replica.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `replica.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `replica.nodeAffinityPreset.key` | Node label key to match. Ignored if `replica.affinity` is set | `""` | -| `replica.nodeAffinityPreset.values` | Node label values to match. Ignored if `replica.affinity` is set | `[]` | -| `replica.affinity` | Affinity for Redis® replicas pods assignment | `{}` | -| `replica.nodeSelector` | Node labels for Redis® replicas pods assignment | `{}` | -| `replica.tolerations` | Tolerations for Redis® replicas pods assignment | `[]` | -| `replica.topologySpreadConstraints` | Spread Constraints for Redis® replicas pod assignment | `[]` | -| `replica.dnsPolicy` | DNS Policy for Redis® replica pods | `""` | -| `replica.dnsConfig` | DNS Configuration for Redis® replica pods | `{}` | -| `replica.lifecycleHooks` | for the Redis® replica container(s) to automate configuration before or after startup | `{}` | -| `replica.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® replicas pod(s) | `[]` | -| `replica.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® replicas container(s) | `[]` | -| `replica.sidecars` | Add additional sidecar containers to the Redis® replicas pod(s) | `[]` | -| `replica.initContainers` | Add additional init containers to the Redis® replicas pod(s) | `[]` | -| `replica.persistence.enabled` | Enable persistence on Redis® replicas nodes using Persistent Volume Claims | `true` | -| `replica.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | -| `replica.persistence.sizeLimit` | Set this to enable a size limit for `emptyDir` volumes. | `""` | -| `replica.persistence.path` | The path the volume will be mounted at on Redis® replicas containers | `/data` | -| `replica.persistence.subPath` | The subdirectory of the volume to mount on Redis® replicas containers | `""` | -| `replica.persistence.storageClass` | Persistent Volume storage class | `""` | -| `replica.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` | -| `replica.persistence.size` | Persistent Volume size | `8Gi` | -| `replica.persistence.annotations` | Additional custom annotations for the PVC | `{}` | -| `replica.persistence.selector` | Additional labels to match for the PVC | `{}` | -| `replica.persistence.dataSource` | Custom PVC data source | `{}` | -| `replica.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` | -| `replica.service.type` | Redis® replicas service type | `ClusterIP` | -| `replica.service.ports.redis` | Redis® replicas service port | `6379` | -| `replica.service.nodePorts.redis` | Node port for Redis® replicas | `""` | -| `replica.service.externalTrafficPolicy` | Redis® replicas service external traffic policy | `Cluster` | -| `replica.service.internalTrafficPolicy` | Redis® replicas service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) | `Cluster` | -| `replica.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `replica.service.clusterIP` | Redis® replicas service Cluster IP | `""` | -| `replica.service.loadBalancerIP` | Redis® replicas service Load Balancer IP | `""` | -| `replica.service.loadBalancerSourceRanges` | Redis® replicas service Load Balancer sources | `[]` | -| `replica.service.annotations` | Additional custom annotations for Redis® replicas service | `{}` | -| `replica.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `replica.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `replica.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-replicas pods | `30` | -| `replica.autoscaling.enabled` | Enable replica autoscaling settings | `false` | -| `replica.autoscaling.minReplicas` | Minimum replicas for the pod autoscaling | `1` | -| `replica.autoscaling.maxReplicas` | Maximum replicas for the pod autoscaling | `11` | -| `replica.autoscaling.targetCPU` | Percentage of CPU to consider when autoscaling | `""` | -| `replica.autoscaling.targetMemory` | Percentage of Memory to consider when autoscaling | `""` | - - -### Redis® Sentinel configuration parameters - -| Name | Description | Value | -| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | -| `sentinel.enabled` | Use Redis® Sentinel on Redis® pods. | `false` | -| `sentinel.image.registry` | Redis® Sentinel image registry | `docker.io` | -| `sentinel.image.repository` | Redis® Sentinel image repository | `bitnami/redis-sentinel` | -| `sentinel.image.tag` | Redis® Sentinel image tag (immutable tags are recommended) | `6.2.7-debian-11-r12` | -| `sentinel.image.pullPolicy` | Redis® Sentinel image pull policy | `IfNotPresent` | -| `sentinel.image.pullSecrets` | Redis® Sentinel image pull secrets | `[]` | -| `sentinel.image.debug` | Enable image debug mode | `false` | -| `sentinel.masterSet` | Master set name | `mymaster` | -| `sentinel.quorum` | Sentinel Quorum | `2` | -| `sentinel.getMasterTimeout` | Amount of time to allow before get_sentinel_master_info() times out. | `220` | -| `sentinel.automateClusterRecovery` | Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it. | `false` | -| `sentinel.downAfterMilliseconds` | Timeout for detecting a Redis® node is down | `60000` | -| `sentinel.failoverTimeout` | Timeout for performing a election failover | `18000` | -| `sentinel.parallelSyncs` | Number of replicas that can be reconfigured in parallel to use the new master after a failover | `1` | -| `sentinel.configuration` | Configuration for Redis® Sentinel nodes | `""` | -| `sentinel.command` | Override default container command (useful when using custom images) | `[]` | -| `sentinel.args` | Override default container args (useful when using custom images) | `[]` | -| `sentinel.preExecCmds` | Additional commands to run prior to starting Redis® Sentinel | `[]` | -| `sentinel.extraEnvVars` | Array with extra environment variables to add to Redis® Sentinel nodes | `[]` | -| `sentinel.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Redis® Sentinel nodes | `""` | -| `sentinel.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Redis® Sentinel nodes | `""` | -| `sentinel.externalMaster.enabled` | Use external master for bootstrapping | `false` | -| `sentinel.externalMaster.host` | External master host to bootstrap from | `""` | -| `sentinel.externalMaster.port` | Port for Redis service external master host | `6379` | -| `sentinel.containerPorts.sentinel` | Container port to open on Redis® Sentinel nodes | `26379` | -| `sentinel.startupProbe.enabled` | Enable startupProbe on Redis® Sentinel nodes | `true` | -| `sentinel.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `sentinel.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `sentinel.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `sentinel.startupProbe.failureThreshold` | Failure threshold for startupProbe | `22` | -| `sentinel.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `sentinel.livenessProbe.enabled` | Enable livenessProbe on Redis® Sentinel nodes | `true` | -| `sentinel.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` | -| `sentinel.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `sentinel.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `sentinel.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `sentinel.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `sentinel.readinessProbe.enabled` | Enable readinessProbe on Redis® Sentinel nodes | `true` | -| `sentinel.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` | -| `sentinel.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `sentinel.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `sentinel.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `sentinel.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `sentinel.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `sentinel.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `sentinel.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `sentinel.persistence.enabled` | Enable persistence on Redis® sentinel nodes using Persistent Volume Claims (Experimental) | `false` | -| `sentinel.persistence.storageClass` | Persistent Volume storage class | `""` | -| `sentinel.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` | -| `sentinel.persistence.size` | Persistent Volume size | `100Mi` | -| `sentinel.persistence.annotations` | Additional custom annotations for the PVC | `{}` | -| `sentinel.persistence.selector` | Additional labels to match for the PVC | `{}` | -| `sentinel.persistence.dataSource` | Custom PVC data source | `{}` | -| `sentinel.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` | -| `sentinel.resources.limits` | The resources limits for the Redis® Sentinel containers | `{}` | -| `sentinel.resources.requests` | The requested resources for the Redis® Sentinel containers | `{}` | -| `sentinel.containerSecurityContext.enabled` | Enabled Redis® Sentinel containers' Security Context | `true` | -| `sentinel.containerSecurityContext.runAsUser` | Set Redis® Sentinel containers' Security Context runAsUser | `1001` | -| `sentinel.lifecycleHooks` | for the Redis® sentinel container(s) to automate configuration before or after startup | `{}` | -| `sentinel.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® Sentinel | `[]` | -| `sentinel.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® Sentinel container(s) | `[]` | -| `sentinel.service.type` | Redis® Sentinel service type | `ClusterIP` | -| `sentinel.service.ports.redis` | Redis® service port for Redis® | `6379` | -| `sentinel.service.ports.sentinel` | Redis® service port for Redis® Sentinel | `26379` | -| `sentinel.service.nodePorts.redis` | Node port for Redis® | `""` | -| `sentinel.service.nodePorts.sentinel` | Node port for Sentinel | `""` | -| `sentinel.service.externalTrafficPolicy` | Redis® Sentinel service external traffic policy | `Cluster` | -| `sentinel.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `sentinel.service.clusterIP` | Redis® Sentinel service Cluster IP | `""` | -| `sentinel.service.loadBalancerIP` | Redis® Sentinel service Load Balancer IP | `""` | -| `sentinel.service.loadBalancerSourceRanges` | Redis® Sentinel service Load Balancer sources | `[]` | -| `sentinel.service.annotations` | Additional custom annotations for Redis® Sentinel service | `{}` | -| `sentinel.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `sentinel.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `sentinel.terminationGracePeriodSeconds` | Integer setting the termination grace period for the redis-node pods | `30` | - - -### Other Parameters - -| Name | Description | Value | -| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `networkPolicy.extraEgress` | Add extra egress rules to the NetworkPolicy | `[]` | -| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | -| `podSecurityPolicy.enabled` | Enable PodSecurityPolicy's RBAC rules | `false` | -| `rbac.create` | Specifies whether RBAC resources should be created | `false` | -| `rbac.rules` | Custom RBAC rules to set | `[]` | -| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | -| `serviceAccount.automountServiceAccountToken` | Whether to auto mount the service account token | `true` | -| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | -| `pdb.create` | Specifies whether a PodDisruptionBudget should be created | `false` | -| `pdb.minAvailable` | Min number of pods that must still be available after the eviction | `1` | -| `pdb.maxUnavailable` | Max number of pods that can be unavailable after the eviction | `""` | -| `tls.enabled` | Enable TLS traffic | `false` | -| `tls.authClients` | Require clients to authenticate | `true` | -| `tls.autoGenerated` | Enable autogenerated certificates | `false` | -| `tls.existingSecret` | The name of the existing secret that contains the TLS certificates | `""` | -| `tls.certificatesSecret` | DEPRECATED. Use existingSecret instead. | `""` | -| `tls.certFilename` | Certificate filename | `""` | -| `tls.certKeyFilename` | Certificate Key filename | `""` | -| `tls.certCAFilename` | CA Certificate filename | `""` | -| `tls.dhParamsFilename` | File containing DH params (in order to support DH based ciphers) | `""` | - - -### Metrics Parameters - -| Name | Description | Value | -| -------------------------------------------- | ------------------------------------------------------------------------------------------------ | ------------------------ | -| `metrics.enabled` | Start a sidecar prometheus exporter to expose Redis® metrics | `false` | -| `metrics.image.registry` | Redis® Exporter image registry | `docker.io` | -| `metrics.image.repository` | Redis® Exporter image repository | `bitnami/redis-exporter` | -| `metrics.image.tag` | Redis® Redis® Exporter image tag (immutable tags are recommended) | `1.43.0-debian-11-r4` | -| `metrics.image.pullPolicy` | Redis® Exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Redis® Exporter image pull secrets | `[]` | -| `metrics.command` | Override default metrics container init command (useful when using custom images) | `[]` | -| `metrics.redisTargetHost` | A way to specify an alternative Redis® hostname | `localhost` | -| `metrics.extraArgs` | Extra arguments for Redis® exporter, for example: | `{}` | -| `metrics.extraEnvVars` | Array with extra environment variables to add to Redis® exporter | `[]` | -| `metrics.containerSecurityContext.enabled` | Enabled Redis® exporter containers' Security Context | `true` | -| `metrics.containerSecurityContext.runAsUser` | Set Redis® exporter containers' Security Context runAsUser | `1001` | -| `metrics.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® metrics sidecar | `[]` | -| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Redis® metrics sidecar | `[]` | -| `metrics.resources.limits` | The resources limits for the Redis® exporter container | `{}` | -| `metrics.resources.requests` | The requested resources for the Redis® exporter container | `{}` | -| `metrics.podLabels` | Extra labels for Redis® exporter pods | `{}` | -| `metrics.podAnnotations` | Annotations for Redis® exporter pods | `{}` | -| `metrics.service.type` | Redis® exporter service type | `ClusterIP` | -| `metrics.service.port` | Redis® exporter service port | `9121` | -| `metrics.service.externalTrafficPolicy` | Redis® exporter service external traffic policy | `Cluster` | -| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `metrics.service.loadBalancerIP` | Redis® exporter service Load Balancer IP | `""` | -| `metrics.service.loadBalancerSourceRanges` | Redis® exporter service Load Balancer sources | `[]` | -| `metrics.service.annotations` | Additional custom annotations for Redis® exporter service | `{}` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | The namespace in which the ServiceMonitor will be created | `""` | -| `metrics.serviceMonitor.interval` | The interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | The timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.relabellings` | Metrics RelabelConfigs to apply to samples before scraping. | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | Metrics RelabelConfigs to apply to samples before ingestion. | `[]` | -| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | -| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.enabled` | Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.prometheusRule.namespace` | The namespace in which the prometheusRule will be created | `""` | -| `metrics.prometheusRule.additionalLabels` | Additional labels for the prometheusRule | `{}` | -| `metrics.prometheusRule.rules` | Custom Prometheus rules | `[]` | - - -### Init Container Parameters - -| Name | Description | Value | -| ------------------------------------------------------ | ----------------------------------------------------------------------------------------------- | ----------------------- | -| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` | -| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r11` | -| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the init container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the init container | `{}` | -| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | -| `sysctl.enabled` | Enable init container to modify Kernel settings | `false` | -| `sysctl.image.registry` | Bitnami Shell image registry | `docker.io` | -| `sysctl.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | -| `sysctl.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r11` | -| `sysctl.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | -| `sysctl.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | -| `sysctl.command` | Override default init-sysctl container command (useful when using custom images) | `[]` | -| `sysctl.mountHostSys` | Mount the host `/sys` folder to `/host-sys` | `false` | -| `sysctl.resources.limits` | The resources limits for the init container | `{}` | -| `sysctl.resources.requests` | The requested resources for the init container | `{}` | - - -### useExternalDNS Parameters - -| Name | Description | Value | -| -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | -| `useExternalDNS.enabled` | Enable various syntax that would enable external-dns to work. Note this requires a working installation of `external-dns` to be usable. | `false` | -| `useExternalDNS.additionalAnnotations` | Extra annotations to be utilized when `external-dns` is enabled. | `{}` | -| `useExternalDNS.annotationKey` | The annotation key utilized when `external-dns` is enabled. | `external-dns.alpha.kubernetes.io/` | -| `useExternalDNS.suffix` | The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release. | `""` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -$ helm install my-release \ - --set auth.password=secretpassword \ - bitnami/redis -``` - -The above command sets the Redis® server password to `secretpassword`. - -> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install my-release -f values.yaml bitnami/redis -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Use a different Redis® version - -To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/redis/configuration/change-image-version/). - -### Bootstrapping with an External Cluster - -This chart is equipped with the ability to bring online a set of Pods that connect to an existing Redis deployment that lies outside of Kubernetes. This effectively creates a hybrid Redis Deployment where both Pods in Kubernetes and Instances such as Virtual Machines can partake in a single Redis Deployment. This is helpful in situations where one may be migrating Redis from Virtual Machines into Kubernetes, for example. To take advantage of this, use the following as an example configuration: - -```yaml -replica: - externalMaster: - enabled: true - host: external-redis-0.internal -sentinel: - externalMaster: - enabled: true - host: external-redis-0.internal -``` - -:warning: This is currently limited to clusters in which Sentinel and Redis run on the same node! :warning: - -Please also note that the external sentinel must be listening on port `26379`, and this is currently not configurable. - -Once the Kubernetes Redis Deployment is online and confirmed to be working with the existing cluster, the configuration can then be removed and the cluster will remain connected. - -### External DNS - -This chart is equipped to allow leveraging the ExternalDNS project. Doing so will enable ExternalDNS to publish the FQDN for each instance, in the format of `..`. -Example, when using the following configuration: - -```yaml -useExternalDNS: - enabled: true - suffix: prod.example.org - additionalAnnotations: - ttl: 10 -``` - -On a cluster where the name of the Helm release is `a`, the hostname of a Pod is generated as: `a-redis-node-0.a-redis.prod.example.org`. The IP of that FQDN will match that of the associated Pod. This modifies the following parameters of the Redis/Sentinel configuration using this new FQDN: - -* `replica-announce-ip` -* `known-sentinel` -* `known-replica` -* `announce-ip` - -:warning: This requires a working installation of `external-dns` to be fully functional. :warning: - -See the [official ExternalDNS documentation](https://github.com/kubernetes-sigs/external-dns) for additional configuration options. - -### Cluster topologies - -#### Default: Master-Replicas - -When installing the chart with `architecture=replication`, it will deploy a Redis® master StatefulSet and a Redis® replicas StatefulSet. The replicas will be read-replicas of the master. Two services will be exposed: - -- Redis® Master service: Points to the master, where read-write operations can be performed -- Redis® Replicas service: Points to the replicas, where only read operations are allowed by default. - -In case the master crashes, the replicas will wait until the master node is respawned again by the Kubernetes Controller Manager. - -#### Standalone - -When installing the chart with `architecture=standalone`, it will deploy a standalone Redis® StatefulSet. A single service will be exposed: - -- Redis® Master service: Points to the master, where read-write operations can be performed - -#### Master-Replicas with Sentinel - -When installing the chart with `architecture=replication` and `sentinel.enabled=true`, it will deploy a Redis® master StatefulSet (only one master allowed) and a Redis® replicas StatefulSet. In this case, the pods will contain an extra container with Redis® Sentinel. This container will form a cluster of Redis® Sentinel nodes, which will promote a new master in case the actual one fails. In addition to this, only one service is exposed: - -- Redis® service: Exposes port 6379 for Redis® read-only operations and port 26379 for accessing Redis® Sentinel. - -For read-only operations, access the service using port 6379. For write operations, it's necessary to access the Redis® Sentinel cluster and query the current master using the command below (using redis-cli or similar): - -``` -SENTINEL get-master-addr-by-name -``` - -This command will return the address of the current master, which can be accessed from inside the cluster. - -In case the current master crashes, the Sentinel containers will elect a new master node. - -`master.count` greater than `1` is not designed for use when `sentinel.enabled=true`. - -### Multiple masters (experimental) - -When `master.count` is greater than `1`, special care must be taken to create a consistent setup. - -An example of use case is the creation of a redundant set of standalone masters or master-replicas per Kubernetes node where you must ensure: -- No more than `1` master can be deployed per Kubernetes node -- Replicas and writers can only see the single master of their own Kubernetes node - -One way of achieving this is by setting `master.service.internalTrafficPolicy=Local` in combination with a `master.affinity.podAntiAffinity` spec to never schedule more than one master per Kubernetes node. - -It's recommended to only change `master.count` if you know what you are doing. -`master.count` greater than `1` is not designed for use when `sentinel.enabled=true`. - -### Using a password file - -To use a password file for Redis® you need to create a secret containing the password and then deploy the chart using that secret. - -Refer to the chart documentation for more information on [using a password file for Redis®](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/use-password-file/). - -### Securing traffic using TLS - -TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart: - -- `tls.enabled`: Enable TLS support. Defaults to `false` -- `tls.existingSecret`: Name of the secret that contains the certificates. No defaults. -- `tls.certFilename`: Certificate filename. No defaults. -- `tls.certKeyFilename`: Certificate key filename. No defaults. -- `tls.certCAFilename`: CA Certificate filename. No defaults. - -Refer to the chart documentation for more information on [creating the secret and a TLS deployment example](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/enable-tls/). - -### Metrics - -The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9121) is exposed in the service. Metrics can be scraped from within the cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). If metrics are to be scraped from outside the cluster, the Kubernetes API proxy can be utilized to access the endpoint. - -If you have enabled TLS by specifying `tls.enabled=true` you also need to specify TLS option to the metrics exporter. You can do that via `metrics.extraArgs`. You can find the metrics exporter CLI flags for TLS [here](https://github.com/oliver006/redis_exporter#command-line-flags). For example: - -You can either specify `metrics.extraArgs.skip-tls-verification=true` to skip TLS verification or providing the following values under `metrics.extraArgs` for TLS client authentication: - -```console -tls-client-key-file -tls-client-cert-file -tls-ca-cert-file -``` - -### Host Kernel Settings - -Redis® may require some changes in the kernel of the host machine to work as expected, in particular increasing the `somaxconn` value and disabling transparent huge pages. - -Refer to the chart documentation for more information on [configuring host kernel settings with an example](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/configure-kernel-settings/). - -## Persistence - -By default, the chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) at the `/data` path. The volume is created using dynamic volume provisioning. If a Persistent Volume Claim already exists, specify it during installation. - -### Existing PersistentVolumeClaim - -1. Create the PersistentVolume -2. Create the PersistentVolumeClaim -3. Install the chart - -```bash -$ helm install my-release --set master.persistence.existingClaim=PVC_NAME bitnami/redis -``` - -## Backup and restore - -Refer to the chart documentation for more information on [backing up and restoring Redis® deployments](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/backup-restore/). - -## NetworkPolicy - -To enable network policy for Redis®, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. - -Refer to the chart documenation for more information on [enabling the network policy in Redis® deployments](https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/enable-network-policy/). - -### Setting Pod's affinity - -This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). - -As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. - -## Troubleshooting - -Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). - -## Upgrading - -A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. - -### To 16.0.0 - -This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository. - -Affected values: -- `master.service.port` renamed as `master.service.ports.redis`. -- `master.service.nodePort` renamed as `master.service.nodePorts.redis`. -- `replica.service.port` renamed as `replica.service.ports.redis`. -- `replica.service.nodePort` renamed as `replica.service.nodePorts.redis`. -- `sentinel.service.port` renamed as `sentinel.service.ports.redis`. -- `sentinel.service.sentinelPort` renamed as `sentinel.service.ports.sentinel`. -- `master.containerPort` renamed as `master.containerPorts.redis`. -- `replica.containerPort` renamed as `replica.containerPorts.redis`. -- `sentinel.containerPort` renamed as `sentinel.containerPorts.sentinel`. -- `master.spreadConstraints` renamed as `master.topologySpreadConstraints` -- `replica.spreadConstraints` renamed as `replica.topologySpreadConstraints` - -### To 15.0.0 - -The parameter to enable the usage of StaticIDs was removed. The behavior is to [always use StaticIDs](https://github.com/bitnami/charts/pull/7278). - -### To 14.8.0 - -The Redis® sentinel exporter was removed in this version because the upstream project was deprecated. The regular Redis® exporter is included in the sentinel scenario as usual. - -### To 14.0.0 - -- Several parameters were renamed or disappeared in favor of new ones on this major version: - - The term *slave* has been replaced by the term *replica*. Therefore, parameters prefixed with `slave` are now prefixed with `replicas`. - - Credentials parameter are reorganized under the `auth` parameter. - - `cluster.enabled` parameter is deprecated in favor of `architecture` parameter that accepts two values: `standalone` and `replication`. - - `securityContext.*` is deprecated in favor of `XXX.podSecurityContext` and `XXX.containerSecurityContext`. - - `sentinel.metrics.*` parameters are deprecated in favor of `metrics.sentinel.*` ones. -- New parameters to add custom command, environment variables, sidecars, init containers, etc. were added. -- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). -- values.yaml metadata was adapted to follow the format supported by [Readme Generator for Helm](https://github.com/bitnami-labs/readme-generator-for-helm). - -Consequences: - -Backwards compatibility is not guaranteed. To upgrade to `14.0.0`, install a new release of the Redis® chart, and migrate the data from your previous release. You have 2 alternatives to do so: - -- Create a backup of the database, and restore it on the new release as explained in the [Backup and restore](#backup-and-restore) section. -- Reuse the PVC used to hold the master data on your previous release. To do so, use the `master.persistence.existingClaim` parameter. The following example assumes that the release name is `redis`: - -```bash -$ helm install redis bitnami/redis --set auth.password=[PASSWORD] --set master.persistence.existingClaim=[EXISTING_PVC] -``` - -| Note: you need to substitute the placeholder _[EXISTING_PVC]_ with the name of the PVC used on your previous release, and _[PASSWORD]_ with the password used in your previous release. - -### To 13.0.0 - -This major version updates the Redis® docker image version used from `6.0` to `6.2`, the new stable version. There are no major changes in the chart and there shouldn't be any breaking changes in it as `6.2` is basically a stricter superset of `6.0`. For more information, please refer to [Redis® 6.2 release notes](https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES). - -### To 12.3.0 - -This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. - -### To 12.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -### To 11.0.0 - -When deployed with sentinel enabled, only a group of nodes is deployed and the master/slave role is handled in the group. To avoid breaking the compatibility, the settings for this nodes are given through the `slave.xxxx` parameters in `values.yaml` - -### To 9.0.0 - -The metrics exporter has been changed from a separate deployment to a sidecar container, due to the latest changes in the Redis® exporter code. Check the [official page](https://github.com/oliver006/redis_exporter/) for more information. The metrics container image was changed from oliver006/redis_exporter to bitnami/redis-exporter (Bitnami's maintained package of oliver006/redis_exporter). - -### To 7.0.0 - -In order to improve the performance in case of slave failure, we added persistence to the read-only slaves. That means that we moved from Deployment to StatefulSets. This should not affect upgrades from previous versions of the chart, as the deployments did not contain any persistence at all. - -This version also allows enabling Redis® Sentinel containers inside of the Redis® Pods (feature disabled by default). In case the master crashes, a new Redis® node will be elected as master. In order to query the current master (no redis master service is exposed), you need to query first the Sentinel cluster. Find more information [in this section](#master-slave-with-sentinel). - -### To 11.0.0 - -When using sentinel, a new statefulset called `-node` was introduced. This will break upgrading from a previous version where the statefulsets are called master and slave. Hence the PVC will not match the new naming and won't be reused. If you want to keep your data, you will need to perform a backup and then a restore the data in this new version. - -### To 10.0.0 - -For releases with `usePassword: true`, the value `sentinel.usePassword` controls whether the password authentication also applies to the sentinel port. This defaults to `true` for a secure configuration, however it is possible to disable to account for the following cases: - -- Using a version of redis-sentinel prior to `5.0.1` where the authentication feature was introduced. -- Where redis clients need to be updated to support sentinel authentication. - -If using a master/slave topology, or with `usePassword: false`, no action is required. - -### To 8.0.18 - -For releases with `metrics.enabled: true` the default tag for the exporter image is now `v1.x.x`. This introduces many changes including metrics names. You'll want to use [this dashboard](https://github.com/oliver006/redis_exporter/blob/master/contrib/grafana_prometheus_redis_dashboard.json) now. Please see the [redis_exporter github page](https://github.com/oliver006/redis_exporter#upgrading-from-0x-to-1x) for more details. - -### To 7.0.0 - -This version causes a change in the Redis® Master StatefulSet definition, so the command helm upgrade would not work out of the box. As an alternative, one of the following could be done: - -- Recommended: Create a clone of the Redis® Master PVC (for example, using projects like [this one](https://github.com/edseymour/pvc-transfer)). Then launch a fresh release reusing this cloned PVC. - - ``` - helm install my-release bitnami/redis --set persistence.existingClaim= - ``` - -- Alternative (not recommended, do at your own risk): `helm delete --purge` does not remove the PVC assigned to the Redis® Master StatefulSet. As a consequence, the following commands can be done to upgrade the release - - ``` - helm delete --purge - helm install bitnami/redis - ``` - -Previous versions of the chart were not using persistence in the slaves, so this upgrade would add it to them. Another important change is that no values are inherited from master to slaves. For example, in 6.0.0 `slaves.readinessProbe.periodSeconds`, if empty, would be set to `master.readinessProbe.periodSeconds`. This approach lacked transparency and was difficult to maintain. From now on, all the slave parameters must be configured just as it is done with the masters. - -Some values have changed as well: - -- `master.port` and `slave.port` have been changed to `redisPort` (same value for both master and slaves) -- `master.securityContext` and `slave.securityContext` have been changed to `securityContext`(same values for both master and slaves) - -By default, the upgrade will not change the cluster topology. In case you want to use Redis® Sentinel, you must explicitly set `sentinel.enabled` to `true`. - -### To 6.0.0 - -Previous versions of the chart were using an init-container to change the permissions of the volumes. This was done in case the `securityContext` directive in the template was not enough for that (for example, with cephFS). In this new version of the chart, this container is disabled by default (which should not affect most of the deployments). If your installation still requires that init container, execute `helm upgrade` with the `--set volumePermissions.enabled=true`. - -### To 5.0.0 - -The default image in this release may be switched out for any image containing the `redis-server` -and `redis-cli` binaries. If `redis-server` is not the default image ENTRYPOINT, `master.command` -must be specified. - -#### Breaking changes - -- `master.args` and `slave.args` are removed. Use `master.command` or `slave.command` instead in order to override the image entrypoint, or `master.extraFlags` to pass additional flags to `redis-server`. -- `disableCommands` is now interpreted as an array of strings instead of a string of comma separated values. -- `master.persistence.path` now defaults to `/data`. - -### To 4.0.0 - -This version removes the `chart` label from the `spec.selector.matchLabels` -which is immutable since `StatefulSet apps/v1beta2`. It has been inadvertently -added, causing any subsequent upgrade to fail. See https://github.com/helm/charts/issues/7726. - -It also fixes https://github.com/helm/charts/issues/7726 where a deployment `extensions/v1beta1` can not be upgraded if `spec.selector` is not explicitly set. - -Finally, it fixes https://github.com/helm/charts/issues/7803 by removing mutable labels in `spec.VolumeClaimTemplate.metadata.labels` so that it is upgradable. - -In order to upgrade, delete the Redis® StatefulSet before upgrading: - -```bash -kubectl delete statefulsets.apps --cascade=false my-release-redis-master -``` - -And edit the Redis® slave (and metrics if enabled) deployment: - -```bash -kubectl patch deployments my-release-redis-slave --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -kubectl patch deployments my-release-redis-metrics --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' -``` - -## License - -Copyright © 2022 Bitnami - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. \ No newline at end of file diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/.helmignore b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/.helmignore deleted file mode 100644 index 50af031..