From 3511ad2d4c529fd88da8a0dd4cd6f85bf9e5e3e0 Mon Sep 17 00:00:00 2001 From: oshri barazani Date: Thu, 31 Oct 2024 12:49:37 +0200 Subject: [PATCH] clean all files --- README.md | 119 - active_active_database_readme.md | 773 - admission-service.yaml | 14 - admission/README.md | 3 - admission/webhook.yaml | 33 - advanced/Redis-gears/gears.yaml | 30 - .../install_gears_python_packages.txt | 31 - advanced/psp.yaml | 24 - bundle.yaml | 16815 --------------- cluster_credentials.md | 3 - crds/reaadb_crd.yaml | 766 - crds/rec_crd.yaml | 14839 -------------- crds/redb_crd.yaml | 773 - crds/rerc_crd.yaml | 85 - examples/v1/rec.yaml | 9 - examples/v1alpha1/reaadb.yaml | 12 - examples/v1alpha1/rec.yaml | 9 - examples/v1alpha1/redb.yaml | 6 - examples/v1alpha1/rerc.yaml | 20 - images/web_console_1.png | Bin 13348 -> 0 bytes images/web_console_10.png | Bin 100258 -> 0 bytes images/web_console_2.png | Bin 32292 -> 0 bytes images/web_console_3.png | Bin 41277 -> 0 bytes images/web_console_4.png | Bin 27817 -> 0 bytes images/web_console_5.png | Bin 51759 -> 0 bytes images/web_console_6.png | Bin 12219 -> 0 bytes images/web_console_7.png | Bin 96519 -> 0 bytes images/web_console_8.png | Bin 14892 -> 0 bytes images/web_console_9.png | Bin 15780 -> 0 bytes log_collector/log_collector.py | 1459 -- multi-namespace-redb/README.md | 3 - multi-namespace-redb/operator.yaml | 134 - .../operator_cluster_role.yaml | 10 - .../operator_cluster_role_binding.yaml | 14 - multi-namespace-redb/role.yaml | 23 - multi-namespace-redb/role_binding.yaml | 17 - openshift.bundle.yaml | 16868 ---------------- openshift/OLM/README.md | 3 - openshift/admission-service.yaml | 14 - openshift/operator_rhel.yaml | 134 - openshift/rec_rhel.yaml | 16 - openshift/role.yaml | 194 - openshift/role_binding.yaml | 14 - openshift/scc.yaml | 31 - openshift/service_account.yaml | 7 - operator.yaml | 134 - rack_awareness/rack_aware_cluster_role.yaml | 9 - .../rack_aware_cluster_role_binding.yaml | 14 - rack_awareness/rack_aware_rec.yaml | 9 - ...s_enterprise_active_active_database_api.md | 120 - redis_enterprise_cluster_api.md | 625 - redis_enterprise_database_api.md | 371 - redis_enterprise_remote_cluster_api.md | 64 - redis_on_flash.md | 3 - role.yaml | 173 - role_binding.yaml | 14 - service_account.yaml | 7 - setting_ingress_or_route_readme.md | 96 - topics.md | 179 - vault/README.md | 276 - 60 files changed, 55399 deletions(-) delete mode 100644 README.md delete mode 100644 active_active_database_readme.md delete mode 100644 admission-service.yaml delete mode 100644 admission/README.md delete mode 100644 admission/webhook.yaml delete mode 100644 advanced/Redis-gears/gears.yaml delete mode 100644 advanced/Redis-gears/install_gears_python_packages.txt delete mode 100644 advanced/psp.yaml delete mode 100644 bundle.yaml delete mode 100644 cluster_credentials.md delete mode 100644 crds/reaadb_crd.yaml delete mode 100644 crds/rec_crd.yaml delete mode 100644 crds/redb_crd.yaml delete mode 100644 crds/rerc_crd.yaml delete mode 100644 examples/v1/rec.yaml delete mode 100644 examples/v1alpha1/reaadb.yaml delete mode 100644 examples/v1alpha1/rec.yaml delete mode 100644 examples/v1alpha1/redb.yaml delete mode 100644 examples/v1alpha1/rerc.yaml delete mode 100644 images/web_console_1.png delete mode 100644 images/web_console_10.png delete mode 100644 images/web_console_2.png delete mode 100644 images/web_console_3.png delete mode 100644 images/web_console_4.png delete mode 100644 images/web_console_5.png delete mode 100644 images/web_console_6.png delete mode 100644 images/web_console_7.png delete mode 100644 images/web_console_8.png delete mode 100644 images/web_console_9.png delete mode 100644 log_collector/log_collector.py delete mode 100644 multi-namespace-redb/README.md delete mode 100644 multi-namespace-redb/operator.yaml delete mode 100644 multi-namespace-redb/operator_cluster_role.yaml delete mode 100644 multi-namespace-redb/operator_cluster_role_binding.yaml delete mode 100644 multi-namespace-redb/role.yaml delete mode 100644 multi-namespace-redb/role_binding.yaml delete mode 100644 openshift.bundle.yaml delete mode 100644 openshift/OLM/README.md delete mode 100644 openshift/admission-service.yaml delete mode 100644 openshift/operator_rhel.yaml delete mode 100644 openshift/rec_rhel.yaml delete mode 100644 openshift/role.yaml delete mode 100644 openshift/role_binding.yaml delete mode 100644 openshift/scc.yaml delete mode 100644 openshift/service_account.yaml delete mode 100644 operator.yaml delete mode 100644 rack_awareness/rack_aware_cluster_role.yaml delete mode 100644 rack_awareness/rack_aware_cluster_role_binding.yaml delete mode 100644 rack_awareness/rack_aware_rec.yaml delete mode 100644 redis_enterprise_active_active_database_api.md delete mode 100644 redis_enterprise_cluster_api.md delete mode 100644 redis_enterprise_database_api.md delete mode 100644 redis_enterprise_remote_cluster_api.md delete mode 100644 redis_on_flash.md delete mode 100644 role.yaml delete mode 100644 role_binding.yaml delete mode 100644 service_account.yaml delete mode 100644 setting_ingress_or_route_readme.md delete mode 100644 topics.md delete mode 100644 vault/README.md diff --git a/README.md b/README.md deleted file mode 100644 index 642e32e..0000000 --- a/README.md +++ /dev/null @@ -1,119 +0,0 @@ - -# Deploying Redis Enterprise on Kubernetes - -* [Quick start Guide](#quickstart-guide) - * [Installation on OpenShift](#installation-on-openshift) -* [Configuration](#configuration) - * [RedisEnterpriseCluster custom resource](#redisenterprisecluster-custom-resource) - * [Private Repositories](#private-repositories) - * [Pull Secrets](#pull-secrets) - * [Advanced Configuration](#advanced-configuration) -* [Connect to Redis Enterprise Software web console](#How-to-connect-to-Redis-Enterprise-Software-web-console?) -* [Upgrade](#upgrade) -* [Supported K8S Distributions](#supported-k8s-distributions) - -This page describes how to deploy Redis Enterprise on Kubernetes using the Redis Enterprise Operator. The Redis Enterprise Operator supports two Custom Resource Definitions (CRDs): -* Redis Enterprise Cluster (REC): an API to create Redis Enterprise clusters. Note that only one cluster is supported per operator deployment. -* Redis Enterprise Database (REDB): an API to create Redis databases running on the Redis Enterprise cluster. -Note that the Redis Enterprise Operator is namespaced. -High level architecture and overview of the solution can be found [HERE](https://docs.redislabs.com/latest/platforms/kubernetes/). - -## Quick start guide - -This content [has moved](https://docs.redis.com/latest/kubernetes/deployment/quick-start/) to the Redis Enterprise doc site, [docs.redis.com](https://docs.redis.com/latest/kubernetes/). - -### Installation on OpenShift - -This content [has moved](https://docs.redis.com/latest/kubernetes/deployment/openshift/openshift-cli/) to the Redis Enterprise doc site, [docs.redis.com](https://docs.redis.com/latest/kubernetes/). - -### Installation on VMWare Tanzu - - This content [has moved](https://docs.redis.com/latest/kubernetes/deployment/tanzu/) to the [Redis Enterprise docs site](https://docs.redis.com/latest/kubernetes/). - -## Configuration - -### RedisEnterpriseCluster custom resource -The operator deploys a `RedisEnterpriseCluster` with default configurations values, but those can be customized in the `RedisEnterpriseCluster` spec as follow: - -Some examples [have moved](https://docs.redis.com/latest/kubernetes/reference/cluster-options/) to the Redis Enterprise doc site, [docs.redis.com](https://docs.redis.com/latest/kubernetes/). - - -* Cluster username (Default is demo@redis.com) - ```yaml - username: "admin@acme.com" - ``` - -* Extra Labels: Additional labels to tag the k8s resources created during deployment - ```yaml - extraLabels: - example1: "some-value" - example2: "some-value" - ``` - -* UI service type: Load Balancer or cluster IP (default) - ```yaml - uiServiceType: LoadBalancer - ``` - -* Database service type (optional): Service types for access to databases. Should be a comma separated list. The possible values are cluster_ip, headless, and load_balancer. Default value is `cluster_ip,headless`. For example, to create a load_balancer type database service, explicitly add the following declaration to the Redis Enterprise Cluster spec: - ```yaml - servicesRiggerSpec: - databaseServiceType: load_balancer - ``` - -* UI annotations: Add custom annotation to the UI service - ```yaml - uiAnnotations: - uiAnnotation1: 'UI-annotation1' - uiAnnotation2: 'UI-Annotation2' - ``` - -* SideCar containers: images that will run along side the redis enterprise containers - ```yaml - sideContainersSpec: - - name: sidecar - image: dockerhub_repo/repo:tag - imagePullPolicy: IfNotPresent - ``` - -* IPV4 enforcement - - You might not have IPV6 support in your K8S cluster. - In this case, you could enforce the use of IPV4, by adding the following attribute to the REC spec: - ```yaml - enforceIPv4: true - ``` - Note: Setting 'enforceIPv4' to 'true' is a requirement for running REC on PKS. - - [requirements]: https://redislabs.com/redis-enterprise-documentation/administering/designing-production/hardware-requirements/ - [service-catalog]: https://kubernetes.io/docs/concepts/extend-kubernetes/service-catalog/ - -* Full detail can be found in [Redis Enterprise Cluster Custom Resource Specification](redis_enterprise_cluster_api.md). - -### Private Repositories - -This content [has moved](https://docs.redis.com/latest/kubernetes/deployment/container-images/) to the Redis Enterprise doc site, [docs.redis.com](https://docs.redis.com/latest/kubernetes/). - -### Pull secrets - -This content [has moved](https://docs.redis.com/latest/kubernetes/deployment/container-images/) to the Redis Enterprise doc site, [docs.redis.com](https://docs.redis.com/latest/kubernetes/). - -### Advanced Configuration - -- To configure priority class, node pool, eviction thresholds and other advanced configuration see [topics.md](topics.md) file. -- Full [Redis Enterprise cluster custom resource specification](redis_enterprise_cluster_api.md) -- Full [Redis Enterprise database custom resource specification](redis_enterprise_database_api.md) - - -## Connect to Redis Enterprise Software web console - -This content [has moved](https://docs.redis.com/latest/kubernetes/re-clusters/connect-to-admin-console/) to the Redis Enterprise doc site, [docs.redis.com](https://docs.redis.com/latest/kubernetes/). - - -## Upgrade - -This content [has moved](https://docs.redis.com/latest/kubernetes/re-clusters/upgrade-redis-cluster/) to the Redis Enterprise doc site, [docs.redis.com](https://docs.redis.com/latest/kubernetes/). - -## Supported K8S Distributions - -This content [has moved](https://docs.redis.com/latest/kubernetes/reference/supported_k8s_distributions/) to the Redis Enterprise doc site, [docs.redis.com](https://docs.redis.com/latest/kubernetes/). \ No newline at end of file diff --git a/active_active_database_readme.md b/active_active_database_readme.md deleted file mode 100644 index 424ccc2..0000000 --- a/active_active_database_readme.md +++ /dev/null @@ -1,773 +0,0 @@ - -# K8s Redis Enterprise Active Active Database README - -This document describes how to deploy an Active-Active database with Redis Enterprise for Kubernetes. - - -**This document assumes the following:** - - You have at least two running Redis Enterprise clusters that will be used as your participating clusters. - - On each Kubernetes cluster you have Ingress controller or Openshift Routes deployed. - -## Table of contents - * [Overview](#overview) - * [Create a new Active-Active database](#create-a-new-active-active-database) - * [Add participating cluster to an existing Active-Active database](#add-participating-cluster-to-an-existing-active-active-database) - * [Remove participating cluster from an existing Active-Active database](#remove-participating-cluster-from-an-existing-active-active-database) - * [Set the database global configurations specifications](#set-the-database-global-configurations-specifications) - * [Set global database secret](#set-global-database-secret) - * [Manage global configurations secrets](#manage-global-configurations-secrets) - * [Delete an existing Active-Active database](#delete-an-existing-active-active-database) - * [Update existing participating cluster (RERC) details](#update-existing-participating-cluster-rerc-details) - * [Update existing participating cluster (RERC) secret](#update-existing-participating-cluster-rerc-secret) - * [Active-Active database with Redis modules](#active-active-database-with-redis-modules) - * [Upgrade REC with Active-Active database](#upgrade-rec-with-active-active-database) - * [Test your Active-Active database](#test-your-active-active-database) - * [Limitations](#limitations) - -## Overview - -This feature allows creating and managing Active-Active databases with Kubernetes custom resources. -The new custom resources for declaring Active-Active databases in Redis Enterprise are: - - Redis Enterprise Remote Cluster (RERC) will contain the participating cluster configurations. - - Redis Enterprise Active Active Database (REAADB) will contain a link to the RERC for each participating cluster, and provide the management path configurations and status. - -For example, an Active-Active database with two participating clusters should have two Redis Enterprise Remote Cluster (RERC) custom resources and one Redis Enterprise Active Active Database (REAADB) custom resource on each participating cluster. - -### General note about Hashicorp Vault secrets -The operator supports the use of Hashicorp Vault Secrets for the Active-Active database REAADB/RERC custom resources secrets. Throughout this document there are explanations about using K8s secrets. If Hashicorp Vault is used by the REC, the secrets should be saved within the Hashicorp Vault server in the same path that is used for other REC/REDB secrets, and the name should be used appropriately with RERC/REAADB. For some explanations/examples of how to store secrets in vault, see [the Hashicorp Vault integration document.](vault/README.md) - -## Create a new Active-Active database - -**For each participating cluster with a namespace that hosts the Redis Enterprise operator, follow the [Participating cluster preparation setup](#participating-cluster-preparation-setup)** - -### Participating cluster preparation setup - -#### Part 1: First time REC preparation setup - -Note: - * This part is for new participating clusters that are not already configured to use the Redis Enterprise Operator active-active databases. - -1. In case your REC is not configured with the 'spec.ingressOrRouteSpec', please configure a Ingress or Route, follow the instructions [here](setting_ingress_or_route_readme.md) - -2. Configure ValidatingWebhookConfiguration, follow the instructions [here](admission/README.md) -Note: this is a must for managing Active-Active database via the operator. - -#### Part 2: participating cluster info preparation setup - -Note: - * This part should be done always, even if the cluster is already configured to run the Redis Enterprise Operator managed Active-Active databases. - -1. Collect the REC credentials secret from all of the participating clusters, replace `` with the local REC name: -``` - kubectl get secret -o yaml -``` -For example, collecting the secret of a Redis Enterprise Cluster named "rec1" that resides in "ns1" namespace: -``` - kubectl get secret rec1 -o yaml -``` -Following is an example of a REC credentials secret named "rec1" with namespace "ns1": -``` -apiVersion: v1 -data: - password: PHNvbWUgcGFzc3dvcmQ+ - username: PHNvbWUgdXNlcj4 -kind: Secret -metadata: - creationTimestamp: "2022-11-06T07:05:47Z" - labels: - app: redis-enterprise - redis.io/cluster: rec1 - name: rec1 - namespace: ns1 - ownerReferences: - - apiVersion: app.redislabs.com/v1alpha1 - blockOwnerDeletion: true - controller: true - kind: RedisEnterpriseCluster - name: rec1 - uid: b054ee49-299b-45db-be96-b7dfb543d531 - resourceVersion: "1883466" - uid: d0ba47d2-5376-4e65-85c3-343c8f3227f5 -type: Opaque -``` - -2. For each of the secrets you collected, generate a new secret with the credentials data and name it with the following convention: `redis-enterprise-`, replace the `` with the RERC name. -The new secret generated from the previous example of Redis Enterprise cluster named "rec1" that resides in "ns1" namespace that will be used for the RERC name: "new-york-1" should look as follows: -``` -apiVersion: v1 -data: - password: PHNvbWUgcGFzc3dvcmQ+ - username: PHNvbWUgdXNlcj4 -kind: Secret -metadata: - name: redis-enterprise-new-york-1 -type: Opaque -``` - -3. Apply all of the generated secrets from the previous step, replace `` with a file containing each new secret you generated in the previous step. -``` - kubectl apply -f -``` - -### Create the Active-Active database using Redis Enterprise Active Active Database (REAADB) and Redis Enterprise Remote Cluster (RERC) custom resources - -On one of the participating clusters do the following: - -1. Generate the RERC custom resources for each of the participating clusters. -Following are examples of two participating clusters' corresponding RERC custom resources: -a. The example for a REC named "rec1" in the namespace "ns1": -``` -apiVersion: app.redislabs.com/v1alpha1 -kind: RedisEnterpriseRemoteCluster -metadata: - name: new-york-1 -spec: - recName: rec1 - recNamespace: ns1 - apiFqdnUrl: test-example-api-new-york-1.redis.com - dbFqdnSuffix: -example-cluster-new-york-1.redis.com - secretName: redis-enterprise-new-york-1 -``` -b. The example for a REC named "rec2" in the namespace "ns2": -``` -apiVersion: app.redislabs.com/v1alpha1 -kind: RedisEnterpriseRemoteCluster -metadata: - name: boston-1 -spec: - recName: rec2 - recNamespace: ns2 - apiFqdnUrl: test-example-api-boston-1.redis.com - dbFqdnSuffix: -example-cluster-boston-1.redis.com - secretName: redis-enterprise-boston-1 -``` - -Notes: - * View the Redis Enterprise Remote Cluster custom resource definition or the API doc for more details regarding the RERC fields. - -2. Create the RERC custom resources you generated in the previous step and follow their statuses to verify the 'SPEC STATUS' is 'valid' and the 'STATUS' is 'active'. -To Create run the following: -``` - kubectl create -f -``` -To follow the statuses of the applied RERC custom resources, run the following: -``` - kubectl get rerc -``` -For example to view the status of the RERC named "new-york-1": -``` - kubectl get rerc new-york-1 -``` -The output should be as below: -``` - NAME STATUS SPEC STATUS LOCAL - new-york-1 Active Valid true -``` - -Note: - * As the 'STATUS' and the 'SPEC STATUS' are 'Active' and 'Valid' respectively it means the configurations are correct. In case of an error, view the RERC custom resource events and the Redis Enterprise operator logs. - -3. Generate the REAADB custom resource. -Following is an example of a REAADB custom resource named "example-aadb-1" that is linked to the REC named: "rec1" with two participating clusters and database global configurations with shard count set to 3. -``` -apiVersion: app.redislabs.com/v1alpha1 -kind: RedisEnterpriseActiveActiveDatabase -metadata: - name: example-aadb-1 -spec: - participatingClusters: - - name: new-york-1 - - name: boston-1 - globalConfigurations: - shardCount: 3 -``` - -Notes: - * The REAADB name requirements are: Maximum of 63 characters, Only lower case letter, number, or hyphen (-) characters and Starts with a letter; ends with a letter or digit. - * The "participatingClusters" contain the names of RERC custom resources that contain the cluster details we generated and created in the previous steps. - -4. Create the REAADB custom resource you generated in the previous step and follow its statuses to verify the 'SPEC STATUS' is 'valid' and the 'STATUS' is 'active'. -To create, run the following: -``` - kubectl create -f -``` -To follow the statuses of the created REAADB custom resource run the following: -``` - kubectl get reaadb -``` -For example, to view the status of the REAADB named "example-aadb-1": -``` - kubectl get reaadb example-aadb-1 -``` -The output should be as below: -``` - NAME STATUS SPEC STATUS GLOBAL CONFIGURATIONS REDB LINKED REDBS - example-aadb-1 active Valid -``` - -Note: - * As the 'STATUS' and the 'SPEC STATUS' are 'Active' and 'Valid' respectively it means the configurations are correct. In case of an error status, view the REAADB custom resource events and the Redis Enterprise operator logs. - -5. View the REAADB and RERC custom resources that are automatically created on the participating clusters. -To get the REAADB run the following: -``` - kubectl get reaadb -``` -In addition, to view the RERCs for each RERC please run the following: -``` - kubectl get rerc -``` - -## Add participating cluster to an existing Active-Active database - -**On the participating cluster you want to add in the namespace where the Redis Enterprise operator resides, please do the following:** - -1. Follow the instructions under: [Participating cluster preparation setup](#participating-cluster-preparation-setup). - -2. Collect the REC credentials secret from the participating cluster you want to add, replace `` with the local REC name): -``` - kubectl get secret -o yaml -``` -For example, collecting the secret of a Redis Enterprise cluster named "rec3" that resides in "ns3" namespace: -``` - kubectl get secret rec3 -o yaml -``` -Following is an example of a REC credentials secret named "rec3" with namespace "ns3": -``` -apiVersion: v1 -data: - password: PHNvbWUgcGFzc3dvcmQ+ - username: PHNvbWUgdXNlcj4 -kind: Secret -metadata: - creationTimestamp: "2022-11-06T07:05:47Z" - labels: - app: redis-enterprise - redis.io/cluster: rec3 - name: rec3 - namespace: ns3 - ownerReferences: - - apiVersion: app.redislabs.com/v1alpha1 - blockOwnerDeletion: true - controller: true - kind: RedisEnterpriseCluster - name: rec3 - uid: b054ee49-299b-45db-be96-b7dfb543d535 - resourceVersion: "1883465" - uid: d0ba47d2-5376-4e65-85c3-343c8f3227f6 -type: Opaque -``` - -3. For the secret you collected generate a new secret with the credentials data and name it with the following convention: `redis-enterprise-`, replace the `` with the RERC name. -The new example credentials secret generated from the Redis Enterprise cluster named "rec3" that resides in "ns3" namespace would look like this: -``` -apiVersion: v1 -data: - password: PHNvbWUgcGFzc3dvcmQ+ - username: PHNvbWUgdXNlcj4 -kind: Secret -metadata: - name: redis-enterprise-rerc3 -type: Opaque -``` - -4. On each of the participating clusters apply the generated secret from the previous step, replace `` with a file containing the new secret you generated in the previous step. -``` - kubectl apply -f -``` - -**On one of the participating clusters that already exists do the following:** - -1. Generate the RERC custom resource of the participating cluster that you want to add. -Following is an example of a RERC custom resource to add that contains the participating cluster details for REC named "rec3" in the namespace "ns3": -``` -apiVersion: app.redislabs.com/v1alpha1 -kind: RedisEnterpriseRemoteCluster -metadata: - name: rerc3 -spec: - recName: rec3 - recNamespace: ns3 - apiFqdnUrl: test-example-api-rec3-ns3.redis.com - dbFqdnSuffix: -example-cluster-rec3-ns3.redis.com - secretName: redis-enterprise-rerc3 -``` - -Note: - * View the Redis Enterprise Remote Cluster custom resource definition or the API doc for more details regarding the RERC fields. - -2. Create the RERC custom resource you generated in the previous step and follow its statuses to verify the 'SPEC STATUS' is 'valid' and the 'STATUS' is 'active'. -To create run the following: -``` - kubectl create -f -``` - -To follow the statuses of the created rerc custom resources run the following: -``` - kubectl get rerc -``` -For example, to view the status of the RERC named "rerc3": -``` - kubectl get rerc rerc3 -``` -The output should be as below: -``` - NAME STATUS SPEC STATUS LOCAL - rerc3 Active Valid true -``` - -Note: - * As the 'STATUS' and the 'SPEC STATUS' are 'Active' and 'Valid' respectively it means the configurations are correct, in case of an error please view the RERC custom resource events and/ or the Redis Enterprise Operator logs. - -3. Add and patch with the RERC name you created in the previous step on the 'participatingClusters' list in the REAADB spec. Follow the statuses to verify the 'SPEC STATUS' is 'valid' and the 'STATUS' is 'active'. -For example, adding to the REAADB named: "example-aadb-1" the RERC name: "rerc3": -``` - kubectl patch reaadb example-aadb-1 --type merge --patch '{"spec": {"participatingClusters": [{"name": "rerc3"}]}}' -``` - -4. View the REAADB 'participatingClusters' status and verify that the added participating cluster exists with it's corresponding ID. -To get the REAADB 'participatingClusters' status run the following: -``` - kubectl get reaadb -o=jsonpath='{.status.participatingClusters}' -``` -For example, to get the REAADB named: "example-aadb-1" participating clusters status: -``` - kubectl get reaadb example-aadb-1 -o=jsonpath='{.status.participatingClusters}' -``` -Following is the output of the example above: -``` - [{"id":1,"name":"new-york-1"},{"id":2,"name":"boston-1"},{"id":3,"name":"rerc3"}] -``` - -## Remove participating cluster from an existing Active-Active database - -**On one of the participating clusters that already exists do the following:** - -1. Remove the participating cluster from the REAADB "participatingClusters" spec. -You may use `kubectl edit` to remove the required participating cluster. -``` - kubectl edit reaadb -``` - -**On one of the other participating clusters that exist do the following:** - -1. Follow the REAADB custom resource statuses and verify the 'SPEC STATUS' and 'status' are 'Valid' and 'active' respectively, and also, that the participating cluster removed from the 'participatingClusters' status. -To follow the statuses of the REAADB custom resource run the following: -``` - kubectl get reaadb -o=jsonpath='{.status}' -``` -For example, to view the status of the REAADB named "example-aadb-1" after remove the "rerc3": -``` - kubectl get reaadb example-aadb-1 -o=jsonpath='{.status}' -``` -the output should be as below: -``` - {... ,"participatingClusters":[{"id":1,"name":"new-york-1"},{"id":2,"name":"boston-1"}],"redisEnterpriseCluster":"rec1","specStatus":"Valid","status":"active"} -``` - -**On the participating cluster that you removed do the following:** - -1. Verify that the REAADB custom resource was deleted and does not exist. -To get all the REAADB custom resources that exist, run the following: -``` - kubectl get reaadb -o=jsonpath='{range .items[*]}{.metadata.name}' -``` - -## Set the database global configurations specifications - -Note: -the REAADB contains the field: '.spec.globalConfigurations' and through this the database configurations are set, for example the memory size and shard count. -For more information and all the fields please view the [REAADB API readme](redis_enterprise_active_active_database_api.md) - -**On one of the participating clusters that already exists do the following:** - -1. Set the global configurations on a REAADB. -For example, to patch a REAADB with global configurations with memory size set to 200 MB run the following: -``` - kubectl patch reaadb example-aadb-1 --type merge --patch '{"spec": {"globalConfigurations": {"memorySize": "200mb"}}}' -``` - -2. Follow the statuses of the created REAADB custom resource run the following: -``` - kubectl get reaadb -``` -For example, to view the status of the REAADB named "example-aadb-1": -``` - kubectl get reaadb example-aadb-1 -``` -The output should be as below: -``` - NAME STATUS SPEC STATUS GLOBAL CONFIGURATIONS REDB LINKED REDBS - example-aadb-1 active Valid -``` - -Note: - * As the 'STATUS' and the 'SPEC STATUS' are 'Active' and 'Valid' respectively it means the configurations are correct. In case of an error status, view the REAADB custom resource events and the Redis Enterprise operator logs. - -5. View the global configurations that is synced on the REAADB on each of the participating clusters. -To get the REAADB run the following: -``` - kubectl get reaadb -o yaml -``` - -For example, to view the status of the REAADB named "example-aadb-1": -``` - kubectl get reaadb example-aadb-1 -o=jsonpath='{.status.secretsStatus}' -``` -## Set global database secret - -Notes: -* the REAADB contains the field: '.spec.globalConfigurations' and through this the database secret is configured. -For more information and all the fields please view the [REAADB API readme](redis_enterprise_active_active_database_api.md) -* The database secret sync with the correct password on all of the participating clusters is the users' responsibility. - -**On one of the participating clusters that already exists do the following:** - -1. Generate the yaml containing the secret with the password data. -For example a secret named 'my-db-secret' with the password 'my-pass' as base 64 encoded: -``` -apiVersion: v1 -data: - password: bXktcGFzcw -kind: Secret -metadata: - name: my-db-secret -type: Opaque -``` - -2. Apply the generated secret from the previous step, replace `` with a file containing each new secret you generated in the previous step. -``` - kubectl apply -f -``` - -3. Set the database secret name on the REAADB spec (if not exist yet). -For example, to patch a REAADB named 'example-aadb-1' with the database secret from the previous steps on the global configurations run the following: -``` - kubectl patch reaadb example-aadb-1 --type merge --patch '{"spec": {"globalConfigurations": {"databaseSecretName": "my-db-secret"}}}' -``` - -4. Follow the statuses of the REAADB custom resource run the following: -``` - kubectl get reaadb -``` -For example, to view the status of the REAADB named "example-aadb-1": -``` - kubectl get reaadb example-aadb-1 -``` -The output should be as below: -``` - NAME STATUS SPEC STATUS GLOBAL CONFIGURATIONS REDB LINKED REDBS - example-aadb-1 active Valid -``` - -Note: - * As the 'STATUS' and the 'SPEC STATUS' are 'Active' and 'Valid' respectively it means the configurations are correct. In case of an error status, view the REAADB custom resource events and the Redis Enterprise operator logs. - -**On the other participating clusters that already exists do the following:** - -1. View the secret status on the REAADB (on the other participating clusters). -To get the REAADB secrets status run the following: -``` - kubectl get reaadb -o=jsonpath='{.status.secretsStatus}' -``` -``` -The output should be as below (with the secret used in previous steps): -``` - [{"name":"my-db-secret","status":"Invalid"}] -``` - Note: as the secret status is 'Invalid' it means that the secret isn't synced yet on the participating cluster. - -2. Sync the secret on the other participating clusters. -Apply the generated secret from the previous steps, replace `` with a file containing the secret you generated in the previous step. -``` - kubectl apply -f -``` - -## Manage global configurations secrets - -The secrets under the REAADBs' 'spec.globalConfigurations' sync with the correct data on all of the participating clusters is the users' responsibility. - -Notes: -* This section is regarding the secrets that are under the REAADB '.spec.globalConfigurations'. For more information and all the fields please view the [REAADB API readme](redis_enterprise_active_active_database_api.md) -* For setting the global database secret please view [Set global database secret](#set-global-database-secret). - -**On one of the participating clusters that already exists do the following:** - -1. Generate the yaml containing the secret with the relevant data. -For example a secret named 'my-secret' with the data: password 'my-pass' as base 64 encoded: -``` -apiVersion: v1 -data: - password: bXktcGFzcw -kind: Secret -metadata: - name: my-secret -type: Opaque -``` - -2. Apply the generated secret from the previous step, replace `` with a file containing the secret you generated in the previous step. -``` - kubectl apply -f -``` - -3. Set the required field under the REAADBs' 'spec.globalConfigurations' with the secret name. -For example, to patch a REAADB named 'example-aadb-1' with the field containing the secret name from the previous steps on the global configurations run the following: -``` - kubectl patch reaadb example-aadb-1 --type merge --patch '{"spec": {"globalConfigurations": {"": "my-secret"}}}' -``` - -4. Follow the statuses of the REAADB custom resource run the following: -``` - kubectl get reaadb -``` -For example, to view the status of the REAADB named "example-aadb-1": -``` - kubectl get reaadb example-aadb-1 -``` -The output should be as below: -``` - NAME STATUS SPEC STATUS GLOBAL CONFIGURATIONS REDB LINKED REDBS - example-aadb-1 active Valid -``` - -Note: - * As the 'STATUS' and the 'SPEC STATUS' are 'Active' and 'Valid' respectively it means the configurations are correct. In case of an error status, view the REAADB custom resource events and the Redis Enterprise operator logs. - -**On the other participating clusters that already exists do the following:** - -1. View the secret status on the REAADB (on the other participating clusters). -To get the REAADB secrets status run the following: -``` - kubectl get reaadb -o=jsonpath='{.status.secretsStatus}' -``` -``` -The output should be as below (with the secret used in previous steps): -``` - [{"name":"my-secret","status":"Invalid"}] -``` - Note: as the secret status is 'Invalid' it means that the secret isn't synced yet on the participating cluster. - -2. Sync the secret on the other participating clusters. -Apply the generated secret from the previous steps, replace `` with a file containing the secret you generated in the previous step. -``` - kubectl apply -f -``` - -## Delete an existing Active-Active database - -**On one of the participating clusters that already exists do the following:** - -1. Delete the REAADB of the active-active database. -To delete the REAADB run the following: -``` - kubectl delete reaadb -``` - -**On all of the participating clusters do the following:** - -1. Verify that the REAADB custom resource was deleted and does not exist. -To get all the REAADB that exists run the following: -``` - kubectl get reaadb -o=jsonpath='{range .items[*]}{.metadata.name}' -``` - -## Update existing participating cluster (RERC) details - -**On the participating cluster you want to modify (with the local RERC) do the following:** - -1. Patch the participating cluster corresponding local RERC that you want to update. -For example updating the DB FQDN suffix of an RERC named: "new-york-1": -``` - kubectl patch rerc new-york-1 --type merge --patch '{"spec": {"dbFqdnSuffix": "-example2-cluster-new-york-1.redis.com"}}' -``` -To follow the statuses of the updated RERC custom resources run the following: -``` - kubectl get rerc -``` -For example to view the status of the RERC named "new-york-1": -``` - kubectl get rerc new-york-1 -``` -The output should be as below: -``` - NAME STATUS SPEC STATUS LOCAL - new-york-1 Active Valid true -``` - -Note: - * As the 'STATUS' and the 'SPEC STATUS' are 'Active' and 'Valid' respectively it means the configurations are correct, in case of an error please view the RERC custom resource events and/ or the Redis Enterprise operator logs. - -2. follow the REAADB custom resources statuses that are using this RERC to verify the 'SPEC STATUS' is 'valid' and the 'STATUS' is 'active'. -To view the statuses of the REAADB custom resources that is using this RERC run the following, replace `` with the list of REAADB that is using this RERC seperated via spaces: -``` - kubectl get reaadb -``` -For example, to view the status of the REAADB named "example-aadb-1" and "example-aadb-2": -``` - kubectl get reaadb example-aadb-1 example-aadb-2 -``` -The output should be as below: -``` - NAME STATUS SPEC STATUS GLOBAL CONFIGURATIONS REDB LINKED REDBS - example-aadb-1 active Valid - example-aadb-2 active Valid -``` - -Note: - * As the 'STATUS' and the 'SPEC STATUS' are 'Active' and 'Valid' respectively it means the configurations are correct. In case of an error status, view the REAADB custom resource events and the Redis Enterprise operator logs. - -## Update existing participating cluster (RERC) secret - -Note: -* this is part of the "Changing the Redis Enterprise Cluster Credentials" that can be found [here](cluster_credentials.md) - -**On the participating cluster that you changed the REC secret (with the local RERC) do the following:** - -1. update the secret with the new credentials data and name it with the following convention: `redis-enterprise-`, replace the `` with the RERC name. -For example, a secret generated with the RERC name 'new-york-1': -``` -apiVersion: v1 -data: - password: PHNvbWUgcGFzc3dvcmQ+ - username: PHNvbWUgdXNlcj4 -kind: Secret -metadata: - name: redis-enterprise-new-york-1 -type: Opaque -``` - -2. Apply the generated secrets from the previous step, replace `` with a file containing each new secret you generated in the previous step. -``` - kubectl apply -f -``` - -3. Follow the RERC status and verify it is 'Active'. -To follow the statuses of the updated RERC custom resources run the following: -``` - kubectl get rerc -``` -For example to view the status of the RERC named "new-york-1": -``` - kubectl get rerc new-york-1 -``` -The output should be as below: -``` - NAME STATUS SPEC STATUS LOCAL - new-york-1 Active Valid true -``` - -Note: - * As the 'STATUS' and the 'SPEC STATUS' are 'Active' and 'Valid' respectively it means the configurations are correct, in case of an error please view the RERC custom resource events and/ or the Redis Enterprise operator logs. - -4. follow the REAADB custom resources statuses that are using this RERC to verify the 'SPEC STATUS' is 'valid' and the 'STATUS' is 'active'. -To view the statuses of the REAADB custom resources that is using this RERC run the following, replace `` with the list of REAADB that is using this RERC separated via spaces: -``` - kubectl get reaadb -``` -For example, to view the status of the REAADB named "example-aadb-1" and "example-aadb-2": -``` - kubectl get reaadb example-aadb-1 example-aadb-2 -``` -The output should be as below: -``` - NAME STATUS SPEC STATUS GLOBAL CONFIGURATIONS REDB LINKED REDBS - example-aadb-1 active Valid - example-aadb-2 active Valid -``` - -Note: - * As the 'STATUS' and the 'SPEC STATUS' are 'Active' and 'Valid' respectively it means the configurations are correct. In case of an error status, view the REAADB custom resource events and the Redis Enterprise operator logs. - -**On the other clusters that are participating in the Active-Active database do the following:** - -1. update the secret with the new credentials data and name it with the following convention: `redis-enterprise-`, replace the `` with the RERC name. -For example, a secret generated with the RERC name 'new-york-1': -``` -apiVersion: v1 -data: - password: PHNvbWUgcGFzc3dvcmQ+ - username: PHNvbWUgdXNlcj4 -kind: Secret -metadata: - name: redis-enterprise-new-york-1 -type: Opaque -``` - -2. Apply the generated secrets from the previous step, replace `` with a file containing each new secret you generated in the previous step. -``` - kubectl apply -f -``` - -3. Follow the RERC status and verify it is 'Active'. -To follow the statuses of the updated RERC custom resources run the following: -``` - kubectl get rerc -``` -For example to view the status of the RERC named "new-york-1": -``` - kubectl get rerc new-york-1 -``` -The output should be as below: -``` - NAME STATUS SPEC STATUS LOCAL - new-york-1 Active Valid true -``` - -Note: - * As the 'STATUS' and the 'SPEC STATUS' are 'Active' and 'Valid' respectively it means the configurations are correct, in case of an error please view the RERC custom resource events and/ or the Redis Enterprise operator logs. - -## Active-Active database with Redis modules - -Note - Modules are currently in preview for Active-Active databases. - -To use modules with Active-Active databases enable the alpha feature flag on all participating clusters: -To enable modules for Active-Active databases, set a boolean environment variable with the name "ENABLE_ALPHA_FEATURES" to True. This variable can be set via the redis-enterprise-operator pod spec, or through the operator-environment-config Config Map. - -Important note: -upgrading modules with Active-Active databases is currently not supported via the operator, to upgrade please use the RS APIs directly and after the module has successfully upgraded update the module version on the REAADB custom resource. - -## Upgrade REC with Active-Active database - -Upgrading REC with REAADBs is supported. -Please follow [upgrade Redis Enterprise Cluster documentation](https://docs.redis.com/latest/kubernetes/re-clusters/upgrade-redis-cluster/). - -Notes: -- It is recommended to upgrade all of the participating clusters to the same operator version. -- [Optional] - Please view following documentation regarding upgrade the Active-Active database [here](https://docs.redis.com/latest/rs/installing-upgrading/upgrading/upgrade-active-active/) -- In case you are upgrading from version with the Active-Active database controller as public preview you may remove the following flags from the environment variables: `ACTIVE_ACTIVE_DATABASE_CONTROLLER_ENABLED` and `REMOTE_CLUSTER_CONTROLLER_ENABLED`, and in case the alpha features flag is enabled only for the REC 'ingressOrRoutesSpec' field you may remove the: `ENABLE_ALPHA_FEATURES` as well.` - -## Test your Active-Active database - -The easiest way to test your Active-Active database is to set a key-value pair in one database and retrieve it from the other. - -1. Retrieve the Active-Active database port from it's corresponding service. -Get the corresponding Active-Active database service, replace `` with the corresponding REAADB name: -``` - kubectl get svc -``` -From the output fetch the redis 'targetPort': -``` - ports: - - name: redis - port: 16897 - protocol: TCP - targetPort: 16897 -``` - -2. From a pod within your cluster, use `redis-cli` to connect to your Active-Active database, replace `` with the corresponding REAADB name and `` with the port fetched from the previous step. -``` - redis-cli -h -p -``` - - 3. Set a test key with SET foo bar in the first database. If your Active-Active deployment is working properly, when connected to your second database, GET foo should output bar. - - to test externally you may use the instructions under 'Test your external access' [here](https://docs.redis.com/latest/kubernetes/re-databases/set-up-ingress-controller/) - -## Limitations - - -### No migration from the previous AA method -migrating Active-Active database with non-operator managed Active-Active database is currently not supported. - -### database version is currently not supported -Setting database specific version is currently not supported for operator managed Active-Active database. diff --git a/admission-service.yaml b/admission-service.yaml deleted file mode 100644 index 46d923e..0000000 --- a/admission-service.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: admission - labels: - app: redis-enterprise -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 8443 - selector: - name: redis-enterprise-operator diff --git a/admission/README.md b/admission/README.md deleted file mode 100644 index 146019a..0000000 --- a/admission/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Redis Enterprise admission controller - -This content has moved to [docs.redis.com](https://docs.redis.com/latest/); see [Enable the admission controller](https://docs.redis.com/latest/kubernetes/deployment/quick-start/#enable-the-admission-controller). diff --git a/admission/webhook.yaml b/admission/webhook.yaml deleted file mode 100644 index 10274df..0000000 --- a/admission/webhook.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app: redis-enterprise - name: redis-enterprise-admission -webhooks: - - admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: admission - path: /admission - namespace: OPERATOR_NAMESPACE - caBundle: "" # Fill in with BASE64 encoded signed cert - failurePolicy: Fail - matchPolicy: Exact - name: redisenterprise.admission.redislabs - rules: - - apiGroups: - - app.redislabs.com - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - redisenterprisedatabases - - redisenterpriseactiveactivedatabases - - redisenterpriseremoteclusters - sideEffects: None - timeoutSeconds: 30 diff --git a/advanced/Redis-gears/gears.yaml b/advanced/Redis-gears/gears.yaml deleted file mode 100644 index 60f0267..0000000 --- a/advanced/Redis-gears/gears.yaml +++ /dev/null @@ -1,30 +0,0 @@ -spec: - redisEnterpriseAdditionalPodSpecAttributes: - initContainers: - - name: initcontainer - volumeMounts: - - mountPath: /opt/redislabs/gears-packages - name: gears-volume - image: python:3.7 - imagePullPolicy: IfNotPresent - env: - - name: "GEARS_PACKAGES" - value: "" - command: - - "/bin/bash" - args: - - "-c" - - "for package in ${GEARS_PACKAGES}; do echo $package >>/tmp/requirements.txt; done; pip install -r /tmp/requirements.txt -t /opt/redislabs/gears-packages" - resources: - limits: - memory: 4Gi - cpu: 2 - requests: - memory: 4Gi - cpu: 2 - redisEnterpriseVolumeMounts: - - mountPath: /opt/redislabs/gears-packages - name: gears-volume - volumes: - - emptyDir: {} - name: gears-volume diff --git a/advanced/Redis-gears/install_gears_python_packages.txt b/advanced/Redis-gears/install_gears_python_packages.txt deleted file mode 100644 index ddf2020..0000000 --- a/advanced/Redis-gears/install_gears_python_packages.txt +++ /dev/null @@ -1,31 +0,0 @@ -Install Python packages for Redis Gears - -Disclaimer: -This instructions are provided as a work around and not considered official, any use of this is the user responsibility. - -Notes: -This doc is assuming the following: -• Redis Gears is already installed on the Redis enterprise cluster. -• The Redis gears Python version is 3.7 (if not the sidecar container image should be changed). - -Instructions: -a. edit the gears.yaml, replace the with the Python packages that should be installed. -The packages must be separated by a ' ' (space). -For example to install the packages pytz version 2021.3 and kubernetes the yaml should be: -``` -... - - name: "GEARS_PACKAGES" - value: "pytz==2021.3 kubernetes" -... -``` -b. Run the kubectl patch command on your cluster with the modified gears.yaml from the previous step, replace the with the name of your Redis enterprise cluster: -kubectl patch rec --type merge --patch "$(cat gears.yaml)" -c. Wait until all the Redis enterprise nodes are restarted with the new configurations. -d. Add the below code snippet in the top of your Redis gears Python function that wants to use the installed package/s: -``` -import sys -if '/opt/redislabs/gears-packages' not in sys.path: - sys.path.append('/opt/redislabs/gears-packages') -# Your code below... -``` - \ No newline at end of file diff --git a/advanced/psp.yaml b/advanced/psp.yaml deleted file mode 100644 index 5007e79..0000000 --- a/advanced/psp.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: redis-enterprise-psp - labels: - app: redis-enterprise -spec: - privileged: false - allowPrivilegeEscalation: false - allowedCapabilities: - - SYS_RESOURCE - runAsUser: - rule: MustRunAsNonRoot - fsGroup: - rule: MustRunAs - ranges: - - min: 1001 - max: 1001 - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - '*' diff --git a/bundle.yaml b/bundle.yaml deleted file mode 100644 index fe2adf6..0000000 --- a/bundle.yaml +++ /dev/null @@ -1,16815 +0,0 @@ ---- ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator -rules: - - apiGroups: - - rbac.authorization.k8s.io - - "" - resources: - - roles - - serviceaccounts - - rolebindings - verbs: - - create - - get - - update - - patch - - delete - - apiGroups: - - app.redislabs.com - resources: - - redisenterpriseclusters - - redisenterpriseclusters/status - - redisenterpriseclusters/finalizers - - redisenterprisedatabases - - redisenterprisedatabases/status - - redisenterprisedatabases/finalizers - - redisenterpriseremoteclusters - - redisenterpriseremoteclusters/status - - redisenterpriseremoteclusters/finalizers - - redisenterpriseactiveactivedatabases - - redisenterpriseactiveactivedatabases/status - - redisenterpriseactiveactivedatabases/finalizers - verbs: - - delete - - get - - list - - patch - - create - - update - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - update - - get - - create - - patch - - delete - - list - - watch - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - apps - resources: - - deployments - - statefulsets - - replicasets - verbs: - - create - - delete - - get - - patch - - update - - list - - watch - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - create - - delete - - get - - list - - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - update - - watch - - list - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - update - - list - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - update - - patch - - delete - - watch - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - update - - patch - - create - - delete - - watch - - apiGroups: - - policy - resourceNames: - - redis-enterprise-psp - resources: - - podsecuritypolicies - verbs: - - use - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - patch - - delete - - list - - update - - get - - watch - - apiGroups: - - networking.istio.io - resources: - - gateways - - virtualservices - verbs: - - get - - list - - update - - patch - - create - - delete - - watch ---- ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: redis-enterprise-operator -subjects: - - kind: ServiceAccount - name: redis-enterprise-operator ---- ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator ---- ---- -apiVersion: v1 -kind: Service -metadata: - name: admission - labels: - app: redis-enterprise -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 8443 - selector: - name: redis-enterprise-operator ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: redisenterpriseclusters.app.redislabs.com - labels: - app: redis-enterprise -spec: - group: app.redislabs.com - names: - kind: RedisEnterpriseCluster - listKind: RedisEnterpriseClusterList - plural: redisenterpriseclusters - singular: redisenterprisecluster - shortNames: - - rec - scope: Namespaced - preserveUnknownFields: false - versions: - - name: v1 - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .spec.nodes - name: Nodes - type: string - - jsonPath: .spec.redisEnterpriseImageSpec.versionTag - name: Version - type: string - - jsonPath: .status.state - name: State - type: string - - jsonPath: .status.specStatus - name: Spec Status - type: string - - jsonPath: .status.licenseStatus.licenseState - name: License State - type: string - - jsonPath: .status.licenseStatus.shardsLimit - name: Shards Limit - type: string - - jsonPath: .status.licenseStatus.expirationDate - name: License Expiration Date - type: string - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - schema: - openAPIV3Schema: - description: RedisEnterpriseCluster is the Schema for the redisenterpriseclusters - API - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - status: - type: object - properties: - specStatus: - type: string - state: - type: string - modules: - type: array - items: - type: object - properties: - name: - type: string - displayName: - type: string - versions: - type: array - items: - type: string - ocspStatus: - description: An API object that represents the cluster's OCSP status - properties: - certStatus: - description: Indicates the proxy certificate status - GOOD/REVOKED/UNKNOWN. - type: string - nextUpdate: - description: The time at or before which newer information will - be available about the status of the certificate (if available) - type: string - producedAt: - description: The time at which the OCSP responder signed this - response. - type: string - responderUrl: - description: The OCSP responder url from which this status came - from. - type: string - revocationTime: - description: The time at which the certificate was revoked or - placed on hold. - type: string - thisUpdate: - description: The most recent time at which the status being indicated - is known by the responder to have been correct. - type: string - type: object - licenseStatus: - type: object - properties: - licenseState: - type: string - activationDate: - type: string - expirationDate: - type: string - shardsLimit: - type: integer - bundledDatabaseVersions: - description: Versions of open source databases bundled by Redis Enterprise - Software - please note that in order to use a specific version it - should be supported by the ‘upgradePolicy’ - ‘major’ or ‘latest’ according - to the desired version (major/minor) - items: - properties: - dbType: - type: string - major: - type: boolean - version: - type: string - required: - - dbType - - version - type: object - type: array - managedAPIs: - description: Indicates cluster APIs that are being managed by the - operator. This only applies to cluster APIs which are optionally-managed - by the operator, such as cluster LDAP configuration. Most other - APIs are automatically managed by the operator, and are not listed - here. - properties: - ldap: - description: Indicate whether cluster LDAP configuration is managed - by the operator. When this is enabled, the operator will reconcile - the cluster LDAP configuration according to the '.spec.ldap' - field in the RedisEnterpriseCluster resource. - type: boolean - type: object - ingressOrRouteMethodStatus: - description: The ingressOrRouteSpec/ActiveActive spec method that exist - type: string - persistenceStatus: - description: The status of the Persistent Volume Claims that are used - for Redis Enterprise Cluster persistence. The status will correspond - to the status of one or more of the PVCs (failed/resizing if one of - them is in resize or failed to resize) - properties: - status: - description: The current status of the PVCs - type: string - succeeded: - description: The number of PVCs that are provisioned with the expected size - type: string - type: object - redisEnterpriseIPFamily: - type: string - spec: - description: RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster - properties: - activeActive: - description: Specification for ActiveActive setup. At most one of - ingressOrRouteSpec or activeActive fields can be set at the same - time. - properties: - apiIngressUrl: - description: RS API URL - type: string - dbIngressSuffix: - description: DB ENDPOINT SUFFIX - will be used to set the db host. - ingress Creates a host name so it - should be unique if more than one db is created on the cluster - with the same name - type: string - ingressAnnotations: - additionalProperties: - type: string - description: Used for ingress controllers such as ha-proxy or nginx - in GKE - type: object - method: - description: Used to distinguish between different platforms implementation - enum: - - openShiftRoute - - ingress - type: string - required: - - apiIngressUrl - - dbIngressSuffix - - method - type: object - antiAffinityAdditionalTopologyKeys: - description: Additional antiAffinity terms in order to support installation - on different zones/vcenters - items: - type: string - type: array - bootstrapperImageSpec: - description: Specification for Bootstrapper container image - properties: - digestHash: - description: 'The digest hash of the container image to pull. - When specified, the container image is pulled according to the - digest hash instead of the image tag. The versionTag field must - also be specified with the image tag matching this digest hash. - Note: This field is only supported for OLM deployments.' - type: string - imagePullPolicy: - description: The image pull policy to be applied to the container - image. One of Always, Never, IfNotPresent. - type: string - repository: - description: The repository (name) of the container image to be - deployed. - type: string - versionTag: - description: The tag of the container image to be deployed. - type: string - type: object - bootstrapperResources: - description: Compute resource requirements for bootstrapper containers - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - clusterCredentialSecretName: - description: Secret Name/Path to use for Cluster Credentials. To be - used only if ClusterCredentialSecretType is vault. If left blank, - will use cluster name. - type: string - clusterCredentialSecretRole: - description: Used only if ClusterCredentialSecretType is vault, to define - vault role to be used. If blank, defaults to "redis-enterprise-operator" - type: string - clusterCredentialSecretType: - description: Type of Secret to use for ClusterCredential, Vault, Kuberetes,... - If left blank, will default ot kubernetes secrets - enum: - - vault - - kubernetes - type: string - clusterRecovery: - description: ClusterRecovery initiates cluster recovery when set to - true. Note that this field is cleared automatically after the cluster - is recovered - type: boolean - redisEnterpriseIPFamily: - description: Reserved, future use, only for use if instructed by Redis. - IPFamily dictates what IP family to choose for pods' internal - and external communication. - type: string - enum: - - IPv4 - - IPv6 - containerTimezone: - description: Container timezone configuration. While the default timezone - on all containers is UTC, this setting can be used to set the timezone - on services rigger/bootstrapper/RS containers. You can either propagate - the hosts timezone to RS pods or set it manually via timezoneName. - properties: - propagateHost: - description: Identifies that container timezone should be in sync with the host, this - option mounts a hostPath volume onto RS pods that could be restricted in some systems. - type: object - timezoneName: - description: POSIX-style timezone name as a string to be passed as EnvVar to RE pods, e.g. "Europe/London". - type: string - type: object - createServiceAccount: - description: Whether to create service account - type: boolean - dataInternodeEncryption: - description: Internode encryption (INE) cluster wide policy. An optional boolean setting. - Specifies if INE should be on/off for new created REDBs. - May be overridden for specific REDB via similar setting, - please view the similar setting for REDB for more info. - type: boolean - encryptPkeys: - description: 'Private key encryption Possible values: true/false' - type: boolean - certificates: - description: RS Cluster Certificates. - Used to modify the certificates used by the cluster. - See the "RSClusterCertificates" struct described above to see the supported certificates. - properties: - apiCertificateSecretName: - description: Secret name to use for cluster's API certificate. - If left blank, a cluster-provided certificate will be used. - type: string - cmCertificateSecretName: - description: Secret name to use for cluster's CM (Cluster Manager) certificate. - If left blank, a cluster-provided certificate will be used. - type: string - metricsExporterCertificateSecretName: - description: Secret name to use for cluster's Metrics Exporter certificate. - If left blank, a cluster-provided certificate will be used. - type: string - proxyCertificateSecretName: - description: Secret name to use for cluster's Proxy certificate. - If left blank, a cluster-provided certificate will be used. - type: string - syncerCertificateSecretName: - description: Secret name to use for cluster's Syncer certificate. - If left blank, a cluster-provided certificate will be used. - type: string - ldapClientCertificateSecretName: - description: Secret name to use for cluster's LDAP client certificate. - If left blank, LDAP client certificate authentication will be disabled. - type: string - type: object - enforceIPv4: - description: Sets ENFORCE_IPV4 environment variable - type: boolean - extraEnvVars: - description: 'ADVANCED USAGE: use carefully. Add environment variables - to RS StatefulSet''s containers.' - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - extraLabels: - additionalProperties: - type: string - description: Labels that the user defines for their convenience - type: object - hostAliases: - description: Adds hostAliases entries to the Redis Enterprise pods - items: - description: HostAlias holds the mapping between IP and hostnames - that will be injected as an entry in the pod's hosts file. - properties: - hostnames: - description: Hostnames for the above IP address. - items: - type: string - type: array - ip: - description: IP address of the host file entry. - type: string - type: object - type: array - ingressOrRouteSpec: - description: Access configurations for the Redis Enterprise Cluster - and Databases. At most one of ingressOrRouteSpec - or activeActive fields can be set at the same time. - properties: - apiFqdnUrl: - description: RS API URL - type: string - dbFqdnSuffix: - description: DB ENDPOINT SUFFIX - will be used to set the db host - ingress . Creates a host name so it - should be unique if more than one db is created on the cluster - with the same name - type: string - ingressAnnotations: - additionalProperties: - type: string - description: Additional annotations to set on ingress resources - created by the operator - type: object - method: - description: Used to distinguish between different platforms implementation. - enum: - - openShiftRoute - - ingress - - istio - type: string - required: - - apiFqdnUrl - - dbFqdnSuffix - - method - type: object - services: - description: Customization options for operator-managed service resources - created for Redis Enterprise clusters and databases - properties: - apiService: - description: Customization options for the REC API service. - properties: - type: - description: Type of service to create for the REC API service. - Defaults to ClusterIP service, if not specified otherwise. - enum: - - ClusterIP - - NodePort - - LoadBalancer - type: string - type: object - servicesAnnotations: - additionalProperties: - type: string - description: Global additional annotations to set on service resources - created by the operator. - The specified annotations will not override annotations that already exist and didn't originate from the operator. - type: object - type: object - ldap: - description: Cluster-level LDAP configuration, such as server addresses, - protocol, authentication and query settings. - properties: - authenticationQuery: - description: Configuration of authentication queries, mapping - between the username, provided to the cluster for authentication, - and the LDAP Distinguished Name. - properties: - query: - description: Configuration for a search query. Mutually exclusive - with the 'template' field. The substring '%u' in the query - filter will be replaced with the username. - properties: - base: - description: The Distinguished Name of the entry at which - to start the search, e.g., 'ou=dev,dc=example,dc=com'. - type: string - filter: - description: An RFC-4515 string representation of the - filter to apply in the search. For an authentication - query, the substring '%u' will be replaced with the - username, e.g., '(cn=%u)'. For an authorization query, - the substring '%D' will be replaced with the user's - Distinguished Name, e.g., '(members=%D)'. - type: string - scope: - description: 'The search scope for an LDAP query. One - of: BaseObject, SingleLevel, WholeSubtree' - enum: - - BaseObject - - SingleLevel - - WholeSubtree - type: string - required: - - base - - filter - - scope - type: object - template: - description: Configuration for a template query. Mutually - exclusive with the 'query' field. The substring '%u' will - be replaced with the username, e.g., 'cn=%u,ou=dev,dc=example,dc=com'. - type: string - type: object - authorizationQuery: - description: Configuration of authorization queries, mapping between - a user's Distinguished Name and its group memberships. - properties: - attribute: - description: Configuration for an attribute query. Mutually - exclusive with the 'query' field. Holds the name of an attribute - of the LDAP user entity that contains a list of the groups - that the user belongs to, e.g., 'memberOf'. - type: string - query: - description: Configuration for a search query. Mutually exclusive - with the 'attribute' field. The substring '%D' in the query - filter will be replaced with the user's Distinguished Name. - properties: - base: - description: The Distinguished Name of the entry at which - to start the search, e.g., 'ou=dev,dc=example,dc=com'. - type: string - filter: - description: An RFC-4515 string representation of the - filter to apply in the search. For an authentication - query, the substring '%u' will be replaced with the - username, e.g., '(cn=%u)'. For an authorization query, - the substring '%D' will be replaced with the user's - Distinguished Name, e.g., '(members=%D)'. - type: string - scope: - description: 'The search scope for an LDAP query. One - of: BaseObject, SingleLevel, WholeSubtree' - enum: - - BaseObject - - SingleLevel - - WholeSubtree - type: string - required: - - base - - filter - - scope - type: object - type: object - bindCredentialsSecretName: - description: Name of a secret within the same namespace, holding - the credentials used to communicate with the LDAP server for - authentication queries. The secret must have a key named 'dn' - with the Distinguished Name of the user to execute the query, - and 'password' with its password. If left blank, credentials-based - authentication is disabled. - type: string - caCertificateSecretName: - description: Name of a secret within the same namespace, holding - a PEM-encoded CA certificate for validating the TLS connection - to the LDAP server. The secret must have a key named 'cert' - with the certificate data. This field is applicable only when - the protocol is LDAPS or STARTTLS. - type: string - cacheTTLSeconds: - description: The maximum TTL of cached entries. - type: integer - enabledForControlPlane: - description: Whether to enable LDAP for control plane access. - Disabled by default. - type: boolean - enabledForDataPlane: - description: Whether to enable LDAP for data plane access. Disabled - by default. - type: boolean - protocol: - description: 'Specifies the LDAP protocol to use. One of: LDAP, - LDAPS, STARTTLS.' - enum: - - LDAP - - LDAPS - - STARTTLS - type: string - servers: - description: One or more LDAP servers. If multiple servers are - specified, they must all share an identical organization tree - structure. - items: - description: Address of an LDAP server. - properties: - host: - description: Host name of the LDAP server - type: string - port: - description: Port number of the LDAP server. If unspecified, - defaults to 389 for LDAP and STARTTLS protocols, and 636 - for LDAPS protocol. - format: int32 - type: integer - required: - - host - type: object - type: array - required: - - authenticationQuery - - authorizationQuery - - protocol - - servers - type: object - license: - description: Redis Enterprise License - type: string - licenseSecretName: - description: K8s secret or Vault Secret Name/Path to use for Cluster - License. When left blank, the license is read from the "license" field. - Note that you can't specify non-empty values in both "license" and - "licenseSecretName", only one of these fields can be used to pass - the license string. The license needs to be stored under the key "license". - type: string - nodeSelector: - additionalProperties: - type: string - description: Selector for nodes that could fit Redis Enterprise pod - type: object - ocspConfiguration: - description: An API object that represents the cluster's OCSP configuration. - To enable OCSP, the cluster's proxy certificate should contain the - OCSP responder URL. - properties: - ocspFunctionality: - description: Whether to enable/disable OCSP mechanism for the cluster. - type: boolean - queryFrequency: - description: Determines the interval (in seconds) in which the control - plane will poll the OCSP responder for a new status for the server - certificate. Minimum value is 60. Maximum value is 86400. - type: integer - recoveryFrequency: - description: Determines the interval (in seconds) in which the control - plane will poll the OCSP responder for a new status for the server - certificate when the current staple is invalid. Minimum value - is 60. Maximum value is 86400. - type: integer - recoveryMaxTries: - description: Determines the maximum number for the OCSP recovery - attempts. After max number of tries passed, the control plane - will revert back to the regular frequency. Minimum value is 1. - Maximum value is 100. - type: integer - responseTimeout: - description: Determines the time interval (in seconds) for which - the request waits for a response from the OCSP responder. Minimum - value is 1. Maximum value is 60. - type: integer - type: object - nodes: - description: Number of Redis Enterprise nodes (pods) - format: int32 - type: integer - persistentSpec: - description: Specification for Redis Enterprise Cluster persistence - properties: - enablePersistentVolumeResize: - description: Whether to enable PersistentVolumes resize. Disabled - by default. Read the instruction in pvc_expansion readme carefully - before using this feature. - type: boolean - enabled: - description: Whether to add persistent volume to Redis Enterprise - pods - type: boolean - storageClassName: - description: Storage class for persistent volume in Redis Enterprise - pods. Leave empty to use the default. If using the default this - way, make sure the Kubernetes Cluster has a default Storage Class - configured. This can be done by running a `kubectl get storageclass` - and see if one of the Storage Classes' names contains a `(default)` - mark. - type: string - volumeSize: - anyOf: - - type: integer - - type: string - description: To enable resizing after creating the cluster - please - follow the instructions in the pvc_expansion readme - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - podAnnotations: - additionalProperties: - type: string - description: annotations for the service rigger and redis enterprise pods - type: object - redisEnterprisePodAnnotations: - additionalProperties: - type: string - description: annotations for redis enterprise pod - type: object - podAntiAffinity: - description: 'Override for the default anti-affinity rules of the Redis - Enterprise pods. - More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#an-example-of-a-pod-that-uses-pod-affinity' - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podSecurityPolicyName: - description: "DEPRECATED PodSecurityPolicy support is removed in Kubernetes - v1.25 and the use of this field is invalid for use when running - on Kubernetes v1.25+. Future versions of the RedisEnterpriseCluster - API will remove support for this field altogether. For migration - instructions, see https://kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp/ - \n Name of pod security policy to use on pods" - type: string - podStartingPolicy: - description: Mitigation setting for STS pods stuck in "ContainerCreating" - properties: - enabled: - description: Whether to detect and attempt to mitigate pod startup - issues - type: boolean - startingThresholdSeconds: - description: Time in seconds to wait for a pod to be stuck while - starting up before action is taken. If set to 0, will be treated - as if disabled. - format: int32 - type: integer - required: - - enabled - - startingThresholdSeconds - type: object - podTolerations: - description: 'Tolerations that are added to all managed pods. More - information: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/' - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - priorityClassName: - description: Adds the priority class to pods managed by the operator - type: string - pullSecrets: - description: 'PullSecrets is an optional list of references to secrets - in the same namespace to use for pulling any of the images. If specified, - these secrets will be passed to individual puller implementations - for them to use. More info: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/' - items: - properties: - name: - description: 'Secret name' - type: string - type: object - type: array - rackAwarenessNodeLabel: - description: Node label that specifies rack ID - if specified, will - create rack aware cluster. Rack awareness requires node label must - exist on all nodes. Additionally, operator needs a special cluster - role with permission to list nodes. - type: string - redisEnterpriseAdditionalPodSpecAttributes: - description: ADVANCED USAGE USE AT YOUR OWN RISK - specify pod attributes - that are required for the statefulset - Redis Enterprise pods. Pod - attributes managed by the operator might override these settings. - Also make sure the attributes are supported by the K8s version running - on the cluster - the operator does not validate that. - properties: - activeDeadlineSeconds: - format: int64 - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - type: boolean - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enableServiceLinks: - type: boolean - ephemeralContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - targetContainerName: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - hostAliases: - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - hostIPC: - type: boolean - hostNetwork: - type: boolean - hostPID: - type: boolean - hostUsers: - type: boolean - hostname: - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - type: array - initContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - nodeName: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - os: - properties: - name: - type: string - required: - - name - type: object - overhead: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - preemptionPolicy: - type: string - priority: - format: int32 - type: integer - priorityClassName: - type: string - readinessGates: - items: - properties: - conditionType: - type: string - required: - - conditionType - type: object - type: array - resourceClaims: - items: - properties: - name: - type: string - source: - properties: - resourceClaimName: - type: string - resourceClaimTemplateName: - type: string - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - restartPolicy: - type: string - runtimeClassName: - type: string - schedulerName: - type: string - schedulingGates: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - serviceAccount: - type: string - serviceAccountName: - type: string - setHostnameAsFQDN: - type: boolean - shareProcessNamespace: - type: boolean - subdomain: - type: string - terminationGracePeriodSeconds: - format: int64 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - topologySpreadConstraints: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - format: int32 - type: integer - minDomains: - format: int32 - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - redisEnterpriseImageSpec: - description: Specification for Redis Enterprise container image - properties: - digestHash: - description: 'The digest hash of the container image to pull. - When specified, the container image is pulled according to the - digest hash instead of the image tag. The versionTag field must - also be specified with the image tag matching this digest hash. - Note: This field is only supported for OLM deployments.' - type: string - imagePullPolicy: - description: The image pull policy to be applied to the container - image. One of Always, Never, IfNotPresent. - type: string - repository: - description: The repository (name) of the container image to be - deployed. - type: string - versionTag: - description: The tag of the container image to be deployed. - type: string - type: object - redisEnterpriseNodeResources: - description: Compute resource requirements for Redis Enterprise containers - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - redisEnterpriseServicesConfiguration: - description: RS Cluster optional services settings - properties: - cmServer: - properties: - operatingMode: - description: Whether to enable/disable the CM server - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - crdbCoordinator: - properties: - operatingMode: - description: Whether to enable/disable the crdb coordinator - process - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - crdbWorker: - properties: - operatingMode: - description: Whether to enable/disable the crdb worker processes - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - mdnsServer: - properties: - operatingMode: - description: Whether to enable/disable the Multicast DNS server - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - pdnsServer: - properties: - operatingMode: - description: Whether to enable/disable the pdns server - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - saslauthd: - properties: - operatingMode: - description: Whether to enable/disable the saslauthd service - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - statsArchiver: - properties: - operatingMode: - description: Whether to enable/disable the stats archiver service - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - type: object - redisEnterpriseServicesRiggerImageSpec: - description: Specification for Services Rigger container image - properties: - digestHash: - description: 'The digest hash of the container image to pull. - When specified, the container image is pulled according to the - digest hash instead of the image tag. The versionTag field must - also be specified with the image tag matching this digest hash. - Note: This field is only supported for OLM deployments.' - type: string - imagePullPolicy: - description: The image pull policy to be applied to the container - image. One of Always, Never, IfNotPresent. - type: string - repository: - description: The repository (name) of the container image to be - deployed. - type: string - versionTag: - description: The tag of the container image to be deployed. - type: string - type: object - redisEnterpriseServicesRiggerResources: - description: Compute resource requirements for Services Rigger pod - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - redisEnterpriseTerminationGracePeriodSeconds: - description: The TerminationGracePeriodSeconds value for the (STS created) REC pods - format: int64 - type: integer - redisEnterpriseVolumeMounts: - description: 'additional volume mounts within the redis enterprise containers. - More info: https://kubernetes.io/docs/concepts/storage/volumes/' - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - redisUpgradePolicy: - description: 'Redis upgrade policy to be set on the Redis Enterprise - Cluster. Possible values: major/latest This value is used by the cluster - to choose the Redis version of the database when an upgrade is performed. - The Redis Enterprise Cluster includes multiple versions of OSS Redis - that can be used for databases.' - enum: - - major - - latest - type: string - resp3Default: - description: Whether databases will turn on RESP3 compatibility upon - database upgrade. Note - Deleting this property after explicitly - setting its value shall have no effect. Please view the corresponding - field in RS doc for more info. - type: boolean - backup: - description: Cluster-wide backup configurations - properties: - s3: - description: Configurations for backups to s3 and s3-compatible - storage - properties: - caCertificateSecretName: - description: Secret name that holds the S3 CA certificate, which contains the TLS certificate mapped to the key in the secret 'cert' - type: string - url: - description: Specifies the URL for S3 export and import - type: string - type: object - type: object - serviceAccountName: - description: Name of the service account to use - type: string - servicesRiggerSpec: - description: Specification for service rigger - properties: - databaseServiceType: - description: Service types for access to databases. should be a - comma separated list. The possible values are cluster_ip, headless - and load_balancer. - type: string - extraEnvVars: - items: - description: 'EnvVar represents an environment variable present - in a Container. - More info: https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/' - properties: - name: - description: Name of the environment variable. - type: string - value: - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: Name of the referent - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: Selects a field of the pod - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: Name of the referent - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - serviceNaming: - description: Used to determine how to name the services created automatically when a database is created. - When bdb_name is used, the database name will be also used for the service name. - When redis-port is used, the service will be named redis-. - enum: - - bdb_name - - redis-port - type: string - servicesRiggerAdditionalPodSpecAttributes: - description: ADVANCED USAGE USE AT YOUR OWN RISK - specify pod attributes - that are required for the rigger deployment pod. Pod attributes - managed by the operator might override these settings (Containers, - serviceAccountName, podTolerations, ImagePullSecrets, nodeSelector, - PriorityClassName, PodSecurityContext). Also make sure the attributes are supported - by the K8s version running on the cluster - the operator does - not validate that. - properties: - activeDeadlineSeconds: - format: int64 - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - type: boolean - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enableServiceLinks: - type: boolean - ephemeralContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - targetContainerName: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - hostAliases: - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - hostIPC: - type: boolean - hostNetwork: - type: boolean - hostPID: - type: boolean - hostUsers: - type: boolean - hostname: - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - type: array - initContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - nodeName: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - os: - properties: - name: - type: string - required: - - name - type: object - overhead: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - preemptionPolicy: - type: string - priority: - format: int32 - type: integer - priorityClassName: - type: string - readinessGates: - items: - properties: - conditionType: - type: string - required: - - conditionType - type: object - type: array - resourceClaims: - items: - properties: - name: - type: string - source: - properties: - resourceClaimName: - type: string - resourceClaimTemplateName: - type: string - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - restartPolicy: - type: string - runtimeClassName: - type: string - schedulerName: - type: string - schedulingGates: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - serviceAccount: - type: string - serviceAccountName: - type: string - setHostnameAsFQDN: - type: boolean - shareProcessNamespace: - type: boolean - subdomain: - type: string - terminationGracePeriodSeconds: - format: int64 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - topologySpreadConstraints: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - format: int32 - type: integer - minDomains: - format: int32 - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - podAnnotations: - additionalProperties: - type: string - description: annotations for the service rigger pod - type: object - type: object - sideContainersSpec: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - slaveHA: - description: Slave high availability mechanism configuration. - properties: - slaveHAGracePeriod: - description: Time in seconds between when a node fails, and when - slave high availability mechanism starts relocating shards. If - set to 0, will not affect cluster configuration. - format: int32 - type: integer - required: - - slaveHAGracePeriod - type: object - uiAnnotations: - additionalProperties: - type: string - description: Annotations for Redis Enterprise UI service. - This annotations will override the overlapping global annotations set under spec.services.servicesAnnotations - The specified annotations will not override annotations that already exist and didn't originate from the operator, - except for the 'redis.io/last-keys' annotation which is reserved. - type: object - uiServiceType: - description: Type of service used to expose Redis Enterprise UI (https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) - enum: - - ClusterIP - - NodePort - - LoadBalancer - - ExternalName - type: string - redisOnFlashSpec: - description: Stores configurations specific to redis on flash. If provided, the cluster will be capable of - creating redis on flash databases. - properties: - enabled: - type: boolean - flashStorageEngine: - type: string - enum: - - rocksdb - storageClassName: - type: string - flashDiskSize: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - bigStoreDriver: - type: string - enum: - - rocksdb - - speedb - required: - - enabled - - storageClassName - type: object - upgradeSpec: - description: Specification for upgrades of Redis Enterprise - properties: - autoUpgradeRedisEnterprise: - description: Whether to upgrade Redis Enterprise automatically when - operator is upgraded - type: boolean - required: - - autoUpgradeRedisEnterprise - type: object - username: - description: Username for the admin user of Redis Enterprise - type: string - vaultCASecret: - description: K8s secret name containing Vault's CA cert - defaults to - "vault-ca-cert" - type: string - volumes: - description: additional volumes - items: - description: 'Volume represents a named volume in a pod that may be - accessed by any container in the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes' - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - type: object - - name: v1alpha1 - additionalPrinterColumns: - - jsonPath: .spec.nodes - name: Nodes - type: string - - jsonPath: .spec.redisEnterpriseImageSpec.versionTag - name: Version - type: string - - jsonPath: .status.state - name: State - type: string - - jsonPath: .status.specStatus - name: Spec Status - type: string - - jsonPath: .status.licenseStatus.licenseState - name: License State - type: string - - jsonPath: .status.licenseStatus.shardsLimit - name: Shards Limit - type: string - - jsonPath: .status.licenseStatus.expirationDate - name: License Expiration Date - type: string - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - status: - type: object - properties: - specStatus: - type: string - state: - type: string - modules: - type: array - items: - type: object - properties: - name: - type: string - displayName: - type: string - versions: - type: array - items: - type: string - ocspStatus: - properties: - certStatus: - type: string - nextUpdate: - type: string - producedAt: - type: string - responderUrl: - type: string - revocationTime: - type: string - thisUpdate: - type: string - type: object - licenseStatus: - type: object - properties: - licenseState: - type: string - activationDate: - type: string - expirationDate: - type: string - shardsLimit: - type: integer - bundledDatabaseVersions: - items: - properties: - dbType: - type: string - version: - type: string - major: - type: boolean - required: - - dbType - - version - type: object - type: array - ingressOrRouteMethodStatus: - type: string - managedAPIs: - properties: - ldap: - type: boolean - type: object - persistenceStatus: - properties: - status: - type: string - succeeded: - type: string - type: object - redisEnterpriseIPFamily: - type: string - spec: - properties: - activeActive: - properties: - apiIngressUrl: - type: string - dbIngressSuffix: - type: string - ingressAnnotations: - additionalProperties: - type: string - type: object - method: - enum: - - openShiftRoute - - ingress - - istio - type: string - required: - - apiIngressUrl - - dbIngressSuffix - - method - type: object - antiAffinityAdditionalTopologyKeys: - items: - type: string - type: array - bootstrapperImageSpec: - properties: - digestHash: - type: string - imagePullPolicy: - type: string - repository: - type: string - versionTag: - type: string - type: object - bootstrapperResources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - clusterCredentialSecretName: - type: string - clusterCredentialSecretRole: - type: string - clusterCredentialSecretType: - enum: - - vault - - kubernetes - type: string - clusterRecovery: - type: boolean - redisEnterpriseIPFamily: - type: string - enum: - - IPv4 - - IPv6 - containerTimezone: - properties: - propagateHost: - type: object - timezoneName: - type: string - type: object - createServiceAccount: - type: boolean - dataInternodeEncryption: - type: boolean - encryptPkeys: - type: boolean - certificates: - properties: - apiCertificateSecretName: - type: string - cmCertificateSecretName: - type: string - metricsExporterCertificateSecretName: - type: string - proxyCertificateSecretName: - type: string - syncerCertificateSecretName: - type: string - ldapClientCertificateSecretName: - type: string - type: object - enforceIPv4: - type: boolean - extraEnvVars: - description: 'ADVANCED USAGE: use carefully. Add environment variables - to RS StatefulSet''s containers.' - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - extraLabels: - additionalProperties: - type: string - type: object - hostAliases: - description: Adds hostAliases entries to the Redis Enterprise pods - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - ingressOrRouteSpec: - properties: - apiFqdnUrl: - type: string - dbFqdnSuffix: - type: string - ingressAnnotations: - additionalProperties: - type: string - type: object - method: - enum: - - openShiftRoute - - ingress - - istio - type: string - required: - - apiFqdnUrl - - dbFqdnSuffix - - method - type: object - services: - properties: - apiService: - properties: - type: - enum: - - ClusterIP - - NodePort - - LoadBalancer - type: string - type: object - servicesAnnotations: - additionalProperties: - type: string - type: object - type: object - ldap: - properties: - authenticationQuery: - properties: - query: - properties: - base: - type: string - filter: - type: string - scope: - enum: - - BaseObject - - SingleLevel - - WholeSubtree - type: string - required: - - base - - filter - - scope - type: object - template: - type: string - type: object - authorizationQuery: - properties: - attribute: - type: string - query: - properties: - base: - type: string - filter: - type: string - scope: - enum: - - BaseObject - - SingleLevel - - WholeSubtree - type: string - required: - - base - - filter - - scope - type: object - type: object - bindCredentialsSecretName: - type: string - caCertificateSecretName: - type: string - cacheTTLSeconds: - type: integer - enabledForControlPlane: - type: boolean - enabledForDataPlane: - type: boolean - protocol: - enum: - - LDAP - - LDAPS - - STARTTLS - type: string - servers: - items: - properties: - host: - type: string - port: - format: int32 - type: integer - required: - - host - type: object - type: array - required: - - authenticationQuery - - authorizationQuery - - protocol - - servers - type: object - license: - type: string - licenseSecretName: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - ocspConfiguration: - properties: - ocspFunctionality: - type: boolean - queryFrequency: - type: integer - recoveryFrequency: - type: integer - recoveryMaxTries: - type: integer - responseTimeout: - type: integer - type: object - nodes: - format: int32 - type: integer - persistentSpec: - properties: - enablePersistentVolumeResize: - type: boolean - enabled: - type: boolean - storageClassName: - type: string - volumeSize: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - podAnnotations: - additionalProperties: - type: string - description: annotations for the service rigger and redis enterprise pods - type: object - redisEnterprisePodAnnotations: - additionalProperties: - type: string - description: annotations for redis enterprise pod - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podSecurityPolicyName: - type: string - podStartingPolicy: - properties: - enabled: - type: boolean - startingThresholdSeconds: - format: int32 - type: integer - required: - - enabled - - startingThresholdSeconds - type: object - podTolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - priorityClassName: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - rackAwarenessNodeLabel: - type: string - redisEnterpriseAdditionalPodSpecAttributes: - properties: - activeDeadlineSeconds: - format: int64 - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - type: boolean - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enableServiceLinks: - type: boolean - ephemeralContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - targetContainerName: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - hostAliases: - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - hostIPC: - type: boolean - hostNetwork: - type: boolean - hostPID: - type: boolean - hostUsers: - type: boolean - hostname: - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - type: array - initContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - nodeName: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - os: - properties: - name: - type: string - required: - - name - type: object - overhead: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - preemptionPolicy: - type: string - priority: - format: int32 - type: integer - priorityClassName: - type: string - readinessGates: - items: - properties: - conditionType: - type: string - required: - - conditionType - type: object - type: array - resourceClaims: - items: - properties: - name: - type: string - source: - properties: - resourceClaimName: - type: string - resourceClaimTemplateName: - type: string - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - restartPolicy: - type: string - runtimeClassName: - type: string - schedulerName: - type: string - schedulingGates: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - serviceAccount: - type: string - serviceAccountName: - type: string - setHostnameAsFQDN: - type: boolean - shareProcessNamespace: - type: boolean - subdomain: - type: string - terminationGracePeriodSeconds: - format: int64 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - topologySpreadConstraints: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - format: int32 - type: integer - minDomains: - format: int32 - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - redisEnterpriseImageSpec: - properties: - digestHash: - type: string - imagePullPolicy: - type: string - repository: - type: string - versionTag: - type: string - type: object - redisEnterpriseNodeResources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - redisEnterpriseServicesConfiguration: - properties: - cmServer: - properties: - operatingMode: - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - crdbCoordinator: - properties: - operatingMode: - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - crdbWorker: - properties: - operatingMode: - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - mdnsServer: - properties: - operatingMode: - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - pdnsServer: - properties: - operatingMode: - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - saslauthd: - properties: - operatingMode: - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - statsArchiver: - properties: - operatingMode: - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - type: object - redisEnterpriseServicesRiggerImageSpec: - properties: - digestHash: - type: string - imagePullPolicy: - type: string - repository: - type: string - versionTag: - type: string - type: object - redisEnterpriseServicesRiggerResources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - redisEnterpriseTerminationGracePeriodSeconds: - format: int64 - type: integer - redisEnterpriseVolumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - redisUpgradePolicy: - enum: - - major - - latest - type: string - resp3Default: - type: boolean - backup: - properties: - s3: - properties: - caCertificateSecretName: - type: string - url: - type: string - type: object - type: object - serviceAccountName: - type: string - servicesRiggerSpec: - properties: - databaseServiceType: - type: string - extraEnvVars: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - serviceNaming: - description: Used to determine how to name the services created automatically when a database is created. - When bdb_name is used, the database name will be also used for the service name. - When redis-port is used, the service will be named redis-. - enum: - - bdb_name - - redis-port - type: string - servicesRiggerAdditionalPodSpecAttributes: - properties: - activeDeadlineSeconds: - format: int64 - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - type: boolean - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enableServiceLinks: - type: boolean - ephemeralContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - targetContainerName: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - hostAliases: - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - hostIPC: - type: boolean - hostNetwork: - type: boolean - hostPID: - type: boolean - hostUsers: - type: boolean - hostname: - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - type: array - initContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - nodeName: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - os: - properties: - name: - type: string - required: - - name - type: object - overhead: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - preemptionPolicy: - type: string - priority: - format: int32 - type: integer - priorityClassName: - type: string - readinessGates: - items: - properties: - conditionType: - type: string - required: - - conditionType - type: object - type: array - resourceClaims: - items: - properties: - name: - type: string - source: - properties: - resourceClaimName: - type: string - resourceClaimTemplateName: - type: string - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - restartPolicy: - type: string - runtimeClassName: - type: string - schedulerName: - type: string - schedulingGates: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - serviceAccount: - type: string - serviceAccountName: - type: string - setHostnameAsFQDN: - type: boolean - shareProcessNamespace: - type: boolean - subdomain: - type: string - terminationGracePeriodSeconds: - format: int64 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - topologySpreadConstraints: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - format: int32 - type: integer - minDomains: - format: int32 - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - podAnnotations: - additionalProperties: - type: string - description: annotations for the service rigger pod - type: object - type: object - sideContainersSpec: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - slaveHA: - properties: - slaveHAGracePeriod: - format: int32 - type: integer - required: - - slaveHAGracePeriod - type: object - uiAnnotations: - additionalProperties: - type: string - type: object - uiServiceType: - enum: - - ClusterIP - - NodePort - - LoadBalancer - - ExternalName - type: string - redisOnFlashSpec: - properties: - enabled: - type: boolean - flashStorageEngine: - type: string - enum: - - rocksdb - storageClassName: - type: string - flashDiskSize: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - bigStoreDriver: - type: string - enum: - - rocksdb - - speedb - required: - - enabled - - storageClassName - type: object - upgradeSpec: - properties: - autoUpgradeRedisEnterprise: - type: boolean - required: - - autoUpgradeRedisEnterprise - type: object - username: - type: string - vaultCASecret: - type: string - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - type: object ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: redisenterprisedatabases.app.redislabs.com - labels: - app: redis-enterprise -spec: - group: app.redislabs.com - names: - kind: RedisEnterpriseDatabase - listKind: RedisEnterpriseDatabaseList - plural: redisenterprisedatabases - singular: redisenterprisedatabase - shortNames: - - redb - scope: Namespaced - preserveUnknownFields: false - versions: - - name: v1alpha1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .status.version - name: Version - type: string - - jsonPath: .status.internalEndpoints[*].port - name: Port - type: string - - jsonPath: .status.redisEnterpriseCluster - name: Cluster - type: string - - jsonPath: .status.shardStatuses.active - name: Shards - type: string - - jsonPath: .status.status - name: Status - type: string - - jsonPath: .status.specStatus - name: Spec Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - subresources: - status: {} - schema: - openAPIV3Schema: - description: RedisEnterpriseDatabase is the Schema for the redisenterprisedatabases - API - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - description: RedisEnterpriseDatabaseSpec defines the desired state of RedisEnterpriseDatabase - properties: - alertSettings: - description: Settings for database alerts - properties: - bdb_backup_delayed: - description: "Periodic backup has been delayed for longer than specified threshold value [minutes]. - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_crdt_src_high_syncer_lag: - description: "Active-active source - sync lag is higher than specified threshold value [seconds] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_crdt_src_syncer_connection_error: - description: "Active-active source - sync has connection error while trying to connect replica source - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_crdt_src_syncer_general_error: - description: "Active-active source - sync encountered in general error - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_high_latency: - description: "Latency is higher than specified threshold value [micro-sec] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_high_throughput: - description: "Throughput is higher than specified threshold value [requests / sec.] