From a4f3e03710cd2cbccc145d77562890f213f4cfa7 Mon Sep 17 00:00:00 2001 From: James Geisler Date: Thu, 30 Nov 2023 12:13:59 -0600 Subject: [PATCH 01/69] add statefulset for metrics generator and add traces_storage config Signed-off-by: James Geisler --- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/README.md | 10 +- .../deployment-metrics-generator.yaml | 2 +- .../statefulset-metrics-generator.yaml | 157 ++++++++++++++++++ charts/tempo-distributed/values.yaml | 20 +++ 5 files changed, 187 insertions(+), 4 deletions(-) create mode 100644 charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 7709530728..e55c2f18eb 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.7.1 +version: 1.8.0 appVersion: 2.3.0 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index cecbb14328..689ae423c2 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.7.1](https://img.shields.io/badge/Version-1.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) +![Version: 1.8.0](https://img.shields.io/badge/Version-1.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) Grafana Tempo in MicroService mode @@ -560,10 +560,11 @@ The memcached default args are removed and should be provided manually. The sett | metricsGenerator.annotations | object | `{}` | Annotations for the metrics-generator StatefulSet | | metricsGenerator.appProtocol | object | `{"grpc":null}` | Adds the appProtocol field to the metricsGenerator service. This allows metricsGenerator to work with istio protocol selection. | | metricsGenerator.appProtocol.grpc | string | `nil` | Set the optional grpc service protocol. Ex: "grpc", "http2" or "https" | -| metricsGenerator.config | object | `{"metrics_ingestion_time_range_slack":"30s","processor":{"service_graphs":{"dimensions":[],"histogram_buckets":[0.1,0.2,0.4,0.8,1.6,3.2,6.4,12.8],"max_items":10000,"wait":"10s","workers":10},"span_metrics":{"dimensions":[],"histogram_buckets":[0.002,0.004,0.008,0.016,0.032,0.064,0.128,0.256,0.512,1.02,2.05,4.1]}},"registry":{"collection_interval":"15s","external_labels":{},"stale_duration":"15m"},"storage":{"path":"/var/tempo/wal","remote_write":[],"remote_write_flush_deadline":"1m","wal":null}}` | More information on configuration: https://grafana.com/docs/tempo/latest/configuration/#metrics-generator | +| metricsGenerator.config | object | `{"metrics_ingestion_time_range_slack":"30s","processor":{"service_graphs":{"dimensions":[],"histogram_buckets":[0.1,0.2,0.4,0.8,1.6,3.2,6.4,12.8],"max_items":10000,"wait":"10s","workers":10},"span_metrics":{"dimensions":[],"histogram_buckets":[0.002,0.004,0.008,0.016,0.032,0.064,0.128,0.256,0.512,1.02,2.05,4.1]}},"registry":{"collection_interval":"15s","external_labels":{},"stale_duration":"15m"},"storage":{"path":"/var/tempo/wal","remote_write":[],"remote_write_flush_deadline":"1m","wal":null},"traces_storage":{"path":"/var/tempo/traces"}}` | More information on configuration: https://grafana.com/docs/tempo/latest/configuration/#metrics-generator | | metricsGenerator.config.processor.service_graphs.dimensions | list | `[]` | resource and span attributes and are added to the metrics if present. | | metricsGenerator.config.processor.span_metrics.dimensions | list | `[]` | Dimensions are searched for in the resource and span attributes and are added to the metrics if present. | | metricsGenerator.config.storage.remote_write | list | `[]` | https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write | +| metricsGenerator.config.traces_storage | object | `{"path":"/var/tempo/traces"}` | Used by the local blocks processor to store a wal for traces. | | metricsGenerator.enabled | bool | `false` | Specifies whether a metrics-generator should be deployed | | metricsGenerator.extraArgs | list | `[]` | Additional CLI args for the metrics-generator | | metricsGenerator.extraEnv | list | `[]` | Environment variables to add to the metrics-generator pods | @@ -575,7 +576,12 @@ The memcached default args are removed and should be provided manually. The sett | metricsGenerator.image.registry | string | `nil` | The Docker registry for the metrics-generator image. Overrides `tempo.image.registry` | | metricsGenerator.image.repository | string | `nil` | Docker image repository for the metrics-generator image. Overrides `tempo.image.repository` | | metricsGenerator.image.tag | string | `nil` | Docker image tag for the metrics-generator image. Overrides `tempo.image.tag` | +| metricsGenerator.kind | string | `"Deployment"` | Kind of deployment [StatefulSet/Deployment] | | metricsGenerator.nodeSelector | object | `{}` | Node selector for metrics-generator pods | +| metricsGenerator.persistence | object | `{"annotations":{},"enabled":false,"size":"10Gi","storageClass":null}` | Persistence configuration for metrics-generator | +| metricsGenerator.persistence.annotations | object | `{}` | Annotations for metrics generator PVCs | +| metricsGenerator.persistence.enabled | bool | `false` | Enable creating PVCs if you have kind set to StatefulSet. This disables using local disk or memory configured in walEmptyDir | +| metricsGenerator.persistence.storageClass | string | `nil` | Storage class to be used. If defined, storageClassName: . If set to "-", storageClassName: "", which disables dynamic provisioning. If empty or set to null, no storageClassName spec is set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). | | metricsGenerator.podAnnotations | object | `{}` | Annotations for metrics-generator pods | | metricsGenerator.podLabels | object | `{}` | Labels for metrics-generator pods | | metricsGenerator.ports | list | `[{"name":"grpc","port":9095,"service":true},{"name":"http-memberlist","port":7946,"service":false},{"name":"http-metrics","port":3100,"service":true}]` | Default ports | diff --git a/charts/tempo-distributed/templates/metrics-generator/deployment-metrics-generator.yaml b/charts/tempo-distributed/templates/metrics-generator/deployment-metrics-generator.yaml index 0dd7d7159a..ed1cd3f228 100644 --- a/charts/tempo-distributed/templates/metrics-generator/deployment-metrics-generator.yaml +++ b/charts/tempo-distributed/templates/metrics-generator/deployment-metrics-generator.yaml @@ -1,4 +1,4 @@ -{{- if .Values.metricsGenerator.enabled }} +{{- if and (.Values.metricsGenerator.enabled) (eq .Values.metricsGenerator.kind "Deployment") }} {{ $dict := dict "ctx" . "component" "metrics-generator" "memberlist" true }} apiVersion: apps/v1 kind: Deployment diff --git a/charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml b/charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml new file mode 100644 index 0000000000..286e68c37e --- /dev/null +++ b/charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml @@ -0,0 +1,157 @@ +{{- if and (.Values.metricsGenerator.enabled) (eq .Values.metricsGenerator.kind "StatefulSet") }} +{{ $dict := dict "ctx" . "component" "metrics-generator" "memberlist" true }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "tempo.resourceName" $dict }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "tempo.labels" $dict | nindent 4 }} + {{- with .Values.metricsGenerator.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + minReadySeconds: 10 + replicas: {{ .Values.metricsGenerator.replicas }} + revisionHistoryLimit: 10 + podManagementPolicy: Parallel + updateStrategy: + rollingUpdate: + partition: 0 + selector: + matchLabels: + {{- include "tempo.selectorLabels" $dict | nindent 6 }} + template: + metadata: + labels: + {{- include "tempo.podLabels" $dict | nindent 8 }} + {{- with .Values.tempo.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.metricsGenerator.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap-tempo.yaml") . | sha256sum }} + {{- with .Values.tempo.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.metricsGenerator.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if or (.Values.metricsGenerator.priorityClassName) (.Values.global.priorityClassName) }} + priorityClassName: {{ default .Values.metricsGenerator.priorityClassName .Values.global.priorityClassName }} + {{- end }} + serviceAccountName: {{ include "tempo.serviceAccountName" . }} + {{- with .Values.tempo.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + enableServiceLinks: false + {{- include "tempo.metricsGeneratorImagePullSecrets" . | nindent 6 -}} + {{- with .Values.metricsGenerator.hostAliases }} + hostAliases: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - args: + - -target=metrics-generator + - -config.file=/conf/tempo.yaml + - -mem-ballast-size-mbs=1024 + {{- with .Values.metricsGenerator.extraArgs }} + {{- toYaml . | nindent 12 }} + {{- end }} + image: {{ include "tempo.imageReference" $dict }} + imagePullPolicy: {{ .Values.tempo.image.pullPolicy }} + name: metrics-generator + ports: + {{- range .Values.metricsGenerator.ports }} + - name: {{ .name | quote }} + containerPort: {{ .port }} + {{- end }} + {{- with .Values.metricsGenerator.extraEnv }} + env: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.metricsGenerator.extraEnvFrom }} + envFrom: + {{- toYaml . | nindent 12 }} + {{- end }} + readinessProbe: + {{- toYaml .Values.tempo.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.metricsGenerator.resources | nindent 12 }} + {{- with .Values.tempo.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - mountPath: /conf + name: config + - mountPath: /runtime-config + name: runtime-config + - mountPath: /var/tempo + name: wal + {{- if .Values.enterprise.enabled }} + - name: license + mountPath: /license + {{- end }} + {{- with .Values.metricsGenerator.extraVolumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.metricsGenerator.terminationGracePeriodSeconds }} + {{- if semverCompare ">= 1.19-0" .Capabilities.KubeVersion.Version }} + {{- with .Values.metricsGenerator.topologySpreadConstraints }} + topologySpreadConstraints: + {{- tpl . $ | nindent 8 }} + {{- end }} + {{- end }} + {{- with .Values.metricsGenerator.affinity }} + affinity: + {{- tpl . $ | nindent 8 }} + {{- end }} + {{- with .Values.metricsGenerator.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.metricsGenerator.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: config + {{- include "tempo.configVolume" . | nindent 10 }} + - name: runtime-config + {{- include "tempo.runtimeVolume" . | nindent 10 }} + {{- if .Values.enterprise.enabled }} + - name: license + secret: + secretName: {{ tpl .Values.license.secretName . }} + {{- end }} + {{- with .Values.metricsGenerator.