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/Chart.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/Chart.yaml deleted file mode 100644 index bd152e3..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/Chart.yaml +++ /dev/null @@ -1,23 +0,0 @@ -annotations: - category: Infrastructure -apiVersion: v2 -appVersion: 1.16.0 -description: A Library Helm Chart for grouping common logic between bitnami charts. - This chart is not deployable by itself. -home: https://github.com/bitnami/charts/tree/master/bitnami/common -icon: https://bitnami.com/downloads/logos/bitnami-mark.png -keywords: -- common -- helper -- template -- function -- bitnami -maintainers: -- name: Bitnami - url: https://github.com/bitnami/charts -name: common -sources: -- https://github.com/bitnami/charts -- https://www.bitnami.com/ -type: library -version: 1.16.0 diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/README.md b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/README.md deleted file mode 100644 index 3b5e09c..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/README.md +++ /dev/null @@ -1,350 +0,0 @@ -# Bitnami Common Library Chart - -A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. - -## TL;DR - -```yaml -dependencies: - - name: common - version: 1.x.x - repository: https://charts.bitnami.com/bitnami -``` - -```bash -$ helm dependency update -``` - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }} -data: - myvalue: "Hello World" -``` - -## Introduction - -This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. - -## Prerequisites - -- Kubernetes 1.19+ -- Helm 3.2.0+ - -## Parameters - -The following table lists the helpers available in the library which are scoped in different sections. - -### Affinities - -| Helper identifier | Description | Expected Input | -|-------------------------------|------------------------------------------------------|------------------------------------------------| -| `common.affinities.nodes.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.nodes.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | -| `common.affinities.pods.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | -| `common.affinities.pods.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | - -### Capabilities - -| Helper identifier | Description | Expected Input | -|------------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| -| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | -| `common.capabilities.cronjob.apiVersion` | Return the appropriate apiVersion for cronjob. | `.` Chart context | -| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | -| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | -| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | -| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | -| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | -| `common.capabilities.policy.apiVersion` | Return the appropriate apiVersion for podsecuritypolicy. | `.` Chart context | -| `common.capabilities.networkPolicy.apiVersion` | Return the appropriate apiVersion for networkpolicy. | `.` Chart context | -| `common.capabilities.apiService.apiVersion` | Return the appropriate apiVersion for APIService. | `.` Chart context | -| `common.capabilities.hpa.apiVersion` | Return the appropriate apiVersion for Horizontal Pod Autoscaler | `.` Chart context | -| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | - -### Errors - -| Helper identifier | Description | Expected Input | -|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| -| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | - -### Images - -| Helper identifier | Description | Expected Input | -|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| -| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | -| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | -| `common.images.renderPullSecrets` | Return the proper Docker Image Registry Secret Names (evaluates values as templates) | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $` | - -### Ingress - -| Helper identifier | Description | Expected Input | -|-------------------------------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | -| `common.ingress.supportsPathType` | Prints "true" if the pathType field is supported | `.` Chart context | -| `common.ingress.supportsIngressClassname` | Prints "true" if the ingressClassname field is supported | `.` Chart context | -| `common.ingress.certManagerRequest` | Prints "true" if required cert-manager annotations for TLS signed certificates are set in the Ingress annotations | `dict "annotations" .Values.path.to.the.ingress.annotations` | - -### Labels - -| Helper identifier | Description | Expected Input | -|-----------------------------|-----------------------------------------------------------------------------|-------------------| -| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | -| `common.labels.matchLabels` | Labels to use on `deploy.spec.selector.matchLabels` and `svc.spec.selector` | `.` Chart context | - -### Names - -| Helper identifier | Description | Expected Input | -|-----------------------------------|-----------------------------------------------------------------------|-------------------| -| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | -| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | -| `common.names.namespace` | Allow the release namespace to be overridden | `.` Chart context | -| `common.names.fullname.namespace` | Create a fully qualified app name adding the installation's namespace | `.` Chart context | -| `common.names.chart` | Chart name plus version | `.` Chart context | - -### Secrets - -| Helper identifier | Description | Expected Input | -|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | -| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | -| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | -| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | - -### Storage - -| Helper identifier | Description | Expected Input | -|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| -| `common.storage.class` | Return the proper Storage Class | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | - -### TplValues - -| Helper identifier | Description | Expected Input | -|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | - -### Utils - -| Helper identifier | Description | Expected Input | -|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| -| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | -| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | -| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | -| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | - -### Validations - -| Helper identifier | Description | Expected Input | -|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | -| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | -| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | -| `common.validations.values.mysql.passwords` | This helper will ensure required password for MySQL are not empty. It returns a shared error for all the values. | `dict "secret" "mysql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mysql chart and the helper. | -| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | -| `common.validations.values.redis.passwords` | This helper will ensure required password for Redis® are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | -| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | -| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | - -### Warnings - -| Helper identifier | Description | Expected Input | -|------------------------------|----------------------------------|------------------------------------------------------------| -| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | - -## Special input schemas - -### ImageRoot - -```yaml -registry: - type: string - description: Docker registry where the image is located - example: docker.io - -repository: - type: string - description: Repository and image name - example: bitnami/nginx - -tag: - type: string - description: image tag - example: 1.16.1-debian-10-r63 - -pullPolicy: - type: string - description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - -pullSecrets: - type: array - items: - type: string - description: Optionally specify an array of imagePullSecrets (evaluated as templates). - -debug: - type: boolean - description: Set to true if you would like to see extra information on logs - example: false - -## An instance would be: -# registry: docker.io -# repository: bitnami/nginx -# tag: 1.16.1-debian-10-r63 -# pullPolicy: IfNotPresent -# debug: false -``` - -### Persistence - -```yaml -enabled: - type: boolean - description: Whether enable persistence. - example: true - -storageClass: - type: string - description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. - example: "-" - -accessMode: - type: string - description: Access mode for the Persistent Volume Storage. - example: ReadWriteOnce - -size: - type: string - description: Size the Persistent Volume Storage. - example: 8Gi - -path: - type: string - description: Path to be persisted. - example: /bitnami - -## An instance would be: -# enabled: true -# storageClass: "-" -# accessMode: ReadWriteOnce -# size: 8Gi -# path: /bitnami -``` - -### ExistingSecret - -```yaml -name: - type: string - description: Name of the existing secret. - example: mySecret -keyMapping: - description: Mapping between the expected key name and the name of the key in the existing secret. - type: object - -## An instance would be: -# name: mySecret -# keyMapping: -# password: myPasswordKey -``` - -#### Example of use - -When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. - -```yaml -# templates/secret.yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.names.fullname" . }} - labels: - app: {{ include "common.names.fullname" . }} -type: Opaque -data: - password: {{ .Values.password | b64enc | quote }} - -# templates/dpl.yaml ---- -... - env: - - name: PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} - key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} -... - -# values.yaml ---- -name: mySecret -keyMapping: - password: myPasswordKey -``` - -### ValidateValue - -#### NOTES.txt - -```console -{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} - -{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} -``` - -If we force those values to be empty we will see some alerts - -```console -$ helm install test mychart --set path.to.value00="",path.to.value01="" - 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: - - export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d) - - 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: - - export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d) -``` - -## Upgrading - -### To 1.0.0 - -[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. - -**What changes were introduced in this major version?** - -- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. -- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. -- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts - -**Considerations when upgrading to this version** - -- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues -- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore -- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 - -**Useful links** - -- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ -- https://helm.sh/docs/topics/v2_v3_migration/ -- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ - -## License - -Copyright © 2022 Bitnami - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_affinities.tpl b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_affinities.tpl deleted file mode 100644 index 189ea40..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_affinities.tpl +++ /dev/null @@ -1,102 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return a soft nodeAffinity definition -{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.soft" -}} -preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} - weight: 1 -{{- end -}} - -{{/* -Return a hard nodeAffinity definition -{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes.hard" -}} -requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ .key }} - operator: In - values: - {{- range .values }} - - {{ . | quote }} - {{- end }} -{{- end -}} - -{{/* -Return a nodeAffinity definition -{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.nodes" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.nodes.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.nodes.hard" . -}} - {{- end -}} -{{- end -}} - -{{/* -Return a soft podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} -*/}} -{{- define "common.affinities.pods.soft" -}} -{{- $component := default "" .component -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - namespaces: - - {{ .context.Release.Namespace | quote }} - topologyKey: kubernetes.io/hostname - weight: 1 -{{- end -}} - -{{/* -Return a hard podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "context" $) -}} -*/}} -{{- define "common.affinities.pods.hard" -}} -{{- $component := default "" .component -}} -{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} -requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} - {{- if not (empty $component) }} - {{ printf "app.kubernetes.io/component: %s" $component }} - {{- end }} - {{- range $key, $value := $extraMatchLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - namespaces: - - {{ .context.Release.Namespace | quote }} - topologyKey: kubernetes.io/hostname -{{- end -}} - -{{/* -Return a podAffinity/podAntiAffinity definition -{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} -*/}} -{{- define "common.affinities.pods" -}} - {{- if eq .type "soft" }} - {{- include "common.affinities.pods.soft" . -}} - {{- else if eq .type "hard" }} - {{- include "common.affinities.pods.hard" . -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_capabilities.tpl b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_capabilities.tpl deleted file mode 100644 index 9d9b760..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_capabilities.tpl +++ /dev/null @@ -1,154 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the target Kubernetes version -*/}} -{{- define "common.capabilities.kubeVersion" -}} -{{- if .Values.global }} - {{- if .Values.global.kubeVersion }} - {{- .Values.global.kubeVersion -}} - {{- else }} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} - {{- end -}} -{{- else }} -{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for poddisruptionbudget. -*/}} -{{- define "common.capabilities.policy.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "policy/v1beta1" -}} -{{- else -}} -{{- print "policy/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "common.capabilities.networkPolicy.apiVersion" -}} -{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for cronjob. -*/}} -{{- define "common.capabilities.cronjob.apiVersion" -}} -{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "batch/v1beta1" -}} -{{- else -}} -{{- print "batch/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for deployment. -*/}} -{{- define "common.capabilities.deployment.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for statefulset. -*/}} -{{- define "common.capabilities.statefulset.apiVersion" -}} -{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apps/v1beta1" -}} -{{- else -}} -{{- print "apps/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "common.capabilities.ingress.apiVersion" -}} -{{- if .Values.ingress -}} -{{- if .Values.ingress.apiVersion -}} -{{- .Values.ingress.apiVersion -}} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end }} -{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "extensions/v1beta1" -}} -{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for RBAC resources. -*/}} -{{- define "common.capabilities.rbac.apiVersion" -}} -{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "rbac.authorization.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "rbac.authorization.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for CRDs. -*/}} -{{- define "common.capabilities.crd.apiVersion" -}} -{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiextensions.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiextensions.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for APIService. -*/}} -{{- define "common.capabilities.apiService.apiVersion" -}} -{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "apiregistration.k8s.io/v1beta1" -}} -{{- else -}} -{{- print "apiregistration.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Horizontal Pod Autoscaler. -*/}} -{{- define "common.capabilities.hpa.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the used Helm version is 3.3+. -A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. -This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. -**To be removed when the catalog's minimun Helm version is 3.3** -*/}} -{{- define "common.capabilities.supportsHelmVersion" -}} -{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_errors.tpl b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_errors.tpl deleted file mode 100644 index a79cc2e..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_errors.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Through error when upgrading using empty passwords values that must not be empty. - -Usage: -{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} -{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} -{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} - -Required password params: - - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. - - context - Context - Required. Parent context. -*/}} -{{- define "common.errors.upgrade.passwords.empty" -}} - {{- $validationErrors := join "" .validationErrors -}} - {{- if and $validationErrors .context.Release.IsUpgrade -}} - {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} - {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} - {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} - {{- $errorString = print $errorString "\n%s" -}} - {{- printf $errorString $validationErrors | fail -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_images.tpl b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_images.tpl deleted file mode 100644 index 42ffbc7..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_images.tpl +++ /dev/null @@ -1,75 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper image name -{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} -*/}} -{{- define "common.images.image" -}} -{{- $registryName := .imageRoot.registry -}} -{{- $repositoryName := .imageRoot.repository -}} -{{- $tag := .imageRoot.tag | toString -}} -{{- if .global }} - {{- if .global.imageRegistry }} - {{- $registryName = .global.imageRegistry -}} - {{- end -}} -{{- end -}} -{{- if $registryName }} -{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- else -}} -{{- printf "%s:%s" $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) -{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} -*/}} -{{- define "common.images.pullSecrets" -}} - {{- $pullSecrets := list }} - - {{- if .global }} - {{- range .global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets . -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names evaluating values as templates -{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} -*/}} -{{- define "common.images.renderPullSecrets" -}} - {{- $pullSecrets := list }} - {{- $context := .context }} - - {{- if $context.Values.global }} - {{- range $context.Values.global.imagePullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- range .images -}} - {{- range .pullSecrets -}} - {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} - {{- end -}} - {{- end -}} - - {{- if (not (empty $pullSecrets)) }} -imagePullSecrets: - {{- range $pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_ingress.tpl b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_ingress.tpl deleted file mode 100644 index 8caf73a..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_ingress.tpl +++ /dev/null @@ -1,68 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Generate backend entry that is compatible with all Kubernetes API versions. - -Usage: -{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} - -Params: - - serviceName - String. Name of an existing service backend - - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.ingress.backend" -}} -{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} -{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} -serviceName: {{ .serviceName }} -servicePort: {{ .servicePort }} -{{- else -}} -service: - name: {{ .serviceName }} - port: - {{- if typeIs "string" .servicePort }} - name: {{ .servicePort }} - {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} - number: {{ .servicePort | int }} - {{- end }} -{{- end -}} -{{- end -}} - -{{/* -Print "true" if the API pathType field is supported -Usage: -{{ include "common.ingress.supportsPathType" . }} -*/}} -{{- define "common.ingress.supportsPathType" -}} -{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Returns true if the ingressClassname field is supported -Usage: -{{ include "common.ingress.supportsIngressClassname" . }} -*/}} -{{- define "common.ingress.supportsIngressClassname" -}} -{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} -{{- print "false" -}} -{{- else -}} -{{- print "true" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if cert-manager required annotations for TLS signed -certificates are set in the Ingress annotations -Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations -Usage: -{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} -*/}} -{{- define "common.ingress.certManagerRequest" -}} -{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_labels.tpl b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_labels.tpl deleted file mode 100644 index 252066c..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_labels.tpl +++ /dev/null @@ -1,18 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Kubernetes standard labels -*/}} -{{- define "common.labels.standard" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -helm.sh/chart: {{ include "common.names.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector -*/}} -{{- define "common.labels.matchLabels" -}} -app.kubernetes.io/name: {{ include "common.names.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_names.tpl b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_names.tpl deleted file mode 100644 index 1bdac8b..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_names.tpl +++ /dev/null @@ -1,70 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "common.names.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "common.names.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "common.names.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create a default fully qualified dependency name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -Usage: -{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} -*/}} -{{- define "common.names.dependency.fullname" -}} -{{- if .chartValues.fullnameOverride -}} -{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .chartName .chartValues.nameOverride -}} -{{- if contains $name .context.Release.Name -}} -{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts. -*/}} -{{- define "common.names.namespace" -}} -{{- if .Values.namespaceOverride -}} -{{- .Values.namespaceOverride -}} -{{- else -}} -{{- .Release.Namespace -}} -{{- end -}} -{{- end -}} - -{{/* -Create a fully qualified app name adding the installation's namespace. -*/}} -{{- define "common.names.fullname.namespace" -}} -{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_secrets.tpl b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_secrets.tpl deleted file mode 100644 index a53fb44..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_secrets.tpl +++ /dev/null @@ -1,140 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Generate secret name. - -Usage: -{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. - - context - Dict - Required. The context for the template evaluation. -*/}} -{{- define "common.secrets.name" -}} -{{- $name := (include "common.names.fullname" .context) -}} - -{{- if .defaultNameSuffix -}} -{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{- with .existingSecret -}} -{{- if not (typeIs "string" .) -}} -{{- with .name -}} -{{- $name = . -}} -{{- end -}} -{{- else -}} -{{- $name = . -}} -{{- end -}} -{{- end -}} - -{{- printf "%s" $name -}} -{{- end -}} - -{{/* -Generate secret key. - -Usage: -{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} - -Params: - - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user - to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. - +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret - - key - String - Required. Name of the key in the secret. -*/}} -{{- define "common.secrets.key" -}} -{{- $key := .key -}} - -{{- if .existingSecret -}} - {{- if not (typeIs "string" .existingSecret) -}} - {{- if .existingSecret.keyMapping -}} - {{- $key = index .existingSecret.keyMapping $.key -}} - {{- end -}} - {{- end }} -{{- end -}} - -{{- printf "%s" $key -}} -{{- end -}} - -{{/* -Generate secret password or retrieve one if already created. - -Usage: -{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - key - String - Required - Name of the key in the secret. - - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. - - length - int - Optional - Length of the generated random password. - - strong - Boolean - Optional - Whether to add symbols to the generated random password. - - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. - - context - Context - Required - Parent context. - -The order in which this function returns a secret password: - 1. Already existing 'Secret' resource - (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) - 2. Password provided via the values.yaml - (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) - 3. Randomly generated secret password - (A new random secret password with the length specified in the 'length' parameter will be generated and returned) - -*/}} -{{- define "common.secrets.passwords.manage" -}} - -{{- $password := "" }} -{{- $subchart := "" }} -{{- $chartName := default "" .chartName }} -{{- $passwordLength := default 10 .length }} -{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} -{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} -{{- $secretData := (lookup "v1" "Secret" $.context.Release.Namespace .secret).data }} -{{- if $secretData }} - {{- if hasKey $secretData .key }} - {{- $password = index $secretData .key }} - {{- else }} - {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} - {{- end -}} -{{- else if $providedPasswordValue }} - {{- $password = $providedPasswordValue | toString | b64enc | quote }} -{{- else }} - - {{- if .context.Values.enabled }} - {{- $subchart = $chartName }} - {{- end -}} - - {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} - {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} - {{- $passwordValidationErrors := list $requiredPasswordError -}} - {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} - - {{- if .strong }} - {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} - {{- $password = randAscii $passwordLength }} - {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} - {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} - {{- else }} - {{- $password = randAlphaNum $passwordLength | b64enc | quote }} - {{- end }} -{{- end -}} -{{- printf "%s" $password -}} -{{- end -}} - -{{/* -Returns whether a previous generated secret already exists - -Usage: -{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} - -Params: - - secret - String - Required - Name of the 'Secret' resource where the password is stored. - - context - Context - Required - Parent context. -*/}} -{{- define "common.secrets.exists" -}} -{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} -{{- if $secret }} - {{- true -}} -{{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_storage.tpl b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_storage.tpl deleted file mode 100644 index 60e2a84..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_storage.tpl +++ /dev/null @@ -1,23 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Return the proper Storage Class -{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} -*/}} -{{- define "common.storage.class" -}} - -{{- $storageClass := .persistence.storageClass -}} -{{- if .global -}} - {{- if .global.storageClass -}} - {{- $storageClass = .global.storageClass -}} - {{- end -}} -{{- end -}} - -{{- if $storageClass -}} - {{- if (eq "-" $storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" $storageClass -}} - {{- end -}} -{{- end -}} - -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_tplvalues.tpl b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_tplvalues.tpl deleted file mode 100644 index 2db1668..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_tplvalues.tpl +++ /dev/null @@ -1,13 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Renders a value that contains template. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "common.tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_utils.tpl b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_utils.tpl deleted file mode 100644 index 8c22b2a..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_utils.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Print instructions to get a secret value. -Usage: -{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} -*/}} -{{- define "common.utils.secret.getvalue" -}} -{{- $varname := include "common.utils.fieldToEnvVar" . -}} -export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) -{{- end -}} - -{{/* -Build env var name given a field -Usage: -{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} -*/}} -{{- define "common.utils.fieldToEnvVar" -}} - {{- $fieldNameSplit := splitList "-" .field -}} - {{- $upperCaseFieldNameSplit := list -}} - - {{- range $fieldNameSplit -}} - {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} - {{- end -}} - - {{ join "_" $upperCaseFieldNameSplit }} -{{- end -}} - -{{/* -Gets a value from .Values given -Usage: -{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} -*/}} -{{- define "common.utils.getValueFromKey" -}} -{{- $splitKey := splitList "." .key -}} -{{- $value := "" -}} -{{- $latestObj := $.context.Values -}} -{{- range $splitKey -}} - {{- if not $latestObj -}} - {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} - {{- end -}} - {{- $value = ( index $latestObj . ) -}} - {{- $latestObj = $value -}} -{{- end -}} -{{- printf "%v" (default "" $value) -}} -{{- end -}} - -{{/* -Returns first .Values key with a defined value or first of the list if all non-defined -Usage: -{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} -*/}} -{{- define "common.utils.getKeyFromList" -}} -{{- $key := first .keys -}} -{{- $reverseKeys := reverse .keys }} -{{- range $reverseKeys }} - {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} - {{- if $value -}} - {{- $key = . }} - {{- end -}} -{{- end -}} -{{- printf "%s" $key -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_warnings.tpl b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_warnings.tpl deleted file mode 100644 index ae10fa4..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/_warnings.tpl +++ /dev/null @@ -1,14 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Warning about using rolling tag. -Usage: -{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} -*/}} -{{- define "common.warnings.rollingTag" -}} - -{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} -WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ -{{- end }} - -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_cassandra.tpl b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_cassandra.tpl deleted file mode 100644 index ded1ae3..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_cassandra.tpl +++ /dev/null @@ -1,72 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Cassandra required passwords are not empty. - -Usage: -{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.cassandra.passwords" -}} - {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} - {{- $enabled := include "common.cassandra.values.enabled" . -}} - {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} - {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.dbUser.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled cassandra. - -Usage: -{{ include "common.cassandra.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.cassandra.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.cassandra.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key dbUser - -Usage: -{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false -*/}} -{{- define "common.cassandra.values.key.dbUser" -}} - {{- if .subchart -}} - cassandra.dbUser - {{- else -}} - dbUser - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_mariadb.tpl b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_mariadb.tpl deleted file mode 100644 index b6906ff..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_mariadb.tpl +++ /dev/null @@ -1,103 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MariaDB required passwords are not empty. - -Usage: -{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mariadb.passwords" -}} - {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mariadb.values.enabled" . -}} - {{- $architecture := include "common.mariadb.values.architecture" . -}} - {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mariadb. - -Usage: -{{ include "common.mariadb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mariadb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mariadb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mariadb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false -*/}} -{{- define "common.mariadb.values.key.auth" -}} - {{- if .subchart -}} - mariadb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_mongodb.tpl b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_mongodb.tpl deleted file mode 100644 index f820ec1..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_mongodb.tpl +++ /dev/null @@ -1,108 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MongoDB® required passwords are not empty. - -Usage: -{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mongodb.passwords" -}} - {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mongodb.values.enabled" . -}} - {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} - {{- $architecture := include "common.mongodb.values.architecture" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} - {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} - - {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} - {{- if and $valueUsername $valueDatabase -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replicaset") -}} - {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mongodb. - -Usage: -{{ include "common.mongodb.