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_long_running_action: - description: "An alert for state-machines that are running for too long - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_low_throughput: - description: "Throughput is lower than specified threshold value [requests / sec.] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_ram_dataset_overhead: - description: "Dataset RAM overhead of a shard has reached the threshold value [% of its RAM limit] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_ram_values: - description: "Percent of values kept in a shard's RAM is lower than [% of its key count] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_replica_src_high_syncer_lag: - description: "Replica-of source - sync lag is higher than specified threshold value [seconds] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_replica_src_syncer_connection_error: - description: "Replica-of source - sync has connection error while trying to connect replica source - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_shard_num_ram_values: - description: "Number of values kept in a shard's RAM is lower than [values] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_size: - description: "Dataset size has reached the threshold value [% of the memory limit] expected fields: - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - backup: - description: Target for automatic database backups. - properties: - abs: - properties: - absSecretName: - description: The name of the K8s secret that holds ABS credentials. - The secret must contain the keys "AccountName" and "AccountKey", - and these must hold the corresponding credentials - type: string - container: - description: Azure Blob Storage container name. - type: string - subdir: - description: Optional. Azure Blob Storage subdir under container. - type: string - required: - - absSecretName - - container - type: object - ftp: - properties: - url: - description: "a URI of the ftps://[USER[:PASSWORD]@]HOST[:PORT]/PATH[/]" - type: string - pattern: ftps?://(([^@]+)@)?([^@/:]+)(:(\d+))?([/\.]/?[^@/\.]+)*?/?$ - required: - - url - type: object - gcs: - description: GoogleStorage - properties: - bucketName: - description: Google Storage bucket name. - type: string - gcsSecretName: - description: The name of the K8s secret that holds the Google - Cloud Storage credentials. The secret must contain the keys - "CLIENT_ID", "PRIVATE_KEY", "PRIVATE_KEY_ID", "CLIENT_EMAIL" - and these must hold the corresponding credentials. The keys - should correspond to the values in the key JSON. - type: string - subdir: - description: Optional. Google Storage subdir under bucket. - type: string - required: - - bucketName - - gcsSecretName - type: object - interval: - description: Backup Interval in seconds - type: integer - mount: - description: MountPointStorage - properties: - path: - description: Path to the local mount point. You must create - the mount point on all nodes, and the redislabs:redislabs - user must have read and write permissions on the local mount - point. - type: string - required: - - path - type: object - s3: - properties: - awsSecretName: - description: The name of the K8s secret that holds the AWS credentials. - The secret must contain the keys "AWS_ACCESS_KEY_ID" and "AWS_SECRET_ACCESS_KEY", - and these must hold the corresponding credentials. - type: string - bucketName: - description: Amazon S3 bucket name. - type: string - subdir: - description: Optional. Amazon S3 subdir under bucket. - type: string - required: - - awsSecretName - - bucketName - type: object - sftp: - properties: - sftp_url: - description: SFTP url - type: string - pattern: ^sftp://(([^@]+)@)?([^@/:]+)(:(\d+))?(/([^@/\.]+[/\.]?)*)?$ - sftpSecretName: - description: The name of the K8s secret that holds SFTP credentials. - The secret must contain the "Key" key, which is the SSH private - key for connecting to the sftp server. - type: string - required: - - sftpSecretName - - sftp_url - type: object - swift: - properties: - auth_url: - description: Swift service authentication URL. - type: string - pattern: ^https?://(([^@]+)@)?([^@/:]+)(:(\d+))?([/\.]([^@/\.]+))*?/?$ - container: - description: Swift object store container for storing the backup - files. - type: string - prefix: - description: Optional. Prefix (path) of backup files in the - swift container. - type: string - swiftSecretName: - description: 'The name of the K8s secret that holds Swift credentials. - The secret must contain the keys "Key" and "User", and these - must hold the corresponding credentials: service access key - and service user name (pattern for the latter does not allow - special characters &,<,>,")' - type: string - required: - - auth_url - - container - - swiftSecretName - type: object - type: object - clientAuthenticationCertificates: - description: The Secrets containing TLS Client Certificate to use for - Authentication - items: - type: string - type: array - dataInternodeEncryption: - description: Internode encryption (INE) setting. An optional boolean setting, overriding - a similar cluster-wide policy. - If set to False, INE is guaranteed to be turned off for this DB (regardless of cluster-wide policy). - If set to True, INE will be turned on, unless the capability is not supported by the DB ( - in such a case we will get an error and database creation will fail). - If left unspecified, will be disabled if internode encryption is not supported by the DB - (regardless of cluster default). - Deleting this property after explicitly setting its value shall have no effect. - type: boolean - databasePort: - description: Database port number. TCP port on which the database is - available. Will be generated automatically if omitted. can not be - changed after creation - type: integer - databaseSecretName: - description: The name of the secret that holds the password - to the database (redis databases only). - If secret does not exist, it will be created. - To define the password, create an opaque secret and set the name in the spec. - The password will be taken from the value of the 'password' key. - Use an empty string as value within the secret to disable authentication for the database. - Notes - For Active-Active databases this secret will not be automatically created, - and also, memcached databases must not be set with a value, - and a secret/password will not be automatically created for them. - Use the memcachedSaslSecretName field to set authentication parameters for memcached databases. - type: string - defaultUser: - description: Is connecting with a default user allowed? - type: boolean - evictionPolicy: - description: Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/ - type: string - isRof: - description: Whether it is an RoF database or not. Applicable only for - databases of type "REDIS". Assumed to be false if left blank. - type: boolean - memorySize: - description: memory size of database. use formats like 100MB, 0.1GB. - minimum value in 100MB. When redis on flash (RoF) is enabled, this value refers to RAM+Flash memory, - and it must not be below 1GB. - type: string - modulesList: - description: List of modules associated with database. - Note - For Active-Active databases this feature is currently in preview. For - this feature to take effect for Active-Active databases, set a boolean environment variable - with the name "ENABLE_ALPHA_FEATURES" to True. This variable can - be set via the redis-enterprise-operator pod spec, or through the - operator-environment-config Config Map. - items: - description: 'Redis Enterprise Module: https://redislabs.com/redis-enterprise/modules/' - properties: - config: - description: Module command line arguments e.g. VKEY_MAX_ENTITY_COUNT - 30 - type: string - name: - description: The module's name e.g "ft" for redissearch - type: string - version: - description: Module's semantic version e.g "1.6.12" - optional only in REDB, must be set in REAADB - type: string - required: - - name - type: object - type: array - ossCluster: - description: OSS Cluster mode option. Note that not all client libraries - support OSS cluster mode. - type: boolean - persistence: - description: Database on-disk persistence policy - enum: - - disabled - - aofEverySecond - - aofAlways - - snapshotEvery1Hour - - snapshotEvery6Hour - - snapshotEvery12Hour - type: string - proxyPolicy: - description: 'The policy used for proxy binding to the endpoint. Supported - proxy policies are: single/all-master-shards/all-nodes When left blank, - the default value will be chosen according to the value of ossCluster - - single if disabled, all-master-shards when enabled' - type: string - rackAware: - description: 'Whether database should be rack aware. This improves availability - - more information: https://docs.redislabs.com/latest/rs/concepts/high-availability/rack-zone-awareness/' - type: boolean - redisEnterpriseCluster: - description: Connection to Redis Enterprise Cluster - properties: - name: - description: The name of the Redis Enterprise Cluster where the - database should be stored. - type: string - required: - - name - type: object - replicaSources: - description: What databases to replicate from - items: - properties: - clientKeySecret: - description: 'Secret that defines the client certificate and - key used by the syncer in the target database cluster. The - secret must have 2 keys in its map: "cert" which is the PEM - encoded certificate, and "key" which is the PEM encoded private - key.' - type: string - compression: - description: GZIP compression level (0-6) to use for replication. - type: integer - replicaSourceName: - description: The name of the resource from which the source - database URI is derived. The type of resource must match the - type specified in the ReplicaSourceType field. - type: string - replicaSourceType: - description: The type of resource from which the source database - URI is derived. If set to 'SECRET', the source database URI - is derived from the secret named in the ReplicaSourceName - field. The secret must have a key named 'uri' that defines - the URI of the source database in the form of 'redis://...'. - The type of secret (kubernetes, vault, ...) is determined - by the secret mechanism used by the underlying REC object. - If set to 'REDB', the source database URI is derived from - the RedisEnterpriseDatabase resource named in the ReplicaSourceName - field. - type: string - serverCertSecret: - description: 'Secret that defines the server certificate used - by the proxy in the source database cluster. The secret must - have 1 key in its map: "cert" which is the PEM encoded certificate.' - type: string - tlsSniName: - description: TLS SNI name to use for the replication link. - type: string - required: - - replicaSourceName - - replicaSourceType - type: object - type: array - replication: - description: In-memory database replication. When enabled, database - will have replica shard for every master - leading to higher availability. Defaults to false. - type: boolean - rolesPermissions: - description: List of Redis Enteprise ACL and Role bindings to apply - items: - description: Redis Enterprise Role and ACL Binding - properties: - acl: - description: Acl Name of RolePermissionType - type: string - role: - description: Role Name of RolePermissionType - type: string - type: - description: Type of Redis Enterprise Database Role Permission - type: string - required: - - acl - - role - - type - type: object - type: array - shardingEnabled: - description: Toggles database sharding for REAADBs (Active Active - databases) and enabled by default. This field is blocked for REDB - (non-Active Active databases) and sharding is toggled via the shardCount - field - when shardCount is 1 this is disabled otherwise enabled. - type: boolean - shardCount: - description: Number of database server-side shards - type: integer - shardsPlacement: - description: Control the density of shards - should they reside on as few or as many nodes as possible. - Available options are "dense" or "sparse". If left unset, defaults to "dense". - enum: - - dense - - sparse - type: string - tlsMode: - description: Require SSL authenticated and encrypted connections to - the database. enabled - all incoming connections to the Database must - use SSL. disabled - no incoming connection to the Database should - use SSL. replica_ssl - databases that replicate from this one need - to use SSL. - enum: - - disabled - - enabled - - replica_ssl - type: string - type: - description: The type of the database (redis or memcached). Defaults to "redis". - enum: - - redis - - memcached - type: string - rofRamSize: - description: The size of the RAM portion of an RoF database. - Similarly to "memorySize" use formats like 100MB, 0.1GB. - It must be at least 10% of combined memory - size (RAM and Flash), as specified by "memorySize". - type: string - redisVersion: - description: Redis OSS version. - Version can be specified via prefix, - or via channels - for existing databases - Upgrade Redis - OSS version. For new databases - the version which the database will - be created with. If set to 'major' - will always upgrade to the most - recent major Redis version. If set to 'latest' - will always upgrade - to the most recent Redis version. Depends on 'redisUpgradePolicy' - - if you want to set the value to 'latest' for some databases, you - must set redisUpgradePolicy on the cluster before. Possible values - are 'major' or 'latest' When using upgrade - make sure to backup the - database before. This value is used only for database type 'redis' - type: string - upgradeSpec: - description: Specifications for DB upgrade. - properties: - upgradeModulesToLatest: - description: Upgrades the modules to the latest version that supportes the DB version during a DB upgrade action, to upgrade the DB version view the 'redisVersion' field. - Notes - All modules must be without specifing the version. - in addition, This field is currently not supported for Active-Active databases. - type: boolean - required: - - upgradeModulesToLatest - type: object - activeActive: - description: Connection/ association to the Active-Active database. - properties: - name: - description: 'The the corresponding Active-Active database name, - Redis Enterprise Active Active Database custom resource name, this - Resource is associated with. In case this resource is created - manually at the active active database creation this field must - be filled via the user, otherwise, the operator will assign this - field automatically. Note: this feature is currently unsupported.' - type: string - participatingClusterName: - description: 'The corresponding participating cluster name, Redis - Enterprise Remote Cluster custom resource name, in the Active-Active - database, In case this resource is created manually at the active - active database creation this field must be filled via the user, - otherwise, the operator will assign this field automatically. - Note: this feature is currently unsupported.' - type: string - required: - - name - - participatingClusterName - type: object - memcachedSaslSecretName: - description: 'Credentials used for binary authentication in memcached databases. - The credentials should be saved as an opaque secret and the name of that secret should be configured using this field. - For username, use ''username'' as the key and the actual username as the value. - For password, use ''password'' as the key and the actual password as the value. - Note that connections are not encrypted.' - type: string - resp3: - description: Whether this database supports RESP3 protocol. - Note - Deleting this property after explicitly setting its value shall have no effect. - Please view the corresponding field in RS doc for more info. - type: boolean - type: object - status: - description: RedisEnterpriseDatabaseStatus defines the observed state of - RedisEnterpriseDatabase - properties: - createdTime: - description: Time when the database was created - type: string - databaseUID: - description: Database UID provided by redis enterprise - type: string - internalEndpoints: - description: Endpoints listed internally by the Redis Enterprise Cluster. - Can be used to correlate a ReplicaSourceStatus entry. - items: - properties: - host: - description: Hostname assigned to the database - type: string - port: - description: Database port name - type: integer - type: object - type: array - lastActionStatus: - description: Status of the last action done by operator on this database - type: string - lastActionUid: - description: UID of the last action done by operator on this database - type: string - lastUpdated: - description: Time when the database was last updated - type: string - observedGeneration: - description: 'The generation (built in update counter of K8s) of the - REDB resource that was fully acted upon, meaning that all changes - were handled and sent as an API call to the Redis Enterprise Cluster - (REC). This field value should equal the current generation when the - resource changes were handled. Note: the lastActionStatus field tracks - actions handled asynchronously by the Redis Enterprise Cluster.' - format: int64 - type: integer - redisEnterpriseCluster: - description: The Redis Enterprise Cluster Object this Resource is associated - with - type: string - replicaSourceStatuses: - description: ReplicaSource statuses - items: - properties: - endpointHost: - description: The internal host name of the replica source database. - Can be used as an identifier. See the internalEndpoints list - on the REDB status. - type: string - lag: - description: Lag in millisec between source and destination (while - synced). - type: integer - lastError: - description: Last error encountered when syncing from the source. - type: string - lastUpdate: - description: Time when we last receive an update from the source. - type: string - rdbSize: - description: The source’s RDB size to be transferred during the - syncing phase. - type: integer - rdbTransferred: - description: Number of bytes transferred from the source’s RDB - during the syncing phase. - type: integer - status: - description: Sync status of this source - type: string - required: - - endpointHost - type: object - type: array - shardStatuses: - additionalProperties: - type: integer - description: Aggregated statuses of shards - type: object - backupInfo: - description: Information on the database's periodic backup - properties: - backupFailureReason: - description: Reason of last failed backup process - type: string - backupHistory: - description: Backup history retention policy (number of days, - 0 is forever) - type: integer - backupInterval: - description: Interval in seconds in which automatic backup will - be initiated - type: integer - backupIntervalOffset: - description: Offset (in seconds) from round backup interval when - automatic backup will be initiated (should be less than backup_interval) - type: integer - backupProgressPercentage: - description: Database scheduled periodic backup progress (percentage) - type: integer - backupStatus: - description: Status of scheduled periodic backup process - type: string - lastBackupTime: - description: Time of last successful backup - type: string - type: object - specStatus: - description: Whether the desired specification is valid - type: string - status: - description: The status of the database - type: string - version: - description: Database compatibility version - type: string - activeActive: - description: Connection/ association to the Active-Active database. - properties: - name: - description: 'The the corresponding Active-Active database name, - Redis Enterprise Active Active Database custom resource name, this - Resource is associated with. In case this resource is created - manually at the active active database creation this field must - be filled via the user, otherwise, the operator will assign this - field automatically. Note: this feature is currently unsupported.' - type: string - participatingClusterName: - description: 'The corresponding participating cluster name, Redis - Enterprise Remote Cluster custom resource name, in the Active-Active - database, In case this resource is created manually at the active - active database creation this field must be filled via the user, - otherwise, the operator will assign this field automatically. - Note: this feature is currently unsupported.' - type: string - required: - - name - - participatingClusterName - type: object - type: object - type: object ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: redisenterpriseremoteclusters.app.redislabs.com - labels: - app: redis-enterprise -spec: - group: app.redislabs.com - names: - kind: RedisEnterpriseRemoteCluster - listKind: RedisEnterpriseRemoteClusterList - plural: redisenterpriseremoteclusters - singular: redisenterpriseremotecluster - shortNames: - - rerc - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .status.status - name: Status - type: string - - jsonPath: .status.specStatus - name: Spec Status - type: string - - jsonPath: .status.local - name: Local - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - description: RedisEntepriseRemoteCluster represents a remote participating - cluster. - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - status: - properties: - local: - description: Indicates whether this object represents a local or a - remote cluster. - type: boolean - specStatus: - description: Whether the desired specification is valid. - type: string - status: - description: The status of the remote cluster. - type: string - observedGeneration: - description: The most recent generation observed for this RERC. It corresponds to the RERC's generation, which is updated by the API Server. - type: integer - type: object - spec: - properties: - apiFqdnUrl: - description: The URL of the cluster, will be used for the active-active - database URL. - type: string - dbFqdnSuffix: - description: The database URL suffix, will be used for the active-active - database replication endpoint and replication endpoint SNI. - type: string - recNamespace: - description: The namespace of the REC that the RERC is pointing at - type: string - recName: - description: The name of the REC that the RERC is pointing at - type: string - secretName: - description: 'The name of the secret containing cluster credentials. - Must be of the following format: "redis-enterprise-"' - type: string - required: - - apiFqdnUrl - - recName - - recNamespace - type: object - type: object ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: redisenterpriseactiveactivedatabases.app.redislabs.com - labels: - app: redis-enterprise -spec: - group: app.redislabs.com - names: - kind: RedisEnterpriseActiveActiveDatabase - listKind: RedisEnterpriseActiveActiveDatabaseList - plural: redisenterpriseactiveactivedatabases - singular: redisenterpriseactiveactivedatabase - shortNames: - - reaadb - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .status.status - name: Status - type: string - - jsonPath: .status.specStatus - name: Spec Status - type: string - - jsonPath: .status.linkedRedbs[*] - name: Linked REDBs - type: string - - jsonPath: .status.replicationStatus - name: Replication Status - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - description: RedisEnterpriseActiveActiveDatabase is the Schema for the redisenterpriseactiveactivedatabase - API - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - status: - description: RedisEnterpriseActiveActiveDatabaseStatus defines the observed - state of RedisEnterpriseActiveActiveDatabase - properties: - status: - description: The status of the active active database. - type: string - specStatus: - description: Whether the desired specification is valid - type: string - linkedRedbs: - description: The linked REDBs. - items: - type: string - type: array - participatingClusters: - description: The list of instances/ clusters statuses. - items: - description: Status of participating cluster. - properties: - name: - description: The name of the remote cluster CR that is linked. - type: string - id: - description: The corresponding ID of the instance in the active-active database. - format: int64 - type: integer - replicationStatus: - description: The replication status of the participating cluster - enum: - - up - - down - type: string - required: - - name - type: object - type: array - guid: - description: The active-active database corresponding GUID. - type: string - lastTaskUid: - description: The last active-active database task UID. - type: string - redisEnterpriseCluster: - description: The Redis Enterprise Cluster Object this Resource is associated - with - type: string - replicationStatus: - description: The overall replication status - enum: - - up - - down - type: string - secretsStatus: - description: The status of the secrets - items: - description: Status of secrets. - properties: - name: - description: The name of the secret. - type: string - status: - description: The status of the secret. - enum: - - Valid - - Invalid - type: string - required: - - name - type: object - type: array - type: object - spec: - description: RedisEnterpriseActiveActiveDatabaseSpec defines the desired - state of RedisEnterpriseActiveActiveDatabase - properties: - redisEnterpriseCluster: - description: Connection to Redis Enterprise Cluster - properties: - name: - description: The name of the Redis Enterprise Cluster where the - database should be stored. - type: string - required: - - name - type: object - participatingClusters: - description: The list of instances/ clusters specifications and configurations. - items: - properties: - name: - description: The name of the remote cluster CR to link. - type: string - required: - - name - type: object - type: array - globalConfigurations: - description: The Active-Active database global configurations, - contains the global properties for each of the participating clusters/ instances databases within the Active-Active database. - properties: - activeActive: - description: Connection/ association to the Active-Active database. - properties: - name: - description: 'The the corresponding Active-Active database name, - Redis Enterprise Active Active Database custom resource name, - this Resource is associated with. In case this resource is - created manually at the active active database creation this - field must be filled via the user, otherwise, the operator - will assign this field automatically. Note: this feature is - currently unsupported.' - type: string - participatingClusterName: - description: 'The corresponding participating cluster name, - Redis Enterprise Remote Cluster custom resource name, in the - Active-Active database, In case this resource is created manually - at the active active database creation this field must be - filled via the user, otherwise, the operator will assign this - field automatically. Note: this feature is currently unsupported.' - type: string - required: - - name - - participatingClusterName - type: object - alertSettings: - description: Settings for database alerts - properties: - bdb_backup_delayed: - description: Periodic backup has been delayed for longer than - specified threshold value [minutes] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_crdt_src_high_syncer_lag: - description: Active-active source - sync lag is higher than - specified threshold value [seconds] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_crdt_src_syncer_connection_error: - description: Active-active source - sync has connection error - while trying to connect replica source - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_crdt_src_syncer_general_error: - description: Active-active source - sync encountered in general - error - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_high_latency: - description: Latency is higher than specified threshold value - [micro-sec] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_high_throughput: - description: Throughput is higher than specified threshold - value [requests / sec.] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_long_running_action: - description: An alert for state-machines that are running - for too long - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_low_throughput: - description: Throughput is lower than specified threshold - value [requests / sec.] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_ram_dataset_overhead: - description: Dataset RAM overhead of a shard has reached the - threshold value [% of its RAM limit] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_ram_values: - description: Percent of values kept in a shard's RAM is lower - than [% of its key count] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_replica_src_high_syncer_lag: - description: Replica-of source - sync lag is higher than specified - threshold value [seconds] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_replica_src_syncer_connection_error: - description: Replica-of source - sync has connection error - while trying to connect replica source - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_shard_num_ram_values: - description: Number of values kept in a shard's RAM is lower - than [values] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_size: - description: Dataset size has reached the threshold value - [% of the memory limit] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - type: object - backup: - description: Target for automatic database backups. - properties: - abs: - properties: - absSecretName: - description: The name of the secret that holds ABS credentials. - The secret must contain the keys "AccountName" and "AccountKey", - and these must hold the corresponding credentials - type: string - container: - description: Azure Blob Storage container name. - type: string - subdir: - description: Optional. Azure Blob Storage subdir under - container. - type: string - required: - - absSecretName - - container - type: object - ftp: - properties: - url: - description: a URI of the "ftps://[USER[:PASSWORD]@]HOST[:PORT]/PATH[/]" - format - type: string - required: - - url - type: object - gcs: - description: GoogleStorage - properties: - bucketName: - description: Google Storage bucket name. - type: string - gcsSecretName: - description: The name of the secret that holds the Google - Cloud Storage credentials. The secret must contain the - keys "CLIENT_ID", "PRIVATE_KEY", "PRIVATE_KEY_ID", "CLIENT_EMAIL" - and these must hold the corresponding credentials. The - keys should correspond to the values in the key JSON. - type: string - subdir: - description: Optional. Google Storage subdir under bucket. - type: string - required: - - bucketName - - gcsSecretName - type: object - interval: - description: Backup Interval in seconds - type: integer - mount: - description: MountPointStorage - properties: - path: - description: Path to the local mount point. You must create - the mount point on all nodes, and the redislabs:redislabs - user must have read and write permissions on the local - mount point. - type: string - required: - - path - type: object - s3: - properties: - awsSecretName: - description: The name of the secret that holds the AWS - credentials. The secret must contain the keys "AWS_ACCESS_KEY_ID" - and "AWS_SECRET_ACCESS_KEY", and these must hold the - corresponding credentials. - type: string - bucketName: - description: Amazon S3 bucket name. - type: string - subdir: - description: Optional. Amazon S3 subdir under bucket. - type: string - required: - - awsSecretName - - bucketName - type: object - sftp: - properties: - sftp_url: - description: SFTP url - type: string - sftpSecretName: - description: The name of the secret that holds SFTP credentials. - The secret must contain the "Key" key, which is the - SSH private key for connecting to the sftp server. - type: string - required: - - sftpSecretName - - sftp_url - type: object - swift: - properties: - auth_url: - description: Swift service authentication URL. - type: string - container: - description: Swift object store container for storing - the backup files. - type: string - prefix: - description: Optional. Prefix (path) of backup files in - the swift container. - type: string - swiftSecretName: - description: 'The name of the secret that holds Swift - credentials. The secret must contain the keys "Key" - and "User", and these must hold the corresponding credentials: - service access key and service user name (pattern for - the latter does not allow special characters &,<,>,")' - type: string - required: - - auth_url - - container - - swiftSecretName - type: object - type: object - clientAuthenticationCertificates: - description: The Secrets containing TLS Client Certificate to - use for Authentication - items: - type: string - type: array - dataInternodeEncryption: - description: Internode encryption (INE) setting. An optional boolean - setting, overriding a similar cluster-wide policy. If set to - False, INE is guaranteed to be turned off for this DB (regardless - of cluster-wide policy). If set to True, INE will be turned - on, unless the capability is not supported by the DB ( in such - a case we will get an error and database creation will fail). - If left unspecified, will be disabled if internode encryption - is not supported by the DB (regardless of cluster default). - Deleting this property after explicitly setting its value shall - have no effect. - type: boolean - databasePort: - description: Database port number. TCP port on which the database - is available. Will be generated automatically if omitted. can - not be changed after creation - type: integer - databaseSecretName: - description: The name of the secret that holds the password - to the database (redis databases only). - If secret does not exist, it will be created. - To define the password, create an opaque secret and set the name in the spec. - The password will be taken from the value of the 'password' key. - Use an empty string as value within the secret to disable authentication for the database. - Notes - For Active-Active databases this secret will not be automatically created, - and also, memcached databases must not be set with a value, - and a secret/password will not be automatically created for them. - Use the memcachedSaslSecretName field to set authentication parameters for memcached databases. - type: string - defaultUser: - description: Is connecting with a default user allowed? If disabled, - the DatabaseSecret will not be created or updated - type: boolean - evictionPolicy: - description: Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/ - type: string - isRof: - description: Whether it is an RoF database or not. Applicable - only for databases of type "REDIS". Assumed to be false if left - blank. - type: boolean - memcachedSaslSecretName: - description: Credentials used for binary authentication in memcached - databases. The credentials should be saved as an opaque secret - and the name of that secret should be configured using this - field. For username, use 'username' as the key and the actual - username as the value. For password, use 'password' as the key - and the actual password as the value. Note that connections - are not encrypted. - type: string - memorySize: - description: memory size of database. use formats like 100MB, - 0.1GB. minimum value in 100MB. When redis on flash (RoF) is - enabled, this value refers to RAM+Flash memory, and it must - not be below 1GB. - type: string - modulesList: - description: List of modules associated with database. - Note - For Active-Active databases this feature is currently in preview. For - this feature to take effect for Active-Active databases, set a boolean environment variable - with the name "ENABLE_ALPHA_FEATURES" to True. This variable can - be set via the redis-enterprise-operator pod spec, or through the - operator-environment-config Config Map. - items: - description: 'Redis Enterprise Module: https://redislabs.com/redis-enterprise/modules/' - properties: - config: - description: Module command line arguments e.g. VKEY_MAX_ENTITY_COUNT - 30 - type: string - name: - description: The module's name e.g "ft" for redissearch - type: string - uid: - description: Module's uid - do not set, for system use only - nolint:staticcheck // custom json tag unknown to the linter - type: string - version: - description: Module's semantic version e.g "1.6.12" - optional only in REDB, must be set in REAADB - type: string - required: - - name - type: object - type: array - ossCluster: - description: OSS Cluster mode option. Note that not all client - libraries support OSS cluster mode. - type: boolean - persistence: - description: Database on-disk persistence policy - enum: - - disabled - - aofEverySecond - - aofAlways - - snapshotEvery1Hour - - snapshotEvery6Hour - - snapshotEvery12Hour - type: string - proxyPolicy: - description: 'The policy used for proxy binding to the endpoint. - Supported proxy policies are: single/all-master-shards/all-nodes - When left blank, the default value will be chosen according - to the value of ossCluster - single if disabled, all-master-shards - when enabled' - type: string - rackAware: - description: 'Whether database should be rack aware. This improves - availability - more information: https://docs.redislabs.com/latest/rs/concepts/high-availability/rack-zone-awareness/' - type: boolean - redisEnterpriseCluster: - description: Connection to Redis Enterprise Cluster - properties: - name: - description: The name of the Redis Enterprise Cluster where - the database should be stored. - type: string - required: - - name - type: object - redisVersion: - description: Redis OSS version. - Version can be specified via prefix, - or via channels - for existing databases - Upgrade - Redis OSS version. For new databases - the version which the - database will be created with. If set to 'major' - will always - upgrade to the most recent major Redis version. If set to 'latest' - - will always upgrade to the most recent Redis version. Depends - on 'redisUpgradePolicy' - if you want to set the value to 'latest' - for some databases, you must set redisUpgradePolicy on the cluster - before. Possible values are 'major' or 'latest' When using upgrade - - make sure to backup the database before. This value is used - only for database type 'redis' - type: string - upgradeSpec: - description: Specifications for DB upgrade. - properties: - upgradeModulesToLatest: - description: Upgrades the modules to the latest version that supportes the DB version during a DB upgrade action, to upgrade the DB version view the 'redisVersion' field. - Note - This field is currently not supported for Active-Active databases. - type: boolean - required: - - upgradeModulesToLatest - type: object - replicaSources: - description: What databases to replicate from - items: - properties: - clientKeySecret: - description: 'Secret that defines the client certificate - and key used by the syncer in the target database cluster. - The secret must have 2 keys in its map: "cert" which is - the PEM encoded certificate, and "key" which is the PEM - encoded private key.' - type: string - compression: - description: GZIP compression level (0-6) to use for replication. - type: integer - replicaSourceName: - description: The name of the resource from which the source - database URI is derived. The type of resource must match - the type specified in the ReplicaSourceType field. - type: string - replicaSourceType: - description: The type of resource from which the source - database URI is derived. If set to 'SECRET', the source - database URI is derived from the secret named in the ReplicaSourceName - field. The secret must have a key named 'uri' that defines - the URI of the source database in the form of 'redis://...'. - The type of secret (kubernetes, vault, ...) is determined - by the secret mechanism used by the underlying REC object. - If set to 'REDB', the source database URI is derived from - the RedisEnterpriseDatabase resource named in the ReplicaSourceName - field. - type: string - serverCertSecret: - description: 'Secret that defines the server certificate - used by the proxy in the source database cluster. The - secret must have 1 key in its map: "cert" which is the - PEM encoded certificate.' - type: string - tlsSniName: - description: TLS SNI name to use for the replication link. - type: string - required: - - replicaSourceName - - replicaSourceType - type: object - type: array - replication: - description: In-memory database replication. When enabled, database - will have replica shard for every master - leading to higher - availability. Defaults to false. - type: boolean - resp3: - description: Whether this database supports RESP3 protocol. - Note - Deleting this property after explicitly setting its value shall have no effect. - Please view the corresponding field in RS doc for more info. - type: boolean - rofRamSize: - description: The size of the RAM portion of an RoF database. Similarly - to "memorySize" use formats like 100MB, 0.1GB It must be at - least 10% of combined memory size (RAM+Flash), as specified - by "memorySize". - type: string - rolesPermissions: - description: List of Redis Enteprise ACL and Role bindings to - apply - items: - description: Redis Enterprise Role and ACL Binding - properties: - acl: - description: 'Acl Name of RolePermissionType (note: use - exact name of the ACL from the Redis Enterprise ACL list, - case sensitive)' - type: string - role: - description: 'Role Name of RolePermissionType (note: use - exact name of the role from the Redis Enterprise role - list, case sensitive)' - type: string - type: - description: Type of Redis Enterprise Database Role Permission - type: string - required: - - acl - - role - - type - type: object - type: array - shardingEnabled: - description: Toggles database sharding for REAADBs (Active Active - databases) and enabled by default. This field is blocked for REDB - (non-Active Active databases) and sharding is toggled via the shardCount - field - when shardCount is 1 this is disabled otherwise enabled. - type: boolean - shardCount: - description: Number of database server-side shards - type: integer - shardsPlacement: - description: Control the density of shards - should they reside - on as few or as many nodes as possible. Available options are - "dense" or "sparse". If left unset, defaults to "dense". - type: string - tlsMode: - description: Require SSL authenticated and encrypted connections - to the database. enabled - all incoming connections to the Database - must use SSL. disabled - no incoming connection to the Database - should use SSL. replica_ssl - databases that replicate from - this one need to use SSL. - enum: - - disabled - - enabled - - replica_ssl - type: string - type: - description: The type of the database. - enum: - - redis - - memcached - type: string - type: object - required: - - participatingClusters - type: object - type: object ---- ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator -spec: - replicas: 1 - selector: - matchLabels: - name: redis-enterprise-operator - strategy: - type: Recreate - template: - metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator - spec: - containers: - - command: - - operator-root - - operator - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: redis-enterprise-operator - envFrom: - - configMapRef: - name: "operator-environment-config" - optional: true - image: redislabs/operator:7.4.6-2 - imagePullPolicy: Always - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: redis-enterprise-operator - ports: - - containerPort: 8080 - resources: - limits: - cpu: 4000m - memory: 512Mi - requests: - cpu: 500m - memory: 256Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - - command: - - operator-root - - admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - envFrom: - - configMapRef: - name: "operator-environment-config" - optional: true - image: redislabs/operator:7.4.6-2 - imagePullPolicy: Always - livenessProbe: - failureThreshold: 3 - httpGet: - path: /liveness - port: 8443 - scheme: HTTPS - initialDelaySeconds: 15 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: admission - ports: - - containerPort: 8443 - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8443 - scheme: HTTPS - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: 1000m - memory: 512Mi - requests: - cpu: 250m - memory: 256Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - securityContext: - seccompProfile: - type: RuntimeDefault - runAsNonRoot: true - serviceAccountName: redis-enterprise-operator ---- diff --git a/cluster_credentials.md b/cluster_credentials.md deleted file mode 100644 index 6a85144..0000000 --- a/cluster_credentials.md +++ /dev/null @@ -1,3 +0,0 @@ -# Management of the Redis Enterprise Cluster credentials - -This content has moved to [docs.redis.com](https://docs.redis.com/latest/); see [Manage Redis Enterprise cluster (REC) credentials](https://docs.redis.com/latest/kubernetes/security/manage-rec-credentials/). \ No newline at end of file diff --git a/crds/reaadb_crd.yaml b/crds/reaadb_crd.yaml deleted file mode 100644 index 0c8fd8a..0000000 --- a/crds/reaadb_crd.yaml +++ /dev/null @@ -1,766 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: redisenterpriseactiveactivedatabases.app.redislabs.com - labels: - app: redis-enterprise -spec: - group: app.redislabs.com - names: - kind: RedisEnterpriseActiveActiveDatabase - listKind: RedisEnterpriseActiveActiveDatabaseList - plural: redisenterpriseactiveactivedatabases - singular: redisenterpriseactiveactivedatabase - shortNames: - - reaadb - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .status.status - name: Status - type: string - - jsonPath: .status.specStatus - name: Spec Status - type: string - - jsonPath: .status.linkedRedbs[*] - name: Linked REDBs - type: string - - jsonPath: .status.replicationStatus - name: Replication Status - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - description: RedisEnterpriseActiveActiveDatabase is the Schema for the redisenterpriseactiveactivedatabase - API - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - status: - description: RedisEnterpriseActiveActiveDatabaseStatus defines the observed - state of RedisEnterpriseActiveActiveDatabase - properties: - status: - description: The status of the active active database. - type: string - specStatus: - description: Whether the desired specification is valid - type: string - linkedRedbs: - description: The linked REDBs. - items: - type: string - type: array - participatingClusters: - description: The list of instances/ clusters statuses. - items: - description: Status of participating cluster. - properties: - name: - description: The name of the remote cluster CR that is linked. - type: string - id: - description: The corresponding ID of the instance in the active-active database. - format: int64 - type: integer - replicationStatus: - description: The replication status of the participating cluster - enum: - - up - - down - type: string - required: - - name - type: object - type: array - guid: - description: The active-active database corresponding GUID. - type: string - lastTaskUid: - description: The last active-active database task UID. - type: string - redisEnterpriseCluster: - description: The Redis Enterprise Cluster Object this Resource is associated - with - type: string - replicationStatus: - description: The overall replication status - enum: - - up - - down - type: string - secretsStatus: - description: The status of the secrets - items: - description: Status of secrets. - properties: - name: - description: The name of the secret. - type: string - status: - description: The status of the secret. - enum: - - Valid - - Invalid - type: string - required: - - name - type: object - type: array - type: object - spec: - description: RedisEnterpriseActiveActiveDatabaseSpec defines the desired - state of RedisEnterpriseActiveActiveDatabase - properties: - redisEnterpriseCluster: - description: Connection to Redis Enterprise Cluster - properties: - name: - description: The name of the Redis Enterprise Cluster where the - database should be stored. - type: string - required: - - name - type: object - participatingClusters: - description: The list of instances/ clusters specifications and configurations. - items: - properties: - name: - description: The name of the remote cluster CR to link. - type: string - required: - - name - type: object - type: array - globalConfigurations: - description: The Active-Active database global configurations, - contains the global properties for each of the participating clusters/ instances databases within the Active-Active database. - properties: - activeActive: - description: Connection/ association to the Active-Active database. - properties: - name: - description: 'The the corresponding Active-Active database name, - Redis Enterprise Active Active Database custom resource name, - this Resource is associated with. In case this resource is - created manually at the active active database creation this - field must be filled via the user, otherwise, the operator - will assign this field automatically. Note: this feature is - currently unsupported.' - type: string - participatingClusterName: - description: 'The corresponding participating cluster name, - Redis Enterprise Remote Cluster custom resource name, in the - Active-Active database, In case this resource is created manually - at the active active database creation this field must be - filled via the user, otherwise, the operator will assign this - field automatically. Note: this feature is currently unsupported.' - type: string - required: - - name - - participatingClusterName - type: object - alertSettings: - description: Settings for database alerts - properties: - bdb_backup_delayed: - description: Periodic backup has been delayed for longer than - specified threshold value [minutes] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_crdt_src_high_syncer_lag: - description: Active-active source - sync lag is higher than - specified threshold value [seconds] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_crdt_src_syncer_connection_error: - description: Active-active source - sync has connection error - while trying to connect replica source - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_crdt_src_syncer_general_error: - description: Active-active source - sync encountered in general - error - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_high_latency: - description: Latency is higher than specified threshold value - [micro-sec] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_high_throughput: - description: Throughput is higher than specified threshold - value [requests / sec.] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_long_running_action: - description: An alert for state-machines that are running - for too long - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_low_throughput: - description: Throughput is lower than specified threshold - value [requests / sec.] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_ram_dataset_overhead: - description: Dataset RAM overhead of a shard has reached the - threshold value [% of its RAM limit] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_ram_values: - description: Percent of values kept in a shard's RAM is lower - than [% of its key count] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_replica_src_high_syncer_lag: - description: Replica-of source - sync lag is higher than specified - threshold value [seconds] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_replica_src_syncer_connection_error: - description: Replica-of source - sync has connection error - while trying to connect replica source - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_shard_num_ram_values: - description: Number of values kept in a shard's RAM is lower - than [values] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_size: - description: Dataset size has reached the threshold value - [% of the memory limit] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - type: object - backup: - description: Target for automatic database backups. - properties: - abs: - properties: - absSecretName: - description: The name of the secret that holds ABS credentials. - The secret must contain the keys "AccountName" and "AccountKey", - and these must hold the corresponding credentials - type: string - container: - description: Azure Blob Storage container name. - type: string - subdir: - description: Optional. Azure Blob Storage subdir under - container. - type: string - required: - - absSecretName - - container - type: object - ftp: - properties: - url: - description: a URI of the "ftps://[USER[:PASSWORD]@]HOST[:PORT]/PATH[/]" - format - type: string - required: - - url - type: object - gcs: - description: GoogleStorage - properties: - bucketName: - description: Google Storage bucket name. - type: string - gcsSecretName: - description: The name of the secret that holds the Google - Cloud Storage credentials. The secret must contain the - keys "CLIENT_ID", "PRIVATE_KEY", "PRIVATE_KEY_ID", "CLIENT_EMAIL" - and these must hold the corresponding credentials. The - keys should correspond to the values in the key JSON. - type: string - subdir: - description: Optional. Google Storage subdir under bucket. - type: string - required: - - bucketName - - gcsSecretName - type: object - interval: - description: Backup Interval in seconds - type: integer - mount: - description: MountPointStorage - properties: - path: - description: Path to the local mount point. You must create - the mount point on all nodes, and the redislabs:redislabs - user must have read and write permissions on the local - mount point. - type: string - required: - - path - type: object - s3: - properties: - awsSecretName: - description: The name of the secret that holds the AWS - credentials. The secret must contain the keys "AWS_ACCESS_KEY_ID" - and "AWS_SECRET_ACCESS_KEY", and these must hold the - corresponding credentials. - type: string - bucketName: - description: Amazon S3 bucket name. - type: string - subdir: - description: Optional. Amazon S3 subdir under bucket. - type: string - required: - - awsSecretName - - bucketName - type: object - sftp: - properties: - sftp_url: - description: SFTP url - type: string - sftpSecretName: - description: The name of the secret that holds SFTP credentials. - The secret must contain the "Key" key, which is the - SSH private key for connecting to the sftp server. - type: string - required: - - sftpSecretName - - sftp_url - type: object - swift: - properties: - auth_url: - description: Swift service authentication URL. - type: string - container: - description: Swift object store container for storing - the backup files. - type: string - prefix: - description: Optional. Prefix (path) of backup files in - the swift container. - type: string - swiftSecretName: - description: 'The name of the secret that holds Swift - credentials. The secret must contain the keys "Key" - and "User", and these must hold the corresponding credentials: - service access key and service user name (pattern for - the latter does not allow special characters &,<,>,")' - type: string - required: - - auth_url - - container - - swiftSecretName - type: object - type: object - clientAuthenticationCertificates: - description: The Secrets containing TLS Client Certificate to - use for Authentication - items: - type: string - type: array - dataInternodeEncryption: - description: Internode encryption (INE) setting. An optional boolean - setting, overriding a similar cluster-wide policy. If set to - False, INE is guaranteed to be turned off for this DB (regardless - of cluster-wide policy). If set to True, INE will be turned - on, unless the capability is not supported by the DB ( in such - a case we will get an error and database creation will fail). - If left unspecified, will be disabled if internode encryption - is not supported by the DB (regardless of cluster default). - Deleting this property after explicitly setting its value shall - have no effect. - type: boolean - databasePort: - description: Database port number. TCP port on which the database - is available. Will be generated automatically if omitted. can - not be changed after creation - type: integer - databaseSecretName: - description: The name of the secret that holds the password - to the database (redis databases only). - If secret does not exist, it will be created. - To define the password, create an opaque secret and set the name in the spec. - The password will be taken from the value of the 'password' key. - Use an empty string as value within the secret to disable authentication for the database. - Notes - For Active-Active databases this secret will not be automatically created, - and also, memcached databases must not be set with a value, - and a secret/password will not be automatically created for them. - Use the memcachedSaslSecretName field to set authentication parameters for memcached databases. - type: string - defaultUser: - description: Is connecting with a default user allowed? If disabled, - the DatabaseSecret will not be created or updated - type: boolean - evictionPolicy: - description: Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/ - type: string - isRof: - description: Whether it is an RoF database or not. Applicable - only for databases of type "REDIS". Assumed to be false if left - blank. - type: boolean - memcachedSaslSecretName: - description: Credentials used for binary authentication in memcached - databases. The credentials should be saved as an opaque secret - and the name of that secret should be configured using this - field. For username, use 'username' as the key and the actual - username as the value. For password, use 'password' as the key - and the actual password as the value. Note that connections - are not encrypted. - type: string - memorySize: - description: memory size of database. use formats like 100MB, - 0.1GB. minimum value in 100MB. When redis on flash (RoF) is - enabled, this value refers to RAM+Flash memory, and it must - not be below 1GB. - type: string - modulesList: - description: List of modules associated with database. - Note - For Active-Active databases this feature is currently in preview. For - this feature to take effect for Active-Active databases, set a boolean environment variable - with the name "ENABLE_ALPHA_FEATURES" to True. This variable can - be set via the redis-enterprise-operator pod spec, or through the - operator-environment-config Config Map. - items: - description: 'Redis Enterprise Module: https://redislabs.com/redis-enterprise/modules/' - properties: - config: - description: Module command line arguments e.g. VKEY_MAX_ENTITY_COUNT - 30 - type: string - name: - description: The module's name e.g "ft" for redissearch - type: string - uid: - description: Module's uid - do not set, for system use only - nolint:staticcheck // custom json tag unknown to the linter - type: string - version: - description: Module's semantic version e.g "1.6.12" - optional only in REDB, must be set in REAADB - type: string - required: - - name - type: object - type: array - ossCluster: - description: OSS Cluster mode option. Note that not all client - libraries support OSS cluster mode. - type: boolean - persistence: - description: Database on-disk persistence policy - enum: - - disabled - - aofEverySecond - - aofAlways - - snapshotEvery1Hour - - snapshotEvery6Hour - - snapshotEvery12Hour - type: string - proxyPolicy: - description: 'The policy used for proxy binding to the endpoint. - Supported proxy policies are: single/all-master-shards/all-nodes - When left blank, the default value will be chosen according - to the value of ossCluster - single if disabled, all-master-shards - when enabled' - type: string - rackAware: - description: 'Whether database should be rack aware. This improves - availability - more information: https://docs.redislabs.com/latest/rs/concepts/high-availability/rack-zone-awareness/' - type: boolean - redisEnterpriseCluster: - description: Connection to Redis Enterprise Cluster - properties: - name: - description: The name of the Redis Enterprise Cluster where - the database should be stored. - type: string - required: - - name - type: object - redisVersion: - description: Redis OSS version. - Version can be specified via prefix, - or via channels - for existing databases - Upgrade - Redis OSS version. For new databases - the version which the - database will be created with. If set to 'major' - will always - upgrade to the most recent major Redis version. If set to 'latest' - - will always upgrade to the most recent Redis version. Depends - on 'redisUpgradePolicy' - if you want to set the value to 'latest' - for some databases, you must set redisUpgradePolicy on the cluster - before. Possible values are 'major' or 'latest' When using upgrade - - make sure to backup the database before. This value is used - only for database type 'redis' - type: string - upgradeSpec: - description: Specifications for DB upgrade. - properties: - upgradeModulesToLatest: - description: Upgrades the modules to the latest version that supportes the DB version during a DB upgrade action, to upgrade the DB version view the 'redisVersion' field. - Note - This field is currently not supported for Active-Active databases. - type: boolean - required: - - upgradeModulesToLatest - type: object - replicaSources: - description: What databases to replicate from - items: - properties: - clientKeySecret: - description: 'Secret that defines the client certificate - and key used by the syncer in the target database cluster. - The secret must have 2 keys in its map: "cert" which is - the PEM encoded certificate, and "key" which is the PEM - encoded private key.' - type: string - compression: - description: GZIP compression level (0-6) to use for replication. - type: integer - replicaSourceName: - description: The name of the resource from which the source - database URI is derived. The type of resource must match - the type specified in the ReplicaSourceType field. - type: string - replicaSourceType: - description: The type of resource from which the source - database URI is derived. If set to 'SECRET', the source - database URI is derived from the secret named in the ReplicaSourceName - field. The secret must have a key named 'uri' that defines - the URI of the source database in the form of 'redis://...'. - The type of secret (kubernetes, vault, ...) is determined - by the secret mechanism used by the underlying REC object. - If set to 'REDB', the source database URI is derived from - the RedisEnterpriseDatabase resource named in the ReplicaSourceName - field. - type: string - serverCertSecret: - description: 'Secret that defines the server certificate - used by the proxy in the source database cluster. The - secret must have 1 key in its map: "cert" which is the - PEM encoded certificate.' - type: string - tlsSniName: - description: TLS SNI name to use for the replication link. - type: string - required: - - replicaSourceName - - replicaSourceType - type: object - type: array - replication: - description: In-memory database replication. When enabled, database - will have replica shard for every master - leading to higher - availability. Defaults to false. - type: boolean - resp3: - description: Whether this database supports RESP3 protocol. - Note - Deleting this property after explicitly setting its value shall have no effect. - Please view the corresponding field in RS doc for more info. - type: boolean - rofRamSize: - description: The size of the RAM portion of an RoF database. Similarly - to "memorySize" use formats like 100MB, 0.1GB It must be at - least 10% of combined memory size (RAM+Flash), as specified - by "memorySize". - type: string - rolesPermissions: - description: List of Redis Enteprise ACL and Role bindings to - apply - items: - description: Redis Enterprise Role and ACL Binding - properties: - acl: - description: 'Acl Name of RolePermissionType (note: use - exact name of the ACL from the Redis Enterprise ACL list, - case sensitive)' - type: string - role: - description: 'Role Name of RolePermissionType (note: use - exact name of the role from the Redis Enterprise role - list, case sensitive)' - type: string - type: - description: Type of Redis Enterprise Database Role Permission - type: string - required: - - acl - - role - - type - type: object - type: array - shardingEnabled: - description: Toggles database sharding for REAADBs (Active Active - databases) and enabled by default. This field is blocked for REDB - (non-Active Active databases) and sharding is toggled via the shardCount - field - when shardCount is 1 this is disabled otherwise enabled. - type: boolean - shardCount: - description: Number of database server-side shards - type: integer - shardsPlacement: - description: Control the density of shards - should they reside - on as few or as many nodes as possible. Available options are - "dense" or "sparse". If left unset, defaults to "dense". - type: string - tlsMode: - description: Require SSL authenticated and encrypted connections - to the database. enabled - all incoming connections to the Database - must use SSL. disabled - no incoming connection to the Database - should use SSL. replica_ssl - databases that replicate from - this one need to use SSL. - enum: - - disabled - - enabled - - replica_ssl - type: string - type: - description: The type of the database. - enum: - - redis - - memcached - type: string - type: object - required: - - participatingClusters - type: object - type: object diff --git a/crds/rec_crd.yaml b/crds/rec_crd.yaml deleted file mode 100644 index 97858e8..0000000 --- a/crds/rec_crd.yaml +++ /dev/null @@ -1,14839 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: redisenterpriseclusters.app.redislabs.com - labels: - app: redis-enterprise -spec: - group: app.redislabs.com - names: - kind: RedisEnterpriseCluster - listKind: RedisEnterpriseClusterList - plural: redisenterpriseclusters - singular: redisenterprisecluster - shortNames: - - rec - scope: Namespaced - preserveUnknownFields: false - versions: - - name: v1 - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .spec.nodes - name: Nodes - type: string - - jsonPath: .spec.redisEnterpriseImageSpec.versionTag - name: Version - type: string - - jsonPath: .status.state - name: State - type: string - - jsonPath: .status.specStatus - name: Spec Status - type: string - - jsonPath: .status.licenseStatus.licenseState - name: License State - type: string - - jsonPath: .status.licenseStatus.shardsLimit - name: Shards Limit - type: string - - jsonPath: .status.licenseStatus.expirationDate - name: License Expiration Date - type: string - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - schema: - openAPIV3Schema: - description: RedisEnterpriseCluster is the Schema for the redisenterpriseclusters - API - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - status: - type: object - properties: - specStatus: - type: string - state: - type: string - modules: - type: array - items: - type: object - properties: - name: - type: string - displayName: - type: string - versions: - type: array - items: - type: string - ocspStatus: - description: An API object that represents the cluster's OCSP status - properties: - certStatus: - description: Indicates the proxy certificate status - GOOD/REVOKED/UNKNOWN. - type: string - nextUpdate: - description: The time at or before which newer information will - be available about the status of the certificate (if available) - type: string - producedAt: - description: The time at which the OCSP responder signed this - response. - type: string - responderUrl: - description: The OCSP responder url from which this status came - from. - type: string - revocationTime: - description: The time at which the certificate was revoked or - placed on hold. - type: string - thisUpdate: - description: The most recent time at which the status being indicated - is known by the responder to have been correct. - type: string - type: object - licenseStatus: - type: object - properties: - licenseState: - type: string - activationDate: - type: string - expirationDate: - type: string - shardsLimit: - type: integer - bundledDatabaseVersions: - description: Versions of open source databases bundled by Redis Enterprise - Software - please note that in order to use a specific version it - should be supported by the ‘upgradePolicy’ - ‘major’ or ‘latest’ according - to the desired version (major/minor) - items: - properties: - dbType: - type: string - major: - type: boolean - version: - type: string - required: - - dbType - - version - type: object - type: array - managedAPIs: - description: Indicates cluster APIs that are being managed by the - operator. This only applies to cluster APIs which are optionally-managed - by the operator, such as cluster LDAP configuration. Most other - APIs are automatically managed by the operator, and are not listed - here. - properties: - ldap: - description: Indicate whether cluster LDAP configuration is managed - by the operator. When this is enabled, the operator will reconcile - the cluster LDAP configuration according to the '.spec.ldap' - field in the RedisEnterpriseCluster resource. - type: boolean - type: object - ingressOrRouteMethodStatus: - description: The ingressOrRouteSpec/ActiveActive spec method that exist - type: string - persistenceStatus: - description: The status of the Persistent Volume Claims that are used - for Redis Enterprise Cluster persistence. The status will correspond - to the status of one or more of the PVCs (failed/resizing if one of - them is in resize or failed to resize) - properties: - status: - description: The current status of the PVCs - type: string - succeeded: - description: The number of PVCs that are provisioned with the expected size - type: string - type: object - redisEnterpriseIPFamily: - type: string - spec: - description: RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster - properties: - activeActive: - description: Specification for ActiveActive setup. At most one of - ingressOrRouteSpec or activeActive fields can be set at the same - time. - properties: - apiIngressUrl: - description: RS API URL - type: string - dbIngressSuffix: - description: DB ENDPOINT SUFFIX - will be used to set the db host. - ingress Creates a host name so it - should be unique if more than one db is created on the cluster - with the same name - type: string - ingressAnnotations: - additionalProperties: - type: string - description: Used for ingress controllers such as ha-proxy or nginx - in GKE - type: object - method: - description: Used to distinguish between different platforms implementation - enum: - - openShiftRoute - - ingress - type: string - required: - - apiIngressUrl - - dbIngressSuffix - - method - type: object - antiAffinityAdditionalTopologyKeys: - description: Additional antiAffinity terms in order to support installation - on different zones/vcenters - items: - type: string - type: array - bootstrapperImageSpec: - description: Specification for Bootstrapper container image - properties: - digestHash: - description: 'The digest hash of the container image to pull. - When specified, the container image is pulled according to the - digest hash instead of the image tag. The versionTag field must - also be specified with the image tag matching this digest hash. - Note: This field is only supported for OLM deployments.' - type: string - imagePullPolicy: - description: The image pull policy to be applied to the container - image. One of Always, Never, IfNotPresent. - type: string - repository: - description: The repository (name) of the container image to be - deployed. - type: string - versionTag: - description: The tag of the container image to be deployed. - type: string - type: object - bootstrapperResources: - description: Compute resource requirements for bootstrapper containers - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - clusterCredentialSecretName: - description: Secret Name/Path to use for Cluster Credentials. To be - used only if ClusterCredentialSecretType is vault. If left blank, - will use cluster name. - type: string - clusterCredentialSecretRole: - description: Used only if ClusterCredentialSecretType is vault, to define - vault role to be used. If blank, defaults to "redis-enterprise-operator" - type: string - clusterCredentialSecretType: - description: Type of Secret to use for ClusterCredential, Vault, Kuberetes,... - If left blank, will default ot kubernetes secrets - enum: - - vault - - kubernetes - type: string - clusterRecovery: - description: ClusterRecovery initiates cluster recovery when set to - true. Note that this field is cleared automatically after the cluster - is recovered - type: boolean - redisEnterpriseIPFamily: - description: Reserved, future use, only for use if instructed by Redis. - IPFamily dictates what IP family to choose for pods' internal - and external communication. - type: string - enum: - - IPv4 - - IPv6 - containerTimezone: - description: Container timezone configuration. While the default timezone - on all containers is UTC, this setting can be used to set the timezone - on services rigger/bootstrapper/RS containers. You can either propagate - the hosts timezone to RS pods or set it manually via timezoneName. - properties: - propagateHost: - description: Identifies that container timezone should be in sync with the host, this - option mounts a hostPath volume onto RS pods that could be restricted in some systems. - type: object - timezoneName: - description: POSIX-style timezone name as a string to be passed as EnvVar to RE pods, e.g. "Europe/London". - type: string - type: object - createServiceAccount: - description: Whether to create service account - type: boolean - dataInternodeEncryption: - description: Internode encryption (INE) cluster wide policy. An optional boolean setting. - Specifies if INE should be on/off for new created REDBs. - May be overridden for specific REDB via similar setting, - please view the similar setting for REDB for more info. - type: boolean - encryptPkeys: - description: 'Private key encryption Possible values: true/false' - type: boolean - certificates: - description: RS Cluster Certificates. - Used to modify the certificates used by the cluster. - See the "RSClusterCertificates" struct described above to see the supported certificates. - properties: - apiCertificateSecretName: - description: Secret name to use for cluster's API certificate. - If left blank, a cluster-provided certificate will be used. - type: string - cmCertificateSecretName: - description: Secret name to use for cluster's CM (Cluster Manager) certificate. - If left blank, a cluster-provided certificate will be used. - type: string - metricsExporterCertificateSecretName: - description: Secret name to use for cluster's Metrics Exporter certificate. - If left blank, a cluster-provided certificate will be used. - type: string - proxyCertificateSecretName: - description: Secret name to use for cluster's Proxy certificate. - If left blank, a cluster-provided certificate will be used. - type: string - syncerCertificateSecretName: - description: Secret name to use for cluster's Syncer certificate. - If left blank, a cluster-provided certificate will be used. - type: string - ldapClientCertificateSecretName: - description: Secret name to use for cluster's LDAP client certificate. - If left blank, LDAP client certificate authentication will be disabled. - type: string - type: object - enforceIPv4: - description: Sets ENFORCE_IPV4 environment variable - type: boolean - extraEnvVars: - description: 'ADVANCED USAGE: use carefully. Add environment variables - to RS StatefulSet''s containers.' - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - extraLabels: - additionalProperties: - type: string - description: Labels that the user defines for their convenience - type: object - hostAliases: - description: Adds hostAliases entries to the Redis Enterprise pods - items: - description: HostAlias holds the mapping between IP and hostnames - that will be injected as an entry in the pod's hosts file. - properties: - hostnames: - description: Hostnames for the above IP address. - items: - type: string - type: array - ip: - description: IP address of the host file entry. - type: string - type: object - type: array - ingressOrRouteSpec: - description: Access configurations for the Redis Enterprise Cluster - and Databases. At most one of ingressOrRouteSpec - or activeActive fields can be set at the same time. - properties: - apiFqdnUrl: - description: RS API URL - type: string - dbFqdnSuffix: - description: DB ENDPOINT SUFFIX - will be used to set the db host - ingress . Creates a host name so it - should be unique if more than one db is created on the cluster - with the same name - type: string - ingressAnnotations: - additionalProperties: - type: string - description: Additional annotations to set on ingress resources - created by the operator - type: object - method: - description: Used to distinguish between different platforms implementation. - enum: - - openShiftRoute - - ingress - - istio - type: string - required: - - apiFqdnUrl - - dbFqdnSuffix - - method - type: object - services: - description: Customization options for operator-managed service resources - created for Redis Enterprise clusters and databases - properties: - apiService: - description: Customization options for the REC API service. - properties: - type: - description: Type of service to create for the REC API service. - Defaults to ClusterIP service, if not specified otherwise. - enum: - - ClusterIP - - NodePort - - LoadBalancer - type: string - type: object - servicesAnnotations: - additionalProperties: - type: string - description: Global additional annotations to set on service resources - created by the operator. - The specified annotations will not override annotations that already exist and didn't originate from the operator. - type: object - type: object - ldap: - description: Cluster-level LDAP configuration, such as server addresses, - protocol, authentication and query settings. - properties: - authenticationQuery: - description: Configuration of authentication queries, mapping - between the username, provided to the cluster for authentication, - and the LDAP Distinguished Name. - properties: - query: - description: Configuration for a search query. Mutually exclusive - with the 'template' field. The substring '%u' in the query - filter will be replaced with the username. - properties: - base: - description: The Distinguished Name of the entry at which - to start the search, e.g., 'ou=dev,dc=example,dc=com'. - type: string - filter: - description: An RFC-4515 string representation of the - filter to apply in the search. For an authentication - query, the substring '%u' will be replaced with the - username, e.g., '(cn=%u)'. For an authorization query, - the substring '%D' will be replaced with the user's - Distinguished Name, e.g., '(members=%D)'. - type: string - scope: - description: 'The search scope for an LDAP query. One - of: BaseObject, SingleLevel, WholeSubtree' - enum: - - BaseObject - - SingleLevel - - WholeSubtree - type: string - required: - - base - - filter - - scope - type: object - template: - description: Configuration for a template query. Mutually - exclusive with the 'query' field. The substring '%u' will - be replaced with the username, e.g., 'cn=%u,ou=dev,dc=example,dc=com'. - type: string - type: object - authorizationQuery: - description: Configuration of authorization queries, mapping between - a user's Distinguished Name and its group memberships. - properties: - attribute: - description: Configuration for an attribute query. Mutually - exclusive with the 'query' field. Holds the name of an attribute - of the LDAP user entity that contains a list of the groups - that the user belongs to, e.g., 'memberOf'. - type: string - query: - description: Configuration for a search query. Mutually exclusive - with the 'attribute' field. The substring '%D' in the query - filter will be replaced with the user's Distinguished Name. - properties: - base: - description: The Distinguished Name of the entry at which - to start the search, e.g., 'ou=dev,dc=example,dc=com'. - type: string - filter: - description: An RFC-4515 string representation of the - filter to apply in the search. For an authentication - query, the substring '%u' will be replaced with the - username, e.g., '(cn=%u)'. For an authorization query, - the substring '%D' will be replaced with the user's - Distinguished Name, e.g., '(members=%D)'. - type: string - scope: - description: 'The search scope for an LDAP query. One - of: BaseObject, SingleLevel, WholeSubtree' - enum: - - BaseObject - - SingleLevel - - WholeSubtree - type: string - required: - - base - - filter - - scope - type: object - type: object - bindCredentialsSecretName: - description: Name of a secret within the same namespace, holding - the credentials used to communicate with the LDAP server for - authentication queries. The secret must have a key named 'dn' - with the Distinguished Name of the user to execute the query, - and 'password' with its password. If left blank, credentials-based - authentication is disabled. - type: string - caCertificateSecretName: - description: Name of a secret within the same namespace, holding - a PEM-encoded CA certificate for validating the TLS connection - to the LDAP server. The secret must have a key named 'cert' - with the certificate data. This field is applicable only when - the protocol is LDAPS or STARTTLS. - type: string - cacheTTLSeconds: - description: The maximum TTL of cached entries. - type: integer - enabledForControlPlane: - description: Whether to enable LDAP for control plane access. - Disabled by default. - type: boolean - enabledForDataPlane: - description: Whether to enable LDAP for data plane access. Disabled - by default. - type: boolean - protocol: - description: 'Specifies the LDAP protocol to use. One of: LDAP, - LDAPS, STARTTLS.' - enum: - - LDAP - - LDAPS - - STARTTLS - type: string - servers: - description: One or more LDAP servers. If multiple servers are - specified, they must all share an identical organization tree - structure. - items: - description: Address of an LDAP server. - properties: - host: - description: Host name of the LDAP server - type: string - port: - description: Port number of the LDAP server. If unspecified, - defaults to 389 for LDAP and STARTTLS protocols, and 636 - for LDAPS protocol. - format: int32 - type: integer - required: - - host - type: object - type: array - required: - - authenticationQuery - - authorizationQuery - - protocol - - servers - type: object - license: - description: Redis Enterprise License - type: string - licenseSecretName: - description: K8s secret or Vault Secret Name/Path to use for Cluster - License. When left blank, the license is read from the "license" field. - Note that you can't specify non-empty values in both "license" and - "licenseSecretName", only one of these fields can be used to pass - the license string. The license needs to be stored under the key "license". - type: string - nodeSelector: - additionalProperties: - type: string - description: Selector for nodes that could fit Redis Enterprise pod - type: object - ocspConfiguration: - description: An API object that represents the cluster's OCSP configuration. - To enable OCSP, the cluster's proxy certificate should contain the - OCSP responder URL. - properties: - ocspFunctionality: - description: Whether to enable/disable OCSP mechanism for the cluster. - type: boolean - queryFrequency: - description: Determines the interval (in seconds) in which the control - plane will poll the OCSP responder for a new status for the server - certificate. Minimum value is 60. Maximum value is 86400. - type: integer - recoveryFrequency: - description: Determines the interval (in seconds) in which the control - plane will poll the OCSP responder for a new status for the server - certificate when the current staple is invalid. Minimum value - is 60. Maximum value is 86400. - type: integer - recoveryMaxTries: - description: Determines the maximum number for the OCSP recovery - attempts. After max number of tries passed, the control plane - will revert back to the regular frequency. Minimum value is 1. - Maximum value is 100. - type: integer - responseTimeout: - description: Determines the time interval (in seconds) for which - the request waits for a response from the OCSP responder. Minimum - value is 1. Maximum value is 60. - type: integer - type: object - nodes: - description: Number of Redis Enterprise nodes (pods) - format: int32 - type: integer - persistentSpec: - description: Specification for Redis Enterprise Cluster persistence - properties: - enablePersistentVolumeResize: - description: Whether to enable PersistentVolumes resize. Disabled - by default. Read the instruction in pvc_expansion readme carefully - before using this feature. - type: boolean - enabled: - description: Whether to add persistent volume to Redis Enterprise - pods - type: boolean - storageClassName: - description: Storage class for persistent volume in Redis Enterprise - pods. Leave empty to use the default. If using the default this - way, make sure the Kubernetes Cluster has a default Storage Class - configured. This can be done by running a `kubectl get storageclass` - and see if one of the Storage Classes' names contains a `(default)` - mark. - type: string - volumeSize: - anyOf: - - type: integer - - type: string - description: To enable resizing after creating the cluster - please - follow the instructions in the pvc_expansion readme - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - podAnnotations: - additionalProperties: - type: string - description: annotations for the service rigger and redis enterprise pods - type: object - redisEnterprisePodAnnotations: - additionalProperties: - type: string - description: annotations for redis enterprise pod - type: object - podAntiAffinity: - description: 'Override for the default anti-affinity rules of the Redis - Enterprise pods. - More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#an-example-of-a-pod-that-uses-pod-affinity' - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podSecurityPolicyName: - description: "DEPRECATED PodSecurityPolicy support is removed in Kubernetes - v1.25 and the use of this field is invalid for use when running - on Kubernetes v1.25+. Future versions of the RedisEnterpriseCluster - API will remove support for this field altogether. For migration - instructions, see https://kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp/ - \n Name of pod security policy to use on pods" - type: string - podStartingPolicy: - description: Mitigation setting for STS pods stuck in "ContainerCreating" - properties: - enabled: - description: Whether to detect and attempt to mitigate pod startup - issues - type: boolean - startingThresholdSeconds: - description: Time in seconds to wait for a pod to be stuck while - starting up before action is taken. If set to 0, will be treated - as if disabled. - format: int32 - type: integer - required: - - enabled - - startingThresholdSeconds - type: object - podTolerations: - description: 'Tolerations that are added to all managed pods. More - information: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/' - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - priorityClassName: - description: Adds the priority class to pods managed by the operator - type: string - pullSecrets: - description: 'PullSecrets is an optional list of references to secrets - in the same namespace to use for pulling any of the images. If specified, - these secrets will be passed to individual puller implementations - for them to use. More info: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/' - items: - properties: - name: - description: 'Secret name' - type: string - type: object - type: array - rackAwarenessNodeLabel: - description: Node label that specifies rack ID - if specified, will - create rack aware cluster. Rack awareness requires node label must - exist on all nodes. Additionally, operator needs a special cluster - role with permission to list nodes. - type: string - redisEnterpriseAdditionalPodSpecAttributes: - description: ADVANCED USAGE USE AT YOUR OWN RISK - specify pod attributes - that are required for the statefulset - Redis Enterprise pods. Pod - attributes managed by the operator might override these settings. - Also make sure the attributes are supported by the K8s version running - on the cluster - the operator does not validate that. - properties: - activeDeadlineSeconds: - format: int64 - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - type: boolean - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enableServiceLinks: - type: boolean - ephemeralContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - targetContainerName: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - hostAliases: - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - hostIPC: - type: boolean - hostNetwork: - type: boolean - hostPID: - type: boolean - hostUsers: - type: boolean - hostname: - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - type: array - initContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - nodeName: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - os: - properties: - name: - type: string - required: - - name - type: object - overhead: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - preemptionPolicy: - type: string - priority: - format: int32 - type: integer - priorityClassName: - type: string - readinessGates: - items: - properties: - conditionType: - type: string - required: - - conditionType - type: object - type: array - resourceClaims: - items: - properties: - name: - type: string - source: - properties: - resourceClaimName: - type: string - resourceClaimTemplateName: - type: string - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - restartPolicy: - type: string - runtimeClassName: - type: string - schedulerName: - type: string - schedulingGates: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - serviceAccount: - type: string - serviceAccountName: - type: string - setHostnameAsFQDN: - type: boolean - shareProcessNamespace: - type: boolean - subdomain: - type: string - terminationGracePeriodSeconds: - format: int64 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - topologySpreadConstraints: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - format: int32 - type: integer - minDomains: - format: int32 - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - redisEnterpriseImageSpec: - description: Specification for Redis Enterprise container image - properties: - digestHash: - description: 'The digest hash of the container image to pull. - When specified, the container image is pulled according to the - digest hash instead of the image tag. The versionTag field must - also be specified with the image tag matching this digest hash. - Note: This field is only supported for OLM deployments.' - type: string - imagePullPolicy: - description: The image pull policy to be applied to the container - image. One of Always, Never, IfNotPresent. - type: string - repository: - description: The repository (name) of the container image to be - deployed. - type: string - versionTag: - description: The tag of the container image to be deployed. - type: string - type: object - redisEnterpriseNodeResources: - description: Compute resource requirements for Redis Enterprise containers - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - redisEnterpriseServicesConfiguration: - description: RS Cluster optional services settings - properties: - cmServer: - properties: - operatingMode: - description: Whether to enable/disable the CM server - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - crdbCoordinator: - properties: - operatingMode: - description: Whether to enable/disable the crdb coordinator - process - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - crdbWorker: - properties: - operatingMode: - description: Whether to enable/disable the crdb worker processes - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - mdnsServer: - properties: - operatingMode: - description: Whether to enable/disable the Multicast DNS server - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - pdnsServer: - properties: - operatingMode: - description: Whether to enable/disable the pdns server - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - saslauthd: - properties: - operatingMode: - description: Whether to enable/disable the saslauthd service - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - statsArchiver: - properties: - operatingMode: - description: Whether to enable/disable the stats archiver service - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - type: object - redisEnterpriseServicesRiggerImageSpec: - description: Specification for Services Rigger container image - properties: - digestHash: - description: 'The digest hash of the container image to pull. - When specified, the container image is pulled according to the - digest hash instead of the image tag. The versionTag field must - also be specified with the image tag matching this digest hash. - Note: This field is only supported for OLM deployments.' - type: string - imagePullPolicy: - description: The image pull policy to be applied to the container - image. One of Always, Never, IfNotPresent. - type: string - repository: - description: The repository (name) of the container image to be - deployed. - type: string - versionTag: - description: The tag of the container image to be deployed. - type: string - type: object - redisEnterpriseServicesRiggerResources: - description: Compute resource requirements for Services Rigger pod - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - redisEnterpriseTerminationGracePeriodSeconds: - description: The TerminationGracePeriodSeconds value for the (STS created) REC pods - format: int64 - type: integer - redisEnterpriseVolumeMounts: - description: 'additional volume mounts within the redis enterprise containers. - More info: https://kubernetes.io/docs/concepts/storage/volumes/' - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - redisUpgradePolicy: - description: 'Redis upgrade policy to be set on the Redis Enterprise - Cluster. Possible values: major/latest This value is used by the cluster - to choose the Redis version of the database when an upgrade is performed. - The Redis Enterprise Cluster includes multiple versions of OSS Redis - that can be used for databases.' - enum: - - major - - latest - type: string - resp3Default: - description: Whether databases will turn on RESP3 compatibility upon - database upgrade. Note - Deleting this property after explicitly - setting its value shall have no effect. Please view the corresponding - field in RS doc for more info. - type: boolean - backup: - description: Cluster-wide backup configurations - properties: - s3: - description: Configurations for backups to s3 and s3-compatible - storage - properties: - caCertificateSecretName: - description: Secret name that holds the S3 CA certificate, which contains the TLS certificate mapped to the key in the secret 'cert' - type: string - url: - description: Specifies the URL for S3 export and import - type: string - type: object - type: object - serviceAccountName: - description: Name of the service account to use - type: string - servicesRiggerSpec: - description: Specification for service rigger - properties: - databaseServiceType: - description: Service types for access to databases. should be a - comma separated list. The possible values are cluster_ip, headless - and load_balancer. - type: string - extraEnvVars: - items: - description: 'EnvVar represents an environment variable present - in a Container. - More info: https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/' - properties: - name: - description: Name of the environment variable. - type: string - value: - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: Name of the referent - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: Selects a field of the pod - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: Name of the referent - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - serviceNaming: - description: Used to determine how to name the services created automatically when a database is created. - When bdb_name is used, the database name will be also used for the service name. - When redis-port is used, the service will be named redis-. - enum: - - bdb_name - - redis-port - type: string - servicesRiggerAdditionalPodSpecAttributes: - description: ADVANCED USAGE USE AT YOUR OWN RISK - specify pod attributes - that are required for the rigger deployment pod. Pod attributes - managed by the operator might override these settings (Containers, - serviceAccountName, podTolerations, ImagePullSecrets, nodeSelector, - PriorityClassName, PodSecurityContext). Also make sure the attributes are supported - by the K8s version running on the cluster - the operator does - not validate that. - properties: - activeDeadlineSeconds: - format: int64 - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - type: boolean - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enableServiceLinks: - type: boolean - ephemeralContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - targetContainerName: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - hostAliases: - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - hostIPC: - type: boolean - hostNetwork: - type: boolean - hostPID: - type: boolean - hostUsers: - type: boolean - hostname: - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - type: array - initContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - nodeName: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - os: - properties: - name: - type: string - required: - - name - type: object - overhead: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - preemptionPolicy: - type: string - priority: - format: int32 - type: integer - priorityClassName: - type: string - readinessGates: - items: - properties: - conditionType: - type: string - required: - - conditionType - type: object - type: array - resourceClaims: - items: - properties: - name: - type: string - source: - properties: - resourceClaimName: - type: string - resourceClaimTemplateName: - type: string - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - restartPolicy: - type: string - runtimeClassName: - type: string - schedulerName: - type: string - schedulingGates: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - serviceAccount: - type: string - serviceAccountName: - type: string - setHostnameAsFQDN: - type: boolean - shareProcessNamespace: - type: boolean - subdomain: - type: string - terminationGracePeriodSeconds: - format: int64 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - topologySpreadConstraints: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - format: int32 - type: integer - minDomains: - format: int32 - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - podAnnotations: - additionalProperties: - type: string - description: annotations for the service rigger pod - type: object - type: object - sideContainersSpec: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - slaveHA: - description: Slave high availability mechanism configuration. - properties: - slaveHAGracePeriod: - description: Time in seconds between when a node fails, and when - slave high availability mechanism starts relocating shards. If - set to 0, will not affect cluster configuration. - format: int32 - type: integer - required: - - slaveHAGracePeriod - type: object - uiAnnotations: - additionalProperties: - type: string - description: Annotations for Redis Enterprise UI service. - This annotations will override the overlapping global annotations set under spec.services.servicesAnnotations - The specified annotations will not override annotations that already exist and didn't originate from the operator, - except for the 'redis.io/last-keys' annotation which is reserved. - type: object - uiServiceType: - description: Type of service used to expose Redis Enterprise UI (https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) - enum: - - ClusterIP - - NodePort - - LoadBalancer - - ExternalName - type: string - redisOnFlashSpec: - description: Stores configurations specific to redis on flash. If provided, the cluster will be capable of - creating redis on flash databases. - properties: - enabled: - type: boolean - flashStorageEngine: - type: string - enum: - - rocksdb - storageClassName: - type: string - flashDiskSize: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - bigStoreDriver: - type: string - enum: - - rocksdb - - speedb - required: - - enabled - - storageClassName - type: object - upgradeSpec: - description: Specification for upgrades of Redis Enterprise - properties: - autoUpgradeRedisEnterprise: - description: Whether to upgrade Redis Enterprise automatically when - operator is upgraded - type: boolean - required: - - autoUpgradeRedisEnterprise - type: object - username: - description: Username for the admin user of Redis Enterprise - type: string - vaultCASecret: - description: K8s secret name containing Vault's CA cert - defaults to - "vault-ca-cert" - type: string - volumes: - description: additional volumes - items: - description: 'Volume represents a named volume in a pod that may be - accessed by any container in the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes' - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - type: object - - name: v1alpha1 - additionalPrinterColumns: - - jsonPath: .spec.nodes - name: Nodes - type: string - - jsonPath: .spec.redisEnterpriseImageSpec.versionTag - name: Version - type: string - - jsonPath: .status.state - name: State - type: string - - jsonPath: .status.specStatus - name: Spec Status - type: string - - jsonPath: .status.licenseStatus.licenseState - name: License State - type: string - - jsonPath: .status.licenseStatus.shardsLimit - name: Shards Limit - type: string - - jsonPath: .status.licenseStatus.expirationDate - name: License Expiration Date - type: string - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - status: - type: object - properties: - specStatus: - type: string - state: - type: string - modules: - type: array - items: - type: object - properties: - name: - type: string - displayName: - type: string - versions: - type: array - items: - type: string - ocspStatus: - properties: - certStatus: - type: string - nextUpdate: - type: string - producedAt: - type: string - responderUrl: - type: string - revocationTime: - type: string - thisUpdate: - type: string - type: object - licenseStatus: - type: object - properties: - licenseState: - type: string - activationDate: - type: string - expirationDate: - type: string - shardsLimit: - type: integer - bundledDatabaseVersions: - items: - properties: - dbType: - type: string - version: - type: string - major: - type: boolean - required: - - dbType - - version - type: object - type: array - ingressOrRouteMethodStatus: - type: string - managedAPIs: - properties: - ldap: - type: boolean - type: object - persistenceStatus: - properties: - status: - type: string - succeeded: - type: string - type: object - redisEnterpriseIPFamily: - type: string - spec: - properties: - activeActive: - properties: - apiIngressUrl: - type: string - dbIngressSuffix: - type: string - ingressAnnotations: - additionalProperties: - type: string - type: object - method: - enum: - - openShiftRoute - - ingress - - istio - type: string - required: - - apiIngressUrl - - dbIngressSuffix - - method - type: object - antiAffinityAdditionalTopologyKeys: - items: - type: string - type: array - bootstrapperImageSpec: - properties: - digestHash: - type: string - imagePullPolicy: - type: string - repository: - type: string - versionTag: - type: string - type: object - bootstrapperResources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - clusterCredentialSecretName: - type: string - clusterCredentialSecretRole: - type: string - clusterCredentialSecretType: - enum: - - vault - - kubernetes - type: string - clusterRecovery: - type: boolean - redisEnterpriseIPFamily: - type: string - enum: - - IPv4 - - IPv6 - containerTimezone: - properties: - propagateHost: - type: object - timezoneName: - type: string - type: object - createServiceAccount: - type: boolean - dataInternodeEncryption: - type: boolean - encryptPkeys: - type: boolean - certificates: - properties: - apiCertificateSecretName: - type: string - cmCertificateSecretName: - type: string - metricsExporterCertificateSecretName: - type: string - proxyCertificateSecretName: - type: string - syncerCertificateSecretName: - type: string - ldapClientCertificateSecretName: - type: string - type: object - enforceIPv4: - type: boolean - extraEnvVars: - description: 'ADVANCED USAGE: use carefully. Add environment variables - to RS StatefulSet''s containers.' - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - extraLabels: - additionalProperties: - type: string - type: object - hostAliases: - description: Adds hostAliases entries to the Redis Enterprise pods - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - ingressOrRouteSpec: - properties: - apiFqdnUrl: - type: string - dbFqdnSuffix: - type: string - ingressAnnotations: - additionalProperties: - type: string - type: object - method: - enum: - - openShiftRoute - - ingress - - istio - type: string - required: - - apiFqdnUrl - - dbFqdnSuffix - - method - type: object - services: - properties: - apiService: - properties: - type: - enum: - - ClusterIP - - NodePort - - LoadBalancer - type: string - type: object - servicesAnnotations: - additionalProperties: - type: string - type: object - type: object - ldap: - properties: - authenticationQuery: - properties: - query: - properties: - base: - type: string - filter: - type: string - scope: - enum: - - BaseObject - - SingleLevel - - WholeSubtree - type: string - required: - - base - - filter - - scope - type: object - template: - type: string - type: object - authorizationQuery: - properties: - attribute: - type: string - query: - properties: - base: - type: string - filter: - type: string - scope: - enum: - - BaseObject - - SingleLevel - - WholeSubtree - type: string - required: - - base - - filter - - scope - type: object - type: object - bindCredentialsSecretName: - type: string - caCertificateSecretName: - type: string - cacheTTLSeconds: - type: integer - enabledForControlPlane: - type: boolean - enabledForDataPlane: - type: boolean - protocol: - enum: - - LDAP - - LDAPS - - STARTTLS - type: string - servers: - items: - properties: - host: - type: string - port: - format: int32 - type: integer - required: - - host - type: object - type: array - required: - - authenticationQuery - - authorizationQuery - - protocol - - servers - type: object - license: - type: string - licenseSecretName: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - ocspConfiguration: - properties: - ocspFunctionality: - type: boolean - queryFrequency: - type: integer - recoveryFrequency: - type: integer - recoveryMaxTries: - type: integer - responseTimeout: - type: integer - type: object - nodes: - format: int32 - type: integer - persistentSpec: - properties: - enablePersistentVolumeResize: - type: boolean - enabled: - type: boolean - storageClassName: - type: string - volumeSize: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - podAnnotations: - additionalProperties: - type: string - description: annotations for the service rigger and redis enterprise pods - type: object - redisEnterprisePodAnnotations: - additionalProperties: - type: string - description: annotations for redis enterprise pod - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podSecurityPolicyName: - type: string - podStartingPolicy: - properties: - enabled: - type: boolean - startingThresholdSeconds: - format: int32 - type: integer - required: - - enabled - - startingThresholdSeconds - type: object - podTolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - priorityClassName: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - rackAwarenessNodeLabel: - type: string - redisEnterpriseAdditionalPodSpecAttributes: - properties: - activeDeadlineSeconds: - format: int64 - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - type: boolean - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enableServiceLinks: - type: boolean - ephemeralContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - targetContainerName: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - hostAliases: - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - hostIPC: - type: boolean - hostNetwork: - type: boolean - hostPID: - type: boolean - hostUsers: - type: boolean - hostname: - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - type: array - initContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - nodeName: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - os: - properties: - name: - type: string - required: - - name - type: object - overhead: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - preemptionPolicy: - type: string - priority: - format: int32 - type: integer - priorityClassName: - type: string - readinessGates: - items: - properties: - conditionType: - type: string - required: - - conditionType - type: object - type: array - resourceClaims: - items: - properties: - name: - type: string - source: - properties: - resourceClaimName: - type: string - resourceClaimTemplateName: - type: string - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - restartPolicy: - type: string - runtimeClassName: - type: string - schedulerName: - type: string - schedulingGates: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - serviceAccount: - type: string - serviceAccountName: - type: string - setHostnameAsFQDN: - type: boolean - shareProcessNamespace: - type: boolean - subdomain: - type: string - terminationGracePeriodSeconds: - format: int64 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - topologySpreadConstraints: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - format: int32 - type: integer - minDomains: - format: int32 - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - redisEnterpriseImageSpec: - properties: - digestHash: - type: string - imagePullPolicy: - type: string - repository: - type: string - versionTag: - type: string - type: object - redisEnterpriseNodeResources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - redisEnterpriseServicesConfiguration: - properties: - cmServer: - properties: - operatingMode: - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - crdbCoordinator: - properties: - operatingMode: - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - crdbWorker: - properties: - operatingMode: - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - mdnsServer: - properties: - operatingMode: - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - pdnsServer: - properties: - operatingMode: - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - saslauthd: - properties: - operatingMode: - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - statsArchiver: - properties: - operatingMode: - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - type: object - redisEnterpriseServicesRiggerImageSpec: - properties: - digestHash: - type: string - imagePullPolicy: - type: string - repository: - type: string - versionTag: - type: string - type: object - redisEnterpriseServicesRiggerResources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - redisEnterpriseTerminationGracePeriodSeconds: - format: int64 - type: integer - redisEnterpriseVolumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - redisUpgradePolicy: - enum: - - major - - latest - type: string - resp3Default: - type: boolean - backup: - properties: - s3: - properties: - caCertificateSecretName: - type: string - url: - type: string - type: object - type: object - serviceAccountName: - type: string - servicesRiggerSpec: - properties: - databaseServiceType: - type: string - extraEnvVars: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - serviceNaming: - description: Used to determine how to name the services created automatically when a database is created. - When bdb_name is used, the database name will be also used for the service name. - When redis-port is used, the service will be named redis-. - enum: - - bdb_name - - redis-port - type: string - servicesRiggerAdditionalPodSpecAttributes: - properties: - activeDeadlineSeconds: - format: int64 - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - type: boolean - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enableServiceLinks: - type: boolean - ephemeralContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - targetContainerName: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - hostAliases: - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - hostIPC: - type: boolean - hostNetwork: - type: boolean - hostPID: - type: boolean - hostUsers: - type: boolean - hostname: - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - type: array - initContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - nodeName: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - os: - properties: - name: - type: string - required: - - name - type: object - overhead: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - preemptionPolicy: - type: string - priority: - format: int32 - type: integer - priorityClassName: - type: string - readinessGates: - items: - properties: - conditionType: - type: string - required: - - conditionType - type: object - type: array - resourceClaims: - items: - properties: - name: - type: string - source: - properties: - resourceClaimName: - type: string - resourceClaimTemplateName: - type: string - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - restartPolicy: - type: string - runtimeClassName: - type: string - schedulerName: - type: string - schedulingGates: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - serviceAccount: - type: string - serviceAccountName: - type: string - setHostnameAsFQDN: - type: boolean - shareProcessNamespace: - type: boolean - subdomain: - type: string - terminationGracePeriodSeconds: - format: int64 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - topologySpreadConstraints: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - format: int32 - type: integer - minDomains: - format: int32 - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - podAnnotations: - additionalProperties: - type: string - description: annotations for the service rigger pod - type: object - type: object - sideContainersSpec: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - slaveHA: - properties: - slaveHAGracePeriod: - format: int32 - type: integer - required: - - slaveHAGracePeriod - type: object - uiAnnotations: - additionalProperties: - type: string - type: object - uiServiceType: - enum: - - ClusterIP - - NodePort - - LoadBalancer - - ExternalName - type: string - redisOnFlashSpec: - properties: - enabled: - type: boolean - flashStorageEngine: - type: string - enum: - - rocksdb - storageClassName: - type: string - flashDiskSize: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - bigStoreDriver: - type: string - enum: - - rocksdb - - speedb - required: - - enabled - - storageClassName - type: object - upgradeSpec: - properties: - autoUpgradeRedisEnterprise: - type: boolean - required: - - autoUpgradeRedisEnterprise - type: object - username: - type: string - vaultCASecret: - type: string - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - type: object diff --git a/crds/redb_crd.yaml b/crds/redb_crd.yaml deleted file mode 100644 index 68cf16f..0000000 --- a/crds/redb_crd.yaml +++ /dev/null @@ -1,773 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: redisenterprisedatabases.app.redislabs.com - labels: - app: redis-enterprise -spec: - group: app.redislabs.com - names: - kind: RedisEnterpriseDatabase - listKind: RedisEnterpriseDatabaseList - plural: redisenterprisedatabases - singular: redisenterprisedatabase - shortNames: - - redb - scope: Namespaced - preserveUnknownFields: false - versions: - - name: v1alpha1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .status.version - name: Version - type: string - - jsonPath: .status.internalEndpoints[*].port - name: Port - type: string - - jsonPath: .status.redisEnterpriseCluster - name: Cluster - type: string - - jsonPath: .status.shardStatuses.active - name: Shards - type: string - - jsonPath: .status.status - name: Status - type: string - - jsonPath: .status.specStatus - name: Spec Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - subresources: - status: {} - schema: - openAPIV3Schema: - description: RedisEnterpriseDatabase is the Schema for the redisenterprisedatabases - API - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - description: RedisEnterpriseDatabaseSpec defines the desired state of RedisEnterpriseDatabase - properties: - alertSettings: - description: Settings for database alerts - properties: - bdb_backup_delayed: - description: "Periodic backup has been delayed for longer than specified threshold value [minutes]. - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_crdt_src_high_syncer_lag: - description: "Active-active source - sync lag is higher than specified threshold value [seconds] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_crdt_src_syncer_connection_error: - description: "Active-active source - sync has connection error while trying to connect replica source - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_crdt_src_syncer_general_error: - description: "Active-active source - sync encountered in general error - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_high_latency: - description: "Latency is higher than specified threshold value [micro-sec] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_high_throughput: - description: "Throughput is higher than specified threshold value [requests / sec.] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_long_running_action: - description: "An alert for state-machines that are running for too long - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_low_throughput: - description: "Throughput is lower than specified threshold value [requests / sec.] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_ram_dataset_overhead: - description: "Dataset RAM overhead of a shard has reached the threshold value [% of its RAM limit] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_ram_values: - description: "Percent of values kept in a shard's RAM is lower than [% of its key count] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_replica_src_high_syncer_lag: - description: "Replica-of source - sync lag is higher than specified threshold value [seconds] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_replica_src_syncer_connection_error: - description: "Replica-of source - sync has connection error while trying to connect replica source - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_shard_num_ram_values: - description: "Number of values kept in a shard's RAM is lower than [values] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_size: - description: "Dataset size has reached the threshold value [% of the memory limit] expected fields: - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - backup: - description: Target for automatic database backups. - properties: - abs: - properties: - absSecretName: - description: The name of the K8s secret that holds ABS credentials. - The secret must contain the keys "AccountName" and "AccountKey", - and these must hold the corresponding credentials - type: string - container: - description: Azure Blob Storage container name. - type: string - subdir: - description: Optional. Azure Blob Storage subdir under container. - type: string - required: - - absSecretName - - container - type: object - ftp: - properties: - url: - description: "a URI of the ftps://[USER[:PASSWORD]@]HOST[:PORT]/PATH[/]" - type: string - pattern: ftps?://(([^@]+)@)?([^@/:]+)(:(\d+))?([/\.]/?[^@/\.]+)*?/?$ - required: - - url - type: object - gcs: - description: GoogleStorage - properties: - bucketName: - description: Google Storage bucket name. - type: string - gcsSecretName: - description: The name of the K8s secret that holds the Google - Cloud Storage credentials. The secret must contain the keys - "CLIENT_ID", "PRIVATE_KEY", "PRIVATE_KEY_ID", "CLIENT_EMAIL" - and these must hold the corresponding credentials. The keys - should correspond to the values in the key JSON. - type: string - subdir: - description: Optional. Google Storage subdir under bucket. - type: string - required: - - bucketName - - gcsSecretName - type: object - interval: - description: Backup Interval in seconds - type: integer - mount: - description: MountPointStorage - properties: - path: - description: Path to the local mount point. You must create - the mount point on all nodes, and the redislabs:redislabs - user must have read and write permissions on the local mount - point. - type: string - required: - - path - type: object - s3: - properties: - awsSecretName: - description: The name of the K8s secret that holds the AWS credentials. - The secret must contain the keys "AWS_ACCESS_KEY_ID" and "AWS_SECRET_ACCESS_KEY", - and these must hold the corresponding credentials. - type: string - bucketName: - description: Amazon S3 bucket name. - type: string - subdir: - description: Optional. Amazon S3 subdir under bucket. - type: string - required: - - awsSecretName - - bucketName - type: object - sftp: - properties: - sftp_url: - description: SFTP url - type: string - pattern: ^sftp://(([^@]+)@)?([^@/:]+)(:(\d+))?(/([^@/\.]+[/\.]?)*)?$ - sftpSecretName: - description: The name of the K8s secret that holds SFTP credentials. - The secret must contain the "Key" key, which is the SSH private - key for connecting to the sftp server. - type: string - required: - - sftpSecretName - - sftp_url - type: object - swift: - properties: - auth_url: - description: Swift service authentication URL. - type: string - pattern: ^https?://(([^@]+)@)?([^@/:]+)(:(\d+))?([/\.]([^@/\.]+))*?/?$ - container: - description: Swift object store container for storing the backup - files. - type: string - prefix: - description: Optional. Prefix (path) of backup files in the - swift container. - type: string - swiftSecretName: - description: 'The name of the K8s secret that holds Swift credentials. - The secret must contain the keys "Key" and "User", and these - must hold the corresponding credentials: service access key - and service user name (pattern for the latter does not allow - special characters &,<,>,")' - type: string - required: - - auth_url - - container - - swiftSecretName - type: object - type: object - clientAuthenticationCertificates: - description: The Secrets containing TLS Client Certificate to use for - Authentication - items: - type: string - type: array - dataInternodeEncryption: - description: Internode encryption (INE) setting. An optional boolean setting, overriding - a similar cluster-wide policy. - If set to False, INE is guaranteed to be turned off for this DB (regardless of cluster-wide policy). - If set to True, INE will be turned on, unless the capability is not supported by the DB ( - in such a case we will get an error and database creation will fail). - If left unspecified, will be disabled if internode encryption is not supported by the DB - (regardless of cluster default). - Deleting this property after explicitly setting its value shall have no effect. - type: boolean - databasePort: - description: Database port number. TCP port on which the database is - available. Will be generated automatically if omitted. can not be - changed after creation - type: integer - databaseSecretName: - description: The name of the secret that holds the password - to the database (redis databases only). - If secret does not exist, it will be created. - To define the password, create an opaque secret and set the name in the spec. - The password will be taken from the value of the 'password' key. - Use an empty string as value within the secret to disable authentication for the database. - Notes - For Active-Active databases this secret will not be automatically created, - and also, memcached databases must not be set with a value, - and a secret/password will not be automatically created for them. - Use the memcachedSaslSecretName field to set authentication parameters for memcached databases. - type: string - defaultUser: - description: Is connecting with a default user allowed? - type: boolean - evictionPolicy: - description: Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/ - type: string - isRof: - description: Whether it is an RoF database or not. Applicable only for - databases of type "REDIS". Assumed to be false if left blank. - type: boolean - memorySize: - description: memory size of database. use formats like 100MB, 0.1GB. - minimum value in 100MB. When redis on flash (RoF) is enabled, this value refers to RAM+Flash memory, - and it must not be below 1GB. - type: string - modulesList: - description: List of modules associated with database. - Note - For Active-Active databases this feature is currently in preview. For - this feature to take effect for Active-Active databases, set a boolean environment variable - with the name "ENABLE_ALPHA_FEATURES" to True. This variable can - be set via the redis-enterprise-operator pod spec, or through the - operator-environment-config Config Map. - items: - description: 'Redis Enterprise Module: https://redislabs.com/redis-enterprise/modules/' - properties: - config: - description: Module command line arguments e.g. VKEY_MAX_ENTITY_COUNT - 30 - type: string - name: - description: The module's name e.g "ft" for redissearch - type: string - version: - description: Module's semantic version e.g "1.6.12" - optional only in REDB, must be set in REAADB - type: string - required: - - name - type: object - type: array - ossCluster: - description: OSS Cluster mode option. Note that not all client libraries - support OSS cluster mode. - type: boolean - persistence: - description: Database on-disk persistence policy - enum: - - disabled - - aofEverySecond - - aofAlways - - snapshotEvery1Hour - - snapshotEvery6Hour - - snapshotEvery12Hour - type: string - proxyPolicy: - description: 'The policy used for proxy binding to the endpoint. Supported - proxy policies are: single/all-master-shards/all-nodes When left blank, - the default value will be chosen according to the value of ossCluster - - single if disabled, all-master-shards when enabled' - type: string - rackAware: - description: 'Whether database should be rack aware. This improves availability - - more information: https://docs.redislabs.com/latest/rs/concepts/high-availability/rack-zone-awareness/' - type: boolean - redisEnterpriseCluster: - description: Connection to Redis Enterprise Cluster - properties: - name: - description: The name of the Redis Enterprise Cluster where the - database should be stored. - type: string - required: - - name - type: object - replicaSources: - description: What databases to replicate from - items: - properties: - clientKeySecret: - description: 'Secret that defines the client certificate and - key used by the syncer in the target database cluster. The - secret must have 2 keys in its map: "cert" which is the PEM - encoded certificate, and "key" which is the PEM encoded private - key.' - type: string - compression: - description: GZIP compression level (0-6) to use for replication. - type: integer - replicaSourceName: - description: The name of the resource from which the source - database URI is derived. The type of resource must match the - type specified in the ReplicaSourceType field. - type: string - replicaSourceType: - description: The type of resource from which the source database - URI is derived. If set to 'SECRET', the source database URI - is derived from the secret named in the ReplicaSourceName - field. The secret must have a key named 'uri' that defines - the URI of the source database in the form of 'redis://...'. - The type of secret (kubernetes, vault, ...) is determined - by the secret mechanism used by the underlying REC object. - If set to 'REDB', the source database URI is derived from - the RedisEnterpriseDatabase resource named in the ReplicaSourceName - field. - type: string - serverCertSecret: - description: 'Secret that defines the server certificate used - by the proxy in the source database cluster. The secret must - have 1 key in its map: "cert" which is the PEM encoded certificate.' - type: string - tlsSniName: - description: TLS SNI name to use for the replication link. - type: string - required: - - replicaSourceName - - replicaSourceType - type: object - type: array - replication: - description: In-memory database replication. When enabled, database - will have replica shard for every master - leading to higher availability. Defaults to false. - type: boolean - rolesPermissions: - description: List of Redis Enteprise ACL and Role bindings to apply - items: - description: Redis Enterprise Role and ACL Binding - properties: - acl: - description: Acl Name of RolePermissionType - type: string - role: - description: Role Name of RolePermissionType - type: string - type: - description: Type of Redis Enterprise Database Role Permission - type: string - required: - - acl - - role - - type - type: object - type: array - shardingEnabled: - description: Toggles database sharding for REAADBs (Active Active - databases) and enabled by default. This field is blocked for REDB - (non-Active Active databases) and sharding is toggled via the shardCount - field - when shardCount is 1 this is disabled otherwise enabled. - type: boolean - shardCount: - description: Number of database server-side shards - type: integer - shardsPlacement: - description: Control the density of shards - should they reside on as few or as many nodes as possible. - Available options are "dense" or "sparse". If left unset, defaults to "dense". - enum: - - dense - - sparse - type: string - tlsMode: - description: Require SSL authenticated and encrypted connections to - the database. enabled - all incoming connections to the Database must - use SSL. disabled - no incoming connection to the Database should - use SSL. replica_ssl - databases that replicate from this one need - to use SSL. - enum: - - disabled - - enabled - - replica_ssl - type: string - type: - description: The type of the database (redis or memcached). Defaults to "redis". - enum: - - redis - - memcached - type: string - rofRamSize: - description: The size of the RAM portion of an RoF database. - Similarly to "memorySize" use formats like 100MB, 0.1GB. - It must be at least 10% of combined memory - size (RAM and Flash), as specified by "memorySize". - type: string - redisVersion: - description: Redis OSS version. - Version can be specified via prefix, - or via channels - for existing databases - Upgrade Redis - OSS version. For new databases - the version which the database will - be created with. If set to 'major' - will always upgrade to the most - recent major Redis version. If set to 'latest' - will always upgrade - to the most recent Redis version. Depends on 'redisUpgradePolicy' - - if you want to set the value to 'latest' for some databases, you - must set redisUpgradePolicy on the cluster before. Possible values - are 'major' or 'latest' When using upgrade - make sure to backup the - database before. This value is used only for database type 'redis' - type: string - upgradeSpec: - description: Specifications for DB upgrade. - properties: - upgradeModulesToLatest: - description: Upgrades the modules to the latest version that supportes the DB version during a DB upgrade action, to upgrade the DB version view the 'redisVersion' field. - Notes - All modules must be without specifing the version. - in addition, This field is currently not supported for Active-Active databases. - type: boolean - required: - - upgradeModulesToLatest - type: object - activeActive: - description: Connection/ association to the Active-Active database. - properties: - name: - description: 'The the corresponding Active-Active database name, - Redis Enterprise Active Active Database custom resource name, this - Resource is associated with. In case this resource is created - manually at the active active database creation this field must - be filled via the user, otherwise, the operator will assign this - field automatically. Note: this feature is currently unsupported.' - type: string - participatingClusterName: - description: 'The corresponding participating cluster name, Redis - Enterprise Remote Cluster custom resource name, in the Active-Active - database, In case this resource is created manually at the active - active database creation this field must be filled via the user, - otherwise, the operator will assign this field automatically. - Note: this feature is currently unsupported.' - type: string - required: - - name - - participatingClusterName - type: object - memcachedSaslSecretName: - description: 'Credentials used for binary authentication in memcached databases. - The credentials should be saved as an opaque secret and the name of that secret should be configured using this field. - For username, use ''username'' as the key and the actual username as the value. - For password, use ''password'' as the key and the actual password as the value. - Note that connections are not encrypted.' - type: string - resp3: - description: Whether this database supports RESP3 protocol. - Note - Deleting this property after explicitly setting its value shall have no effect. - Please view the corresponding field in RS doc for more info. - type: boolean - type: object - status: - description: RedisEnterpriseDatabaseStatus defines the observed state of - RedisEnterpriseDatabase - properties: - createdTime: - description: Time when the database was created - type: string - databaseUID: - description: Database UID provided by redis enterprise - type: string - internalEndpoints: - description: Endpoints listed internally by the Redis Enterprise Cluster. - Can be used to correlate a ReplicaSourceStatus entry. - items: - properties: - host: - description: Hostname assigned to the database - type: string - port: - description: Database port name - type: integer - type: object - type: array - lastActionStatus: - description: Status of the last action done by operator on this database - type: string - lastActionUid: - description: UID of the last action done by operator on this database - type: string - lastUpdated: - description: Time when the database was last updated - type: string - observedGeneration: - description: 'The generation (built in update counter of K8s) of the - REDB resource that was fully acted upon, meaning that all changes - were handled and sent as an API call to the Redis Enterprise Cluster - (REC). This field value should equal the current generation when the - resource changes were handled. Note: the lastActionStatus field tracks - actions handled asynchronously by the Redis Enterprise Cluster.' - format: int64 - type: integer - redisEnterpriseCluster: - description: The Redis Enterprise Cluster Object this Resource is associated - with - type: string - replicaSourceStatuses: - description: ReplicaSource statuses - items: - properties: - endpointHost: - description: The internal host name of the replica source database. - Can be used as an identifier. See the internalEndpoints list - on the REDB status. - type: string - lag: - description: Lag in millisec between source and destination (while - synced). - type: integer - lastError: - description: Last error encountered when syncing from the source. - type: string - lastUpdate: - description: Time when we last receive an update from the source. - type: string - rdbSize: - description: The source’s RDB size to be transferred during the - syncing phase. - type: integer - rdbTransferred: - description: Number of bytes transferred from the source’s RDB - during the syncing phase. - type: integer - status: - description: Sync status of this source - type: string - required: - - endpointHost - type: object - type: array - shardStatuses: - additionalProperties: - type: integer - description: Aggregated statuses of shards - type: object - backupInfo: - description: Information on the database's periodic backup - properties: - backupFailureReason: - description: Reason of last failed backup process - type: string - backupHistory: - description: Backup history retention policy (number of days, - 0 is forever) - type: integer - backupInterval: - description: Interval in seconds in which automatic backup will - be initiated - type: integer - backupIntervalOffset: - description: Offset (in seconds) from round backup interval when - automatic backup will be initiated (should be less than backup_interval) - type: integer - backupProgressPercentage: - description: Database scheduled periodic backup progress (percentage) - type: integer - backupStatus: - description: Status of scheduled periodic backup process - type: string - lastBackupTime: - description: Time of last successful backup - type: string - type: object - specStatus: - description: Whether the desired specification is valid - type: string - status: - description: The status of the database - type: string - version: - description: Database compatibility version - type: string - activeActive: - description: Connection/ association to the Active-Active database. - properties: - name: - description: 'The the corresponding Active-Active database name, - Redis Enterprise Active Active Database custom resource name, this - Resource is associated with. In case this resource is created - manually at the active active database creation this field must - be filled via the user, otherwise, the operator will assign this - field automatically. Note: this feature is currently unsupported.' - type: string - participatingClusterName: - description: 'The corresponding participating cluster name, Redis - Enterprise Remote Cluster custom resource name, in the Active-Active - database, In case this resource is created manually at the active - active database creation this field must be filled via the user, - otherwise, the operator will assign this field automatically. - Note: this feature is currently unsupported.' - type: string - required: - - name - - participatingClusterName - type: object - type: object - type: object diff --git a/crds/rerc_crd.yaml b/crds/rerc_crd.yaml deleted file mode 100644 index 344cef6..0000000 --- a/crds/rerc_crd.yaml +++ /dev/null @@ -1,85 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: redisenterpriseremoteclusters.app.redislabs.com - labels: - app: redis-enterprise -spec: - group: app.redislabs.com - names: - kind: RedisEnterpriseRemoteCluster - listKind: RedisEnterpriseRemoteClusterList - plural: redisenterpriseremoteclusters - singular: redisenterpriseremotecluster - shortNames: - - rerc - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .status.status - name: Status - type: string - - jsonPath: .status.specStatus - name: Spec Status - type: string - - jsonPath: .status.local - name: Local - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - description: RedisEntepriseRemoteCluster represents a remote participating - cluster. - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - status: - properties: - local: - description: Indicates whether this object represents a local or a - remote cluster. - type: boolean - specStatus: - description: Whether the desired specification is valid. - type: string - status: - description: The status of the remote cluster. - type: string - observedGeneration: - description: The most recent generation observed for this RERC. It corresponds to the RERC's generation, which is updated by the API Server. - type: integer - type: object - spec: - properties: - apiFqdnUrl: - description: The URL of the cluster, will be used for the active-active - database URL. - type: string - dbFqdnSuffix: - description: The database URL suffix, will be used for the active-active - database replication endpoint and replication endpoint SNI. - type: string - recNamespace: - description: The namespace of the REC that the RERC is pointing at - type: string - recName: - description: The name of the REC that the RERC is pointing at - type: string - secretName: - description: 'The name of the secret containing cluster credentials. - Must be of the following format: "redis-enterprise-"' - type: string - required: - - apiFqdnUrl - - recName - - recNamespace - type: object - type: object diff --git a/examples/v1/rec.yaml b/examples/v1/rec.yaml deleted file mode 100644 index 3565a0f..0000000 --- a/examples/v1/rec.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: app.redislabs.com/v1 -kind: RedisEnterpriseCluster -metadata: - name: rec - labels: - app: redis-enterprise -spec: - # Add fields here - nodes: 3 diff --git a/examples/v1alpha1/reaadb.yaml b/examples/v1alpha1/reaadb.yaml deleted file mode 100644 index c96398a..0000000 --- a/examples/v1alpha1/reaadb.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: app.redislabs.com/v1alpha1 -kind: RedisEnterpriseActiveActiveDatabase -metadata: - name: reaadb-1 - labels: - app: redis-enterprise -spec: - participatingClusters: - # Participating cluster pointing to RERC named: 'new-york-1'. - - name: new-york-1 - # Participating cluster pointing to RERC named: 'boston-1'. - - name: boston-1 diff --git a/examples/v1alpha1/rec.yaml b/examples/v1alpha1/rec.yaml deleted file mode 100644 index de3f708..0000000 --- a/examples/v1alpha1/rec.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: app.redislabs.com/v1alpha1 -kind: RedisEnterpriseCluster -metadata: - name: "redis-enterprise" - labels: - app: redis-enterprise -spec: - # Add fields here - nodes: 3 diff --git a/examples/v1alpha1/redb.yaml b/examples/v1alpha1/redb.yaml deleted file mode 100644 index 8759b10..0000000 --- a/examples/v1alpha1/redb.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: app.redislabs.com/v1alpha1 -kind: RedisEnterpriseDatabase -metadata: - name: redis-enterprise-database - labels: - app: redis-enterprise diff --git a/examples/v1alpha1/rerc.yaml b/examples/v1alpha1/rerc.yaml deleted file mode 100644 index 78db7b7..0000000 --- a/examples/v1alpha1/rerc.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: app.redislabs.com/v1alpha1 -kind: RedisEnterpriseRemoteCluster -metadata: - # Your name of the RERC. - name: new-york-1 - labels: - app: redis-enterprise -spec: - # The name of the REC that the RERC is pointing at - recName: rec - # The Namespace of the REC that the RERC is pointing at - recNamespace: ns1 - # The URL of the cluster, will be used for the active-active database URL - apiFqdnUrl: testapi-new-york-1-ns1.redislabs.com - # The database URL suffix, will be used for the active-active - # database replication endpoint and replication endpoint SNI - dbFqdnSuffix: -example-new-york-1-ns1.redislabs.com - # The name of the secret containing cluster credentials. - # Need to follow format: "redis-enterprise-"' - secretName: redis-enterprise-new-york-1 diff --git a/images/web_console_1.png b/images/web_console_1.png deleted file mode 100644 index 5c7243f9eb10a8917b3ff752d8f0dfb68d86f9cd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 13348 zcmch;WmH^E6D~>wf@^RmI0Q0i&lu zpeQB?Q$9v?06lqaDj*{O15*`=^q>z5Jx8z=*KmM=!J&Hoy^v6({0#%c+9V+?pzNx1 zl4dnxJg2g@CpF`}{<+@r5~WDO{8KP7E-zCbc`l~pPDrM7=oY@XC520v=@ka z^|xFK^P1~#sS|O&%3_Ym<5?rm$FMK4{om48?5|{R{ub3=!2dsAti%v_dRVYYzrRzH z1)eX-0c+3Z$4|Ih!THy79m*sZ!l)T;`=;Z(=R5|#q0cQK{H+(}mnjqUMWnrPKJW~4 z#_g6|`or%Qxz@eY9N^_o+3+>*6D5!G=s;esYH&XE62SrY?QcI*esIxVJ7@=YETf_3 z#owC9K4?b)A<(MRG$Hp>9gu-@U9YV>VrHMiSzJD+Bj5?24mi8OS+~Y}?>c(~ZO!TD zxo*qRl_|fw^<#-;{6A_z{;P|{-3Km(tpfgwbi=coh9eg(@U#^(ezBd~antT^&5pAk zk25Y1sWs0-0wG$*fk)5HwAd;`a;n#VbQD+Q`_NRu?{)_!#rWoRGnVLr_)wo%x@LD0 z?cuY&|JXqEc%T`<_j?iRtOYzmO6&@%TKo9K;1XgD^xV6)A37NKoL*@`{YOXNBzzxk zYu0!#`#U@y)YAGQ%sn6b+mC*yxR9)X-^rapTxdwWe{To+oJ_w%nNzIb$*gvhnO)mf4!}a5-*tgCriq|Lq5pc>eG)l6X|;8H$p*mfB z&-6=dq&!%+w}36vHsNxaP%e;Vc%yMgA2+;%Sjcxfjvb`EC-eseo%YfGO?-rg%{$JS zWerPhLzDtfS3>s@Pa|k4&Fv?>VyBPaOwk?^Yjht%Yjp31vCbAeuGSzW?||3Lk;`B| z8t-eFaqmrF#{FU9nD_Z*0f~qB$Y#Xdgja>z?kk|_Y5sJ>6~Vk12@BBA#lqj~TJH>B&9aAtSz$YTyx5`LTq5%+EFHD?Y=n>PJ=^WuJS zxpg%}jn5Vd=Bo->iMo#tbYDT*bQXUEd|EjIg3?ay`klniI(8QNNx1Jh1IM0DbV=_0`RrmJ239zUJ^FKX zBSVoXmo{sOOuTf4>f%#bqaB8{>`>8@8d%pLlVAPW`yqo0r8mnxRs?pR5=?&o~mH@g~0ypKBI zPv%J4_wGkm*jNVZ(Pe+Ix1k^}>uV15VugI$4R7i%&ExvAw)GbB%Aivywc=FTCHGCc zm#yer$<^k3?M;iqat-6*4+-|X2v4#QX%qs@k2+y{V5=^eC_rEY7026 zkM2V=AiEj-Ps@<|&7#ONpeGm%tlLX2>{~G$XP>+o@wv}q^|@-1gA`=&USL&BJ2&`v z-w%&yqZJf!W3neQ&@qou@NJm(1=l=GpMD>+JbOBgjOxwj8BDnfz*|Qi;dLV@5?;If zNMvX2gXE%WcDiDw&Bi;+j6V{?q=Yjboh;x@ zy>B24^hM1m@AEhFeE=mAs|q~%Jk2e1NWk8XQVDoFFb!nb`#yYjNW3^`3+6W$=U^U% z%l~=WH5eS@5V$cA%EGgcz~+KZoU2Ne+Mi%ov8GUo&tbfGb&w=?4(!y3TQN;v0l(c* z_q4$?{;<2-yB3j^lODrD)QdLh{KuwOqWr!vp?4nRFmaE<73O9~9W8>&(oniq2K{YY zYe3eSQ||^mppzrkH2vmetHaadAmN%b!CIrkdg%R8(br-=G$TZ&M4hZT;@om>lmqw8 zXh#v;wo3=N7dx}BUXiZ-T3IiRCcl4#qRw`Yrhw9QJZrec{_RSyPL9TReutiCkx~_L z4Y^jhH%7dTF5Uky#8;B)zIszb>4s%%qQz$73q!P4(7tcL74LTsg-h0e*_veF;conA$^lZEh-0@4wyq45koOJZnyJPHKMGrO`@tfl zMVG0TjU&q%x!W72G`Bxv(k57KZovV>8*k^doHN{3?+-qIShRSfPis|}hB+WAagZ?= zk@Zuf7MZOzKlD2jCs=x%U>oVrKwiH4&rI&k5)LdF7fYfXcxKL624I%=5ySj-C?D|V4rF&J|R?r|WIAG1Y1t1o|YXM!4>U&9q*y9=-zIm6uuZ5THB zG%f9;!BG1s#+N6KxduO0O(+>?9r2f!Vxyeu{#Z%ShJ1eKWdcF$6X^x3+{0Kfc=>Vq zNGJEu{SgYl`(CIauY$P#W6-nPt&YpP#;s?uJ-4lZS65FBd{7?sKB|ChKTO!90x!a$yyJkeZTfWMBImuI z7`Y0mnDcpPN!zhv*6`W7rXh9vy$pOvYYP3y7mxVShp0!1K36ik*u~!ZmxW!u^ZH`W zY>V63Y9&K*El)s})3m#L7w*d;I#>Gw>_B2?>2n|%ouDAlGD{5}cx=0@e8P+>kHnwiFFz?p!?yk9r*(NHrv{IBiH1_34@mRbE!sMBS86yod7`N~ z<9^sp69c#H9_T`fV$nM8|8WpP_;IhFMmtEg|jjHIOf+e?S8wP#~eYWLB0&uMs=vH4byQdyEobM}XM4rxCo zGZV_a&wDZEz)Z^{XZ0r9O5x!Ik6Y_9vy7|OMTr#W4_xYBYNpBk99sa17Y6p7isSa= zM^7sYJayk*?xFfzL){dbmrEzH{T_2u{pl8{9oK!&uE6o04c~wL!v0m4r{8lru1~GE z8dUVN0ho%PLyIy0+HAd}AB+Q!;YZnnaz48`r>oaI6_Fk1vwXS6V4!Bl<<3!quE)(N zCy@_WQx?+IpGx4v)S=w#YreV0e&V^IjR`Lxh4wQ}N4nM=T#9W%+wA_<@%5xPqM>!?J;;&8y5xaSm+Nu? z>N$SP-~mNw%f@zWr3>v zs0TZ8%eno}zfykDJxF^QtZOmip3iv`Z*(} zvOhegw^S2FmN9Cg#>;&V@>|P~EFn$Pt~c)9t=2SE^RF_>WUw|~KnZ0@Ia#Kmx3+2^ zmNVpVp!deWCncUgr>|UoxAdfm5WRdqi<(PbadP@HVz9Kn7zQR33ut(Z2Lr=o&IBXC zl%v(|lMrG{Gln)+9u^30!Q0eFvD@_J{n)Y@kiK&~%LMB+psu!R(}ZkK#5)=1p^Go> z+U56)#2}6r?%ZeQX<2$ zwPzKC&L4skj%UEsgf|;ypivBK)2MUu&|U`wX?I^(!3&)R7fH3JxM;ALQkJedptTsf!AWw zkGz)pAZQ1#`u&wi^$$Ehi)CO7?-BNLEw$#ReW8g`F&l<3OFblZ6y?Nwkz6=6P-&aB+vA5=;BLGlND7&&wOzt z@Xz!U#M~3B2gZ`|Lba7%H?e|zRl{;#tJtT}?c=@>I?$1vBDm*=HB)P1@RKFY7AG>W zP5DY)PBKY8;?QB;i&x8t=|*G_&Ddx7J7<4;*S;+XHcI_#}tFmh2X?|(<%i*&jYY-K~UdTkP6AAZvbJ;tx&)lpB4{A~9?m3LK0~P?` ztG>m~Z|o46AZN2wO!>pjuaI(K6pAj}dFw7QdW|c?ppOcgA z2_a-Y*A}%r)<5$jeYxrBRPv6=)sw#?Df045ue&Lj@^spXzdeMGeK1C25putNfcRcfT0KKOhI1_vPU@-7RAutvxD{aFHeyT`X4UveV>=qeug&9@D!07oaTWk1S zm(*$Y{8;*hYA^m;QTgj)_5ei|?Z6g}_40WHCszrk5<=o)u8?>IuboGY&UH~9D=2(Z zON0n8_!+30k>$<-h@9%9V&i0|tSoz|O9Q70+8c}udeZczGA|Eg z`jJ3DR$|J0hv@sk@L{VSF;0QDM9N8DD5sX9FL;9>_H*Bem(WBfy;9lsW^CQ-{MU3E zO;+=^KM1}{^-}5Sh93&tfw(`@);O8MzA~L?u_UO>r?Ln~e z8yZpA{k{wB;$O-N1>tu_%25_03Z$sVp^_>jeudxdlb^0O_p2<1(3@nA!{bM&%JXqx zn^GwtI4aif14^#?zM&Tr6!erQ2QrOS;VDuh+PiHh%KM$ozf)}W5SHO@Ik)4Q-V;0n z0W}In94>Vl#tssk+Z+r#h&`rfXRn&g?Mre_g*Dl3WzZmO4uqdqF0IRE5P67e1Ipz4 zwRUO^gGvqzaNHASvd*&bYB-M*R=DaILmU8y@2RLMri^90HaneDT!EfPY}x~}eY+3KO0Z2^h5lU4 z7c@Xt%%VCdlc^NS$Ev~_QD>`8q0YmEt%W&`F3q%2J*Bh*!(dsOKKc!~;!>IcaHxVo z#dur5^y>6#2A{C3ojxU};S%S|EULLAHI=7~OEydk!~$G@V`R%`Z4(XjrPT|OXpYcE z_2YvZ48J3p00@L6g`&hL1;AKvPZ7Z&?-mx1^Lv*N)HR2-nVN+eoo`|?r~Y@b=K0^_ zRU2pIaGbCL(7RuX%N>J=DC`hS`$@DP_PL9`M3p}{er0h_F&Gq*<^B?`Os_u0wg|{Q zP>-b{F5iFFv!#su`%vp|1o?C;nv)3%JrWOhyI-veoc8YK=_x~>40NKq<7hCL%BI7~ zX!7aQ2N}EBwr{?h`)r^gUyOug4~S*D%pq)gYT_`rF+Uq8i5V965)PmHmHo=` zmwqzgDgD;c7P?u^f?EinXPxtp(a49l&*ST$qaUbfnP7BMYxP*Z^tMuS zWZ#@+b@o}$y^cknb7*;#lpG^qa_qkAkKnUgpc)T_J7AgEq{~LChzU$}{6#>hlTc@f zSL*)mz*YpU_eWb+3IosB7o&}F;>mJ}=(HB_;NlwWp6%M&7mtaKXe|Y$-R!bJ!Sg{g1L#YY<;n*laja_eAI(iJ`T>2kPP4e+r$Tnh6vAglV^ z9M<_Z>~*a%cb<5rbOEwaHljE=fLu#|vhk+7zW$Z;+gHrT%a>0j_t7`TVP&qCDzm!V zGvad&%|BwWrr2fL1Ei2!HWXixTZO&)q84#`2~bx;s0$gMqWGgRcsjJ2N)v7VghTnT z1wz!hQo1_EZX>D=x9x_BQV*el!!@27S5X=%x?T3@y!d8}?H)EKGP^91A#L^m^_M4- zh;CT{%&Y3N$$&Nnq%50?C9; zoVe_JTD%9mE|xNiBDHe$a94(Y&(UTu+W82p~3Un&A^1$pN z=A|<2s_-?>SL-ueB&|H5ugv)9E7m4;h+?Mrdl{_0JT@gKZsQ;d4r_`5=1U;(6b{7! zfY(i*aqPMW$ZaSc-q_R#>x;^6L$UFtv-U_uzd`|HU>MOX&T`c8E2K1N5o4;P(=K!;7{6%YV2j@){ra|wO}%5 ze4exgx%l0V@d$t=Dq=I_s@I|n3wi4vNX$All?&teoOmUFXh_s=dhaR5G4OP6_W0Bu zLO*kv;_KNeKc$lbfFmC%xI9Bm5opG7pyh~1GGQE0=!Qw~w(s@FOMa%Fku0e!$Y1KA z8gOz^R-Rf1pnto4H$-zgjZMY1A0PM>rGE86-dI5|R5&b|i(V+!Z7}iWVhpfHNJdCf zubG_DZr0MCEzP%eO+I<5=r-|YYYzPuoxajAlwdoOX~4e*FEZ<5C4_f6AJ2$;4ntFa zq$xe9q~v9_`hlE9_%|}#820q>Y_<^V3G>?e&LQ+Ss~I`g27U=j2R1HomhMtBm`X=v zwT6W%n)Ft1SyAqV`&@oz*8%>WqBVsH+!{I!MU)eHbklIbu~clk28hFSPCNt7$qGQH z#4ocHjOu~C3!kVwm~~hS`*_XC!j$boCD=W+-P|8PR3ox5-954vXsgI648zq*(eEB*p4k zHX20xECt%NrIOC|I(()M)bQ?RzHqY9?wKa1F8C8NF$rcaClUq&oNIDwRmEm^)Vnii zX0h_KIq(paGuxpkoSwHxqE{o13$Vq=LAvOgWM%Z(QwO~2gcUp2gvP4Ao``Bhb==L& zKmt9J_5%(BI1^r&7m}G~IolcPwzvwEYl^l{ti8(`^;~#kd+rNOHhx9&jnlAOEqXxLIasSO?Hs1Uj7byK&O|}M&NnHPv`0K=x$JuUiKB@NpPaNST zloI1BJoElfPuTd}FO`v!8RkPGFTd4!Jt(uobUGWKgUwe@paHJ>Wat_dyy{U#%6r#Q za03Avb4a0%K*!6bkl^W7NZN=cj@JmZU}V}k)}C!xQo;b35*Slfk|LMg%6ZeTmF z_0Gl9w3NGV#ZOZro%uEE==xc-sNYXJoBJCFUf%|QrI`o>n1Zk7Du-_>$`U&goXn^- z?$o?(t|m2w#xu1GX-xu3PgGy^wp5Z3|K!HBO#LzowhjKUqs@flu!=jOsN){m4z#2Q z7kqzXS1Iy#jZ}24B($Q7El~l@q3VGXN`_xg#s^TF?rT9M;p8dJt25Z62~1ybhzz>0 z=S8RoaQn?a`UoUsBZ^X6&=PWUbjZ_5=?tst+-t-1=Cz{h;^z1lyP@MA3edLT(SnwD zC*N+jqxOQSl8~@fF_K;#rSxIyxJRRO02#;P1gSD$mb9ZHvnTFtCKE6qF>5{0@nVAi z%(K1XzIYaVgix=u;39!&-|=a=6A@W}zw=MqnTUO`O=rN`dgfIcii0mp32^ly4hlcV zqfbp+FjjDCJC1jn(cmsbe|eaG2>tRwm6pLtn>R4=a{~iOucGHQEEegIKj>~ztM)Ba zt`sC)$+Ud83YF{1JT+INpJ!;HtaC4OYwc2}ycS0A=kkwHPhWDOOr zo(*3UyNRk=H`=usyA^$Q$-0PylNdE98Jy8?cc7HrAS^CNx?E$#!fbpP?*)u zzO~%|3;tHh(TRsa0U2LGE^{Dv$T($5%4^G&;3di0qAro8Lh76Ar!H$`c;ZVGoyA zC+=4`gxa^}0R?XuwXQlLXU1~PIakGS5 z)XdVPh*Ohaxf{GQOg*2!mL)W>JKUly>Z=}59CpbYPIOMr`A&7b*v^QFuWBV4NK1Ir znCCKtIf|3ubs*o_HLqu~A8#y{|7Q$jn`KaD+zMsQ0_t;IIPMU&>Ah1*===LdlzW77s@p|f z)RuUI%HRv?M{!kPb0d*niLVj-UKghbnpt6&ccc3kVfe)6?5cDjWU`83b$jwqLKRcH3Px@cMSUkp(e4rOY_Ia7^@Mw3RQj>+o8GYA3`u z6{xX`g&adt9&~KPvl?*sY=dv&awTIt<_cQM4~^nJ1`&H0MJsbl$F(=rJgH~3oIe~zfVywZL zj{NjVBN(cs9z3IP6B%rCl8{_LPYDa(M8I{)AsygHY#e3G#2}_oTo$i1Zaz{!di8NQ zVYhvFmFHq!Pxhg{IdiUx;vxV!D86Cq({2v#jC$4uJdwfVHFr~5<8R+Fo8A^&wOh~r z%8%^bWNk@^dG;hY8KZQu@mQP51b$HgE1jOkLJc*QI-DM9kcaH#M7GhOos=-99*VaN zMSVC%kREiyGsdisl9G;={V4+Q6WVR$??T_lWeu{^3|a-WaF0>jC1`V%BK z`Ab=2%3jW4h7`59rfC?tC$o1imUHW#kee3-A{?`G;J8g<)y1AV?{WwZ`>mNG@KfLj zore%;h2#L{EpsWO!(>$pv0%EW;pv8DEmSFOBtbmk&JD^7 zEu1WA6jYzYxs4Od3lgcuz?)I&OjH;(@EYm9ZD4!+&~CShRG>>mg_;={I+7pd;@mT6 zt^*p=>t?V(cSd0+%w?>tp~W%(JxOTHCexeWcvjD$YOaM`t%_q~F=rnAISZ#t@amFZ zoVABP*+ja~6kV>yP_8P5E=Q!$?Kh38?b9y&AH5V*36+x;o?^{d-dk>7(Aoso0BK0AV+Do(>}%78kvtjL$UBJ zyX~MRagU#b9aY-t&Bz^Z?@^X$ZJnW9vWU@7wKx;yzPYZKOdq7nh=l;hM9@C-N><5V z#=F}m_YT)_sGe~%!)m0<%GC6(cwJ3GcYE;F^ zZ|Xp}aTYFf$&Jzmm4eiHNOo|3gMewgw9;P`413n_p@MS@Nd0<3J$ThkKU}-MFxf}A zd~|Z8qNegwSHh|~E6&u9#5Vu5M@DIFeCbv!V;+sy2$=pPTA2^fE*3_+8$*9}CBxB^ ztu|eosMA`El=xVS#~5Gb!bNB;o5pqbJTFFrjQ5f~PRIpP80T0ZG!gRycD$CAQ0rRN zkeEQ$P-K;hk9^#-o$Ms@gq))~81xq@)H*Y0l3;9^_Q>sj!!!# zEtkgIteC;bDY}x0r03@^=@=x>A+f4B)a(52>QFxChB_bIJRov_jFT>t#iubtE{bvo zh#ToDQbueq(ooi%QnkX2*px5_Cwqcc@VTL*`sE4?_7rbNi7P_?V3IopdK|xBs4NtQZYBCW z&)nNRfXXE;kjNAdixr9t)f)7m{m?FiYPA^=vUGx=`G$1`e|p#Q^3MhU=vsmJLMGGQ zA!Ch{Gbenq(VwOIh86}FztuJYE)Tl0ftmks9A)$JR#$E4P6=W(#)$K^m#GtO-M@y7 zmK}P#GeAG^-xPDD(7(CjdGddEsviF*_gf0%Jn&DesxUm;wh~+3BzK+dH>3l97k!N3 z{>}rYH4E60W9^UY4F_9?Vy1~!NtI2TAC69yX5J zT93|Oz90J3jYRStgr2hv2!fP=#+l?WC&X-S=1RH0eI7P;cnZ+MHY}Fq#3<-P8)G{2z&XJsEP%IH z37{|#8AKD-D`&mVVo_8gbnF$A)|h!($M9GZx}p8dW)Rf0ZJ;g`VqDZ0HL~dY9J@$4 zNTfSo-q5-+3u!wC+*u7fTB`B>SwBPj`%hC_s_+*JD6$&?PE)rbKIvv-k{uL3YA*oY%HemtMh4OUKxbmBbLurc( z?+dojA*F-u({1vQ`Nkx&hSobFb;DhbNP#mFwPBe-1Ga!TXbwG97ellm|5NLkR^GMa zB(Xj7SZ|jn$sd5haQH_P+hZ773-Jt)V~8ufFb}182~BtWf11^+BfeNTR#|J>8-(Wb zx*14ZFPaH;jmr>zc98GM_5YbidLko_oZEIC(-C~edC3DJ78lzd#eP^hFC7hUnN+?M z7fy+KvCt2&?-ruH0g2?%M+ztla>@9(+g;7G8wV{@gZdu8x_LcQ%9!5f^FixkSgqQImVz{<;$kdSh;B=I&{$AJN2?iV+2<2Lb8|d z{wgV<`+EmDxI=msN8C8?bBhZ%Kox;g-k49IT{jHV!|Rki7nBcrIwrRdL3-DOztoNa z|GsIgwfF*(S`e+S^s$YW(NIq*V8Ckg6US*S@x{D>=r`W6#t!0lS|6S>o&>(U6bQ{3 zAAY+?*MgVg7ed!MlpJr;@5|Fi%Rz{|=Jw3f8Op38K9eWEzWrXyAYNZ}`XiS*J(M-# zs};O@#mei3B%SmHm`o;(y&d1p0p~VU{CNIda(BqVk5*hOot zbQr&{I2DU|$}nx#i1_{QMLz^6fn)z3hU&WQKsQNU(0+%W^*fFT!#3;7g-r~@srO}V`B>$P+g z9|J!Bj=#L~bqA^k+~p@DbTbNJktYeMx8m&K1%hgPL2y_qIR0(i6HHl!=kC6(-s29r z=qmm%IXr^fdMV4=vig_?MBjJpZ?p zjj^3EuJbQmVFjLU$00r* XkKVxoj9tjSQ^qdaAldiq z#=Z<@{!i~)Z}0d0zw0twp1GHEpL5^mKIeCSPl)y-W%4VGSI(U~N3N=(sC(`l@%3}( zh-OGG08h*<)3<>?=UsJ`<OoRMbpS70OQF zPU;+br~2glCAsA9+SGO5eX&oz@bg^2DEi!x3%%WNIQ1ZLso_dW#mLlW;(I(t{ubEz zQQwWa>BFhn-BjO6$B7mSg0r-vjFJxZpC7rt`aOJg2n)VY>R356gX_=FYkT_tHqq#47R$nxv8J~W;btQ^8q@@jK=*#q?Hg19>caqm|hWb;+dN(w9@$bdNn z$T?QiuKiX?uJUcP(+3?ZdO0E=Fld%mF2ibXTy9-(Zi-Dlm=)O{4W{94ZhCqMzl$C} zksfKSs?Jq?_-nzD;GOBTBQyO|SN$WAiX}*o5X%7O3)F&w^YLo&?LIvV9+Y9T!0{Q_3Gm7sO$1% z>176IBEnqz&YQ!HGWSD9Yc41Lqk7>8U4%UiH%HuOS#4zv>+gcEMNXiC#Uu$sA ziw<}wPa+i6CAu#_`pXF6mYqR2$j!KxLU1f%?c~G;Q=FQJs;y3Jm?iAcXb>WGcnWln zdQ9Ko@ckO9*HGdDd*F23GBxwikSY1V7XYu-e z(Wm~YP&1?U(Owe5c+UCQ_LD~ZM9(&X^tfTW>@Nz-FG_xKwNDN5`ogm(?rMVNJGkCF zK>k``j-tuHz6{;w`l#2-fI-XCu#xHvH3jJl;nL__mMRqti8r{J4>~`6s_1S|jOaxN zSvWaOZa8tII(zou4-dL!Ntp?HgarKLQdXK*(_U;!#?}Rw7nCfM%!F9_!6rJ3rr^6B z!Rs$20;2|q$wB`t%OS37t9>fSJ2Mggc>naO!0MHe?K~bB#3zHfT-HadjSO{ul1&vf z%K$ho_1H#zi{Sz*s;2Ke3l!MNY z&;bq3gB<7!J;y+2m%aLk>4uemxf`*Yq$x0B$s=LjT09^(=uAoS1OB+D{5)3sMz8wZ z9nfmXKv}T{^Wj|Jp}x_+gT2)HD$jlcrS(DKp}Oqw#9zeT&Oy8WJ;l>>rL^v#pcPOqlSEqH=+<}#8FwD%GfBU=P9d9eF8(w*qZv(7Ti z%D)6#7usbpRGi9uu*!^U6KuZvM?{S9v46xJT0upRvV>f<54oHsudVh9jHYw}L!}Q4 z55-lwyMNClZ2NCCIXCVNrjGa9Sa+;t!ABAmW9-;f)et|o#NR?8N@$cmvEG}AotB~k z_X<*}8#-mxRLu@BfkU_Bl0_BOpMFO~ZwHxrW_3PD1oxh&re{SjpI~zu@HjJWZtfl5 zOVz=VQ4jrPRmg;q2;5g;5Ixw>obey$BF6sy`^KF!K1nXtg#4QoN0)i_TT}#*GD(t< zpPLzc?38xjEcQbJeD16Zt}+!h5+=Ki+i&v4uTIzdpTQS+y|&i~uDh+4yUW=&^bI>{ zzoiDpTZ!tDiIPON3SvB4A0vbcsUn*Nsji>gkFkCrj~IxfkZprExJiRL`I?ngZbKN^ zCw^aK;nGi)MzoT-PTxxzvyPk-&mIuWNTruP>{@tHwiNlnDsFC_9zUW*WQh+sJR)qJ z?h|T`FNO z-D+>Xft={p;BF!r$_lxaD}+S$58)YD(OeuHPcdsQbFz=s`c&p=XF>7NHuwJ{8@ZEj zG`q8K1~@F$cQGJZ4B1S;k8V&{Zc~brd!MaN``tP9>^VEa?G24B1P73$--&X<3oA<>c>Wx`zU^@#moBP&BQj3!*lehRREGBnSUTJ%SA0IhW&RqNL zr`A>7eFic^Tw163^|PV_*YX=wDu09-K)F^shx#m!A5R>Dp!AnC{9Cc%Y14i>qDadl zIPA`;mg7@zWordrC(WLQ#I}i#-$G0C6Su0p%Zdmigry(61a9CmX*jxJqs;p91rf%M zzBpvu_cdHd#)$Z!RQbchYK*dv&`g@NdbA}Mi;+*yrOuA!ea1bz71a-Zd<&EP^LLiN z6>#a%mC!nI%3m%NeUU;PaNCDhnr|JYI)+f0xI;t^GU%?D%Kst1Z|LE)#|R#)&^Mpz zAE)ChKe@2i6H$Amuv2$%No~+UH*IpLv*;P?%Ld%of#UXl#*bKKnd?r=%1zN02 zII>NyzGvA2c#P|56SqhxBC{I`|NN*<<9o#dAbNP>%S{gD?zN_@LK9X&!-Yz4g zCHS#>L|Wo0X4%)b2_f<=3&gimu3p){4|?*jh$e&A@ACQCLd@;!Xx}WRj4LY@irrLdEQS)vr*EOhLtbsI50e^#+(5MG#Z z)@;8wYYa`l3wdbFY3j-As z7jGzi{>F|K#o17FdBBsXWu*2|R1qu2EIUpK#GT~KSG$}|S+qwh_B@tYQ147exj(DD^dMIo8t;BL2s^NGR{(KYPKto8hY<| zJlqc7)U1pN8FA=ao_=G7nZhZ}aK>h0h_ivUYuzlODOpP-8DkCwznra&2uQsT=@wl9 zg=L(7GT&+{x)_|INnLTMQg@SMRd_$$O`&D4;nKAU_Vbbd_hSoUOMLI31jbJ0K@S= zig9G9Y-$P+6PR0iiMHXMRm`V8m1);O;xJ$%2u8+9Gns#Tu%V+?)>L!`#uwAeccDw<)1qQPP>`kGKjDtGR=z@U ze2lZk+M2CsFz^_qBn#gNcu|Z$P#-pEU}WrSUv^9 z-Z?~n>@$6z;A#%n2S={pENIS1r8TZ2!^7%gAW~Ncci6lasU1D_#P>RtibDE5WXmeC zeGF~w`&GHB#W|Y1DSVruRzfTDem2&r>E4+!Uw-;G@g39sgUMp%JrB8?eU_ICr#aYf zvqz<#&#^})b{FdU=g33p#j?B@*2qxQus%hRP&=C_tCsfFU#mf>ok8I|xo4WMFQS(TK0F@u?iKfZwT@W&AZJaCzAEZ-*Fab!{0)ZahP$85 zc$^;Nt_`?P2ENj`c5*?qq%mWyD2>s}y4@A+ z>2o_DQ`@-6=t`oc3uEf~;j!hZig#?pp9e+%^_^}YZPn%3um$ZjPaSF)KgF{*{5{}X z)RkPO+i`h5TAFSCr2I?XrKj^>_ugx1v&ySG;w;*>}ap=Vs7;m!HiJ-k(Kf@JGa5{gF zHrEy9*RN7+?5+34#7&9S;1-7DsLBT@`zG5iAKimjz2;Z##UA=Pk+AGrB>%OkHpnlh z0H2JL9kzba=3NeL>YMSVQ>+kL!PB?p*v6E6AoEg5 zrKIY>UMBVY4ZK+Eo;?#@Ri3a^3}-vrso)q(}y z0{5v#4r3i$4wLpijuhhyM>sM5+R1(DvfKVEIe&+iJR7Rud&mXPKq-G>-{pOk&;M%L z*g%$(VTDFZAOoD>FERTwG<&FL=@H!?-!I#UJ#6bcy@S^>Gx!;GIC_Wl1roOX>4Ch~qoTsSsw&>Ac2ewQI;zT_8Q11o1x#1`d@!j#i$uWB5*I>HCoqfR zbE?`2>}`8kr4a$PtHNw`=Do4xij7^cHNZfJw z4v`J1NQ$oYe)`{J`Zu;E<|CHt+X85?K|m2ZI#W6YrNFm38ob80o($x2Y63YDrlk|u z8c*-mCMS1Y@QWGYCq4N)VV}N90OCd&*OU2>*=hffu&3vzfb;WG7f99Zv=Nj9Ce?pz zBn|a(gQH&hQtk(?9FNG*i^K6Z0XNA8;1>U$O2DzAbbz^5L>a+>QIxNKOQ)nWWDme@ zXSm_%+@jU|xmP#wl=8u|q6YbJjbCt~!w_`AS!2G0Z0H8B0y!$5OyU$2cpVKbG$17Y zhEMF{wn)lOR>ROSFVs<7)<5Av|6S{0AZnxOm}OxNq<>^rfNKx@g~Wjiy!gfTMFHH7 z%=@Fidd1HJQef6)h;>rCO;$TkCzI}u2E%v3{GM1M zS$PtMySMmO)8f)e2`|L9n!4oG{+;TnBB?TC7FqK>D&6eh8aEkW^Xa{|8Y1vPX(;^H zSEK&!eSy4nmE~=^dcCUVb$nRCabMYyX>Bi|74gsNd|G1q&~Nc}>MJh#i;kg;?-{=f zIus-*$N&>F{)7>GbqSTffjA`{t&bPcxoJ6>Vn&_Y%&dWAL7TlS1;WEkg1=S|7$}ze ziy+P|Ict?ie|x6=04#w4AgS5iPiyVTH}|#3{{=4hFRBS5fApoL*P5oZyM~dlg5=eE zBI8#~W$*uIu(LcX0UHc{CKZ{LAu$|{ENF^t>f`rhgsvxRH63WW(IKapr8*U)X|am?p@t8+TY?S z>BQ*<-y9zwUsQRC%ot^(W?`u8^*BIkO^cj7+1b;Y5tFai!_7cfSMmk8POJ~jsCwJYr#0b`64G#~` zcaaf$TW;4Uqv9U@TPTM_`Mcc8@z%kco0~;NMMP_ciSXku9|dw$nES5>)^p9y;0(B& z$r!*lWaFm8>2-7lb_zHV`S}jV!}HmVjWUwBYk_n-9Jg@C_MaZl?ks1N@cpT&a4#+` zQRMMolMCih9=js9o{w3GVK8X3woC z)#^Im!JHP<=TddaLAlB*YPC3u|3WKt+!ys-KnCx*6R@O^>tyZS5W1*~*OJoL-VjfiDZG#vH1KH6_cREM6 zSZ^bVCteyrAWe=V%-rGNHen?4i0karaV2xCWvHyxJIK3Jzv;hJ1-vzUdY0yh-bdcv z)*H0uUR{f0CjTO+b};H9JAcTcMKv;>*@wS}wSO2Y8Lr#OsTsWkQKr%#+2@_=nJqB7 zC9-FPGF;wNQY=36iMO5P-W$uRls z?9e5W&S!ha#a|W{+b-?SDB5OScP#!S*=QOc+v)*}cd+^X$>vR}+dF(GlP=>~JWu=# z?5lTrR!ve!UeaQQLHh;V8H;!Gp=ok*()!wx^X_K_SM8y1k6T+8W>DjX<#8uw@wkm_**3TR9PZhlj`1{gJw?yxM$fVt(DU8-qA)Nti z@}lUfAHJFc41*yZNf6P8*)Cscu~L4m=rhFl>>@2B0=|8$b+ch#BQRG364cpTdh@%W z8mXJfsn)=zw~iBiYnpIM$!F*^_aPJWCgvMkceZoJ&$ZQ-*RUJt1Ho_Fmkam2M-k*l?wk$I2B)0F zqpsn247&cZ>fEtB9o-eE->&k`9ohKw-NZdhjpLoCu(*g2q_n#S^m*-+Us?Tzo(N}^ z@2XAdriBTAvJ8v~9HWd9M!u%tGp|~kp%K9TbuN-O$Z!+|9xwa?^8pLd(IzE1?e^+g zQX_dr+0}MUpO&8bmG0=hDfJUiPU5e>ZK@8k{hcf+jD$0#+Ww$@^oaL1a6%1Ur;`q3 z-L$(#(R1q_@hX}^Hrkaj;Ol~7S+UH}8ZFd=Lba`b8oq0qSS(&D6&!goa^gag=0DMQ z4Kz!SGJ(JnQ=;z}h*D99cDR5MltM^wm>K&vmo#XlTX5!!1tUZigrW!U@9*ae97oX{ zp=E&$R9iM+vcD3=ZX&POaHnCRW&)%~$O#ZbQpsx$$SX5~0}R^8+YccC^bfVg2RcAXv?qaDyHg^B3thNIJ?OPh=je)Qstfj;xCjSLOY<|@KU z>r&GL$v8LwQu%76GY9ID>;X=3WMv2u|; z$$U_2b&~7w^Wf;$7Qc8qtYxY%-9>eKRB>a22(*!@=WEYboDdQtRmuA5Q>;q2pe{Gx zEw4*vTlTqTWb z5!#Z3+kRV$)!e(~Ne(^z0B;~5He~VNwT;XmdV`p| z@4WZ4tYQajI@K}z$mdE@oy#z6_tIiAn6phB2~Gg?ZZ8Gufg#T7{;GARw4p}lmX@mR zbFd`G@TZPcD@6gOdpc2rQWNnCdE5W8>U%|+uLe%)v(}9TUYRT_n?!^Qz18PipSEaE zR?X==h|e5P3l2^^@Q%099j&KKC$PrDovWLqZ9RV>qT|+s(9+`X-)x>V>=b4qd9S9z zXHyzr&cYbOQ=JVkPBPr+L^EIQa*Ts<>BLe4?sTDNtjh6{^SgyCEr5pL>|a+$lO&zZoibH$r%+i^eF%qr1e1y$x^3C2SOM7-L~8S_&e_dOGXH2R@ED(Ned|TwzCaJb6sq zn}Rq8yWBf+{&JtQx%-+vOt=m;>7&^swZo*TNiWuf@p;l&E?s0P1@tUSebLKcg8jSvmdfM(w~d&IqF8E!ohk#UZ3e&W@MNrb4c(dZS=rKChN$&Fgt0_RU| zj;Yy^b7o&W)vw&IbV&Eok4-8ZOvh^l{1bFC4yviEPnWuO)C=X&6l98HfYN0@gMk27F4*E-o90i0w`Zu5-h^6}N?Cn$E z%Nl28N=1bU@?g*dILS2}rMABQM_deroaa5su(mFB?o|1AAAKH>?MreeSw^JBTJA_v zrxxJ!y9Ir&H!Qe*nHF*2i;M5tT#(CfqkyV%awAjNi#Z_A&+5h*L#wm0=9j;88N zK)zwx^kPj0ZB>86)%q%R#Oql^wAn(;NT$_#p3i5WlUPbJ)Tc9ukE2arix4ub|r1DFGd?Np<(w?-1o^^Y}PNz;=0^;P9tpi^7cFHzQNDl>qo!HD=vng?N?L zA%I4>ONpLl#qn`mgS>*mJ~_+l(pbIvDY$y+J$;1E%#cew_ho^s*cc8*EQ2KC7#rA%heqmoYimONH7J|0g0t#X3VgRZv)MCw;!tF;q zRPvBxsPgnLJlY=6><`)_5BuH>e?R0%uQ}>vww3`l8MsUrI_|{ICq&arPI7%izH;~%6o2EC5d87}^^X#md_qJo4mTTPwOQQ}vXs%Jm_@szi zZ`b+F*DI2m562Q6BzaXUqlg8O`ZbDr8ZbBUzcHMl!5sC3A|UZ>RtiI*PEH}_^OhveqkFKW{tcD_)v zOg>5%a#1~*XCd6J@EXWywJ(1aBNBNoE9)t-+C2Yc^(?pDy?c?cAj(Dz5IH^OkXD1l zbP2vj90tRjI5`&U`^Fo_-?)*X5@%c>J4Xi(V@?f0+c?Ozy_PCsCNO-IrnvE1NEY8= z&v5P0?PjpGV8|joz1H^;D1aQLDuOO|4q^N>bzYPm%_S#=H^JB$a-xUtsbv=ratbt_ zPI8a(3x!%O%zxLL59@}(sANDo2`!3auy?OAq}{l`b&mq!@N_%ch-W! zWmat%tWF4Gmj3I>C*gYIJ#fO#RTmA}(IvR@WqR6@v)Z%O_S@=VKs#sKA6%Q&q}6^J z-(OhQsCDa7PF^2>FC7^*VhwB>iKNbx$iONb8E90O@@d%spKft@hTrETUBr8@Lcqjh zi0G(?hi>f0IH{Fduh%h~v^jyhL|8%HG-~D*$-b{G14_kJ|G;$n`l^x>jHQ)H1tTKO zN<9GwL8twq^NipRjg5^<6fO#4GxM3mHk+~p(Rsbe9=V+!dmxj<)=^BA9^uN8ySh5g zHOXpv&7N?(oXrkHydW~uV`H!Do98i#WvYa0D6Q!VLS@qpD1xlb0iblK1^h*~GfeqV z7%3AqP0mzqHqT&DGj|69o9q1g6;rL`4d=!xvGdD*yoZzR8 zkpk>nWF=a!yk4+Dv+}4URRmT}j*8orfjz4Vu{cR?XAdJ8g$phBubp6^%6hjH&YqOd zIh4?9V#_(+CawGk8gVpu8wCbzpI??l{L%9^d8c4k=)v~&)aUTUjcwy&hkpy<-l_D1(K0h*K6 zz8N+^yX4_v?8&XKO-V=1VK?m7DTd1>21l$)aY=`B3OzEeJ38ynFuF}>Hb(G)(U5m5 z9`Emx_)SU91b^})*SSNtPPW<1m9v%MyCfpoOE2Z+c!Ug^i<9;HgWC_QudaWum0GJX1~KZ%lq) zpZ7kyz9e8ATW9&#-*h6qcx#kY`uk`z&p-WWhKVCPpgf6s=bHO5Q5wCVS15wazUrBw zN@#T4IbLXL*zdwubVrw#eiQ{saEnXR5Z=;VwN2`d=z;sX)~_rz^r;P&hRgV}aG?B3 znCD|-VoL1?o-9+ov$7FIlOQGgmItbp&fVZ9S0`wx4*q3R+=TxY#NyA^#BvWUwP$+F z1zY|GA<*C7H=7oa)wQe_*;8I$8{;Ll$}aY<=c|z&Yg2pu9R7ALGu<-8&O(bke%?tT zE#~c9Me7M@n>ziliTpWv0#@LL3xDq;qzI`#KsiXuE%JVc-zlDmoZUfAg8A| zNxz-B-L#HALX0_0q3=f|91*SGT|jixo^R^Xy~jGGfxgR@)Dg?H)1g|%gAIBbez~Jk z;sHQSpP81ZR}iE777K(eF3iVTfoPSmHN6XS%by zn{aSFFQT-~Y()l^Z9QsL?zv=n-3s#~o9JnZlv$uIyw3$wIgS$z2kuYD+!W-VF(>AWG_(4IFhF^L znvc|>xtt%2mEG2z(tna`#m?P|HU6wWn`gsiQhiI~V-}WN@k~r%D2g2QYW0>1SP*&f zh=AuD-+N`GIE*RAIuW>9#vW-I>aT`?K@G;_p}BR~nhQ5lY{m z*bu9u3TMFM5VxCn5fq$OJ>`2$zMoi zZPcLwBaDo>gjT^`18skKu3M5J#Gd?g4Emd{O>Tquzdl<9;DG#)C$Z7l*W)DC!aDy^{el@r z6nO>U#MUW2+#NbS&qBsI*+hJNeB7OYAitxu&mnHkV@-l-;LyZqvy>E%SaPe}-=m9E zWx@H@TnbiZ+@GkW@j3}>1jqypsn_q(qgC{gGeQjwx)YMD-!Q&xF-15B1Umr54VqS^ zgwzEA_c?Kq=Q)OP!B7d_o2;3IfQth(i-lL6D?Y^S)p2$t0^w1cmZhI}YLHdC{#8JK zk1`lw>w=hfJ)%+NWT4JxIESVki8I|-K1|&2$cIJ%NTc%OSYiZ(&vGrt|kl-I!0jyJoRi|i7%$=l#QE7M3*;!fmr zePwg=#StRuV!~p0f~I1VYK%UKTEJKTLmf+SvT9vL%;V9=AJ2Pn|0%s3^cBphc10OS4w}_o{TXDS z-t_4gmif1s_3g=UY>1_WHQ<%LzARTRn^h?;#Z*)l*eLO@NViKm*KIBM8}O}I=74-J zVA;R)QBf^$QSGVRRa-N00a6mBX{U2&`xzjf{6G#$J7Y4)j&#Gu&#@jlkRQG+4=j7| zDDO&wv+5x1Ej*IB`l{VyIBMzHZJop34L2PbIhGjUD=%^Gob09#hh!+aoV1}OZwA4; zolAEE$Cs%o)COHoQo(a=H#bC(FP{iVCasJY4x$>J$5!KUZ_6JiD0~^qQmxA5u4kIO z{0_=)tS%jNh5MR_ZhoX)0btbQ!l|50sB_&7Gl1-6BKsRtKyYy8&;Y1ej#gcft7Rk| z<80vqhXfxauS=MVwKi`4>ny8MW9{lvIuytW`X|0uk2!q%C?F&F6Drt$IOmam2v6Lp z>|BZ+jHQZwl92<)Z4O2H|2%htt?!iwWqj;bgPLmS7~UrN!M|Z;@c4kLz%YPmtU7m) zLGfOTa1AzykurZ@U>?{_y?1h^-ownoDzDeGcyz_NVGg7tKJ6RH8xf|T* zv0m8&i30Bjo`{YlHMbsLW@~tK`6i~${nCEp%F{Aku9h{oEx*xoG4GQByrQWd!Ta*U z2oXLT%hRj!TC~Ub`g$nUg#01@))c={++vlk{qe~(@w?{=SBbJ4S8677?sNJANYYIRl}U7B0!!87cWuwu@iKpxArf>XLIAg(1#>j5y^{cg>!oSANnBR#3F z>m8VN<>~Sw6LUi3dO2b9eZsz!;`ESzP~79JQKRB3ecTUnCa7a)gy+MTIFo9FPhc&k zQ%7TdSz8y&Q$_MCuB~pC1X<#{nyuP(5>nM@Xk!dtA;{Ig&SLvNiQ_BjH{2f7AEn)> z@QJ?R*D>{V0w1-b;ixB4=3U@%>j8XnW2SQPZL=Ay&dW#iBHF&-C*r;XWR}eV-_1P> zP3@g+Gu)#pQvsi#a{pa!J3G~*Ohe|E?0Lm@1#&!S6~PyVW})GfX;+qj{B%qI{;G8JU>#O6phZ7zxlx=oW0VIFV0fG$ z%}qW|AZ}F2R*j$k54u<}M6_*je|e<;gZZ*UJHo8qpg^|9*>Y9#TFmp-y)X(}!nR&) zAE(xt3Je+DX&0+0>x=!i-~IAd8`xE*G&6eKPP7z3+3y8L%SLtuU%YrxhQCTh-nHEX zB7Z?5PbV)g&j2=jS$|=NBZgd*i^D>yn8)t+K9qiO$*#5N%$&=xTkth=OPwU{bkU-u zZA7Z6f@DXne{?1GdKoN#XSG z$J4SAHRhMOfnDIN#(p|V*;A>YvxJ@S>IH!sYsHf}rezid=gUG~YH8kjM9gz7%8 z<`a9hi*URo8*Q#%f6AEPYfOd!*3`+`mZzHCw(?Qkgu;n*hu;=L2OnU6SXl6b)G*Gt zHO9SN>WOb(!8gKRA_2ooWy7~`p-C_f$iFKz<;)mX9`2c_*zg+Lhirph|5}{-CRP56 zH{XiPioF>bEoTaUfY=9Z7~&ip9T!PlzX!t`993V2v2U5~bF;&3$(RAE>38j>mIVk# z6$}t8=RF&Nm}rOsUf}JVERWSZTNXdkmtrz&3(mzV@BE_OAymdRY^)y`VLQK7b4k0gbn3G(Z2^fT%L-kfW9!V_OSWoclnF6YXhav z4>cT4?3)^xEiN(;Mi$7%fqHO1YI`WZz)^qN!vPtBpd8M@d3{cLwYod%0FL(>8SfbX z^){Qe5m0fRF7r%VeT7q-1+hOA9(Gp<4Aza{3qOCsYLWkn1zN@1h*6iV;q+B>l+-Qp z1klgo@LD%Fdii&)gBYlD-vT)6 z`2td6ZHnk%##Xgm+KA=UGBM-B7x;e&3vpJMiGXiSWE$DJo}N`V%_3;}Q9$9F$T6W0 zzZ#GPxk91Ilxz!=Xg%$wxaMNKyETh05mFOHrh*aAV<^Q!e-0~lWy*2B+F_&-HA1ui zs@-@4d=4+!Z*VfXvQJhuxu#dC%ntKt zd1d+|dLT8kDc=ER!C-`k#nUplR&{tsr`=Ox8w$4s#b*20Bn}EZ-cvl9>9PN30a_W? zl_K_>3?u3GHdi~XMPy)o`fjf^WYeTRSh3%V=gVsHSUsX=VgU-m-gDH)x4a#eH#eD^ zK?nc7l9-#L9n8|+R+QA(?2kOiT0FrZyZaOpkN*KUMxOcV= zyRq2D_ClSqXkIT75MGdu6+XZhL?0l%@)(e$svZP&?A5RHF6Aa zyKAALYQq8-#46(xavJ4-QTT>pQJhNx2ce;%LeMwY6{5&c62Mx@F+)Qwm4STN_bG-1x;pBTaSg5Qvol$5AO(0A&E053k-b2NdpgeE5^4Gf0!r%8Ty z;97;=c!Dm0wTKA?(*2|tg;5kPdM@PU6c!eimX>~)**+QlO_As>4vG%r7&pO251pMQ4J;os)gTEY9*w^=t8_C_!m9_4_*U=>94`_qU& zj3TN1dcZ_1eewU3LG&VMpnVshP5#?(Auk9)`44&N=feSjU@kMu2mRAP@y7_jyOrSx z|F=tE$Eibe+zVMkM_a(3hu0~A-F1MLD24rp#RTTt2hY7B)oYVJOn+m}^JgB0iVpw2 zPu^B@aWDEbg%Z>`{!ECX9mO)-19((r6g>;Nr2qEm$W=PoiFU6hx zGVjkgHbZPD(rEDgJ=~I>ZATW>A0m}b*!m$E6Tly9ja&IYdI0+oN7N_C_U}*(`#*&R zFm^4%Ucmn`GZ~7s>CBuz{*N+{rZ!DE5OWKQMI#vSo>lR{e@8p(@YkBIKDgb4B?8Rx z0P_FIw)bkCX8$&1ILL+`#+{({hZF|pE1gDBjB;SWc#X>dXYt<&tuKyZ2jmWd_E>ZJ zfrR%?!*2ZlmNW8RsmPG{OUX-sW`CSC#r~fvrzHpdQPV&qpr#av=IQf^6zuj}(Ldkl z{QQRLe+$3>FlPVA+D1}3E%FRta_=7=8N>cpUtm<+^NCE)rl|i*4AJfPeT)B}<-;G- zYaVUb{T~JcUd#Fqna*YpG%C%CR=9_}bNb^(jsCw=Ul(=|%C_1Y8)xbMpSxjz3>Bi+ zrs;VdL6z7{D3YM;7Tw9c=O~+#|j)lX8lIEJ*|Cl1GJy?ev zG!=7CJv=?TxjQ~Vp-^saK1~gc(C~0|wOWY2KGNia*|xF0qoY7^Zgtu_DkfhFk=Mgh zfTtRM^h@87^z#g07K|XH=&f7t0d^lHWpvJ?8t3uGwf=MzGqa_HL``tiBDH*S1mN)c z`#;^_&x!i66+JKRf}^IU78S4R;O-FgI@+=_GBWb_mwT+em5x^S+#K^g>JWlJ2on?a z2L~P!l-~M}CDqis+1N57m>-llj#z#T4qED2Uw`+Ow#eg`p1m{a2L+Q`ax%%O$jpt6 zk0Nf>@!fT@?JX5dleP;%4aV~tQL=V(`=6FnR&IJc-g;a3z}Cz-4Eph{MB(1nR#%@u zlwOq8Pkv*6|ICWFYme#DD6L_ct%-4O$&2U4t1F8Z=DN+{e34X8k;#qEADqTLpSys%Y#VuBeZ8N=Z3h`*$f3{Xi)$t}IPRUhZ6Q>El#8TaIsbOmMXWLUzD z-%L(#_F#WXPkQNVnGe!Eu%mWPB1Tst(;4pAMnrTI5h;v~0q@#y-h67e^lY+n@MT2d zou02IWg{OgSQu!+wW7iN5o95Vwzh?ZI6gDaQ^8?Hk>>t`jXJ<4g3T`_g?AqJB*e#K z$Km~c2RC~ZPuJ?8Dfe8il9I;$M*zS=KVHYh#AD;y5d(vqo}QsqxTll71&j8|gGC?WycB^T6*h78qkaxF2b zfE+awr7ba_N8C6w$#$B3!3dqHi1)r9KW>Q5ZtpRa(MsGWzId^+ zoCHC6p|!a=1Ed@|-e;DpYArMFaJUKECJi~#=MN)`2j&h8Y|%^svP~yZB(vD9Tekqp zJEvA^Wy%9c@*6lzoP4*`h47`WXkkhyVu@ z3QTr-dO^0y%&hVmq{d;RP1CIJokU8^&WF4_)koW+uOR2#>htsSKYm31zPcAEt?#0j ze_phs{aA`~U5knCX5xQU4>)8vQ5d0)&z0re?1M zfam4W%bkj*s}KDN`mZ+!|DA*%=}3R3$?xu^B5pPO?Hj9ZenG)tc--~2t9D<$4aEU_ z_3c{&LqoB9_ZUj|iAif~YfVi}b)G3*YW`F@Hy0BVqgxMl=i}pR8ymQNb9#Jgs=r^` zz#uCxtG+%XJDZj-!GR&pDo`%Bpa2WCz|D0g1xpa-Nts@pt_+1LeSci;IhxuU#y>53?{j_vsZf zN08|kP2W^nSs0MSa#S&Z0y>*XP_z>7&(A#gKE!?#bC*w~9AZLgiSm9;^!n}N%C4>f z5&gn^c{K#3g0LSX^AZUDO<;18;(?^(fSy%FoYfa=0}_a&Mv$maR~y-R8|7o;aIv{W zYl8yXgRKJXR~Y+0rVMub>)9z8P26Lkpz?+FNhaX;>pbV>70~l@b340NlT%VCk+Yxy zP%gk5_u0BF#v>^y$aQ4+dE?Wkt++USMMSX3NoZb_g`3tYrB7ClT}xZro4~-yTKDmh z!?#WFbC%N$Oex99hQ|7V_S&Hvi|+!?SKL-{e&!%Al@uGB5*022=wWx{Bcmwplw=X)+tTw|v}2m466VxSZ#AFuM&CGdbG@n!qzdBtX|p^Y2H=Jr6NM{Ol(Tik&*3fD zj(mgT%FGszlBmsKA*AuljJ6|EemP; zAfNDG$3f?Z7s;M4NIO7#v|-ovLRCApmc{IWx@!K~G^VD+n{c8`gYrjV4h ztkPj{WJKh>_wfSq-VIUWJEl}_|4F^aU{rj@wFcikKwKi(gPXA(fJ5ph3gm+;H^bP7 z;e%1#24-iS&)r|Abez ze(9Oww3$C!_a9tc-TL!;8?f{3tZts3JONLjDPYuZ8|in;*mnzR`c~oTnu_my+#)*+fk9>_6`mX*4A{iv`EOve7+A18f-H9Rfen~ z`0K&0M_h(ll!59@`vY%mtgTO1nj@I9Fy-LqdVZ){0Ll;*1yxmbdV(ab&1h?vDq4g` zB~_Vl4w>3!`4(m|u8)KfLrY8B%Nr+q92g#s5_z~gy8N0r(S*EegrC2yrq-DS0m>^k zaC5}X!f7-24iyy(9dCE|!+OVyPr_X(@gI#mV^h2iYKS_rft_dUcXup+iSLdfD_bIt z@3V99A}%&I%;00YH-;gcp^ma(0(=X*f5(gPr5e|PVpR(f5fNu6r>dWi2Cj6mP?NCg z%gf9D%N|mbkqel_uM`7}NZgWl8%__mC!|jjMrDZV;s%EM|DURyV*m)!{hkllkw#Fm zZkJXsyGe3MY}Knb1t}veth)7HtHG#=paJb9hPpiU7S|umQOu;7ne*5^jGXx=U4Yv2 zWn^f{{%ZH+;sUvaOGee%*-u#5(UF#10yI0j%v$`*-Cm$I91L#zdQPZ0GQtS?lil*- zWz5R;t+?U(#KgpS2NqSB&hYT?S?@}_$H5RdI*IRiN2_bZ@e35#XJ-QDaz;fMo$<30 z0z;!;3w^+vor=ggns%2}tb>yWMe+?C0_4u}1zSj;6#pR}@s0?SfSS^1(bA`x<~n8}JAoV9bc z%e>U!JO6;5%G!;Wz(rkPp0bvWa&5oMfU3LfIjmVGNO_7e^y7#4U^&B^N^C4F*2@HE z+ewkPXPq6X1M|UcL1RxN$x{Pi$;#M~8oRb2 z{0lVHxdN8B)?bDu>j*fFYgoiyMI_oUwV`uLNJ!i`FjG@gr#tdc`8LO{y6he^>Na?L zct|(QbOlPLB~*6L7zS{lXYh{pf||!c!Oe|9@p-PHuFhi>N2B!`UEIdbb`REZoRFMM zrI{-)DoU}7uyZEl=+PHGJI8fP`=;K8H$Z0s!Vr&uitn&ecLT07s4G_UU)R(N;X#`P zZl$m9?+ZIvyVt7TBSP&6L+`J6e6Aq3aCI${+xg1%ZKq3)lEKkYJ8SE&sDyNuWdE-; zF}Nji9T8~`{VmSq3hnJ%U9R_L&JmQ~kH&QA8{!;@Zhlv}9yEvt$=aoe!fY6=H`qUW zqokrjhfldaGMf;eesZ!E(dJxc>*@;!%cc$TN3tJp$`JL@2kl%_H2^o-+uO^^7&tg= z*E<3m+^#U+mkiC|>I4YpNF!ZB)~zc_(J0i?!Pw-!E*vzP!T}8ea~OEKRF}}D^i)-e zGGiU@2dhDq&KiN^`=Hs93KeD4mIo76t#! z36)yD8{PSNk3T?{;3bd?4l9Gu4yCaXgMJ$tKDYgfwFP%)Wy|go^E=liP8u3bx|ir3 z_?aIoW0E~9-@YAt)GHI%X)I&ThAToHb{H5F=;|U14hGbeoyrECJ;I9qUYl|Hdwp*r6Tn-; zZM2bnoj#EWmk57YlV;LteZ$M$XmfW)!_CQgP{E51bbQc05fBh;?sn8e{Y7{2tr!^W zs;UI|+p5lW`U0c2v0h@#LI3|J#SH4pqSu22QI;E7wOe)@QwvH&N)>nLd-a!mdzuK3 zT%k6z5tEFboW7ai0+E$$jnDtX=Pfp|gOK}oUzL{7u-SXpyzfZDA|p#G9rkGsMN_Y? zP{EbesMNOL89=N@gEq;CFt)6P4zV2W?}MgrvBmD?bC`Tea;(#xm&iS%6eTK|w)SanwThEjyuLTLHVpcLgS`g$HygRV|=Au?>$*oli}$V5>UY5P8etQ7cy#Ituapy8nQ0 zmTb(#PNeHywq5L7Y3hSI)|4?kI{Iy>3)uVm;o<#Qp;xbvjCzDwI=tk?q_d_8+uv$&B|2S=s05Rx641L&mffE-GstlE&&q3bm|(h;nxcJ16*&?ElQB04=)j>OsgU2M0%g zU*DT|jvieBeOe2M6}(bq-7BCkxR~p#>+jD#V;5l$F@uu5NSIT#Vb9)LU5znEm z_zUfSvTy7_6ac>Gg$Th)ko&9qvGgQxXKC*!NYz9+kPiB7rzFG7%k6gUmmAnwS&`+x zgj-u%j|~lp@OS$3Sx*k`k47-47ABJqX0i{=_4oTl#}n%xr7%dD*l=Sg`?_4G1Bs%7 zNgzYn+uK`O8d+oqorvqM{?STl3Lv-awcHMi=GhBofnD15UNA8+upvx@MO#UUGzC9` zl`tiaQ2Iqa-$zWQu{5)4r=66ntk{r{KV_`AQj1elSorSaeLHc#+k&B{>ec%Z+xUiV z40{VXi!F~Cm^#e*HOHW?<~`n}*1wSmQCRKFZ1bwGof4d&k9#Y9$7`)uZ9JMUYac8w z4pqU4pffhvdPTx(Y;GSr9LV8(f=|NZ#LvkoZ&Cz?6Eky^Qk&#ynX=cB<Wrl!%P{8T{U%=)ks-R3Q<>6 zli8_jXjp3}YBl}*ZR!(oiV|nRg6HpkB5r(3tif_UVWuQ|0G--<}SHy;TLz9YTa^g*5yuS^nShkDNB?@)jvJST>aLmAaLb za-myOJKZI;3^TCvsqTJqo)4QdE6u1?k@23&1#MM!y}@=?fx%JHv_}u~?y9UBMVr@F z^Di+}LVX+vTX;-+q~4972?g}^*{Q2v<`;&CVzh#QFI{QMS{RCb89FK#G7DMKJZuk$#1n`g<*x5_9Kg3qSTNhVUyh27^Z8PJuo{WYDd*FVe zBD6BHiuwxvkg*KA{CN&#Ys(O2I~dGT>plcMRUPlerq(r*r=9J|$?jNVb#QYKl4*=FXoZ$<9~1j4E>x^PmCJm~#Wwc+O#=&0@Sm!28Z& zz1rr6a1Q}BF^hFSmrcOjwBq;knT*6tX8BC9zafyN81vLIv9mJJ8Ds}SP4mPypq^$j za-&1)Hi4od!$U)P8+3GZmviTpGAqPmp1%S8u`ltxG2QYh(cCu<|2YecE31i%3OvvTG71V#7Kyaa< zeV12PCTCS|Xy}Sg0h2aBk^2^Zv(nuC;U@a!tJkm4(Ixq+&(XLe&)dH*EmS+lT<&td zWgQwYZfK}(tW9Mma7!Annw~Y_rKfKN;jvT(ROF4M|Y(15j|#Qg+DUB?iLZD25ph0+p-}pQFHBcv8?Pj zW&wHrF-$^a@qQY=F$zGF7U}Lkxdk@64!XqHi&-H-oK-Do&uaUZkX52kiN^jcuc z>ok0MHX@NJ^W6vQ>0LWZ9&%~*`w|fKDKmnXk&%IoXXtMKEMmZ`ggk+^=FfFxc6g|w)w@iqS;Fj7c2RukoPLudI8Y)U zgqp%+gFk+>`wQ)8d^~?$4PM)%8o%xzOr$uu{vF+#EPNs^dmh)N+3724 zmxG$+Pl2IehB5MqJL#Gs9UKs&q@*+s&f0d{7%9GNbvJ4E^#OlP$!(!|ziewn@l4A- zFiZS?av(FYvn!9oC;f==3K_OrhoxFpjI_v_2Oi?|cOS4&*?4%UxVbxvnxHmlmDMd( zXmb_I9}$Z6VC-@uU>-O>zouhi>f)E#c_E5M5&1Fdgug6`-C}I5?SL4Hla`beL^!E1 z3MDj#8vR%tg;jl+o--NHn=oK_p*imidX)DDYU>C{t2m*)&LgW@JEIzwZDb*n4D6@_ z`NJ5*f`_|qzvs%AHz1JYWNl8)ZuTuD5F}ED!F&ys27ye#>vqmSQ>gwDgZM+|#=+Ln z-p-CMkR^Z(z@*irRS!XveZIbO?NV|t2*qd%u|bDN{4!T0jw#K&{J`LLAu$pth7 zre^UgE$WFWbO!$!wcC@%{5|_yl3)tn!a$Z;N+E48(bqUf84VCF6;D7d|SCH4WS3TTj!cr#PewGQI2_r4oBR4I>o zm^WlTt2M6PrlvSD8vRh^;cMsYkWB4U7?-)qF|*X69`$(_)(4x>s%L}G=hx!Le+ z*!s#J^xT7K3mx5YaYX?E2Wslo0rx^MD3!=)krC4Lz3)MCjgOB9gRT)u9ADc+3Fun3 zc&VlI&ijIcgYQ3wMRz!#JfN$!dt9(xEq1H!RrzU@={cV)xiUN(O?uJRuSxo#Faiu2 zU|HJ8^uHcWHi-!N_3$hA{c3Pjhv86LyKnU^xXImhG7XSF^)(HAKHFMuZVjh+eQ=Ov zcD0_O=H}w6s)fHA>UwG5=!>vLPTYwoDsB|CWn_CV%u*e%{1|sAFPqWhAiVe8KQ5DQ zG5G11+niS@(3rH&{@VJfib#*~L z<*Pl{*U}zu_vu5ACl?cAn+d?*fP6t}keBn0Q4;nNn@7cClAw%vh6UH=qzmV?!D!rB zbsh#B*u|w$)&7mIA%@UwzOeIuLu5A62YI<*3N;|cNGp1N(u3xVPUAb(Z4H3PLDpXXf$zo&!`W#`-h%RWq8TwF`5_W@m3smUBJ%dTip zd_DK#=!ggl`x}?tTERhB9+&|`LM3IU%i%mzQ+4_I?Rgmug4sAfTa49cwc5WhFK=qf ztBl_Ag2B?OTB2JGgMBKSmTiCnii*!K`Ye|Bb#?Ozh*F|<;z9?I^rK!D~38=>*A^8+6u-vUvTQ%7Y zuCTG4nuf;h>_x}>2O~lWsz!VDfmQ4^3TI7CcS%WiZ@xdc(esnKgkN3n+?DE{iZ`SX zayW{=XPEyq_`PGfv^Yo2QNO;!NTKm5PQ>dis`c^VS9A(y=6oZ{_;oOB^kaWv~#-l?VVF%(|{ zHOc?vdoJ31s;1VPw-&Yzi5?U@9{}A%w6hq?^~cpMAQ&7wfH)3i(;p(y}`gZv)02 zx+ui9hRnuupwoxd<(FfZw4CEHiY*X0bGzMT_?qt~429tnrWnP2`SSUrMl#~gh`~>w zLt5+WlPs0Fu$~iYTOS<)zsq>*G@I(~+qdCi`n(E)=XCAZ&iE(XtS17^KU@la9daH4 zvk$-$6CZerUkyem0$p0^2DJ9&-frUAuZeUYw`dd!@-0ZwRSr2LS@fnYM)-a1X*d7w z?&6tsQnFB6zW;ub1w?oHLc|@=d7}n~bPP+2BZ4EZf`Wnqo^vknlb!xx`73;OzM@rA zUA>s=zUcjcvWW52Z`HzaI!0s{N1)Dtmnvmd{Wnx%u)cTlpye?NxOQ;zL7-5SwF6&c zpm!ynL2cCu(}lwO-{G)1EmEF^K6*xsrSXJ1bZ}%0u7Q)iA@cH{;we@_rXFwz>|Yer zh>9jyDw$xs;HA4-mV6AsLbR;&k#3|9g)YZ93X{WV9ARSjH zH#ehweNmpC(6HN-l+y+-HBzcM((CMUc`kgHgVR%M`%`PX*|VE{(MtvndvWd#vif>U zM8c0pPUPsDq;50wjd2NFyW1SNICUE8$exeo3YP2%3gQS;+`GFChAAm2Eqr{+!G1kR zwF?VHg>Ix=S>-J)WbC!Pf*sVX)q?D`?JYV`dQm9w(*vSk)fF~ZDOp-eTS|SYR_c&uVNQr9+Pi@ zSuv)}C}_~}pavHoy!LtXG4;yp6PRx@tE_KYk_E;gl0QR#`T+frm9-j)5V8)O;oIDX zhTE2whlz>v6FxV3MM~{fx4_JG#$Jaa1oXkdL4KG0BA3YOxM!f@Zgrl|=*^?-jZ*Qx z4)~Z~(xS6~Sl{pYfL0E^Vqgd*(;FHeU+**+rV#CoDDpmOLATHw&#qfoXaZVb(Bkau zEEL{Uj0qmc(!vf#%u9t!)mUkOxs>$?tSbg*onj8{-BAOV<0e#{sfC5S*NW{T*Saby zn|uDKjA?UMKD_MCvcO#fW*Z(V<0DMEe+bh%IU%-W?0Aljj;;lB`XC^M`WO<5FCn2yZJo*I{%QEf^!+I* zbAcjfAzd~~UK_3>QLv$rR4`KLn{rrYY;4fw&JfxQJBh7O3n+q`m{>zX;`~ad0fZPv zLPAzd&Q`-Km@VCACu23>@^d*g6Qf@9=s3SyQC?RUW^HYv@XC)5?K<)tdpb6KT2CvC zt4>{Gj*=?dx`>s#F*jRSfpThfc2-AQJ2g!Yf~!t~r-6qOoKqa{e#W)CQ;a2>g-(3` zd~aK=zc*{-^4zi5eNZL!@|n8YS~J*M1HXla%1VVGKcyG<-U`OZctb!CKRKD-_+mI9 zFc>i?IQx4`9mlrU0#EGve4|lN^O3ckc>e6&X}qLZT(0}Ri565Rj0qJ{+n%W(ueQJ{ zzMrKeJj(7ZQ{A^P)5io z{Kq*;b%yzU`GQ6Pq_pOl?10Xa8$t=B;SW3CKlLEx>FVfg&pgo5(*uv0GA)K({Z#|x z5*STQeVkdP2}SZY(hDprGZ z{{cHk07T^LNg$&Fj6u5iVpjMbByn&?^*VfJKO8vadn1sgNk|m#l)9a*9RY!IG_?a% zGYk@bTDq_46!7OE9O}q5YMS#|9P~DPX0Eb{i5b)es9EJ^d9J zuHM;vCBskIJMfS6pmt@1H-7bc4GZ9XGxbk?3oAsE7mYBND5^cCAK$ zmR8H@eO~YHta%m@9!stvNyZm=0XvgxYa3fzjppUGPT4tBT0xVO?p3j|Xgm9ykxF1X zlx2t<8DS{??gyBm=TTAeN$J3GkU%G-$rrj~6+T*1s6G5of*x&12Orq<=)5*42r%#Qd-MTII<498_j*m2do@V&3w(~Qz zH5WCN=BsbLtJ6?Z>+9E8ZC{Q{q=8M6HnF2e_4)nTfqWrG6k_jaZp!25&pEWWl@}4Y zY4=9pw%>-eYaE{$WPX{ffTG9EX{f5ECnd$e+uH||kbvF?_t$;aXmcVnIECD%X0A5g zx&e$+D|(q3`h+-f?mIHsiTL5-XD9*!ll9LP$HNC{+xk#JtJB1F|Lf{j!X$`^HUtN? zy}s?WXq^8EAtL%BeNIkLccnf(DzY6D!?FF*xDM|AFbh^Ymz<=hnAjRFw+qS+{!93* z(O>fw6d%N0T&xTYzf?Nty4DxO5Tm0*sa#(E7LlEJi>6SWY4GFZy_^l)T1%@YxUHjf z<4D9-!1zW-8{%>ASon*#Tgvtj&BC^c`QzX}KAQE}|5P55yK(;~Q6|?SQgU$6fH*$cpwCVjoyUMNHc_mzybCMhY!W=Pn> ze}6(*%pQpWv@8x@k7atZL?jdh##>-orKTioiOI^TVWZ@50fX^0PN4zDD2uhFWn@Ha zqsd+d0k7hnq@j?gPfO?dxohh$DDaSpz@^#r>!IM{ssO7WOQfv7l4ZI7`h@^RiJGLa zijH5s#4U9{S>yYOBq~*FbJqd%hB1RGC@f*9>zR(0PV4%)SWsk5Y=8riB$>g!QwMDf7Z6EMMw}xxH$2-6+36>NCtm47iXX;N&0O$EK z<>PkdCAtC3$?B>}I$>VtlDK!x-Q8;qc8TEPXhBuTrn+x0E&wC*jh-DX@(@IvD-sfR z0|Hhe@TW1}jPdw)T#ls|JUvA}JVb|tfPP`_^0H)Mf!v_;ImY;Ij`1kEB|yq>-A~oT z#5u1S#L)wc)C>&vchvE)rY09GtBln2@LsDN?h@PB&?K_=91ZyX%w~%+LttxKhbULF*3^kLijqH!xp(@V*^Ipe>YA_E$Wgl zHHAe(9wB%%IM^q_u19fQ7WpFdRG-yBDPwV4DG^k)7N|% zd%Gd}wCK4lGc$7diPsd8mn#)>l$3@n!Ggw!Ha4s_xDZHp7y^8qrY3#ii%}*F4CZ#< zRyu0L8yR9@2~(?)u`bmAgW7xF1K_d!V(o1E-&{=&>p@~A+T8v}J+vlfRZBgPGcx|Z zCfN80HFJZvMbd-ZYcG#*Dmj-OkBkPtq_gT)9_DEPwl9E%Z5_^vN=jOM7SUNd3-EfU z!hqm5j*EkL>%SfqQn0%VoRre}cl145U_D+@bxuzA@US;P7p9YS+<&|cJ_^ep9bq^* z-lag4aA(qM!U5u4rol(YnfDkupvw+yv$`54A?Y3AJGphy!-+VyiBl)YdrwrW^_7&@SyafY7aWa_R!GK zTJ7D(D7&-ieU|4%&;KP=*xSyu!ogUiT6i-T7V+{GiGt#I>>(&H(z~*zrg3Du5kdMr zgS|688{Je!Mv$oRz0ErejX?l0yloE)KX5z!B@@U{Pv%l&j^& zMsRfl4VPyB%4n-sIW?>DLLkMIiU##cGakWW?CK*D|L4%n1Cij2jQp;ykoCD42L9qv zp{<4LvT2Kdg6Az)ZYa}J0cmokzqX^JiM_prb8SDz!RfwbX>oB2kuJCu+Ky6Zh-sl1 z%4*tDQa{RdEju;5&u<(oEeA)2S~nB?wxz)7FGtB#Sn!AkYl}|2cGCH*dy2p)|MuBvs=gvp4d#~(lV-16QCXh7bsXwsU-VKy>w0*GBw49CM`rm)b&dOIc-B$ha6i|!N7 zKemk(P&YH7nd|CWm{6b)H2vTH;xO=O5--1PG>Tr>?G@g`{XJL_{NvzZ*UxEa(u7GS zqD!l$s&28v#9d!s7y#np0K5GOFb7LPaXo9Ef!)LUBQQCH^!8`v=DvWV<1O`J`#ph1 z@ev=0%|I(vU1ohGZ$KIV0uM_qc7;P@&<-Wi z7Po_%)a!`~no$;!D6r5ni5V@0EnnHxOu&8pPav&9%5$)42o!D_Jq0r}GXggGfBp|U z`!FEr0EuDa!0nPNEG|yf@o~3yk5-<^hh8z=X%zPiCi2Y%odWG3rT!?_%U+i#7I@@I zgd^!->p}wKGVs%jGm;84p^B)eM?1rsfNlxN&tI}uTc3!%{Q2qXL4JtXU*d};bhN|k z#!FwnLoeCLP%YF9y0as&P)l>Q{bM(WyxoGI`}6oJGx{t0!I8KM=qihKH*-Xy=4MEg zc16Y17wOBFD0z=RW6}QREYi7han=JdH8gl9t@9&R-YRQRI~Nbn-KAOA$y8%YY&AbW z`SL91?*&%V#7b+l+@sTY_Zhy(iPne6$me%NX4yv2(AyT?E}HHtn~_|&gB}*^kx@ou zBwAGDF4Ti?ERK3m+T`W=T$=Lh)YylKZ_qiVrKO3uvs0nuT|HC6@3sdA3iVk9lv>ifRKK`ko2HGu^14ne{YwAdhjNlQaR88)C!)p`2$mq`X&m zo%KL<)@}7HA%5S|T__}nJJzq?V7mi)VQ^eR>e{liS;@$dojDAB1huleH0GQI_#HIV z)dfEBMV|9=a@t+(+6}!lB#_mDRaERbdu>XC3Z2{TauB}U_yWBxMoy&Ch%&9K&D__= zC#S~!w<-*Fa`wg$@EXo}Z!Ic*|8wV@ogXCcy z+I4o%z-v6_K8(JPs3fAiJ-xPnp2Y9tr4&3TvfjxwS9FjZ*{!yq4+#>AZ+16a-T3A; z=1Gr9jRm9j`T4M=-6Gx)Xf2T0C;xPzI@Oz(jlZWP~ z(D^0t_H<7@48@m*odSsoVEBCl8xG$OmOiOAg4*I@~3GDnZmQ;hWO9AKm_RTvNnq7M#Md_X+P+9tW zS2!ITql5ksOY9~9cB>C+9JlTALRnw`!&LzW8=a)IS4~Hq4Wdbf4fNkk>Nb*JP%!ts zTn-#7$_WG?0&J{rfW;!=@mlfxO&!`N+owxBT21!BdUCR-y*-$BD9p_290R^4^cI%jK0e~FoLi2J zo?tnki^@*y`ZShy3+O$_(Q;Il*I+GPRq9Xk_7pkvAXNf10(>aSW)nMaAUr-e=>3k7 zQTNrLjO-1ssty<@>r~Q#n_K-yBU%frDHe z9x=`5o7G+*@y`9na48p+cnACh+C`)t8pOPlA+L}E0-3!)F2{`zc`*2&T((^d(le8~ z-~N*R&$XVm#U$-$gvTsi4Z?Zi+g$I6dBfl1 zn1P8uQBzIo)$`|%^!D>{io+t7;ZQ&#YW9vJ_HQ7~VPRoGTE^36z3(p^(J0WNv|{&R zIqmJfifQkHqbW>bRgTs5H+q28G*3$M1;M9$&!G9R@VgTsD89SHcVT;bdxi1Am39lE z9D6ge-CgI`#Ob%Ed|?pPn2qS)4?9e1aqUuJPYnhIwF(+HXq1CSy@`Dy)qF(>jI4%A^0+YYT%ilq2c*rExy~y zQUo(n$0fiSFH}jBC5P%!00Y3RvmIv4Nexp~W#4r#J>N2^kPgwaM8li<^CA?3gf}PU z-3u4AE02?u$9C_Fq<1^r?C>t5NFmB%K|h7}hnH=jtFv5@R99`CYfP zE*~8_vi?1+|AdxnImuEIS9$9Il@1HV10N~?Unr{m_T;dm-=X5z^8)rh-|Og5JkuzM zA;)NYEjFDojW#dP7Mfi=Ux6B;toY5eXK)nVB**>Xy?2y{QsWQ{mTd`#M{xdNc|Pdz^ZQ0o z(LR=oi4>}w*CwA=Uh*h}GqONF(~4(cZg~KsR7Zguv*-@MTkFV*(%(=&DV4>rRT%TvOisIqf*O?=j$6FPx1ZLXA^r^i|Luons z=Vcq4R1}n95z#9q1Hf%fd*i4vd$~h@- zemMq7r%}*PIzS5pIYdUZ7dSt>d+5SlWb*RzVX)ShF}pDy$YLLWjz84}Hq@B{#Xpg$ z8CcLaoj;KBU0q!IX(&kq+`4^k)6P217>z7LAb-T)Ev>8sWMx%X7q_>IdJ=Di5YSZ? z4Gs^>%E`45LxbLV-Vk<$DThonG+ezR77V{{_}ia51=4U4_{__r>6I=VnCAZ+qYdsu zk^J{0e1Tt<%HT%*z}bn+j;YL?zEn?<9zc!U0GvJuAAqoD=!A`_vg>Q`3D_V+lVoDP z)2~S$1`a1OEYG!00D42OdB8LAaJt$=c%g-da~THYMi(0!B9xa}bWrI7Uj4epMw5in zl9K;Y7A!G|%m#gpvrGN@Jj2kb^wwK332|8hh_=Z=OG`#-=Xc?6i1j8vvZbx82+%iA zibS*iLQY?rzOFHvp(620Z}Imph>#UEHwWX@lQ0GbYb{T+ct;0lcB2F^CLJn^%iA;c zfI#SbMuL@vFy%V2I5QKQp8nxUEW2=zl%$kda9GYG!Dl^&!4mwHq@`k`Rk|zVhn7Xa zra>Kjrq^8*zd1e&N`aQE8++8)B;GF;US{9Yk`@&Ok3`ddQ%u&X_(`}k1hQs)P{bTg z6g}}L&3W&Lo$cBla+r_NgT$GDh#-uvt!=&cN=PFr3ipe$wuRnw3<)-u+|A4yNN)wc z31HMkFes~1I*G`xh>mV~Su8Fnh&wqsniAL^jOV^Vkxj7#6bRIqPuQ6g%q#ie`_kaC z8+=bH_WZvjlPUDKGSKjTI;;Yl776FuH&uWGshFid`#U#$ zHW|!f5L_h@@B(8$YW^OZcLQ#~GVpY)d%1j{#G|K_JUl)7T-{^xhZ9QO z9{xQNn}N%8)6?vL&{dR?VFI{RTJb#U_jr)|d?sn`Gq|^lB1%~}_flqm zfBzhG?$)z9W?L6t7g#iJ3_72l0^rb};{@y)L0S8gG}`6+Zot&mEfS+BwbJIf%yFWv z+hqBJVBR_G@TDH?8KVQXh9)X+k-O_BP^Bo#wVDy>s|pGbORFonOtKCS4*}$Scf44s z_i2KG-DqB4U*E5GUo0y~(h8dWeQBu$h{-`glyU|N3a>))nRBt{BO+u)M7rn7U=GGh z-mL^c2;TIke}5?Wr%&l0ldQc}#tKgs`Ek`R;QLDMr%;t1wm{?xE#V<%74fLv_6DoRo9#`g8N|;mb99$@VlJ49k`~8Z# zc6Rc{#;zg(jvv2l79u0$d;z1veVwY84u1=^7ZtIVGfy**#d!YdB0Ybp{t7(JqzM$J zNhFcf)Zd>_Q`2yGsPH5f77|gwQ73daMb+g_^wo%xzeaFfZ=|!kzS2q=OMB+kFK2HpvB-tpa1thks{sh;CYn1o78v)ROj4bSr3LNTgb|)3L9ml>h@n?^WZZj07fn~ZABk8JvlL<0b5P_ zrhDu!`!1FisAA|P7I6RLORbq=!f3Cr>25FV1_y0ROYAGlMIS&X2Ncw=T(%>feydG< zkxEvYva;a(R%gCJsg%Z1NIJE(JuWJ@8~ITj7B3c9%ZBqT-P}}C82fd#SWz*!T+no*!WCHot885@F?MEveiP!2hC1sJU{IH-m(^in|Y5uTTR~IlePwMNTPjlhnz{!k5EPkaa zlFvw$4?LvqPf8aTB9eze(H!`RhLp~p&CJfeLl?^1E6f>MwYwx}T zo)lOqrli(W6*@9LdtI+>AN_cFqa%Re1HC#tw5FV1z{H|0AuOe*m>!rv3mPs4Y{$Q`cX*iS1(V&B z@+A@)MV%*begH@}88S1&ffLc2^c;;rqB1)>8z5qIhhxRl6@WEUPJa>Af4tC4!@w`1 z^Qj2wuOM3w(u;@>n6`XJ&6ZHSw)#=MCrhc&0(@Nj+=~>182qHova(}cxKE{;m8vH! zSPZqx!YNkWs2tDeElyVuhJwM@dhi-%LEp~mzPQM<>AZf;fHvYSB7#-3brfTO0c4@y zPcOnFA|?@eR!N0%Mc0jHmX?66i-)Iy1qB+JDj^PVNc12C>YjTFKqCP{uk`z8`rNyF z^o=JULt(I~7Y*URpN2(5@)^vsv#A=N14(Bp=5^nVLZCaeJ|RB4XldJ&L!u)OBQ9he zfs(%2mq?xwBj$a6ys|Qwsy!kQxlJulA8l~f^}3d=t%_yk8Nuajc13+lpOgEg6kIY6 zTBIE{3CS&Tuhr;Ex$z0)9u<{vMVr%ge3@yqgPzdt^bdDuCZ;kk0*89Kl~Wx5xO;ef z?o{%C$%I$67yW(v9nIBs*1|Ln5wXEiNFBX0_41P5C+?Vb*mNSL4tL=D<}JV28er)Yly71G*)xZ(V45I`Cj-FD{bUI9{Ac>KoCD z^vFDCY3R25a4$1h{GT^@fWHNH)5O#!2^swBYR*nTSM#j;b-;P8#W;n&dh;^?KPSB7 zZEi|?g%R^FpY0e1#mII74YatpnV;WAIv>dMw{6z>#Q(CT@BKCyO-l?h1aO{x9RNnd zNC`IT*cyT`H^F;SzFu_zWN4&j5CU~_a)Q)Q(-Z~;1%W@=$w}vP0>DouzzxEQRw6*3 z!wE~E*w*jxx%poNw+B!FETkYT04^N?fwuCb`&edYo$(H#I+5+k?i)d;va+_7*n5o? z@2@Q;dn9NzB@|%Z*C^NV{&lG?X9ko2Pfv01J-l~=^X3kwUgwYS%Jb(zZ=Nk~Ze_3Np_9BU+KUHp4`Q0c|)nl@+ZT;^->0bBaE)({h9 zXXE={Q$)^ErMpFD6W)9h@0&grsF&cU@6PrqNd0f+S;tnT;4EIR%Ka9&_1ffLyDAOvpI^rw~y zTX{kx8{{kR^9hK7(BGimytb#O&CSi6&CQiIezcU<)`5^H-E%6HTZHLGU|#O?u{t%A z-`_|{Nv$+HH^$%SMaEFGvKeO^tLrs8aZ*!r(QsF`iP#uzp^^~b`hvjyQ@0@%DYIWw zuSte+b^rF%OJoUG@LmD*&>Ilw=H{xx!jh`0pf5KgBSRn|K{!3VZ(JC!y#4cgE*vEv zAr}rG;f|8En({r%XHfiOJJ_fTm>32Aws?DbG&z>0bVRne%*=8E((CiG|F*2}^ryAm z?S$ZvjZk$<5bW>fN^bHlkB>jZ_Ms#R$LMBeD2t3{y1fwgl3H?^PD)+YR}GAr_^{(^ z+FfNhrlP{aP;vo25*{1}Wwi>7S4wH+lj+fon=5y2`l=sW0QB^Qk>J0kmdxHhL2#7{ zQVh3u_|(tkZ*Wk+h5@l}6C`yq2hy%aL!~8$)6@TiR~>l~;~yu>DS`=W9k9#<>J{0d zS~?|&1QzjIRCHVkm7&c8bpqVgxJ>3_Z^99g|9UP(cCbBVSBM})xv?nm5ttwL z50S|l8g9|i3c8J_{B9#VoB6}@s{$4J?S8k%!NAZ5IXpaNCUVcW8j||Dd>b1ENP@0` zYoMzKn1^U+%o5nKQ!IjItnAX&@3uB&M*lD1WB179Vgx|2Fsr?hYH`QXNbz{W0He6% zWY>*uGj?ZJMT?{n5yLZp(||~k``McJ`A-0GU}P78d}n$2UP@9*@lq8~VDG>Ng+;W_ zvaEyPw03o6gHT0(EL~~;1dy9dpqgb`?Ep>tRyd~DaqRZ{0UeD^e`{zepMF(Q%tqae5e($~ z8|p(qyos4zBfw4o*h?aG>IBjooGwo(j{y9+JzkBOHKU4bYv#DTpI`GM>!;+?6?D?- z0XLAej^L!aAvq#AyuR9f9lX!c;GwZNS-QE}$iXXypEDT?0z!ql^2NxTLSIuB)rAdc32M8Vm-y zGxznY%c@#zB!DB(IF;{k zo4|HpaAqD=x8eb+PUfqd%K!DUYG#N=fWXlEKfj5b>_J?DEz*2EgYjR64!=gQXVCh} z5XhuXn0aJ_F8ZC)xU-^RxR9BR763y4eIC=3Nw;CD%cwXiN?`Nw%zwhm?OpdSHjM&# z$c!s(OKU3t3IJYxyz1^49iPtjIvA59Cx?K#c4TBvOJ`}Mp(?}7oXk!@iCR^9iI$bN z2T7pamHt_?d6H#cV=PoWH3tr8fj}~~1$j0CsRHX4I?)`!_)?UTvpu`}NJEtr4GN^q z{Hi8OYWy~-_SYGAY*jVeMzA&vqz^^`APzANeGkMrPlz3aX&Qe0G2x3^48 z<$TO*@2_yQ_2)YQrXPD_nJ+!!9Xc)aSNIEOvs|1svm zti9KV@U*1hIgN&yDyZGVq<4Z|3=+S?n543gxY}hLpDlTC#Ono@< zqOb5#A0I^4cTt=eu!w*9!V@i9YxHrZk=1E7M_X z7B-SoQd55}y7vnA!Z9e-BgbzyU2xx}dhJ>%xWq%9osd7ry!d0MsV8a*5qB8$_0e=x_3z=@uPco_aHto`5>0*nQULW{Dg_?xIFM}wwZ>{= zY@!c*NvYc2$IAP6|8-f}JnKekrDHOzrnP@bA*C_kj9O(SFEFm;qCfSqv9aaANqfA` zqcHc%n~UxWDan3URAB`xnmVkD!4H4CfoYvoaD&vKVc0(hm)MXcQbN`1=nE$g)qDPB zgF^0)-Cqwf?72G4`cdcZ6P{b_fAVz?4*GHDlx)lY)hFbAow|(Y^g-Cpp4du*FN3pd zwu?pilD;amj~1)KKKJw81HKf^MfpAMP7meu~5nKMOL zHWg~R$r>m<_GK4V!^C9g$%L#!1AocCNXXg$5;H5Kq@fX8#{6m}C;1ugQ>c*#VxApbAAwq$4j*%bM6&%F^4@NIpS-Ka;70UXz((HZFA#u404oxup z_2WF`26vF)P?18!T?QLFJ4n$Ky&{LV7#oL#FabN!L+sX8kR9x@v~`h^V4Oa`&xAj`g|yowG=4F7g@9Z03NiYk6s&m?4qhvZ>aJz2(# zAR%WcEvV?o1=TNfpD41O2s?bu94Z`wKQpOD>vgzGqlEFpX~?NxSVZeQS21MuzC55RFUaPqpkyJP7d?a(kaGJ=a~a$FXRWZ?ASmqxSbLJ-RO z5xh#n8-h!n@p9-Pzc!wHS{V^KRW&suiz`YRhZR}&Jtw+Ed@hJMb0!Cp6tx-7pIQlL z?_PsSaaS62`1{`)kaL^DzrLS`bZjNZKas+SPBU-XZatpc`QhjRX+=Nw>FWo4N9*(NKv zN20s!gX%pxI13BORpzEcVqfeoKnA*D*I|xkPzuibD#EvNrmjsqm+AAe#{_e_mvwjb zKY0=j&)8*Y6nMeJ!p@Kj;;{V*zr$Vy8@FGEvqfRAS4w8K*qL*2Nf+N6}4MT z=YF0J%_cv^)zl$x9dCVxMW=k}PVAv{oj>neO|+ox0h{owX#M(iujM${Zx*Z;R1T2v z3V?HGeKJ?CUVN2l(@gVcF{E}NwQe3uJ$|}{HlONp85kFp=AV+a>ggkykY{uAg+5-erW-Piys~Bw@4uA- z)i=1|H1bduRsW&4fn`v0WPWA_0>nex9$vcfu%JUv5h706M zLt6LD^tjWux^Xn~K;a{(;>pm!m(UBP6BIpmQg2PA(=pS~$Qf+3+VvfdcPG8m)4ONh zSiRVGQK}ZC3eK#LG~!tGUPDF4nwnlNKVYIz#vo)1NJ_nWkQ=9wRrgK0Vd4baKoAu5 zfpc8CfAYjcGde(utkbl4oL2KbtAMv}-JWZwIR*B=D<@`wy`a7Yes4WrPf4vnGjg!KGpWH6YT&7OLN*_g+fFUAgO8n^A$C{6lOYfS zIL;g_hRID%Homa~^7VE-%Cc_U19*pg$a&noVaIF!ZXc*`E0+sDH`s&!T>qugau&!T zhBuFl{4j-He6nrCGu#nwWQIZpM~~`!*Zn0#e@bC{?g8-dFK)ZBOHJQIgb2sF<4oft zJ__(dJqdk%Fl&JD+Jj0|ozlFiWi)y;)gaxCXNKc;!uk7?_7)bq>iqsKcydyQYn0hi z48ubBvYm=9mQK(m;<2p^Rr76?hItYzIKagvB~r~@H{JIX4TA#}ic3j>BRb;8BH)OQ zFjvCK^I1?xH|3-1(wmiX$m7;`pcW?mesMuxoyVghB5b`#PKjWBoMl^XHm@#V|$Py%$GLJ~ zgFUXnA^(56AlCw_`(*rK9wKJ9_4x$g;+2VT{I3Iwmqt65kL`~F6h0!Hc-Np8&V}Cj zIyZKtg8s_|>uE@krjIlt=5Esxa`yC+eI|RoQV41Ufxy9aD!Sp2UisMaiKl1LkhR_5 z+Z(B2Sy|gV4>K~l^!#juiY_{J@9NRQaNJd~Cb*;|Cf9#!0+oZhTGAaJOBKyG!I1Ss zMO&zj+sX{G&D_HrI|#NP1lhww`rh5U;TNpKShPUI#E(o6u$j90~p|MO1_;2tl#ds!_=Ewf@!S1q|NL6b0H(_qs#%9{~eUy%O~ zq^-urJl-*_EwJM-M+q3zQW)Xq%KKg5#xW^A;(cSNbm790+*1r0kZz7extapP973u^#qt65?c!xt5lAuEq>6 zZ;nz`J{Jc^o-67QwFu_6T7$|_m4?BuZg`{m1TikIDD#%l94oeyY-~G+`w1F+fANoh zVvxF2*fEjyp3nQSfu~M8HBMyJ6RUKCIyE7S3jy~(7Hm>`rJZhm!7X`@wtG=g-6z6O{5kYjXy~2Pqk<%se=HO|1&^HO z*FE4Fe#1sW?^s9kr1v%J)2H_+c|%g^pa9FlaJm&hfYp1yrKO6pF9js{O{JFjA{f7_IPgC4K`EVe?@2OxFh>y{9l$j9$tix=i>O!48f_xFr_g1 zntA)ZYvtB?u{x7KcC-3n+6$GzE%P}LcC?2zi(&VPV|!|O{yunBDfAfBJ?@i5rTvOn z+P_7js&9M$hcAcKNbL`@Z$!8sRpzwO*>&Oy^@X;J`md7r3I_Zgma)fOyR1T{ubfBb z+NGV{*8kj>`$xi@=PXUipGOWp?4gc7eD|VO_e0i8M;DJAWVgQ0;KTpt0ok=e>f@O_ za9iAA$Hfkg#2+6Rw;esnG`ppLU(G*CTf3&6dG7pi=L#eK$rROhA}goVN4s-wdygja zs1%r_EB^6}K>ND=z*z{W_eOD1OP%_2Z`5BOsV}&o{`h{-+v4DQk$68UJw~Zcw%lV- z;@;s8hB%$eSoV#=hR3A%yiYpuo9Cm&{h>&_=++7z#@dSYTES9CL1M>VKB({heg78f z2nFi(s$Y6vA!&?>=z4VwSy?JJuhnJd3GWJlNFJ^)$OBAG zODimDQ_r?`tKxxF>9$Nu*{a36j(^FE(_*lM^7+b@l%u153~({|ubc;}_8+_sH%y&?EDstz=)tBFMdmBS#Q#H6K-ZQkL7_pBv|F3WEln3(o44TKX-aSHf>r) z#*b60{XG7Q8EAjjACA&aq7MP6Lb=)+5`s&=diBb0C5F{)DMR{B1DTT zj<0p7d!*>Bw@Wee=1U2-0e_)3|9TH+cYsVyE_{_==Q8}{y&XAeF|~D#eemd+g5RgT z$Hw*^+kC@71S_28g#VnLrK``aZ6@Jn7GB;P*$&!rRI1`N*UM$$4+ zzuoSDe1V;5&r~MNDNuuRgn9GRK z*gx}X(`^)$h_t}1IJ+riZH_lkhkq=>a(`P7&6<^66|IPXlP>(`9cb~_zfFZv>LrC} zx{%3Z-}0W|WIIvl8ntmPjc2%28Yt!>iLcRpO$FA-!7V>$-!k|g=4@{HFHZ9DqB43) zF}SozNFN*OK)Qt}1q1#Cn$fNoS6@*c69$lD=z7(IQ1COk$Ie+&yzgvEWI@`_&^GE1Cuao&L$^6eqqa6Tn=R&noWElL`#S*|dMV`vm+= zTJgn~l()qo1Q>x)IgcLNEPsf0!l)c!9j?#s0`fJ6&7c0B|X5S(hrSj%+zja&9GdDTC{9oHy zPQh#@Sj*;yXqR98HXTN(5Q_H}$#-UKG9+XJX7HPgfJGQn|4oQtNt&%+MqGqVRuho~ z-}&)!LNVo4G@!f&MT;Xrtdut&ZPwIXm768)_rLPV!YIl&GW{QdkGlRw?rQ~xO{qqd z4=GL1#Z9tCHb__OWttXdCw@}^dyw_b-4*=-{LP&k_+6iY6hHYkzbGZP`L8E*u@EW%oDyz4$cm2wg{I}f0Ge^ov(bGELYL4-#X#*#%})p?C&xL#^TIox&QPp zqKyul_4^Iz_dZ(u$#tF{Vp{i25jLwafYje>S(x42HTg=RNV%YslxA!5D?kDm9rJXp zvi5J10g4K$C-vL%{a<@B6LW=p?~a$J;uAwsP;wUVcSSc{@9VC1pg6p#L-93S!m z1@%rMPTfzwa$igj0x54a_B|T0j49=!(wn3REEZYIT?I#k66JsQB|wjz7oC4oATakW zFQhiNu@~_%;9@W4wii|4E$54+crzc$_g?>DN#FkusUBUyw^Wq zwJH~14~T%NcdxCFopNDgjriTL?`J6G`P-HOe|7V)YY^!DT)~sgg2aGW=FwNF8Egx` z^A=ffep+?*$S(%}X4;^xfGtDma=X=UlmbU|D07zJ`nxX&EMpQ{#?ex$?f+#|5Hpfe zzGT|6(D?g`0c$`ncD^xlcB1#UwFKNS9goUp*K{zt%dVuQKYzxImrdtRV}hsquM77& zhq#p4wDq3fdsd=Ul2?Q&YH#4VaQCm~5l0z);%$X(LrCwB8DIE=O@{vwBcI{lFH;pd z|2!9Z#8*M_a)fuu`vZHTe@bp8qT>mgLb0|7ZzR)4+Kw%13}z=T&k>ew64Qi4FzU-g zTel$pLQT8tc?J}s8C4G6-cEjUp|K=hrzT!n$3jU$9aXlP=?edc=;7?(dkB#5Vke{_(( z(w=Cx*kdMC?qt$Y<0j9o#&nb1z>z$6g>vl9N}i^d%~&<@rGK}hoEPG!f->9=EH&MB zPU_C~pdTc3w*|EAK1KfEnL$CcLHqZk5&1EOkK7g5F0YL2fh~DplY#D)EEPNhk5`FS zk$}uQ+lJ$Cp>&n4AI1BPJahci5v>tAHM=W${y-WJ)yxv~cCX@T;$)Nx{%dtoO_BwD zdY1~K_ph?^0&d)x;e@uM^M5`DALS&!xA4(bHl=bTx+{!7hYO)FP%LQUb78%LzC}5? z46(F@X;-Z*BNMAD!#f8vOy?J^I7ICI51I%OPXWp-*hH@1;T$M*Ch2^{2*mmRBY%dyXY zRD5%P6xX})?;XodE+5Lmt%hr3XwzFJXVjYxoQt5c*Pq>)hcS1nt2}7j$SRuJ7x@-l zYQL!28k=Agz}*ud&xIQaE6m<&R*%Y=$taJjFlOzSl0315gW@k6Bo42 zWN@Z9fnYmNsHPVq&EeED%xFD^r6x$s**-5LIZq3V;uZ~yf~c5;9&fYltbNUz%{*~! zuAH|wemY7t`5f+wZS|r9;YVx}=@-e77a6EqMxD+3fAzB#HiqdS=36eqreejS};x1ii6pnfC@beCov+%xy?}Y|z)Rxv_^PBM!+X2L}o; z1tymU54Fxj975ltZ<%hYp!)XdW>r;bo!HJvT)L_6-& zY-qJ=(@N1XdGn*8re*>Nb2 z?OJEr>GEpzt5PK=ZaXm~Gl%NtaSTZFwVBTUo7@UeX6_gk-6O|GaCE(O>-$J-!_EFH zk4}09Gy0ej2nQf<=enlZ_mSu3R~8;?CJz;ODaW<`XpTIi<=U*(wlrfGwz6=5nS^yC zh#+0n1;!5La>hv5u*HO}5akdlck#-wlm^LP6`eM3%aZXjRW2k$_`UED82QFl{nTb2 zwG^FL!XvB20Zb1?H*QIaLx!RRm=YPu@>pk z(YT%QM4C;`hvc1@#gjy_C(}C32{%j`7W)hRDwG`N7fVM9K}QV}^IAft8U~32?5)oN z&W0RmmfzGlmO7%-y_dvcl&(A6bE=;(fmwnfuvezzXaiLjjNhNa%|dmC!;KzTuhub* z8R6k@uB$le2yImG@rgNXBntl~$M0TM?ow)tL}Ef+J0T=Hsc)P1n7D&uCAP^{QrFAC z4%MA5B8*E2>$9HkC#-n^!zHmgHF!+<0+UonNK2E%{=3pYDZ0u`@==|)^hmjjYBh(@ywnGb@ zR2U;vAvf-nGsnQiR5OM`^TJ^6p-$YrWZn6zY248s9_?~AoimwSlk$Jr`L3kAlX(o#KWGiM*kW|`9d)I3Nhmo|(&W7@*w;CNpw z%bG)%s29Q{g)=#Cvar}cB8}2Sv@C0`yAccEM(p`U3~^UbfQl)%%rIARgL{Uv0uE&H zjy>|Ai`U3F|NeeeI_7WOL8s%KCUEoX=C4JWq(TlMqMp@m!*}YUn&YyGC%*kQbW;Xr+dKhpT_*Nod0g^O7~P;br&7;$}- zx@pQe+)h6o|0qPGdFQaLyzoqJ6pf=%|GcD7PN%g}wjlF7tW0(0rZxp45(S2+MO%UB&aFVaI*+hp|VTw^&r;TGLSuh#BTgdC?}l5FMy4D=a$y zG`)4~8zB`ujMirZNrzk=rgzeEI!5BTYt1t-f6pI*WyW5$7=6}Lj#aZDh-kjI(f93a z5yo6I%{fsH(34`|t5I979xQS?JIVgwd+^3=h;0$0S^K~xoWE$gZC320U)~tDBVF6v z3|kv{B;CKs#lRNFh-w)xkPe7;*=+ax`su+BXwzDdifpx!*Ny4{_viIe+uKH}I{UQd z5UsW`@$chlK~D5?4)$Z7X@!K-tydYPK=)RHgj6L#>SIsk!r}G1LDD+H$C{5j&ZKq4 zI;0kA-)xR$ql?QTeR*#XCh4CzT*2h3TQ0eC$)Py=S!sjj^j(-kp2NwvRixM`|AUJR z%Pgji>5vdOm>j##ius)h0b+4JwZcA^e&(9)q*ReZ+TSYNgE=8NCt~rIk6Yv zs2n!;yU!yrrzt;_d*oR=R_jm{wr(G&VGgldNm!=YhL*E!a9&k0^lbg$XWP7!MzpOj zr-cMs`T6=?jcz5?Yx@#X(`Lc^R>~n-Y)0TasD8Z3+|_XwD{=$euCE;g(dwn37sB!d zhOP@Z@(>=R1L3Fou>9Uq?n={48UN-C&weZHpx4CAM-#T;ZJJ4_1&0rQ!LR}&A;7Rf z+GTpgBUwDfV}`N6RgT56jhTrz!Ln#S{Vt>4w1KhbY#q9h)TiAxMT;@QEwz(ycN($J zJq>clw3=h9=7hcS=wzBlvL&k=K#z!dUN7u&M@ir&TNO($l(3Npm7R{b`#3uSk;wDH zl*zChg1c!?5-H$rcsuDFqFk=QP0b@UACeP_= zUYsqK!xYVV5QR64CwgSoOwn>LwOVn|37YqPub+$4$WRs1Xx0kSm1KE?8)(}3(y!j8 z>rCZbX|ws;DgOl0R7Sl=&B*H+VuzJnV0vG-KE_C#Y&k40oPq)(fB)?WKh{pKkKi!Dk zVWH>t{&mb~Wf1z@h%%12agQ^v#^>FBYx7ZC^@g@QxV>Vh@D^3y6*i*s1x6{c^^tC0 z>!CshK?g*D;;WX*_aBt;0ZT=2l+YhNzi*{mCX;h zHgy%N^J+ncacvNre%VB66NafZ_+%A(iI8r8rL#^xEf?yDM|%Jkpo(2ty8!+Hgr+WD zx}8INR%Qe40dT@@eWbAEyfS7o(UX60QG6}j7pk?^LH5HHUF10Ix-hoEY+r1qas=Ki_~p1h;ETY^ zKx6S2Di|FEg;#U}zD zE3I(!24eoHSw!F8u={F6@wJ2p4R;NTi}3~(5pkf2XeyB3y_wvMRXlK|BblNXl%FXV z7+N?>gprb77OW#{vjX1k2aMNTWhkILaX`vfAxEn3u{w(C)i=(q zgMhO?;EAS^{Ms8F-{W-@#WF4CM%yV!VKXH`6-B#dsc(=#G?eQ1ayccqSWpn#thFLv zU;8{4#bhIGue2xgN_%V;tf_vHB#XuX-#wez0{Usto}5BMyZ&%(Vi!2Fz=lt6B7Yrd zbMP7ul@W|`!)_g^cdrca-L>9IcOwtuxg>cN8$v10W)iE(Yi7gV>e|!#_jTLBmezYW zC(t6wSsao046EJ&BjwBvPa_|l^g@=%6=NVAg6KNVj$v~0@9jD)? zHH)jywX#5DH*M9ab*?|fC}oz`%wz26=y_Jp{B6L{+IyOkV3*9@6popIBg-Y|Z7$c$ z6D$c4q5~Xu|M^&z=>_wukcY+suUErX z!?Jp)yHv!^CG&2PobuzEjL2*1uSnM6Jw@m9LM&z*?h0Fy8h)^~@v==6eeiWYZZ@k) z&tW<1Oni@FP1AX$(Vpp5MqSU-)8bXs%CA@Kp>wv$ruqfb*>>Mv^?3YX%suWbw9`$& zo)%f6T55`=@sHh6g61mxW->p5t@>XX6-KFu_4+;y@Dpq9j`-${cgiRB@(<9Y-W=(| zYl@PI*OxjDq1nvyR9`{wA}xD`rWXzRKQq|8aYw##a^X#k&Oy=4&Q#(7=I4wlg9YZy z#*nUpc}Ob9o8{V}ZWb68K2}!y*~1}knCtYxXuB~U}(}nZu1X222I|y z4@}inKN!U3-tDI4L>sqdSrt0tnpo+ty~R8Bmi16inCI0z_4l!}^4O zo6YlEOU46nr9QGfrC3tz?tpZsBOGNmi+tLJ3adt~qwt2$+5D9n5dGlx@qz zE?3_6E3k`M;^M@+RA~Xn$(cr%kn1@yR_16Uz7M(u>`q7RVuG>CUXiuMVwTNcW%an( zYlb?5Tf)3n0<_@USXhRdTtH5zAs-v(_|K<+eT2&|jq02X)E1KJv+0R%l46BkjO}BT z5?98s4FFhfG!lO`<743)S+*8I8!f%qqUU)>jD(6Fmk$=kHr3*;>gN@(zfbK54vS3z z=p)CxjL5f`?A_sBDUEw6Vm(F{uF&d|M1VzZ1jB|w1f0v);yyM}J#Q8$FnG_6*7byT zn`n2!p$Y#uOs@S$ypXpbDrhNuDSjfbT5}dCpt{u1C8*8K-!mR`@62v=UZYiKT&7NH z?9Nxl89E1EauyEW^FwE`mEmQY|?o!IL!$5zp{)jZ!(U?r&C?iUNZed)Y#s;ubC~zfw8vbZTm$ zxom0)JL2(zQ3^NmcD|!L{2+IxpWS^AE*A0>t<}Iw5*O=9M&y=29bsGN7g9T5U+~@I zD|hkr;kma|U%Cq=<-hP)b-Y?n#7+>;hmo;YzCIJ)7ug#*lU?N0n{a}4 zq@}UtoL=~Ty-o*NV}?S^$%TBig`+8#ji@7NHVg#W>5sR#dx+orEJ5c$u-M7FYA(lI zxv3*Y`%`|(KTx&m9J;zBFq>X<7b7G>cq^EIPYg8IOxJ1SG*f1>nr)TMcX~=4@zah$ zQm@QBi*13kY2J~|u4|o7;Ey_ZD5&y#-);5E@L>wFl`3Nq8Hqe3E3Ofct7mAvFc*f0 zW7P!zg(B4+gZgB~kUW!;Os}H!$wx)+FqPf=iEr?!rSiqDnNB1kA3@8S)ZkULc(*9L zBe|%T_+}KHTL-rI+(>$_oxp?lso)DGgrCo2?3HEavu%-QQBT%s9olUqm&qoR`BJ}} zo|ep6;rInuRjk%F?0zMl0VisDWK*mF4n?-j+L8;tT|JNR`lcM>PDR5djBdv$oTo=j zQU_>IUTe!@BdqTH_q*CDyw)_Ef|)Cf$mP!q2l z2BjP+90D=NNv@h&B?@QJX3+MAPQ&OxlCe=_xyd_G=gOI#bV*QV*d|@B{JNv>p7PsB zw-u6zD_)7W)0z1mlVrSmGN56RJFzJxzvq$1 z-d(Z&cg80rt-ZEb-*fb>;!|os)bK$9JCH5ITx?H)bQb`6W3*>>?b~8~Tl5z4YhM#N zB&&{oqu9K!qY9*W=O!;HTt1`;n0rIiO#o39C)GLA4m!(=-t|p)%nD)a-J>0 ztmTTx2V~HpSj5{MiT`N!ZfbmL$nu8HD6&NVJ!-)4pv=#J9A;^%n^Q+%@q5x9&ATbd zeh$&uB8*z=8`w%S(CFd5@4>e1o0`Yd3@9@QLg4y`#f4v+M&!Eeng8Sw#8X>>3q@jY zw_*s3o!{g$$4e}gZEMce4o24!bDLXQ4$~RaZf*@T&ApdN;m~c)t*-7{zZc@CTTw<; z?=3rp+c;&SwWQ^O#GME0;&sAEqt_6iE7Sx;<(1QMvvaIhw^bN}J!SsdPf`ZQK1LfrgvczC46i~{W2 zlNp+2!DQHyX{oGfqqIO84A-noV1IMYvO~{LEd5?-AdZ+DL{^;#+cY4sLL7H-=bxi% z9VJ{t>5~?TuFD3f`Npo|mj|_NYL(z{dCqK4P-5QFoJm5~J!ri18(@<~Os8_+o+MgiMN9dKc z9Jx7oeVBxK559- zLfG*ciTRiXV{WLn9*a}^V`=ZUXH;z~;pF^EXECg2A8Lb)JRMz$Uz5s_PY%HdbT8Yi zk08?1g)ZJuIhAA2$#D)cic;|p1Z}_E+ubg1qumqh{{U66r7M3i)E7r;GGTS-dJb1g zix6{OZleFiZLw5Jubm54S+~nMlm<695R1<4k8DgaAlP^Mtc>~aFC-edT}QWrrtjcp z5dvN$K+f6j{U zuU*rMPjjtyQF0+mj|LM$W)wgz<5g4c&69?I>qA{xok1K@{2r7+g?|T7+aOTMN#uPq zLay^S-=ym}`^Xi836?eH%VI@6?77;0mM=kp_?tFv|pRsKp=RZznNfo zy^C2&sdi0*D6DxaX7V)D^xnN9iPkRbbAv5Smzgin7_u4IS=W=aZA-8pHe&MHL0d#Y zLOGDFxWwhp`I7XSV6eVSI`~ZI<#=L&J6DlK4q2HHw-{C?vT`z>y=xEn!}6&(HO9pg zg0RyKYt$V*J-tEGAZ&0S9eJG^C##)s&VTWj1lHA^Y3LauLO_GSbwvgO9URGUuY9(S zd66Nh0(WX|jmc6cxY3II(iT@q2%O#h*cYl%V>GKDl92=#3yJoi^NVrfEAK6NB114| z$X~-F$<0a3u6YXe2ukwxyMh}P*W5jdkRNcsfYG(4#}Naq^ZmxE&DcT)=VCs__fj+q z;BD@gwI}36siP7e6KicGASjn6pf=%Xt-~9+S_pJeexJnW zGwty>?5MIaN=R9Hq9?WCtK2tXsO3N4JKtov;nM(s8j|;`dgDP0qf{-m+elHdD@cgeBY=k;KvvSMa^@>Ki0rLG6pj>2q?<95%tEXk<}D4&EYNVxlR%cki>E7 z)ZXQx3JPEfE9OWib@=wCbU3o_H=VDl9lL?RtoUk}cG=#E5A`dPCd1)=BW`@$44e1^ zp;$c6+(H%Vg&?u6a`=!{ndGt{APGzowf{z04jjy7OL*h>t8F*AjbEM5K~ON$=5Dw0 zZqwgxwZj=PY}ez;!(3$-{k(>jum-_witQMJ9ltD@GZcTAj^FiR=Yds#i4gLFg)fb*=Kma@jMTMFCdXs{f`2;A` z(J^}p+fd7E)RxrsDa0E$`mW+CBaFJ!<*Z(%JC8|hZwv3(_$LFL?&Ob4QP(mk>r-_H? z|EVlhkW}X&XY{2kn0O8M&*7SqH&nzotd3GR^}9d28pVH%Up8PjzYaq_ zKAAP2m%tG={QO|+3PPMsB+W5Pb>7Q-$+w)I`si$r=X`+Bht`nDtPFQ-iC^#ggJba* zdKbE~Cg1ef0BFKr>di8(5~zwF)D-_weOV>6HyAhmd ztGwIvegQF|!kuys!kYU1n(h4b*RY@Xi}@jzEZKhD2hW+K42e`yeoJ*`6XMsn(6a;Y zx2Boj&V0;E$Tib)eCv}E^_8@L)f^_}A!}b;+!>Ag#U}uX$mn&id}B$QW)#40rXucI z=8cQec<%Cm!?G|n)vz^{Xz%*78x@iw>T>gpNn3pT8>*A?L3w39QMzG#2OY05-IKdA zJ#^U4RZaL-nCk&1r3^fFXouH`MeoOM%`1R6?Z2mwlByr?Pp_nJ{lxy>`dA45sKzOZ zvBZDmsA0BL1AHKjz{6-YA{ii`qerT`O^{F3sq_v3d|V9;t*Mbvy8Tqf+-I*5jkfF~w@`CzR%$k( zx^^WY>0Zct3KNDz^*;jRdytE0L zkrs+ROs6^Jp5gbl6-2+8p8w$`BBRF@I68kG*CfSp?^Tyb97-1yLJ-Z;iPQWSU8 z+A85q6GNNSd#f}jUfUl`Znk#&bv>e^b!x_SGVTa@lv5k6s^}e81YK5D)r=Nfcm)8) zpdn0ldOyCQsak>Tk6#!69)2lv-~{GR}KYL zh}NfwXwwn`tOti_UQGWfAT~VBD3>{G8rvCI)Yl|j+@8r7DH-|lKQ(Ua77YOb|#-`dpBVW09HCg>a^v>r*=FOxc63zSR zhv#y`NO=X(AC%K@?)wO@-x{^1EhegjwcxDPrtE#uci zc$HfOQ2bVPrFqA!jjBS5wWk}-5qpEAniP~YoX&J7QcIEnyj(<5!ux3a^3V;6j(=3=Ss86@sQ>tnL2_~qtIQdb`t z-mLUt0{yQjT1#CfWq^@YdY$GLSa5w$>D-(>9S2<=veAQxAxL0aez$~&~Ir-seYL9jV{Da9v06S|7*eb`?LCem_z_UVG77t z=vYJYL8t3rLyNQKu$tp4Lb1hFAH2hu*ugzh(yx|QcYn4lyk2p9xt*qRCN{R0;7wyF zOHQxtWVzuCfOEmT?m``fzs8@Z{%7mw^}*V;C7$dE)z+p_{GBFX<0i|Mb(~_&k4et9 zm@|rU+q~v0?TurfWNP4~cu_u4+^ubK4f-MP5#nhFl=?*0cK$AqksFK8pIh2=_?@*n zyZXI~P)QGbe0<_l%p7g2tQ76j5r_W)*J+qQcc|y3Wlt>ltbN>{=C!rbEKRH$c0MS( zjQFGB21u59sEO>noGT=?Go))BiwuN4sl*$nKWi5-~0e51Gd4A&=cd-Y>3X&egM^!aD3BjROnPpjJTaQZ*FB} zr4lW6Lj2Zn!>5#w4)YzgOstMJQ;_Z%$Zuw;pd5WH$hYc~+QmUbfi|*m9FYb^fxXKE zbEIwv^n|@IM4W5Y`>UNrHaY6AZs2_b1)b;W;?)Z-4WAl&8v{*3e!1vE6AsePyP9@R zFY%_fnhD?LFl3I86et)#yoejgAV~tXX>Qn^Hnb39LGY^aKR_kQKd_ev`hG;S2^G_ zjn5g#_6RsIf8VI?PPOp)z;s+Y!-Sj&*!VKggya`SDAArPsqE0G^uK`^=eymc6 z&Gr}lq)4t26cTxz=5lU7GLlzFa3iN=7A8%L;0s}gW$fpcMwb|_(}7H&LSV&Kul~$hBp1Mr>*3d zuTS^0Vun5mnAEj6Pq)HoCMUzwK;V<3TVK{kQVgQE%oP4r2x1! z58zh$NqKDCOiXM-AdtCKh~TsckP|>C&>a)XWx+?NZ6<}eFFVuCVe>(^C< zOUY{m-L9K!zlO~829hFy$4qfd4m1j_b<+J>d1>YwN-OEk7k6r=p3)$@0&1aaf&BeX z*{~{kE{icrvF3S;BqAVZ(=Arz7$QC@if4Phw(H`z3ZA*bp>843xqAu`2Kn2l@=%)n?yGJq-Az z%pxUg5 zAJ=XJvXTEA(f+t-uE{|$o>f9to`(b`qoxiMbr)8%@ySBa9pO%H;!^kURBRg|*;cO_ zva;Y_Wpt~5s%JW}AxqDo;eZhInsZMnLIyExu?KZ`LJk+bv+F>I#Yu!=>=&E3OTu&% zm6X&ODiZ%$?&6}eX&j~6k$#{faBNDNF1aEa;KOlC66JL} zm80q4_WdY-?W;d>3!+7 zi}SYuP6MFm0#^&|K<0mRiG7|~YS%IAV2LCpu!(?+y3s=_BS8 zviI!~;n_+#+UTQx9FqJVZgG}lCLIUXe%p}W#MQ)+%4)#y)c@3mA zqeC=jYx2|9bQjQj|IhW|d;+$O~o2pV5-%6UGe=g9ua0T724uloFnbe$&DDWLtP>O+igF9g; z#1<9}*b#zZl|n$;4(TvQ<}|?bhnuHs92$EKVxXq|88!SE&~|vX`HA>I4_X{@A2*p) z_SvdI7d(Jn{{v!`&qWKzRVUoUeylSyb=05rK!xBadZOC3?%OF@15^ zCMYVm%6@SFkE#qtn@PLsb+z5iff%3**AbjbsfKQD>H`AbKKsE}>&skhP+ezg=;+Y6 z)2`g1*TXNT@j3SSn#TV@%qM*G2oqS5;%neLIba73iAZ*}gEexk{ zps{I_a2)9^Kc^G^xl~~Zd!j1Y1M);?Ax=P22x9-@jo2rNe5>|P7!GNC1Vi&F%V=Jm zXa;9HnsC}qy}c;`a3-ht>qoDXqM0`$boF1=#~CXYH+w=WTZWVoBF7Buai$$$U3CyQ z@9)(rO}Vv+&97qf6#I1x&-rsHkZ3G*M2si0cZuvkZ6Mq$!9?Id$^ZIAPRThe=AqyF zt>=zx-g9&DP{`Bzzu{&@ZB$%EA{v&f{s~5+tHVJtkocF_;K{=u3}TYV+sT>=E4Eu% zF_a0K)NAab4?TzSlIK4z0meK+DOEz*L6ohu4YjqA#V=ZV+SWX`8C+cy0jeCpKwL{Q~6A$nmh^ zEwR)aw{B73)rzkH7}1y9U@hd~fdGWR*hn)5(cVFS8reW64`4h1lD(mSRe>WLV={o; z)NQEPmCTGAB-kHN5 zw`l(^PfHz(*h2`!O%X^Vn)|Rz*E0%^4S?h*c+_kN7h-c2Yv{!>7Mo6|Bf&#yMSg=q z!3L3$WCqxTAveE;oE!UVZatBlj9#RrNl#Kq>)YkDIC}YAFB)%8p>vIpv5jUkC_*{LBQ4k))eUQciy(KTV(=Blnc6BHfVl zL1N+)IGxhE+!ZRd^-bYluoczjUlU?ZzvGJ&kIPQh(U+8L zXZ5J!(bdxvIg&p5Ze?VOV5hlhIj1mU|NEdp}agj>Lweipdk}rNgEmg9`N` z@AIKU^7~*T7zVWSE5$E(I4^M3={QVf_;W+P6&>=8wE`Fk07w)VY+AkpOn7?kC7BFX z=I!UnI6`(bIV6JA4B@Gy|L+S20gT(q?+wGD@#YjYKzMe6enoA3-S;suHUFFJ)_Vr& zurHh}BrDUtvoUSNHQr`o$na@+o;1@)P@P>+ms8I_reiPxh(&MS^gOz}%zx1`_g)}& zwk+Z2QlmfTbuOJnRxhY*Zz;?257Ksp4cQp{VwN(U&lVH6tn=>~WoXE?v`Q{)wPRWO z@rm;_j8VAMU-UBadgvg~OHs4-LctR=Lb|IOUU;@1?bu%wpo=#AOekNf?acf)S3x^m&0JsHuuoA`U-j$X&D;FO_6k&Pie?*qY2gPn|$(;Aa*`XVW-|iFv)vt`0rU zZk%{5F=zT>lc(@hpk1;)A9}$`BMcuOt@CQ6Oxt#-Ap?sx9sj44h<4~MQ|2Rj=!#UN zPg)}L+oE~fg*xI3GH^30)~n6A9pyhxVkhm#Oz-_a+TJ^?$*fx&pH~j@4hT3(uQsF! zNRwU^0RbtYBLqeeLPw;8oD5Gf38A-;--FJKdfxM% z>wM??et&Rz`CNIP-PT@vt$W>TZBbW_Y}jECOlJp&+uoe_vU&OY_`uy|pmx@>?BLPy z3+(1F^3Iq}<-Ei#S0G4M7e=1T?t1ysywk3^PI4=UZTi@KnP!wJODyzDJqY!*RJYaz zAk5`{Se;FkhJiu(fj$5xt`;!Y{ghg+zgc3|>b!0Z)9HAbQ(rWj_VIM{L9ew=S;_q? zZV;?jcUXx1!OwMb^?L6>tM03^vHoilQn1l|G1>X)ddWpjS;Vow-m}%8#{2PKn)9^+ zgchJ3<=<~Jf9L;MRISNtHTnf}yp_*}a241C?%ukPr6lKCy!XWYQ z)NE51MwPNR(p_twlk5b%Ei-j|B#Roc4rYYsPxS&RtkJ<5z^m(GfsrR2`0{Eb6p$O@ z&XDL!=-Nc%jy87Rm%CAF-#q^Xrc?Dxi3{sv>y5J~JM2q`fuw?n-s|?`XQ zQ-+g=N>NiV(volOAe3Wr_|unpdO`gr^vL_Z4`1;!Uakop={B@h1DKFq%|6Hb+PEVk z1O}Nss!ppu_+*jQc_a38*5?|79gBY32FUTw6`%r+N3&PE#+Nl{IH_SFE6aEyUEYVA zJ;#j#$MRz@y2j-^r!WF5Zx197%^Bg%u=S(yVW0@ZS1BtO;<*ES1orJC6TmV0gn?q9 zaOF=usq|ZoNpsUm#=bsxs|37#hnZ`*r;%LfAT6uOc-doqx-Q83g9O>j-R5u{C7P^i zaHMtRMC{zY?KHpwDZbyfV=;XXb7g!wunku;eM8Ohi%POMS(~ylKqZai>nHbaZg#Ko z9|h{niQV}G*^@gCJVr>}sG(Hu3x8F8WhaMxV{7Cpaq_f8h$=;QWp20jT26D=@zFME zkLXT|3O8Yo3gtytI7V`z$`hx5;K z|Nbapr4eO#8PK>hr1|yS4tqUmlQuMLNmva+fos@omUWw3| zvAHrS2?Koti~+Mgey1ooF))$ca0vIc%a(`K4U;Zxu6mj{_DNO=E6pvC3EY^vP0S?DWc^{F}gKVyD zB0oM8U81L<+xgCLJMlt2h0gpHIWsywIeje#*#X`e?++%riAr5B(y-@8`>vzm*0k;9 z58Xf5=CtG(X}0)gz5+^<8ukPLwf>6Weo1F6D+juA_#OWO_?elb$NiuFwnkz5fCC3~ z_pi}^c}*l4u)XDlelSPvjr8yL=3&0s*}%3;Wqtc}Y^>vl?v|A`+zJJM=QEuc)*i1K z8brQ*4zQYgTYmHkQdwo6+BW^2)>nCA_tiWM*j@Y9AfTn5xY9#-r+$oy+5hTyf8}Sv zAGt9A<{-|kbmLo-fbCw1xV}>fL_xk=zNCZ#a@E1t2ViwTRsdL+VcXB|Tcf}zpPV*l zf5ynk_Wer9{HpHwX(kb{TfbVyUvl2INp>LlmEP7Lmg+QPnK+O4Ug8g*q@gosWm5V4 zBdrF=>ePzk`q4`PflTC&{w76zO`kFw1l~>m!3jE92vBRpkE9_kOR#eZ@<%a5lu6k5 zj}HIX!(nDo9_rr}q`o-Ap_9G0^!3etkgpRQqNYai+nk;pu>hqu#PUZ!1H3x(?o~wm znQx8@ApZ!27!Py>^lcW7fP?F)L%iyD?5C3@zi$5@e}&Hf9IY9E?ofbHG*b&A!FZzx?Xh?CGmk0C4|nE1z`a9~4oBClLTQ z|La3X383X04}Ud#g}HC^ZE1mrFJ!*UTRsa6m0RXbnGwEc=_`OY}?`u$JGAZK&3eddtzQ`G*y{=5mr= z`3*%n=}Zz}Pp`K8@Use7bNIK^jgt;;uMRg~FRA=)W1K7;+OYYZdYC!?muB;hPQG@q z!);kY_$$GE_GFfanyKo4LqT7L3*2Cv2Yl^6jSNZp?Up9%wJdaF%>Bb{!!{rh!Q1b zpS~e8fUE-3HTZG&8)xy$0JoM*N)Ug>cYXrUxs%`Rr&ixgrTd1lob(dN>o{%p9e#2$ z6SaoTx6D}o-h#m=f*BS{$0AaG@J%_Nyi9Wl>}j5lqJL}C6M-l%D-ky}{dN?eybZv` zxBO(k>BN(lQ=f=1yp{b9E(3ljB^P_}0hAX|fZuSm69uzPlKTz7p}$CjFYVV&cN&1Z%D-iA|0(^Z914}+;H;Ce zEe}K0@88k*?nwC}U>42)GCE2SvyiFzpX~pi0ALFE;R^t*1Fz=w{kijePTDTG58&J1 zGSR;@GEi>!3W0(BC?n+%(z`dGepEkJNWLZpxE8>u|LXuhnOM5*1v3tXq(7;j>Z4z^ zYLmsM=TE*P-+ozqC%}Hhv z<$wINkPckn09;jHRwhDAP|p|}yN9K3GwGJU(Sy^aHE@EAGhRdR(}1Sn4An(xtn85v zajMs|D@x1D^#qeA^F=`!+OrP*Hy^1ptd_N4r&z_7tM*3Hz2q*7zetbD(s8q91#XcR zNe1gX^bIx`haO?jHbzxVhz{h?p+ioxV<0RJ7rTOImJxYRi2H7Rz(DF zp)~jF+?9JxJZR!D*GV{|KKrt`Mg%1;7Iv$eHISae(3*um}O!NdalVHUF>_u77Rx6lqMJ{vlt z+avO@0)$4%>qo%bXy*o8IuY9oe=gXJmfhIfJs`lV%QFM+1m*nhpX%GP3F}mPSO{U2A1ax&%qnUH5l(F`$~X;w zB9r>Ui)6IA@db|qwBnd9Nh~xHuOTH=bs9<1?b z{SP|Pp@q@{ixejoQIoy1KfRIjrCDI1pkP)b3n&=Sk{ zcG*E?7OtFWA0vCt!ek0fZhl^=6Q?Pvr(B8`GSKW6Mr)kHZs=lKF-EEB)y$dZS^jW6vW82Q; z#2GF+E><_%D7=Wjs(EyhcSj{Hmp*3{C%-_45I?kVlFP@DM`c#>Wt2|boNz)J3m-LF z1!!=F%uf>+{q}L21FI6hsAjvoaMADRoX-RW}8sx~7Yk1>S4W z3XB`Y``o>XFHoKZrFv3IT2OfRnNj&5-Ei6J#@hFxm+108_p*g4oW)<(iZz;D-(tM& z((F9U9m68}kcS2eQ`Yi4SFiCvBvN(?h$;URJpU{)XOuFQXOXhkpVa7FfRrN$uex?9 zm$x8=;+sV2Q^=@zm1u@5YizV2kQVyh?X;yTA);PC?2-`NQfFBH4l{kRNgRzJ7KQ9! zFO6l7)l-PXauH!IfgNym(63{xcv~Z$w#HMdit*tBgJRp~l1GKTZL`RaZPmEb2?3G* zRj5FVcVQxHBI^f5Bg-*q#{K9V{qkEGj{^edbiFIAXhn=xDt)Co6^StWw2Y#VUmJh& z&a;ZkF~c#Z@4fL3t-)1^n`@Kngv6iMS+m^MEXVy4DzH*aK%7E)MK@srgaw+GN2^6rgd@`+2o`*%S>7qExSn8Z zg>=30@#I7lW1c&Y(#?)LpaDEeTi;5Na|l%v$iFOa;JDa)xE&FW)&xD$Gba0I_=jqQ zY^IVuK9iB)|6OZD5LcCKjvq=YKeo7y)6m7jWX_55b1EX zh*{qoPLY@B4!DWTWxVUHd>cJF(kOagjTOoo5Nfirjnxxg1osq~y}Em|QQ4g>dIy-tJH`!cB-h zdcG6muQPrd9qYbGS8w<^wu4D^Z)QZnctt%GrSjQ7Nys6dQgazl=x?B&9N4t~pc`es z=shLD=WTJ6$s$c}dfu)?26u`IeU_|AT|H-)9MYe!PD^jISm3}r8_S#!5lL7n4AOPz zJUqn`tjn_SRDWCY`f8AG2B6ehn=%>hqP?wh1-eBdb$l{55Z=a>`vHB1>Ub58F%RMJJXLoDK-t9-VIdhz>A_=DSb6{9vQBc?HmxbXXaapGTymD z041Su5EDl)qZoUV&yfJxd)hFvSi|em>@3u%mk0DY*1qTA`g3K(&$nM+az? z7jVe!PL|8ZGgUeg8iO?y+jKz2=)_>H4maP50xdd}*=NfMF|Hf#=`;}g`S)8(Mjvl* zC2|e+-!RSt1`6PT>Y|EI5`tF1?i^8e(Oa=35R#6pc?X40ALf9@ z1Z3C96oMim?dF=|doGDToI=yzML|=COES~R7td{$kzw@m{xc3{Gpt#r*O+7u9>$R$ z4#Z^PEHl6pI;?wa3K>lz?2!bH67>k@4jsC=*3?+`(g&b7XkjF$#g3!UPzp1-VmUQ2 zK+zj#GB%hJXdd1}7(wT&bMh~b!0Xfro}ja=j@9LwmC!^99cZOgbgFOMldZgmid2or zcUBoGq74WQV*;S{I z$hJn;Y79eT{GKIi0IeWv3{9M>jf3(;NCLKFg+}X9Y;;_qb+~}KeaZ8pRWVAXr>0j8oRA%~`SPbl-X9Yc zuk#}wG~N-2c|55f*i~04p@Aw2iG+ZWv26oU(mDNzqRuM%5H|c2D{aS~C7usUdkz}& zxI_pJ7E5Z13DIdtP6bsIxbYOwJssHRzm?TFBp}nVZ zd~L)M>BbXzYFKnpcvbQICYM<7d6}}7?d}H_o5lugtPiA%z>utu3*hNs`o_#;`Vb$& zMZ%%(yD-J_*3?~ku9#Dsh`on&-ELb^S)DoED6KT?2;Aa2yAbJtjWS}U#WB+_4+^_i;3GEONl8#rbD@Fs5io_8|)ij1SO6CY(bQ9k$)ILr7 zk2MTB2u}*h z51W#JT_P=s?5mW!38%Lq-SwB1n0)}cdBb7M52q716}Q`H;bR=`WuSaJ#7<|#5aL(2 zVSCd7^y?HW|5{66oN8k7=zzk|LM2D=7X93*+3eUDJS$J#-6|%T=pw?xsO8FC&^b3W0{r)a&K)`xC}!vP+m6{QZ%;)N`-|6q%7lc zj!_53rjOdpw?v+zpSZrkK@)fR9;U_F^kD7+=z8VTjSitm6S`u4IUg;!^{q9=KoJ*~ zLerU(e3})YQcM9z;tc&3*I9?A7NN6_SszP6%nvRlJq(w22`ovtd4nHYAY^_O#|1v$ zLjZfnId`C$c+kdhK%hFd=-HR6=z?M+@CCv{;U3ZrY1NVT3_gn$8~3zjFQ(Ru=zK`F zY!BenBsjJe+AK;J3A`TiZmP>G>9jZ}ZOnoPT%M~03bxaT4LnkEi6*M$E3^{TuF7T> zE0-A)z{MkQ8WWzLd@%pAF#l{Hi*-d}UFODAm+J8(Ix)W{-dYVV%?NjwD4oO^^{=!W zHDO0N*o8X|CBjEU&S5cOEEPY7!*tTq&WflFEQctVf z`_~3vGGys|&7>(#mTe1XeUGA@C*_XYA)`682O0v-Oxo2^u8iza_<5nz~ zW#6jOp^M-PDxo>4EE&wstravi%(0((;V^pkfxm7RJA|+tEiDNw)!9`ihfT!q6w?W_ z=b^8S|67BWT#o#3*F^QY?QinE6;fc0rOFHEaAlwo19Wlg$X>F%jfXtxOT)FIE-Y_z z1`+HNtp}qTEX$;S{M?k!Mka^_!