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if not .Values.metricsGenerator.persistence.enabled }} + - name: wal + emptyDir: {{- toYaml .Values.metricsGenerator.walEmptyDir | nindent 12 }} + {{- else }} + volumeClaimTemplates: + - metadata: + {{- with .Values.metricsGenerator.persistence.annotations }} + annotations: + {{- toYaml . | nindent 10 }} + {{- end }} + name: wal + spec: + accessModes: + - ReadWriteOnce + {{- with .Values.metricsGenerator.persistence.storageClass }} + storageClassName: {{ if (eq "-" .) }}""{{ else }}{{ . }}{{ end }} + {{- end }} + resources: + requests: + storage: {{ .Values.metricsGenerator.persistence.size | quote }} + {{- end }} +{{- end }} diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 7306f6dff7..589aff58f2 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -228,6 +228,8 @@ ingester: metricsGenerator: # -- Specifies whether a metrics-generator should be deployed enabled: false + # -- Kind of deployment [StatefulSet/Deployment] + kind: Deployment # -- Annotations for the metrics-generator StatefulSet annotations: {} # -- Number of replicas for the metrics-generator @@ -293,6 +295,19 @@ metricsGenerator: nodeSelector: {} # -- Tolerations for metrics-generator pods tolerations: [] + # -- Persistence configuration for metrics-generator + persistence: + # -- Enable creating PVCs if you have kind set to StatefulSet. This disables using local disk or memory configured in walEmptyDir + enabled: false + size: 10Gi + # -- Storage class to be used. + # If defined, storageClassName: . + # If set to "-", storageClassName: "", which disables dynamic provisioning. + # If empty or set to null, no storageClassName spec is + # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack). + storageClass: null + # -- Annotations for metrics generator PVCs + annotations: {} # -- The EmptyDir location where the /var/tempo will be mounted on. Defaults to local disk, can be set to memory. walEmptyDir: {} ## Here shows how to configure 1Gi memory as emptyDir. @@ -341,6 +356,9 @@ metricsGenerator: # -- A list of remote write endpoints. # -- https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write remote_write: [] + # -- Used by the local blocks processor to store a wal for traces. + traces_storage: + path: /var/tempo/traces metrics_ingestion_time_range_slack: 30s service: # -- Annotations for Metrics Generator service @@ -1090,6 +1108,8 @@ config: | {{- toYaml .Values.metricsGenerator.config.processor | nindent 6 }} storage: {{- toYaml .Values.metricsGenerator.config.storage | nindent 6 }} + traces_storage: + {{- toYaml .Values.metricsGenerator.config.traces_storage | nindent 6 }} registry: {{- toYaml .Values.metricsGenerator.config.registry | nindent 6 }} metrics_ingestion_time_range_slack: {{ .Values.metricsGenerator.config.metrics_ingestion_time_range_slack }} From fc3ed8d755bc542a1f97a76add4643a66617348b Mon Sep 17 00:00:00 2001 From: sunrabbit123 Date: Fri, 1 Dec 2023 15:20:33 +0900 Subject: [PATCH 02/69] [tempo] bump to Tempo v2.3.1 Signed-off-by: sunrabbit123 --- charts/tempo-distributed/Chart.yaml | 4 ++-- charts/tempo-distributed/README.md | 2 +- charts/tempo/Chart.yaml | 4 ++-- charts/tempo/README.md | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 7709530728..731e7ecd44 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.7.1 -appVersion: 2.3.0 +version: 1.7.2 +appVersion: 2.3.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ icon: https://raw.githubusercontent.com/grafana/tempo/master/docs/tempo/website/logo_and_name.png diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index cecbb14328..f7f354cf61 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.7.1](https://img.shields.io/badge/Version-1.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) +![Version: 1.7.2](https://img.shields.io/badge/Version-1.7.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) Grafana Tempo in MicroService mode diff --git a/charts/tempo/Chart.yaml b/charts/tempo/Chart.yaml index 9830b9988b..104e2126c5 100644 --- a/charts/tempo/Chart.yaml +++ b/charts/tempo/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: tempo description: Grafana Tempo Single Binary Mode type: application -version: 1.7.1 -appVersion: 2.3.0 +version: 1.7.2 +appVersion: 2.3.1 engine: gotpl home: https://grafana.net icon: https://raw.githubusercontent.com/grafana/tempo/master/docs/tempo/website/logo_and_name.png diff --git a/charts/tempo/README.md b/charts/tempo/README.md index f2db7c95b8..9e61f7a23b 100644 --- a/charts/tempo/README.md +++ b/charts/tempo/README.md @@ -1,6 +1,6 @@ # tempo -![Version: 1.7.1](https://img.shields.io/badge/Version-1.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) +![Version: 1.7.2](https://img.shields.io/badge/Version-1.7.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) Grafana Tempo Single Binary Mode From c542c04eabc91afc6da7fb5344f78faebba69ab2 Mon Sep 17 00:00:00 2001 From: sunrabbit123 Date: Sun, 3 Dec 2023 02:17:30 +0900 Subject: [PATCH 03/69] fix: separte pr Signed-off-by: sunrabbit123 --- charts/tempo-distributed/Chart.yaml | 4 ++-- charts/tempo-distributed/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 731e7ecd44..cdba587c07 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.7.2 -appVersion: 2.3.1 +version: 1.7.0 +appVersion: 2.3.0 engine: gotpl home: https://grafana.com/docs/tempo/latest/ icon: https://raw.githubusercontent.com/grafana/tempo/master/docs/tempo/website/logo_and_name.png diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index f7f354cf61..cecbb14328 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.7.2](https://img.shields.io/badge/Version-1.7.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) +![Version: 1.7.1](https://img.shields.io/badge/Version-1.7.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) Grafana Tempo in MicroService mode From 6d954fc672afe7480477e8082dd26dd3820e7144 Mon Sep 17 00:00:00 2001 From: sunrabbit123 Date: Sun, 3 Dec 2023 02:18:27 +0900 Subject: [PATCH 04/69] revert: tempo-distributed chart version Signed-off-by: sunrabbit123 --- charts/tempo-distributed/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index cdba587c07..7709530728 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.7.0 +version: 1.7.1 appVersion: 2.3.0 engine: gotpl home: https://grafana.com/docs/tempo/latest/ From 824e3da82e5a9aeb09da211f71f86a98f89e64b2 Mon Sep 17 00:00:00 2001 From: gasmick <33287410+gasmick@users.noreply.github.com> Date: Mon, 15 Jan 2024 15:29:40 +0100 Subject: [PATCH 05/69] [loki-distributed]: remove deprecated flag from compactor deployment Signed-off-by: gasmick <33287410+gasmick@users.noreply.github.com> --- charts/loki-distributed/Chart.yaml | 4 ++-- charts/loki-distributed/README.md | 5 ++++- charts/loki-distributed/README.md.gotmpl | 3 +++ .../templates/compactor/deployment-compactor.yaml | 1 - 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/charts/loki-distributed/Chart.yaml b/charts/loki-distributed/Chart.yaml index 2dbd096bd3..d4df08f303 100644 --- a/charts/loki-distributed/Chart.yaml +++ b/charts/loki-distributed/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: loki-distributed description: Helm chart for Grafana Loki in microservices mode type: application -appVersion: 2.9.2 -version: 0.78.1 +appVersion: 2.9.3 +version: 0.79.0 home: https://grafana.github.io/helm-charts sources: - https://github.com/grafana/loki diff --git a/charts/loki-distributed/README.md b/charts/loki-distributed/README.md index dc6525ab62..940da4f4d3 100644 --- a/charts/loki-distributed/README.md +++ b/charts/loki-distributed/README.md @@ -1,6 +1,6 @@ # loki-distributed -![Version: 0.78.1](https://img.shields.io/badge/Version-0.78.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.2](https://img.shields.io/badge/AppVersion-2.9.2-informational?style=flat-square) +![Version: 0.79.0](https://img.shields.io/badge/Version-0.79.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.3](https://img.shields.io/badge/AppVersion-2.9.3-informational?style=flat-square) Helm chart for Grafana Loki in microservices mode @@ -24,6 +24,9 @@ helm repo add grafana https://grafana.github.io/helm-charts Major version upgrades listed here indicate that there is an incompatible breaking change needing manual actions. +### From 0.78.x to 0.79.0 +Removed the hardcoded, deprecated `boltdb.shipper.compactor.working-directory` flag in the Compactor Deployment template, so that it can be set with `.Values.compactor.extraArgs` and the `compactor.working-directory` flag if necessary. + ### From 0.74.x to 0.75.0 The Index Gateway and Query Scheduler now expose the memberlist port 7946. In order to join the member list, you need to specify this in the `structuredConfig`: diff --git a/charts/loki-distributed/README.md.gotmpl b/charts/loki-distributed/README.md.gotmpl index 4c1967c807..23153d19b2 100644 --- a/charts/loki-distributed/README.md.gotmpl +++ b/charts/loki-distributed/README.md.gotmpl @@ -22,6 +22,9 @@ helm repo add grafana https://grafana.github.io/helm-charts Major version upgrades listed here indicate that there is an incompatible breaking change needing manual actions. +### From 0.78.x to 0.79.0 +Removed the hardcoded, deprecated `boltdb.shipper.compactor.working-directory` flag in the Compactor Deployment template, so that it can be set with `.Values.compactor.extraArgs` and the `compactor.working-directory` flag if necessary. + ### From 0.74.x to 0.75.0 The Index Gateway and Query Scheduler now expose the memberlist port 7946. In order to join the member list, you need to specify this in the `structuredConfig`: diff --git a/charts/loki-distributed/templates/compactor/deployment-compactor.yaml b/charts/loki-distributed/templates/compactor/deployment-compactor.yaml index f6b440931c..80601c7725 100644 --- a/charts/loki-distributed/templates/compactor/deployment-compactor.yaml +++ b/charts/loki-distributed/templates/compactor/deployment-compactor.yaml @@ -67,7 +67,6 @@ spec: args: - -config.file=/etc/loki/config/config.yaml - -target=compactor - - -boltdb.shipper.compactor.working-directory=/var/loki/compactor {{- with .Values.compactor.extraArgs }} {{- toYaml . | nindent 12 }} {{- end }} From f20ef7ffe45f88affc6a4db330f20302e4dd1840 Mon Sep 17 00:00:00 2001 From: gasmick <33287410+gasmick@users.noreply.github.com> Date: Tue, 16 Jan 2024 21:40:48 +0100 Subject: [PATCH 06/69] [loki-distributed] add compactor working_directory value Signed-off-by: gasmick <33287410+gasmick@users.noreply.github.com> --- charts/loki-distributed/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/loki-distributed/values.yaml b/charts/loki-distributed/values.yaml index 0f0bc1624a..15e9343e84 100644 --- a/charts/loki-distributed/values.yaml +++ b/charts/loki-distributed/values.yaml @@ -212,6 +212,7 @@ loki: compactor: shared_store: filesystem + working_directory: /var/loki/compactor ruler: storage: From dbc90823d1fe1f37ecc76fc978f204fa8e2549c8 Mon Sep 17 00:00:00 2001 From: footur <3769085+Footur@users.noreply.github.com> Date: Mon, 29 Jan 2024 16:03:29 +0100 Subject: [PATCH 07/69] Update Loki to version 2.9.4 Signed-off-by: footur <3769085+Footur@users.noreply.github.com> --- charts/loki-distributed/Chart.yaml | 4 ++-- charts/loki-distributed/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/loki-distributed/Chart.yaml b/charts/loki-distributed/Chart.yaml index 47bfe79b77..4535797966 100644 --- a/charts/loki-distributed/Chart.yaml +++ b/charts/loki-distributed/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: loki-distributed description: Helm chart for Grafana Loki in microservices mode type: application -appVersion: 2.9.2 -version: 0.78.2 +appVersion: 2.9.4 +version: 0.78.3 home: https://grafana.github.io/helm-charts sources: - https://github.com/grafana/loki diff --git a/charts/loki-distributed/README.md b/charts/loki-distributed/README.md index 437b97f00d..d9fbdd1d1e 100644 --- a/charts/loki-distributed/README.md +++ b/charts/loki-distributed/README.md @@ -1,6 +1,6 @@ # loki-distributed -![Version: 0.78.2](https://img.shields.io/badge/Version-0.78.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.2](https://img.shields.io/badge/AppVersion-2.9.2-informational?style=flat-square) +![Version: 0.78.3](https://img.shields.io/badge/Version-0.78.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.4](https://img.shields.io/badge/AppVersion-2.9.4-informational?style=flat-square) Helm chart for Grafana Loki in microservices mode From 14948abc94e81c1fd635782a03ffb9529ed67a53 Mon Sep 17 00:00:00 2001 From: footur <3769085+Footur@users.noreply.github.com> Date: Wed, 14 Feb 2024 08:37:18 +0100 Subject: [PATCH 08/69] Update Grafana to version 10.3.3 Signed-off-by: footur <3769085+Footur@users.noreply.github.com> --- charts/grafana/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index c027fc1ade..557a0f3062 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: grafana -version: 7.3.0 -appVersion: 10.3.1 +version: 7.3.1 +appVersion: 10.3.