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mongodb.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mongodb.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.key.auth" -}} - {{- if .subchart -}} - mongodb.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false -*/}} -{{- define "common.mongodb.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mongodb.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_mysql.tpl b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_mysql.tpl deleted file mode 100644 index 74472a0..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_mysql.tpl +++ /dev/null @@ -1,103 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate MySQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.mysql.passwords" -}} - {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} - {{- $enabled := include "common.mysql.values.enabled" . -}} - {{- $architecture := include "common.mysql.values.architecture" . -}} - {{- $authPrefix := include "common.mysql.values.key.auth" . -}} - {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} - {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} - {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} - {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} - - {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} - {{- if not (empty $valueUsername) -}} - {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} - {{- end -}} - - {{- if (eq $architecture "replication") -}} - {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.auth.existingSecret" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.auth.existingSecret | quote -}} - {{- else -}} - {{- .context.Values.auth.existingSecret | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled mysql. - -Usage: -{{ include "common.mysql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.mysql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.mysql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for architecture - -Usage: -{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.architecture" -}} - {{- if .subchart -}} - {{- .context.Values.mysql.architecture -}} - {{- else -}} - {{- .context.Values.architecture -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key auth - -Usage: -{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false -*/}} -{{- define "common.mysql.values.key.auth" -}} - {{- if .subchart -}} - mysql.auth - {{- else -}} - auth - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_postgresql.tpl b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_postgresql.tpl deleted file mode 100644 index 164ec0d..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_postgresql.tpl +++ /dev/null @@ -1,129 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate PostgreSQL required passwords are not empty. - -Usage: -{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.postgresql.passwords" -}} - {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} - {{- $enabled := include "common.postgresql.values.enabled" . -}} - {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} - {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} - - {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} - {{- if (eq $enabledReplication "true") -}} - {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to decide whether evaluate global values. - -Usage: -{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} -Params: - - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" -*/}} -{{- define "common.postgresql.values.use.global" -}} - {{- if .context.Values.global -}} - {{- if .context.Values.global.postgresql -}} - {{- index .context.Values.global.postgresql .key | quote -}} - {{- end -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for existingSecret. - -Usage: -{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.existingSecret" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} - - {{- if .subchart -}} - {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} - {{- else -}} - {{- default (.context.Values.existingSecret | quote) $globalValue -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled postgresql. - -Usage: -{{ include "common.postgresql.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.postgresql.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key postgressPassword. - -Usage: -{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.postgressPassword" -}} - {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} - - {{- if not $globalValue -}} - {{- if .subchart -}} - postgresql.postgresqlPassword - {{- else -}} - postgresqlPassword - {{- end -}} - {{- else -}} - global.postgresql.postgresqlPassword - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled.replication. - -Usage: -{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.enabled.replication" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.postgresql.replication.enabled -}} - {{- else -}} - {{- printf "%v" .context.Values.replication.enabled -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for the key replication.password. - -Usage: -{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false -*/}} -{{- define "common.postgresql.values.key.replicationPassword" -}} - {{- if .subchart -}} - postgresql.replication.password - {{- else -}} - replication.password - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_redis.tpl b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_redis.tpl deleted file mode 100644 index dcccfc1..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_redis.tpl +++ /dev/null @@ -1,76 +0,0 @@ - -{{/* vim: set filetype=mustache: */}} -{{/* -Validate Redis® required passwords are not empty. - -Usage: -{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} -Params: - - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.validations.values.redis.passwords" -}} - {{- $enabled := include "common.redis.values.enabled" . -}} - {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} - {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} - - {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} - {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} - - {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} - {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} - - {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} - {{- $requiredPasswords := list -}} - - {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} - {{- if eq $useAuth "true" -}} - {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} - {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} - {{- end -}} - - {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right value for enabled redis. - -Usage: -{{ include "common.redis.values.enabled" (dict "context" $) }} -*/}} -{{- define "common.redis.values.enabled" -}} - {{- if .subchart -}} - {{- printf "%v" .context.Values.redis.enabled -}} - {{- else -}} - {{- printf "%v" (not .context.Values.enabled) -}} - {{- end -}} -{{- end -}} - -{{/* -Auxiliary function to get the right prefix path for the values - -Usage: -{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} -Params: - - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false -*/}} -{{- define "common.redis.values.keys.prefix" -}} - {{- if .subchart -}}redis.{{- else -}}{{- end -}} -{{- end -}} - -{{/* -Checks whether the redis chart's includes the standarizations (version >= 14) - -Usage: -{{ include "common.redis.values.standarized.version" (dict "context" $) }} -*/}} -{{- define "common.redis.values.standarized.version" -}} - - {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} - {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} - - {{- if $standarizedAuthValues -}} - {{- true -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_validations.tpl b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_validations.tpl deleted file mode 100644 index 9a814cf..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/templates/validations/_validations.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Validate values must not be empty. - -Usage: -{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} -{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} -{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" -*/}} -{{- define "common.validations.values.multiple.empty" -}} - {{- range .required -}} - {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} - {{- end -}} -{{- end -}} - -{{/* -Validate a value must not be empty. - -Usage: -{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} - -Validate value params: - - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" - - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" - - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" - - subchart - String - Optional - Name of the subchart that the validated password is part of. -*/}} -{{- define "common.validations.values.single.empty" -}} - {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} - {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} - - {{- if not $value -}} - {{- $varname := "my-value" -}} - {{- $getCurrentValue := "" -}} - {{- if and .secret .field -}} - {{- $varname = include "common.utils.fieldToEnvVar" . -}} - {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} - {{- end -}} - {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} - {{- end -}} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/values.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/values.yaml deleted file mode 100644 index f2df68e..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/charts/common/values.yaml +++ /dev/null @@ -1,5 +0,0 @@ -## bitnami/common -## It is required by CI/CD tools and processes. -## @skip exampleValue -## -exampleValue: common-chart diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/img/redis-cluster-topology.png b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/img/redis-cluster-topology.png deleted file mode 100644 index f0a02a9f8835381302731c9cb000b2835a45e7c9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 11448 zcmeI2cUx22x9_8Zh@yyC0I4cPR3wC|kVp$H5PB1ZB#;m~gf1}_1O)^|QB*Y2#4gyt zMlbeAQxFvp712m>hX{m(GZyaOx!ZkSz`gf*j(>!>GS^(QjWNFCGu9zzC!56!6&9jU zsKs`+R<0=2Tv-%qj{Ji8aAni0vR)KQEHl>HJ2pI#N)HP{sbegEe^b}f4US~Qs$;Cw z_4G(lQ96Ni5-o-l&d`YniiJz?dw66Zok|Z1{M|-RS5J47uKp%8#vQGzjxpCah7XLM zj-j5O@9*{`T2RE_9UAE9LI+xoBnmwuHj)v%{&$O@SQ71bZ+Kl2DH#*!W~guJ6YNcK zHZTeO`>F9kF${WS#P4QkJslGrH2U}5u}M)uzb^*{#nUN4$W@Fr%;@i-!xQO$57ytD z8g7NACsAo=gGf@4U2vq4|L;yBNa25X;tb>6G}|@C+Q2i|iEP41uyWQ#JBJ%4#8?F< zhJ?qHVxj_RUKr=dpkNn9ac?y zjjf4Zb6GNz?1!C-z2!T|`I6FNrJxgzEdNh&X5<(5KrG*81T6sFq zW4#j0(FP$=R0ktuGQKhJ>5aE1x<}i)7{Yf-uoVV+b&Uyx|9F@?Q)9v%9i!kom8xr_ zZyDi8quLlJ$HoMDMv5Etu;N25ccDbf0|Q5Hey zuy9hmyN{lmxi_9+6lmk*8e~ZKun3K`af^yY(`;?=K0&@@N^D4|ZmdgqQerIL%hrxy zM`KVuoedc@Cs*&NU@z}TC!YjoOLVwfgp0XBq^=QOH`LfZDk)yy$}P!&oMd9pNV2eV za19GKbTn|V3?&(oC>TsM-pj)_-XqzO!f>`XcTI{5(F-#P4|eb+*@i_q#RWz9Cb}lU zY#Dly5oBMwdxVb>J|ZxR=Hn2B(esIp*C%@g#keGsV#(gFfsDuqU)z`@qaaF%b3~+m zaCivCJ1!{#Z-OS0%&mNabUj@xDKwK12OC|CUMSr<(LBO6#=*zKmh2FMcXPB0wAZ(G zOLT#y3^MdVd+FN4H&{DMs+$|$6}}_mun)3ByGD6M!*@NGc#37RH*(}cY~w5(g7s}^ zzJ{deP$OjHtPIHRcv})F*daVJ9OLS0Leg`Niu1-BQNyAVy)cG$-t^cQdT5*_#!w#< z6bFATlk}s>LCIl6HxqO;(KpT^F4{I2o&%lvSS5MJQIi?*1e?StBg+V5BGsE18|WMZ zW@PMb;;rjJh)Z(TCxklSlZ>ctaW=Yo)I?_w8+1I}9FDPYfEk{Rp z-ILpbFFK4J$#eW+T6n?W^l5qJZKu}h5eQ&HLB6NEPly?kFMd+9B*;21U%BtZEs%?pK-aOJA&_a1j0}?4#_1KVkJ~ zb1N$=!~T5LHEY(Ki6ShOkvZyUtN}kg)=-p%p8{pGCE=%=k}YB~GBVw%{}0_J=Dl%c zNm&_1!2faZ@ZlzI_bqfh*IP+9=vgI}rUzo0%pyLDCQ>#KFyN?VT{J-WBp zCg)?vCAY`Vo>`JeY8zKB+H+FMc}Q(BfZHZ_r67MSRsc_F7C zywt+dvh}JDW@2iJ{P>7kKAJK=H#hgl*|VFbw_3cM9SuWCQ8xa>xpUb;&rXoK%1McR zdnJ}CDoP!Dk~;a<;97Nc@fy+86}OQmPoC7l)OA^+lzf7Q)M`ViYrc0ZqM~%M)1#Jw zfq};3$}t=HHo0Bw?;rEaU97FebB`UnQf>OC*hZRgcFPL?lreG9^k2lGzd~ZiK3a#p zy)Aj;;m?Kl6GpPH?|86AUw`=-!|+_};cth8N7wOf@{BbUz8)iD>yD^dMsdu3sjgcm zW@l$t760Qj&u4MW_&1NM{x!;Vb#<@w7h9$;X)0sy)@H8k+&6o3!pHoJ>1>urexUjA z{*xzH?Mxn059_{ZJ+&^q>tPZG7Orn-Nb**9*6rK+L&p|ya{?=HmlwBKDP8rsHUCla zcztmWHlwP_c!*J;ZD_dCY!|w?1!4%~4*Dqs@kWrCfWZ=WDk*3@9_9&Rg z5F_^U)4UCdKkmGFRb;&gdi0)Bv?Q|{S_2<>6TK>ZjGG z9{XfuWax&!)fbyTe+?S#0yhM(;#x%99AT%DK(HZO64jEUVl(pL5m;Fr&fwZPdwct( z%F5ZbwcE;A()V1-YtksJyA;;q7Ewg>BpOX=mYSHHB=uG^+sd@U;l8gOmt?7&bDNkM zu3c;-9?ml75dN@2UC14Kwt46Ayu3oYV;XHVV{t*d3K&7wJ2t7s>ig?!V=XEy zTei8u;}z>#O<*5YkYo515Ix`}TT?sxu@^5d`*D}*ybg@r&so3e+v-a$5 zZUo2RH_Wjx%ILh}MVX!$Yom3g3NIn!T+5S?3nT>6XvGdEb=qi07N;DkD{zvz0b5=XcjZ z%dB}4OKjOLo4Fig7=&v@&9~z!vfyUH!r>W8>ohdhn40=cWhIkX&B#nMgdSzQe698C z&HwuHqLib$HKeUX^6As3C7g@0e3~gTl8)Z9$CYK#Xmq|lJ(njRXfx1~)AFtJO6k9w zkVqt3A`$kLt7TxY0_>xW)*>D8sh7e;aXnntiCP%~e12HDO9BW)FCB@FA<~X*CewMZ8<>mEH4zkm8a-`u%DeyvRRBF-r^R>#fZ%=tc?G*uabB8b?O`

    gt0u3YK+3VbZ)7Cr=g*&)YecY;+uHRLladT3#L-cG+Z4CN zKHgdOtr;9@>`b#Ba+WJ_{4yh$6P!auoRD{nC(pX_v#ErxkgbB-IsWFP&W_}s%qJmt z*68S5|2A?sI~z}@uitaVzm50v=e`T{#J^q`x%l~|^x)X1PD%ECQ3)6r7}&pZlW#!x z&7i92f%*0h4r6aaZ}j74CZ$tSQjUNV{3&o&kyxTw>qazFXX3Act31{S^Z5WvqP%;8 zRA3x!@p~>={SD~@*D62Me{9N}gIbv>4iVJ*7S*vcbLjhxnzRda8yg$XpFfY95st75=?aFC9}wq0 zF)@LdjmM0RV|#f>r?%h2M3;$#Pa{fO)5_jR(9T%&W!y0{L3|lv0qAhQ-1KmF^PQ#ZP>O;1`%Dz!7D2~MQU ziWTB2Dk_SwVr4}3^O^Dya_Y^8?nk&h01c(e<# zn#xC@6l4*7aQx)S269E;yL${|OE<2}jM=QQ;)KaRrkkog^P>D`le>${Uf8$b)1Kp> zs|yMWF0X0_-=xd4u&0Y3+CqaAK$nqa%A?fkq#lyJoui-Hen2>X}amW4T zsHl&Pl3-Q+5SF_hB#eanpW7uIe*?#A_w<-e)@q~SyPJD|z&6%iOR!QgO3a%bavc#AD>^6l_mA0H!azv|NZlSo-Y>{7yA@;9CP`qRRbUn%6+e)_JqE@(-#Tj($SLZ+CP~bsy z^z=kD2pv1Nx#8&8SRE{FDJOU-zYL2!Y4}F2TC*4mHh4*NbaWfddEQmOd&^+c{tSn~ z1k|3gva*{asc|0Qw8G!sK8kJ7>0&1%@zj--rXaiP*RVBWzVhzUM4V8cKhnFInYN=G zH(rj*4J;8!8EBy5Shg7(^gc>&AhW&&K%fp5%101T+q}K=U2!!ZR+L`2pe;1(yhCD5 zwZLA;2r!@WQK-ns$WLFsz)Bk!GrmY|iT$d|OtY-O3CYmGMWK8=bZ|_=(b>~egE`;B z&DC`utbzl(e>s=PLdF(@$Qo;F>;K4_clR(EnVF@3${I-&7|nq*XIAU@RjD#F9Ja!- z1gAUx{SAmEZGM?Fa-d@lh@@~DD8%M>?%ZkX;BXAvqz+>)+VLR1jdqa4x`}xGPujwJ zjrkWlZqbNgA0GNlNuA6sD9GCRDA|r(xQNS{?CRYFpMIBcClzE-x)A0>$IUe54MLV{ z5YKI7rd=<`4U$-_CQ(64=M>`}9L2G*vBc3jiKCFeFf-JY%#xS?czdS-j34BuI)Bic zdm|o%rQaRgNkv&y6rbx8JJcqgxpGr3w#j*=j^6?ni&d~S!D(vw4hk!~PV_BJXp*+! z*WgV`k!x(MK7_Aw8b^7^?KuC1QSW&W@?d1=cj}_1HTsUh>3@C-(>ADeNNAuaxTPcrHRdNQYOyka!)+4~pt_Se?%`LR z;xnbVV}q7fEhKKOH~ewy)Ya|Slm*-y!(D7)Ma_K*%o**nUm81s`t?3R<$}}M49N5# zO;E?-RNO8Q>V&^~b0AxTn{2rwaMM6V%>xSL3uu>2xLgQhlQT=!U!rWP1^I{yYZ~lH zCiu;Dr4yU|b(q->0jx?`SqgmC)WAIw&;orf@uOty$OokjUf03z=V70$*Vfi9CpRq= z6BFxuqRFa7_Xe7xHZ?Q6iq)$~_dm)_vy2nS?9xW&ct6KH?@M@!S2w7Qj z=(&&|);AuKJ$mZYdgjW#!lRHK-s#T|KF`4lq}0^Zf;%qCq)Ex|YizU%>b>pm?R_vc zRSXGr(F4tL*c4;KurAeqW_0EIH*LSGYHF$oXUzJ|^&Mz>+qx9d`YfxIVcpv04@u z7P_>TibzHZ0gUm@th>A0*2$^4z=W}M*)l}U-VX0sxfY*Qo3UcUk-WUm9lIV^fIX2} z*E1>gbxsAwdp~^&w6d{TYiukBsv-@H2jbq;uaTU`k8PiyHdu7U^IHAuYulqIMoAFE z)@W)<+`D%Vl!lF+oh0gfNr@P^e{hY~PEJeofU`lfu=n>@z+N=MaRRq@2)rNV)8nJT z@2b%EV~6$~IkFUaoQa9NiHS*l&Du`{aQhXwH+5(=#3Ug)*1bHtRYpZ6C+V**r214z zInzX4$S#&HU5fJe_fOoltD&J`-itFv$e}!K6uCrNS{k|d=FO@(bLK2qw5Xx4Za)P6 z0|_6JB*5sp?lCk$heZuEFCHT1#U4bGY#KpPcA?gW4GpmOE{Mljcuy6aXct?-SY!Dp z3!^+du-4Tf9pP_A2VlmeeOgNzIH%HHIGOnLW(iBYVtfv6^)iTckbN8)b|_e zoVEKYtaXQkm(nQ~GAVfY2Jx!TxY1AzKg z4W8SD1hSHnb$$=x9jC6&zn46&{rZM~PG4U@@aeQd%k+=!L|h&=GXz-6GC}dyXhKH= z2RD-ik+|;JvqhU9@s`~U>t4gmwFDg}4-1F*+3qmBukUG|ofzK+)Lv&ArD)0Pt3LZd z-u1WIs95{?74S@)R;*r~3HkcRiWX(dl$3`&lRqTHrj?s_W*^34BcsF5WXY98Q$y+qe39R*cE(Z(E%W;ALmX4_goK$fL!PTdlU!K_L zGZ#S${GQ0RvabpPh7{k+h|59y-9z+iMMVWtafpeDDIuauU^oMX>B{wQ?}V2ATkEct z1-3xFh3IQt>T@|OYirQg8@QaLu3rBN++g$_kzWV_bX-8s-S9SA)$!xUm-D{1T24vr z2w=Sg{!3!L9JEK2I^=1iqodoX)C;`zI_trjLECF>-h2{kEhacNi=@1UIHQz$az!l| z8)%lcvZ~uaCu?84c=5SCkAqGC7kmLkoDB}^lYD!N{7&jB&RM& zLL_Grvo2fFWDTItH85H@m+%ZR2)7Vtv%1**&5dUws}CJmvmB zGtS1^z4OMP90a2@w6(J{cXmF)lV1!SAerA&p@-{k0=K79n$nUDi8{9rS~df41@yU! zPg8_JTD8h3G71pC{{UNtA{1TRzuwRQ1S%=35%6pHJ^Yjj1%R3w-0SN*GK-4VKt?7H z+!zW;Nl8h@(I3T-s)4h!D)aJ1NHvB;hl3ET%cg*faQRJkm08o#)4X;fbmidWztg>;!#64Q4Gor0j7EW=${<=D*66b5 zujA|8puV!ZCvyl$p>fKDE~*bq0LeZf$BO##)&K#p0HJ_%O}wcQ9Y9h)n8zMKySw-s zXZgX*^dPPxyvOhfvCXxg%sc?h3$;R^(_K(P3*UU9 zmo=l*kS={AxsHB14URAhG(H6XjehrIFNH9@s`H1Z0V^NwC<~Q+g!6yY>m|$gN=Rl^ zC)eE2fUMg+rTS^MrFP;Z-c2n#cY!_uVPeiZze#uwRB7j-`Ucr7 z1d%86&I~B~qfip>kaqztb`AD8{~L0y=zSrD@@I~B`d2Tngq+?T{yoYEXi*LkuBUpH z0H|_0bQSw`DM}TKRR+*p$t3cnann&fH_kwO9H+mvI*@?5h2v`?1mF>%Lx?i#e=%R@ zUH7lahQrdIgA+lKduYc@^~aB7Sa?aW0Ti5oJ6nWrkqTQAxuWOM%e$d(bO`56eWtQ} zAwti*<#NWldf&6c`I?qc=!pDa3fZy)Qd5EY%4(=&UH>3%Ritcc}65Wn3V;U zGj2e~MHl15QJ{w7^`fl(h_e)2ahe3|wfW)bzFeGAc0@N6uhW(&X@lDYn22!P7*?JX zS_5i1OF&7$Q0K$m87KWL`6GbnHRhxCfFD-V(Sg!n$ez3nUTd_q?Wd&9l;h%{m%vmJ zYTjW<6sS6P{@L>DPstVMK}`bn6c@P7#^Y}sX9^jr!V9FNkWys-P#L=!m_#Y3d=bA4 zshnkXunU{T&JRo5MO)*iN!DDV5)vM-K@C$91wg?Pk52;}n%U9eURqOj-w@Jegh-NE zX+Y}we*8ELCNYG$IG^^iz#NJ$PzKfFm-!=I+`%_M==-;pa)8z>^u1K?EVY%s@=l- zy!B2{l-)a99)1PoVKEd^t^nOjr_({?$m#Ja;%i|Y6XALlsj?* z>f2SmNb!5t=79F8f=nm{tq1iagrj;_Mx5oXzuzcQ%oKKJ3r$X3;Sc6QhcC~WWrCv& zXf3jCE0cQ)RgQir2!ajTv5P`MK6d%PFUPe+eHQt}6WlYhv(uo|$me#iWoEQhPkvbq zRiQcH$&UT0Oko%H9MdEgMfO%NSiHCiiXkN&7kd{M8Aw*3GGGEM3_qo)KC5{Der=#X z{~{HX6C8=gD>te$AQ(BYi$kGmp1&nd8(e8RqDB}}dyzL1z;k#dz?_lSAL=Aj`lBCJ~vZaRd#_rNgaC%{d^a1(O*c4V(IEKPIWeu+|! z%s41R;Cpis01Q##f4*n&tq)o>%MwlZf?K7)8x|0Q+B8i-h>9Z>i#>Z#rjwtJ+1lD3 z!9G!kDkObY&CdG<*>PCB)+SAnpzcWopr+1YmyVP=wr>GG+}yaX!FnYg^j|U!I@Z5A*1U%+~3V zCPXPnD)TY4C4fAUv>D!~AU7VA@vb0?g9P~_1vT!1n$8ix_3$2(n1nwesZB`Vk~c;^CATva2ZRgf1zp?(eu{DL2oO*VOmYB7 zBSIoS4h$fnf{?E}XTO9r-rHMl?%cV3-@h+{@KL~<7Y!45Ic+v z^)Lto6Ar$AW@U!Y=x^d~2*j3yWE7t4A3^l?BOoM{bpL#lP?Yxy3?WM>=}9Omx&{Tw zdU(5f2D|!)$OaI|a0%}F2YPrDy$K$F+9=8^${&_jKCGaGRZx&n(pFN24@E^;byWqs zKkZ#T2?2ixRFRd30S=kEx_bwZ14Fzd|Fj^GT|NJdW~Fl2&%!mz$V#6`a8_3jwp5Pr z{?jIm5FFwi81Sc=0*o&UkNX`DIWmaw=duSO%-fy7xT=JLH~JeoJkk4au+G{41$dfjkSY4t(D}p^=!R^ z)U|CKrYmJoGw(?iivqLLdoBFF*ll?<2 z{d}S{4I;xL&BN8)(F%r&3f=@&csYzVH1I;Yo0Ig+@#@xYm`Gbo z6;m~mpLZnL*4@I=+EvXe#N5m`(AL<@!_3GsBE%yyGAcA&UeVCaP}fffP1ZH`@bDwr zhD2D}kpm6o6;)Mze6)RWD3Yg@kB^c!$`GxJM4>$4F##cp{%-QFkw)lnTQgk~MI&8P z9Tk10zyNPEcN7YiN#By}ZyI8$7_3L|v~!E_G_ke}4lu`u==l2t+o5oZCgwN=4ABVf zui&QcjmD~akyP<08^&v>n44=yl98cgJ8fdPxxR9gqDi2sKN3SAn}o{~-Th!}D@b7- zBK+@V8i5Z|Ggr5W#Ca+Q!5y+WQr{-X&)36BG1AnE5r%G*B_;-qhuCJ z3XxYc5B0Jokc_ z1Ak8sy+8wFWt6*~nwd6M)r1rorlJ;Lr9cdJSMxSgQB?OfRkKvnLmDd)4PlJ%D3S^z zavWp#D8Z=u|LmCG+Xw#siwR1ok~bZf5C~C(k)Ad-qG*2D7mHoyXI?BnJ}PN*Kx35p zB0Edh32l>qHgUl2g57l&%5g8&D_%rGS=zPh21n3VO3m93Nq4b_7)maAO;F`;?+;dI z-ItZmu3&nclXqOPbM=E;&Mi0Mw-@mX$2tScS4HKOIzK$%kW*?FHp&rSe6q*<=x6aE zqfMNg>J+N6p7{PeDbDP4JY7#u(T%p7vpxBL@S=FafS-O?m}=Pk;F*MkEia0-M7p}V zc-4c&*_k(Q+Pt~zwx>CH=JnS3p_-(c8nsiWPJNi4&-gY!bOoI+J3VmwAhdCn=amm0 zH+=HsiKwjX&TZSa_22d72@Vdnu(y|9yOvYvO3Uev{k8tx(8%cV+qw`=LBVvVhN#Cw zLjofsBfQ6=l+*S1@0E2(-XWms^8M5B)An}lxHwI-iyCKMzs6v(*hW9q&9zRg+}zxU z4j*ozS(RlK7iSg~34VOnAdr%hg0FI6f)VsHg)^$E+^rb`NfeiQbaZvIb8=46=~7+QAA^@?ael-1x%chcmnFW9`5+-`|sGz2%raXVf(`V0i3#DLBQH>AZa&2a2=T~O^{ytu7 z_ntkdHWCdMm|YOL>og08J_eIBjl3EpgIlwDo-b!G)p3ziNGKycoxO{cpb_=;P-$uD ztGW=+n+|mtvLNPAp49N0p}>*sdv4gE+APmW+f;m@<~!-shs{^TtOj?H z3|;Z`HzvWsiitagQf-_fQFqNX>Wm2l31a7^jLVlr{RVEKU_915DJBHl_U#HDPj~6* z>wl@t^21tLolZ_>-LiFS-A|R;t4C#UO^_=i3k#WFzmmHwvGX4upPufy!86%eET_S? z?FlB-z0B<5sp4XhVsiFCD!23pXetu_(~``!`vi6N+V0)EUqSA2@$jTkN{!B(Ia51V zQC~$G)9 zYeYmwrckuanlL?8u(o4U#qoQEP6w1;y}D)ie&`;d(?ut!bjv*l&7OQ7YeThN*2=zk zF=KHts7t|+D1+M(wcKMT8s+r`Ah^x8yOs<60_c?`zhDLm8KUmT?H?Qdx5)dH!?D_MFWZI#S$rq1v zB+wAf5s2Dv@Q!zXOEuAN&0x^rX?S5=J_%t|iN3u&ey6>3h?*0=V^7W~8OvepuYS zvHk<{P1I<&Q|vMhYh$B!B)(gK|5{m@Ze`yU$NDe^tnu^n1LmgXJ4J2#wb~hfxo<8z zJA2>w50|v&B#yC>B$0n!H2PB=3kroQb^j@GwmkvTY3y#FQ}dUJ=S&XqN==Q8$Nl=N z9^28KV?J*cH)DPl{V#bM3xnx-yaP3}NgPM4mWxYSY)bJ`M(cy1MRT<`7O_ zS&2B8pFj5K*SZ{Z1c=Sb&E4AIlqrGE!&jnn#BbWy?BtPi;`%AH>U+?v==j3B21pOa zB;M3b+DVT{dILn$>>~eRy6ei~_wNR=vB$oA`NG)Rzt$Jxdojmi*OV2Nl$a1Ul};_= z?PobfL^8X}%yo0bV>VW&u2)vJtu9TGzJ0Vs^!+N3k(S<$a8c%02z+;RZdn)^gotVo z1{PsuXUF#J(aM)~Je8T53HibT`LcEE))dMsv7wqkgPC?Jo;qch5&8iSAKyzjefpBwFgiTI=#4{#8O>d{c3I*NgCZ^R;=lN7vkDzJ4lIuE4zn=j{mtZ1sLs$wt;IpVe=%!g!U@8!+H#$KE(3~X|%7FAQ@$q{#L zN##by{X~*Agp7@i5eV4Hd~3^dNv*B=bB{e__HOSjw`YMB+|DC=`QE*~XAhd|!~FR8 z_+V}5F($YMJYDKqp64&E)$u*PG;18L#Q9MizAjh-arydnR*j20Z7LidKR(S;xIVZ6 z`9qfC6LR8|XW>^5JwXc_wE$g%13l{hqmSaUg!# zjYh}&`Q4OqD)UK$IdQm8ZeP>1$Ki0jow>QWBR~`Kg)d)rbbq~dL*S9w4vw^+7aF3! zkFHJ?GeCl|u~BJzRif_|-WkhKd)EjYCZWMRaFR-QW7#R#SmoLb`}iQQq6h2i?(Vw38r1=E|{@#%l6Kh&4Fnyf}Txn9EYy_yX2aTKPy=i-Trn`)RLyG(v zhK7c_{@|1P?E&_{z(9ao{Y#fFy`)T{W&z(%fKUONXTYj9kmY-06sQ9Jpy^lp^iU|^ z0LAml-n%J+>SBPj0Q#Kf$CkM?*S}f;8ZsRT``FlD?GE9vRAW_2tEzTwY-|9`ZT=c{ z%pwhLE@+L(sUPcZ!V|uOw&fy*U)$7l$KXAGX$WZ>8aE~-EzQZxdq{(M z_%cB3^@<9BqoM@rEVGZV@5szd3Zz&vWwaNvnZ+n4Xns%ys5%8Gx%A;fVU3HFHYaZJ z{rfiq)&V~_0LK%VcM2wh{7I&aSeqQ!!@PqZ0ZFKg)XGhCnc65)a zgoMOM$B_j+ZS9lOhYHStf~;_?cLO{ty^@tyjUDbExb4ZgYu5?F^Sl&FsU)adl#7cf z#BvbSMk7YzNlS}%W#3ri$<3u#t`Fur$E64#i*o5IMM3}LGPq5MqN9k1!n+e z_e)6pl}E#Gjx0Pl4U$XfHu0qn3Uy{0nToNtPQ0MxIZ8S5sgaJmq1U$Wj4SPRu^k}) z{qO}!``Lr_>jJN18T%_eU9Ydgu{vtm2Q*m;XfiP%BTeC$MeVN(??rt3D$caHaSF9d zKwei9U-EyQAL8LS_H|dz*|R7Eu`}+p98=Kmy95NbLynjfAvq76H451}^y<|KfM@rn zgl!DbaLv4!^7gGmSGA!8L(+0+{oGYjQsM=YrZt`K^kMsZ*T1!wr>3%rA3V4piR2X) z7UtE8J9^K5=)fO6>rovtWu~X6ciFsHbGo~XgZSe7NsuS3Q=PDH=dT%~(bfJ#swTyn zLf_v-%Q3U_o_PAy@G6y>LeZCM!$=GWX~hYC{`@&&@`C4wxw*7z_ck$QWv=aeWsdv! zNSPHOM_wNVP?x`8!YB|xWi#pyS;zY>5I+7kaR=~nUIjc z$j!yCUlSg?G$wQI-^I;+W_sF-Q5O}e1?m%t2ZBRFEFB!ub8>c{%grqT!P2;VWilVW zf=+8`X?gncB??-p2EI#=T$*%!c1|)mHMI#wk|&Moff5lF6-B@_C8wpGZuih3k*Yr| zuzK^Ma}yZk1x#G+*(odzxtenD(ut%b7Q31N&?2wyhx&q?YM!r!%8uyc zuo|8;&yf(ILG zbEkIiQGtmc`9lgxfZlG4A09InT-@kXem;+WIxneviCsif5Y`&X7x=9Gwef=l3dePQ zZCTdL{EZ;Is5+y(xN@b7j*~ViRNY}~Yg-$$st6kDG*HbIkl*o98z3MS7z00e@W29x zJM-d&38+x+9Pxbz4lu(jg>)U>x5kamb(pQOpGn*yP!RhN*rw)Plr&kxF-^9!t&JuA z$I$zr**7$zh`EW$_%~ynDr~z%z`fjeCT3=4Y1{7_!7$my#qr&pq-Y5n$oTG`J=U{6 zZ=Kq?@pSR}^z`(-{?yW-XbDd@T8>P>TVoc0ml$b($$(06wLB?xy%~FNG<2~9y^?ivgWfk=c}B{*6FA%m-FDSxA0+prtm z^D;;}bVoqtr!+v&f_txje5%j1ry<@t4R1%|n&awoi9}*5WxThx;XddaW|A~cGoW&? z1=Ev!tsI*p9zd09n#V;0eYcfkkJL8!fHpo;o9iP`V-pHWg|!Cry?GuNi>I@NL)jTX zeKL#_phZ?zR%7`&!5sMK_k~k$ zYjgQC^aH5k+XE^`tFeyh_L6mMH8u)(x-2x*8~rwGCxbgUYHe)XJm0g5rz--(;cu6p zu$PqNtg)GLr9B&OEk7rKplz$MiLAy7L8m(jLpP4%>0w@L?H%w}>d=jKJpJ(3q4IND zE$u=<(RYQ=%W^@|689-XzRzn-X$3EdP$akmBmy%x{#;#R6ua5`4Vql!Mdjsp9gF^^ z2Ws%u!`Nsj;l@7IFC@a&3#gx0Wmq4KyFdlthv-uTQ()163ZOn`f}&T)%xou+7wSD$ ztZ+b4q-How;ONn#LEneNo59@xtelE@d;BbQZT(KuMOI#>eqi_xITRU!GkQTtEHg~dIyyQo^1M~xbpWnHeGnJqeQ9*m?c>|JJs|260Rn4DW3Omd2LTs<>rFE= z3VJCkdMu_kPYQjvx*CX~ea*N11k+}D-(H!RpP$f>Muwe6qm^FCZVl3e(v24I?g1Y}sy)|R&dJZ83RVpkhfARl@^9Ewy1_-(ZQD+Y z8}S|qlhIuHuo-x!1u63E@(RXZgEz&jtoe4QW*Q(CUtGk&nc_tTi8AVxt5?N=7*E1@7dcvTXMu>j!0pg8FxbC; zzb;v@gd%(_6|^|{(_22M#<+x%xK1p6mZo+jxfw6d*Sv2nuX&dWf?;g7=LRtNvs`JL z#n))L5=I^NFs2Tu9x*kRDe147kni(vGlYX)|9_Yv!Au-sF>I$ZEbDY_>6sZ%u~&ArBk|wG!P{`p!p2V&BJGweO`jP?z&+k2NdN@ z=E~um(iJY9Y^GA9X5UDztgcGVY7-9QtKGK#TwnhTHB2f+XXl3)WYUePW&*V!E9(Rh zM`>+s|4iQm1soYtpJTY|SZfBT8X=@e$HcSMAR`)VU)~J;GA9;CHNrElKUz}tLrg72 zda`+jI#?6v9J4l4W>z1w)&K?oJFon4GP@5`N79^nv}Tbtop_s1NP~PlAfV!7zG?j7 zBS!?FE`X}0^vWw!$b{g@7$g<@lBo2cp~2GH`oP>oj=!u!EyCQ~{GqskE3DCno2yw3 zSRg-!d>op{9^15OlZCAu4ajB++Su5z$jQldDX7P_fSLuh;v5nU$7R4FWaZ%C5o$h6 z(mZEgv6@B2Izz=R<9Pqgi2QgAI#1>?6lHqg4i#}MXSr(%%J#(m_~yE@II{DMXkXOV zE`!fKHqI&FDN=`B<6Z?!;)(_jq=xYc{#Oz!Vrzt z4GIEprQpe`g;w-ba|OoK+}wanzVp&X|Jl;pkj|0Ck>*l&FSaS&BOfnt)HBLQQ3;8b zYfD**{sXtRa&mJ1_iiEj?jINCu8M%&y?==bKj{lmCfs zt#LEQhx&zwA>xJ4xp{c(7eq}#J}dYSDucg}>*=2i0xT(o|>K{kpItU_V5C|MX{qks>ED zsDof~;xw~jKaZk*{&@c@(X8zD#<`2?AqQsX<_d?s!K+|IfoKE|SRwL@2iPB1=yW!) zR%T{qs_-%qqbUa$flEq3k>!Ywd>puqII*@C^>a+*m&L@7TIc)ZZQxaxx?ks?I=#fy zkEa8^QO0+d-oMYEFXw!3qyE7IL7)j(5cqugNm*z>w3k-!Fbqu-7TqOUmNyjq|z zNO_NS?;>by79U8MmPx^Gr~-4OTrxk1vjtDydRRPY{K6EMscA0PjwuTSkqEzl$Y zJ-h;(7J$EfvxWra8@?e*1;MaFfKS_^7aEeFG>4UhLj#7-4pIT?)WiY5R!|E;FeCZz z%?wCZp@NLqYahGQ0ZkxMY3rNEq1FW}=HbSgFRU*>f=Ye2$pyu&fe%*?fMABIp?qp{ z+aN`v(R5N#qXKd5PhsHEh!sD_6FzTY0MP8JgL>j}^ITB>#Li~07R zRK(H2;^IzgZEdB03XL#@sy7jI$OyopzQ6yxNSq^NC1WmQolBr@-Rt-bTu>L)Lc;So zA8;yLmO8cMes8{wm0QE!ntoC}V5Ydfdk{&19UcXS%3`m5U<#$gr-)w@netuj+x;;pdLBjKx{+OdZa0uW*APf{{ za2?khGuHi;s2zGJ@RaVc@$($E#@vXe z=4OzFV~Z16OCG;{no~i4NUR*oblJWp;E<$bHiHAfpw!M3J_ao2Tf{Mu69OEGLo9yz zqT}dz(J$YCa)U}y z|MqaEnTt3GLA?x;KRLHhalLyc!p{h7GR0SSeQmlFraAspoDzB)_hX*XKuSsqJf(BDZYjPfQr{E)mc(LRZYQC!b6ex; zio0JunJ}i!|Hdq&O z5Dtc3m6?mcerHi4zGyTMiA`Xz7A4FIxVrzIzW~F60?g*w%*+l)KjN=nzt%I@zhg8e z`N|-sp$ps;#`%EfrAX$74<9n>2ylU_T^?_`dhOcilaxKOFRd&r5Mcal-M&{8tfR+| zA5XugZa-jh{siEysGM9UHIh<^>4V=Bg))8%@U(%X=>SF4nmwGI0JnmNqYDSaupM@Q zR%M(P^D1nDl8wPmU}YqkYp!m&aNz>O5h9Tkz+JZh1FxWfAJLb|<^*5CLIUNmAGilv zt&E>FXE?PF0KotMj!{=7h;wQ?rr`omD@a$t=x-mjF__(up9$XG*G6W_iuIu&TKhJ? zT}w-gJlDH}p}=8Fb8>MdfCX0yx(ZaV0LaQ$Am5=B9b -- bash - -In order to replicate the container startup scripts execute this command: - -For Redis: - - /opt/bitnami/scripts/redis/entrypoint.sh /opt/bitnami/scripts/redis/run.sh - -{{- if .Values.sentinel.enabled }} - -For Redis Sentinel: - - /opt/bitnami/scripts/redis-sentinel/entrypoint.sh /opt/bitnami/scripts/redis-sentinel/run.sh - -{{- end }} -{{- else }} - -{{- if contains .Values.master.service.type "LoadBalancer" }} -{{- if not .Values.auth.enabled }} -{{ if and (not .Values.networkPolicy.enabled) (.Values.networkPolicy.allowExternal) }} - -------------------------------------------------------------------------------- - WARNING - - By specifying "master.service.type=LoadBalancer" and "auth.enabled=false" you have - most likely exposed the Redis® service externally without any authentication - mechanism. - - For security reasons, we strongly suggest that you switch to "ClusterIP" or - "NodePort". As alternative, you can also switch to "auth.enabled=true" - providing a valid password on "password" parameter. - -------------------------------------------------------------------------------- -{{- end }} -{{- end }} -{{- end }} - -{{- if eq .Values.architecture "replication" }} -{{- if .Values.sentinel.enabled }} - -Redis® can be accessed via port {{ .Values.sentinel.service.ports.redis }} on the following DNS name from within your cluster: - - {{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} for read only operations - -For read/write operations, first access the Redis® Sentinel cluster, which is available in port {{ .Values.sentinel.service.ports.sentinel }} using the same domain name above. - -{{- else }} - -Redis® can be accessed on the following DNS names from within your cluster: - - {{ printf "%s-master.%s.svc.%s" (include "common.names.fullname" .) .Release.Namespace .Values.clusterDomain }} for read/write operations (port {{ .Values.master.service.ports.redis }}) - {{ printf "%s-replicas.%s.svc.%s" (include "common.names.fullname" .) .Release.Namespace .Values.clusterDomain }} for read-only operations (port {{ .Values.replica.service.ports.redis }}) - -{{- end }} -{{- else }} - -Redis® can be accessed via port {{ .Values.master.service.ports.redis }} on the following DNS name from within your cluster: - - {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - -{{- end }} - -{{ if .Values.auth.enabled }} - -To get your password run: - - export REDIS_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "redis.secretName" . }} -o jsonpath="{.data.redis-password}" | base64 -d) - -{{- end }} - -To connect to your Redis® server: - -1. Run a Redis® pod that you can use as a client: - - kubectl run --namespace {{ .Release.Namespace }} redis-client --restart='Never' {{ if .Values.auth.enabled }} --env REDIS_PASSWORD=$REDIS_PASSWORD {{ end }} --image {{ template "redis.image" . }} --command -- sleep infinity - -{{- if .Values.tls.enabled }} - - Copy your TLS certificates to the pod: - - kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.cert redis-client:/tmp/client.cert - kubectl cp --namespace {{ .Release.Namespace }} /path/to/client.key redis-client:/tmp/client.key - kubectl cp --namespace {{ .Release.Namespace }} /path/to/CA.cert redis-client:/tmp/CA.cert - -{{- end }} - - Use the following command to attach to the pod: - - kubectl exec --tty -i redis-client \ - {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}--labels="{{ template "common.names.fullname" . }}-client=true" \{{- end }} - --namespace {{ .Release.Namespace }} -- bash - -2. Connect using the Redis® CLI: - -{{- if eq .Values.architecture "replication" }} - {{- if .Values.sentinel.enabled }} - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ template "common.names.fullname" . }} -p {{ .Values.sentinel.service.ports.redis }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Read only operations - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ template "common.names.fullname" . }} -p {{ .Values.sentinel.service.ports.sentinel }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} # Sentinel access - {{- else }} - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ printf "%s-master" (include "common.names.fullname" .) }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ printf "%s-replicas" (include "common.names.fullname" .) }}{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - {{- end }} -{{- else }} - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h {{ template "common.names.fullname" . }}-master{{ if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} -{{- end }} - -{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} - -Note: Since NetworkPolicy is enabled, only pods with label {{ template "common.names.fullname" . }}-client=true" will be able to connect to redis. - -{{- else }} - -To connect to your database from outside the cluster execute the following commands: - -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} -{{- if contains "NodePort" .Values.sentinel.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- else if contains "LoadBalancer" .Values.sentinel.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $SERVICE_IP -p {{ .Values.sentinel.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- else if contains "ClusterIP" .Values.sentinel.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} {{ .Values.sentinel.service.ports.redis }}:{{ .Values.sentinel.service.ports.redis }} & - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h 127.0.0.1 -p {{ .Values.sentinel.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- end }} -{{- else }} -{{- if contains "NodePort" .Values.master.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ printf "%s-master" (include "common.names.fullname" .) }}) - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $NODE_IP -p $NODE_PORT {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- else if contains "LoadBalancer" .Values.master.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ printf "%s-master" (include "common.names.fullname" .) }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h $SERVICE_IP -p {{ .Values.master.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- else if contains "ClusterIP" .Values.master.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ printf "%s-master" (include "common.names.fullname" .) }} {{ .Values.master.service.ports.redis }}:{{ .Values.master.service.ports.redis }} & - {{ if .Values.auth.enabled }}REDISCLI_AUTH="$REDIS_PASSWORD" {{ end }}redis-cli -h 127.0.0.1 -p {{ .Values.master.service.ports.redis }} {{- if .Values.tls.enabled }} --tls --cert /tmp/client.cert --key /tmp/client.key --cacert /tmp/CA.cert{{ end }} - -{{- end }} -{{- end }} - -{{- end }} -{{- end }} -{{- include "redis.checkRollingTags" . }} -{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} -{{- include "common.warnings.rollingTag" .Values.sysctl.image }} -{{- include "redis.validateValues" . }} - -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled (eq .Values.sentinel.service.type "NodePort") (not .Release.IsUpgrade ) }} -{{- if $.Values.sentinel.service.nodePorts.sentinel }} -No need to upgrade, ports and nodeports have been set from values -{{- else }} -#!#!#!#!#!#!#!# IMPORTANT #!#!#!#!#!#!#!# -YOU NEED TO PERFORM AN UPGRADE FOR THE SERVICES AND WORKLOAD TO BE CREATED -{{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/_helpers.tpl b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/_helpers.tpl deleted file mode 100644 index f6f47d9..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/_helpers.tpl +++ /dev/null @@ -1,291 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Return the proper Redis image name -*/}} -{{- define "redis.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Redis Sentinel image name -*/}} -{{- define "redis.sentinel.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.sentinel.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "redis.metrics.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "redis.volumePermissions.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return sysctl image -*/}} -{{- define "redis.sysctl.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.sysctl.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "redis.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.sentinel.image .Values.metrics.image .Values.volumePermissions.image .Values.sysctl.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for networkpolicy. -*/}} -{{- define "networkPolicy.apiVersion" -}} -{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "extensions/v1beta1" -}} -{{- else -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiGroup for PodSecurityPolicy. -*/}} -{{- define "podSecurityPolicy.apiGroup" -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -{{- print "policy" -}} -{{- else -}} -{{- print "extensions" -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a TLS secret object should be created -*/}} -{{- define "redis.createTlsSecret" -}} -{{- if and .Values.tls.enabled .Values.tls.autoGenerated (and (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret)) }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Return the secret containing Redis TLS certificates -*/}} -{{- define "redis.tlsSecretName" -}} -{{- $secretName := coalesce .Values.tls.existingSecret .Values.tls.certificatesSecret -}} -{{- if $secretName -}} - {{- printf "%s" (tpl $secretName $) -}} -{{- else -}} - {{- printf "%s-crt" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the cert file. -*/}} -{{- define "redis.tlsCert" -}} -{{- if (include "redis.createTlsSecret" . ) -}} - {{- printf "/opt/bitnami/redis/certs/%s" "tls.crt" -}} -{{- else -}} - {{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/redis/certs/%s" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the cert key file. -*/}} -{{- define "redis.tlsCertKey" -}} -{{- if (include "redis.createTlsSecret" . ) -}} - {{- printf "/opt/bitnami/redis/certs/%s" "tls.key" -}} -{{- else -}} - {{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/redis/certs/%s" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the CA cert file. -*/}} -{{- define "redis.tlsCACert" -}} -{{- if (include "redis.createTlsSecret" . ) -}} - {{- printf "/opt/bitnami/redis/certs/%s" "ca.crt" -}} -{{- else -}} - {{- required "Certificate CA filename is required when TLS in enabled" .Values.tls.certCAFilename | printf "/opt/bitnami/redis/certs/%s" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the path to the DH params file. -*/}} -{{- define "redis.tlsDHParams" -}} -{{- if .Values.tls.dhParamsFilename -}} -{{- printf "/opt/bitnami/redis/certs/%s" .Values.tls.dhParamsFilename -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "redis.