$Z9i zAM;kvvf3b9v=vH62&m|)z`m5|f!Xuj0lI;7pliLCbo}O$QY7d@0xG=E4tLt#KXa|L zdqPh#Bl~~pJpG?En0GjUrVmLxM>Bv}u%t6+u!YMLtyYJMLod}v06vI=&}qWx$o1&( zagB2h&Ej=tEHvI0cUWR|1BXpKPb1PfzEG~mqs4VNBx&u;HVlsr_T!OslqJ@_Hv|7vDLXD$b-kfN-g`QqgrmyO&#$@{2 zoa}7{F|tcoLx+kedo8$vKZ=;HQ)F#$(PMM!t>sloWWfg>AtJTXy8>i_xk4A8J-h%* z$p>Q<&EX}s838G$CLa#p29AT&rXGE78DJhNY?5A927i4Sn)dF z?1dr7;`5beO`fKE_mVyqZ2ml(ZF-@j?!r~zEP}@1EYD+OwR~3W@si1RYqM^R%{959 z?%Lbxq$wET64>xuva@=RW<~nw1s;aq57XESByswCs^>ZSkBE% zE~2C8jV{;W+V|K+`*u{OA8L~f;-c}6qXEqX38)l;Au_JRfxFHV6$+HCfvVF7JPqK96;XtUy9t^~KFK#jwNh>z2K zQCfV|L}-E;@n_IgC796WuAy*Ney?>dC-p5NO`po=!(WjF2LCRmYE z+8&H}g>thV9+QEEWyzH>){-?)^w;kTCkxS`RP`brP{jxfgZ)VbSF;U;NCl@rI9ka? z`?v;c8C<52lT4-qyHb3{gN9j_{u?B4jN`dY-GZnuse4Hp$x;FzP?dToe3Wo?72&-NRr6vNAkKdYnfO|vo zt|HaMB=X6r#z(rzn1?GtgNg3863k4>vlrH)ZNZgpxW^oOvv|&!|CQ7HBc!Sr!@O%O ziR5C(V+V--Vtkv?M9-bfR9~KYWBU~;iRD;(z?yl~(K+}pK%{u@{{^IKlLsD*9G8Jx z*Etd|gsojO(AjBqmJ~+EKzF;e6Adi3{vk)@JjB`h|f8JPKZuPOj^sa!|&`Y#reXS|K zt1kc+%E?N;M>2+$_LhKEsstr?#gK~m@}Y6g+frBKllxz&!#^}GQ+svhlj|1z-lMsA zUqV=gO7m8oMS7z`N-w7Ndj=J@%eGm?9rwu2tK3soRuP&|Z@2wzgZ!?)9b9ZQl}b1T z;z<_yuog{EP`QRk2-iZoNBhmTx8Fl_=_D++pC9W&2xFSa&#yU#R1jAd)J*_0(_u7Z z!fYlMibZp!_LV$NPmpbYRGRKRqtPa3L#yj*ag(RY=Io}TE>yG9Cdibfhai8Icwpcv zHQluq&9{HX6yBRB~ZZbV0M#eYC`%LrBW3>YcCbx8x-6E^F zC;<tV94Yj8k#{ zFM6Glomk^OQJTnsuSs->8}q0=gj=z%nAKbxzha!VDp?3)zrwGx>9yp>GR;QrBI^rr z>C-m&1RTBe4?GI4oy0e{RmsP<*I|;!;&uy`HBnAjR5C$c*yCrJhE8+?2VH!qxXIPv zS+1@s`V`Y%e;L+=+vH#PT;!ViKXVZ(wAA>rcAd%V0Qx{95d4o0JcFJfH2YSdMKr^0 z@4IE!(4r#mRn5TwK5aY7a(I8{L5;dY(8llnRc_H-$G6+^20xTl zo(Lu*v>av1F3dUTSK5d;@$8)?Gg^cvjhUUrUt@1;jPD00UQ6R+#bRXv$jfE4z<+sw z)WkNck4nntT6LAd8bs67{@%|A>K8MAP50SJ}+peRs1N-K+236(+fp=DaE*{Jd1x@NR ze>4Ca9ggIWS?Re#Tx^Ww4!0Ww?aD(xj~+}yrHR^s3Q0nc7VHIRsRR!r8TF_7&CpO!UBvP1E>PZ&`8M%UfPv|%Gx9UR_ zW%Z@A0xnq#nk!pp-g;88OV{S%3>XP>f9aK{)hD}fibp8J7JSKx0Ca2kaJ~9^FCuv~ zGhv_1pDB}pcn&S};1*Ki7Pi`AyZ9ljp(`9anV-t>B$<-4Z$GVByao0S%4IFy$%MI*Mg?~cx5+fev(LkenO@6R*g_4;(V&Rh z&?C`Ba1`}{uIt_T^JCky!UjuH_TkW`d;VR%n8DWr6>YR|%d<3g3DovfvghZo)Bn#Z zU}fV_>RHekE0VdX=>n+%9V7K>}@7%#Ir9TbhJLXcH9YBbR;18>dri}PE3GHN# z`h<2SP~S`&KUaAx-JUPTfE#e!)LqIXB7}zs-47Bv)|?o8#qspj%LO>gyu3DiGc?sA z)L%FXRn*olFDlY|5reMO4zvhKdAw4Y57t*m{^;0tiWKyAC37*P+`8B*ia`r?;WXJi zQfd@%I$b(=iWz>l%Km`DSzhQ?TCc#~ZG<;+4})&r<8U5scki-WCiC<2A-3FsbH6Rs zK{Z%U6J1pI>ebEgU=0JOaSbUMij_>N@X+QnZViJ5>w-ScgpLKjKafmgynUDa<0r1u zkN$GGa*{uaBp6+_#u?awvUqqBB45b{{2tEh&DR&OI);>PXA7NX8!YwSx#j?8mcc8? zi(=G&6f`cYh<3|I!k3ckQ|tudJH%%?G~fHy?`r1d-+{5_3tfcU|vH-Ih)p?7DYP$<4c~ z;wg}1jLfE_jg4+D<%Bq{4@fWt&h39PRFgbf8;_V?Z#qa;E%x&b*s;TZD4KWii*{GF zjVoVEU`763u!E) z;|oxyiUuE%@wq@?+aCa#-&gghDtU~_m;rHyC+$mOl@Jz*wLXiI5rV8}Jp4(3b(tyH+nL2CZ}4^x&sz%bvlkzX46FEcGtO zt8EPRgdIR~m7Mw|BVhCIHM)6aLju5chW(ds%^ZF)q_&!4+_FrwSPH8=2kz7WMu{Hm z2r{lXrb4Zd#z5y>)D$;U?6L#<`Fj*+)quY=NcJOQMsXN)tCafOyi{xZoYHO0?8`1M zK~2J=C6xE#7wJnS?Np=MNmH2H8_d zyprpY2cK0x(%b5ygnAzv1j(`Oh53J#h3?&EJy6~$T7+*uikeZq+)BKdKcd4P@Fm=W zx&Ck_@yY4Mb1K}qZwVR()yp8+IZOD9XhjarqxR_? zw8C90(|8#|)RZ`p*Rx0cH2(Xz(MmBMmSuJ}c}{8;;0Zj~%>GO!eE`nFZb^ad$OPH^ z$pGWHXnk6~!dJ75w>z#-pXdlb?5|#yic9ifZh!NFUw7a`xHO?aYv5z#3n)j_wB%<@ zf{;J=oqc)TyG5^G{cazXefgyL<*y_F3Uhmsv$mb|YY=XDA=XZ0tD^witST&|cstO$ zPz#&6;eKr(ooAqO`9gg69h(kse_A}#6|qsjUq9akh1=;95uSPMyY)wkud9S|%>_d4 zi?4&o#!aHOZD>g&Da?AY+0R&v1uNu>whKvS6$R8imqYleY=Ia1XQQgRV;uSp5T#0U zn;Nj=kLwW@%rEPm7CNEaP8hJ7TOg&P(64H$BKxh72S*b~`cPIbb}2W=<-N4T8S3T$ zT~FZA8}?$}{f}PSA zFAcev6CQ)EJ*+ro!o&WtyI$bHmKD;uYtu$=SZV?I;{jw_Gff2Z zh!(@z5Vy#vYfqQ-;tHB+OTv5f6)Q5QA3D2$(QJC9;x1}H+FsJ3i1W$5sVUk6qQ-F; zj$CZU*5^+Jm|G;AdV2^z^{ai9SLN()so&LXY93|=d*z6*ssbX_`P*h^11$mvgN3oG zC&m)3NUxnYY_FAn2mwX|rEPgjv&9_<<5R0XF8~lu0?jS`erC(jU%2yE!C7 z9$H?^c`v$mb~VU61ylj@uC)9Rx}fgx=L zE#*$d9NJ`>Rs0t+-_H;Pc>DZQix0?`Mo&#Y!2Wr@t3#q3Rc{k2HVKwTza=!5H!fA_ z>BPzk7~rfx;Y{SoRFw{Z%@}5`Pw^_I=z%$7-c36n&XEgC&>SaQ^{}Q9noj z0vMo_@m_+k#NM&il=7!9g^Lcr&yxX1>0fl9uNhZ%tVMeFO2b7}m%r3`{3BchUgNfRtD24CQI5c6r!aZ@ zxx-c`gg%#6)fAtyn-!%(Zn>WsKG>aUC%wF#DF|F}RexN{&YiQr`9@7mcIhcTAz=Rx z2ivB3AK>=p1tlcUQHF-!i+rrgQlsiyAn>lMxZV|8g&A9Ej{lGXjZ04IIz(MLiM?Zo z^CVx7na!QwPh7m4#frsT;V+4W$~vV*hxg=<++;bH+xZls+S{%I(9gCb_>TwqsjRK> zM{3Q!CVJ%yea-v0%dln7zWo8}&XEi3aJw{@<8Wp=H_!pw+ZyV=^N6R0 z|M5bPxGJS8#_+I{V3NQ*E{qo#Z^t`Z`}X(6U;?)CB|;9~N`xI8z?t?R9|xmnJ+~AW z_tnOT(<)q>f*+2YECu=NY?R8hMmnr+`QtWL}adSr$=$vaiz2Y^-<9*%iGWo zNm{wXFy`O2Kn&m|Rpnzfx#|N%&yHQ-n6@*kW36NHR{h$*lXxB;zUTSde*f?eO<)?c zjeQW)Ww8KU0lD)wm$CwBKAM$)9dG7R3GB_id*yZ%-Eb*`(~!95~B)lvrw)B>tn zlcZS9IyT)KSC1*5SuruB?4&h^RP&t?vnVXk8r)kCh!pC!Ei0D6g^c5yr2w+sdsYh@ zl<%T(?eDkJgj)A&*u-rDfUKN_9&Em2Q@Pun9-d?2Y?(A+5|^OBOX?jU;BPT=esO)p zb@9RW)=LT4;eIYMB`FofUyxSbJiOIS9PI$X;yoAQFQnTn7*8zwYxx7#JJ_6!1x=Q8 ze=Lffg-#Nwj*fTuRmV@SsqJepqcLx|=X8-gU;d=K`&8GWXSE&E23 z#>hq*y$>3H%|LbKslWJ1(V|Nc6e?yf+r3<<5hYX;jX9nX#Hp@FAt$N8-)_|A8iil* z$jyv$9a)40cv)8e1uyH15-3dTUFwi!0~a5^9BG#?Y?0HxdF{NT{c-xmCouB9gDtT2 z^|XrP(rcR1lN0o7!A;--17>F(ra%7oVEqU+9~UlddRI zV+Tk_{ldr`KZ17C`!oZ^Ig8@ZPyAYf3=RCIz5qNJ%W#Bm@qVqARPMz|AMFE2@>Hg*+c8n?m^cXqZW-XG?tM-+RHYtm0(HNFff8WN2ZKlq_4qK;)!qGQ z(GYeJ=M|y>>sff1i`7$jsAZ^>t4ipN0;;Y1ld%WO9gtlxi-bCW^8hihVpTQoz%L=N z{LVgYe#(eLf(K9?T_#-7DL7_(d3ZYPaP=TrBIlm3B<3E-SXs1z!>%mA94KCUk*kS& z(<6}9qDW9D{?W`SJm!3x&i=mayjbu7F15#|c?R>r4zs#!NZAu*wxjI3HA}f#hSup} z!vTVl()FBfIPzw=iv>@)x(VUJ9INxN_m82ZfW225)YVENKW3Bvc;hoI2@|F>5bgCk zX!c#8^fCF^E+=Slq&0$BzkBTvmvwYM#r6@-OSGr?Wqk(TXDn-XhQRhZcb|2; z@+i8QwN|ihSH1Yybr3x9a6Q)m-|-ikr7v zrEPiT_MX4GHw_`D7v60=-N!f#eifVCaAmV1Ko|4qR_;9FP|fz349hr7rq_*75Ru z#0a?DuNwTCo&=;wB{lstOMF_Ge0aP^3hb=URi=g$%=>6xTWdOKlrJRDQx=owj~A2e zn&wR)RKzd{66_eK`WCnK`RCOadwUW~i`8f_xmY2gv1w|2HD+jNTB*4t?}>E~>nFtd zX`ZNBz2VCZKaVb(o&ccE%9XE^9FjCaZTyH@d~be zQQ8>qcZqUg2hT5lx|bw{LiQg)Dy7ge=hS z&R&|&4fu#ORJnh*pGkMh__N%3RvolfyR5T0bsO1CAMXZ~MyZVp@#(Y>AAKo|$!$8E zO*BL193@U$ZcWK0*ibh`r*q}~x6@8LZ5rl`kfb$Qt*+$sg(Gjng?Cz8+TFvozy&VQ zl@XNNFamJ4v}--a{Q+g-3EWLE*O>uW`}Z&*`~8J_wVsn@rA0+WD<2=zGVle=gh!nh zV>3hNi61~*A|}VM1aMr3v+2!FeCC6C(@y#Iiv(`ODS@};7vinNBLjK2Enr74?d{Z! zKR$YzbI!4mJHan6W_R07H(a~aa5}J{Z}lSfxHkjJ`ttC$hV|6lf>?+74TwKz=Km0E}Y4w?&qEuj?0VV_y$$J@f&|wV@8R)cORa(b`WM`gUvsID)Ts8wMN;rRBKHUa?GT zN}K4EE2R13`j$^?ZZKhnoloUx7KnFjGYfW8_uFH_9?e-(4@E^0e49(P&-h+8;@jBs zTHxKwZjlxQVMyb$a1TJ&=um@BQprOS48fCAb^FxqW{D$GuId9Ln>MI{jaaZ9R+Nl5 z+kbd)3sLwqY3+Dtyd9A0y)p92zU7DtUH=XkYpQvWrXrgD(jOub)x1Un|z zypUtVn)hkwl$Xp(JAaDPoS)on-(1tbr#U~h*^Zo|wEL_bpnZ<_pwxhQY9KC-qMbeC zNPHc$tcT`|sucj-0~xk$-!acn&%n9igid``?&N!WpI+SG6%#63oOxkm6*QI4Fpxg= z_R}u}yjhJF$_ZQ~dAO%$|BylvG=lt_Y ztIT*l|2rSJ4`gZ>W!BcnFs(W6n2E}$EdJm*&V-z8Y`?^#CE;A9-A>@{r2t$-`Y!B% ze>hWOYM7rUX4n6W>VVO9C%f9CTIViDJa7|D8NNN4n+v5Jgr1SJ^z{_S}2Nj>%JN zs!p+prxxL3m#E{S+z8CVdm@vb_~qcY2-Cb}kZlAIa-2I!8X9C-J;8u{=DQi=a$}2! zZ-mbE@W+NMQCf2Ysq7zaczH}=oIV_QsltL=t4TwKlmuxfYC!wJU^_b2_*44oIDgpQ zeM)H&!}(k+`(kp?N6nfpp#OXer8VJN(+X3Ja*YVjkv}5%LssSu_wZgeTNG;yC3)H| zxF>m7Ws9&&3R?=M?vG%nn-^1%lz~sV6vFdQmrbd0lDUDDKS<)4$NUnMIqoW$jMKqh zGT&bJ&uY!~xCd7-t8|NLVge+)S_8<}0dnQEdIveZ^C!M8{gI%+E>&ey~0VnHju zgIGzJr^?UTQ_n*z1}uGnNqf_iKm`P)gq3g!^UOU?qQ#L5sM{jGo+3Tf#kbanXPYHf zlGP30GRhphYb@8O+)Yh0t8nu%uEYYIK^xL3?>Gj4Gij(#e;P7nTVTo6Z)fQ9Yd5pU zeqZ(H(AybEjQ{nDE~VHbDalKlqAvO10h4H4H8t5c(%#}u<>aM=?g9beiu$L2MkGdu zY4AZVE{B9GBE6!|ZBMg6z6RZN`NH--ohYBH#bMOL>7H~+Vrk0bY04VZldp6p@^bw8 zCEGs$;KlU9J%u$_^DJ@&_Ay7B^~H_{P^@f`uuqowS*Pt>Qali3?30y;w^Zd5(xad$ zNdV!obpVh*11C3MH6x;>v(la}xG+CooU0|a|fT8>}JXW$QMx!A1z zKO!@hpY;Sm7b?s&oL+M%FTZXOWE)hKY@Ul6cD+^WJZ!FXSonvbn%v6hC|&baigdB*T6tT4?v?NBWrJ^w68@=onRrPVtr>9*0)qY z&C#B`Rae$f+3M)yHGb+Q>G%^f47x*7^V=aE=k`!~ZZbwJUBes)0C6pcMiJUXWQRjV zJ3z_{QuL^$&PS`w4PNhG44Gc~sEQWmM0NqmQ&rVB+LabZOtj@bPVd)Wp3mLM!0NC& zA)C_8?U+;C1^GCGBy-hnjZ3IzhuqL#W(Pmm8B@l!^qgzw4mO4qs=4}WjR`6OWFB5v z=#~p})=qt+_y!_bZ8PEZJ>ylmgrnWx4sVl9TpCQlHTVG0+j2M7TyF@MlpPQuhfSeN z2m_(H;T%2yDah&h=_%LM|Y7klzHtP}!^K++uo^n@s z+dXRuCvAS7mfh@pVRQGxpl)Xyo;reZkOLHw{pum_#0w1Cf65Ix9kl%V1mX0=?9Y+H zcG2v%0k4klZg4i$b#JIO_xoV8C-K>oX}^xGPV`XJ>k;iU?bR1)w)lgKzoafI`<{z-?lI-egYb?h(K= zZ%-{mqo&XVKOWIVQRqtFA0-Z|(4l4n4k|i=6ykZz@L{+K6V&>6&@By_NgW#7ju~>d zS)Y2AHVq(1wL?>f{Yj)_f?;teaooY+aAKgDnlK->9f$W)KK!HuncQwRIG7(`Qdyh% z10$bZNbI3<4ebAp9Qq#C90xK%fLJR~HDa<_Eekv$(m&_fSIGbs=S2H_vaoK@EM5&+ zj8U@NJL-lcpjXQhHBQ$mrY+b2nV_d#S>|~IhU~8*=V5XA!ac4Z5l)oOtC|ea^vY~x zRHDB_=*0Hp?f~)4s>g0>s79FM`Wi+aRJ5nTc+yor!-zGkT?^Tz0QydP3^&4Qy|)ZC3+a-`1b20 z3mRfRJ>$*^*=X;2DHlOi?lIaZEzU9iqd+IwKz09t1R+%)Ma?CJG(Dt>? zl-b9!`=+~}vz`^_avo1~w%Ufwl+;6cC^!ec01@?|IgGn8?ZQVX#2isx6(?M zhOcq<`{K>fZ1RF$YCsoPYES>ghM!%`x_s33BsO99MwV+n?@)nDcfD3^)_auLZN~oa zz;mbRA9ksoL~0)KzqNV2Fs57x+7Fmre30ag`qO7TL*;f0#6SO&9dpa?gHn?33kqeA z%AZS3GmLGLplpp^hWY%_3L~oa4JWJiO*>5)Z=C=yx97w(bKNHe571Sx-BRSynu#5T zXkvG~T8ulIGl5L?6Bjl^FU6@^D8D6cy*n>SY>BwjcM_5r@IO4<^y~nxR>%Al*Kpb! z2j45Zm+Z4uQ{048*_BIj*X3*MxYc_xj-Pq?=_1jzjNB6?o*yLt&psu~tO07+eFrWOx znP%!?^T~a5GQszh=4Zh``7efHxk>a9c0{b-f5${FqCa+SZVtE`Feh|pw83CnY*An( zzr5eH@tOQVO@V-pzGCirw!{e$Ro+U?x6NgmPwmsOg2c68uh|IeDck1R|BtG#42q-e zg53oc4-(upxJ!b&ySo#D1_tzR*-+en-N5kI8^QFCq@BK?xg^{qsLby9LE1>!Gia#~#(zI@eF2T3f=!aA|Hxeoud1+#vhQjCQ~xmS{F7fy16ClEbT4nO`!J zf;p_Qy<@l<@v~V!;wNsoSvs3rb}sdUcyY8DeBOVJg4A-Y%eB(~Z#psc&Xu-(p7)_# z>|wtr&{)GK0yGTh!3awJ*ONPqy$J~Npw&yj?#W3n>Z9lH@ zb=>5LqpOFOjzJBl3TyXA-U=4~z8csJFM;2u!-aTU4iXPX;86*IpeOVXczorVBgpQy2ERO#Cy<}b^(1!liEFPvQ$JHpLMmJ zu~W}56KXEe-@4w<^zORP6#OoKiT^YSEB)PjmmgYo>YTv?WY*r>8@E1?qrwqT%EJ?S zSA6cx)SmGDy!zv&zyC{DO@AM{a7D~b+pDhcgwRzt?C%$-(hrS9aPto{F1gJ<_#16* zoKrmksyiI=ucn%O+2eJ8n*hy$4}89(gC~~Ao>prgA?M4l;0N1B@VTe|%j)gLbAOAw z|IS*Q(Dj0_-%b|4aM?K&8zn*V&e3xf_$B-wQ~1FbW6HlBKV_7}W8^!Fci^_B8v?-&fJ?y+35M`hyw6f3z@p<}M9Typ*}g4LM@ z-C44eT^v0!xI@mLVGa?e)5?RzK^FpVT_5^E{~<2Rdv?Yl%WG}tj;Oki-(AV}{$6Bc z>Ll0atT!o6*Ku|Rr8C{$n1|t?k^sj)B_5}q!?@|s5a)0~x3}NY3*nHCSC<1}R0Yc= zZaS4fGkTk~enSwg|9gdP*Tb_9>rEL}9QfsE?_B=hEp9{kTX>+pWCD1=cfS*7XZ2_% z4gr))r1rid+xE`3a>AD4)b z`E3uX_1f}&toJTlvU)uR4_sFIJD-Q`lTnjdwn1YW?uQaDfzJnckjoVRGj>zE$FQCe z*r}3Ri~i^z72Qj_=7t9|X0=IP&tHNf2?iKy@KGUwUz1;j) z_)wdE;xg&v`MVfOwd3b%Ksl#!9OJ~KDCoR>c_9y!$*Z=-=es$YdRwjZ_d1#2zO=Wq zS*y9vzSr0GYql78B@*(ujXl5I*yMuz`Oa!IFVJzZUIu|Ybn*g3 zIx$BC$shq|DSn4y=po08iLnOBT`~v2Au5VWWX$rz02Ay3u*o|f<-Dq?14Rz>IZv~) zM`Q!G7B1g+zrBB+ayYjX_7!_7BCD?EtS-J{b~;APp(|6n+GxGO zcB#L%DtpCtbk`J6LkiHfS{SHNdXdGbcB}JqS_y+=SL6lHfQEHRZG#2DNx@YbA;qfE z#dJ0^`1FgCQEu^+XGPOJYVi#&ZLABF#~Hs}G$E_jP9JoBrs_6#%1p3~!MecAOTugc zV2-duRM3HY09>FYvMQ`#zWkVA7+ZrnQ&A3DFPoki+}wzXhywLtY3!%rmbPxubQuMN zWspuK9lQu$2@QOA5F;m7=nN8CcO;ASHr#OFP%Z?BIpu2d4^8Zkv(@tepsErDVFB3L*-fdL1rXsgKn35p3J4}VIOy<4(h^>lKGJ}X zd-~(anVhQYC26;{ETUrq$Z&EW!*b^1R!9V}-{$IXv^;m@3KHWtQzBUjH9a6ZwTN(* zSrlO}Y!Kl7V7gEBi61|M@a&GW!>#MIx`=sc6THearTxtV{Cy*I3D@ZTb@sHH_0i8f z^fA-;wf*`2XH%+o$G+S3xnvGR&$n>_lPtvqJMZw&*6}q_cgs3@nkp4j_(R0HSz7ZT zg+-+8OGT}&vBD_Ht7q!pnVPC`nFvB1bfzp+ku-0Gm|1j|tWa=L(bKWAeQlDz^eyDy zuaBc7f#>xSedNRFbhwrA3 zz9?MUPt36s#km- z(NT0k@H*(-hNCPM0r(&D$dp8+=Vq+QNKn1Cpu`g$K0E8!R#idL76ucK)W4!!(xCN5 zM&j`=Eu_S2ef}bG5j}#t*t}BA{r!C`=?R_gmM_1O2)eRl_}h6+=lat>(fpAA`Ef1g zV;aGyYBss&6}pA>qu4gnL7U);2C0_QpRtoE{sQt<%KAt>az_Y`)bZW2KZ~!c!@lFc zT4Hu0A$dYR)1o?3{SiWhJ*^SJwy|-xlT++_^Gno>b4I{0308BcGh#>XV-`D8SBiC1qzLw-rKi7#-FHmW zqwk~&HP7>&7pAz28Chvrt4PU;c-3ml#Kgr-<*c^}E;`h^5=N#OR#X?xo{?c-clQF| zk3!1ad4Bf|FuBxXN33w9Yn@{%=>&<_M`ZCgR71-dO}XUU*9JO^pkyAYDCdNHlGAcY z!A}mH$E^u>`gq4q(#LNlO7E_J=|(KbQIOuwgsz`Tu=2tUb^gDnvk=Sl&Jo)WuvZrA z9{>!9CHvn^HK5ijUW3AxF3%2F54-etG=eF?%1Wq@`Tc1-p13kwDNkO$bP96E$!{l4 zj-T4IMUvu>+hcBR-Qx4?)Gizu8_UAN(&-Nok_KXkjE9E)O`^ni)vBj(3pJ70IXEcJ z3bW`zRPx<_wc4slUudw^UWRI;mKGMeIyx#J^X;gU$zk_}sKlN^0n{#(7;eyl6EmA1 zT?4W0p>rxHd3eck&ameMS5Lo*L5o}*2t>7SLm8}1^%2IvK+AzgP73@&MV z!G4EiJ9U45KeVj<0NrD=*gH7H0i<$-df{5QtAold%i2x=_8dHj ztuDQ8N5bQGVzt)`-VQ7s4>#k^)#EKsqrJBN&bQv*CA&AZL0z>pcOT+vzAS}ybgiTZ~VBmd%vA<^9e|}RP+^Q4PM1lfK|Rj{bxzgxz6X6^u4`J{KjYL z?%14@Mq!wcn|I0j35k)$!YJS#qZD~{c>U9x83d38>it09DyS5deMid;$t98C;|@{Z zfCp{m%jkHRAT1(UL2Dg$z}wp!R9$MjFlccqn&A%%klO8NZzsfw(TQv&4RA$P>MH$^ z1*ammXTL;7nL|_y@f=#urmPKJ4%GbWXm+QR$9`$_eO{60Iy=skZw*QT3vl_NPoi}aT|MNaWiOc14U3|ks zOa%p6B!mp3Tq#JRhnci^>+))=C*R|j*ea(klJz3&yQJx{g z96~v}6Wx<4K0wQ`=yVY@MKFMC{|R9jSTThkWcY+xZG?*XyF^B_my@+mwA# ze`j=Pvgw}fX}<9$#_Ql<^Ovqj|I^jxrmmm9udAi*pTj!-vTS8*egR+KSCi#FTyC9j zjtrIj%}wj6bp947?G<`RH%%f%WI?7xZB@Pabg3+mO_tX z^jHoBAz-eG<;m09%~Z0hjrR+eJ(Hz@s1mM)1;DO;s4}royd>%rHe4qLaJp0 zhRj#ML^|#6Gs;V7Z@ro``g-ShfS?`+7Zy@dRJ4C^u%l@D#~FPtGjN43KbQV z`0Q*FOp;Zn&Jw!3#MzzcU%a9R8%cm%hzc-XvGd24Qz)MN>ujo%=n?#l0>~kiF;#+%=Tm|1IsX zQ1xETU)Hwj4T4rQXNE zNlqCW8Zuup)$Nye&t!dmK9pZX(%nPz%{g@&3=`*c~jwgzWfm^)Kdpo zL`aVisTv}N5Ph-l*9=%<+IqU)U0l3Dx8i_DQOe?BXJS&|G%x~>v3A{^E-AyAfVQA| zOml__7Y|RfXh z=?z5@J)+&FqYyBYu4P=rJiRq243>T-12Hk;YQRQbnf1UNQC1W5s6gkAC; z>zd4m2TB_$^4?zaQk+N=oNMXD;G=&n&Lwr)CjrhG1qB7QwbxK<{Pe`|a7|sEn9pC6 zJFBc!zM+dQDKTr@n2ed2p`aj4upGcZz@vl0QX3VCmIZ#RzIQ5;N3q(lZE(30sgjXEw?s0* zb~aTd(l&{SD8UiGBTrYt41PzYW#Z{+CqId#zPe)OXzNw(W({k0g~Q#$K-{cMG;i%e z?}QkT&6ve5Mc?`w=@DMtMAc}o6&M*}y*4#mS643Ly2EYeej7Q?1S=AIG09^w$}TJt)ENRj3%^}))kZvFaxh|VZSpqoVe z>u^o$ibn{P3%hz4$N)Y=&t30zcQVS4mfJ?+%hHmmdu!l95su%5IE;AB z&K@}p2YdlJKzoaxP~z>n7d_q?nK^*Xv6cx*l(gct!uB_=V&X!+hc^A7Y!tSQs&J*= zS0+!_l&T|HJfWn8e9k&OY7)rdF$f~%Ss`7eqlr2<6Gh==U}&hE&ByKiVE1Odi|+IO za{uesFX$}`?HchxP}_WZRu=S+t_TPSJ_nCiSHq*DQBhHKwYA$e%Q*aQXWcWgb0FLv zoYAqda&Pwu^h_8Y*DbwZSnHK~>!E)NZi7B0?+e$@|s4KLQg<*9{<;WJN3I3VjeRj!^ZCg>lmP z*nh=n$J1rr`uFeOkD7R4IQ^6rq6R4=?4xWt2DLnLDCprwrrLtpsm`u%X1eq6VwMGP zsiA@7ItpLeuP`XnBX!Vw0WP7&iab$lKptygmGX2P2jIR!Dcspe&*L=oxsw?ep|f7# zZ9heowK~ezRq?Id77N_Svfc0@(tk7k>E(;8gPok$ZRQiYl!IM~!6r!;Zjv+$p;70i;J#u?XBX@o>O=!roTUPI0Y``4@0i2Mhc`$_~PWr_$bT~ zM@8Hg!(dD#ztg1{dMY#^0a~u&v0qx`X3Qal2mU@*1t}Q$r0o4Bc7y_JECB`hYVwi* zVJqO93mmjCLPQvLj2SuV;9ak`d@8Loo!(G-5GyCHvn=q;D5ZCrHGxSk zYq5&=xeB-T1Eh3k7+%rp`}gams#c)f>ddQo;Q=YUj<`6?Snu)xwjP*0NS%$Ldbpy3 z~6WgF;Taki9B+dEpZlZb>tXaR)UcRh!nI|JY!6=cLlS{_3=e5mvd% zc5OY+>Wch2o-bc4q4f0A*9O}`qR7|HA7`(A>XVQwXBi#TvR%^|3xSBxP)P}ikb`ko z2zW|YlMgvTiSvfJMg7O6i*Jur$Yo>9P0;TR{rO3vf3+EsmzzU4WMnk^qbEznG<0Fa z4L=H&i;PQFhpgKzCA^ec-fXRY6)iv$u<_>n42k$GG_O1!^L{v2wdSBk#Evq@4YQz( zFx@MU@ST$VnCHJ)iWn!N4_!(`2@0-CK5rZbH;xS~h(CIU=0=UbaDRSmyZtR#ah48~ z`ikt?15C&!bpc8RZ53f!M4JQ|#A+d$%^OyUpfhV>L`N*iBP9qj0s4nks`-4id>gF7 zlEFpE4=u@DN>OC=13dBxeb^0Fc~Z6paaGAPs7#N^&0go5y(JP4Kvr9|T1b}bAn8P6IdVDj1Rwg3D z!6cK2kN`4VB^bj$lF%$FIKO@qT->ktCEc(ACfYTOan_6!-L(-{@!i2D%f$hV5iK=L znTD$ESBNMPGTrm@Tue-7I|I>SVK?XHW-cQ z@5~SlF#<^2-QYGtnp;`|w@j8heP93mwWLQ=t>JBeWpbg9b9aK#kLZ1@_lF z16O^K6g)kF+5GN1c3FvuF#JAGSKoS$60H6Q1-~Jdf~ejque{*JrsI-?vd>@;)e!>7 z;U|A_T9OL+q%XmHdwV~53Vw@eP7Z=K!0nd!k%U=nj#3O{_ zl%!Kr3fH)hR?cVmT$Fi^cM=|+)OuIBG)F*d0x+b0y@SGURBSwVJPA3J9f zBYF{ET%+KcnR^Q`qcUi4fP|H$NSmUt$-?RcMMXu!5oYOWnzbe{28ImbCZWc}5SyNe zi6@>kK0)dp@!U(0H5RsJ?{qia?F|nO$S2|>PQ*_RnNy@jPj_nEP zBzC^U3wGrqakcg3y0IXN`wtGPsYceU1)c?!n;!wgr5)qrh8}z!rj8yT$DB|zi^6v) zY_VA7la4&qqn({&pOR148ma2>PaAMx7qtwK=^4l3JTVR^LHdhG>~*+vD3w=VP!1_> z_?`A}_9I!yqkb<$a7AfQ+jDSa3h%sk)cv`ymweFwwd$-Cf1D0GSIqj0d(wJztIGUk z^!rWTxAG)m*Ym~t4 z|Fkpa@|U^3!35=IY7oCl`FSN!3l1wzIloEtbFE-p)sROcDC`#n^A*@>!~67~`Lqml zf}{zKJ|6YT_KF+E1m!_tht8X-B~;NnEGpXjRB~9TWF+7z`ci1F=`2{D`ex9uXR`km z+J&0UVg9zA`^dVn>s0C0vb(l%$Z|H!fFw8CL6UatOv}pgMc8~Sl{whE@#o6(O%KT7 zqyYlQh&2ww7(u5Nupii+FM}~SjWmgGYkL|KgPK+60guA)M+-u(*Y}yHrate+NW>^{ zd!U*g)%C^oc(4?utjP28(ifBl#Dd6AH-;1dT=Wkg21+DU3+aMQ%HU9fi;~)~4-wdr z<2rwjZfUL(wE6GR<$Plu-*PXL?E=NUj1n7FJ`VF>?4u92Qy1LWIIWCYVxX_jD9Vz`oCh>MJbd=30I z(3Ie=I|^`N$v42OLQuB)jA$=|0qB+C8)^A6z3;*fdNOO56l|dL4ojw(&sWuJ7}i22 zpabd1HhD4HBt&X4+puQaQf0r(@ZIOQ>=@4`G!+H=r#*DqS11u zC58<_+&6v089``<>gwuf6!^GX$a4R$vPx$Q$)(G3+ z;`&j(1o5ojwo%!v16`I0@T^W063qJrRGYM!w0-`EC~}3PplCR z4+2)d{|tFuBj)!M30%*rJlwJkklFV(AYA@8Va+8I+G=p}D=z)%X<$K~U4dRdxP(FB zpB2gcs_LlC$v)vG5uX*0yyYxbbWBB8$Q#Ezy62nHbeTx@PMOhv)MOVrcFa>a1&jFy z<{o*>$yXcNfGVGLtIdt|b&^9b1Ed;`toHoAID9=Z1#OxUKMyt#R<%(_lq3(zF@6|} zAZi#{UJ?+{>`1Aw4#McJLmEVZ8B0NO)L@~VTMX+RHci>%nAWUDa`eVTWn?Xc5y+CS zYNW>hcx-Y^G4D46`W&JEO~KYr95jTm{+! zT#p1De7CcXtVA~h?R^9M%QsU1GpPgo} z(r2hXW=YX}AWGu+YH$J=Hw%T+B2O0kida%yy$ZTD2>H-&J+iS>%`Qg-2w0?Dn%e@P09Ie-kP!9%3SFwG)S*ig? zCzpVFA`u`(XOjW_#lL_<4u_n7mi`k&dZ;T_uYd92aIMzzV_#q2z?XTCa?Bf>sA(9| zALf`{!Ho<8tL=drA>U4_p)bF+{|;wou~r@(*cDq`U|;zF-*B}1FtlMBQdj{e zp~H<&{>Ecf>z(q4n+T>JJgO%hZQbC0cF2ifcxIkn63zMu^FAAdpVhH@;pgW-_|Ke%QGsh99vilBryGzO{xbENVfJcPpE;nXXz>!&T$S_ zFm%5^gS2QGBY2OA?!w=Z&MldIowBzocy%FgC=#|%In+hVPK~?txH_Gj8yf3Mp`m8r zzH%eW(}PoCGyAuUtjgPZ=Qy{eTt9;-=UzbJDMZuWgc+J@S~M&~Q-^!K~BsUXvZEzX!(l*oicgLLw<)%<0huOH^$>k8gA;Gk z@bThYu4DBOb5o9pSjUUKq^|D8=!eB~(+r*>Ym0kFjh*Q5b#r}x^r1h=Q<40mYOq%f z;XGsvQ{QhRGdH_H_im#jD~s3%QNo5=6FH#=#zYkzWtWZ#njB8|VM`P>Tl}!{UXgx$ zl79HUGu7J;I)!R0`)tAPDVf8*)VMBCdp|hR*Cf_~bsNMf55pmsOpA--Su*+s_dQj| zk(WaF;HByhRWOP>I&wC+OIq8v_R?)Mp=Nw{TQ^*cgQjZv(~VOXw*chtM}R?0Z`60u zv{a0_6xoakxEi5wlWjcDl%7`XE6$H50Ki4(a;p;CXb!!FPf@AlE|l_I)Quu!30;+= z2(GtDXpv%WUD0iwH+q3Gp^$RTXrlzTF1Ahx!g%j|%{W@#YX5F-(9BwkGp{@eEQ&(r z=MPH>V`;39r%Q2QsCnSqw{K{~JQ(U?;^OabZ(estKnTdIHVkj`?Z|XsfyE z=19AWA9H2IApNKWtU=mB48StPFh$x>gNp`i8`qcsv!ZcFRw(gkd62u6|9gCyiHP{U z?yMXy`q<3}rwg*Oa!?h1Te#IS2|5viC`DpEUTwuexmG)9L!JeFJtt5F2L;vD)%ig; zA|YYX+?}sB={MP5?G|YV%c%^-l7zDLxBWCxO~(j>qr*RDgtqeQjo*occ)HOq_Vz*^ z@jZNdydTaY*>qV>W(P!ob;0J?aCu1>hEV2>jYGp;2-@%iDcsIiLjSU}$UZd(rdyt% zP;i_aOG5o7Sv&Qa;#PMdUV3odzbF;vW;7*FM3d|o=NvP>xn}p~G&eV1@HI%s2z@tA z(3eclcFR1?=a!4XH@ie4`lBDrQNBSV)G`b&UsGnUrVR7cLZ=&fjSr^;TNn<^n$8P>*3l`sWb3?Cvj8gD zHMw1X2gcza@{+c|*nMEE1sKhuDRcUbWb~bct%zay*st_9_zF`8**1S&h{4}Gmf)90 zGO|2n_s%h`HteZ@Dg(n`>!LXZM#gm(!GgJYn}mZ)bw(WEr%#{8!MS7*KDC5aSDw@c zh?fUcAeWPq>(l?K6V_Zy$IgCj_qEPKr6pFW|C?9a+S4~)6pYso|Ez(~Q@SeMHI|-J zZ9;e3@S3y(lX-_@Mw{A*4qF3pl^H347%tlmf(}=&-b0;T{%hW^Lv?}v?cU>VucRY6 z!sfzg?~OmoB5W`#*1zBseUe<5iRQ9Nc<2#%Yg`HrFjAKu4Z=jplS~6ea6sQZg{o{C zz=+PaQ*|8c7RouFu-vk_gAJ`+;_Ke$LcQ1m}S0x+%;4fu$)v8PLAiDnd%4dbA!g! z4d1Ox;*d(>ln3|Xe!u;7aAIoCu{eG{UU*(~f#RS@#J=kE;|w+0!uQU*;neDBCjV0y z$f7TbAslbxJX>{!k;2(-K707~b)7@0^K~`salCb8GsPTNp=KUA%EX<|3OUDj z4<+I`zSCwj+kS6Jn6j)XLc)Io$vne+<_6PI#g32SG)39z>ht}wM z&Ge6XuP32v0L(X5Y9U8Pka^f1f^e}}^w6&ghTa-wlIp1L34}~YCIF;t@)M8PS#g%u z8nddMRHWaeW>*E15bs9R%4%H2)Wjiqq=KSl%qYFDC7RJM!!`*`WiAsUs?mHhU5%9` zxFlYNE00n2ZK3tI|8zfJa?q21M$SVZw@j#zBN;@7a*Nryxx$_|UoodtRo@!FuR5mu z>+<)9qPqTRXcz97Qc+n6h0*8hZC@-waBu=1SKVuC#D+AVc#tEwfsTAYulcOiqKgv` zk&y5LG3KD8NGnY83r;co)+=XZZP-BH@mDf*baaC|>7RrkA*Vf=H`fZ?zXz|EU1`cT zihyqkY^<&I3Oz34@fauaBmpv}1ZCr?ASyDlXJL=`6ypRucIus3$!XT&auAg( z0MU#sja0`8pxHB9cFUqZKUK&F2PBUvOd|e!v<>Z{LIb1KOnKoL--Be$88A# z#4INm(9tXhDtY*TOVuC%#*jxgT{0#Jk+z5Ji2xS7B)L7s9P43kolJ>8&|VXip_(Pd zsYm*dc>aYI-2kFgUA^L0>{$voyKt`D$71-%#NApu(toJWxv7ck7yY`HV~fM)YBCL% zIh`O*l|@`&mu>!CY7o8VWl>@tw)aDV_Vk4gE)xTG6cum*R8+KRqC@gV#Fo{iXmQ7!FZ3Tq=dDZzOCZtpX zL#!hlD1jU;)1X)A)0_C)CnixtxNKOrMcev z;YSe?cHfmozYzEaxlt~?NDz{RWhW#gl>6d;4rsbR3D=K9XU0Wu()u#Dx=+(I`tyA> z#%KSKg@Ou#fw;(e0vt9~{mf_y2(0=KU0;6h1gA~Tfkk={k5z(SaHQGmq0|sahZd2^ zI4$k~&Cg-eilRT_^Z10&=q-=Y{C4J7oG`^o+}iucQv4TYP(i3GbhES?rv6X=>S}}i zxV2%#v3V%nQzzpTK={FxGLYq>N?Eh;8C5u1loS4eaLdk~qjyaOH^yY5jeY{~J;d|N z5^0^uo|);E4a=r8*P2*Y+>a*k`^#}5e27UQd=m&`z+Ai^zBkBn*%nkFJIGBxlcC+w z*l4#j8&$9wkZPYnBau5)pAY(M!H<{rU0rcQdaW$UJop2T`CLOqP)V_TkiDH?vJee>w zce==M{rU!gM2H3^ym$0{5Wi_1*!$3mbpwyk6CF=el;j25INYE+8=Q zRJ7{FI+>3g(*|yS%UJzcxHi65UuPVfcKKZ813?GP8P2`dcj2aCC8*;LR{yq0_88j~ z8VkRdWxkPPXikjxXBWEkF)+&8EW7bdEs{3q{Z=o){`aytTGbo&@(tV3(!u1VGoYSz ziFoir^U_r0Yq(|_TpsB*W~xMoD&YOZBuJk@fIQ-Nk|AcmACqIaB}6G+&Z6Ygr7qU@w&FS z>6?V+wnY?0)j+pFkP3KU3=O_L-)>W2h(rUVj9Q#PODcGHcnXI$sN~Z)V>ho>f?ju9 z7`U3{p)xs20DrSEaVU|^wo^#}z8(r?Bn?CuvarJd7W{IEdIuv8^ef|hR+8Blk5 z1)$CA-o|HRAQR}42~!~(P)FJC-@lit3^}>D zB+^o-(nZp1vNh1zV76w|NxeP@Gylog>t|V@1o%Or;UPz5J>^_(^x_E5$1KH$K_>Vq15aoz#@}rZ zJ5b1;E%D(e^>2P<#$2mbMLmPR$@a^aOlO!_uE^zmR0t8$8ovj~w5VS{qEcm80mg~K}#c2{sT<bpr*7f#8yiWq}52C5tAwm9|=VXT^iK0FV|mAI~#S}D;r>LCXUYXpaYk+g@FtkPIgKT<&HH#blV)# zHFV+tB^}i;ov4Iyx}mZ~QNS(`YT>Q@xD9mS+08Y?zFrzg@HhPUo~1v2JGLh^fvC6` zLzCrUu@$Cm*XiA{IjhV++?6}pQZM4ocx!(s7-Mh8)lysBHpPLG>*;GhQGb)m!)7(U zwT0>SyDu#4!;ctZp7FLgBln3M(SI_EW3Dp8p`Z4MktI+AS|mIBZ2CyZLU=V0KCpHP z-mTm_NRgqQwlNkh#qO2Zq_(Mb^5J5f3O4lmFL!KhqxTWlR6r6$hkFZchP@4dVHhHD zYKH4*6soUepKyS0Fd2FbX0{q^YG6tWs}M?%h7F)y6_>j_k|zovs)NsT0{6QJYdRrn zC1)HuC{Kms8{;NWa$lRZ82(q=Aa=;RA~`v^qN1X`y&Y;iU0X9~|EnM)v-~lk=+@Ep zvpNJ>m!XwjUNTIm2>#37Aq!FjN3%K9mVau+ck*zNfimU8_l(}v7m;e>Szm#i5=<3_ zGm9h^K-GMYUG9HLdVlF_?xMGvU7(b;Y-FIrbE(4Xz+|JrTz6Bd<5f{n&$jEgr~MO2 zN^s0~dU7TJXy%om(u{H+q4hYd@yuPol3 zZgn|bLkRt+Hu3()Rv1s={GOZ>2|;APMNsU{Q=z<-0puuFfc)Cn(sHuZ0r4wiw}S8Z|0&iJiwOh z6>{GR6v`i#S5~0bMw>}vp5PSCuW<%R4>QB_k6ANLmUfj4^o-Yc9R(22lh;Y>??Zdl zLK>P{M!Jc9CVFI@o9{n0Y6#B5jbHdedbIE5~20YR=GOT*#( z+y=rO8?YM1E#Gxlm8o$y6r*FIbHwZr`JuOwKBq8zn&mqltYoP&I`RUK%Zb9GaNh$v z;maR1M`}JB3;k~>KRgf3oc$xA`}wF>Px!Eo=!jyIGCGc4F1`J_8eqluEZrzQF3ED- zmSG#!kPd7<9pt)H`^SYpl3|1mM{gywtd&J`WL69LUkcx&^y*KmXCEx52lageQh>$c z(EJ^+bS&|ReqcapY3cRukh&ZIzszWKZtibg-3@f*kCv7e-zgiZh=Ap`TnGw=Kl`~d zA2<{%wL2ao7z2r%`z-=k^67Ue9Alj$$wwzsB*!53bhI{T6JA^{37}1kD6FS;ykU({ z(!oWI{VppfmjU&Y@CGF6v6!XjVP+jqm-`5UAM!N#bSYc}T?NI0<7S{yC`- z_(wDR~H86p>BA>QO;B9{Kg6l#wQ>MRG|$@g7X8*tw4oF401oR z54d?IArf~21ymYzt$}*^9`)Z;mCL7bSn55JjZtF1=yZYWiS`_sOvko8j?~u{7stR(X4DAGE7yx9)b@KhXuxx%%tqs>_lrZ-`=zXp>{4}K-RnI z59@85P+}#Qg5x`%$AZzpJL! zpQhrRS8DO7ahZE-ddNL>aXjh!sOkqj(JJnYtE-@diumFCuoT3)pN>v z=1b!xk%&xXKa&*~`_12lx@}?Gu7K(|?X3^$ zv%AjWfGT_x6g~VL8$!(*(zIepMU?yeR$>e%ZXJc?X>Z(oXI#{h1mqR*#9H)n>eM2W zl)TZVP~TT;hv4Bb=XYTUCmdBmwuvB|pv~mDn!7OR+~N8?^OET=JpoF{Qm-&l-?Ih#`@Wjt zy&Dx|d$DHPeqSuPU$gcVKu23`n)-IBdOC$FgwOq))G01xwJE(>KSdk;r3ppu@;J%j zBE{T?s%fdgd5|}U>`d2e+yH>ZPGyUw6c7#!htr<=v>cji=wq*}s5lTAeONmy4=f{# z!N^y>xVvPGmj9c*9!gvJ{xq5u#3=l|-m_|dEp258yef*yy<(=%H|}@Lxr%#9P`@Zh zG@TE>ZK-(`96yI7Pf}w0Xrw>6uE6j|VU!_;*N4vBquQ=q$^FIc%>q*9{QEd?6f3%l z7Efv2rN1KgJ3>cQBi6y$o#GpF?N(YkF;uBT>Dg`x&mKkl@H6YSCvYEY(G%XTE2VYd z%l_)AY#Z!Fg)q@q$g>$KU>GFd%K>+Ur?fc5!W0RJF3C0cP=(GG5TbzQ*$F; z%~>*HqdE#l|04$bkW!L=Q9Ig8ZsXgmtN3vf%j|w^l-^yf6f@rg`cJ+3L&@K`zyImK zl?-*YwRuZPN$KgW^haVHZ)2G8xt$#y9zI@e_jPx7_XH!%Aw}cIhY@T~jgI!FBpAyU z7{_p^@dR$VzrmU%+afnaD2e>~9Z7Lmcf{cVwRH6s#EeOJh(I|rnxFv#xZ#q*5@3l5 zAL8`Uv$0YEs8tS$13J)$M@)Kb*% zl(LvS!D5Ce={N?ZeE~>xYS96-Ar)Zg*ro^2oH~$ArwR}cyJLC3RH=V>b~X;Mkm^W0 z3PCX7v1aclghODX=E)n65B4%)4lP-pCBc2u=ty&?1uARD@oPvo;DL`!? zIuE`2^dR%7R(QUD7Wha2C1J#G363B~wBPbdd9Q2ZnNuuLUQj9>|J}8$f7GS#o( zWz&fin{A$EdT`L+q}sKZE)r8XQ-^p;ZxeJry$i}yGkXCffRg$N)E&QJ6R`~L*L2|)Jo0E+}z|6`;g zLPsq^Yg90zP6TL#A_W?)sJOVOsEB!42@4=$N$|r84q!-dK$#&2*OQ8<7EvmqT684) zqrhb4-aO2us>^zXQIEqe?UOM{E*zoe+SLbr_8{+wA=O4uGdPs{8p@grI;C+ zTGRlrB$S7p|HR{8N7GTa*Ic*!v4RnkvJzO-h6+Jgl^`rkK==WAJ|1k+a;K|Whld46GOPW1j-`6tpS7}b3rO$zFncE0<7 zzItL`u^x2A!OUU+ZixKUqM<{@eMS^+`h4Z|-jDSJqk2UKUlm36oDDr_sn>#;NIXLc6DPX!vSNI~De@^jEo zEjEN(A@;Ly!n40`BX2o)js4gP;qc=qc;t)$xq8Zx0{jD!-qvnhwB8eZRzz1 zcOdeLT}{i=mly>Bgj0A(C>VX`J?v_}{+0Z$aV0$_ukJa;y<=)szpLRrM$Krye0#Ux z?4Hr3eZtFnhm`f6yS|<09kXjC7Uzr1ebaW1YZ+7TI#x_!n9ac;Vf4pS0m7unbsHzfw*e5C$jxES|); z@4({$2?+&vy7r=g919KEIY7vd!{n@AYMyjXMu~>lMG*Cwas5#0}RH_Xnjf-hI`~(pKbR z0f5+DAn+4nD+C&P5C+Q?0CF|d0rCXZ#tJ7q;KE6ZAtM95>ZHk1%0ww~tQ6;}Rf~pb z)S{a`B_A{Cx{+2bYA35jo*zg*x0KbQ!*5Cl{wAwMKRzdI{~xMFcengSzmvQ;Yd{K- z4z}sX|Eg81va_>&eSLAxK^H*S^y$-+lap&|YA#;9*sotdF$JrM6#%jM0C-GH%)^Hd zd-v}B=Ng>8%8?T}XwLK!F2{W6~jQ(E2p6OiU@j1j0_u|JWF^8$iy`=71qU!BIH1gsgXN31b|?RB z+y~kMky7a#}e2~Ab^)LO6#u~KO)1($P04xdRVI90EToaZ~ zb{R$jfYT3BCmv;$f1@6UXHUuN6=8D`gtbaWy#_2Y^Ry_Fk_uE{qR>0d4G ze7Q*PQW0wqU;!W~RjH_MCkrPl7fx6mO-J2c?6;z!V3b{1GcPb}>aC1NwZT_Ybk-3~ zB*jicJ>a5dKsbd*!~+4L%VgDJ;HwTvW4G&y>#A42Xx_-r6R3n&!n}D5JS;6N z*)XNiM_K1Nx2-t7srH`y9~(fm->-R(kd_>}$chFbcC|o555i#K#1KFZP%v74Y2fAJ zZWr=QFBkP#b5!5hweQiuZnmR88SSQLJ*kVwS>r23W}bzno<*i7^Gr?@n4HKnIhbjD zAl+zJa@P}w-pxMwcI>4^hY#(?2W*yv^^t`fkSkC!;wS|`&{dy%336CWp@(y^6uYNR zokF#m(^qzWhUGj8J$E`zD7_Mhvs=3HRH6Q$ZFKzH?yoIx{%eTZnbvkp`LXM@H4m_d zb6r-ehtRzKInegmmL_k1Aj$?<4+-igK~>}&Qtws3%-Z(X=&ZQ>@~GT$<%vb5H(MJ*B`avEVC@ZCy>e8=3c-yY=ud(V1tWb52BL9SzHjIklj8t3kxv z)(7X>ul5Ywcs+65wS?8b#c%aX`O!CV+_LTMI>?$VlZw=$W)=)T2sxdw;yes61^@xX zO9Lyyl#x2XgLqncuq-_sg+-T1Y0(Wj=crYSoTP}MQrHkFc!1<@Dc$TP`E=K+MV+Jz z?WA)bOP(J}CtFI#|EX1rUXsE7>R>MV31x;Hj1*!g zKke}^MzI1t9F^mq>in+&!I+}1fzC%w!5<5Va$0%{aEh{qrWh`(lSOppy`$_OoJk4_ z3OXv^FQX?YC}`fidE~HqdU}3-ewQv?;@fhDF&>~Q1R^U&$}L5l!T?x;o+V3`pva|5 zmv&K}TLcaZKP*7OXv2mLnVFdgU^gxilS<@cG23@t{Jtr+F~SHMNxazrZr;~wPK_TwP$Qe zTO$a9kQf>N=;!x){@>^SyPp5`PcJdZ}UV z2LQ0}o&KHCH00d@0K(fe)gBuM+iWc|zPvdb{)^z1e5);$4^xsxaZ!8rfbT^~+DJX0 zr=+&5`l#X-onO{NbI0_n{{IMOSOc0j?phc3+rEL;yrydvGOk&kle^m9^e9IB)ejA6 zN3$!*rix5IIV%mOGMD2W#XemZN!icyFi+JrKw6Vk(FC%N{)i5RL+9N4GhKytTY3aZ z7z(ouB7sRZ@W7D*1q@YW03c$!`1R2U7~dFpI&lENzgZu=m!?42UTie_`$5r?<}K6` zs38AT4FCYA{@J4fB+^FibjARHY{B_G1^k`A*K60$XIQ%lE0HW zvEWZF6xI+j*>VASZdL#9c*^{WM}7LulMk?uI0#r1G7(P?r}T3Zhx3()q)^nc5py4W z?+%u1eSpp2_6(zlVZj)EZ_000VB6a44mfgVCFM~uZ-ZG6m_n8BOiI} z_F@A3sHz>}yMoUm4{fn_1!L#Myog&td=Ww0iw4))iD|*)VNWbxm_XT>BVjNcO2-^6 zgl8id)Ed{r4)=sh zwKx}^U<`9oQCv#;nLuexpz)1Kt?K zU%4UzOX*fS+gq^VCnH`|onT4bGSd6cgT8Gk%-~?~7Hm0E^bGM;A@{=_9A)jxh~nft zr3?9y@)DIo>?#bdYKI3cVZHhbE0l=%c;uqoD&v{caYJL~=}u%g^;3^C>cYD9)Y2TA z?;2IUK1#rbqmeD-&F$mq4l`hL<3d3}VKC-Zp+evqDL?S{jtu|R)QKg3DP{y8ei6&tu{j!B%<2j} zVWiZsx08Fc_qMuZ$POd=_=AphkzumUK`#fPGYfJTA{t-WmtVep{d^Qs{BYHq%Wtt) z$-Df+dy^=Usn(P^)10nd#MDHq4vyu+G`FU6<>Q~gN~vkj5s!Y++1ACKq2^rjq2zgu zf*hx*Iv8l;ROHcSLMJwSML5g;4~VI6;6X!4enzG7*N%`vB9Icrxm#Oaj_xHRzY_B0 zcjyHOr2Tng!U=@ZE+$4A5u@ZfV~Jzj9$^$Yg*u2mb__CevP~d#;Cu7A6yA2C`wCIv zyNn1lXX#SMNC%n&Uz>za82=;p@%8xmLdv2uSIF9JbT*2C@gMHvJb1Bp*zlthJ*Ma2 zLsvO{C&lH5Nh0%tBcaFN_nNM>(H34B%v|YG{3r9<&Ot97F}8tdb5wO0LBJ(3Dt^2U zS}E-OK75H6bW|^vAMPCft(k{(+x4oOHdg+GPtN3E2t|Cid0cjhQh2XY`>mAFJ>Noz)i)#NigeXT%ime)w&xR}P zsol1%+iOMQXW~H?OBPWH`FcO5^f4+uMP#<`*6edn&Gxysxgvkpv0yY9%)tXn5q(ej z3VamgjSZd9=aw~>-A^J{A%h@a!iO;15JC@i$9oWWygTITLV~ar5HS>tGMym@Ii^6# z_#iLp(gkdPr5$9KwmC|%=o>b;U97gp@Tvp*UB9aNw?xg4ZzwAZ;<#$*A2~&$@WHOf zo1h!ojE{iFjoveT&o=N8xEbH)Yt`RZTWuAFj#aZGh?_coU#jllVibdJ+Z9U9Q{^xF zohuf;D2c&zG1Mb>YYDQ$(?GZ1t)~uMnV$X6(N^s86R0gR^e6_|^K>K^ym98zDy5Oq zK;WdrZa)IHnYC>!c6zdo^M1n^{~Z{!%>EBKSjZQ*IczSLtNmUeL}LD3zJ@FksVFq6gN}%=FK;)aoxz}19by;FR!lV@cEBkkbi`#1Cb}9jT-p%B#lV7jU@dn{a(`X z{dK{BUzS_1{`#K!*Skc#+8&R|{W_XO8E*Lz`G-Je*>B*VIwbWM^boL9{j$=dPU3Ti z7;okpjNV?R#pm1iPR3`03VcM3;k6h9=?Inae)MVf_0dk;X6TST0u?-BS5t?VL#6Ta zw@fa+a!amY&rr>6j`W}5U|V++$_rmpz{-vcepd8zs5Q#9*!@(%3BhlL;w%a1#Hl%?6yZxTDF)R<*^wiVItzEUk@)#76Je4&&{=W%XlLRT|J2VO zON5H>3+tC-dOtMY#ct=XEp6gO^zvPGjke)R?|iHqSND0Ey&WY3a+wgXDsQsqy7hSpQJQMG6_% z72>*!fDj;+K|kSpAH$Vqr*k1dYP7t2rei)-nG`yN!FN6i`o&Ewzdj;Id&P^m$k;iL z@7z~l>JlFC zq{8wkzjq%+!S2!snjNo5cj`eatF>hkP6BcR63i&XXK+|5zpNn90z7RU=VlEU%PU%@~O0OFA9mKS_ED? z3fyOtlY9Sk9{7rA^m26idG7|rRK7w?DEV>=h24Tddys(au_ITT#`E9Y0LLX| zyI({yHYW-nF!+q4_6!KhZa(c0^*7H>Q$*$TXbt2{L9n9reH4ZM1i2@%?QVnJ-%QiQ zX29D|oGI9JZkr{bQf*3n{hWDhUyG~ex$jkjz6mk%dM2gB%g8W_?p@;=_H8<>j=iVm| zj^N1)V#oCDF*ftL5DK{k-hxh0@+5zL+LCju+ZJ+F5?7xBKAE2lqG5Njc`Jprkv`JS}FSR{9qxATK&tlr{YD2D6jv^|~2w)q}(V zjB7YO6u&w97xxJD^z@Lp!_cQ0I_fCo2$_&|nx~F@r`^JCffhMJP)9fpCE`~Sykm8N znjMQM`TcUHXC#h8=5b|(z6-`OSDMGs+-6HF+K1+>tpf`v5;IrAUufYUa|)&^&utbI z6mUau#Xz$6mHa~uZ!&57oRU-TcX}AadnpFuht`LOVdrv|JU6irRB;-mDQ+3HLy)_b z$_ir!&sMs7Pjha@F8_^m*1Q1&9rg7-STT4w6_+4SrV5di;g)U60Weqw-m=@Dlqc7M zXraA=m*279PJ)9_xqj4LgeQ4Jys`7hPHcIi|5IM7+Xeu>c#Ucebc{_jQm9kfIY&8s z1r*{8+fnUQ!Zj**9}8akl~3w~CXvo5@uxk&{fcB%+R^4#I3xp+gb8nf)W5cW%TlCy z@Gsnn;6#KB{EPNxTosg#$C5VHPk#k4y33o4eH6S?^#3AA5N!7EGoy|nA)%pL|8XDa zXeDdw#^2}Gg0KIac<@(JWf=nz9OR@0;$HsuE9Kra<$^O*cujq+J@{X!GswkdjR3|H zHvb*q=Uk0tix;xPRbUS94#&HH{#VdZ$BV0fRk`*+0YaSa$hmSlOoZ1sj>-F>gVNb{ z3!jjH0I(z$7RY}34QxWVt|PTMw-W>Fgs*h1#wQ*TzIeAOShCzWkpII4_0pD}Jh?c= zI=2Elx)Yx0N1Dq)&zcLi*22z>4vPRF7Xm{BG?40OK4z1JvA+WXofRaoux;{4E3MMT z0)-R3!dMAuf%MK21ktuq1z3>Pg(I@V4f9yowVfv|EpRVQLdqQJA`bfs<;$q(<*g&R z@X6(nwF6=h)c!lZN$TyPF0Y$jWHn{fd4crm-Fw}eA@cXB+a5f2fXjWru(ix1&Y(Ek z|F|>b*SDwoa8f@p?Z^4X>`SrsxbF3%BSc0`DX8;KxWVjxN7HOElbx+?aJ`-L_PaH;ZJ|)!T&nJ8 z9(f0U=a8*%L~aEUl-3qb-uTrO-`U3vNB@XpoUe3XtRmA8AoFcNp9RKfwQ`P;wz63u zx%2oE0sJI$2TyU^ijIPee5-1$Q}kd3uh=7_(QQesv|Q=?Z9#?A!!qtaL9_x}$4@5t z4O0(LyDcY|2*dP3^a|ItV=llHlB#(7SiH@!5&tB(CPyfsH$$_Ig>Y7HN`AjkU%Z#R zL%u*5_Pe$V>Tbiux}D`}jz735gK{i_IH)xBn6WrV)6zKgZ%ph&(7DApS#Egz-5U92 ztyt&JnL`QU}T%651%RIU;-JPZ=!w$vy}uQKw~U9 zSDgLN=FA9mq1EF>wmUz@nBZJMzlq~H({%;!MO<5 zy2BP*j_h_U51L3H`U7%V4csgEolTUU{JPO&I#|N5>EfBxEz#MVTM@$orGJCw`K~rq z{sJ6g9H=TCIv!SfB_B+u>RAE%>HmFq@z~=O=ER10b%jlb&B?6a4E|h;3K)qD*!mnh zzP}Kt1ZDRi4I>&}V!bOa=rj_09HopDb6qH}P==(>mK*t^?o?x5>L|(~bedc;PYa!E z`DHzex;QejenERREoaV6q+CBM=5>hcP)d) ze11{6xi3DrfGR$tt=yl>{6_Zy4D;l;Ro7xw2UYw3I=4q^boQ z3EN*NH!NV|%CT?+&!hjHiU-v$BRR4+NkHnUK9+B?6`eygf}h+`@tj^Ep0& z!G;Pv1;PnKl~)%k7h2umvzM9swBM8;ZxnI?-S|??t^xH>XP)H~s~Brp^%C|6C=0}j zkbjDfYbrHYAhV_g z?*M6P?D>?Ht)b{Bk7}%QEL)^P5ik4#80$ZqhR|t_zkaKTB>OsoMYP%siO8LSh`7RETop4wdM&Gzns| zD`-I_dn&BweBIit=H0$_a{I1-S$(XoWMk+ZW&HAD97d6SHsAy3Q1)O!E#P9Oj&I8Q zXf=YOHHXj6u;0do^CyK`2difZ0%hPm&qUl75V8*JB$p~Zlkp}7lNr>xGr#DIl~#)k z70A_Cnh7&sg3*=Mx5YP!ZdWcR>Q?j?nW%MTYuGf0Ex9cwhhnB{2OuYj%hnSV;G)x~ z5mWb7g%D{&uE}d_8QOA>Tnb}9YC98q2XNi42vgwJW^!J9b9U~nmALJx+CmdHgj=`lEpu17W$Md{jz--*=y1gB{^1y(pFiV{&|=6>9OPwoIDmef#h5?xCvj3{UxUlT{w6O=T=lJYnyRk zpIZ$lEX={FLCofJ==adwJ7T1-xRwL-JPN!~dPLELR2zywq1R?{Q<-8_6`xJaMhZoJoPn@~vTi+eL8b{zO+X-6jNv_sYWcncpCU?2Ja>LT5}mZG*On{4E> zxFq{oTb)N1=YLE_y(F3qRho?|lyXJ1d><=aRa{fp>2Q`kBFJwj>1S z^hH9Q%byagV|tv=eFX5Md2Ib+je8rr z+)2j`Z0uwGf%?&N(SIGt2-Sgn9Whv7BxZ4gb_wuXW9_jko0~$+${S~T7S*jTLAMqF z=D)VTL))Iet|w6}q>AUopwc$ayxFrDoftSq5SldnA)P?H9OBxqD(S4D{SQ-O zaxa!N(aqay$c|W&>>L5D##wE_Ge7*qmwn%>C0uwT+fjvyO@2!8;K6-P?ks1TjojBu z8uyj1vzx_hfmZk1BtOPi$z<2OV-|}4UhWCm`?KG%VQZ7m1k2DWO&wU#aa;WJnM)I% zQvC(eX6+LqWq0l5ZP$RG^G;Q%(gn@8n`4{hdVvEN@2hAwNLJF=ReEZDN za!u9nI0y55;tflXEL-L2wrO{a(iW@9Aq(kxm`AK=c=FKeBua$i;tnme6{4g23(Ipw=!z)%^H5Uhd zlwCXx33<%m?JNR(_Hmuo@WuGmFkRAkD|o{4e(?bnNlb)1Bg3|=D&{#uvVZYpTXcQ8 z+s5)W@2A(Zk(zm%?bx=fTfBzkzy>ew83neEk12fx?^+Olu@lz~#1-xdMGCdvGeXj* zR3(wuscev|KH(Z+wA^?J#4q;fTv&5JXBQ`ji1^T$<3V!R7T24QGF!Xq?kGPuQV^;JlEqH91K`{ zn(`#iz}%|CMu^$?)ilwUOkC?Y))tHq^H)~C3RoFEB`a-}z@ zx#WD(3*HVT(Tp+Qwm-{>`IjvlUUsa(@P3p&dxI4zz@~WC@K8FZfSIh3Ft3!L*+>OD z5VX3`kk6bxz^rBOC(Npj3xHezaDK^rhWiMTQ`N2&<#&ZJY{lzG=5lwoK9Dipy8|jF z^khG#7T_&)&K~^&1ZTwEFwtbyx8X7u9B0~nssb-C-$ z8{{SKzvOXo$&^b6!1B>GLsw=EJ*f!UAg-(b&nMtQrMRa-`y@qzM^bjrTEc2v`iHC;42VS0@>kB2vACKEV06yX51&e!P z{GZiAlfZ1uCe}K2B&pA0{0yu7)i)Numyd|l%nFptH_AC}O_TvXF>C;JgG{o_t|j2g z+Ea|WI+j5OQJ99rRYYM`;L+Z19SJOkuQ`^oHRC>^e7qpboHP12asWW1BmE^rO)p2)ZGpFO@7Jh%kGXXXOFt7kcvm7IRE3LZ_ zn`zo}%fgmeOY8hx4&jPtiVos{weyAomzx)Un6et38l1M?_XBsyfparH312&IJcs%y znkh{gh6mk|P)C(r7PJbO539WKb_FAqc;Uh1ekMO)rrSfjs^TAoF4^am>8#Gtxji}` zZe17^gq{<~9&xRTH<$yeo*0%E%O=L6MG`Q+!M4f?J{Cz0>|dtb+_G6=K3(-yon24X zZ}fP$k8NzkvGqvoh{F0ANN+mgRxw)20A)@iJ=0KE>5GX@N|KU_?P@EG$^sIL5_Q0| zvm#Fd#2=ryy8y%3rvlW^!}8Cr0d9W{b6M&TocgvlpT4?#dk9&4lkv*xY>-1cttb_P zeaWo4vQ=y0a~&El_?fC^zS6Jnu3aS@3jk)gUWnjSTG*Krxm(i8p3`^H8%vO4|Ikk# zKQ^E`s!trtxbCra5NCf?@uDYoU)O{+0Y5$3^+WP7Noz&R@07m)w;$63l+$)>k+@8M zvy<0Cg;B99m>$C^9sRK>y6K)*3W%Qt^Hbh*fWUKfh5)%zQ}WYKD8IPI*cw#V9N4R@M;5dtW0%K54 zJ;vl~V9#YI?kIE|RnEYSIJOUdzxEGP<3g(pUit@!SMHXdZWKp$YIa2v?aVTeVL@x$ zC@1O5 zXD!KuTm_dl zgW5IhqzOO4fYIN9x84(`GJ9h5^8R5jw8m{#S9^ZvzkYLlU}dwHrl3Vy*j3Kwzi7p? zGn^$}GBTzYiA2As@tKA0Ykxq1_6Q71x#$$LZ=2QQ{#NU$xxDv73Ju% zyIm{iAL%*zI6YsiKOHIf>B05>jMXxlEfv6McP;XzkfY!d4UNvV@?1XOQi=BJx7vfN zT(gV-+5FRbg>zxJX}B*g@{Y3}C(c{KRA?ot&u_rprp8AOc#}c2*n}lUzYxfsXTgTC zyjkEstdm~ypvsvmA66mMY&fHvI8xhptS&m7K~zG-pEvVbj-OyEcXPcfCTjH%l^p%^ z!W`<&WVcxl9W~C&P5~|ia?Cp zm^PV8*k2mA6=_8{nixuF-rqYZ$d*TE-Os%nC!7(N=2yG6m1C%JU0kx=sf+n&45XRu z5fs)}t5)|_KVt6Np`j-TpwTxK)-NH@leJmBcvn2Pm|o2!H>etQHzGd}GgVUuKBx-( zprD?_75*nyz)b`fY2;^b*i^;*5Z3#wNJ`U$7L(=T?_oD=dd06)!pH~~tEI@Q)Rfj{#+& zMMaxHZcjLBAe89K2XRVXV1E@U5G^cej?c|FoEmuLZONaCEI$msfp+sN3U9-@mkish zE8ydn$&wYKP?=3aA3d*^3Y{t9rKo#_lV5P~nE&hie<~9~>mC?d_pCn1aX+x6tDZv zJE63GiE_tl66!q8xZ6eYeqNwOW2*zT{+*`&$>5Vj#yPE;mNJ@#+!{Q+ZoTr&=^;#X zW4~RII%aNevrW?^E7PTO3SWDyJnQJ7WHpL9VfHbDTa@Va)MdE~=K=yp58Q8ik3NS7 zE`lHMCgQdK@!skXd<}h~!}7%E=HjcO+JDk@*X-^uDrf^LQrT17?g)+?Chcr$#m;)z z6p0( zsZ6XIcI?ABHfAm0^*H0wa}Ft-VX~cD9%pC7n}+w#kYIoV6ECY8;TJm9sGuLjL5aI@ z_Upd)&2lX3-KS0WZSORNW&)DccxK`a<*9pYq{)CcpyP*!v{$%$V{X zuSdnLy)k;1NA5wpu*Wa(Z5i=jTbcw!KQR!y_N7!CXK5(;$-00V*EJpPtBYsg1~E6f z0awN9dP67ffTJ(}X?N#!@=MyJ1#k|~;7E7Mjpvg>K9}R)w@^Hi&^5D}AC+^{z@O*A z!&7tP)jt|k1&k%D>}KodMxQG-rV?FamL{Z<5tdOwSl*wwO+8JFdu&lGa(Ts+AL@!3>`ngiV%L-z-xkBKNelV3GlKlEX31^=}Tfoq6N3jw@HN#zrzX&#?-M=NDITI<5qRI zSvybM^(C&m@)x}vr?YwKIPU{*=QGN(tB-C88VMb9dbCTW>JK{oIXnN%lLqhtB_Vdk zAv}DfJmgAc5bL}dAFWBhWBIdDtmZT}TWsyRE?w&{%tZV|)p36BMicJZ%JbQd2!#g> zh^#<_Ah&m(zd$jn2r-%>4fRqc4v8ZH${l-_$WICu*_=-PO9 zivCSWv0>%1Z%eO6t@caQv|INB=6;i}2dl=Q)81K4$EJK*+oV}2VKCIaF-;<# z8Gh8llc9g0C@ELTkw2V0&FXrL&@2~oIBu3qi}n?{Cd9mv!G*Xe?ej{_&7*BXh$Eot zJ)88w=4DMo{i-Y^qB+gxWcK{0J06!l_P{E%gkJ0un%G|sJgGnKs=aIK`o3DkmL78f zu{6;l3I5P^^E|-8l><5ixaBd>L9MWQuuZ&A1D#}`&csbo19e1VlZnW`y`;7njjIKh z8m0ed*mnN69y(+3-x%J7W8}Z$b@>0PmHw|P>wi99WZCwgF+A|2LMoLF7)@=p?RwZL z6cD3p%vmxgE~_BM%!u+Ak35dStg1%}n`mNM-4Zaz?Vi2kQ|AE}K!;Ur*=mngRGzVX;2XCu z@4Yd2YWBAl=C#C`b#$~o#>4s#VBKHiQ5)E`*vcnQ>!`mpK+b)FCW-ZCc^GI`FEI69 zV_S@Y!cR5iW|UB+!e)PeB$WTc-fZ5`j|%`>4hQZ*LQ-Dp@iQuvk-z`)gIic%Be3Nw zj+!@3&e70BvzA>!Mz-Wv)|`TIV$3(VyMXa-wZk#gfuNDI7fj!}WK*W^28`63RTTsP>JA7j93t(%F3p2~S=SaQ=jVYu^tqr> z6zoq^&fnv4jmnYUoaSI4c}i#9H^{vYsYOetHPH<8y}>-ud7Sf8>}B;AMMf=nY=yAd zA9m^Rdr_p{k!x~_c2 zu5ElZ{nU1Gk~WYp^op9Zg#Vdv$)ybh0G~tcI9TieP3V2zq9)4~O@mb!yUmZ=hzpw~ z>js~py>xVmI^}giQS}+jaw5?0otLE*b?VH-5spFPrNh&s-8uw)?n|8GJwv(LO|T^E zc4Kv{CJ-e!!HCpb^)0QB-O=Tx)BL^{)g6~6Jd}-IE=@GKncr2xQW+p_l7)uxt~r=` zKN2gP(3ic@Lo5iO!c15bgge`4>hCP$8Uy4$mCM?cpt;>z!?gOGlqOyp@*}cx%n9q9=&z=Nm($zj*ZEB|Wf{nMD z*MJJTp zaNJCsGiE&;l?+DC9Zd)=!ameD@Ei=L!t!r=;Mmd!8fEXiev~hWx)02es-Qx2<97x_ zlYe&FU;`j)(M=871SvCHGdj|G=?&a>P0Jet-t%ggVDuHhH-}Q>_t*KsOs@TXKh(5b zf~@*k&5L9|_eTf;g%D@?&Hr2#63IZo;yd4r1lSMo@i&m{>#13Xmcg%9jTa$%@6$V0 zqHsduu217)#i}OwA3XlnB&W#01Adix#q?c8W6s9o)i^ifKu1Tf+DU=fS(5HhNZ4TO znFky!pVW=6_^5TV10KAH1f5(y7+jxK?r>K8hXe&1m|ymfqt+9Kb^9H4tyQ513{O~1 zn&y%o@J4kUSC#G-`^+laGGw)MTKSQ*lf@1~?VyNi80k~9bQM9>I!ec&^UhYOY;a0E zD$ObJ19@2V4*eQU9+f&+ZJ%s=s}bq5)e~SMT-krXsbsO(RogvP`nbAAr0=&xVH8?q zef8+uOn0SVKws)ac_pPB_QTBY_AY$Z04yD`D1=>WUhOU}ceRP$~B+Y3`$s7U=W6K$`t1uojH1~{e-&2`L(b8}@=~WTUr}w>fS+v$n z=*;7si$=Ve2-oY`!H;9%fdXZ>!LO!7t9L()Y)A&GAK21XAkVdj{gQbkvmBw>C(mW@ zR7x!Qc^yrJPKB+FsEYdWGR4PxdF=Zf6{o)%#%&~43qi+$st&3FSc&@Zz4o_AhJ-Dd zjhe?$5Z~P(50$OF5K5EqIYWK#HXzO~9ulU)qm+(WY*rHy~ z>HM^h$>1=e71OnPVSKXc%q^zb zBq#1}6V;MIgo17}6LHvA>J^=rlaLw9P&ZIJ7{^ zEPoVTmLoRfxz)G-VZ6wjGTr$`bNI|WVL~$3OoAPVco{!Y_UeUGeX8&f-?Y!r9mfMX zx|wi02sywo!#9B;cm7$#XLzi!d-6l&Z!5)2Lbj&A8@M9BgQqhm9h;CXyWS=7x(@Af zTKzT%fA>^q+VmV|*DwR&$@k!BF8_V>n+t~A)c`2%3{A-S_MU4|uRpM8SW|5*a5fX< z$1G$*t2RU}R6!q`y6c#I8UJA{4&-12F$qoAStC5Jc-bTr)nYE1NMCb~gO#_ibMYT) z6|gYtCA>fIu)wi<)C_FXo@6+D=WT40LCkGF!(EW8Qph%RVc#zZr0Z4RLs)5ayX?HH zWy_Y0;mp!ZHJ`ua`=d0JZ#GBnRO;aRF(jGd03xnRh74@#S_1y=Lr4RD6D=r0cQ9~p`@ z-mQ$erf*E!aZ$_aR=o`aAo~+Gdz!Syu9dCTwt0hYgQ0D;zV-vCDfnX?JffIYSO(r| z(ha5_&uXVJsdKaVaGG-mh^00GCoAWzW};QbneI3-6vy5$%wb&TKnLnWkV$E;e~*}Jr0H>u8s$KUL5 zoVQ`f{Y%7ZoTit9$jA1e0Pr4 z&UaVeej*y!6*AiO)^EIQR4)L&R#?yv-J~pE@F=}oLDh>b;~W(?U{d-H?z-fF>4(UGuZEWI@ROR%xzyPgC=G)!|hLq4k8TF*XW@i4YeIqkDJ_cbzL^u zjd>7DE3dHrPl9rtbjjeqC*CM2aI-NuGC=$31wu zN)mvPZ8y)urDreq)T?aOUTAEw*d9wOtF8^KXN0II=<+nmvOqOW6L?|SiQ3d8YRrje z2z;@+b9YYU`ovYZ@}I9-M|AvhGAK>QQf6;AIdS?K0X<~Z%c|yy+PEbP|tJarb&=77=65ua2 zJ;bPoplj1A?YIx}a`iN0_Nld`a&N*jl@WV`)TH&qe1KJbBu|LhmrD7)pWZ#I;ZLQr za%H^dVw)9qe=t!SQk9+JCUAcCU|uobza(Nx2WE~9Fxq6C9$H_UJg`D%*pskIFujI` z9d+CwR8{%e3#HOV*2XGwcn>>;E&jbIFt1xnz|x=jH06*i;P>BFJDNaslr2E>tD&*oXc%r)uvK~zfhl!$e)QCtsA zm^&q8@7XTLeFlQy&2<@HXc5oR?}0melDUN{c(w&snVxPNvsbYa@=|0e_uS&fSOv3BI6%4kWKDNLA0L`S$9qS|faw z4EnRNI%ap~!#}_5hdgr|y2 zc5q}wKdE^pQj_@rS|sHdTzre^oYRLuZ&twE&I!_~)Nb z#sS><=~%uQGsjd6iwUSU8Y*qhy(ZOEdf<%5W;sHH#J=K z`ZEhgECC~0{VLT|X45j#+4wH7;L`pw!Gc5SQT=_|i1dBs+fWU5V8cqEDBr6#_Cf!y zCN7XmRQ}wc-8}e4ZQpxOgD(r@kWqrtw!wV`OU`vUaXsn;>k9oKg(!y!x|3+izlx{79~#$~tuSP~)eEA%#XBkN^KzXzJ?d#-9R8Fh#KION7; z)mFIJu(0g{8`DQv%hlO#vwhh%<7`5vry(AEdKh9ru&oO{zrJHYDJxG;ffl-jvkvwj zxSItmW3||1Wowo~2NtA6bl<&~s!#&%w*PhyjFsSL@UrQ2P%AAGYNM{$#eZqFm24)& z?aV+0lNZiGTdJ#)bfh?*5LrzM*+HcTVet z`4PaUP!oDXx%D&)Y_ceg^`bap@N%l1zl&*tJ*!QeP;&`_w8LR)Aefb}^0iX*YHIXp z(@Evt;$_2(=kL!cS5&Cz9IniWUbVTQZD7MGD_MQF*;q4#Tybn_7U7v)t>uDCVo26zumt6TKfG zqRuYv&zJceK#}T9CWuP(%{(YG5XRw!b54)O$fETA`=o=O^8cuB?F{~V^uaRzzsWSr zf5ao|jm99;sCZgq+(P zy(E7Be#hM=8NixyzJY0|yY`Zy?UjU)T2SCrS*sU#+4yVaJ)5;3&lMXzwga{bKZkb3 z@fd7px7DlIiY@y_)wgAI21crCT@KK<4+!w8E(sZ;9yR!#eHzqdg3HqV`svZr@*f;; znVwQ`)pIxftG>VU3cUN5*b-V{OB>3e##cm9S9x(zH1#mar#t^`zEFcdf2{hFHJK#rmfcStna#&Ap9eh4wqhPHOX%w zSjAM!Djo&m$<;k+*_);^5Usj5%FPaJDuuJ3{H3wRt*%VvlO<=<8M=WWrlcqG?PU8V zQc=sZ7Vhg4$vi1ztOS3hyoyFyk|sxK#)P6QtL921Ic-KlNIEwph11sWwoe`RS|I#~ zPT$!(tVzHL^ruJ6k+fsPM^fT|A!>(L0B%)RZme0LAoxSEBYCHbN1 zex}3ok1JHYPGYS5hOwLAac<}^7e1(o-nRZXw;BEIu+Y(_0}cJzG~i$;s)nkBc`X0S zYN^qq(x|n!$BSP@^4KdmepCPtu>L}3qEgf2DpFf9{Js3E9#^OpQ6nR1zSMUTPoj}$ znxD8_OYg6b&DdakZcsXzP8rZOdfUyq%F~su-4gpS*8Q&Dz}bW-P+3+yOD(Gxc+$V# z`{KrRrrF{8pBui(!7H8=mn(Yf%;)iu7Tw04OtG#SRz;=pq3QQ(7d_VtgtVL%!oX^7 z|7=W8q%c-^upNLlt5G*tv+}+)^kq|7nYvVNT z?hxFa#yvPR1lNW+aPO0;H*cn`hWfm zz^3ps>buu>+eU=f4+)7bNJj%zK<1-M)hWRnw)Gc@->FImN@?uc-4cGP;n#R(fT?4Q z_V6oh6zeyNgbVg5Bc=%elzXEq(a*PH?0Wpv)#rAG=B*8 zePP}-Li#DIp0p=4Sx2xr+E-ZuQ@3c^wzanXYyxYW4o_@# znv_<9-X0H(lDaFl+#yu$NrOd?Y~uGdpyeoAQvbV{3s9xhK2N|?7F>n#{R6k+929+L zRihv?t5_KNvWAgOX(y^9X)!sI1JHBuDs66V=7KnsQd8q(qg;|c=wAg|*HJT-Xr?l5u&^Tfb#lo7oEi=Bm-&B%O zJsm-bYpRO1xXSGYIN{0xCO@>&s)E3cTNRuk3o^npkMhrdb}qyH7C?{fV1v5NF?6&O z9Z2The%iNJRiFEPEU@21nuX;2>Q*B9@FPfmPc$zj_HKW-w?j*y+GBEb`&fw2Wpr?;>`IVo5+giVz zvU~e{FL#Ud)5lB7DIEU4wdEl0@bXtd^xuUfDC1nQBe3pqsc7nYv@+9USxHUW4)b1F zEqZxv0{{SyjSL7FSW~V9bAalPsy&%~h4LK^NYykHBmwzx!}v_GU9bH+KY+~R6~TtHB@s09!aVEOE&*VO%ic82-SNY18 z4?A{Fn0#6E!ZuyaaG=N)%+*r&{M8`q2IzS~+zrQqSARc@W?*#`t-#JO289) z;dQnQHWYIM<)*8*3*nze9eLogNFT zxuqb<%=J;F?u1ZBgYu;-EQ%NW1PZexnE~7b zFoAj4*EdgHUD?W6=?~IM?Jh3t%ouP{`$kWpq5ScoewrHCB|FNMb{wF_Bg2@UhXU2} zk}3o_SSj~g~vp#e7E4!c5fIc6pCL{0+XvL*iuh?^m3aPBdubh z#YnTMj0Gq}GhES25bwVpidaYFOZTi-bt;AV6?J6iCxW=9lqiQ^Y)ft}esiF=f%%rW zK4$onf(}pChM5`wg+#=fsIspZ)wrlt6M0N>qfcV`rP8gNEb$VUrvo@)h*xFb+|%J# zX|pJIAHzDz%_QyNxvC-aKuIwUU z)roS&{1i$uV~j06 zP@;#8Js5vEAJHCL#||fmV0dG|W^yKfJXou>>C+4zq;21dg#R`&g9-j4zv|!6B#h0C zpz-5^g5&W_muosF^Os<(`#PVormEEqsNmb!u{-NvD8~w$e~^z&c^=7=Y_iw2l|>;O zaaps*&-Axe7C8yPvrm8kjmklmS4d#szgn53r;Vl#m7@f5sw|Bh-oTc5S~xZKPQ(Q^ z4|;_b$_qwG22kW!_;^$Y8j`q?90S}0-?H)18YCesr+V>36b{--AxFgpEroN~`L#7# zPkvSt$75_3(S~3ovoipi$&DG60;X~IZPg2d!!P}4>Cx6sA%9NAO zMoIm^RLjEE((%}F8)fo#s@ijmrnvJqii2?`I)D-y`&O)vDQYuztZK$mgmjSn#%f~k z*i2LJ=z*8MMJ0QLhBrjdMvwb}Ji<^U#^^a6`-j`V$Y_@tnGLljZKlgiJ8_tPhXtvL zv|l!fb7|yM_-Kj*cVd9<%Nn;x`n%$o9cP=CjQ^ER<|0V64hMI`bupmPl&Or ze^3u6z0oSKs87{5U0XdgtJh~;Hxf+8R~@@@$hnHFR#Y?#nfe0>-1jeUdk3~ObL9XL zz~bs!ele{RFd6cc0O1(5?tiH_g6-IkN=@Sa5vw8@Dp@%2Oo?7pA;_zq?6@n(8us6);Jnw(vFjk|w+(KJ zWOt!rrD-ZxS2#YStTFQMLVycNV(DoV<#VXHXaYSvZgmkUph7RC&({FJ7JvyQrW$^M zk*g`_;ZLF=5h4|ByTLV=-eXThn^f)%gFJ)2IlhjYB@}UxPp+uPQu%2=#K|%y76&bo zfIi6EFVhkE>NU>l`9I51njEUuN@u&!uieW#gzz1>`iAveegVST7RK!;`*=}{`D&b; zIiZ1+$|VZI!Y!7{7K-r=Qq|R!Nh*U&&RUd&9JUBUC9?>#Ked9OJa23KET(08x<=b~ z%o}WAQqR?!NV-2bUF0U4@4A5;6uVb^9*vOmP&Jf4)WL1~!z?V~A2)BdS2}Hl7t~YL zR8(Yi8suN!Nd17v!H~kg2===f*f@V)3X=agTHkzNyv3RW$msw-RkgjPZ1WUJ_T9+{ z!1kJINm6bP_;cn%E2w3J(^UnFB6qK*ke3?e>EG?dsipR?XR9tcxs6OVHnFg@&6!t; z$NU%;)+MEdVHDJ7PR81ko3(y!tc3hnj8fcd9gCcNMWG{|-79=kEM-?~5cKQFK^was zv+7yi5pJd0L zC=*3ztC+H2a0gEUC*F!Ip`}XU8@Gyq9n&?vBh0Zv5)bLF5}g94*X0Vk5=0{*J!}OY%)65f55E`$^+7kM4~` z`-m0C$R7@FTR!T|C#T}4C5dWvZ`>%wmDVz_$@Y7NEcQ)#%%u_ITePz&z;?+jCBWw# zN8Y;NsC?p)c{cnBX__^qrka_n7>oz6KHU3t8a6F;k`0O3S+bu!$rz4N#TQ0FnjM$@ zv*b#CE}Rm?!`o;GiG3U*d!?dv%`ujy3QbnrB3BFV`P23?63Gn2^QpK#2e(VLo`N6& zbnX7US{wUHn`5fP0IWyqC~e7$XY$hNu7{E(E5*3LA}dQ|mbK3Br%9>@x>{vs_}lTH zizjP!5F&+cFYVp=Hc!`qc6B9LQI}LrmYqe`-1RGMg`^KbVd0lT$@wVwCh7W0v3iT6Lh3hw z68%!3m-i~YVHTt*IA%gr@o>C^941`tXl~khOf^T9o%$KK<8bVF$x>l|A)3wXIBue3 zz+T*|%@0qU44D8Ih}Y2>C$}A9*0Dl3%Bi0ZZ(V0!4Vho#NFjkTZ+VV)csi=^V%R=O z`SVJtGtdv%4+edKOJvH@aru6C#j8^#UM*TUIv4b+vG1C073x#yGnXeVxC*pUpte$$ z1nJjL3HfJ1tBoSh1lxcsKpCPbC=O=i#dD-mJz5DB6GV{fIy$W4N1p4i;#Yf!kWj;x ze3MTU`j`Z-v<<9z$x>iCCb{xdb?QY(!0Vxu1JifflA5PYOtt^@)DG{q`qpEUep4=t zpM({#gM_dOW)A`M-Okm_UvlwAM%I4bVSt3FY{pU`R&%TbD<;`Y(%YdU?W~z7iw)94YY6kiq!r`LL^qG2 z5=9BgcBQm>JL}#jeZYm;A2_j6&b0T41%OWNeyXt(;SZUfx+7GIzDNLq!{O_D!C^OW zL%rMh&Rn{gA$J1x zBYopBGxG*I;G)qv6F}shCop7V>#Ij`4g8GQ6ufujm}HbyzoKARR7qg-Wl$1wSi!>f zn(A~ipmtMWL&{Gq|FtF~iGW1l*d|0B&KxH6wZkGHHR$@|ifPs5Eh0 z)|b19qaI6zI}gtK1>qx+&3b7s0xS*@r;RQk;vTH1;2ex-PBK;Av)3r4s3=9BnZM+j z`Iw_Fma>>k;ivC3i`cI3%nP#9^Hrs@yRYwrTfEu;VIyoQ>CKxrn(|JMRmo2QbFvU+ zDSB0etTlCytWi>>3c?w7X_vn&k4tZ_OVgqxc1=5VE85V|w<8(eb|ayoVu^Yjqv7cN z;V?0#775851F$=kqTl-&);kkcydL3{VGM8m;8EgaGHxFFxttI=k>3~8-foJ$(fm_F zrP(;Ef$xmQ{WcnJ=-Md_$)_ON$j{%bvyg5Ot-FGHfJrjF0eWj1=YGZ5sF)!DoW{OoGj#-2QEDZn zu&?mDu@@Vzn3)%0O;>`rd4{m2SisZ^7W3@>G#34upwH7D9oAw;Ob9& ze(7O&lmz9c4X^bJKGR*c#%Nv;RRwF# zi~*Ca*BKk8=a;+y<)S28hPqFELo`pZtTwk^peuN`KyEd*gt3J5p>$~Id#TYzQo-~y zDyqM4FbL5q8vEAoL18H7jyi|Zpo7CBzW%o1*$dhH;7ZCvWgl`zK2Cb0bWwd{){m(k zm)iQ8Pg#ieb0y>XrtBavg2N6h^26?T9}13Im69}J;H<-7N%i*ZFyYgA<9XxXG^$Ql zZhk&j)ncV}EI>qFhTsM@FSjgO`E~d1yI1?WWml;;>9(mOmB0 zI(TU(z!Fz03rT7p!$hmI8j=D6Uc2W=7^!n5^v86Oe;LC7MHylrf@PVZ{LMrV2-Rd3 zi4OW9*13MYddJ(OG3r0e1&lJPL)MO0raO`(1&ZwrP5TTLBVDsSl!U|v46lu%#=z`!rz>4PZpEe>?0yX`o3 zf^rw|fKHsg-&R^czSxEK`Mx1c_LU?-+wmnP{Njp<7+qzJ#PDC|{inTFfLP8$)XfKVv1giV8mZ!&oh+528MjkM)SQs%ms)%bd5L z#&!*AC7g(I4nSEgsaz=8Fe@nF=dH}s1hQILL7IZsU`7i%EO~k4ie-F#&7EWZ+~l;# z2ir>SfY1^q$9uRDlZjV{WKWDT6=f>{3&62D$`>dyLUc> zLD9N>{XEDcbmP@VW!yr z_{_L#@;g$RWQmL9FQ#K#jkj+i(Sn*8i*{q_GPPjzR6$-+HjA@kb)uJxnu2@B`Aj)R z1#utqeB&|lG@8=s!0z41aN%AxIlbF~=U3hJx6eA*=%?7h5#kcitl|{Mw<@2F7=fnX zl8%2?Qs_WbT;n?5B%D~ND4hgT)a*x8DaH62sfQAp%1Z6~y`T7W$i=eTL;gntb?XjM zsyq?dvN+++ZDgr34Ea?%^#oObRMRPXR<5cE6a3}le(xJvD1YwDx@yNag-QlT4aO9B zgZdWvlWHjus-?*>ky22OyhLou;)Pne3OC!|Vb9BJ-AO}*RY%ta4TZm+tVlHlfG8(N zCasuc#QEM6RQB^~8FR|MeGOGzD+~YX&L23qyy}{T^$JS!!eaG_h+MAz&}?Y43D%6E zN$Nd@rAocNDx3;4*$XXq{abWd13c8@$0`$nkBC(S|MWztrWpwI5x~g*B%8uN*wUel zejxpQ#}!X9-E7e#`ls((f$GI=y`92*4GVKAMN3U8SewGU&FX#CzpK5oA2cXyNeT$X zIqr3pWB<@q61Sk3{fMZgklQ2;eSf0+8_rx%up_33pn_e#DlDyD6rpE;Sft9h^0BZ^ z^|p=`nLL6g$%u|+^HYJbcmD9J3^#8-$oMF`&Cs+2IC<1HJIG{*I2HKmaBS-b`>KuM zAX=s?W$0@;UVX)pv+{nBWdCZ%)@!| zIitk$vOk$6u}R(*FdX*8@N41A8_nEXhR&0jPc{_BI%~j^t0@w%TM9H-mIu`rD!jNz zE`3bEe3e!ZsoB1mXE5GOLcu}iPvzx(z8z1gZ5MN6vx31b=V8-yA=!gsRmREHJYQ?T z&MUOMxDA37H>|#|4Rkd2ir^rqWiA_S4HnXtGA}oSS`M|?wM8jc-;PCg;Ovae!kzY1 zh*8N$&5G*%jOR$bp||a^-(4sRz7Gc|7W@%Kp6=pzRXdur7tfafZkok<+j5^{l zt10pUPye*;mgm7fm+z}?@1cSYR4X`DKUt@~BkidixF4I1JwMK-);7`2kH;YTx}e@I z1|v}b67qsf<0o-zFGshpJc4)oi%!eMCG^EnbG`&hHrX-Fb*yB1u)>;U8>lK;wXx6j z73*^E+nO5UIu{n(+TueMcq&E!R>jQ5TLbDDN0Ccpvx&w}rqrCnEUC6d**X@ExpkrO z@B>{t2{sK;2jQ0L9AD*+Ebe_AzP~=$HV(d@*;;<9v9y%UMeiU0T-g3LUGF7X{!skg zsn=Y3)XF?%**Orc+pmJKCr$P+em7MocVZsB$}S zsjae5+W__HvqwMs>De0pg5+P7{|(8jObokkr#Pc8Dc!rUz8*{~pvALU`<1?nNtC;Q zaa0y_`f z^~sA#;+w5}Ol`p$g$J6CI#ZsmYSEyGbb{@;yotL5VZwvw20)&NKpHhFP+`>-lv*rZHNBjbxub zQ~HGe(kbzXWCI!_jS?VnWr6R|P_Rc|3SdXmtK-|jvJS^Duq|$v!)d-rZM;wK(~N zg)Tq9m78DX#k`805D67(S*3ELO)w_~m2)t?*M!U`F@wto)#D{6Zs*rXMvlu7$0Rbk ztaE&s+|o_(LQB5wq^s7?in>yDl29Fh4j>3rhZF22q*fAuc*shY-sARUanL)J&rVp= zOpGQKBIx!o^!OdRD`V-m?5g*T`x#r0bl!y;0+3)*C8-BGr6`%$H<} zcm11UVw{YzKrcN}-|pGzyu~h};>0UgJXg$6o5zBDY|sDa>^pHVkdgJkd>mm=5F`iJ z>&@oJvp_l4@%Q}7XaCZFS_snqfy8@~jseK1xt^%epA2!9LZ)%^O|8(l@V3aZ0~DlW z19btzH&3}mf+yev<}_mlBQ4~ztAZ<)NiT0P5#JY*on;9?qAkx{=a54I=XuY|R_<@r z1gutY*%A>=l>`WN-eNyfQOg&?X;$$a7Jb1JbRc78AxN9>bHjl5qGKDc;7nUQF!=)s zNwt&dFWa0sZA!v}iCw$o!+&?P^9;e`_PXJ#|6&AA6-~|Y!B{^DYeWM1#lQd$QP|CK zL3eF~21qut&PKmpZvDHr9Szc!GLNP{b@x^#;J_YEL<8i8;)^oUJcqA9=w`R21Wa1c zzQ(unJ=tSMsd zG9#y4@=AIN<-)Jf7O8P?h5SyF#efEyom&7WGTK%F0)BS^0Nt5e)@(GLQ!Fz#xR1 z$^qbmO`nz*nf6NC<$A2C5<`GJpdi%qJsSA=%&0>vTUJFqp1XyNa$;%c8KjpeSuLOZ zgC({on2{O%2r;n6A?mG4Y=iz5-rJFx@W~K6V1{{iCQ2aoZ8U6Zh`lM$jtaf#{os~5 z6eJiNJoYsyvg&DQdGd#T+Lss#QDxiXn)H!@i$c~~N=Zp}owxPxuxE%pq!sPtYovuN zssOFg7`!(*#<_H$><>bAoqcZ*E8welDNwZDUYqEMy|I=}!H|I%uNQ_&Ku4uatSU_I z6mL0i=EYkAR!{O5sY5npAEZQ)(%0jgQ-6tx@*+#=a7?7*nfI>R#Z;L9HTS)is8hS1 zNNPeQ`4$>7)@QQx%-5yboUV_l;d;O5zxReI&Z_}_v6t->Ig0W%BwPv9(Hl4E@e{ss z4(Tj%)gmQ*|_w=x#6begCLT0e{YRu;Q&OMcH#)W1>iBe-}KZkD8YJ3gB_m%tL;0-=4@EDfLGE2pJ$)lY2 z9-^FpMmQ4e$xeFfX58WiQWw0=a?dzvq4~Ei5W)?Q@{o*0&B8}j6%{6qffEgOM6xoV z2cT8TzxZNO5pAZW^m=2)7VyJS#ss}||7;+l5M~JXLHafT2#RbM81Qfx%#5A03pWV3 zDDhD8b|vmP4_JlRIi>8c!`D&?$Ub|IWz&YAa%$z_C6{4L!gi~T~GC5sqz3* zq6IIVs*rbQ*ZKhg%{|Mr9X5ggsFmi!tgUd1!s*6#elSujWc*-=s_B_;zuM&tg)ek!W#=qXpxY(T*F z+3>!%`=Z4Ln4bU`;$Mv&{jTAYqW|dZ>Jn*R)wY99TMdOm?c-6dw={nWCcyfK&yOe0UPb@faHFRTm1?+Gl4AHN91R zJ%xbh*_#qA5z>!>r`*0iq11m*LZ&gzK!ME@XkD3TO z!G%1^;b4(ynL#vt8S3ZX^wC>yPR+bxQ7E0{AwR>_&A8Q6Qq{_o*e!(l`Y5Je)dlCp z)}1{xaX{pxJo(fJV87OF_ARI-k`W>sqa&MYomjwwWX%KI8nYc0Tk&L;4r12f(rPK< zvj_I%s}DBP*+aswo4#)>4reD&5|cv`_Cz@jztj6+?wBSj&Z<}1(L_R}1ox+XW;saE zi7C(5vZb$aJr?rIa??>VbePj>dFl#Ry;YN8lV%NNyM`yNVkQN^A>D8T0WEHT8Hgrx zHufqm>!EYQ#!l!hGd{1JD)LfuWfm3?g+%*7pQ*AdAFhs-uFG!fZlWH)05nTm8Jeej z;reXcRJCAGn#brom;>*&-CUD6N|gZ#I;xU6BmU9oo*H_4lEu$s##&>`aM6t2QlKWu z$^f&Bs-?hoxGi>srE%FgShRBKKpf@ob1OY$q!SGBkCj!{+L%AV5{YAnx2>D^aTRD5 zbWIXVq2y5S#Oy>HrRi1gDy~YcF9rgE5q~-C%AZJGU!;2aM^^&2y4M?X5`kA)|7_FN zPfHy+VDCuXzQ*6%#>J~%4~VPaxJea?@z7Trs)ar#Xf+?MpX`m{r}_#6M&O7kqya3_ z!n=R4NE<2zyHn*&SRMPljvy(|8#p!<32VfG6LvW#e%na;8T!j#J9apfKQ%v1(DQm$eg~4}=g1vq+es z&EISR+*8--`lRa&V7>hayvRe^oeXLNfcQxBeD^Fz1w)=dph<(&l~zeNJmm*DEdqN0dvSn2DpUOke$ehh6|K zyTWL`B>P$V&-FEb4kz9GSOe`uEZ+BKkTvn9fsE*aEu}#gkt5)q(E<)F^Ue}e$>KEr zWgG18CXL}k?bd(o(duI2;>gKlbNI>qNEa2%Hhlg`a|O?0c;vG-`Nf{;yV32*SDKQ- zq0+^sg04W#@*2M1n`=I~NxESS|!-+g@tn9i!5*CiMYvjq>a)4>7fB8qPx`E_)JBWe+6CT2O zSNytu0rp!#mm&V7A1l3~Esi|Gf)Gt>0sx>SFJGq&y%4|7MZ8iL)Wu)L192;-qcPuE zcLs3DGb0Eg<9K5&#-PbkR<67*nLLZMj47M@tqLH6|-J_Z2ri> zgq7d3Ya7seUJYPRhEj{QyoUU=#4RV21|7%KDpaoRD!j5i&KN}Ou!1Nx)# z826}hoXy1pcBhs!MLI8pmo&#>)Q|H#lQg^2l$m&a zSS^NI{yxUX5AU=b_jxmq#=^Uwx6%~IyH9M7iuWn9rc{`P_g+X&tBfX&6YrjDTJIyO z?Mf0cD*{3`=ao{6hin#}3>Um(B5$D_ACaQN8rL>Noe?__Np`QR_YFz$s5xhwP%^a5 zTwT1zt1>qf(7m{AWx~!utxHPIl)q2=qR78*PD?Eu_h9xZn+u5e^CSNxB|^so#p?V# zb>SlnPA5Lg4=!bg&koL_q=s{n5P4jWbGaU4aK59jEe~|3*c-5_tr-l!H zb?({4b3!@X@w3h01pl@Q8>XOx4f!MT^qhN(z`2j>#Ca{X-(zmm`JMEn@F+hkx|fh) zN{}COkIYvdn&#Zj={09RFGsBg7}Cp-!B0fJ_XIxxQzUX$TsAE`W0VmvY4AHo zMFNh(8orIodCmV(|Cj@mpJNDafi55CM|DbeC#csP#@LbUNq|F5Pa zpkP4u+2iNX+d`UbMqUm-tv@{{C#yhCv7HaJ1GfzYj2-`&ZIbG&yOZsz`yu9C2)86w zl!i)u6GikOtmZhH0Y#bo*A!|3B4(zsde=zSrw^mBKLP94~EQ49hN(n0L7QMRn7zHw%Jl{5;V5c=}@N%4|PDQw#%9viN zC2TjXna_W<*vm_-BAS%8+=V}&6xM~9TdE<5jxX~JoPa$E_{sU z1ElskDTGjA=_1gB^;Sut!&!^3zbFM~iV6G@(jrB^8=*h%sp+mLIjE($YvsJyOxNcw z=79b6951D8iTtQ|27@1+=@*+$3i}_o;%>0iwax;J4TF;W28v-8bcR>_k@mzR!x;$m zABy9zh6i1mqhL;Uns^M z5dU0!)$3V?Yb2Ir*dm@zp#<+FfX;P!ud3!y=PNZrZwk#A6#~HRKz;}fq3>r->L zeyJ|2w(IX9+6Ye*0rx7SHLE8z;`{FE4r(B5#8ng7gnLM^tqxRLkbC%ep9j7$%EL0& zQn&1{bT_5MeGr4kcXX%l>+*g#xnr%}S-6L}@!V**tek9n>EKKPfuVA=yq*uII~n?L zqaN{{GvGWgkeYx|EUu@zd{7nJ3E1CA|23#=Mu`u52fDFbR4XPY1nxymk4c}iI z(sugWXpW(n;*0zYUZj{Y--{0?XkdGs{L<&?Pp1_5y4?^DKDQqdc4fWHm4ny&byc31 z^;S*B=YHp_BAQp;n^wESH7$q<@#DLwTjeaj7CGqw@Z#)|0Sxr;k7*Qb<}6*wT+5J> z2Glzc=d9LuI~d1>3fXULpCDRRE=m&RO47h$JV;jlnc{=)Bj9D1Vf&*4mkIE)99GM0 z_p)B@#T`FPc*&Eg@$$Scii#(pu}R(F*tf^Lnxk1G`u+lCI;;9U_@N1`_0_7#%$d)P z$@7Af12^8C1lG!Ir!jX}qXn&DW!Edp1~QyI@?O6jKTA?9GS+jt8s!}AU9fcd>h zEqlp3(}TB&3;Q9i-_h{(Vof=U(O+o$@Yjgxrodl>iZ&a`6bfScLtS>oE_L;&x_mNI zq)ou(8G5pj>iSy!ybL2iI5iCH?pm-fEo8`aD|tX00lNOS*kp>3c4^{_TykdAhdPxV zRyu7yn~Kppch-0g@h>?J6W*vZmhyhOiCplD{=KVw(YSP&O194H&m1LW=tsisWw;Oz zmgMmq!f-%~nn2x)imFF_WFp~S2ncYFBRTKiJ{pDi10}nk>UBRbl&mg#j=3w;nBn;?7ELI2<{TNE^_>q+0-0o`fCu`o(;k4 z0W_N19|W>WlZI7F9AsCKitFrnU4D(ffWBaN&DZN2oHba ze-*O(|LNB_cFj~6!E^p(Si<@%C$Lm6gY@izJ@xM?-^mm2Yk;hp?|*+vfE&Ds{lSI* zuXX<%x|rYOHR4myyU->hx~YEj_jBRO=15`FCH?2ONtuSu{rcBWy+r$R5D?Kw{1*qK zy_xWaSCWkWAAQ9il>hwB&;PsB;s5?Xx`1s}_>V05)L+2Vi|?Mr#lknB`_mvQEG1Md Ip#A-S0I8;m=>Px# diff --git a/images/web_console_3.png b/images/web_console_3.png deleted file mode 100644 index 88f176707b21c16199e5de6b394eba5cafab8079..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 41277 zcmb4r2UL?;v@SEwh>8d{P!KYRQUnB*-l8BPH6XnYz4sbgR0u(eAiX2fRcfeGf&`=m zLX!@m_Z}bwQeJ{H_rCS+y=%S8TJYyDIse}K?6b?a_u-v}x+480mP<4=H1tX@pTDA^ z`SUpq&F|<7zf-QEMHxd<X_w7tQ@R0e?t>$ z`c`B;(ZsZ!KPcqV(0sYpO4y-tNAo)If;ma5c|ppFj(SQnC4F(f3_RK}V{LSHKD(?G zyJC5C_WA2Y#1jVUrdWzU0Lgq0Slt`?yJEJrE68j+2#vRIlWKdw@os->|V9XZ? z&XsfoJS{|=c7Z0we+}rw4aH;dnK9%MZd1|@@TfL;GX%1|B?wtyCQPJ5&}B_{h~x>* z8?iF#la1YfY2+`TNX5ZkoQw%Y2hwR(De-3l_6L9j~xB0~E4)8>a zJU~m{oV`(WT*OjmCkzvh1C2taZJTyt$luK%Xh8A- z$%wp)AS|9j4&!%Df5wnoF_6O*$SVsnj64Y0CHX>@dLRclXp$LuToAEEcYg~quLl|b zwt*cIY+4pEBV?IX2~c0$^5C#={3aBvv_{S)?~$z}(6}ma%8U@XBKy=4a6)p$x;6&j zS!HqOApW=y0P=S|@)0O#v8;K86NpCwPE!H+G4cYC@&~JU9|a*WlfJ}|4$MwwagCOK zQDn-zQ>V+L^V^1JwGcqE?3YsX`?5qPNEcxaAr3P zg*CI&?mn2eB?cWk#1OYNyt|{b0 zzzl*6BCsZ*5G42vu1}D-x<}sMgX}W^Ns;73STi{vN8TY<u{^}p@F@J&Fy5E?lv-PA{-ChWAfkJG{!nYkEK~t+W8Ay;!lR0S#cyyAC zIr41SNE9=V~Ee_?c`AvWeuz3F<*u?ql>`Wxsmta+S|m zmZ}>q`CZOUO%7|WU`Nxu%j646rd}|->+zJHFp3NznE}Wh;1u%wE6OkBSk1T$M1Sic z9;g`97={Nt8c|DAX8@`9z507h)#y?G_z#{bDE-b~t~%HJjUA*V*>6m!`u6tSW)<04 zgWRp+@da*35TbI8Rix8iq(*`3Pm&#P4HxDWEm#0x;O`934BW8;a3be5E z6>*KL^w_e%^k5Vzdd~6)vIl}J3X)qWoA;_+ z-0%aj80R&+vCamTeOvK)BahC8TbV#HUb`9p!M{etwp=`PEj#!2vPj&m_;KFUF;B@G z4VNOO@tW|u3zpo&2xH_&>HM4@`(7J^sSDleThzFqC49>AmjPIAca}{hxA+Dfo|^hw zMl5CHzC*|Y0CGEdc>%GD1Mcf#u+6^2FL1$@)0jc#*{!^atm@-G{T?mV-^i3JuN)ok zQI+l;oM}{O=B`4q*j#)hbu9)A0Izt$=WKfABc~b(<4W%E;l8Le!9xJ+l|f!}-}+Mn zv>?%|f~TvP<46uP#d1F(*nitO-e(9xOUY7J_Z^b(G%$GY zLv{w`I*`B$nQJI%h_aCc8OevUH1+w~R(=$5{jhT})x|EQwnt3<%fJhfc4)IoW!B1{ zy=ood(2&x@*2g0P6lsn1jle;lM!>Cz}+44hZsU4dEpD> zv{05JXU=+}B@oL=@d@NbOUOotDG{GdI2I)60f=jegYP?F7}-QpVvp(%%18u|f$zif z1=9RWR|Nx1)PwQkSf*T=%12&_)nA0K!3WPT$-D2kk&0F#<`4Kn)B`ptI(u19GG7B+ z^EqCtGMDSiy&A-G;y6zQ+OTIL!J~(hx_;`uk-}#%`!5=c7LO)KDr@xE?Bf*#fnt-I zDHZ@q$|H_8Z&SQO2YI#(u@VD0a3!>3P87*Y+!*qg>_ALeFvWp2hvN0feP-lcvy&$~ z5FCQE4=Sa^SLrPCC;J5 ztm}y5{N%x*F(-(SfU}0w;|I+e{l+BOvYO7Ke zlVPmcIE;Dmu8>KpMAbg8ypzHY4SV8L|1U+KZMU#6ll3p47+xs=xkQh=jUmk90*7|X zWeC;vkhMhDnP#fnA^}K~0Mft?aW{rQ2~WmwN;S!gBrwYIH`*z>yn1mQeIcVU+V1BO%m$zIBc^VYFf4z**tr$$8 zy`KSF!IHqI1dNd^#f=0ZsbK~KA;2|w$!KP`Ta4HR`xi;@jdeq8!_&1HkfO!o;L!ABj)l`X282Kga@{%1D1 z3v)~dp+w2Vg4h-E*v3+JV{9+w5{9^rCJ%FyVC2$+Xx}qNX89Q|{|dini~mhxQW=*K zOGeG@HD^z>^v3^1PV;TrFsY&1a0>5Pe}Ml@{gz5epy4^mDK$FB$6y#IY*dEcDm zNv^In!kj%ed+8xynLKJn-Wm~e8})%P3%)0Z7^DyWT=mfg3^V>0)JSmR(P?Nj8JbebwVmxDIB)D^io&@bS=WnhY!_%}z^A z_S@d+z3cSS=Nh+uqiHFr#|jDN22KQsf?qRyCpD#`cYA$dEP?PBk{1=4eX(n1!VdLd ztk9oCZp)w_4bBhaCDchvTI|HSXWc3?;Y%E8%OWqyWkKlWp~`owjAcQ-HMVek6wW2E zIa4I#Nu&+E`U`xNxblpC&^q%t2a&sdaj5Y^eGX>(N(Uj!)C)6G#)H}rW@wPhtc`bI zifH6UTcwG;7oy}jF1^-B!f5c;Xcpm7fLc1Zvgu>&BBlXf<&KVH4YCELjB4}#c3iy= z>G;hfOY<=Mg+}JYVk{ZUy8*hyMJBB7Ggd_0rxQ6gUVdh%vTt2H5^GZZ#CD+696kVO zJFXvcyeb$EIE3_O483AmKa+ z!;Iu!7vncBeE1TJP0ThrRl%0td?i3MTU6>nt937XdryJrhC#l1TJa)RFt_g>hc;{y zEHwfXf*7FhEy>2)m;Px^(YUGb9vB{27f|R^V*h|VRozw&wkXRt{z+J@Y15>f6MBFK z0w1cG76}@l6ozQaTS-6I&3;PfULta|3LhmG*h_T;T^cXbG&sKn_|yqY36y@uT`IFE zua92v<{SCgb2ssnaRv3sME;I~;I{NSv%zn0+-n)LWYrnNrgtg10$TX3M)q}K25b%Y zHeGuD*DTxmoRBRNqmN<-(#5#TCmBEw+j@HUjn#y2#XYxjNkpk*fP*99uW!E(jAdPunoP7d0O&dBa_G)@Y7soE*H6e{6;0m z{JjGWJ6`%Bh|b;}qtZ3QB^8GT%0kF$T|yF$7$A{8TQLwU1Zt(DT>p7W-obuPu-%Vr zJ12BrE?|F?;SJ>OW&&y)u#A0L6tsN1GF8)AZ_`$`*TO+ZUVEGUQ|FINC^&u8@4}?S zhL34T@VtqUsTET%i-(N4sU-P8_}iAUFe_bj2XV9Q*h;n_bjTw&rGW08U`2;gaQwoz zVlU&85tbWryBbj-w|l3hvN61z6>pBr9%b%G6c@;qLdj0X(9 zvJ2?~+Lw9Ock-u+ELKg4@S8S6~SyIH7m{ znIn6K!>cZX-{hmsL1_NxpbsKzhL+J@{(x#agu7;LcP1C{v~r6TT6;B zl75#ZB&cLM?qhNRYqnbk`En?;fVOv*s??THsy7&}G8rHkY%e|s#h8EfdpVR@uoqa^ zY!?PD8HX?B1wC5oMkwiglJ52MclQDgKWS@>1{@}4bXaDl!N3vFZb>< zTx^Y*^jXY#Zfey3vRD=D^kFpX$wBP?!Bta+J*(o)!2UGa!nAqe1=&c`UW1~nyN>%e z92mg^OI^hL0d z_)4Z`Hr_>{*}sN@{LS(TBO8~F+m3V_*VJ5DS{tXXD^+%9M=&E3^Lv%LOM+&k9KY_l z#;v|EC&>)*IF^-Jl7@4^r+!BX8P~cyWuLkL)m{cH-#)BPL|A6)Su_l;wQH_CE3SF55*J2s?HPgo3%RUp52JVhJpg7@?j^J3U?{ zSl=>H-NNPuF7K1BZ@hW(;ACj~t#{{EyCgAtb*9FfoZ{6&6o1ZVa0Qz*+p($NwQFVS z^8ViW01qq#n_*Mz5$A!vf*n-7VgNj$k!T*t^cQvoptI5xHHa&CH;xYV)sI8=vIn)j zr{i_`LI7Q^Z5+pb=E%bbBeU&h|5_9QGfYMp9t{bp9xmLYpeAIF>9PYG*|yvRO_S)~ z)Uu3xazfljgj=G{y^F|&&MkUZd|z*EtJvAB~TGf&x&hB&^=x2=@*B z(%q{C;9&Yp*A&_Y{S>rK8q8CNEXa8!wmLg%qrKhbtri_68mWte3b~HUq`5Ldg~+Fv zgSdk)9LklBB$XcaEhnkC$s)OKwX0qe;yuyrf%_C~Ec zy=c!i7%ng%rz!wheUqZS9k7YRqeGG^BA3lc*Wh*|u?;U$vIC}BgSn)?kV`Ss%}X#- zvC?}p_(@`ubtu0mf2U_87lXv3m_LH2YLL7$Znqw~{Cdn{|0@eMQzQrYz${yqe9~`E|rgzSGriT|sIi zzrJ8w=NM0h-1)JhP6ekOwdt@)6P%MjKdi{7koU{THfy8vx+g|naT|muXo_XGW2l52 z|K4~^zn;|_f$v8eu`gSr7qelL(DK5SK00`j0r`!brgIw8XO$sTyfd0nLDYq587LCm z8*oe5B(jUKW`8{X2uzRf*tEtHs5-tj0G$a{ooe=gke;1uD$5S~ZKl$V7E%tf=(r+h zHI_%<7CRbo(WJa*==T>%DwU#>bpj84H<=z&uF z4Ju6N!p(g-?Qm6LyZfHeCrnW4PO}Awq%v~-A|(|5TP@9ersn!&1LHDg*R|Q;o*S)IybqXze^KeX!dPcM)g`I%=2AxR;`SV;d4~*$BzNal6l&mC7q-fTKIIWZURnw(}w-w zib&XRdEq&iN;r;$Q@YG(-NA3CZ)f*;o6g!O~GbJ}DVS+N=A3Jo)=UEvWOs;mYdx-%5qST5@u1>{&hdFVDN4lVHcE-0F()In&C3uH z0-SyrbWU_lWfUo>i4Y@PfshLKDZYA_Zg5Vl9DczDQPBs<5>JKUk0W;*p_HWE(;Y7) zNJgKWr=~$PdQbn~D%53ad`zu!{gYmmKTc-A3N{_Y9R_i*5+}cRAW30}0>7IIXT`8> zq&2ef5Bw)bdiOVu$X(^F(@hP5_3vL3-fZvgxq{T_0y^ltAS z=bXr9p*j%6-k5vT_sx!&h@w+ zJbH^X)j8?*L#rfoWOh|Hl3DuZ`8=tvNZ@B+`06>Es!%=Tu$k zu(Zpe&mbRL=&^kI5&Z4yi(8qA33NDmLTTb|B_jFmrNz3$X6l52qcT3Tg!Bf5{D#&Jt z#XjD0Q>f^)Am5$Ll>HMZs~MAh@<;Hq=Ka=7x60uAgHEi}5#0hx2~t>mSp;ijLi}tA zSImgcBknKKH+z=vRXV6XjFb?CZnd6s;8v?NvmT9Mxxu2>8fY$g*VWjVR6^WkMcE$jTK@w(<>Fq1gVf2E5tEac_55a1l9gj7!y>yX5 zt#BqOdrKbVo#}6jTD@+{s47oRKSa;iuPSkLNvI6paB6wfid<<#2G-r(sOLmUDIL07 z3~5Cu6p#uo?CsRJ1ua_Acbz8+-vjF zhq0>+SlvzeY*eIni5lkWS;hKqlhQ-0=HgoxXL!`p>;J_({0I8d^$+CZck6#FasOB2 z62r1QWR^QQCQ6kAjrep448OJQCfzK)*-1XTl#Z+Ik0GS!Qfm4;n8Up`yZfR^?Tf+ zp}DEn;k{5$D`BefyGKg4!dIveX8a8IqVZj(P!(T8%BkD6 zKQ4D}X#BogyIQjsgR-XAepK_j(hYHHXq#rVBl~x8dNv)1&T$?=i3~u z5&PIf#l8}^e^J2aQ6eNbpFCtAo^%JmUecip|+z%>3=Kc`{Kl3Tn#9rv+-00P z!t6}k#-bw$e=fv8RGK5Q*K0yJK0_CBRYmaq)rz`$jzZ`!eOj5$Be3#6ZpF_q(#xmM z&6TI9a;AlWd*ZICf-Xk$zE$Ur+j@9V;F%m!BV)5CA~kW{E?F=sT3qKL2;aS4aHvuC zT{#L^9IN}ylLN(PROo;1Y~8-@@ZB(%Jw0?3%j1o9)iUV3Gw=DLuNE0eFWdlL?^$|O zX)GV%!;1nO!EI*X?d`l97%;q%#HI4Fm|c$!-~HD8KB^-GslzxCTwlHvY0aq~{UWtL z@lZ$kzTRZV`9V`|7a1{Rqex2T>b_8!no5`?RljBfYuT4AuT&Q9WdZNsvS)oaKljKl zLTPTimTmMXtupK&QPwk4l$mvGAVpM*i{Xu$=vIqH|1S79rN9&HZvunqp)zaFymW0u z3lDDljptjd&1Y9jA9gjq*NIqKdzn)Ul{ai()R^K;?3&LX@Aj$Tx4>Jd<$2$J*qcGm z0s=|+7Y8|AWtM4*%S67gZqt5ORV0$)WqjkxT}Ucc!(&wf{VN62NixQuOvvTk0NjGJGsY7W2mN7MwJFVTEazNISp_@OD& z@cHcbS?C_0`x82Z;&2l|dnc)(es}a>d$&MY`o67)1D)#dd{p56H?R1D0K8KyQlcx`^~Sb6e` z^ua^e;DqMRXboEE`GCcT1{x0%ilA)!VsLw%8V+_eug9U*47%&3}377NnZz$<(9u!BaQ=YcvEUds-jvWVm%0De}lnY~20AXt(H= z{2vSFE9BX@5Nv;V-MC0Un5C`F@@WuSIB$~z0`+-z$altyhW0o}2#AGoC@Ux{GL`VD z2zXU*bX24Im8>~7?YxU^hqT*;fIH@uH>%$$OG&WUK4NiMeY{zk$iw{Pr-o6nSN+*~ zbpOhW>HvD%D49YF5$r7oZsLv?oc6}o83zvdwhv+rU1sN;!#$B#82si2c8Vf38HO|@ zld~de-2-K8(>zKFhbU3Riw}w659F@?Okizinn2q{?J<4=S9r90v*LhF3Ch`Rph6Z{ zIQ$O1SSYqUKvHe(zG<{3xIHnW>WpPaqwyWo!kr`&_;C=NA61s4O`SHsz)<{(LiY2G z&tWjs9IoHh0-7HeVz!pC5z0WjcNmv<%r5&{!=`s@r^HSQXNay%g}|fcX_!g7n|N3Bq=~r9&X6}3 zY7LN%q2H>8UF9psp$7!ZLe$~Lfzn*1a<54}!WB<;W2xO*dJVv$mT zDupMa43&Fpgr^I|9PLVx2W+gED?a=Nejw^n`tl+L0Xbx3-7l`;ZPQ+QBvzHl_2~wy zGeR`bEk!Unw$+>i_2rehLeIuWqF^XkLfa^R37mOvSo4;p{$jyWehv7?_*iLC4T7g+ zvENTW^}P^AOWu>sfmvRCudSsk>DTPu8xyWc+=<^z9Co5W4y(8%p0aVDhr{9J)`D1a;`QCCuru@c=NKo zHzKNSkHSEA7CG%g3XWcNoR7aU)Ld#1`U56^3@i@PPg&qFE_V}|$P}jVEANj8Wvb~& ziz-$4X0a7Vq2{%B{j`u7>K@hzJHYLJ7*eyqe--%75mrdarQMhoV2T}M@2dB1B>Q@x z_CvzoxoFE1#NF&Zy6b&Q9=;vZ@xke%`Hc#VJovra3)NfxjC6Ab?*|$02XLvZ40h&z zCj7n@c}YcAexZu#nKAE{v-t&qp8@^y-2rOAm+(_eo3CF~{+`Ph#@Z@uxo%qv#{XonFSdGj4DM0LRc~uXIdv*>z^hoNX;2N`e0b{L<_sf{M1sXhK@prdi@yXLm ze|AKV73k!t2%!BRXA6GZckwvrJbJY5d@v??flstp zrME2vW(%K2sC0;i*0u zqg-u1UulQKe}%JHfm^f2({+!*q}D4pY#;gSbv$XEH7_KP&813}#zwd*z%zyYZ}#8u z4+|CEJYLh);ORd)p5)rGmF1x@>juzeTNe1eli0|f84k-283=03%9~zRdKq(R^7c`F z{|&Rrx%YmtmvGp8=ZL3k&s`Tn*6JS!?!S$gHZ+lc`ZF!Q%FGB~pK0HVS6<{>lMgta zjFt^zue2ldKR0f1H&K6x@J=rI>@t#6(RfAj>83zq6hlF^niIQY|6A_7w@R_4s!tl# zpY*cw?_P11s*pV#9kz7#X#w44_@LaGwiJI`%ygT>tY~+=JehL>&h}Ex>u^d*L=`of z6DaU0a0>sC!b3}tKCWYPDQpIw9c-kVMSDO(pyCp7dd;IdpE+c+)O6}@sa1|yTIRRK zN!G-^5{-0QNx3oWM8A9rpGPj&rH+;<{UWCeR>Mmid35jkd)cMORML>26JC9dLta1Utbq!%|*C8`Mxsv zKpX7*$aLvkV!%uJ2^*hh+=mTgcMt3)m3-c`zRQW+B^NrEaImV2&eP;_bSs?9bn{1i z#rY*|u?!hjz1xb2kU#!5=99o|)9`7DJ!U001c<0Ury0Pus4xD=Yt|$$D-74O znlLtTbR#lK>X2WG^Qb^EvJqqWWJe3LkN)mOfSMg#}CsmvxQ8!u_ag?ptzWb1@7Mt%{R?x||M1vNfRd>n~cQhB@51r-U+FD7{ zibfov4Pmactj(cc_)ubzUb>rWX0K~Al0$#~t)rjb=(qIe@lFMW`WV*`-ZLNP{97v8C)p1BO{Y{61UCJH``en zpH;&Q?$5YYQbd@Now9Q&-EiLTxwFL%tos&TxMwGI*tUc=Co}J{e7jG#UyREVXN2~# z-Lucn{3~c7oRe=oAUg@8Ucy?%elynxRF~aC>ez(x?FwAu=}0?^Sc+|}1;gE5KQDuT5sqk~ zjFcU^^ob5})C%%uWCmo}qH-87i4Jh9c)_Y_>KKsN$KsG8Owps#iGDA_d&BJm-$i6I=?##1m2Xv3^LjoQn zngC2~cg^nj5N@0yIop^a7{2G5Q%dr^Y*{g(qgAZKpxm!qpBgA8>nAXv=Sz^sAA=zm z0GxmQ>T1gRu>b{6UdOff?#b^MY>qC+smuGR3&eCZtvK9_S!R1@pHiE%ICcGco$i!s zCm4G2C{QZ4)5=!uE64~Y9z=wmbN09e33=)qUR9*<>ewE8)|vISl@p4O)sk;Sy|Ob) zK?fVibQ!*Ha2pcZ=~WMM%lxz-+qBXxa>vID;eNYoKK)tvhjEYBD`93s#lQ zUdA9YCS55y$9H(NAOsY?=v?`(U?Eceg0uHJh>t308b>dpkgI_=OSuUrDh9XmK_><@ z@5oXuJ%Wsqoqt#?890bJ!3}zA;X_+DHeoFOUad&~8Kq{fUXFw#xw9h1>y_DVa}qRI zIoR*BbnTsGY~usz%7V*xOeZQc4!`Hk$!d-@l=diwp8#`PiRnmv`B%7nluHlUI6n3+fu)RCq9=QnK@xl@2rOj@G55?cT);Ayoh`=Ko>PG-7{L8NpnD3!i~fv?j1VEri(fUY zse~^SD46THjS^~-$gwzkE6X~&S$4Bl)bIF@hUyFNJCJ=>+OIg=(={rcak8MD3Gw;x z{9ek6s8%utFu9z{=HCL6W0YlFl2 zQGy3<#ViSWcWoygo;}XK7-4Q2zv0u_#zE5&ef)7IOB=>y*v%C>lqhC#{0zvV*<=hogJsymT{R}AYJEO-9FmXkex3IPTKl((3|WK=qumfH9NoEvWD zt?Yl@R#@do6yr$~6EFN#w|lsqW^M}nD%*C%=pwWFgZU;L-8K5wD{xSj2=!w{1&9At z_`Wam-WHU->W!Zp{m7XvypA+;m>?S-xI9txc3WX)D=<8v$=Mc8>#hDv)W%csQ2dQA3=LbmtoxqrRbLPKcas-uNWR+z1}3bb zASBFr^5;;9WZ`*Rz>QdS3zc7@+3ac!^p_Ef_@4AeaWfv9FW>F|5-8NkMnS6!&zGIb%-Dacbq;brWngK77nTl{QMtOl`6lheWC9#J4Xl183kuV-y=Z1s9Rus4&)bV_sdEch;}7D_wQ!3>)oT-fH5xruR- z&Pi@-@OAV*2U-qbTK|!Mn4}bLj=a*rcg@zGqMR-@6O+@j#usiHjlC%i-nbQ(W4nKp(!VOFNUnaDI(%%rR@EVx%|ja8$h zh_4%-r??I^EO6IL$nqXZ*K->esTlMr%vIRVd4%?Sq<@Zon}0mI`RqLX9Qufsp|hw* zq)0A(J8I%dq{YRfq%A)^vC+A^bom5(A0eYqZet#M4F;?M_lP3?Z1ezyU!x-=Y9ln88_*^Xx$`EJvY=pDW%}m7n+dv3qaoT%ph4Hb=hLnp}*MfPaw| zJgmGUEmV}jPwKF5zC3xx8RYkr?MSV_GEzE#`f38yqj+qrN4yBrCnq6upInA2^)r?? zLc3G_=~TWE19om?L{@>dEq#5iRBWo|htb&P?aV337?-yzE0b?JPjKf&RTRV;kaFcl5OOwl1k&>Pb1@^sF#`}m1cyZZA%>pZ75BSF$mJtBr*mY~p^NfpOoRN^??v^1~A=)13fpVcFcM z6>jKscKBY^ZP`!jzANKv9$z+nyD69|(!^`#ugtQ5=ij;jN2u|?;YMx<9dyCpUCI;P z1=CY7XGg8C&xXU?+RroTJzt%nr33%v(l%mf9hCEGl0#utkbkGc@zeA$lY@D2L&U*! zvxcs(_}8G%!kIAXRA3@gzE)pkV($R=g}3I19$<#+_Ux4Ht3LD&<&TVK-`{QOvh%TjIT>th8t1(3^Achp843Iz4q(3s zA4+l=M1~5SY&JRAF3n$p%Cm`}(CTu6y&TIC@YoG;qLSRB^9(!99xI<}u9S{{1%^PFI5&86?+RcE<-PTkY}j-oh= zaR=}jt;6NDm0WrjA6%qMb=Z%LLUr5kM#`w#`Ns1KZWMnv8?RV3=QBu$-u$qY+*-A@ z$R<)hrO@l`*CLm1{rMvKi-#25lA{&1kaO!`FM+-dg= z=FWr^c?TykSWez=SB-m+F)|BuybB+O zj$&1?;sWi}j^*d)V$vPY@pk(}V?0E94XilzVZjlm)?#OJ)pzN~2bbFzfQfWEtn&n@ z^3G}gAw@-7uwLUrkU3X4NNmV*t!B*PXXwcbN3p2!Yc{f5>vThED_ ze@?W6!`7u$o|G7rK1(PItGb1#c9?+2K6Q}dYP~h_?sM}Oqm6!qM&=G}K;(POVCFCS zKKp9$P~8ic2 z-o)knXv&K+Y#L?%94D!GzfJQXwx9i=ZwBAyB=z}6Ry&KohsS0?lSaH!XJWs6{e;{* zX#O^@hpgHb=aI}OwoauU*C^T|L2sS`7ByXu{f3Pa_LC>;l~9)9y6>wp8uzy9aI?7#nd;Qu3XH>R`!Vi^qn-CE;<>mt~|rvYY{&o5-f$!G9tvm;Ot^wlmibwL-zTSr&?XDeg|ZHIVsN5;5!ZRSMOUGfi?!$X%v% za5SdEz-zO!&K7jeA1#=DG^EPUr7j5}rlTFiDLG$;&tEc|$L?o?%t~)u!9FTM-=TC} zwFV}^<3qR|qQ|s~X>0Z6b7*h3T;Z1OCorBp%54xp>8ScX6o1sKI}~KcA}X^{ShzQ$ z<8*bhqh!+{Xq97oklnZ>ESlKz_wibb4ePft^tAw%Nba+8{At- z^A0@PCa!ZV<&OJkGhio7@JRgGTa1w>5L;QYxA&7vSh)T+7~>9FLRm+KJ{;K4;lNk$GYr18i;*>S6|gm*@xlJ-M}5m{`1E!>{scBFz-=V`@Rsf2ZHYUI7uMC1{Ov}CP8WP; zVnMUiWkAzMf#d~SZ6{<@0SniU+;k)6(~rN(p1zePzLk_2O>CAg6GL?j!OfD&E_3)j zJ|nFz;U=N)S8~|-Z=cTprdj0Q7@V??D;T$ouKG8g-?bv$9(VGEEkrVRASr30i65ix zH42F>Lw8Y_!s$7vRj<CO>fW^K0wN!jJ`;b)K-a>NM#xLxZPrC5)xmYYFuHIs`57`~J zw;vd9aTX3^$2AOtxr>D|ZhO=Q`AA&?%+@ds)VBWPJEO-*)MMbNk&5 zA%5*b=-o&@aKh5yrGuzQzh_Yq~{@JOS)C2#7sI>gBlQ>%ZLo*~Wt(5&)$@$cxt+d;5$ksQltez>7gkd0t=8XML-}_BRzDG5~?mr6a++i z7wNr(P7oy`ASFnL07?tJ89E5(3HW~Rd-k{YKKr`P{+lw(Gv_nLm}A`cJ(Z?7Gu@Be z>wGKB;?rCG3QBV_ZSXPPHYA6Aq3`FlK-<9G;<=1Gkx5MjecyUUcVqO6H7UjLAS`;~ zisn1(>71WS=I@kXx*V-y)MD<-vi|Lje7{$%jbYj||?{d%Xnfxx9Qg;!BM~yYUdDs{XC42i_TV(8dO)BX|}b1~UHuW8U__NE81% z+Ar{4c_$=r#Hd4Sy0~NYW?w=cWYW6jfs=*u@Z?9>HUEA3AENAbkf(79=^3niSD`sq zof2yw0gs_+fd10>$%#>Miqg3HZs`rY_6|?LM3EYNl5`|hyl7u{Z$c(O+aRQ$_Z<0^q>XxH7J^S7}SV%i5NT5E2^y76h zc!toasjDdIkUtS=%W@6{FuL=9lJ2tjV$&qeY=Myg@8ToZ8mm=qoh^FB)sTbOTsc=U z^+9~|-0BbCpo7(a6dkwAt698iC#%Nxe>_Tp%IT20f6k?tBnK1jE??>N|N67}mkhxB z)sxB4xkdU?MjL2{7JD3SbT3Hfw%o!55F?y}wJt#JbZ0v5z)wE6|CBr*>BK*NR7B*@ z!RP{&X^-V$c7W^>xY`B)=QM-vK*cuczP4g0r+Ik{<)9g=e>9y4`ERl5CS-ysBSg$z zDWpD48eygGaK=XwIxz-08Ro*gp3_g~Yxqr_;e5UmIC?m2fx5?AU!tjIkTkN2ACe&e zx|xm^>V+st{rZ8SY~nUSQWBw9e~Y;NKs@Bb!&B_S2e#E8s)f1vkMLTphBG}~X#tAn z#{KpHgCr2n0#NdN*xu?};pPpdv`-)F&?8km1xO%@3lJYNxNJC1R?!`gaDMGJ7-fr7 z8Xyk4N;o6P+XH;-c^7gfq`to3A@t~$wN0?aIM>2o|9T~?I~b-aN`)SEUaKsx9)gw` zVJbwR%U0f_7Lac5GR45J500MZ7Snpg3wX=$sG32yJN@;U-@|eiO%bGCjW(HEkKbfJ z0IU3pXNmAH#|%%1b|$2#=i6FOj+b#qd)KaHg)91;w!yj?+s7$z_yDbJEke=2LzYpm z9F80zmrMNRKqny}M|@1;P4mQr_Xe9-5!9xk7vyL2wCA2K$-931XMvi4%Kvmz*zob0 z8DT`Pace)T<%_vNWPJ#IvZ1j+(&Nsy08M$IP@=l51KA7^JSSlYg?GA;=qPQ2?%&0vE!{)m=RA z$(`|j<}&TMuf<)1%l@T@&qx-pP?eD`PH$& z-!-$b2h0rs0g^S5Jyb=O^74EkN1IvJu<6E((HFtAz`Aa0rt#`;Wm{Pz2Ga8b{>bor zBAVk8Fksf0@4%wVqR3E&tPE$NgJDrYf0%o|TxZ8?oJF@38Jj2~VJ9jpb&a_?Lm0$TCzK9Aqq9*`Z_Z&kuFPqL5e1Y zGO=7Y)B*xU+F8s7+d2K}4N`gaQ}^}AS)wlix(7r+dUN)TU$YH&C1hnaBhz=okd=US zy(?h*#e7>wt1&z>EbB3j`rg2|yH)_asWSSDlqxGS>mYl!jIk=TDt4e?{GB&T>;2=b zv7FV=h#^)&=`?KyungXDMn-4*ZP5(}2Y(GZesbo>p2y$m{@$|x-2d<+D`_`YnExv% z`Y+(o|E28a*%be+M&{834@662e70sP@Q&U`*hl7M?X!V(lSUNw+2jM?T#s+JD+X)I zoYsGLUUNh;>@KZf1B;S!Wzq*WR^}hQ@feHrk_y~50(IS?(w@yQ^iC5RknqmIT8F2khmeyCAt;y zA`Y9Z3a`7v&w#)(HvxcX@HUN<%y<<3EukjTY62Tr2T<8BQWE7!I1mO|=SB3-TiNLR ziKV3jp%AIPPJf#AEBVo1R|`HB;l>?vd(MHo7jT0;sDmUQCqv(t&6_^{mzTW)RW~vU zb{@Fg+@nf{0Vy8YXw;5B4W6OParn*YrhN37HP2{BJx%&G=iOy_Z&yeV=975(74zzo zA+9cZ0yGU1gEF_%)6ySO`&}hY+g`18D1j-uv5=;I0XG(oJ>HZ*Q`459&A5N)Ie|>D(85u|TTbRwW&jtGMS7hWu8NB{M+ri~VdAPdtZz zUGf3)>HCLGmi~<_z2Sw;g544Q-iwqf@oh_dGRcNLjAC1s!^gr3jk801h9I&Z=lSl4fCUW07>+@p|dw2Hh^N3tL zLMZy)Z|_!urzEB(ae|t9yz1nb=dE33*1chviN#OPM406|w)&pj#3c$f)}R#y;sXv3 zE50K@>>C!qIkMBB_iLC$$c>V)r!oCGXjNOMk{2}(HmX)2clHPp>_z1Hi=EgwWUD??Ur`H+@NzM$Euj?xl2)oKIBS@#P|!lDf# z9{!35WsfKS9#bNZR-Ny`U;^jas)Sl}6c=<8N7$Oqf{f={B$V?Mx_vOUbe-`=UdWHl zXW~u-N)b5OwBrWfUtRUr@pcM5;9wMZMu3IAhUM*n4U_R|J6v{?y>y^2v=+v#yJy4- zV}QSDw%)OcS^uO>K)pqw){L!LlELvsPt%{Lgb z-phbHt|#utoEsRvVi0kQZ>ZH~AJKTMon3P?kIP``{qYmiUXAbOwmgH4S2;e**Oae% z6V@W8bzRK_?yXi*<@QkTt5`fA;q8ZM=K~I^=;JV#<|nVtjCo)+#Z{(x_I0j7acX_uP=vntN@ta$a zd&WpctM;E_f1PDCJ_5>|Fi1D6S1p4qclpvug|u*N`@&DI%(K&*PZ+=qbMZb9j9~@& z`MH*6stE>Oh0Z%1O*CR&wuFOw>Dw(ATT_$|zICGJ0M(z~C_e@f{kM!P{lR-`N%UUo zGVNacRMQFAV@ai=T<{?s?=!izY;TUoYY2k>ulWDVO{tovz&5p%JuMF-^ch6os0Yb9_Bjzn zolBhG7pe4wGX4&;{oPU1WkKeU>0Z&I+-$tgm?Ok$v9hFq zU)Hm5DMH10Q=8k)E5{F*UbvzijO#NU1;t~>Hx5+OwN1@dhkc&Zve+kQ1gZ;@ z!w14gNuXH```hyOL?T`gD>VERXAP7!+l!GufvJl*;ScHmqp2LaT9$bV>pLN`V2RH_ zuD@EJ>pWLLEzU>?ZJXJz^u)*hqVygcyv+Ck3k`dyK|Jc?bg77YWEm{+;2@b;2sh7> z<=+!SxmLpA?6%kDe* z;ZQlYU-)QoznYcYQCGe;Ku}Do65Cr_9_;}1{MpcK;NK7S}sP*o26taN=l&M9z_i>qf?{lEa`jt;|t&E@PhCj~u-fK$T z6LGNDKtUj3C!>;t7H0Zzu^9Y0Byo_A)4@U1NZkNR| zuQkzyf(a|hMQa~YCi!@z9E^TU``tAuaF215Vr)>M1yjL@OP6-yE7nx$8*TFo)-24` z44ddcK?62sp2N2hqzoibZQ6s&%7V7ZtxcLesOtLR0~^@`XhD!=tTbVH5>r!0H4API zs!Le%*{$dWU(ILie+f7AWlxN^@8n|EP+W2Ow%#~zjogj+p5IhzX`;t^x5Kxf zO2oK^6Pk$*;alndal78U_Z5rLMcaTjXD7pFCqpy~Wmevl6pn8kOBGoCBHr0!ju$r* z(0@LVSf3B`t*+{PO6Q#yAzGrHLJ$&MaB`A{0po8@G52#SM3Wt6B!j-ef(v>`n-Djk zi8`1z80}fl*QRZ%X0l$9n?QjAeAz43?ATzM>lM(b#ecE2oiLA5{Uuy(TaQnNKaFWS zQL2@;F5Y_OYx+-&lf@^sk@u%hheQ&`fpTca-q#iV)&hB13PTKCtAo$zP>G}yN0UQA zr-FBu*hWwzC)U|QHOLQN)Js3`h1YCGZPq{PrfikdNDl>djl(x{gp-i0Fbk_^Jm2u` zLlTZ3K;ZRaF%zL1KP^;5y|PPwX*)+n$me>A3$9KCd zj$2|BW}n8?OvH-|lm#bRStCKW{R1y4q0#&&J}P`fp)-cuLerC=9@g`L z5fQFfKd#hiL&G$;aXL7Pdu{ty;Arjr*n4!wUlbKJ>M(E1y!gXc`uqnF!Y396wv_M1 z&bR3vAb!>qFHpfWPiU@R3m2bgYeK?N+oP)!#+T&1Nd+168%B*wa=y1*f!guFb)ZNt z^&7SFg?Z;S|{e1B%cWK8y030N1hc9YFbev94dr%jJ)P1aTo z&9UU>XtFXd@p4Em^WK(2zsjqQ^;PVxd6UgJe`VYGIiJHYh=Y!Fu0c-iFmfDB;gZ0e z5`#T>D6N-?Cid3TahaCPN7PpgmPW)I^czUfK543sEHa}Q3y3L34y*5u^ckr!SgU45 z3V!UGa!-eUsQpuNO+Dpv-Vk5$j_Q4Y*k>ESVOIKfS2zD)@lo!qdg)1HKG~x)&zn(7 zN>Wc9)4g`CSvdA;7=ChtNe2HHI{)*I{8LIVXHk^CZ44QL4$$(tbDezye&Yr}^pC=1 zcb?>}m_?|KQH;EA7<}(pNobEoQGZ}W-zrmbVmT})9Po`5$@8}qcct$`cr6!A0L|2V zN@Vlx>i!6!(v~XfLfo>{YYJ}Qwd()qAfP3W8an-FT(sJT^fK74WMDCuaTkBt9NYpw zcfvNi?bw*5E;hVJif-ZkHoA;*%OxLe8v zRBQ|Q^js(t~= z=RCEpDYL10sa6Nr8XxC%nQlS8Da5RrNckoD71-8m7rgkZGiY`OH9W&_EA{Ur6#=ug zZ`fTEtRJZkr~Oh0*SxQJyW7(9jDz;$%5_2mean>)WC_&uYk!8_8#<1&GfudBo1|ub|dII@Hj+&+B@@iqzSXiz>`L1 zv)X!>tI4}&Dh8n1e4)tB46)FjVGS9{m>YyMoxuwqlY!~Etl(Es%*~S^P)juGU;&$W zGcS-^ipQVKTp5?+?Mp7w)_nF6p?c;mJ9~R%D3w;0U#->r8=2!|CE3 zrqeszCiRV@p26_}BP37q(HD?e`92J&SB%Cg)mf!z(BH6;46^1|OcIC`Vvg?_l$}Gn zj<&{IxAx!kk#@569GmLaadS$6#YpuI>g0HNjp8_&j#M9O(f1J8HLX05m+LA9DWIb| z*0Z-()fMBK)cE}jbPrUKfzDFr16Xv(-|-Qq;3FY^e#lOowyy@iNk`|1bScz?Bpc(G z;M%?&8_?0)*>m1NpOP?yR)w9=H~?|$#e zA0{4GYluXppN-_nP=IF=Ui?G?L?I)6hV_7}` zpMHfcWEt}$l~7OSR1EdggXUm@HycF;94~J;8s}>RSZzLmn#EPN^$O$=4Z!7lWYvV{ zL-J4r)Rrkpcc1JzQ*4HBHQhM9%CB@EHZOBKtb)Vd;YQ_he!h}c92gej;%Ts2kK_60}cQO!J zxN$@iQBWM{;koqRNgx5HQ}-$Mlb?R7df9Bcm(gplqggCM?6?H2q#ef-B27xBbDq^P z-*!-OLYQk(!UJuxaPtmqy)6?!0{}CMNI`5%pWn~F&a+x$7L#8(y|e$>G=r_CG;J|b z?`qjK;WUo&9P0@x+iRdz#o7MX)xnU-P>-Fy3HRqEEJOX)-oDKuAxxb5i=~t2!?dRx zVDopM_H^J7v_9*Kpp>Uqf;}Mx)n8Hr z%dhaojOYLYaaS!P6_379$72uPbwLYs`Iny7gxLvtuELQV@!le1-|g+`B1RNwY_o#2 za1l$eGjKw&*9biDX69|%AhF|HtncvCG*jwf+_X|LvW`Kk>?`tP62l6u)0>|?!2ro1 z6|nJc7DC`w-;VdjwRbWyl>4#~VEOg|orLv-i*qv2uW!HbXfX*=!bNeBWM+$>)Ffw> zvpu;P!i+wor1SAOs(}G~roL^Z55Im|NCt=KXN~K8xQNyBp{xKw$a$u==^3DE*DGfg zaF&OA&iAA9{|eCmxD*fMbbvIETg#;5s?ne$>2Y7EzaMfyF$xIR&PHI@d9NR4v>rdE zCn4M}WPnK1JJlEd62dFi`9=G5s97JLUI>%=5X$)H)e>5o&*CF(>PRq+`tG#c#bVUS9ipvboIn z^}w|klII<7GNrwJ1UiD5;Bvb}>t)u*%PK?37=82mrM77bF_|)Q;$~J^zOBbUMM!)7 zhw}t7sg5QY8u{JX8`YdE-4&Rfy=y8CdgF#456S=HW^%(r=1$UsuW8nU+`HGutpake zJB$+w28K0cV#;CF9yI8s+214opDS7$438*3kb_C_lCHK#Y zELk@Vp!eKB$mjY*Xqkk1LL-HWl6mkNWBTJ;s)LOC=0N1*fqKmF|AmJ_=jDsbVm5whTy2sGZVMo34V2VJz zo=>vv7l3Md3r)@yV&eSS7Z=ZW)dV1IX7c^eVCAR~CR390Jr0b8<7trv*UHPm1iYw( zgK2V9f#@ddt+DaqDz2b=?toRkgffvNAl~ z8qyo>qW2MKGF!8rs>Wi`KG(8D$I9)`(w91TI)jJb33ewoR_cuR76gdK<**r3KFECqZC?iw&5K29%<}8^6_zY0 zx1T2bp6D!a$QdOS$u<*bi22(J>@xz=yi1!EU9ugM04wNj4<_~GHLov%TTSs<2vQiV zn9dB8{YbJ(XgXd$Mi=^fy=J|YbP@l0-UmXb@fJJD!z3FHycz!-1)bxmKBoWg=n14f z^}oAL2q^6WgZwvW3U_0r?^P&iOK(=MO9HCbO;`#w(;M}SuN;~Zt>{!u@SbF>L$xlt zl^tDWSQfw5&~ZoqO>R@gz;~pcWTZn5epG>s1(^t3WBd}po91!fsvVsnqN%&z3|Euc-Q~Nidw1(?dnK5^yL{f5^ncs{uoDaehk$&hcBx#q#qbc;|L#Sj z2=WHkn8d5Z%0yf6ZR}BPeG)3Y=A~m#`R*>^?0UZ}7y@?q^-*6KHEWM~_1T99VUlw9=S#~vFbSX2Y5k3IgWp4X)-vg`p* zLDmmxe{#rHJiM$}8J3jXjy77HUJcdNK=+4m<0@*`Or` z02CnGW4rgNh1tnHCBgP&;2LJ{X$1h*h=G9%e2pRjP?M>m*H`zL9#3jT_O5+XT~KyK zqKSED?}Y{#&0_gKXG`ug+!ZMpdJ|^1=en!#Y96+zKDXweTQk6TZ03TGp<134pgE8@ zkLr>$G?Mo23Nm>~pwl8|kh{lT{n}T(r>_GB<=K4pGT53Q2cW!;>V#{?2R(K}#!}ME zbHp^EP1SD|6Erf9v{LO~Us>v8tTxciZHQ7fT(h?k{cHfY6;s{4bFmz5l%fOBfX4Je z76omvoExYCdVPn!8_Vzyu$-^j$wnDUqpRj;ZVg0~X~l3*XfS$oHP}_jfh2wXZ}{{V z%vWl~x4nOu@EP+AK=ZO8CoQa?*@)|Gi2$8h1~Xs%yzgDjTf~QUq&1LM9oS|kiXFTz z35(;8Pp1ho=wJQh_1Np`Mpms(V2YCp%r>x8nKHacG)Kb$ACr(vfrseM=Re&4Sj&Qx zoc3g7chTb`VP-yFlnE9(Rgg1extGS0gftRRe`U?s+^?3X1`$*J!s^MJZUy6B3t^|9 zNnrj4`YU8$#>HsC36WiI(+U_(XJktM54h+xxviL$vE@%tpR5GiEeW_eguak7e=fn6 zjq=d&41tIRU|m5A-huf$zXoOU$3|MB@4K$U8wwJPfUaH%%c}aM%chp4A|zqy`c_UX z6JB+RG`9{ZTH7x^3v!|vi4|(|k2V27Yd%Jl^dMqUtxgwO^-`SSllKNd*)YO5rpPB8 z$lH!rq#RMASck`LPsGe?BJSpfYI?vm&6 zDsF(Dd-B0TQxCS3WWgxP8N{e zVh~5Ilxj>ubYbEn4QDY}@Am6fOh=W;sAY1_6Po56qzvBYVa&+Vb#D^iF+{k!xymk1 zYjpt_z#W#MrlM{v!j5jtoV+~n=`Qj`;g+soNe-{4rRd9Hk>-{xtf^Cq`B1Rmrd|pK z2e4#TaiLn{qH*DUavfa!3c*qAN`+$;_iW97&)XbsZglyTG`@k`^W6e(G*4r)+`(&{ zv}pUav4^n6hR?Ccn16<;6BK9*Ut1Nx8#)M5FV_T)b`X;Hci*Ev=eAEUhGwDvfE~9Bv|Sz1$7UjW8QEp!M^=$YQ^rS@RKAC&zr%OwXZa7sG3|G z!w!zOv1|^3eMV($0ld3!h&JviYs;~%$8b5m$Am1W6w!SUo3hQh+Ni6w5`WWF6x8>jM)i_F za(WeJmOYH&D`zt|DhDzkC{VxlZ(MZU3Jiq|;O9RU?+hj1Sr=k8|EyR3Ua(tm=m|^C z%$aLBR54C?4pu1!dV&d#luB=5cKO$3?j*8_>J!yPHZ&){-0-Ix>5PU zFJV8529IXAY;y)WyBF1;btH<#*bVDsEQJQ1vphFDGLGnf0E%AID;rT;OI{LudAlEk z1l7N1i8DV2>K=etx2VJD=V%t6*khhE*}x}e=lPlPmaKCu#z!;u^GwZu>>Gdtwp0H5 zz7AJwndGyo+P^P0{Ewo}|FGl2gjgMGo3L8|{TJRcIeJc}bshp37#c3Vv%CNeSn!c7 zAQ4zw?Cjkawi5L#F};n`(-vP)->)#)?&t35LsBaKapg=qw&j$I7|og{ru+TGwVGAp zvy^xCF*V~HkkK>f-kmI6a#j(vgx-V!@$X$Gd9 zz55H7{&LG*{aa}bG5oAKn~o_BDXOjOr_EbD=+J3+w0$bTnUD|MgMfon?FPQ_80e<~ zNXmY4z#{)3yH3#dLbyultp!eQ3@X0l7qQbfN^9c=MgLT`d}&iu$g!sPQ@Me>96k0< zEkSCISDN1_>08yZdM%y$U|AiDfLgN`zfHSz(Ja61k@8`=P0P4?kwVtNQI=4|)Z-gH z_PeHsPk-Sot4BuS{tHT5!)OPWU_9p_vf?H6QTH@PIxFh=D!)9m9PmzTO! zK_2#g1|rhLyjvN(x=o<&(Z8wK1+S|i>(A0w*b{+O71gqk zm(>9`NM;H`LV!uv$d?^NE&Ft(`-vV68R+InS@Kj?Okhu%Iz;owFex+L?5vxCF9Vjh z+=E|_or4p{<}H#DGM@WMz6EyoLeim;iBF9i#vM6+b$na8C&2xs%@qBj zuP9$Vf01#}z~|FXbpb*BEq4$bWS3#Lx{UA-L3;TQmxh@k2z`T(C#SE0Zc+6bm9P3# zrcbm7uy&u<2-W> ze%5U(S^oq>vdxfpcXHSq@5rd4$pXbKnufI8K1w@wKXq5!FsXDJdvz}ws?;~OQly}kQ3hU4Jf8xUVh5} z|EDsYUkW;@q*F#hvm3PuJ@~Wt=$k?Ew|mB14X!eeA4@Q+US4w4p}{f4XI1YWTot4r zGwqxY{kd7&WodGJpy9upacs{@2PxgPP`w_kAX zQZtTCJ*Et$oMIXHS74pP3c0enj(TXa>+cz0x~8pL-m(`E&cVPbU{Z3uh-LRzk|L!#EgF{Ms>_U6vOddoB{&=P(T zeB5J=uMt~alAZkOEx~ItC|a7pi@uAlvd(2bBkMO)AId{;ty(3F%CKASZ`}%)_86a* zeDR6Cwbu4085e(zm^pV~nJr+N9;d~al_d!+T*^GnfPBby?;&GvNg=Xp_oLq)xb`l0 zzpwWk+WW2)?QhDWDVWyfZC=m;1KF25skBvwl&d64!M*BiOhM#s~D1O7fenTmK7{g{t6i!n;>O|yV-hd3g3XrY{s_S5(bjc7nw7M=4Rs^w zc};bsg#_=#TJ(gnrw;h{4aqchj8WH0WGyd`8|RJ(@4zEd6PbX$TDR2u8^f}P`W@{2 zA6(n~zm9GQSK%it7Knh^_5T*+e9WHhl+mh~)QAI}fmk?FC)pm?jae~y-MT_SDn*sB zz)$k*eFX9#kx!zTKRO?G9)AfObsbfE&?C0$S_P2PAnL_jww>2zKm7oRlj`?@l4@Ju zdIkDo|3N{p0tm2v@XLU5NBUW7KWwfOTvFys_Ad;1aqx8A{7BZt@OXC-$3Ahl8)Z9q z0Kac$wIZJQPqo~9MhC)9M2AALzym>j2H<(Jc9|&7f2q_yqxz%4)dL)GCuy!wrouWv zjLQx4Rc+IYLjBS*6qPxQg8FFD4cq&VLM@K>XP>*?b;=X?nbSP_Hw47iTOtn;qygsj z98ZEV-Ba#n8oM~OdBw%ydK-=rFB~cEbvxOAW;8p+#O_B7OgvthRZ})yDJ*#49+#-T z?Q~^VZ8j240ex0(6~Ll9b-$7i8s|`!12HyV*t%tGchOd{GpnDvi&JiPlTxlxo6o{@ zNOBElxtVhc_EM+I;o_uBQ8dj7Q{(!Or9z6XCq4kgKU9D!u;D83k{g|axhzPi`o*pG984Zc>(?!s$Tz$JYlf5i#_IEorm|I0YSn>3dvvH^98Pew6JPI4LY{7LuILm z*;+r@xjy;zrjC2fu`K3AXQjp#r9hw2*i(j6#CPGU%;Eub2|fYt{vNznaGZn@!3$KT zsIYEdmR48x$P`U2>sAORP$w3V9{9(i$-pF5FunGmUJv!h98iEPBx)m56E$5T*4FDyh}x6r%}?6lhl(S<SXPG;9$wH|{Xb4VmZkqO= zNian-w=DOAnbEQe597B|_8hFqf(1^|)-8Vs74C>qFr}O!UQZckqWig7!Z?rzVP-NRa=+XaEUQ)dE3|#xR6_D&#nWM#fDTCBtL=6MT=s(;03n~o+5h7U+TbVxTWc1t$C^*YMGtxt#VA@F~z1aT4%V& zjkP7&U&PdpB}J*0?(5izTN1r&=d$`2cE45(uG(NtDMwy;r(<;$yA!YPSko-A`s>d6 zSTyvRwwBaGm*k%_I3{3g_?&HxVY@cqW}nyTS73Tkd87AZ-y1VN{faiNd~p&Ws$syQ zltA7&GxHNNSnw7$=vbmy+~FSDI+Ato`QDg$=ep1ai{@@74s4NV2j7`hoR3G2Ym4(j zM?)9wZzrJa#14*`s85Qe%uC!)nt(Ry0gXA! z-Gt?p7qFX0TNSC|ivWOecOU+tfie2WAEF&Rhrxex+2SkTnj{hKe`^@jW+E8=3VfMs zK?n-n-vAcvhch)mzsV_b-TtTUo02x5egC6j;v%9??=#>C+9KE;Y}(a5L!HtkE957{|T67#ha7;M$W2hmp^3+W)dIB{LZ)joW=&;&t(>j#59~(PpWHKL2D6tg>D=e<;3MHdgC(n?M(d{o~sbWhR&el* zHo8HlOC$Xx5x5;Oez^@&s)!8Z4U!YFnf`iemS&iP_%KhJfg2zcxf3RvGyV)$)FRTn zH<~S;G)BzaHszV*PG3vGlezMS@w8Cr5Pi+DJ2jZ2G4Gv^><$7+fkz4m}kK&D6I zC|_yWU^K=iCPCZy^ZkcTEbeWL{$7Dk8K3%GlprZT&$AKGN&Ne*Qls%VNbHt4dhw@B z#U+OsjxEK_vxmBZ77%!Vm34^xE)P7z%t|Zuun)nF^cgLCoX1Azun1cgQIJ*f6M&#R zqxtB^Qfxf3LTJT#@0cv>+aPX?FDi^a0Is+jSHD`b)_qA}m?PZOoRoJm#qtAKNxFWo z$TlpRX`p(f_Rb3LR1#2|_2H75pj@baIpg%KOe};WX6polW6M~a8r4rVON$)ZtB1tX zMhwDom;$UvY$r@S3h5CYDl}~;@!*)eTBre2tBr6OKc#M&fzRV%C%ct{FIwATvPh`m zna)qihvK6|sf9}&E7L5G8~$3LUqWc4a|$!E3%WOiMdj9Bjey$G*A|;wd8C*}IjNXi z`AixkSlKr|dwoHtC~~h^S7j7QQUD6D)!X-RA4`JC982A627busu&PK_$1o zR}jSWY8|?r-8EEpWb1sG(u*mly&HhSNkHDjdsZGQ1}(g4aH1Wap)g4N=$8$kpQE%z z^`T)j^dyk$x!nEPq%D(PZb=7?<6ML{FCcZJ?krJrbv|37w%zL_P;8k$Dnu<~#&Fxi> z8Ke+>c|0*6`0S7QcYuG-gQX}<8`IcnZY}DzmSnKL{vKQ7?OEC3uiK>*_9Yh#47w2U zuR)vSkI+tIeEjVT=~2DABjMf9{UCUXhMCD#fJA^4tTp>t5y8XL8+am=@wQVzl{)Z&(btHJ3IQdma~+e)SFe4%bpEt;3N(4#?b8ax^FdX)v9Ao z_(xLC z&o;`0qV3E|C}Sey>|^7Qo2_LB<0{4 zzkg(KonTlwxVIH3!Ah!bkWiL(CP3T;I=lSfIXDDa9V5g_c}CNINB$dK^zZxR{zVJ< z?=mmH8KVs-p_VZK8U$R}O@5Ma59s2;56ODqL(*~C_vD@7VV6ZT&C!8|<=&iZ8RteP z(_Y6Z6L4yN9`EY~=ooO*VQ6+NKjldDU4)?sklsNgKVqOS8_=Y( zdlpJ<5+K)cq7Z`(YN)CEfu!$IO>ABP%#uR5@C{GRp82;A(a10J#W#t^Ohe~Q)v%(x3K3szh2g-0+(82{ZvOj z_trKqJx%uz#bpvM`X-eqdeDssm9lAKGryqPad2(B>tfP*$>X2J4Zbf!AMX6>JH}az zNJ;0aG|E=uhJz$#z73PkcjEJ2Sbt&nMW^Da^?aW0w;{R^5U)D;`3rD|P2=^IrCV%e}A$Q8XZYR(My}a_-*oeMS zuJo`TyJ{@+cZSCys(==zZ;H=5e!H~k^~8Vi4@2T{yuT3$IFq7vxcEH>a>)4W>vi1R z*X+lSxE@*-7R|#(AIUkktFREdahO8QE87nJ&W_`!@L0n3)%5 zy4Eaa(!cA)HjT0IVROU!qv4-7vo;;J$C4ghsjTpj7RVHG9S!-(#LN;5Pqo8 zrRirS9ny}GUsYz>-l5j&z=xDij+%C%XxOLehz3BhOG>U z;54Gci6q=R5&&`4gzgxNb@M^o8qh83kKibQnhQdkT*v-*nySJ`HOP2E^h&_Jj-4`jv}F{fr9bcN@?wD)FNd!!JzVs%txzqUdM$IQs| zguC(S{EuR^2WwFc+MUu0OgZT+zL%@Xo}i}s8e#LC^aG}2VOE+`cGsU zOq6x>inKqs%3zhuc&IqCC3fYyAGi$>-I zlz$$+7=|2lRp1xg0P;qJjD&ss!K+w5H$StSEG0j_3j10=)%lKBVT@Cp0C zKMw_e-D{$LoK^RflFO{;Jzpt+7fC^Li}@ryrTm};o_$P03U=i$Y3{s{vZpJoZEy|b zt+Wxz9uGQE8W&4D?K_Q>vS)Fm2VVO1-jr61?SNzwh^vFrvxA z)At?T2>Ag9`)D_1BJAPl;&h!eO6&mE1O7SfXsBV_X-_5jib^`UDfQYni#hi?(c0IK zvtAR+^VYtmwY;qXBUbv-+AdCkL~9toQv5&dU1wO6*|x@Gok0wu!iY=|L=XY#FbW|8 zf-;VTB2oo|D81J}AafK5RhnQVkkBML3P=-_5+#7NfCMFUL?K8g35FJu^Cd8If82A< zbMNzJ8_4&1l2Ta z|G=6VvinH8XeL~<$kvpj_Ifetar5E=I;GdtX2Cs&USxfkIpZico@65H} zUynUe*6rNDJH|z+eNky2%oam`Q=~X|&6Ae}v~Gpm=^L|GV?vZLDiFDxAAh(r!}kqtn~Y_z(07_^GR#2+v`cq&@TBHq34&~RxOB`ygw z)TUVNg$?rNhkIp!!UCc0V-5$RRA-xFk}oq#6Sb27O_+v-7tWu`4d1jclS(T8a4{uz zUx2UArfjVATx7GmXurvK*2#|CqBsl3c6#CHoy_32AHV(N{QAn11_zne0Y608^Rhxs zx0__a7cNd9L14^dfaO#iBYw$08h%=**mhp3G$`Cssk;EF@iI}fmm4K~A&ntSpWfeZ z=$}2vHMWZV$!dWA#xn8*pl0Bu`zK8ueg6Knq@?x!MsAe^Y_(&(uyjDbo}N4QVi>Zz z8`q`1L?hjDS_HP+D-%?@v}&>NSa)N#m`(cwa27S+Rn!^r3>#kB;`XFf zGw9sMTJ%dw$VppVj6_b39vAff*ciw#*^*-9mPe3*OT)p1-A|fgxXIav@~^7eQ)s+w z%V!Qy&CS~m1Ox*A3|0Og`JsP(9q^YC2W_At9sQLKz--DFf+@B#0IOZi=!*zr-hTqR z69JfUv~c~bin6|=A-l~VhU2$J7XUw}lNWCdM%GkACR8IwLI-B}0h0iD(5ea9@zzLW zA?DQqP;E(S8|(e_*oK9jF97tIS);!^fmhQLKQ#RJE@RZwlWFXS?`KXxOKgfviwdvI z$Vsde+D+A_+X@c8^p7;DdXmk3SmercIiUD;!o8{f;Jm)=oEgHnS{Q3I(j30bvaEEa zjVZ#2*RrOr!aiFznnIB_iWT)g+15vD%@%qrUokYAqN?>&RK ze-}e!@#YgyR3ux*uABUp8%=SJyN36CbR(;<^BnyLrt_|j=}(GkKC%0!CZf~A1_HTj zr*=m*)}K3+rtGEb_)d;5z4jRlamVx&yx99$5vdi(s5YE$+RZXKENIl<`H{5kAaC1o zYF&v^ov~Lu=vJA56|z)}c^}?O8|}vH!;K%up74Kg3_Y) z+!EAT;ss9ve&gU%T~{exg?8}(BN>zpd!WCR7lI7dnBN6pTC07(9A0ZT!GSy*p;b}H$ZIzKO+K&_0;-c zVEP(jVAAkJ+us5cio4ZjlZxG}eAQ+{N-N&h}0zT*`(>PsmG>oM`prr z4I(Z45!nlqp!J=ap1F53rU-k+Hsw zIv+n{H7O=%7!6n$x4^uUj77_TgC3t#AM*};+~vw7Ed#}5<9+l=yE*$ zJg$c~LSYUtu4)88iB!>$mpVCKw_fGnlYS!76^5Z+m*2Hk%|N~16@WAUjyE>T9hyw# zGUexBKgx31-x$K>38w`$*Bog2c2^m9p7p2RtX6mJErnP1N;a>(?(;mXoFVxgMaF+z zsU*;McEuE+ypc^yG+<%n9Ir)Y)88~94{|9z_1%a)-_fM9h@PiCLmJiS4@5%0KWGcM z_o^L)X%wMAV;AV{!f#~Pr#EG-!7GD2!ZQqJb>GX zM-u$hFa!RCzrilW4l?%n`#Kp@3IC_Afl{fcS7X0E9oXH#3E2^ELTD1xkZQ76xiZw zB1*n>6Do*S6&}iPMIB%tffHQ1IV$-51`FyvspKS&I%g=;UDWcqctOCbu#wgxKn+^o zYBLjk)yS*c>iN@1O&>kjM zo1Nq}>sb!)#~2nt!C!no46E{&?on$_?)sY0a_7V!IRT#d)oyW5Hdf}1IR=%Y(J?eP zhk<@~8`HxHbVvUq?Xe5`#B$y%!!=Aj6kw#N2s^h*(EPfyIdYyTB%wMnK{Jdl_SmR0)&YjG1}e-6a1L|)meO~3 z_VUs&>dLCZR&C^!Wo${50?uoIKOD7u}m+zCp*e!$Cv8bSAeT zZ3LMH##B~#!M^&bmjuF5?u>MMnfa00cj2n$K{!W* z=cskY7<|O&i6~j!=iJiq(Z(sXqjsqbw=QTSbw?Ok^`>^$=6FGd!!#bT_yf}*B6W)- z_PNE^Y}M;V7aBaqP*IMM#$@e zCV1a9sj36fP5>1fDNjTqEL@#Y~sC|_IZNKM%Y9`zxQu{W%7=CgnEYg^1<( zclA-HaWWB}{L_FMTAecZo=}lqE6bJL6~O5!d{q3Q-F%(k^o9ocO(Yi`82<=Y1F^EZ z)D@MN7eV6|q3t*in^yFzKH7S!6Z+)YZlCr0=B?+PW>+QQUFZ*fixE}t*yCoCgOzSn zv-Q_W>^`j)X{P4_TVV#a(HGQLR?!2<1@YVwOg%;fMA*fy?SdJ+xO92&>%<>fAWa!h zQ2Mw`?>cC2)e(qH!n)s4+8n+wL=djGVwP~vAh5W~{qA*we~pa=<}Q2S-l0)-augGz zBzBtJ{`N)Ex-c%MI(@z6Eb<3HcG->U=ZpdEO(M*ISuT!VuZBmZB4=&}B{|(4U-xE7 z`jm(8+VLTvMTJ`>Gc*Mi6FAq>*uhzGO0Q{ibY0+mnKumeEVuoOAxw1(~>-U)rN6M{yRn>f7zN5yY6OoXm6p_%)2 zWfSLv`}xPH9Z*KTyM`nkkz38b+TJ0M`VYwl{j+nN*PDM&H^+}G{(Ug;UnBfw^M3jerlwFKp|%2`pa+^o#~d zJGv$Q`aOVazq-(ito&BuyYb@={UEhkm=<$qRaNH(V?(=fhp+o>FwfQxdgTqr%D4$N zBHP5hwWW74Vp(79O&ph1x7qMYOXa!}aWcv>ZQC^f0=1>xD&v0|`2=9diJ3dCtLA;+ zB>%}~ZXGfq$5f_!vv}Si;BcI%{;zr-xMM-!##bF8lMC_#@4B}>*xtZ<&cw*{QmMhM Gd;b7$VlAWq diff --git a/images/web_console_4.png b/images/web_console_4.png deleted file mode 100644 index 01032d20528ee8bf8b45421e3b4e1aa68e86db1c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 27817 zcmd?Rc~Db%yDp0Dr?kzaO)Drvv{g_+0@xVFq-|8R5pZM>NDK(5%ww36w5@`OkX9x! z3@WXt3}KKd0iuLK2oMp0AcPnoj3FTb5<;f4pufFq-&1w(J*Vo_zJFY*QY$O9lJy(j z;d!6;S)`nIc2N6a&kssUN@{1%oV=){wB?MF(s%OjzXLv5{BlzhIBbf%=WjY*Y=#?8I6bu3em2|J`senTpW1)h`?1n6{aB2k`|QL_zu6^7yxJB{5i1LT?;HWAsl{)4Vq?w!;RqsEl2F zQ(Vw>c65(}q?!F?^x=f?Y2*(kteJ3Mt}Vf;_?yM_PmNP~f4-E6pCtN?NAoZu(vkx( z<8RFnl{lmZ@J{2$e-5Vq%ZG{|kP1(NygdiAl0#lx!itAriJ}ZF#~Tb?=>a!Ndcspc z<8uK}X=syRN#S9<2wdzx2HZ;N_2lCUMHwMc?1+$NVVAp@(vm`13P`++!!W7XWyI`T zxm~EZH3I?4S!KN}ZWgm)Yb4*n0Ic8+L0U!@wqd2XW&s;KUA9R{>5o)~B?miS2bcAL zn-<9!7D4f)SiUTQuX01Bt(s(+ri-*N-GnI~frU@cBVu`wQ!MgoQ>f%ip?C}|9d*IZ z-b3*F?0|87iRiCT2y$M`!9-e^`nrfuc1&Wlvj$d0>z3q zSpK{NAuYfj-z6VKtXAGgC>+_Wr1a}fh^hoE@9H2g4q=b{CTkO6CZ11{=jVX|)io~5 z6ysDE>nbln zwn=WR(B!SSD22CdRZYs1e$A18BujxCJvt<2N+pV(9E7|EOkNHo$j6y+Y%R=G7Fp~D zl}sxbIfe3CEsTOUlPxVLB(R#8Kd}`r5fZi+0}7LTnTLyx(xeyRz*>E~{f-<2dRBq+ zQNW}iMM{4#IUpC`aF&i`O)CV&*kwsOGh5V>fSEQ_wC2-f%Q&(C0$pn$F9VaDq99i3 zE{VWqx->5${R&7_A_$iUSld zf}BDY&4Fd2LU~^?T#l6^5NksUFj)4UygUn&*%c~s6`~vrI|nXH#)=|AvM}T0m==YA z!Ib5~Bpngak|=a-K^kNT!VG%ZmqbmGv_M@&N10X4qe07l`>WZmbr-U2pEe$Ev70ZP z&CXr$$J+YW&A)OoSWeX~2hkP+^a<5nt1h^G>}-G1PnR?tdtFtOlp1%9Ux|}P^~w+O zG-;t2GwpgP0CU#RyE94p2@lL+IB&V5&hl%ZZT>}fp9Ld!Dt1KUQ;oaiY z3eN)})y-d5cIt!cs?xarCHQ6GlG3{$2_s9zkwS2sA{NuPNIg8jIKV+9&fx)HR4h3%MI?-jf`To9 z6eEC3fW+g9H5gg21OgmKx*6O!ee@uM`ciTw4m;O`SZyFL&M|=t<=;RUz`2(w%XN*b za%NV^NWdeE*6eq@$*=w@QEo2Etk^pPw@nO9hU%Y0L=<%djsjy2e;>&ps@HMKvy5cR z!$;L4Q;Whc>nM;$442dkxP+<(M`fxS;9|jcqexIeVWxC>dL%NV0?X296yF2Ff+2QB zF^2w0p`idm)dCL9S12@KqMU*_z63L5SRh@ioFh?zD5wcrQpivUF+tHqP)HPC9Tjsn zUCZ1hsYu%E#duWSqi%4e-na@XIPI`0SH;D(wsDrVHMy-IergePv%@@DXC+lP*yok! zUadl@%&J|$OI6|$g;ZpFF}~2C z7PF2WN_dW2`fmi1dHFTsm!~0V#k-(SnI0bg(3|0SUx!ql zhvHma>)M=FAa{)C4swK{=v_hhm3C~rs`3cwa(CV5(8=W^o0PsmKTY?*bF)tl!;$1T^ldZoi_-z}!6kjQzQK%NoDO4MG~ob<(FX zfqmx+Gw|n@1NHq^O6E$-L-O#>`geVYv=y^vx~06&$cOVJQgA(+|FN933y5)N8rypd zdxy!BvMF(GAsstH!i37dj7X?U@c21=@<}YUSe|c)kiAr}1`tx4LWv`-ae1@i^LWm* zESUnPku+6uJoBaOI5a;k>EYbZM%V(WWgpX+8rskr^?Tjq^$%x{I!`SxwMUXmOmmyLFR?3n z>$#>pP=ZrvB*Rc5Leo+|Oxjeam`Nr9ry2!{QChcrlz~c|qRG#fhrC#3xWkj5S+B)e z$NBu|O+EPP60zCF*wQ;BzQ%KIrpv!CdLDkvV=3ZS$ED!q5=QyQf9$kRuIEwOpmP#N zYzs?jD8f`mOoYJm*W>aBp-Gy-giVpBpyEx{Y=)<@l2S~{(7-?TinS#l60w~G!ls^VVap~olcY*)T49$vT}9{_!Kr_9RX4r2GG z&s|T6__B}~s4s0Tz(5%}9!qD<{JMB zj{rQn#QzhDwGL1`7TuY48I;U6Xc5oS6@w*YaTjwfuyBpVvr7D)DceHAPPM^S=~NU} zL{KOz)&TV90F`KBry^l1A7-Rr*&JBW&XkC0QU|QGjVGHXwlzz1U@QBvi&@k1CHJ%C z+;4|OzrRm=9+Qbd7dYu~XR@pBB~%|~40tt`2D*EbU-X7cS5(SYzD+%xa57PT_m23s zt)SfbYmGcN#G(V@;mKb<6YWp!2Eqc)?Yy6~xFhUS&l7@ZW-TaD_MjF5B+=2N*eeCF z{Az6H(CCs45lu6P00CYDA?;AisK7-1>-kdzAi#dQuyD1UfM(f+#?4BYazQ^+C?Jc2 z*V8Qkd$9^5>_pMJ%fMEO$3|oZQW5&n=%k7Q2ne4Eaz(_cW9VBucX;)Wdj8G4-WQe^ zKy~&y=V21j#cz+7rIBiaqGWyDcAoQfmBez)DPI+@$RxZoyJ95aB-k;tw01*eoF-)|x{x z09+TeWFVN{&61r`3+77!0r1xCpQk8&;9Qnf(~*NXMvykHh2<)CF*ZfWKO3r z0hvR4Ih&N|QPC@OMnEA}K1{-Sd$SKHnd}nhUx44KP*%E@QK4L~_K3NgZSj3V^Y4s? zX^S65apm06)IS#&8_#FD>we^(5q6jt3&LgtNj4PP7%8#@r-jrA)A^ZvtShh{Nk@2l zH}UtoDZWH1t~c1OJt`SuekHFEu;X)&ke-##AyC%YdyeeD%mkER4eGW-mu(?%;w?=4 zAXp3BCqhr&+at=AUwDk_$y+}EdUX+`-&(BR7p85a6%r*)1`{HgmTNOv`d7BDXbO83yiJqak+ z_Bh2|S;`6Mx#r(vs$axDi4uJp;ugfET+(QY*HBdFA2kl zdtI_NT|O4pICbM=_;^7D_}*?a=@}_6{G3Tbjo0t#+1~h`J>UtG9F&@WPB?egX}QRf z-KyP=_Bb8A`*W=O@eWg~KrL>Y*v!j23*y&4(n~vqecIkI!RC;TOM33aypv>g-T6r< zD=)xYK~HGis^RROwEtFe9dg(?kNXsf7#x7bM}Ds4f5;yKM{Z0eP0cWILLSCdj~uk$ zE@VUFu0P^ZZqIF#jLA&5#@^qs$1p{bY+!__?ll;C`2FVuQcE*-|K7oB-Dz`&4vjPr zdg?~LC&^>*QyJEnK4HOOw!R(ZPBPNm71}JnjsX0jj_bs>6*FV#XYzG$O!{;DYWIN7 zu1I^-RYOo;$3PXmpy=Ht=o?rc43=@C{z{fTf9<*|H;r9)t0RI3sjlE zBFU;y+`7cw;i)X;=uMR>+i|FRRZ^2bHA#OZ&xVYlBj*CAw`w%aag)v7+ZzjPiW-x8 zD!_ggvXGbq!&PH-59%x>3*0mPe9~}uE=FQ4h&GyQ_ef}I_N>>KaF0DV>@!^Qyz#jy zR^?hSByyZ@ZGR3ttgFKyr(BsZ@JDzavVjkpGESC@SL@5tpX+98i|bPWJCka!m1Sm- zy5(1_{%Au#Yb4$e$enNgbvI(Dl{R6NX&zYYN7o=^6K^sGkeFQ0bBJ&Hu8VYre5Ace zUZZcy1-#ELcoZY z|Csz6-IYxm35LxtG{C%Kj(42M+ary7&3Fn=ttiyH4~M+SYnqV%rF<;sqkZmDyd-_{ zl&_L7RoZ)qfIPm-*=|9v8^Ma`3Nt#(pPq6McoKASH?3df%%Gz<~K6J2$tb4uD4e|Szl>v2to zgU|#BSl2#09#Z1Y9Aco#(tM+%GJ6ZS{l16r?r}5u-q*|@mLbz2%)bIHZITwEqa365 z(}NSkrdQ_O$qr8KVXSb=rX)MTnGl7ej)_#n;@I;z!>YyVm$8x}Jd*_Ru*D6`o^a0M zpF>rY>%b5}`md27O3LOdUh&6Kx_Prp3ByCPN?+ZXshD%cyPiB;;*f>&$?*|a!Jy4y zN7r+QVG|F{qZT?_?-VkWIrgrnZloRbc=Z!s8LUU!uxHQ6+_jRn8vESer1 zGV^#P$@&9@D{w8=VMHux-LjhOR8sflyy6U}Rs{UznH0IBP9M@2yq~*^GO*-pi9S$_ zdV+ZrlKX^-;0fP#hPY}|3T(O$M%;Ipr_myPw)=I}s3urgHB38;hRsTCmkm0?(YIOO za0xp+IZ(!)<7S@rX6kkXmvfLEC9|(|3CKKh*t?W!pGm(fkoqCLnD|7p`B02DO(Rug11kxaEi3WKBd9w4p#ime@@H^l$X}Nz zEtO5;(jyVS$m%0LLyeSgS=LroRdvrwDC~e^$rwWep$^vx)}^16iPt7%H3aLXceMj1 z5|U&~&+vPt_^RRgq}NW4s%qE%BQOQr;EAGr5`BaG~C}3f@H6k~h8+#z< zjaN*ts-*s`ly~cBXd3I0;8YUwwIAzE_~76k^$A-@(wlrFD2MGmbC)T+en7@Duayl< zfKp4?(_zayt72p3;9C|Lt*o6xtCJ|{x#PXG`KGF%=22rBkr6r0O6nilF2kh`s9z!# zb_D0?3ZsfVO%k6UAL+qdZ9Za6(rPO>5waVe98Ca6e6FnawM;nB;dIW;-0nsIJ_ ztt#;`a{ZcHqdhEPWzeBIs!lrfp^j1A(N}l!I%}e)>WHIJ%*fBs99WeJ4Da`Spum+9 z7NHi9Tz5niHMbg;55H#V?2uq)ryhV>S|$riP_w{D>n}|;j@7g)dAUuZPK%R*)=oGx zDs~I`mo>92WbYC!-uYAxR3H@2tJhhN|Ewn3{2&SNdEO~tPdA^Uj?M~XWz*vZ3{wMy zISsWd=`aeHXJv~y|h}LD@O9+oq zy=2&e`N@VZdyp*G(Jh84z~#+Cd)z4+OuQKf_qO|*Bc%(`i`YhES5+4b#Z$z;h3qhB zS-n_JMvANt2B@|N3^a}zxjbb9VC?p6M)>f1qWo0*+@9=L|M;cfLdJg6IBGLKA_n}x z?vCxgB(r9Rr69~$r27EdAtHA7yExH}3VaR@ISoL^ED1ZTyjV0=6&5~`;O5Sl*DOw; zX}jVm%U?=OOg$q@7iad9zx0?;lV`01ded1Eag*_U4NqrA@VxxE{=JBmmWl1cQr2BN z2SKZz!LkwkyuPJQvd_Cf)e%xIs%*A)tus8@_G^H$)iK6IzC#3gc(2IQ?)(t?x_9jH z$lKif+q$R8Z5W@tGS<5+52TeJE=w~evEJGEujD$N9;Ema^Jg4IFsRH<|HYWWj0))> zXYBlsjeA-u_O%M_iKll&Iv?P>hfnwo2YEcH9&fVb_*Op2nm-IO7Qu2-{J2qK`Cuef z_h?S#PM2R6&JE8bLPFON#k`ymZxspm<8nV>+lEsSO#@~R?+~iA0y<1<3^}R&)2O$1 zWu73~L2B`GGF1Y*{7Q@6S(3ngYFjhin9)AnW+SUcjNX#}%gT1s)XLcE<=rrXi7A@c z!!P~H@3wmy5=EVyl}dLMc<4>nH&iEF0KlRLj?th)SY2D%L4@4wTBhPA2aU=u++j2( zs@m{OA+-~2<25L0E1XckwexkiQ}4f2O?)5KGlJ_4i5dGgISaK(DpTt|9zGbRG?X0P zGWZCD`%UV_vgCMDwguoOXQmX;Am+AIz+;>6Rw!Z_Cc;b4wJ}c8JBfJWqa9lQH}Rhh zXppea(VD1622rk{ujF`t2Yp<>i=Bu-(nI& zg0%w0mp{U zVYnV!zpNQsS%V+pAvnOYM@0sWx{!taW`wg7 zKX<@6e1?(O)t8%J&_#EDLBow*{s^bcMotQDMpu19M)q%Mi5joJZ60`dXb88@uxxi> z;nLbuJo!9zhYLpUqGHGIy4&3x51z7&IyTTb#_gmmB?LW6{ww zX+Yd^u{}=R)74Vhx?EySoq%~ycMqFomX+o5zIv35eD!T`ut%|5sW?inMP9`yi3P1_ zZVOw$f_fR-Xazm}q+ExZQ7bB7{r!Hu>JhixndSFFuO0s=bJh3~H9osJYY68p3Ua1V zZ`f|J`ojq?x=qYZFiV)pXY@4EVp2T;02rK(tJ;PNSZqhq4hy7F;nk=^vlCHb|v=FaSQX6w@b3!nrIExgZ zSrS14h;y`Jew>u1KJ8PRVk^jS`Ih7R1hW%X4sTw!{3}xh?wJpCCAI2 zzGpJ5xVOJa01mFff+EB(s{@vnL%7={)pzpt4Aw!vQhT;GAoO3eEbq=ktB&OLRK<$W zNnY0yg$O&JiMgeCO{;d+_h3-`G%Au#E5j~y3@0~qD4gNYt>1|2gMV6fMy~f@= zr#(Gr?&ybd9W$u!3*pw)$h8%#G3^nW2fuV2_Pfnyn|@3c0cFwgv7!`55C7=D`XlYS z3=7hxCyq{Njy;HdU=1zv^hbgW2rg?)?jyg8y+{v_7yhK>vqiRMJ(4~_lS6j<6FcNG4Ht6M^vNZcxeVjHuY3UVvAb_Cf##jp()TYb=yD)giNZ-Ao)#9iq z-d82L2>{jnO3(6L6aM4V)wrG>GXS#%bezAiyFJLWsE87s_%!KhUc3-4((vZ`-O;xB?&*@af|+FK-t++YUAOn`o88Q!0Ui)F7OQf z%aYMEP_Uj4_|N0!=C2+;uNio7@CkL#c#6?nNaCGmrGIz-P*N8AlW>H|*3bW55~3F9 zq5XSgyLmuD^ySZ}=rfEEAtK-qeykcV$y&&^$Z^ce!0BO(k!j$?{_pTs5-ladpCu z+N}*8e6!cs1Ia_b1|&t5kURoa6S$^1GhBNAzSd6qs%#*kl)EzAkB(QJ@P!aW?LDnD zYR4(^pA&4}XufVMCI(f~w2r-w97ztVEqkMV4%RCEW{=%Vieqr(<>sZvIgN{!cbfv~ zkdJKgI~GUJAZq@JdPT;FwdB)CwFb!#J+SiB_Q)pv_zfOzlz?Pn z-zQ9H5Rs1C5(uc!An9AU=y})T4`BF`8cz_4dB4SzJGubXK7uOdHeYVu{#nSVOE%|7 zlHYVpPzVW#8XHE7{m(lqy+??Y#-PN|n7=V1gz_15Y?yBd!pol_&x#n_{NcS=4C6A?5G&Iw@zRt)QKE? zZYy6Ec@D_BZYU`U*9#H?YY!48HG4J)_SC>u8ZKj%4+o5<4={8UmpRdj8|UTsp7gCC zM6g8c-J1izpH4C?m@bQ^;JljTgWt`rxI|&C!$&{q6rT6-Is%#%aVMjdlq?T#kUkP? z4z-Y#-<~M`CLPQ7)TPXYjIC-WAjy~T6}YlSR&L47Zqy^i=m5UG#0BN6O$bTJin^1? zol6U~xhj}Tp_pVk2F*LUOgDE6!((!}f<8|Tvqq#EYuTXpYWluG#m8fAp-(txhFkZ$ zxV-Z6ZklZ<3CE(+S&!EP&xIhilg#y%iWULu*?S~MyE_U}a$kA1&j#1F0-91%O04;3 z{>|zVOzH)`gD1xx1+9GH`L)M55s7s^OuNZ;{c=SHP@+#5MFp1UMm2>mP4_2(QWSRS zoqmLD$Iia0z-o^PzfrcJ`~%0l*RClA^HXu2Hl-d+eQjdDM}s=0Z4j`~(qsusDk%}X z>W&=|H_W*7TcR5C&_n)Y@kq>mfNp+o^^fV2kxa5be0X%=yfCimI8yQT2s=&(iCw8J z-<-4J`9sC>Sa}7H`ThMBzKEC~gL!s5x>A{d}i>P^!iZE790;xPwXA_6oKL|S= zJIo(8=rYR<2}i4@;+Da~srkM$2GGcrq_)vd`GcJf%i%S~wbO?dGCdR=h7JEUSHE~c z9``S$Zzr@iO#e*Ru zO&&WWhGPm2SHF7W)qEIMI{Er`-Bv5>O8k<`dmF%bNJ;o_kKE_6>+H{1qXpcJ> zD9?TAv_=uBd)oh(ST}U(&4-k#-kUB33j=vy2muZFk}aOPRdFH%S9XjRvQQG;n37lT zz7V0x_T>9@9@!`-6965Hyd61jb<-63k+AaDwm6DhQzG9K5qsu4rS~^COt3Ur_Nkg- zG*~sjofw6hR>xAm%g~5U*64AZQ`=4N0cBJq4A_)kr?(*096+lv)MzTLi+GOn%4u*% zJFcF3DDo#mRqGbI@-#D!D7JBw|~AT=$Wj+5CW8tI0m{ z6xqOl4Vl%6Bg-};;v~vY`Ctb#_mW||gU{83sLe|6-){621}V+09+@7)*Dw5B_GL=@ zji0O8*`e?)`w)`s8a1Qc@ZSk#`wUQ^7Esx1BRY3F+($&|`u&y6R-U;OKk;QXPS-E@ zit2vb=7H-qKo!OD&S|u|Ng3SZ>eLZt`L7I}DgPzOj)aa1zwZ}UD%0i*K^c@u{;%bQ z+$!nkRdFz!=ZEZlfO?#7^`=hx5EVnIJU|Lwss4R7%e>Ip7?!6dF`ueD7CevnJG|{_k(4-1HWCuKSIuL~%oCpE-({h@Ee!KMQ%-nbW3tUMnChxI|TK0r4EEMDr%UUN(zob-v+SFsnKZdIQ+WNex2 z%mmkwb_p4eW{Yw7C(hmM_!3`jWrQENHywG)g|1ah<6Yh+se=|cX1mO4SQGoVq?FRm+_)%DyRyo;aK>1W?72fdvvPt3*jwB`3BGa#sjDpAs^aB&97wUWVyfr9`-0cu>IVZU zMP+6|otqmfQIzmr{zHRgGN`As0(@epo{bEb*U?R#Z?Ys9wb@M0B(l!hm)DNF(v#`& z9?hc_tz)x`Mi7stOnlzLzy)sKoJ7l$)F6|$VHy~x40F6a^*aSiiFtv(mUq!<>sa8; z$oG<$4j_fQXt!LsSwPPK#V^MmknP_K+ADUs5A<@s{rzum#+3Fv4)7SD{QcxH7*0}@ zCcHd~x{G#2l9LisY$tDwmg9$+FM|Bv@Yc?HWLtFS>0bxRjG{7QTqh;8nL6uP^!2K} z2N9;qSmuhx*h6!Xs(#@1EiII%{$y(xvohYx*>Si@FMRwx;3BC4D=7yqt?UF92zCz4YNG>(xW7MAOrscUMnT@npq}U;W z1m&1aPkom5@Zn+K8^JX`+or0L>U~c!(n7aqW@UOHYj)yVFcQ*ektUK^hCHfbf3w$p zDu|H&`&zmBn~@&*ysBS+LQEvNicvKck&^LQw!5X%G#h{4GwXrLevg9EEW|g|Fgy=L zv7j{Tyyu6c3qX$pF+QL!W|pn(p|#{wwn5Gc3V>_&{ks{94PJROa|!%5r5oSupj2~? zN&imikNkfG0SHPnwoF>8aL)R@OSusuf2LEr+VO+ZA3FCp$_1#Jg5bmv2_5uSN zCG!$7r7j97P{I7F^A7?Z`bQ35xZ#R-*GryXcK(OhLg|lJ|5^P65sC2}Zncc5SakE< zG`9ic*UO)Zv-HiQN&o&f;-vtGOGx`plv`pWE41e?HlABoWC)V|#@(kb>zkm1Q33Ue zk`r~Su{(rHb^ojkpvU>A#?cv+u`6(s%&lZK21o~_I63T4KDK(-aHmNY;R2V@IWO@# z6_z>l5zys2D$E&`N4{C1g4Gf4e zNtavj3BdeN77Q;NVULEcD1I$0jY9Yh*P@?93Gu?BOPTpMN&p zl;iNywm8f4g4+r(TUKmO-(M50c1Xkz$9z^FtuiN`cnNPcWa=Iz9miY1+r3SAd%8^~ zM*HzI4&hxXW)CG*59iGP=2rxzBO?Y)MpKu3>xoA~yB^l%7pBU8NsH{D4x@sFc;$r~ zBBLzj!yJjXo$T#eJNV13;bR|@-@A2&T+Fj%0Deh()c2kn8ab@y4<#Z;F*_f)u7bOh3YzH9@dlcZBAH*2A$(~e(A?~F>F_jOPF z8`}xz=-Na0xg`+esU+?@XXp!DiC?9i!_DHvi&$ZZ2=Q|a?eY-j#gD@1h5sTbd7z=# z2lKI+7a1WH6<@8j*!q>x?`dPm-uO?H=Fxpr-p`hmDsfM^Qw&IPb4;x>%27no{UgZR(r*Q$PNw{V;;b^8FIPgix&qIlcqplt2)g2!ujJ=wM-mXeGRt3>-2=xGLD}9S1tYI{y_RfONIrJ zZ+A=gSC61uYZ@5TN-J8h2gjuxi3gIewb|ccu)DJ55Uh=1AWfg*=ptDa@9qTz&6iP0@B_5QrMX_{^RHL z4kYGhJB+3DQHam-w7jCQ9qBRs&X6X&{S|L zl_V%zt-7AIfq#G`1gIV>R`Py14ds|Zez<#Qf2L*A+Edoi2tp!3lm$9w)BKAQ{Ne?^Gu69gV3ss zZp=XlCd#F^?X_;k?CLy`zjO+pQGqJFBuB z+@|{Mk36zxXKn@WzZR5OB{vF2dL~Z#FN{9Q}z*p8K zZ?AyHbe%Q?=fO5_S~|x*#vRv`l$4+_lnfA70zgoqMxwL~M?O~UtV$cWqtp1SRs1-Z zhD#10nQk=U2NJC;p>NbfU*L+4)a?;+7k5b(FZ3eq8`3+?8H9f|CM>_RX3S)-H?j7) zYz@=)h4|6nckS+sn&+j~uhgf6=!Dm4mluF2v-_=@D9fo))K;lHzOL9Qrn*I2IEplR zWN&*Fiz(2&bLdjJAHAfr(+&l6Ly+v}5Uccg6;);IXe!-DG&@+4GQ8(O_)HwyhnV8- z1YyUjO-Sz*Ipyu#4=y2oXyR7%Pe`&FYAM<#w(3aQ9_M=L^?Zf$FiVyJ*ggl4nhLZ8&^1ZMuc^ zW^tx=LJIWZsqORkR;>`@QM8m~9cP67GR(x)=G+2Czb-t2-k%oIuz2rl5JYlQ{C0)| z|0!W>gI}!PU{mwQvmHP)o%2W+V&>hs{4Aew^1@&QD`YHoy$f8-mc`t1XU%<2xh|-w zvnf5sbIv$CzuuRR&`R$(7Gi+u-BJs}m$cu(54jX@t9|Re)a$iII^PVL=_VENjZu+P zS38gc!%pYCF;&jYqLy-!*EUJjwK~Fc^5@_Kq0o_{&PgO|!p|U3TO_!lW~hGI!#fmx z+wq)oc82g~SXKKY_R5&$*lL3+(rN6LwsSd)v*^k$aMlBr_p7LO%-#UM>R@p~3gknW z75OfM3>uT&o4%>O{3DMeNX`F265E^7^%M}2?73P=zeOit4HK)v&VKM<=-rbYtNe6b zEQn;j_;*)6JR?Lq1Drc;qe98_BS5S8C_(Z5&a;#rx6RSI^a3a2oZXPj5r!y5W_eI+ zk8y_;W(=CX2r#ce>8FW=J<#J|+Uyl->HUQYEjNVZdB=Lb?8eBPK`!U4_AS z86_E#S!I&gnhIY{U0{rs|uBn;MojPFK7Iy2y*>H*hj#GY>JGpU{G?QQ!K)mWn9 zE^3lX(7LR+>=k`n$$@_ujsd+bcRE~uUr)XQ)eJ(8GH2c`1~ zvUJJyduB>Q00j5ORQ6Qh4D-&6SB|$+tA>3#v;Kc8pD1wTp)9i$4_Ne6|_$%ux|xtF7pK(QEsb7hk0UwalrU?FwE#JYj=Rd6P|aC*W^ zhq8|oxS_seoTh{A)>b=+v_;rrR!4#KQ&GqM*+PcE;|SscC*ilJP;j>4`+C;0RfPDR zwZ~#b!|ZoRpuh8LZcXO=e8*oIgAZx6ICM`B;x+reAzA&6;`@UEJbJ1RZLcVGC{Y$B zIMoTLhvu^eUw;UJLzD7RPjqxnTY@N-i;Wn)0Fm`MmvwuGF0XeV4fXMUYJMztpS3Ib zY<^*R^qdqi&h9`??{R(|UG>Ue@rQBGt{KRVz|@+Uc}|@^ zP1!1X2rU?uC0czOZU7h#SB==6R$nnpK&fZw?3(MI{+m|=ztg%YOj{!g&SQV*&WLH5 z0@l1itGXW@12IGqv;2gkhU-#H??=pGww9-ggr^YFPrn*k6fL~qxARW%wn@$pZtvG1 z+Y%H`9N*%y+Hq~*!DZaxYN|HTu!S%hV^z`Jy8zL04PNlyD*PJaY=ok%^YDg9#hQGm z4W*;k+ZLo5H)&Y-9^7FnJA(0QN?hmP-getn)^4{cAQQ3TEq7TBvsY;~j7wjeq;fd< zPwtzwTd~pGT`o0@o)xPO*}aLzn{1wi?^500S-Fz2R)T5|)yU5Iso~E~r=(MY+=y89 zw1b1mzt}=@GWA`54D^t&;}{pdV!rFWqDHDlGc9qlPI zd#I9E)1Z~1r5PalIZu1i13w)Zp=)CMxOynPBm@l!e8^e`_GA9TPK{Ep@u%4dO_ld3 z>rC`2{is`N_%Z&{aL3e?c1$6V(_g<<^{p-I>tk6%ohZstmuO@2^5;}WX&A8jtk%6? zs0UuVDJrUq60)VxBbUYLtD=B=CNA zDp7~I_mI)y>XutZ`uAi)RD**dK>1Uy?n?TcSJ@2+yt0PgR5A9Ub zEH3=qq3PpBl>NwFakVXrDLi%V^o90MgxPD*PrZHB{^bS%?3jqLz3N~1SCiZZbX=$t z-vva2)guU6l)TbO4*YJ}32u0z>Kv%E8ca&{Wb|D1rAH<=oJ4gLsPA)bZ|4!le4`1p zb;-Ckh!ocZ0dN%@YO=Od7mS_ePVN;}lROvf{&9o58*Z?+uU8qgwt2W`-d}{uLi#mK zt|x78O8efDywYmX>wcAo+kPn^b>2mG%}OS}$`YqI4cb{{Zsh%G5$_n;gt`>&-Y8|k zjH$84$~{9PUC{ja%&&S!!xByW+mB@oc@9SsX!$IaG;TS z=$ihfFOLcBPhm*dxi0EZn%m|AM#Gmh&G8@Epd`9K9Q!^k*^~hD(yz+6(pJ?x7w@E> zrKHic0m~R2{}%zp_n|=otARc&-?EX4o$EJrkDd+@eK?PqKFD=stL#f7D@#n1&VK^*UZqwcCSD%@5BUUT=s|zc+Fy32_hg5d z?+=Gm6Ytr*4+eNf6EYpGCuIH4RN>;&`);w-3V(Arw?}Rdr4vS<3(A-GFmm*pT{-&2 z6zn!54#?G>E>gT%4mPN(*myh(i0dRKWnCzt58a6Jni~R&s~bzU!7{!Bs1RVdH5CeZ zC~X0_P^oUOz=kCC*^pOU1z4W-@ho4FmIxdwWGz>2lt@-S>!Sb_hU>&di3;SVa zEWZ(8-GAA!F@j@A5O_@kyS1)g@%+ogV)GHKi;%9?f?3g&%oeiL*t~aBjdBAk-%P9` z)^GkL!a5_#LoYD^HT`be|1)X0T3dAR|CKcKk>P9sfk0<^rjxB;`FhvD0KR~z52-IZH1r0GaNZF1w_#)1{MG^dUY&&$Ux;~l}G zHt!}oSLLwPGuV=@9CXA_i&rR^%UzLI8+Jxt0aPD4{x&PE$p7QdU$Kjq9oIMRD!>Z^ z`{qvv!Pi8EeK~5=#fd1~i#qT`0xIOW@|u}0^fnLpXBJ7nTt>YS+cq9vj&yl<91$EMQyaSXpCkNN0{Y%#VKU zsY(iw`F_wRAQc4JaS0c%nn>w-(=r zmS?vKbzkNSDuHHf?2TyLAL0psr>_s*u+$NC$>SCq=m)Af+_-k-`8Q*#mUENCUyxyS ziRn3;((7Kv$x;9PPgd>a(KZwl-HWDkAp-<^fO-El@SpLjN@g7uFMDo)*XlOcX79F< z9&c%u{B|Pum(m0MXzRZN|63R?Z4lBE*MD?F;E<@4XCntX4FAS=8j^0tLXHIJvT5n% zInCI|ghJXaOCv0j<4P0BmRgqZX~0};J)0$kfTS+^zdnz%BccQe!~AWF`409!+Pl)I zCeJLKPCFx0L{7yzW~gMS6{>8)44|S=MWi|cV-*Y_i7b)R0wSn{*o4@!NfFYb1i~VE zK&Zo#q$ps+9w5qAF#>^*M3#Uo5*i>Oge3Fj69syv!{8C3=kP!0&E?I#&wH2WxrAY8 z8$1qG4Vp0>YPzOwO7lv{jGugp&)S%}Ac{h*N2K|E+V91Fjt~v`f1laPImyNTW1Ta1wp@B~iLwCk;j!z3qtBCI(I2OVdT3i&5uEsYD0 zMow}@0?U7%3~B?*>VbIsU{XD*y^caitx*)T3EMX5Y(x5NigMd{{ja_O`Q1C3&v_?z zLPbHY+(^f%0H=eGV8-5Tg@Om3l43S}@?spo~jd{F_#%CUBcni0VV|_i7e;R4Ew~#x^&wsM(%M!^~H{#!A z7sl|-dZU7AQfn$Kr*D5ae<$M?Hsb?CiIT{C;o}i|YB+}+`m~}dXnI`HGvsG80iT$; zYBTnfDpi2qhK_6*;zlz*eoC66w-8rzz@I&r%`YX=@*qAIs+EP>2abk4|_a5 ztTl#0a1$IXoT|h_MV==eM(Np2rb+pUIFmzrT)IMCE!Y=-MSLWp!W-)+uW1sc84WeF z90gQ7v4QoSeo9ET|M~J%OBtCdZg^G@i9`EL5BBP1Yn{8t9oke^bwUZo$(>rF+QD%v z=W2OAVIYBjY?{uO!L~DFg{KB}{(M66w^)N+fR?+&;W@D<0_VRaH?-x^KXd5ifdYCC zPv1Wh7w_{-&}XS8U4OiV%2eFPG?tcfV=dg4vC<@2?`g=~HY!E|t2$=&$8aDdd(T$! zsD$H}6R+*J_JfLKIhQ$E`HCJKRKz6r3}nRwsbg?AN04Y~_vW}G~xapd8Y`ZXvpgnDV-f?oY&dew07h!C(UK_xLOZu-Kgz+o31C?_~WAGTw9Ad8Xu|M44tECw=V|pc}FWe?cKsSL4gEO*ZKE zy$?q(DE8sH=+Y0*6G}pVOa!#A0cL<~ocLm3e$z+tUGEO=`_jDl4-M3#6DcMz-GXfr z>fOqI?RR1+NSKcpQMV&XzCzVW9Gcr&Of6cgdBzuAYQdiIyKik;u zgaW*DZ@Z))44vBQO~z>cCe4KI6i=SUlTb^0jG(MvU!)6b=R5KYG}8(d9EV>!&IRv+ zKu)=XJXavExV2W=Z8f&x2MklJc7r&RIK@_=>WPiwfO{W7AQU5T-rR0DBIw$S{d|+N z0?_sLiidsc==sMEDR%`G2* z+_=5iD10eI;6)For}Ad{6DA@7J`Cg%8yvmUX%)^OvDg*_k_E)#MbA?%Nti#ke>G#r z`YqK#KJ%yGZ>%O+XyNPm66LOkmA>v(%UAFGB};#Wf@xX(9EjA4d!OKRm9g|B1f)R&x&|f@BF`No0joffJnhJiowjI z#O}?AT@=eEkquxgxI?slcQzn`sI2me|J`q z6L1REHKw?b`^y)$hu+>K=G86t)DhWCg@e<8Ge^NX?gQc0LG|bP zkb$zty_&cG&MK4D)Ow}6AWL+`H}CaX>b9J>$;B94ak-f9v`=3_MHfQkIdt zbuMG~zQwgg!1|7Z2qO+xc5S>#g0i$bra_12nkMS5V`cnS=ea2*^6F;1;Xpnhj-6dM zB#FwC04p%(Azwhp#K6C;=Z1naS$myf%bFv*RO?)tcuXsoH1VcKOaE}zR&MmplOhx| fnvCV+*O&e#$C^xMInOdMFfcv1 ze@~Br;lw=#hCfNC|3!P}55wzx^gkYYnyL&%Jy(}$7k}B_)xOKXP!i2Zf}EgTpLu!T z*n@$Aji3Je#{<0^TMP{CzaHGXtM6;EMh@x?1pANR*FkynfUv(+AI4MeKYi6E;QzK; zNL2O0gS$?bwX)00`b96(l!EmCN>SpEFL|}13_Nt z1ea7)5H^kIjQN8mD+7Z8e+a?yucMbD=Nn0eK|_XPY)6+>0T<@|ZUgAAeHVQ;QQQBLfyC}*oU=4H- zFtt5=#TAB|Oy{SzGmeoy@*GrxD4Ene>4Q)(DJAu2FhkM&pd^(Md5{ODkiew5XzDxU zRtyg*4FJPb22T4>S9#lE>x-npT9qf1SoTfW+&a&}q@@5{Wk(G|+(r`EVU%>roF!>6 zcg^W&#+N0rjU)+Dqabu6)|GJ}3ix`O3Ths~ct3X;<5U^SF{*bosm;(EA@CyPJW1mS5@frF+6 zL3@;R(k~1Z%|msBJ$_Erq#PjeuQy5kaxir98L^{vr=bvK)b@0e;IMf*a<>INwI8}k z)U2Sp7K2eXMY{I0q=YaTwhN-9i!KtAOF@jXktl>!hrR8xuke`I3$&w4jnZ=IT7Rkq>kRmoGK7e>_#)RurMtpbE!9g4 zYl+LBqB>jdmbOxtSgBi^&{-bx2oI$}PGt*rU^qo}rMON}*DZHuKnF}9;vz*NofHn+ z4Tl~0s2pAgUF#-2pq$#b+?Rsw;*ETQR0Tvdn{mx4a?AQV(}A{@iHMDcEym7ufuYrF zvEI$M$`D$Ldt&^#3bcW{q!nLo3l zM#mQR7Bk}n*aDufs%lqvrj-T1{4*^bs_g!(3rz8>JSmR zFhbWq3`;%S44j8IEG|-s)crZop{>d;5k^e5Br0%@>>;XXgGN8p_qq)$-J8tEfV;rMOpEQ-2I zCHOQ@eF9510H}4ECluDkyl*{ed?6+G8^_v&khIBMK`9}x>5N*b+>{)tzr5`7;|OgH zwMQW*hm`}CZw^KKr$qH}cnn(8q|d%Rv^4nbyaj@&rP=*uesw5aqa7bVm>c)j^w(Jg zm@fKDXLnQAVv|GDspQdCNj>?-#^r!RVC|%bd1^(qhyedv(O} zpfb?#13PaQjNnSPL4OTcHQjx&?+V~4rM^IJX2NEPFp40QMBjAKE)iL=dy7~s5!6NT z2vD&}hZm2pS|w1hC1PAmSNsgsDCaZ-wV3_bGjWRoC%R3+oWBlpCbfGU&MBx&4N&jN zgOvDL10KVl8{REZ0y(g;L)JnL5sn;jxzdA1X)fl99%f^C^>lS{!~{464E1Anrj&uy zSORAJJQj3dZn;g7n@W35SPWdk1dRw%`e3+lB()MmKes5Z)DL6q(`5KE6KJ}roO$6Us;Su7jJ z66kiOu>h7 zW(JmOb_(aR)g+>rY2tp0oG|>i-%lO;J&dGD9iYPo(x4&rp*GePx^4^G!jKDj$WN%b z(bPR2!csakeSSZhyud>mwWNSm_Gw{Y4z`X8n%$%tf`|yp0WAaukT?6=!+9taSMq@+ z@%(B}^N%=qw(_iXac8>(C}8S&nWk)5(Rc57jpqjAp8|z8xO#Z@%yd(r*1h)8v{i)6 zJj}g#6J_A#{?L2SD*o60$QRHR{(WOd<77P-zZ-P(kQ?FYBbrWy=RR~PUPmTONmAQk z``{x;gAGu@q?b`?OZbYX7GZV=Hi_nR&5xqU_0*jwJO}OIda5938&9nWA<)ngh#CW; z5J6k1)bV8G`bbCuEzDp@hbUUqhiwW{;nbcQ58lXy83~u%>3H}zy=zxem0cyrS;xmU zMmH6<88N=sf$zHaPYv{+EWe&P%Xp&ulKkze zXr*E;NxeLWVKb0`14j?)tSP37{Daa7J;YGuKr|?aqhY=#9`ej)ypu#bHJv)iL;grT zz&Gqo!4#y4H7H^)K5(uTwg!rQTu}Q{Xx82i_fj?@;MRwQYG+SumYeh#t88KQetb{sG%Kim7^+va!Iqq)dNN^E0g1;*zorIJ19)}Z$@t9#yV^s3Lxc)Ih3{5b&C zM8_UJ*W829k?zFbzdb=>Bky`XzDxmp4rfVuT2a2VNL>a|MlH#)JfwQdyO`&5=8GfHmUlf{E7|nXSA2Wm zRvtKLr!f6sDV=ovLQfOUk6IT*!PKhYXmRdun$KL}A^A)Z{u8|Bfp+pLDa#U+#@vE* zMAltbPLQ?htr+?(7+%6v6RBKWNU37z3@b>`kMaVx2M$A_k&8GoaVv~!h1!5^(+qjD zyO^9(*|0qVT?%MeenBOqpM5}CT;%x%Q;5~9{9EVB%k2GQW4l_L!wU`UZX zgp5t{5vZmi9*V0UEmq?dTpL!UnqagS-wChDh|Y{?(iR>{YNeEJEg#nU3LMS$BUm2T zr8#q+45q|JQ_DekI$R3es>Ph&A-PgT31EvhEQ-{(NujxR4449-nlE43q_2tLhkDPs za2hQGJ^zsq{8C!eD%%OB_gJ1uucg3V_=^4-;Rr8t*Q?H$oe339UIP6UOC zIJ!2nVrqP571&ppx4|?u&T}hwbqXQZf|8Ygz@JfHBwNlTV=g;vb#pG?xJaN~QXDnK zv9hg1Bcdg)2QOj3mW!zm+jzojF57bGl@j(ytJ?ddC>hyh1#n66w3^-IM<48P!@ z7n)ULR(DbWDNhnC7e3eT2;%7adLKZD9&;S;ie0}HdV?;a?1r&>=H}WNT+&T`23Qga zw@2}#{VlfIAXo)>rA7qXBoH%8s`>R%F)>s6`_X3kKYc!(}h2_dYm z2wzYLqJDess7cSjXTu;C1NxL|$8ZSlmxWgKS3-8YQ3lYoteuC zKZ9#o@g039GPbdkIrEL{{*7~8N$1Fh_s?YNia)v-YH4&@)hF++ADiH%YA3U%Z5Ei$ zi`LJf@m;ya>6BrOQ}uBM3xR#43uo&q9$51`vUkczR7SpterS>w>d4$D>i$|H+*vcT zG6}KS}IWmY5ev4&1))sb}WZU?-J%tQW0fda(rtv0U9`bI6Vh2QX z3}o&tZ16@nO&BLu`n`jHOD%O-lvxs-DqnbN(^tSd!ivqtS*B@JnuoXktNRRj?bm@7 zlsm%z(dHVz;xBF>C&6t}KT|)G=`63WkWEU!hc!l>+-@C&yvUo(+f_5r^^_O7`C* zBV!}XbWB2DHgLHVS|w2+AQ8>tPiYo)Nj0T{nc`-mVk(AZ-q0cN> zqzWT$=B|H)-i0D%;0ibYOd$uB+*bm!#{+B}BL)r-mF@8NnLB*StWn{*reQ5^xt>MW zE1CkYHbaFZ8C!5~6@~jR_sAHYM~?#-Dlu>$ zFY+#XxBd$`g0QD>^tqk!&F#JSJ4)0o|2HSKtQUiaQ&NQ@2Hp}y_oZz!XgX_G`?}8Q zI6MuUcNTD*b#&I;dpmZ0b^M{ML_)d^TGt}0w8%j%TB&{2p1BVf)h}?}m^e$k+nHoG zF|N92^d+O}G#`3WCPgB|1)HxgRggNwPC1k1?{paJ(#*d~Qxvy`RF`QK*vVD>G|qA- zs(7Sm0ebJlQ;L2aN0F%WV?CF3+?4T)cd*!da%XXyu^Pq!L0q_8?rwBzY3_WSj>i5U z?nHalaVgZ7bOVCYz8`;uNUFuTYzre43r<$${W~gleMC z?VnrmOxv-XohZT(){uP4w0&#ya373uQUT`ppm4Y5sa3L1gzK}wzaDb0aj0eyy?}1M zCzq1)az?L#pD5n>2u-RSY%)`^>mCb#{^q9riSM@c5U>Z^*W9)fdSO&EtR46fyl7m+ ze!!^aFm`BvuV35Hv>n^LVkXqbQKJ&MuUHmwF%)ktJN6u4k>IR}2pJ9K+=1O4H%e8U zu;RnXAea|Yxdmh|oa&9mRT^-PL`DYvg(#pw2Vag($kYW=B9}-wgrYUYOYV3V{_7do zg@RGeHU65CH4)iVCmpLc9IbLEs@Utdrm*Mrskp$Z_b&uJdzYnAWM>>y)2*m^W!(?UPUU3cdN$YF%*7->oEhT7zyP z!`8fArry!mWOYs~^4{SP3;&o5HQPGcyMn7->=Exm&S^#Gl!cb(Dg~i_yqS&xK;1v5 z+(!qVL{OK7yWg%jX*8!B59SzCKdOVS_$0jZa=^t8jtnSj$((~wI7{t@-`A=qrW1E1 z4mxLy$v))SeRJy1+-Q+-pGj|5XZ+%r81ZjqsU>q{N+KqT=!Ry_^=*Pw)xB=>Ib`s+ z>p6^+87;ctEEBHBYAYB~#ynOT)O>2ryXpnq7N8$iUMTQ}x7!5pI|~;Eb$`>?ep)h4 z_a1{q)n$JPCi8Ul04@`CSsBcJQH2is!zS(AWycq2uKvr1+&o@(Pa-g%>}$U-@Y6u! zt0zN^b=muE-d^*B10|esA|9zOSlt7{O|W7^_pcG*5lAJLAN-7=l$g>A#4 z`rsIu8UHAdNxDJHb7%ZR6Cx+rtHi6?&6z)$J>NDXLE?!A+larW*nO@xmYH1wdP)qn za6ttQIlCVnVAAwGt{p#9{O8-%LEhQZ5Zi;s<{6Rwd6@R@J$m6`Y3LlTB6W0%mR1&S z9vWs_2Hg}1cih3;xYI+$EoBRPy6aO0B+PN#0^vPP)xWe*=(L++d^RARULcN|1vjC@ zHSXRm8#H#5${i3U*-aPN@8|DH>=C0Sv1)emc;NUm3PxwXxzuh%hfw{Nl*owhz83>h>3dpoK#w-;-jPpTq9fhclU^bsTKJ$a|+DJx;I5MExyuBH!oGeT5$bt3*&^~fo+x6#jat2EL} zv>}cD%{(d94OJ}KFQB%opMl+$6nUW%l9JtSEb`H^pb@cUE=z-df?))mAHGRFE_vX< z+Y-BA#6sm9&Q;q~7JzHqKn?VeO0u#|YulqWo8W(By~#LR$h$9{$i^A+$J)!Q{6zI_ z-3agRI&&7Hl4fZ_ss<&-sE#g0`ySQ7h_zc5!Lf$7o00o(?3-jhesduB0MtRykYdaS>`;EMv?f-kwzT3IL|O{^?ZUf z9Qt6>V^!LK#MiPqnUFN4y;8zl^On(Va+Px?PeAV^>D-3DUXj&<^fRt67#OykxMjN- zsq+=kVUyXQgL%+4x37HyR_j3c%&<^UnMJ5;-#2<1D2Ho+w(?3_d+PWB{?5uW+kbX-=8hW}G=GXr(O+7W@_drY($ zX(GQ8{9R}Jcg|^iHxaXhSqE}&5WxJ!pYPMZ_Tz=o-9$VH6M%xf^1q~hl&5ny?KP1$ zNvX(z!-fyDYOYME=J~oYt~8K7s3n$gP>CeO990A-YFESj&g{4n_g$&ptHcD^G_2gf zR?2r}9-qzfF{eG-^HImb;n!*)7JrkZg8oRG2ZM1HBI5@h1miZ%cSXiV6-_RN)V8B! zc>3|gmJgQS6%KX=00N^wTmrsue5Jfr79;z{{&pzt;z+EqiUhPDO1VsQqe2*zrqzC> zm1+*mlCD?gZC?5jm`*_eMy;%G`D}lNnF<8fOr~Eo&fyn!6KGs zPmdOEUJXecVNviJUDoaVVBDfD>MiT>9gYq}3hGZ@^@;IiV#5N6#(8Nrtvnz(z0ch1 zXK)K%_r>y8C09E%clwkFieujT6T%L}qdF&kE(fBb^7p>rx~X6%&kn zu(K;#oD5BJxw$D?*YmuH`x4>h)SZs9rc2Fyk>p4xpTmo!gL^>e3hTiMLI1tZ`~s&qRv-W=qh zV`p{-7rOkW&drUB7Q7oqtuFFd$ayI4W*zYxKg_G2CW65!i=t|5YHRI~seWH&S*1#Y zyS-f4A@54WBcAb-GcWMo*Q)W7>Cr|vhn9O|{pn&b_$(MeETl3*RH^1}GkpdYh^9L1 z=0@}wBOo2ejGKulSd5a~yfM@ot_>Du`*@f>JlzyFlI^wi-HFHCC7^I zY0&MD(ESWWCOsg1;S(8Gpnq8S{^;lLs;sfp63Ww7J>Z<(e# zqvMi1!{YzWMtwv8aCAB;&|i^zAN_7!^$g=t#Z{;BEba<*z#~~>XJUgt0RJttjuW>_7B%4yE6Wn6=wH8~OT!(g$28FL(QOmMz>yb<+fA{}Te${72mC^ZAov~B`*l0Kb*TRME zkfGHYr9%l#76Bdia{TeR_88fi10kc3px57#`?_&8zT>T_6715dDr0=JSD|$N6wZ!9sSsSoePzd z?%mBZ(n>bgvek-@Ki^R9nhyQcd-DSQ2H(Uh0XR0B{OXbfU9qlcd_Y(Hh=1VDH{d%H z?p5VXz!xn6=Jef4O10v!-7ReY#gP zw3P_!2e$)IA&Uu3q#MpTDXZYJ+~{K0^Vs;e@*#)%g^$0B=4_j!R<}P2Qt%u|Ez_yC z`DZL4mSEoX{Q{>W>fOi%>{HH>vyRyLBFXf^JI*rq)>)1zPmAQmgH*prWV|v=Ph+U) z#^p{&o;!duRQWp%xD}`O9Knk+kFv%jLj7)u-VMxVP5B}o7bS__Ogaup!wZKHN^-+; zau%jt!rgI76iX;=s@q#uvw|HsUoZo1hzqWS>x}Y3SIvh_51v;`7dYjlbB7p=Kl?1z zwd(#Loen6yGMr8mouQKohySWG_(yn`M8q{}g)4R66#*55Se)aP-zW(&ex^ID^v3oI zxMfEX2uE=NAaRmm6^3ly1L3L4H`w1|t%)rKVLg%(svr}}LFQ(6=vn88cpLJ+_x~s` z4oOOg>b0aI;C?ZbUnZYW*)M|aHOdQU)yf>S(;Q;T`YwS3-Y&?mddWDs&0z_Ev%hQ8 zT*>xuc?9QoiSWd~{2#+C;=%6u9QV`wcxOiS!D4*pm{zaQw~k@rhgVbGUw*{Iqf>;T zDrObdMVZ`$R{nznrs=U)`8V&3{_jtNf5_{Pt8iLFj$y;pAq{BIe&k+~C8$e(uk~ zYBybVq+MS=I7Vw`le7_wWJin>!~#^H@@t>P1-R70eyJ4IKJvF`V804E)b~mk^v$*0 zsGigt>!I9bujOk`Ivz>>iwNl5pIzfDIDfPchI`+^ zSai4#@BLNYe9gX zezhjc59mWob+V0@Gm8onPldA~7_jnzGbKppj$*jjvBuGKjgyjGX*~M!-h|Le)05mK z;2s3C@G39)$2A}2kb+dsGJo2=rt2WvXFx}HB-6|qIgRnPwM}Ht-i%6adA9s)qV4ap z(T)A4m=}Q^JSRE)-&j6IM8T2Q84K>UBMz} zMH*(EksBiL&Cf?$!C>e^GcRk)ee2)V5|>rlNg@Z`lQaE~VHom;4{{wwKn6tr+ieaZ z7L@dVu3r6vvj6dt|7dGNMs?F{Uj@hoAg;G~18W1m9O-219Bq9^j!KlF)lxK0wUURA zK838y)~cB_b_<}tHT@vZXw$;omLhEnwcf+fN>kg+t3=(9Q&X+EO)krB_;+a$uCi&p zTC zr+I%1!VcSJH^oG&Zbn(oV-K=MakCaLGm5Mg*h5>>LOaik2g|Z7Fec1emY%vS9Rfo0 zq{QeV9CbovCoh-VvNc~=6GLwoxfC@$WqU{%SbJ7+TB1s){}VU1^l?G-PBOiLFnZ-E zCqOsMDK#`5LNEIJkY?pty_2~&W;SMOA2a~tDG(o z_L0rZ<^y6(H1)5X{f$D=D2JjZ_di9lr5ARKB04{>e`oAN>M*K3N~zbm`E*d6j++3R zMNM^6cr4hmsknV37ymQwft^&~y`jyX(t!novCTNIXeW5>Qr%reOZ*$pSkT(X(w{b! z)6o1h?Vlgw%i^_bs{!cY9HZbbOfwNoqD60d>j7*#cP8ExmUkSgW>=_1^jaECMUUL8 z%@Z4J)bqKtTpN^8u<_D}sBf>hsQeKW&zAk9Co;afPw@2LkUe)l0INN>U?{qc;mjzo zXq3@aKEu49bHP;KCjb49hxYyvJM}Z=sT_J?++zJ2WXOxEA6)AGv3+a(?<>f4bvMw1 z>+dPwJ=tJ?p9d*lu*nsh%z~dW-5m=U>gi~{bQZ4YkeHqtVv(fQb;*`@#O*LPBQ*>;Bu`a3Pn_H3G>%rT~4d3${Ne?+dDd|BI`>7#{!PN9T# ztKD%u{6%B4FXLxHe_mGT;=eK;;pP@U3$;wtjiE7byJhWh%~mPby!xL6m!A&r^N&IZ zZ0vTL^F047A1R#@b)j~od$fmBefWES_1D5+N7+Q&-naGsw6xF_pLW%~0y-kLNH*lc z=C<2P*2L~ZoNBXtE6pR5{N`q*Bd^Q4E+HJg5u!MK-O8VyZppB&MQh~%nooQHX~bXb zH0actd}8I65mp~BQ++?WJ>8bq}=`H`P7n2FL6rM_5b<;-Squfp=| zKt-(2;JiD#%*f2!(1)G+tQ5lqC|k!!8$C6DRm+Tn!Y!)pA6N5Fc%zF-X6t=>HnVVm z@*dO8FjUHhbG19^E|vN0WERLhFiU#JyM#` zWS*ePm1M2J4-T~-^n2{6b#0;C?&D6k7ij0g`1;!9CDWAe9|VhoQG$+`K*LC^qV$z6 zN#s!fqO?oi$LLsGG@jtfDXHKpqG%!d^c(10NVU!%pwGv!QQ<$`ZOL&!{ zKER1~&e!$0GOsD>cHW>9tWD`jQNb;If<7xMx6n~ZCAp)YK!OsYaVdy~`W}CA@rI2L z;){&ga0jhP%Pjo0`TA+#61R2sgUiOwhP>rtw%H=aJz-JSD`^j6y1Cu$xpT9tyqSit zk=#6-uc?m}ZJQS5C`3B_wb~2r%U=^f)PAXE?qpKL0ER_HieVWJYGw^O%R$I86}lUx zZpd{-dP)HkTq4Czh7ea)oQrY>KR)>SvGnBE!LF0#9A@u1^;@=*1CWLz+6%0u>tEOc z5*(M>+n4uJxC+GwDN#l2QHN)vCqIRmk&tL5ety6iBa)$wI0U_Ikz zo`=5bRdv9b^}CyEso<`POouh&f(${yR+n)`nU5i6XMl0}VsS=BD`|X-1A{8hG1tdm zr<9Re7LVq*tuq=9m;5Q6wIaQi_v@<~Lf)skm~G`qKbNByJ#xc;9% z(ZATn?=*|Aee!;G>UJjtT6<;a^nm_N!_5p6nF zdf2NrkqxXeVY)(m{c~&Jb+@c%Njm?&G#mIhIYaoDVLpyH0ng&bPHl#Ut{kjQ5{J|} zG-<}jjV-U;f#Z&lVO8iJwI`6Wx?*z?Yg;mbqioGLJR?0IW^;bGYy*v-I+5diBuy3H z8Qg`&;sxWTK;T=DW1=B?QiUkcuvHSEbiA1uT?j_eCsg}vz6sb1J$^TDpKuD38fk8E+RGX!z5sJs9j+SQk* z(1?|8_UR)b#l4Y`1`4llXFFRoV~cT+26OBAzx`vgxyNO?C{?L)^Q;GSAzm@kWQg4Q z=nWWXJqQ7&#D6{zP{~I%TmvINJw|zDZ}zS-;kI|z5DOw|r_+v&r^xyQPw6o_SNNR- z{{Np2`8R9*zjITU8%ZMH$2OQ-b93h)$jMRhl+buOLA~|;G%niS$M-{lLUVDt@;I=YR6lp2tpm@|N#dN#v3$P9A%s@_b2vOW-4_EpqR3t$)DvNkjt$ZG8Gsur zmrO(4D%Gi1qv4a@FO1z-uNU8I9ld`g1oc=evgf2r=B?c-Om>gbgV33-_qFS#Xx#&b z%JMfYCqmAy-MRhI)(SEe_R>uhD3Z(L2F`i~$xsxdMacF{QG@|Uv_abgwaZ#+Wd`4a zs*{0c_WbNNM_U4<^;aR(W+AznGLu}nmyL{GImy1{-kE>3z7qSdd0G$1)6btPE(^BZ z=vIxp@~c2tGk|Z2#av3T+q$}K*$P%WpmG;Mh2fW5MlDP>)S*dBQC)R|mc>zp~lpH=}5DK;~gvQO2yM_~<| zrwfWl3)dq=A9b?WQ*Exayl-E!c~aX(cxV&**7mP)?QQt!b>4o}5cB5vlo82-N$Gs{ zfcM&7`wwMpk5^V%sGEWku z&4GWLFx}Qg%ShdTAod1C`ycZF3Nw4sP1u_P1KvnS)@iFO>@T?NJ*&N`6pGg|eE{mF zajjiPbor-+OQassnqfOo+rB0_XN#-C&om^QjQ4FUEg`hbnfP! zP!={$=>hZn*XuQRr0xu3Swdnvas$FExWw-1luxenhx=cQf4qLD(> zM7ESWwweryey{qV;(>O76PkH@7;!cFK_KRrw#8N+M^9(<&TZ4k@1m0Tsf~s)V}hT= zw2f;zq2c2VZwqQ)mvZ=0*r#Rq>_nf(sivm!h@1sxopnZ3=$4hp}*S=Xcj8)XmKEAl)yqjP}%|FWu& zkdIW2Z&kaW_s*XAOlgHqZs6f3T`Of}W4ZKdXN1UQgPd~ackxb^8y*2$Py7ws{eDaQ z6UiVE*fusWbV~)mWb6W%e8YXh_?^7y1bQ-eK53D4b6G?~& zbeWa@VGxo}Pdla|EZ8%+;uA-o|7g0_#fr6LEE1r7@(O-8QLqciW~NOa37C5dKW^3> ze)B)j0l$OZY1~N3f1F80jsao3^jR44?<9hZ5C62yyjMS|)x+$9N1%%2e`!!3q9L|u zvE+9E?$9yZpGUUkdn<$xd#Q<3lh&0hib11FLkW`2b7w;7zVl=C9&MgmUBz$sai#wv z@GtK7re8je!Ot#3C|3CZoS;eq>bN8@%}ui}RBSHv9`J1XlS;Ne?@Ig&Fr7LezuO)C zVJgIklMTtwG9&N$@|{>aY}y)v-#3Q(ON;h<^3#}2hz0DjK6>Lm%-4; z_>qd2)uDw;ZXnAL>r^#qjPA_ZupXV_`|&;&PK{Q{^6f7|C5Q2~j@m#xee)X*uU8OW2yEe+SX{IWV>neVE=4(o<`>N2XoJ2XT zYBmq}y_&JGTl<17_jRxE4as*suPtwF=r_PuJ>PEZ-~AFh34xVMVyc-5!mR6&@kIus zPirQ&v#xo0ZNw73$loiy-}ld5WkLwNn&HY(hayUB1Pi~yYR3;^GVza59W~|Vy4;&i zBh?XVzSL&pF3#3*Mie^eapq&}*MUb|quyEkS(2_N#ER9R9U%ZGbPR&k0+I09V9PH_ z?SMYn)K*PE9(_Zf{d7EyYZ{miPt3nbKaGIz#=PSM718mu^T=p#n*$0a)m<~Z`k9S6 z@?8+ZS+H5iLOq~yHW>AP@~$uXqHwRaZ6ljb-M%^zLWp>&N7%jCs-fg4 zJmTyV(EdFGIW3er{@SIP_ppi7C^fTq2It_%6_NWzUiHKg4EsR~#ekoK6}DI=(F>@a zuh|m{4@xt>3`p6!y^(G;2HLMwhy^^KX--Mm>l4b8?e^2q4vp8m*z9%xDf?r4ivsD{ zc1CnDO^W;LpI-c4SUxjOIFZL2y%Vbk#AG6Z5XR%#&iXP7VW@;?6+MgmhY{O9okonD z-{@QIhdLz0!u8FR46{FEMQ^pvdM?^qzOv;qVp=xEcp^5IP2l>iI$@3$1<&E?!&@YY zANkCE=2rixkaj24rjfV&E4x=!XslyO5~qF-{_Yd+>e6n$U@1+G(>w&$${drE$BDIXMmxP;751RX9;rlWwZ-$3AcYNZ6B$|D>Xc}dB zHs%Px@hPjP<>V{-TSw2$4GfOjyC$-u&G)rt-EG#?0Sj6Aqjnr7d*^tixU^MUH~{B~ zb_Kz^G3-eo#f`7Lrb0>z@4hnmkMJrt@g!+?SX3F2Ayb@F)9rO8P|fhrF+S$;gZpR9D~|tm;QNP_uqG^#?YF`xzf_om}|SeD*@@`sHj%5IPtFo4M0xj%)#9# z_{n5niW_ord~E0T+Q0~W&8HDZDgRUH{n(OgZ0Ax54yp%{mtrnTheT_fcw@sP`@|7~ zD|;bU^C8wUc;rm`PKToit@)+=GF_Hw=E;CWkj;ZhD_tqsj|yvz%bZx;003T4{cE(h zUA|eM1fC){u#1+U)#RWCUvpP&m?&y*VvJ*Ce&aPsJU8}5MOkj|OrQ5eLP4JMjXCc9 zTIcbuD|U&1#<3~Gwk@~o6@BNDfeVkpC^)aagCEWRg`!v=^Tdzo20u+NAA6WgrgdFu zf&5R0j)~KS`a!NHN`jaZnolQP`MV~Sr@vOv0oaH3bszGG-z;D6^ff|hwo7@GhLPX^ zf6pFlQs+49QI0VEbAsHu#(w=v2+Euyf)fbS1!7d(K^T z%Um3Re3p!rHU=p!