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.com From e6b6d7dade965d43f51e846075540354b68cc80c Mon Sep 17 00:00:00 2001 From: Sheikh-Abubaker Date: Thu, 15 Feb 2024 19:01:07 +0530 Subject: [PATCH 09/69] autoMount set to false in values.yaml Signed-off-by: Sheikh-Abubaker --- charts/grafana/Chart.yaml | 2 +- charts/grafana/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index c027fc1ade..922f932ca3 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.3.0 +version: 7.3.1 appVersion: 10.3.1 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index ab853e09c7..c39ea874ce 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -41,7 +41,7 @@ serviceAccount: ## Service account annotations. Can be templated. # annotations: # eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here - autoMount: true + autoMount: false replicas: 1 From 2972b1d302b91ce56a223c8ebfb1f74600217d6c Mon Sep 17 00:00:00 2001 From: chesha1 Date: Fri, 23 Feb 2024 13:06:15 +0800 Subject: [PATCH 10/69] [loki-stack] update grafana image tag Signed-off-by: chesha1 --- charts/loki-stack/Chart.yaml | 2 +- charts/loki-stack/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/loki-stack/Chart.yaml b/charts/loki-stack/Chart.yaml index 1242feb0c7..9d66f01143 100644 --- a/charts/loki-stack/Chart.yaml +++ b/charts/loki-stack/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: "v1" name: loki-stack -version: 2.10.1 +version: 2.10.2 appVersion: v2.9.3 kubeVersion: "^1.10.0-0" description: "Loki: like Prometheus, but for logs." diff --git a/charts/loki-stack/values.yaml b/charts/loki-stack/values.yaml index 59c1e300b5..83ed6f016c 100644 --- a/charts/loki-stack/values.yaml +++ b/charts/loki-stack/values.yaml @@ -42,7 +42,7 @@ grafana: enabled: true maxLines: 1000 image: - tag: 8.3.5 + tag: 10.3.3 prometheus: enabled: false From 70e2dec1fab40435d6c47641c7f7c253e85af67f Mon Sep 17 00:00:00 2001 From: Marco Pracucci Date: Mon, 26 Feb 2024 09:28:37 +0100 Subject: [PATCH 11/69] update for v0.13.0 Signed-off-by: Marco Pracucci --- charts/rollout-operator/Chart.yaml | 4 ++-- charts/rollout-operator/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rollout-operator/Chart.yaml b/charts/rollout-operator/Chart.yaml index a46e7ecde9..acff27d8ad 100644 --- a/charts/rollout-operator/Chart.yaml +++ b/charts/rollout-operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: rollout-operator description: "Grafana rollout-operator" type: application -version: 0.13.0 -appVersion: v0.11.0 +version: 0.14.0 +appVersion: v0.13.0 home: https://github.com/grafana/rollout-operator kubeVersion: ^1.10.0-0 diff --git a/charts/rollout-operator/README.md b/charts/rollout-operator/README.md index 3efeb2f1aa..f0de8efaa4 100644 --- a/charts/rollout-operator/README.md +++ b/charts/rollout-operator/README.md @@ -4,7 +4,7 @@ Helm chart for deploying [Grafana rollout-operator](https://github.com/grafana/r # rollout-operator -![Version: 0.13.0](https://img.shields.io/badge/Version-0.13.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.11.0](https://img.shields.io/badge/AppVersion-v0.11.0-informational?style=flat-square) +![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.13.0](https://img.shields.io/badge/AppVersion-v0.13.0-informational?style=flat-square) Grafana rollout-operator From 4389e01ec0aee87076d358badcdef1635a729eeb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Mon, 26 Feb 2024 13:17:24 +0100 Subject: [PATCH 12/69] Separately configure automountServiceAccountToken MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan-Otto Kröpke --- charts/grafana/Chart.yaml | 2 +- charts/grafana/templates/_pod.tpl | 2 +- charts/grafana/values.yaml | 3 +++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 64043bb3a8..58b806fd97 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.3.2 +version: 7.3.3 appVersion: 10.3.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/charts/grafana/templates/_pod.tpl b/charts/grafana/templates/_pod.tpl index 80fb466097..ed22993c96 100644 --- a/charts/grafana/templates/_pod.tpl +++ b/charts/grafana/templates/_pod.tpl @@ -5,7 +5,7 @@ schedulerName: "{{ . }}" {{- end }} serviceAccountName: {{ include "grafana.serviceAccountName" . }} -automountServiceAccountToken: {{ .Values.serviceAccount.autoMount }} +automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} {{- with .Values.securityContext }} securityContext: {{- toYaml . | nindent 2 }} diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index c39ea874ce..520e10991b 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -48,6 +48,9 @@ replicas: 1 ## Create a headless service for the deployment headlessService: false +## Should the service account be auto mounted on the pod +automountServiceAccountToken: true + ## Create HorizontalPodAutoscaler object for deployment type # autoscaling: From 379a3939cca6b87f63128841effef35a9f392a9a Mon Sep 17 00:00:00 2001 From: gasmick <33287410+gasmick@users.noreply.github.com> Date: Mon, 26 Feb 2024 15:05:37 +0100 Subject: [PATCH 13/69] [loki-distributed]: remove deprecated flag from compactor deployment Signed-off-by: gasmick <33287410+gasmick@users.noreply.github.com> --- charts/loki-distributed/Chart.yaml | 2 +- charts/loki-distributed/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/loki-distributed/Chart.yaml b/charts/loki-distributed/Chart.yaml index fa3adfb835..02bde88422 100644 --- a/charts/loki-distributed/Chart.yaml +++ b/charts/loki-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: loki-distributed description: Helm chart for Grafana Loki in microservices mode type: application -appVersion: 2.9.5 +appVersion: 2.9.4 version: 0.79.0 home: https://grafana.github.io/helm-charts sources: diff --git a/charts/loki-distributed/README.md b/charts/loki-distributed/README.md index e37f698aa3..f51f6e671f 100644 --- a/charts/loki-distributed/README.md +++ b/charts/loki-distributed/README.md @@ -1,6 +1,6 @@ # loki-distributed -![Version: 0.79.0](https://img.shields.io/badge/Version-0.79.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.5](https://img.shields.io/badge/AppVersion-2.9.5-informational?style=flat-square) +![Version: 0.79.0](https://img.shields.io/badge/Version-0.79.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.4](https://img.shields.io/badge/AppVersion-2.9.4-informational?style=flat-square) Helm chart for Grafana Loki in microservices mode From 2d91f08fd22ffd91f32081f0af8c72b8d5187e6d Mon Sep 17 00:00:00 2001 From: jcreixell Date: Tue, 27 Feb 2024 13:23:29 +0100 Subject: [PATCH 14/69] [agent-operator] update helm chart for v0.40 Signed-off-by: jcreixell --- charts/agent-operator/Chart.yaml | 10 +- charts/agent-operator/README.md | 6 +- .../monitoring.coreos.com_podmonitors.yaml | 255 - .../crds/monitoring.coreos.com_probes.yaml | 264 -- ...monitoring.coreos.com_servicemonitors.yaml | 273 -- .../monitoring.grafana.com_grafanaagents.yaml | 4084 ----------------- .../monitoring.grafana.com_integrations.yaml | 928 ---- .../monitoring.grafana.com_logsinstances.yaml | 201 - ...nitoring.grafana.com_metricsinstances.yaml | 366 -- .../crds/monitoring.grafana.com_podlogs.yaml | 280 -- charts/agent-operator/values.yaml | 2 +- 11 files changed, 9 insertions(+), 6660 deletions(-) diff --git a/charts/agent-operator/Chart.yaml b/charts/agent-operator/Chart.yaml index 89f5353632..ed134809be 100644 --- a/charts/agent-operator/Chart.yaml +++ b/charts/agent-operator/Chart.yaml @@ -2,12 +2,12 @@ apiVersion: v2 name: grafana-agent-operator description: A Helm chart for Grafana Agent Operator type: application -version: 0.3.15 -appVersion: "0.39.1" -home: https://grafana.com/docs/agent/v0.39/ -icon: https://raw.githubusercontent.com/grafana/agent/v0.39.1/docs/sources/assets/logo_and_name.png +version: 0.3.16 +appVersion: "0.40.0" +home: https://grafana.com/docs/agent/v0.40/ +icon: https://raw.githubusercontent.com/grafana/agent/v0.40.0/docs/sources/assets/logo_and_name.png sources: - - https://github.com/grafana/agent/tree/v0.39.1/pkg/operator + - https://github.com/grafana/agent/tree/v0.40.0/pkg/operator maintainers: - name: Grafana Agent Team email: grafana-agent-team@googlegroups.com diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index 9a321ce611..befe252886 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.15](https://img.shields.io/badge/Version-0.3.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.39.1](https://img.shields.io/badge/AppVersion-0.39.1-informational?style=flat-square) +![Version: 0.3.15](https://img.shields.io/badge/Version-0.3.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.0](https://img.shields.io/badge/AppVersion-0.40.0-informational?style=flat-square) A Helm chart for Grafana Agent Operator @@ -8,7 +8,7 @@ A Helm chart for Grafana Agent Operator ## Source Code -* +* Note that this chart does not provision custom resources like `GrafanaAgent` and `MetricsInstance` (formerly `PrometheusInstance`) or any `*Monitor` resources. @@ -63,7 +63,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | image.pullSecrets | list | `[]` | Image pull secrets | | image.registry | string | `"docker.io"` | Image registry | | image.repository | string | `"grafana/agent-operator"` | Image repo | -| image.tag | string | `"v0.39.1"` | Image tag | +| image.tag | string | `"v0.40.0"` | Image tag | | kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets | | nameOverride | string | `""` | Overrides the chart's name | | nodeSelector | object | `{}` | nodeSelector configuration | diff --git a/charts/agent-operator/crds/monitoring.coreos.com_podmonitors.yaml b/charts/agent-operator/crds/monitoring.coreos.com_podmonitors.yaml index 3e1fae0fc5..153677bb17 100644 --- a/charts/agent-operator/crds/monitoring.coreos.com_podmonitors.yaml +++ b/charts/agent-operator/crds/monitoring.coreos.com_podmonitors.yaml @@ -22,140 +22,81 @@ spec: - name: v1 schema: openAPIV3Schema: - description: PodMonitor defines monitoring for a set of pods. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Specification of desired Pod selection for target discovery - by Prometheus. properties: attachMetadata: - description: Attaches node metadata to discovered targets. Requires - Prometheus v2.35.0 and above. properties: node: - description: When set to true, Prometheus must have permissions - to get Nodes. type: boolean type: object jobLabel: - description: The label to use to retrieve the job name from. type: string labelLimit: - description: Per-scrape limit on number of labels that will be accepted - for a sample. Only valid in Prometheus versions 2.27.0 and newer. format: int64 type: integer labelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be - accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer labelValueLengthLimit: - description: Per-scrape limit on length of labels value that will - be accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer namespaceSelector: - description: Selector to select which namespaces the Endpoints objects - are discovered from. properties: any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. type: boolean matchNames: - description: List of namespace names to select from. items: type: string type: array type: object podMetricsEndpoints: - description: A list of endpoints allowed as part of this PodMonitor. items: - description: PodMetricsEndpoint defines a scrapeable endpoint of - a Kubernetes Pod serving Prometheus metrics. properties: authorization: - description: Authorization section for this endpoint properties: credentials: - description: The secret's key that contains the credentials - of the request properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error type: string type: object basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -163,64 +104,35 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenSecret: - description: Secret to mount to read bearer token for scraping - targets. The secret needs to be in the same namespace as the - pod monitor and accessible by the Prometheus Operator. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic enableHttp2: - description: Whether to enable HTTP2. type: boolean filterRunning: - description: 'Drop pods that are not running. (Failed, Succeeded). - Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase' type: boolean followRedirects: - description: FollowRedirects configures whether scrape requests - follow HTTP 3xx redirects. type: boolean honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. type: boolean honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. type: boolean interval: - description: Interval at which metrics should be scraped If - not specified Prometheus' global scrape interval is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string metricRelabelings: - description: MetricRelabelConfigs to apply to samples before - ingestion. items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -246,85 +158,46 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array oauth2: - description: OAuth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. properties: clientId: - description: The secret or configmap containing the OAuth2 - client id properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -332,19 +205,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -353,15 +219,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -374,37 +237,18 @@ spec: items: type: string type: array - description: Optional HTTP URL parameters type: object path: - description: HTTP path to scrape for metrics. If empty, Prometheus - uses the default value (e.g. `/metrics`). type: string port: - description: Name of the pod port this endpoint refers to. Mutually - exclusive with targetPort. type: string proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. type: string relabelings: - description: 'RelabelConfigs to apply to samples before scraping. - Prometheus Operator automatically adds relabelings for a few - standard Kubernetes fields. The original scrape job''s name - is available via the `__tmp_prometheus_job_name` label. More - info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -430,104 +274,59 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array scheme: - description: HTTP scheme to use for scraping. `http` and `https` - are the expected values unless you rewrite the `__scheme__` - label via relabeling. If empty, Prometheus uses the default - value `http`. enum: - http - https type: string scrapeTimeout: - description: Timeout after which the scrape is ended If not - specified, the Prometheus global scrape interval is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: anyOf: - type: integer - type: string - description: 'Deprecated: Use ''port'' instead.' x-kubernetes-int-or-string: true tlsConfig: - description: TLS configuration to use when scraping the endpoint. properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -535,43 +334,26 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -579,71 +361,41 @@ spec: x-kubernetes-map-type: atomic type: object insecureSkipVerify: - description: Disable target certificate validation. type: boolean keySecret: - description: Secret containing the client key file for the - targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object type: object type: array podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes Pod - onto the target. items: type: string type: array sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. format: int64 type: integer selector: - description: Selector to select Pod objects. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -655,17 +407,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic targetLimit: - description: TargetLimit defines a limit on the number of scraped - targets that will be accepted. format: int64 type: integer required: diff --git a/charts/agent-operator/crds/monitoring.coreos.com_probes.yaml b/charts/agent-operator/crds/monitoring.coreos.com_probes.yaml index 7ece55d2ac..13fc36f9aa 100644 --- a/charts/agent-operator/crds/monitoring.coreos.com_probes.yaml +++ b/charts/agent-operator/crds/monitoring.coreos.com_probes.yaml @@ -22,91 +22,53 @@ spec: - name: v1 schema: openAPIV3Schema: - description: Probe defines monitoring for a set of static targets or ingresses. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Specification of desired Ingress selection for target discovery - by Prometheus. properties: authorization: - description: Authorization section for this endpoint properties: credentials: - description: The secret's key that contains the credentials of - the request properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error type: string type: object basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over basic - authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' properties: password: - description: The secret in the service monitor namespace that - contains the password for authentication. properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace that - contains the username for authentication. properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined type: boolean required: - key @@ -114,62 +76,36 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenSecret: - description: Secret to mount to read bearer token for scraping targets. - The secret needs to be in the same namespace as the probe and accessible - by the Prometheus Operator. properties: key: - description: The key of the secret to select from. Must be a - valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic interval: - description: Interval at which targets are probed using the configured - prober. If not specified Prometheus' global scrape interval is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string jobName: - description: The job name assigned to scraped metrics by default. type: string labelLimit: - description: Per-scrape limit on number of labels that will be accepted - for a sample. Only valid in Prometheus versions 2.27.0 and newer. format: int64 type: integer labelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be - accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer labelValueLengthLimit: - description: Per-scrape limit on length of labels value that will - be accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer metricRelabelings: - description: MetricRelabelConfigs to apply to samples before ingestion. items: - description: 'RelabelConfig allows dynamic rewriting of the label - set, being applied to samples before ingestion. It defines ``-section - of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. Default - is 'replace'. uppercase and lowercase actions require Prometheus - >= 2.36. enum: - replace - Replace @@ -195,86 +131,48 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source label - values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex capture - groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source label - values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing labels. - Their content is concatenated using the configured separator - and matched against the configured regular expression for - the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name which - may only contain ASCII letters, numbers, as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written in - a replace action. It is mandatory for replace actions. Regex - capture groups are available. type: string type: object type: array module: - description: 'The module to use for probing specifying how to probe - the target. Example module configuring in the blackbox exporter: - https://github.com/prometheus/blackbox_exporter/blob/master/example.yml' type: string oauth2: - description: OAuth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. properties: clientId: - description: The secret or configmap containing the OAuth2 client - id properties: configMap: - description: ConfigMap containing data to use for the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -282,19 +180,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined type: boolean required: - key @@ -303,15 +194,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -320,87 +208,49 @@ spec: - tokenUrl type: object prober: - description: Specification for the prober to use for probing targets. - The prober.URL parameter is required. Targets cannot be probed if - left empty. properties: path: default: /probe - description: Path to collect metrics from. Defaults to `/probe`. type: string proxyUrl: - description: Optional ProxyURL. type: string scheme: - description: HTTP scheme to use for scraping. `http` and `https` - are the expected values unless you rewrite the `__scheme__` - label via relabeling. If empty, Prometheus uses the default - value `http`. enum: - http - https type: string url: - description: Mandatory URL of the prober. type: string required: - url type: object sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. format: int64 type: integer scrapeTimeout: - description: Timeout for scraping metrics from the Prometheus exporter. - If not specified, the Prometheus global scrape timeout is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: - description: TargetLimit defines a limit on the number of scraped - targets that will be accepted. format: int64 type: integer targets: - description: Targets defines a set of static or dynamically discovered - targets to probe. properties: ingress: - description: ingress defines the Ingress objects to probe and - the relabeling configuration. If `staticConfig` is also defined, - `staticConfig` takes precedence. properties: namespaceSelector: - description: From which namespaces to select Ingress objects. properties: any: - description: Boolean describing whether all namespaces - are selected in contrast to a list restricting them. type: boolean matchNames: - description: List of namespace names to select from. items: type: string type: array type: object relabelingConfigs: - description: 'RelabelConfigs to apply to the label set of - the target before it gets scraped. The original ingress - address is available via the `__tmp_prometheus_ingress_address` - label. It can be used to customize the probed URL. The original - scrape job''s name is available via the `__tmp_prometheus_job_name` - label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of - the label set, being applied to samples before ingestion. - It defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -426,69 +276,33 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex - replace is performed if the regular expression matches. - Regex capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label - name which may only contain ASCII letters, numbers, - as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array selector: - description: Selector to select the Ingress objects. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. items: type: string type: array @@ -500,40 +314,21 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic type: object staticConfig: - description: 'staticConfig defines the static list of targets - to probe and the relabeling configuration. If `ingress` is also - defined, `staticConfig` takes precedence. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.' properties: labels: additionalProperties: type: string - description: Labels assigned to all metrics scraped from the - targets. type: object relabelingConfigs: - description: 'RelabelConfigs to apply to the label set of - the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of - the label set, being applied to samples before ingestion. - It defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -559,88 +354,52 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex - replace is performed if the regular expression matches. - Regex capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label - name which may only contain ASCII letters, numbers, - as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array static: - description: The list of hosts to probe. items: type: string type: array type: object type: object tlsConfig: - description: TLS configuration to use when scraping the endpoint. properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -648,40 +407,26 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -689,29 +434,20 @@ spec: x-kubernetes-map-type: atomic type: object insecureSkipVerify: - description: Disable target certificate validation. type: boolean keySecret: - description: Secret containing the client key file for the targets. properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object type: object diff --git a/charts/agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml b/charts/agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml index 5d661184cf..ff62f8f267 100644 --- a/charts/agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml +++ b/charts/agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml @@ -22,106 +22,61 @@ spec: - name: v1 schema: openAPIV3Schema: - description: ServiceMonitor defines monitoring for a set of services. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Specification of desired Service selection for target discovery - by Prometheus. properties: attachMetadata: - description: Attaches node metadata to discovered targets. Requires - Prometheus v2.37.0 and above. properties: node: - description: When set to true, Prometheus must have permissions - to get Nodes. type: boolean type: object endpoints: - description: A list of endpoints allowed as part of this ServiceMonitor. items: - description: Endpoint defines a scrapeable endpoint serving Prometheus - metrics. properties: authorization: - description: Authorization section for this endpoint properties: credentials: - description: The secret's key that contains the credentials - of the request properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error type: string type: object basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -129,67 +84,37 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenFile: - description: File to read bearer token for scraping targets. type: string bearerTokenSecret: - description: Secret to mount to read bearer token for scraping - targets. The secret needs to be in the same namespace as the - service monitor and accessible by the Prometheus Operator. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic enableHttp2: - description: Whether to enable HTTP2. type: boolean filterRunning: - description: 'Drop pods that are not running. (Failed, Succeeded). - Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase' type: boolean followRedirects: - description: FollowRedirects configures whether scrape requests - follow HTTP 3xx redirects. type: boolean honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. type: boolean honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. type: boolean interval: - description: Interval at which metrics should be scraped If - not specified Prometheus' global scrape interval is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string metricRelabelings: - description: MetricRelabelConfigs to apply to samples before - ingestion. items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -215,85 +140,46 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array oauth2: - description: OAuth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. properties: clientId: - description: The secret or configmap containing the OAuth2 - client id properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -301,19 +187,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -322,15 +201,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -343,37 +219,18 @@ spec: items: type: string type: array - description: Optional HTTP URL parameters type: object path: - description: HTTP path to scrape for metrics. If empty, Prometheus - uses the default value (e.g. `/metrics`). type: string port: - description: Name of the service port this endpoint refers to. - Mutually exclusive with targetPort. type: string proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. type: string relabelings: - description: 'RelabelConfigs to apply to samples before scraping. - Prometheus Operator automatically adds relabelings for a few - standard Kubernetes fields. The original scrape job''s name - is available via the `__tmp_prometheus_job_name` label. More - info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -399,107 +256,59 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array scheme: - description: HTTP scheme to use for scraping. `http` and `https` - are the expected values unless you rewrite the `__scheme__` - label via relabeling. If empty, Prometheus uses the default - value `http`. enum: - http - https type: string scrapeTimeout: - description: Timeout after which the scrape is ended If not - specified, the Prometheus global scrape timeout is used unless - it is less than `Interval` in which the latter is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: anyOf: - type: integer - type: string - description: Name or number of the target port of the Pod behind - the Service, the port must be specified with container port - property. Mutually exclusive with port. x-kubernetes-int-or-string: true tlsConfig: - description: TLS configuration to use when scraping the endpoint properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -507,47 +316,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -555,119 +345,65 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for the - targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object type: object type: array jobLabel: - description: "JobLabel selects the label from the associated Kubernetes - service which will be used as the `job` label for all metrics. \n - For example: If in `ServiceMonitor.spec.jobLabel: foo` and in `Service.metadata.labels.foo: - bar`, then the `job=\"bar\"` label is added to all metrics. \n If - the value of this field is empty or if the label doesn't exist for - the given Service, the `job` label of the metrics defaults to the - name of the Kubernetes Service." type: string labelLimit: - description: Per-scrape limit on number of labels that will be accepted - for a sample. Only valid in Prometheus versions 2.27.0 and newer. format: int64 type: integer labelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be - accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer labelValueLengthLimit: - description: Per-scrape limit on length of labels value that will - be accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer namespaceSelector: - description: Selector to select which namespaces the Kubernetes Endpoints - objects are discovered from. properties: any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. type: boolean matchNames: - description: List of namespace names to select from. items: type: string type: array type: object podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes `Pod` - onto the created metrics. items: type: string type: array sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. format: int64 type: integer selector: - description: Selector to select Endpoints objects. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -679,23 +415,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic targetLabels: - description: TargetLabels transfers labels from the Kubernetes `Service` - onto the created metrics. items: type: string type: array targetLimit: - description: TargetLimit defines a limit on the number of scraped - targets that will be accepted. format: int64 type: integer required: diff --git a/charts/agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml b/charts/agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml index fab68b18e6..4ec31d67a4 100644 --- a/charts/agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml +++ b/charts/agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml @@ -20,81 +20,32 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: GrafanaAgent defines a Grafana Agent deployment. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec holds the specification of the desired behavior for - the Grafana Agent cluster. properties: affinity: - description: Affinity, if specified, controls pod scheduling constraints. properties: nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). properties: preference: - description: A node selector term, associated with the - corresponding weight. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. items: type: string type: array @@ -104,33 +55,13 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. items: type: string type: array @@ -142,8 +73,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: @@ -152,50 +81,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. properties: nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. items: type: string type: array @@ -205,33 +102,13 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. items: type: string type: array @@ -249,61 +126,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -315,52 +153,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -372,40 +177,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -414,52 +198,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. items: type: string type: array @@ -471,47 +221,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. items: type: string type: array @@ -523,33 +245,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey @@ -557,62 +260,22 @@ spec: type: array type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -624,52 +287,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -681,40 +311,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -723,52 +332,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. items: type: string type: array @@ -780,47 +355,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. items: type: string type: array @@ -832,33 +379,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey @@ -867,83 +395,47 @@ spec: type: object type: object apiServer: - description: APIServerConfig lets you specify a host and auth methods - to access the Kubernetes API server. If left empty, the Agent assumes - that it is running inside of the cluster and will discover API servers - automatically and use the pod's CA certificate and bearer token - file at /var/run/secrets/kubernetes.io/serviceaccount. properties: authorization: - description: Authorization section for accessing apiserver properties: credentials: - description: The secret's key that contains the credentials - of the request properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic credentialsFile: - description: File to read a secret from, mutually exclusive - with Credentials (from SafeAuthorization) type: string type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error type: string type: object basicAuth: - description: BasicAuth allow an endpoint to authenticate over - basic authentication properties: password: - description: The secret in the service monitor namespace that - contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace that - contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -951,57 +443,34 @@ spec: x-kubernetes-map-type: atomic type: object bearerToken: - description: Bearer token for accessing apiserver. type: string bearerTokenFile: - description: File to read bearer token for accessing apiserver. type: string host: - description: Host of apiserver. A valid string consisting of a - hostname or IP followed by an optional port number type: string tlsConfig: - description: TLS Config to use for accessing apiserver. properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -1009,47 +478,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -1057,210 +507,102 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for the - targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object required: - host type: object configMaps: - description: ConfigMaps is a list of config maps in the same namespace - as the GrafanaAgent object which will be mounted into each running - Grafana Agent pod. The ConfigMaps are mounted into /var/lib/grafana-agent/extra-configmaps/. items: type: string type: array configReloaderImage: - description: Image, when specified, overrides the image used to run - Config