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Return the configuration configmap name -*/}} -{{- define "redis.configmapName" -}} -{{- if .Values.existingConfigmap -}} - {{- printf "%s" (tpl .Values.existingConfigmap $) -}} -{{- else -}} - {{- printf "%s-configuration" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Return true if a configmap object should be created -*/}} -{{- define "redis.createConfigmap" -}} -{{- if empty .Values.existingConfigmap }} - {{- true -}} -{{- end -}} -{{- end -}} - -{{/* -Get the password secret. -*/}} -{{- define "redis.secretName" -}} -{{- if .Values.auth.existingSecret -}} -{{- printf "%s" .Values.auth.existingSecret -}} -{{- else -}} -{{- printf "%s" (include "common.names.fullname" .) -}} -{{- end -}} -{{- end -}} - -{{/* -Get the password key to be retrieved from Redis® secret. -*/}} -{{- define "redis.secretPasswordKey" -}} -{{- if and .Values.auth.existingSecret .Values.auth.existingSecretPasswordKey -}} -{{- printf "%s" .Values.auth.existingSecretPasswordKey -}} -{{- else -}} -{{- printf "redis-password" -}} -{{- end -}} -{{- end -}} - - -{{/* -Returns the available value for certain key in an existing secret (if it exists), -otherwise it generates a random value. -*/}} -{{- define "getValueFromSecret" }} - {{- $len := (default 16 .Length) | int -}} - {{- $obj := (lookup "v1" "Secret" .Namespace .Name).data -}} - {{- if $obj }} - {{- index $obj .Key | b64dec -}} - {{- else -}} - {{- randAlphaNum $len -}} - {{- end -}} -{{- end }} - -{{/* -Return Redis® password -*/}} -{{- define "redis.password" -}} -{{- if not (empty .Values.global.redis.password) }} - {{- .Values.global.redis.password -}} -{{- else if not (empty .Values.auth.password) -}} - {{- .Values.auth.password -}} -{{- else -}} - {{- include "getValueFromSecret" (dict "Namespace" .Release.Namespace "Name" (include "common.names.fullname" .) "Length" 10 "Key" "redis-password") -}} -{{- end -}} -{{- end -}} - -{{/* Check if there are rolling tags in the images */}} -{{- define "redis.checkRollingTags" -}} -{{- include "common.warnings.rollingTag" .Values.image }} -{{- include "common.warnings.rollingTag" .Values.sentinel.image }} -{{- include "common.warnings.rollingTag" .Values.metrics.image }} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "redis.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "redis.validateValues.topologySpreadConstraints" .) -}} -{{- $messages := append $messages (include "redis.validateValues.architecture" .) -}} -{{- $messages := append $messages (include "redis.validateValues.podSecurityPolicy.create" .) -}} -{{- $messages := append $messages (include "redis.validateValues.tls" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* Validate values of Redis® - spreadConstrainsts K8s version */}} -{{- define "redis.validateValues.topologySpreadConstraints" -}} -{{- if and (semverCompare "<1.16-0" .Capabilities.KubeVersion.GitVersion) .Values.replica.topologySpreadConstraints -}} -redis: topologySpreadConstraints - Pod Topology Spread Constraints are only available on K8s >= 1.16 - Find more information at https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -{{- end -}} -{{- end -}} - -{{/* Validate values of Redis® - must provide a valid architecture */}} -{{- define "redis.validateValues.architecture" -}} -{{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "replication") -}} -redis: architecture - Invalid architecture selected. Valid values are "standalone" and - "replication". Please set a valid architecture (--set architecture="xxxx") -{{- end -}} -{{- if and .Values.sentinel.enabled (not (eq .Values.architecture "replication")) }} -redis: architecture - Using redis sentinel on standalone mode is not supported. - To deploy redis sentinel, please select the "replication" mode - (--set "architecture=replication,sentinel.enabled=true") -{{- end -}} -{{- end -}} - -{{/* Validate values of Redis® - PodSecurityPolicy create */}} -{{- define "redis.validateValues.podSecurityPolicy.create" -}} -{{- if and .Values.podSecurityPolicy.create (not .Values.podSecurityPolicy.enabled) }} -redis: podSecurityPolicy.create - In order to create PodSecurityPolicy, you also need to enable - podSecurityPolicy.enabled field -{{- end -}} -{{- end -}} - -{{/* Validate values of Redis® - TLS enabled */}} -{{- define "redis.validateValues.tls" -}} -{{- if and .Values.tls.enabled (not .Values.tls.autoGenerated) (not .Values.tls.existingSecret) (not .Values.tls.certificatesSecret) }} -redis: tls.enabled - In order to enable TLS, you also need to provide - an existing secret containing the TLS certificates or - enable auto-generated certificates. -{{- end -}} -{{- end -}} - -{{/* Define the suffix utilized for external-dns */}} -{{- define "redis.externalDNS.suffix" -}} -{{ printf "%s.%s" (include "common.names.fullname" .) .Values.useExternalDNS.suffix }} -{{- end -}} - -{{/* Compile all annotations utilized for external-dns */}} -{{- define "redis.externalDNS.annotations" -}} -{{- if .Values.useExternalDNS.enabled }} -{{ .Values.useExternalDNS.annotationKey }}hostname: {{ include "redis.externalDNS.suffix" . }} -{{- range $key, $val := .Values.useExternalDNS.additionalAnnotations }} -{{ $.Values.useExternalDNS.annotationKey }}{{ $key }}: {{ $val | quote }} -{{- end }} -{{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/configmap.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/configmap.yaml deleted file mode 100644 index 9e70a38..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/configmap.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if (include "redis.createConfigmap" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-configuration" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - redis.conf: |- - # User-supplied common configuration: - {{- if .Values.commonConfiguration }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonConfiguration "context" $ ) | nindent 4 }} - {{- end }} - # End of common configuration - master.conf: |- - dir {{ .Values.master.persistence.path }} - # User-supplied master configuration: - {{- if .Values.master.configuration }} - {{- include "common.tplvalues.render" ( dict "value" .Values.master.configuration "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.master.disableCommands }} - {{- range .Values.master.disableCommands }} - rename-command {{ . }} "" - {{- end }} - {{- end }} - # End of master configuration - replica.conf: |- - dir {{ .Values.replica.persistence.path }} - # User-supplied replica configuration: - {{- if .Values.replica.configuration }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.configuration "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.replica.disableCommands }} - {{- range .Values.replica.disableCommands }} - rename-command {{ . }} "" - {{- end }} - {{- end }} - # End of replica configuration - {{- if .Values.sentinel.enabled }} - sentinel.conf: |- - dir "/tmp" - port {{ .Values.sentinel.containerPorts.sentinel }} - sentinel monitor {{ .Values.sentinel.masterSet }} {{ template "common.names.fullname" . }}-node-0.{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} {{ .Values.sentinel.service.ports.redis }} {{ .Values.sentinel.quorum }} - sentinel down-after-milliseconds {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.downAfterMilliseconds }} - sentinel failover-timeout {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.failoverTimeout }} - sentinel parallel-syncs {{ .Values.sentinel.masterSet }} {{ .Values.sentinel.parallelSyncs }} - # User-supplied sentinel configuration: - {{- if .Values.sentinel.configuration }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.configuration "context" $ ) | nindent 4 }} - {{- end }} - # End of sentinel configuration - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/extra-list.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/headless-svc.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/headless-svc.yaml deleted file mode 100644 index d798a0b..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/headless-svc.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-headless" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- include "redis.externalDNS.annotations" . | nindent 4 }} -spec: - type: ClusterIP - clusterIP: None - {{- if .Values.sentinel.enabled }} - publishNotReadyAddresses: true - {{- end }} - ports: - - name: tcp-redis - port: {{ if .Values.sentinel.enabled }}{{ .Values.sentinel.service.ports.redis }}{{ else }}{{ .Values.master.service.ports.redis }}{{ end }} - targetPort: redis - {{- if .Values.sentinel.enabled }} - - name: tcp-sentinel - port: {{ .Values.sentinel.service.ports.sentinel }} - targetPort: redis-sentinel - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/health-configmap.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/health-configmap.yaml deleted file mode 100644 index 41f3145..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/health-configmap.yaml +++ /dev/null @@ -1,192 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-health" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - ping_readiness_local.sh: |- - #!/bin/bash - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" - response=$( - timeout -s 3 $1 \ - redis-cli \ - -h localhost \ -{{- if .Values.tls.enabled }} - -p $REDIS_TLS_PORT \ - --tls \ - --cacert {{ template "redis.tlsCACert" . }} \ - {{- if .Values.tls.authClients }} - --cert {{ template "redis.tlsCert" . }} \ - --key {{ template "redis.tlsCertKey" . }} \ - {{- end }} -{{- else }} - -p $REDIS_PORT \ -{{- end }} - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - if [ "$response" != "PONG" ]; then - echo "$response" - exit 1 - fi - ping_liveness_local.sh: |- - #!/bin/bash - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" - response=$( - timeout -s 3 $1 \ - redis-cli \ - -h localhost \ -{{- if .Values.tls.enabled }} - -p $REDIS_TLS_PORT \ - --tls \ - --cacert {{ template "redis.tlsCACert" . }} \ - {{- if .Values.tls.authClients }} - --cert {{ template "redis.tlsCert" . }} \ - --key {{ template "redis.tlsCertKey" . }} \ - {{- end }} -{{- else }} - -p $REDIS_PORT \ -{{- end }} - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') - if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ] && [ "$responseFirstWord" != "MASTERDOWN" ]; then - echo "$response" - exit 1 - fi -{{- if .Values.sentinel.enabled }} - ping_sentinel.sh: |- - #!/bin/bash - -{{- if .Values.auth.sentinel }} - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" -{{- end }} - response=$( - timeout -s 3 $1 \ - redis-cli \ - -h localhost \ -{{- if .Values.tls.enabled }} - -p $REDIS_SENTINEL_TLS_PORT_NUMBER \ - --tls \ - --cacert "$REDIS_SENTINEL_TLS_CA_FILE" \ - {{- if .Values.tls.authClients }} - --cert "$REDIS_SENTINEL_TLS_CERT_FILE" \ - --key "$REDIS_SENTINEL_TLS_KEY_FILE" \ - {{- end }} -{{- else }} - -p $REDIS_SENTINEL_PORT \ -{{- end }} - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - if [ "$response" != "PONG" ]; then - echo "$response" - exit 1 - fi - parse_sentinels.awk: |- - /ip/ {FOUND_IP=1} - /port/ {FOUND_PORT=1} - /runid/ {FOUND_RUNID=1} - !/ip|port|runid/ { - if (FOUND_IP==1) { - IP=$1; FOUND_IP=0; - } - else if (FOUND_PORT==1) { - PORT=$1; - FOUND_PORT=0; - } else if (FOUND_RUNID==1) { - printf "\nsentinel known-sentinel {{ .Values.sentinel.masterSet }} %s %s %s", IP, PORT, $0; FOUND_RUNID=0; - } - } -{{- end }} - ping_readiness_master.sh: |- - #!/bin/bash - - [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" - [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" - response=$( - timeout -s 3 $1 \ - redis-cli \ - -h $REDIS_MASTER_HOST \ - -p $REDIS_MASTER_PORT_NUMBER \ -{{- if .Values.tls.enabled }} - --tls \ - --cacert {{ template "redis.tlsCACert" . }} \ - {{- if .Values.tls.authClients }} - --cert {{ template "redis.tlsCert" . }} \ - --key {{ template "redis.tlsCertKey" . }} \ - {{- end }} -{{- end }} - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - if [ "$response" != "PONG" ]; then - echo "$response" - exit 1 - fi - ping_liveness_master.sh: |- - #!/bin/bash - - [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" - [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD" - response=$( - timeout -s 3 $1 \ - redis-cli \ - -h $REDIS_MASTER_HOST \ - -p $REDIS_MASTER_PORT_NUMBER \ -{{- if .Values.tls.enabled }} - --tls \ - --cacert {{ template "redis.tlsCACert" . }} \ - {{- if .Values.tls.authClients }} - --cert {{ template "redis.tlsCert" . }} \ - --key {{ template "redis.tlsCertKey" . }} \ - {{- end }} -{{- end }} - ping - ) - if [ "$?" -eq "124" ]; then - echo "Timed out" - exit 1 - fi - responseFirstWord=$(echo $response | head -n1 | awk '{print $1;}') - if [ "$response" != "PONG" ] && [ "$responseFirstWord" != "LOADING" ]; then - echo "$response" - exit 1 - fi - ping_readiness_local_and_master.sh: |- - script_dir="$(dirname "$0")" - exit_status=0 - "$script_dir/ping_readiness_local.sh" $1 || exit_status=$? - "$script_dir/ping_readiness_master.sh" $1 || exit_status=$? - exit $exit_status - ping_liveness_local_and_master.sh: |- - script_dir="$(dirname "$0")" - exit_status=0 - "$script_dir/ping_liveness_local.sh" $1 || exit_status=$? - "$script_dir/ping_liveness_master.sh" $1 || exit_status=$? - exit $exit_status diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/master/application.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/master/application.yaml deleted file mode 100644 index 85d5847..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/master/application.yaml +++ /dev/null @@ -1,473 +0,0 @@ -{{- if or (not (eq .Values.architecture "replication")) (not .Values.sentinel.enabled) }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: {{ .Values.master.kind }} -metadata: - name: {{ printf "%s-master" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: master - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.master.count }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: master - {{- if (eq .Values.master.kind "StatefulSet") }} - serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }} - {{- end }} - {{- if .Values.master.updateStrategy }} - {{- if (eq .Values.master.kind "Deployment") }} - strategy: {{- toYaml .Values.master.updateStrategy | nindent 4 }} - {{- else }} - updateStrategy: {{- toYaml .Values.master.updateStrategy | nindent 4 }} - {{- end }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: master - {{- if .Values.master.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.master.podLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }} - {{- end }} - annotations: - {{- if (include "redis.createConfigmap" .) }} - checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- end }} - checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }} - checksum/scripts: {{ include (print $.Template.BasePath "/scripts-configmap.yaml") . | sha256sum }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- if .Values.master.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.master.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - spec: - {{- include "redis.imagePullSecrets" . | nindent 6 }} - {{- if .Values.master.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.master.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.master.podSecurityContext.enabled }} - securityContext: {{- omit .Values.master.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "redis.serviceAccountName" . }} - {{- if .Values.master.priorityClassName }} - priorityClassName: {{ .Values.master.priorityClassName | quote }} - {{- end }} - {{- if .Values.master.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.master.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.master.podAffinityPreset "component" "master" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.master.podAntiAffinityPreset "component" "master" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.master.nodeAffinityPreset.type "key" .Values.master.nodeAffinityPreset.key "values" .Values.master.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.master.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.master.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.master.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.master.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.master.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.master.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.master.shareProcessNamespace }} - shareProcessNamespace: {{ .Values.master.shareProcessNamespace }} - {{- end }} - {{- if .Values.master.schedulerName }} - schedulerName: {{ .Values.master.schedulerName | quote }} - {{- end }} - {{- if .Values.master.dnsPolicy }} - dnsPolicy: {{ .Values.master.dnsPolicy }} - {{- end }} - {{- if .Values.master.dnsConfig }} - dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.master.dnsConfig "context" $) | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.master.terminationGracePeriodSeconds }} - containers: - - name: redis - image: {{ template "redis.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.master.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.master.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.master.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.master.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.master.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.master.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.master.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.master.args "context" $) | nindent 12 }} - {{- else }} - args: - - -c - - /opt/bitnami/scripts/start-scripts/start-master.sh - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: REDIS_REPLICATION_MODE - value: master - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} - {{- if .Values.auth.enabled }} - {{- if .Values.auth.usePasswordFiles }} - - name: REDIS_PASSWORD_FILE - value: "/opt/bitnami/redis/secrets/redis-password" - {{- else }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - {{- end }} - {{- end }} - - name: REDIS_TLS_ENABLED - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: REDIS_TLS_PORT - value: {{ .Values.master.containerPorts.redis | quote }} - - name: REDIS_TLS_AUTH_CLIENTS - value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} - - name: REDIS_TLS_CERT_FILE - value: {{ template "redis.tlsCert" . }} - - name: REDIS_TLS_KEY_FILE - value: {{ template "redis.tlsCertKey" . }} - - name: REDIS_TLS_CA_FILE - value: {{ template "redis.tlsCACert" . }} - {{- if .Values.tls.dhParamsFilename }} - - name: REDIS_TLS_DH_PARAMS_FILE - value: {{ template "redis.tlsDHParams" . }} - {{- end }} - {{- else }} - - name: REDIS_PORT - value: {{ .Values.master.containerPorts.redis | quote }} - {{- end }} - {{- if .Values.master.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.master.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.master.extraEnvVarsCM .Values.master.extraEnvVarsSecret }} - envFrom: - {{- if .Values.master.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.master.extraEnvVarsCM }} - {{- end }} - {{- if .Values.master.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.master.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: redis - containerPort: {{ .Values.master.containerPorts.redis }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.master.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.master.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: redis - {{- else if .Values.master.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.master.livenessProbe.enabled }} - livenessProbe: - initialDelaySeconds: {{ .Values.master.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.master.livenessProbe.periodSeconds }} - # One second longer than command timeout should prevent generation of zombie processes. - timeoutSeconds: {{ add1 .Values.master.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.master.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.master.livenessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_liveness_local.sh {{ .Values.master.livenessProbe.timeoutSeconds }} - {{- else if .Values.master.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.master.readinessProbe.enabled }} - readinessProbe: - initialDelaySeconds: {{ .Values.master.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.master.readinessProbe.periodSeconds }} - timeoutSeconds: {{ add1 .Values.master.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.master.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.master.readinessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_readiness_local.sh {{ .Values.master.readinessProbe.timeoutSeconds }} - {{- else if .Values.master.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.master.resources }} - resources: {{- toYaml .Values.master.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: start-scripts - mountPath: /opt/bitnami/scripts/start-scripts - - name: health - mountPath: /health - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - mountPath: /opt/bitnami/redis/secrets/ - {{- end }} - - name: redis-data - mountPath: {{ .Values.master.persistence.path }} - subPath: {{ .Values.master.persistence.subPath }} - - name: config - mountPath: /opt/bitnami/redis/mounted-etc - - name: redis-tmp-conf - mountPath: /opt/bitnami/redis/etc/ - - name: tmp - mountPath: /tmp - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.master.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.master.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ include "redis.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -c - - | - if [[ -f '/secrets/redis-password' ]]; then - export REDIS_PASSWORD=$(cat /secrets/redis-password) - fi - redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: REDIS_ALIAS - value: {{ template "common.names.fullname" . }} - {{- if .Values.auth.enabled }} - - name: REDIS_USER - value: default - {{- if (not .Values.auth.usePasswordFiles) }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - {{- end }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: REDIS_ADDR - value: rediss://{{ .Values.metrics.redisTargetHost }}:{{ .Values.master.containerPorts.redis }} - {{- if .Values.tls.authClients }} - - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE - value: {{ template "redis.tlsCertKey" . }} - - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE - value: {{ template "redis.tlsCert" . }} - {{- end }} - - name: REDIS_EXPORTER_TLS_CA_CERT_FILE - value: {{ template "redis.tlsCACert" . }} - {{- end }} - {{- if .Values.metrics.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - ports: - - name: metrics - containerPort: 9121 - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - mountPath: /secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.metrics.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.master.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.master.sidecars "context" $) | nindent 8 }} - {{- end }} - {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.master.persistence.enabled .Values.master.podSecurityContext.enabled .Values.master.containerSecurityContext.enabled }} - {{- if or .Values.master.initContainers $needsVolumePermissions .Values.sysctl.enabled }} - initContainers: - {{- if .Values.master.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.master.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if $needsVolumePermissions }} - - name: volume-permissions - image: {{ include "redis.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.master.persistence.path }} - {{- else }} - chown -R {{ .Values.master.containerSecurityContext.runAsUser }}:{{ .Values.master.podSecurityContext.fsGroup }} {{ .Values.master.persistence.path }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: redis-data - mountPath: {{ .Values.master.persistence.path }} - subPath: {{ .Values.master.persistence.subPath }} - {{- end }} - {{- if .Values.sysctl.enabled }} - - name: init-sysctl - image: {{ include "redis.sysctl.image" . }} - imagePullPolicy: {{ default "" .Values.sysctl.image.pullPolicy | quote }} - securityContext: - privileged: true - runAsUser: 0 - {{- if .Values.sysctl.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.sysctl.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sysctl.resources }} - resources: {{- toYaml .Values.sysctl.resources | nindent 12 }} - {{- end }} - {{- if .Values.sysctl.mountHostSys }} - volumeMounts: - - name: host-sys - mountPath: /host-sys - {{- end }} - {{- end }} - {{- end }} - volumes: - - name: start-scripts - configMap: - name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} - defaultMode: 0755 - - name: health - configMap: - name: {{ printf "%s-health" (include "common.names.fullname" .) }} - defaultMode: 0755 - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - secret: - secretName: {{ template "redis.secretName" . }} - items: - - key: {{ template "redis.secretPasswordKey" . }} - path: redis-password - {{- end }} - - name: config - configMap: - name: {{ include "redis.configmapName" . }} - {{- if .Values.sysctl.mountHostSys }} - - name: host-sys - hostPath: - path: /sys - {{- end }} - - name: redis-tmp-conf - {{- if .Values.master.persistence.medium }} - emptyDir: - medium: {{ .Values.master.persistence.medium | quote }} - {{- if .Values.master.persistence.sizeLimit }} - sizeLimit: {{ .Values.master.persistence.sizeLimit | quote }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - - name: tmp - {{- if .Values.master.persistence.medium }} - emptyDir: - medium: {{ .Values.master.persistence.medium | quote }} - {{- if .Values.master.persistence.sizeLimit }} - sizeLimit: {{ .Values.master.persistence.sizeLimit | quote }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.tls.enabled }} - - name: redis-certificates - secret: - secretName: {{ include "redis.tlsSecretName" . }} - defaultMode: 256 - {{- end }} - {{- if .Values.master.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.master.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if not .Values.master.persistence.enabled }} - - name: redis-data - {{- if .Values.master.persistence.medium }} - emptyDir: { - medium: {{ .Values.master.persistence.medium | quote }} - } - {{- else }} - emptyDir: {} - {{- end }} - {{- else if .Values.master.persistence.existingClaim }} - - name: redis-data - persistentVolumeClaim: - claimName: {{ printf "%s" (tpl .Values.master.persistence.existingClaim .) }} - {{- else if (eq .Values.master.kind "Deployment") }} - - name: redis-data - persistentVolumeClaim: - claimName: {{ printf "redis-data-%s-master" (include "common.names.fullname" .) }} - {{- else }} - volumeClaimTemplates: - - metadata: - name: redis-data - labels: {{- include "common.labels.matchLabels" . | nindent 10 }} - app.kubernetes.io/component: master - {{- if .Values.master.persistence.annotations }} - annotations: {{- toYaml .Values.master.persistence.annotations | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.master.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.master.persistence.size | quote }} - {{- if .Values.master.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.selector "context" $) | nindent 10 }} - {{- end }} - {{- if .Values.master.persistence.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.dataSource "context" $) | nindent 10 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.master.persistence "global" .Values.global) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/master/psp.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/master/psp.yaml deleted file mode 100644 index 2ba93b6..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/master/psp.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} -{{- if and $pspAvailable .Values.podSecurityPolicy.create }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ printf "%s-master" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - allowPrivilegeEscalation: false - fsGroup: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.master.podSecurityContext.fsGroup }} - max: {{ .Values.master.podSecurityContext.fsGroup }} - hostIPC: false - hostNetwork: false - hostPID: false - privileged: false - readOnlyRootFilesystem: false - requiredDropCapabilities: - - ALL - runAsUser: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.master.containerSecurityContext.runAsUser }} - max: {{ .Values.master.containerSecurityContext.runAsUser }} - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: {{ .Values.master.containerSecurityContext.runAsUser }} - max: {{ .Values.master.containerSecurityContext.runAsUser }} - volumes: - - 'configMap' - - 'secret' - - 'emptyDir' - - 'persistentVolumeClaim' -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/master/pvc.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/master/pvc.yaml deleted file mode 100644 index e5fddb0..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/master/pvc.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if and (eq .Values.architecture "standalone") (eq .Values.master.kind "Deployment") (.Values.master.persistence.enabled) (not .Values.master.persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ printf "redis-data-%s-master" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: master - {{- if .Values.master.persistence.annotations }} - annotations: {{- toYaml .Values.master.persistence.annotations | nindent 4 }} - {{- end }} -spec: - accessModes: - {{- range .Values.master.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.master.persistence.size | quote }} - {{- if .Values.master.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.selector "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.master.persistence.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.dataSource "context" $) | nindent 4 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.master.persistence "global" .Values.global) | nindent 2 }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/master/service.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/master/service.yaml deleted file mode 100644 index 92b513a..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/master/service.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if not .Values.sentinel.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-master" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: master - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.master.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.master.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.master.service.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.master.service.type }} - {{- if or (eq .Values.master.service.type "LoadBalancer") (eq .Values.master.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.master.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if (semverCompare ">=1.22-0" (include "common.capabilities.kubeVersion" .)) }} - internalTrafficPolicy: {{ .Values.master.service.internalTrafficPolicy }} - {{- end }} - {{- if and (eq .Values.master.service.type "LoadBalancer") (not (empty .Values.master.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.master.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.master.service.type "LoadBalancer") (not (empty .Values.master.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ .Values.master.service.loadBalancerSourceRanges }} - {{- end }} - {{- if and .Values.master.service.clusterIP (eq .Values.master.service.type "ClusterIP") }} - clusterIP: {{ .Values.master.service.clusterIP }} - {{- end }} - {{- if .Values.master.service.sessionAffinity }} - sessionAffinity: {{ .Values.master.service.sessionAffinity }} - {{- end }} - {{- if .Values.master.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.master.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - ports: - - name: tcp-redis - port: {{ .Values.master.service.ports.redis }} - targetPort: redis - {{- if and (or (eq .Values.master.service.type "NodePort") (eq .Values.master.service.type "LoadBalancer")) .Values.master.service.nodePorts.redis}} - nodePort: {{ .Values.master.service.nodePorts.redis}} - {{- else if eq .Values.master.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.master.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.master.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: master -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/metrics-svc.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/metrics-svc.yaml deleted file mode 100644 index 13c552f..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/metrics-svc.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Values.metrics.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-metrics" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: metrics - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.metrics.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.metrics.service.type }} - {{- if eq .Values.metrics.service.type "LoadBalancer" }} - externalTrafficPolicy: {{ .Values.metrics.service.externalTrafficPolicy }} - {{- end }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.metrics.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - name: http-metrics - port: {{ .Values.metrics.service.port }} - protocol: TCP - targetPort: metrics - {{- if .Values.metrics.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/networkpolicy.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/networkpolicy.yaml deleted file mode 100644 index 64c0505..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/networkpolicy.yaml +++ /dev/null @@ -1,78 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -kind: NetworkPolicy -apiVersion: {{ template "networkPolicy.apiVersion" . }} -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - podSelector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - policyTypes: - - Ingress - {{- if or (eq .Values.architecture "replication") .Values.networkPolicy.extraEgress }} - - Egress - egress: - {{- if eq .Values.architecture "replication" }} - # Allow dns resolution - - ports: - - port: 53 - protocol: UDP - # Allow outbound connections to other cluster pods - - ports: - - port: {{ .Values.master.containerPorts.redis }} - {{- if .Values.sentinel.enabled }} - - port: {{ .Values.sentinel.containerPorts.sentinel }} - {{- end }} - to: - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }} - {{- end }} - {{- if .Values.networkPolicy.extraEgress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} - ingress: - # Allow inbound connections - - ports: - - port: {{ .Values.master.containerPorts.redis }} - {{- if .Values.sentinel.enabled }} - - port: {{ .Values.sentinel.containerPorts.sentinel }} - {{- end }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "common.names.fullname" . }}-client: "true" - - podSelector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }} - {{- if .Values.networkPolicy.ingressNSMatchLabels }} - - namespaceSelector: - matchLabels: - {{- range $key, $value := .Values.networkPolicy.ingressNSMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- if .Values.networkPolicy.ingressNSPodMatchLabels }} - podSelector: - matchLabels: - {{- range $key, $value := .Values.networkPolicy.ingressNSPodMatchLabels }} - {{ $key | quote }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.metrics.enabled }} - # Allow prometheus scrapes for metrics - - ports: - - port: 9121 - {{- end }} - {{- if .Values.networkPolicy.extraIngress }} - {{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraIngress "context" $ ) | nindent 4 }} - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/pdb.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/pdb.yaml deleted file mode 100644 index f82d278..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/pdb.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.pdb.create }} -apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if .Values.pdb.minAvailable }} - minAvailable: {{ .Values.pdb.minAvailable }} - {{- end }} - {{- if .Values.pdb.maxUnavailable }} - maxUnavailable: {{ .Values.pdb.maxUnavailable }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/prometheusrule.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/prometheusrule.yaml deleted file mode 100644 index 41cf6b8..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/prometheusrule.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.prometheusRule.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- with .Values.metrics.prometheusRule.rules }} - groups: - - name: {{ template "common.names.name" $ }} - rules: {{- tpl (toYaml .) $ | nindent 8 }} - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/replicas/hpa.