|IWi!%V%i}|9j|7+NeXtM$&ieL&akNUC5B_)z% z;%vvskqnf%S1FV}71Q>ICpxW<3O*JcHAn{6S~S2C=JOU@*<^gH93SeZd&pcr^X0pI zAdS=hYTP6MUHg$d4_*$K2hXirnWpvr&IyMXpuZbkg#P!+)qimE{|>_R&0;9{x9R>z zG7(3AQiA@d#0xr2M7p1Jq?uz zo^wNX&My3?)i;Fn6{d2z=h3a6Y!JZWM;(97b-%*hK=v1J+%uVrk#Pd4>WYppmobMgkTizj!xpN8qfwQZPdU)Bh8k#?JS z9mW4p_WVrnq1CZOW24&J{mV?ORxCv?<|!XUSurK4-*m+;?1=zkLJ6Uqiinyz=CPrp zZXM4Wyd)1U4VW|K!&kPr)>i)d5v1$jcTwu>~kpZviK~sRI#v^SHrn@?g<#G2MqJnzoLrB$fZ3AAIcIBE&#o!J1{fO_(iD9YX~r`qBH zv#W%Cg)Ls6j+|Eg?oZaj5uJII%Lkdj=R6;5OWGc&SPI>~Dz^82Re0xuFcdE2Qp=aF z=5Kz!C$bfhFs^ik>6ShHAvA`ivRN90KaFbk9DSTPgbQ|iJhibuR@uY_PZx-b=xQRl z$7HzW!OdVXzZ)fftQ5$1tvcGzAj8DM25Ey-8qYk?(+j#f^x3uK{$!q-1iNst*u&g$ zY>&{6K908^bGX!&2pe=`D)~5zcDx$_J_sSAH#y$KfT-2 z7C8MA#sw9+`k6m*Bi?4oipC53G4_Otv0xrJxa>eL6I^miv74_D?tYd^t#q%53nG zeNR`k4N{cn)R-;C2?YLW63P|D7E#95kMd0<3D=v5>ls_9klX9-!yLqW`-0jF)a%1~ zvJ=!YnP>Gvphrd`SVM~>XPeXI>AS%2@<|9G@;8fwik5_(KR()~3FomAs>dNu8T5a} z7r-=S(UX*y$|_9EwePr&PNi$SU6xj*lZ#_Y^4x%056T)zgK9(OIQD-@%|zsV-Y(5n za=V{Jz**3lQI=y;MC&w;y+jf=I%ae5sV;}uwDIc^cY0@f;86xMeTn8_$jJrdJ*e{9 z`pdO6Zd~!Y$LbCr<)**9C9Nxs(UEgOQ;_Ea;w87D(uQ@f&I1R}`+zB0=fSA( z_EmJbe26JC4skIr!GFp0OE0-BdMaMOJpUtZZ*Gy3t|T3g5r~RS*T+N?;1835E*9rG zLTjH~hx+!jVPAoOer_eDHQV^5-UMZK8oXl}t`Hci?p0gLdYWao+gqXoky#9~VzuN} zjq5?o4gA_5cL9zzV$h3LzJ(Ie#cWuyLF;H(rD?#{6{#Gcb^=-Ldvv=L(59zBSKRAD znpvx}_PDSQKrKrXop(2(;zj;9sa0CDihH^GuzuGLi!q*`z=B|>-P186M5bMl7CD2G zd~4fAUrTSLGl$@sa6Xfsc_PO|%bg+GZLheR(K_5t=>TGHqPZ;X6Gu`xr@gLA--oC) z3=f1>4COY^>T$xG*Xnv&1~Q*Zhj6F2@i}^&W{>20?Agtoq+StVC#D}Un|ZQ&pC#{p zIMM&8?dWBN5;-wQ3~19nX!)z6HMlI=US(tCefnXqN4(9$?k`D@&K+Ay$(-+g92e>r zd_Zju%OYMOdd|}?W}W+aWN7G3*)|zCi(U@Y;qKMB&CU_1G+p})Mio<%#bT;|$FqOG z?lhjz-1GdeZYc+43pc$)@VmmMii_) zk{mtK_nk^5aw_4X4nHWW(Skc|PRst<-P_WUuW{eB0@UUVG_+gu{dTe>d1Rf@hwRPh>*fg{+z2FiR7mkSe06K~NHtjho#(Y=YZ-Vfw><(No#UhND% zpPwU45a}&?wVWjXR}VzfRpZj!Eq&L=;$eh~X7EzBu$LvHD|dc7gHSc+SaEH1T7Uk6 zeH5x<^T&XiLNe1aM*Xx=1EG|vtd zjycBjJfrU;gIlGK*V*rX@Ig`Tk0dRI#7<^Y4?}-^$MOG^rA8i)jeNME9aDDPu}Mhk z7qzTdJ86#0u4@AwnpVBK*kfLGn5BDc)P$6&?W?G~r|s#^>DA8T*J{=N=5A%ELXc+bEh%mZu6yheVUJ)r65m>>I@P+{e9YG?pSr7Mpz@cZ<0!UY>b02L*Muv$ zkz_)|ff3~o0oMRnOJ(wdrqzcB-+fZ`U5{RM+WX;&uy6gzXXKuOtLG;ExMP*qg&;E0}j-`f4CH9_4-lBQM8gd*HTf z^cZ8@uiHuno9gl_wqjT?_`W_?XW0TRWGl>#paBJGONHf+@e-z`P8o>K?#27D`9R_) ztjrJkJ_i1Y_~?#9fEydT_m9Zy?7|Upb;MnNK~4%@H(E1&Fn_Kvn1N=I1v991t%{;* zccQ#^eG?2qHT<)oSq2SSUw_;wioK0R&;&9ru6@qKHY823KN7Xpnx65xr<>yxo_$G!BOqToHe!KkW| zz4q8DL{YO05p+pVu2LgCqF%O_-@wdmR}N|u`ShS5%LPvd2~p^GBP&J7V+Zzivx5Oxi2it3*&fpd5+W&ab=0jq zvfzRHDB}y40hIxzh19?i!O0vY$rPc;$5;p1(srX?ESS`?Apn5P^{u_qemc{-&#%-f zNfBGTt~Kwq;K~LXyptBlZa_98km4?2t*qOzL1$IgtDl2DN-OFp!O-?kO;+aNTFOfm z5&TE~ufy5;%hYxFjujkOrA=$Q?SNyZyYdG@)owBrQ{;iv zuS=$NlZ!xi7rvo#fq)4iVLj%61i;OWM(7%#FK(qf%v20#< zWk%hi5fSHeO++KH>RA}upzs9+&U2Gps1dPVIci_N;EFfU+blBfcSuzQO@bu#qV~i? zgURmsxBMI6_2cp6PmcQ)7J?R5T&@NxeRWSS8xO$ar+8{&in6Os?z4*N7X~G*OT4j| z^6nb@x)%Vp)+)3T7HP<<*!^H5)}LBdRT*96#z_-DZl-DVWzH)1L?HOwgjq@WCQ>%u zx^4drS>-(j3B^7iv#Wp`g2|aY&~(+~6Ln>=PCwd;<(clYAmEh7vG(88cW$M|#mueH zmlZt4#_B|k>nvG%anxylwRldk#D{(9)7_1j)=6`jdHoLCFPP`X zX>#zUXi=7Z%uvSozG*CTpdgSd_v&&D!jE5`FK4&BmaI`+FnkwnBUYBW7w1x;Fs_)o znDHVmoW0_34NCXSk>Ce-7`hHtf(Kx5De|Z+tgby(Kf{R1cE0ZC|^T9%m3>c@h^W=c6$K(t9FbOA|+I;Oux= zwBVG?YNR)bVBCQ@_I(TxNS-umO9qj=#W>jO)oYJD@GP>JM2j`Dj(F{U+^Vzl?AZ`n z^R+h=R&9Z~BJqb|rfvnra<@!hOQ*mXuc6y#3PuM2xOu)|s5}uX=bZ2`d`;V`)S>j5 zUVFKaWI}kVhI!N#e*<3udiF>6gRbVu1TWC(+1`%}yY59*OXv2oEAdlQ5D?%U&e>B| zWEbQtVwwOM!^1y&-Vr*+i7HOM`OY8Pyr3^3Sm5p(f$y;X^XCHUGQSXv{5}9 zbldibYa0q&YMaPdP|n=Gw4}K9tb7U2QD1ux6$13>($&Qp+D5VfZ~?`pJn)LTJI&$; zv+nPCB8FxpfRO(?+TFb0VFl}F|My_p2qg~T?i;j6UKj8;($D==vy3t^ zbPHnYGbLG-gfzqb=(%UdC5pTFI4W>aKa)YgQx_O-fDD`scb!0z;);xHB0%`*=&xS` zZ!U-He63h^D9joT6kU(+1_WAg5(M)Agl>yPQDUJ<+|-N4yD2qKd6ymqf(PK0*J-&b z;>-4L9^X8BZ0iFl?i*PUSb|Y!y+GNkgo8qC0#~M%n6PfCK5A3{J?8o&kiq$lN^kj1 z0JtLpiQJq6o#M9^0&#l_U+W@;soDZpOVtd=V88oWBR zt|vb;Vq5m0OF2sj z^1_s_f)dYhyVAk*bIIUCJGCxo+-pfSXj<~`rVqz0B@9r_3WOY+$CU`CMgPcDcqV_B zbVa~t9n1DA{3uZY^mK`)XTPxI+UyUM9Z3bgUpJ2<^kLxRl?&@rM?=ybPpPmsD}nZb7_Yr zN}`;oudbXyLcoB5A*t+yeAC+@gQtlqALXkV8+mtUWim z`&MLdEZrk12)xD|uv+&vd9j+%z=m|wMhB+SAQHgNRk6Izyio!k zqJ})|Ry9Fj*uk7+K9xnXVyLs{i7AgVwY`4?#Krr?Gcv1Vn@Rp~y z5m!&-xQ6m>>!VAWK{vajHTxgiLHL45_R}3LpN~I{-)OG!w6GI-G8}HTQYKb!K-Wxu zoo#n`gE>u83CLH3u24zVY}HmokCdG?g<~0bGz|LndmaA0uTT0p_DyES8c1!R%L>~n zT5_F@kI~Q)U5B09S$?yq@phgp?j|yb+Um~x*_jx#Ie-c~EQyWinq z6tP0VGM~n)7cPiMv0Z=Zcfc`7JzgHmVx{N zaHzQJB(=;|P_<|;rw!nYJT(ZAxu!e`7a*L;+CG*>F4ao1>?Ryo70s*=sGLcOVM4Tf zz7htuK%F@1Sw%G%ZbMZ!(dl;bCO>4Zu7@xA%Kroi73l-3>j!u zl+i*vXFR3#bWrQA?z3P}2x5*eHd|7-tQ$=rDXntQ6bFXH^ujZPJRTV>fTJYNcSJp- z$T>7*EAn5m4gVCfB`lK*|ASJ_zetP%)b2^!e}W#-2oTmPV2^=6T&_eQw+XbPq6{yB8m^y*h>B*nk#*00Oq^0l zo45ev1dM9pV2>|r8`2b9cdzzlq>8PtZ*k-AFC>26 zDY?|nVV*oX9s9|1v}fFtOTXybg5!u=7$<*kuUOo0I!tciWFB9$!bUc9eK7$>ur@&2 z`Wvz?t9{+_*bO1J&N-pIPtQ=XR11Fh2{ZgaTp%11oj7;v+dZ{Kj*RD}5xoz9a8A+4 zG)-A;o*Tm49%OsU zE&Tnxy`To_UwWLYY1DUyydxBEy`i9qsI)H8k4vr5@fUtBdrW%h6s0+j9Cgdqmci-p z|NcCGo<{1-zi=Z9XMZ3%pPnBw5OA1h+-`Eeu`oaZql}x`LnFNr#O7h_16M1EPl<>y zP;IWA5bv9qZhq@T!%&wH*U=P0&i{h=r?%5nFqv1|PuQf3`5YjtSKGBSBM&kd2TK)w zR!tTVUbBiH(l319%|gMO6l_hiQZQp`_|AP&dd$(1st5hcHgTjNlVkN~B>(Pg+0O$6&;IP9_q`b#%wwFp)NzA7^*Sm$#goeviEG>SBw>6<4Rk zs-Pvw&$P6hulM;UxlB?JDaM>Mf3Jk?-(C;p|3aqse~OMU*$_6-%8JJ*KnYrVW5gg@ z`ik)32E)L*K$`*3tMB*U=SNjnddZu;FR#$2-BJa7w;Q2#8=~SRw0b${R+5Njfq4>w znsQSeL0Z4(%mM$7CKqRrwDWM2@xYNroPz&WPZlXE2YZx+1_knr*25 z{2?Z3fyI^!{QQq{DGmvR96Ix95B^QLm(FG6_m`kI>%|{n_FwH=1lKjsE^X0<*cACE zd2bz2#eYl6V$1{ig6|KQKBC*J;X#Z4ScOej^fCJcq-)8bP;=TGyAIpZxmnuFYOg)J z7ly`*2-`N+)9k(PuEdru=BztzWA>Pol@tl?}zK`;XP9PUc(e9Sr7WeWMTVV}EYz2!z zuh#CUx<-`6(@K4gIKd?9*sh9rHQOjDbE_q1L-ln!n7guid|+t))_`3Tavk>Ee!UkN z`TP8EIwK%lOn>hv>iq~0hf)rF%-<#tM{DIslly&U_tFqud4Ol4Jx%V8`h$4$tAYs4 zvttTu@FKCw1SD^4Cqk>Vzr_3^Lgfz?x(YxCr%WrhBRVmmD7lmMUhz?Af%$7rmifmR zfp|z&3Jn!qxdvc|go^=et#^`v$>f8ysG-QRtg@Kd9)%={(V|Y}8HqufP8B%z;To!V zDCenaMUac7tyq7V3n*DO?>P1^rqRl~+^luVGV``pmk3z{VI(^#PUWy>HF9RX2?efs zct759SAkWZwRH5(Ex*BBmuS=U^6Mdb!MaY*q^PKrLmNSlaNq?yW7IDE+!5?RJ z(|7jn2zA^$$T@s79nlY^1xjuL;VqyBE9+7m#Q1?oU$*}l~MalHb_ z0_qHgylzn+To@rZ!cBn&U7IK`IkxO#xN{Wc7sxZuYSD4nL8CFSkymW zub7yiM9Gg!983#+#^_X_!X({zi31yg4$Dg3;xr!UO8|3}VPD5lCJCAvWr$Av1$+;) zH=EZkXkA{%I;d(CVoxE$MpQHQ+Gy1 zqGPj?t;IjnKC&POJ$fD0DHlWsXi63Nk8YG17RU1$b9>6^v7^XVEX8BeiA#CVd|#_k zEPj>V;6&OkvaERS_+HlSIlJbVU5A{EpkpV@UbwkDnQgCnX7$AH#)0_FlcJyJxG^Bi zD{eq`mMSAa*xIb0o?UXcct~*`oaYV}Bk}n``R+fI2!%*-Q~SCF_5@pV!GY*Em+?RJ z+W)76;2dfE57GC}KyQ*KW>!{KN-#F=M@Urz;8stGMJ%M6l%K8NEwZ8H8!;=ih= z?65ZATl*_(NZ)*k;5t8S6NQN&#>avsqpkah0G<{8IsBZGVd0-pB81+(djme^@k2$| ze*C6|`Tl?pqA#qE^!7cRi4>5s;24RNyy4Xj<`Y4??a6~qOVZ-laJ_2{T{sKD z&AX7l^%Ep1r;?7$z*ciw8ersFCDz?B<)4Lmd6)v=^~I4hb3u~q5xk;aovBbLrA&@u z8tR2(io;w#@^GOwy|GM)#|3RyjqtKHjC zod@Ilrs4%l8Kd1=X6JB_vjkO%6)@bJCoF46S>T`wtXxbf1l-Y#IM!TLy3*j;;4|+_ z+EcbNBixWv-47X6Po$JmFVQzf(}k=N8oi)ZthptI+dD&pgq(vBs||se!C6vTo=ZH( z9fIFtfqGu|0r}<Z$P~le0MhZeU=$WXjHl_N;pcAv{d~z&5SAk=Rym zjQUMz+o-u$hK0~`4jR|7YC@_A+-Ua;EPZ79*MnD zMI;I6Z|1ZR(;A>-1}9@W+4gjHh9pm>TE6e_A0dweWrrszo$PdyJ|H)&HVFgrgSq** zLz!HeHgBT%DAkj+G>|y#awz=f!i?&q#g)F70u`A)3X=~HrhyjuJJcY0rm#z7d^#HX z9mCQe$M-6c_j5;zTGl;YxYjM$Ov(KkTG!N-fAf&vPm0>C525f?1P#r9#Kqw>bMgwI zmWOlV=N1B5-M9|GMOiPwy2irx9XET{D#a%53t>Pib+i!?{VseA`%SN2rv#cMASK-* zQzvhK{cL4qA+laM{6utDei`~eQDbi(O{_HjK2o8g&P+K!x5&gfy?<{XR(y&J40MR| zECf=iQ>qO1HHyV%jpGU-ugy8`)5MEyPRRm?%Hj|;Ee*K!h^)#6zhP&vFf8~h$CjU5c{t_=RhsV+y-f2lvJM z-Z-*!x0PetC-F1oPo@rPe|)wLz z18G!`8VD85(G@QpP3NaL2G>^IA`gKsSuTUrkI=YSHd};0G}_%sEedDJWvFED;1-p- z3DMh*Es4&en@gAWDs`v+Y2#-NF}|#NF;PbzH87rcR^ca5or!Ky`VxW zDoxic*zC`5J?)OG(8W@d)FE3r9tiC=+`z;uL3(X@eP)H&`gJdj5uq4qu*A{n&1GXV z;lxJZT;~XFxHe4@e$RNi06WNH;ekmQy5=<8O7N9r+*@yf!gd?;9Nvvp zj9y|=TC)@r}#e6j=;IxyylrF(sJhhUp=~Wu4Gm8XnFv? zvjP`)ETl@G5i{GvG|LCF=e?5t0ItPVh9`Us{Ati1MkL7We!F@InWmGk+hYbzeDj!_ zVU!UlY0`Y#s&kDjbR8^Zp%_;$R_3Y33XZDjK3^Wl82p!;i>y7wsZ(^A{T7oieKBHu zS9m2E(}Z9>M^;3v>J-?rkNoCQ=9B_cG0Bw7A&T{pEX}c;&?|wKxTyXb1<%MQ*S$!? zZ0rH~!B2?lLFEyE(E_Mtne-@B(pdfQIyCv_5EVq5@!`aK!luXs$1wCO{yHvSgvoDO zzQO=_YJ6q}wh-78@?I2l$GWD<_9j$NdyxG6_8)(Nf`nhg_~uD*(pp zNW;>5R}92*uLeVu(9dvb2L5xZbRP&jZB7+kyQ z&1~cKz}}%>&3Z0yb_wWN&8wDMV+$dFIU8&(Y*Y9&|mh6WgEYDwG=DGA}QZh{!oH8m!wjk0`DHc?6 zAtoz|U%@n(=en(f+1s02S)4U=((LmZ05$dx7gbKRS==-zY^ zwa}GCYNyFA1I{lruq@i_YI%E54u5aP9`V8-A)RD5{0C*p|6tE3f7QzB6nz?pI^ym@ zYL@l3^be(2H)bS}cfxPpc$H?M8Fd{ON4>Ci>v^yyTGc)9Wtq0?tz}tBlfA3!`PzdnLxh{W!)D z4T$s&h_6{0=*`=Z>ZZJMb+s*2!+tv~X+{4&zNUY>*KPkMCV2)-`6tKww=%{57}#w4 z3xKfA{M>aBU$3Ia5Mme?Jlq1nDQ^)851DQs=we(|09A=RJ9vlSI?pv4LO_M!?dcC} z>AlpZ`vw(xHv!1>gq@Vkl*9xl*^bTtsRD?0tcFT=^sQF^Zvde(&Wx=vGcxFamvxG)a>2f zfd}#Fo2&`BDj20JBuLH5h!?>kFOaj4kKaMb`KiOvw~5-Pg`!Llvip}aI$-d22M3+S%%D{c zaknuyer}s|$VOa2u}r7e1Gg-Q6FM$dwrfqCQHIQR+UB9iYdWK`dGp&1GcOJ-7eezz zVJBcGyVEOKpUY{B%zTG=!l4cdiJP~K!0CiZ_|bSoiG%ojViuufOVZ6QOW}Jq^78ag zHNNiGmqi%C09Ij}O>p_)<3C~G8`@D_@GXaAl6Lt+tKDAJ`5o!K0DMs#s;uF&>%!fI zgq2lqRa=Bn()+nZX;7EE7-xnH&o0lg3v#5BhTZ1y*0`3QDJh{*Yxe^{Bu&l(N+;c} zfqVmXE`$A8sc{y*Eyzht{_VM+rDs}mB6;Lq$%M{&6qm_>dK}{$X#Bh@TyAWzaQh(w zDY<~$=O_rYYn8|?81-|fd|KMRC@r$aMvk?4*LRzY{Z>_>(!CyqVl$3*AARfyr1wc=Aze%3iq|Kb3Ssy&finF}7N%hQ z1cC2GUKRC@?v$$Yn8heMWc-XIIg2TT-H;M$N=6hU!8=@u4Dj{)UFsWFJ|VM zQ8LKt_|Hl&?7(d_v;3m4%73|de`P$#IZmnL$8eP zs^Y#DEcdV-Nk1#?Lb@QmzJzf)>wwj94r@O1u^bblb`es6y-ez0zEn@$2c?4liK=phyI@ySnQ{5s?pR zMC%m(v;|}Zm`C_R`8%t#`HkR^(>t1aIeHDkmF(*&@tJ3hky&Ak@tb#m6K@Gn^|L)x z79-2Ir)kW(w!G@knj$ zm1#ysyF}S)grbORENEne;L%AE{Glmbw4H9U!$TgTONE&P$-GB-ZukXGl!58Tf$hfSIzR+ zJG4wx5)VEP=hcVsx92c^PW7p7xaL_{2}4dwnWdeK${ft^di{xPy8_!PNKoNJbu4iAt4FU!P_bwzmM%+X7x44KRE{>c7R{^8>)VNlPY4zENMdH0R2C#Ht-B z2Mz$C_Eg)cx91z%rSbgS`2Pl5Tm;~d6ODN6?}No|4fr>9)8l}h{6A^ZrO{833bbX1ebL+dZ zZ!SeqmcCXoAziE4cp7}N=HN!Y4dZgMIx;(P8~FaLN9~AyqB3nlqLFE16}*%8Yi7#? z*i3bd#j|8v977{S@CW+<)?&~8F{q)2u4noa-8^-@qPtTi1A7g`vf)~);z=0@ zdLY9}I0fGV@vf(yRBwdodb|sG{751ux^teYTm=*eX}LoRKL6t<47!1Y{&P=KrfNL| zc2-3-z?NWa4Vumlhn(!r)c7rn3I{>f-0nCdcVave z$og`AZx*%SeY`x}9d0@Xxzr5ttRUev$ZGa-n$g$icx-4@>RlRJQA#`vU?UT#MR*OZ z1aco=4mE?U38a(_CeV&8gFxx)woLhCCz;Q6(z}f$bFdNS+LT-yXW(#T+nn$ zaII-;GfY%b>L6RO7$M9&9R*0Y8R9YPkfYX5leM|qSl!1*li9~+gKiz&J00>?DO23t z0-JZRj4pJRLGk!hpV8Rl1&?Y6G3fKW8v{tq=E~~~u55)St~BX1sj|ilPAzo1$I#TT zl~Xq$76xRcB^2>I=QJ(Oz+u6-de(%gApp`uCd)?Ia97)(EEF{~sk*>CtHUiIY?|A( z7OAhK>4%}UYKPU-y;||pqBzpNFB%V(yd^X>hNE0+DK>LX0s>FYG+pacvX=Kp$n5;96aPK$HaA1OYy{^5*FfpmLagwbzckJu< z)R8njhEy$;aipT1AMG$Z-}@|SQ&wfshXe%#JE@y_ufv+wc!^U z&u^Nfu`IX9E|%v~76wH_AXpt!I-}AcXqNKbdFS%B1}Ck9YNx0|OE-?#H&@*PH9)ZL zfklu+z(^^PlVVx%2J!yyzxXvUUH)Gu96)iD+XP6f8#3KOZ?hCO% zv>wL;boa(6KxqQ(MQcwDs~S-VP5i;#Jrq=O@9|{Xfynpk6ZFYe@O*gbAv7qf%qU7U z)P<>d{qU2QHP@arIX?L7Xk-7~{=v#NE16M_){3mBokN$4J8Q{pB^pLQPPVcZFR@M0 z8(=;Txx4;STdKPNmZ-~MOPJna(YMVVxc6LUUY2X5w{%bgR7!$vb{h({Q6A_j#kPlD zDTZ(F=9Hx726+$9fv6a{e811vwF6{ixL){oQF}fku&9JPLGe3sZodS z@G1NK))sAQ``%>5`qxO0*uePOcau(E-HdQL!GW&r8QmsH4OH8*vYskjjrpOn%JGMv zLgNs1a+-Qpx+x_&87GpE-CC9u+6ZpW3U>`U&$>pfOdaSVfwM0-@MGR-FyxU2mjM8$ zUF64*4J8Hk3f>*FqV@ugQn9>3;6!ekt2y9qx{jGJu#-J87_^`8+%S5B+vjq7)9{9K zlDj+Ag&TUXBBIoouD?II%vhdSAIHE(S}5b+&k@4F#SP2@if*JrJo!r`a|b3^f=x&pJSQamSdh&dSHsK($TDCLhF4r=g}E6Gbyi!_;U^U= z&gQ?kU)pBZ)MbLfMQ+P2#n~3h@cLJU+Wa@p`m3X50+=}x_y?ZNc{BdWkK+&yxVk^#yX?Y1N5D*k7XSXdb&H_-cqSvw`UU4BTc8a)Ya>ZPi7g!c5>ciA*ofBwt z`#q@-KU0G86Wq?04f5XHt=2_oJu7WUirAhXs9$QVuM9cLTt-Wn0i#oaf{anPR=3$*3`d zLNfE#lA)j*I0^|Z|Kob@A7V+_ZxJRvPUI4b*qGak7Pp3qvbDI>C=7l!^59G#t%5a2 z6qID@=7(&Q;a=%^a0>;7(FJA05*Xt78_pi!jyD|z2n(sWTN{rV3)MqX{yK1U8nojj z%XZHy1p!lJAUi@e{^W8<>MiVm=N66SE(aoPbz5Qgdkl4#!%&u8VW#`29*Mnr{E^i-Ov-X!KTVK?v4~~Yyvn?-Byh!kC#hFuTVMayolUr&xnC3mA!M`9pI}Xe z*5+V0usfLx+>fX-CJ-4JQTl!;NlEA18`Hb_$?ICzpuI2cclz~h4zT(*S`AD2Q-8UW ztJW#*>l%Y40Eu`{hRt%s7#xb?e)%d8mL#dFy{zwHlYOJT56@rm5z6ivU#sn}pg-1I z#ERmkoME@csQPj?oB1$^BI~p~R9Z6>H&^i-tcsjK(ro+_q$4djPcekLl4dXevy|A- zzwppv%%aeiA%Iqod<~oaaNlmru@h^Cq~X4mo3e8aabHSH*)fADE36jT*Feye@wjJw zm(7;t$MPa3%*fi&}l-(ZE?Z-Qsv(4F*D<5qX&*v392;{+E>f#92p@7bb+ zt+)y3Ii_1B$%xAkn)bL?ywPzi6NFdN`y=8aAQz!YH_`v03IHTMai`?w>TU`dWWzR9 z*dD)lHpaF`%Kq8>F<3X7W#QFo`Sjt6>XfK4{vp{Wqy{%Rgl0bez}1L+Qy8=mI&|9z zl%B20SGP3p8Gd=|)W6fK%!jj+oX$Sc+?SwNHeFO#JM~$LJ0@kmR)!zx9egp6{?PJb zAmTLEThzDK?AmHNTvzBlE&w`@^-uJaUhg-l2X>ZE}u3iGOL&ATTP&Q zHT&=@gw~17AWfcceGpwIry098ee(@^{wbcG<8a`#Y0?LnfK#rJWm24zOmPnxGI&Py z>*SRA$7VbHoG}udvb-|Wk~MlQ`-_)&p1wr6g{b)YTriA7I?vI=BYF7oJ?;sW+h)hw{eGe%p!@TfVJbT`NSy~<<&o$ zc4KM>mh8#My%{pwXGDx`(#aRqNK4-uM{u#Psq?Qq1!}7RQlJFCQJOMKk>67aW#(xa z#bUVCJ0OhWzQPRY$2jwU1*q!0Ox=}YF3NmvdU7s6?x5qQs&E?xw-p65`Toi*O>qH` zymKfOg-{IzDx_lEGR5|+Xb?lh;QL<%1FQudTJoIG1c0f>m4hRb1`oxgrLVE6*DOU5 zHyEoN(sL_<>pt&$M=w%2GV+bppE?ogLM$_{4(a}qPw7R+WDBkUirHfsV={8@vb0-e zd>0_v-!o}3nTmekDDY*@AbcRR70AF{F`+UwH?_?EI!NM}9Y&%NjZgH)*ART8^gQuz)wFRa3^N2sVQW zqU0Cg)g|rxPn4=Vm&j)}uVKQ~GzWxK)cwdy_0xY<`;80hcCa5KEy;Pui|0D*Fch5h z0=s$~VysD&QK1twG@Z{oF2^?;8QVhhavE7}HGP2H-Rq6yCqPc8zZE<}9ZkT06amQQ z{fJGd?CRUm&l~P9#JKxz1C)$YOfy~^O^kD;!lgFw$H-E7T2xw;hOWz-!687bd3<1y z29*B;WFwv|JI-DV0y`goAjgIw6ocL>wPqTI zcEGUe?VMR}g$YN%L+TVcA+t>)S^rDx{ls+`t9i{F^A8&p`wE|X*cwCU;Qo8B-TgcH z7aVfFOg`~Q-njz`$YKrvVtr+~Fo;vKc06=T#K2%az%}tkFTj)aO*ECWby-bT+Ed{R zSL=o>NJ^9JX~&+`9;0%K*&P;V zocF_cNIOxcUfHWD8w)>p>Iqeab5d!nmE`SWljZLe&r*Lm#B*Nhiz!zD@Q0;bfOw7f z7ISidlCd68qG#YBQ>TFjxRJKfFYdS#U@61PMZXcEi3s1ssd^mW|1WT${|8}?n*Y*V zmCxfwfOy*moA(&qtV|AL9ABp>TRTG&`B#ZBW&)tcxwCSSf-w|k62X9u2Houg1ivWo z5f?73xgvSEpBfOkDfc57hX9~ZnJbxnBy3l0wTXgtG9m(~>;pIeo)c^+ zNFwJ7UicmkEhr9~ia>ftLbL4GFCGp!GBGy7+E$P;`%24CA~1|=cdf4zkEtNVe=9yl z%)5bn+h;}l0|N0>NXR=tmg&XX_Ch2kPOzlhUWz;N!84b$M%bN@5o3y5`#nue0G&L- z$xC4tpmO7XKx=7R$_>{EMjpU?yJOC8kB{pihbxKrE_R6sER33J%GZF>FQ-z|fXXwg8y@?x3nHpCMdt=A)&JjiE)5`H6(AWbw~{zJz|t`aKjZR#ZH!M?u(GTWvRvqSiAQ z3yHXAQ>kMKy6Pebsdu&aQdBPdCV>Q^TEO*TdJHoJ82a39QucrteMP4a|Map&s#C<-hfe%|d~ml2@Y zkIO#4q<6D7Ag-47VJxy@H=*rdjwdDUF$lz&&m-YSITWB|ef2vK@8bW6$@p+&KEni0 zd&zmjc_#+1w|bWnm-`31Hl?+qED=~R z_N=w1JjJf#Gu8u6WT45cz9X0*FVpO6wJ6u9pnV+|0E0W917WLzBajNB`w9631o*+e^88KY>GSZ#7P z8`a-Wg1}La=e0VOlM)p;L|}I$oIa&xAMhA18-AM8&K;xbW`CnaVFSPj!Rs~rq10C@ zPX6FlHyN2~5#@-|(`3o^kxa=tts?}6^8o|-hUqC)%lt;yc_ zWn&jOrHYI8UKKmO&SZapCA0pIe%Jq2bmVaaszhu|9c%xcG70^!3Xh-Hg77_u9KZEv zgj!?3gr5Dc*hnaX+{vcL(IIdjKQERNc3!H=VG1Z+algHo2elcYqH^AaCM$v}C83FT zap!_-{Kod~M>4^fzU>mgHLdcMlLUyQPCw{u1bJah2W71M^y4Bcq?+-cWvZ1|z{j~qHdPPHV~A)w-PcAQ`MZ{sg(CtQf7b@o z?P~*~N`#(x-2WGf9eDmf3;Ib#oC*3-AO5qn*?$uBJLvz1pkMi!pr2@HNAWjn^Tz^U zPIWmz6{_X&Z}mQAfWd#J-sdRvpVj-GtpMtM@~mg-eSc0yobR_pk7Gcj%+_O^ao@&O zvmG&R25gjnBi462^{|R@mWxSxVxyxDZe^r@t`N2rydjFB{A)Zl`ZacU`%%lyl;7%n zQYXXL>%(B?5}J4eOv7&^JJ0q{kgo`_;)ThD#>e)vJZG@$*cb^^57}*$q@^D~Fdz)r z+u0k(-QE(!luVgvA@37^qpcOs(biFZjrAmZ8$3(~-_`AnB+1x+GpmY+{(({~@8*#@ z=BzFJ6;^XI_#AZo>G@~)1>aWM>6MRaFOH+09)6IR5Lo>U413evN}go10oW(#gpp+8fgDY*>v0fL_J{dtHm_HJhE7G*|-_PZ}D0f*QQ z;dXIsd8~e{?wMQOd*gh~86*QZD#ABi5Wn}^lKndz_5U+KiBKzQLQD$zcd4kR|FDXF zmjJwyhqvguV5N_3GC?O&<{rT(!_Wj_Yz~H30UWh)1+i|b3=0wU(b*3CLDYPF!{SMU zYGT5@w4HpK^~(foi30+WwJP6TBSw!TPi#PAn; zy|%I#8l8Mu_>>ekqguB|BSlK(=lg2)Y`<>J0!%#XEAgKgq%s+sEqRVE;OB`Jw~5we zY$$RC#s8qZC|VIM$b6syHD|x&#vdYKD7C?Qlf*>u~pS=FRELd*b!g#2upxZ?1#_m*& z+0A*&Sf7Kqs#yuF^j&^m($?*#RWK7j4JIR-;U)}3BK?hppm(c;=}K&P!q?(G7oc3+ z)y|ueI#eFKZiB6qUfzlkA!bAZhkf7Iac9fn-O={tX76|}SsI(YpfTK+rBYeEfTb_*yRT6pIL(Xocl7-^Y|b^mFi`1Wm40VB4*$8ksfE zHBH}<>|TbR8Ewh0b{7qBtIG#H>cYcRUTTSyeYK~Gi!#Rs>sH;OX@EmBq5U(*`xF`c z)y*I6c60i>)!E1NOyBUnI7u+y+CJyzdmz5{GjvvIx9!i9W4=AUfgb7{;6O1=?>r%x zMgX1mU)RR~P-_B<2yolL3f>-S#7nV|9EkaD5PopM z{0_?Seb7Y0Wn8z~0a+kEY<|xOj^w(X3ISj5j+i@p#uIqybScuiNboz=&pEiq)Gfxr zO$ZP7(hBp{h!%CD@v}|3>ow0)d{OQ3zFQR&BORpN@+p5rHY2A@D2H=M2OyY-oY{k+ zrGpq|?Fva~TYIcgA+OPl&maT4C zccs@>n?Flo>WY_iOs`q~|7q_#!z29SDel1We;MhLc45Twbr{sp(QIQ4QcKBWJAB#3kvHqqvtzz5D-kt%COuaMJ0}OuG zdnIAO8M@8o@g}#JN;*C&ZClqnT~_u{41oZkL+Y<*fYBIt=S@q~rI-V|j2E~5F`at* z(q|SbkM+OylcN67$Ncs`yXpV7>;CJ+0?;~kmRdqOSzun;Wjs2D;%}2olT(4rCnNrT zYoOyAN%vMANn-=Rx|B<;0!8ilKXex&TgjSEh+5|P8n8qnsx~H&u-aAygm}xbPRz18 zgK9Laee!Cbfx|XsLL)5yhiw41lb=M(nDR;>fFTKDdaKY;ZFZ9&`Lo}AP!{8ethum; z^iTfi>-7Y*Kd*f?H$%t5SGfEFI~uOMHE2Y*`KNK#*8*Y}EZNv=I5jS=rA+k-l%6X) z{g_Sehf`M!5;;pJtNrzprIzD|X3)APQg}fkWNqNGdw^yXPJn+^@+I%%{l{|8(*kG$ zyy;V^GGSwFCt2IPGo6GM@`?X!)Vw5sfHlD=^B}=|69R@}tIFgw-lX*YslD)wV3i`%?X461nJ?eh~z`!_m4AmPQXCyf<=nfsg@GFyz7fQvKFiD4X5 zoNXPeiSkc9t=Wqhfooc;ec$Qwrv)9;_{#hhVzTtsZ}4XXty!6MMBVJuk+KUT;>DTp z*-w#GPv&IMM=h%!*>RE7mjRRbK{C`!%Oc}hQfHecR_UH1O0|Yj+I|);TbHSFMv#yD**>6V|iQ9WXDYhi-l4u)mcOVLZ}yOG;84!*^$%Q0?zAD(5jdM04z zO1ovLM2&;P5T_OLk*8$lGT-A;tabsrYLvg!P87W1oYxvejsxAuUt{$9V?q7Sf|P=m z%vbQiIiZ&oN3qG3tU`s;hLcPMOXTU2S*vi z*6hR(R2IWsG)z~Cnly00djK*K?II7rhd14aeS-#jbG25q3|_&O<7ztTDm-3rjIZ=? zA1xn#U+#C3;v&l8#RWKgzK!UB(otk_jZ^bfY^Ks8S1Vg`XieoGR7w?%HEB|;ja0OS z8#mEVr*!xAa?E7p*I&TTtx!rFyI|*)a;vt3D(8_ghvU~H0D2S~4J!qpoV!jeu3~gb zp3J!-7?#Eas4+2(#UaBnjj-Yi;y*W<3b1*&C7{SEH8`T(x2;09&x!6n=NXC1CV~x& zHdb!T$xZKW`XIasUH$dl90%{~=bTz|rr9e%k^n3T`&CakzPmg%nU-$;6T05g znMnw$1dugH3O&62^X+hPxWTvJV6DME;1DlZj;qUOX#W2GEa}ESM9?ey=hI9%i9itcvQt z0Kl|CX1cWX)@jFgy$($re-Uq%|F7E@|L3Mz0NWj4kMZ9TpWVYy1EDWbx+0$-JkKz| zU^CkXY0)HkP5{Td4v>k|ItDV4gv8&@bm6891y1kJUs$-=K%jm|xkpTp-+cwE#(-*w zW&Dn7e_BhT#eF0DY}6IN$>TpfuRkgSH5($7OpR>C$`a!;z`_#ixHQuH7j~Nf_#GJQ zZSpB5=WH5j=@i}|yfrQJ+g04%VtE?`f2C^EXJRr?*zTk3J^r`|qOfEQJTL13V$;P) zTllk@kr3sfqia@uG4{S1Z2PvGH1Y=fIfjUhr5_)?2Jb#A1|8S@SfXZ;h+o z+T$zVyL<)V8|+RI7c~a9iPfEe6ISg@gH!CUFtOO$My}A{q zfY|4{2JdzX{ndw0c60sEV(*IG@$L1NgJi7tH@*Ov$$PM!8LGL1O$G%$VtPNDDPVSD z@TVyd?jy-b8C5cU&keIc&Wh?SsfqvKSs#b{HE!X*B|s?Nu6(*|$uz?2B}7W|OAI9W+mJ?>jN<=By!SWL(%(!=e={xp z&9wA4)6!Y6^EcDd-%Lw@f&QCm>2Ic`e}Sk*@c0Kj+PCp^w}Ah^|2DF|$r0rfom1)C zHu8$4$YjW~iCrvN;w`eXg1=(K%j2nj8ae*0;uf*{o~!|N3!R>aSRdTAl(WKrjZ-B# zqk#(m|J%rDU+Nzln7OrN&y!nc$2#kDXXI}~{=DgDWUURtM2bRkwc|HF*W|LD_&%;V zZM39?11(U8%uB_uDxbu!J5cCR7DIM260a4lbbZ$Y-Lk?@+wLor!&|FMOcJqLRLScv z()EUs0gs|0Tx0#4C2J%@gHicDL_~0)!)uqRkpKZ{O}q&bb`+**SJ~@unZLj_zRR)3 z&T4ZA3frfKkSnY5$wD!n{iRP*6@egQOC)+EVbi-*8!Y_+aw5?&{mDG3^d7?vBVN&O z6MB?H$M??&Jv!{CO@hdUihOJpVsh0>#yWfWwH=jn?(0pjA*LXD#dCU8#e20|LJvmk zi9~PN0qwP755BxWGNt;BUS+AL6F&NeS*M z^{hHNBcdd|!adu0yFRm#;@16kXvbeM%0IooyA9AK+eZ>?sylU98jtup%?Bk0<$S}8 zS2>v1KeH3^o?1*oF;SHO)a zyvp#+b=L==(~!QI4cjiv&OMr_G=gRepV*!W0J_fKucFvL2=UI%@3E?Rj0q2UTW<5z z^gNiawqPoTROyq}0~{h(Pi`es;^vEqvCLt&nM*7{ELk~2cdSx9sKv{F4Pr{0J#_sn zq1LrXq(+!H2_FddM%gLhF2qyX*bFGFrhGnp@~rktQs$;iA*cFyg_S0+@x$^pG|-bw z%ML(I8!w~E8)3fm9jN0=q%3V9n;s3W9zPDfh~vs-1-RV!WmfQlb-`?_sLtN|j-Tw= zbv;4N0CR-Sou-5570^7f2i!tOrs7B5@{Ef6{hc};!OJ%kbcQm@`#bF=0lXngOH4S- z{KN-BpZn@MxPI*T>@mqc1E5ldq)uxsuhN}(X*PwQ%-PkyGxw_^c;vcuV-!2sxh)>e z^|L(?T>Oqz5QW>)b8)LX+)0h#uo*3oYmz+tIp^U^A8Z$PzjE=6p>wSN>&fpj*V!60 zgeM|9dMDXJeUZ04*ZP@uf`-@bA6a=z3h#Y{yY}ihh`bM$Rcw8%91|(ntoT#z%Sw0Y z6O`i4HLmysLjyi>FCqRUs&ZJBP8X40fov)ZI8##eW-E6jerjkp0hqCZ@Y1nq`nW|> zT9@r-Ts_&w+WyY3jHb+I9&lp7Y+7B%uk(PP8~;0O%Jt#@K%cHWa$EmZbVQ_QvCksy0$0a7L@Cbll>MndH={mPL%Ks9D|R16CjIK9N{*P?Vk z2=C?B1XM3%hWNDd?Gs0B>O>YO`jOGM?&3x+^ye$hr9Y$zj}FXg;}qMZ=XU3Y%TOdr z#HYpeX*zLgH57nXO#R-(&ci>AQw^})+GzK*N>VfVR6oR5>jc*fhx;9lu3VarD9~ZC zFjjG-PkW{I5LGS^+8KAvQzzo6WsYkh)aCJ<$5B(RnH~l)0ML>ns@lTfu zq-SnsBiX;UHhNaII=l&n_T0cG*z}Y}w;wG9aHhyBCtf1fpHKZ(^Opb!e|0q9x&k4# z=H(N1L!-DQciLsFpC=Evr6JpDkTpjJ&Wbp0uB>{B4vjw;4i@$3e$u#!mBrp_HxolPbV}Zj$YW)jlLr;jPsA&uWo7R zeYMvlS2a)>$JAK!2VY#a`Y&2t(O`8~lQcFH(VtmN93vwIZr954kJO#GBE9F@X;0XeWiODGzARSDlZX?WfV&H>frDbQ&x)6u+d%^=LIQY{@ zokkR%6UH8;?MpYR!q*SnT@qk4eQIaUQj z`Sda6_A(L8x_;FV8&+vax{o*c?M`LO%*3X?p0xUOeo}IX{Oq|I2-)$3sBCOZf%zwh z?SOC)+FgY5hK0<7)lc7PWU0z!9%x1Z=upH7@Me|cpE_>2X!R5JW&(OSZF(Viuk$00 zk27x?;PoZdxB^W|z>!WY+>C@)PL?+Ys1V=!*28AM)^rn6QkISESH$=@-R1TM4jx>YOf_4qz*@yO@9i85a+na2*=U=m&_C$Q;} z&uyrKQc=p#Lm?gFFBrrk!>PC=vB{l?JN7 z`dT`-5`L}~J*WblI{oTTaQoLC4{>%{Z9!_XpMz3~jq3EHe|pmZ>^MYM z7Es*bnx%K+^>37SaLwoVx|v?akf z?-`~WImbs@0$sCdNJ3-^aN;K;L;chz+NxBS7NDRu4Cx7(ChV9~j}C870}M9n8RB9$ zgx2PAl0}lCV)r@~cCO{x%jOu)bJJYu>{s7V5$9hxUQn`zn0{rx_~i6-Z{2h#aaQ15 z(fx*N9QqeO+){scjm9|9ewFe5)$?2q`ec9P2tH$^?57ZLnL^Q_Q7%oLdLNdn&rhle zNefG-98bEn&P)0dWIkBAdV2cr!8%ZhCb~_ifV^HOsn{{UTfoqTPV9&s(Z#giKTxZw zuF^2z@_rAkl9<+?_9>a)Y7$d=W<1`s za1sNRhI4B-(G2Xa;#J&PKQ@bLoOyN)8I!&UFqvcAM?s2|`5i~h+mJ6$ekR4-rlscz z>%67UVktPFAmpQ(|Ll$IULofFsLGsJ-{;P3trV$^mxl!KU@9Ciw41*>AEe=}&%taa zeVNnTOx1gMCN?Kj%$i)O)ULnF1>E@-!MW|dl|YtLEN*&k)IZ7aWwChtF1fBzo`7g* z6P?lH^2jp1+r~Xxf@M_Onwrz6cbVD(UNN%;CdgIzrDA5rHbYPKr~OWEu8 zEKI0%)4w>_a@BmNMcYu7k2X#$i~F%1=L^{tsgx`U#v5iu+Yxbc8pdxm>Ve5M^6kT{ zMr1E*?9m}+xP9aX?fseZ(z^@V?2Ci(7oiFcZ{DP`2i?8E_jn!&IpNjn^7!!n&X7Mm zi<`I8T<~W>6^%+OYP`PXQLvYnWr|9H3$7j3?avwgE_vJNL?7>lbIy`(YCZs61`fAx z@6+N=@snnA6_Dp50>B$?^7{IavH1?=*@>?V$Dp@44MG*AxHkWW%j!)I)&o)3v`VPI-i0OIuIXu}NyT;FhEof)eb$v`ZKd~QTKnOF@I zIBlmH2SH99@jM51&FKXwm7S7@nl$);_{Y4^^n zi1O|&crSG6X~lPK8iD8vl(1pTNhWF zTwE_)!EQ6&?ZZ4d^78p!@LoLQyPN91t(ycWXYLW(_P%h8rzkr3>QKwna|GHKbAY1R zlL>s$5%)NoTzDvh&8TgvIN_w+XOOpD$D~FA5Tk#O39FbIeZG%NCDqj}Fi*&7g~?p| zxbBDHi(K7>1<_ua!4wZQ1Zcd)%q)l!TBs;pf$RHF>@PvxlNc3(F1rYFWOpmHnht~IL_^Ecyc-$Mx z=d!mK4bD&{jNRBgG>CQFt0lg4k?rI@x{^{5#3wHl@Yt@DI$b3^^F>G1T&MfJB~jN< zpR(K~PlNF9T_TKHp-vW1JE_VKd@ zhq2jQhX_iXyu_~0ZQmL*e?+8B!Q708Et0VPU=WTM>4X7cQ{cj|H=gx-9ENl|RCkeoOysHZVqL$E^(BUlQ&xMd*w@f@hZ*y$w{WlC zk|kb+p>x)@f&+a*MQR}5SPen18R~CSJSAU#Bx#b__w0sJ zVW?=Mzy<9$y)=7oFUQ(d$bY|mJYmX&9^T6F&2AvXrPR}eLi`WogFWfDz7fTAVQ`j3 zle0fE-8k>ObK8npn|%Itp!W?Um{a`sBf&}#){UXdEK##p6*i#8)G9h3UZs(3`u>!T zVY<&C&J6j=^zVa-1;P`V zwIO&4*nKKWN0opdPv+~%LY!p0#9 zTkZfhYl`M9_*#AQ8XxfUhPoP0M8J30fr}BMzKV!xH_Sjf=k~P52&C^dRNi06?%V4A zypCK-K|Kt5o)&|jc9D_wF#ML1-lOov&0DIuxdd{M&Sbe3sZlKxS4`Zl&=CPNJS=7V z1z+Z39K^q75MNdjEDG_rjx2W{Tx16x;#HL2NMPq&f(n6IlJ9J0J29qBa)6e_SLRxJ z6;wCb)67=7%8D4VdNe{s#ADP3OtA@~Yil32Y`K&M7|Q-;9P}8|NcbWTtn-HCl4-G{ z$XFEHo|>uohVnXIU~){@Y_cnDoDWS7y+EYkaBi=lZJ+{LAeV1=c7*T2ZYG7!aD_&E zvq5NL$q_%;6ZjwRK&0C=czxL9pW-K>$|#V{^^A=6w6(EenmJt3IYS=B>P-s~1s zreb+yPBm>+b-_FFKxI2zuX zfHb*cKB@To#8QehD%}}pSn7qEx!&2_2%95vwLHFxJz5qB$Z@lAtx8ExD|X^V@0SgI zGJtg{nRJx+`DVHjU(`f;*g74z$xMlB!;#~r3~CJKh32{}+T+^OfqN`o!5)P`>NL`T zk_^<~`(V7KIzlty7v|8_a#ul;MdFZd2*L< z@~L~TMNQ5Nmm-`qI57HLIuxQw-dPt_oH#&T>T?!7n=W$QtVV9K7}W*&IgRUz9evN~ zc}OJ*mDT(01aVqwoZt@iGtm~F6wM{u$i}5V`yNP0l?bJmth;@GlqMTm5iApOGDMx4 zMU&C%!WP=cYcf}y+E?(}PocO#Cj?2M3xV3o`isd2G(cge)J;6W`&bS59?z=i$UNm74p>$Cu-j$1= zAaWFM#dX+pDxaW(@EK8p?wXHFAK!M4pC`X=pE*mATG+4h%dNT(ZAQ zR-?_`E-3&X+k5K-x4?T;q&Q&cT~TW^hsOOWLXXmF9rr>_uHi}%b`VMQ!aX*oD*xNv zVWl!;{1tRZj1k={KxytlFZt9Tq-9Ffu7TeB)VO^@DxO7Nc@Ax$;Gjv7UlqJHE1w*r zeE2OT`QA8XuVUAt`3w3L!^O-=cdfV8v+v7ZU&_Mvn8JHaom^Cx7MfI~JqD6BG?TVN ziFJBj`|Gtrr^mC6FzxL9#cyh*hbc67It=|JSt3HNs=lE%Kex8^tz)4@rT!?>$Hz$8Gu$^`->SmcgZrqlfiDn5QE zL&%oo;ExgYQn10j>r#h1JWHWQtTbEMJDu5t8-UQSCcF`}wXkhu2F<2=(dpJ^-}aVf z2V;8+S4Na|B$!R^SScGj{dMJ9FVD_yA9%iM2RrOLpuG+orwbXXpaVw6RwAVP#0JbF zmwPw*`@yQFPTTZmABfhfj;F;1#Y^AvB*@gC$v2mW6LfkDq*^F|@JV`kS%|Q!w@tM| zjFK#BPsEO5#a1kRmDQsG0aPmIBbn8vlLXSWtSB1NgHJur%?W(U(tG#8&c0T0UMDN1 zj%%^Dy$64P<{lOumVvfn{M;AWZk5QQxT{zFf*xfd!P3hhI6rnWdFv#xy=U8ykY!z4 z!vy9as*8wSAo!gISXP+tPQ)H+H5*;WS{%@>U22gG`(X9r00)wC)KC{L?=Cabf>s9a znuN6<>rUDR?Wt{QT;1@9Do`1pJz%_`wqJ=hpJz;J1kt2l3ct{iUT*k~7NlJ+s%MwU zGS9D>9XXDX#^MBlsU;s3Kxd2SY*f<-Iv|F#wVX=6xk>-*DcO*!Sxy~bFVXm;%GFjK z;mqA4z`~tykaS7dKC~vHzFAlZe_ZFj>yt#77`r=}avekThysU-Aqaj{ z{VtTl;C<$pWleB}b$Ebd7=IxPjm1qgPnXr@gF@+O+^EXY*=x_%uQRO` z0=@RLo$@C7Kx0i60Pn&h=TFZl^zO)JMRNpI_6V58hoe+|M-Zu6#_s|=Qoo0~h}75( z23eRt7ENw177$7E0V=zT69}0NHyLS#?VTf=7DeFM3|7xqsu@LD+_c(PKBtzvEVPc~ z-Z9PaPePek7fXZ~+IyC@xcErKn(l(rM*G_d)0@cw$A=sBhq%+@<*tBJd_sL&X55J^ z&M6KE*i73LHxl_*%J6O?X|7*$5<@>u8#-*J3K9>Pv1CNN+YSu_`>V zZKp1r$oXr_uDMUymmfapE|{ks9?v5g)?#OW2MyP53{bwh-Onhe#!Nq&k=0)AYWpR4 zMIxd3iO~%#5_+I%+YAn1H7D%qY!jwY^}!KKet@HwS{QZW8ve3-!2%d4+Ttx)+!o~~ zZrWaEUSn;)fIItONX~@+?)taX zv8mj**91{#T0Mt;XB^~Wo%bKgM<+xZ=Zdn}80hieu6aQpYLU|sgunH;$lFqJELX6; zGo9sRp1&n>y8dJxhn&VCCe+d**iScd4Wrot_NRMK9*j5n`vN*5qXIY(yO1!aYl=(} zOLKLm!DSdq#9~yaTDSbTe~AP+uU;5UYvbymxm*VBNSJV}GhKhlix$_r8=r80xzU)P z2{1ea(kzVvTN{1q2jxPa5>Up%`ORi#r?`Y?X`k2j)c*pr^l5K3!eIam{&QbqyW**A zS+c^j)`DGi)Sc1!uBWYvx4A0ce>iT}aboF!YXhdYHv4et=e12N(p1W7Cr-lvouic2 zv-px;yD#OW)4X56xB@5o_2wE+w48kE<&B6KIXdv?lp>*~@(B7%l zqpTE$@Z0qNXmIUMIZ=T0_lvmYuq9ikIt;lBa_<`j<0ED*CXzKU^*~evoBtZOH_f;V z0JF`m5vAZ`O||2rxY`vl267TXc#%!iV3%GlU@zb;{Ao;05t`$C-d5$t<>EsH_P9%C8Ns=P8yDi~ zKO!ZvmoH^5g~3EOKiUpdY?=#u883V8$e}0t0Q87Ja*P1FzJP9R zdE<{M)9p{I;~YTbQj@mNjGa|j4`nEWs9wZ5MHBaRPc=18exxdO&k*i4xk_Nz036!k zs(lvhYsI7PUF_XuP_pmAN_smmu7R>X3#5Q-0(2Ia{d+10?6<4rM9k3)2gU(Ln(RL% zd;Ya^Ps#)RH(voMqW^>YVox9^$wVk_M;&5KY}rx|b&kIRT%LDzO8pI{>#hd(ZaZ zMXWFBwr;`@xz>?d9uTudGO^>v!ATBHF8QO#~6K_&<2Y$a5Q0$zH| z+!n~4fk%p3{yXVdGfd7!GC}}(>PM%ZDHngZs_U!M&{QWf9NYg%xxVmJ z$I_pMhV?r2?>Ajzp$!@u>4&;^)lGtJ30QLKb@OoC=E1oz(HjpTdZy1hg_lJY3iw`L zPxSE21#w|->sHN$V62qW8l^~bB{@x?gN23Jd2yS~YNGqav zy|))jT?l08+6b7P# z*OodW_EH5CA)D{PtfYt^AJc$K5_X%R2Pted2Wx65@Xin*jaHfmJYzteh~}|g)(s$P zfB4OuwCcfJ0q%G!AH1#EGAVJaA8c%%OP>Fy}fl^5*#!&NT5TH$aOd=+)jio<#29P7)}O2Orj;7l*7`K-maC zG8fZK_}t0q)5-2Y*D9Osp5grs*Y)&geaxQJ$G@a@!qN+Q=qpQ@^!noZ4Oi>UJ<1 z8h(0$-aFYt&49NL=m4R8{!AxJbA~6&6HKRv8=52?*nR~V_j4+jJW5w#!_Ah`J?XU@ zw$UBqzT68gyN@;|PW$%|YKA;SERhbpn3`&&Tx;eb2U<9**e-ERwO)F1HY=_^OPl=F zrB9xNqG{ajTYcTV1Zx*(Du&q?{mi|qUX9jgtDE9OPrZEXCU@`kb@i-=l24dyB@PZI zPEYn`Pfw!3K6iW$a;mIbj@htiQ`a@*?u#WJ#L@&44`44S0(PpY@^fyrSuq=Sx))nv zlOqwKUsd&Z_1%Coxw=Pn(d38#x&3{HWz2N_zp=EP4D9cgKlNK@^a-WF>Uz4m&W%`4U^|&z zPq=d!b&eN;-byR+fQ(C%RC@2!YH6g=e*WE%{>WtLak+WF+}*1(vo}pK!7!3mgMRhmsr-WH12skXFFX!UOM+c zxkPT9c%Gu!mv#YQq9kf{w?}1QI^xKuF?twqyqXtrl+1R5V`7Sckh&>ahIV|Cu|igH zmvr~Lo=)*zBgaasZRgD(Noq@Y2+8TFd!)i9lF8KQN*|`WQ>3yq`DcZ%aYgvb{!3pN z5ZM7}5cg^qIS`JQx~2PB&-Na7fsaY=5&JUCsHPZFEcakcY0Rquy%0KE>UJ@N(9RpG zOG*nc6nz5U5L^RL?fb^2q!gnO$10fgaQ zyqVPQ22^NmXI?rFR#SX1yEZSB-q`m!&E?BIjQbzewWe>%C(sSP)1tLqL3RCZ?s8S1 z@_Z$`7p&8;irn3fo7$SvmU$kECnqv-frh#Z&HDz2dQ|S0{nC+T1?s<8&O2ZH&LE?a zK^iq<3$kuh2XH_Vj-2*O00H~3Ak@Y@vopk1M*eP5|)$4;gv6?WJbeJytgt!$G(0mH7U&jU- zbas{S?vuGYAUpLPEvGpY{%9sGZd;?q))HHNF*_o$1#$I~?L`gRRSvX8ve_F&@aO5X#csm9y_?<>-~;?A3atO^ay=`WrBE zr~rN$G0Y7t`J>X-xNrNgZhM+s(9`TXMT zdA?&pd7u?<0u>Zi>qOpd_;R?aKNEimG1_ z-PeQzl-SPNg7AfW{Dhs%nn zfMr?UnV?l43DkBVbiug_*m78*Ny3F3^PbLhYlSp<&Ns=iq+Kzdn+HX<=L$tNl4Tll zkRIm2w(r-1w({cxx!o?d-24F7xE^FxJ$3xIKKVh-`8SK7wH*1w>O)ZRoAM&bOtRff z4Fuw*V(4ZGYb@x&r~J>I6uoH_-cAqxV!^@bD7N+546H3B@fh+6U-;4i0TCB z9PhNr{ODliPTBd%!+c{(vL0*B;OSy{v{in#^t>Fih3kz~T@SYm!f$mfdUY;V)260? zxo$Z_Q5FO9?kk) zki$7aJMiOEI%(U<5VMODhIV_I3*v@2@JJR38~U{c*Z7zcgaG?*vZ(Q!8ezU@gAh1o z$gZVdcQW8~nv!?eiN78CF|WI#D{C$uaa~_aRb(VM!_D(H|ZRgO!Z8m0r# z9A=S(D%Ftv=Y~2~Aj8jd+TTYg1P--{*!zkE5l)-+%%CdZg-pBj_Gkd<4YN2P9N)%l zw&XNCpSGkvX&v{PYB3sQ{KzC5VPa!u5;3pu#JI?pxnl= z1-$q=AIr8m^K#d*(5Nl|F*@Y#E}%@@JnT0>HCd zHzogn3}iqfsHoG>$XR+rHGfU@;ftR?_rHYynVz+p^s64Y@p;-NIv}3lV2|JIAW8Hm z-h(qf&WT@SOW*56A+H}qyCNU9YWzlX6DFaE{-lpC7+PkrV<)F}K-5tN2d&G_tLetJ zpsr=pd};hLOUBds=Wg-$wqyOa5w(w}0`Cd3b(M6@S3mR0yQn~V!W9;)Ueo<^I5%Ke zk0C3#dlUF%DoZd8U5oF+iynE;M{wAd@*N`CM|mPgBgTkB zJ*jV=uvH=CCuKRCx2lb@eHPe@-?#l>7r-y1wPe&*hfZ>>B|*9#54%AxTu3Lrf5-{D z8`v~`7jIQ!*_%YEWk|grbAffj!@IiG$%#&y4Kr`qLNlXMB7XGw2osWTF%&7!on8qD zWBORGzL#f&|6qaYC}tO;q0yp%{NT9jX?%p+sEwwS6+j_01XlA$V*^YW=+T>cSFBo9 zFMu#uYL|H-(0ww0pQWT?NbM*_`v|#FuskCBN+|9Jugvb$x%;nfvDD8cYbdaAqJ2AcOeB(ZMRkIO3e>3YosG~2tJHa8n6 zpNgYHzsa?%n$Samj4?RqmEBVV#Wud*XqKr!Uo2W3;<91)(0&+i&xxQE6ozxgC2IX3 z;kZOY!%1xEq`ZFRkChJg$%=oP-iWOHngesT^5QFl%V2Q;1-KXG8OOu4JglV(_7p2Zh9I^G~XK=L?6FPyTzA|y?-HGF6Nw3=Z_9cZMnPRGHk_rVn<{1?E_NJC` zb4C>(szzrNyQyT!N3EgP#B#=ijIJU(d48;ZuhYOpnR-L5eJ>&;Zf#Ap$-&rpBG%=9#{R_I?WaD+gZ?B_YoVbCSzJ}(>A7WgBmmjOd|#0DWa!FfGBGit?X?IYQi+b(;snfp8~SK*pfee7~$ z<*C`gD8=;e-YzUE&joPvCKcO7l|G8eDYN0PtyN|93p}o=U1ZKw%Zg9bMg0KXKVM;p zcGDQibSve$7!U73yBWgR1;><-W1w+zZ=KTX!D=bee1qS3o|c zO3~6y4xG%sWxX%0-KVh|%i{ErsB&Wy{G0Bl9hBpE)9t9Qw4a8Ko9v9y7|@@-xA0l| zz5hnd-&_QbQFFgEd2iSt&L5%Oby~$T5*XINnWxn;aK)oyST!B4i%crmYE_fpy=-8O zXor+sMe{_D)UCG}hl+oKYdR`)mMZn_;f=0YgtKW8WXc-=@hzOMVCfoMPIkk#OEtnU z_G_B=dsxA5M;4MGMLxN2u{w2m(Qz|du`0R2+g{Sm2XK*or6WnW;$!%9Cq-Q7G4HU)T2_OdDcvq#77V z>v~yX_%deuPL_+GWSBTw!gA=TS(`*m%GULk*iUqLy92I6&+CL|&3hLF0+O4(Xwm!$ z#_s#S6R$>0i(RDmvEoXcnv1}u9v@xEYKe8?uBo>n@R2?2_;PO%O(stYoeOt|?F-je zzN#0;tUgkUZIL>pyZvMX#bh*~!RWWNa-{TnyRKk7e~P(&rV&q?$;|0k#O}w&W zq7h8c+D?z`V%s~E7hd%MRH_{{+woRDiz!py z^1-AEMkhgnT(kU+w6*g$TaxnLkjh%^h!iMV*`%y8f_1jNUX_6WohVkzwJ=tcRfscj zlWIxBMrnJ<=$y9N$$Kn=-3A1htMZz7Rs^5{1twPZ57#uLG6?Q5Ig@a<=pVLBjK&Hu z{z;C?+SD8t#+LFqH#ngvGOohJ9Ni~?52i(y9+aR@bL0LDc!d94qc>gmP=0>8J!1au z6$u#8(==s))ANHBbD(3LBZ~r+?{Cyh+qe>sW1-_C^TI|S4GyOp-hm1&Wq=ugkJ)nL zs_9x4_YgCZ@hN+U7&;BLOgPDPY5uBW+`Q}n>-x7`(33FJ4%~==wga*i-}aWB&WsA| zTIXRU7{pDoDEOe(zdwIF;c2(!#RUGbRH)$l4@cDzr|Sk1w~h3-QTalI(Ui_2fV6&zH3--jmGo)>Wh(>qWN$kK?p!X9s8rc~f|<$7@o?23 z$2_kTv2dv!3Ck=ezgY+!_Ynmm(>9MB+3*G)ODr9K(V@<`piCH8ezKZ191z|w))eYs8xOWRHk?-BTPvD|V?F7zDkLscxa zprzEbRAf_QE2?~{!ABH-0_9geOfPS+hzi`UB0L=oykW~Y<;`)ea0OA}@bnD0PW3i= zUkf;4x56G!nVx&2$kTlbC$5I+f{;M<{bS<&AA8PHBp@ZHOb!Td$u9VGuhr==vP#Bd z5-t*C95uml%YH`bf?wO0@ib`E4wSHaSKo$=*E1A_;6)?zWokHBP;Un1`-naQqcDiI zy=lp~t!{WuB24a;FTysK>V0)Qcm&}sjMvu?<^y(vbch(bC49%tAykkX80=GgJ_O&4 z#Qv^u4s=Ak?WRPO^5PrLsXnJR>au&x?rE;u7d}t%IIzns;=!vY9ja46?uom760`@t z3*41md}RAid}{kz0cw^?gKb0G&VuB3nii_{uAgITtLfh~SNjWGfssE~jDXnQ>q@1U z7xWd?aqCRT;JQH}oA-x=qYx5uW0NFRo!g_%W@|~o?GS++E<}D+% zf1>qebZBT07T!?VAfpuMT;7kA4=jLU>r`lzSrT~;=e`(W7KL!R@`W8ERS;mO{KYhCXy-4$z7 zdCZlCTTq-6;UT2=(+icn6ox+W{9*kz`l?UIu6BE%E80iizkD>6wRUtqXd@E#TJu`s z&FNcH$`caG>yf5Z9KW(EXF`$?mxvh;kK}8E3G3v#7rDG_-DG8%qhR-jX-(jFmO=V1 zu5Pi5DLk#xX0ScWk};pges!^&mWw_0Qi^b6du5|#jeABAbEZqi0W9W`uu|LTe)UWA zf38WQPu4X@0U12`(QAgf*7XPx7V|c^^((GrpRSQhH9ciZ@DppbNB<5k*oHau!nJU3 z(aSfEx~~9_#9jE~qb7|GhH-@~;!c;vi=Df`GBh3UT;EIT?juUb*I5w1=U;rlJJzj) z#MI&g=q!cI~{Vl0l-zh~IPpBgSq{-9RmNRwf{<;BHH;zHbt~E@7>|7k7OU zN)M{H5+aQRlB_Kete|hKdso3jdF$gt81Asxs~fx7MB#C_5V1a$9%HU77c~3Ix(c1^ zP#vabxR3Un+8(7K;q{!Yz|-B9`pe(~gCkpc0o`TJiy$M5RW&^#P!R&yS-qyY^$OpT zYZ@76!_5uc^Ilu#tF+{C-Q|ng6PQB0|Mb4?DVt{Gnt52y*fA+TVnQ^-nDF+&0V6XN zC=8=Atz{{%YdI{|#XX7AC+qg}&uO&wp3X066p7~d)h&A~Ap&;5;ORXxt?FLSMd z`{BQx#c7K z)%z*0z?}=$6Ij?a5a3vuCo18qIcE>uiX4%lGLE|jvSz`@FjnE9xa{$i4p+tp>&)G6 zd|!+`Vg>c`)=kak^B`S}q$MI|D@5ry3aV;9tIcu4JJgsGxtDJ>DuCoY#`(jw@lktA z50aQOebV3H{FrSdvLJWh-SyKykOj1z-C{wtI|EuL7NMT|AU*8`-rj&z}=#}TQbk;z4Mr|78{^#DMe;pqFPI(^ghT!Rw zmLP;2Z>s4XH=0oU4Sy$7Y6@!rFdB7zRA*>AHl;Er^+@}b(7d!1p*lZUkD)M}`m=Wz zsQNXNn%C3(?-jgL%(9WdPKQ*zgSyU6?&_SremYW70N+QKcIE10sCSkRI zvBI_q^ZIffN;DlLd%7}xJN2E4Z+!I+<9$AM^0CfY6}9)kYab&s5uCk>Qd)CXy_d$R z%g9QgXyvbn3xj3Du*16&gDfP{DUAK)&JmMQx)`>emfnZmda3R{dO?i)P5F~<`pDIr zrC`x5lG7Ygvgk5M{stuLUIih@eOh%o$=uSvr-It6fwNFRSWBIqoiX>mTaU>pMa}iE z|8RZII}s-p+$(zJgzZ>GP%rI-u^^ELyN`XO+h>6N8aPa{c(kHWQwpb)zdb9RY zWJT-n&#+*+Zsp~c3X>;KVx7RuKt`LgfJe3N(3XDWkyXWu%A%{lF+h=I?-2{Vep z-b(cz3KzdxNoOZ3k8bxT^#K~1Vh7f#SPw^5eRs_252NSQ|c485* zyFXy;o89tSAw_*Y&&~^~>C|jO4_qiQF@%Ll?p(;tR`ZeFh^jEKEsV|nyqsZcyPBfQ zqBg3PVIb@@C5d_b*}!Bi=yS&C4$BJq>x|`=nP_uCjHAx!?e8vTCGt&QX+^`CO!}*B zgB1}h)xa_Murfv2$48U~lk1BBf{%&ybU0Myx>IXWn;9%vJR56W{`5PGXwYTvgd^mj zf^s}-Id3sX12+Bu(+pNo7Ln|U45-N9u{^zv)9aH1L!*Ra+OMXkr!0nNH0VTMLlQsg zq0^k)XC8lYINGdNJ$~Tj6O9*lIz+1{(&Gm}A)At}xYO6TdR^Mb{DbRn3dS|vKdZaX zw^TV)dZ96IaO-%hXenz?YLET1J|)Vg7OmPeMJLp^A6^?E=;p?EyIAqxd75tRi;^VO zpQNE!;OQr*{-mqVl9 ztCHWx7FQ+V^Iibc#$g__Pz%_4uqB~X<;mO|>rj)63J*8$t8{@K`{Z%Yn0IR0&K!K| zImN+E@ygc%b=!jMQ?N433YZCl`T^8nKqVs?=r{Z!jQJXK3Z=?u{a83!=V)uizp{e9 zFGupIvQoIGpjLQ%2Z^sj2aXTQF=%VmST7|>_^^kuA34p%MR_5G_S~lQyV5=plwIbc zEbz7lui#IVKK2}dgM_aID5)>OS zf%-j?1>>2SY}f{g!2K+wsA$1 z$l#3rIEh^|57usU0xtV*zW_&9E@lq?P zJ3Yn}y)#9%uwAs2!s|j6j(5=461waTY)5SqSY>ll@v5I*w{J*Qv^!0yIIUKmG0iy& z(}<1K@dVbl!+T;y8qv)xF98xP^9dN715(8US(#24{NnY!qg6ndKSXUp3u6)W1U(^I z@s{^BVas8w#!GrntV&Zs58`1V+cdTvMeqN9%WC4hq7ZPEA73uw+~zw8k_TXp?;>-t zh7ylP%yo7vG!wVjH6)KxjdEP1Oxs=ir^5cdQyx)ra-Q)HQ@F_V<<*?k$A2<}$Ff2t zZI6&Hm5+lk{AKZrb95?_f0;22w>q8w9j-T3DgnButTX8~WxFQd1aiC@8ZZ{1hM{WV z`2dmLjX>O@pEAAD!jW9%e?N0MY|G7j)7OD^?h@`j@5Mm8)5@b^P-YOO`>b z=~A{~l#0Xq$H~IWONfkcmY-s6yA}0mzxF~jWiQm>mE}6yp32+svz{;6|8ZSnIADiQ zBXU;#Rf;1xeVP$eI(WysqFABxipiR(ZII~()90Rom7n4)i?@;_&dzrr@MKcv^O1;(68jdKclO!98i#H*N6y z>c9mS1aU)C-;1v@T!tB(hW5T_Rj{F5eMCFHh!o4FDE2NVz-#+_b5OD|L}1~${Nm&$ z|M715!#wDm69d~QKr>!5>E1~W&^9%A(+gRI<>M`Q8{~8BM>h2*UjlYRtR2rRSV`eJ zM?7cR4(%N>{Kfg?mTV$rYf_>lHFg)SUJy#eEzQYRUk1!j&-7@le+_p9Kpsv28sYb- zW6$~qsD}x=PSZ@P(o*sfix^1Dh!yn?4g3#^uj-t=r$KX-GSmOd=>sG6!M~{-HYEp4 z+%Ys+x3roM3J>DylP*SaVaa{fjHi(^lX-tzTm1;72J{I&O8($U4j|0E?}>sF+9rbi zPIc!BxI0c2Ob4$><0 zMQk;(U#-?JuNkCG28PIRwk0gop+tQmnrh2pZ-~z}`p+ksz77*r(`)lR6u{`vCP%!2 zH(pBKH5Ls>%QIH%+o~HZdF{8?)c1w0MmZ!I;>!mII*5zujb^@Hap!Zi+A%k`jTUa^ z4n##MBR5K%oTmaEWXnhBUq&(-BTmR(X8cXe(Pmx^Pb;pAV{klC{eB7%=+T#)Z zBxBjWTn~G^a!%{8@o>}n71vOx)m0Ib-e!l-&j%IA+)9`8-5y70}7*J)-eslUsl>3y!FX-4Q(9uGO$}=4uQ``Gj6~h(8vfQHf zzgYf!hD!%~o_6CBto0(Yq_RL?Y>$pk2cu${XT$1m4{E6rbLEeI^+E4WvI}q*GrMFa zensevs|y;In;6}Sypq#4DECbwRmN%H6IPGgF+0)P9%aw`=`vdvT+dT36@WB|q9AxM z#5NLW$mU%a;P#@S5H!kNTW>c#TtHbEG5vC6kZpt=JaREz&==aWd!1=Z(S)QcS+$P z;^&(StdNl7>MOgyTn z@hCg`=7sRQ@AuT1bB(9DEOvZIDPU@EcymHZ+F%skY+-I|EmFgh+9fmqebiFkYV)f2 zcCci{Q~weV8=DxOP0uM?MdjI(gw|SjI_cK?_uWoED10}zzO44{?sw0D$B_!?=%|UU z1@Yle@-Oww3d-k5@EETA#_L`uJWV_E|sXXt#j2t+c+qN(`*+4 z&)0YPFm40Hppqg#8O}n}=gTQjua*N*U-Fvay}-;y6OO#whM`*Ui8F@cYNwXzt5Bpt zKgUIAs0Hu)$=s*r(4c`x771=is|Glw%`#p00!xUF_A5BppEYK9ITl%alcV)DVOT*d zHYeG6i5O5>(#0Od1C$3Q?%5PKv2tZYy*^`6wVt1!pVv2g4@Dvdv0K6(CpoTI%Y75r zm?*dLH^yls2zckRh$XQkWC6rnod845~5YMZ# z$m`!YG)}(!=&VkEMxcZY?jt89F=yUq`h7a|K+V11emp@iiBuWDf1H*2G{1~44sB@d z*Zh-oZXi~#FRu}vCsW62eg3Rk{{nJpZ2V{8{y&P&uEbh9B&PrDHk+;Me|il$jUy1Ul?v0D^gpOgf}8^`^i;^%HQ(8*3jawK zeyyK|o>~oq=d_S(|4~Yol-@Jr^-sC5h}9HL&5E06lBTE}>c7-9my@24w6s4PgELYn zV{v9b;m@8y>_30^zfIFqgtmS~bcs6aj!Y;}r#@mk1(i52dz-OSLMcj*vH!~z!xy-5+IcaYu_G17bQ zMCrYUl91$gu6W=3zQ1p+?~m`SrD30(lRbN8&NDO5o)i3BRgUs1{Z%qDGD-#cXBuQ= zm#&kMo&Rz958#Y}QTi_Man4mk?kQPG@7+~kaKY+{$`dlOvWRP^rWb+nmDlpRu4H61 z?0^3|r=Y>MLqEWiCfj$o@2An3o7xBp4O`i~%&@0sT$2q1oo1zZ!U{y�|KCRE1reRm zC|fRkLB;$7GOuPEhvR}rZF`)5{9Z!8YXOk~ip_?7zD)LcVDebYyI|4j;_nruFRKy+ zfcs--E|8Ipx_S6&#aNwW2K<&pP0o1z8jW|*XKB3Jav$m8AVzeU{s!VpEY=zMLms@^^oS=8!3vxC}?(YC#od^ zc|X1;qQ0ciX)%NQ+}UkvayU%dUQHfuId9L(b_|shdK!ik7CEJ0Ri{oJ__Izn14##U z{{Z87SsV}f^SpZg=@d3?YBoFPMfsm+sx$&qDxu}ghlJ=QYvhN?0U37-!$qZT zUm#n#(>DE4G?FB?H1M_jO!4N$&lX9^!__rMS};B$lu?;d8@Tr;9c6(&+uA$R7csfy z0c2!{{iEh5LW7)A6VrD7O->pW7362mAr1{DRE8il6n{_;KN$jxBA#*dS$~;fQD>&e zY*m!H4Cp1M+`P;9=9y@z#;ZZMD0MV?BXJNB)F>^_9+k)h=36?3HW{}8`GmrD7QWl0 z3C5X#szg?A{7Lra6UE@b*qOgbSy1|#MNyXZSzkY30YNdoCsR@ov7URdRh0%xRx0ox zZ;%@LCMQa7f7z{nKl_Pa($$(=aRc-eSa2qogG5zr1!x1Xf9Y_74l(*nTL&pN;6oa^ z52g#xDb3LB3p9zdR0UQCgUQ=wpmSeM)QxTb^NX%I&7z1)4X3oq=n-)F>riD{@;)Kh zB?-hN1HGc-CAN}}w|0%0F~>g|h#0)jKo~WOb{CV@E_)(>b4B6Y5Aj^5zyVD>KRZd` z>-(9HoNn%wHpV}ovFX?B-w{HJ|*WrFL%;M)suR%Qt_ZR7=$TXT^QF-^1PO3==!PM2o>N>Xh9IHvXU9|G;xe@*Vod1#*Zq#q^iXQY1;Rcjiu7X{ zRZc=RpZSLPOIJy4osZ8(lO!y%W%-1?aC*jH+9fWC44DPD#BB*XF5C`%aDI3Qj99A> z+VkrTB5pN(X7+pV1B)81zK!KkpgBf6eITy;Ttv=NiYLOJ{P=UL7)H>dE!7~*?0;<% zDMgANZjk94tcgGgWlXMH-fQ(2Mbz=j-Ppbnj1)OVfoY`+QFIgXb?PN!_3@cd=>hT+ z8$(mg34j$yrybi>D0!ceG=Gvssb?PdGJ9FaWlFlH)0roth(}XXp?{QquRWb0g`osy z-f-**d4``B@fC;_5mXReq}${t^7mlQO&Jfb(O|mIF;KpPuGW>6BCD5DiM>B#Q{4ra zL-=A=@&`4pGCi0<#UP>$uMUK+$1Qh)>3Lub@2y^eChA{_o&WeUEY}poo#%JAyNrS8xcb?0p4`Umvo2Z87n0hu#LQVfOa}T5sv(wh{bbsiK2A*y-_4j z;>&+j2}U66Q3W+-u+%71;Wsz@9VuAJg{!PCb$}I>m3@!!kXX_iIw{r|eKuxYkisGQ zKXMJDHf58>&EKceHto$&Um6349G6Bo`R>e+xerBRAVjUNQ*h&xl_x5S8d^^c26OIY z-w>P9Ptq@Za4WtKxg%!0Pnso-QnGILR&8@}(kYx-ww`+IPS;~+h1(EWQb|(xHTJO> z{x1W%{f=3K=5D5L+cJH5SvBg&IvG<5B{BCzhDS5;Hs`ZXjRrq5Knp6&?qjCq*K!nE z58XTy5;qy4tpXd4_FCNy_R_^tm6&)<%h5?k@@e1xBF?Ux`y6!73)ZWWmkgf^KrHfy zr{?7##8q-;;+|Ldo?(uQ*^dzVqkK7b~YWgN_nkM z9#pH(_62?R&{0BkQ;ZI_Bp|TYtbHtD9CeOmv^E**JfXsuDOLQ;zEEcVI6^TTymK=0 zGZaA>;o$)M1m%=RkJeAd7j$;w1>AL4RkB+a1#TSWAnFd_M2I#D?^$nZKDch2u%Ypn zkwK{&Lu>NfVaX5Uu)eT>rmY*G=Ou12MwG{G;R0FOoe2-rx-a&$d(DZA_YTH=J=W`J zDCko8QZn{DN5qzQN%j35OPj4?0gAV4#cow!k~tC?SdK==Z9uw}(;LMt20D!+h78Gp zQQo}SMun*dEfo96%hi@`l7U~Q zqK}m$NQ8}?@sanMe;x6#aB^d%wzhjslu&F7n(#AeY!-syH@8CsRdoW#~pa8h=?s8Iqf4Rf&9sPr$8pl2f-&Xf9y*F{#t;>tqwZ{%I{&g}ue1MkczZB>Z^Dsl<1l zw4BQvJd?eBTI_Q3Fd5GIA+KZeu^27InhSLJ%{0$5v16*Mo%)$iJ_jB_#lEv-iHZGb zAM5n9*e#~z`Db3AZy8ae3_3ht6rJ8N4RWch;o3c7Vol3zVs$=?3#yqfJ-|MyUc%}j ziqi?5)^77UiKaZpPjopgUDL(Ja|XiaL>vyL?1O~}o0D5TP7iva?yur8a7we^|}JrrIz8+}Oa5Jvgw)2GcIm7Y5m z!G*NP{&>=r)8+^Mm=lJ1A#4LhCMpU6WDbx33|tn#*LuqNo}%lN*KRd`%l)G2#54Uv zcV%4OY4eF2h74O(b<5o0FG+6Au2<3V-SsqfMMGTLskcXbVqgNAw-J8Y#th}-ph8YF zyRP$sX)k5)RnZQ8wKwLUUsJpiST_pJS@i>Lf)TKd9Pbzk(UdR)g&@)?#7<^d3JOK% zfqlmUR&HV!Z|QXjX=*6m(X5WB$+F1{j4H2L85tug7)g!=4md%G)S*w$l4O^^c!+z$ z=FVnG*dA++M8G*>MOFf%CU|W~$J*z%8;57J?BUiZW!jr2J+D16ieP$a@BYhYY zUOXLrnCUcgI?|wL(=_A&a$=~Wl zN8n_Gxl#CyE-*oq65I+m6=VP(FHc1Gv z99;||Czxb>ONt-21cZq|nbJ5$C=dyX=%5Z^VFSJJMq;z4pD_U*i|>tX+hmw#A@r{U z_6HKWqeIf^%Lm1tcdbCWxni#zxW*MrLAN+)(H=AmOX1GfB8oRfrObw23oHjqnZ}KW zb4Wc=nf|0=X49D$jLk0-dC6h#UMGi^m)ozdclPGNSxC{o6$tCOVChyf7`qO;C*`3D zri{`}@aYxtl0YasMtL|!nMj`3R~zP_VW#IPmKhA3{d*bu@9aTz z%!N)!be_PD9OlqxzEmWwea~MQTfAC^yV7N4myHddr^sXqxmiScu}XOVV97&SOqa(H zbdf#tW$b1XSSs^{dBr$i?1jnaI`mLm_a@;Eigi_Y(-{|R$V(?RGrP<#+lbUG_@KWl z?28^x;N)m~^2n4Qs{YHwMR&=xht^Vj_b##r98x@#F&j3RwZKVSLjf-(QZK90!&xI(3|ZL9cZguG)HJMx}3c z3Ji~{&@`R;6xQ1W53*JmO18$%e6E`Iy{p*N>L$`^QkxgHVH-F5AvM|jkWG-i;gba7 z_AoM!_ySnygax*^Ou}*#uJNImz5&djak1+XmxW&AW)2r)VO&mF>WTHixXMNMQ-?*^ zUaWBX-ej4yBzy7Wno!&;kl(>TX%^jR-!ma^X!K*$u-y3X3_LJxFw<_jE-O5IfNWH9cqjA z*1tTY$qyXRC&>va9vUorsfr{lHpzJ)xvbJ#fvpT$`9$U75aT*HXINt_}1>ntNC3tXzQ(B(4aYL#NzKLXJt(V7C%@KvN8>=Ae^8J<8Arew0#VTn$FtR^0xCeEl;6 z1^?Qke@|V3y%=Y45$~jc->A4T>KGNcM5piv!H?NA=q$CRk6$y5QKx?8a|0HBuvsI0 z*8rVY(bUAXqloBABVbOG$t;2f9!#2Hr}XvynDv_gG_e+}W={NE`9=)6MQX*!Lp%6B zSZ7mOxS{3Y*-_f&PkjR6aBBXs5$8-Zs*dbFDqgEeIh+USFjUwC(_Gk|0AP* zYUGWBUWjl)Lgna)Xx!~fjRb0BX?{(XE;mqVP@Vp)c}l`cb#P5!-v)|;px|MzaEi=V zg%1wf%|SMt*I0fPQVa6f>IqJ%`kV&2bX_HlLzs{riFhAs9eDtxonf`QTQ$U!TrvNH z;>p=fuj4K7pq`T2YSQu>wutqjv4ILmQr zqq^N*$c6i2pH}rl7G%FN7^4nbjWMu&C&$JUENGe3iE?{c4k)oCL8!9%*OX$vNgetZ z6LpK6)0|}uQ$q{&zP3@bIawux&$>b{OUX#xLCcpRZV%<&lgND7E@m?`H-3c`?N18* zafG2bZ5Au>Uv?s(@Tl|f1C;iZvYqZSg9NOG4rvtjKaFT z(+Hg>sYOj9BiqQ$@7!y<@C(4wm(@F2yP0&2?nd6#r+*qA-xR3sUcy8?M>ejeAF~*7 z<@ag}A12T@$(N6TZHxMWN#01S$D5z{yh177BCnUzE>F-ieD-U?Ja{yUm)!pr9XvB* z`RO4&bdwjhK~C1sX}iY*SHoomoO0G3-ypG{(G%ebdt$aIN3MD57YBD&t7;${GvI>G z(euCr$iYeLlbAtB2i#!uw6r{WaE;|m6slO4EcI8+_N?p{8A)AhtnUMJU}6YGX86c# z0l7aJ8R2vF*S(-@l7^FpCL5_mgs`mZS8TXUDm&ANnl8?Je3ImlPYAR14eQ^}pQX%P zqL*4YPqxDRiP2aqOP^T%o8-DqU%u7?w&fa|mm+%;&_8gf<(;(1PjM#3<@EG?N6O5> zHsh+{)hH&iuU}W~NdDfZs`{_C+0=)C*MuAyWm&#jA23wT;K$jSft^7#-@ zJHEgj7lsJ8a2D{N6l5DktOIOs@RHu5Gk&jv6(UW8Qamd-0Q=SfND=W9;CFu=KR*0T zGW|Zfzk>fJhkqSHV8lOvenmK;u;&7A{4J1fPeVhqxU{sm zuyBSC@2}G{MRTdWY8o6A492tJVnEL$E}eUU?4g62WYyKxH8x5@P+#YA&wL12>Q4N# zw>PO3U*xp~?Yw$tdf}0SgF|+<1r3V!pA{GhE7-ROvL4gaWId6SlarOrZlS(FKib*V z(b3Tx59cZQP12@j52FS@+;e98>wEA`-Zf{|MlWAHuLr1Uy!{AOTl;;^^Bkp_0GE#m*jkD`*Y-|i?w$Yx~gilTCxe5)+ocHxC)v5H2PF_wUnH}UZccAw4O4{8| zDvPVMlq7lNR;QdQ&?^^nii?XsznKsD&BR`wcxh@naLvnSa&!HhK25h9{s@COS@2tq zz_{YDeRA#!MqPL6_|hD8!4LLepHr>Ickf$)n!X5&i7hWK>Yvj5<2z5G3Jc?dgBfzs z=-Wdy>EuyAyEwxcvFm9Kr%Qw=6fSX}b6djiG<7A|Gz%HGzL%dxhb>GiPMKqZb1HU8 zr&QCMf|@?Jv+!|oRUY4Y{Er%ov~+ZYdA92X2S+DimfKXh5pk5y3fK<<1~|*(Eg85; z_gCS3-cwUk*z&-OASgcR9DEe3sU(`0+CGh|a~DGXR#&lN%4 zr<2!`1=%!R!cKbd4cdJ9rNvQ$fkAbL^nnA{^%a}Xg`0c}&xPsZS zc`l#<;Fz67+MPTdQ-gr^SA&wshp82exJ{2bTQu$lsx$u;5;AH`N!Qu+;6S@C2{=|( zBv`!DjmtBFB5)x*2H|}4v;SfH>F(TiQ!#fgV~*Bw`BHrSivP^?FRt%oEFj>ur}a$T zYje^^wOMAuYEWiT_3g0Jkv`>euR=rbj0g+^Fu6wW2Q*%potnw}J}$ZWXIko8Q(?1K zo<#c-Z8+q@Wh$iiLVMZH&J+%B6`;JixA*{pThSJL$kCx+XDzV4+~?yoQLX|PGASr1 z;6d(Nf4uS!$eItAFFr^p)v<9dgGc|R5y49y)F;hgdNr~wjG@$+@vgAivg3*h=e}97 zN_pjb|KjYjT5FDCF7BZhM3c`GJQ;~XR_h6u0-lH=lxK9R?LYY2T)xi8=n6<ffA=P?o~C(v-0rF>3T!wTf@cz7XgyWd!^qr(SEbOF|x)*9q+c(J&~l( z<`QeV@O4u*-*fAIID>=p4a$qy8F0uHK9Q$FoESewt`;C69`6gcm(^FJ zCt7TpS08q*pVxx5d#GvGv?Ofn8_4}~W|?RBL+1WpgrPb~I4>Ddd3~IXu=d$`Gb3TY z4dO}cA*Vq`v|Cezonrft$2)RqC=$94avU|`uAdq;)V8gZ*sR@%eRQ`+QwU+iEQz+} zYLKPx`!2NR-le6Y(i6`+RVmCN-U)X3k$Hg5RXy-N3L_7?yB``8a|?93#UQ|v zB&K7+0$J0ntPpW9Q{i=ZTde9TZ4LMS(S@T^(*E?c&}@rCpUQm8cucA)gYRJ6SYiN! zfo0m}XpuStn56NxvGpv6fZd2oNfB%|E4Ku7T=TYz`pg_%s}TVvSAOxLvPGO%N?zm9 zq3;5&ezIj=F5;wzT*`^x1$W#8A#E@!c=NN^&+zm?NCysedyD*VTSYU)QU%2r!2}gI zhdkyYp>Jv77(t!Dfqu_W;nZ>~^GN|Wz^DWbv5%LY$H-7*R#%ILZhNEReD`xA=C&Je z9Ix`uW4iTOcH(s3%=Y13sGB6N5E*u>+ zp*zbKthv@Z?-Zh%Zxi2t8Rd!DG5ir@i627J zL!C`~2fvAfpiQeSV8kCw?b@sScoDmKbuVe_K82-S2zA@RvRJ ztA^x?w$#g;yk~gOAIcS@mL(x~jYgMkCG9TuRM2ePF83fM{Ok6?u0UGjw)uLkT~r4( zuFD7V@fd?DEG{X?FS56P-YbcVDeqYE>rn#u=!Fni^nef1C>NWQs&>~2BxURv)jG6` zP(GqN-1tMUL6#*51hueOq%qzjuKt`D;;4~dIGT;n*q$zvAM(tP@Bd?a+#>C`5wGz2 zd3~6g0Ak}-V3Y&a7R0?28afni*BW|H!XPDOEC^I$9kQRgJy(zW9xyQjC@punq2B&s zoqp%W0603Mo}bNw?+$(&ta8I2suB z@^fsXM=M)X&hjmC254WVe%9`7N!CsC3=Clla&T1rWtArQ?kmt8+5{cn4t(xcjPJt! z7Q+~6r&J7e9CP@{ckNlIuwQ~D=;Bh=#Y?0u$}~)IgB2k^&NOzVhTZx*XT3YN0b)FL z>v;TNApHi;Jtph5j8P^N`DT4i!hZZVGZb@KkV$|4xH(w-915Slw;BOo62pIe_iRY6 zUc-^`8q-lJ67tgSqy=^9ZisrRC$^oZtVLF{l=WK7L+No&&VH2@FV7*wc zhfG9{;~&>a*q0TCcHJ!Hqn4d9t!(Agg+I^`JJyj9ETF5L-gZ7R>Lcu5Gcb5*pd1-{ z9*kf)^peb%GOzI1Q1>iv6yR;PE34?5>&j`d?*c1QHB?$4b77d2n8M`c=uKqV%OebX z&?gLdMrA^2aZb=|H~4y?QBYArMCyUM--9r9)pvTInMM}YME%gK);&MZGWd6&7ZzgO z*Trh{$nWUdO?gN?iUg?XL^ft@hv;uuIWb=KQ0QB|Z0Uc(*)q4f6o5;*B|Mh^A#~v( z-97SM9rE}HPvWYnvYWR;8IaJycbg;FGgsMImGUimor%h&9RmQl+nXY;&&GeC^zIES zWu{CJmA-P;r#0;3G@>cY!{0dW zW&{s1*j!fDNzbm|5hY6MhAvH75*;)m(+Zw(EYa)wjSu(CSn@SmM!79DSM&GmmREkX=o5U*b8>i_Z3yHYGRU0N!fliPr*7uq46nUtC7i_G~l}k+YVGO zIFbJI-5^1%wq6-xC%VMaB0H$oD9U7MoavcXq)V_&*kZzB<@3 zQgKJSy%AL)l9M&zIw>~3e45&lTEetX>vd=gauD}{5sxPrVl$H(sfu>ooL_DV@t!qf z(BGvaeD=dr-<9xS;abs?xBl31C7O2cC9r3iBbOVj93D+@8Lk^k^Amk)E=ax+1wdCV z0q+FW-K4&mSWP7k-)n{wjvJJu45lV0d$(pz)}2T*TX9Nk^Euu^#Qh+rM}(#G3j08M zP@t<6j~nUZI9-O=-4TxmQt)j!Np8}*{TgBI&mZ#W_R6NbQu?e-`5YA)zc};Z(AQj( zV_)z2e82^@h&3{I%F7@4Y|AB8nVN!T?(SNdbt1b~va$*OYQ)XAcY}T>!vMf+L9V7Z3I8?ZU>(8Z+3bHIH2)R_eqB=(51Gk}s zC@mY>T!k>?wLglf3~x?2fW#wqJZIhez69ir!F)#FP-eDq8lsNYl8rZ-%oP6&k>H^< z#uGe-T6R8>4ky)IHKmzmaWy;D!D6d8YDWCy zBfvhdF1cHQ@;O2sKOb0wvN@mOwmxpnJt91Qf1+YlKtcUbXzl08#lsXY2ZFuGH8huf z-!t0W;B^@U13Vgi*bQdN%K~Yr8h#qd)|GFfgD%y*(Cpq@aXjPUygo^I8tuQy>HBzx z(cuIxmBhxZ@CR?UdD-zW)8f*jz1l^%F!aqG@yUK0_I z&C9c%fBx{W!x=j3wah99Y#cRU2tlKBbV8O2nLvc}zRq?3ezhit=PHnINmXQeFG(O4 z9ysi>Zx>d|t=g4?5zo&1d`H&BM0-8@(WX{?&7JN62bzmxq0i~~)O$>ZP^_?qg>0-{ z4c-(*5Wg%2EV@VOO}_ogQxO{BT@+lJ-q~oMML#uS>1gQleJ~Rn0hk6=_=PqOKTWfX<zi(j-EDbaOSRHdbTpMTF4uDkkoaqFdat7ueT% zRoCiNn?TT1PF8G9L6%NkE&FlDonNLDmLH_5p;6iSXg?$r9hyVFd4x~52^T@UPfDWi zQT}4wB&}MY%|Tkl$Pp%Cu95yilkLW&(+X;T;Vq1G3D1L23M$-DjWPZd%}iK7LN0E* z*XQS}@7<43((K`wl0f(qg!&*yZY(OOs4^I^T|a#3iP4HS`8gmP8FY-Xaw9g@_`A2q z#K$|jgeE2H9~6c|CD1Dv;^q;~M*>u9W}Ef-bN`&uEN3E9c4@~Xn0}n~kazRWrfOM< zkRQ;^@qOsrjD1b8;bDAV!@T1w%5Qm(Ps9^9xU+# zyE$OIsFn%krqQY7OV%Lv6#AnzJLVFksq$y;*Tm#f)EZ2$sf_Ct-pLq_6(U>`o>D~Y zK+0W-Z*5rNcz)bHIU1^{MP3^kPm!eTD@OZ23roW!Y&O-T9^z<+X0t25CU!PCk><)f zB)T72lmj#AJnZSASE4$FuyGAvNBPr! zE@e$$ptZ?+5jSzZm!f?AyIpeMOCcddEPhgX5tN;Jx>?PsY-Gn5fu-W`=>?Y`1o902 z;%(BKUjQKNfy7>j=x}zn)L&XGUZPQW%T)a*_P*Rqv}IOl#5nD$IKJy!S!RmAgGbmgrvso;VY1Cc$`2Osfd$T zIKg}Nd$LdNDUq>mZ}JET+rAUyp|cd3KnW}=c^kW8?T$jYxJ6CK92FPcT67e-mXO<~ zKPa4E7t2~nNz2Rhnqv?1YBJVbDXAs1YpG%caLBDxVh*P!^BpUEpv3xmH3h3u@^30; zW%WMSN>X)D`y7{@ccEdzh1PYyxJ;@h(OqQ^kb|MH&jIJQcrrwn)Mb1h837X<=p!vJ zW8k+LG>!FLITu=IzC@1y_54H(XZc#iLKf;WxXeuSS}2V@kKmbRS-fGhW`@o7{X5fd zV}O2hU7(W^sgaj)RR(w{?2%N)44PZ_;OM;NpAjQ9Ua`pb<5=OC(^?cT zbtmj$P5?br4!L3(G|)4$jUukycEY~+bKa5l!Hf=m)~=M)vXLXIPoJ~rvZf}f zNZ6QdaXL}D#H&$)ZKq3q+{UG= zC*PZEvJ$=cfF8vSnkzZEOGh}9hnqwZ_2>N}guypa3T4O9Q~cM=!ZcVV*Wz}I;dJn+lQkTu*RKCFJ*{P*4D;zJ8u`3=&E|V zKn{TUF|({m&Tj~U2_S&-h?cS+Jh+j%)eBy$Cmv_5#|-80nwv#L+pbf52WvRRu5VGW zGK|UQYcFvjN22(GxJ(8-fz5{^s>GK~3<->4uCMsF#>*z2>eF~V6!+=Iu#{2N3vqz}IsJhpD;egnwZVt)u_Q|e5BLRjbZbu)F=1UWZ^;&DdJ7pD4hFNRsoJJ$Et(Z7^#6W z4@XROCstGmhx_>(=<6r9BuuNeI8MF#c{R9R2=S~#tYOM+=$$qv+j<7qF0toVbJb3ANrbWR1GF3rd!k+rN#a;pt*f zNLn^qyD-~Iv|j8)#q6LNO&(I8KTv%edsqZKGn4wsY6?R3;{&S6#6=$FbrooVsrhtf z>=tC*%tC?sD_EnK6NXC8%_1m5cqK#zrYA3BPFC$o8&cNlk4;F%MMo@j*>@StodXBv ze=vryo6qyy)0&y7#6F9!$(lKm`eCtq!EZBO_?@R2;f+wtZ99ddSBM}wy5XLRk!O~H z>Z-UZ#`y+s#mShdt=M>-ECnjv?R$&A8`~)zdeTt+E$-80W}NY*I^6uq(KSg4!tiF6 zP#(YNX9=(rad2h(n4XlRunJIT(yy(>*GACoCsU_Dyp8u^&(=KBj{xqoO*O4CZ4XQ| zRXzZ+2K(>){&NSrKCC03dpe1~;0qrO8vroL(A-JO^j zdItJ~q`P4qIv>SduW!Q`o}uMI<*5S|E}_DeZP~%n0R0_A%{)MrA6*s_j;wHBKm1i2 z_J9tFk`gb7@&3H zp5fuXM_6sl>8i2i=289Je3esF7tpdhG6vLyCe!UPTc{t#$oz3tz82mukwUNU4)GZE?7@Z79m9RhWF3koHlE zNFpNnk^3?HlAc^?ipg?%(t*ZJ*;_rBJ_swB%MkFAtj#77f;*dJ5Ew$mL3>FR0R^Ey`=t2Hl0vkB;5;FW|-rsfHX;E-cvF z^Y`SE>V2w{+NZ%9MQJ^$CAMZ%UiqA_OH(1Ud-rhlQVWlKLTl7se;Es=tS~f4U>-;F z+MKcJhR_&!w~g^DQ7y8eJcnHYoJMxdrRsl|j#EfB(qv^=B_f>V>-xb8rqM|dq3rVk zdD=o^#P0f-k+5UEsFT;<`H7{g^&E9`r^(c<#H}&FzD$=to14Yb;`Fmj>*tFk6#kIPm&q?GDnBkbDrmo0A;OTS z2JoUYyeYo{uoj-vDLeWRVGQsC%N6#mN`w4fXX%UwcMe`1yMxPUkmha9k9?r>S z$B(~E$guMad!pq_j+u1?rqEj4n2wPi*ACqNz1I8o(m%Q#-H+@=Wa9&)SSnh*cxLDB zI8<41i{lP1IXpI)$tfLYO!@ko43{yymu||TZ9TCUmy?_RHye(Vk4`K)AhCc_BjR|4l$4rm+21F3I>)(} z4->8SSMTCmL;x|v+YD)KYaO|VO}g8;BY?P&IM1tJO?lYk?w3(rz194#)@qT)ru_|% ze)YGx=74Q~Qjm-DPHO?PXEr+ycOXNke?Tb?^%Fz%M@DUur%Z6KTNP4<)cdhPe$j9A z^n;?eyp>bz_s#9<@}%61qji1Fb0>j~%ge4`wObr287qha06G&wc-~p(weTi?p_%np7&QSky{@eB)baf}0KOG?gI?I8HB~Eo zWob$9?;>A(SF;vOx5 zu@U6v;X!lfj=t~yji>DfiDmxD34Ob6L#izv9{V3Fj^7w7d-fq@enAmh|E4U}p~K5Q zn$?*PtmIGvZn?MM*1~BAz6prd>JxgnP&sOt?Y*f*N~RR_sBv60lb;$x4w) zn^0X{-Pq_GYJBdW&F*%t;JfVp!>k>&@7jNS=DlWF2asp2zIye10@#6dq9X66A6Z`#7r z$ubEs%?Dw+fpoym`=jzAC8aJN{~P@~FFmRk&sc)@{rv;| zC!tN1m2NtE_e`imOcz$gWdRl3$6~S5sfR4w{G6Pe68gll+VC?OVDTCxMcM^^kFJQ+ za<->Mg@t3RP_KK<;6FZvhllU&T@A%t{%67bNo=BbXXOmuNi`A=feo9T_e)Dl<>lqm z(^lJ7zxyk$!;+%qpU*uBzKT7*Ze$Ned=(7~3tL>gBP-i-@#2T+;=tc)N2}djSNP89 zoc0VJ7N!CdzWn*EDe&&v*r~y&UtMub2LNH3hXB%Ia(5A=Q6cS-yUGeB^V9;@>g&2{7(1oQ}Tq z`$xc%{e;wWKp)CKW97fc==8CFCP81A*`@>kE8qXics1%4r|L>+{lBd^CLcfJrDj|+ zt`Ypi{?!A;EjLsygIj6dH9`UJzx_FZSL!il*JjuS^?vnd*Mc zkN>*>CRaDBJf8!%OaJ>DLMH$JF>&`(#DASTUyu1eulcX<0XhE9?}@vH|0Pqv))58h zzs7)!|M#)w(R(V2e{cBt4%qo9GizJR{-;yvt7|BlBGXg)bduKCH$CC+_g#M-eZ2n~ z#pF`p!1MHq3QhQk)L~YDKP$R09TjAC)%DE7b|{*`uy}dN>Cw@b8XD2Dv3Fg?M5T%9 z9v-SPGBQ3s4XIC6h9)QV3=C2}e!P9_7JkR{sj8}@nVF`XTu|yCmz2%S%uLnQeNWNj z<37~P(w%+$k-A@ty*Px$YGPyKr4{87VNLu(EQLS^U+M_eFY$I_ol{H?ZUm~Q**G{n z;O9sAN$jl*++q-QoT#uuMMM}|TE;(Xhh1e?v9qzU(a||hN6WGI%=(d+8d0|Q^f*{s z4{LrU17fkglT%+uN0avh^S)U^a*aKvVf(SkkE)`g4WJoI>V_n*`J<4K5GPFdB>YD| z(8^!|_4O^aG&dI&EuTDFe(HS?wC^Te?at0$D#_L1uKOS<%arx;-HPRI2%Pv9kRqfM z2{f@ForTP2a4KePD$j>%`;t-ZZEXO?Xsew&{~2g~s;(X#J6apGc+eW|$}D7=GUXMK zD71{jozUKYre^SyGCmY zlDftw$;Zbh?Y`FCt?NqKn@Aw-C){A69ouCPwMY6K8R_f$SS@Poe&vW>qyAqhdxY% z>Qp+<$4}K{n!m@ofsfmh`1$xI%3NyzUFQTJcUc*i=r-IF7B*1(jW%i*DKf2~K0ZDk z9=%JvQ`4N10tje0y^!nD^p79ODk>_5f$FU|%4B;GGztWz`ka#kc zS-_dX|N84Y7?va~!W}qp$kcu|@2!lnGh&NWqCufrsKH6~+4! zMkoW1qXHTX!@0S+0UdLA@(U$8b(RM!0Gn!H-lMkjal@VX6b21UU6Fn2e~zA>9?07i zm6WP{USO%uta}M~>DMaoQ()AE5bu+V+NGE5rzmDzkN+s5))_}>`0Qv?bL zjPkhkQcJ7qnIh24IT{uHez#NiOI%zFJ3A22fsPG#ckH2kQ`Cjc%}pSTYuMZ5zc>9m z(0}+KyQf!RXK(K|9DZr>cs4$Ma&mHS&qb3L=opNP(;9Rsj+dr`3SJ%=5i#7fkKV&l z*UQ<+xVoyS6w|+^dBDqcKl)I9gF78AUr}`hz?%Eqym7GXqc!2Uj;B$Hap6;t z_UQ8T^svOGx0i7!?y9pD^Kmsh3yGXA{@m;AW6mwI*H4w`yW%SLpUUM|sjj zYPD1GC6c4_PbENn_Q~!wW`;<`s?68s6zokl6e3w#gQB|H*`4OA4)IY@9nm-9^$y%T z{=_unV2hEK4v7l*usa=gHmP%O}@evsO^&l5TLkI{ASMTLK6fDmLA zpHr}^^>M@U&p&=E6C5QdD7Zb_L`y^C41A=dOa}&Dy3)G9I>MUQ+t&v_eaLK1m1+?g9C7@YMR+ z+K`Z-sKcynA04!=&iiN!(m$D)nwn2%u9rB+~JjNU$HPZZ{N$y&yTyIs-%YU-1fKD@#?QK$zN;@ z)30%olY+%Ye)^=Zt826Q>|^9^eqNruyw_c(8>{o{o+~>8t3sCW!xQ--p1&-6lWKhW zh+n^cZqHj;h<%Y?8N@y?TT-trA_BO4&Ir2@6Ua+t^3F|qCLmc57iWi{9xoYMRyPDD zMn*-6@UJfr3FJ4*16eW`8Pp98S<&pw9gj+ji#1=m*xGi_G~BzFE{Lje{P4X65_^9^ zb3R3}!p_bvCR)=G6W-_{r8BAqv{O@rv&D226hu2|22}ELaEP+8Dce=V(l9yWo8OTO z?zObA4|;|QItqidu2-El_7tNf>UdD~b8pe5S-cqQsKlka@aBjc!i z8=L5^+M8MP<^Ef(voRA<>}(E^r4H1rIlPkG#!JGSV%r0m-}CY$n#CM1UcC6gxIVIf zd>miC77`koeK(QA%<%AYTq&=8VpPco#sWTji=qW9#T*6QaYAv1MAr4+X`0td`8TX9 zt!nV7n|Cci3KtldNw1H#{I1dPC5rluo?Z-9OMMg*8Oe3dR7J%>Pp|$$B{|hyy)qZ< zhWLJt@+W}_SKI+zg{b|s?_x;lg&F|hU{5Zw`Nwd*VCiEJb7GYC1sY1j_Lumhzp-y; zb!aXcdrMhueT#cAwlM|oAM1k%?3P_fYl60q%D>Rn(Q%Uy#C7YIswCI&8dSOgF-?&- zCM(`XGq)#2$_hDLZnYgysC}ME+V?i?(Q9;I&(@X{9dvLvcDQoLs+U)<(rrzcE|NW3 ziujY2j;mOMHCp!V{@b_TR#rZ0=Jq*GHoE`JU>~yTKHON#ue2JNvjB3i{YUV7I8_AV zBh4W7-75u!g?4Nyhey=Y4ckBV?i4O}8-gv?l=HP0#AWHs6ML%GMejkEu6$Wv zXMk0!+S=J!{6)niDQMN}OZQm!rq2;$WXVh;9SdutKbpfKs$DLILv24r(5$t)PAQ>y zy3Vz4u}eCFiT#C^)&!zVNl}rl-MGR7U8K7&$)W1Z08tN|5x$rc43cpC_FX~KqSIq* z()Gx(i06tF>dwuPTq|><2LJi~pP6=}MQIXF>7(~M_(%nXcFhGN0EY`<+vk&Eqg?lP z7ZDN3&B|hu@_03|r!|z@mnv>ovJi#{akR0?FD>os>7k^ggm`RZ6`6B;Pgd#*Htref zAbsN~LM^|nUG&3h0Z|0ldC0z|@t5-Zq99he2u{x2g{4IRXq9~aKc3z?tm(b~A3x{V zf^v(}0sn&?PgPf%--u-DRBF27dqG*`!-eV&*X0A3->8mK7;^ROB+wVHF@*g(!wT6hC|F!Z zCMC)Gj3|`uG7ukGmD;GK@h22hHwSISutT{()5h;@BnWti^-V^mOSvbH zsH@G8ySqJI464+YFYVuoj)i{L(}mx-PHJ@8`i)1Jc8W6dXs*>srNfR4^ZJsa;|WR2 z7Qq}rLUK7A8{~cwnUE30Kfe=l)e#(&9dI(ZeXDU;D5!)r&rK?1WLRrAB=X||z^0fk z?6Tg1Q0Q>; zrT83Xq~F5)G>IC;jygXx5 z(*Ws3(0oTrXX2TBy;w!Y@V4TPeX>t~K2=e9;_Q61GU#MlY9k%iewRs`&zx3sMh&(| zxqO_~X)x54aJl;`yHcoj`7>Dq^S7`lm@g&sHjm!c#Ir}^T*Vj*qPMnt3bR8w@_Yo< zIc{7gh{0e5P9b7owFfs~r3e-o04i{b6sx2Zo+eZoa@crGMc+Ntc`=n)VHS}OPt4a6 z2T+Xz1YZg8m~hkN;gYb2_)50h`CvoM$K%(A-y2$5^6YXhY)w`M{Ah;WR#3o)5~hZ3 z5!B>35f0;f=7pn0%E9Zcz3Cj|CD8Q3zBfb-3!pHk1rx8a7?C2Fy)NsH?w0Wj-;Wf+ z_!k&!$B)_8diVa|>cG7%Dk?ewR?H8-IfYvPXD52@6uHW91KP4Y-EeAI<$?Xwe}{y) zN_sj#xp3uXsadT$r)BhCIzTUJH-YS587;X4wwaYnE7CrapfMd?xu`Y0y?MJh>~B}N zKJ9P#(~z@PzUY1d0RgDTx~u`Xj`@TEVn#JnW`78J8{|2WchG`DyOJvbe;FF>sWU1> z%|(!tmv=gio1&FUr*z&cvTWj$I%pj5h;Ie!DY#+|HswXb+THjnM*G5Ly@?mUffi16 zwI(GoaU#=eP@JNY8h)*yKTE#Jc^kGgPy%~SPiKyxpjnq1eOKOgW5d8cB2jT)q%3A+ zWCZN)lCC3lwL$M;TKN*TxuetMf5FADN5OaV5eVQHVlg^z%S2oo^%S(OqAaSE^Q96Z zsj%uA9i6JK?zeHgD1UYJymwo}$%P|b{FV80Iby=vvJwzl#! zbRsX6{YX)ex7Ysaej>NdMo9@dYcP&YJ|Q&~pUicm@y|WoMkV1AJ#Dz(G*9=qcz8D{ zQR4n8W}zCjTNNMw6#8-zo-XChiQy3 z{@?8+VASN?$*4|ytF3i%>a*Rh^TR+syNcCfZOk+1d<7G|R>q>N11X}2)_lc*ApM4K zdwQh;pcRR{Q*7)SiAhpjWVI(-prNa&s}Bzi9sFk>p6=uAec_*%DT3CUQqvDzRwSPe zLn_Te*y*G6U0p4MgBQUW4f!gGXHs-rFLw}tMtH2rshaDI1xri$16<{{0{1iUG8En8 zB`ALZ9KvTwNFnSbWB(>|$fpuQbj-V%TGy>TCLiS2p-nRrq#-O>S68^gu^+TjO#_2+ z>T;VW4740P5QvtZbq9$>d|bJ{FSkQCRnCyaz2GX}hWvng_u#=OR?vK!r^WgA%Qk)e z0BxWZ*L^Z;Z*D!9*UvUL>-Y>s5#@0jy~dUWGlxY>DMo5syLN?!O)7=3=)L`ZnNJ`{ z^-#dP@luCgMpswYNLPXwfSshB`u@q4#`V@!X|(&6Il)f=9D>X|Iy!Q2a6o~|w%R_V zu_6Z6ieZZ$np@xI)=o(YFvae99q$+)ZYh5%C`kFpD=a)+W{;hRLE}fx5ekTeb}1pI zJumNNb2I2%V3OEQJa_D(Wa4-ohGpvlbyLei`Wu0@XliPOdx}t8To+GrHZ8W8 znA*%&0-820M7LR;M~h60Fbh)#n9(zhtPU_V+L32AIjhj~25Hif##j57%O0Cay(D5-0XHaBxizUSKFe^;B z#J^Sn<5<457j}A+8wyRQt~@z8Axb#-^`PdjshFo=?G>v<+XjSA-JN4p>3HnWfguu{NQdta8~ z%<{hndIpu++i#N#ORctr1O+jeN`494FMyQ@S`mBRtGOn3I;Jm>ij2)=uh6h23=6oz zy95RK$E(8f(eK3;R)^P+UaOJ>O+U=e`2Kf%w~5R8;Tc0)A%nQ| zUsC9#mY#Wy&mTV2)>}30sSJ#b4NxdnCN|lLgC3P8@)HwuT#lm4>u!KT?(R$Zg0x~%2k-I)NgY{*X>T3q&6GzeZ9i#~f9rS9p zosqFMD?MA8%diDi%!668m4x~I_sg=V9U~f={<1mlPP&+*gP2>nRvmGN2aRS11}=ZN zxlnfgx|^VB=V_{73-GjRzAH>g9V ziuuHqlcYSSYF*!*34jH)ii8%9s!xdnThN}D0S2{&iPCB5R9U?$Lw@qqXZO8~*W0Be zrgC(DP!PkNJ86@5L#VmC%MC%7hHk# z5OHeIDN(EUUcp?pB)ku_oR(%zTxR*tb!qf`2#2fv;G%nb`Y5s0piyuUv{5iLhpFXL zJ47@r!dE7zc-+APFDu&?{6$(q3h-U5O5Sd(#ME}d)n@Z-`XpAJRQP;AcWl2l~P6-vB{1X1P>D_!Gh50+H5uA;aS7lK;-1*#=%90!62HO zEei`Acy&gTdCW(Kh~~et3N0-g;vP0TJ3BKo@%@pEg2L<&L7bNQ9jo*g#!q0h?SYFM z6nQc-SfDQ6OgCpFHoXb}-fq-))C^u;Z17nU{#NdAx_vvpFT_?Rq;Ku(M{p~8#HS!2 zs9TLdYra1$N_(9uMmIx2(th!-ec6u1%Rivt+2q41fF%%JPAe_VCO(kwgP%BP9k*TO z87PMQ6A{x6tZhyNxJ>xj{BYrKY0t>k4&@|fd}f{)u|pICl}7Cl zhh0b5WuBUy2y}mMjW(R9-oiARg)*p8bo{=Jwok@NPP;*4t2;!Q=U^Uvlb1pcHbLF{ z{yK?$Gf_QAp$G^hJGH~F9k8eaY!&?dV4)c7y2&Q~?Dye zE1-XrfF3Gf!Ye(bX=QC-U|?%IL!t2NXI%USHUipYaIsC*cp3h)55T?jO`n8Mdd;K2 ztfj854kx!Wa*2zt&9-%e%Tx4nip7u|=$lh@hnFs1gx6$cVA25goRyUTDh9@HVbN%p zJ1fTIlR8AxqWQbGr)!+#{`&Rne7@M#eC_cvpTpSnY77PgHcf{Q-afmy8(sEQeHn?c z%F|996YLS~NK~Xor>NF^NkFLvvTJMV*@p~G#ozE2oI$`L+_HM}Ds?^gD{~VQVXtxt zJ!k#wE4F4vkbz3-?v!GA+<^#n#hloH&r*rv3KJ8I!Gccl{DF=CQUdB7iu?+eSCPvw zsEYJ%Yq56%S%MeK+sn;p@02*ca8oTr_S9PZ4vcRHKY*9=QW?kztZA8GN4%J>qn7r+vxFS1 zXN&oi5Id6e+n=pfWtNLV8j?!)8=Qa~35*{>bJE$-b|OYhR#sL-#5RR^@jbnKGN@DJ z8>BTDf!mX{yVYE|>`+J-e{y9K1{1tBeZf2exR-1`KaM6I?22TW30ag>EcNB%otB3` z%}i$9$OY`3-g{B=;MKJdNr1#1Z{DG!OU4Qaw9ex|9v$2ooa5jghFxlBwV@Q8-%ft1 z_x!#v%r7jE^;CWLGGnkMn!^>2y*{jk3VymH{mp6!5u17l)xQ#pFY8lE@9$;42elXr z`k_&I&%n|4ZM@x!2cx+AYmq`>3BZv}lT^7R>ky?~=*U8D+PuxZF%@u+i>oC#=1J+N zjg?Znp|6j!v8GQqf{z)wN>^1YCx?lCJW1|P8(HQ6K7lNq5~LRFoXx=Xt)ei z931ef9^eWeeIk`m&nWBC129F1S@NSnNA(*ka21u=7Z+YT^<{9qz?;0Rf0`{iwpL$l z#LtlfNwk<(Yu(ViR+X8NefJ~h3Y3%um{Zjq+WT66c}|+#tDP@y4gYbgTH0+A=0&+< zf479d9+lv$!Fe`ZIQmXJqDHr`>lQz_Q!4Z8SA-r-d>tCH0{E%`#BJvHD**2%AOUdD z6xt>&F3?RB$D5W{_y}7!a(?;D_rz5Dw)8tdo<&7QBJfjmQ1=wO+Aw+Vr9MS3K5QU~Z95VIg)TAbLdLv??gn~t?=-}x*p zZT#ryHJC!8eyW2}H`2K{IV)GBID%N1nZrU$`fNX&bxAs;?4%5^DYm-}ra1SG@59XVtadzUq7sIng<*qv?%;p} zDHSBw&%dJdJv_2P*@gPff7%Bt;!CiKav?_@z>}pY2L2~twsi$O*S_~+8jVUFahcj$ zS_Q?$gSQFJ(2x*YU)D7b3mVE_ejlV%LBE>Y$C+pfm8WoWdUQ9l$$Pv+*&(PHglxE7 za{=s97Z>mv$Ns_2DDYQsTf=Er2zhdPdSHBffWrBQzhmv2pbo}w&-W4WH{qA_B`uW2 z3+vwaXYN>g7bl+z$`Bj2I?f^zXGC!|$F(2$Pl@jAiZiQQ9J|NHPECt&Ujw9Gdb-13 z6D%wXk@aDi1}Bh_t1uCjV9`kFb8J!lWN^9lQ3Bo$S7o(jPb2QEvZiU6=xefq$d>yr z$@?Man_7Q2lR7Prh!t@UFj8ls3ym!BA}8^Cqo8B@Z;Z>MC`N|uA{uci9}YoBre&-q z62J9);`sY>Ydo1u(1>HpmO&NJOK7#q0GJD0_u!`|B32AZ{Qfy7XXorVCQ&h;CH8XA zhOEO$YK09g%GHuba1~QcQMo2>zuE3FRn^iq+{?KA_B@RsFAsj-Rhw%;J5y@6{xA~A zC{PsxZSkWRd;v+0he!HgIt)e5jflWt42oS3?j=uy0kjd|9q#R&xa&L$MPOgQo)PBf zPl;QD7suD{pg>I;H3W4ZT(hpr!QFiqodpgexGp?d0z=8OgS1F`4=n@C8F4oA^{ewb zHVPdraqpmxg|S$y zrQ6T4`*On2R^?FNy>IYbCs~n>#upbT|VSIz}U|x9>=Z>oe6bUfQEoSOpWyw6&ALM>U^RZtLf*@ ztR56}ywo5PXOP|Hqy-KTB0xV|`FLgooT}4m;2DpnG&MERXf&njp7{(nw`cBF ztJ_qSp`2@)?J<9`SuMB1tiKl=P7{l@fQ0z@Ri3?cA0tim{xo~I@zpogHfA+gt;;vb z4l;8LY@|^yUy|0{nBJsxb;T_@67D11R8}7PRCoxR4T4OVuV1H!kP~ZVk&EWkMgy?fc0;zw{HtP z$ZZ8om%HMp+FCq`#4RZJWG=6`{Wd&B$P&cZSkFom)R^Pb(yE;L!#5c1gqquVPB(vx}K3YNhWJ4Sd-Qet9-PkyQf_pMUZsqU0gx$xPf zBzl$*5h&ESc^$CkOc%+#wU7_-{wBtzhyBqLa}yZJ3DT{6A?ywM&5vZl?MXJDMT4d_sz zl9H2OYp7~<=twKVhry~66KCQ-<4gxSw9Y|BmFLVCpm}uXJ3#js1wy6+A4079^ zo87C#<>hTnSLlsYiPeQlN_kE@j?Y7P9R@`)+gO_-v$B(dXCDNmdaYM)qKY%4^iil( zBk8^kvN~G=Y1^fdI&Q}J*)bDbJ2WFRlZy{eMbRJ+gFUi1x%9rfdvTF)Lya&oGOVpb zPrcnJZ%8RDn{zAw=S?!-Eu$qV8}~Jrq!tJ#!xG0tlEvqfKgeNxuKTL|tQ#9TV6(e+4X>{c{qdvC zE=LsQGB#D`H#SBeEs48PymP6qM=%Bm1rVH^#A$d+L2HMB+E}JMeN@7e46=&0b`p20 zu!|;YBQ{o&KyVlsP?Pqce;vVl<0=jIpTfjMsHu~sXSnSls2%GN!$czsuRr1BjR`2& zIqd^$h>u7`j7W2HSQX4Q&m@&Pcjw!;_LnNDA`VDxaYj0!S7T;o&KrNjHO5!hTn8yy z&0KFiBJU7bZ;}7`q@_J1$gjwEUNHCHeF`6lmqtSbu>y7e8_D-cWo7z$?lH5onC~pr zNxNR^%U`M@LIH-ys_do3xpa2+&qjTE7L>f%I;rTrSL4M+21+r#Ou0hEzZ2DN`0*gs+kf#CV_@**B{5=w-j6Zfo=xeBTM!5c!?N#o0>rL zm;UzcKo|oA73Z64Umg;JNIPE#j*c{HYmW;A(KrXwX2fompj7N0vuhx`lv(}HFNU~%xHD##!rk$CyyMIq~|=9))%X!+IL+^tR( z4ALMDlqf&*+$=X0mynRPz~?LL66gpLDL6F~9Lw+6><=DtL|a=;Ire05HF3PY$=={Q z#v>u20Fcb0^>v`=F*ofM5~6UWH>A{-6cosX9xda@dW&i!{gbs+eHr^*eSKu(&ly@& zAGTGla_L-9G5 z>(>#S9@v@KVsuPl%`@f0uHpL=UU(SmHp)A{4(oQoO#qw0m}jGh4CFDlPRD8Xc{cfN4#4QRUj< zYNU2{m$pP=^+}Hz4a}Eypir2qEQ3hb2lxTy6EFTJ6+_I!7UrEDxwMdS6FT5oGb+`| z%bh>iSl^wd@bNX>lQA35@Y%*dgk$4`NkQVuqMvJXnuj_@#x0njD{*@W3(ic;7rv|4 z`Rlz5^CV5DZ5plUZ*#d<{Y2xq_G@d^q&*$7a^PdI);jjzv%3IbU?_Ov*nxp`-xqa7lKC+@>4Xj7_Z(wJF%aHsm^)MGP+O!CI z9w$>nS=#BXu?kyG>1%=l0)>Dv7PL5nD5M~1S+>5_$_r0Vhg}3m_eVQBz@7i5JU#LI zL!CQ5P6|2P^c=5uPZ}Ql1^vv9SDLa7Iy%7-U}yo8lIez!8IaBabVYAt5X84c?y*;U z!ayh*)r{P8X5LaleQAaQ9&pPqLJi~CJ;J&s?Up6yp5kjRpmF(W#zaK7X(&`B<>W+CPSWprc%W@-A zYiD2yyt|T{QtkvS;03WVU;6cA`w@DhTof;+9H4yEa?%kO7QvZ4`*Z(T-5CY`Cs@Gv zB0=u-;NcjGk^Jtymewjbyts9;T&yB;`kNm0-C_r1(l;-_9R=&ADa8#D*eOX04P*wE(G{D zgt4*TlP93$Bn%2tb|zNW9Ew(bc0nGv_fq!lmDVnU*MQvhCE=rzmEJm9> zeTqm0ah)RrgG}4+#!n zZ||RFlT&yG#Q?S^Opddt# zXMx%iRJ6WchD>rgc62vPntPRn8OV%?$d&8%fs@KDnl6GuLi@YBwj|%kUFV9rc{FB? z7ExDIqmw3K{N(XUAHYF@8mxy*PJTM1OOx~QV6PW92vmNf;$ z>^kARaJ2OLzg2}{J6d`4auaXG^W%&+Hxt*l>IBsoOsj9%DiQRBH^&>K!NyqF4Z-ET!Ep<2^pE8{OrrD7Ygu|av_`bpljgp=dESSqD9^k*Ln9+b1_ty#(x=UBT}OcqG;vz?US-}(7D%Lfd!oj7ly5;k z)xz-!ePqP9XO@Pqc5qd$gey03?D8cNTq0X=agsB3<_?_Rw^#;(6BZ~e{`du%=1Z)S zGBrt=i505%%9VlakuPWT>GBoGNDzOX_@SE2L+00j@FqPaD{NZcVWx3!t|OgVDYJZ= zpND5@7GEwOAb2CUtE=EO4M0dRt8()(rD3>fE$&*}Se}U=LOLozqHbp(7i6P?@#64G z4-rH7X)=5OEMQ_m{nKFaM4stX2sV5IYR1nf!>->K@CjXEky`3E{JISuK6n83Gca30 z8Nwt_G%#f)C1AR}ThlhePVSL7e6ikzten{w`F~%Z&6zh<4<{Ht70Bg zEIq|>%MBPO06cB^jp+jR4zIQR(gOJOhU+ILbpv~E@3%cz>NGL@!+9mUow&?8e5m_% z(0b21xbKm3a4<=65N9_i>h0xaNd!%K{Z|Toh%|FjN(!0btKWKHE*U!0m8+qLBpeFE z6M^lH3Ft6P)cvNaMg%}aGSUUP`Ok&YV$13QAoyv!J?N&@?lW0)jf!6I0KhwVhqB>M zc~w%|+jDdRql^J(vZ@7k5(mwZ2w<1{Z!4C&*TO4*x?Sat(uk9oUz$*utF;N+4Atk5+}ykcsV#nVA_aTUO8sI_bkk zT*7!EEp2&y{hjLWkyQ*DdaGJoH$zkQ>HYFGQ=O;*e78e@U;rb0%f-OZN5q!zCKcAp znNVU9%E{!P7&Ig>#i;IQZXWsNOWVhfJ1TWgRMRZjZgc7AOjlHwed?6xE|#oJ2JRHA z26YnOLtLPl3GeH>mo6r$s&*Q!VuzGc+FG3@yM_==CzJn+`lTBd@qTW%w-FG2T)92h zv4%fjIJO)c7xiY_AO(`kuXuSG#AcO*KyFS}|M?KJmiT;7KMe?jW_~|ZQv>EdphA4d zDlZ#GO0@&OJPHsf0#g7$77TP99Y@-AEYX&b6L-dI7`2=Vpt<*)u6Lis@zKjaFM?)= zi>b)6giP0~fo&Pk92=-0cXw;6$%m=AHgmg;TFmQ8cI7}K10Xn#nifqP9w@Zby6(%- zUxFHNlhNqg`Qml6aMu=1^^ncUNT9YS?kd4(Q(bM&y2E&6-p~-^G5IO{%q$I=2f+HE zpvG{*DNSd-`|96L?)&?6hnr3znWlme%lxVUV%3P#(w)mQoeE)jgn6=Q9{7NoVc2I2 zFEg{gHpJLc16Ao2Y)AV@UOvqpA1X6*_+6rR>5-;wnt;HtucM|R*r0JFbYeb^kY}DU zP!fD5v(cF_`}rqNI;JOKZ{cv0ObrxG%UImMRaJQahVAU^sc^!Jz^*Qo9U@iI@my0$ z|J_0#-~QiQDGmtVuDo`ed-?y~3g)xV@M$@Pm>qSqKHqQA?TmG{JMVM%3${BVA065X3Kf&rQ0DplZa7f%lE7(2M z+WJ?n253DVV&hDl(Qm<_!>yb4MDlrqOF^ekmoKUXpb+c|Z?MrRjnrRQ)qz?Is2UR@ zk=lG0cne)YT1F)oy>$fw=!}5ar$6(3ouUF%$4110CxyZSl{k1~`z9Ku=J8WOX|{1jeX5D=K(;3xkcm9c#z;!4_a3&0xx!FD6;fZNCB)sw zMsBvLabC%4ICT&kCFmtpfLZwWxd6Y`v;(eQd02 zY#1wI>K|kR<&X1H|MQ{N;?Vv$q2wP z0CSsWCoX?2D=BFRu)OJPW+iYhJICJSCtw{CNwAzDIyGI)F>pj0`NC0z#e15MpG}|U zY@^I+)3ngRd*7}_XK$cepk^^Z7yLDB?>*0JcA8dE7{>+Ztwz;>-@jkHzR8*#hv<}Z zKPduly)KSbxr@B8E27TS%M~P~zYWIJ)>Pfh+C6Cr2^=oZ9blq49`+n1C38zXsZC)W z9!z50V(U6UX{-G7=jZA}HKuqlKZ^|?0?x<^Uup=w|uGS=SE^cDHO|6y_Y+e z2F{&lAmp-Om29}=&a93|DGB^}58UBe2zwf^jF~G_zIS#mM_sOy`hB&$pusKE4v3!R zO&b{0+b73Gciu09xa#fkak)9sgZs+VTn`FT2tXQ>wDlXvJbCo8#>yS)LLbZvD0@+i zj`_a!aLrlJ0l~pJG4WP1)fYe)u%@+Sc6L)k7#SLy5J~hIodzVcxpoGt+`ZjEFz11F zuCtYiAxlwn^zLKEsm9{K|5WWLiJ>>sSk$XMNAoO|hIPfz1%*Cgp>I8=!1o%Huskb> z+?-V(QUfbUdKI?ntPLy^m8qGX{urtcD-53+4JfabD5f;JTdeo;&@>lF$3*Dq+UwLWdQc=S54QRGvTo|oOdOIKK z-YHj+M&k$!B79N$ris2SofDSrt&4ltgpyYuOaV0P?U29?XMTY~I6|Nuon0E^V8_M z>r|&jz=aV#2C0HENzk5Nx@?p9VaO=bi+Zz*Y|-Nz1O zzQV2e*(Ifs`_R@?jfQMgo=YIs*$d-PVa2SbzVHICj!l;gq zFM;f9(C0F|;(2tkz**inpLFMV=*eFj`d(gMwL7>!>WQ_Yz$DEfBJ$@b+7PVfFeq5_ z(Ew!w5>DYHk3H8HD7{cDTdJeaqZ_$^e(`5f9#FogX;KMV7;aiI+5^=9Xq8q8wV-G zw_ROFuP?oLkhh@>5EqAlCvRJtT@ChkM|GS7+!m}zM!s`VfL?oOV*?g0b8U3}R}pjl z?DRs`8pFg4!QM^Xu4&HU*<16Y#b?tEU~sMZc$4a&#lqr-q?GV8)!hA$qku%G494AD zaSQROfOrrJ3i^8mZc=q0$k}2u-FJCE@qC-K+Z#3ob8}u9k^GKrOu++Q3)Kmic!eW$ z2zkO0+S+4HwwE8t){;#OSz_LHJ=wGX-|A3#i#gzB)z8M5q-WXCvL!67nPw&-D1uo}QK>XC#et&9(s!Me0QR%bgqk;NjCY+`Df zt+*x$1ZTOq9Cim_OM{%HkZ=YM*yZa6#@$rX6v0zsYI*+e2cS7m=eD-#WGtEa%qJmH zL?95@8&U-6Ss5-5i()Q!!{mV)KJ<($y^%z-ATEZ|+UO&Cd^6?E4Ref8D)$_#C-jZ8ucH7Mw}+aT@>80!SYB8#hj_ zSo?PMI65v|xlI2$a@0>zwFzHdu&S@};PIojU#FP+79Xq`&LL`Xm;nu2*Y5sCi~atv zQz~CSX6tvtrQU^wWG}CAeXSi=hac{6HOvPBPF41$#wp4mEPl1)T{2HvTRZcwdpGz# z0{rF3m*1f+f)N#e%HeF{@ErsAr3WK>)H#RbN&72w)8tL6RTBC_T$# zWs>~P*xDM*#FOpYe5W+LEO{gs&td{0iT$PD8lA16NI!)kkz`?6$j-BHLx2IVedeE|6S7j3%P;f(4pPrg@`gE=%vgUijygx3_nQ z41#8yqr1CQ>*n7u>gL~Kr-a>36Y9YyoxQ!;JZG|M91wO-Kks}Xwzv0H`5(`sCY;i6 zlXU^&{aMAKN1yR)qKgMn?NO8G-#y6zzork4D8t6W-d+P0FX!c4zqN|`dW*HS;$K(O zzu7aAX&%@=crZO&s8;O(KN%s(wQVgg$Meh0=NA_gz?2#}g>_~B?ff|ixunHK_44KX zpwtFxn<6It&PB^DgOPf&| zQF(1rwk=={Yll<#tjxgyP;|<&bC6KOS9N1r#0!8vn=keAY!P0l2P?AA36;RLkt=0dkY z5#IB^1nFa{VG(BasDub9U^4_%dD%DapFkBD?I>bZ10*H9b|16G=?z})X>k4kZ#O9^ z34A{08k3-kq@>OUI3&-fSQ=b zc%YQ}vzIRcq6}QAa-P3)+7KppmAzJh1aKviXjnS@oT#O4!1)s>FqpINDFG?Br0b{? z5_u3@Q)5&xnM(|4O00%^x7VO8%e;GI(>Z{ddaBag(nLX;4sY z(X)l3oVM=yy3c+SabLfR9?y37SkUBICBU(sdsXi89dSO=$!F)@v5@!rV6 zR1#1?1t?@ZjA;b$Q&QL|TZu)c&kDvKKp1$yHYRUxUwZJsAkd-SyV=*$+S=9F*xJ!? zWur4Ah5>MuY2DrO)J?QnS9W(nhu8@XLvV57bLfwm2*t_u;8uXkrsnH8Wyo*@rQfKw zS&bTKLpTI%@>(x58#pA)&v!cCv1+mj|I>JfVqwUIVZbNo8$_a$XBYSCF@7z}cHlMM zsIBF0(G>1_-z@{MaI&g1jbLIPK$_vDyCpWg3L#Rzj<(mSRzHqf>tHSp!^uoMdU!Uu z48OiY00eSNRssq66LOXp zg;ofJx%1xqm*R(SYH@OV!Cgtf!~IL`w+Y(^I|$Usbae9iHR}q;Usrb%J@9w0)rwe? zI0pjF&1+Tj+hxpQTF&_-M%0TJqj7f?%iK>(04->ZN97 z<6w&=3upIbNP3>eSp$_9WE{&3UB}9p$O&kc;^CCs#QeUV42PXi=F#FLnC5|Y_~i5oc;v2irsz#{eTrB78#$%lA4_M3fqPq19-si; zK*Ks|)g1=M>@YE_uZ?(u-dp`GjEl+PFCa3vId>!da>{;}6xZDb3|7btuO06&kU5`p22GyV9fRYcv0;HIDGq|APy$b@l zrk0kLW@dNj{Fau>ZiDVoC3D4sxdPare!iI)zn=7VekLDGn}54xc&nx&$P`iYpMbUL zei!BM931}Og~T-R`$D9)S8#Cq{`YjCysQ3Zhcj~op2s}6jpha9f_9cdZ_Q_oP(G@O zu-%jmSOB=C67*f8-xE;5OEQO4kyzaq@4+CmIG}rjsS2(Jf-~8C(O^MK>|0< zZ=r)x#>U#W)qsS_Ofmvz^^g5EOu2-dg?F;5>YXVPbRkJiqg!poFDBH16s60Q(#&~G z+!^4)OAN;Q`|}61D+WWj41IS^;DHfIc^Q9LZ|Mi>@YTzS>5thA?cV96uB;x#<o zk2(J~k_@uW&NQU=G1U@}bph24lqX7lO=^X78)<`G&P(b!+j*8w zH-{bLHQH|Yf5La>QPHMCR?mSZ`#i%Y^vF!Lbpwb-uHA&TCqAkL=13w@kcVfhFSE|6 zKP$WGaoL(#Kr|1uPIZO$Z?FPeYPffWyhKdmt$TTx$fv zivB==Znjc2(7VS-0WXr@R^x>>DD&Z^DgA8)`!7Fr7s^uxj@PMr`21Z{Y;orcw zqWj>%gYX9rz&1)f4(2+z9TPk6R@$zJbVaX2ydWHeg+n&0yae#ej!NJO92ufF#MM?$bNcZmDr^FC-qyacDl$^Yi;5!+}o(dC$IYmdq1nK9-#-@e&99oGt zOter~5d><-L~HG{oE4cHlUMdhbF2sYhb(G)u#-R?sAd)VrP8%aRnssmxf!TwaBvD6 zDtRE$1GoD|(JTW*g{n@29#s1zD=(2+H@G{E(olrU6&bds#5 zHo7#=dzy7p9)Dgx-_;x$nblcWrRe#b3WpEaqh~?N(8i_`sxRXh7*&;?e*ZbNfV)mOY`ge zEj3SnU;rJz;zykg#fatVU~H7n{w?5eA172D*aeq7wF` z#kRLk_R|HydHa-U9;8CGbtq$=&&Y6>Pi{@e4pU#Xr(cOFx_fvnak0<(vt7&Lt1C3w zyE~1%tWAN(z)LexwUsoyP=c;6l-k)T&0q3mN<>rt>a@EJ%8?eHj#oS%C@RU7Wnmp9 z05)?6;)${HWMDh+WtE=}?7(xw1!szYp1IwU!67s&&JL%unJmxkSHiB;ha3={_G7hpJPyvzD2_v}Hct)Cr24OsA!k_Bz;P!%}#ZG2+r-{7N-!ZSBmH+qGND=Q7`eaurwbQkWip_~GS30eA< zVPOd4WJ=|ZH@WaG3eqw>!p&|TY&rf}bEcS;_gFLRP6N`DP-MXT$RuyiTJava@Aq|( zdZdM~iqe!1(Ns6izRFjBuG3T}7Z50S9q5TnMiY}3#r=mf#}L zAd1?MaTigvNDwI1&RM_!FXDZW zX>|y~Hh{&MHmEPX+8J1}fuWSv^x5yov5FR`+qpHUHGbsgc}x@#GZ+nJZpiz;3&=)N zYpBsmXsH1sMompz00>qCNezrxukn!!_An|G3-p{`(kr#4NwLb!=$W-lU{;eyT$tq1 zP6O~SC>shj+;QMC3XsCpe;!+fh9cfwQD90~;pOG630&FXbg00vL0l;(oAZKndTAh9 z1rYqi2Pva(jggyJc!n}+XQ=S^-@qoJHzVre=GN2K2W-66KxwdxL*`j^kPs<``F#pn zno0la^nb`wf!eeA3Izf$d3&sN8uFLsm2-n*s@%h^qfiGw@Hq;>+dQn&cr3&DAMzOy z0JB1b6a&^K6s8&9TP_7&m@b%R^{1_3_U&O}&Ey3P z8hK}6G5omDAOS?1n_d5wzg;(W^JJd|W)eIQrYbk_tfiBgJTveS-b4|=sPzsHj2GP9 zzD;Yuc=t?#t!sLCNXcmEouK0PZxq30eyiWro(t))1Jva!rCjGPL3EPoWz>MRWz;|v z(Br89L%6;^2!dz?Qx*6JG9p^lSvuL^KrS^3B1!-VYHT{n`)tyZqpUF0ch|9#v$dRDURl|IOee_>r}TR!$;PJC z!lBeoVzkO`=<#|kuISSz86fIyJ&>9ZdAJcE`7fuHCrCsP5^4w?(@5hPv@2?3Lp8QA zGE~zEm;%Ef){N;o4ZEUoOD7vy8_oeU1Q*3TmFJJY$=|<8q2msEMfnYGa50S9+-&IU z=^+KKbe+4}75DZLJeT6`N(KW9o>L#MNoH>(gu&3jpg&Vy*>AikTx9(kTcT;HdBE26 zD^dxM**@J0f$IiWoxVbC9*~9BL|xV|49575Wxf~uFVQ1uKK0<*`H%ju7TW(YhrM4U z(A-6q)qLXO6?#z#cZMe?bJj0jBQ^SOTplf(Q~r}fqn{n|hBijnvT?QGL}p{eBW^#z z0#d~~p-?Hf3* z$0L>SG|Vze2pMICP-L&{kX6Yhdt{}I%~-utfA{-+9FFJte!j2o z>*o)z*E#1N*L~gBzOVbbH^D^{AcDcUaJmh2_sVwhxAwEq1Y>Xo%*We1D|Ke?7V#x; z*kk;sp<=yIrL9Ef!!6C~U%wW?+S`}MGFEk3pW;;OHMYjp%@#+;cQHswH46#V z^xMpV*LI$N5)k;d`jEaY3)F|KtTY6-XNVX0TKD}##Ys9r5@-y!BMlEv-P7A2-h2D{ z`hr4z;5Lj({70@%&JrmDvlteA;Bw_;>o~o7oW@JlY`g6qu=^>m{eR5CHpBavI7CbVl}>NB;@WTBpm5}BQwd~zoc+8ddJmlBH#Rkf-YuAXBxOKHN9XI~ z#b-VDJurdchSJquE5CR7dG8ekeu2wFppvxQ)48SjAjud|N=L2i#U3b9M#FlOnc4Z^ zwP3XTiw|w!F7a@&Ro$Dfw(^wpr%L}01-A)Ly?y}B-l8hBmcae54AY+5Gu{`Z<-+o` z>wXS`%U~8O%cP|Cb`j-L@d1FPNy5WHQr^XxmXGY+BW!wx4QD_I5Y%BPvTaz76Y&>$ z_z)D_d0g`P&R@XqZj;BymyxdpT(U9G^8pm%srJzur3oqr^<73U+>;wrOe+&`Ep4u^ zFLkKV1vfqK&=6h%EH@`-en#<_4wSIf>I?usy{(;fW+wXM?|ueAIr?L^8}C4xRpf1p zdA+qR)^-uX!1Cn6ZmHnUJRpA((Ju=^P#mVJ!A$ioSs*W_$1&ww|4!`ruTg&Q&I^I^ zfZ+OQVq!)jGpC6)2S=pV;)c%zhAD z2)}gkqRvbEm!b*hwxo4lya2I_M}+H5MayNmy4o@y*>oBL$Cu?Ps})sM4J^LSJv6Lt z=kVd?QJbAHXlDgk|2`=g*f~Z{@Viu+KhGuLJiVp(>z2(9_C9iHS+ES{1~`UZ`2ZZqdip@{9?8!*b={V5=jE~KoSbDol79dxk~D$L zFmgWgxt^sUa5p5lfpl`>8mN^PHN{F@_CBlnBNq-x;GLPZVW;CN(w!9{Tf8Kv(Ct!U z+?U4=s-))hY&C}j%egtwDP?HT;=UJ%R|IA|*Mj3U-s(9$gG+!#!71wN*AKu^r#d*4 zwH6NxRled7kf%F$S7(ukNwwJYpz8hmM=Jc*c%WF&gg`kJt#owg!tXr&+*^bNyTWvc z4#M?^I@%x+x__9Tl9yMoFEOl5^Z7t@x%LgqynJ?Lg^u_{rF*uI%oa3s1O%RGYpXfF z*}n}FW-0OAMwacae!m{=8={+00pWK0yIAiyfH?gEu8DyIw1I(v*Si#Jpn@l;rU_i2 z20A*B0HZOt1h6)#43O8zgWqX3dmcX{Q+FIdRHB9{P@8DHtpLts$f;?1t@(oFyY4}^W*DPGvHzF4}bTJW|@(?5ZWmwz~CqLUh^rLnRc5je|o-Ly3-2IW&+H>W8k5^(^J{EKZDz7 z?!qLK+1Z|>buyqt&4U-JKXOxezti}tXc&XJL98U*?4TjmY^ z@Afj<2(8V`8bGYKEjx%d-;I&sA>q2Ym39`$@#qH;D^Td6%z~DNl~um4J-6ruZCkzW zQ(`)Tw3bQmuBBWw9Sx3YDvu!zdQiMh( zLE#+`65}*=2k~xSPtVdTuNKTeu~CikhZ(Ai%m;**FW>X@4tw4f9~`XUE$G_$S0uGp zxy`|Awl(Rd!H&GV;^J*`)#NpW5y|PFg46n|WF!rdg#spn=K?ss*A9i9c|sq;A*wJ{ zc~ikFFx7B&=0>@cm{gFokdRpCg*GGoN<_chTG{vSbzEFUz%?oxnxYle$Hnz+^9J!G zaFRmu8dOE$5i}#I27ozK3_LI?u7jLGczOiLsm&y;OPq`Yj9S>>#ZUz%*_NB1kK?#6%lSQpP3(9 zBcJ-o0^W&G1eGZq=y6iAvstLw*Y@Asowl<5dPk+N`vEBDQ<{D~JZ0Vb)#+08M8yeC zdQgL4_xFP*W?y`Ha9;`4(t?_!5sZlU+LBUILBnCuB9iV2;I2rbS~<--kg%Xe^M-l& zD=7Y%`g&rLmvaV}V4I-)?J!;S2-Q__5cc#xYqq$lZ(uCMW3 zsXhY>u}V;hp^!|6SYPi##P{7dL{wr87u_O=eZ2DM;*4BahhFTkqM`bf$XQj)8>TUL3{0%p9a&L)JuLdDtM{o854>uQipa&Cr>eVZZ~X9G!)gBe z_UH2T6whq$m`t(1){-HOOkQJ{T8Lr7OR=GJTcygn^BB{xK*{w}#R4-XT|96oSl$;) z-i`l9o6=3s_@C8{H!d1gl**{52U@&78xo(Y#F$Rg{#y`LLf_W?ZWD`nhkP4GrK}b) zZ}(vx{z}%rtIuflxN5IHK~>dn0hLc(v?XNRWuM#wMVOOvb929Z`BGe5oRiZQEwYBJ zvVQj;5fb5HP!f;W0F?2r^qjh3JLPEyI#smI`?<(-RX#c$!>mqho=-e90K<_`U*I$i!RPi5! zrCQd#HEm({+#yY3U})V1y$@l-cmdSxNGLL~2Al+F|8?}31I7o`_JX!2UXuVOqsAdw zfuD%U!4USi$HUvA4}bjn!iiTX+(*yHX`($Xfqhu+6O31R9&GeMJ)=Gf#Q&_uaAEha zW7Z|5|g9PipT1c$Lf<=zTXYM{sRA-Dhhpr zOEu_@n$2aB5Mm?nXvyL9Cx`H3^8uw>Q~$>+5bhv_kMsYAXmn`)je}#TF<3!qcSoWl z3~T*Qf&nWkKafD%IT!FywDr;RCFgPeg*sEG11hxE7-+Qoho#yxDIO_GFfh*J0}z&i zkICK@EUnOK(Gab-3;1f`3mTNaK^ZA^yfW0&Cd7mg-S0KW9IyI3HdM5J*O&7cE_Y0b zTkNOR(75xI2Z=DV^QGgV@BY49Jw@=Zxx+M_NYI;r*{P44Xulpk9~Xu`&+!CW&_*ev z{e}%-IDQ(2Me<*JQTFZGp^(ME0NexM9r?12BF}0}KrqaQ#qhzG0Cl>=Wydejuw4Dm zXlTrWE{HIXR)f)m-sc!lnDtN0h5p;o;xSmzhk6OlE-xPKbmhy+08swOY41vz0%{4i zCLqyyHPU%s`NVgi-yQURX6_fzSq%-Jr;nOpeE1`Jf{-ww9siC8$3ek-E`Ls;wLO*r zCj}_l&|s^m#_2#cZRt)4IJE~FWRkG%B+gHW$Nzmp0j9^o>R02=9!$><^gu(AfaJUu3O7ZQkCYSE+#(E0Y^Xyai49=^MZ609d#{q9eek)y@9 zX#X$F{a>2>xm)e2)`r?=cdY-h#{abs05**Yx?@H2*AX;8ZECx>N-#Sk@SQi`pv!rP z>8BIID%QdC(4x!)sJWxnVAgMA(A=5etVlS4K7b;-tt-c{Ri8qi2W(T}v0%CchN1J& zK;t(|bRGb_i1xUWB&1m8ShoN8JH?-v5v*&gk79oj`vk!Q0$Ki%1N z$an||t2jmyP*_0koI4`q%Ir$*6SM@$h`UGJtn~rtPf?&fk2|mc;%ohZwqi(#%pH>n z4cJrr6VeTAB-zm;Rn_Plae~+3B@7=+4_LX|kE6*>?bm>#&~(HlAg%ysA1)WU6b}v9 z=mXyYY4(EHOaeupl@Qmoa%ybR9QSw$7T?NQ?slxbA$`8u$S}Oy*O4N>CWlfgzl&-> zh}L|H{kSiT2MOjfAGFTLz+;?H{b)3SzU2Rh=8%PV0@)rXr3Vh6DYP}RoI2XNlY$s( zh6a0;nR_b(+8&-dAD8sj)M1IfqC;MGD+3X=O>NuN0gAxlG-%Am5Qb}{XrinNAijn- zYk{p`KhlFJRdh;uWunu~o7eU=ko{>`$E-F6gr!u_9*yc}bKFN8+b1 z3F;MWXFAvmqsrv9bQ!loq{^3SN=#m4;E1Y?htc=_^MT1Ut2QjSgKhSm{dcG8v?F{6yQ0~{D7qG zd~2v7NmA@`LLQ%0<9CcntYd5nwz7D&WT?z$_59OH60)7};J1=_(L}VU)i$--^I(oS zoQAHZGm(MT33z7c}Q;s+LZ1ck~*-<05pHz4^5`Dc$n?D&pZ8N4lh5gSpdN0z+ zgP!#SoVQy%MbM{RKA@J8+{$4sk?{BDiO zjs`CCHIm@-mrnbAWVdK29vf4QEyPNgq3eq-wqi=qTHNt2kas$V75Ak*40kVkcl}yJ zhV;Ut4dH`7YTgevd_RU{cHB}^3t*a$U#Q&?{wdA;bua3%yED-_q_FHrxlQOZR`f1r zI%WyHqIFZP^vy=aTtvePFx00n7C#D1)o-7mUw9xAbFDp^l+$^AvWDWfoQ?ffpUCjX zD_+dpI%;cv2qGWCtiH|4E4gK!9P7K^TS7AigMAXxvyvU2&B%4%wH#QPNpI=yxNW?@ zytYvqS}HX?e}Q#4qC9;ayF9Nv^I{{DjK5}fMwExEtnF;jPkZgQ*jSmE>7ftBdd-eh zL29>ucZT=5FXJd1ea(6q%ds+_P9PN7%1yd83y5#AZ*oK9lsuzYd z<1Wn(ELxuvX6ROaYlBJG^Czjl%QV%&X++o2UGkM)2cA;@A5J!q*utk^5goay62*g$ zMMYub|Dh;K=1T$&cVF#@;uQ)zi_8)kpQyqp)4LISTg8vY?DdyNZm7vmpy51#(1)JB zaCbh#ZaZu@Dy!*3$u0XhareAWp`9cBslvWdD36y)mXM&ouQTCj491$hi0R zimWc*DNtnT%PX3}AC0?4Rzbm8!8crKoW^OCxmW&q)u7+5L|)a_BFJPpvOSc#H`uaj z3ZPmSF@+}*dwK6EhiVK-#n0Mx-=T08frmo?)OB8$%*yo--R~X92Y8=Ol%B2#pmzw`U`i*PQOf^e@mWhDhX3I| z``4{9ix~gVbnM$F4lbdQ39A*L z>WaDm&t<1!L_n)Ww{l01a1_jQbSZKB)FFtTKb&@^B46jyP#F4@bZM@#K{Pu$nk*L&#=5M%DAmsK+Y$O9cC%GC zm-3A}$!aCNhnD46*F&Q&4zaP7Pn5(O5cw#X_RKMF+ZisoEn{ zxfv_lHWF2O9@No`LAw6F z;j`yz3Wlr^!0ftUanw=-Qm)RF1@S51}@Ux zDRVGB_|xiiCq?OPUmX*XPl2Mj!FjB>!PR40AbnLOTCl?2DFkp*Y_%V)>{u?)zwmsT z)2P!KKvi;d!3thn)4_>lraLR~-%LG6-TN4!+E$P%(4R$( z#Uwef)#&5Kz;PqRrz11^tpOH=m_)yH)y5{o8S~R7T-p9)0uE6Kn)l=P$%n;NU^X}Mk z?0Jx^^jzaXa;|+KqGblZuT|OJG{#w}!df=*_GKUI_G50_Hoxp6Kyp)Et+$JLUM9LC zb>Ua?*MH85ea_2^(i|wXcQQ97>QLcLncRt<(Qg|F5#lV}&tpJHO%8FIcP(47o7g_P zNsLIW@a9xt&=uUB1t9_*rnXm=)-iI75tH2Cwsr8)?iyP_?j0slmZuZ0<2A$dgQDl49YI>I20Lw+eQsQS z2bza6kyBUGO#kvSPN z4T;T)&cqbB)3#6NN@FQThy8pb(+r$TnacWNhSVR&M6?3+vNzb@S7c%vD5ZY`ESt<3 z&ZNV5r1k=Em$h@%&EVJD_%VOJRauvB*HH+zvnf+p#_~riQK%ItRBTo~jY=5JRDLnP zxOXe!lYVs8rPiy8J!`A zi4!8IWv^O;d!Ag@hTxVuYulKtd|1~|NLRPwZvG?g0!7BaT6va0qXQ;!Jo|;*9nBbC zL)wbvvk*8g4)E@a1u@5J1v6n9AJDdZlbN3VMOU&Yu@a)F<}S&!p%(72`(o3lZa8AY zV`;_e<|EGYkb>>>4>Ou%Ft>iptCDM$>wK2!s!h4vsQFBy$O8G7vcjHQ8u_h!6E;5~`b&Gl=ob+a=TAzIDu&G`P&af40(*cGc0wGxzj!!cq~BP=mXHkEO>eW*|lgBF#GtO8o!B(AUyjFK8Yf7W@luPKSpZl(hec ze#Zznh8&=GiQzC1#`WNERt$C&X!mh@34GQQ4j1|!TLpX?3_IQpWtP4e)F<-iz`)g| z7&;7jyvG4uH`@$hYH@jTJmnE&5Egb8oH0-vaS!ZEUJKt2YV!IwpaG~cl!!h(xAoNh zBjf<+t!^5NpnuLcls~kM(UAvDMaGktbYi4D<`WC+3tkLB9t;4I02ESe#emvPJBXNt zya`b>x=aadu{5O&Iu!8%QjRMy?w3XFC9X5 zM@LdTJ@m;j%E#^i4{J4{+c#EAK@B)gUS^oV)BB6T$td|WCS;8j=QFIms`tcQ|JKYc zVkx`yk~@yVS-#wd5Z>1S1lhRD<72JB67f;e!P4An>#gqgz)O9F(rKq@DSW?hO%?Sr z`>uLyQ*k-Y^TZrfnbUuVj9-dDSUmIByK64ye`SY{_4ZnA!nWfL<9!Q$xsh5TqMEWO zMq(kJIV*%t19`EgwQ&}<$WPU%^QYBJRV@X#@3DTa?NhU1f6?V#7NL$~}Eef*9vxAA`m!9J^ zjxcX#5eJi)QRkknqrH06cdTw+PEM|@;v9z_X78V#R>Rxch4utKO8(Pv`#LhAMJ4iB zaryG(j6>RUf&0&tY~9ltU(M9^T|q1@20!|6wq(Z4%Kyd;-){u28jf&SSFuI$;NsI& zUx@;}9x1D#OBJ`~EW#GX?2X7_5ZF|G3$zppBi#v8Z@Z}q7n+2v+vzw7=~%6~5*3E> zXOgqL5VNux@1v7ZpM1Dc7x-64U#o0Xl3F3TzqF_U>$u>nns5`&^59zS~t znGEju_?VaqZN*LryRBKRyWC!4FC60PCT!$3tXuWFq|DFVy75qFD_dVGg*w51)-3G2wH zr_M`dT^_oS$BISeycMuI#hGp-6onP+Rk*PBaf(dvUE@15-&D22p=Y~%QQ2t{G4#RV zfMSCkuGysfMJPY037m?y%~`PeOc>nMTfkv3Z*YEYNp1jHCw|t@oi1Uf>ju3E;Hwky0*F(j%s!|TZ-!pghbI1H|%!rbZ^^# zp6BGdYp%4s9*H3O2?kd)y#Iw8NBEk`htj8#3*UIndZjR`^8a@>oW>XLp>Sb-19&!-cC8QB^Tuxh5eDEjo9jO9K>L}iT{UuT* zmelSE_zdNKT!?zr6wVeNm6#W0$>SeqEQ&Ym*u~RtzA~9@aWXFXN1ksjoxRsj&_2)! zH47};OZY*GHiIV2#0_2>F>{?%nLbb2;=12Z>1JqLsCbsFwz>V8?6OZ|w2#y1t+iZ3 z{qalDSANa*k-OPH+W3)K_GJN7b?e%u+v;4YyBE2=9xGx0q<{8x0IOG0h>UGw3v+4r ze3(Z2Y{OYKocnFruCl9{vF~J7mz7F3rq(KFbGtH$+i9bN1}@=#4bs^`F@zG3-88TE zHcR6I6_ICIiwPmHE^s`dwH()bZL(&|hZ&ERDKPEUhi8j_FiW3M=zHrtwpkQ0y7?b;rlK+%4xCki~$^eUuFb4 z_|z+;F@d`{5wA}W$q$nDUQg?n%>R=xlL zvR!8`-IS|v+OuCvbxSx=a>pG|)Rs>r`7l@qp&(?z<@~VsT{GFJ&hHI z7lj8X?9+v5a1Fj)hQI82LttZLV~sZv|L$Tn=IQevz_rfe*{+N$+?INv<`k{uhflWc ziBjN(K*!Bvn4*Bc;UesYG=(dfyk~_-F8he{kc(HHxli>C^)(dE2>_0Zo`QX?mlI(| zGQ*6QYxyoR-R?5P)We@4((v`1eXwS;gD9-no=F22li!@ijfJ@YiAbT9i!e3B<0+UH z4w(OVgU@&OMbn4ZnAm80-I1!OcGT*BQbb3h6lC4|inc_nRV3@_A{{oESb#qPIRc~s zfa2pT28#DByP|9c%e1TApMNe!F&AK2aoDZKJD}qs>L0h2oNhpT7Vb8TICXEa{Wu_7y<;avPKu8~{5Ec%p0J zJQx^U2vIAzG28JD_70FCvP7vX08(_Z5Qj&$1zhb{=fU^j4`OavF)=8_fzI!c%L>3d zmK9(*ss%<;Rc9)r0f~W*@c5RZxuJk&=I9QW!U+b=Zbw@eHks|2e+}JQE`v6$_7a9-zK@uXlp&T0$i%BT4ND7RDX0dj94rLlL3_S;> zjDAbAim*UDsKb~n5C)0O5xVj$5gevV$qg2(3ttZ9^}M70$eU_DQ8=Xy7Ps8ib2;6u zbx|ME`&hQadTRDGxOWPwu7W>b#IM{-o!6luiy-EePhxr%WxGsw(pN0cqe8-o;d1Xk zPPFQ45T0b zT?EaWZ2jzEb;3743a-EbgwM~C$}%hVx1TFQi@?Be(1)a3dqFU|`|8CPD2#GIv4MuM zn(IKF-Q9=cHwMams3;NgbH5*|I}}(jXm>yUsKjC*ff|blNgWs%pWK_y2|L_CX0lRJ zocNj=wN`V;H=gZEKz)YRe&Hz8_72EA<9`g`Gie_30@3F0S{RdWG@fJJ#uIBhRb(O1am-Xd6ZX-jDj8Q1U}f; z;|LiP^jdF-*J2xQHL(KzZGOenO4Hlr=UvfB4pUO)v?ip*lS6Q{8{@Zk03bB6pg~m@ zam$LOEtQ7vyx>d(hI!GgAyq55(}vi%LhD9%*;mT&ViDB*B1sD0FQujt;g-;GrMS;`-;)pR@F~a_ z-PnKT5VF;>cT;+Is%Xosq8Rd0MtoMugD!`1ltwA!o-RcghWXEHb{F$*`{RvAKVm7) ztLt=AA6k5B8Pd3{U2&_=W`kT=bH?+Kgn9-6>64k)U(;-|AzmY$7MJb~GQ&#Pkz#Jn z@=W6g{-2Zq{f3N>?%Tq@)VC{nmbgL~67N~5f1K``UAvq6e73}4qAn!bONeS`GyX@k zrL6uwWkuaoqPCOsuUH~epPesbdk+Z~&M%5#*4CsoIWiSBb?%A$^t}UlDPQ|i$Yp32 z6hZEX$)Jg?dE<=UtCg^aSjhx&L5!9My+QIL#-aWs|1`=RvPb1SBox6tD$V;<$*;1M z4MHU7yM8i9-d)~0#R;-Hyaw2AMdv;3VIEv?8hv(Y(nH28LCTJeYjS44x>4!tqQb2d zNow}Q{J5R(yd@o-F#E`3)B$v4?CGl2(;E*G-OCWJJ)}hs z5VQ02&x(#%RdTU8B3Re-R_0Bsih`EhONF7ngg$f5QW?|KKAG=aS~;a2kmpjnG{~05mKu#O`cz1 zq3=iqsU{0|ojg9p>Kh%w`61IW*BCDQ(BmwuPCK<*=!o6c1%A3%2+e-@ zECsv2$^UHDb~9LYG~!+{4Vh^Dc5Dit1EBT#u^j& z6zorsRvez;?9%{2n!o!LM>qvQF~wx|57C?Fh%u3@LDfmI*`=wm%{N9Nzb~Fu+=Xa$w!FDvl&f`_z;l~m@asHprgY=u6TD!R z#=J_UACS-Lj{Ei6e%oi@`*v@HzmrJ)5pAwWUFw}wY~K*9jc>BIe*K^?;)RJ~k@fxu zUAbY6ji&j)r{Xn|T~pgNk}1^{Ud5 z`h_FXMni$unShK(i?W%_>rj9u`{j@ZZ!E4w7{ABuxHA*1L<2WnJQN3 zaN+P|xS<>%d5+FD5jwPgZwjfwh8g9yOY);|)^2WV# zWo8zg13Fh~n;-9Yi+MY5bd`eqflkvNNiv)AJF~AjC+=}sSN+}~GPIn}S&L9fxC8;H zRR~mYhYw_}T0GyBRLoBRhv;7V-ratYU!K-`jDr-l#XqeU3y#LtV0oq#+@tH)Sm%j3 zMt>^5z`e?)X6IXeugGD*XFMV+*OCbuaSjhcTY-@fWN%*&(oJPlOXXBlV$@Vysw(Y# zL(5b?ncrK8AJw`uKHbmHCc?_DsXP57qcYML>iwJvHkyoKi~9MpWWK&dr!E8Md5}E# zg>!Ont1-P?PWeF=zne94oh zo>g&`v3r(YW6QPyxm$}8sMFmIPGl% zPm66V+@PkoS)MR`e^6}&BwMH`?Dggg&g!ve6g^cJGKVczy$?XkWvCW_6UR>%#0>b? zy1=bL5IRVZ0fpy=>}Tg0h!u@{?>uWLCgOkW(Cw)rWEJCnRaMH+K&QMB#t03B=)3V) zfccRjg_D5?8_g=c(TP-$h=lK8Y&~qh>*}@8N8y$zZrQCJt7Q@e2c@FAh^c zU-zj-?mPlP1rrb&SVVLSsmm%~UPbh8taWQ@78v!ewD4Dekw#zKa-KlA35`dm<7K3; z1u?*ZFifC<`kX7EAc@{X``Va0C8K^kXq4 z;eGkLa%a9|p`hQSy@~mg7Te}t4M-tSQrmlpqSK-e80JGYT@==b(@Y7=Cs0 z!`4PQM@jOp_Q~;SoAch~Z>PT8UWsjzS0scW}FT6J|IPX~}4NY2<>&L_A+pUR6l+y>hSB+gOV(*U~nSC?LQ30>6)D7P`XUy!(oyMvUu%%37cgo zka1*}bjX2q5`_-+Ndx{HOPVitZ5=i31lbVN&wkhUE;OqYSt1h0-n!}-GSK`~w;HZT zME%HuPvPsu0Tl~I00ZFHhZ|O(>}SC<-;9L=ZAmgQAev{jLEv+`qGIz;YyZyUULftt zHmgQbyt_@(lT-Vyw-yo^4?IyUuti7&{a{yR<9F24$%uIZyM&}r44^%c5td)}>jT?D zLOh0GG)QqZ_2YP-jPW(DL5Q9LBMU$ zMpqB0qXHup#m;ql=8|2Yd3ApHP|s@YYAvl-`0DB6JFf(QEGHEAf?<{tx-m$@Kp0aB zgqwS^wfCSPn<9bZuw{;P6e&=ZPt|KYR+RZUUT9QkvwF|)l~@C%0i>=un%FlM7Y7or zM;<5&K-g=5RR#HP9U!h)m{7<)+3W3v6%FWf2ZH`NWSEJ~TEq4T=_ag00WD{;(1D07OdEDz31+{{Q!%nNv9ulk+yh4c|BVRZCj#Hm*eZkZ8tJo#5`|3B5!hsmjNpl#@ym zXinouD3Ar_bWTj|%h3@O>in26TPLl#zq{j2eudSv5)6PB)v8->neP=Ms}UCw7hakH zDa=X}=){Q~xDZ+`Xtth0TQP`Rx$t5gn}ioY4of!npYU^_*L}$Nc8RJzHV&ak+1vv( z%dig$Ax{22Yz}m-+s7&k_4zYW_v zh2)gp$JM!bxQ!#25Ticst48pHs$}(kKVa!UJh(W^?;yMomSpzwZUr z29OMaT?kf&LlgVA>CF;XSz%PVmP-Yc4dcOP2x6{Kdyu09=oe9_DSskbMRF7jgYtC{ zeO9QL4jg;xE0}(W-aRC5{zOVtKHan^`tL_+Gf82U{O~h7#0NmyQzz4`~aY4HYRE%$ft;q9FI}$nk{WmN;4;gt@*vG^#^+ke{H$ zI)ns1Dok`ppW~<=Oo(e_j&W?P23l_L^MOf2ZhwlCPC&|m>q1Q}BR9Sf+9S#J^(?4`lI%*fGy3+w`Ee4x`DoyhV>I6I9C z5=n|bz!?beeAk1i?0&*Z?_;di_o}L@FYPDVskA5lyB(w)SAPR9`@f@#1%adW|9lP3 zr;&|sqYph*i5ZEoTI=K&RT@+jI=C?komqcGZ;`B%R!~~)`R2_t8Lq&|TQDM103tI~ z3*#VIza(8nUuh^f{DI~^F-x-03I|w#^`7l$peEBtmZYc8mPL~@2Oi~@8cpZ&UkQp{ z54+>5;BzqE)ilpF(d<)@J;7XKhv)b5AwEoE^;z(Y%Xn0N>byf!Joe9YmWh*93$Jkt z*tB}eNZ)FT*ZSV7=Qni?!Xm~Ngxq*55dFAXV!dnI5IB{kd0YQ?{G%(}V-&T!BPoh$ zvAeYa{GcZF#3!xqU#h9>J)wU0on%=?Hq|H!eKLOyJ9SRUcrAN?7kT_8GuwW-KDcCv zi|BgedZ7-_AAKIHG&yJ<%Uz>~tIa~QLs1&RS&kk1qJ4^(VNFlM9h{6u8`zuGzq0!Jg-U-Q@S&P?07&x8oPQ`WXe7?J$ zN9A-ChRg&aKA9@dXWf2dRQifILs8uu>6~67@*=WTQ>jT^n-V$QAz5?`YK8aCrHx27 zyS9F0Cry1)WcH#r0!x-ltl&UM)QZ5TvAb#Dk$TbRrw@7~!pFrB`V;b|-S+~XwQ!Ay zK=WXX5n@sK3BP=@=2?+>Qw}tg?M+>JlXxJLF(T^=4v)BE9=0>o4y$fb=dV+g-JumH zAnYr5*oe@dClPRU$}Ohg?kZf3?;XC;%qsmS10aqwt?z-Si1^nb>;i}3zIbQv7DhO{O%6@>b>VZ}*cXUHdkSYAV92tZF7IsPSq9HXHw z$t77`;N8}fYYSW}GS^?oAo1g!@g#?XDepBQ2@-4xNFkv4_C#uo6vaLJ=2%=O1wdIk za;)M+KIAc1eVZNVKaR)wf#{(V#V;m89|NT*a6x5SWc35IewSUqSwMgJ$D2KO^eN)m z-+a9G(Jibt+_LJXUmDE-Da}rDnwEmX6>ytL*38(`wUyinok#(zJR|bwqA*F$9LnA; zA8~NV(%G7NxI19)0xz7KL0JK`vemT1-vHt2Tu(+)qFIwOV~RIyE@nKj zml((Z8iu)RhsOu-({tyeDdvD?muDI2Nf=H2x+<@(F3XWTm-H6zK= z=b&lV)@!;&=|TG;d17yVq{dzaQw*K})3|SuLH}xred$hp$(3sVIAg$zCW4){@yerh zbB33F_O22i7(b@F*3QZi#)Sj* zH>U^cs~?hUK!ATZ65tT|$bAdbu=tMj?^d%8#INd}$Qy={o45Y85@{7nEdI4qlrzGe<^oo;DRhGDx99$=K~IKRmW z*ucOr;D~e$kVH7M#z+Bu0;NEO*_uLf+=UlP|5jqmMYCK15@(eVC|wUni$fV9!x~y2 z2ArOM6l;bqYUCTYAKM*}w=Lgx;xu_gA`2OKhT_^M4}2Nb7J(B7|G_qcqQue75ID%a zj7t56;^Ro~0B(#7S<9bH(xyL(h{IXf?QbGZWXm^46re0A*j^D=T|tcwnZO;za3%>n zJe+!e!d_N7vdt)<6&tl4oruHd(x4_ND!2|?*C*^&)R_#%G72royC|vDDE|PyG;w6h z!M9yd!F_lsKPFC|1sEP-2{tD4Pgt`@cLJo3BOiyW0t|_D!pHDfM5WwA2<}K%IeDBe zgmW|zv>g$grY9VjBa0h0jCFnh&VwgHW;M)qounZp#(ret&LIskMnHil_z&Lu6B+mb zm~to;82%YPOHt^{yoCO_!~N)P1h_gBchO0S0&YwRZ;)aCiTr(Vw04xVfS&`b=wsKR z7tM->lN|<&kM12I_coRNcwP|F%0Zn?B9C}t?Ql?rz8z%t3hJXdG~hFu;SZsZY~Vy@ z1~`{FOiKfb9y*tKgMasB)@)`8({a`$3agLa;0WW|{C3(|SPP2Ty>Z+?tSqT&-85%d zgMWX?Kj=8Av*Q)%T;(2q&+IaT{f#sv`~H?-NZDZPIkhCxcI2orm&FgYYwgS*U$`Q_ zu@-&0-+37A)|T9YKFg73a0#07NJ2aWzh%?x%%QFaP~r#L%e**#>Y3n@% zm&+dBF*m{s=!a5-;4K^zfCfy&<~XKnsD=r`PhG{344pj2Q6zH zq9?$}$M@Y}^6WXjDF{sp#0ch*sDSr!FY*Z6ZV-(g0Vxf)&uZ8|0c4Mp)cO%Jv7sq| zushH&{R?9z350&Bsj0zjK_yDOVEz7rjHg&5*L1H&id0KtNhgZTp1+k&@t5pS2CbeH zGeb0`U+4CB+iWRN;(DYiSuO99ltr3@D7UBd%}2_Y?)9p-=9GK2;BIlVjx=1n^O|*O zfHX)g-ylKKo;_cvWK9yQ&wrVl+9#F0u66G2uaB06de02<1s;EYCEBud`ks{WSBh`a z_r`omrrQU%2Vxx_b9|io-1l15v}y2VEa&KBL2|`e9Jg!!_VxEJC#K-i(l5Se(Hb&s~mAcB-<#FHxcLXAhAz^8b%W;#+xw5=s5yDc`RhFz-Y zc^glc!eKuxTDB?1okesWo80`L;#i`P)d+2YGrQ*FK5lEB+ivX^9~I`fgjff=xZ2fq zFYi35`^mE?=}-SMU1^YoOPW^q9qk9^B#tt_`52Z|pKdXm8r^puH*Tp}p0#MRt1;N4 zpEo(vVcDQ#>|Mt)#IrYCCr z+d-86jIzQk<)Z6P9_f|sk=%~XkB=Isl|J3QZ2y!0VAqy~#Oi9`#lW15%~)?H@mS+u z<86jB6>EZ3_0rtaH%xgJjb%TD);W7((ncw#ht^g63xJk`YYUaEys4F6RIRGV?nZs2 zj@Byw*tg1kZ-0>c|D)}_qnh5f{n2w&wgQ`?w2e|kg-`_C0@8_qNbg7#2y6tUNr{xu zIUvnYrHFLtB@jf2Kxhg=6s0C1NGG9%7D8_!@9RG2+;`8o=iU2z_l@^Q27fRZS*$hJ zTyuUtpE>7H>iEaQR4YzY<*4Q?Q$9Rzaks~%3aLDou~X@tpH3;`jxJTMIxO~Tv@@!| zU39DTLs*f?{9VtXdM91uQTYTZ9sO5dBJD5YS9COs`^<{2kjx~X51~CE=*t$V1I_-P zdhFm6pB{I0ZUTao`1r}54clMFF7hRkAkp)g65;Lf2mU>^4p(;U>K^)@sLVP0JvFKq zYkfdm3jX5KqR_*;sQ1t~2;LnbQkL$XVEx+1yh-ynmORMqyfoh1Eb<~@zIn9Dt>TZe zg)C~9#Z*hIaa#A)G!a`Q5i~;K@@p1;Ux?Zd!=NZk2ezwn8=*atox0EBE*Pj6nT{}q zHt`BE7m)APKCZnwXV)_jmtE}q+xwk!=<>wq#KB8XGB}`BzR5vPUDfCBAHHu zFKjRLENtne(B1 z>n#VZ+v+z466EZMRx8e03YeHH3g)(^?Kl-7Kd$CJu9LMl(1)vE9yBPIxG*6%$c?@H z;4L#kU0TTKem<>m3}>XR@%yv80s#E9FkUkhJidemsF;mTS8`h7uH% zF8R?{c_zn@#ca~U5*B&Q`ih4^vs8`^|ow})ZWxMp|>@N zu-^=D5&Nsczo2-ThNWM|OgvdRial7AB2RoFJ3wWZcX5#t>=l){$^B6Mqxzu-v%ALi zL_XQF(pI4)7f~E{^m?`n!YN5|=v+?$FNavkfb-S?hf9_5AgvN4b-gc8FOQarxqLfC za>y+H-yFvrtxg1HpGS+b2MfL-`5-WqvB}I*VOA)U{S0?V7|p@}vpO7TecM=btRSdd zX|(c;vDum%?T_0lMvEzopzXg^F0#fpYcXTIe$6u%@v zz02>5{-S9oJ1!~1<>~*hNN8T=m0V81!CYKi->b*xbNKtTWk4@)FOGSu{v;+;7lD>w z`aY@Q7cVW*Nf$9BVri=RTjjYJ1J5_Ji~*nb%bn0Jk2F~uZr7+YgMK6R1J8Ra;wk>&V?7bq4rV{StS-pY4(nJl}lHS5Woe`$tSfSLJPc(3JmuxqQE8 zjvb^Sl}*uN{oj{x>HQ%W_?dFZrLB%pR2NY9jFgbRSL;EsPNbOlrV&VR^`=W`u#ygU zMbnB1T7=3bzLzQvJgTLS2PJYS9|p2FR7%E{R05_WU4pG5ozN?>UtucBhH9TemC+Rc zfEAj9)qCc$ym9%AdlG06v7lU;;vA0?)|NWb%V{>@?&ububf3A;S6xNieWnmq*DO>GejSBE8`=*Y_;TTzeOy5b(aVLSU|f zr4=u?QEU`$kdD6pSz=-aWc8swnq8~vOMSBqzQxz&{6KWyD+-~g@|mA&jYrY5(z~@= zGM8Rr;`lUz7mY5Q@XHsLjcNa^UJJO%o%mT+C%6}mB)-_ZRyyYS1<5vb&A#FeTNOcq zloeD*M#h7bsHiiRYp5-E1(0(nBD!ty0L&zyy4jL5%adnylO2ELho1ApCFG6Yl51~H z&zZHIcMgUWTt#TVWmeJAHc`1%h;kk)P1E`GA-3)5!ygl7H6n#1^Fhe{u7%J1992k> z?aDI_J@u`{clirf$7%zkqP@&Hxu4((*C?%DY)A5I5+94IV>Lr9o+~p%K7R!q-JH;- z*&FJUd@H1Kht5iH2gKLjbD5WULaJBY@AOgG?Vnz+1`It|57D7XB~w+sHoM2+@2{jtn%ZpgWU#0}gV?}R9yZEdj* z*sD}x-i|gta*%MYZnpF>?Cod;lC2_FSkCcjFbt&d3ErAcfd)m1vqy@RGMd@HS4i>S zsd6@dS1VG-Z@qVi+v7_`AbvaZm5=g2-SS5WYz-xD)(hMXAPO(CDoiM>eZTDbil73 zNRpTbT9F^QTaj%x{mlG@*F@@+ZDzRIk`L^RH(5+1dC$9tVa9zhheE7!xCGTI<_;Z` za`*ysvC_Gm)Kl{R4<;f*uUu{Il1f-o;+I+XdQ<1y9X<3QxBRQV)$DuoxaOzx!KrB* zlGbne&b;)vcd`E^QhPXyH=Cr*p>E~No-kukswDGQ(V4(?)C7uV80v*eCX z&nL3zL!I`?n(lax8 zK8S;kv{K=e6~Be{sPW>DlRSkRAA`^xsp*t&%GRrHA_1#B-?=j2w{Hqr`^>ss_J3f_R{-|U(;v_`t zjj;8eGa4ZneXQ)G*q%WOywOrAZbBX9-_CJw7eynCOIF;`K3;7P{ZRMSe*`fONB+-_ zNO5x8zF(iILwSyy7AC3>79vpkLYUAxku6dhQ<2;5VIm-07Le=VwAMzY-hjlZ&JWdU zW==g)MSio7LeDyh6Bds<=|k z-JmDj(M8?llw9SKQBe_MtQt2D;&IOGPl5T`L(Ctg*0R5{>|Ex2-2PFV^GTi+GSuee z+9ldK7ZT;`31{iHrXJ$)6Rnz2->wIfJcAe6T2?>SyHr0|Ga8m}?}|C3a81SHv`4sC zKacZI8QR>d7j*)10~=l6G%I(=CDWA0qTP28(Vo#|YB)$@1^yv+yN3%=9t0A(t^-pt zgi4oPoeF+G;U{*3kP|oQULM_QQg3^{T**!cTDU4wxG>6X`{uf%!on0`MyJ+AMONgx z!4bHq&D6g=j&u6}KEfRbE>`X)ga4;LHwK?VTVEBwPc{TkSumCONmmVYnOUvr4~Mdr zh{#xE?025is?y^QVUY5%it*Tpr2nt$1->vpEA^tNf^Ot~6>6XJagt=JYk=d$1)Thh z+NbQm;M?GHlu*vJ;)mIs$lW|2;7EP%X>X|btYy3Ns9MTPt08WL6;JpC>*bI(b>&?G zPvZWbmSp%4B?4AIa>pSnSAEsz8zyrev-;ksDQ|1_*Emf$<(+%J5zCz1E(*J^os6?P zx|sC3mwIc3lVO)5PPx<8{-yqm?*nnlXYZRV3MJa)ChkK8t*J^4EAd}r?#f?|#q@Fu z3lU?J#Q_zx3T5`o^%TFW0N(QlR_l}A;IaGJ&P$~Z^?61dFSmi7B2bvvxpJkvVlS0D za8U|Y3!-_1Hu&#j=mP@rUsHvM%%e_?sUtfy$?HNWs%n)nu(_aCdUr{MtNi8di9S_{ zfe@!l0*^n>{^c)$tNQmet-LY za@&imMnl(z*YK}1WLZLk-;l4?WKTO@xS5lW$@<@?Ide4X+dFl$hb*D5(-G2nNTqx} zHn-<(p+MLoLA`o`t5Hv06)n1uaHeoWnUA|#tH`~f_PxpMp+AB}M?sgc8#VC=9ENyI z54oFWW3D;YR_2{SwXj^X1z{rHGyRAqv>NA}GyTl^G$Ytrs~#73h>hBtM3rvxjHajk zr){2tn;;%rB?wGK_VUPl;9)%fR#TcxBM}`6gDgseYks9>o%prKIvXP z!}4Q=D%pBO_GxkAq7r4y7h!TUIEZx{=Z9c4bZZywy3;aTP1JV8>l7{`>k6H2QL)B~1IY)e9fF%JA(CK0li#Y>b;RDjr?tNRgq*NJ?7 z+No{yD6+@0SeX`hF9^gFf4hJaaR1iug#UKgU>gA>A+>4#WBs-}T~}g7abJ=jWr={o&8BLwajIuzuMtDfs>NocZN5G=cNQAGb4iQZWOS z4~RiTSGyWz#>qCWGcmw1QqIj^40pm?s$y!I6=&qDWl_&?Obw5Fb-?@bY*PnMq!;AK z`=X68yW)@ize!L_&zSdeX^o^4fYf->ST?g`&=~g6@@LF*=b3H2n-z5CnrSj$!T_NX zq*^#f2Iq-m{2rR=5AvlT;%?kX5AUC-9NSMZh4%s|TjXsZwR0MjQ29M?;p%r&oCKv) z$Fpy{#f?3K zR?<^%!xm)7E}&XB8j(?qdYq56mUqbZd3|QeXOQ`STBWd1nF!|~>?(_zgFZ*qDj){T z=KvvO)-R=iTwyqY?Nq?F;?v8=Dw1OmTkE+g!rf2Px$-%{jwM$0mYmtnNWR23`?26NjtZ_fG;Nw)4A?v(o`s@gPXL}=qCv>jwUK~4{K2* zT)Wj5kN*YEYH9}Y?UJDRUt5u+{0$rN<=>*a>?sjV?DC~|d^B$GL`zlsa|UWI304G! z(a!lR=-QQ2tY_1bUTn5B+`2*GD2XY3CN({(D9nVh8$LgIGWfSrGwui>mw5L;2Yv zo@J|I%j3{znnSn?p0ghc!n)ZzsA)p`nJYdM_3zBuE|reI%ZN&qH^qgTbJp>}*0#*z zy0Am?x}L{f$1f)hu*rf7rB|zkdZ^MCSBUXx?ynN=xf{!}ZAh9S$Iv4Ff__P?cUP*7 zT_$5yUPWz+U5Dp0|7^(cr~e}U(rH!s05Z5XY^Xc;K$ja^cTvH<_cKf$%~`oC52p*O z&;q&n+Syx>qxC^nk!dXMP36p()TW%$$1A<6Nqe042}fXJ9^7MY=b&`{7lYuleQ`-W zFKlIt+FStapOlJk^n=KYOm>qFMa)(+jq3x1pf&FlK~ueaDV4eQmZ2ft5^g^MLds}l z>`0bx@5mtla3!{qP&QBS?pj~sl!u?!r^03}KP%dCWmrKpU2$q6^Zu_l5Uwo;HCOF= zV0y8;`BsXP=>@U~1+L9RlJHbOX%B6by)!__(d7}ZdK=)8^OiM6H}I`j z8_t!((W+LMW1to76AUEiXGPopy3pNA`c#``HZ9k~bq}WJZiA7^Ne!sCW=vKhFrD6!zX|xM{4du*wW>@u!Gw%H>0NfdUL?5mMt(gVeVDw6rpiT$| zlr!u`e`i&lb*SxUMXX{`rGoKLK42;M1sc^WKP7@00uxAc3NOy1S^zI*tt zKG0`XG-Kb0cFtTNEeF_Gu~K1Vf$$l${SWSA$64p#sPO~RMSq+J!rNO()EK}zlmK49 z?CANxLlt2ROCAg|`2d+{V|?N87RW}1_cnVd;vm)|Ds4sbf@cmWx@}+tdQqCMkSDr_ z5X; zHI&5Yx4+3z8b+pe&OyJ`pYhMPx&nZ2-<*%QnM(!|oQ97IoHiuu4k=|fK3~2B>aKLv z3T!bhTmYO86Xl5xluend-;kMWa@U=rK&D-8GAX&l`)gM;XSA(IUui2zxm?6oK-O$z z@7?wBf&lwgLzL(K>^ILi6OZGg#1ADdXu;Y5o7Ue8KZLB3Kh$+VkJh%!!1PD0z5`w% z_*XV2E)+j1c+z~M`az!kOqUMM*AJ{pM!9||aVHR555DnAi|5RKh#zE=*X5@I1|R0; zQmn(u8vCtm+hC)M%*cmN^Q#7|wNg7&9lN6USBl&2V-xvHMl0k$U?aW_VCB`f)?TD2 zA$2NB!d}OYd_!O^Kfmv3^JW%x22N1nN+CA;U(S5@$M%v2y^DS3F1lFV^(=cvBAkyo z+ef!$^-x2-;Efsa>rS5R0j-eR&EkOwyexoUT>Y~6qa9um!w5`&WQ^A^c1A#Iv-6yt z^zEK;pR>Y@^$D~(N;{WTrD@IIZyQ{I_dCfxKd7`c%d{liI6HZ^Z$RDWJH*7W4-7iMmhgO+WQc`8>+ z$8TwB0{_^*8cLK2Z7Nga8jq7vJc_DNvGd!c!QP4OZB!>6Dt-j>Fd%(fLF}UNZWEdHpsjU%a zr~|c}1V~UO6q|Ck42OQjfy=PGaeaZJ-EYrF2-na9%@6L^v4;Db?GHtnDL?-t{#7X0 z6?1fbj(*P(uW+41d5^^e5J~+_(D##`?Ab-WU)q%@RWtnlnLFPe9Mp-@65?!z^OhA# zH-+!^g>>ll@SiUtoVeaBf2hwKSym^W!*4T~IG7x*4q(JD#&cioIB&CS-;Z1@Z4wl7 zg}CScs+y?#VVcvSQGDneQvs#aDSsi+l%pb^v}3IffXwZG?Gd`fG*`Fy5%0h1HnOo* z=pX3p9Ou}el4vs-j_(>V-yTmYm{bBpTTvM?}L|3Q6{}dK{1Vn8|ep$ zH#X_yKM89pN!dg)S*)i-2B(K{CSNsX9GGVLut|AyCkKsT^Wm(*0X?&Xwr0yMs|FDF^ z(^l?(Y`_{g9iyS1cMXxhbB?2mEy#N|aj`$eZCJ~8$2D-2g+tk#SiAVf32h?@;3k$3 z{qu8AKe!H)c5tRtT*cs*SJx{{@-cxllK<+c=X6_3aq;8zar8>~2@NaTzB5u6LHD3b z*nW6M!I4)ZmDTvGHQJ=FIgdH2z2A-f?>U+=;}piN>Z>>U zaT)spAklp98z~Xq+S(LVYzF?i#`lZ<-8uxxJH|dzf-K%wEyRw5jf^7G%TX0onSMcf zDtzJM#6q{^3o}1}yasR=k1r*TIpfQDT0~9P{8#TX$U7{_f_iFCR$oTS>2RI6 zU&de}?I(#_tBt7QP&Fx1Qc%<&i>*JTExuL6>~`BGw&5BgtWMJ8PiJ=^CT0B=mG0hs zjtOJ%X3_FSqKa&?&T5EBE0@Xo&e)jD_1Atv=o(z*plae#jo;46$guB3Qo&TfPGa*P z^636IDbQPzf~r;IgMCb!>c-|v@6c_!BQ`PYXy}TJ$3%w}WPhqGGfc!`ipbLXz`_&A zeu)#70{`ZHJ%`N!h}9_f%$F7SGExR!9&*ej#^T+dHm5@L3NJ}Rx9duZTnfWR8B!tZ zXku^Dm8ROLS6i0_Z#&0>7_^j#9SeIbYb>ioz*SntJi={&+juMn%h1FIFvj;8^A^Jp zRM4&z_%|8>>2SD0=+@xe6W`=l#}r?uWwne=oNh;Y$T`?wA?AXv6q!FP~i8;tuQad;)gP*Ux_+T z8DDt>G6FAsu5uA%eEk7xBd+6JWR%F5?Lp>*TvFxVtQu}Vz-Lz4S#7)Q>e%v7?IOKn zyqrQ`6puxIwk$@SrHi7#?-z8J1lrzBe9}P|tqZUYfM-h@a!xBfwm*0xgc&Q{${BNWF+!+jzpcchJc zAd#)^`7f~^lPXCD!=g8gd}^4>m2OsAX9pVGu&?T$h*(qh#cNys!U!hGbq2N!#&ovL z4#}*i^K`|uMVXotONtX8qY))NEc-=g(Zk9ys24*j*BvFW6dnQ9)WE(`uCp!(v1N`| z8!M*No-pYo$yiNolDsnprY@AfA<+RfI-AA{a?^`xDa~VY=RaQ1 zic?T8qy3;dTW3316bKZ5XEm4C<|HSCovWhNI)$(-J@nHYZJc|T%&(U>n$LtOAUJdQ>U z2!}r-?oTTny$}I~${%EyMns&vEm$|zuz*O|OxB`S4MU=;kfmp5zTaAzDrcw^l(#J@ zNl@B^4M`&Bi=?Jsj0cX6x^<)qXAeZ1o3BY9-g`3n006qqbs!#}*WBu?Cm_R$(&QzG zKb=?#%7rg~=YiPK06_d?1Kt_3R*w~mIDw%})o9UYp5&dZdq*JmPLHV&3mQNgmWCKH zYPR0n*9N@pQJ72f9i;z&clfpm{Tc(6sIvC`Pbvk6V_Mz!i@E|ZoUvkmzA90)sMH{X z6zYkqFlBr-4KI$6;gw!R?QuFNA6lxo{o_1OOw>=c?IUGNaX4hp3(;<246T7VMOpwp zxHhL~dPG-n+UVG90;`=a4-Chh$}6{9T?pmrVIRrZdC--*zqVTLU6*Ac)w+2A`8Q8F zbBMLTe|gIPd7#hQMLJx~-!ikP;qGWzl5AcsNZ1ea_En&S{=oG zuD8kGAgF!9vwb^~bhOgc%c+o{Dw`On2;U+9(-f`KAVhee8*p??ebLIrW4IF~tNTy~ zsSJeL%154S#MnHmXDBWSGvq_NOBQcIic9?p*OU5+VyaWqSTbO5joxlJ#<;(-$%@41 zJYMLb-e6Ia+m!h8V%y!?`W73L#fc7vS-eej80lKI4jg8wb%>Pzq3zWkf5s9b5TXg= z++xA|3!F)K%C~5!S04Aj)F5Fd1S=KT4nM#9E9|W~TJUuBwA=phS@0Q^llE7- z#+L&~*a&6xT9urO+VjzgFn0Pz(|C{f_`ZL8!Ube>nLzYc_tnr75aWt%yG^|-9{G}w`}_c? zfpt3*{s(Qxxg**+STB#yrSbilx(RevJh#CyfGHTnc90Bw5@4K zTjM^D>_*rjD`UU0ut{cpjnLQ(D5sGBMmeRUkUtgt*|xIY7p-%QkKj_}kL5mC6u*GG zmz@eOayrJEs?WXH?o>zG+QnBv6O@lXAB@=~yi9Qd*2k(ZQJC2iO}@hIVVw%;l|$uZ~F}r zuLFZ=WClVCHMF|cuQ+38Z5?p9koB{rFr@Q{uv8dvn$>x-P}?+}bIVZ+Xt$$5-@#EM z7{^i&6y7W-=+HajctZGO_WaR)qRIY)wv4kbJB_}R!@7IxxTPatS}_B&MF``IVT(Tt zs9&C(;Fmx$O&XBeW~n}bh!a{J&@{B%I5+K@8QqGf=2639RYk!F_^_)?Czs}>qfe`J zm7A{q7aq)|m+$4k^I7KPFaVz38mrA3yrSqcchFkV9!NfKYOlO^N=tKA!7v$9cjl3Z=)wXa@+@f9&R0FMMnGlfTy zw?*PB@NY^+wPiSB5;20L!MDn?GQUdrX!y|?cYG8x;y%MTAG{>h{cf>(&HMs>CFr*E z_w4H|4zTqtvkOM`Pyb8{fPTmA24xN*88BjSl&%Uuu*f31D{VRh zRjH$06q>%dJ^%j$z8C1U_zy7FVJhFq)a;6bTCrEKF>Rf#qErIVJXYAAzii+zz;C#u z4T+Rn2{@si$8>ynzgoE)mt^C+T$u^IFTF00X~Qk|0Hv(rg6hbrWs0Y+smFFXQpb{X zUE;UQcN*uYd)+~wE>`0_KS zTWkOcmM9P2%b3frXgT+Gjb}H7CU>!naFE>| z8fh;h!vlpjSmCcr@Pw^zb%w9M2R_FyI$>XhIh6J;)zyq%J_>Jo0TJvusC#v+N z7u(XCMjxlaH@I1TNA=uTc;n=f7yccOOXd%pyeOF7eh;z}R;eB@=heff;KJQ(kuF0j zMd~10fdrUb%zEEGbT5&$u^als`3D7idOC^2=q|inmevWEGk?|W&b_W#as(vB$XVMM z2YufkUlg%zzWOspH2T^GoZW*y{6m%ATU-WKd)n`$4%u6;pC>I+PHZa_)mto|^DsmF zX7ei*dcuEG$}V_ooh$Djva?(tdbmZj5Aoby><1cY1AV41E4br%i%>qeG;g856x zU3Tr>`m_;XW_zyXp3p@vv`ec>fNAu zhOT;wK3&nwN46fHf;AX%&LgtVCb+3<0BHhhMe+dn{-Y*n#HY1kxQsx^QU(}$Ja9d$ z!+$VFc3)-Tu&`irid?M7(o^BpZs^gpn9Ex*ch;XwzaLUbKcTkSvQ}V0qKcOPG>>5B z1yi*S+$^Zo`*h8Pu%PIr&P#XMjS_|o(lvL#OI24uF_i9v!sU>zSI~5NX(6&Zhy5ot zU^j@3I9tg0e+P;m0Wqs_y&|Wv;#btD37Ex-KR2BDdT7)#vMw3W%lcq0Ee;!pkCj-4wNswbCUV( zkkBQ2mYu{GAMX&NCSt@I#Gzc`tF8%Dl@z?{Jf5OX`*gDbE%G+_EH?`ohlMkT1Mr=l zbzgOGo~`P;ci|WA1vM4CO+d8%qtwM`HR7}Qo`j04A@8G&W{uREdY$P_QMV}seC$*&u4&q0%4osg0853=>}EcROBo;X$78xlgC#A0 z;9)ymdq7XC{%5L~n)T%>&ouYpc_7Hx84mbf%1)l9Yz^cBK4jcnxGj{V8==y^R^Q;F z<};T!6AJ$%Jq5-T;a(1h7`6SC$;%%~6)6N#`z?jtj+`UH-~rwoh-J~@%=)^ zc-deWeWWv#4*rEsXF8kfuipPH)|PKHOGWOIm*JOl1C`R%6ubs|aNr5mAzvWuj@X^B z-QEFN6R8}_!RzCXLZ^z8s*0$uoeewsUCtyS8JvI6f1Sm9+0s_kthE-)V5;)I`TVPxPX{)JuPtCW zn{8%($k(K0t!rNJ{v5(hgv!`qSQ}5b?F*k_-4D26vN05VlC27rwh5r?XC^GIz}`Rc z?a8S)&a801U+Ay8%mEU79yl?da^-ZAbhYD|7SwpC@s=c@?Wt=fA%K37)`VS0lxMbj z$X=XqcryU%0TT!I6Xgbm!0nA05cUWh7v@d~#wE@crM_r8llbA)bghfzPcwuCe(5>*oNe5gf`O{COc;9cWbEv@boLwC_oC4 zqH^-t()2h**e(Ry4Gx+8F>$`rpD0D0p`DCPoSqz|Yy@uRNri{vn+Dg$7R>q?n)~Ts z!L3#P?g#}62lzK%hyA(s!QjKJ3iW{gdPY$24tteP=8myX?}Q~_Qr=@~m!C@d+*Y@7 z`NNUU8NcPFuIUl{DCjLi`O4yyS&0?*g9I;etAt=H)7Hk|6*v;y@$RVG7m}h*e=RJy z$kpyy$IHt>WWf{8nFc@tu-g&8Z81hQ5TkieafJ?w~aR+u3K^?bg|@)!0+z#xsp+#JMM&{5^FzxdQio1f@-q;Q20(>fcJpw@zY1SieRsFtAr0i zo>(Jy@J9ZCcZ%{!J0v;#gqW@oew66OQK;(ivB&q=?)_Wh!UCAOr?o$#U9x|8fN-2( zxi?{mEx5|^8U89zukA}|2!ptW-K!q_eJNWk-M)D(6Ktn^vai0PCZC~#3ZMJBYI-_4 zJe{`T>^+#p4hxP05T~Nk6b2B)z&`0g*(8LY{?ZqybsMO5@eGbKg+u;@ek?WuIKGo_ zL18Rq#TcNS3!T5Qwyc;6Dl4vIU<*4>+reS*r{g)Lmv;j7{UZyZGbIRiGl=e_n4%FU?!!34`+KG`0G zhdycAw%4F$)Z96o`~hOZKbhu@-NY!e zW{m>u+HRN-9cnrFZ1^clYi25Q3PVUexCYu9@M$Y^S8Xx8BeV}&sByGh@)Nxj3SKU9 zU>p&NcD_lc+4EAtFz7;ON9#c|iEsgrHW4BHCq~@j<&zD-aq0x5Ef8 zvhlOuEtNygsG^V7z14%Z9R(+d&94CxlyLM*HP26aRZ9%H6oLN7{R)4Y{^$MTrL{z2 z9K)A`HC@ys4T9xw@VMsm_@+x?kYm~!QlAU14l}nhXmxic4Hu7+;~Jx!IAWAER9n6d zxa!$`@DlEf6Td;&%_%Nz6=azSlt!qI1~1^~`aSNe{8{e#vq)&?J!j{w1OF~rs}0G*@JG*k(=-1RGOW!%a>*xjMlgOp zIY8<={?1W*t8hueAX!k=nhOYL;d?(^LN3-lL(r)~ARHI|Xr&lsUnzfi`6l{bl^rEh zybC|GAV3y@d|<(k&Y3Nh1GoiL`hU@+bVqzssp2uxj#F2e`(mC8bm&(A(xpd7TV0Et zjAja#uzc8ai-sA~XS-XVVK}t&&^&h;s-pmOK%34PbDTVop(Y+J9?J@=9=3QJ2OTB8 zpD9q?MzJpK9Zq*KDE0Foh;;KwZkA9{!irW$Ufo8bt@nej0)k{=xuqW$>5=Dj%XUO2 zJ)lldsG;DfDaq2SvS6=}fI}gd>YuFacAsuK0sISMqom7ACuBR-W}$n4{7IbrwJ)SR z5U9cU3V5Cv_^&VjF8+ve4ww_v$MkK4pD<=DBQWq3KC)?H`%xxRH?+sUSgJ&27-H!y zF@C(ow`bB`w(Oy>de5PAK4s=$L%5Tc@6tibujm}6bIdev&V{9P_VHP)dc+v2CMyat z^PktyK?wa!tH!ZlyVE~nskgR%!Mk&i5^ZUyGfzfrAFL^B)HizOhJ!-4+i@v}2YFl- zg$&QmAW(JJ@&)1DahrIFHeV3;WB1X=<%Pj`Y(@AsC=R~YUXHwX1tANfumQ5mrk)s) zCLNiM<*v9v)i4r2_9^%ZcFq@_ugyjj`?h z;o-X}_u(`u8cLrv<|#C(v}u3#ZTx}lD5}QBykn6PE=4_Z^q=e3xJ+m)=Hd%bJ*Y-W zml)%NYl5#7A+NUo{&xkCCbYA=5}49cfL-jX?$1?R&1jUWYqMberOeZoV|5qJydO@k zl!;R+Y4rg7!=ecD*HVYE4-#I}ZHEzz{Rr>zMhS^MydUK}Fyc|Aysj$H@$|UJrj(pk z&mn4QDJdmIthI%I70q%j?64(CKP!W}iLZ$?c1ZtSTT089Wx2<1>hr!4SF}X0ffr_p zbtrmMx(HXmwhgof!WBN0UH#KVGEaI0#?OK(YPpdsw_5vtkQk0}?gtr;8a-+|YT;N^ zr*$EPBb3~}yv3g1KRvC@Dh!;Q6C6kDZ}7_^ciYc9;Pp*8dqgPt(J0rhfC2^q$c5VI z*v=~3os$`iKT`jC2zM63@8+r7Zdc)FLa`Jpp*Z1#b;9(a^=>n{8XM|626QWrK_}bj z%i!Jt`aGrN*9kF+XA7@&%;mf-#jt4QE;5S%VoV3as$I%JGmnG3*?r$UKcHqC6x$#W zedwkl+KuhJo!sp?d=9O-ykf%TaxY!I)H!>m*TO|3bE)B?%9NvG83!wb_%5_%S}A9^^z!&F%M z6_3)SQi+L8scoFG=1(Shu+s(mi_Di!bG5ndMLK-vZhatTU(&mZip$u^@k(zWwS8zA zDN*J1Q0?4np-Wg2J+RQ;3@ErE)>3~rHUxEB2-Y1?uRA>QpRY8IOR*!)9mbrWVw{4f z4kj6gz*B!3yL3uhilAd1+BQwW5vPUWM->r=KZN&N_X*m+Bzf*0oiDP%KmC3l_Q};Q z3vLhIYA?dJF;4V_)nP~Y^Mkp=R8mX(sne$<$ZN*t`NI9?*`5Z2R#(2^sWK_aA@=SM z{ZN`0TCvB#AUJA*LrBGEK==dvdsz8laaPKd+HMvB7j6OFE6G=x4w-vC1ID;E7R9Qc zraOE|Ids_qREozVhO#{j)`Z00e%In(XxeQ!x*P^TmFYi_5CBD7^*{Z!Q)WrEAHw(d zje1YVGXARTu!A-%JnSQMcRbHb7IA3VTBzF#q#)JpPgZzjLw5o6W_RmTh{N8=be4M4 z{yyXVe%XtTax(bz1WlzJ;D{uaVPfa;cVg%E4)BTd_G8c$G2q>#gu;_v9n(;9@eF+` zCWSG@l=AZ@y;~VBh~NDlm~xT&2?A04^CXJZrL1kOa8+TU>x~n)fx#QixW;V1o9rXC z%6r0E^=I-co9X&-`yFc&-udC*=Npm>gEyL<_Ra+6xA`u$U3TE$rq`VQ0GWV~0kT*S zy#D<_i9EKfM1QlawEo7eLa4T6EyKGbeB>4OwHPC0f8jgh)-5PB#0)4~F01t6!mtc< zY!y$`DJe`CC#%yBq*`^n9Sj_rD(w~`eglZZW!a7VW9xYD5?inkciu?-Jh|b+p<|=y zj2n6fi>J4lb9EjwTb?Dq~ah%Iz3Z|#pppWR+2DI(Cs+la6v z`ygYg?U3#v71wkex?IJzRQu+A;O@K*5)}4f zfBk%X5!&M!EH_=T%`Okl-#Ha*trc`N2@_(hAe_7hLo8L7X$c5J9TfnvK*P|>?^mj_ ztRkM9?`CWx!Ai(rk{f}VH}7t~TZtlES7mFK8Gm8zyNV2?`?$f|)g^LLr%T0ojeTza z-M)0Vk1siL3`C=BXPk0go5YrlR7h>gH}Q(8Qodd?@mm`%9u+v=u&DXS$5N5dN}7u8 zkH-YNZ=FLU$Z}~(%2f|DtcWEB2&W&X+nv#e_PVvLmjX7%xNZRMd}bI9bjSb%TCr*k zVJitJ)z5_nzCn6Z$uV_ON4s?qwG)-jmAuNSGB8KixvrS0RyYU0x>NHrzcI%+W$UX2 z0v&zhwYQ6bYOD-yCS9SRQWwmF`{_T&eyzP>y+8a-ub*hxDRiK4zcvjBi+F$v=fI9Y ztv3Nce6MlvpAMQj9JDe*=NKoC4`ycMw}ivhkA%I2 zwoRK750`9bj)2ceR_@F}Rzcm#Dx>Y);JU0r*j}yGCs(aFm=i~c%V%>ceYcsTKs~6B zTw&TyZQ~D<&7mWy{S3-NA$@aY>s!R;4>)`0+k`q-M~>+f8&P#l=!}yiKBz~eWo^m> z01Z3IPAdwnK5fU7@X%U$@4FCUI5&|&E6nhH?9cl*`>M(F+)8z96 z>weMNCXFFmK_^LNah&!&dC|E=*L0wq;vpC?EfbhQl9?dP=<7)dTPW7;44%9001OkU zvwur2YL^Z4p?ax=x9%Tutc6X}Lki(D(@X4=$CDxZ8cPN3gB?pAE*uBrkKhsOHLV>1 zi}?;q;TK17AA5a?Y6`bte?h@X zrwX*t@zWRL?wwGgvYU_v@?pt_3N^81V&!#0a{E$A1m;-A(0ojzVJVD)7P_ z*UZcXlPq{bZ_L5ulHvcWf$%tjP)FyPApOAD<|>D^wc5-oS3jY)tk<{-0? z%T#UHvw5}66HQ4>Umwp<^XU>{Z6!c&*&MyNuGn@+?8kv00*Ka?nc&}pj7qJHLLvxf z!4AX6$5LJ`rF#h4f$h(v zvm{wXa@yo844T^s!-6A@@STN0-#=jx)N9Z$fJ{oXFX0UM5_h1yQNaD$@))CUucd+U zvyUJ_cf6<9u6pj4_shym2VxWb+xtdW4xWYe%mOo@Mpl0g>IB+R>rr(h6*Lkcdd2lbBl8;*L}v^~YSAQfdEqG6|fY^<-p|9BX1y!fce z>u7eo@4W*gd0A=y(6ZOaVe69%QcUKdvg0X2Q7r6e)Ye;_);cpq%WWN4KNUV|h}$I_ ziteYJ@%(s&%Tzq)bw_utI6KfDri{DP)->Qh`jea-nwm%gDQA4O4pE0t`~zY=*j$5I zOItCOK|PXI=?MOAPAK813vc(`MV1k|ZQx+^fh4WxItFoeVQOlQJfjcmg`)p+V;9XV zR@|SRUH+&LVvv|EGWa;E9@GrKv-$#5?tZoJ0SqSb9*rmr-TDfWvaYGDtlX>=PxV3Bh)w__ zu#;h)U#84%Js$!_jvTltN&Y7BL*i5|=P_CZ3G_>HkJ!$g2?hKeRuGi zcAR)~Ui+`&_?O(xKnbJ=z7~_S*YtmN^^VbX#BIOuj_pQ`Z8d4^Hny#%F&jH+-0YyS z(WtR)8;xz-#y)f3&$Hh5tdnnhC13VT=K5drBP)ULZI@@uf&+1!%T;3!8T2CSf1+;U z!;PYdQ?@S|b2SO;3w>M^<=Jqp6Q}&Ap4%n-WF7%=?lF94v7~boLkz8JcEAHNo4wl0hj*sSI z$@^8MXj{0{mz;cjmxT{6h8h{dOlt~CmkOF?q6Tzx4FY$84(LWd`i2xBuO})SO(sJd zYmXxvYh1^WTjGa@M)}7u;R}e`2FCkQ^e|-A|GM)YvT5|J^tvFh{sh#jzn>*7yq6!K zgbDI=^cfj*x%vG4;Xr&pap}gGUVlAdGjiNZ%r@{+ z@O(glI7P4>pF}*EE+^XOT~z$Wc!&W6`5hFa8_l_1$8)Vm9uLjnp1o=DPc3L1{U-6& zi7Gbhf2sE}Qcy&JEu84n_mh(eo62_01A)-|i6@7)E6Geastf9NvMb>)r#_46-w?2s zezh3*3GDg%KRg&UKf0e)dKu5Rg^VV%88thZIi104*IOsfr*cAS71#XV?r`1@i2kno zz4q?(!27sf{9D7MZ+;u}S5f$T$a~pc4e3N*FnfvRnt^vwfD(@Z`U(1f=7KI_TWG@X%G&fqna@ENr-cgk1V3h@7P89af&rpJR15#Du>(c20`J$h zBiQGQ_`=T>)0N~lPhAoR6ku;`E$3tQ-WxwtHnMh0DbzB19NYHV!JqGfgT7SZ0sTlHJSz>*>6lxGM^-qfJ zX7Qwj|1`z{x5sM%li03JBRPp z_UH8dGW}0(Qz;M0@=rUrVWcm+JTu8G*^QRV0}mC8f=AxCc}gY3t}b(O2xH#w`6@Fb z8+ujOYfnrA<2v`#rBqUF*CPQ?Fz4RalOk<9SNA0G5d82Yjhy-PI!A*m&P2|Sswb@r z0uRVXY6ZL%A8`{jQ*siaSnDS88c2UbqeU`1t7lKf+$8mr2O~Yk4V}+%X~s z&p!}5Yk7_|K=r>l)!O`xTv_*Igc=GAZ9vRoSh3CVTz`+$Ne841LI|L)=onm z*Heqkq&$iYg2>yElE~v`5OC*@L?$2y{_lSQ_V9V~MKP2ANHctXidbd!&*j^^{pSyH ztfUNhaDeip(&c2egh^NV%M|2<{Jq7d-pfEa2eRo2g#H*{s7}*RG#-iK8P^;Ws(e0fmq*ODFV&_TSIR$gvh>WE6e-*DjClguyJ_t-^-&}{iu(av9JoX zk>oeq?E1;ShU3Dbq`WDV@4k)OQI+g(=kV7e$xk;dFk!Ec$wM&6vJc}8P7`Y ziElS+Gw)`iOP%N`&y_I3?~Sdr5IqPIWd2~>zth$7rn6(keysIu!>e?si3i==dr0L% z$h#+Bs`G8D-NMIbkWbCqQ1HZJBmE|Cbl+&nbgMv%t>v+V(BiK<({c)@pFYD*g>FA` zj~xeKQ)+!Z8!ZuOx8@etW<}~4Rk?9(ng3C3%;T3a{SzU# zQyA02SXcvCpwezRUC56uF%i%Eb{VpXOo7I>HhqXn)3^Qzp#GC)5=B7iz&fM=II(o= zEJx_n9$Gh(96D>Si;!$w`3#l?uw2`P`mYKbka1QuHY=8M(-fz!{QZRd19Rx+>KmWAkI0$B<3Sob{MC#Ug`d9TNA?($Eb@%V)GHb;Ht&typwpLJJZifx#5CAO zh#&x?tPo>E_qv^10w>AEp?UwIQL9}4qljurW0_&c>wyK{_|?^vjzWxWvd@ZQQ=OGo zi(K!Fu5=5NNn-~EE5W!yE#x|)^bv3yAaJ{c-%hOBL=x| zceprskxCACQ^q_ap9m&jMOL9*!=0=KTu%4rYkI8;S#8`7el|w~WPWw~84sG-1~S|fRKkKTCbLQey;0U38{bfC7Z-Lu@QIGb2O;?ZbK(NjK_z>!|Auq4Tw=KZNC^eVM z2jEuiUb2nH!w2e}{$6*jbXqYYf1b&Q+Lnff)x*0a3CZXOiwuVjr4R5bDp=y=`SFZ-QNh?00Io} z&cCa*7Y2L>u%z%g0x3kpNv|N@8YhkVbI5)&*%Cqt{O=nW+HBc3B05 zs9(RH4)bE<<>m8nlc2~!ue-LCCLqLrVsMfHpFe-btw$uqQ~?(eo3L!gTki78I1+Mk zt{Q$FNBqhxxDOwTsEO}^HVBnOg;J_ELZp3VC5Ex;B$Vsz6CPN#w%c_4ex=9{r;p1Xvj>Nb0L`B0h zM&%C#5kuKTrl%9_Oku74n39TbKw$~+a7;}O#-xLXH6h?*E(uVXC>r^CTa^qdKSTkq z@`uBk4;vj8Ydu*es@6Y}9oxZ8h(^^*kMyby+8dhwTEzgxt zVMcErYo%nqFCw)VuaiAg7sO~M1a38IizZ;Ow;g4JKwsI3r>8`AQ%HpjCqjYzo$N~& zn`vLwiE!Qxe9W-3$w&ELo7_E<-w&}As~AbIYf!$p{Gx)$(fCXnPe2bvlFMghXjoy> z)y~;R8`3{36i|v{MW`Qkq5#qMYTIqp!My3t?~Q9(ebe3!v>i=Gt!^v=0_ioePAJ1v zBa)Q3xF0@zH#4K5qf-iJsgEkERzWd`-NnQy`lRe#TINVc!`2eu&X)bW9tuWfhNn68wJX3sqx7vUQ2Ac#hK5kBk9>Dk@RoA!oYOOYKRL1|vL>YuI^y?kP| z^mYj9BkQM)TG`oVawO2d75pNl#fa$xy|P*9NbD7dXjs9`Ez#6_E-eKKt_q=}ow%Fr zUgrOKR2|!XWm! z9De6^*;?jgfV&>ZU9&pjF)(Q2^PC#USE9=##dNunby86fSM-xVtxo98i*RdHS`@H^ zRB!GK!~IDu_+#~i6{ZPSeq+>RIb4!M;pCa+pQURmWTgTc@cHU3=;2v?1(U>ZH%7_LY#;d!#wMK`H*c@mY9|0cYmtm?(Y7&kAa9dG&(9LE$#T@$Cl+H?#V*s;8OG`9DFyj z>+`LZp5B`XH=N^9mu?V_6`=fk?2gg79LM=$vM134*?O9c-c}da5XazS_rA9^6sqF8 zg_&0AioS%|yhWr_?&sZxf;zN%e~R(o3%NCf!Td!$G&RB*PX+2(vbMHvF&&J~$jHDD zdBxPQisOV@KycJmH>rnZSJ`k~Q@N4;C{~Y1=A+rofZF{{)kE}=`eVlBX25o9Ujl>L zP_uSG7c}oSh%aCUq@gWr13wvxM&y{;ZBkQHqiUKs_^*f_NK6+cMUlkly^s_4WF`Ti5~hN6W+x}Cz+p1tY$$BvXeG; z-z65e{>IcAaEYQyFnSR`Av*uoNF^>u4eF2R*VOe`{EAV!d|r2Ivzu%ZON5xIfUQjn zA833u^nH_pIt7P=EEuXN!bom0f*mTO4m3!2DD^R*K`Sg1ZgRZkag5Gna^jcI`3%z} zo4kjg$~9O{)llE-Y;v^XZ4W%#St0$ll5E9RF8}h9%upU$;W1b@x^kwl++lHTPj{1) zmsGFsU1xeYnb~`vZnS7c)GTb4OKaL*+XYhCY7#F;>V?UC}@P z=Ta&Wc0l6lZ^lyDbaNb#)79^UtcN)obO>AGr4UT|SnzM3{9oORTpmpZAib&l#0b#) zKj_C3#D6Ffke}*(N=)Y8(U*6-J6;Vrv1b@sH zV`5=pVP@`ocu7b|DF2~@9_v*c9um*JZdGR+r}XFPGFhqaZL<+OG6fZT zb2fn6KR|;vhLK9_FyW^2jQmA&1H*=pH_&NJU?T?c(v5eycUzThCI5X5Wirfgw3ztC zpdFb?92I%!RcKCvCUGuRWHsiv7<~SRA;FZ`DSGkF`8ePgHBLY0UX@WzG z(xrX7XP-aYa8G=6{2VhTOlr!9f6>qpSdK%lX(JHO6c z+OFeyqxqCOd4MX!5w^|h| zjs8QWoT}lG5fa+{cWHVrKt7^} zJCfD1ohoxv&fgvN-NfpzH~u*>IhbqBlZ-!m9_{@A=Sn?GMWwh+KMaQV1@{~`y_Te` zj$B5z1#SHhqqq_o+{+rJ7m7E;CUMQRj`w}n%8X_uZMwTn^u6*Fp~Ls{eRR^Y;8BDc z^$qdthDyyORfm!c-25lKj4l70X^K%SvS9@4@J~PDr*LAn&tI?Dp)gULG9i27IXcof&>auuXrUle1=f_zdUU{Ne!S6Cz=Rg70(sGGlX7ellG8Lta^ zx9xreS=h=OrxGA?6L-EgKh=qeiD_S7jsoY_!9=F8uh&9_flmKZB&duQ0B{Le5gnm@ zB#Hh~w)o$S^Jwb>a|jc4EQ1e+NnKn#u)Lh*nUV*(U0y*U7Cyibw8KY^#F9o3!#D#3 z;!s;sQf!8W#ET|c1FbidKgl=_L!bx;ST8~3i@0TscA@f!j;NHR*dCauE5welM<}Cp zI*GgeRCvFoyOx*vxw-ETr}FmqN6t#8sST=d9~WzWA>jKF!#yv-D&7tD^}%YGOK<*@ z!zm#L3GuqYb_9=Qi;%(6^|rX4ppyzp%Y+AFz4rWMJ*Kis_-P3|Wk*JxenJy1e9rq_ z7<6fyun63?ivguSBqiZbH@kz#fC1QN+I`4Dy2Amh3+#co6&B>MZ%v0Y!;As!b|A!W zn;C+h*TCy(GdC&$JIJqMFfz8_1My}Rh<`*u@-SMAx8v)lNaFTG6L(tq02?(koU+GM z5N|pNli490Upz;4l$}}<9ehq41qEC3i8-*ooP2T8v8M-v9o28(ACl!;9BR6BKC&_Y zQg#3=Vk|YJo%JMDiB(8I;CSgt>-|=z$N61mlC9W(YF-FqO!8SNa@gXZq$~L;fi3LSq|l36)&8}>7kwL z@-X9%fye8fK!ZPXl8tBKcr)Hs<1cbH(f#TgxO8h#cT*Aqb0{1Ucsl{AUL)(Jo!3#s zH?m%;aMXml?b3O&5>D~4<8utGKV8rWk zqVII)tJ*~zMwzvne{oy8^xsy!6ocKX!agn?Ovg&<7&`g0>NCl5X1aC%%-S2r(GEDN zk44x;Ju*FN2D)O(B*H$t!n03%sYenzgc3(faH*yTk(sGN=I(2^n=Q>Ev*T-qFT-Wo z@X_g9P6rr2ow;8!nxBdXZ_mS`%O*?1WtrMsKJ(mqsrZ=um^hv*eQ~u(uiAP#CG(9_A=f+QPU3KK-0z+xJPc35nyqB;K?vRhn_PmT>Va zlf%ptGl3zRsp-T|(|8*8r@lL{;-%BqHrjbJWVZc>XEzdDI$I$IF(=WC38iizUpPXr z)jt>}sMSfAkICVYKS=J`LpmY~WLK%BMm(%E9bcG3XRXx#JUdEq9`!0G;Gs2IhiOrsnU zpMUiP0qW&V3%ZJJ?Ci#AVSAxZYb>X7dwO~Rt?(tTK^FjA0prNh!69ZIfU~xOzvGk) z4-adn17nKz1;;pkSwo3h2I>I%r|-~{!v~qtsC?Z%B5<9?{oI6H&(tFFf1gcLSZrvh z+b(Vd0tCD(@%CE>O#c1?ld%+z z*x1eAI+3L1>S)mn8!h36BjO%A7pmu@BKwG_KtB~p_@GDR1{poURS?CfwyB&W zLyxP`39Pcle3aYS>)YFp@CDGkWv0aiGX_|T)VNRHntxd2%lqZCwHb=gH3@ZQO$@U&BQC^8Y{YcAGPn@#g(WpeHOu9dC!IS(KD z_JOdS_i526!@R+_5r!wjmv2Zw$Sa+6d5Xpb-2Zf8$5wuh*O4!^`?}7d_R=5i9!18< zYgP2{S*f#5toPG%%#aURdkV!*EX2=PaNDyBpI1-`uJ;rA-#1L@F80TE|HO4pioWiJ!Zn6sy=+LoD4aPOuF4^FGBFofL;`Pr7#lA zW-Jl-5p_A2>B%iBpYp?r;~SM#$_E_^8mDp^F`UL|4KKvUC@vB^t9F`Wox!KhGZM*^ zgw%lWxj?AxK^gE`sd@PZX3qFvdsJP@yk4k3d-H{g)QwF#kaLje+t#cbOkmBCi}&Xi zSvl*egn6_xk-fP)Q($T&Q-GeQrzPrI`CW*QRsuZ*E2(zo%P1(|6Pg1v_KI1@WTkY? z$}PRkM%0>@@8)W+Z-Ckc)`dISd>+_{hcn?%bfzSKdi2T4j|lHDC8>suchA9JREdy8 zTI@u;#}*7_7HE0`4m;bB@6n7xt6Yz22DgDKv05uc2t4bR<@0N;-gH78E;TphOn-Qx ztlcUYbn5o5ce6|J5Z3j1ZEtek!hA+c1`d)i zMwvgR=(U}DiH+=E%-d%_H)aU2z1(@B-57tTg&&%|?E3WO>Nlses37$zv@s4mDnS6* z?lTj9g+Zge-B{b!W5C~OU@()i6qUDombNuKm-gk&555YJ>9BK}PtKLi=7ss6-^9k8 z{q8UbyFI&$eK;m-_;7%Kh|um@nv(+(f#tAV4^1#29Ofn&vENv0;hlwaLtr-C-8 zk(pKk8CfXS<`kdDVcCV#jkl6L=LVh`HZ7>TK%iBB#S5=)djA^M15*u_kHtk2!-g%v z-7QQNEh!!F^+Sr4c$ud~0`rOwwM7yT3uUn3KRYk;@0FSvA!@x&ZlF2yEXaq*LZ$2p z!({?(W8e*4TPm7NWWClx>ABH%DK0&I<*yQ%OEUlhJlz}s1xd&d;E1f&JYQ+VSU{8f z#1WvO?P1K9>@k$srV$<%Yyh%_=7rw;iu;whTQ9;Gi~K#6)1rsZyCIjw$uY1T^cu{2 z=lW%Naq-WWus~-rbRzCZ(!1^3QBi!|3D(}}Jo!9v=={V01hRp}#YF(6tZLO35$Oc@ z`?j{Wi;frj*&-DouUmFb&LFZdLlj1_vz11ClW=#UZb}ZUP}mQV@^cpB#=xo$CPTjr z^7iuD7J!dt^JuhR!z>(<$mDlb`MK0Rg$(^qMmn)37EyBlcw97*VgR22-)TLT!i0F5-h(6>Mc<#g3@UfdN>gEbl|l2@`LL}Qb0GJQzA!4OV$1v_>jS;Uz0v* zucrsY18GyMLkHe0uYcc~+}An9*j!B9G3BQwD)j!g+l+tdtVMk(JP84Xfl-Lr#+{-w zX6g37Brlr4?Dz`Bt@^6!hvna2{W|$+IEJjoOEad~<9X)ueOQMX~i6#P_(D6&Dwml$6}ji%JPy)lNuD^I{iXV<=gcru$aip>F5-Ck<)HulKYLl-`FV zc=*aQ?NV1T7YbHd@wr}EH|hJ%TaW3a8!$X0OAQKSe6=&bwP`l<812HUghRK0@;9BS za)oIrM1Tam@m`h|7EqQ*RM{KNt7|5#$!C;nfl=Auw`UC9sfY(&7y_|yawHOwq(5Tk z;9IGqszZG{zIc(A;rC6l;W=unKPWk$pjth%^*tSLKO6TwZFyWye_HN!yMn4#YyOhF zB_wb0Tt~KTeSW$-+u3=2F%2qr>Z^Q@KJJ{;qM?EtQB=pFZKAk!q}%Bm`Z3pe)$%=K zJoEI!o65pbNh6%PgC44C^Y#}kUs6@sfu$t>;~-W3a`$)$6N^QcO~!}cLc>0YPD?9w zw=kErBU01bwLFP)unBX_(Gi*L+%AC*0pK~u^e2RYveMgZ*B^lo>VNr$<4^H<)A-wF z)?e?IoX6!#;1lQ2S=*opO1ogxslM9e$pje~-;HR=cPgMxTA=-@HEU2_#MJSlRR ze|e5=K=Iz^>FiypU#ggkFD;a z*P66xs&1Yj`Y64M*TTxUkgTBce545J@cUOL)^UZyHu!^5-N zI|~spbOx1+d%8q|&(GNL&b{x|!t9oE9{UZ486+G_0^ghl*w9p+r|5bO^5N8=2}H%| z!nw1`Z-2|-YCf0PhhQ$#!iyX}cY5A+g<4N(8$3&|)&FVv?x4Zq#91T}9ijW-Te-lD zga&wh=54j%r*7SjLrXc^A-7QJ%H{5dWG!9>aw52YFuyrv%nQ&=Lth>)*jQOf1>DN| zYBl2i!y;&=c6EsY^}tsAj+-FOVc-ww=;+)p)-&5FDJjp_+iff?!Wijj7LkWiK)jhC zA>E0yY0W4>@@;L<(2HYDPJ5hZ5s~uUP;Y0`j87d5^+T4L!_XfAONb=)YfKO<|7bLBlv10goQSy9oD0iXLS$3n?!o0#O0D5 ztiik2ytZ`Tx$^8u%%Rb~YWyPn7CDFQYpxyQ2S@$uQ(IWE%3)Q3(jkND2_ z<3(`cO+{G88$N(+2o79)pd`T327PCtps15036QRiRQF~IRIx0&Mp$>e>l~6p{l#nm z`!;RBL|_FYiW$^#+Z6{hgq)<9=a3pFLid>x5oAK0xqB#q(JF^e4bNKKQ-h@WDi0#= zCI_WeIZ~3sDw;v#7EOObB@dHuj~)O)Yw*hOg6jgq*kJWf2_PQLEA(b9~=K;-#K*j;6sTJ@d2VR&e|O031B(pyXL zLjS%D>{c0hDT|iwcr;6QpfrXkBusUy%{g*Kh=?xoCNuC9Q%WUhFWI{B>#oheAEh_+ zLNhCCW%Q zJ}0`>EmNaCIv(@jz1iKWqE9kT0Uyy^DaGjgH>6~z?Wa9oI^v&s+b+y3_UtSw5GAYJ z%&m_Cx9u$US2VC9eNI~+ml+<2(HeMM>$pzlYX45n1|Ul6I_iOBNQo$k5K*!?yT}Qm zs@vjYi$sneF0|}2v~X@|EcZr`D4zxM6UJSNm)ZYXpOr-vm_`VudBonk;_soOfZ|8Q zED|+e1x->I5kZs-KuIqCG|Y%YG)pN73E>5Y>&rifg~eM!yQAI3X9F;|skuv)lb7?k zMJBBxcWOu9@xRpdD~5}(!Mmu)3tXpu!NMWt;-ZWG{JbmgwUX#IL7RVa8R^58lN!7x zTL*0}(7K&I1WR8jHHh)^OFBJ@iO zIK;k+B|<9QCiP1-i9~XWB1o^SIQ!XhOk)a@CC^q$cl(v4Fr6%^hv{dF=VNn$O@Sra z!l6lOSh<3}ny5r+I&S>syM6WBc?=R^m3R_a8(Qsi#ZJjer}=o^bPw8|Tqbh6cNbI@ z4!_3MKgQlo#bqwGFAJd#omMR;fOe@!tErcxpbr<|aaL8Y0?0!ZHEBRP-P1@F_>su8 zCr*PW6)|%KF`tSg0D~ocP4anM-g#TQ7|W;6MG|%{FM7v*9uoMsN*XL)u>fVZhNGsh zTcks;W2Ls&&=ry08eS}`{c?W>kY>@&JAnN3XP7961)9KfyAP@C4?vp%aaaVRIgGv6 zo^?PXdkvC_qjd~=@8$s_aOokvlm4I?tHJN_(&9z3anO-$PS`OhrUdX41iJkFpPT@V z2SC3OK)GFQ_dm9S*G<*W6%akIv_RwrR9Tk>u0Q3y%M3i)Mb1Mo=NlU9i@`GM2+bRWb zp5_L^l4{FJgRl$5XCFKBX=rJ4kvKj?uCA?Nh4wzfHkAJy`(q9JF(g1-5-0AbVH!JE z)v`2)l`P$qIGYT?1LqLkvvn=}0)`p!Jrj<%s8n9x@l_Z6Hk1y*Wjf8U*Ule53ZbLN zp*H|d_M^)&4!#Re)`Y>;H$POtCwW_@{d$7``0|ns02RsRk&z$|0xB5jPbj4z(|>Rz zQ@((qAv~5=vL|q+SCc}!g4%E;R;#dss6T0d!F|K*u$ zb$*eqdqyg2ERBwO4%+2EaA zew1Kr$&r@W|C4Ai!Ej-KE&Xw|dRzqZ-|=fU980%O`jWn3@>PyqNY^}MtQ)Hr^$3=t z3v1OpiAZlm3{b< zSc4T|u`uyw$M0TSeY$rVNr+J5puFuX`Iv-p7?LY_!T#-iwYq8*v%%2yvnBtz9pi$0 zr(RlRt8?r57zWJ_$@zZa7HpAFozB)Y0kjhqsB9jro6fqgpJjhX!RLa=qnVoUV_r`zusY&`)cIuS^TX7~b&^x_6=(D1= z-T}ibl0EG{1$*$>$Y02&1hQ#TuB6Y2G5Ld^l>hUE=*e$0wxtvX2R7^dyX;|hrgAg( z^7)}b*UqtpHf3bG^5W8>5=8V?`)4t8xyrJJ-U$4QqSBIz z@}YI^?y0>ayqzrHlOD+Zq;gOcas~zDSl~F7yJE5pugL}1?}7s=&=Y$o4AxI`PpWAi z>BUfLhT-JCFmZiIR-QGDqveq*X1h8F`8nOl`N)f$5v;26Rq-ha#p=c_R8h~JcT;q> zIw3c{xL>LQk3^RBm4Sjz$YVL`jmjCCKjU>XDpAk>^?tP;ZA-^y!ooJ9spEcZZmYKQ zk6V{#h_PESavzd($!=BT*1H8$H$i~6C?X$~N%s*4a(rpgwa6VxVUhI|F90;>6-oSn zaY=qT%Jn*7y<;zu*!QYGyj*F?UOv2U1g0|E5wu3V<&Ij5t5Qy+i+xBelwufHn)Cb1 z)6dy`sEa$n7+xwzhVPHxdDJ(op+X73fN&@GW`5|3?qD zB{m0QET}M)jAOHo`a`0z8Qy;%QxF|N(0P^3e3?~;E^HOmFL_xxXgU!wm!3~1j<#~T zy32r!WC%(>-qh5z(QYM_Kz&Ye#H!FX|M+JjOavpZ*i|?w&Yd46=Jz=j-`dZDAi+Y$ zLxi7+QqztKn^ach(n0Q|Kf`rlnfS4I!$U&g5M3#GWi}7|Wzq%QS)q3!dEL+-BH6Ko zln9V;OYCzJ=}F6Uxc)IlhM>TZ?(zhjMGZJCmU{;A2&vyZbB7dCl1`uC=i_oywHMl7 zdFE5^V36qM34S^#T$TDdD^(?x_x7}zXW0eAFZ?}-3>darz_5*h2`Cj|PQt68-*wED zrDH})GlskEwYr_Q;VSOsLfj9yjfZ($ti?C-Vu7OmRNMz+n>eMO-GR*HtI;TqXonM2 z-Nxam&WELE0(35c`-W(6#QCvL1C4nTRc7Tu{7WP3PTH;nzU-pW1eoX*XgkWN%DHG) zwr26XP_`c*<7>ZVXT)F5uJ+M#<-z@!^tAQ)vr&Q%U-ov>Rqx<_SQb5NERO@>*#E1g zon>I@>(*g6WZU|iVT~>F!qaN^1*_wYQph0B0Ab*s$fdb)e3A8{=wfzrcIdZE1j1Lr zX;~C@&n4|gxi4$yMua{B=E`<`0oOMbP$K8GPu%0yxK0?7y_ zit3SYI^wM_aUcm-D*dzSp>(>QK$}qWzfI*Z0-uue_2{ zr`wsXw9iPup)6GTf529CH#!5kX2gle|qJkew1Nsc!2nU%%rh&G4)kSW#aUb1O zhDJT2AXjxs3H_CQS@ONXf~u_Ive&KJyWGbB&)BT*Lm0wuRjb)0qTf+Vj|^G3(X15X zgz)inU+f)SNYAYt6zZj$v!!P#>mRvxkMpcY?4+^`T6uL`j?Ha=@g!RuzS-zsA_1E% zWU?<$ink&`NvAaQQhs7a^1$8yMImBP`-5kvfj70XJ49G9z+1yiBFkZJkV^y8v9l!* zVDYwC02WWmyK_Q>!f`{E7B+JzLKH_RAg!?G0E(A^z%GiQ#@reLDxJ!dCkgd(Gh%OV zj519>!XXZ7#8_^bGm}%kaBr>q`00L}^i8kcnXBH-$9bZ}J-4PcWPd4>wMtOy&~g8_ znV4hgxHAhMe%CKvDrX$Ju9*OZo_b#-%`FSu&J|8h&L3Obu4UKSU(J~uuzZo}{M7Ue zQ!n<|vdY}3Y*1tseL8!9nL3kgll)rJ%Jo?%POnMH_uOE?!sujr;L%zXOx!nFwuwOT z7bl5d(Lyh5E{rulajtMLk@jpgmUEF}qq+Bv^voZ5)&0=PE&q8SxAv%DN9(-i=;%31 z#$rKbhC8?*OP1w{p_rWa&!+TkVozq4h5-D4l1=^DjLK*r)x5!&K1tHm+)|wa)Z>D;vqiWjRkJf*RI_ox`n_U7*z5z6H%-BJyl5zHk`Sgd5%R4`c%_t$zvykFhO{MMv0 zdAhKhHZcG#2guPzm9m8ux)BdhC(wfbFuG$y?Iwf`A))ksvA9%Y@A-+DiJ0TmmuzS% z$)%&CBQ&LqseJbnzNGt0KD=GLA%-W2l$lph^ta`q{raW?