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/replicas/hpa.yaml deleted file mode 100644 index 67d1cc1..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/replicas/hpa.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if and .Values.replica.autoscaling.enabled (not .Values.sentinel.enabled) }} -apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} -kind: HorizontalPodAutoscaler -metadata: - name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: replica - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: StatefulSet - name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} - minReplicas: {{ .Values.replica.autoscaling.minReplicas }} - maxReplicas: {{ .Values.replica.autoscaling.maxReplicas }} - metrics: - {{- if .Values.replica.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.replica.autoscaling.targetCPU }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.replica.autoscaling.targetCPU }} - {{- end }} - {{- end }} - {{- if .Values.replica.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.replica.autoscaling.targetMemory }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.replica.autoscaling.targetMemory }} - {{- end }} - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/replicas/service.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/replicas/service.yaml deleted file mode 100644 index f261926..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/replicas/service.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if and (eq .Values.architecture "replication") (not .Values.sentinel.enabled) }} -apiVersion: v1 -kind: Service -metadata: - name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: replica - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.replica.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.replica.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.service.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.replica.service.type }} - {{- if or (eq .Values.replica.service.type "LoadBalancer") (eq .Values.replica.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.replica.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if (semverCompare ">=1.22-0" (include "common.capabilities.kubeVersion" .)) }} - internalTrafficPolicy: {{ .Values.replica.service.internalTrafficPolicy }} - {{- end }} - {{- if and (eq .Values.replica.service.type "LoadBalancer") (not (empty .Values.replica.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.replica.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.replica.service.type "LoadBalancer") (not (empty .Values.replica.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ .Values.replica.service.loadBalancerSourceRanges }} - {{- end }} - {{- if and .Values.replica.service.clusterIP (eq .Values.replica.service.type "ClusterIP") }} - clusterIP: {{ .Values.replica.service.clusterIP }} - {{- end }} - {{- if .Values.replica.service.sessionAffinity }} - sessionAffinity: {{ .Values.replica.service.sessionAffinity }} - {{- end }} - {{- if .Values.replica.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.replica.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - ports: - - name: tcp-redis - port: {{ .Values.replica.service.ports.redis }} - targetPort: redis - {{- if and (or (eq .Values.replica.service.type "NodePort") (eq .Values.replica.service.type "LoadBalancer")) .Values.replica.service.nodePorts.redis}} - nodePort: {{ .Values.replica.service.nodePorts.redis}} - {{- else if eq .Values.replica.service.type "ClusterIP" }} - nodePort: null - {{- end }} - {{- if .Values.replica.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: replica -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/replicas/statefulset.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/replicas/statefulset.yaml deleted file mode 100644 index 8ddc86c..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/replicas/statefulset.yaml +++ /dev/null @@ -1,471 +0,0 @@ -{{- if and (eq .Values.architecture "replication") (not .Values.sentinel.enabled) }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ printf "%s-replicas" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: replica - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - {{- if not .Values.replica.autoscaling.enabled }} - replicas: {{ .Values.replica.replicaCount }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: replica - serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }} - {{- if .Values.replica.updateStrategy }} - updateStrategy: {{- toYaml .Values.replica.updateStrategy | nindent 4 }} - {{- end }} - {{- if .Values.replica.podManagementPolicy }} - podManagementPolicy: {{ .Values.replica.podManagementPolicy | quote }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: replica - {{- if .Values.replica.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.podLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }} - {{- end }} - annotations: - {{- if (include "redis.createConfigmap" .) }} - checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- end }} - checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }} - checksum/scripts: {{ include (print $.Template.BasePath "/scripts-configmap.yaml") . | sha256sum }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- if .Values.replica.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - spec: - {{- include "redis.imagePullSecrets" . | nindent 6 }} - {{- if .Values.replica.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.replica.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.podSecurityContext.enabled }} - securityContext: {{- omit .Values.replica.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "redis.serviceAccountName" . }} - {{- if .Values.replica.priorityClassName }} - priorityClassName: {{ .Values.replica.priorityClassName | quote }} - {{- end }} - {{- if .Values.replica.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.replica.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAffinityPreset "component" "replica" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAntiAffinityPreset "component" "replica" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.replica.nodeAffinityPreset.type "key" .Values.replica.nodeAffinityPreset.key "values" .Values.replica.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.replica.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.replica.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.replica.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.replica.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.shareProcessNamespace }} - shareProcessNamespace: {{ .Values.replica.shareProcessNamespace }} - {{- end }} - {{- if .Values.replica.schedulerName }} - schedulerName: {{ .Values.replica.schedulerName | quote }} - {{- end }} - {{- if .Values.replica.dnsPolicy }} - dnsPolicy: {{ .Values.replica.dnsPolicy }} - {{- end }} - {{- if .Values.replica.dnsConfig }} - dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.replica.dnsConfig "context" $) | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.replica.terminationGracePeriodSeconds }} - containers: - - name: redis - image: {{ template "redis.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.replica.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.replica.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.replica.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.replica.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.replica.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.replica.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.replica.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.replica.args "context" $) | nindent 12 }} - {{- else }} - args: - - -c - - /opt/bitnami/scripts/start-scripts/start-replica.sh - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: REDIS_REPLICATION_MODE - value: slave - - name: REDIS_MASTER_HOST - {{- if and (eq (int64 .Values.master.count) 1) (ne .Values.master.kind "Deployment") }} - value: {{ template "common.names.fullname" . }}-master-0.{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - {{- else }} - value: {{ template "common.names.fullname" . }}-master.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - {{- end }} - - name: REDIS_MASTER_PORT_NUMBER - value: {{ .Values.master.containerPorts.redis | quote }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} - {{- if .Values.auth.enabled }} - {{- if .Values.auth.usePasswordFiles }} - - name: REDIS_PASSWORD_FILE - value: "/opt/bitnami/redis/secrets/redis-password" - - name: REDIS_MASTER_PASSWORD_FILE - value: "/opt/bitnami/redis/secrets/redis-password" - {{- else }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - - name: REDIS_MASTER_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - {{- end }} - {{- end }} - - name: REDIS_TLS_ENABLED - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: REDIS_TLS_PORT - value: {{ .Values.replica.containerPorts.redis | quote }} - - name: REDIS_TLS_AUTH_CLIENTS - value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} - - name: REDIS_TLS_CERT_FILE - value: {{ template "redis.tlsCert" . }} - - name: REDIS_TLS_KEY_FILE - value: {{ template "redis.tlsCertKey" . }} - - name: REDIS_TLS_CA_FILE - value: {{ template "redis.tlsCACert" . }} - {{- if .Values.tls.dhParamsFilename }} - - name: REDIS_TLS_DH_PARAMS_FILE - value: {{ template "redis.tlsDHParams" . }} - {{- end }} - {{- else }} - - name: REDIS_PORT - value: {{ .Values.replica.containerPorts.redis | quote }} - {{- end }} - {{- if .Values.replica.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if or .Values.replica.extraEnvVarsCM .Values.replica.extraEnvVarsSecret }} - envFrom: - {{- if .Values.replica.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.replica.extraEnvVarsCM }} - {{- end }} - {{- if .Values.replica.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.replica.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: redis - containerPort: {{ .Values.replica.containerPorts.redis }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.replica.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.replica.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: redis - {{- else if .Values.replica.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.replica.livenessProbe.enabled }} - livenessProbe: - initialDelaySeconds: {{ .Values.replica.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.replica.livenessProbe.periodSeconds }} - timeoutSeconds: {{ add1 .Values.replica.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.replica.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.replica.livenessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_liveness_local_and_master.sh {{ .Values.replica.livenessProbe.timeoutSeconds }} - {{- else if .Values.replica.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.replica.readinessProbe.enabled }} - readinessProbe: - initialDelaySeconds: {{ .Values.replica.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.replica.readinessProbe.periodSeconds }} - timeoutSeconds: {{ add1 .Values.replica.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.replica.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.replica.readinessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_readiness_local_and_master.sh {{ .Values.replica.readinessProbe.timeoutSeconds }} - {{- else if .Values.replica.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.replica.resources }} - resources: {{- toYaml .Values.replica.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: start-scripts - mountPath: /opt/bitnami/scripts/start-scripts - - name: health - mountPath: /health - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - mountPath: /opt/bitnami/redis/secrets/ - {{- end }} - - name: redis-data - mountPath: /data - subPath: {{ .Values.replica.persistence.subPath }} - - name: config - mountPath: /opt/bitnami/redis/mounted-etc - - name: redis-tmp-conf - mountPath: /opt/bitnami/redis/etc - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.replica.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ include "redis.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.metrics.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -c - - | - if [[ -f '/secrets/redis-password' ]]; then - export REDIS_PASSWORD=$(cat /secrets/redis-password) - fi - redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: REDIS_ALIAS - value: {{ template "common.names.fullname" . }} - {{- if .Values.auth.enabled }} - - name: REDIS_USER - value: default - {{- if (not .Values.auth.usePasswordFiles) }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - {{- end }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: REDIS_ADDR - value: rediss://{{ .Values.metrics.redisTargetHost }}:{{ .Values.replica.containerPorts.redis }} - {{- if .Values.tls.authClients }} - - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE - value: {{ template "redis.tlsCertKey" . }} - - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE - value: {{ template "redis.tlsCert" . }} - {{- end }} - - name: REDIS_EXPORTER_TLS_CA_CERT_FILE - value: {{ template "redis.tlsCACert" . }} - {{- end }} - ports: - - name: metrics - containerPort: 9121 - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - mountPath: /secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.metrics.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.replica.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.sidecars "context" $) | nindent 8 }} - {{- end }} - {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.replica.persistence.enabled .Values.replica.podSecurityContext.enabled .Values.replica.containerSecurityContext.enabled }} - {{- if or .Values.replica.initContainers $needsVolumePermissions .Values.sysctl.enabled }} - initContainers: - {{- if .Values.replica.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if $needsVolumePermissions }} - - name: volume-permissions - image: {{ include "redis.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.replica.persistence.path }} - {{- else }} - chown -R {{ .Values.replica.containerSecurityContext.runAsUser }}:{{ .Values.replica.podSecurityContext.fsGroup }} {{ .Values.replica.persistence.path }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: redis-data - mountPath: {{ .Values.replica.persistence.path }} - subPath: {{ .Values.replica.persistence.subPath }} - {{- end }} - {{- if .Values.sysctl.enabled }} - - name: init-sysctl - image: {{ include "redis.sysctl.image" . }} - imagePullPolicy: {{ default "" .Values.sysctl.image.pullPolicy | quote }} - securityContext: - privileged: true - runAsUser: 0 - {{- if .Values.sysctl.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.sysctl.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sysctl.resources }} - resources: {{- toYaml .Values.sysctl.resources | nindent 12 }} - {{- end }} - {{- if .Values.sysctl.mountHostSys }} - volumeMounts: - - name: host-sys - mountPath: /host-sys - {{- end }} - {{- end }} - {{- end }} - volumes: - - name: start-scripts - configMap: - name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} - defaultMode: 0755 - - name: health - configMap: - name: {{ printf "%s-health" (include "common.names.fullname" .) }} - defaultMode: 0755 - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - secret: - secretName: {{ template "redis.secretName" . }} - items: - - key: {{ template "redis.secretPasswordKey" . }} - path: redis-password - {{- end }} - - name: config - configMap: - name: {{ include "redis.configmapName" . }} - {{- if .Values.sysctl.mountHostSys }} - - name: host-sys - hostPath: - path: /sys - {{- end }} - - name: redis-tmp-conf - {{- if .Values.replica.persistence.medium }} - emptyDir: - medium: {{ .Values.replica.persistence.medium | quote }} - {{- if .Values.replica.persistence.sizeLimit }} - sizeLimit: {{ .Values.replica.persistence.sizeLimit | quote }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.tls.enabled }} - - name: redis-certificates - secret: - secretName: {{ include "redis.tlsSecretName" . }} - defaultMode: 256 - {{- end }} - {{- if .Values.replica.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if not .Values.replica.persistence.enabled }} - - name: redis-data - {{- if .Values.replica.persistence.medium }} - emptyDir: { - medium: {{ .Values.replica.persistence.medium | quote }} - } - {{- else }} - emptyDir: {} - {{- end }} - {{- else if .Values.replica.persistence.existingClaim }} - - name: redis-data - persistentVolumeClaim: - claimName: {{ printf "%s" (tpl .Values.replica.persistence.existingClaim .) }} - {{- else }} - volumeClaimTemplates: - - metadata: - name: redis-data - labels: {{- include "common.labels.matchLabels" . | nindent 10 }} - app.kubernetes.io/component: replica - {{- if .Values.replica.persistence.annotations }} - annotations: {{- toYaml .Values.replica.persistence.annotations | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.replica.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.replica.persistence.size | quote }} - {{- if .Values.replica.persistence.selector }} - selector: {{- include "common.tplvalues.render" (dict "value" .Values.replica.persistence.selector "context" $) | nindent 10 }} - {{- end }} - {{- if .Values.replica.persistence.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.replica.persistence.dataSource "context" $) | nindent 10 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.replica.persistence "global" .Values.global) | nindent 8 }} - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/role.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/role.yaml deleted file mode 100644 index 596466f..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/role.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -rules: - {{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} - {{- if and $pspAvailable .Values.podSecurityPolicy.enabled }} - - apiGroups: - - '{{ template "podSecurityPolicy.apiGroup" . }}' - resources: - - 'podsecuritypolicies' - verbs: - - 'use' - resourceNames: [{{ printf "%s-master" (include "common.names.fullname" .) }}] - {{- end }} - {{- if .Values.rbac.rules }} - {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/rolebinding.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/rolebinding.yaml deleted file mode 100644 index 74968b8..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.rbac.create }} -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "common.names.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "redis.serviceAccountName" . }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/scripts-configmap.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/scripts-configmap.yaml deleted file mode 100644 index 7447646..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/scripts-configmap.yaml +++ /dev/null @@ -1,627 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} - start-node.sh: | - #!/bin/bash - - . /opt/bitnami/scripts/libos.sh - . /opt/bitnami/scripts/liblog.sh - . /opt/bitnami/scripts/libvalidations.sh - - get_port() { - hostname="$1" - type="$2" - - port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") - port=${!port_var} - - if [ -z "$port" ]; then - case $type in - "SENTINEL") - echo {{ .Values.sentinel.containerPorts.sentinel }} - ;; - "REDIS") - echo {{ .Values.master.containerPorts.redis }} - ;; - esac - else - echo $port - fi - } - - get_full_hostname() { - hostname="$1" - - {{- if .Values.useExternalDNS.enabled }} - echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" - {{- else if eq .Values.sentinel.service.type "NodePort" }} - echo "${hostname}.{{- .Release.Namespace }}" - {{- else }} - echo "${hostname}.${HEADLESS_SERVICE}" - {{- end }} - } - - REDISPORT=$(get_port "$HOSTNAME" "REDIS") - - HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" - - if [ -n "$REDIS_EXTERNAL_MASTER_HOST" ]; then - REDIS_SERVICE="$REDIS_EXTERNAL_MASTER_HOST" - else - REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" - fi - - SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "TCP_SENTINEL") - validate_quorum() { - if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then - quorum_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel master {{ .Values.sentinel.masterSet }}" - else - quorum_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel master {{ .Values.sentinel.masterSet }}" - fi - info "about to run the command: $quorum_info_command" - eval $quorum_info_command | grep -Fq "s_down" - } - - trigger_manual_failover() { - if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then - failover_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel failover {{ .Values.sentinel.masterSet }}" - else - failover_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel failover {{ .Values.sentinel.masterSet }}" - fi - - info "about to run the command: $failover_command" - eval $failover_command - } - - get_sentinel_master_info() { - if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then - sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getMasterTimeout }} redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" - else - sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}timeout {{ .Values.sentinel.getMasterTimeout }} redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" - fi - - info "about to run the command: $sentinel_info_command" - eval $sentinel_info_command - } - - {{- if and .Values.replica.containerSecurityContext.runAsUser (eq (.Values.replica.containerSecurityContext.runAsUser | int) 0) }} - useradd redis - chown -R redis {{ .Values.replica.persistence.path }} - {{- end }} - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" - - # check if there is a master - master_in_persisted_conf="$(get_full_hostname "$HOSTNAME")" - master_port_in_persisted_conf="$REDIS_MASTER_PORT_NUMBER" - master_in_sentinel="$(get_sentinel_master_info)" - redisRetVal=$? - - {{- if .Values.sentinel.persistence.enabled }} - if [[ -f /opt/bitnami/redis-sentinel/etc/sentinel.conf ]]; then - master_in_persisted_conf="$(awk '/monitor/ {print $4}' /opt/bitnami/redis-sentinel/etc/sentinel.conf)" - master_port_in_persisted_conf="$(awk '/monitor/ {print $5}' /opt/bitnami/redis-sentinel/etc/sentinel.conf)" - info "Found previous master ${master_in_persisted_conf}:${master_port_in_persisted_conf} in /opt/bitnami/redis-sentinel/etc/sentinel.conf" - debug "$(cat /opt/bitnami/redis-sentinel/etc/sentinel.conf | grep monitor)" - touch /opt/bitnami/redis-sentinel/etc/.node_read - fi - {{- end }} - - if [[ $redisRetVal -ne 0 ]]; then - if [[ "$master_in_persisted_conf" == "$(get_full_hostname "$HOSTNAME")" ]]; then - # Case 1: No active sentinel and in previous sentinel.conf we were the master --> MASTER - info "Configuring the node as master" - export REDIS_REPLICATION_MODE="master" - else - # Case 2: No active sentinel and in previous sentinel.conf we were not master --> REPLICA - info "Configuring the node as replica" - export REDIS_REPLICATION_MODE="slave" - REDIS_MASTER_HOST=${master_in_persisted_conf} - REDIS_MASTER_PORT_NUMBER=${master_port_in_persisted_conf} - fi - else - # Fetches current master's host and port - REDIS_SENTINEL_INFO=($(get_sentinel_master_info)) - info "Current master: REDIS_SENTINEL_INFO=(${REDIS_SENTINEL_INFO[0]},${REDIS_SENTINEL_INFO[1]})" - REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]} - REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]} - - if [[ "$REDIS_MASTER_HOST" == "$(get_full_hostname "$HOSTNAME")" ]]; then - # Case 3: Active sentinel and master it is this node --> MASTER - info "Configuring the node as master" - export REDIS_REPLICATION_MODE="master" - else - # Case 4: Active sentinel and master is not this node --> REPLICA - info "Configuring the node as replica" - export REDIS_REPLICATION_MODE="slave" - - {{- if and .Values.sentinel.automateClusterRecovery (le (int .Values.sentinel.downAfterMilliseconds) 2000) }} - retry_count=1 - while validate_quorum - do - info "sleeping, waiting for Redis master to come up" - sleep 1s - if ! ((retry_count % 11)); then - info "Trying to manually failover" - failover_result=$(trigger_manual_failover) - - debug "Failover result: $failover_result" - fi - - ((retry_count+=1)) - done - info "Redis master is up now" - {{- end }} - fi - fi - - if [[ -n "$REDIS_EXTERNAL_MASTER_HOST" ]]; then - REDIS_MASTER_HOST="$REDIS_EXTERNAL_MASTER_HOST" - REDIS_MASTER_PORT_NUMBER="${REDIS_EXTERNAL_MASTER_PORT}" - fi - - if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then - cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf - fi - - if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then - cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf - fi - - echo "" >> /opt/bitnami/redis/etc/replica.conf - echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf - echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf - - {{- if .Values.tls.enabled }} - ARGS=("--port" "0") - ARGS+=("--tls-port" "${REDIS_TLS_PORT}") - ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}") - ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}") - ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}") - ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}") - ARGS+=("--tls-replication" "yes") - {{- if .Values.tls.dhParamsFilename }} - ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}") - {{- end }} - {{- else }} - ARGS=("--port" "${REDIS_PORT}") - {{- end }} - - if [[ "$REDIS_REPLICATION_MODE" = "slave" ]]; then - ARGS+=("--replicaof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}") - fi - - {{- if .Values.auth.enabled }} - ARGS+=("--requirepass" "${REDIS_PASSWORD}") - ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}") - {{- else }} - ARGS+=("--protected-mode" "no") - {{- end }} - ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf") - ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") - {{- if .Values.replica.extraFlags }} - {{- range .Values.replica.extraFlags }} - ARGS+=({{ . | quote }}) - {{- end }} - {{- end }} - - {{- if .Values.replica.preExecCmds }} - {{- .Values.replica.preExecCmds | nindent 4 }} - {{- end }} - - {{- if .Values.replica.command }} - exec {{ .Values.replica.command }} "${ARGS[@]}" - {{- else }} - exec redis-server "${ARGS[@]}" - {{- end }} - - start-sentinel.sh: | - #!/bin/bash - - . /opt/bitnami/scripts/libos.sh - . /opt/bitnami/scripts/libvalidations.sh - . /opt/bitnami/scripts/libfile.sh - - HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" - REDIS_SERVICE="{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" - - get_port() { - hostname="$1" - type="$2" - - port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") - port=${!port_var} - - if [ -z "$port" ]; then - case $type in - "SENTINEL") - echo {{ .Values.sentinel.containerPorts.sentinel }} - ;; - "REDIS") - echo {{ .Values.master.containerPorts.redis }} - ;; - esac - else - echo $port - fi - } - - get_full_hostname() { - hostname="$1" - - {{- if .Values.useExternalDNS.enabled }} - echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" - {{- else if eq .Values.sentinel.service.type "NodePort" }} - echo "${hostname}.{{- .Release.Namespace }}" - {{- else }} - echo "${hostname}.${HEADLESS_SERVICE}" - {{- end }} - } - - SERVPORT=$(get_port "$HOSTNAME" "SENTINEL") - REDISPORT=$(get_port "$HOSTNAME" "REDIS") - SENTINEL_SERVICE_PORT=$(get_port "{{ include "common.names.fullname" . }}" "TCP_SENTINEL") - - sentinel_conf_set() { - local -r key="${1:?missing key}" - local value="${2:-}" - - # Sanitize inputs - value="${value//\\/\\\\}" - value="${value//&/\\&}" - value="${value//\?/\\?}" - [[ "$value" = "" ]] && value="\"$value\"" - - replace_in_file "/opt/bitnami/redis-sentinel/etc/sentinel.conf" "^#*\s*${key} .*" "${key} ${value}" false - } - sentinel_conf_add() { - echo $'\n'"$@" >> "/opt/bitnami/redis-sentinel/etc/sentinel.conf" - } - host_id() { - echo "$1" | openssl sha1 | awk '{print $2}' - } - get_sentinel_master_info() { - if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then - sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT --tls --cert ${REDIS_SENTINEL_TLS_CERT_FILE} --key ${REDIS_SENTINEL_TLS_KEY_FILE} --cacert ${REDIS_SENTINEL_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" - else - sentinel_info_command="{{- if and .Values.auth.enabled .Values.auth.sentinel }}REDISCLI_AUTH="\$REDIS_PASSWORD" {{ end }}redis-cli -h $REDIS_SERVICE -p $SENTINEL_SERVICE_PORT sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}" - fi - info "about to run the command: $sentinel_info_command" - eval $sentinel_info_command - } - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - - master_in_persisted_conf="$(get_full_hostname "$HOSTNAME")" - - {{- if .Values.sentinel.persistence.enabled }} - if [[ -f /opt/bitnami/redis-sentinel/etc/sentinel.conf ]]; then - check_lock_file() { - [[ -f /opt/bitnami/redis-sentinel/etc/.node_read ]] - } - retry_while "check_lock_file" - rm -f /opt/bitnami/redis-sentinel/etc/.node_read - master_in_persisted_conf="$(awk '/monitor/ {print $4}' /opt/bitnami/redis-sentinel/etc/sentinel.conf)" - info "Found previous master $master_in_persisted_conf in /opt/bitnami/redis-sentinel/etc/sentinel.conf" - debug "$(cat /opt/bitnami/redis-sentinel/etc/sentinel.conf | grep monitor)" - fi - {{- end }} - if ! get_sentinel_master_info && [[ "$master_in_persisted_conf" == "$(get_full_hostname "$HOSTNAME")" ]]; then - # No master found, lets create a master node - export REDIS_REPLICATION_MODE="master" - - REDIS_MASTER_HOST=$(get_full_hostname "$HOSTNAME") - REDIS_MASTER_PORT_NUMBER="$REDISPORT" - else - export REDIS_REPLICATION_MODE="slave" - - # Fetches current master's host and port - REDIS_SENTINEL_INFO=($(get_sentinel_master_info)) - info "printing REDIS_SENTINEL_INFO=(${REDIS_SENTINEL_INFO[0]},${REDIS_SENTINEL_INFO[1]})" - REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]} - REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]} - fi - - if [[ -n "$REDIS_EXTERNAL_MASTER_HOST" ]]; then - REDIS_MASTER_HOST="$REDIS_EXTERNAL_MASTER_HOST" - REDIS_MASTER_PORT_NUMBER="${REDIS_EXTERNAL_MASTER_PORT}" - fi - - cp /opt/bitnami/redis-sentinel/mounted-etc/sentinel.conf /opt/bitnami/redis-sentinel/etc/sentinel.conf - {{- if .Values.auth.enabled }} - printf "\nsentinel auth-pass %s %s" "{{ .Values.sentinel.masterSet }}" "$REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf - {{- if and .Values.auth.enabled .Values.auth.sentinel }} - printf "\nrequirepass %s" "$REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf - {{- end }} - {{- end }} - printf "\nsentinel myid %s" "$(host_id "$HOSTNAME")" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf - - sentinel_conf_set "sentinel monitor" "{{ .Values.sentinel.masterSet }} "$REDIS_MASTER_HOST" "$REDIS_MASTER_PORT_NUMBER" {{ .Values.sentinel.quorum }}" - - add_known_sentinel() { - hostname="$1" - ip="$2" - - if [[ -n "$hostname" && -n "$ip" && "$hostname" != "$HOSTNAME" ]]; then - sentinel_conf_add "sentinel known-sentinel {{ .Values.sentinel.masterSet }} $(get_full_hostname "$hostname") $(get_port "$hostname" "SENTINEL") $(host_id "$hostname")" - fi - } - add_known_replica() { - hostname="$1" - ip="$2" - - if [[ -n "$ip" && "$(get_full_hostname "$hostname")" != "$REDIS_MASTER_HOST" ]]; then - sentinel_conf_add "sentinel known-replica {{ .Values.sentinel.masterSet }} $(get_full_hostname "$hostname") $(get_port "$hostname" "REDIS")" - fi - } - - # Add available hosts on the network as known replicas & sentinels - for node in $(seq 0 $(({{ .Values.replica.replicaCount }}-1))); do - hostname="{{ template "common.names.fullname" . }}-node-$node" - ip="$(getent hosts "$hostname.$HEADLESS_SERVICE" | awk '{ print $1 }')" - add_known_sentinel "$hostname" "$ip" - add_known_replica "$hostname" "$ip" - done - - echo "" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf - echo "sentinel announce-hostnames yes" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf - echo "sentinel resolve-hostnames yes" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf - echo "sentinel announce-port $SERVPORT" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf - echo "sentinel announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf - - {{- if .Values.tls.enabled }} - ARGS=("--port" "0") - ARGS+=("--tls-port" "${REDIS_SENTINEL_TLS_PORT_NUMBER}") - ARGS+=("--tls-cert-file" "${REDIS_SENTINEL_TLS_CERT_FILE}") - ARGS+=("--tls-key-file" "${REDIS_SENTINEL_TLS_KEY_FILE}") - ARGS+=("--tls-ca-cert-file" "${REDIS_SENTINEL_TLS_CA_FILE}") - ARGS+=("--tls-replication" "yes") - ARGS+=("--tls-auth-clients" "${REDIS_SENTINEL_TLS_AUTH_CLIENTS}") - {{- if .Values.tls.dhParamsFilename }} - ARGS+=("--tls-dh-params-file" "${REDIS_SENTINEL_TLS_DH_PARAMS_FILE}") - {{- end }} - {{- end }} - {{- if .Values.sentinel.preExecCmds }} - {{ .Values.sentinel.preExecCmds | nindent 4 }} - {{- end }} - exec redis-server /opt/bitnami/redis-sentinel/etc/sentinel.conf --sentinel {{- if .Values.tls.enabled }} "${ARGS[@]}" {{- end }} - prestop-sentinel.sh: | - #!/bin/bash - - . /opt/bitnami/scripts/libvalidations.sh - . /opt/bitnami/scripts/libos.sh - - HEADLESS_SERVICE="{{ template "common.names.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" - SENTINEL_SERVICE_ENV_NAME={{ printf "%s%s" (upper (include "common.names.fullname" .)| replace "-" "_") "_SERVICE_PORT_TCP_SENTINEL" }} - SENTINEL_SERVICE_PORT=${!SENTINEL_SERVICE_ENV_NAME} - - get_full_hostname() { - hostname="$1" - - {{- if .Values.useExternalDNS.enabled }} - echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" - {{- else if eq .Values.sentinel.service.type "NodePort" }} - echo "${hostname}.{{- .Release.Namespace }}" - {{- else }} - echo "${hostname}.${HEADLESS_SERVICE}" - {{- end }} - } - run_sentinel_command() { - if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then - redis-cli -h "$REDIS_SERVICE" -p "$SENTINEL_SERVICE_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@" - else - redis-cli -h "$REDIS_SERVICE" -p "$SENTINEL_SERVICE_PORT" sentinel "$@" - fi - } - failover_finished() { - REDIS_SENTINEL_INFO=($(run_sentinel_command get-master-addr-by-name "{{ .Values.sentinel.masterSet }}")) - REDIS_MASTER_HOST="${REDIS_SENTINEL_INFO[0]}" - [[ "$REDIS_MASTER_HOST" != "$(get_full_hostname $HOSTNAME)" ]] - } - - REDIS_SERVICE="{{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" - - {{ if .Values.auth.sentinel -}} - # redis-cli automatically consumes credentials from the REDISCLI_AUTH variable - [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" - [[ -f "$REDIS_PASSWORD_FILE" ]] && export REDISCLI_AUTH="$(< "${REDIS_PASSWORD_FILE}")" - {{- end }} - - if ! failover_finished; then - echo "I am the master pod and you are stopping me. Starting sentinel failover" - # if I am the master, issue a command to failover once and then wait for the failover to finish - run_sentinel_command failover "{{ .Values.sentinel.masterSet }}" - if retry_while "failover_finished" "{{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}" 1; then - echo "Master has been successfuly failed over to a different pod." - exit 0 - else - echo "Master failover failed" - exit 1 - fi - else - exit 0 - fi - prestop-redis.sh: | - #!/bin/bash - - . /opt/bitnami/scripts/libvalidations.sh - . /opt/bitnami/scripts/libos.sh - - run_redis_command() { - if is_boolean_yes "$REDIS_TLS_ENABLED"; then - redis-cli -h 127.0.0.1 -p "$REDIS_TLS_PORT" --tls --cert "$REDIS_TLS_CERT_FILE" --key "$REDIS_TLS_KEY_FILE" --cacert "$REDIS_TLS_CA_FILE" "$@" - else - redis-cli -h 127.0.0.1 -p ${REDIS_PORT} "$@" - fi - } - failover_finished() { - REDIS_ROLE=$(run_redis_command role | head -1) - [[ "$REDIS_ROLE" != "master" ]] - } - - # redis-cli automatically consumes credentials from the REDISCLI_AUTH variable - [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD" - [[ -f "$REDIS_PASSWORD_FILE" ]] && export REDISCLI_AUTH="$(< "${REDIS_PASSWORD_FILE}")" - - if ! failover_finished; then - echo "Waiting for sentinel to run failover for up to {{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}s" - retry_while "failover_finished" "{{ sub .Values.sentinel.terminationGracePeriodSeconds 10 }}" 1 - else - exit 0 - fi - -{{- else }} - start-master.sh: | - #!/bin/bash - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - {{- if and .Values.master.containerSecurityContext.runAsUser (eq (.Values.master.containerSecurityContext.runAsUser | int) 0) }} - useradd redis - chown -R redis {{ .Values.master.persistence.path }} - {{- end }} - if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then - cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf - fi - if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then - cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf - fi - {{- if .Values.tls.enabled }} - ARGS=("--port" "0") - ARGS+=("--tls-port" "${REDIS_TLS_PORT}") - ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}") - ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}") - ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}") - ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}") - {{- if .Values.tls.dhParamsFilename }} - ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}") - {{- end }} - {{- else }} - ARGS=("--port" "${REDIS_PORT}") - {{- end }} - {{- if .Values.auth.enabled }} - ARGS+=("--requirepass" "${REDIS_PASSWORD}") - ARGS+=("--masterauth" "${REDIS_PASSWORD}") - {{- else }} - ARGS+=("--protected-mode" "no") - {{- end }} - ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") - ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf") - {{- if .Values.master.extraFlags }} - {{- range .Values.master.extraFlags }} - ARGS+=({{ . | quote }}) - {{- end }} - {{- end }} - {{- if .Values.master.preExecCmds }} - {{ .Values.master.preExecCmds | nindent 4 }} - {{- end }} - {{- if .Values.master.command }} - exec {{ .Values.master.command }} "${ARGS[@]}" - {{- else }} - exec redis-server "${ARGS[@]}" - {{- end }} - {{- if eq .Values.architecture "replication" }} - start-replica.sh: | - #!/bin/bash - - get_port() { - hostname="$1" - type="$2" - - port_var=$(echo "${hostname^^}_SERVICE_PORT_$type" | sed "s/-/_/g") - port=${!port_var} - - if [ -z "$port" ]; then - case $type in - "SENTINEL") - echo {{ .Values.sentinel.containerPorts.sentinel }} - ;; - "REDIS") - echo {{ .Values.master.containerPorts.redis }} - ;; - esac - else - echo $port - fi - } - - get_full_hostname() { - hostname="$1" - - {{- if .Values.useExternalDNS.enabled }} - echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" - {{- else if eq .Values.sentinel.service.type "NodePort" }} - echo "${hostname}.{{- .Release.Namespace }}" - {{- else }} - echo "${hostname}.${HEADLESS_SERVICE}" - {{- end }} - } - - REDISPORT=$(get_port "$HOSTNAME" "REDIS") - - [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")" - [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")" - {{- if and .Values.replica.containerSecurityContext.runAsUser (eq (.Values.replica.containerSecurityContext.runAsUser | int) 0) }} - useradd redis - chown -R redis {{ .Values.replica.persistence.path }} - {{- end }} - if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then - cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf - fi - if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then - cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf - fi - - echo "" >> /opt/bitnami/redis/etc/replica.conf - echo "replica-announce-port $REDISPORT" >> /opt/bitnami/redis/etc/replica.conf - echo "replica-announce-ip $(get_full_hostname "$HOSTNAME")" >> /opt/bitnami/redis/etc/replica.conf - - {{- if .Values.tls.enabled }} - ARGS=("--port" "0") - ARGS+=("--tls-port" "${REDIS_TLS_PORT}") - ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}") - ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}") - ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}") - ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}") - ARGS+=("--tls-replication" "yes") - {{- if .Values.tls.dhParamsFilename }} - ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}") - {{- end }} - {{- else }} - ARGS=("--port" "${REDIS_PORT}") - {{- end }} - ARGS+=("--replicaof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}") - {{- if .Values.auth.enabled }} - ARGS+=("--requirepass" "${REDIS_PASSWORD}") - ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}") - {{- else }} - ARGS+=("--protected-mode" "no") - {{- end }} - ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") - ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf") - {{- if .Values.replica.extraFlags }} - {{- range .Values.replica.extraFlags }} - ARGS+=({{ . | quote }}) - {{- end }} - {{- end }} - {{- if .Values.replica.preExecCmds }} - {{ .Values.replica.preExecCmds | nindent 4 }} - {{- end }} - {{- if .Values.replica.command }} - exec {{ .Values.replica.command }} "${ARGS[@]}" - {{- else }} - exec redis-server "${ARGS[@]}" - {{- end }} - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/secret.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/secret.yaml deleted file mode 100644 index 2edc0d8..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/secret.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.secretAnnotations .Values.commonAnnotations }} - annotations: - {{- if .Values.secretAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.secretAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -type: Opaque -data: - redis-password: {{ include "redis.password" . | b64enc | quote }} -{{- end -}} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/sentinel/hpa.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/sentinel/hpa.yaml deleted file mode 100644 index 69b36aa..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/sentinel/hpa.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if and .Values.replica.autoscaling.enabled .Values.sentinel.enabled }} -apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }} -kind: HorizontalPodAutoscaler -metadata: - name: {{ printf "%s-node" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: replica - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - scaleTargetRef: - apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} - kind: StatefulSet - name: {{ printf "%s-node" (include "common.names.fullname" .) }} - minReplicas: {{ .Values.replica.autoscaling.minReplicas }} - maxReplicas: {{ .Values.replica.autoscaling.maxReplicas }} - metrics: - {{- if .Values.replica.autoscaling.targetCPU }} - - type: Resource - resource: - name: cpu - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.replica.autoscaling.targetCPU }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.replica.autoscaling.targetCPU }} - {{- end }} - {{- end }} - {{- if .Values.replica.autoscaling.targetMemory }} - - type: Resource - resource: - name: memory - {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} - targetAverageUtilization: {{ .Values.replica.autoscaling.targetMemory }} - {{- else }} - target: - type: Utilization - averageUtilization: {{ .Values.replica.autoscaling.targetMemory }} - {{- end }} - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/sentinel/node-services.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/sentinel/node-services.yaml deleted file mode 100644 index d3e635e..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/sentinel/node-services.yaml +++ /dev/null @@ -1,70 +0,0 @@ -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled (eq .Values.sentinel.service.type "NodePort") (or .Release.IsUpgrade .Values.sentinel.service.nodePorts.redis ) }} - -{{- range $i := until (int .Values.replica.replicaCount) }} - -{{ $portsmap := (lookup "v1" "ConfigMap" $.Release.Namespace (printf "%s-%s" ( include "common.names.fullname" $ ) "ports-configmap")).data }} - -{{ $sentinelport := 0}} -{{ $redisport := 0}} -{{- if $portsmap }} -{{ $sentinelport = index $portsmap (printf "%s-node-%s-%s" (include "common.names.fullname" $) (toString $i) "sentinel") }} -{{ $redisport = index $portsmap (printf "%s-node-%s-%s" (include "common.names.fullname" $) (toString $i) "redis") }} -{{- else }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" $ }}-node-{{ $i }} - namespace: {{ $.Release.Namespace | quote }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - app.kubernetes.io/component: node - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or $.Values.sentinel.service.annotations $.Values.commonAnnotations }} - annotations: - {{- if $.Values.sentinel.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.sentinel.service.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: NodePort - ports: - - name: sentinel - {{- if $.Values.sentinel.service.nodePorts.sentinel }} - nodePort: {{ (add $.Values.sentinel.service.nodePorts.sentinel $i 1) }} - port: {{ (add $.Values.sentinel.service.nodePorts.sentinel $i 1) }} - {{- else }} - nodePort: {{ $sentinelport }} - port: {{ $sentinelport }} - {{- end }} - protocol: TCP - targetPort: {{ $.Values.sentinel.containerPorts.sentinel }} - - name: redis - {{- if $.Values.sentinel.service.nodePorts.redis }} - nodePort: {{ (add $.Values.sentinel.service.nodePorts.redis $i 1) }} - port: {{ (add $.Values.sentinel.service.nodePorts.redis $i 1) }} - {{- else }} - nodePort: {{ $redisport }} - port: {{ $redisport }} - {{- end }} - protocol: TCP - targetPort: {{ $.Values.replica.containerPorts.redis }} - - name: sentinel-internal - nodePort: null - port: {{ $.Values.sentinel.containerPorts.sentinel }} - protocol: TCP - targetPort: {{ $.Values.sentinel.containerPorts.sentinel }} - - name: redis-internal - nodePort: null - port: {{ $.Values.replica.containerPorts.redis }} - protocol: TCP - targetPort: {{ $.Values.replica.containerPorts.redis }} - selector: - statefulset.kubernetes.io/pod-name: {{ template "common.names.fullname" $ }}-node-{{ $i }} ---- -{{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/sentinel/ports-configmap.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/sentinel/ports-configmap.yaml deleted file mode 100644 index f5e7b2a..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/sentinel/ports-configmap.yaml +++ /dev/null @@ -1,100 +0,0 @@ -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled (eq .Values.sentinel.service.type "NodePort") (not .Values.sentinel.service.nodePorts.redis ) }} -{{- /* create a list to keep track of ports we choose to use */}} -{{ $chosenports := (list ) }} - -{{- /* Get list of all used nodeports */}} -{{ $usedports := (list ) }} -{{- range $index, $service := (lookup "v1" "Service" "" "").items }} - {{- range.spec.ports }} - {{- if .nodePort }} - {{- $usedports = (append $usedports .nodePort) }} - {{- end }} - {{- end }} -{{- end }} - -{{- /* -comments that start with # are rendered in the output when you debug, so you can less and search for them -Vars in the comment will be rendered out, so you can check their value this way. -https://helm.sh/docs/chart_best_practices/templates/#comments-yaml-comments-vs-template-comments - -remove the template comments and leave the yaml comments to help debug -*/}} - -{{- /* Sort the list */}} -{{ $usedports = $usedports | sortAlpha }} -#usedports {{ $usedports }} - -{{- /* How many nodeports per service do we want to create, except for the main service which is always two */}} -{{ $numberofPortsPerNodeService := 2 }} - -{{- /* for every nodeport we want, loop though the used ports to get an unused port */}} -{{- range $j := until (int (add (mul (int .Values.replica.replicaCount) $numberofPortsPerNodeService) 2)) }} - {{- /* #j={{ $j }} */}} - {{- $nodeport := (add $j 30000) }} - {{- $nodeportfound := false }} - {{- range $i := $usedports }} - {{- /* #i={{ $i }} - #nodeport={{ $nodeport }} - #usedports={{ $usedports }} */}} - {{- if and (has (toString $nodeport) $usedports) (eq $nodeportfound false) }} - {{- /* nodeport conflicts with in use */}} - {{- $nodeport = (add $nodeport 1) }} - {{- else if and ( has $nodeport $chosenports) (eq $nodeportfound false) }} - {{- /* nodeport already chosen, try another */}} - {{- $nodeport = (add $nodeport 1) }} - {{- else if (eq $nodeportfound false) }} - {{- /* nodeport free to use: not already claimed and not in use */}} - {{- /* select nodeport, and place into usedports */}} - {{- $chosenports = (append $chosenports $nodeport) }} - {{- $nodeportfound = true }} - {{- else }} - {{- /* nodeport has already been chosen and locked in, just work through the rest of the list to get to the next nodeport selection */}} - {{- end }} - {{- end }} - {{- if (eq $nodeportfound false) }} - {{- $chosenports = (append $chosenports $nodeport) }} - {{- end }} - -{{- end }} - -{{- /* print the usedports and chosenports for debugging */}} -#usedports {{ $usedports }} -#chosenports {{ $chosenports }}}} - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "common.names.fullname" . }}-ports-configmap - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: -{{ $portsmap := (lookup "v1" "ConfigMap" $.Release.Namespace (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data }} -{{- if $portsmap }} -{{- /* configmap already exists, do not install again */ -}} - {{- range $name, $value := $portsmap }} - "{{ $name }}": "{{ $value }}" - {{- end }} -{{- else }} -{{- /* configmap being set for first time */ -}} - {{- range $index, $port := $chosenports }} - {{- $nodenumber := (floor (div $index 2)) }} - {{- if (eq $index 0) }} - "{{ template "common.names.fullname" $ }}-sentinel": "{{ $port }}" - {{- else if (eq $index 1) }} - "{{ template "common.names.fullname" $ }}-redis": "{{ $port }}" - {{- else if (eq (mod $index 2) 0) }} - "{{ template "common.names.fullname" $ }}-node-{{ (sub $nodenumber 1) }}-sentinel": "{{ $port }}" - {{- else if (eq (mod $index 2) 1) }} - "{{ template "common.names.fullname" $ }}-node-{{ (sub $nodenumber 1) }}-redis": "{{ $port }}" - {{- end }} - {{- end }} -{{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/sentinel/service.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/sentinel/service.yaml deleted file mode 100644 index 362d681..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/sentinel/service.yaml +++ /dev/null @@ -1,103 +0,0 @@ -{{- if or .Release.IsUpgrade (ne .Values.sentinel.service.type "NodePort") .Values.sentinel.service.nodePorts.redis -}} -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} -{{ $portsmap := (lookup "v1" "ConfigMap" $.Release.Namespace (printf "%s-%s" ( include "common.names.fullname" . ) "ports-configmap")).data }} - -{{ $sentinelport := 0}} -{{ $redisport := 0}} -{{- if $portsmap }} -{{ $sentinelport = index $portsmap (printf "%s-%s" (include "common.names.fullname" $) "sentinel") }} -{{ $redisport = index $portsmap (printf "%s-%s" (include "common.names.fullname" $) "redis") }} -{{- else }} -{{- end }} - -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: node - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.sentinel.service.annotations .Values.commonAnnotations }} - annotations: - {{- if .Values.sentinel.service.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.service.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -spec: - type: {{ .Values.sentinel.service.type }} - {{- if or (eq .Values.sentinel.service.type "LoadBalancer") (eq .Values.sentinel.service.type "NodePort") }} - externalTrafficPolicy: {{ .Values.sentinel.service.externalTrafficPolicy | quote }} - {{- end }} - {{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerIP)) }} - loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }} - {{- end }} - {{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ .Values.sentinel.service.loadBalancerSourceRanges }} - {{- end }} - {{- if and .Values.sentinel.service.clusterIP (eq .Values.sentinel.service.type "ClusterIP") }} - clusterIP: {{ .Values.sentinel.service.clusterIP }} - {{- end }} - {{- if .Values.sentinel.service.sessionAffinity }} - sessionAffinity: {{ .Values.sentinel.service.sessionAffinity }} - {{- end }} - {{- if .Values.sentinel.service.sessionAffinityConfig }} - sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.service.sessionAffinityConfig "context" $) | nindent 4 }} - {{- end }} - ports: - - name: tcp-redis - {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.redis }} - port: {{ .Values.sentinel.service.nodePorts.redis }} - {{- else if eq .Values.sentinel.service.type "NodePort" }} - port: {{ $redisport }} - {{- else}} - port: {{ .Values.sentinel.service.ports.redis }} - {{- end }} - targetPort: {{ .Values.replica.containerPorts.redis }} - {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.redis }} - nodePort: {{ .Values.sentinel.service.nodePorts.redis }} - {{- else if eq .Values.sentinel.service.type "ClusterIP" }} - nodePort: null - {{- else if eq .Values.sentinel.service.type "NodePort" }} - nodePort: {{ $redisport }} - {{- end }} - - name: tcp-sentinel - {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.sentinel }} - port: {{ .Values.sentinel.service.nodePorts.sentinel }} - {{- else if eq .Values.sentinel.service.type "NodePort" }} - port: {{ $sentinelport }} - {{- else }} - port: {{ .Values.sentinel.service.ports.sentinel }} - {{- end }} - targetPort: {{ .Values.sentinel.containerPorts.sentinel }} - {{- if and (or (eq .Values.sentinel.service.type "NodePort") (eq .Values.sentinel.service.type "LoadBalancer")) .Values.sentinel.service.nodePorts.sentinel }} - nodePort: {{ .Values.sentinel.service.nodePorts.sentinel }} - {{- else if eq .Values.sentinel.service.type "ClusterIP" }} - nodePort: null - {{- else if eq .Values.sentinel.service.type "NodePort" }} - nodePort: {{ $sentinelport }} - {{- end }} - {{- if eq .Values.sentinel.service.type "NodePort" }} - - name: sentinel-internal - nodePort: null - port: {{ .Values.sentinel.containerPorts.sentinel }} - protocol: TCP - targetPort: {{ .Values.sentinel.containerPorts.sentinel }} - - name: redis-internal - nodePort: null - port: {{ .Values.replica.containerPorts.redis }} - protocol: TCP - targetPort: {{ .Values.replica.containerPorts.redis }} - {{- end }} - {{- if .Values.sentinel.service.extraPorts }} - {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.service.extraPorts "context" $) | nindent 4 }} - {{- end }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} - app.kubernetes.io/component: node -{{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/sentinel/statefulset.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/sentinel/statefulset.yaml deleted file mode 100644 index 666e9ed..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/sentinel/statefulset.yaml +++ /dev/null @@ -1,688 +0,0 @@ -{{- if or .Release.IsUpgrade (ne .Values.sentinel.service.type "NodePort") .Values.sentinel.service.nodePorts.redis -}} -{{- if and (eq .Values.architecture "replication") .Values.sentinel.enabled }} -apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} -kind: StatefulSet -metadata: - name: {{ printf "%s-node" (include "common.names.fullname" .) }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: node - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.replica.replicaCount }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: node - serviceName: {{ printf "%s-headless" (include "common.names.fullname" .) }} - {{- if .Values.replica.updateStrategy }} - updateStrategy: {{- toYaml .Values.replica.updateStrategy | nindent 4 }} - {{- end }} - {{- if .Values.replica.podManagementPolicy }} - podManagementPolicy: {{ .Values.replica.podManagementPolicy | quote }} - {{- end }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - app.kubernetes.io/component: node - {{- if .Values.replica.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.podLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podLabels "context" $ ) | nindent 8 }} - {{- end }} - annotations: - {{- if (include "redis.createConfigmap" .) }} - checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- end }} - checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }} - checksum/scripts: {{ include (print $.Template.BasePath "/scripts-configmap.yaml") . | sha256sum }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- if .Values.replica.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - spec: - {{- include "redis.imagePullSecrets" . | nindent 6 }} - {{- if .Values.replica.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.replica.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.podSecurityContext.enabled }} - securityContext: {{- omit .Values.replica.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "redis.serviceAccountName" . }} - {{- if .Values.replica.priorityClassName }} - priorityClassName: {{ .Values.replica.priorityClassName | quote }} - {{- end }} - {{- if .Values.replica.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.replica.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAffinityPreset "component" "node" "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.replica.podAntiAffinityPreset "component" "node" "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.replica.nodeAffinityPreset.type "key" .Values.replica.nodeAffinityPreset.key "values" .Values.replica.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.replica.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.replica.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.replica.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.topologySpreadConstraints }} - topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.replica.topologySpreadConstraints "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.replica.shareProcessNamespace }} - shareProcessNamespace: {{ .Values.replica.shareProcessNamespace }} - {{- end }} - {{- if .Values.replica.schedulerName }} - schedulerName: {{ .Values.replica.schedulerName | quote }} - {{- end }} - {{- if .Values.replica.dnsPolicy }} - dnsPolicy: {{ .Values.replica.dnsPolicy }} - {{- end }} - {{- if .Values.replica.dnsConfig }} - dnsConfig: {{- include "common.tplvalues.render" (dict "value" .Values.replica.dnsConfig "context" $) | nindent 8 }} - {{- end }} - terminationGracePeriodSeconds: {{ .Values.sentinel.terminationGracePeriodSeconds }} - containers: - - name: redis - image: {{ template "redis.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.replica.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.replica.lifecycleHooks "context" $) | nindent 12 }} - {{- else }} - lifecycle: - preStop: - exec: - command: - - /bin/bash - - -c - - /opt/bitnami/scripts/start-scripts/prestop-redis.sh - {{- end }} - {{- end }} - {{- if .Values.replica.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.replica.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.replica.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.replica.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.replica.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.replica.args "context" $) | nindent 12 }} - {{- else }} - args: - - -c - - /opt/bitnami/scripts/start-scripts/start-node.sh - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - - name: REDIS_MASTER_PORT_NUMBER - value: {{ .Values.replica.containerPorts.redis | quote }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} - {{- if .Values.auth.enabled }} - {{- if .Values.auth.usePasswordFiles }} - - name: REDIS_PASSWORD_FILE - value: "/opt/bitnami/redis/secrets/redis-password" - - name: REDIS_MASTER_PASSWORD_FILE - value: "/opt/bitnami/redis/secrets/redis-password" - {{- else }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - - name: REDIS_MASTER_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - {{- end }} - {{- end }} - - name: REDIS_TLS_ENABLED - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: REDIS_TLS_PORT - value: {{ .Values.replica.containerPorts.redis | quote }} - - name: REDIS_TLS_AUTH_CLIENTS - value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} - - name: REDIS_TLS_CERT_FILE - value: {{ template "redis.tlsCert" . }} - - name: REDIS_TLS_KEY_FILE - value: {{ template "redis.tlsCertKey" . }} - - name: REDIS_TLS_CA_FILE - value: {{ template "redis.tlsCACert" . }} - {{- if .Values.tls.dhParamsFilename }} - - name: REDIS_TLS_DH_PARAMS_FILE - value: {{ template "redis.tlsDHParams" . }} - {{- end }} - {{- else }} - - name: REDIS_PORT - value: {{ .Values.replica.containerPorts.redis | quote }} - {{- end }} - - name: REDIS_DATA_DIR - value: {{ .Values.replica.persistence.path }} - {{- if .Values.replica.externalMaster.enabled }} - - name: REDIS_EXTERNAL_MASTER_HOST - value: {{ .Values.replica.externalMaster.host | quote }} - - name: REDIS_EXTERNAL_MASTER_PORT - value: {{ .Values.replica.externalMaster.port | quote }} - {{- end }} - {{- if .Values.replica.extraEnvVars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraEnvVars "context" $ ) | nindent 12 }} - {{- end }} - {{- if or .Values.replica.extraEnvVarsCM .Values.replica.extraEnvVarsSecret }} - envFrom: - {{- if .Values.replica.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.replica.extraEnvVarsCM }} - {{- end }} - {{- if .Values.replica.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.replica.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: redis - containerPort: {{ .Values.replica.containerPorts.redis }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.replica.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.replica.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: redis - {{- else if .Values.replica.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.replica.livenessProbe.enabled }} - livenessProbe: - initialDelaySeconds: {{ .Values.replica.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.replica.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.replica.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.replica.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.replica.livenessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_liveness_local.sh {{ .Values.replica.livenessProbe.timeoutSeconds }} - {{- else if .Values.replica.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.replica.readinessProbe.enabled }} - readinessProbe: - initialDelaySeconds: {{ .Values.replica.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.replica.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.replica.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.replica.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.replica.readinessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_readiness_local.sh {{ .Values.replica.readinessProbe.timeoutSeconds }} - {{- else if .Values.replica.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.replica.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.replica.resources }} - resources: {{- toYaml .Values.replica.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: start-scripts - mountPath: /opt/bitnami/scripts/start-scripts - - name: health - mountPath: /health - {{- if .Values.sentinel.persistence.enabled }} - - name: sentinel-data - mountPath: /opt/bitnami/redis-sentinel/etc - {{- end }} - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - mountPath: /opt/bitnami/redis/secrets/ - {{- end }} - - name: redis-data - mountPath: {{ .Values.replica.persistence.path }} - subPath: {{ .Values.replica.persistence.subPath }} - - name: config - mountPath: /opt/bitnami/redis/mounted-etc - - name: redis-tmp-conf - mountPath: /opt/bitnami/redis/etc - - name: tmp - mountPath: /tmp - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.replica.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - - name: sentinel - image: {{ template "redis.sentinel.image" . }} - imagePullPolicy: {{ .Values.sentinel.image.pullPolicy | quote }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.sentinel.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.lifecycleHooks "context" $) | nindent 12 }} - {{- else }} - lifecycle: - preStop: - exec: - command: - - /bin/bash - - -c - - /opt/bitnami/scripts/start-scripts/prestop-sentinel.sh - {{- end }} - {{- end }} - {{- if .Values.sentinel.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.sentinel.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else if .Values.sentinel.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- else if .Values.sentinel.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.args "context" $) | nindent 12 }} - {{- else }} - args: - - -c - - /opt/bitnami/scripts/start-scripts/start-sentinel.sh - {{- end }} - env: - - name: BITNAMI_DEBUG - value: {{ ternary "true" "false" (or .Values.sentinel.image.debug .Values.diagnosticMode.enabled) | quote }} - {{- if .Values.auth.enabled }} - {{- if .Values.auth.usePasswordFiles }} - - name: REDIS_PASSWORD_FILE - value: "/opt/bitnami/redis/secrets/redis-password" - {{- else }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - {{- end }} - {{- else }} - - name: ALLOW_EMPTY_PASSWORD - value: "yes" - {{- end }} - - name: REDIS_SENTINEL_TLS_ENABLED - value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} - {{- if .Values.tls.enabled }} - - name: REDIS_SENTINEL_TLS_PORT_NUMBER - value: {{ .Values.sentinel.containerPorts.sentinel | quote }} - - name: REDIS_SENTINEL_TLS_AUTH_CLIENTS - value: {{ ternary "yes" "no" .Values.tls.authClients | quote }} - - name: REDIS_SENTINEL_TLS_CERT_FILE - value: {{ template "redis.tlsCert" . }} - - name: REDIS_SENTINEL_TLS_KEY_FILE - value: {{ template "redis.tlsCertKey" . }} - - name: REDIS_SENTINEL_TLS_CA_FILE - value: {{ template "redis.tlsCACert" . }} - {{- if .Values.tls.dhParamsFilename }} - - name: REDIS_SENTINEL_TLS_DH_PARAMS_FILE - value: {{ template "redis.tls.dhParamsFilename" . }} - {{- end }} - {{- else }} - - name: REDIS_SENTINEL_PORT - value: {{ .Values.sentinel.containerPorts.sentinel | quote }} - {{- end }} - {{- if .Values.sentinel.externalMaster.enabled }} - - name: REDIS_EXTERNAL_MASTER_HOST - value: {{ .Values.sentinel.externalMaster.host | quote }} - - name: REDIS_EXTERNAL_MASTER_PORT - value: {{ .Values.sentinel.externalMaster.port | quote }} - {{- end }} - {{- if .Values.sentinel.extraEnvVars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraEnvVars "context" $ ) | nindent 12 }} - {{- end }} - {{- if or .Values.sentinel.extraEnvVarsCM .Values.sentinel.extraEnvVarsSecret }} - envFrom: - {{- if .Values.sentinel.extraEnvVarsCM }} - - configMapRef: - name: {{ .Values.sentinel.extraEnvVarsCM }} - {{- end }} - {{- if .Values.sentinel.extraEnvVarsSecret }} - - secretRef: - name: {{ .Values.sentinel.extraEnvVarsSecret }} - {{- end }} - {{- end }} - ports: - - name: redis-sentinel - containerPort: {{ .Values.sentinel.containerPorts.sentinel }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.sentinel.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.sentinel.startupProbe "enabled") "context" $) | nindent 12 }} - tcpSocket: - port: redis-sentinel - {{- else if .Values.sentinel.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sentinel.livenessProbe.enabled }} - livenessProbe: - initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.sentinel.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }} - {{- else if .Values.sentinel.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if not .Values.diagnosticMode.enabled }} - {{- if .Values.sentinel.readinessProbe.enabled }} - readinessProbe: - initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.sentinel.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }} - exec: - command: - - sh - - -c - - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }} - {{- else if .Values.sentinel.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.sentinel.resources }} - resources: {{- toYaml .Values.sentinel.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: start-scripts - mountPath: /opt/bitnami/scripts/start-scripts - - name: health - mountPath: /health - - name: sentinel-data - mountPath: /opt/bitnami/redis-sentinel/etc - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - mountPath: /opt/bitnami/redis/secrets/ - {{- end }} - - name: redis-data - mountPath: {{ .Values.replica.persistence.path }} - subPath: {{ .Values.replica.persistence.subPath }} - - name: config - mountPath: /opt/bitnami/redis-sentinel/mounted-etc - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.sentinel.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "redis.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.metrics.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} - {{- else }} - command: - - /bin/bash - - -c - - | - if [[ -f '/secrets/redis-password' ]]; then - export REDIS_PASSWORD=$(cat /secrets/redis-password) - fi - redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }} - {{- end }} - {{- if .Values.diagnosticMode.enabled }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: REDIS_ALIAS - value: {{ template "common.names.fullname" . }} - {{- if .Values.auth.enabled }} - - name: REDIS_USER - value: default - {{- if (not .Values.auth.usePasswordFiles) }} - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "redis.secretName" . }} - key: {{ template "redis.secretPasswordKey" . }} - {{- end }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: REDIS_ADDR - value: rediss://{{ .Values.metrics.redisTargetHost }}:{{ .Values.replica.containerPorts.redis }} - {{- if .Values.tls.authClients }} - - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE - value: {{ template "redis.tlsCertKey" . }} - - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE - value: {{ template "redis.tlsCert" . }} - {{- end }} - - name: REDIS_EXPORTER_TLS_CA_CERT_FILE - value: {{ template "redis.tlsCACert" . }} - {{- end }} - {{- if .Values.metrics.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - ports: - - name: metrics - containerPort: 9121 - {{- if .Values.metrics.resources }} - resources: {{- toYaml .Values.metrics.resources | nindent 12 }} - {{- end }} - volumeMounts: - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - mountPath: /secrets/ - {{- end }} - {{- if .Values.tls.enabled }} - - name: redis-certificates - mountPath: /opt/bitnami/redis/certs - readOnly: true - {{- end }} - {{- if .Values.metrics.extraVolumeMounts }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumeMounts "context" $ ) | nindent 12 }} - {{- end }} - {{- end }} - {{- if .Values.replica.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.sidecars "context" $) | nindent 8 }} - {{- end }} - {{- $needsVolumePermissions := and .Values.volumePermissions.enabled .Values.replica.persistence.enabled .Values.replica.podSecurityContext.enabled .Values.replica.containerSecurityContext.enabled }} - {{- if or .Values.replica.initContainers $needsVolumePermissions .Values.sysctl.enabled }} - initContainers: - {{- if .Values.replica.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.replica.initContainers "context" $) | nindent 8 }} - {{- end }} - {{- if $needsVolumePermissions }} - - name: volume-permissions - image: {{ include "redis.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -ec - - | - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - chown -R `id -u`:`id -G | cut -d " " -f2` {{ .Values.replica.persistence.path }} - {{- else }} - chown -R {{ .Values.replica.containerSecurityContext.runAsUser }}:{{ .Values.replica.podSecurityContext.fsGroup }} {{ .Values.replica.persistence.path }} - {{- end }} - {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: redis-data - mountPath: {{ .Values.replica.persistence.path }} - subPath: {{ .Values.replica.persistence.subPath }} - {{- end }} - {{- if .Values.sysctl.enabled }} - - name: init-sysctl - image: {{ include "redis.sysctl.image" . }} - imagePullPolicy: {{ default "" .Values.sysctl.image.pullPolicy | quote }} - securityContext: - privileged: true - runAsUser: 0 - {{- if .Values.sysctl.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.sysctl.