#+?n0jaOUPX%vF3j1WOi z*Z3pN(zyKeC8-Tugnl0n+8QBs(vPu{nJNtql?;=@r6&+a ze;tHrR;~lk>3DI|<0UaP4-;$Rp{ zZ1f_b1Y=g)Q}D%?Pl#gZVAfl59(BH^x^J*vyfxT=qa%$muYNni4nrwptKvxF+o8ME zjId*aGW;-aDYpFig`vL>A#ddHsE-CRze-@2Bi3?ses?xsV+8FZgk=H(NGl8Ffd}m z!yl;&FSjOhQo}S|k&3wl^p>9FCH|`I71E9HQT#NGF(wbc8A|WK@{w2hoHN&P z=dt?0X5%wv{h^Lb-$lSUSzV+Gt7yTh)gHm;??PEH zpI4H(J!de%*A1s%(g})N-79U^jq^ZBbLb9E2;U5s=IYvfWS9`i6|a6Pvp@5H|2OQqzT`wP}SHa-Zrdq-1!+|6R3JX(3hOz+JA)rA>8CsIcVacJBh#sF6?2#J_3m z{IBZCn^{sf!@L$ZgQ!_He2vX|1AZvk`&oeW9^{=P`>SPk+S% zALUax{xaDHqy#$rz)68G+pR2A!wBw{5s9a(KAo~q>Z`Y*;id0CQ>57qY3G*3;M+C-1XrTiR}%LI19$xJ2(gn3E4^uVhpJI zg+o{P_wPot^8ujp0@4=}SP2v)LEmqnF7xyA0gsmJ#rj*P`+ILLZZO^gh8PU+@tDx>iMDg4&c;|Kj7q+7y-$6&RTr(+bqM z94-sPp6h>o7FrK_7zk>}r`WECSWhSfrYBOUGy7l3E@qc zwyhF{kMnPyiJ>${de$E>Gh-Q86Uy_VSDq! z$VKlZH1%2Ich~PnbMP#Wv}%(NC8WA^vvWHA zTljPG^Tsc?eqbJF@Kxq__XPu&M_Rk=D>QkLDjoD~XEm29mgCL<8i3itZHNK;ZbF!} zL@>1|m=WNoa4jdEDg}cy*>G{We@Dy`fpygw#g~#6KCw6M%>!HoAGgIwqzmPTvy+Ii zFTk%S=y~u`vzRYD+QxRZ37s(kO=faNM$=G)hCD7 z{tSdfKRV9Hfmq7;Z+|Js9ES-p|9Vi9{*8n{Cu_wa02D>eh&R zvFsY`A2&ZY-F@8Hr?%pBDXq*>cr#&dx>8$QAgq1gf@ zj*P0YVw~5ipYyWt3fInTIT$*MOLgeo3AUsH4VgZH_&DvdP*+7k>7p2qA4&@$W`41Q zM2+9Rc%ZMAGM7Jo(~qyLVZFB2tF_pB(;Fe<4oE-nXY~rG+g+DY;X+)R3mhN~?(X?T z8$g_6e0x+aJUBWY{XvI}?WBczXm+|$N;yCE+shW>%u32*ndILOZE@Syp{DpokzqCC=$DV~$)uxKWh1p_Fs=gKL^$H?7%es)zyF8c-OVi zTrrtzom}s9#`kXeXHngNw0GP2+$6lzbG)Y+$KB;4{aXa7hSDP5trD8M-N0XQtW{S( zQ(3#bqq^u?+)GB<`YL2>`gi0s%EIWRc|wLF%M-7$oduH~ia^+rjoW)diZ^++v4g&$ zvaS7eN9vwUOP_*6t?zR{e|Id?L?Nqyv)xs3!si3d4iq_(YU4G53x+giy2N4{3tChW zM83=_ClYu9m;jKIr7?}XT`_`S_}>DA-sxUVZFN2dmJ*dPK~(G5zpVB-tPP#4&%Opt z@#ld-th4huc&`6QJf++Z(F`s-T}2xHojoOsv3Mz}fag!&63Kp7yizCEjsA@&px+U(kC>1X9O2GC6Nx3iE$i=ffDYe;{{s<<_{GnM7QAr zt0%VSos;Ry$jZttmrf>6;o#zaHXT59(#FAwzd4vB6L5<(8YLX?2q?h}&m|~s{7{Vo zV~pelB<_Hz5606MWPBa4c$r_TKyZ0%9gmbeJor#$hV5RiKr}P&yeR%%fdsiZqcWV7 zCOO_Qi^MG_c8)QZ#RPGN@ip5tJ<%09Raw9$9v&Wq%%s2X+=rM}1O)uZNGN`-5H}9| EKU4bJod5s; diff --git a/images/web_console_8.png b/images/web_console_8.png deleted file mode 100644 index 85286b568a33a68422a1fb04627bd80486f99586..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 14892 zcmcI~1yt1C*Di_@A|c&KcZ-OWNDkd4ozh6d5F!H7$WTKH(%l`>3^jCz(%oHi2h{if z-tW6>-Fw$vch+JSXJ*d%?Q?cL`#C#EQC<@L3GovI1O#+|l$bIC!ec4;{~;(3;qL+& z%XfnZj>?j65sC&#H{gRu<|1+;2neMSXxE01;bT;LDJ@3?1bo`NzXt$intcQWz7~L( zh^m|3PO?pbsfPQ)O{S&rvSyXF$fVf0d z57ma2r!<~=2%GN#cllgzg~_JOi%$yHObeY)r(oq!K}X0;5KzB-O|4jy2YTtYQ(SxT znB7h7vUKf7Vj*N^!P5YWc1k-(44vO6aA_6pHOGF*yr?Mf!c3vz)KS8@A3!+Gyy1AYbnk4w^PMFC))%<&YNv}LKi9Z5jV3DL~1@W zl?uDf3FODi>n)94-n*5f&YNk-1KtNCQ17LDsD91!?+^a2#Sstozj1^nUkzOJHwzyj zW2T;;@blXFY=Exx&X=2frhyH&{t88UjqY8}8T-|{b+_$yv(BsK6oSnc&a-v@98af_ zx}nc6f!xax3U}y%>-9|k%$b1uR*0yYLd1=RUE@lieA8LV671J_A@4%TNhihgCHODd zEr7Gt|EwWlC}9ZOo=ANK7XzfYP`8ws9Myc%kyxz{Jf7Det=}8#@;)8w+Vh!%oXr7G zBgRwRkE`Xcr^zy4)w?y}0ZA9zlKrlS|Js|@=NrehCa+VpRDpvniTwP$h3lZb8IO^k zQc+%E=ktYRk9A)aircUeOyT{$Y$3PXME$E%eSzC!yJp9&B8nGg)q8vgMZ76Di`fVM zo`24)2Bp@7*rcyjG}qSJx?6<2Y$`n6?Ad9?n1a{&-0I%u3CVe}&(Kiy&ALk9f`s%f zzt2qyTaY)o^O^%`E+Z_b*Vk&@pq@F7RYk!MnM%0lrOF9myWpb#)Wn?(}(I ziws-s!M?^a%Abe+P#!L_j+2@M8NnoB=c&<^ULpO~eN@{}f!lie1;^@J?fF$3cD`Gg z{A}UNrt(yu^=Jpl~b zSi@PT$+U|&$Ng^!>77kmuU`C?)Szk5zg8fB$hHdvya*Suv_FALdU zd+af%Xu;Umnyv}fnhxXO!tYNu!!#s)R`tofwjz?QPk4onf?%F-;rPy0goSU`{Y&WhHMqxhVW& z@{#HE1xhFQWpPV_Q`e2&%+wj5^z91iqafU9vBG52pZLEeF2Na8`z`TvYm-r6krxYG zn|D?=-a=s%)N~PG72bT*1*l8CTJUkWY=*54Rp0KzwFX;N@GN$pZCac3D)wF-LWbV- zch)xF^e#15=-W+GGy?YyTxY3vr%^H%?4>cj3o)bi1`oy$##hW#v^D8c1rWtPC2^@Z z$Bgt`kt$7TbaC8%*dc$TCmI>({8GS2SUQhmOAe*(;r6=f+uwqIbQhV}IV_NI4_`9rBrN<3TD#@p;q+~cg=2UcxP;j`Rc++=uEWu;Yj)OM{p zUp)5#?z((u6Fv@yzSY)^EBZC3R@J-i;2JCHC~rTGhsEox92|kBA~}drL7icxT{)SA z6?>%}J|F2wjXa&H`=3!vo*IZv^d27)vclMc-SJHeV@zZ=zaai`y4BuY{L}V;?B$!a znJ$)A?<4dH>-mG>rM+|BRrTvQ*!7Ih;bb{%uQyxR+ihz%POuhcsdlnj3bVBIyllSd znG(KSR)K9~N8FBLI@Z^w`pn3*>tcTIe=VR!$jrrj7@hJF*BGiLP(d;XCKH&w`TBCo z$*%ywF7}ZV%W*F^3evR38LAXCw2qp2cljIrai8z&{X%8J2-+pRW=cbxm*U2k$9?av zkqJX8uDZ)F8mN;)cAS+y#V@Vs52R7+W8+AaiuADkJ~~Z=f(8rmP8N~Kc~3Pga^#Ma($o0?WJbmqK2J}7anY2RO8^R!V_-qIZ&~V8h2EdQBe+idE@kX}wa$x|_^|MsgDZX4h)|n^(LA>|#RQRS&w33Kmt8Lb<49Qh*AA+Z;;XrTz;> zEP|p6tR8|@@L)M$oNoWMwsb#eBm!xwEjoFSoBg6XfXw!bg?xR40L8T|8_{kIB0(^T zgD9yIZt87~0|r@Vy2+0XJY6@ZO0c;AQx3szDLDk4)Yzbw74O(^Nm5eIQtc@2q7KEi z`(A22@L(wQ@|U^LiOBbz)bsq^)cUIpjTFxbU8un2w~MviTeGEO`cFQ)yQ|s4`xqbA zS}x^dH0X0Ypf_fi3QisP-XTM-$!T_L6vX-SBI-j#3ycEL4{tdQpKiS@rUJ6T)qA|T z_00VxU~)U%NvGJT->qbWgdPT$^&$$Fz4=LJ8CpkL$j~1LksEZbypN8rti_~-Y>ATL zI-ctC*;@wgdLN#!o5VD^&&Y(s4i%DaCw&C2E+iFvt~o5uxg)&J`;40%S24+ju4)yM z;CV#o2#lHRHlcfIH#hVHwAZ+{y+)4b8jPpVWPiAlawbst@Mfq~yx1S(wML3==a(};tO1mYozCy2_QnrwKVnjyhtDoM)Pqz&9-2gZ&J{1m6%gTf3J8&+G~f zTVZo@Zb$5sUJK)i>f!K2qtblAeHTS@F=3q>ffUb^ef~Q#Xg+SQUvN6@-UH!$m>2>9 zS$?YKoMfcNm^TG%g*^>r6$#sXEa&V$20sGhvngihJO?=^FTMIx14wR=&-40N|k<#n2Q-%4<^!}M5L65!Oh`F;(W8tgKrL*SU<*QvmxEaBrQVUMA zOW+0VHGlDUO7q)&W4Ic9I+Q-fXg@_|)87>zhH}$h9JKqo5S zSIi?p4^FnO`kq7Ne{)2@mb7qrxe?J6@wu+nu6O}*MsZa<@6n5X2LR65cV|3~(BIiz zKj0F&DLvDjyzD%J>S77=qlPpo1}j@BC*Kt__b;^Wg4TI&%G8P*Fw}e0lO7hnbzFU1 zhg?~3Ti(yFSLZ%c`OXdwQ|lKzS22anRBy@;;`Uv`f5x&s(E5we4cy~(CrQ|J+)hdK z1+O|3QsFr8&V?q^CdlD=dv#~RcDH$2z_vLSBZ90BTqiGh{bP!{*{;dA8S8BGk6sWy z>b7zi+HqFzHlI|Mr(U(g;fep!UQNgQD_$K@OpmvL3O+x{%!SX^FMQ7HM~hef&OXWeZMF@uJV4kP1KRD)guY z`Yyy)@;@h!5YJ50EFK;4;IrW0PdGHByh9i$5dX6sgQCc5d?g_ytka)Vrp`9T#y5jK zCRAPU2`*$HNYCc<EeXBE_SIGIwJDP!8&y|D()LikQg@n$90|*12F~+PQFG1 zh*tRyvz;bJLg<8tA3na0TuOdpsS$fL5+)uGK=|=A^l;IX-r@ETBV$JNlEw0ed5Z(a z4y8*lpGN5tcdngo`HC<_EENO{ZgXJYvl>}7RE}CQ+>Vl|?R_GXD$%_d3Z9&HVz*x*cph%45D`qrNF31eSIEl584LYY9rn3MX;F=W zC9369a&Jgu1UZA?nlD3O4))rc+hPHM+CJvbqB`!W6I@`O4<_j+FIPD-f-Nzgh}X7C z9E5>oisRV46}h~@-`~*p?1uYAy+)(?IwDf;6$;;=jbE?MJGtfBS9|#WH2HltbRyKE z>NqT9{I`qF*__h8>+rn}orr17yhP*H38y9&-DYvjH+p7PX3w28J1uCTOS0WqpIl?! zB|Ufw6t5#E&p{SOZJ6q8XOIRko)ms0>>`R(}>w|6tnWlcl>(3k^q~Xk`PP zZhpVamE-@VrEDRj%LXc`&Wu%f$3=!w$PM3zGOu}pXY2KT3TYkzk?$U2?urX86_ebLqgg{CqPaaJY z8kvLN;So!Q3%YpHb$q|M(zZ=wV9pO5@6$aRN@u|sLtRi`Etzc-wI4~+FZA%0f-aTM z_ViGWEI*x|npz`QP9NmiAM|?1^4V$UmBxUCTg%BIrB3-ls8EQyTofnR8d zsm`Y#5)6=EV=dMS+d)X(v>6=HIWvMiFkU`kw`I8kNj)4QADmdTv^jmay``%M8Si?U zts!XF`^KWwW_9qyk-hE0VRqm_^5PD-h8@ayZ4LNOmM90dTd_HLiVqcu^196lG!IE*3`%iEMk5m%pJ$oh3zN ze4sCPUD5FU%cj8cPXyc^8+;Nqx(41Ef2{tH6+2)iv(GA%M4D-yDZjJYegGGefI!=| zUc={RpLIpd8jT@w(2~$=5{KDrS}~v6Tof?F+hl^Qgq+>L&3vF6-XjIvljV8MYCF10 z5GIj)AX$%$!Uu2Mt>+}VjIx!VOH!6Js+aAkj^Ca;tAR}N^0nqLKc^PHa0Vo(Ta+C~ zRVd_!dPnCvDhfNyc11`9di-b%men-tMSt4T)cY=df05QCQvi`)K`_wQUwnA*(Nq-b zp*5-qO{q<-g4MIrH{ORS8Tg zryzRKbeKFTQ%Zz>@QlBpyYh!_AumC#vHW3^n|4z=JeCp2 z>M9n1#+GI~v&b98B6PNsZ@+qR$|0I5kMFz!1?b>i8^R`sA*7G9qT&+zw1S@JY&vy7 z)ZUUKn{!J^!EqWI7z#t8M*7A7V2Jkn0zqHnQn1AhF*^l(GWAk6H}ew%=|Rh#mQiBPJiP!WwiymF zN&pzbc}l|>$jZy{S>G9ZitB-1O@)YaX#v{i*zr_6)*Qba3SITA*p#SCt)K?tnaPQN zTWFafii?WocwURqTX-6C|H{ADppt^ehzfM{n}aZ6Yv<9_`cqQI;huWPXzl&jimTQd zD#bmvxyBlmQRr(l$|s*1CY+IQ7DJhD0IimpfX-0+v?xuGqglnA z##})gqRc1sPsme_tlw3Y`db3$=%|P7Hx~n&-94A*xG$q!x!hOIc6}CC&V*rySE-YZ zZOoZt-&ee!&ymV6kb>x*rx_rstfd}P3V5BQ4pzrv)ES7*-Y$| zb7uAvxnIexnn9)T)3=QNwFPgy;e`$+dM&mQsPAHYtm>DCx85ZpeGJgREs6&G$M}?i zr3?jG`K_untixifS*Fnw;t$+cuseN`xQBLp`wQ^XolC8sZar^^BGK$%P|Z&GmV|%Z zF@qA*>Fwx_T@|UdSl37moUDka>gNZMdYIB>*O>}`iRhDM;?_v3G2yCKsCK4vrZtp&w6P;&cx#O9fa-BUdr2Ahc4MYUE$ju=c1OteDYR3xba+lw# zf=EpjxDtFx6(Yk*x%v6#(a5pPbVx_U)Gl-@QCS) zC}WR2Z-<^&KqBxuY27RPi@ey)ku_NUad$3@06>jhaamwX-X}CEXq*1qsm1bmWx^Wq z_xLJ`7m~l`(q$`yX%ebQ2|xw0jC{xF+Ii};B+BfxKJv%lW37rY0lRl04?`jmDM1?} zu9`g0YocbCtztdb;|wsSU>_&MiNLfVvKDVzHMs)f^g7Kt++p)l8#*?@;(+&tKaJF~ zUkBwEkSt0ZTNBcx%e>fUVB~4Bq{fs+5OOlm-;F0eezY%o(Ln0t1MOE z?HeDnfIY~v2^|i(RhzwlOgy0qkLH^@hzEV1Fi%-XRMwhOq%386;o1v&D-&)0&CPKE z^(<8D3DRZ}{Wd1(t2q=}h`*w@FdvSQMoEXhC$oA8`D7JzvKa&Rp9#foF{6~e zJtL4%_+Bnr1?TD!n6^KFYWmDrg<5{uGy(_{)zmcrNr;(6Me$^*l-5!i zN$lBq_9@Gq*yovSS)Z;jTeN0@bjKg!ipMP1&GKy}sb)_L_5OIrwnEv}rxp!vldakd z{MnJ%zOAQ=Z?2VUnOh$18JV5c8Ys;M*|by#sXjSUl;;AssRD<)h$EU;Jk2oDdKtUO zTQ=lT&Bm-V`YbrA-;J^hMr2QWr*+i~7CfPx{K&}aIwa~)djkd#pHJRC?Pn+L@USXl z`I+kE7i5%&gobj5a~Q??&%QR{S{N$K#L|@Jz4B^Lki#|m=7x+0tWcVjwpk#gFD{hwa#nwiP;G+`FE2|< z799OF4|OkhKR~Z)lYilS<*Sc(O!vB&DAFMG64tCV=OV^y;>;L`8XH+xwaW)!a(WMv z-X*>*D%LOVtG7 z7}i(^Rg}DwJd!%+ld;?Zg{qC%2mCjSHtnoh9fi9nd@0z&U!7hwWbz%yO}}m#b!<>gxfqE%+xg&=HlLPVia>mNnGGRkdG~3)#mk3Q4FI zAz+mtJl(nb;JD`fFI5ILzmCt#)n5)#h7MxSIRM&|<=?2twqRe&dj$BZ29XpP^yno; zjTJ=cDvjhPad4A&+@FUumhCT5LXa_YH`TJK~&WgUIFA zr=x_0oCh_`64z6t8I1l(vpocc+xe?ZS&EOL8Kbi>?(CY1w^3tUAifIKLe+)HPVKvh z*QTjT-^@IwI>ww=_dV}OQ9`fw*8fW)=ZOxwk}iv@_r7<2_k2gpZi`yzTj#u5sWQ!F z0y}<)Cg(U)eOXv!YqcZ2cb>}5Ww}VUmve-&c=%2tWU?GsNF+IIf~wbGnw7XYou9bT zI%6*4AD3)`*+~b-mZm2 z#J^YJtV{omy?J`BJo@T(Ih}q?1x6pZ!_yRc{zSo(Z`Qv)=@H+v!;CdCNdL zn=;nzA0&&i%cBsaajN7f{;)C=d--k|*jjXw(q1UV^P}P0wY__8{CE z!;&&Dq{F-aJSoudkNS8t`{3%Un|4TQv590%2brI>sc|t)QjX;o?FL%t&vC1!N#$IV zY*h_p6b|=A3r1U%$q5R#gv4=%Rba0=Pw*sYmC3*QwVE4S+1rwhdT3EN(g~pnx{q!S zl=1E<7PO>Op(}gecZ~QYDSU~9Z1e}5EwZLn zpd*EgtuCSuDEOPxtw;yoWgP7BPDr^@hX(y@q5zjxh28G&d*X^xnz0A@@(-djvH|9M zjr7w@%1YJbkm!R9R=?Xmc)u04Cfp(7R7INf6bqtb2)7sZvh~8ea6M>?An>Uj-hNH<`^} zT;(guD_ci_J-qX-d~@Z?E>YDTqXjp(+Z>o*6NyAUDEF5dc+pbo01RM5a(By0jdZt9 zeRQ>7Wsg+rZjJf%;2VG55F%N;8wPoXV~Wdg1O1Htt3J2}?8W`j;UGcw4kYZUDDL?e zRg}>8-6+$aN)1MZX5iy#^A&b~0t*gq#EvF=zxg3w6C!2Vkx~NniF?P00$ie`MME7= zGEo`JehcTat7zU%&!j0>%-8d^@SgV8l*sZFtK+?w-FS_z>1m*Z3#qZ*PmU!iuUo~? z9f(ca!<+!58;*lwCym|UxFf)jr)9W6JFFFpc74UXzCT9~PmB$arFgHP7JhYbCvS$* zI8_(bG6&Vl7){1(O{1aYvoZJXA%^Xsw{S2(gjm$(epDmK zCI0XRyI)o5>+l-sWnWc(wuduR@iBEhaGwll6hNBOIecaI0)(+yjpSK8oG76e^0VKo zJOAAW$np4>96E@qM)}G$R#LlBMnX=~E6CJoMnto+iqf1z&r?d1hg74e{f5QT{Lf}P z2H(1GMZZG7OpKjS(&#wO%1Q`zV^P5vD*LW2F!+FkTY&r41Y-)c!%k|t3ip>Tj1NtI z_x?gpKL^hBzZrPT1%-tod@S8(KWMS0SztxTiJIZ7H9}L~HO)5E*8ue`53^}K5lKnCQ9`xMMl(U>%P@JXP zXJ>gNve~%W)3vDf!DRUZS31L|<@%};R#hCzOUn`Sk<<&i%+p_osXte0vFn2w4^6ZEgb}QVBj4=7k{sY4FP_Nt-^2ZIF^W90M z)rgnzfUC1 z{~xZn5&p6Et~S0Pd^3somr!=}zrzfiAOF*Mv-;$I+X(;Rsr&Gv7JP)T z84Z0Vm}v$YN`%YnN=uunoM8JulUl@lKeUAZzAP}fqbBP-IgXl)_iod|Qi2D4ys=;p zCBbA#IRF@iRHYRPV~uR+)i6mDh0B(39rv%+arG5K%_@spP(AUTLvT-&HfP8OZ>yHbHWcc4%3YC^G$dg@nfU1 z$4X8kXtfe0_%rP<8;{NAG3%8l?auOz&4~`DKmXq97s`8Cu}+b`KwO@0$Kj$}@s)(w zP2l`latVG^P8SAct@F)#YsFjIeXcHisAi@ok*78V#l?jI6E@>-SP5$}Kv=3iJSgX2|}8a>d1klhB+gw6dFX4@Y(m;IujDr zV87PjMH?yOAY?W4N%m7*MlurMTT=p$A5)kb?y4_pPYGf6C@p35dmiv+IMv;hAuf>F zth7bCwgUsT#h1YLqJdpNB9-Ync7=FPa0YM8yX%2wVPR4Aa&2+nSV1jK7V;EImX~oR z4z>L(#~S6YF-2nWm(=R+?IHF_)IxeMvI^d*RbYC^>$=cIfy>1oziup5r+?@M0#G{i zt`6U1)?=T3vjS`stvuHN{qq0TZrNZ^_&G;T^(8Vv`mW&>eXt^AnEDc(BhDt?Pp_u8 z)ZfpN*q>&t9G^7o3 z9z*Da-0pb)6a8NYYV2oMXC})5(K=>)$g8(CgoGgjZy*+kO(icWkEcI$w7*&|+TP+@ zr_C+@ihIddl9*wT6KL<8khLtXy&sbv;J?=mBE(+?|;|;HyHUa+Xunc18E;0 z9jx{&jIpIGFuR7@h_H!|6mKMWzA8810)=TuZ*Y6d7W3j1E%Z`q%Dpu*&&yFxwoGr( zd>R30dKu&p<&Dw6+IFLu7|6CVU37n=s)-NJery!7YLjP0;EbUPXJ`gAz3@1xc=}WR zk7eihJ@o{Z1Vr5}fJ&+*h6B&kS)cq(`yzfOc`NP4%sCzaW7T7f+n%!jC;{1`=LPnr z;c3ujhBTCpF452Nc^AHX2z^xo%@QW+;137u4Gl_4&qSTpo%6)1dutqHy5}WgQtEL% zki7AvZ5>_&9vVI4!vtg{LRLu~qFpO5G1oGz#)DLESj&kOvf6`VUlDbrzVM>+!nfgp zhNx92CU4Sw2(uNV3bTxg5?%P=s+o+eAqIUekA3gzaaPZEp;`Z%ghSPQ2B@fQjoI_A*jY<#))4V%fv1T8 z$H`dHa1#{TY6d;=@gED?1DcZ4&yaRvjRT)1IrBii>4>8NFn_5M5QGd#FHe3?Fd6>g z`u>Vrwl@E_Cq2IRr1JIF6fG@5F@p2XRKw&X2Ou9ZSB{<>*M|^gOr^w}O*Q8+Kd!YP z>8Rec4|zd4QL+vwD#hvUbdKG1G#rmf{8Yh>V+BM~Dk+wDwYcbJiXQi3f?cDd<}m%t zl@o{^y1zb6TgLCm?r+|3$jBxx3ZSP7=yXo1$&X@;s(b&-$JfRLKn zbdZp^-8U>oiI)lQkNJ<+pc*#U?LEf*zT;8hB#uW?)7xdQYCoj&k?lZEnJwQEV=Ny) zXREYHX^9ilCt_wK%~uzO)4}+{ZD0i}Zevqgf#n$uWL>Abv}?aIhl(gscxgxA{KHnh z7B?J$wnFIv)*P2I3J`ZfE|AFgs9wrIS(B{SywIqKMY-nwEb++@L&~1*e66B%|5jB; zXHs7lhmelqv zEw4G8r`v2B-ShGRTx=0GT4??{fOv0Q^5PIv@4~RMQWpOfr(2Tr>L!St)?yDQ)qXO;yK_twx+| z5u;Y+u^G#e!gv~MBHtaOiXK@Qk=!Zah;5xKDKStChU;NUKUsW4s)-5olri% zJ~#BuB0TB_{?r&!YhJPv&Lw?0uG}}ezbd(yablQN$`hviFo=Yd#HNFe6rq$nDKKZ| zG7cnk05)T}tr=3$;}Mxk^5hScaE5`~K$`D`s#0QLjn8u2{5JWtd08x?N<4sSM=Za) z{kgLR&?fkBRy$!iR7-YbD%0^XHF+*Rnb$m?nkj*se`3(< z`xw;s+)yEYhVIvxjw^U&p=yPnZ#=hNu~(<-LS!fTI~xM*Bfcx6KdE*R9Z^rgUZ#c{ zqnJ(lB3JGcSkdTHa?+C=8Zm z^D#M`lWYp1&=BORb((oJoOwm3QKyN!e(0rWWWWIL9!NV03#(M)`_t6(k?-wc;-d>q zmWq;WhB&g6bEEk$*VG{9<9#8JANlHYdO8UF9=do>Oa9cEcHhrP_e1I^_9&sibrg_7 zP|;%mQ3*qdcEI;q-`&jttbr0(b0}17%2m7AEw*LTXD9_HXK{la{KFPWxa0KLb+5mf zTyshK9$&+I7+wQBDE?_&?j!gObtMdoOAe3KcE1p+`ItCpEpS^%*;qe2E#Lq=)d#?K zLLi#Ohkh#zarjOfqB5%r=$`^lV?`%fq;VYvwT+be88<3S9QW024B&+~9nP(yL|1^7 zVH^N>qI5HwMOG_A@lQKPJUjf*q9fqA{R(m-f!w(nhxdG|k+P*T6 z>h+Dter>bdXJ1d?dIEISHZn(05$ODfm4)qEBw#@(8nR zO-Y^`Xty^Y=$7dho2;ss%y{y|< ze^u1Ae)Ep6Dg&>Wo<9?Uy|9Filo$1))S7@#S~&L!a6rr1%pg^@;TWZiYS?u8 z7i4{U44bNING}eCkv~7WM!EqmBm!@wfZsp^l%skM_hRY&)wK^+ zn{alC%5k5L>MBf9&{0EEQs1%mG&VJok-Zg_C7zG#TLC?uz}^~zlfUv!sX;Gle*t{+ zg6^)wUPQLr)EgJG8ZCc08ok;{`1RwCY{dQC`1Wx^s$0pzPlg4UIUTzP?8(N(ja{Q9 zS8WfI``D@azHp1#Q<&3yXWfq|HrjJ@iGaI zu+}gA(eH>Gf6VCPPT+l^D}@HcSIscK5q3}q(|6$yOTaG*m*2nNw&>1K??VNCN-r10 zG%3}<_ZFbJ_(`eOm?tF;fwDW8t_nB5mt2&14VDQpk4g=6&vID*d_$bO6JVMyUP zh8_V1o}URfm%(l{PPh+Xh5SwKn14&?c>3Rl0+`%twv!}QXeOAW+D1Knvoja5Hl=T* zksLc3%(U!jsKDAH>TfG@9;6qBjWY#?*;4|FWS>pua(TtfVBht-e7?y%U0ak>ti~5X z0lV*EcqaM5)I494>WT9pQ|z+3QRmoSY}}rsp@1o%%*Nh)cKz2PH^J8dDYGSOsUy@e z>@I%{rR3(0p%Fr|Foe2V0lXeZypiq1j4>>b^3(I!$E?Z?d^4A;NS~WK{SGgyTYRtW zv275=GG(?nBWII{ocpS^QB6{N*CXzjDft26m0}9>c1q10D>Rb!2sTKI+Nfi_xr3sl7G2e*gBoIhwb zgv$}HJem0D(v+!uu9TjRnK|ET7x{=~>s0dKApiXLNqpq{-SuYjFP~F@z z_-|BGNy)#y#`^uWh`(Uk!tUyxF=&+6hYTV2pUy|fZ$*w)+xV3u!wI^^sFas#xNKp4r7)SWc|F~1A z?|mla&%pc7;+l`{^sz^MI7cN1mZ12rE0I$^na8G}`!{I0Cy5xvy6$fJ{?+7o@8AM{ zIqrcKX8(;-au*w!P!)Xe*DDYZ?uaF-o{)+h4>&~nW10V#O^<(P{S7Vub+Z?Qq%|AF zvByvU(?eO(_}ljXtJt1T|NCSeM>(2pvW$zfd52y(;Mu%Wudm;*eZSl(c;z{zLJ(s0 zcIG^y!!n2HX^(wd3nK4VA|7{YTIFKXmwDc@;d;k@K^ZokykvvJ$}i;xOAJO^a)Pq6 z6D3ko8mqh0(gZ2qd3iU=R{MH_+bUA06Nuxof9-$(OVPZ^^-E9C(j zb>EwVwd=wL19B%ZK#EAg5=B7UX@{ah;9Mte3d@hsV*=5&0M2k_#KPw7TOtdLoh>R- zoMsNv3-Zl;s3Y|h*okn#h3A~3va8P|tYpnJ0xXWDfs8qvaD0@=rf!Il52WVjcCnMy zNb0Y<)*Fn%G?bIoa;br|Dr9$b4xYYV>G+vsCR80iIQorM#{+gE#6)*+Z8eo8%Hs@> zbcP5OByW-W3%(q_D4|?4+uo+x!V0xYd`6LF6b6RsBF}pt<~a(Ya#17Z0Y}8|4ufzY%Vu7fK8?tHGj#5@9P(CHBB3;z522V`@ diff --git a/images/web_console_9.png b/images/web_console_9.png deleted file mode 100644 index 59172254c3f83cf11aa69740f101acf034f5ff5e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 15780 zcmdtJS6EZ++AfOvDIx+YO{t>Ny9h}C1O@5RJE0@JNDoCtK|nxy2azg--fN^pnsh=! z2}o~&P!k{|SpmN}*ZkMI*0uKj5B9-607l3d<9*(z+)sTYUTG*%++estLPA2J{PMXr z3CY!$#Os>tmx;e8qAfoW|6F>btt3xUKE$*^{P36kGxcXABvrBGXO>rqpUK=`8oePQ zp<_S)xumT9XqSXUMnd`dGhILPZG;Pm-ymq-V@`KF%GqYX=aIQC&#UUH=qt*_ zi6!4CZr2JkaduFpx>K-myMQvEe&J9_ymhm-X|Y%%{o8|&J@W6p-@Ov&s($&ye|@kk zDlyDLWn%Z%Jg1!5JUL7gS8+tB5OuOE6Lmt*y+O;Y&7zb{(AjCCTMl+PGGG~O_QB^6 zQX-ioB*$OBAg%ubUR_iX!an_Q(CSibJH~~o4Og!tcZ3sw&ik!g z5tr6v**wVmF4A_k4p;``R?dA544cd|qQn2TxTYxt9ma_8V+aT@YdQ z3%3F8%v>-+D2g@|w*+V>AW`jr_oopV066=JfehwY-5@)#%QvSPS5OqZUr>bdJ5fLd zb~VX8J%uB{=-+|}z7sfa95~UPa0y|QA0}eSYG?NkTq-85DYZ{HwGgh=ahn%_&Hs1lm^JcQkK9ir=cJ; zbs!t-`D+E_hYiEFYu1zvVwt7v$i21g#IMz%jR{yjjrMH9T+5n|<|p%x;{x zay;QD0Kbq>)Q(>6tH>hE=44_Im58FUj%{C~*FfOMmgLS{%9l&CfoH3w>?d-2b%I9T zZ;qE2?4_4pD79OtGJ0RixJF#}ZIFFHHA1Pw{0?>=izQe{&uDVjq_du^4L8`&}w;Ley$-ZYl=`-<7Wg@JBYfbZD?62_H%#(F9dz3$Fim;bqPguh~g69xsS>@1u z80q6lla?85MIc%M<=5t1y&2Z-zWl=TSW-v(;Mq-d`J!&sZ8@WGIR{lyW4-V2%DD0* zXVnR)2wy_Os|v8A-&t0tdHJe2a5^!GsouoZ2Z4{pu(4V9>!VADF6gG@YQopq^N*|U zT#bh-d18+zMa%9WS=*hk6PiKbfh#OwxAu1`*}?TtkMBD#1bI>z56v0xCGytivI9$1Wiqu1Z+S)T7Uslu1iPA5 zchYYpV@+^BgR^Q5Lt3eR8Z+Efp7dcSg`PtgX}amzbWQRGJLZ#h(xJJDTnbUOHl)mh z7k7OfpUdGl*K&dfs8qb<2w=kcuMh$>!R;*jT(UhO>n5{Hg{9|`?%8SIIs-6E5nv&~ zr)#dC#J4r)d=MMr;Leh*p2)_cnp1!Z&l)9Us=d4AQauQ&2Oz$TXR8^8q(UUzNl zJNqBwb)f*&3gOB?sQ6bYR4i@cVBJd}_F#_J#i8McTU*3mj z*Qp6M`7#YW4s5sc84khkci_8;SkStfli9l6!a|fn9O1NvXa+8^glzy3U>;K87fWO3 z{R$L)gBk%z7*+8c+yvx*T_4|an`Ya9~M8^tG6YFSd)Bg zJoEMMmL-pHE2V=Z|LCdoQAMn%#`lo>K7PGW==MgkS4Raaa@0kyE%?_Yp_~@Ox8=>G z?ENyUm5oU5@3-kJu%eV%ofvjy*`Riyev@^`8FW}K_<&p!d;(}O*~=k}R}e;JVhP~k zoRi%+>V_Z~5#9s~12ByX{?+?&1T^^?{!P#Ckq&3xPXh1Xw`XBln7XUgY2B ze){=El9hS$;L79q*WWUa!+=wp+7Gr2;H5)1IFnXde5AY}l&l;0xcbBmpZyp8GWz9j zX*IJIljbmvO!cF$YYbKrPf1k}x@~5N_dxS0i2U+>md01`#HHIRNbV>u4><+`;;K1&yIJIiAqaiG?)I! zW@D)b$la|)hfBmXX?q;TD_elSWbn;2NWTW#nm0=i7Oj2!`b|60By)9G;~DA~8Shox zAreSWo%5iuItX34ku^)-^k%&)S)Ez~@;&39CQ4@+f&^zAOpP_S{YOftY1fn1UA)O1^vuF%lN%pp zSkXquP)R1Hu+Z${81=>BrK2_>SRxN+@qGehfH&~vQqM>zq|DCi&S~;G!H-pPh0QyN zkE%fcIfa_4t|L-PLLX+@|Htyut$~D?3!~fL^=A79IQcz1?~W%A@xZ?c@m%dv(rDiU z)&R0GP75h(F3OgO(*1#hfWUT@&M3gn)nc1yRY_xaP%5upjKzuh)%I63r%=%>S@nGH zHTE&lavN=-4b5tZTa@=_Uuh=+-W`?v{T+L$6Nt9NIIpZeSP)Lu(gNuSlcP&r@BmDsb> zjIw57Spx^J(cOf59GP)e!8#JS&(8aSa?Q(7Q5Z10T%!@H?`!_RY$;%rR&Agls$ADC zciO|iS6TbbT<&Zo1;8b!IzW$Ti(kdtvq5$+viTN}l%>;h)W(qOj5LlFrBEcB&$R&v z<((2OP>-#rBvOy$_dIbNHZDw=m5Q-dmIa8k5HYU_7=q1hm`DHM%_-x?9Y+g3#U03b zttt@qW>ND&L@7M#%4u6`vqzl_)_}42H#zwAlVRMRbxz=Ls9T#TzD#OrFW0vfKU;*V z-&8!AT@+EpfW8g@9zyhI9#xk)%&KOm=vXxSnty9hq-!pT_e_$v+7LdeL*U!ec_X_j zo=Ac`h!|MjG$!ydo3lm|&OYTBpMAXl=1|T70yE+@V$^nQB?gfszkjD*z{$fHy~lwr zI8#dSq9kxt{RUby@JRLC?JtP~m{C9EcKg>d1IIBkfy?T#L1&2h;{mzA{RvpM^hw=8 z4wjk>y(W85r8IvKRpd%Y=?OWWG3`4KNcaupPVrJX$1UJ0;x=0Ir}_%=jG0umM_*Q* z7FIPMlm$zCsC@Dzsnf`9t@UrWXkI6B*S77WzAiz@z^AhX>XTAOF|hhWNx=H6@>dBn zWpJc>7tt`{m0upV@CQ&YWH8syYym=Ub-5~bQMfkE5zKjmVO9l6Y)3R4_lVnjn!4OP zbph`5OpNNNB@@__>-z~8;f}{nO^)AgS;dBHXA9T@Q^siyT%SM>u;8INeuqJBz{57M z=PJ%uWhi8^6mWW)gTVH>wXSrR%`ZeE4m(Nb(bI1*xENh4sP`j=qrB*06|)EXQEd~n z^-cU$rfsRND)k@dBj+pbkC$p~eJTI~PyLehCuV9Uepy7D)Gitu6b~6JdnHMwUZ);B|fuU`0C<_1ecH#h$gIe=E15pi=C zfP^T(1%6)jb(VL{(Y6yU{R?;=v-+WRSfz2vtkNC_P~jQ5-I6sX@Lqp{o8R8|89=}$ zCm`T7CPnUWNIVmZYhi7{mXn5T*kLku-I|PjB(Ol%fW=Y*jAwIiuaJ{m9QQz2m*T*n zAQd(<=@MCrEr^aaR+(1LU=+)uqs85}`FJ4eA193aDGjbEEs(ww=bSl~?v`hmQcua1qPF&&syjjKg|wQrdq?8$n~Zgw<}76yqP*%8x%w?Tsf?~AH}(9#>5Rb&xn z{m7qR^>3mzo4MH!TT~Cft#I9BR`1-tZz5=>@SMvp91C&v*gSm?=%^ z({?G=fSxT)7cg?!1;z~C=wA|-9+q)!)~3^RA-r`CIK=s8x1fAy#dn(w{^T-&ljP{^ z7H>kGU=}g1Wj#5{k-)7QG&&PD*9H`_dlw&q@vCog+OZK}Y{r<|z(tf#;*`erC-Hep z{_+2u6WMm)DG2@9=iwL0TbWp?|4xF%`xn;j;sqovii;S9gMZeo)Vc%aPaJ;t&*F;8 zXZ5dSN&iXM7}@t`wjY`9PaqzONoW!G4b1FzBVT!AxEF)7 zd*4>;*%$YMVb!b`?B-!)+KM=06PSF-UY>yA7icRq@bm~0|10RFNeaT%`rc=c-Iw9B z*!5@4^p3Zd)Ss*beK{4Bt8RRB?~|Cv$#!2lWU(4c=g~@ytsLS?5Bij!G!V$^V0rY* z$vHtbUt~kbo-J(>@mS5eEH%>^qg4sB+;OHoZSsAOd&!AOQJ?!n*%S=WVDLRpe;-85 z)Ag@a?ilQe`WJHhDiRaVhQ@qAjZJT(r%EO41GnX|=ZTw~+N!@ED}$2v>rnN*+u@)b zhMO!NTYl8-^wx@}w|e5k9k;bJlO0*(^XgZ*rh^Rm4i(ZGQM-o6T{I0pl@4?=Hp1SC zNq*^=qw_Fc5`)cXB4OsFm5fs^=&m%?T&n<=U6Yx%WDE>*MP$Yi`^UMifl zVZV1V-nrC0T(s$hV3e_QKcBiy6@DF^od1Bn(oDMAW&9R$?L{RZIa}`6U1Cmu>HdY% zlysOU=$#^*BW(NwD%j1TXFd(j$Bz-t{`vFm$;Zaz-X7zL7N{Fo3%-xmiF*F#w5RVn zcOSkT6LPTyYp`vJimB#}XK+QT-)yh{dIiQX#sONzx6)$2jz5rzRR@Vg`mhG_2Dl%< z0XEFNLzh}m0w=Aaz$>!UMqH5*`r_(|q(Bqu>Hy(}qP@D(-y`){jcUo}8YrqSx6G?_ z#+mVQ-?C9$IsV3md_|IIXwU+y=+pA%S6`(g3nV4V=fm@)@CuAGtI@w~Bm;3_jdata z3Jz_*IQd!Rb9=;!f7xtXycq0aKB)(qF|fXvaQ-&cciTh7d1@;QJzy8a-xggu|Do(x$sqRYd?YNs=JU6y@QFkV!6X2Kaf9Bo&)3uM71l80 zn6c9L)rGI41zw&oSgSd5GV#B<-fd=odXMX6uu=M!;`hr9%0OK)Cbx7l7pTpVkEyq| zg$<3Wx94*Qx>Rv&rgJ>R1>fA5jL;-|j?FmLgVGhZ?b5c_dFgT+U84#ItZPu?^J&5;j*%kV($)IkWTO168RR2g6d&}wNz|GZ1Lv=1tnQD`%x-@4NP-6x^(1G(|Y00D) zIKEbHkfShD%Q&Bt8z9YEYjR%ld&_W+g1mg=r1kaR7?AARD*Y;`WcpBjiM`2o>TH@x zuBR`3+blw!-(X)kY8w95EXt3)pFMJAkA+US6N?h zA`FCZ@I@{$@X{>fK4WIAsbEYmYN)=)S+MqzAS(QJ=YQV?6DsJ2{b6i<2jZ=Jk&wk3 zIm_1dn0JI={zCb9GQg)4=cl=3mQwxMJ7C22U~!szuE%Y-6Z&AM#xM8K6(YM->{#5JRs8#9zL&+reXa#kHp2jU*2mp zn~6~^NodpRbjjo^a5l}g6!DDF)A%l;dgE)BM*S;WS$P4+;ni? z4s#mpy$q)qdG!sO@!T?(J`CRPI)*K}+-=x~_fC{oq+(%d{dfOL4h`LaFnGyViAc0` zt>lz0h|Py+{&5n2k&raP&pk_a6%%SD>IHE>?^HaUPh&H!f7RG(miv%LhWW73q zW3--Nzf4D4n8R?au$jmE-W zRP185A1y&pFEq)}@=jll5Q4)8;0T%3S}Xm}&jcvY)pom|p7}mHHZmWSw5zJYFUV`T zq|#NYcB$#?ByvQ85Rc$;0z-H5oA|dl^IbxmA7Nn1Q^jMQ?}}B#7?#p~1ndc0V8NET@4K ztqMrZIQmiq=*tIf4lLBuiubxEm>{P16Q5qad$Qm&tciUc$VZI2=xNVw8Ozshe`#(~ z<0cxd7Z}o@KL-0Pd_Cdh;ZGs;{Lr%f5dfUd>27|@-3fNbpGaovLI`BJ>#A9TTz;4_ zT~f>jh2w^OnVLqp&T*JqA^)DfT!j#K>(&JW&_~`XVNm#8!<5BGNw27+Gz3)F@YZFn1c`LbxV6Rs^)?J_@ zHoDg(F%Oi(2DLuLX^82?+CQdR3VN-$*b9B*)x*5m@kle3Xs?bMy3!k79v1yv)9SU7 z60R%b!L2jIZIWi3BX-ckjUXEx2{^eg_{j$uvf4WjZPjlY*MW-P899C74x zMx=hL<2>o$IlBx#QXJjsitm{7{wnvYSH3&m7x@t{QTycWGT6h#lm+?GHo5X~o0)?$ zET!_pQv0L(S?dA0LA#>fVa(pmcR4@|GZU&4aca6?I&!V8B0lTXh;5 zqdB1k_MQQiR3gdV!P9DDRFlWgKaLm8_C@5Su6$+~eYy>kT_Nt4lI23Ej-zJ$%t%4L z2>%WHzkZnVWoouFMr8i1%?ggB9Cb|%uA+?Ieq2<4lZfb{@{0{0_a%@}3zXY#d0-x6 zaRk9;I=Si*)~1^jdp!8@V=%M4!GZs5;F;-x5!rbZ_~;@4Lcgx0-B`B+}T6WZ?ckO{4!uIn4QrB+iK!58l0oE!)bm-6n3$?9FTJ`i&4a&$>1u+2$89 z4O62v70Hi6Wm(@4E>HV`WX_rCJ*oKZOC<2MN5LjsISLYRx9wv&^&n?^r%{~cCZw|> zxirGYmTO~jnrC>DGleheqxnyGzpKYr0Kr_J`MqRw+csye--#`-|F7_SNI2lH2IZ$D z)ZRaOZ%aHfm_$5_yHfAXl}QMwUH-9Y#lzG;H=uIU+$a|h|JxwsATfatZlT%2UV4+O9@d?s@WHYcs;D(W9xBp0`B_!)?h&B%Cc7{Tq1EFJ;%U6 z%B7CEwo4AB55VaYqDsEA+o84j*G0Wxc?jU_3u+|QRGkg#o9PE~+lF@cCWl#kyAVAo z@RO7Ur0cf8$kA(B!N#s!P$m`rZ4B!US&?bpHJE8o3%clg@Z|JJy8V&)NH!Pq3&X>f zbsj=LqPOZ3^*z|9!wqw2(i_RJ$csDdx-=o7BL?pnXqS3fw|edb*&}->T2xb#((8Mn#wIjFS zI7S=k7K>mX9BZg-?a*f1R|ze7K#9lwP{?ac%twu7 zNx8@u$PfG#jv=f&`kZxddGEM&Qr)Pf)Yr`@F7|oug-c8U_bPpuif*m$wC4?I?UYDp zWrjO^$s+bf&qIckin80t2Ar*Gt7~rs2d)}89_bd)Jg1LzZn_+xybSXaHJ9#~3)}eV z;B;tp-<&y28T!Ijin%*t8is`1DoN1BCi8PThCdFn{aBM11TrZyJ^Bza(7*smq=(mFmGv*Kgt6GdpbEhp{x)dpUz|hJ!ZT07=B>i(@7U!x-t!)VdspL z)(0)24l}cp)8@fJw#bu(C@brF>5{FHxzvR#eXMc&ysA{m&Y-LXru!s+Cv>|FtT;Jc z1>zDVTlpyjl$^ER0R6@j)`AlN$vD&74J`mRP5GuPDFz7`+=9FFS4pb+-~CgQLf@N< zJdUja*6v zidUb1cYl5e7)>rBvj0VDuer>42u*2Y%^v~mX@p5sQ$)Cy*E|jlrG;{+&;q}CB{*46 z^9mon*8H{GArcUm7w+h{u7kK&BW`|~SYCO#*s!u+N6ZO*FLCpR8zi8U*K#oPKb%MT zo81*BYBa5qQ3EZb_Q-pT^wj^YL2)d{iyU>po^Mhj@!VPXJVS_H zeQU|4P(u6nHorzCsWi9fW-=FMP_dYnw3GKrLCSBO9 zHYuMZ2s2L#A9mn4Df9Y)P-`~%meeWC)AlC1%-$Y}A()P5!S}!{h zRlcig5_L{@)i#;0llv=WA7i@VZAVt)bL7e7qK#?cp`UBBzCC=?zns~_o1Ihbv`Zf% z=5iwc7xseT_w04)br5XM7cA#_q9?N*7@DREtAU-$Tl3)N_7S=-s_F84Gu)&Ilh*BXhD2O^KPh)nK$-i%1lU)=l| zYgP8hN1on5|H4>N%1c>lRNa4z!^$pH9CE|OU-xz0>_MEXwfa&8Xt$HGy>^^Dd*}1_ z*0W0_UoM#a(E{v^tI3bQA8{i2$wjR-oIrs=iYe^l9`pLf7+E+s+^y&o}6 zdvYKc$qew07jOiJ zgZ|k?vTd|aZZLXM7ds+Zig}NI&VFF!6mMPNG_k`RB@~x?rP+T!*2?U2)(9kN8`Xu_ z%pWp3otCD-Yqae^r46-QzUh{6x>ocFhKR!AAU}?=b=gFF`fbwPi7@?D}rc9ElS7Ik$k*dFw75mn79#>+A7lc zaJ60xfF~jO!+Xc`k)sy2K>ac7Qw#1b7%?gocp5REJODc%MzR>^ORWev@Nu6f)-sVw z7yFJT7RP^Fy#qK#xIbA@t>I}^@RVhOAzyUuu4)%{s&wxHCcn7E)!0NN3*sS&a?pM-~BM> z+?(+{nWlVM*#N#4D2y|kFJorjk!H2wqw}~SV<5~LM?x}9M^1>TJ!4%aCHei}&;5d-g3t5!|{PdVX&TO*V8QY&Y=Qzg%5H+!q#>8JkVyMG_5%k|{5 z_$wc_yqarp5;9F3hK9esq7Fj7a?4K6C@%P%DKseCn8yw5d4Pww%oG|mlNog5{;C?J zR!i$k0?@xnll`^2P)?f~tO)%jnoy+{+#j8zl|1(5NJMTq05-g5;Cs6IfSug>DAbIg z?xHAWQkByu{dxEi35oh276Y=yue3!@nRJ-5r@W$`5}n$YGJk|rnOKGO38oJi)Qyk* zJ{H~Ue)G#Lg`TIXh8^1So=PUOfNJzwx}g#Ok7Z`A7^}!tvT>w>OL^h&Sid^WaN0L+ z5hKPhm${(v@G0rpy30DNmb0fK5(|k=nOb$S`482NKDyGGQ5^ZBo2?+MI+H48*411NUlqWQSG7V$nQH8SN1#) z)`upO<#sk|qudK%2!$y6Dc&5mg?%laRNYX)c?80sj2!+7ni>3pig2W z-Ti^J?hV(wtWv*=ayWhs>a0DzrBS@|)6>9e^JL_8r({!2nYb!~fqMx?5nwXz`rxMZ zPZ*@SkV=H+Fi3!T$N1fbz3$+th(p&QyVrcjdb)k$Rw!VsOg-0c;i(G23_2EyZ*tsv z5mM>OH&bp_CbI31@qjGHlnMSyLfN7{oreC+{xSySIA-ZMcysOpY0C97!M~c@!e11& zFRZw2%g?K9-{3H3Dn@Qvii`dzy@_=eo3ZJk! ztEh@dm@Bl_tHxqRmm`&o*z4QeWtTHt6u@o|*OtrURp+)x>}7UB9R$lK`ixEjYW)IJ zw2^;co{nUij z;oXAJlAm#c7oGI)_ivW2S9*ketM~;P?`z_dbUF0*HB=_Gv<_OIo zi4QZ!Pp3-Rn{ol`dQfTB{;tpJYEL=Em4O*zW~~!jvL#%DjyhFCwi~0$MUriH(fsiG zUyecWzo`$5;q+#vu`bZ~yt_p}RrPw)$Lk6%#$HE$dZH&n3cL%{J;xgvtaZso{fSzj zlV-z?L`yL$jHkW##%JwGS~>3e5*y;a#;T{2c}1_Am9e{g9v?dJ>d6#M@%|+)B!+%E zSdTQCubK8yP7U)kA>QhMY~$QP9($B7#1I`YF|a4L-|kYNvk8auZC8{{4+nPmd0QdV zS(h4A<2k&e=`;r#-NsJ@r`5Fronlc1^+;$ri&!4Kpm()OoXm%rE}VmUO+a)!t#;d0 z{VB~3x`DRxPVQTEuUN3roVP=3#A_Q4#;ngl*B=gMR6a;L$n{qg9aaX9uNsCV9Eh~7 zr$Bbz&wxDHQyQu-XXX1vhNacwyV()xCb{Q|A>dx*1V?;ClEk{<0Je@8XM=a=Cyu(% z(1Uz`#gDM1SNJe1_N|Ifi^FT&6&MxzFum;(WBOWZZHqvTamz4q!G>Fo^(w?Fjl@Nj zMu-Jj>ehCIkp^bK#6|s4WBV^YildfYS_~DC$^1Y_X?QfZk1}Md@>$O{=48m6`lTgt z1Ip(hgX}eGS~u5jVkIs2>IAXF0vnMwgk0tZx5*C|Pf9ddPG@*M?;>Ax&v07FUQ_2& z4Y1MsP-qSC(pq-X<~_8$qK>@g8)jnaspL4N^+f&N>Q}1zYE1uuuVxpfrtXLKK1b)P z0>zL6;j_bCe$c)#;}c=*mX+vImov+b-Md)}7U%89*F^cG5}L*2G|%8cWg1JLnR*RIe$oM(WuPhRz{H*DE)U+>=m6%XZ8jHfXD3Y`}c zb0bd_^O`B~cyn@mrg+5={V?6A<>bZrs8&^#I!AM4yZEQJ{AU7%ZC%r+88Y zTvV=~;3^!sp=5qp3mM99pMEucjKMj-&;NmaH480wu9N<)j8u$wRrQ`_n7|~w;zvbk zHkAj9v%f#@aDH<3N@7%nwn?_nF{lgo*n{TbAf%a?41MaVv8|BUe43yiPmF=?{uu|D zBtu)H)byX>a24DkP8DXiXewC5IEE7WIpxE{scG#EvS+@;^m`i{aAeH|mTX6|f%wd? z@I#*yJ0^A%5ZMm`$CsPGK$&Q<369wbjC7&otLqKi_h@;w zwD3hT5uv&8W$!hynQ4p7s^0XRU-I(Zu8I&5SrVbqE+JVYytWMZ<-}- zciN4WQw7BAG^&1j_0{K5q4;QeUxaAydndt>EH9SlP4UZt#nBIcDS(D~W?RRqgglTC zElRsWU;RY$+tX^9&9g5lj$|oYau-{tJu5X>uj#v58R&8J4>g#&&{+3;^X`0teHDCS z-{Wy|z~&&om{`WNt`3n@|75ckqtR)n#$=}}HLGQA(Jx*6lrc0R1efNVVC#b?$qU>157?8s;dWFr?;bdJCz=B}kf{I;Bg{>!Sg{=ZU&~D3;xURDO%hYSn zx)VZn$DJ=Yqx^31o^24h={*IrScj~!hRE|`8yLSmS7p(N+ko43l13pYuAm|j%Iul$qEME|KF|0@kr zxo98U`saiQ*M*z-`=6s9dH?Sp?0M0T6Sc$iq@FnaI?sj9(=1|p0(2Ki9|b93H3~ck zn$M5rm96$$Ex(#?Zw_vhu4Sh%3y@L1xn;~p>B1`G<4i2;pPyH;2)$UoE1MEM*3Yg) z=aA~lMreoFdhGeY!W#`ACN*lzH8dWkoA*JE5VsE5T+Do0qHTqKc06SEMCFlgm={0$ zEIyiudA12YBhJa#+@J1VY2b9CiyGK5>E6>oc1fN$_~P{i4$AUBLPaX7)K9+*<#%O% zTs~1Sky2tGD{6E*pC7ZR`9nu!hwRvLTH)-yCf$(v#rWXCc($c}?hbS6!Ve1rD`1>Z z+L~U_YbIzeg&0JMsXEwE$gjI>N&VRT^SuoPCRLV_I#mzjlAxC{)9HDyF_u*$RJM!l zUDgX!IyC_%F|X&R8#yoZ$;rMD%X`b2>X=& z0;Q8@lsR1;Jkcn<*9tef&EL1T0D#Ykor?;7|3dh$DA4JkF_fL^qk(ZC|6a*zLkoNQ zPn6xjLmaxU8)jS_l~MQ?&;U+q&CQet>OUwMp`r<6y_6W{z>D?1VN_9N#E>=jT+7*N zx9%!)?;K(cNecR};{X zQW1JF?)JNrSPLU|I-nM;ZsbL=^8GyQ=6dC9iM3pJ9|Q#&zB*hO*?HNM(Z%Y)%O0XZ zg?4y4AvrER^{ceLAC^E>lWL(ypTQ}vWwUM9G4~Vd)~Rm?T@4y>gE;jWDUKo)9EnF^ z`UNSP6L9GQ$ zs2@FoZcg9Exl)srGrpAVcO!Vw8(ON(oxugV<^1)bZEg_R`@Qm>*#@LppCh||`NmrH z6pCvlVvHb14x5uqvRvG?KYp{Vc=KHh3?=HDIBWT&sGq*n%+}qG!CCFayEQG~>F4(j zqfm{65+{I_6LnXJ^{`yo`P9DqyFau!Rt`h34fV(*YPUO5E=ei#OU%f-3HeR~Ze#gH zebQ#%HPbuHu}p7PzXl5L^;?hdYOxf~x4{EupA2R)Pk~Q^!rdR7&%%g|CP3R4wkRPWPCpu#Wn@; zes~h!6jXg{a@qfAzkj|@6KGZ1xdVC2ASHHApL6eYmQRmtd6oRLxnV!B4BCD0d<=ns z3>|lK1Q$t4porPS5*+t3eVOB>L%J9%4Ef4;m1XUKtj8#rl}d>BTvgt}@Er4s)X6!4 zVt+s`F|%X*~{d)Cg+A;W@>U7(O);jFrh6&q$_*@V+T_^>u>vxQvG`N-9_V&$-z$F|H4 z3!Yh%wRyqJ;1C#39A0np*SrAmO65N;lMmhlcH_J!7%Ui|Qb}(d3PJ_@XA{(s!bP+- zRyREzDpN#5m2Nga>=@p6oD`1AI-;VFbnL2qYsO%g?pgGNXhj?y_%u8W(xTW^b@z#- zNY3oLVeFS+S^yo4l{n|ajgZvN`0{S1VrLlq_SMOX|I)16(2NJ+EB*_PQl`bS0<58_ z-JW#bEq;q2mb!>@tNk73s7aMm2I*^-k3+ie7Djkg>am=X&sb4}deMhAKOanOv+k^I zObu-O>a-s|@oM1Pm~h)OejF&NZ^QitD>dlJuMNi|Rl-uwJ%4J3i6sX9FLKQq@zM<1a)l^%A?L0?6Flou&VbXbMH%yX+!bxp-@-JCv5wA4sZ za+ToP8NS7V=*{@VZ48WO1$7GUnz+$y%kternvtG%eb#TW7NiTOblLs@NL^z-0@H*n zx^ORj2VetPec5Ir{Ocz}=>5QXyAKR@6=V*JPZm{Xwf*HHc9 z&F>f}(7b2=`wc7<=m)_qCg50pt$ExQ$v0VnTmS1j<|xosw}bs#uu3pYQ^-LM{zS$i zfv+8AByqmbYhrzr2)RH>_!VF{1S83NasHG4LWlk@L&)ck|Eq!j-|qbX|Kq_q-vRyx zcuoAY{(nwt`{z8z7zeOUJ^#X*>}muOE*N4xF+duDU}Lqlb(VIjSy c9FA})-XQ*`W2m$Kx$-E#(0E=hZ}I+r0Fcau7XSbN diff --git a/log_collector/log_collector.py b/log_collector/log_collector.py deleted file mode 100644 index 31f6651..0000000 --- a/log_collector/log_collector.py +++ /dev/null @@ -1,1459 +0,0 @@ -#!/usr/bin/env python - -""" Redis Enterprise Cluster log collector script. -Creates a directory with output of kubectl for -several API objects and for pods logs unless pass a -n -parameter will run on current namespace. Run with -h to see options -""" -import argparse -import json -import logging -import os -import re -import shutil -import signal -import subprocess -import sys -import tarfile -import time -from collections import OrderedDict -from multiprocessing import Process - -RLEC_CONTAINER_NAME = "redis-enterprise-node" -OPERATOR_LABEL = "app=redis-enterprise" -MODE_RESTRICTED = "restricted" -MODE_ALL = "all" -FIRST_VERSION_SUPPORTING_RESTRICTED = "6.2.18-3" -HELM = "helm" - -MIN_KUBECTL_VERSION_SUPPORT_RETRIES = "1.23" -MIN_OC_VERSION_SUPPORT_RETRIES = "4.10" -DEFAULT_KUBECTL_VERSION = "1.22" -DEFAULT_OC_VERSION = "4.9" - -RS_LOG_FOLDER_PATH = "/var/opt/redislabs/log" -LOGGER_OUTPUT_FILE = "output.log" -logger = logging.getLogger(__name__) -logger.setLevel(logging.INFO) -LOGGER_FORMAT = '%(asctime)s - %(levelname)s - %(message)s' -logging.basicConfig(format=LOGGER_FORMAT) -VERSION_LOG_COLLECTOR = "7.4.6-2" - -TIME_FORMAT = time.strftime("%Y%m%d-%H%M%S") - -KUBCTL_DESCRIBE_RETRIES = 3 -KUBCTL_GET_YAML_RETRIES = 3 -DEBUG_INFO_PACKAGE_RETRIES = 3 -HELM_RETRIES = 3 - -TIMEOUT = 180 - -DEFAULT_K8S_CLI = "kubectl" -OC_K8S_CLI = "oc" - -OPERATOR_CUSTOM_RESOURCES = [ - "RedisEnterpriseCluster", - "RedisEnterpriseDatabase", - "RedisEnterpriseRemoteCluster", - "RedisEnterpriseActiveActiveDatabase", -] - -NON_LABELED_RESOURCES = OPERATOR_CUSTOM_RESOURCES + [ - "VolumeAttachment", - "NetworkPolicy", -] - -RESTRICTED_MODE_API_RESOURCES = NON_LABELED_RESOURCES + [ - "StatefulSet", - "Deployment", - "Service", - "ConfigMap", - "Route", - "Ingress", - "Role", - "RoleBinding", - "ClusterRole", - "ClusterRoleBinding", - "PersistentVolume", - "PersistentVolumeClaim", - "PodDisruptionBudget", - "Endpoints", - "Pod", - "CustomResourceDefinition", - "ValidatingWebhookConfiguration", - "NamespacedValidatingType", - "NamespacedValidatingRule", - "PodSecurityPolicy", - "Namespace", - "Job" -] - -OLM_RESOURCES = [ - "Role", - "RoleBinding", - "Service", - "Endpoints", -] - -ALL_ONLY_API_RESOURCES = [ - "Node", - "ResourceQuota", - "CertificateSigningRequest", - "ClusterServiceVersion", - "Subscription", - "InstallPlan", - "CatalogSource", - "ReplicaSet", - "StorageClass", - "Gateway", - "VirtualService", -] - -SHA_DIGESTS_BEFORE_RESTRICTED_MODE_SUPPORT = [ - "0f144922ea1e2d4ea72affb36238258c9f21c39d6ba9ad73da79278dde1eed37", - "97ffbde86f27810b1a5e6fee7ec53683f49b650cc33c327696be66d04e10bf31", - "53b008cecf3807d51f027f21029b63dc5ad8c002c5278554ce79c008f1b97bbb", - "b771ef87bf211c17c37df028c202aac97170fb6d7d5d49b3ccb3410deb8212f6", - "2a033d4a4ccabb4963116add69fc8e91770ee627f6b974879d8dd7ddddebce47" -] - -MISSING_RESOURCE = "no resources found in" -UNRECOGNIZED_RESOURCE = "error: the server doesn't have a resource type" -OLM_LABEL = "operators.coreos.com/redis-enterprise-operator-cert.%s" - - -def set_file_logger(output_dir): - """ - add a file handler to the logger - """ - path = os.path.join(output_dir, LOGGER_OUTPUT_FILE) - # verify handler is not exist - for handler in list(logger.handlers): - try: - if handler.__class__.__name__ == 'FileHandler': - if handler.baseFilename == path: - # handler already exist - continue - return - except NameError: - continue - except AttributeError: - continue - logger_file_handler = logging.FileHandler(path) - logger_file_handler.setLevel(logging.INFO) - logger_file_handler.setFormatter(logging.Formatter(LOGGER_FORMAT)) - logger.addHandler(logger_file_handler) - - -def make_dir(directory): - """ - Create an directory if not exists - """ - if not os.path.exists(directory): - # noinspection PyBroadException - try: - os.mkdir(directory) - except OSError as ex: - logger.warning("Failed to create directory %s: %s", directory, ex) - sys.exit() - - -def _filter_non_existing_namespaces(namespaces, k8s_cli): - """ - Filter non-existing namespaces from user's input - """ - return_code, out = run_shell_command( - "{} get ns -o=custom-columns=\"DATA:metadata.name\" --no-headers=true".format(k8s_cli)) - if return_code: - return [] - res = [] - existing_namespaces = set(out.split()) - for namespace in namespaces: - if namespace in existing_namespaces: - res.append(namespace) - else: - logger.warning("Namespace %s doesn't exist - Skipping", namespace) - return res - - -def _get_namespaces_to_run_on(namespace, k8s_cli): - def _get_namespace_from_config(): - config_namespace = get_namespace_from_config(k8s_cli) - if not config_namespace: - return ["default"] - return [config_namespace] - - if not namespace: - return _get_namespace_from_config() - - if namespace == 'all': - return_code, out = run_shell_command( - "{} get ns -o=custom-columns=\"DATA:metadata.name\" --no-headers=true".format(k8s_cli)) - if return_code: - logger.warning("Failed to parse namespace list - will use namespace from config: %s", out) - return _get_namespace_from_config() - return out.split() - - # comma separated string - namespaces = namespace.split(',') - existing_namespaces = _filter_non_existing_namespaces(namespaces, k8s_cli) - if not existing_namespaces: - logger.warning("Input doesn't contain an existing namespace - will use namespace from config") - return _get_namespace_from_config() - return existing_namespaces - - -# pylint: disable=R0913 -def collect_k8s_version_info(ns_output_dir, k8s_cli): - """ - Collects kubectl/oc version and cluster's k8s version - """ - cmd = f"{k8s_cli} version -o yaml" - collect_helper(ns_output_dir, cmd, "Version.yaml", "Version") - - -def collect_from_ns(namespace, output_dir, api_resources, logs_from_all_pods=False, k8s_cli_input="", - mode=MODE_RESTRICTED, skip_support_package=False, collect_empty_files=False, helm_release_name=""): - "Collect the context of a specific namespace. Typically runs in parallel processes." - set_file_logger(output_dir) - k8s_cli = detect_k8s_cli(k8s_cli_input) - k8s_cli_version = detect_k8s_cli_version(k8s_cli) - logger.info("Started collecting from namespace '%s'", namespace) - ns_output_dir = os.path.join(output_dir, namespace) - make_dir(ns_output_dir) - - selector = "" - if mode == MODE_RESTRICTED: - selector = '--selector="{}"'.format(OPERATOR_LABEL) - collect_k8s_version_info(ns_output_dir, k8s_cli) - collect_connectivity_check(namespace, ns_output_dir, k8s_cli) - get_redis_enterprise_debug_info(namespace, ns_output_dir, k8s_cli, mode, skip_support_package, k8s_cli_version) - collect_pod_rs_logs(namespace, ns_output_dir, k8s_cli, mode) - collect_resources_list(namespace, ns_output_dir, k8s_cli, mode) - collect_events(namespace, ns_output_dir, k8s_cli, mode) - collect_api_resources(namespace, ns_output_dir, k8s_cli, api_resources, selector, collect_empty_files) - collect_olm_auto_generated_resources(namespace, ns_output_dir, k8s_cli) - collect_api_resources_description(namespace, ns_output_dir, k8s_cli, api_resources, selector, collect_empty_files) - collect_olm_auto_generated_resources_description(namespace, ns_output_dir, k8s_cli) - collect_pods_logs(namespace, ns_output_dir, k8s_cli, logs_from_all_pods) - collect_helm_output(namespace, ns_output_dir, helm_release_name) - - -# pylint: disable=R0913 -def collect_resources(namespace, output_dir, api_resources, k8s_cli_input="", selector=""): - """ - Collect specific resources from specific namespace. Not meant to be used to collect RS pod logs. - """ - set_file_logger(output_dir) - k8s_cli = detect_k8s_cli(k8s_cli_input) - ns_output_dir = os.path.join(output_dir, namespace) - make_dir(ns_output_dir) - collect_api_resources(namespace, ns_output_dir, k8s_cli, api_resources, selector) - collect_api_resources_description(namespace, ns_output_dir, k8s_cli, api_resources, selector) - collect_pods_logs(namespace, ns_output_dir, k8s_cli, logs_from_all_pods=True) - - -def collect_helm_output(namespace, output_dir, helm_release_name): - """ - Collect info related to helm chart - :param namespace: namespace to collect helm resources from - :param output_dir: helm output directory - :param helm_release_name: helm release name to collect its information - :return: - """ - if not helm_release_name: - return - helm_output_dir = os.path.join(output_dir, HELM) - make_dir(helm_output_dir) - - logger.info("Namespace '%s': Collecting Helm output", namespace) - - cmd = "helm list --filter {} -n {}".format(helm_release_name, namespace) - get_helm_output(namespace, cmd, helm_output_dir, "helm_list") - - cmd = "helm get all {} -n {}".format(helm_release_name, namespace) - get_helm_output(namespace, cmd, helm_output_dir, "helm_all") - - cmd = "helm status {} --show-resources --show-desc -n {}".format(helm_release_name, namespace) - get_helm_output(namespace, cmd, helm_output_dir, "helm_status") - - -def get_helm_output(namespace, cmd, helm_output_dir, file_name): - """ - Get output related to helm by the release name given. - """ - error_template = "Namespace '{}': Failed to get Helm output, command: {}.".format(namespace, cmd) - output = run_shell_command_with_retries(cmd, HELM_RETRIES, error_template) - if output: - with open(os.path.join(helm_output_dir, file_name), "w+", encoding='UTF-8') as file_handle: - file_handle.write(output) - - -def detect_k8s_cli(k8s_cli_input=""): - "Check whether the kubernetes is openshift and use oc as needed" - if k8s_cli_input and k8s_cli_input != "auto-detect": - logger.info("Using cli-client %s", k8s_cli_input) - return k8s_cli_input - - # auto detect mode - get_nodes_cmd = "{} get nodes -o json".format(DEFAULT_K8S_CLI) - return_code, output = run_shell_command(get_nodes_cmd) - if return_code: - logger.info("Failed to run cmd %s", get_nodes_cmd) - return DEFAULT_K8S_CLI - - if output: - try: - parsed = json.loads("".join(output)) - if "items" in parsed and len(parsed["items"]) and \ - ("machine.openshift.io/machine" in parsed["items"][0]["metadata"]["annotations"] or - "node.openshift.io/os_id" in parsed["items"][0]["metadata"]["labels"]): - # this is an openshift - logger.info( - "Auto detected OpenShift, will use oc as cli tool " - "(this can be overriden using the --k8s_cli argument)") - return OC_K8S_CLI - except json.JSONDecodeError: - logger.exception( - "Failed to detect the relevant client for Kubernetes " - "(failed to parse kubectl command) will keep the default") - return DEFAULT_K8S_CLI - return DEFAULT_K8S_CLI - - -def detect_k8s_cli_version(k8s_cli): # noqa: C901 - """ - detect kubectl/oc version - """ - get_k8s_cli_version_cmd = "{} version -o json".format(k8s_cli) - - is_oc = k8s_cli.endswith(OC_K8S_CLI) - - version = DEFAULT_OC_VERSION if is_oc else DEFAULT_KUBECTL_VERSION - - # in some k8s cli versions there is a warning msg that need to be ignored, so we redirect stderr to null . - try: - with open(os.devnull, 'wb') as dev_null: - output = subprocess.check_output(get_k8s_cli_version_cmd, - shell=True, - stderr=dev_null) - except subprocess.CalledProcessError as ex: - logger.warning("Failed in shell command: %s, output: %s", - get_k8s_cli_version_cmd, ex.output) - return version - - output = native_string(output) - - if output: - try: - version = get_cli_version(output, is_oc) - # pylint: disable=W0703 - except Exception: - logger.exception("Failed to detect k8s cli version") - return version - return version - - -def parse_operator_deployment(k8s_cli, namespaces): - """ - Compare operator version with the current log_collector version. - """ - for namespace in namespaces: - try: - cmd = "{} get deployment redis-enterprise-operator -o jsonpath=" \ - "\"{{.spec.template.spec.containers[0].image}}\" -n {}".format(k8s_cli, namespace) - return_code, out = run_shell_command(cmd) - if return_code or not out: - continue - - uses_sha = "@sha256" in out - - operator_version = str.split(out, ":") - if len(operator_version) == 2: - logger.info("running with operator version: %s and log collector version: %s", - operator_version[1], VERSION_LOG_COLLECTOR) - return operator_version[1], uses_sha - # pylint: disable=W0703 - except Exception: - logger.info("Failed to parse operator deployment, ignoring ns %s", namespace) - logger.info("could not find operator version") - return "", False - - -def detect_helm(k8s_cli, namespaces): - """ - Detect if helm was used by the deployment annotations. - """ - for namespace in namespaces: - try: - cmd = "{} get deployment redis-enterprise-operator -o json -n {}".format(k8s_cli, namespace) - return_code, out = run_shell_command(cmd) - if not return_code and out: - parsed = json.loads("".join(out)) - if "meta.helm.sh/release-name" in parsed["metadata"]["annotations"]: - release_name = parsed["metadata"]["annotations"]["meta.helm.sh/release-name"] - logger.info("detected operator was installed using helm. Helm release name is %s", release_name) - return release_name - # pylint: disable=W0703 - except Exception: - logger.info("Failed to detect if helm was used, ignoring ns %s", namespace) - return "" - - -def validate_mode(mode, operator_tag, is_sha_digest): - """ - for old versions there is no way to use restricted because resources are missing labels - """ - version_supports_restricted = check_if_tag_supports_restricted(operator_tag, is_sha_digest) - if mode == MODE_RESTRICTED and not version_supports_restricted: - raise ValueError("{} is not supported for this version, please use {}".format(MODE_RESTRICTED, MODE_ALL)) - - -def is_old_sha(operator_tag): - """ - Check if the sha of the operator is older than the first that supports restricted - Note - we only started using digests recently so there is no need to list all of them - """ - return operator_tag in SHA_DIGESTS_BEFORE_RESTRICTED_MODE_SUPPORT - - -def check_if_tag_supports_restricted(operator_tag, is_sha_digest): - """ - Handle both sha tags and versions and check if they support restricted - """ - version_supports_restricted = True - if is_sha_digest: - if is_old_sha(operator_tag): - version_supports_restricted = False - else: - version_supports_restricted = check_if_version_supports_restricted(operator_tag) - return version_supports_restricted - - -def check_if_version_supports_restricted(operator_version): - """ - Compare the version to 6.2.18-3 which is the first version supporting restricted - Note - apparently there is no function in Python that is built in and supports that - """ - try: - the_version = operator_version.split("-")[0] - - parts = the_version.split(".") - if int(parts[0]) < 6: - return False - if int(parts[0]) >= 7: - return True - if int(parts[1]) > 2: - return True - if int(parts[1]) < 2: - return False - return int(parts[2]) >= 18 - # pylint: disable=W0703 - except Exception: - logger.info("issues parsing version %s", operator_version) - return True - - -def compare_versions(current_version, supported_version): - """ - Compare between the current version and the version that is supported - check if the current version is supported (current >= supported) - the versions convention is x.y - """ - try: - current = current_version.split(".") - supported = supported_version.split(".") - - if int(current[0]) < int(supported[0]): - return False - if int(current[0]) > int(supported[0]): - return True - return int(current[1]) >= int(supported[1]) - # pylint: disable=W0703 - except Exception: - logger.info("issues parsing version") - return False - - -def determine_default_mode(operator_tag, is_sha_digest): - """ - determine the default mode based on the version/sha digest - """ - version_supports_restricted = check_if_tag_supports_restricted(operator_tag, is_sha_digest) - if operator_tag == "" or version_supports_restricted: - return MODE_RESTRICTED - - return MODE_ALL - - -def run(results): - """ - Collect logs - """ - output_file_name = "redis_enterprise_k8s_debug_info_{}".format(TIME_FORMAT) - output_dir = results.output_dir - if not output_dir: - output_dir = os.getcwd() - output_dir = os.path.join(output_dir, output_file_name) - make_dir(output_dir) - - with open(os.path.join(output_dir, LOGGER_OUTPUT_FILE), "x"): - pass - - set_file_logger(output_dir) - logger.info("Started Redis Enterprise k8s log collector") - start_time = time.time() - k8s_cli = detect_k8s_cli(results.k8s_cli) - namespace_input = results.namespace - - namespaces = _get_namespaces_to_run_on(namespace_input, k8s_cli) - - # pylint: disable=global-statement, invalid-name - global TIMEOUT - # pylint: disable=locally-disabled, invalid-name - TIMEOUT = results.timeout - - mode = results.mode - operator_tag, is_sha_digest = parse_operator_deployment(k8s_cli, namespaces) - if mode: - validate_mode(mode, operator_tag, is_sha_digest) - else: - mode = determine_default_mode(operator_tag, is_sha_digest) - - helm_release_name = results.helm_release_name or detect_helm(k8s_cli, namespaces) - - api_resources = RESTRICTED_MODE_API_RESOURCES - if mode == MODE_ALL: - api_resources = api_resources + ALL_ONLY_API_RESOURCES - - collect_cluster_info(output_dir, k8s_cli) - - processes = [] - for namespace in namespaces: - proc = Process(target=collect_from_ns, - args=[namespace, output_dir, api_resources, results.logs_from_all_pods, - k8s_cli, mode, results.skip_support_package, results.collect_empty_files, - helm_release_name]) - proc.start() - processes.append(proc) - - if results.collect_istio: - proc = Process( - target=collect_resources, - args=["istio-system", output_dir, ["Pod", "Service", "ConfigMap", "Deployment", "ReplicaSet"]] - ) - proc.start() - processes.append(proc) - - for proc in processes: - proc.join() - - create_collection_report(output_dir, output_file_name, k8s_cli, namespaces, start_time, mode) - - archive_files(output_dir, output_file_name) - logger.info("Finished Redis Enterprise log collector") - logger.info("--- Run time: %d minutes ---", round(((time.time() - start_time) / 60), 3)) - - -def create_collection_report(output_dir, output_file_name, k8s_cli, namespaces, start_time, mode): - """ - create a file with some data about the collection - """ - - with open(os.path.join(output_dir, 'collection_report.json'), "w") as output_fh: - json.dump({ - "output_file_name": output_file_name, - "k8s_cli": k8s_cli, - "namespaces": namespaces, - "start_time": start_time, - "mode": mode, - "log_collector_version": VERSION_LOG_COLLECTOR - }, output_fh) - - -def get_selector(mode): - """ - selector of rs pods - """ - selector = 'redis.io/role=node' - if mode == MODE_RESTRICTED: - selector = '{},{}'.format(selector, OPERATOR_LABEL) - return selector - - -def get_non_ready_rs_pod_names(namespace, k8s_cli, mode=MODE_RESTRICTED): - """ - get names of rs pods that are not ready - """ - pod_names = [] - selector = get_selector(mode) - rs_pods = get_pods(namespace, k8s_cli, selector=selector) - if not rs_pods: - logger.info("Namespace '%s': cannot find redis enterprise pods", namespace) - return [] - - for rs_pod in rs_pods: - pod_name = rs_pod['metadata']['name'] - if "status" in rs_pod and "containerStatuses" in rs_pod["status"]: - for container_status_entry in rs_pod["status"]["containerStatuses"]: - container_name = container_status_entry['name'] - is_ready = container_status_entry["ready"] - if container_name == RLEC_CONTAINER_NAME and not is_ready: - pod_names.append(pod_name) - - return pod_names - - -def collect_pod_rs_logs(namespace, output_dir, k8s_cli, mode): - """ - get logs from rs pods that are not ready - """ - rs_pod_logs_dir = os.path.join(output_dir, "rs_pod_logs") - selector = get_selector(mode) - rs_pod_names = get_pod_names(namespace=namespace, k8s_cli=k8s_cli, selector=selector) - if not rs_pod_names: - logger.warning("Namespace '%s' Could not get rs pods list - " - "skipping rs pods logs collection", namespace) - return - make_dir(rs_pod_logs_dir) - # TODO restore usage of get_non_ready_rs_pod_names once RS bug is resolved (RED-51857) # pylint: disable=W0511 - for rs_pod_name in rs_pod_names: - pod_log_dir = os.path.join(rs_pod_logs_dir, rs_pod_name) - make_dir(pod_log_dir) - cmd = "cd \"{}\" && {} -n {} cp {}:{} ./ -c {}".format(pod_log_dir, - k8s_cli, - namespace, - rs_pod_name, - RS_LOG_FOLDER_PATH, - RLEC_CONTAINER_NAME) - return_code, out = run_shell_command(cmd) - if return_code: - logger.warning("Failed to copy rs logs from pod " - "to output directory, output:%s", out) - - else: - logger.info("Namespace '%s': " - "Collected rs logs from pod marked as not ready, pod name: %s", namespace, rs_pod_name) - - pod_config_dir = os.path.join(pod_log_dir, "config") - make_dir(pod_config_dir) - cmd = "cd \"{}\" && {} -n {} cp {}:{} ./ -c {}".format(pod_config_dir, - k8s_cli, - namespace, - rs_pod_name, - "/opt/redislabs/config", - RLEC_CONTAINER_NAME) - return_code, out = run_shell_command(cmd) - if return_code: - logger.warning("Failed to copy rs config from pod " - "to output directory, output:%s", out) - - else: - logger.info("Collected rs config from pod marked as not ready, pod name: %s", rs_pod_name) - - -def create_debug_info_package_on_pod(namespace, pod_name, attempt, k8s_cli): - """ - Execute the rladmin command to get debug info on a specific pod. - Returns: a tuple of the form (file_path, file_name) in case of success - and None otherwise. - """ - prog = "/opt/redislabs/bin/rladmin" - cmd = "{} -n {} exec {} -c {} {} cluster debug_info path /tmp" \ - .format(k8s_cli, namespace, pod_name, RLEC_CONTAINER_NAME, prog) - return_code, out = run_shell_command(cmd) - if return_code != 0 or "Downloading complete" not in out: - logger.warning("Failed running rladmin command in pod: %s (attempt %d)", - out.rstrip(), attempt) - return None - - # get the debug file name - match = re.search(r'File (/tmp/(.*\.gz))', out) - if match: - debug_file_path = match.group(1) - debug_file_name = match.group(2) - logger.info("Namespace '%s': debug info created on pod %s in path %s", - namespace, pod_name, debug_file_path) - return (debug_file_path, debug_file_name) - - logger.warning( - "Failed to extract debug info name from output (attempt %d for pod %s) - (%s)", - attempt, pod_name, out) - return None - - -def download_debug_info_package_from_pod( # pylint: disable=R0913 - namespace, output_dir, pod_name, attempt, k8s_cli, debug_file_path, debug_file_name, k8s_cli_version -): - """ - This function attempt to download debug info package from a given pod. - It should only be called once the package is created. - """ - cmd = "cd \"{}\" && {} -n {} cp {}:{} ./{}".format(output_dir, - k8s_cli, - namespace, - pod_name, - debug_file_path, - debug_file_name, - ) - if compare_versions(k8s_cli_version, get_min_cli_version(k8s_cli)): - cmd = "{} --retries={}".format(cmd, attempt) - - return_code, out = run_shell_command(cmd) - if return_code: - logger.info("Unable to copy debug info from pod %s" - "to output directory, output:%s \n Retrying from different pod", - pod_name, out) - return False - - # all is well - return True - - -def get_min_cli_version(k8s_cli): - """ - Get the minimum kubectl/oc version - """ - return MIN_OC_VERSION_SUPPORT_RETRIES if (k8s_cli and k8s_cli.endswith(OC_K8S_CLI))\ - else MIN_KUBECTL_VERSION_SUPPORT_RETRIES - - -def get_cli_version(output, is_oc): - """ - Get the client version from the version output command - """ - parsed = json.loads("".join(output)) - if is_oc: - client_version = parsed['releaseClientVersion'] - logger.info("OC Client Version: %s", client_version) - return client_version - major = parsed['clientVersion']['major'] - minor = parsed['clientVersion']['minor'] - client_version = "{}.{}".format(major, minor) - logger.info("Kubectl version found: %s", client_version) - return client_version - - -def create_and_download_debug_info_package_from_pod( - namespace, pod_name, output_dir, k8s_cli, k8s_cli_version -): - """ - This function attempts to create a debug info package on a pod and if debug - info package creation was successful, attempts downloading it. - """ - debug_info_path_and_name = None - for attempt in range(DEBUG_INFO_PACKAGE_RETRIES): - debug_info_path_and_name = create_debug_info_package_on_pod(namespace, pod_name, attempt + 1, k8s_cli) - if debug_info_path_and_name is not None: - # We managed to create the debug info package. - break - time.sleep(1) - - # If we fail creating a debug info package, there is nothing to download, so we move on to the next pod. - if debug_info_path_and_name is None: - logger.info("Namespace: %s: Failed creating debug info package on pod: %s", namespace, pod_name) - return False - - (debug_info_path, debug_info_file_name) = debug_info_path_and_name - for attempt in range(DEBUG_INFO_PACKAGE_RETRIES): - if download_debug_info_package_from_pod( - namespace, output_dir, pod_name, attempt + 1, k8s_cli, debug_info_path, debug_info_file_name, - k8s_cli_version - ): - logger.info( - "Namespace '%s': Collected Redis Enterprise cluster debug package from pod: %s", - namespace, - pod_name - ) - return True - time.sleep(1) - - # In case of a failure to fully download the archive from the pod. Make sure that partially downloaded - # archive is deleted. - file_to_delete = "{}/{}".format(output_dir, debug_info_file_name) - logger.info( - "Namespace: %s: Deleting possible partially downloaded debug package: %s", - namespace, - file_to_delete - ) - cmd = "rm {}".format(file_to_delete) - run_shell_command(cmd) - return False - - -def get_redis_enterprise_debug_info(namespace, output_dir, k8s_cli, mode, skip_support_package, k8s_cli_version): - """ - Connects to an RS cluster node, - creates and copies debug info package from a pod, preferably one that passes readiness probe - """ - selector = get_selector(mode) - rs_pods = get_pods(namespace, k8s_cli, selector=selector) - if not rs_pods: - logger.info("Namespace '%s': Cannot find redis enterprise pod", namespace) - return - - pod_names = [] - for pod in rs_pods: - if 'containerStatuses' in pod['status'] and all( - container_status['ready'] for container_status in pod['status']['containerStatuses']): - pod_names.append(pod['metadata']['name']) - if not pod_names: - logger.warning("Cannot find a ready redis enterprise pod, will use a non-ready pod") - pod_names = [pod['metadata']['name'] for pod in rs_pods] - - if not skip_support_package: - logger.info("Trying to extract debug info from RS pods: {%s}", pod_names) - for pod_name in pod_names: - if create_and_download_debug_info_package_from_pod(namespace, pod_name, output_dir, - k8s_cli, k8s_cli_version): - break - - -def collect_resources_list(namespace, output_dir, k8s_cli, mode): - """ - Prints the output of kubectl get all to a file - """ - selector = "" - if mode == MODE_RESTRICTED: - selector = '--selector="{}"'.format(OPERATOR_LABEL) - collect_helper(output_dir, - cmd="{} get all -o wide -n {} {}".format(k8s_cli, namespace, selector), - file_name="resources_list", - resource_name="resources list", - namespace=namespace) - - -def collect_cluster_info(output_dir, k8s_cli): - """ - Prints the output of kubectl cluster-info to a file - """ - collect_helper(output_dir, cmd="{} cluster-info".format(k8s_cli), - file_name="cluster_info", resource_name="cluster-info") - - -def collect_events(namespace, output_dir, k8s_cli, mode=MODE_RESTRICTED): - """ - Prints the output of kubectl get events -o wide and - kubectl get event -o yaml - """ - if mode != MODE_ALL: - logger.warning('Cannot collect events in "restricted" mode - skipping events collection') - return - # events need -n parameter in kubectl - if not namespace: - logger.warning("Cannot collect events without namespace - " - "skipping events collection") - return - cmd = "{} get events -n {} -o wide".format(k8s_cli, namespace) - collect_helper(output_dir, cmd=cmd, - file_name="events", resource_name="events", namespace=namespace) - - # We get the events in YAML format as well since in YAML format they are a bit more informative. - output = run_get_resource_yaml(namespace, "Event", k8s_cli) - with open(os.path.join(output_dir, "Event.yaml"), "w+", encoding='UTF-8') as file_handle: - file_handle.write(output) - - -def check_empty_yaml_file(out): - """ - given an output of kubectl get command in yaml format, checks whether the items list is empty - """ - for line in out.split("\n"): - if line.startswith("items"): - return line.split(":")[1].strip() == '[]' - return False - - -def detect_if_olm_deployed(namespace, k8s_cli): - """ - detect if operator was deployed using OLM - """ - cmd = f"{k8s_cli} get operators/redis-enterprise-operator-cert.{namespace} -n {namespace}" - code, _ = run_shell_command(cmd) - return code == 0 - - -def collect_olm_auto_generated_resources(namespace, ns_output_dir, k8s_cli): - """ - Creates file for each of the OLM autogenerated resources and aggregate them in their own folder - with the output of kubectl get -o yaml - """ - if not detect_if_olm_deployed(namespace, k8s_cli): - return - olm_output_dir = os.path.join(ns_output_dir, "OLM") - make_dir(olm_output_dir) - selector = f"--selector={OLM_LABEL % namespace}" - logger.info("Namespace '%s': Collecting OLM autogenerated resources", namespace) - resources_out = OrderedDict() - for resource in OLM_RESOURCES: - output = run_get_resource_yaml(namespace, resource, k8s_cli, selector) - if output: - resources_out[resource] = output - logger.info("Namespace '%s': + Collected %s", namespace, resource) - for entry, out in resources_out.items(): - with open(os.path.join(olm_output_dir, - "{}.yaml".format(entry)), "w+", encoding='UTF-8') as file_handle: - file_handle.write(out) - - -def collect_olm_auto_generated_resources_description(namespace, ns_output_dir, k8s_cli): - """ - Creates file for each of the OLM autogenerated resources and aggregate them in their own folder - with the output of kubectl get -o yaml - """ - if not detect_if_olm_deployed(namespace, k8s_cli): - return - olm_output_dir = os.path.join(ns_output_dir, "OLM") - make_dir(olm_output_dir) - selector = f"--selector={OLM_LABEL % namespace}" - logger.info("Namespace '%s': Collecting OLM autogenerated resources description", namespace) - resources_out = OrderedDict() - for resource in OLM_RESOURCES: - output = describe_resource(namespace, resource, k8s_cli, selector) - if output: - resources_out[resource] = output - logger.info("Namespace '%s': + Collected %s", namespace, resource) - for entry, out in resources_out.items(): - with open(os.path.join(olm_output_dir, - "{}.txt".format(entry)), "w+", encoding='UTF-8') as file_handle: - file_handle.write(out) - - -def collect_api_resources(namespace, output_dir, k8s_cli, api_resources, selector="", collect_empty_files=False): - """ - Creates file for each of the API resources - with the output of kubectl get -o yaml - """ - logger.info("Namespace '%s': Collecting API resources", namespace) - resources_out = OrderedDict() - message = f"Namespace '{namespace}': no resources of type %s is found" if not selector else \ - f"Namespace '{namespace}': no {extract_label(selector)} labeled resources of type %s is found" - - message = f"{message}, skip collecting empty log file" - for resource in api_resources: - if resource == "Namespace": - output = run_get_resource_yaml(namespace, resource, k8s_cli, resource_name=namespace) - elif resource in NON_LABELED_RESOURCES: - output = run_get_resource_yaml(namespace, resource, k8s_cli) - else: - output = run_get_resource_yaml(namespace, resource, k8s_cli, selector) - if output: - if check_empty_yaml_file(output) and not collect_empty_files: - logger.info(message, resource) - else: - resources_out[resource] = output - logger.info("Namespace '%s': + Collected %s", namespace, resource) - if selector: - # collect PV resource - collect_persistent_volume(namespace, k8s_cli, resources_out, "get", KUBCTL_GET_YAML_RETRIES) - for entry, out in resources_out.items(): - with open(os.path.join(output_dir, - "{}.yaml".format(entry)), "w+", encoding='UTF-8') as file_handle: - file_handle.write(out) - - -def check_empty_desc_file(out): - """ - check if output of kubectl describe resource is empty - """ - return MISSING_RESOURCE in out.lower() - - -def extract_label(selector): - """given a selector, extract the label itself""" - return selector.split('=')[-1][:-1] - - -def collect_api_resources_description(namespace, output_dir, k8s_cli, api_resources, selector="", - collect_empty_files=False): - """ - Creates file for each of the API resources - with the output of kubectl describe - """ - logger.info("Namespace '%s': Collecting API resources description", namespace) - resources_out = OrderedDict() - message = f"Namespace '{namespace}': no resources of type %s is found" if not selector else \ - f"Namespace '{namespace}': no {extract_label(selector)} labeled resources of type %s is found" - - message = f"{message}, skip collecting empty log file" - for resource in api_resources: - if resource == "Namespace": - output = describe_resource(namespace, resource, k8s_cli, resource_name=namespace) - elif resource in NON_LABELED_RESOURCES: - output = describe_resource(namespace, resource, k8s_cli) - else: - output = describe_resource(namespace, resource, k8s_cli, selector) - if output: - if check_empty_desc_file(output) and not collect_empty_files: - logger.info(message, resource) - else: - resources_out[resource] = output - logger.info("Namespace: '%s' + Collected %s", namespace, resource) - if selector: - # collect PV resource - collect_persistent_volume_description(namespace, k8s_cli, resources_out, KUBCTL_DESCRIBE_RETRIES) - for entry, out in resources_out.items(): - with open(os.path.join(output_dir, - "{}.txt".format(entry)), "w+", encoding='UTF-8') as file_handle: - file_handle.write(out) - - -def collect_persistent_volume(namespace, k8s_cli, resources_out, collect_func, retries): - """ - Collect PersistentVolume resource - get volumes names of the PersistentVolumeClaim with operator label - """ - resource = "PersistentVolume" - output = collect_pv_by_pvc_names(namespace, k8s_cli, collect_func, retries) - if output: - resources_out["PersistentVolume"] = output - logger.info("Namespace '%s': + Collected %s", namespace, resource) - - -def collect_persistent_volume_description(namespace, k8s_cli, resources_out, retries): - """ - Collect PersistentVolume resource - get volumes names of the PersistentVolumeClaim with operator label - """ - resource = "PersistentVolume" - output = collect_pv_by_pvc_name_description(namespace, k8s_cli, retries) - if output: - resources_out["PersistentVolume"] = output - logger.info("Namespace '%s': + Collected %s", namespace, resource) - - -def get_pv_names(k8s_cli, namespace, error_template): - """ - get volumes names from the PersistentVolumeClaim - """ - cmd = "{} get -n {} PersistentVolumeClaim --selector={} -o=custom-columns=VOLUME:.spec.volumeName --no-headers" \ - .format(k8s_cli, namespace, OPERATOR_LABEL) - missing_resource_template = f"Namespace '{namespace}': Skip collecting information for PersistentVolumeClaim. " \ - f"Server has no resource of type PersistentVolumeClaim" - output = run_shell_command_with_retries(cmd, KUBCTL_GET_YAML_RETRIES, error_template, missing_resource_template) - return output.split() - - -def collect_pv_by_pvc_names(namespace, k8s_cli, collect_func, retries): - """ - Collect PersistentVolume resource (get/describe - collect_func) when use restricted mode - """ - pv_output = "" - error_template = "Namespace '{}': Failed to get {} resource: {{}}.".format(namespace, "PersistentVolumeClaim") - volumes_names = get_pv_names(k8s_cli, namespace, error_template) - for volume in volumes_names: - if volume == "": - logger.info('skipping nameless pvc') - continue - cmd = "{} {} -n {} {} --field-selector=metadata.name={} -o yaml".format(k8s_cli, collect_func, - namespace, - "PersistentVolume", - volume) - # cmd = f"kubectl get pv --field-selector=metadata.name={pv}" - missing_resource_template = f"Namespace '{namespace}': Skip collecting information for" \ - f" PersistentVolume - {volume}. " \ - f"Server has no resource of type PersistentVolume - {volume}" - output = run_shell_command_with_retries(cmd, retries, error_template, missing_resource_template) - pv_output = pv_output + output - return pv_output - - -def collect_pv_by_pvc_name_description(namespace, k8s_cli, retries): - """ - Collect PersistentVolume resource description - """ - pv_output = "" - error_template = "Namespace '{}': Failed to get {} resource: {{}}.".format(namespace, "PersistentVolumeClaim") - volumes_names = get_pv_names(k8s_cli, namespace, error_template) - for volume in volumes_names: - if volume == "": - logger.info('skipping nameless pvc') - continue - # get the PV name and then run with describe - cmd = "{} get -n {} {} --field-selector=metadata.name={} -o=name".format(k8s_cli, namespace, "PersistentVolume", - volume) - # cmd = f"kubectl get pv --field-selector=metadata.name={pv}" - missing_resource_template = f"Namespace '{namespace}': Skip collecting information for PersistentVolume - " \ - f"{volume}. Server has no resource of type PersistentVolume - {volume}" - pv_name = run_shell_command_with_retries(cmd, retries, error_template, missing_resource_template) - cmd = "{} describe -n {} {}".format(k8s_cli, namespace, pv_name) - missing_resource_template = f"Namespace '{namespace}': Skip collecting description for PersistentVolume - " \ - f"{volume}. Server has no resource of type PersistentVolume - {volume}" - output = run_shell_command_with_retries(cmd, retries, error_template, missing_resource_template) - pv_output = pv_output + output - return pv_output - - -def collect_pods_logs(namespace, output_dir, k8s_cli, logs_from_all_pods=False): - """ - Collects all the pods logs from given namespace - """ - logger.info("Namespace '%s': Collecting pods' logs:", namespace) - logs_dir = os.path.join(output_dir, "pods") - - if logs_from_all_pods: - pods = get_pod_names(namespace, k8s_cli) - else: - pods = [] - for selector in ["app=redis-enterprise", "name=redis-enterprise-operator"]: - pods.extend(get_pod_names(namespace, k8s_cli, selector)) - - if not pods: - logger.warning("Namespace '%s' Could not get pods list - " - "skipping pods logs collection", namespace) - return - - make_dir(logs_dir) - - for pod in pods: - collect_logs_from_pod(namespace, pod, logs_dir, k8s_cli) - - -def collect_connectivity_check(namespace, output_dir, k8s_cli): - """ - Collect connectivity checks to files (using certain ns). - """ - # Verify with curl. - if sys.platform != 'win32': - cmd = "{} config view --minify -o ".format(k8s_cli) + "jsonpath='{.clusters[0].cluster.server}'" - _, api_server = run_shell_command(cmd) - if api_server: - collect_helper(output_dir, - cmd="curl -k -v {}/api/".format(api_server), - file_name="connectivity_check_via_curl", - resource_name="connectivity check via curl") - # Verify with kubectl. - collect_helper(output_dir, - cmd="{} get all -v=6 -n {}".format(k8s_cli, namespace), - file_name="connectivity_check_via_k8s_cli", - resource_name="connectivity check via k8s cli", - namespace=namespace) - - -def archive_files(output_dir, output_dir_name): - """ - Create a compressed tar out of the debug file collection - """ - - file_name = output_dir + ".tar.gz" - - logger.info("Archiving files into %s", file_name) - with tarfile.open(file_name, "w|gz") as tar: - tar.add(output_dir, arcname=output_dir_name) - logger.info("Archived files into %s", file_name) - - try: - shutil.rmtree(output_dir) - except OSError as ex: - logger.warning("Failed to delete directory after archiving: %s", ex) - - -def get_pods(namespace, k8s_cli, selector=""): - """ - Returns list of pods - """ - if selector: - selector = '--selector="{}"'.format(selector) - cmd = '{} get pod -n {} {} -o json '.format(k8s_cli, namespace, selector) - return_code, out = run_shell_command(cmd) - if return_code: - logger.warning("Failed to get pods: %s", out) - return None - return json.loads(out)['items'] - - -def get_list_of_containers_from_pod(namespace, pod_name, k8s_cli): - """ - Returns list of containers from a given pod - """ - cmd = "{} get pod {} -o jsonpath=\"{{.spec.containers[*].name}}\" -n {}".format(k8s_cli, pod_name, namespace) - return_code, out = run_shell_command(cmd) - if return_code: - logger.warning("Failed to get containers from pod: %s", out) - return None - return out.split() - - -def get_list_of_init_containers_from_pod(namespace, pod_name, k8s_cli): - """ - Returns a list of init containers from a given pod. - """ - cmd = "{} get pod {} -o jsonpath=\"{{.spec.initContainers[*].name}}\" -n {}".format(k8s_cli, pod_name, namespace) - return_code, out = run_shell_command(cmd) - if return_code: - logger.warning("Failed to get init containers from pod: %s", out) - return None - return out.split() - - -def collect_logs_from_pod(namespace, pod, logs_dir, k8s_cli): - """ - Helper function getting logs of a pod - """ - containers = get_list_of_containers_from_pod(namespace, pod, k8s_cli) - init_containers = get_list_of_init_containers_from_pod(namespace, pod, k8s_cli) - containers.extend(init_containers) - if containers is None: - logger.warning("Namespace '%s' Could not get containers for pod: %s list - " - "skipping pods logs collection", namespace, pod) - return - for container in containers: - cmd = "{} logs -c {} -n {} {}" \ - .format(k8s_cli, container, namespace, pod) - with open(os.path.join(logs_dir, "{}-{}.log".format(pod, container)), - "w+", encoding='UTF-8') as file_handle: - _, output = run_shell_command(cmd) - file_handle.write(output) - - # operator and admission containers restart after changing the operator-environment-configmap - # getting the logs of the containers before the restart can help us with debugging potential bugs - get_logs_before_restart_cmd = "{} logs -c {} -n {} {} -p" \ - .format(k8s_cli, container, namespace, pod) - err_code, output = run_shell_command(get_logs_before_restart_cmd) - container_log_before_restart_file = os.path.join(logs_dir, - '{}-{}-instance-before-restart.log'.format(pod, container)) - if err_code == 0: # Previous container instance found; did restart. - with open(container_log_before_restart_file, "w+", encoding='UTF-8') as file_handle: - file_handle.write(output) - - logger.info("Namespace '%s': + %s-%s", namespace, pod, container) - - -def get_pod_names(namespace, k8s_cli, selector=""): - """ - Returns list of pod names - """ - pods = get_pods(namespace, k8s_cli, selector) - if not pods: - logger.info("Namespace '%s': Cannot find pods", namespace) - return [] - return [pod['metadata']['name'] for pod in pods] - - -def get_namespace_from_config(k8s_cli): - """ - Returns the namespace from current context if one is set OW None - """ - # find namespace from config file - cmd = "{} config view -o json".format(k8s_cli) - return_code, out = run_shell_command(cmd) - if return_code: - return None - config = json.loads(out) - current_context = config.get('current-context') - if not current_context: - return None - - for context in config.get('contexts', []): - if context['name'] == current_context: - if context['context'].get("namespace"): - return context['context']["namespace"] - break - return None - - -def collect_helper(output_dir, cmd, file_name, resource_name, namespace=None): - """ - Runs command, write output to file_name, logs the resource_name - """ - return_code, out = run_shell_command(cmd) - if return_code: - logger.warning("Error when running %s: %s", cmd, out) - return - path = os.path.join(output_dir, file_name) - with open(path, "w+", encoding='UTF-8') as file_handle: - file_handle.write(out) - logger.info("Namespace '%s': Collected %s", namespace, resource_name) - - -def native_string(input_var): - """ - Decode a variable to utf-8 if it is not a string - """ - if isinstance(input_var, str): - return input_var - - return input_var.decode('utf-8', 'replace') - - -def run_get_resource_yaml(namespace, resource_type, k8s_cli, selector="", resource_name=""): - """ - Runs kubectl get command with yaml format - """ - cmd = "{} get -n {} {} {} {} -o yaml".format(k8s_cli, namespace, resource_type, resource_name, selector) - error_template = "Namespace '{}': Failed to get {} resource: {{}}.".format(namespace, resource_type) - missing_resource_template = f"Namespace '{namespace}': Skip collecting information for {resource_type}. " \ - f"Server has no resource of type {resource_type}" - return run_shell_command_with_retries(cmd, KUBCTL_GET_YAML_RETRIES, error_template, missing_resource_template) - - -def handle_unsuccessful_cmd(out, error_template, missing_resource_template): - """ - function to choose whether to log in info or in warning according to output - """ - if MISSING_RESOURCE in out.lower() or UNRECOGNIZED_RESOURCE in out.lower(): - logger.info(missing_resource_template) - else: - logger.warning(error_template.format(out.rstrip())) - - -def run_shell_command_with_retries(cmd, retries, error_template, missing_resource_template=""): - """ - Run a shell command, retrying up to attempts. - When the command fails with a non-zero exit code, the output is printed - using the provided string ('{}'-style template). - Repeated error messages are supressed. - """ - prev_out = None - for _ in range(retries): - return_code, out = run_shell_command(cmd) - if return_code == 0: - return out - if out is not None and out != prev_out: - handle_unsuccessful_cmd(out, error_template, missing_resource_template) - prev_out = out - return None - - -def run_shell_command(args): - """ - Run a shell command - """ - # to allow timeouts to work in windows, - # would need to find another mechanism that signal.alarm based - if sys.platform == 'win32' or TIMEOUT == 0: - return run_shell_command_regular(args) - - return run_shell_command_timeout(args) - - -def run_shell_command_regular(args): - """ - Returns a tuple of the shell exit code, output - """ - try: - output = subprocess.check_output(args, - shell=True, - stderr=subprocess.STDOUT) - except subprocess.CalledProcessError as ex: - logger.warning("Failed in shell command: %s, output: %s", - args, ex.output) - return ex.returncode, native_string(ex.output) - - return 0, native_string(output) - - -def run_shell_command_timeout(args, cwd=None, shell=True, env=None): - """ - Utility function to run a shell command with a timeout - """ - - def get_process_children(parent): - piped_process = subprocess.Popen('ps --no-headers -o pid ' # pylint: disable=R1732 - '--ppid %d' % parent, - shell=True, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - stdout, _ = piped_process.communicate() - return [int(proc) for proc in stdout.split()] - - # no need for pass here: - # https://github.com/PyCQA/pylint/issues/2616#issuecomment-442738701 - # do not remove the doc string - code would break - class Alarm(Exception): - """ - Custom alarm exception - """ - - def alarm_handler(_, __): - raise Alarm - - piped_process = subprocess.Popen(args, # pylint: disable=R1732 - shell=shell, - cwd=cwd, - stdout=subprocess.PIPE, - stderr=subprocess.STDOUT, - env=env) - if TIMEOUT != 0: - signal.signal(signal.SIGALRM, alarm_handler) - signal.alarm(TIMEOUT) - try: - output, _ = piped_process.communicate() - # disable alarm after process returns - signal.alarm(0) - except Alarm: - logger.warning("cmd: %s timed out", args) - pids = [piped_process.pid] - pids.extend(get_process_children(piped_process.pid)) - for pid in pids: - # process might have died before getting to this line - # so wrap to avoid OSError: no such process - try: - os.kill(pid, signal.SIGKILL) - except OSError: - pass - return -9, "cmd: %s timed out" % args - - return piped_process.returncode, native_string(output) - - -def describe_resource(namespace, resource_type, k8s_cli, selector="", resource_name=""): - """ - Runs kubectl describe command - """ - cmd = "{} describe -n {} {} {} {}".format(k8s_cli, namespace, resource_type, resource_name, selector) - error_template = "Namespace '{}': Failed to describe {} resource: {{}}.".format(namespace, resource_type) - missing_resource_template = f"Namespace '{namespace}': Skip collecting description for {resource_type}. " \ - f"Server has no resource of type {resource_type}" - return run_shell_command_with_retries(cmd, KUBCTL_GET_YAML_RETRIES, error_template, missing_resource_template) - - -def check_not_negative(value): - """ - Validate a numeric option is not negative - """ - ivalue = int(value) - if ivalue < 0: - raise argparse.ArgumentTypeError("%s can't be less than 0" % value) - return ivalue - - -if __name__ == "__main__": - - # pylint: disable=locally-disabled, invalid-name - parser = argparse.ArgumentParser(description='Redis Enterprise' - ' K8s log collector') - - parser.add_argument('-n', '--namespace', action="store", type=str, - help="pass namespace name or comma separated list or 'all' " - "when left empty will use namespace from kube config") - parser.add_argument('-o', '--output_dir', action="store", type=str) - parser.add_argument('-a', '--logs_from_all_pods', action="store_true", - help="collect logs from all pods, not only the operator and pods run by the operator") - parser.add_argument('-t', '--timeout', action="store", - type=check_not_negative, default=TIMEOUT, - help="time to wait for external commands to " - "finish execution " - "(default: 180s, specify 0 to not timeout) " - "(Linux only)") - parser.add_argument('--k8s_cli', action="store", type=str, - help="Which K8s cli client to use (kubectl/oc/auto-detect). " - "Defaults to auto-detect (chooses between \"kubectl\" and \"oc\"). " - "Full paths can also be used.") - parser.add_argument('-m', '--mode', action="store", type=str, - choices=[MODE_RESTRICTED, MODE_ALL], - help="Which mode to run the log collector. The options are:" - "1. restricted (default for clusters of version 6.2.18 and newer) - " - "collect only resources that are related to the operator," - " and has the label \"app=redis-enterprise\". " - "2. all - collect all resources") - parser.add_argument('--collect_istio', action="store_true", - help="collect data from istio-system namespace to debug potential " - "problems related to istio ingress method") - parser.add_argument('--skip_support_package', action="store_true", - help="not collect RS support package") - parser.add_argument('--collect_empty_files', action="store_true", - help='collect empty log files for missing resources') - parser.add_argument('--helm_release_name', action="store", type=str, - help='collect resources related to helm release name') - parser.set_defaults(collect_istio=False) - run(parser.parse_args()) diff --git a/multi-namespace-redb/README.md b/multi-namespace-redb/README.md deleted file mode 100644 index 0e29ef4..0000000 --- a/multi-namespace-redb/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Multi-Namespaced REDB - -This content has moved to [docs.redis.com](https://docs.redis.com/latest/); see [Manage databases in multiple namespaces](https://docs.redis.com/latest/kubernetes/re-clusters/multi-namespace/). \ No newline at end of file diff --git a/multi-namespace-redb/operator.yaml b/multi-namespace-redb/operator.yaml deleted file mode 100644 index 32076d8..0000000 --- a/multi-namespace-redb/operator.yaml +++ /dev/null @@ -1,134 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator -spec: - replicas: 1 - selector: - matchLabels: - name: redis-enterprise-operator - strategy: - type: Recreate - template: - metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator - spec: - containers: - - command: - - operator-root - - operator - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: redis-enterprise-operator - envFrom: - - configMapRef: - name: "operator-environment-config" - optional: true - image: redislabs/operator:7.4.6-2 - imagePullPolicy: Always - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: redis-enterprise-operator - ports: - - containerPort: 8080 - resources: - limits: - cpu: 4000m - memory: 512Mi - requests: - cpu: 500m - memory: 256Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - - command: - - operator-root - - admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - envFrom: - - configMapRef: - name: "operator-environment-config" - optional: true - image: redislabs/operator:7.4.6-2 - imagePullPolicy: Always - livenessProbe: - failureThreshold: 3 - httpGet: - path: /liveness - port: 8443 - scheme: HTTPS - initialDelaySeconds: 15 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: admission - ports: - - containerPort: 8443 - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8443 - scheme: HTTPS - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: 1000m - memory: 512Mi - requests: - cpu: 250m - memory: 256Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - securityContext: - seccompProfile: - type: RuntimeDefault - runAsNonRoot: true - serviceAccountName: redis-enterprise-operator diff --git a/multi-namespace-redb/operator_cluster_role.yaml b/multi-namespace-redb/operator_cluster_role.yaml deleted file mode 100644 index dca68fe..0000000 --- a/multi-namespace-redb/operator_cluster_role.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: redis-enterprise-operator-consumer-ns - labels: - app: redis-enterprise -rules: - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["list", "watch"] diff --git a/multi-namespace-redb/operator_cluster_role_binding.yaml b/multi-namespace-redb/operator_cluster_role_binding.yaml deleted file mode 100644 index 84c2c22..0000000 --- a/multi-namespace-redb/operator_cluster_role_binding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: redis-enterprise-operator-consumer-ns - labels: - app: redis-enterprise -subjects: -- kind: ServiceAccount - name: redis-enterprise-operator - namespace: NAMESPACE_OF_SERVICE_ACCOUNT -roleRef: - kind: ClusterRole - name: redis-enterprise-operator-consumer-ns - apiGroup: rbac.authorization.k8s.io diff --git a/multi-namespace-redb/role.yaml b/multi-namespace-redb/role.yaml deleted file mode 100644 index b9c7953..0000000 --- a/multi-namespace-redb/role.yaml +++ /dev/null @@ -1,23 +0,0 @@ -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: redb-role - labels: - app: redis-enterprise -rules: - - apiGroups: - - app.redislabs.com - resources: ["redisenterprisedatabases", "redisenterprisedatabases/status", "redisenterprisedatabases/finalizers"] - verbs: ["delete", "get", "list", "patch", "create", "update", "watch"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["update", "get", "watch", "create", "patch", "list"] - - apiGroups: [""] - resources: ["endpoints"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["events"] - verbs: ["create"] - - apiGroups: [""] - resources: ["services"] - verbs: ["get", "list", "update", "patch", "create", "delete", "watch"] diff --git a/multi-namespace-redb/role_binding.yaml b/multi-namespace-redb/role_binding.yaml deleted file mode 100644 index 56417ad..0000000 --- a/multi-namespace-redb/role_binding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: redb-role - labels: - app: redis-enterprise -subjects: -- kind: ServiceAccount - name: redis-enterprise-operator - namespace: NAMESPACE_OF_SERVICE_ACCOUNT -- kind: ServiceAccount - name: NAME_OF_REC_SERVICE_ACCOUNT # service account of the REC, usually the same as the name of the custom resource - namespace: NAMESPACE_OF_SERVICE_ACCOUNT -roleRef: - kind: Role - name: redb-role - apiGroup: rbac.authorization.k8s.io diff --git a/openshift.bundle.yaml b/openshift.bundle.yaml deleted file mode 100644 index 2a1e11b..0000000 --- a/openshift.bundle.yaml +++ /dev/null @@ -1,16868 +0,0 @@ ---- ---- -apiVersion: security.openshift.io/v1 -kind: SecurityContextConstraints -metadata: - name: redis-enterprise-scc-v2 - annotations: - kubernetes.io/description: redis-enterprise-scc is the minimal SCC needed to run Redis Enterprise nodes on Kubernetes. It provides the same features as restricted-v2 SCC, but allows pods to enable the SYS_RESOURCE capability, which is required by Redis Enterprise nodes to manage file descriptor limits and OOM scores for database shards. Additionally, it requires pods to run as UID/GID 1001, which are the UID/GID used within the Redis Enterprise node containers. -allowedCapabilities: - - SYS_RESOURCE -allowHostDirVolumePlugin: false -allowHostIPC: false -allowHostNetwork: false -allowHostPID: false -allowHostPorts: false -allowPrivilegeEscalation: false -allowPrivilegedContainer: false -readOnlyRootFilesystem: false -runAsUser: - type: MustRunAs - uid: 1001 -fsGroup: - type: MustRunAs - ranges: - - min: 1001 - max: 1001 -seLinuxContext: - type: MustRunAs -seccompProfiles: - - runtime/default -supplementalGroups: - type: RunAsAny ---- ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator -rules: - - apiGroups: - - rbac.authorization.k8s.io - - "" - resources: - - roles - - serviceaccounts - - rolebindings - verbs: - - create - - get - - update - - patch - - delete - - apiGroups: - - app.redislabs.com - resources: - - redisenterpriseclusters - - redisenterpriseclusters/status - - redisenterpriseclusters/finalizers - - redisenterprisedatabases - - redisenterprisedatabases/status - - redisenterprisedatabases/finalizers - - redisenterpriseremoteclusters - - redisenterpriseremoteclusters/status - - redisenterpriseremoteclusters/finalizers - - redisenterpriseactiveactivedatabases - - redisenterpriseactiveactivedatabases/status - - redisenterpriseactiveactivedatabases/finalizers - verbs: - - delete - - get - - list - - patch - - create - - update - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - update - - get - - create - - patch - - delete - - list - - watch - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - apps - resources: - - deployments - - statefulsets - - replicasets - verbs: - - create - - delete - - get - - patch - - update - - list - - watch - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - create - - delete - - get - - list - - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - update - - watch - - list - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - update - - list - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - update - - patch - - delete - - watch - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - update - - patch - - create - - delete - - watch - - apiGroups: - - policy - resourceNames: - - redis-enterprise-psp - resources: - - podsecuritypolicies - verbs: - - use - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - patch - - delete - - list - - update - - get - - watch - - apiGroups: - - networking.istio.io - resources: - - gateways - - virtualservices - verbs: - - get - - list - - update - - patch - - create - - delete - - watch - - apiGroups: - - route.openshift.io - resources: - - routes - - routes/custom-host - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - security.openshift.io - resourceNames: - - nonroot - resources: - - securitycontextconstraints - verbs: - - use ---- ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator ---- ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: redis-enterprise-operator -subjects: - - kind: ServiceAccount - name: redis-enterprise-operator ---- ---- -apiVersion: v1 -kind: Service -metadata: - name: admission - labels: - app: redis-enterprise -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 8443 - selector: - name: redis-enterprise-operator ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: redisenterpriseclusters.app.redislabs.com - labels: - app: redis-enterprise -spec: - group: app.redislabs.com - names: - kind: RedisEnterpriseCluster - listKind: RedisEnterpriseClusterList - plural: redisenterpriseclusters - singular: redisenterprisecluster - shortNames: - - rec - scope: Namespaced - preserveUnknownFields: false - versions: - - name: v1 - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .spec.nodes - name: Nodes - type: string - - jsonPath: .spec.redisEnterpriseImageSpec.versionTag - name: Version - type: string - - jsonPath: .status.state - name: State - type: string - - jsonPath: .status.specStatus - name: Spec Status - type: string - - jsonPath: .status.licenseStatus.licenseState - name: License State - type: string - - jsonPath: .status.licenseStatus.shardsLimit - name: Shards Limit - type: string - - jsonPath: .status.licenseStatus.expirationDate - name: License Expiration Date - type: string - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - schema: - openAPIV3Schema: - description: RedisEnterpriseCluster is the Schema for the redisenterpriseclusters - API - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - status: - type: object - properties: - specStatus: - type: string - state: - type: string - modules: - type: array - items: - type: object - properties: - name: - type: string - displayName: - type: string - versions: - type: array - items: - type: string - ocspStatus: - description: An API object that represents the cluster's OCSP status - properties: - certStatus: - description: Indicates the proxy certificate status - GOOD/REVOKED/UNKNOWN. - type: string - nextUpdate: - description: The time at or before which newer information will - be available about the status of the certificate (if available) - type: string - producedAt: - description: The time at which the OCSP responder signed this - response. - type: string - responderUrl: - description: The OCSP responder url from which this status came - from. - type: string - revocationTime: - description: The time at which the certificate was revoked or - placed on hold. - type: string - thisUpdate: - description: The most recent time at which the status being indicated - is known by the responder to have been correct. - type: string - type: object - licenseStatus: - type: object - properties: - licenseState: - type: string - activationDate: - type: string - expirationDate: - type: string - shardsLimit: - type: integer - bundledDatabaseVersions: - description: Versions of open source databases bundled by Redis Enterprise - Software - please note that in order to use a specific version it - should be supported by the ‘upgradePolicy’ - ‘major’ or ‘latest’ according - to the desired version (major/minor) - items: - properties: - dbType: - type: string - major: - type: boolean - version: - type: string - required: - - dbType - - version - type: object - type: array - managedAPIs: - description: Indicates cluster APIs that are being managed by the - operator. This only applies to cluster APIs which are optionally-managed - by the operator, such as cluster LDAP configuration. Most other - APIs are automatically managed by the operator, and are not listed - here. - properties: - ldap: - description: Indicate whether cluster LDAP configuration is managed - by the operator. When this is enabled, the operator will reconcile - the cluster LDAP configuration according to the '.spec.ldap' - field in the RedisEnterpriseCluster resource. - type: boolean - type: object - ingressOrRouteMethodStatus: - description: The ingressOrRouteSpec/ActiveActive spec method that exist - type: string - persistenceStatus: - description: The status of the Persistent Volume Claims that are used - for Redis Enterprise Cluster persistence. The status will correspond - to the status of one or more of the PVCs (failed/resizing if one of - them is in resize or failed to resize) - properties: - status: - description: The current status of the PVCs - type: string - succeeded: - description: The number of PVCs that are provisioned with the expected size - type: string - type: object - redisEnterpriseIPFamily: - type: string - spec: - description: RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster - properties: - activeActive: - description: Specification for ActiveActive setup. At most one of - ingressOrRouteSpec or activeActive fields can be set at the same - time. - properties: - apiIngressUrl: - description: RS API URL - type: string - dbIngressSuffix: - description: DB ENDPOINT SUFFIX - will be used to set the db host. - ingress Creates a host name so it - should be unique if more than one db is created on the cluster - with the same name - type: string - ingressAnnotations: - additionalProperties: - type: string - description: Used for ingress controllers such as ha-proxy or nginx - in GKE - type: object - method: - description: Used to distinguish between different platforms implementation - enum: - - openShiftRoute - - ingress - type: string - required: - - apiIngressUrl - - dbIngressSuffix - - method - type: object - antiAffinityAdditionalTopologyKeys: - description: Additional antiAffinity terms in order to support installation - on different zones/vcenters - items: - type: string - type: array - bootstrapperImageSpec: - description: Specification for Bootstrapper container image - properties: - digestHash: - description: 'The digest hash of the container image to pull. - When specified, the container image is pulled according to the - digest hash instead of the image tag. The versionTag field must - also be specified with the image tag matching this digest hash. - Note: This field is only supported for OLM deployments.' - type: string - imagePullPolicy: - description: The image pull policy to be applied to the container - image. One of Always, Never, IfNotPresent. - type: string - repository: - description: The repository (name) of the container image to be - deployed. - type: string - versionTag: - description: The tag of the container image to be deployed. - type: string - type: object - bootstrapperResources: - description: Compute resource requirements for bootstrapper containers - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - clusterCredentialSecretName: - description: Secret Name/Path to use for Cluster Credentials. To be - used only if ClusterCredentialSecretType is vault. If left blank, - will use cluster name. - type: string - clusterCredentialSecretRole: - description: Used only if ClusterCredentialSecretType is vault, to define - vault role to be used. If blank, defaults to "redis-enterprise-operator" - type: string - clusterCredentialSecretType: - description: Type of Secret to use for ClusterCredential, Vault, Kuberetes,... - If left blank, will default ot kubernetes secrets - enum: - - vault - - kubernetes - type: string - clusterRecovery: - description: ClusterRecovery initiates cluster recovery when set to - true. Note that this field is cleared automatically after the cluster - is recovered - type: boolean - redisEnterpriseIPFamily: - description: Reserved, future use, only for use if instructed by Redis. - IPFamily dictates what IP family to choose for pods' internal - and external communication. - type: string - enum: - - IPv4 - - IPv6 - containerTimezone: - description: Container timezone configuration. While the default timezone - on all containers is UTC, this setting can be used to set the timezone - on services rigger/bootstrapper/RS containers. You can either propagate - the hosts timezone to RS pods or set it manually via timezoneName. - properties: - propagateHost: - description: Identifies that container timezone should be in sync with the host, this - option mounts a hostPath volume onto RS pods that could be restricted in some systems. - type: object - timezoneName: - description: POSIX-style timezone name as a string to be passed as EnvVar to RE pods, e.g. "Europe/London". - type: string - type: object - createServiceAccount: - description: Whether to create service account - type: boolean - dataInternodeEncryption: - description: Internode encryption (INE) cluster wide policy. An optional boolean setting. - Specifies if INE should be on/off for new created REDBs. - May be overridden for specific REDB via similar setting, - please view the similar setting for REDB for more info. - type: boolean - encryptPkeys: - description: 'Private key encryption Possible values: true/false' - type: boolean - certificates: - description: RS Cluster Certificates. - Used to modify the certificates used by the cluster. - See the "RSClusterCertificates" struct described above to see the supported certificates. - properties: - apiCertificateSecretName: - description: Secret name to use for cluster's API certificate. - If left blank, a cluster-provided certificate will be used. - type: string - cmCertificateSecretName: - description: Secret name to use for cluster's CM (Cluster Manager) certificate. - If left blank, a cluster-provided certificate will be used. - type: string - metricsExporterCertificateSecretName: - description: Secret name to use for cluster's Metrics Exporter certificate. - If left blank, a cluster-provided certificate will be used. - type: string - proxyCertificateSecretName: - description: Secret name to use for cluster's Proxy certificate. - If left blank, a cluster-provided certificate will be used. - type: string - syncerCertificateSecretName: - description: Secret name to use for cluster's Syncer certificate. - If left blank, a cluster-provided certificate will be used. - type: string - ldapClientCertificateSecretName: - description: Secret name to use for cluster's LDAP client certificate. - If left blank, LDAP client certificate authentication will be disabled. - type: string - type: object - enforceIPv4: - description: Sets ENFORCE_IPV4 environment variable - type: boolean - extraEnvVars: - description: 'ADVANCED USAGE: use carefully. Add environment variables - to RS StatefulSet''s containers.' - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - extraLabels: - additionalProperties: - type: string - description: Labels that the user defines for their convenience - type: object - hostAliases: - description: Adds hostAliases entries to the Redis Enterprise pods - items: - description: HostAlias holds the mapping between IP and hostnames - that will be injected as an entry in the pod's hosts file. - properties: - hostnames: - description: Hostnames for the above IP address. - items: - type: string - type: array - ip: - description: IP address of the host file entry. - type: string - type: object - type: array - ingressOrRouteSpec: - description: Access configurations for the Redis Enterprise Cluster - and Databases. At most one of ingressOrRouteSpec - or activeActive fields can be set at the same time. - properties: - apiFqdnUrl: - description: RS API URL - type: string - dbFqdnSuffix: - description: DB ENDPOINT SUFFIX - will be used to set the db host - ingress . Creates a host name so it - should be unique if more than one db is created on the cluster - with the same name - type: string - ingressAnnotations: - additionalProperties: - type: string - description: Additional annotations to set on ingress resources - created by the operator - type: object - method: - description: Used to distinguish between different platforms implementation. - enum: - - openShiftRoute - - ingress - - istio - type: string - required: - - apiFqdnUrl - - dbFqdnSuffix - - method - type: object - services: - description: Customization options for operator-managed service resources - created for Redis Enterprise clusters and databases - properties: - apiService: - description: Customization options for the REC API service. - properties: - type: - description: Type of service to create for the REC API service. - Defaults to ClusterIP service, if not specified otherwise. - enum: - - ClusterIP - - NodePort - - LoadBalancer - type: string - type: object - servicesAnnotations: - additionalProperties: - type: string - description: Global additional annotations to set on service resources - created by the operator. - The specified annotations will not override annotations that already exist and didn't originate from the operator. - type: object - type: object - ldap: - description: Cluster-level LDAP configuration, such as server addresses, - protocol, authentication and query settings. - properties: - authenticationQuery: - description: Configuration of authentication queries, mapping - between the username, provided to the cluster for authentication, - and the LDAP Distinguished Name. - properties: - query: - description: Configuration for a search query. Mutually exclusive - with the 'template' field. The substring '%u' in the query - filter will be replaced with the username. - properties: - base: - description: The Distinguished Name of the entry at which - to start the search, e.g., 'ou=dev,dc=example,dc=com'. - type: string - filter: - description: An RFC-4515 string representation of the - filter to apply in the search. For an authentication - query, the substring '%u' will be replaced with the - username, e.g., '(cn=%u)'. For an authorization query, - the substring '%D' will be replaced with the user's - Distinguished Name, e.g., '(members=%D)'. - type: string - scope: - description: 'The search scope for an LDAP query. One - of: BaseObject, SingleLevel, WholeSubtree' - enum: - - BaseObject - - SingleLevel - - WholeSubtree - type: string - required: - - base - - filter - - scope - type: object - template: - description: Configuration for a template query. Mutually - exclusive with the 'query' field. The substring '%u' will - be replaced with the username, e.g., 'cn=%u,ou=dev,dc=example,dc=com'. - type: string - type: object - authorizationQuery: - description: Configuration of authorization queries, mapping between - a user's Distinguished Name and its group memberships. - properties: - attribute: - description: Configuration for an attribute query. Mutually - exclusive with the 'query' field. Holds the name of an attribute - of the LDAP user entity that contains a list of the groups - that the user belongs to, e.g., 'memberOf'. - type: string - query: - description: Configuration for a search query. Mutually exclusive - with the 'attribute' field. The substring '%D' in the query - filter will be replaced with the user's Distinguished Name. - properties: - base: - description: The Distinguished Name of the entry at which - to start the search, e.g., 'ou=dev,dc=example,dc=com'. - type: string - filter: - description: An RFC-4515 string representation of the - filter to apply in the search. For an authentication - query, the substring '%u' will be replaced with the - username, e.g., '(cn=%u)'. For an authorization query, - the substring '%D' will be replaced with the user's - Distinguished Name, e.g., '(members=%D)'. - type: string - scope: - description: 'The search scope for an LDAP query. One - of: BaseObject, SingleLevel, WholeSubtree' - enum: - - BaseObject - - SingleLevel - - WholeSubtree - type: string - required: - - base - - filter - - scope - type: object - type: object - bindCredentialsSecretName: - description: Name of a secret within the same namespace, holding - the credentials used to communicate with the LDAP server for - authentication queries. The secret must have a key named 'dn' - with the Distinguished Name of the user to execute the query, - and 'password' with its password. If left blank, credentials-based - authentication is disabled. - type: string - caCertificateSecretName: - description: Name of a secret within the same namespace, holding - a PEM-encoded CA certificate for validating the TLS connection - to the LDAP server. The secret must have a key named 'cert' - with the certificate data. This field is applicable only when - the protocol is LDAPS or STARTTLS. - type: string - cacheTTLSeconds: - description: The maximum TTL of cached entries. - type: integer - enabledForControlPlane: - description: Whether to enable LDAP for control plane access. - Disabled by default. - type: boolean - enabledForDataPlane: - description: Whether to enable LDAP for data plane access. Disabled - by default. - type: boolean - protocol: - description: 'Specifies the LDAP protocol to use. One of: LDAP, - LDAPS, STARTTLS.' - enum: - - LDAP - - LDAPS - - STARTTLS - type: string - servers: - description: One or more LDAP servers. If multiple servers are - specified, they must all share an identical organization tree - structure. - items: - description: Address of an LDAP server. - properties: - host: - description: Host name of the LDAP server - type: string - port: - description: Port number of the LDAP server. If unspecified, - defaults to 389 for LDAP and STARTTLS protocols, and 636 - for LDAPS protocol. - format: int32 - type: integer - required: - - host - type: object - type: array - required: - - authenticationQuery - - authorizationQuery - - protocol - - servers - type: object - license: - description: Redis Enterprise License - type: string - licenseSecretName: - description: K8s secret or Vault Secret Name/Path to use for Cluster - License. When left blank, the license is read from the "license" field. - Note that you can't specify non-empty values in both "license" and - "licenseSecretName", only one of these fields can be used to pass - the license string. The license needs to be stored under the key "license". - type: string - nodeSelector: - additionalProperties: - type: string - description: Selector for nodes that could fit Redis Enterprise pod - type: object - ocspConfiguration: - description: An API object that represents the cluster's OCSP configuration. - To enable OCSP, the cluster's proxy certificate should contain the - OCSP responder URL. - properties: - ocspFunctionality: - description: Whether to enable/disable OCSP mechanism for the cluster. - type: boolean - queryFrequency: - description: Determines the interval (in seconds) in which the control - plane will poll the OCSP responder for a new status for the server - certificate. Minimum value is 60. Maximum value is 86400. - type: integer - recoveryFrequency: - description: Determines the interval (in seconds) in which the control - plane will poll the OCSP responder for a new status for the server - certificate when the current staple is invalid. Minimum value - is 60. Maximum value is 86400. - type: integer - recoveryMaxTries: - description: Determines the maximum number for the OCSP recovery - attempts. After max number of tries passed, the control plane - will revert back to the regular frequency. Minimum value is 1. - Maximum value is 100. - type: integer - responseTimeout: - description: Determines the time interval (in seconds) for which - the request waits for a response from the OCSP responder. Minimum - value is 1. Maximum value is 60. - type: integer - type: object - nodes: - description: Number of Redis Enterprise nodes (pods) - format: int32 - type: integer - persistentSpec: - description: Specification for Redis Enterprise Cluster persistence - properties: - enablePersistentVolumeResize: - description: Whether to enable PersistentVolumes resize. Disabled - by default. Read the instruction in pvc_expansion readme carefully - before using this feature. - type: boolean - enabled: - description: Whether to add persistent volume to Redis Enterprise - pods - type: boolean - storageClassName: - description: Storage class for persistent volume in Redis Enterprise - pods. Leave empty to use the default. If using the default this - way, make sure the Kubernetes Cluster has a default Storage Class - configured. This can be done by running a `kubectl get storageclass` - and see if one of the Storage Classes' names contains a `(default)` - mark. - type: string - volumeSize: - anyOf: - - type: integer - - type: string - description: To enable resizing after creating the cluster - please - follow the instructions in the pvc_expansion readme - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - podAnnotations: - additionalProperties: - type: string - description: annotations for the service rigger and redis enterprise pods - type: object - redisEnterprisePodAnnotations: - additionalProperties: - type: string - description: annotations for redis enterprise pod - type: object - podAntiAffinity: - description: 'Override for the default anti-affinity rules of the Redis - Enterprise pods. - More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#an-example-of-a-pod-that-uses-pod-affinity' - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podSecurityPolicyName: - description: "DEPRECATED PodSecurityPolicy support is removed in Kubernetes - v1.25 and the use of this field is invalid for use when running - on Kubernetes v1.25+. Future versions of the RedisEnterpriseCluster - API will remove support for this field altogether. For migration - instructions, see https://kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp/ - \n Name of pod security policy to use on pods" - type: string - podStartingPolicy: - description: Mitigation setting for STS pods stuck in "ContainerCreating" - properties: - enabled: - description: Whether to detect and attempt to mitigate pod startup - issues - type: boolean - startingThresholdSeconds: - description: Time in seconds to wait for a pod to be stuck while - starting up before action is taken. If set to 0, will be treated - as if disabled. - format: int32 - type: integer - required: - - enabled - - startingThresholdSeconds - type: object - podTolerations: - description: 'Tolerations that are added to all managed pods. More - information: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/' - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - priorityClassName: - description: Adds the priority class to pods managed by the operator - type: string - pullSecrets: - description: 'PullSecrets is an optional list of references to secrets - in the same namespace to use for pulling any of the images. If specified, - these secrets will be passed to individual puller implementations - for them to use. More info: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/' - items: - properties: - name: - description: 'Secret name' - type: string - type: object - type: array - rackAwarenessNodeLabel: - description: Node label that specifies rack ID - if specified, will - create rack aware cluster. Rack awareness requires node label must - exist on all nodes. Additionally, operator needs a special cluster - role with permission to list nodes. - type: string - redisEnterpriseAdditionalPodSpecAttributes: - description: ADVANCED USAGE USE AT YOUR OWN RISK - specify pod attributes - that are required for the statefulset - Redis Enterprise pods. Pod - attributes managed by the operator might override these settings. - Also make sure the attributes are supported by the K8s version running - on the cluster - the operator does not validate that. - properties: - activeDeadlineSeconds: - format: int64 - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - type: boolean - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enableServiceLinks: - type: boolean - ephemeralContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - targetContainerName: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - hostAliases: - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - hostIPC: - type: boolean - hostNetwork: - type: boolean - hostPID: - type: boolean - hostUsers: - type: boolean - hostname: - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - type: array - initContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - nodeName: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - os: - properties: - name: - type: string - required: - - name - type: object - overhead: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - preemptionPolicy: - type: string - priority: - format: int32 - type: integer - priorityClassName: - type: string - readinessGates: - items: - properties: - conditionType: - type: string - required: - - conditionType - type: object - type: array - resourceClaims: - items: - properties: - name: - type: string - source: - properties: - resourceClaimName: - type: string - resourceClaimTemplateName: - type: string - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - restartPolicy: - type: string - runtimeClassName: - type: string - schedulerName: - type: string - schedulingGates: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - serviceAccount: - type: string - serviceAccountName: - type: string - setHostnameAsFQDN: - type: boolean - shareProcessNamespace: - type: boolean - subdomain: - type: string - terminationGracePeriodSeconds: - format: int64 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - topologySpreadConstraints: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - format: int32 - type: integer - minDomains: - format: int32 - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - redisEnterpriseImageSpec: - description: Specification for Redis Enterprise container image - properties: - digestHash: - description: 'The digest hash of the container image to pull. - When specified, the container image is pulled according to the - digest hash instead of the image tag. The versionTag field must - also be specified with the image tag matching this digest hash. - Note: This field is only supported for OLM deployments.' - type: string - imagePullPolicy: - description: The image pull policy to be applied to the container - image. One of Always, Never, IfNotPresent. - type: string - repository: - description: The repository (name) of the container image to be - deployed. - type: string - versionTag: - description: The tag of the container image to be deployed. - type: string - type: object - redisEnterpriseNodeResources: - description: Compute resource requirements for Redis Enterprise containers - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - redisEnterpriseServicesConfiguration: - description: RS Cluster optional services settings - properties: - cmServer: - properties: - operatingMode: - description: Whether to enable/disable the CM server - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - crdbCoordinator: - properties: - operatingMode: - description: Whether to enable/disable the crdb coordinator - process - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - crdbWorker: - properties: - operatingMode: - description: Whether to enable/disable the crdb worker processes - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - mdnsServer: - properties: - operatingMode: - description: Whether to enable/disable the Multicast DNS server - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - pdnsServer: - properties: - operatingMode: - description: Whether to enable/disable the pdns server - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - saslauthd: - properties: - operatingMode: - description: Whether to enable/disable the saslauthd service - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - statsArchiver: - properties: - operatingMode: - description: Whether to enable/disable the stats archiver service - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - type: object - redisEnterpriseServicesRiggerImageSpec: - description: Specification for Services Rigger container image - properties: - digestHash: - description: 'The digest hash of the container image to pull. - When specified, the container image is pulled according to the - digest hash instead of the image tag. The versionTag field must - also be specified with the image tag matching this digest hash. - Note: This field is only supported for OLM deployments.' - type: string - imagePullPolicy: - description: The image pull policy to be applied to the container - image. One of Always, Never, IfNotPresent. - type: string - repository: - description: The repository (name) of the container image to be - deployed. - type: string - versionTag: - description: The tag of the container image to be deployed. - type: string - type: object - redisEnterpriseServicesRiggerResources: - description: Compute resource requirements for Services Rigger pod - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - redisEnterpriseTerminationGracePeriodSeconds: - description: The TerminationGracePeriodSeconds value for the (STS created) REC pods - format: int64 - type: integer - redisEnterpriseVolumeMounts: - description: 'additional volume mounts within the redis enterprise containers. - More info: https://kubernetes.io/docs/concepts/storage/volumes/' - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - redisUpgradePolicy: - description: 'Redis upgrade policy to be set on the Redis Enterprise - Cluster. Possible values: major/latest This value is used by the cluster - to choose the Redis version of the database when an upgrade is performed. - The Redis Enterprise Cluster includes multiple versions of OSS Redis - that can be used for databases.' - enum: - - major - - latest - type: string - resp3Default: - description: Whether databases will turn on RESP3 compatibility upon - database upgrade. Note - Deleting this property after explicitly - setting its value shall have no effect. Please view the corresponding - field in RS doc for more info. - type: boolean - backup: - description: Cluster-wide backup configurations - properties: - s3: - description: Configurations for backups to s3 and s3-compatible - storage - properties: - caCertificateSecretName: - description: Secret name that holds the S3 CA certificate, which contains the TLS certificate mapped to the key in the secret 'cert' - type: string - url: - description: Specifies the URL for S3 export and import - type: string - type: object - type: object - serviceAccountName: - description: Name of the service account to use - type: string - servicesRiggerSpec: - description: Specification for service rigger - properties: - databaseServiceType: - description: Service types for access to databases. should be a - comma separated list. The possible values are cluster_ip, headless - and load_balancer. - type: string - extraEnvVars: - items: - description: 'EnvVar represents an environment variable present - in a Container. - More info: https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/' - properties: - name: - description: Name of the environment variable. - type: string - value: - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: Name of the referent - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: Selects a field of the pod - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: Name of the referent - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - serviceNaming: - description: Used to determine how to name the services created automatically when a database is created. - When bdb_name is used, the database name will be also used for the service name. - When redis-port is used, the service will be named redis-. - enum: - - bdb_name - - redis-port - type: string - servicesRiggerAdditionalPodSpecAttributes: - description: ADVANCED USAGE USE AT YOUR OWN RISK - specify pod attributes - that are required for the rigger deployment pod. Pod attributes - managed by the operator might override these settings (Containers, - serviceAccountName, podTolerations, ImagePullSecrets, nodeSelector, - PriorityClassName, PodSecurityContext). Also make sure the attributes are supported - by the K8s version running on the cluster - the operator does - not validate that. - properties: - activeDeadlineSeconds: - format: int64 - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - type: boolean - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enableServiceLinks: - type: boolean - ephemeralContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - targetContainerName: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - hostAliases: - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - hostIPC: - type: boolean - hostNetwork: - type: boolean - hostPID: - type: boolean - hostUsers: - type: boolean - hostname: - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - type: array - initContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - nodeName: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - os: - properties: - name: - type: string - required: - - name - type: object - overhead: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - preemptionPolicy: - type: string - priority: - format: int32 - type: integer - priorityClassName: - type: string - readinessGates: - items: - properties: - conditionType: - type: string - required: - - conditionType - type: object - type: array - resourceClaims: - items: - properties: - name: - type: string - source: - properties: - resourceClaimName: - type: string - resourceClaimTemplateName: - type: string - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - restartPolicy: - type: string - runtimeClassName: - type: string - schedulerName: - type: string - schedulingGates: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - serviceAccount: - type: string - serviceAccountName: - type: string - setHostnameAsFQDN: - type: boolean - shareProcessNamespace: - type: boolean - subdomain: - type: string - terminationGracePeriodSeconds: - format: int64 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - topologySpreadConstraints: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - format: int32 - type: integer - minDomains: - format: int32 - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - podAnnotations: - additionalProperties: - type: string - description: annotations for the service rigger pod - type: object - type: object - sideContainersSpec: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - slaveHA: - description: Slave high availability mechanism configuration. - properties: - slaveHAGracePeriod: - description: Time in seconds between when a node fails, and when - slave high availability mechanism starts relocating shards. If - set to 0, will not affect cluster configuration. - format: int32 - type: integer - required: - - slaveHAGracePeriod - type: object - uiAnnotations: - additionalProperties: - type: string - description: Annotations for Redis Enterprise UI service. - This annotations will override the overlapping global annotations set under spec.services.servicesAnnotations - The specified annotations will not override annotations that already exist and didn't originate from the operator, - except for the 'redis.io/last-keys' annotation which is reserved. - type: object - uiServiceType: - description: Type of service used to expose Redis Enterprise UI (https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) - enum: - - ClusterIP - - NodePort - - LoadBalancer - - ExternalName - type: string - redisOnFlashSpec: - description: Stores configurations specific to redis on flash. If provided, the cluster will be capable of - creating redis on flash databases. - properties: - enabled: - type: boolean - flashStorageEngine: - type: string - enum: - - rocksdb - storageClassName: - type: string - flashDiskSize: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - bigStoreDriver: - type: string - enum: - - rocksdb - - speedb - required: - - enabled - - storageClassName - type: object - upgradeSpec: - description: Specification for upgrades of Redis Enterprise - properties: - autoUpgradeRedisEnterprise: - description: Whether to upgrade Redis Enterprise automatically when - operator is upgraded - type: boolean - required: - - autoUpgradeRedisEnterprise - type: object - username: - description: Username for the admin user of Redis Enterprise - type: string - vaultCASecret: - description: K8s secret name containing Vault's CA cert - defaults to - "vault-ca-cert" - type: string - volumes: - description: additional volumes - items: - description: 'Volume represents a named volume in a pod that may be - accessed by any container in the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes' - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - type: object - - name: v1alpha1 - additionalPrinterColumns: - - jsonPath: .spec.nodes - name: Nodes - type: string - - jsonPath: .spec.redisEnterpriseImageSpec.versionTag - name: Version - type: string - - jsonPath: .status.state - name: State - type: string - - jsonPath: .status.specStatus - name: Spec Status - type: string - - jsonPath: .status.licenseStatus.licenseState - name: License State - type: string - - jsonPath: .status.licenseStatus.shardsLimit - name: Shards Limit - type: string - - jsonPath: .status.licenseStatus.expirationDate - name: License Expiration Date - type: string - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - status: - type: object - properties: - specStatus: - type: string - state: - type: string - modules: - type: array - items: - type: object - properties: - name: - type: string - displayName: - type: string - versions: - type: array - items: - type: string - ocspStatus: - properties: - certStatus: - type: string - nextUpdate: - type: string - producedAt: - type: string - responderUrl: - type: string - revocationTime: - type: string - thisUpdate: - type: string - type: object - licenseStatus: - type: object - properties: - licenseState: - type: string - activationDate: - type: string - expirationDate: - type: string - shardsLimit: - type: integer - bundledDatabaseVersions: - items: - properties: - dbType: - type: string - version: - type: string - major: - type: boolean - required: - - dbType - - version - type: object - type: array - ingressOrRouteMethodStatus: - type: string - managedAPIs: - properties: - ldap: - type: boolean - type: object - persistenceStatus: - properties: - status: - type: string - succeeded: - type: string - type: object - redisEnterpriseIPFamily: - type: string - spec: - properties: - activeActive: - properties: - apiIngressUrl: - type: string - dbIngressSuffix: - type: string - ingressAnnotations: - additionalProperties: - type: string - type: object - method: - enum: - - openShiftRoute - - ingress - - istio - type: string - required: - - apiIngressUrl - - dbIngressSuffix - - method - type: object - antiAffinityAdditionalTopologyKeys: - items: - type: string - type: array - bootstrapperImageSpec: - properties: - digestHash: - type: string - imagePullPolicy: - type: string - repository: - type: string - versionTag: - type: string - type: object - bootstrapperResources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - clusterCredentialSecretName: - type: string - clusterCredentialSecretRole: - type: string - clusterCredentialSecretType: - enum: - - vault - - kubernetes - type: string - clusterRecovery: - type: boolean - redisEnterpriseIPFamily: - type: string - enum: - - IPv4 - - IPv6 - containerTimezone: - properties: - propagateHost: - type: object - timezoneName: - type: string - type: object - createServiceAccount: - type: boolean - dataInternodeEncryption: - type: boolean - encryptPkeys: - type: boolean - certificates: - properties: - apiCertificateSecretName: - type: string - cmCertificateSecretName: - type: string - metricsExporterCertificateSecretName: - type: string - proxyCertificateSecretName: - type: string - syncerCertificateSecretName: - type: string - ldapClientCertificateSecretName: - type: string - type: object - enforceIPv4: - type: boolean - extraEnvVars: - description: 'ADVANCED USAGE: use carefully. Add environment variables - to RS StatefulSet''s containers.' - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - extraLabels: - additionalProperties: - type: string - type: object - hostAliases: - description: Adds hostAliases entries to the Redis Enterprise pods - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - ingressOrRouteSpec: - properties: - apiFqdnUrl: - type: string - dbFqdnSuffix: - type: string - ingressAnnotations: - additionalProperties: - type: string - type: object - method: - enum: - - openShiftRoute - - ingress - - istio - type: string - required: - - apiFqdnUrl - - dbFqdnSuffix - - method - type: object - services: - properties: - apiService: - properties: - type: - enum: - - ClusterIP - - NodePort - - LoadBalancer - type: string - type: object - servicesAnnotations: - additionalProperties: - type: string - type: object - type: object - ldap: - properties: - authenticationQuery: - properties: - query: - properties: - base: - type: string - filter: - type: string - scope: - enum: - - BaseObject - - SingleLevel - - WholeSubtree - type: string - required: - - base - - filter - - scope - type: object - template: - type: string - type: object - authorizationQuery: - properties: - attribute: - type: string - query: - properties: - base: - type: string - filter: - type: string - scope: - enum: - - BaseObject - - SingleLevel - - WholeSubtree - type: string - required: - - base - - filter - - scope - type: object - type: object - bindCredentialsSecretName: - type: string - caCertificateSecretName: - type: string - cacheTTLSeconds: - type: integer - enabledForControlPlane: - type: boolean - enabledForDataPlane: - type: boolean - protocol: - enum: - - LDAP - - LDAPS - - STARTTLS - type: string - servers: - items: - properties: - host: - type: string - port: - format: int32 - type: integer - required: - - host - type: object - type: array - required: - - authenticationQuery - - authorizationQuery - - protocol - - servers - type: object - license: - type: string - licenseSecretName: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - ocspConfiguration: - properties: - ocspFunctionality: - type: boolean - queryFrequency: - type: integer - recoveryFrequency: - type: integer - recoveryMaxTries: - type: integer - responseTimeout: - type: integer - type: object - nodes: - format: int32 - type: integer - persistentSpec: - properties: - enablePersistentVolumeResize: - type: boolean - enabled: - type: boolean - storageClassName: - type: string - volumeSize: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - podAnnotations: - additionalProperties: - type: string - description: annotations for the service rigger and redis enterprise pods - type: object - redisEnterprisePodAnnotations: - additionalProperties: - type: string - description: annotations for redis enterprise pod - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podSecurityPolicyName: - type: string - podStartingPolicy: - properties: - enabled: - type: boolean - startingThresholdSeconds: - format: int32 - type: integer - required: - - enabled - - startingThresholdSeconds - type: object - podTolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - priorityClassName: - type: string - pullSecrets: - items: - properties: - name: - type: string - type: object - type: array - rackAwarenessNodeLabel: - type: string - redisEnterpriseAdditionalPodSpecAttributes: - properties: - activeDeadlineSeconds: - format: int64 - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - type: boolean - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enableServiceLinks: - type: boolean - ephemeralContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - targetContainerName: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - hostAliases: - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - hostIPC: - type: boolean - hostNetwork: - type: boolean - hostPID: - type: boolean - hostUsers: - type: boolean - hostname: - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - type: array - initContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - nodeName: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - os: - properties: - name: - type: string - required: - - name - type: object - overhead: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - preemptionPolicy: - type: string - priority: - format: int32 - type: integer - priorityClassName: - type: string - readinessGates: - items: - properties: - conditionType: - type: string - required: - - conditionType - type: object - type: array - resourceClaims: - items: - properties: - name: - type: string - source: - properties: - resourceClaimName: - type: string - resourceClaimTemplateName: - type: string - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - restartPolicy: - type: string - runtimeClassName: - type: string - schedulerName: - type: string - schedulingGates: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - serviceAccount: - type: string - serviceAccountName: - type: string - setHostnameAsFQDN: - type: boolean - shareProcessNamespace: - type: boolean - subdomain: - type: string - terminationGracePeriodSeconds: - format: int64 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - topologySpreadConstraints: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - format: int32 - type: integer - minDomains: - format: int32 - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - redisEnterpriseImageSpec: - properties: - digestHash: - type: string - imagePullPolicy: - type: string - repository: - type: string - versionTag: - type: string - type: object - redisEnterpriseNodeResources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - redisEnterpriseServicesConfiguration: - properties: - cmServer: - properties: - operatingMode: - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - crdbCoordinator: - properties: - operatingMode: - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - crdbWorker: - properties: - operatingMode: - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - mdnsServer: - properties: - operatingMode: - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - pdnsServer: - properties: - operatingMode: - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - saslauthd: - properties: - operatingMode: - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - statsArchiver: - properties: - operatingMode: - enum: - - enabled - - disabled - type: string - required: - - operatingMode - type: object - type: object - redisEnterpriseServicesRiggerImageSpec: - properties: - digestHash: - type: string - imagePullPolicy: - type: string - repository: - type: string - versionTag: - type: string - type: object - redisEnterpriseServicesRiggerResources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - redisEnterpriseTerminationGracePeriodSeconds: - format: int64 - type: integer - redisEnterpriseVolumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - redisUpgradePolicy: - enum: - - major - - latest - type: string - resp3Default: - type: boolean - backup: - properties: - s3: - properties: - caCertificateSecretName: - type: string - url: - type: string - type: object - type: object - serviceAccountName: - type: string - servicesRiggerSpec: - properties: - databaseServiceType: - type: string - extraEnvVars: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - serviceNaming: - description: Used to determine how to name the services created automatically when a database is created. - When bdb_name is used, the database name will be also used for the service name. - When redis-port is used, the service will be named redis-. - enum: - - bdb_name - - redis-port - type: string - servicesRiggerAdditionalPodSpecAttributes: - properties: - activeDeadlineSeconds: - format: int64 - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - type: boolean - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enableServiceLinks: - type: boolean - ephemeralContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - targetContainerName: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - hostAliases: - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - hostIPC: - type: boolean - hostNetwork: - type: boolean - hostPID: - type: boolean - hostUsers: - type: boolean - hostname: - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - type: array - initContainers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - nodeName: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - x-kubernetes-map-type: atomic - os: - properties: - name: - type: string - required: - - name - type: object - overhead: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - preemptionPolicy: - type: string - priority: - format: int32 - type: integer - priorityClassName: - type: string - readinessGates: - items: - properties: - conditionType: - type: string - required: - - conditionType - type: object - type: array - resourceClaims: - items: - properties: - name: - type: string - source: - properties: - resourceClaimName: - type: string - resourceClaimTemplateName: - type: string - type: object - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - restartPolicy: - type: string - runtimeClassName: - type: string - schedulerName: - type: string - schedulingGates: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - serviceAccount: - type: string - serviceAccountName: - type: string - setHostnameAsFQDN: - type: boolean - shareProcessNamespace: - type: boolean - subdomain: - type: string - terminationGracePeriodSeconds: - format: int64 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - topologySpreadConstraints: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - matchLabelKeys: - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - format: int32 - type: integer - minDomains: - format: int32 - type: integer - nodeAffinityPolicy: - type: string - nodeTaintsPolicy: - type: string - topologyKey: - type: string - whenUnsatisfiable: - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - podAnnotations: - additionalProperties: - type: string - description: annotations for the service rigger pod - type: object - type: object - sideContainersSpec: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: set - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - hostProcess: - type: boolean - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - grpc: - properties: - port: - format: int32 - type: integer - service: - type: string - required: - - port - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - slaveHA: - properties: - slaveHAGracePeriod: - format: int32 - type: integer - required: - - slaveHAGracePeriod - type: object - uiAnnotations: - additionalProperties: - type: string - type: object - uiServiceType: - enum: - - ClusterIP - - NodePort - - LoadBalancer - - ExternalName - type: string - redisOnFlashSpec: - properties: - enabled: - type: boolean - flashStorageEngine: - type: string - enum: - - rocksdb - storageClassName: - type: string - flashDiskSize: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - bigStoreDriver: - type: string - enum: - - rocksdb - - speedb - required: - - enabled - - storageClassName - type: object - upgradeSpec: - properties: - autoUpgradeRedisEnterprise: - type: boolean - required: - - autoUpgradeRedisEnterprise - type: object - username: - type: string - vaultCASecret: - type: string - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - type: object ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: redisenterprisedatabases.app.redislabs.com - labels: - app: redis-enterprise -spec: - group: app.redislabs.com - names: - kind: RedisEnterpriseDatabase - listKind: RedisEnterpriseDatabaseList - plural: redisenterprisedatabases - singular: redisenterprisedatabase - shortNames: - - redb - scope: Namespaced - preserveUnknownFields: false - versions: - - name: v1alpha1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .status.version - name: Version - type: string - - jsonPath: .status.internalEndpoints[*].port - name: Port - type: string - - jsonPath: .status.redisEnterpriseCluster - name: Cluster - type: string - - jsonPath: .status.shardStatuses.active - name: Shards - type: string - - jsonPath: .status.status - name: Status - type: string - - jsonPath: .status.specStatus - name: Spec Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - subresources: - status: {} - schema: - openAPIV3Schema: - description: RedisEnterpriseDatabase is the Schema for the redisenterprisedatabases - API - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - description: RedisEnterpriseDatabaseSpec defines the desired state of RedisEnterpriseDatabase - properties: - alertSettings: - description: Settings for database alerts - properties: - bdb_backup_delayed: - description: "Periodic backup has been delayed for longer than specified threshold value [minutes]. - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_crdt_src_high_syncer_lag: - description: "Active-active source - sync lag is higher than specified threshold value [seconds] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_crdt_src_syncer_connection_error: - description: "Active-active source - sync has connection error while trying to connect replica source - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_crdt_src_syncer_general_error: - description: "Active-active source - sync encountered in general error - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_high_latency: - description: "Latency is higher than specified threshold value [micro-sec] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_high_throughput: - description: "Throughput is higher than specified threshold value [requests / sec.] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_long_running_action: - description: "An alert for state-machines that are running for too long - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_low_throughput: - description: "Throughput is lower than specified threshold value [requests / sec.] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_ram_dataset_overhead: - description: "Dataset RAM overhead of a shard has reached the threshold value [% of its RAM limit] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_ram_values: - description: "Percent of values kept in a shard's RAM is lower than [% of its key count] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_replica_src_high_syncer_lag: - description: "Replica-of source - sync lag is higher than specified threshold value [seconds] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_replica_src_syncer_connection_error: - description: "Replica-of source - sync has connection error while trying to connect replica source - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_shard_num_ram_values: - description: "Number of values kept in a shard's RAM is lower than [values] - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - bdb_size: - description: "Dataset size has reached the threshold value [% of the memory limit] expected fields: - -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" - properties: - enabled: - description: Alert enabled or disabled - type: boolean - # threshold: - # description: Threshold for alert going on/off - # type: string - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - backup: - description: Target for automatic database backups. - properties: - abs: - properties: - absSecretName: - description: The name of the K8s secret that holds ABS credentials. - The secret must contain the keys "AccountName" and "AccountKey", - and these must hold the corresponding credentials - type: string - container: - description: Azure Blob Storage container name. - type: string - subdir: - description: Optional. Azure Blob Storage subdir under container. - type: string - required: - - absSecretName - - container - type: object - ftp: - properties: - url: - description: "a URI of the ftps://[USER[:PASSWORD]@]HOST[:PORT]/PATH[/]" - type: string - pattern: ftps?://(([^@]+)@)?([^@/:]+)(:(\d+))?([/\.]/?[^@/\.]+)*?/?$ - required: - - url - type: object - gcs: - description: GoogleStorage - properties: - bucketName: - description: Google Storage bucket name. - type: string - gcsSecretName: - description: The name of the K8s secret that holds the Google - Cloud Storage credentials. The secret must contain the keys - "CLIENT_ID", "PRIVATE_KEY", "PRIVATE_KEY_ID", "CLIENT_EMAIL" - and these must hold the corresponding credentials. The keys - should correspond to the values in the key JSON. - type: string - subdir: - description: Optional. Google Storage subdir under bucket. - type: string - required: - - bucketName - - gcsSecretName - type: object - interval: - description: Backup Interval in seconds - type: integer - mount: - description: MountPointStorage - properties: - path: - description: Path to the local mount point. You must create - the mount point on all nodes, and the redislabs:redislabs - user must have read and write permissions on the local mount - point. - type: string - required: - - path - type: object - s3: - properties: - awsSecretName: - description: The name of the K8s secret that holds the AWS credentials. - The secret must contain the keys "AWS_ACCESS_KEY_ID" and "AWS_SECRET_ACCESS_KEY", - and these must hold the corresponding credentials. - type: string - bucketName: - description: Amazon S3 bucket name. - type: string - subdir: - description: Optional. Amazon S3 subdir under bucket. - type: string - required: - - awsSecretName - - bucketName - type: object - sftp: - properties: - sftp_url: - description: SFTP url - type: string - pattern: ^sftp://(([^@]+)@)?([^@/:]+)(:(\d+))?(/([^@/\.]+[/\.]?)*)?$ - sftpSecretName: - description: The name of the K8s secret that holds SFTP credentials. - The secret must contain the "Key" key, which is the SSH private - key for connecting to the sftp server. - type: string - required: - - sftpSecretName - - sftp_url - type: object - swift: - properties: - auth_url: - description: Swift service authentication URL. - type: string - pattern: ^https?://(([^@]+)@)?([^@/:]+)(:(\d+))?([/\.]([^@/\.]+))*?/?$ - container: - description: Swift object store container for storing the backup - files. - type: string - prefix: - description: Optional. Prefix (path) of backup files in the - swift container. - type: string - swiftSecretName: - description: 'The name of the K8s secret that holds Swift credentials. - The secret must contain the keys "Key" and "User", and these - must hold the corresponding credentials: service access key - and service user name (pattern for the latter does not allow - special characters &,<,>,")' - type: string - required: - - auth_url - - container - - swiftSecretName - type: object - type: object - clientAuthenticationCertificates: - description: The Secrets containing TLS Client Certificate to use for - Authentication - items: - type: string - type: array - dataInternodeEncryption: - description: Internode encryption (INE) setting. An optional boolean setting, overriding - a similar cluster-wide policy. - If set to False, INE is guaranteed to be turned off for this DB (regardless of cluster-wide policy). - If set to True, INE will be turned on, unless the capability is not supported by the DB ( - in such a case we will get an error and database creation will fail). - If left unspecified, will be disabled if internode encryption is not supported by the DB - (regardless of cluster default). - Deleting this property after explicitly setting its value shall have no effect. - type: boolean - databasePort: - description: Database port number. TCP port on which the database is - available. Will be generated automatically if omitted. can not be - changed after creation - type: integer - databaseSecretName: - description: The name of the secret that holds the password - to the database (redis databases only). - If secret does not exist, it will be created. - To define the password, create an opaque secret and set the name in the spec. - The password will be taken from the value of the 'password' key. - Use an empty string as value within the secret to disable authentication for the database. - Notes - For Active-Active databases this secret will not be automatically created, - and also, memcached databases must not be set with a value, - and a secret/password will not be automatically created for them. - Use the memcachedSaslSecretName field to set authentication parameters for memcached databases. - type: string - defaultUser: - description: Is connecting with a default user allowed? - type: boolean - evictionPolicy: - description: Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/ - type: string - isRof: - description: Whether it is an RoF database or not. Applicable only for - databases of type "REDIS". Assumed to be false if left blank. - type: boolean - memorySize: - description: memory size of database. use formats like 100MB, 0.1GB. - minimum value in 100MB. When redis on flash (RoF) is enabled, this value refers to RAM+Flash memory, - and it must not be below 1GB. - type: string - modulesList: - description: List of modules associated with database. - Note - For Active-Active databases this feature is currently in preview. For - this feature to take effect for Active-Active databases, set a boolean environment variable - with the name "ENABLE_ALPHA_FEATURES" to True. This variable can - be set via the redis-enterprise-operator pod spec, or through the - operator-environment-config Config Map. - items: - description: 'Redis Enterprise Module: https://redislabs.com/redis-enterprise/modules/' - properties: - config: - description: Module command line arguments e.g. VKEY_MAX_ENTITY_COUNT - 30 - type: string - name: - description: The module's name e.g "ft" for redissearch - type: string - version: - description: Module's semantic version e.g "1.6.12" - optional only in REDB, must be set in REAADB - type: string - required: - - name - type: object - type: array - ossCluster: - description: OSS Cluster mode option. Note that not all client libraries - support OSS cluster mode. - type: boolean - persistence: - description: Database on-disk persistence policy - enum: - - disabled - - aofEverySecond - - aofAlways - - snapshotEvery1Hour - - snapshotEvery6Hour - - snapshotEvery12Hour - type: string - proxyPolicy: - description: 'The policy used for proxy binding to the endpoint. Supported - proxy policies are: single/all-master-shards/all-nodes When left blank, - the default value will be chosen according to the value of ossCluster - - single if disabled, all-master-shards when enabled' - type: string - rackAware: - description: 'Whether database should be rack aware. This improves availability - - more information: https://docs.redislabs.com/latest/rs/concepts/high-availability/rack-zone-awareness/' - type: boolean - redisEnterpriseCluster: - description: Connection to Redis Enterprise Cluster - properties: - name: - description: The name of the Redis Enterprise Cluster where the - database should be stored. - type: string - required: - - name - type: object - replicaSources: - description: What databases to replicate from - items: - properties: - clientKeySecret: - description: 'Secret that defines the client certificate and - key used by the syncer in the target database cluster. The - secret must have 2 keys in its map: "cert" which is the PEM - encoded certificate, and "key" which is the PEM encoded private - key.' - type: string - compression: - description: GZIP compression level (0-6) to use for replication. - type: integer - replicaSourceName: - description: The name of the resource from which the source - database URI is derived. The type of resource must match the - type specified in the ReplicaSourceType field. - type: string - replicaSourceType: - description: The type of resource from which the source database - URI is derived. If set to 'SECRET', the source database URI - is derived from the secret named in the ReplicaSourceName - field. The secret must have a key named 'uri' that defines - the URI of the source database in the form of 'redis://...'. - The type of secret (kubernetes, vault, ...) is determined - by the secret mechanism used by the underlying REC object. - If set to 'REDB', the source database URI is derived from - the RedisEnterpriseDatabase resource named in the ReplicaSourceName - field. - type: string - serverCertSecret: - description: 'Secret that defines the server certificate used - by the proxy in the source database cluster. The secret must - have 1 key in its map: "cert" which is the PEM encoded certificate.' - type: string - tlsSniName: - description: TLS SNI name to use for the replication link. - type: string - required: - - replicaSourceName - - replicaSourceType - type: object - type: array - replication: - description: In-memory database replication. When enabled, database - will have replica shard for every master - leading to higher availability. Defaults to false. - type: boolean - rolesPermissions: - description: List of Redis Enteprise ACL and Role bindings to apply - items: - description: Redis Enterprise Role and ACL Binding - properties: - acl: - description: Acl Name of RolePermissionType - type: string - role: - description: Role Name of RolePermissionType - type: string - type: - description: Type of Redis Enterprise Database Role Permission - type: string - required: - - acl - - role - - type - type: object - type: array - shardingEnabled: - description: Toggles database sharding for REAADBs (Active Active - databases) and enabled by default. This field is blocked for REDB - (non-Active Active databases) and sharding is toggled via the shardCount - field - when shardCount is 1 this is disabled otherwise enabled. - type: boolean - shardCount: - description: Number of database server-side shards - type: integer - shardsPlacement: - description: Control the density of shards - should they reside on as few or as many nodes as possible. - Available options are "dense" or "sparse". If left unset, defaults to "dense". - enum: - - dense - - sparse - type: string - tlsMode: - description: Require SSL authenticated and encrypted connections to - the database. enabled - all incoming connections to the Database must - use SSL. disabled - no incoming connection to the Database should - use SSL. replica_ssl - databases that replicate from this one need - to use SSL. - enum: - - disabled - - enabled - - replica_ssl - type: string - type: - description: The type of the database (redis or memcached). Defaults to "redis". - enum: - - redis - - memcached - type: string - rofRamSize: - description: The size of the RAM portion of an RoF database. - Similarly to "memorySize" use formats like 100MB, 0.1GB. - It must be at least 10% of combined memory - size (RAM and Flash), as specified by "memorySize". - type: string - redisVersion: - description: Redis OSS version. - Version can be specified via prefix, - or via channels - for existing databases - Upgrade Redis - OSS version. For new databases - the version which the database will - be created with. If set to 'major' - will always upgrade to the most - recent major Redis version. If set to 'latest' - will always upgrade - to the most recent Redis version. Depends on 'redisUpgradePolicy' - - if you want to set the value to 'latest' for some databases, you - must set redisUpgradePolicy on the cluster before. Possible values - are 'major' or 'latest' When using upgrade - make sure to backup the - database before. This value is used only for database type 'redis' - type: string - upgradeSpec: - description: Specifications for DB upgrade. - properties: - upgradeModulesToLatest: - description: Upgrades the modules to the latest version that supportes the DB version during a DB upgrade action, to upgrade the DB version view the 'redisVersion' field. - Notes - All modules must be without specifing the version. - in addition, This field is currently not supported for Active-Active databases. - type: boolean - required: - - upgradeModulesToLatest - type: object - activeActive: - description: Connection/ association to the Active-Active database. - properties: - name: - description: 'The the corresponding Active-Active database name, - Redis Enterprise Active Active Database custom resource name, this - Resource is associated with. In case this resource is created - manually at the active active database creation this field must - be filled via the user, otherwise, the operator will assign this - field automatically. Note: this feature is currently unsupported.' - type: string - participatingClusterName: - description: 'The corresponding participating cluster name, Redis - Enterprise Remote Cluster custom resource name, in the Active-Active - database, In case this resource is created manually at the active - active database creation this field must be filled via the user, - otherwise, the operator will assign this field automatically. - Note: this feature is currently unsupported.' - type: string - required: - - name - - participatingClusterName - type: object - memcachedSaslSecretName: - description: 'Credentials used for binary authentication in memcached databases. - The credentials should be saved as an opaque secret and the name of that secret should be configured using this field. - For username, use ''username'' as the key and the actual username as the value. - For password, use ''password'' as the key and the actual password as the value. - Note that connections are not encrypted.' - type: string - resp3: - description: Whether this database supports RESP3 protocol. - Note - Deleting this property after explicitly setting its value shall have no effect. - Please view the corresponding field in RS doc for more info. - type: boolean - type: object - status: - description: RedisEnterpriseDatabaseStatus defines the observed state of - RedisEnterpriseDatabase - properties: - createdTime: - description: Time when the database was created - type: string - databaseUID: - description: Database UID provided by redis enterprise - type: string - internalEndpoints: - description: Endpoints listed internally by the Redis Enterprise Cluster. - Can be used to correlate a ReplicaSourceStatus entry. - items: - properties: - host: - description: Hostname assigned to the database - type: string - port: - description: Database port name - type: integer - type: object - type: array - lastActionStatus: - description: Status of the last action done by operator on this database - type: string - lastActionUid: - description: UID of the last action done by operator on this database - type: string - lastUpdated: - description: Time when the database was last updated - type: string - observedGeneration: - description: 'The generation (built in update counter of K8s) of the - REDB resource that was fully acted upon, meaning that all changes - were handled and sent as an API call to the Redis Enterprise Cluster - (REC). This field value should equal the current generation when the - resource changes were handled. Note: the lastActionStatus field tracks - actions handled asynchronously by the Redis Enterprise Cluster.' - format: int64 - type: integer - redisEnterpriseCluster: - description: The Redis Enterprise Cluster Object this Resource is associated - with - type: string - replicaSourceStatuses: - description: ReplicaSource statuses - items: - properties: - endpointHost: - description: The internal host name of the replica source database. - Can be used as an identifier. See the internalEndpoints list - on the REDB status. - type: string - lag: - description: Lag in millisec between source and destination (while - synced). - type: integer - lastError: - description: Last error encountered when syncing from the source. - type: string - lastUpdate: - description: Time when we last receive an update from the source. - type: string - rdbSize: - description: The source’s RDB size to be transferred during the - syncing phase. - type: integer - rdbTransferred: - description: Number of bytes transferred from the source’s RDB - during the syncing phase. - type: integer - status: - description: Sync status of this source - type: string - required: - - endpointHost - type: object - type: array - shardStatuses: - additionalProperties: - type: integer - description: Aggregated statuses of shards - type: object - backupInfo: - description: Information on the database's periodic backup - properties: - backupFailureReason: - description: Reason of last failed backup process - type: string - backupHistory: - description: Backup history retention policy (number of days, - 0 is forever) - type: integer - backupInterval: - description: Interval in seconds in which automatic backup will - be initiated - type: integer - backupIntervalOffset: - description: Offset (in seconds) from round backup interval when - automatic backup will be initiated (should be less than backup_interval) - type: integer - backupProgressPercentage: - description: Database scheduled periodic backup progress (percentage) - type: integer - backupStatus: - description: Status of scheduled periodic backup process - type: string - lastBackupTime: - description: Time of last successful backup - type: string - type: object - specStatus: - description: Whether the desired specification is valid - type: string - status: - description: The status of the database - type: string - version: - description: Database compatibility version - type: string - activeActive: - description: Connection/ association to the Active-Active database. - properties: - name: - description: 'The the corresponding Active-Active database name, - Redis Enterprise Active Active Database custom resource name, this - Resource is associated with. In case this resource is created - manually at the active active database creation this field must - be filled via the user, otherwise, the operator will assign this - field automatically. Note: this feature is currently unsupported.' - type: string - participatingClusterName: - description: 'The corresponding participating cluster name, Redis - Enterprise Remote Cluster custom resource name, in the Active-Active - database, In case this resource is created manually at the active - active database creation this field must be filled via the user, - otherwise, the operator will assign this field automatically. - Note: this feature is currently unsupported.' - type: string - required: - - name - - participatingClusterName - type: object - type: object - type: object ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: redisenterpriseremoteclusters.app.redislabs.com - labels: - app: redis-enterprise -spec: - group: app.redislabs.com - names: - kind: RedisEnterpriseRemoteCluster - listKind: RedisEnterpriseRemoteClusterList - plural: redisenterpriseremoteclusters - singular: redisenterpriseremotecluster - shortNames: - - rerc - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .status.status - name: Status - type: string - - jsonPath: .status.specStatus - name: Spec Status - type: string - - jsonPath: .status.local - name: Local - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - description: RedisEntepriseRemoteCluster represents a remote participating - cluster. - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - status: - properties: - local: - description: Indicates whether this object represents a local or a - remote cluster. - type: boolean - specStatus: - description: Whether the desired specification is valid. - type: string - status: - description: The status of the remote cluster. - type: string - observedGeneration: - description: The most recent generation observed for this RERC. It corresponds to the RERC's generation, which is updated by the API Server. - type: integer - type: object - spec: - properties: - apiFqdnUrl: - description: The URL of the cluster, will be used for the active-active - database URL. - type: string - dbFqdnSuffix: - description: The database URL suffix, will be used for the active-active - database replication endpoint and replication endpoint SNI. - type: string - recNamespace: - description: The namespace of the REC that the RERC is pointing at - type: string - recName: - description: The name of the REC that the RERC is pointing at - type: string - secretName: - description: 'The name of the secret containing cluster credentials. - Must be of the following format: "redis-enterprise-"' - type: string - required: - - apiFqdnUrl - - recName - - recNamespace - type: object - type: object ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: redisenterpriseactiveactivedatabases.app.redislabs.com - labels: - app: redis-enterprise -spec: - group: app.redislabs.com - names: - kind: RedisEnterpriseActiveActiveDatabase - listKind: RedisEnterpriseActiveActiveDatabaseList - plural: redisenterpriseactiveactivedatabases - singular: redisenterpriseactiveactivedatabase - shortNames: - - reaadb - preserveUnknownFields: false - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .status.status - name: Status - type: string - - jsonPath: .status.specStatus - name: Spec Status - type: string - - jsonPath: .status.linkedRedbs[*] - name: Linked REDBs - type: string - - jsonPath: .status.replicationStatus - name: Replication Status - type: string - subresources: - status: {} - schema: - openAPIV3Schema: - description: RedisEnterpriseActiveActiveDatabase is the Schema for the redisenterpriseactiveactivedatabase - API - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - status: - description: RedisEnterpriseActiveActiveDatabaseStatus defines the observed - state of RedisEnterpriseActiveActiveDatabase - properties: - status: - description: The status of the active active database. - type: string - specStatus: - description: Whether the desired specification is valid - type: string - linkedRedbs: - description: The linked REDBs. - items: - type: string - type: array - participatingClusters: - description: The list of instances/ clusters statuses. - items: - description: Status of participating cluster. - properties: - name: - description: The name of the remote cluster CR that is linked. - type: string - id: - description: The corresponding ID of the instance in the active-active database. - format: int64 - type: integer - replicationStatus: - description: The replication status of the participating cluster - enum: - - up - - down - type: string - required: - - name - type: object - type: array - guid: - description: The active-active database corresponding GUID. - type: string - lastTaskUid: - description: The last active-active database task UID. - type: string - redisEnterpriseCluster: - description: The Redis Enterprise Cluster Object this Resource is associated - with - type: string - replicationStatus: - description: The overall replication status - enum: - - up - - down - type: string - secretsStatus: - description: The status of the secrets - items: - description: Status of secrets. - properties: - name: - description: The name of the secret. - type: string - status: - description: The status of the secret. - enum: - - Valid - - Invalid - type: string - required: - - name - type: object - type: array - type: object - spec: - description: RedisEnterpriseActiveActiveDatabaseSpec defines the desired - state of RedisEnterpriseActiveActiveDatabase - properties: - redisEnterpriseCluster: - description: Connection to Redis Enterprise Cluster - properties: - name: - description: The name of the Redis Enterprise Cluster where the - database should be stored. - type: string - required: - - name - type: object - participatingClusters: - description: The list of instances/ clusters specifications and configurations. - items: - properties: - name: - description: The name of the remote cluster CR to link. - type: string - required: - - name - type: object - type: array - globalConfigurations: - description: The Active-Active database global configurations, - contains the global properties for each of the participating clusters/ instances databases within the Active-Active database. - properties: - activeActive: - description: Connection/ association to the Active-Active database. - properties: - name: - description: 'The the corresponding Active-Active database name, - Redis Enterprise Active Active Database custom resource name, - this Resource is associated with. In case this resource is - created manually at the active active database creation this - field must be filled via the user, otherwise, the operator - will assign this field automatically. Note: this feature is - currently unsupported.' - type: string - participatingClusterName: - description: 'The corresponding participating cluster name, - Redis Enterprise Remote Cluster custom resource name, in the - Active-Active database, In case this resource is created manually - at the active active database creation this field must be - filled via the user, otherwise, the operator will assign this - field automatically. Note: this feature is currently unsupported.' - type: string - required: - - name - - participatingClusterName - type: object - alertSettings: - description: Settings for database alerts - properties: - bdb_backup_delayed: - description: Periodic backup has been delayed for longer than - specified threshold value [minutes] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_crdt_src_high_syncer_lag: - description: Active-active source - sync lag is higher than - specified threshold value [seconds] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_crdt_src_syncer_connection_error: - description: Active-active source - sync has connection error - while trying to connect replica source - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_crdt_src_syncer_general_error: - description: Active-active source - sync encountered in general - error - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_high_latency: - description: Latency is higher than specified threshold value - [micro-sec] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_high_throughput: - description: Throughput is higher than specified threshold - value [requests / sec.] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_long_running_action: - description: An alert for state-machines that are running - for too long - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_low_throughput: - description: Throughput is lower than specified threshold - value [requests / sec.] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_ram_dataset_overhead: - description: Dataset RAM overhead of a shard has reached the - threshold value [% of its RAM limit] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_ram_values: - description: Percent of values kept in a shard's RAM is lower - than [% of its key count] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_replica_src_high_syncer_lag: - description: Replica-of source - sync lag is higher than specified - threshold value [seconds] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_replica_src_syncer_connection_error: - description: Replica-of source - sync has connection error - while trying to connect replica source - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_shard_num_ram_values: - description: Number of values kept in a shard's RAM is lower - than [values] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - bdb_size: - description: Dataset size has reached the threshold value - [% of the memory limit] - properties: - enabled: - description: Alert enabled or disabled - type: boolean - threshold: - description: Threshold for alert going on/off - type: string - required: - - enabled - - threshold - type: object - type: object - backup: - description: Target for automatic database backups. - properties: - abs: - properties: - absSecretName: - description: The name of the secret that holds ABS credentials. - The secret must contain the keys "AccountName" and "AccountKey", - and these must hold the corresponding credentials - type: string - container: - description: Azure Blob Storage container name. - type: string - subdir: - description: Optional. Azure Blob Storage subdir under - container. - type: string - required: - - absSecretName - - container - type: object - ftp: - properties: - url: - description: a URI of the "ftps://[USER[:PASSWORD]@]HOST[:PORT]/PATH[/]" - format - type: string - required: - - url - type: object - gcs: - description: GoogleStorage - properties: - bucketName: - description: Google Storage bucket name. - type: string - gcsSecretName: - description: The name of the secret that holds the Google - Cloud Storage credentials. The secret must contain the - keys "CLIENT_ID", "PRIVATE_KEY", "PRIVATE_KEY_ID", "CLIENT_EMAIL" - and these must hold the corresponding credentials. The - keys should correspond to the values in the key JSON. - type: string - subdir: - description: Optional. Google Storage subdir under bucket. - type: string - required: - - bucketName - - gcsSecretName - type: object - interval: - description: Backup Interval in seconds - type: integer - mount: - description: MountPointStorage - properties: - path: - description: Path to the local mount point. You must create - the mount point on all nodes, and the redislabs:redislabs - user must have read and write permissions on the local - mount point. - type: string - required: - - path - type: object - s3: - properties: - awsSecretName: - description: The name of the secret that holds the AWS - credentials. The secret must contain the keys "AWS_ACCESS_KEY_ID" - and "AWS_SECRET_ACCESS_KEY", and these must hold the - corresponding credentials. - type: string - bucketName: - description: Amazon S3 bucket name. - type: string - subdir: - description: Optional. Amazon S3 subdir under bucket. - type: string - required: - - awsSecretName - - bucketName - type: object - sftp: - properties: - sftp_url: - description: SFTP url - type: string - sftpSecretName: - description: The name of the secret that holds SFTP credentials. - The secret must contain the "Key" key, which is the - SSH private key for connecting to the sftp server. - type: string - required: - - sftpSecretName - - sftp_url - type: object - swift: - properties: - auth_url: - description: Swift service authentication URL. - type: string - container: - description: Swift object store container for storing - the backup files. - type: string - prefix: - description: Optional. Prefix (path) of backup files in - the swift container. - type: string - swiftSecretName: - description: 'The name of the secret that holds Swift - credentials. The secret must contain the keys "Key" - and "User", and these must hold the corresponding credentials: - service access key and service user name (pattern for - the latter does not allow special characters &,<,>,")' - type: string - required: - - auth_url - - container - - swiftSecretName - type: object - type: object - clientAuthenticationCertificates: - description: The Secrets containing TLS Client Certificate to - use for Authentication - items: - type: string - type: array - dataInternodeEncryption: - description: Internode encryption (INE) setting. An optional boolean - setting, overriding a similar cluster-wide policy. If set to - False, INE is guaranteed to be turned off for this DB (regardless - of cluster-wide policy). If set to True, INE will be turned - on, unless the capability is not supported by the DB ( in such - a case we will get an error and database creation will fail). - If left unspecified, will be disabled if internode encryption - is not supported by the DB (regardless of cluster default). - Deleting this property after explicitly setting its value shall - have no effect. - type: boolean - databasePort: - description: Database port number. TCP port on which the database - is available. Will be generated automatically if omitted. can - not be changed after creation - type: integer - databaseSecretName: - description: The name of the secret that holds the password - to the database (redis databases only). - If secret does not exist, it will be created. - To define the password, create an opaque secret and set the name in the spec. - The password will be taken from the value of the 'password' key. - Use an empty string as value within the secret to disable authentication for the database. - Notes - For Active-Active databases this secret will not be automatically created, - and also, memcached databases must not be set with a value, - and a secret/password will not be automatically created for them. - Use the memcachedSaslSecretName field to set authentication parameters for memcached databases. - type: string - defaultUser: - description: Is connecting with a default user allowed? If disabled, - the DatabaseSecret will not be created or updated - type: boolean - evictionPolicy: - description: Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/ - type: string - isRof: - description: Whether it is an RoF database or not. Applicable - only for databases of type "REDIS". Assumed to be false if left - blank. - type: boolean - memcachedSaslSecretName: - description: Credentials used for binary authentication in memcached - databases. The credentials should be saved as an opaque secret - and the name of that secret should be configured using this - field. For username, use 'username' as the key and the actual - username as the value. For password, use 'password' as the key - and the actual password as the value. Note that connections - are not encrypted. - type: string - memorySize: - description: memory size of database. use formats like 100MB, - 0.1GB. minimum value in 100MB. When redis on flash (RoF) is - enabled, this value refers to RAM+Flash memory, and it must - not be below 1GB. - type: string - modulesList: - description: List of modules associated with database. - Note - For Active-Active databases this feature is currently in preview. For - this feature to take effect for Active-Active databases, set a boolean environment variable - with the name "ENABLE_ALPHA_FEATURES" to True. This variable can - be set via the redis-enterprise-operator pod spec, or through the - operator-environment-config Config Map. - items: - description: 'Redis Enterprise Module: https://redislabs.com/redis-enterprise/modules/' - properties: - config: - description: Module command line arguments e.g. VKEY_MAX_ENTITY_COUNT - 30 - type: string - name: - description: The module's name e.g "ft" for redissearch - type: string - uid: - description: Module's uid - do not set, for system use only - nolint:staticcheck // custom json tag unknown to the linter - type: string - version: - description: Module's semantic version e.g "1.6.12" - optional only in REDB, must be set in REAADB - type: string - required: - - name - type: object - type: array - ossCluster: - description: OSS Cluster mode option. Note that not all client - libraries support OSS cluster mode. - type: boolean - persistence: - description: Database on-disk persistence policy - enum: - - disabled - - aofEverySecond - - aofAlways - - snapshotEvery1Hour - - snapshotEvery6Hour - - snapshotEvery12Hour - type: string - proxyPolicy: - description: 'The policy used for proxy binding to the endpoint. - Supported proxy policies are: single/all-master-shards/all-nodes - When left blank, the default value will be chosen according - to the value of ossCluster - single if disabled, all-master-shards - when enabled' - type: string - rackAware: - description: 'Whether database should be rack aware. This improves - availability - more information: https://docs.redislabs.com/latest/rs/concepts/high-availability/rack-zone-awareness/' - type: boolean - redisEnterpriseCluster: - description: Connection to Redis Enterprise Cluster - properties: - name: - description: The name of the Redis Enterprise Cluster where - the database should be stored. - type: string - required: - - name - type: object - redisVersion: - description: Redis OSS version. - Version can be specified via prefix, - or via channels - for existing databases - Upgrade - Redis OSS version. For new databases - the version which the - database will be created with. If set to 'major' - will always - upgrade to the most recent major Redis version. If set to 'latest' - - will always upgrade to the most recent Redis version. Depends - on 'redisUpgradePolicy' - if you want to set the value to 'latest' - for some databases, you must set redisUpgradePolicy on the cluster - before. Possible values are 'major' or 'latest' When using upgrade - - make sure to backup the database before. This value is used - only for database type 'redis' - type: string - upgradeSpec: - description: Specifications for DB upgrade. - properties: - upgradeModulesToLatest: - description: Upgrades the modules to the latest version that supportes the DB version during a DB upgrade action, to upgrade the DB version view the 'redisVersion' field. - Note - This field is currently not supported for Active-Active databases. - type: boolean - required: - - upgradeModulesToLatest - type: object - replicaSources: - description: What databases to replicate from - items: - properties: - clientKeySecret: - description: 'Secret that defines the client certificate - and key used by the syncer in the target database cluster. - The secret must have 2 keys in its map: "cert" which is - the PEM encoded certificate, and "key" which is the PEM - encoded private key.' - type: string - compression: - description: GZIP compression level (0-6) to use for replication. - type: integer - replicaSourceName: - description: The name of the resource from which the source - database URI is derived. The type of resource must match - the type specified in the ReplicaSourceType field. - type: string - replicaSourceType: - description: The type of resource from which the source - database URI is derived. If set to 'SECRET', the source - database URI is derived from the secret named in the ReplicaSourceName - field. The secret must have a key named 'uri' that defines - the URI of the source database in the form of 'redis://...'. - The type of secret (kubernetes, vault, ...) is determined - by the secret mechanism used by the underlying REC object. - If set to 'REDB', the source database URI is derived from - the RedisEnterpriseDatabase resource named in the ReplicaSourceName - field. - type: string - serverCertSecret: - description: 'Secret that defines the server certificate - used by the proxy in the source database cluster. The - secret must have 1 key in its map: "cert" which is the - PEM encoded certificate.' - type: string - tlsSniName: - description: TLS SNI name to use for the replication link. - type: string - required: - - replicaSourceName - - replicaSourceType - type: object - type: array - replication: - description: In-memory database replication. When enabled, database - will have replica shard for every master - leading to higher - availability. Defaults to false. - type: boolean - resp3: - description: Whether this database supports RESP3 protocol. - Note - Deleting this property after explicitly setting its value shall have no effect. - Please view the corresponding field in RS doc for more info. - type: boolean - rofRamSize: - description: The size of the RAM portion of an RoF database. Similarly - to "memorySize" use formats like 100MB, 0.1GB It must be at - least 10% of combined memory size (RAM+Flash), as specified - by "memorySize". - type: string - rolesPermissions: - description: List of Redis Enteprise ACL and Role bindings to - apply - items: - description: Redis Enterprise Role and ACL Binding - properties: - acl: - description: 'Acl Name of RolePermissionType (note: use - exact name of the ACL from the Redis Enterprise ACL list, - case sensitive)' - type: string - role: - description: 'Role Name of RolePermissionType (note: use - exact name of the role from the Redis Enterprise role - list, case sensitive)' - type: string - type: - description: Type of Redis Enterprise Database Role Permission - type: string - required: - - acl - - role - - type - type: object - type: array - shardingEnabled: - description: Toggles database sharding for REAADBs (Active Active - databases) and enabled by default. This field is blocked for REDB - (non-Active Active databases) and sharding is toggled via the shardCount - field - when shardCount is 1 this is disabled otherwise enabled. - type: boolean - shardCount: - description: Number of database server-side shards - type: integer - shardsPlacement: - description: Control the density of shards - should they reside - on as few or as many nodes as possible. Available options are - "dense" or "sparse". If left unset, defaults to "dense". - type: string - tlsMode: - description: Require SSL authenticated and encrypted connections - to the database. enabled - all incoming connections to the Database - must use SSL. disabled - no incoming connection to the Database - should use SSL. replica_ssl - databases that replicate from - this one need to use SSL. - enum: - - disabled - - enabled - - replica_ssl - type: string - type: - description: The type of the database. - enum: - - redis - - memcached - type: string - type: object - required: - - participatingClusters - type: object - type: object ---- ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator -spec: - replicas: 1 - selector: - matchLabels: - name: redis-enterprise-operator - strategy: - type: Recreate - template: - metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator - spec: - containers: - - command: - - operator-root - - operator - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: redis-enterprise-operator - - name: DEPLOY_RHEL - value: "true" - envFrom: - - configMapRef: - name: "operator-environment-config" - optional: true - image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.6-2 - imagePullPolicy: Always - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: redis-enterprise-operator - ports: - - containerPort: 8080 - resources: - limits: - cpu: 4000m - memory: 512Mi - requests: - cpu: 500m - memory: 256Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - - command: - - operator-root - - admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - envFrom: - - configMapRef: - name: "operator-environment-config" - optional: true - image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.6-2 - imagePullPolicy: Always - livenessProbe: - failureThreshold: 3 - httpGet: - path: /liveness - port: 8443 - scheme: HTTPS - initialDelaySeconds: 15 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: admission - ports: - - containerPort: 8443 - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8443 - scheme: HTTPS - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: 1000m - memory: 512Mi - requests: - cpu: 250m - memory: 256Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - securityContext: - runAsNonRoot: true - serviceAccountName: redis-enterprise-operator ---- diff --git a/openshift/OLM/README.md b/openshift/OLM/README.md deleted file mode 100644 index 72dd145..0000000 --- a/openshift/OLM/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Installing Redis Enterprise Operator on Openshift's OLM - -This content has moved to [docs.redis.com](https://docs.redis.com/latest/); see [Deploy Redis Enterprise with OpenShift OperatorHub](https://docs.redis.com/latest/kubernetes/deployment/openshift/openshift-operatorhub/). \ No newline at end of file diff --git a/openshift/admission-service.yaml b/openshift/admission-service.yaml deleted file mode 100644 index 46d923e..0000000 --- a/openshift/admission-service.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: admission - labels: - app: redis-enterprise -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 8443 - selector: - name: redis-enterprise-operator diff --git a/openshift/operator_rhel.yaml b/openshift/operator_rhel.yaml deleted file mode 100644 index 6908996..0000000 --- a/openshift/operator_rhel.yaml +++ /dev/null @@ -1,134 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator -spec: - replicas: 1 - selector: - matchLabels: - name: redis-enterprise-operator - strategy: - type: Recreate - template: - metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator - spec: - containers: - - command: - - operator-root - - operator - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: redis-enterprise-operator - - name: DEPLOY_RHEL - value: "true" - envFrom: - - configMapRef: - name: "operator-environment-config" - optional: true - image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.6-2 - imagePullPolicy: Always - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: redis-enterprise-operator - ports: - - containerPort: 8080 - resources: - limits: - cpu: 4000m - memory: 512Mi - requests: - cpu: 500m - memory: 256Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - - command: - - operator-root - - admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - envFrom: - - configMapRef: - name: "operator-environment-config" - optional: true - image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.6-2 - imagePullPolicy: Always - livenessProbe: - failureThreshold: 3 - httpGet: - path: /liveness - port: 8443 - scheme: HTTPS - initialDelaySeconds: 15 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: admission - ports: - - containerPort: 8443 - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8443 - scheme: HTTPS - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: 1000m - memory: 512Mi - requests: - cpu: 250m - memory: 256Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - securityContext: - runAsNonRoot: true - serviceAccountName: redis-enterprise-operator diff --git a/openshift/rec_rhel.yaml b/openshift/rec_rhel.yaml deleted file mode 100644 index 9c7588c..0000000 --- a/openshift/rec_rhel.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: app.redislabs.com/v1 -kind: RedisEnterpriseCluster -metadata: - name: rec - labels: - app: redis-enterprise -spec: - # Add fields here - nodes: 3 - redisEnterpriseImageSpec: - repository: registry.connect.redhat.com/redislabs/redis-enterprise - versionTag: 7.4.6-22.rhel8-openshift - redisEnterpriseServicesRiggerImageSpec: - repository: registry.connect.redhat.com/redislabs/services-manager - bootstrapperImageSpec: - repository: registry.connect.redhat.com/redislabs/redis-enterprise-operator diff --git a/openshift/role.yaml b/openshift/role.yaml deleted file mode 100644 index 4a0427a..0000000 --- a/openshift/role.yaml +++ /dev/null @@ -1,194 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator -rules: - - apiGroups: - - rbac.authorization.k8s.io - - "" - resources: - - roles - - serviceaccounts - - rolebindings - verbs: - - create - - get - - update - - patch - - delete - - apiGroups: - - app.redislabs.com - resources: - - redisenterpriseclusters - - redisenterpriseclusters/status - - redisenterpriseclusters/finalizers - - redisenterprisedatabases - - redisenterprisedatabases/status - - redisenterprisedatabases/finalizers - - redisenterpriseremoteclusters - - redisenterpriseremoteclusters/status - - redisenterpriseremoteclusters/finalizers - - redisenterpriseactiveactivedatabases - - redisenterpriseactiveactivedatabases/status - - redisenterpriseactiveactivedatabases/finalizers - verbs: - - delete - - get - - list - - patch - - create - - update - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - update - - get - - create - - patch - - delete - - list - - watch - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - apps - resources: - - deployments - - statefulsets - - replicasets - verbs: - - create - - delete - - get - - patch - - update - - list - - watch - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - create - - delete - - get - - list - - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - update - - watch - - list - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - update - - list - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - update - - patch - - delete - - watch - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - update - - patch - - create - - delete - - watch - - apiGroups: - - policy - resourceNames: - - redis-enterprise-psp - resources: - - podsecuritypolicies - verbs: - - use - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - patch - - delete - - list - - update - - get - - watch - - apiGroups: - - networking.istio.io - resources: - - gateways - - virtualservices - verbs: - - get - - list - - update - - patch - - create - - delete - - watch - - apiGroups: - - route.openshift.io - resources: - - routes - - routes/custom-host - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - security.openshift.io - resourceNames: - - nonroot - resources: - - securitycontextconstraints - verbs: - - use diff --git a/openshift/role_binding.yaml b/openshift/role_binding.yaml deleted file mode 100644 index dca673d..0000000 --- a/openshift/role_binding.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: redis-enterprise-operator -subjects: - - kind: ServiceAccount - name: redis-enterprise-operator diff --git a/openshift/scc.yaml b/openshift/scc.yaml deleted file mode 100644 index 5cb3727..0000000 --- a/openshift/scc.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -apiVersion: security.openshift.io/v1 -kind: SecurityContextConstraints -metadata: - name: redis-enterprise-scc-v2 - annotations: - kubernetes.io/description: redis-enterprise-scc is the minimal SCC needed to run Redis Enterprise nodes on Kubernetes. It provides the same features as restricted-v2 SCC, but allows pods to enable the SYS_RESOURCE capability, which is required by Redis Enterprise nodes to manage file descriptor limits and OOM scores for database shards. Additionally, it requires pods to run as UID/GID 1001, which are the UID/GID used within the Redis Enterprise node containers. -allowedCapabilities: - - SYS_RESOURCE -allowHostDirVolumePlugin: false -allowHostIPC: false -allowHostNetwork: false -allowHostPID: false -allowHostPorts: false -allowPrivilegeEscalation: false -allowPrivilegedContainer: false -readOnlyRootFilesystem: false -runAsUser: - type: MustRunAs - uid: 1001 -fsGroup: - type: MustRunAs - ranges: - - min: 1001 - max: 1001 -seLinuxContext: - type: MustRunAs -seccompProfiles: - - runtime/default -supplementalGroups: - type: RunAsAny diff --git a/openshift/service_account.yaml b/openshift/service_account.yaml deleted file mode 100644 index b2940cf..0000000 --- a/openshift/service_account.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator diff --git a/operator.yaml b/operator.yaml deleted file mode 100644 index 32076d8..0000000 --- a/operator.yaml +++ /dev/null @@ -1,134 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator -spec: - replicas: 1 - selector: - matchLabels: - name: redis-enterprise-operator - strategy: - type: Recreate - template: - metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator - spec: - containers: - - command: - - operator-root - - operator - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: redis-enterprise-operator - envFrom: - - configMapRef: - name: "operator-environment-config" - optional: true - image: redislabs/operator:7.4.6-2 - imagePullPolicy: Always - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: redis-enterprise-operator - ports: - - containerPort: 8080 - resources: - limits: - cpu: 4000m - memory: 512Mi - requests: - cpu: 500m - memory: 256Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - - command: - - operator-root - - admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - envFrom: - - configMapRef: - name: "operator-environment-config" - optional: true - image: redislabs/operator:7.4.6-2 - imagePullPolicy: Always - livenessProbe: - failureThreshold: 3 - httpGet: - path: /liveness - port: 8443 - scheme: HTTPS - initialDelaySeconds: 15 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: admission - ports: - - containerPort: 8443 - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8443 - scheme: HTTPS - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: 1000m - memory: 512Mi - requests: - cpu: 250m - memory: 256Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - securityContext: - seccompProfile: - type: RuntimeDefault - runAsNonRoot: true - serviceAccountName: redis-enterprise-operator diff --git a/rack_awareness/rack_aware_cluster_role.yaml b/rack_awareness/rack_aware_cluster_role.yaml deleted file mode 100644 index 0566cec..0000000 --- a/rack_awareness/rack_aware_cluster_role.yaml +++ /dev/null @@ -1,9 +0,0 @@ -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: redis-enterprise-operator -rules: - # needed for rack awareness - - apiGroups: [""] - resources: ["nodes"] - verbs: ["list", "get", "watch"] diff --git a/rack_awareness/rack_aware_cluster_role_binding.yaml b/rack_awareness/rack_aware_cluster_role_binding.yaml deleted file mode 100644 index 1ded526..0000000 --- a/rack_awareness/rack_aware_cluster_role_binding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: redis-enterprise-operator - labels: - app: redis-enterprise -subjects: -- kind: ServiceAccount - namespace: NAMESPACE_OF_SERVICE_ACCOUNT - name: redis-enterprise-operator -roleRef: - kind: ClusterRole - name: redis-enterprise-operator - apiGroup: rbac.authorization.k8s.io diff --git a/rack_awareness/rack_aware_rec.yaml b/rack_awareness/rack_aware_rec.yaml deleted file mode 100644 index 9307758..0000000 --- a/rack_awareness/rack_aware_rec.