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sysctl.resources }} - resources: {{- toYaml .Values.sysctl.resources | nindent 12 }} - {{- end }} - {{- if .Values.sysctl.mountHostSys }} - volumeMounts: - - name: host-sys - mountPath: /host-sys - {{- end }} - {{- end }} - {{- end }} - volumes: - - name: start-scripts - configMap: - name: {{ printf "%s-scripts" (include "common.names.fullname" .) }} - defaultMode: 0755 - - name: health - configMap: - name: {{ printf "%s-health" (include "common.names.fullname" .) }} - defaultMode: 0755 - {{- if .Values.auth.usePasswordFiles }} - - name: redis-password - secret: - secretName: {{ template "redis.secretName" . }} - items: - - key: {{ template "redis.secretPasswordKey" . }} - path: redis-password - {{- end }} - - name: config - configMap: - name: {{ include "redis.configmapName" . }} - {{- if .Values.sysctl.mountHostSys }} - - name: host-sys - hostPath: - path: /sys - {{- end }} - {{- if not .Values.sentinel.persistence.enabled }} - - name: sentinel-data - {{- if .Values.sentinel.persistence.medium }} - emptyDir: { - medium: {{ .Values.sentinel.persistence.medium | quote }} - } - {{- else }} - emptyDir: {} - {{- end }} - {{- end }} - - name: redis-tmp-conf - {{- if .Values.replica.persistence.medium }} - emptyDir: { - medium: {{ .Values.replica.persistence.medium | quote }} - } - {{- else }} - emptyDir: {} - {{- end }} - - name: tmp - {{- if .Values.replica.persistence.medium }} - emptyDir: { - medium: {{ .Values.replica.persistence.medium | quote }} - } - {{- else }} - emptyDir: {} - {{- end }} - {{- if .Values.replica.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.replica.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.metrics.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.sentinel.extraVolumes }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.extraVolumes "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.tls.enabled }} - - name: redis-certificates - secret: - secretName: {{ include "redis.tlsSecretName" . }} - defaultMode: 256 - {{- end }} - {{- if not .Values.replica.persistence.enabled }} - - name: redis-data - {{- if .Values.replica.persistence.medium }} - emptyDir: { - medium: {{ .Values.replica.persistence.medium | quote }} - } - {{- else }} - emptyDir: {} - {{- end }} - {{- else }} - volumeClaimTemplates: - - metadata: - name: redis-data - labels: {{- include "common.labels.matchLabels" . | nindent 10 }} - app.kubernetes.io/component: node - {{- if .Values.replica.persistence.annotations }} - annotations: {{- toYaml .Values.replica.persistence.annotations | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.replica.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.replica.persistence.size | quote }} - {{- if .Values.replica.persistence.selector }} - selector: {{- include "common.tplvalues.render" ( dict "value" .Values.replica.persistence.selector "context" $) | nindent 10 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.replica.persistence "global" .Values.global) | nindent 8 }} - {{- if .Values.sentinel.persistence.enabled }} - - metadata: - name: sentinel-data - labels: {{- include "common.labels.matchLabels" . | nindent 10 }} - app.kubernetes.io/component: node - {{- if .Values.sentinel.persistence.annotations }} - annotations: {{- toYaml .Values.sentinel.persistence.annotations | nindent 10 }} - {{- end }} - spec: - accessModes: - {{- range .Values.sentinel.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.sentinel.persistence.size | quote }} - {{- if .Values.sentinel.persistence.selector }} - selector: {{- include "common.tplvalues.render" ( dict "value" .Values.sentinel.persistence.selector "context" $) | nindent 10 }} - {{- end }} - {{- if .Values.sentinel.persistence.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.sentinel.persistence.dataSource "context" $) | nindent 10 }} - {{- end }} - {{- include "common.storage.class" (dict "persistence" .Values.sentinel.persistence "global" .Values.global) | nindent 8 }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/serviceaccount.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/serviceaccount.yaml deleted file mode 100644 index 1ce68a7..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/serviceaccount.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} -metadata: - name: {{ template "redis.serviceAccountName" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if or .Values.commonAnnotations .Values.serviceAccount.annotations }} - annotations: - {{- if or .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.serviceAccount.annotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/servicemonitor.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/servicemonitor.yaml deleted file mode 100644 index 40754c2..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/servicemonitor.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} - {{- end }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: http-metrics - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabellings }} - relabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.metricRelabelings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 6 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - app.kubernetes.io/component: metrics -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/tls-secret.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/tls-secret.yaml deleted file mode 100644 index 4ab7acb..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/templates/tls-secret.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if (include "redis.createTlsSecret" .) }} -{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }} -{{- $existingCerts := (lookup "v1" "Secret" .Release.Namespace $secretName).data | default dict }} -{{- $ca := genCA "redis-ca" 365 }} -{{- $releaseNamespace := .Release.Namespace }} -{{- $clusterDomain := .Values.clusterDomain }} -{{- $fullname := include "common.names.fullname" . }} -{{- $serviceName := include "common.names.fullname" . }} -{{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }} -{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }} -{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: kubernetes.io/tls -data: - ca.crt: {{ (get $existingCerts "ca.crt") | default ($ca.Cert | b64enc | quote ) }} - tls.crt: {{ (get $existingCerts "tls.crt") | default ($crt.Cert | b64enc | quote) }} - tls.key: {{ (get $existingCerts "tls.key") | default ($crt.Key | b64enc | quote) }} -{{- end }} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/values.schema.json b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/values.schema.json deleted file mode 100644 index d6e226b..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/values.schema.json +++ /dev/null @@ -1,156 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "architecture": { - "type": "string", - "title": "Redis architecture", - "form": true, - "description": "Allowed values: `standalone` or `replication`", - "enum": ["standalone", "replication"] - }, - "auth": { - "type": "object", - "title": "Authentication configuration", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Use password authentication" - }, - "password": { - "type": "string", - "title": "Redis password", - "form": true, - "description": "Defaults to a random 10-character alphanumeric string if not set", - "hidden": { - "value": false, - "path": "auth/enabled" - } - } - } - }, - "master": { - "type": "object", - "title": "Master replicas settings", - "form": true, - "properties": { - "kind": { - "type": "string", - "title": "Workload Kind", - "form": true, - "description": "Allowed values: `Deployment` or `StatefulSet`", - "enum": ["Deployment", "StatefulSet"] - }, - "persistence": { - "type": "object", - "title": "Persistence for master replicas", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable persistence", - "description": "Enable persistence using Persistent Volume Claims" - }, - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi", - "hidden": { - "value": false, - "path": "master/persistence/enabled" - } - } - } - } - } - }, - "replica": { - "type": "object", - "title": "Redis replicas settings", - "form": true, - "hidden": { - "value": "standalone", - "path": "architecture" - }, - "properties": { - "replicaCount": { - "type": "integer", - "form": true, - "title": "Number of Redis replicas" - }, - "persistence": { - "type": "object", - "title": "Persistence for Redis replicas", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable persistence", - "description": "Enable persistence using Persistent Volume Claims" - }, - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi", - "hidden": { - "value": false, - "path": "replica/persistence/enabled" - } - } - } - } - } - }, - "volumePermissions": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable Init Containers", - "description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination" - } - } - }, - "metrics": { - "type": "object", - "form": true, - "title": "Prometheus metrics details", - "properties": { - "enabled": { - "type": "boolean", - "title": "Create Prometheus metrics exporter", - "description": "Create a side-car container to expose Prometheus metrics", - "form": true - }, - "serviceMonitor": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "title": "Create Prometheus Operator ServiceMonitor", - "description": "Create a ServiceMonitor to track metrics using Prometheus Operator", - "form": true, - "hidden": { - "value": false, - "path": "metrics/enabled" - } - } - } - } - } - } - } -} diff --git a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/values.yaml b/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/values.yaml deleted file mode 100644 index 8a9aecc..0000000 --- a/source/src/main/java/io/wdd/source/redis-bitnami-16.13.2/values.yaml +++ /dev/null @@ -1,1623 +0,0 @@ -## @section Global parameters -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass -## - -## @param global.imageRegistry Global Docker image registry -## @param global.imagePullSecrets Global Docker registry secret names as an array -## @param global.storageClass Global StorageClass for Persistent Volume(s) -## @param global.redis.password Global Redis® password (overrides `auth.password`) -## -global: - imageRegistry: "" - ## E.g. - ## imagePullSecrets: - ## - myRegistryKeySecretName - ## - imagePullSecrets: [] - storageClass: "" - redis: - password: "" - -## @section Common parameters -## - -## @param kubeVersion Override Kubernetes version -## -kubeVersion: "" -## @param nameOverride String to partially override common.names.fullname -## -nameOverride: "" -## @param fullnameOverride String to fully override common.names.fullname -## -fullnameOverride: "" -## @param commonLabels Labels to add to all deployed objects -## -commonLabels: {} -## @param commonAnnotations Annotations to add to all deployed objects -## -commonAnnotations: {} -## @param secretAnnotations Annotations to add to secret -## -secretAnnotations: {} -## @param clusterDomain Kubernetes cluster domain name -## -clusterDomain: cluster.local -## @param extraDeploy Array of extra objects to deploy with the release -## -extraDeploy: [] - -## Enable diagnostic mode in the deployment -## -diagnosticMode: - ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) - ## - enabled: false - ## @param diagnosticMode.command Command to override all containers in the deployment - ## - command: - - sleep - ## @param diagnosticMode.args Args to override all containers in the deployment - ## - args: - - infinity - -## @section Redis® Image parameters -## - -## Bitnami Redis® image -## ref: https://hub.docker.com/r/bitnami/redis/tags/ -## @param image.registry Redis® image registry -## @param image.repository Redis® image repository -## @param image.tag Redis® image tag (immutable tags are recommended) -## @param image.pullPolicy Redis® image pull policy -## @param image.pullSecrets Redis® image pull secrets -## @param image.debug Enable image debug mode -## -image: - registry: docker.io - repository: bitnami/redis - tag: 6.2.7-debian-11-r11 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Enable debug mode - ## - debug: false - -## @section Redis® common configuration parameters -## https://github.com/bitnami/bitnami-docker-redis#configuration -## - -## @param architecture Redis® architecture. Allowed values: `standalone` or `replication` -## -architecture: standalone -## Redis® Authentication parameters -## ref: https://github.com/bitnami/bitnami-docker-redis#setting-the-server-password-on-first-run -## -auth: - ## @param auth.enabled Enable password authentication - ## - enabled: true - ## @param auth.sentinel Enable password authentication on sentinels too - ## - sentinel: false - ## @param auth.password Redis® password - ## Defaults to a random 10-character alphanumeric string if not set - ## - password: "boge14@Level5" - ## @param auth.existingSecret The name of an existing secret with Redis® credentials - ## NOTE: When it's set, the previous `auth.password` parameter is ignored - ## - existingSecret: "" - ## @param auth.existingSecretPasswordKey Password key to be retrieved from existing secret - ## NOTE: ignored unless `auth.existingSecret` parameter is set - ## - existingSecretPasswordKey: "" - ## @param auth.usePasswordFiles Mount credentials as files instead of using an environment variable - ## - usePasswordFiles: false - -## @param commonConfiguration [string] Common configuration to be added into the ConfigMap -## ref: https://redis.io/topics/config -## -commonConfiguration: |- - # Enable AOF https://redis.io/topics/persistence#append-only-file - appendonly no - # Disable RDB persistence, AOF persistence already enabled. - save "" -## @param existingConfigmap The name of an existing ConfigMap with your custom configuration for Redis® nodes -## -existingConfigmap: "" - -## @section Redis® master configuration parameters -## - -master: - ## @param master.count Number of Redis® master instances to deploy (experimental, requires additional configuration) - ## - count: 1 - ## @param master.configuration Configuration for Redis® master nodes - ## ref: https://redis.io/topics/config - ## - configuration: "" - ## @param master.disableCommands Array with Redis® commands to disable on master nodes - ## Commands will be completely disabled by renaming each to an empty string. - ## ref: https://redis.io/topics/security#disabling-of-specific-commands - ## - disableCommands: {} -# - FLUSHDB -# - FLUSHALL - ## @param master.command Override default container command (useful when using custom images) - ## - command: [] - ## @param master.args Override default container args (useful when using custom images) - ## - args: [] - ## @param master.preExecCmds Additional commands to run prior to starting Redis® master - ## - preExecCmds: [] - ## @param master.extraFlags Array with additional command line flags for Redis® master - ## e.g: - ## extraFlags: - # - "--maxmemory-policy volatile-ttl" - # - "--repl-backlog-size 1024mb" - ## - extraFlags: - - "--maxmemory-policy volatile-ttl" - - "--repl-backlog-size 1024mb" - ## @param master.extraEnvVars Array with extra environment variables to add to Redis® master nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param master.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis® master nodes - ## - extraEnvVarsCM: "" - ## @param master.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis® master nodes - ## - extraEnvVarsSecret: "" - ## @param master.containerPorts.redis Container port to open on Redis® master nodes - ## - containerPorts: - redis: 6379 - ## Configure extra options for Redis® containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param master.startupProbe.enabled Enable startupProbe on Redis® master nodes - ## @param master.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param master.startupProbe.periodSeconds Period seconds for startupProbe - ## @param master.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param master.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param master.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: false - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## @param master.livenessProbe.enabled Enable livenessProbe on Redis® master nodes - ## @param master.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param master.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param master.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param master.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param master.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## @param master.readinessProbe.enabled Enable readinessProbe on Redis® master nodes - ## @param master.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param master.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param master.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param master.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param master.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 5 - ## @param master.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param master.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param master.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## Redis® master resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param master.resources.limits The resources limits for the Redis® master containers - ## @param master.resources.requests The requested resources for the Redis® master containers - ## - resources: - limits: {} - requests: {} - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param master.podSecurityContext.enabled Enabled Redis® master pods' Security Context - ## @param master.podSecurityContext.fsGroup Set Redis® master pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param master.containerSecurityContext.enabled Enabled Redis® master containers' Security Context - ## @param master.containerSecurityContext.runAsUser Set Redis® master containers' Security Context runAsUser - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - ## @param master.kind Use either Deployment or StatefulSet (default) - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ - ## - kind: StatefulSet - ## @param master.schedulerName Alternate scheduler for Redis® master pods - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param master.updateStrategy.type Redis® master statefulset strategy type - ## @skip master.updateStrategy.rollingUpdate - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - ## StrategyType - ## Can be set to RollingUpdate or OnDelete - ## - type: RollingUpdate - rollingUpdate: {} - ## @param master.priorityClassName Redis® master pods' priorityClassName - ## - priorityClassName: "" - ## @param master.hostAliases Redis® master pods host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param master.podLabels Extra labels for Redis® master pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param master.podAnnotations Annotations for Redis® master pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param master.shareProcessNamespace Share a single process namespace between all of the containers in Redis® master pods - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ - ## - shareProcessNamespace: false - ## @param master.podAffinityPreset Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param master.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node master.affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param master.nodeAffinityPreset.type Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param master.nodeAffinityPreset.key Node label key to match. Ignored if `master.affinity` is set - ## - key: "" - ## @param master.nodeAffinityPreset.values Node label values to match. Ignored if `master.affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param master.affinity Affinity for Redis® master pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: `master.podAffinityPreset`, `master.podAntiAffinityPreset`, and `master.nodeAffinityPreset` will be ignored when it's set - ## - affinity: {} - ## @param master.nodeSelector Node labels for Redis® master pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param master.tolerations Tolerations for Redis® master pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param master.topologySpreadConstraints Spread Constraints for Redis® master pod assignment - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## E.g. - ## topologySpreadConstraints: - ## - maxSkew: 1 - ## topologyKey: node - ## whenUnsatisfiable: DoNotSchedule - ## - topologySpreadConstraints: [] - ## @param master.dnsPolicy DNS Policy for Redis® master pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ - ## E.g. - ## dnsPolicy: ClusterFirst - dnsPolicy: "" - ## @param master.dnsConfig DNS Configuration for Redis® master pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ - ## E.g. - ## dnsConfig: - ## options: - ## - name: ndots - ## value: "4" - ## - name: single-request-reopen - dnsConfig: {} - ## @param master.lifecycleHooks for the Redis® master container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param master.extraVolumes Optionally specify extra list of additional volumes for the Redis® master pod(s) - ## - extraVolumes: [] - ## @param master.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis® master container(s) - ## - extraVolumeMounts: [] - ## @param master.sidecars Add additional sidecar containers to the Redis® master pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param master.initContainers Add additional init containers to the Redis® master pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## Persistence parameters - ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## @param master.persistence.enabled Enable persistence on Redis® master nodes using Persistent Volume Claims - ## - enabled: false - ## @param master.persistence.medium Provide a medium for `emptyDir` volumes. - ## - medium: "" - ## @param master.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes. - ## - sizeLimit: "" - ## @param master.persistence.path The path the volume will be mounted at on Redis® master containers - ## NOTE: Useful when using different Redis® images - ## - path: /data - ## @param master.persistence.subPath The subdirectory of the volume to mount on Redis® master containers - ## NOTE: Useful in dev environments - ## - subPath: "" - ## @param master.persistence.storageClass Persistent Volume storage class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner - ## - storageClass: "" - ## @param master.persistence.accessModes Persistent Volume access modes - ## - accessModes: - - ReadWriteOnce - ## @param master.persistence.size Persistent Volume size - ## - size: 8Gi - ## @param master.persistence.annotations Additional custom annotations for the PVC - ## - annotations: {} - ## @param master.persistence.selector Additional labels to match for the PVC - ## e.g: - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @param master.persistence.dataSource Custom PVC data source - ## - dataSource: {} - ## @param master.persistence.existingClaim Use a existing PVC which must be created manually before bound - ## NOTE: requires master.persistence.enabled: true - ## - existingClaim: "" - ## Redis® master service parameters - ## - service: - ## @param master.service.type Redis® master service type - ## - type: NodePort - ## @param master.service.ports.redis Redis® master service port - ## - ports: - redis: 6379 - ## @param master.service.nodePorts.redis Node port for Redis® master - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - redis: "36379" - ## @param master.service.externalTrafficPolicy Redis® master service external traffic policy - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param master.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param master.service.internalTrafficPolicy Redis® master service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/ - ## - internalTrafficPolicy: Cluster - ## @param master.service.clusterIP Redis® master service Cluster IP - ## - clusterIP: "" - ## @param master.service.loadBalancerIP Redis® master service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param master.service.loadBalancerSourceRanges Redis® master service Load Balancer sources - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param master.service.annotations Additional custom annotations for Redis® master service - ## - annotations: {} - ## @param master.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## - sessionAffinity: None - ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param master.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-master pods - ## - terminationGracePeriodSeconds: 30 - -## @section Redis® replicas configuration parameters -## - -replica: - ## @param replica.replicaCount Number of Redis® replicas to deploy - ## - replicaCount: 3 - ## @param replica.configuration Configuration for Redis® replicas nodes - ## ref: https://redis.io/topics/config - ## - configuration: "" - ## @param replica.disableCommands Array with Redis® commands to disable on replicas nodes - ## Commands will be completely disabled by renaming each to an empty string. - ## ref: https://redis.io/topics/security#disabling-of-specific-commands - ## - disableCommands: - - FLUSHDB - - FLUSHALL - ## @param replica.command Override default container command (useful when using custom images) - ## - command: [] - ## @param replica.args Override default container args (useful when using custom images) - ## - args: [] - ## @param replica.preExecCmds Additional commands to run prior to starting Redis® replicas - ## - preExecCmds: [] - ## @param replica.extraFlags Array with additional command line flags for Redis® replicas - ## e.g: - ## extraFlags: - ## - "--maxmemory-policy volatile-ttl" - ## - "--repl-backlog-size 1024mb" - ## - extraFlags: [] - ## @param replica.extraEnvVars Array with extra environment variables to add to Redis® replicas nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param replica.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis® replicas nodes - ## - extraEnvVarsCM: "" - ## @param replica.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis® replicas nodes - ## - extraEnvVarsSecret: "" - ## @param replica.externalMaster.enabled Use external master for bootstrapping - ## @param replica.externalMaster.host External master host to bootstrap from - ## @param replica.externalMaster.port Port for Redis service external master host - ## - externalMaster: - enabled: false - host: "" - port: 6379 - ## @param replica.containerPorts.redis Container port to open on Redis® replicas nodes - ## - containerPorts: - redis: 6379 - ## Configure extra options for Redis® containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param replica.startupProbe.enabled Enable startupProbe on Redis® replicas nodes - ## @param replica.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param replica.startupProbe.periodSeconds Period seconds for startupProbe - ## @param replica.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param replica.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param replica.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 22 - ## @param replica.livenessProbe.enabled Enable livenessProbe on Redis® replicas nodes - ## @param replica.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param replica.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param replica.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param replica.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param replica.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## @param replica.readinessProbe.enabled Enable readinessProbe on Redis® replicas nodes - ## @param replica.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param replica.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param replica.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param replica.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param replica.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 5 - ## @param replica.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param replica.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param replica.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## Redis® replicas resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param replica.resources.limits The resources limits for the Redis® replicas containers - ## @param replica.resources.requests The requested resources for the Redis® replicas containers - ## - resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: {} - # cpu: 250m - # memory: 256Mi - requests: {} - # cpu: 250m - # memory: 256Mi - ## Configure Pods Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param replica.podSecurityContext.enabled Enabled Redis® replicas pods' Security Context - ## @param replica.podSecurityContext.fsGroup Set Redis® replicas pod's Security Context fsGroup - ## - podSecurityContext: - enabled: true - fsGroup: 1001 - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param replica.containerSecurityContext.enabled Enabled Redis® replicas containers' Security Context - ## @param replica.containerSecurityContext.runAsUser Set Redis® replicas containers' Security Context runAsUser - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - ## @param replica.schedulerName Alternate scheduler for Redis® replicas pods - ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ - ## - schedulerName: "" - ## @param replica.updateStrategy.type Redis® replicas statefulset strategy type - ## @skip replica.updateStrategy.rollingUpdate - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies - ## - updateStrategy: - ## StrategyType - ## Can be set to RollingUpdate or OnDelete - ## - type: RollingUpdate - rollingUpdate: {} - ## @param replica.priorityClassName Redis® replicas pods' priorityClassName - ## - priorityClassName: "" - ## @param replica.podManagementPolicy podManagementPolicy to manage scaling operation of %%MAIN_CONTAINER_NAME%% pods - ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies - ## - podManagementPolicy: "" - ## @param replica.hostAliases Redis® replicas pods host aliases - ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ - ## - hostAliases: [] - ## @param replica.podLabels Extra labels for Redis® replicas pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param replica.podAnnotations Annotations for Redis® replicas pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: {} - ## @param replica.shareProcessNamespace Share a single process namespace between all of the containers in Redis® replicas pods - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/ - ## - shareProcessNamespace: false - ## @param replica.podAffinityPreset Pod affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAffinityPreset: "" - ## @param replica.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity - ## - podAntiAffinityPreset: soft - ## Node affinity preset - ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity - ## - nodeAffinityPreset: - ## @param replica.nodeAffinityPreset.type Node affinity preset type. Ignored if `replica.affinity` is set. Allowed values: `soft` or `hard` - ## - type: "" - ## @param replica.nodeAffinityPreset.key Node label key to match. Ignored if `replica.affinity` is set - ## - key: "" - ## @param replica.nodeAffinityPreset.values Node label values to match. Ignored if `replica.affinity` is set - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - ## @param replica.affinity Affinity for Redis® replicas pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## NOTE: `replica.podAffinityPreset`, `replica.podAntiAffinityPreset`, and `replica.nodeAffinityPreset` will be ignored when it's set - ## - affinity: {} - ## @param replica.nodeSelector Node labels for Redis® replicas pods assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - ## @param replica.tolerations Tolerations for Redis® replicas pods assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - ## @param replica.topologySpreadConstraints Spread Constraints for Redis® replicas pod assignment - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## E.g. - ## topologySpreadConstraints: - ## - maxSkew: 1 - ## topologyKey: node - ## whenUnsatisfiable: DoNotSchedule - ## - topologySpreadConstraints: [] - ## @param replica.dnsPolicy DNS Policy for Redis® replica pods - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ - ## E.g. - ## dnsPolicy: ClusterFirst - dnsPolicy: "" - ## @param replica.dnsConfig DNS Configuration for Redis® replica pods - ## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ - ## E.g. - ## dnsConfig: - ## options: - ## - name: ndots - ## value: "4" - ## - name: single-request-reopen - dnsConfig: {} - ## @param replica.lifecycleHooks for the Redis® replica container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param replica.extraVolumes Optionally specify extra list of additional volumes for the Redis® replicas pod(s) - ## - extraVolumes: [] - ## @param replica.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis® replicas container(s) - ## - extraVolumeMounts: [] - ## @param replica.sidecars Add additional sidecar containers to the Redis® replicas pod(s) - ## e.g: - ## sidecars: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## ports: - ## - name: portname - ## containerPort: 1234 - ## - sidecars: [] - ## @param replica.initContainers Add additional init containers to the Redis® replicas pod(s) - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - ## e.g: - ## initContainers: - ## - name: your-image-name - ## image: your-image - ## imagePullPolicy: Always - ## command: ['sh', '-c', 'echo "hello world"'] - ## - initContainers: [] - ## Persistence Parameters - ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## @param replica.persistence.enabled Enable persistence on Redis® replicas nodes using Persistent Volume Claims - ## - enabled: true - ## @param replica.persistence.medium Provide a medium for `emptyDir` volumes. - ## - medium: "" - ## @param replica.persistence.sizeLimit Set this to enable a size limit for `emptyDir` volumes. - ## - sizeLimit: "" - ## @param replica.persistence.path The path the volume will be mounted at on Redis® replicas containers - ## NOTE: Useful when using different Redis® images - ## - path: /data - ## @param replica.persistence.subPath The subdirectory of the volume to mount on Redis® replicas containers - ## NOTE: Useful in dev environments - ## - subPath: "" - ## @param replica.persistence.storageClass Persistent Volume storage class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner - ## - storageClass: "" - ## @param replica.persistence.accessModes Persistent Volume access modes - ## - accessModes: - - ReadWriteOnce - ## @param replica.persistence.size Persistent Volume size - ## - size: 8Gi - ## @param replica.persistence.annotations Additional custom annotations for the PVC - ## - annotations: {} - ## @param replica.persistence.selector Additional labels to match for the PVC - ## e.g: - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @param replica.persistence.dataSource Custom PVC data source - ## - dataSource: {} - ## @param replica.persistence.existingClaim Use a existing PVC which must be created manually before bound - ## NOTE: requires replica.persistence.enabled: true - ## - existingClaim: "" - ## Redis® replicas service parameters - ## - service: - ## @param replica.service.type Redis® replicas service type - ## - type: ClusterIP - ## @param replica.service.ports.redis Redis® replicas service port - ## - ports: - redis: 6379 - ## @param replica.service.nodePorts.redis Node port for Redis® replicas - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## NOTE: choose port between <30000-32767> - ## - nodePorts: - redis: "" - ## @param replica.service.externalTrafficPolicy Redis® replicas service external traffic policy - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param replica.service.internalTrafficPolicy Redis® replicas service internal traffic policy (requires Kubernetes v1.22 or greater to be usable) - ## ref: https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/ - ## - internalTrafficPolicy: Cluster - ## @param replica.