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: app.redislabs.com/v1alpha1 -kind: RedisEnterpriseCluster -metadata: - name: rack-aware-cluster - labels: - app: redis-enterprise -spec: - nodes: 3 - rackAwarenessNodeLabel: topology.kubernetes.io/zone diff --git a/redis_enterprise_active_active_database_api.md b/redis_enterprise_active_active_database_api.md deleted file mode 100644 index 7e208b1..0000000 --- a/redis_enterprise_active_active_database_api.md +++ /dev/null @@ -1,120 +0,0 @@ -# Redis Enterprise Active Active Database API -This document describes the parameters for the Redis Enterprise Active Active Database custom resource -> Note this document is auto-generated from code comments. To contribute a change please change the code comments. -## Table of Contents -* [Objects](#objects) - * [ParticipatingCluster](#participatingcluster) - * [ParticipatingClusterStatus](#participatingclusterstatus) - * [RedisEnterpriseActiveActiveDatabase](#redisenterpriseactiveactivedatabase) - * [RedisEnterpriseActiveActiveDatabaseList](#redisenterpriseactiveactivedatabaselist) - * [RedisEnterpriseActiveActiveDatabaseSpec](#redisenterpriseactiveactivedatabasespec) - * [RedisEnterpriseActiveActiveDatabaseStatus](#redisenterpriseactiveactivedatabasestatus) - * [SecretStatus](#secretstatus) -* [Enums](#enums) - * [ActiveActiveDatabaseSecretStatus](#activeactivedatabasesecretstatus) - * [ActiveActiveDatabaseStatus](#activeactivedatabasestatus) - * [ReplicationStatus](#replicationstatus) -## Objects - -### ParticipatingCluster -Instance/cluster specifications and configurations. - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| name | The name of the remote cluster CR to link. | string | | true | -[Back to Table of Contents](#table-of-contents) - -### ParticipatingClusterStatus -Status of participating cluster. - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| name | The name of the remote cluster CR that is linked. | string | | true | -| id | The corresponding ID of the instance in the active-active database. | *int64 | | false | -| replicationStatus | The replication status of the participating cluster | [ReplicationStatus](#replicationstatus) | | false | -[Back to Table of Contents](#table-of-contents) - -### RedisEnterpriseActiveActiveDatabase -RedisEnterpriseActiveActiveDatabase is the schema for the redisenterpriseactiveactivedatabase API - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#objectmeta-v1-meta) | | false | -| spec | | [RedisEnterpriseActiveActiveDatabaseSpec](#redisenterpriseactiveactivedatabasespec) | | false | -| status | | [RedisEnterpriseActiveActiveDatabaseStatus](#redisenterpriseactiveactivedatabasestatus) | | false | -[Back to Table of Contents](#table-of-contents) - -### RedisEnterpriseActiveActiveDatabaseList -RedisEnterpriseActiveActiveDatabaseList contains a list of RedisEnterpriseActiveActiveDatabase - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#listmeta-v1-meta) | | false | -| items | | [][RedisEnterpriseActiveActiveDatabase](#redisenterpriseactiveactivedatabase) | | true | -[Back to Table of Contents](#table-of-contents) - -### RedisEnterpriseActiveActiveDatabaseSpec -RedisEnterpriseActiveActiveDatabaseSpec defines the desired state of RedisEnterpriseActiveActiveDatabase - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| redisEnterpriseCluster | Connection to Redis Enterprise Cluster | *[RedisEnterpriseConnection](#redisenterpriseconnection) | | false | -| participatingClusters | The list of instances/ clusters specifications and configurations. | []*[ParticipatingCluster](#participatingcluster) | | true | -| globalConfigurations | The Active-Active database global configurations, contains the global properties for each of the participating clusters/ instances databases within the Active-Active database. | *[RedisEnterpriseDatabaseSpec](#redisenterprisedatabasespec) | | true | -[Back to Table of Contents](#table-of-contents) - -### RedisEnterpriseActiveActiveDatabaseStatus -RedisEnterpriseActiveActiveDatabaseStatus defines the observed state of RedisEnterpriseActiveActiveDatabase - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| specStatus | Whether the desired specification is valid | [SpecStatusName](#specstatusname) | | false | -| status | The status of the active active database. This status does not include the replication link (data-path) status For the replication link status please view the 'Replication Status' or the 'status.replicationStatus' on the custom resource. | [ActiveActiveDatabaseStatus](#activeactivedatabasestatus) | | false | -| participatingClusters | The list of instances/ clusters statuses. | []*[ParticipatingClusterStatus](#participatingclusterstatus) | | false | -| globalConfigurations | The active-active default global configurations linked REDB | string | | false | -| linkedRedbs | The linked REDBs. | []string | | false | -| guid | The active-active database corresponding GUID. | string | | false | -| lastTaskUid | The last active-active database task UID. | string | | false | -| redisEnterpriseCluster | The Redis Enterprise Cluster Object this Resource is associated with | string | | false | -| secretsStatus | The status of the secrets | []*[SecretStatus](#secretstatus) | | false | -| replicationStatus | The overall replication status | [ReplicationStatus](#replicationstatus) | | false | -[Back to Table of Contents](#table-of-contents) - -### SecretStatus -Status of secrets. - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| name | The name of the secret. | string | | true | -| status | The status of the secret. | [ActiveActiveDatabaseSecretStatus](#activeactivedatabasesecretstatus) | | false | -[Back to Table of Contents](#table-of-contents) -## Enums - -### ActiveActiveDatabaseSecretStatus - -| Value | Description | -| ----- | ----------- | -| "Invalid" | | -| "Valid" | | -[Back to Table of Contents](#table-of-contents) - -### ActiveActiveDatabaseStatus - -| Value | Description | -| ----- | ----------- | -| "pending" | Active-active database is pending creation. | -| "active" | Active-active database is ready to be used. | -| "active-change-pending" | Database is ready to be used, but a change is pending. | -| "delete-pending" | Active-active database will be deleted soon. | -| "creation-failed" | Active-active database creation has failed. | -| "error" | Active-active database is in recovery. ActiveActiveDatabaseStatusRecovery ActiveActiveDatabaseStatus = "recovery" Active-active database status error. | -| "" | Active-active database status unknown. | -[Back to Table of Contents](#table-of-contents) - -### ReplicationStatus - -| Value | Description | -| ----- | ----------- | -| "up" | | -| "down" | | -[Back to Table of Contents](#table-of-contents) diff --git a/redis_enterprise_cluster_api.md b/redis_enterprise_cluster_api.md deleted file mode 100644 index 1966873..0000000 --- a/redis_enterprise_cluster_api.md +++ /dev/null @@ -1,625 +0,0 @@ -# Redis Enterprise Cluster API -This document describes the parameters for the Redis Enterprise Cluster custom resource -> Note this document is auto-generated from code comments. To contribute a change please change the code comments. -## Table of Contents -* [Objects](#objects) - * [APIServiceSpec](#apiservicespec) - * [ActiveActive](#activeactive) - * [Backup](#backup) - * [BundledDatabaseRedisVersions](#bundleddatabaseredisversions) - * [BundledDatabaseVersions](#bundleddatabaseversions) - * [ClusterCertificate](#clustercertificate) - * [CmServer](#cmserver) - * [ContainerTimezoneSpec](#containertimezonespec) - * [CrdbCoordinator](#crdbcoordinator) - * [CrdbWorker](#crdbworker) - * [ImageSpec](#imagespec) - * [IngressOrRouteSpec](#ingressorroutespec) - * [LDAPAuthenticationQuery](#ldapauthenticationquery) - * [LDAPAuthorizationQuery](#ldapauthorizationquery) - * [LDAPQuery](#ldapquery) - * [LDAPServer](#ldapserver) - * [LDAPSpec](#ldapspec) - * [LicenseStatus](#licensestatus) - * [ManagedAPIs](#managedapis) - * [MdnsServer](#mdnsserver) - * [Module](#module) - * [OcspConfiguration](#ocspconfiguration) - * [OcspStatus](#ocspstatus) - * [PdnsServer](#pdnsserver) - * [PersistenceStatus](#persistencestatus) - * [PersistentConfigurationSpec](#persistentconfigurationspec) - * [PropagateHost](#propagatehost) - * [RSClusterCertificates](#rsclustercertificates) - * [RedisEnterpriseCluster](#redisenterprisecluster) - * [RedisEnterpriseClusterList](#redisenterpriseclusterlist) - * [RedisEnterpriseClusterSpec](#redisenterpriseclusterspec) - * [RedisEnterpriseClusterStatus](#redisenterpriseclusterstatus) - * [RedisEnterpriseServicesConfiguration](#redisenterpriseservicesconfiguration) - * [RedisOnFlashSpec](#redisonflashspec) - * [S3Backup](#s3backup) - * [Saslauthd](#saslauthd) - * [Services](#services) - * [ServicesRiggerConfigurationSpec](#servicesriggerconfigurationspec) - * [SlaveHA](#slaveha) - * [StartingPolicy](#startingpolicy) - * [StatsArchiver](#statsarchiver) - * [UpgradeSpec](#upgradespec) -* [Enums](#enums) - * [ClusterState](#clusterstate) - * [IngressMethod](#ingressmethod) - * [LDAPProtocol](#ldapprotocol) - * [LDAPSearchScope](#ldapsearchscope) - * [OperatingMode](#operatingmode) - * [PvcStatus](#pvcstatus) - * [RedisOnFlashsStorageEngine](#redisonflashsstorageengine) - * [ServiceType](#servicetype) - * [SpecStatusName](#specstatusname) -## Objects - -### APIServiceSpec -Customization options for the REC API service. - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| type | Type of service to create for the REC API service. Defaults to ClusterIP service, if not specified otherwise. | *[ServiceType](#servicetype) | ClusterIP | false | -[Back to Table of Contents](#table-of-contents) - -### ActiveActive - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| method | Used to distinguish between different platforms implementation | [IngressMethod](#ingressmethod) | | true | -| apiIngressUrl | RS API URL | string | | true | -| dbIngressSuffix | DB ENDPOINT SUFFIX - will be used to set the db host ingress . Creates a host name so it should be unique if more than one db is created on the cluster with the same name | string | | true | -| ingressAnnotations | Used for ingress controllers such as ha-proxy or nginx in GKE | map[string]string | | false | -[Back to Table of Contents](#table-of-contents) - -### Backup - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| s3 | Configurations for backups to s3 and s3-compatible storage | *[S3Backup](#s3backup) | | false | -[Back to Table of Contents](#table-of-contents) - -### BundledDatabaseRedisVersions - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| version | | string | | true | -| major | | bool | | true | -[Back to Table of Contents](#table-of-contents) - -### BundledDatabaseVersions - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| dbType | | string | | true | -| version | | string | | true | -| major | | bool | | false | -[Back to Table of Contents](#table-of-contents) - -### ClusterCertificate - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| name | | string | | true | -| certificate | | string | | true | -| key | | string | | true | -[Back to Table of Contents](#table-of-contents) - -### CmServer - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| operatingMode | Whether to enable/disable the CM server | [OperatingMode](#operatingmode) | | true | -[Back to Table of Contents](#table-of-contents) - -### ContainerTimezoneSpec -Used to set the timezone across all redis enterprise containers - You can either propagate the hosts timezone to RS pods or set it manually via timezoneName. - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| propagateHost | Identifies that container timezone should be in sync with the host, this option mounts a hostPath volume onto RS pods that could be restricted in some systems. | *[PropagateHost](#propagatehost) | | false | -| timezoneName | POSIX-style timezone name as a string to be passed as EnvVar to RE pods, e.g. "Europe/London". | string | | false | -[Back to Table of Contents](#table-of-contents) - -### CrdbCoordinator - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| operatingMode | Whether to enable/disable the crdb coordinator process | [OperatingMode](#operatingmode) | | true | -[Back to Table of Contents](#table-of-contents) - -### CrdbWorker - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| operatingMode | Whether to enable/disable the crdb worker processes | [OperatingMode](#operatingmode) | | true | -[Back to Table of Contents](#table-of-contents) - -### ImageSpec -Image specification - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| repository | The repository (name) of the container image to be deployed. | string | | true | -| versionTag | The tag of the container image to be deployed. | string | | true | -| digestHash | The digest hash of the container image to pull. When specified, the container image is pulled according to the digest hash instead of the image tag. The versionTag field must also be specified with the image tag matching this digest hash. Note: This field is only supported for OLM deployments. | string | | false | -| imagePullPolicy | The image pull policy to be applied to the container image. One of Always, Never, IfNotPresent. | v1.PullPolicy | | true | -[Back to Table of Contents](#table-of-contents) - -### IngressOrRouteSpec - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| method | Used to distinguish between different platforms implementation. | [IngressMethod](#ingressmethod) | | true | -| apiFqdnUrl | RS API URL | string | | true | -| dbFqdnSuffix | DB ENDPOINT SUFFIX - will be used to set the db host ingress . Creates a host name so it should be unique if more than one db is created on the cluster with the same name | string | | true | -| ingressAnnotations | Additional annotations to set on ingress resources created by the operator | map[string]string | | false | -[Back to Table of Contents](#table-of-contents) - -### LDAPAuthenticationQuery -Configuration of LDAP authentication queries - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| template | Configuration for a template query. Mutually exclusive with the 'query' field. The substring '%u' will be replaced with the username, e.g., 'cn=%u,ou=dev,dc=example,dc=com'. | *string | | false | -| query | Configuration for a search query. Mutually exclusive with the 'template' field. The substring '%u' in the query filter will be replaced with the username. | *[LDAPQuery](#ldapquery) | | false | -[Back to Table of Contents](#table-of-contents) - -### LDAPAuthorizationQuery -Configuration of LDAP authorization queries - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| attribute | Configuration for an attribute query. Mutually exclusive with the 'query' field. Holds the name of an attribute of the LDAP user entity that contains a list of the groups that the user belongs to. e.g., 'memberOf'. | *string | | false | -| query | Configuration for a search query. Mutually exclusive with the 'attribute' field. The substring '%D' in the query filter will be replaced with the user's Distinguished Name. | *[LDAPQuery](#ldapquery) | | false | -[Back to Table of Contents](#table-of-contents) - -### LDAPQuery -Configuration for an LDAP search query. - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| base | The Distinguished Name of the entry at which to start the search, e.g., 'ou=dev,dc=example,dc=com'. | string | | true | -| filter | An RFC-4515 string representation of the filter to apply in the search. For an authentication query, the substring '%u' will be replaced with the username, e.g., '(cn=%u)'. For an authorization query, the substring '%D' will be replaced with the user's Distinguished Name, e.g., '(members=%D)'. | string | | true | -| scope | The search scope for an LDAP query. One of: BaseObject, SingleLevel, WholeSubtree | [LDAPSearchScope](#ldapsearchscope) | | true | -[Back to Table of Contents](#table-of-contents) - -### LDAPServer -Address of an LDAP server. - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| host | Host name of the LDAP server | string | | true | -| port | Port number of the LDAP server. If unspecified, defaults to 389 for LDAP and STARTTLS protocols, and 636 for LDAPS protocol. | *uint32 | | false | -[Back to Table of Contents](#table-of-contents) - -### LDAPSpec - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| protocol | Specifies the LDAP protocol to use. One of: LDAP, LDAPS, STARTTLS. | [LDAPProtocol](#ldapprotocol) | | true | -| servers | One or more LDAP servers. If multiple servers are specified, they must all share an identical organization tree structure. | [][LDAPServer](#ldapserver) | | true | -| bindCredentialsSecretName | Name of a secret within the same namespace, holding the credentials used to communicate with the LDAP server for authentication queries. The secret must have a key named 'dn' with the Distinguished Name of the user to execute the query, and 'password' with its password. If left blank, credentials-based authentication is disabled. | *string | | false | -| caCertificateSecretName | Name of a secret within the same namespace, holding a PEM-encoded CA certificate for validating the TLS connection to the LDAP server. The secret must have a key named 'cert' with the certificate data. This field is applicable only when the protocol is LDAPS or STARTTLS. | *string | | false | -| enabledForControlPlane | Whether to enable LDAP for control plane access. Disabled by default. | bool | | false | -| enabledForDataPlane | Whether to enable LDAP for data plane access. Disabled by default. | bool | | false | -| cacheTTLSeconds | The maximum TTL of cached entries. | *int | | false | -| authenticationQuery | Configuration of authentication queries, mapping between the username, provided to the cluster for authentication, and the LDAP Distinguished Name. | [LDAPAuthenticationQuery](#ldapauthenticationquery) | | true | -| authorizationQuery | Configuration of authorization queries, mapping between a user's Distinguished Name and its group memberships. | [LDAPAuthorizationQuery](#ldapauthorizationquery) | | true | -[Back to Table of Contents](#table-of-contents) - -### LicenseStatus - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| licenseState | Is the license expired | string | | true | -| activationDate | When the license was activated | string | | true | -| expirationDate | When the license will\has expired | string | | true | -| shardsLimit | Number of redis shards allowed under this license | int32 | | true | -[Back to Table of Contents](#table-of-contents) - -### ManagedAPIs -Indicates cluster APIs that are being managed by the operator. This only applies to cluster APIs which are optionally-managed by the operator, such as cluster LDAP configuration. Most other APIs are automatically managed by the operator, and are not listed here. - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| ldap | Indicate whether cluster LDAP configuration is managed by the operator. When this is enabled, the operator will reconcile the cluster LDAP configuration according to the '.spec.ldap' field in the RedisEnterpriseCluster resource. | *bool | | false | -[Back to Table of Contents](#table-of-contents) - -### MdnsServer - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| operatingMode | Whether to enable/disable the Multicast DNS server | [OperatingMode](#operatingmode) | | true | -[Back to Table of Contents](#table-of-contents) - -### Module - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| name | | string | | true | -| displayName | | string | | true | -| versions | | []string | | true | -[Back to Table of Contents](#table-of-contents) - -### OcspConfiguration -An API object that represents the cluster's OCSP configuration - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| ocspFunctionality | Whether to enable/disable OCSP mechanism for the cluster. | *bool | | false | -| queryFrequency | Determines the interval (in seconds) in which the control plane will poll the OCSP responder for a new status for the server certificate. Minimum value is 60. Maximum value is 86400. | *int | | false | -| responseTimeout | Determines the time interval (in seconds) for which the request waits for a response from the OCSP responder. Minimum value is 1. Maximum value is 60. | *int | | false | -| recoveryFrequency | Determines the interval (in seconds) in which the control plane will poll the OCSP responder for a new status for the server certificate when the current staple is invalid. Minimum value is 60. Maximum value is 86400. | *int | | false | -| recoveryMaxTries | Determines the maximum number for the OCSP recovery attempts. After max number of tries passed, the control plane will revert back to the regular frequency. Minimum value is 1. Maximum value is 100. | *int | | false | -[Back to Table of Contents](#table-of-contents) - -### OcspStatus -An API object that represents the cluster's OCSP status - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| responderUrl | The OCSP responder url from which this status came from. | string | | false | -| certStatus | Indicates the proxy certificate status - GOOD/REVOKED/UNKNOWN. | string | | false | -| producedAt | The time at which the OCSP responder signed this response. | string | | false | -| thisUpdate | The most recent time at which the status being indicated is known by the responder to have been correct. | string | | false | -| nextUpdate | The time at or before which newer information will be available about the status of the certificate (if available) | string | | false | -| revocationTime | The time at which the certificate was revoked or placed on hold. | string | | false | -[Back to Table of Contents](#table-of-contents) - -### PdnsServer - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| operatingMode | Whether to enable/disable the pdns server | [OperatingMode](#operatingmode) | | true | -[Back to Table of Contents](#table-of-contents) - -### PersistenceStatus - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| status | The current status of the PVCs | [PvcStatus](#pvcstatus) | | false | -| succeeded | The number of PVCs that are provisioned with the expected size | string | | false | -[Back to Table of Contents](#table-of-contents) - -### PersistentConfigurationSpec -Specification for Redis Enterprise Cluster persistence - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| enabled | Whether to add persistent volume to Redis Enterprise pods | *bool | True | true | -| storageClassName | Storage class for persistent volume in Redis Enterprise pods. Leave empty to use the default. If using the default this way, make sure the Kubernetes Cluster has a default Storage Class configured. This can be done by running a `kubectl get storageclass` and see if one of the Storage Classes' names contains a `(default)` mark. | string | | true | -| volumeSize | To enable resizing after creating the cluster - please follow the instructions in the pvc_expansion readme | resource.Quantity | | true | -| enablePersistentVolumeResize | Whether to enable PersistentVolumes resize. Disabled by default. Read the instruction in pvc_expansion readme carefully before using this feature. | *bool | | false | -[Back to Table of Contents](#table-of-contents) - -### PropagateHost -Used to specify that the timezone is configured to match the host machine timezone. - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -[Back to Table of Contents](#table-of-contents) - -### RSClusterCertificates - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| apiCertificateSecretName | Secret name to use for cluster's API certificate. If left blank, a cluster-provided certificate will be used. | string | | false | -| cmCertificateSecretName | Secret name to use for cluster's CM (Cluster Manager) certificate. If left blank, a cluster-provided certificate will be used. | string | | false | -| metricsExporterCertificateSecretName | Secret name to use for cluster's Metrics Exporter certificate. If left blank, a cluster-provided certificate will be used. | string | | false | -| proxyCertificateSecretName | Secret name to use for cluster's Proxy certificate. If left blank, a cluster-provided certificate will be used. | string | | false | -| syncerCertificateSecretName | Secret name to use for cluster's Syncer certificate. If left blank, a cluster-provided certificate will be used. | string | | false | -| ldapClientCertificateSecretName | Secret name to use for cluster's LDAP client certificate. If left blank, LDAP client certificate authentication will be disabled. | string | | false | -[Back to Table of Contents](#table-of-contents) - -### RedisEnterpriseCluster -RedisEnterpriseCluster is the Schema for the redisenterpriseclusters API - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#objectmeta-v1-meta) | | false | -| spec | | [RedisEnterpriseClusterSpec](#redisenterpriseclusterspec) | | false | -| status | | [RedisEnterpriseClusterStatus](#redisenterpriseclusterstatus) | | false | -[Back to Table of Contents](#table-of-contents) - -### RedisEnterpriseClusterList -RedisEnterpriseClusterList contains a list of RedisEnterpriseCluster - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#listmeta-v1-meta) | | false | -| items | | [][RedisEnterpriseCluster](#redisenterprisecluster) | | true | -[Back to Table of Contents](#table-of-contents) - -### RedisEnterpriseClusterSpec -RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| nodes | Number of Redis Enterprise nodes (pods) | int32 | 3 | true | -| serviceAccountName | Name of the service account to use | string | RedisEnterpriseCluster's name | false | -| createServiceAccount | Whether to create service account | *bool | True | false | -| uiServiceType | Type of service used to expose Redis Enterprise UI (https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) | *v1.ServiceType | ClusterIP | false | -| uiAnnotations | Annotations for Redis Enterprise UI service | map[string]string | | false | -| servicesRiggerSpec | Specification for service rigger | *[ServicesRiggerConfigurationSpec](#servicesriggerconfigurationspec) | | false | -| redisEnterpriseAdditionalPodSpecAttributes | ADVANCED USAGE USE AT YOUR OWN RISK - specify pod attributes that are required for the statefulset - Redis Enterprise pods. Pod attributes managed by the operator might override these settings. Also make sure the attributes are supported by the K8s version running on the cluster - the operator does not validate that. | *[v1.PodSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#podspec-v1-core) | | false | -| license | Redis Enterprise License | string | Empty string which is a [Trial Mode licesne](https://docs.redislabs.com/latest/rs/administering/cluster-operations/settings/license-keys/#trial-mode) | false | -| licenseSecretName | K8s secret or Vault Secret Name/Path to use for Cluster License. When left blank, the license is read from the "license" field. Note that you can't specify non-empty values in both "license" and "licenseSecretName", only one of these fields can be used to pass the license string. The license needs to be stored under the key "license". | string | Empty string | false | -| username | Username for the admin user of Redis Enterprise | string | demo@redis.com | false | -| nodeSelector | Selector for nodes that could fit Redis Enterprise pod | *map[string]string | | false | -| redisEnterpriseImageSpec | Specification for Redis Enterprise container image | *[ImageSpec](#imagespec) | the default Redis Enterprise image for this version | false | -| redisEnterpriseServicesRiggerImageSpec | Specification for Services Rigger container image | *[ImageSpec](#imagespec) | the default Services Rigger image for this version | false | -| bootstrapperImageSpec | Specification for Bootstrapper container image | *[ImageSpec](#imagespec) | the default Bootstrapper image for this version | false | -| redisEnterpriseNodeResources | Compute resource requirements for Redis Enterprise containers | *[v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#resourcerequirements-v1-core) | 2 CPUs and 4GB memory | false | -| bootstrapperResources | Compute resource requirements for bootstrapper containers | *[v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#resourcerequirements-v1-core) | 0.1 CPUs and 128Mi memory | false | -| redisEnterpriseServicesRiggerResources | Compute resource requirements for Services Rigger pod | *[v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#resourcerequirements-v1-core) | 0.5 CPU and 0.5GB memory | false | -| pullSecrets | PullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | [][v1.LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#localobjectreference-v1-core) | empty | false | -| persistentSpec | Specification for Redis Enterprise Cluster persistence | [PersistentConfigurationSpec](#persistentconfigurationspec) | | false | -| sideContainersSpec | Specification for a side container that will be added to each Redis Enterprise pod | []v1.Container | empty | false | -| extraLabels | Labels that the user defines for their convenience. Note that Persistent Volume Claims would only be labeled with the extra labels specified during the cluster's creation (modifying this field when the cluster is running won't affect the Persistent Volume | map[string]string | empty | false | -| podAntiAffinity | Override for the default anti-affinity rules of the Redis Enterprise pods | *v1.PodAntiAffinity | | false | -| antiAffinityAdditionalTopologyKeys | Additional antiAffinity terms in order to support installation on different zones/vcenters | []string | | false | -| activeActive | Specification for ActiveActive setup. At most one of ingressOrRouteSpec or activeActive fields can be set at the same time. | *[ActiveActive](#activeactive) | | false | -| upgradeSpec | Specification for upgrades of Redis Enterprise | *[UpgradeSpec](#upgradespec) | | false | -| podSecurityPolicyName | DEPRECATED PodSecurityPolicy support is removed in Kubernetes v1.25 and the use of this field is invalid for use when running on Kubernetes v1.25+. Future versions of the RedisEnterpriseCluster API will remove support for this field altogether. For migration instructions, see https://kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp/\n\nName of pod security policy to use on pods | string | empty | false | -| enforceIPv4 | Sets ENFORCE_IPV4 environment variable | *bool | False | false | -| clusterRecovery | ClusterRecovery initiates cluster recovery when set to true. Note that this field is cleared automatically after the cluster is recovered | *bool | | false | -| rackAwarenessNodeLabel | Node label that specifies rack ID - if specified, will create rack aware cluster. Rack awareness requires node label must exist on all nodes. Additionally, operator needs a special cluster role with permission to list nodes. | string | | false | -| priorityClassName | Adds the priority class to pods managed by the operator | string | | false | -| hostAliases | Adds hostAliases entries to the Redis Enterprise pods | []v1.HostAlias | | false | -| volumes | additional volumes | [][v1.Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#volume-v1-core) | | false | -| redisEnterpriseVolumeMounts | additional volume mounts within the redis enterprise containers | [][v1.VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#volumemount-v1-core) | | false | -| podAnnotations | annotations for the service rigger and redis enterprise pods | map[string]string | | false | -| redisEnterprisePodAnnotations | annotations for redis enterprise pod | map[string]string | | false | -| podTolerations | Tolerations that are added to all managed pods. for more information: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | [][v1.Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#toleration-v1-core) | empty | false | -| slaveHA | Slave high availability mechanism configuration. | *[SlaveHA](#slaveha) | | false | -| clusterCredentialSecretName | Secret Name/Path to use for Cluster Credentials. To be used only if ClusterCredentialSecretType is vault. If left blank, will use cluster name. | string | | false | -| clusterCredentialSecretType | Type of Secret to use for ClusterCredential: vault, kubernetes,... If left blank, will default to kubernetes secrets | string | | true | -| clusterCredentialSecretRole | Used only if ClusterCredentialSecretType is vault, to define vault role to be used. If blank, defaults to "redis-enterprise-rec" | string | | true | -| vaultCASecret | K8s secret name containing Vault's CA cert - defaults to "vault-ca-cert" | string | | false | -| redisEnterpriseServicesConfiguration | RS Cluster optional services settings. Notes: When disabling the CM Server service, the cluster's UI Service will be removed from the k8s cluster. Also the saslauthd entry is deprecated and will be removed (the service was already removed from the cluster and is always disabled). | *[RedisEnterpriseServicesConfiguration](#redisenterpriseservicesconfiguration) | | false | -| dataInternodeEncryption | Internode encryption (INE) cluster wide policy. An optional boolean setting. Specifies if INE should be on/off for new created REDBs. May be overridden for specific REDB via similar setting, please view the similar setting for REDB for more info. | *bool | | false | -| redisUpgradePolicy | Redis upgrade policy to be set on the Redis Enterprise Cluster. Possible values: major/latest This value is used by the cluster to choose the Redis version of the database when an upgrade is performed. The Redis Enterprise Cluster includes multiple versions of OSS Redis that can be used for databases. | string | | false | -| certificates | RS Cluster Certificates. Used to modify the certificates used by the cluster. See the "RSClusterCertificates" struct described above to see the supported certificates. | *[RSClusterCertificates](#rsclustercertificates) | | false | -| podStartingPolicy | Mitigation setting for STS pods stuck in "ContainerCreating" | *[StartingPolicy](#startingpolicy) | | false | -| redisEnterpriseTerminationGracePeriodSeconds | The TerminationGracePeriodSeconds value for the (STS created) REC pods. Note that pods should not be taken down intentionally by force. Because clean pod shutdown is essential to prevent data loss, the default value is intentionally large (1 year). When data loss is acceptable (such as pure caching configurations), a value of a few minutes may be acceptable. | *int64 | 31536000 | false | -| redisOnFlashSpec | Stores configurations specific to redis on flash. If provided, the cluster will be capable of creating redis on flash databases. | *[RedisOnFlashSpec](#redisonflashspec) | | false | -| ocspConfiguration | An API object that represents the cluster's OCSP configuration. To enable OCSP, the cluster's proxy certificate should contain the OCSP responder URL. | *[OcspConfiguration](#ocspconfiguration) | | false | -| encryptPkeys | Private key encryption Possible values: true/false | *bool | | false | -| redisEnterpriseIPFamily | When the operator is running in a dual-stack environment (both IPv4 and IPv6 network interfaces are available), specifies the IP family of the network interface that will be used by the Redis Enterprise Cluster, as well as services created by the operator (API, UI, Prometheus services). | v1.IPFamily | | false | -| containerTimezone | Container timezone configuration. While the default timezone on all containers is UTC, this setting can be used to set the timezone on services rigger/bootstrapper/RS containers. Currently the only supported value is to propagate the host timezone to all containers. | *[ContainerTimezoneSpec](#containertimezonespec) | | false | -| ingressOrRouteSpec | Access configurations for the Redis Enterprise Cluster and Databases. At most one of ingressOrRouteSpec or activeActive fields can be set at the same time. | *[IngressOrRouteSpec](#ingressorroutespec) | | false | -| services | Customization options for operator-managed service resources created for Redis Enterprise clusters and databases | *[Services](#services) | | false | -| ldap | Cluster-level LDAP configuration, such as server addresses, protocol, authentication and query settings. | *[LDAPSpec](#ldapspec) | | false | -| extraEnvVars | ADVANCED USAGE: use carefully. Add environment variables to RS StatefulSet's containers. | []v1.EnvVar | | false | -| resp3Default | Whether databases will turn on RESP3 compatibility upon database upgrade. Note - Deleting this property after explicitly setting its value shall have no effect. Please view the corresponding field in RS doc for more info. | *bool | | false | -| backup | Cluster-wide backup configurations | *[Backup](#backup) | | false | -[Back to Table of Contents](#table-of-contents) - -### RedisEnterpriseClusterStatus -RedisEnterpriseClusterStatus defines the observed state of RedisEnterpriseCluster - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| state | State of Redis Enterprise Cluster | [ClusterState](#clusterstate) | | true | -| specStatus | Validity of Redis Enterprise Cluster specification | [SpecStatusName](#specstatusname) | | true | -| modules | Modules Available in Cluster | [][Module](#module) | | false | -| licenseStatus | State of the Cluster's License | *[LicenseStatus](#licensestatus) | | false | -| bundledDatabaseVersions | Versions of open source databases bundled by Redis Enterprise Software - please note that in order to use a specific version it should be supported by the ‘upgradePolicy’ - ‘major’ or ‘latest’ according to the desired version (major/minor) | []*[BundledDatabaseVersions](#bundleddatabaseversions) | | false | -| ocspStatus | An API object that represents the cluster's OCSP status | *[OcspStatus](#ocspstatus) | | false | -| managedAPIs | Indicates cluster APIs that are being managed by the operator. This only applies to cluster APIs which are optionally-managed by the operator, such as cluster LDAP configuration. Most other APIs are automatically managed by the operator, and are not listed here. | *[ManagedAPIs](#managedapis) | | false | -| ingressOrRouteMethodStatus | The ingressOrRouteSpec/ActiveActive spec method that exist | [IngressMethod](#ingressmethod) | | false | -| redisEnterpriseIPFamily | The chosen IP family of the cluster if was specified in REC spec. | v1.IPFamily | | false | -| persistenceStatus | The status of the Persistent Volume Claims that are used for Redis Enterprise Cluster persistence. The status will correspond to the status of one or more of the PVCs (failed/resizing if one of them is in resize or failed to resize) | [PersistenceStatus](#persistencestatus) | | false | -[Back to Table of Contents](#table-of-contents) - -### RedisEnterpriseServicesConfiguration - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| mdnsServer | | *[MdnsServer](#mdnsserver) | | false | -| cmServer | | *[CmServer](#cmserver) | | false | -| statsArchiver | | *[StatsArchiver](#statsarchiver) | | false | -| saslauthd | | *[Saslauthd](#saslauthd) | | false | -| pdnsServer | | *[PdnsServer](#pdnsserver) | | false | -| crdbCoordinator | | *[CrdbCoordinator](#crdbcoordinator) | | false | -| crdbWorker | | *[CrdbWorker](#crdbworker) | | false | -[Back to Table of Contents](#table-of-contents) - -### RedisOnFlashSpec -RedisOnFlashSpec contains all the parameters needed to configure in order to enable creation of redis on flash databases. - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| enabled | Indicates whether RoF is turned on or not. | bool | | true | -| flashStorageEngine | The type of DB engine used on flash. This field is DEPRECATED, if you wish to change the driver from RocksDB to Speedb use bigStoreDriver | [RedisOnFlashsStorageEngine](#redisonflashsstorageengine) | | false | -| storageClassName | Used to identify the storage class name of the corresponding volume claim template. | string | | true | -| flashDiskSize | Required flash disk size. | resource.Quantity | | false | -| bigStoreDriver | Used to change the bigstore_driver when REC is up and running. | [RedisOnFlashsStorageEngine](#redisonflashsstorageengine) | | false | -[Back to Table of Contents](#table-of-contents) - -### S3Backup - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| url | Specifies the URL for S3 export and import | string | | false | -| caCertificateSecretName | Secret name that holds the S3 CA certificate, which contains the TLS certificate mapped to the key in the secret 'cert' | string | | false | -[Back to Table of Contents](#table-of-contents) - -### Saslauthd - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| operatingMode | Whether to enable/disable the saslauthd service | [OperatingMode](#operatingmode) | | true | -[Back to Table of Contents](#table-of-contents) - -### Services -Customization options for operator-managed service resources created for Redis Enterprise clusters and databases - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| servicesAnnotations | Global additional annotations to set on service resources created by the operator. The specified annotations will not override annotations that already exist and didn't originate from the operator. | map[string]string | | false | -| apiService | Customization options for the REC API service. | *[APIServiceSpec](#apiservicespec) | | false | -[Back to Table of Contents](#table-of-contents) - -### ServicesRiggerConfigurationSpec -Specification for service rigger - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| databaseServiceType | Service types for access to databases. should be a comma separated list. The possible values are cluster_ip, headless and load_balancer. | string | cluster_ip,headless | true | -| serviceNaming | Used to determine how to name the services created automatically when a database is created. When bdb_name is used, the database name will be also used for the service name. When redis-port is used, the service will be named redis- | string | bdb_name | true | -| extraEnvVars | | []v1.EnvVar | | false | -| servicesRiggerAdditionalPodSpecAttributes | ADVANCED USAGE USE AT YOUR OWN RISK - specify pod attributes that are required for the rigger deployment pod. Pod attributes managed by the operator might override these settings (Containers, serviceAccountName, podTolerations, ImagePullSecrets, nodeSelector, PriorityClassName, PodSecurityContext). Also make sure the attributes are supported by the K8s version running on the cluster - the operator does not validate that. | *[v1.PodSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#podspec-v1-core) | | false | -| podAnnotations | annotations for the service rigger pod | map[string]string | | false | -[Back to Table of Contents](#table-of-contents) - -### SlaveHA - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| slaveHAGracePeriod | Time in seconds between when a node fails, and when slave high availability mechanism starts relocating shards. If set to 0, will not affect cluster configuration. | *uint32 | 1800 | true | -[Back to Table of Contents](#table-of-contents) - -### StartingPolicy - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| enabled | Whether to detect and attempt to mitigate pod startup issues | *bool | False | true | -| startingThresholdSeconds | Time in seconds to wait for a pod to be stuck while starting up before action is taken. If set to 0, will be treated as if disabled. | *uint32 | 540 | true | -[Back to Table of Contents](#table-of-contents) - -### StatsArchiver - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| operatingMode | Whether to enable/disable the stats archiver service | [OperatingMode](#operatingmode) | | true | -[Back to Table of Contents](#table-of-contents) - -### UpgradeSpec -Specification for upgrades of Redis Enterprise - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| autoUpgradeRedisEnterprise | Whether to upgrade Redis Enterprise automatically when operator is upgraded | bool | | true | -[Back to Table of Contents](#table-of-contents) -## Enums - -### ClusterState -State of the Redis Enterprise Cluster - -| Value | Description | -| ----- | ----------- | -| "PendingCreation" | ClusterPendingCreate means cluster is not created yet | -| "BootstrappingFirstPod" | Bootstrapping first pod | -| "Initializing" | ClusterInitializing means the cluster was created and nodes are in the process of joining the cluster | -| "RecoveryReset" | ClusterRecoveryReset resets the cluster by deleting all pods | -| "RecoveringFirstPod" | ClusterRecoveringFirstPod means the cluster entered cluster recovery | -| "Running" | ClusterRunning means the cluster's sub-resources have been created and are in running state | -| "Error" | ClusterError means the there was an error when starting creating/updating the one or more of the cluster's resources | -| "Invalid" | ClusterConfigurationInvalid means an invalid spec was applied | -| "InvalidUpgrade" | ClusterInvalidUpgrade means an upgrade is not possible at this time | -| "Upgrade" | ClusterUpgrade | -| "Deleting" | ClusterDeleting | -| "ClusterRecreating" | ClusterRecreating - similar to ClusterRecoveryReset - delete all pods before recreation of the cluster. | -[Back to Table of Contents](#table-of-contents) - -### IngressMethod -Used to distinguish between different platforms implementation - -| Value | Description | -| ----- | ----------- | -| "openShiftRoute" | Routes are only usable in OpenShift | -| "ingress" | See https://kubernetes.io/docs/concepts/services-networking/ingress/ | -| "istio" | Ingress implemented via Istio | -[Back to Table of Contents](#table-of-contents) - -### LDAPProtocol -The transport protocol used for LDAP. - -| Value | Description | -| ----- | ----------- | -| "LDAP" | Plain unencrypted LDAP protocol | -| "LDAPS" | LDAP over SSL | -| "STARTTLS" | LDAP over TLS | -[Back to Table of Contents](#table-of-contents) - -### LDAPSearchScope -The search scope for an LDAP query. - -| Value | Description | -| ----- | ----------- | -| "BaseObject" | Specifies that search should only be performed against the entry specified as the search base DN. | -| "SingleLevel" | Specifies that search should only be performed against entries that are immediate subordinates of the entry specified as the search base DN. | -| "WholeSubtree" | Specifies that the search should be performed against the search base and all entries below. | -[Back to Table of Contents](#table-of-contents) - -### OperatingMode - -| Value | Description | -| ----- | ----------- | -| "enabled" | | -| "disabled" | | -[Back to Table of Contents](#table-of-contents) - -### PvcStatus - -| Value | Description | -| ----- | ----------- | -| "Provisioned" | | -| "Provisioning" | | -| "Resizing" | | -| "ResizeFailed" | | -[Back to Table of Contents](#table-of-contents) - -### RedisOnFlashsStorageEngine - -| Value | Description | -| ----- | ----------- | -| "rocksdb" | | -| "speedb" | | -[Back to Table of Contents](#table-of-contents) - -### ServiceType -ServiceType determines how the service is exposed in the cluster. - -| Value | Description | -| ----- | ----------- | -| "ClusterIP" | ClusterIP service provides access via a cluster-internal IP address. | -| "NodePort" | NodePort service provides access via a dedicated port exposed on every cluster node. | -| "LoadBalancer" | LoadBalancer service provides access via an external load balancer provided by the cloud provider platform. | -[Back to Table of Contents](#table-of-contents) - -### SpecStatusName -Whether the REC specification is valid (custom resource) - -| Value | Description | -| ----- | ----------- | -| "Invalid" | Specification status invalid | -| "Valid" | Specification status valid | -[Back to Table of Contents](#table-of-contents) diff --git a/redis_enterprise_database_api.md b/redis_enterprise_database_api.md deleted file mode 100644 index 2386239..0000000 --- a/redis_enterprise_database_api.md +++ /dev/null @@ -1,371 +0,0 @@ -# Redis Enterprise Database API -This document describes the parameters for the Redis Enterprise Database custom resource -> Note this document is auto-generated from code comments. To contribute a change please change the code comments. -## Table of Contents -* [Objects](#objects) - * [ActiveActiveInfo](#activeactiveinfo) - * [AzureBlobStorage](#azureblobstorage) - * [BackupInfo](#backupinfo) - * [BackupSpec](#backupspec) - * [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) - * [DBUpgradeSpec](#dbupgradespec) - * [DbAlertsSettings](#dbalertssettings) - * [DbModule](#dbmodule) - * [FtpStorage](#ftpstorage) - * [GoogleStorage](#googlestorage) - * [InternalEndpoint](#internalendpoint) - * [MountPointStorage](#mountpointstorage) - * [RedisEnterpriseConnection](#redisenterpriseconnection) - * [RedisEnterpriseDatabase](#redisenterprisedatabase) - * [RedisEnterpriseDatabaseList](#redisenterprisedatabaselist) - * [RedisEnterpriseDatabaseSpec](#redisenterprisedatabasespec) - * [RedisEnterpriseDatabaseStatus](#redisenterprisedatabasestatus) - * [ReplicaSource](#replicasource) - * [ReplicaSourceStatus](#replicasourcestatus) - * [RolePermission](#rolepermission) - * [S3Storage](#s3storage) - * [SftpStorage](#sftpstorage) - * [SwiftStorage](#swiftstorage) -* [Enums](#enums) - * [DatabasePersistence](#databasepersistence) - * [DatabaseStatus](#databasestatus) - * [DatabaseType](#databasetype) - * [ReplicaSourceType](#replicasourcetype) - * [RolePermissionType](#rolepermissiontype) -## Objects - -### ActiveActiveInfo -Connection/ association for Active-Active database related resources. - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| name | The the corresponding Active-Active database name, Redis Enterprise Active Active Database custom resource name, this Resource is associated with. In case this resource is created manually at the active active database creation this field must be filled via the user, otherwise, the operator will assign this field automatically. Note: this feature is currently unsupported. | string | | true | -| participatingClusterName | The corresponding participating cluster name, Redis Enterprise Remote Cluster custom resource name, in the Active-Active database, In case this resource is created manually at the active active database creation this field must be filled via the user, otherwise, the operator will assign this field automatically. Note: this feature is currently unsupported. | string | | true | -[Back to Table of Contents](#table-of-contents) - -### AzureBlobStorage - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| absSecretName | The name of the secret that holds ABS credentials. The secret must contain the keys "AccountName" and "AccountKey", and these must hold the corresponding credentials | string | | true | -| container | Azure Blob Storage container name. | string | | true | -| subdir | Optional. Azure Blob Storage subdir under container. | string | empty | false | -[Back to Table of Contents](#table-of-contents) - -### BackupInfo - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| backupFailureReason | Reason of last failed backup process | *string | | false | -| backupHistory | Backup history retention policy (number of days, 0 is forever) | *int | | false | -| backupInterval | Interval in seconds in which automatic backup will be initiated | *int | | false | -| backupIntervalOffset | Offset (in seconds) from round backup interval when automatic backup will be initiated (should be less than backup_interval) | *int | | false | -| backupProgressPercentage | Database scheduled periodic backup progress (percentage) | *int | | false | -| backupStatus | Status of scheduled periodic backup process | *string | | false | -| lastBackupTime | Time of last successful backup | *string | | false | -[Back to Table of Contents](#table-of-contents) - -### BackupSpec -The various backup storage options are validated to be mutually exclusive, although for technical reasons, the relevant error is not very clear and indicates a conflict in the specified storage type. - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| interval | Backup Interval in seconds | int | 86400 | false | -| ftp | | *[FtpStorage](#ftpstorage) | | false | -| s3 | | *[S3Storage](#s3storage) | | false | -| abs | | *[AzureBlobStorage](#azureblobstorage) | | false | -| swift | | *[SwiftStorage](#swiftstorage) | | false | -| sftp | | *[SftpStorage](#sftpstorage) | | false | -| gcs | | *[GoogleStorage](#googlestorage) | | false | -| mount | | *[MountPointStorage](#mountpointstorage) | | false | -[Back to Table of Contents](#table-of-contents) - -### BdbAlertSettingsWithThreshold -Threshold for database alert - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| enabled | Alert enabled or disabled | bool | | true | -| threshold | Threshold for alert going on/off | string | | true | -[Back to Table of Contents](#table-of-contents) - -### DBUpgradeSpec - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| upgradeModulesToLatest | Upgrades the modules to the latest version that supportes the DB version during a DB upgrade action, to upgrade the DB version view the 'redisVersion' field. Notes - All modules must be without specifing the version. in addition, This field is currently not supported for Active-Active databases. | *bool | | true | -[Back to Table of Contents](#table-of-contents) - -### DbAlertsSettings -DbAlertsSettings An API object that represents the database alerts configuration. - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| bdb_backup_delayed | Periodic backup has been delayed for longer than specified threshold value [minutes] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_crdt_src_high_syncer_lag | Active-active source - sync lag is higher than specified threshold value [seconds] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_crdt_src_syncer_connection_error | Active-active source - sync has connection error while trying to connect replica source | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_crdt_src_syncer_general_error | Active-active source - sync encountered in general error | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_high_latency | Latency is higher than specified threshold value [micro-sec] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_high_throughput | Throughput is higher than specified threshold value [requests / sec.] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_long_running_action | An alert for state-machines that are running for too long | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_low_throughput | Throughput is lower than specified threshold value [requests / sec.] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_ram_dataset_overhead | Dataset RAM overhead of a shard has reached the threshold value [% of its RAM limit] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_ram_values | Percent of values kept in a shard's RAM is lower than [% of its key count] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_replica_src_high_syncer_lag | Replica-of source - sync lag is higher than specified threshold value [seconds] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_replica_src_syncer_connection_error | Replica-of source - sync has connection error while trying to connect replica source | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_shard_num_ram_values | Number of values kept in a shard's RAM is lower than [values] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_size | Dataset size has reached the threshold value [% of the memory limit] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -[Back to Table of Contents](#table-of-contents) - -### DbModule -Redis Enterprise Module: https://redislabs.com/redis-enterprise/modules/ - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| name | The module's name e.g "ft" for redissearch | string | | true | -| version | Module's semantic version e.g "1.6.12" - optional only in REDB, must be set in REAADB | string | | false | -| config | Module command line arguments e.g. VKEY_MAX_ENTITY_COUNT 30 | string | | false | -[Back to Table of Contents](#table-of-contents) - -### FtpStorage - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| url | a URI of the "ftps://[USER[:PASSWORD]@]HOST[:PORT]/PATH[/]" format | string | | true | -[Back to Table of Contents](#table-of-contents) - -### GoogleStorage -GoogleStorage - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| gcsSecretName | The name of the secret that holds the Google Cloud Storage credentials. The secret must contain the keys "CLIENT_ID", "PRIVATE_KEY", "PRIVATE_KEY_ID", "CLIENT_EMAIL" and these must hold the corresponding credentials. The keys should correspond to the values in the key JSON. | string | | true | -| bucketName | Google Storage bucket name. | string | | true | -| subdir | Optional. Google Storage subdir under bucket. | string | empty | false | -[Back to Table of Contents](#table-of-contents) - -### InternalEndpoint - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| host | Hostname assigned to the database | string | | false | -| port | Database port name | int | | false | -[Back to Table of Contents](#table-of-contents) - -### MountPointStorage -MountPointStorage - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| path | Path to the local mount point. You must create the mount point on all nodes, and the redislabs:redislabs user must have read and write permissions on the local mount point. | string | | true | -[Back to Table of Contents](#table-of-contents) - -### RedisEnterpriseConnection -Connection between a database, and Its Redis Enterprise Cluster - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| name | The name of the Redis Enterprise Cluster where the database should be stored. | string | | true | -[Back to Table of Contents](#table-of-contents) - -### RedisEnterpriseDatabase -RedisEnterpriseDatabase is the Schema for the redisenterprisedatabases API - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#objectmeta-v1-meta) | | false | -| spec | | [RedisEnterpriseDatabaseSpec](#redisenterprisedatabasespec) | | false | -| status | | [RedisEnterpriseDatabaseStatus](#redisenterprisedatabasestatus) | | false | -[Back to Table of Contents](#table-of-contents) - -### RedisEnterpriseDatabaseList -RedisEnterpriseDatabaseList contains a list of RedisEnterpriseDatabase - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#listmeta-v1-meta) | | false | -| items | | [][RedisEnterpriseDatabase](#redisenterprisedatabase) | | true | -[Back to Table of Contents](#table-of-contents) - -### RedisEnterpriseDatabaseSpec -RedisEnterpriseDatabaseSpec defines the desired state of RedisEnterpriseDatabase - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| redisEnterpriseCluster | Connection to Redis Enterprise Cluster | *[RedisEnterpriseConnection](#redisenterpriseconnection) | | false | -| memorySize | memory size of database. use formats like 100MB, 0.1GB. minimum value in 100MB. When redis on flash (RoF) is enabled, this value refers to RAM+Flash memory, and it must not be below 1GB. | string | 100MB | false | -| rackAware | Whether database should be rack aware. This improves availability - more information: https://docs.redislabs.com/latest/rs/concepts/high-availability/rack-zone-awareness/ | *bool | | false | -| shardCount | Number of database server-side shards | uint16 | 1 | false | -| replication | In-memory database replication. When enabled, database will have replica shard for every master - leading to higher availability. Defaults to false. | *bool | false | false | -| persistence | Database on-disk persistence policy | *[DatabasePersistence](#databasepersistence) | disabled | false | -| databaseSecretName | The name of the secret that holds the password to the database (redis databases only). If secret does not exist, it will be created. To define the password, create an opaque secret and set the name in the spec. The password will be taken from the value of the 'password' key. Use an empty string as value within the secret to disable authentication for the database. Notes - For Active-Active databases this secret will not be automatically created, and also, memcached databases must not be set with a value, and a secret/password will not be automatically created for them. Use the memcachedSaslSecretName field to set authentication parameters for memcached databases. | string | | false | -| evictionPolicy | Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/ | string | volatile-lru | false | -| tlsMode | Require SSL authenticated and encrypted connections to the database. enabled - all incoming connections to the Database must use SSL. disabled - no incoming connection to the Database should use SSL. replica_ssl - databases that replicate from this one need to use SSL. | string | disabled | false | -| clientAuthenticationCertificates | The Secrets containing TLS Client Certificate to use for Authentication | []string | | false | -| replicaSources | What databases to replicate from | [][ReplicaSource](#replicasource) | | false | -| alertSettings | Settings for database alerts | *[DbAlertsSettings](#dbalertssettings) | | false | -| backup | Target for automatic database backups. | *[BackupSpec](#backupspec) | | false | -| modulesList | List of modules associated with database. Note - For Active-Active databases this feature is currently in preview. For this feature to take effect for Active-Active databases, set a boolean environment variable with the name "ENABLE_ALPHA_FEATURES" to True. This variable can be set via the redis-enterprise-operator pod spec, or through the operator-environment-config Config Map. | *[][DbModule](#dbmodule) | | false | -| rolesPermissions | List of Redis Enteprise ACL and Role bindings to apply | [][RolePermission](#rolepermission) | | false | -| defaultUser | Is connecting with a default user allowed? If disabled, the DatabaseSecret will not be created or updated | *bool | true | false | -| ossCluster | OSS Cluster mode option. Note that not all client libraries support OSS cluster mode. | *bool | false | false | -| proxyPolicy | The policy used for proxy binding to the endpoint. Supported proxy policies are: single/all-master-shards/all-nodes When left blank, the default value will be chosen according to the value of ossCluster - single if disabled, all-master-shards when enabled | string | | false | -| dataInternodeEncryption | Internode encryption (INE) setting. An optional boolean setting, overriding a similar cluster-wide policy. If set to False, INE is guaranteed to be turned off for this DB (regardless of cluster-wide policy). If set to True, INE will be turned on, unless the capability is not supported by the DB ( in such a case we will get an error and database creation will fail). If left unspecified, will be disabled if internode encryption is not supported by the DB (regardless of cluster default). Deleting this property after explicitly setting its value shall have no effect. | *bool | | false | -| databasePort | Database port number. TCP port on which the database is available. Will be generated automatically if omitted. can not be changed after creation | *int | | false | -| shardsPlacement | Control the density of shards - should they reside on as few or as many nodes as possible. Available options are "dense" or "sparse". If left unset, defaults to "dense". | string | | false | -| type | The type of the database. | *[DatabaseType](#databasetype) | redis | false | -| isRof | Whether it is an RoF database or not. Applicable only for databases of type "REDIS". Assumed to be false if left blank. | *bool | | false | -| rofRamSize | The size of the RAM portion of an RoF database. Similarly to "memorySize" use formats like 100MB, 0.1GB It must be at least 10% of combined memory size (RAM+Flash), as specified by "memorySize". | string | | false | -| memcachedSaslSecretName | Credentials used for binary authentication in memcached databases. The credentials should be saved as an opaque secret and the name of that secret should be configured using this field. For username, use 'username' as the key and the actual username as the value. For password, use 'password' as the key and the actual password as the value. Note that connections are not encrypted. | string | | false | -| redisVersion | Redis OSS version. Version can be specified via prefix, or via channels - for existing databases - Upgrade Redis OSS version. For new databases - the version which the database will be created with. If set to 'major' - will always upgrade to the most recent major Redis version. If set to 'latest' - will always upgrade to the most recent Redis version. Depends on 'redisUpgradePolicy' - if you want to set the value to 'latest' for some databases, you must set redisUpgradePolicy on the cluster before. Possible values are 'major' or 'latest' When using upgrade - make sure to backup the database before. This value is used only for database type 'redis' | string | | false | -| upgradeSpec | Specifications for DB upgrade. | *[DBUpgradeSpec](#dbupgradespec) | | false | -| activeActive | Connection/ association to the Active-Active database. | *[ActiveActiveInfo](#activeactiveinfo) | | false | -| resp3 | Whether this database supports RESP3 protocol. Note - Deleting this property after explicitly setting its value shall have no effect. Please view the corresponding field in RS doc for more info. | *bool | | false | -| shardingEnabled | Toggles database sharding for REAADBs (Active Active databases) and enabled by default. This field is blocked for REDB (non-Active Active databases) and sharding is toggled via the shardCount field - when shardCount is 1 this is disabled otherwise enabled. | *bool | | false | -[Back to Table of Contents](#table-of-contents) - -### RedisEnterpriseDatabaseStatus -RedisEnterpriseDatabaseStatus defines the observed state of RedisEnterpriseDatabase - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| databaseUID | Database UID provided by redis enterprise | string | | false | -| specStatus | Whether the desired specification is valid | [SpecStatusName](#specstatusname) | | false | -| status | The status of the database | [DatabaseStatus](#databasestatus) | | false | -| createdTime | Time when the database was created | string | | false | -| lastUpdated | Time when the database was last updated | string | | false | -| shardStatuses | Aggregated statuses of shards | map[string]uint16 | | false | -| lastActionUid | UID of the last action done by operator on this database | string | | false | -| lastActionStatus | Status of the last action done by operator on this database | string | | false | -| version | Database compatibility version | string | | false | -| replicaSourceStatuses | ReplicaSource statuses | [][ReplicaSourceStatus](#replicasourcestatus) | | false | -| internalEndpoints | Endpoints listed internally by the Redis Enterprise Cluster. Can be used to correlate a ReplicaSourceStatus entry. | [][InternalEndpoint](#internalendpoint) | | false | -| redisEnterpriseCluster | The Redis Enterprise Cluster Object this Resource is associated with | string | | false | -| observedGeneration | The generation (built in update counter of K8s) of the REDB resource that was fully acted upon, meaning that all changes were handled and sent as an API call to the Redis Enterprise Cluster (REC). This field value should equal the current generation when the resource changes were handled. Note: the lastActionStatus field tracks actions handled asynchronously by the Redis Enterprise Cluster. | int64 | | false | -| backupInfo | Information on the database's periodic backup | *[BackupInfo](#backupinfo) | | false | -| activeActive | Connection/ association to the Active-Active database. | *[ActiveActiveInfo](#activeactiveinfo) | | false | -[Back to Table of Contents](#table-of-contents) - -### ReplicaSource - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| replicaSourceType | The type of resource from which the source database URI is derived. If set to 'SECRET', the source database URI is derived from the secret named in the ReplicaSourceName field. The secret must have a key named 'uri' that defines the URI of the source database in the form of 'redis://...'. The type of secret (kubernetes, vault, ...) is determined by the secret mechanism used by the underlying REC object. If set to 'REDB', the source database URI is derived from the RedisEnterpriseDatabase resource named in the ReplicaSourceName field. | [ReplicaSourceType](#replicasourcetype) | | true | -| replicaSourceName | The name of the resource from which the source database URI is derived. The type of resource must match the type specified in the ReplicaSourceType field. | string | | true | -| compression | GZIP compression level (0-6) to use for replication. | int | | false | -| clientKeySecret | Secret that defines the client certificate and key used by the syncer in the target database cluster. The secret must have 2 keys in its map: "cert" which is the PEM encoded certificate, and "key" which is the PEM encoded private key. | *string | | false | -| serverCertSecret | Secret that defines the server certificate used by the proxy in the source database cluster. The secret must have 1 key in its map: "cert" which is the PEM encoded certificate. | *string | | false | -| tlsSniName | TLS SNI name to use for the replication link. | *string | | false | -[Back to Table of Contents](#table-of-contents) - -### ReplicaSourceStatus - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| lag | Lag in millisec between source and destination (while synced). | int | | false | -| lastError | Last error encountered when syncing from the source. | string | | false | -| lastUpdate | Time when we last receive an update from the source. | string | | false | -| rdbSize | The source’s RDB size to be transferred during the syncing phase. | int | | false | -| rdbTransferred | Number of bytes transferred from the source’s RDB during the syncing phase. | int | | false | -| status | Sync status of this source | string | | false | -| endpointHost | The internal host name of the replica source database. Can be used as an identifier. See the internalEndpoints list on the REDB status. | string | | true | -[Back to Table of Contents](#table-of-contents) - -### RolePermission -Redis Enterprise Role and ACL Binding - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| type | Type of Redis Enterprise Database Role Permission | [RolePermissionType](#rolepermissiontype) | | true | -| role | Role Name of RolePermissionType (note: use exact name of the role from the Redis Enterprise role list, case sensitive) | string | | true | -| acl | Acl Name of RolePermissionType (note: use exact name of the ACL from the Redis Enterprise ACL list, case sensitive) | string | | true | -[Back to Table of Contents](#table-of-contents) - -### S3Storage - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| awsSecretName | The name of the secret that holds the AWS credentials. The secret must contain the keys "AWS_ACCESS_KEY_ID" and "AWS_SECRET_ACCESS_KEY", and these must hold the corresponding credentials. | string | | true | -| bucketName | Amazon S3 bucket name. | string | | true | -| subdir | Optional. Amazon S3 subdir under bucket. | string | empty | false | -[Back to Table of Contents](#table-of-contents) - -### SftpStorage - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| sftpSecretName | The name of the secret that holds SFTP credentials. The secret must contain the "Key" key, which is the SSH private key for connecting to the sftp server. | string | | true | -| sftp_url | SFTP url | string | | true | -[Back to Table of Contents](#table-of-contents) - -### SwiftStorage - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| swiftSecretName | The name of the secret that holds Swift credentials. The secret must contain the keys "Key" and "User", and these must hold the corresponding credentials: service access key and service user name (pattern for the latter does not allow special characters &,<,>,") | string | | true | -| auth_url | Swift service authentication URL. | string | | true | -| container | Swift object store container for storing the backup files. | string | | true | -| prefix | Optional. Prefix (path) of backup files in the swift container. | string | empty | false | -[Back to Table of Contents](#table-of-contents) -## Enums - -### DatabasePersistence -Database persistence policy. see https://docs.redislabs.com/latest/rs/concepts/data-access/persistence/ - -| Value | Description | -| ----- | ----------- | -| "disabled" | Data is not persisted | -| "aofEverySecond" | Data is synced to disk every second | -| "aofAlways" | Data is synced to disk with every write. | -| "snapshotEvery1Hour" | A snapshot of the database is created every hour | -| "snapshotEvery6Hour" | A snapshot of the database is created every 6 hours. | -| "snapshotEvery12Hour" | A snapshot of the database is created every 12 hours. | -[Back to Table of Contents](#table-of-contents) - -### DatabaseStatus -State of the Redis Enterprise Database - -| Value | Description | -| ----- | ----------- | -| "pending" | Database is pending creation | -| "active" | Database is ready to be used | -| "active-change-pending" | Database is ready to be used, but a change is pending | -| "delete-pending" | Database will be deleted soon | -| "import-pending" | Database will be imported soon | -| "creation-failed" | Database creation has failed | -| "recovery" | Database creation has failed | -| "" | Database status unknown | -[Back to Table of Contents](#table-of-contents) - -### DatabaseType - -| Value | Description | -| ----- | ----------- | -| "redis" | | -| "memcached" | | -[Back to Table of Contents](#table-of-contents) - -### ReplicaSourceType - -| Value | Description | -| ----- | ----------- | -| "SECRET" | When ReplicaSourceType is set to 'SECRET', the source database URI is derived from the secret named in the ReplicaSourceName field. The secret must have a key named 'uri' that defines the URI of the source database in the form of 'redis://...'. The type of secret (kubernetes, vault, ...) is determined by the secret mechanism used by the underlying REC object. | -| "REDB" | When ReplicaSourceType is set to 'REDB', the source database URI is derived from the RedisEnterpriseDatabase resource named in the ReplicaSourceName field. | -[Back to Table of Contents](#table-of-contents) - -### RolePermissionType - -| Value | Description | -| ----- | ----------- | -| "redis-enterprise" | Use Roles and ACLs defined within Redis Enterprise directly | -[Back to Table of Contents](#table-of-contents) diff --git a/redis_enterprise_remote_cluster_api.md b/redis_enterprise_remote_cluster_api.md deleted file mode 100644 index b5234be..0000000 --- a/redis_enterprise_remote_cluster_api.md +++ /dev/null @@ -1,64 +0,0 @@ -# Redis Enterprise Remote Cluster API -This document describes the parameters for the Redis Enterprise Remote Cluster custom resource -> Note this document is auto-generated from code comments. To contribute a change please change the code comments. -## Table of Contents -* [Objects](#objects) - * [RedisEnterpriseRemoteCluster](#redisenterpriseremotecluster) - * [RedisEnterpriseRemoteClusterList](#redisenterpriseremoteclusterlist) - * [RedisEnterpriseRemoteClusterSpec](#redisenterpriseremoteclusterspec) - * [RedisEnterpriseRemoteClusterStatus](#redisenterpriseremoteclusterstatus) -* [Enums](#enums) - * [RemoteClusterStatus](#remoteclusterstatus) -## Objects - -### RedisEnterpriseRemoteCluster -RedisEntepriseRemoteCluster represents a remote participating cluster. - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| metadata | | [metav1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#objectmeta-v1-meta) | | false | -| spec | | [RedisEnterpriseRemoteClusterSpec](#redisenterpriseremoteclusterspec) | | false | -| status | | [RedisEnterpriseRemoteClusterStatus](#redisenterpriseremoteclusterstatus) | | false | -[Back to Table of Contents](#table-of-contents) - -### RedisEnterpriseRemoteClusterList -RedisEnterpriseRemoteClusterList contains a list of RedisEnterpriseRemoteCluster - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| metadata | | [metav1.ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#listmeta-v1-meta) | | false | -| items | | [][RedisEnterpriseRemoteCluster](#redisenterpriseremotecluster) | | true | -[Back to Table of Contents](#table-of-contents) - -### RedisEnterpriseRemoteClusterSpec - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| recName | The name of the REC that the RERC is pointing at | string | | true | -| recNamespace | The namespace of the REC that the RERC is pointing at | string | | true | -| secretName | The name of the secret containing cluster credentials. Must be of the following format: "redis-enterprise-" | string | | false | -| apiFqdnUrl | The URL of the cluster, will be used for the active-active database URL. | string | | true | -| dbFqdnSuffix | The database URL suffix, will be used for the active-active database replication endpoint and replication endpoint SNI. | string | | false | -[Back to Table of Contents](#table-of-contents) - -### RedisEnterpriseRemoteClusterStatus - - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| local | Indicates whether this object represents a local or a remote cluster. | *bool | | false | -| status | The status of the remote cluster. | [RemoteClusterStatus](#remoteclusterstatus) | | false | -| specStatus | Whether the desired specification is valid. | [SpecStatusName](#specstatusname) | | false | -| observedGeneration | observedGeneration is the most recent generation observed for this RERC. It corresponds to the RERC's generation, which is updated by the API Server. | int64 | | false | -[Back to Table of Contents](#table-of-contents) -## Enums - -### RemoteClusterStatus -TODO: Add a kubebuilder enum annotation here. - -| Value | Description | -| ----- | ----------- | -| "Active" | | -| "Error" | | -[Back to Table of Contents](#table-of-contents) diff --git a/redis_on_flash.md b/redis_on_flash.md deleted file mode 100644 index 05847a6..0000000 --- a/redis_on_flash.md +++ /dev/null @@ -1,3 +0,0 @@ -# Deploying Redis on Flash on K8s using Redis Enterprise operator - -This content has moved to [docs.redis.com](https://docs.redis.com/latest/). See [Use Auto Tiering on Kubernetes](https://docs.redis.com/latest/kubernetes/re-clusters/auto-tiering/). \ No newline at end of file diff --git a/role.yaml b/role.yaml deleted file mode 100644 index 9e99e97..0000000 --- a/role.yaml +++ /dev/null @@ -1,173 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator -rules: - - apiGroups: - - rbac.authorization.k8s.io - - "" - resources: - - roles - - serviceaccounts - - rolebindings - verbs: - - create - - get - - update - - patch - - delete - - apiGroups: - - app.redislabs.com - resources: - - redisenterpriseclusters - - redisenterpriseclusters/status - - redisenterpriseclusters/finalizers - - redisenterprisedatabases - - redisenterprisedatabases/status - - redisenterprisedatabases/finalizers - - redisenterpriseremoteclusters - - redisenterpriseremoteclusters/status - - redisenterpriseremoteclusters/finalizers - - redisenterpriseactiveactivedatabases - - redisenterpriseactiveactivedatabases/status - - redisenterpriseactiveactivedatabases/finalizers - verbs: - - delete - - get - - list - - patch - - create - - update - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - update - - get - - create - - patch - - delete - - list - - watch - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - apps - resources: - - deployments - - statefulsets - - replicasets - verbs: - - create - - delete - - get - - patch - - update - - list - - watch - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - create - - delete - - get - - list - - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - update - - watch - - list - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - update - - list - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - update - - patch - - delete - - watch - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - update - - patch - - create - - delete - - watch - - apiGroups: - - policy - resourceNames: - - redis-enterprise-psp - resources: - - podsecuritypolicies - verbs: - - use - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - patch - - delete - - list - - update - - get - - watch - - apiGroups: - - networking.istio.io - resources: - - gateways - - virtualservices - verbs: - - get - - list - - update - - patch - - create - - delete - - watch diff --git a/role_binding.yaml b/role_binding.yaml deleted file mode 100644 index dca673d..0000000 --- a/role_binding.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: redis-enterprise-operator -subjects: - - kind: ServiceAccount - name: redis-enterprise-operator diff --git a/service_account.yaml b/service_account.yaml deleted file mode 100644 index b2940cf..0000000 --- a/service_account.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator diff --git a/setting_ingress_or_route_readme.md b/setting_ingress_or_route_readme.md deleted file mode 100644 index 9037a36..0000000 --- a/setting_ingress_or_route_readme.md +++ /dev/null @@ -1,96 +0,0 @@ - -# Establish external routing with an Ingress controller or Openshift Routes on K8s - -This document describes how to set Ingress controller or Openshift Routes for the REC, REDB and REAADB on Kubernetes. - -## Overview - -For requests to be routed to the REC, REDB and REAADB from outside the K8s cluster, you need an Ingress controller or Openshift Routes. -Redis Enterprise Software on Kubernetes supports three Ingress controllers: HAProxy, Nginx and Istio; as well as Openshift Routes. - -### Redis Enterprise Cluster (REC) API - -For any Redis Enterprise Cluster the Redis Enterprise operator creates a service that allows requests to be routed to that cluster API. Redis Enterprise supports three types of services for accessing the cluster: ClusterIP, loadBalancer and nodePort. -By default, the operator creates a ClusterIP type service, which exposes a cluster-internal IP and can only be accessed from within the K8s cluster. - -### Redis Enterprise Database (REDB) - -Every time a Redis Enterprise database is created with the Redis Enterprise operator, a service is created that allows requests to be routed to that database. Redis Enterprise supports three types of services for accessing databases: ClusterIP, headless, or LoadBalancer. -By default, the operator creates a ClusterIP type service, which exposes a cluster-internal IP and can only be accessed from within the K8s cluster. - -### Redis Enterprise Active Active Database (REAADB) - -Every time a Redis Enterprise Active Active Database is created with the Redis Enterprise operator, a service is created that allows requests to be routed to that active-active database. Redis Enterprise supports three types of services for accessing databases: ClusterIP, headless, or LoadBalancer. -By default, the operator creates a ClusterIP type service, which exposes a cluster-internal IP and can only be accessed from within the K8s cluster. - -## Ingress installation - -Install one of the supported ingresses, if not installed already on your K8s cluster: - * [Nginx ingress controller installation guide](https://kubernetes.github.io/ingress-nginx/deploy/) - * [HAProxy ingress getting started](https://haproxy-ingress.github.io/docs/getting-started/) - * Istio - follow the "Install and configure Istio for Redis Enterprise" [here](https://docs.redis.com/latest/kubernetes/re-databases/ingress_routing_with_istio/) - * [Openshift Routes](https://docs.redis.com/latest/kubernetes/re-databases/routes/) - -Warning - You’ll need to make sure `ssl-passthrough` is enabled. It’s enabled by default for HAProxy, but disabled by default for NGINX. See the [Nginx User Guide](https://kubernetes.github.io/ingress-nginx/user-guide/tls/#ssl-passthrough) for details. - -## Configure DNS - -To reach the cluster and databases we need DNS records that will resolve to the Ingress/ Routes load balancer service that exposes external endpoint. - -1. To find the load balancer service with the exposed endpoint of HAProxy or Nginx controller, please run the following, replace the with "haproxy-ingress" or "ingress-ngnix-controller" for HAProxy or Nginx respectively and the with the namespace the ingress resides in: -``` - kubectl get svc -n -``` -Below is example output for an HAProxy ingress controller running on a K8s cluster hosted by AWS: -``` - NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE - haproxy-ingress LoadBalancer 10.43.62.53 a56e24df8c6173b79a63d5da54fd9cff-676486416.us-east-1.elb.amazonaws.com 80:30610/TCP,443:31597/TCP 21m -``` - -2. Create the following DNS entries that resolves to the exposed load balancer endpoint, use the `EXTERNAL-IP` found in the previous step. - -a. REC API DNS: -We recommend using the following convention for the REC API FQDN: -`api--.` -- Replace `` with the REC name -- Replace `` with the namespace the REC resides in -- Replace `` with your subdomain -For example, REC API DNS of a REC named: "rec1" with the namespace "ns1" and the subdomain "redis.com": -api-rec1-ns1.redis.com - -b. The databases and Active-Active databases FQDN suffix DNS: -The FQDN for REDB custom resources (databases) or REAADB custom resources (Active-Active databases) is comprised from two parts: The custom resource name and a FQDN suffix. We recommend configuring a wildcard DNS record with the FQDN suffix. -We recommend using the following convention for the DB FQDN suffix: -`*-db--.` -- Replace `` with the REC name -- Replace `` with the namespace the REC resides in -- Replace `` with your subdomain: -For example, wildcard DB FQDN suffix DNS of a REC named "rec1", with the namespace "ns1", and the subdomain "redis.com": -*-db-rec1-ns1.redis.com - -## Configure Ingress or Routes on the REC - -On the namespace where the REC resides, do the following: - -Please configure the Ingress controller or Openshift Routes configurations via the 'ingressOrRouteSpec' field on the REC spec. -For example, configuring a Nginx ingress via the above configurations on a REC named "rec1" with the namespace "ns1": -``` - kubectl patch rec rec1 --type merge --patch "{\"spec\": \ - {\"ingressOrRouteSpec\": \ - {\"apiFqdnUrl\": \"api-rec1-ns1.redis.com\", \ - \"dbFqdnSuffix\": \"-db-rec1-ns1.redis.com\", \ - \"ingressAnnotations\": {\"kubernetes.io/ingress.class\": \"nginx\", \"nginx.ingress.kubernetes.io/ssl-passthrough\": \"true\"}, \ - \"method\": \"ingress\"}}}" -``` - -Some clearification about the above example: - - The 'apiFqdnUrl' is the FQDN for the REC API. - - The 'dbFqdnSuffix' is the suffix that will be added for each REDB and REAADB custom resources names, meaning the active-active database convention is as follows: . - -Notes: - * For more info please view the REC custom resource definition or the API doc. - -For more information please view the following links: - - [Redis doc - set up ingress controller](https://docs.redis.com/latest/kubernetes/re-databases/set-up-ingress-controller/) - - [Redis doc - create aa database](https://docs.redis.com/latest/kubernetes/re-clusters/create-aa-database/) - - [Redis doc - Openshift Routes](https://docs.redis.com/latest/kubernetes/re-databases/routes/) diff --git a/topics.md b/topics.md deleted file mode 100644 index 7be62f7..0000000 --- a/topics.md +++ /dev/null @@ -1,179 +0,0 @@ - -# Advanced Configuration - -- [Guaranteed Quality of Service](#guaranteed-quality-of-service) -- [Priority Class](#priority-class) -- [Node Pool](#node-pool) -- [K8s Out of Resource Handling recommendations](#k8s-out-of-resource-handling-recommendations) - - [Monitoring](#monitoring) - - [Eviction Thresholds](#eviction-thresholds) -- [Pod Security Policy (PSP)](#pod-security-policy-psp) -- [Side Cars](#side-cars) -- [Resource Limits and Quotas](#resource-limits-and-quotas) -- [Custom Resource Deletion](#custom-resource-deletion) -- [Operator Deployment Spec](#operator-deployment-spec) - -## Guaranteed Quality of Service - -This content has moved to [docs.redis.com](https://docs.redis.com/latest); see [Manage pod stability](https://docs.redis.com/latest/kubernetes/recommendations/pod-stability/). - -## Priority Class - -This content has moved to [docs.redis.com](https://docs.redis.com/latest); see [Manage pod stability](https://docs.redis.com/latest/kubernetes/recommendations/pod-stability/). - -## Node Pool - -This content has moved to [docs.redis.com](https://docs.redis.com); see [Control node selection](https://docs.redis.com/latest/kubernetes/recommendations/node-selection/). - -## K8s Out of Resource Handling recommendations - -We highly recommend reading [k8s documentation of out of resource administration](https://kubernetes.io/docs/tasks/administer-cluster/out-of-resource). - -### Monitoring - -This content has moved to [docs.redis.com](https://docs.redis.com); see [Manage node resources](https://docs.redis.com/latest/kubernetes/recommendations/node-resources/). - -### Eviction Thresholds - -This content has moved to [docs.redis.com](https://docs.redis.com); see [Manage node resources](https://docs.redis.com/latest/kubernetes/recommendations/node-resources/). - -## Pod Security Policy (PSP) - -### `WARNING`: -> PodSecurityPolicy is [deprecated](https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/) for Kubernetes v1.21+ and invalid for v1.25+. -Users are advised to [migrate](https://kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp/) to [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) / [Pod Security Standards](https://kubernetes.io/docs/concepts/security/pod-security-standards/) mechanism. - -You can optionally use pod security policy. - -```bash -kubectl apply -f advanced/psp.yaml -``` - -If you use this option, you should add the policy name to REC configuration, in redis-enterprise-cluster.yaml. - -```yaml -podSecurityPolicyName: "redis-enterprise-psp" -``` - - -## Side Cars - -SideCar containers- images that will run along side the redis enterprise containers - -```yaml - sideContainersSpec: - - name: sidecar - image: dockerhub_repo/repo:tag - imagePullPolicy: IfNotPresent -``` - -## Resource Limits and Quotas - -This content has moved to [docs.redis.com](https://docs.redis.com); see [Manage node resources](https://docs.redis.com/latest/kubernetes/recommendations/node-resources/). - -## Custom Resource Deletion - -This content [has moved](https://docs.redis.com/latest/kubernetes/re-clusters/delete_custom_resources/) to the Redis Enterprise doc site, [docs.redis.com](https://docs.redis.com/latest/kubernetes/). - -### REDB `redisVersion` field -The ‘redisVersion’ field is used for specifying Redis OSS version on REDB. -Possible values: `major` or `latest`. -There are some important notes before using this field: -* When using this field - it will always upgrade to the specified version (the database version will be upgraded to the most recent “major” or “latest” version respectively -) with some limitations: - - The value must be compatible with `redisUpgradePolicy` on REC spec - if you use ‘latest’ for some REDBs - you must set `redisUpgradePolicy` in REC spec before. - - If your database `auto_upgrade` field is set to `true`, it will automatically upgrade regardless the value in this field (`redisUpgradePolicy` on the REC). -> Note: With Redis operator versions older than 6.2.10, every REDB is created automatically with ‘auto_upgrade’ set to ‘true’. - -> Any violation of these limitations may result in errors in the operator. - -### Operator Deployment Spec -* To increase the time before admission's liveness performing the first probe, you need to edit the deployment by running: -``` -kubectl edit deployment redis-enterprise-operator -``` -under the `spec` find the `admission` container - `livenessProbe` and edit the value of `initialDelaySeconds`: -```yaml -livenessProbe: - ... - ... - initialDelaySeconds: - ... -``` -Or you can run patch command -(here it sets its value to 20s, replace with the value you need) -> Note: Here the admission container's index is 1, replace with the admission container's index in your deployment. -> You can run the command -```kubectl get pod -o jsonpath='{.spec.containers[*].name}' ``` -> and get the containers list -``` -kubectl patch deployment redis-enterprise-operator --type json -p='[{"op": "replace", "path": "/spec/template/spec/containers/1/livenessProbe/initialDelaySeconds", "value":20}]' -``` - -## Host machine time zone propagation -You can propagate the host machine time zone by mounting `/etc/localtime` from the host -to all Redis Enterprise containers, using a hostPath volume. -Host time zone propagation is handled separately for operator deployment and the rest of the -Redis Enterprise pods (that include the services rigger). -To propagate host time zone to Redis Enterprise operator pod, you need to add a `hostPath` volume -manually before creating the deployment. Here is an example: - -``` -apiVersion: apps/v1 -kind: Deployment -metadata: - name: redis-enterprise-operator -spec: - replicas: 1 - selector: - matchLabels: - name: redis-enterprise-operator - template: - metadata: - labels: - name: redis-enterprise-operator - spec: - serviceAccountName: redis-enterprise-operator - volumes: - - name: tz-volume - hostPath: - path: /etc/localtime - containers: - - name: redis-enterprise-operator - ... - volumeMounts: - - mountPath: /etc/localtime - name: tz-volume - - name: admission - ... - volumeMounts: - - mountPath: /etc/localtime - name: tz-volume -``` -Propagation of host time zone to all the rest of the pods is enabled by configuring the -`containerTimezone` property of the `RedisEnterpriseCluster`, as in the example below: -``` -apiVersion: app.redislabs.com/v1 -kind: RedisEnterpriseCluster -metadata: - name: rec - labels: - app: redis-enterprise -spec: - nodes: 3 - containerTimezone: - propagateHost: {} -``` -> Note that `propagateHost` is an empty struct, but must be included to enable host time zone propagation. - -#### Possible restrictions on using `hostPath` volumes -Usage of `hostPath` volumes may be restricted by various mechanisms due to security considerations. -Depending on your setup, you may need to explicitly allow creation of pods with `hostPath` volumes by the operator. - -For instance, OpenShift 4 users will need to modify the `redis-enterprise-scc` security context constraints (SCC) by -setting the value of `allowHostDirVolumePlugin` to `true` as in the following example: -``` -apiVersion: security.openshift.io/v1 -kind: SecurityContextConstraints -allowHostDirVolumePlugin: true -... -``` diff --git a/vault/README.md b/vault/README.md deleted file mode 100644 index b5d79e8..0000000 --- a/vault/README.md +++ /dev/null @@ -1,276 +0,0 @@ -# Integrating the Redis Enterprise Operator with Hashicorp Vault -## Overview -Hashicorp Vault can be configured as the source of secrets used by the Redis Enterprise K8s operator as an alternative to Kubernetes secrets.
- -Clarification: when running in Vault mode, all secrets referenced in the Redis Enterprise custom resources are read from -Vault instead of from Kubernetes Secrets. This includes credentials to access the cluster and databases, certificates, -license, credentials to access backup storage targets, LDAP servers, etc.
For a full list of secrets that can be -specified, please refer to the [`RedisEnterpriseCluster`](../redis_enterprise_cluster_api.md) -and [`RedisEnterpriseDatabase`](../redis_enterprise_database_api.md) API reference pages. - -To configure the operator to read secrets from Vault, set `.spec.clusterCredentialSecretType: "vault"` in the `RedisEnterpriseCluster` resource. This will be further explained next. - -How to use Hashicorp Vault as a source for secrets: -1. [ Prerequisites ](#prerequisites) -2. [ Deployment ](#deployment) -3. [ Deploying the operator ](#deployment_operator) -4. [ Creating the REC ](#deployment_rec) -5. [ REC secrets ](#example_rec) -6. [ Deploy REDB admission Controller ](#redb-admission) -7. [ Creating an REDB](#deployment_redb) -8. [ REDB secrets ](#redb_secrets) -9. [ RERC secrets ](#rerc_secrets) -10. [ REAADB secrets ](#reaadb_secrets) - - -> Note: when using Openshift it might be recommended to use oc instead of kubectl - -## Prerequisites -* Deploy a Hashicorp Vault instance and make sure there is network access to it from the Kubernetes cluster. The solution has been tested with Hashicorp Vault v1.15.2. The Hashicorp Vault instance must be using TLS. -* Configure the Hashicorp Vault Kubernetes authentication for the Kubernetes cluster the operator is being deployed. Refer to the Hashicorp Vault documentation for details. -* Deploy the Hashicorp Vault agent sidecar controller on the Kubernetes cluster (https://learn.hashicorp.com/tutorials/vault/kubernetes-sidecar) -* Note that Hashicorp offers a Vault Enterprise product. The Vault Enterprise product supports namespaces. Those namespaces should not be confused with Kubernetes namespaces. This document assumes that the Hashicorp Vault instance used is the Enterprise product, and a Vault namespace is used. The namespace is referred to as the below. -* Redis Enterprise will use a kv-v2 secret engine. Make sure it is available on the Hashicorp Vault instance (or create one if needed) and take note of the path it is mounted on, since it will be used later. - - -## Deployment -### General considerations -Hashicorp Vault and the Redis Enterprise Operator can be deployed in multiple scenarios that might affect the details of the process below. The document assumes the following: -* Hashicorp Vault enterprise is used, and Vault namespaces are used. If that is not the case, it is recommended to remove the namespace parameters, environment variables from the relevant directions. -* Multiple Redis Enterprise Clusters are configured within the same K8s cluster, configured to authenticate to Hashicorp Vault. -* To ensure privacy and avoid duplication, the K8S_NAMESPACE is appended to multiple names of Hashicorp Vault configurations. That might need to be further adjusted in cases multiple K8s clusters are used with the same K8s namespaces. -* The minimum TTL of the Vault token under the policy assigned to redis enterprise should be one hour. (see also https://learn.hashicorp.com/tutorials/vault/token-management#configure-the-token-ttl) - - -### Deploying the operator -1. Configure a Hashicorp Vault policy. The policy will be used to grant the operator access to the secrets. - - Run the following command within the Hashicorp Vault interface (use kubectl exec when Vault is deployed on Kubernetes, replace `` with the namespace where the operator is deployed into): - ``` - vault policy write -namespace= redisenterprise- - </*" { - capabilities = ["create", "read", "update", "delete", "list"] - } - path "secret/metadata/redisenterprise-/*" { - capabilities = ["list"] - } - EOF - ``` -2. Configure a Vault role: - ``` - vault write -namespace= auth//role/redis-enterprise-operator- \ - bound_service_account_names="redis-enterprise-operator" \ - bound_service_account_namespaces= \ - policies=redisenterprise- - ``` - > Note - replace `` with the path kubernetes auth is enabled in Hashicorp Vault. The default is "kubernetes" -3. Create the operator's configuration in configmap named 'operator-environment-config' with the relevant Vault configuration:
- edit and save this content in a file called `operator-environment-config.yaml`
- run `kubectl apply -f operator-environment-config.yaml`
- see notes on the parameters below. - ``` - apiVersion: v1 - kind: ConfigMap - metadata: - name: operator-environment-config - data: - CREDENTIAL_TYPE: "vault" - VAULT_SERVER_FQDN: - VAULT_SERVICE_PORT_HTTPS: "8200" - VAULT_SECRET_ROOT: "secret" - VAULT_SECRET_PREFIX: "redisenterprise-" - VAULT_ROLE: "redis-enterprise-operator-" - VAULT_AUTH_PATH: - VAULT_NAMESPACE: - ``` - * `VAULT_SERVER_FQDN`: Hashicorp Vault server Fully Qualified Domain Name (FQDN). If the Vault server is running with k8s,
- it would typically be `.)`: - * `VAULT_SECRET_ROOT`: the path the kv-2 secret engine being used is enabled on. - * `VAULT_SECRET_PREFIX`: should be unique to the Redis Enterprise Cluster. Here we use `redisenterprise-`.
- This value has to be consistent with Hashicorp Vault roles and policies. - * `VAULT_ROLE`: the Vault role you configured in the previous step, defaults to `redis-enterprise-operator`.
- * `VAULT_AUTH_PATH`: the path kubernetes auth is enabled in Hashicorp Vault, defaults to `kubernetes` - use no leading/trailing slashes.
- * `VAULT_NAMESPACE`: supported in Hashicorp Vault enterprise.
- > The full secret path would be: // - -4. Deploy the operator by applying the Redis Labs Kubernetes Operator Bundle as explained [here](../README.md) - steps 1,2 (steps 1-4 on OpenShift).
- The Operator pod would not be ready before you save the admission controller secret to Vault: - 1. Generate a json file with key/cert pair to be used by admission:
- ``` - kubectl exec -it $(kubectl get pod -l name=redis-enterprise-operator -o jsonpath='{.items[0].metadata.name}') -c redis-enterprise-operator -- /usr/local/bin/generate-tls -infer | tail -4 > output.json - ``` - * the output.json file is needed for additional steps below (deployment of admission controller) - 2. Apply the secret to vault - execute the following within the Hashicorp Vault CLI interface (you will need to copy
the file from the previous step for example by running `kubectl cp output.json vault-0:/tmp -n vault`): - ``` - vault kv put /redisenterprise-/admission-tls @output.json - ``` - Once operator is running, proceed to the steps below. Avoid creating the Redis Enterprise Cluster custom resource. - -5. Create a K8s secret containing the Certificate Authority Certificate (CACert) used to create the Hashicorp Vault instance server certificate.
- Name the secret `vault-ca-cert` and the key `vault.ca` . Save the CA cert to a file before running the following command: - ``` - kubectl create secret generic vault-ca-cert \ - --namespace \ - --from-file=vault.ca= - ``` - > Note - the server certificate of the Hashicorp Vault instance must be signed by the Certificate Authority used within the secret.
- - -### Creating the Redis Enterprise Cluster -1. Choose a random password. Unlike the default deployment, the operator is not creating a default password for the Redis Enterprise Cluster credentials, and those need to be chosen. It is recommended to use a tool to generate a random password at least 8 characters long. -2. Save the password as a secret within the Hashicorp Vault instance, replace values as needed. Execute the following command within the Hashicorp Vault CLI interface: - ``` - vault kv put -namespace= /redisenterprise-/ username= password= - ``` - > Note - The username field in the REC spec will be ignored when using vault. The username from the vault secret will be used instead. - > Note - this example matches configuring the operator with environment variable values: VAULT_SECRET_ROOT=secret, VAULT_SECRET_PREFIX=redisenterprise- as mentioned above -3. Create a role in vault for the REC service account: - ``` - vault write -namespace= auth//role/redis-enterprise-rec- \ - bound_service_account_names= \ - bound_service_account_namespaces= \ - policies=redisenterprise- - - ``` -4. Apply the Redis Enterprise Cluster yaml. Example (make sure the clusterCredentialSecretName is consistent with Hashicorp Vault configuration above): - ``` - apiVersion: app.redislabs.com/v1 - kind: RedisEnterpriseCluster - metadata: - name: rec - labels: - app: redis-enterprise - spec: - # Add fields here - nodes: 3 - clusterCredentialSecretName: rec - clusterCredentialSecretType: vault - clusterCredentialSecretRole: redis-enterprise-rec- - vaultCASecret: vault-ca-cert - podAnnotations: - vault.hashicorp.com/auth-path: auth/ - vault.hashicorp.com/namespace: - ``` - > Note - the "clusterCredentialSecretName" field as used to query the secret from Hashicorp Vault. See section below for explanation about secret name field values. - - -### Redis Enterprise Cluster secrets -> The full and detailed REC fields documentation can be found [here](../redis_enterprise_cluster_api.md) - -#### Cluster credentials and license fields: -* Cluster Credential Secret: `clusterCredentialSecretName` -* License Secret: `licenseSecretName` - -#### Certificates: -These are the certificates and their field name in the REC: -* API Certificate: apiCertificateSecretName -* CM Certificate: cmCertificateSecretName -* Metrics Exporter Certificate: metricsExporterCertificateSecretName -* Proxy Certificate: proxyCertificateSecretName -* Syncer Certificate: syncerCertificateSecretName -* LDAP client Certificate: ldapClientCertificateSecretName - -You can read more about the different certificates [Here](../redis_enterprise_cluster_api.md#rsclustercertificates) - -
Show REC example - -``` -apiVersion: app.redislabs.com/v1 -kind: RedisEnterpriseCluster -metadata: - name: rec - labels: - app: redis-enterprise -spec: - nodes: 3 - - licenseSecretName: - clusterCredentialSecretName: - certificates: - apiCertificateSecretName: - cmCertificateSecretName: - metricsExporterCertificateSecretName: - proxyCertificateSecretName: - syncerCertificateSecretName: - ldapClientCertificateSecretName: - - # vault configuration as explained above: - clusterCredentialSecretType: vault - clusterCredentialSecretRole: redis-enterprise-rec- - vaultCASecret: vault-ca-cert - podAnnotations: - vault.hashicorp.com/auth-path: auth/ - vault.hashicorp.com/namespace: -``` -Edit and apply the rec.yaml or use patch like in this example, which sets API Certificate secret name: -``` - kubectl patch rec rec --type merge --patch "{\"spec\": \ - {\"certificates\": \ - {\"apiCertificateSecretName\": \"\" }}}" -``` -
- - -### Deploy REDB admission controller (for OLM this is not needed) -It is not recommended to use the admission bundle here if you want to avoid creation of K8s secrets. -Instead, do a step-by-step installation. -1. Create the Kubernetes Validating Webhook (for OLM this is not needed) - **NOTE**: One must replace REPLACE_WITH_NAMESPACE in the following command with the namespace the REC was installed into. - - ```shell script - # save cert - CERT=`cat output.json | jq -r ".cert"` - sed 's/NAMESPACE_OF_SERVICE_ACCOUNT/REPLACE_WITH_NAMESPACE/g' ../admission/webhook.yaml | kubectl create -f - - - # create patch file - cat > modified-webhook.yaml < Note - use the output.json that was created in the steps above -2. Make sure admission works, see [here](../admission/README.md#verifying-installation) for steps description - - -### Creating an REDB -Steps to create an REDB: -1. Create a password in Vault in this path (change according to the specific configuration, see above)
- `//redb-`:
- where VAULT_SECRET_ROOT and VAULT_SECRET_PREFIX are defined in the operator's ConfigMap as explained above (or set to default values).
- e.g. ```vault kv put secret/redisenterprise-/redb-mydb password=somepassword``` - -2. Create the REDB custom resource. - Follow the step 6 [here](../README.md). - The REC spec indicted you are running with Vault and no further configuration is required. -3. The other REDB secrets (2 to 4) should be created in this path `redisenterprise-/`. The secrets should comply with the - REDB [secrets schema](https://github.com/RedisLabs/redis-enterprise-operator/blob/master/deploy/redis_enterprise_database_api.md). -> Note - when using the Redis Enterprise Vault plugin it recommended to set defaultUser: false and associate users through ACL bindings to the REDB - - -### REDB secrets -An REDB has several secrets associate with it as detailed here.
-1. The password for the REDB -2. [Replica Source](../redis_enterprise_database_api.md#replicasource) (optional).
- Specifically: `clientKeySecret` and `serverCertSecret` fields which holds the Vault secret name -3. [Backup Credentials](../redis_enterprise_database_api.md#backupspec) (optional)
- These are backup options, they contain (among other fields) a field for a secret used to access the backup. - * [S3 Storage](../redis_enterprise_database_api.md#s3storage): `awsSecretName` - * [sftp storage](../redis_enterprise_database_api.md#sftpstorage): `sftpSecretName` - * [Swift Storage](../redis_enterprise_database_api.md#SwiftStorage): `swiftSecretName` - * [Azure Blob Storage](../redis_enterprise_database_api.md#azureblobstorage): `absSecretName` - * [Google Storage](../redis_enterprise_database_api.md#googlestorage): `gcsSecretName` -4. [Client Auth](../redis_enterprise_database_api.md#redisenterprisedatabasespec) (optional) - The Secrets containing TLS Client Certificate to use for Authentication -> The full and detailed REDB fields documentation can be found [here](../redis_enterprise_database_api.md#redisenterprisedatabasespec) - - -### RERC secrets -The secretName field is supported and should be stored in Hashicorp Vault if the Redis Enterprise Cluster uses Hashicorp Vault as a secret source. - - -### REAADB secrets -A REDB specification is built into REAADB (the globalConfigurations field). All secret names specified there are supported and should be stored in Hashicorp Vault if the Redis Enterprise Cluster uses Hashicorp Vault as a secret source. \ No newline at end of file