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param replica.service.clusterIP Redis® replicas service Cluster IP - ## - clusterIP: "" - ## @param replica.service.loadBalancerIP Redis® replicas service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param replica.service.loadBalancerSourceRanges Redis® replicas service Load Balancer sources - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param replica.service.annotations Additional custom annotations for Redis® replicas service - ## - annotations: {} - ## @param replica.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## - sessionAffinity: None - ## @param replica.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param replica.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-replicas pods - ## - terminationGracePeriodSeconds: 30 - ## Autoscaling configuration - ## - autoscaling: - ## @param replica.autoscaling.enabled Enable replica autoscaling settings - ## - enabled: false - ## @param replica.autoscaling.minReplicas Minimum replicas for the pod autoscaling - ## - minReplicas: 1 - ## @param replica.autoscaling.maxReplicas Maximum replicas for the pod autoscaling - ## - maxReplicas: 11 - ## @param replica.autoscaling.targetCPU Percentage of CPU to consider when autoscaling - ## - targetCPU: "" - ## @param replica.autoscaling.targetMemory Percentage of Memory to consider when autoscaling - ## - targetMemory: "" - -## @section Redis® Sentinel configuration parameters -## - -sentinel: - ## @param sentinel.enabled Use Redis® Sentinel on Redis® pods. - ## IMPORTANT: this will disable the master and replicas services and - ## create a single Redis® service exposing both the Redis and Sentinel ports - ## - enabled: false - ## Bitnami Redis® Sentinel image version - ## ref: https://hub.docker.com/r/bitnami/redis-sentinel/tags/ - ## @param sentinel.image.registry Redis® Sentinel image registry - ## @param sentinel.image.repository Redis® Sentinel image repository - ## @param sentinel.image.tag Redis® Sentinel image tag (immutable tags are recommended) - ## @param sentinel.image.pullPolicy Redis® Sentinel image pull policy - ## @param sentinel.image.pullSecrets Redis® Sentinel image pull secrets - ## @param sentinel.image.debug Enable image debug mode - ## - image: - registry: docker.io - repository: bitnami/redis-sentinel - tag: 6.2.7-debian-11-r12 - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Enable debug mode - ## - debug: false - ## @param sentinel.masterSet Master set name - ## - masterSet: mymaster - ## @param sentinel.quorum Sentinel Quorum - ## - quorum: 2 - ## @param sentinel.getMasterTimeout Amount of time to allow before get_sentinel_master_info() times out. - ## NOTE: This is directly related to the startupProbes which are configured to run every 10 seconds for a total of 22 failures. If adjusting this value, also adjust the startupProbes. - getMasterTimeout: 220 - ## @param sentinel.automateClusterRecovery Automate cluster recovery in cases where the last replica is not considered a good replica and Sentinel won't automatically failover to it. - ## This also prevents any new replica from starting until the last remaining replica is elected as master to guarantee that it is the one to be elected by Sentinel, and not a newly started replica with no data. - ## NOTE: This feature requires a "downAfterMilliseconds" value less or equal to 2000. - ## - automateClusterRecovery: false - ## Sentinel timing restrictions - ## @param sentinel.downAfterMilliseconds Timeout for detecting a Redis® node is down - ## @param sentinel.failoverTimeout Timeout for performing a election failover - ## - downAfterMilliseconds: 60000 - failoverTimeout: 18000 - ## @param sentinel.parallelSyncs Number of replicas that can be reconfigured in parallel to use the new master after a failover - ## - parallelSyncs: 1 - ## @param sentinel.configuration Configuration for Redis® Sentinel nodes - ## ref: https://redis.io/topics/sentinel - ## - configuration: "" - ## @param sentinel.command Override default container command (useful when using custom images) - ## - command: [] - ## @param sentinel.args Override default container args (useful when using custom images) - ## - args: [] - ## @param sentinel.preExecCmds Additional commands to run prior to starting Redis® Sentinel - ## - preExecCmds: [] - ## @param sentinel.extraEnvVars Array with extra environment variables to add to Redis® Sentinel nodes - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## @param sentinel.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Redis® Sentinel nodes - ## - extraEnvVarsCM: "" - ## @param sentinel.extraEnvVarsSecret Name of existing Secret containing extra env vars for Redis® Sentinel nodes - ## - extraEnvVarsSecret: "" - ## @param sentinel.externalMaster.enabled Use external master for bootstrapping - ## @param sentinel.externalMaster.host External master host to bootstrap from - ## @param sentinel.externalMaster.port Port for Redis service external master host - ## - externalMaster: - enabled: false - host: "" - port: 6379 - ## @param sentinel.containerPorts.sentinel Container port to open on Redis® Sentinel nodes - ## - containerPorts: - sentinel: 26379 - ## Configure extra options for Redis® containers' liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes - ## @param sentinel.startupProbe.enabled Enable startupProbe on Redis® Sentinel nodes - ## @param sentinel.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe - ## @param sentinel.startupProbe.periodSeconds Period seconds for startupProbe - ## @param sentinel.startupProbe.timeoutSeconds Timeout seconds for startupProbe - ## @param sentinel.startupProbe.failureThreshold Failure threshold for startupProbe - ## @param sentinel.startupProbe.successThreshold Success threshold for startupProbe - ## - startupProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 22 - ## @param sentinel.livenessProbe.enabled Enable livenessProbe on Redis® Sentinel nodes - ## @param sentinel.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe - ## @param sentinel.livenessProbe.periodSeconds Period seconds for livenessProbe - ## @param sentinel.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe - ## @param sentinel.livenessProbe.failureThreshold Failure threshold for livenessProbe - ## @param sentinel.livenessProbe.successThreshold Success threshold for livenessProbe - ## - livenessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 5 - successThreshold: 1 - failureThreshold: 5 - ## @param sentinel.readinessProbe.enabled Enable readinessProbe on Redis® Sentinel nodes - ## @param sentinel.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe - ## @param sentinel.readinessProbe.periodSeconds Period seconds for readinessProbe - ## @param sentinel.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe - ## @param sentinel.readinessProbe.failureThreshold Failure threshold for readinessProbe - ## @param sentinel.readinessProbe.successThreshold Success threshold for readinessProbe - ## - readinessProbe: - enabled: true - initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 1 - successThreshold: 1 - failureThreshold: 5 - ## @param sentinel.customStartupProbe Custom startupProbe that overrides the default one - ## - customStartupProbe: {} - ## @param sentinel.customLivenessProbe Custom livenessProbe that overrides the default one - ## - customLivenessProbe: {} - ## @param sentinel.customReadinessProbe Custom readinessProbe that overrides the default one - ## - customReadinessProbe: {} - ## Persistence parameters - ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - ## @param sentinel.persistence.enabled Enable persistence on Redis® sentinel nodes using Persistent Volume Claims (Experimental) - ## - enabled: false - ## @param sentinel.persistence.storageClass Persistent Volume storage class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner - ## - storageClass: "" - ## @param sentinel.persistence.accessModes Persistent Volume access modes - ## - accessModes: - - ReadWriteOnce - ## @param sentinel.persistence.size Persistent Volume size - ## - size: 100Mi - ## @param sentinel.persistence.annotations Additional custom annotations for the PVC - ## - annotations: {} - ## @param sentinel.persistence.selector Additional labels to match for the PVC - ## e.g: - ## selector: - ## matchLabels: - ## app: my-app - ## - selector: {} - ## @param sentinel.persistence.dataSource Custom PVC data source - ## - dataSource: {} - ## @param sentinel.persistence.medium Provide a medium for `emptyDir` volumes. - ## - medium: "" - ## Redis® Sentinel resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param sentinel.resources.limits The resources limits for the Redis® Sentinel containers - ## @param sentinel.resources.requests The requested resources for the Redis® Sentinel containers - ## - resources: - limits: {} - requests: {} - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param sentinel.containerSecurityContext.enabled Enabled Redis® Sentinel containers' Security Context - ## @param sentinel.containerSecurityContext.runAsUser Set Redis® Sentinel containers' Security Context runAsUser - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - ## @param sentinel.lifecycleHooks for the Redis® sentinel container(s) to automate configuration before or after startup - ## - lifecycleHooks: {} - ## @param sentinel.extraVolumes Optionally specify extra list of additional volumes for the Redis® Sentinel - ## - extraVolumes: [] - ## @param sentinel.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis® Sentinel container(s) - ## - extraVolumeMounts: [] - ## Redis® Sentinel service parameters - ## - service: - ## @param sentinel.service.type Redis® Sentinel service type - ## - type: ClusterIP - ## @param sentinel.service.ports.redis Redis® service port for Redis® - ## @param sentinel.service.ports.sentinel Redis® service port for Redis® Sentinel - ## - ports: - redis: 6379 - sentinel: 26379 - ## @param sentinel.service.nodePorts.redis Node port for Redis® - ## @param sentinel.service.nodePorts.sentinel Node port for Sentinel - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## NOTE: choose port between <30000-32767> - ## NOTE: By leaving these values blank, they will be generated by ports-configmap - ## If setting manually, please leave at least replica.replicaCount + 1 in between sentinel.service.nodePorts.redis and sentinel.service.nodePorts.sentinel to take into account the ports that will be created while incrementing that base port - ## - nodePorts: - redis: "" - sentinel: "" - ## @param sentinel.service.externalTrafficPolicy Redis® Sentinel service external traffic policy - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param sentinel.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param sentinel.service.clusterIP Redis® Sentinel service Cluster IP - ## - clusterIP: "" - ## @param sentinel.service.loadBalancerIP Redis® Sentinel service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param sentinel.service.loadBalancerSourceRanges Redis® Sentinel service Load Balancer sources - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param sentinel.service.annotations Additional custom annotations for Redis® Sentinel service - ## - annotations: {} - ## @param sentinel.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" - ## If "ClientIP", consecutive client requests will be directed to the same Pod - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - ## - sessionAffinity: None - ## @param sentinel.service.sessionAffinityConfig Additional settings for the sessionAffinity - ## sessionAffinityConfig: - ## clientIP: - ## timeoutSeconds: 300 - ## - sessionAffinityConfig: {} - ## @param sentinel.terminationGracePeriodSeconds Integer setting the termination grace period for the redis-node pods - ## - terminationGracePeriodSeconds: 30 - -## @section Other Parameters -## - -## Network Policy configuration -## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ -## -networkPolicy: - ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources - ## - enabled: false - ## @param networkPolicy.allowExternal Don't require client label for connections - ## When set to false, only pods with the correct client label will have network access to the ports - ## Redis® is listening on. When true, Redis® will accept connections from any source - ## (with the correct destination port). - ## - allowExternal: true - ## @param networkPolicy.extraIngress Add extra ingress rules to the NetworkPolicy - ## e.g: - ## extraIngress: - ## - ports: - ## - port: 1234 - ## from: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraIngress: [] - ## @param networkPolicy.extraEgress Add extra egress rules to the NetworkPolicy - ## e.g: - ## extraEgress: - ## - ports: - ## - port: 1234 - ## to: - ## - podSelector: - ## - matchLabels: - ## - role: frontend - ## - podSelector: - ## - matchExpressions: - ## - key: role - ## operator: In - ## values: - ## - frontend - ## - extraEgress: [] - ## @param networkPolicy.ingressNSMatchLabels Labels to match to allow traffic from other namespaces - ## @param networkPolicy.ingressNSPodMatchLabels Pod labels to match to allow traffic from other namespaces - ## - ingressNSMatchLabels: {} - ingressNSPodMatchLabels: {} -## PodSecurityPolicy configuration -## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -## -podSecurityPolicy: - ## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later - ## - create: false - ## @param podSecurityPolicy.enabled Enable PodSecurityPolicy's RBAC rules - ## - enabled: false -## RBAC configuration -## -rbac: - ## @param rbac.create Specifies whether RBAC resources should be created - ## - create: false - ## @param rbac.rules Custom RBAC rules to set - ## e.g: - ## rules: - ## - apiGroups: - ## - "" - ## resources: - ## - pods - ## verbs: - ## - get - ## - list - ## - rules: [] -## ServiceAccount configuration -## -serviceAccount: - ## @param serviceAccount.create Specifies whether a ServiceAccount should be created - ## - create: true - ## @param serviceAccount.name The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the common.names.fullname template - ## - name: "" - ## @param serviceAccount.automountServiceAccountToken Whether to auto mount the service account token - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server - ## - automountServiceAccountToken: true - ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount - ## - annotations: {} -## Redis® Pod Disruption Budget configuration -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -## -pdb: - ## @param pdb.create Specifies whether a PodDisruptionBudget should be created - ## - create: false - ## @param pdb.minAvailable Min number of pods that must still be available after the eviction - ## - minAvailable: 1 - ## @param pdb.maxUnavailable Max number of pods that can be unavailable after the eviction - ## - maxUnavailable: "" -## TLS configuration -## -tls: - ## @param tls.enabled Enable TLS traffic - ## - enabled: false - ## @param tls.authClients Require clients to authenticate - ## - authClients: true - ## @param tls.autoGenerated Enable autogenerated certificates - ## - autoGenerated: false - ## @param tls.existingSecret The name of the existing secret that contains the TLS certificates - ## - existingSecret: "" - ## @param tls.certificatesSecret DEPRECATED. Use existingSecret instead. - ## - certificatesSecret: "" - ## @param tls.certFilename Certificate filename - ## - certFilename: "" - ## @param tls.certKeyFilename Certificate Key filename - ## - certKeyFilename: "" - ## @param tls.certCAFilename CA Certificate filename - ## - certCAFilename: "" - ## @param tls.dhParamsFilename File containing DH params (in order to support DH based ciphers) - ## - dhParamsFilename: "" - -## @section Metrics Parameters -## - -metrics: - ## @param metrics.enabled Start a sidecar prometheus exporter to expose Redis® metrics - ## - enabled: false - ## Bitnami Redis® Exporter image - ## ref: https://hub.docker.com/r/bitnami/redis-exporter/tags/ - ## @param metrics.image.registry Redis® Exporter image registry - ## @param metrics.image.repository Redis® Exporter image repository - ## @param metrics.image.tag Redis® Redis® Exporter image tag (immutable tags are recommended) - ## @param metrics.image.pullPolicy Redis® Exporter image pull policy - ## @param metrics.image.pullSecrets Redis® Exporter image pull secrets - ## - image: - registry: docker.io - repository: bitnami/redis-exporter - tag: 1.43.0-debian-11-r4 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param metrics.command Override default metrics container init command (useful when using custom images) - ## - command: [] - ## @param metrics.redisTargetHost A way to specify an alternative Redis® hostname - ## Useful for certificate CN/SAN matching - ## - redisTargetHost: "localhost" - ## @param metrics.extraArgs Extra arguments for Redis® exporter, for example: - ## e.g.: - ## extraArgs: - ## check-keys: myKey,myOtherKey - ## - extraArgs: {} - ## @param metrics.extraEnvVars Array with extra environment variables to add to Redis® exporter - ## e.g: - ## extraEnvVars: - ## - name: FOO - ## value: "bar" - ## - extraEnvVars: [] - ## Configure Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod - ## @param metrics.containerSecurityContext.enabled Enabled Redis® exporter containers' Security Context - ## @param metrics.containerSecurityContext.runAsUser Set Redis® exporter containers' Security Context runAsUser - ## - containerSecurityContext: - enabled: true - runAsUser: 1001 - ## @param metrics.extraVolumes Optionally specify extra list of additional volumes for the Redis® metrics sidecar - ## - extraVolumes: [] - ## @param metrics.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Redis® metrics sidecar - ## - extraVolumeMounts: [] - ## Redis® exporter resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param metrics.resources.limits The resources limits for the Redis® exporter container - ## @param metrics.resources.requests The requested resources for the Redis® exporter container - ## - resources: - limits: {} - requests: {} - ## @param metrics.podLabels Extra labels for Redis® exporter pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - ## - podLabels: {} - ## @param metrics.podAnnotations [object] Annotations for Redis® exporter pods - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9121" - ## Redis® exporter service parameters - ## - service: - ## @param metrics.service.type Redis® exporter service type - ## - type: ClusterIP - ## @param metrics.service.port Redis® exporter service port - ## - port: 9121 - ## @param metrics.service.externalTrafficPolicy Redis® exporter service external traffic policy - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - ## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) - ## - extraPorts: [] - ## @param metrics.service.loadBalancerIP Redis® exporter service Load Balancer IP - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - loadBalancerIP: "" - ## @param metrics.service.loadBalancerSourceRanges Redis® exporter service Load Balancer sources - ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## e.g. - ## loadBalancerSourceRanges: - ## - 10.10.10.0/24 - ## - loadBalancerSourceRanges: [] - ## @param metrics.service.annotations Additional custom annotations for Redis® exporter service - ## - annotations: {} - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - ## - serviceMonitor: - ## @param metrics.serviceMonitor.enabled Create ServiceMonitor resource(s) for scraping metrics using PrometheusOperator - ## - enabled: false - ## @param metrics.serviceMonitor.namespace The namespace in which the ServiceMonitor will be created - ## - namespace: "" - ## @param metrics.serviceMonitor.interval The interval at which metrics should be scraped - ## - interval: 30s - ## @param metrics.serviceMonitor.scrapeTimeout The timeout after which the scrape is ended - ## - scrapeTimeout: "" - ## @param metrics.serviceMonitor.relabellings Metrics RelabelConfigs to apply to samples before scraping. - ## - relabellings: [] - ## @param metrics.serviceMonitor.metricRelabelings Metrics RelabelConfigs to apply to samples before ingestion. - ## - metricRelabelings: [] - ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## @param metrics.serviceMonitor.additionalLabels Additional labels that can be used so ServiceMonitor resource(s) can be discovered by Prometheus - ## - additionalLabels: {} - ## Custom PrometheusRule to be defined - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - ## - prometheusRule: - ## @param metrics.prometheusRule.enabled Create a custom prometheusRule Resource for scraping metrics using PrometheusOperator - ## - enabled: false - ## @param metrics.prometheusRule.namespace The namespace in which the prometheusRule will be created - ## - namespace: "" - ## @param metrics.prometheusRule.additionalLabels Additional labels for the prometheusRule - ## - additionalLabels: {} - ## @param metrics.prometheusRule.rules Custom Prometheus rules - ## e.g: - ## rules: - ## - alert: RedisDown - ## expr: redis_up{service="{{ template "common.names.fullname" . }}-metrics"} == 0 - ## for: 2m - ## labels: - ## severity: error - ## annotations: - ## summary: Redis® instance {{ "{{ $labels.instance }}" }} down - ## description: Redis® instance {{ "{{ $labels.instance }}" }} is down - ## - alert: RedisMemoryHigh - ## expr: > - ## redis_memory_used_bytes{service="{{ template "common.names.fullname" . }}-metrics"} * 100 - ## / - ## redis_memory_max_bytes{service="{{ template "common.names.fullname" . }}-metrics"} - ## > 90 - ## for: 2m - ## labels: - ## severity: error - ## annotations: - ## summary: Redis® instance {{ "{{ $labels.instance }}" }} is using too much memory - ## description: | - ## Redis® instance {{ "{{ $labels.instance }}" }} is using {{ "{{ $value }}" }}% of its available memory. - ## - alert: RedisKeyEviction - ## expr: | - ## increase(redis_evicted_keys_total{service="{{ template "common.names.fullname" . }}-metrics"}[5m]) > 0 - ## for: 1s - ## labels: - ## severity: error - ## annotations: - ## summary: Redis® instance {{ "{{ $labels.instance }}" }} has evicted keys - ## description: | - ## Redis® instance {{ "{{ $labels.instance }}" }} has evicted {{ "{{ $value }}" }} keys in the last 5 minutes. - ## - rules: [] - -## @section Init Container Parameters -## - -## 'volumePermissions' init container parameters -## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values -## based on the *podSecurityContext/*containerSecurityContext parameters -## -volumePermissions: - ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` - ## - enabled: false - ## Bitnami Shell image - ## ref: https://hub.docker.com/r/bitnami/bitnami-shell/tags/ - ## @param volumePermissions.image.registry Bitnami Shell image registry - ## @param volumePermissions.image.repository Bitnami Shell image repository - ## @param volumePermissions.image.tag Bitnami Shell image tag (immutable tags are recommended) - ## @param volumePermissions.image.pullPolicy Bitnami Shell image pull policy - ## @param volumePermissions.image.pullSecrets Bitnami Shell image pull secrets - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 11-debian-11-r11 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## Init container's resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param volumePermissions.resources.limits The resources limits for the init container - ## @param volumePermissions.resources.requests The requested resources for the init container - ## - resources: - limits: {} - requests: {} - ## Init container Container Security Context - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container - ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser - ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the - ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` - ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) - ## - containerSecurityContext: - runAsUser: 0 - -## init-sysctl container parameters -## used to perform sysctl operation to modify Kernel settings (needed sometimes to avoid warnings) -## -sysctl: - ## @param sysctl.enabled Enable init container to modify Kernel settings - ## - enabled: false - ## Bitnami Shell image - ## ref: https://hub.docker.com/r/bitnami/bitnami-shell/tags/ - ## @param sysctl.image.registry Bitnami Shell image registry - ## @param sysctl.image.repository Bitnami Shell image repository - ## @param sysctl.image.tag Bitnami Shell image tag (immutable tags are recommended) - ## @param sysctl.image.pullPolicy Bitnami Shell image pull policy - ## @param sysctl.image.pullSecrets Bitnami Shell image pull secrets - ## - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: 11-debian-11-r11 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## e.g: - ## pullSecrets: - ## - myRegistryKeySecretName - ## - pullSecrets: [] - ## @param sysctl.command Override default init-sysctl container command (useful when using custom images) - ## - command: [] - ## @param sysctl.mountHostSys Mount the host `/sys` folder to `/host-sys` - ## - mountHostSys: false - ## Init container's resource requests and limits - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## @param sysctl.resources.limits The resources limits for the init container - ## @param sysctl.resources.requests The requested resources for the init container - ## - resources: - limits: {} - requests: {} - -## @section useExternalDNS Parameters -## -## @param useExternalDNS.enabled Enable various syntax that would enable external-dns to work. Note this requires a working installation of `external-dns` to be usable. -## @param useExternalDNS.additionalAnnotations Extra annotations to be utilized when `external-dns` is enabled. -## @param useExternalDNS.annotationKey The annotation key utilized when `external-dns` is enabled. -## @param useExternalDNS.suffix The DNS suffix utilized when `external-dns` is enabled. Note that we prepend the suffix with the full name of the release. -## -useExternalDNS: - enabled: false - suffix: "" - annotationKey: external-dns.alpha.kubernetes.io/ - additionalAnnotations: {} diff --git a/source/src/main/java/io/wdd/source/shell/server-bootup.sh b/source/src/main/java/io/wdd/source/shell/server-bootup.sh new file mode 100644 index 0000000..19633bf --- /dev/null +++ b/source/src/main/java/io/wdd/source/shell/server-bootup.sh @@ -0,0 +1,754 @@ +#!/bin/bash + +##### environment variables ###### + +JAVA_OPTS="-Xms2048m -Xmx2048m --file.encoding=utf-8 --spring.profiles.active=k3s --spring.cloud.nacos.config.group=k3s --spring.cloud.nacos.config.extension-configs[0].dataId=common-k3s.yaml --spring.cloud.nacos.config.extension-configs[0].group=k3s --debug=false --logging.level.io.wdd.server=info" + +DOCKER_VERSION="20.10.10" + +OctopusServerContainerName="octopus-server" + +OctopusAgentUrl=https://happybirthday.107421.xyz/octopus-agent/ + +RepoSourcePath=https://raw.githubusercontent.com/zeaslity/ProjectOctopus/main/source/src/main/java/io/wdd/source/shell + +OctopusAgentPath=/octopus-agent/shell +##### environment variables ###### + +CMD_INSTALL="" +CMD_UPDATE="" +CMD_REMOVE="" +SOFTWARE_UPDATED=0 +LinuxReleaseVersion="" +LinuxRelease="" + +RED="31m" ## 姨妈红 +GREEN="32m" ## 水鸭青 +YELLOW="33m" ## 鸭屎黄 +PURPLE="35m" ## 基佬紫 +BLUE="36m" ## 天依蓝 +BlinkGreen="32;5m" ##闪烁的绿色 +BlinkRed="31;5m" ##闪烁的红色 +BackRed="41m" ## 背景红色 +SplitLine="----------------------" #会被sys函数中的方法重写 + +######## 颜色函数方法很精妙 ############ +colorEcho() { + echo -e "\033[${1}${@:2}\033[0m" 1>&2 +} + +####################################### +# description +# Globals: +# EUID +# RED +# YELLOW +# Arguments: +# None +####################################### +check_root() { + if [[ $EUID != 0 ]]; then + colorEcho ${RED} "当前非root账号(或没有root权限),无法继续操作,请更换root账号!" + colorEcho ${YELLOW} "使用sudo -命令获取临时root权限(执行后可能会提示输入root密码)" + exit 1 + fi +} + +####################################### +# description +# Globals: +# PURPLE +# SplitLine +# Arguments: +# None +####################################### +FunctionStart() { + colorEcho ${PURPLE} ${SplitLine} + colorEcho ${PURPLE} ${SplitLine} + echo "" +} + +####################################### +# description +# Globals: +# GREEN +# SplitLine +# Arguments: +# None +####################################### +FunctionSuccess() { + colorEcho ${GREEN} ${SplitLine} + echo "" +} + +####################################### +# description +# Globals: +# BlinkGreen +# SplitLine +# Arguments: +# None +####################################### +FunctionEnd() { + echo "" + colorEcho ${BlinkGreen} ${SplitLine} + echo "" + echo "" +} +# 判断命令是否存在 +command_exists() { + command -v "$@" >/dev/null 2>&1 +} + +####### 获取系统版本及64位或32位信息 +check_sys() { + # 获取当前终端的宽度,动态调整分割线的长度 + shellwidth=$(stty size | awk '{print $2}') + SplitLine=$(yes "-" | sed ${shellwidth}'q' | tr -d '\n') + + sys_bit=$(uname -m) + case $sys_bit in + i[36]86) + os_bit="32" + LinuxRelease="386" + ;; + x86_64) + os_bit="64" + LinuxRelease="amd64" + ;; + *armv6*) + os_bit="arm" + LinuxRelease="arm6" + ;; + *armv7*) + os_bit="arm" + LinuxRelease="arm7" + ;; + *aarch64* | *armv8*) + os_bit="arm64" + LinuxRelease="arm64" + ;; + *) + colorEcho ${RED} " + 哈哈……这个 辣鸡脚本 不支持你的系统。 (-_-) \n + 备注: 仅支持 Ubuntu 16+ / Debian 8+ / CentOS 7+ 系统 + " && exit 1 + ;; + esac + ## 判定Linux的发行版本 + if [ -f /etc/redhat-release ]; then + LinuxReleaseVersion="centos" + elif cat /etc/issue | grep -Eqi "debian"; then + LinuxReleaseVersion="debian" + elif cat /etc/issue | grep -Eqi "ubuntu"; then + LinuxReleaseVersion="ubuntu" + elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; then + LinuxReleaseVersion="centos" + elif cat /proc/version | grep -Eqi "debian"; then + LinuxReleaseVersion="debian" + elif cat /proc/version | grep -Eqi "ubuntu"; then + LinuxReleaseVersion="ubuntu" + elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; then + LinuxReleaseVersion="centos" + else + LinuxReleaseVersion="" + fi + + # 判断系统的包管理工具 apt, yum, or zypper + getPackageManageTool() { + if [[ -n $(command -v apt-get) ]]; then + CMD_INSTALL="apt-get -y -qq install" + CMD_UPDATE="apt-get -qq update" + CMD_REMOVE="apt-get -y remove" + elif [[ -n $(command -v yum) ]]; then + CMD_INSTALL="yum -y -q install" + CMD_UPDATE="yum -q makecache" + CMD_REMOVE="yum -y remove" + elif [[ -n $(command -v zypper) ]]; then + CMD_INSTALL="zypper -y install" + CMD_UPDATE="zypper ref" + CMD_REMOVE="zypper -y remove" + else + return 1 + fi + return 0 + } + + # 检查系统包管理方式,更新包 + getPackageManageTool + if [[ $? -eq 1 ]]; then + colorEcho ${RED} "系统的包管理不是 APT or YUM, 请手动安装所需要的软件." + return 1 + fi + + ### 更新程序引索 + if [[ $SOFTWARE_UPDATED -eq 0 ]]; then + colorEcho ${BLUE} "正在更新软件包管理...可能花费较长时间…………" + $CMD_UPDATE + SOFTWARE_UPDATED=1 + fi + return 0 +} + +## 安装所需要的程序,及依赖程序 +installDemandSoftwares() { + for software in $@; do + ## 安装该软件 + if [[ -n $(command -v ${software}) ]]; then + colorEcho ${GREEN} "${software}已经安装了...跳过..." + echo "" + else + colorEcho ${BLUE} "正在安装 ${software}..." + $CMD_INSTALL ${software} + ## 判断该软件是否安装成功 + if [[ $? -ne 0 ]]; then + colorEcho ${RED} "安装 ${software} 失败。" + colorEcho ${RED} "如果是重要软件,本脚本会自动终止!!" + colorEcho ${PURPLE} "一般软件,本脚本会忽略错误并继续运行,请之后手动安装该程序。" + return 1 + else + colorEcho ${GREEN} "已经成功安装 ${software}" + FunctionSuccess + echo "" + fi + fi + done + return 0 +} + +####################################### +# description +# Globals: +# BLUE +# GREEN +# Arguments: +# None +####################################### +ModifySystemConfig() { + FunctionStart + + colorEcho ${BLUE} "开始修改系统内核参数…………" + ## 配置内核参数 + cat >/etc/sysctl.d/k8s.conf </dev/null + colorEcho ${GREEN} " 添加成功 " + echo "" + fi + + colorEcho ${BLUE} "正在执行更新操作!!" + apt-getMapper update + colorEcho ${GREEN} "----------更新完成----------" + FunctionSuccess + colorEcho ${BLUE} "可以安装的docker-ce的19.03版本为:" + colorEcho ${GREEN} "--------------------------------------------------------------" + apt-cache madison docker-ce | grep -w 19.03 | awk '{print$3}' + colorEcho ${GREEN} "--------------------------------------------------------------" + echo "" + + colorEcho ${GREEN} "开始安装docker-ce,版本为${DOCKER_VERSION}" + realDockerSTag=$(apt-cache madison docker-ce | grep -w 19.03 | awk '{print$3}' | grep ${DOCKER_VERSION}) + installDemandSoftwares docker-ce=${realDockerSTag} || return $? + fi + echo "" + + colorEcho ${GREEN} "----------安装完成----------" + FunctionSuccess + colorEcho ${BLUE} "正在启动docker的服务进程…………" + systemctl enable docker.service + systemctl start docker.service + colorEcho ${GREEN} "----------启动完成----------" + echo "" + FunctionEnd +} + +####################################### +# description +# Globals: +# BLUE +# GREEN +# PURPLE +# RED +# Arguments: +# None +####################################### +InstallDockerCompose() { + FunctionStart + colorEcho ${PURPLE} "正在下载 +++++++++++++ docker-compose文件 ++++++++++++++" + # curl -L "https://github.com.cnpmjs.org/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" \ + # -o /usr/local/bin/docker-compose + curl -L "https://objectstorage.ap-seoul-1.oraclecloud.com/n/cnk8d6fazu16/b/seoul/o/docker-compose-Linux-x86_64" \ + -o /usr/local/bin/docker-compose + if [[ -e /usr/local/bin/docker-compose ]]; then + colorEcho ${BLUE} "docker-compose文件下载成功!!" + echo "" + chmod +x /usr/local/bin/docker-compose + docker-compose --version &>/dev/null + if [[ $? -eq 0 ]]; then + colorEcho ${GREEN} "docker-compose安装成功!!版本为$(docker-compose --version | cut -d" " -f3)尽情享用" + else + ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose + fi + else + colorEcho ${RED} "docker-compose文件下载失败!! 无法访问github的资源。。" + colorEcho ${RED} "请手动下载docker-compose的安装文件!" + fi + FunctionEnd +} + +####################################### +# description +# Globals: +# BLUE +# JDK_VERSION +# LinuxReleaseVersion +# Arguments: +# 1 +####################################### +InstallJDKPackage() { + JDK_VERSION="11" + if [[ $1 -ne " " ]]; then + JDK_VERSION="$1" + echo "JDK Version = ${JDK_VERSION}" + fi + + echo "InstallJDK from package management !" + echo "" + + if [[ ${LinuxReleaseVersion} == "centos" ]]; then + colorEcho ${BLUE} "当前系统发行版为 centos !" + colorEcho ${BLUE} "可以安装的 openjdk 版本为:" + yum list java-${JDK_VERSION}-openjdk | grep ${JDK_VERSION} + echo "" + colorEcho ${BLUE} "开始安装最新版本:$(yum list java-${JDK_VERSION}-openjdk | grep ${JDK_VERSION} | awk '{print $2}' | cut -d':' -f2 | head -n 1)" + installDemandSoftwares java-${JDK_VERSION}-openjdk-$(yum list java-${JDK_VERSION}-openjdk | grep ${JDK_VERSION} | awk '{print $2}' | cut -d':' -f2 | head -n 1) + else + colorEcho ${BLUE} "当前系统发行版为 ubuntu/debain !" + colorEcho ${BLUE} "可以安装的 openjdk 版本为:" + apt-cache madison openjdk-${JDK_VERSION}-jdk | awk '{print$3}' + echo "" + colorEcho ${BLUE} "开始安装最新版本:$(apt-cache madison openjdk-${JDK_VERSION}-jdk | head -n 1 | awk '{print$3}')" + + installDemandSoftwares openjdk-${JDK_VERSION}-jdk + + fi + + colorEcho ${BLUE} "请检查下面的内容输出!!!" + java -version + +} + +####################################### +# description +# Globals: +# JAVA_OPTS +# Arguments: +# None +####################################### +systemdAgent() { + + # https://www.baeldung.com/linux/run-java-application-as-service + + cat >/etc/systemd/system/octopus-agent.service </etc/rsyslog.d/octopus-agent.conf <> $i 秒 <<-,准备切换shell,上文的日志输出将会消失!!" + sleep 2 + done + chsh -s /bin/zsh + zsh + else + colorEcho ${RED} "zsh 安装失败,大概率是已经安装!!小概率是无法连接GitHub服务器~~" + fi + FunctionEnd +} + +####################################### +# description +# Globals: +# BLUE +# GREEN +# PURPLE +# ZSH_SOURCE +# Arguments: +# 1 +####################################### +modifyZSH() { + FunctionStart + + ZSH_SOURCE="us" + + if [[ $1 -ne " " ]]; then + ZSH_SOURCE="$1" + echo "zsh install source = ${ZSH_SOURCE}" + fi + + colorEcho ${GREEN} "zsh应该已经安装成功!!!" + colorEcho ${BLUE} "开始修改zsh的相关配置信息,使其更加好用…………" + echo "" + cat >~/oh-my-zsh-plugins-list.txt <