Reloader. Specify the image along with a tag. You still need - to set the version to ensure Grafana Agent Operator knows which - version of Grafana Agent is being configured. type: string configReloaderVersion: - description: Version of Config Reloader to be deployed. type: string containers: - description: 'Containers lets you inject additional containers or - modify operator-generated containers. This can be used to add an - authentication proxy to a Grafana Agent pod or to change the behavior - of an operator-generated container. Containers described here modify - an operator-generated container if they share the same name and - if modifications are done via a strategic merge patch. The current - container names are: `grafana-agent` and `config-reloader`. Overriding - containers is entirely outside the scope of what the Grafana Agent - team supports and by doing so, you accept that this behavior may - break at any time without notice.' items: - description: A single application container that you want to run - within a pod. properties: args: - description: 'Arguments to the entrypoint. The container image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. - The container image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: - description: List of environment variables to set in the container. - Cannot be updated. items: - description: EnvVar represents an environment variable present - in a Container. properties: name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the pod's - namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -1272,111 +614,53 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set - of ConfigMaps properties: configMapRef: - description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap must be - defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. items: type: string type: array type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -1384,97 +668,49 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period (unless delayed by finalizers). Other management - of the container blocks until the hook completes or until - the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. items: type: string type: array type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -1482,40 +718,25 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -1523,71 +744,37 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -1595,126 +782,62 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. type: string ports: - description: List of ports to expose from the container. Not - specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Modifying this array with strategic merge patch may corrupt - the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. items: - description: ContainerPort represents a network port in a - single container. properties: containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: - description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. type: string protocol: default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". type: string required: - containerPort @@ -1725,71 +848,37 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -1797,97 +886,51 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resizePolicy: - description: Resources resize policy for the container. items: - description: ContainerResizePolicy represents resource resize - policy for the container. properties: resourceName: - description: 'Name of the resource to which this resource - resize policy applies. Supported values: cpu, memory.' type: string restartPolicy: - description: Restart policy to apply when specified resource - is resized. If not specified, it defaults to NotRequired. type: string required: - resourceName @@ -1896,23 +939,11 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only - be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. type: string required: - name @@ -1928,8 +959,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1938,275 +967,103 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object restartPolicy: - description: 'RestartPolicy defines the restart behavior of - individual containers in a pod. This field may only be set - for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod''s restart policy - and the container type. Setting the RestartPolicy as "Always" - for the init container will have the following effect: this - init container will be continually restarted on exit until - all regular containers have terminated. Once all regular containers - have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init - containers and is often referred to as a "sidecar" container. - Although this init container still starts in the init container - sequence, it does not wait for the container to complete before - proceeding to the next init container. Instead, the next init - container starts immediately after this init container is - started, or after any startupProbe has successfully completed.' type: string securityContext: - description: 'SecurityContext defines the security options the - container should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' type: boolean capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array drop: - description: Removed capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. properties: level: - description: Level is SELinux level label that applies - to the container. type: string role: - description: Role is a SELinux role label that applies - to the container. type: string type: - description: Type is a SELinux type label that applies - to the container. type: string user: - description: User is a SELinux user label that applies - to the container. type: string type: object seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's - containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -2214,139 +1071,61 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. type: boolean stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. items: - description: volumeDevice describes a mapping of a raw block - device within a container. properties: devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim - in the pod type: string required: - devicePath @@ -2354,40 +1133,19 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume - within a container. properties: mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. type: string required: - mountPath @@ -2395,9 +1153,6 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. type: string required: - name @@ -2405,190 +1160,88 @@ spec: type: array disableReporting: default: false - description: disableReporting disables reporting of enabled feature - flags to Grafana. type: boolean disableSupportBundle: default: false - description: disableSupportBundle disables the generation of support - bundles. type: boolean enableConfigReadAPI: default: false - description: enableConfigReadAPI enables the read API for viewing - the currently running config port 8080 on the agent. type: boolean image: - description: Image, when specified, overrides the image used to run - Agent. Specify the image along with a tag. You still need to set - the version to ensure Grafana Agent Operator knows which version - of Grafana Agent is being configured. type: string imagePullSecrets: - description: 'ImagePullSecrets holds an optional list of references - to Secrets within the same namespace used for pulling the Grafana - Agent image from registries. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic type: array initContainers: - description: 'InitContainers let you add initContainers to the pod - definition. These can be used to, for example, fetch secrets for - injection into the Grafana Agent configuration from external sources. - Errors during the execution of an initContainer cause the pod to - restart. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - Using initContainers for any use case other than secret fetching - is entirely outside the scope of what the Grafana Agent maintainers - support and by doing so, you accept that this behavior may break - at any time without notice.' items: - description: A single application container that you want to run - within a pod. properties: args: - description: 'Arguments to the entrypoint. The container image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. - The container image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: - description: List of environment variables to set in the container. - Cannot be updated. items: - description: EnvVar represents an environment variable present - in a Container. properties: name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the pod's - namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -2600,111 +1253,53 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set - of ConfigMaps properties: configMapRef: - description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap must be - defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. items: type: string type: array type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -2712,97 +1307,49 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period (unless delayed by finalizers). Other management - of the container blocks until the hook completes or until - the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. items: type: string type: array type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -2810,40 +1357,25 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -2851,71 +1383,37 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -2923,126 +1421,62 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. type: string ports: - description: List of ports to expose from the container. Not - specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Modifying this array with strategic merge patch may corrupt - the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. items: - description: ContainerPort represents a network port in a - single container. properties: containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: - description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. type: string protocol: default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". type: string required: - containerPort @@ -3053,71 +1487,37 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -3125,97 +1525,51 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resizePolicy: - description: Resources resize policy for the container. items: - description: ContainerResizePolicy represents resource resize - policy for the container. properties: resourceName: - description: 'Name of the resource to which this resource - resize policy applies. Supported values: cpu, memory.' type: string restartPolicy: - description: Restart policy to apply when specified resource - is resized. If not specified, it defaults to NotRequired. type: string required: - resourceName @@ -3224,23 +1578,11 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only - be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. type: string required: - name @@ -3256,8 +1598,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -3266,275 +1606,103 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object restartPolicy: - description: 'RestartPolicy defines the restart behavior of - individual containers in a pod. This field may only be set - for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod''s restart policy - and the container type. Setting the RestartPolicy as "Always" - for the init container will have the following effect: this - init container will be continually restarted on exit until - all regular containers have terminated. Once all regular containers - have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init - containers and is often referred to as a "sidecar" container. - Although this init container still starts in the init container - sequence, it does not wait for the container to complete before - proceeding to the next init container. Instead, the next init - container starts immediately after this init container is - started, or after any startupProbe has successfully completed.' type: string securityContext: - description: 'SecurityContext defines the security options the - container should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' type: boolean capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array drop: - description: Removed capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. properties: level: - description: Level is SELinux level label that applies - to the container. type: string role: - description: Role is a SELinux role label that applies - to the container. type: string type: - description: Type is a SELinux type label that applies - to the container. type: string user: - description: User is a SELinux user label that applies - to the container. type: string type: object seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's - containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -3542,139 +1710,61 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. type: boolean stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. items: - description: volumeDevice describes a mapping of a raw block - device within a container. properties: devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim - in the pod type: string required: - devicePath @@ -3682,40 +1772,19 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume - within a container. properties: mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. type: string required: - mountPath @@ -3723,47 +1792,23 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. type: string required: - name type: object type: array integrations: - description: Integrations controls the integration subsystem of the - Agent and settings unique to deployed integration-specific pods. properties: namespaceSelector: - description: "Label selector for namespaces to search when discovering - integration resources. If nil, integration resources are only - discovered in the namespace of the GrafanaAgent resource. \n - Set to `{}` to search all namespaces." properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -3775,41 +1820,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic selector: - description: Label selector to find Integration resources to run. - When nil, no integration resources will be defined. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -3821,91 +1844,49 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic type: object logFormat: - description: LogFormat controls the logging format of the generated - pods. Defaults to "logfmt" if not set. type: string logLevel: - description: LogLevel controls the log level of the generated pods. - Defaults to "info" if not set. type: string logs: - description: Logs controls the logging subsystem of the Agent and - settings unique to logging-specific pods that are deployed. properties: clients: - description: A global set of clients to use when a discovered - LogsInstance does not have any clients defined. items: - description: LogsClientSpec defines the client integration for - logs, indicating which Loki server to send logs to. properties: backoffConfig: - description: Configures how to retry requests to Loki when - a request fails. Defaults to a minPeriod of 500ms, maxPeriod - of 5m, and maxRetries of 10. properties: maxPeriod: - description: Maximum backoff time between retries. type: string maxRetries: - description: Maximum number of retries to perform before - giving up a request. type: integer minPeriod: - description: Initial backoff time between retries. Time - between retries is increased exponentially. type: string type: object basicAuth: - description: BasicAuth for the Loki server. properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -3913,70 +1894,40 @@ spec: x-kubernetes-map-type: atomic type: object batchSize: - description: Maximum batch size (in bytes) of logs to accumulate - before sending the batch to Loki. type: integer batchWait: - description: Maximum amount of time to wait before sending - a batch, even if that batch isn't full. type: string bearerToken: - description: BearerToken used for remote_write. type: string bearerTokenFile: - description: BearerTokenFile used to read bearer token. type: string externalLabels: additionalProperties: type: string - description: ExternalLabels are labels to add to any time - series when sending data to Loki. type: object oauth2: - description: Oauth2 for URL properties: clientId: - description: The secret or configmap containing the - OAuth2 client id properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -3984,21 +1935,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client - secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -4007,15 +1949,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -4024,64 +1963,34 @@ spec: - tokenUrl type: object proxyUrl: - description: ProxyURL to proxy requests through. Optional. type: string tenantId: - description: Tenant ID used by default to push logs to Loki. - If omitted assumes remote Loki is running in single-tenant - mode or an authentication layer is used to inject an X-Scope-OrgID - header. type: string timeout: - description: Maximum time to wait for a server to respond - to a request. type: string tlsConfig: - description: TLSConfig to use for the client. Only used - when the protocol of the URL is https. properties: ca: - description: Certificate authority used when verifying - server certificates. properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -4089,51 +1998,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing - client-authentication. properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -4141,89 +2027,46 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for - the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object url: - description: 'URL is the URL where Loki is listening. Must - be a full HTTP URL, including protocol. Required. Example: - https://logs-prod-us-central1.grafana.net/loki/api/v1/push.' type: string required: - url type: object type: array enforcedNamespaceLabel: - description: EnforcedNamespaceLabel enforces adding a namespace - label of origin for each metric that is user-created. The label - value will always be the namespace of the object that is being - created. type: string ignoreNamespaceSelectors: - description: IgnoreNamespaceSelectors, if true, will ignore NamespaceSelector - settings from the PodLogs configs, and they will only discover - endpoints within their current namespace. type: boolean instanceNamespaceSelector: - description: InstanceNamespaceSelector are the set of labels to - determine which namespaces to watch for LogInstances. If not - provided, only checks own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -4235,42 +2078,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic instanceSelector: - description: InstanceSelector determines which LogInstances should - be selected for running. Each instance runs its own set of Prometheus - components, including service discovery, scraping, and remote_write. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -4282,98 +2102,43 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic logsExternalLabelName: - description: LogsExternalLabelName is the name of the external - label used to denote Grafana Agent cluster. Defaults to "cluster." - External label will _not_ be added when value is set to the - empty string. type: string type: object metrics: - description: Metrics controls the metrics subsystem of the Agent and - settings unique to metrics-specific pods that are deployed. properties: arbitraryFSAccessThroughSMs: - description: ArbitraryFSAccessThroughSMs configures whether configuration - based on a ServiceMonitor can access arbitrary files on the - file system of the Grafana Agent container, e.g., bearer token - files. properties: deny: type: boolean type: object enforcedNamespaceLabel: - description: EnforcedNamespaceLabel enforces adding a namespace - label of origin for each metric that is user-created. The label - value is always the namespace of the object that is being created. type: string enforcedSampleLimit: - description: EnforcedSampleLimit defines a global limit on the - number of scraped samples that are accepted. This overrides - any SampleLimit set per ServiceMonitor and/or PodMonitor. It - is meant to be used by admins to enforce the SampleLimit to - keep the overall number of samples and series under the desired - limit. Note that if a SampleLimit from a ServiceMonitor or PodMonitor - is lower, that value is used instead. format: int64 type: integer enforcedTargetLimit: - description: EnforcedTargetLimit defines a global limit on the - number of scraped targets. This overrides any TargetLimit set - per ServiceMonitor and/or PodMonitor. It is meant to be used - by admins to enforce the TargetLimit to keep the overall number - of targets under the desired limit. Note that if a TargetLimit - from a ServiceMonitor or PodMonitor is higher, that value is - used instead. format: int64 type: integer externalLabels: additionalProperties: type: string - description: ExternalLabels are labels to add to any time series - when sending data over remote_write. type: object ignoreNamespaceSelectors: - description: IgnoreNamespaceSelectors, if true, ignores NamespaceSelector - settings from the PodMonitor and ServiceMonitor configs, so - that they only discover endpoints within their current namespace. type: boolean instanceNamespaceSelector: - description: InstanceNamespaceSelector is the set of labels that - determines which namespaces to watch for MetricsInstances. If - not provided, it only checks its own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -4385,43 +2150,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic instanceSelector: - description: InstanceSelector determines which MetricsInstances - should be selected for running. Each instance runs its own set - of Metrics components, including service discovery, scraping, - and remote_write. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -4433,77 +2174,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic metricsExternalLabelName: - description: MetricsExternalLabelName is the name of the external - label used to denote Grafana Agent cluster. Defaults to "cluster." - The external label is _not_ added when the value is set to the - empty string. type: string overrideHonorLabels: - description: OverrideHonorLabels, if true, overrides all configured - honor_labels read from ServiceMonitor or PodMonitor and sets - them to false. type: boolean overrideHonorTimestamps: - description: OverrideHonorTimestamps allows global enforcement - for honoring timestamps in all scrape configs. type: boolean remoteWrite: - description: RemoteWrite controls default remote_write settings - for all instances. If an instance does not provide its own RemoteWrite - settings, these will be used instead. items: - description: RemoteWriteSpec defines the remote_write configuration - for Prometheus. properties: basicAuth: - description: BasicAuth for the URL. properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -4511,82 +2214,45 @@ spec: x-kubernetes-map-type: atomic type: object bearerToken: - description: BearerToken used for remote_write. type: string bearerTokenFile: - description: BearerTokenFile used to read bearer token. type: string headers: additionalProperties: type: string - description: Headers is a set of custom HTTP headers to - be sent along with each remote_write request. Be aware - that any headers set by Grafana Agent itself can't be - overwritten. type: object metadataConfig: - description: MetadataConfig configures the sending of series - metadata to remote storage. properties: send: - description: Send enables metric metadata to be sent - to remote storage. type: boolean sendInterval: - description: SendInterval controls how frequently metric - metadata is sent to remote storage. type: string type: object name: - description: Name of the remote_write queue. Must be unique - if specified. The name is used in metrics and logging - in order to differentiate queues. type: string oauth2: - description: Oauth2 for URL properties: clientId: - description: The secret or configmap containing the - OAuth2 client id properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -4594,21 +2260,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client - secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -4617,15 +2274,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -4634,109 +2288,57 @@ spec: - tokenUrl type: object proxyUrl: - description: ProxyURL to proxy requests through. Optional. type: string queueConfig: - description: QueueConfig allows tuning of the remote_write - queue parameters. properties: batchSendDeadline: - description: BatchSendDeadline is the maximum time a - sample will wait in the buffer. type: string capacity: - description: Capacity is the number of samples to buffer - per shard before samples start being dropped. type: integer maxBackoff: - description: MaxBackoff is the maximum retry delay. type: string maxRetries: - description: MaxRetries is the maximum number of times - to retry a batch on recoverable errors. type: integer maxSamplesPerSend: - description: MaxSamplesPerSend is the maximum number - of samples per send. type: integer maxShards: - description: MaxShards is the maximum number of shards, - i.e., the amount of concurrency. type: integer minBackoff: - description: MinBackoff is the initial retry delay. - MinBackoff is doubled for every retry. type: string minShards: - description: MinShards is the minimum number of shards, - i.e., the amount of concurrency. type: integer retryOnRateLimit: - description: RetryOnRateLimit retries requests when - encountering rate limits. type: boolean type: object remoteTimeout: - description: RemoteTimeout is the timeout for requests to - the remote_write endpoint. type: string sigv4: - description: SigV4 configures SigV4-based authentication - to the remote_write endpoint. SigV4-based authentication - is used if SigV4 is defined, even with an empty object. properties: accessKey: - description: AccessKey holds the secret of the AWS API - access key to use for signing. If not provided, the - environment variable AWS_ACCESS_KEY_ID is used. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic profile: - description: Profile is the named AWS profile to use - for authentication. type: string region: - description: Region of the AWS endpoint. If blank, the - region from the default credentials chain is used. type: string roleARN: - description: RoleARN is the AWS Role ARN to use for - authentication, as an alternative for using the AWS - API keys. type: string secretKey: - description: SecretKey of the AWS API to use for signing. - If blank, the environment variable AWS_SECRET_ACCESS_KEY - is used. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -4744,50 +2346,28 @@ spec: x-kubernetes-map-type: atomic type: object tlsConfig: - description: TLSConfig to use for remote_write. properties: ca: - description: Certificate authority used when verifying - server certificates. properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -4795,51 +2375,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing - client-authentication. properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -4847,59 +2404,33 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for - the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object url: - description: URL of the endpoint to send samples to. type: string writeRelabelConfigs: - description: WriteRelabelConfigs holds relabel_configs to - relabel samples before they are sent to the remote_write - endpoint. items: - description: 'RelabelConfig allows dynamic rewriting of - the label set, being applied to samples before ingestion. - It defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -4925,40 +2456,20 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the - extracted value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex - replace is performed if the regular expression matches. - Regex capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated - source label values. default is ';'. type: string sourceLabels: - description: The source labels select values from - existing labels. Their content is concatenated using - the configured separator and matched against the - configured regular expression for the replace, keep, - and drop actions. items: - description: LabelName is a valid Prometheus label - name which may only contain ASCII letters, numbers, - as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is - written in a replace action. It is mandatory for - replace actions. Regex capture groups are available. type: string type: object type: array @@ -4967,96 +2478,47 @@ spec: type: object type: array replicaExternalLabelName: - description: ReplicaExternalLabelName is the name of the metrics - external label used to denote the replica name. Defaults to - __replica__. The external label is _not_ added when the value - is set to the empty string. type: string replicas: - description: Replicas of each shard to deploy for metrics pods. - Number of replicas multiplied by the number of shards is the - total number of pods created. format: int32 type: integer scrapeInterval: - description: ScrapeInterval is the time between consecutive scrapes. type: string scrapeTimeout: - description: ScrapeTimeout is the time to wait for a target to - respond before marking a scrape as failed. type: string shards: - description: Shards to distribute targets onto. Number of replicas - multiplied by the number of shards is the total number of pods - created. Note that scaling down shards does not reshard data - onto remaining instances; it must be manually moved. Increasing - shards does not reshard data either, but it will continue to - be available from the same instances. Sharding is performed - on the content of the __address__ target meta-label. format: int32 type: integer type: object nodeSelector: additionalProperties: type: string - description: NodeSelector defines which nodes pods should be scheduling - on. type: object paused: - description: Paused prevents actions except for deletion to be performed - on the underlying managed objects. type: boolean podMetadata: - description: PodMetadata configures Labels and Annotations which are - propagated to created Grafana Agent pods. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a - client to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object portName: - description: Port name used for the pods and governing service. This - defaults to agent-metrics. type: string priorityClassName: - description: PriorityClassName is the priority class assigned to pods. type: string resources: - description: Resources holds requests and limits for individual pods. properties: claims: - description: "Claims lists the names of resources, defined in - spec.resourceClaims, that are used by this container. \n This - is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be set - for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource - available inside a container. type: string required: - name @@ -5072,8 +2534,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5082,151 +2542,60 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: - description: RuntimeClassName is the runtime class assigned to pods. type: string secrets: - description: Secrets is a list of secrets in the same namespace as - the GrafanaAgent object which will be mounted into each running - Grafana Agent pod. The secrets are mounted into /var/lib/grafana-agent/extra-secrets/. items: type: string type: array securityContext: - description: SecurityContext holds pod-level security attributes and - common container settings. When unspecified, defaults to the default - PodSecurityContext. properties: fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit is - set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions of - any volume. Note that this field cannot be set when spec.os.name - is windows." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will have - no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". - If not specified, "Always" is used. Note that this field cannot - be set when spec.os.name is windows.' type: string runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field cannot - be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. properties: level: - description: Level is SELinux level label that applies to - the container. type: string role: - description: Role is a SELinux role label that applies to - the container. type: string type: - description: Type is a SELinux type label that applies to - the container. type: string user: - description: User is a SELinux user label that applies to - the container. type: string type: object seccompProfile: - description: The seccomp options to use by the containers in this - pod. Note that this field cannot be set when spec.os.name is - windows. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile must be - preconfigured on the node to work. Must be a descending - path, relative to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". Must NOT be - set for any other type. type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - a profile - defined in a file on the node should be used. RuntimeDefault - - the container runtime default profile should be used. - Unconfined - no profile should be applied." type: string required: - type type: object supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary GID, - the fsGroup (if specified), and group memberships defined in - the container image for the uid of the container process. If - unspecified, no additional groups are added to any container. - Note that group memberships defined in the container image for - the uid of the container process are still effective, even if - they are not included in this list. Note that this field cannot - be set when spec.os.name is windows. items: format: int64 type: integer type: array sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. Note that this field cannot be set when - spec.os.name is windows. items: - description: Sysctl defines a kernel parameter to be set properties: name: - description: Name of a property to set type: string value: - description: Value of a property to set type: string required: - name @@ -5234,146 +2603,53 @@ spec: type: object type: array windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by - the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's containers - must have the same effective HostProcess value (it is not - allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true then HostNetwork - must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. type: string type: object type: object serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount - to use for running Grafana Agent pods. type: string storage: - description: Storage spec to specify how storage will be used. properties: disableMountSubPath: - description: '*Deprecated: subPath usage will be removed in a - future release.*' type: boolean emptyDir: - description: 'EmptyDirVolumeSource to be used by the StatefulSet. - If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. - More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all containers - in a pod. The default is nil which means that the limit - is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: 'EphemeralVolumeSource to be used by the StatefulSet. - This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, - starting with k8s 1.19, it requires enabling the GenericEphemeralVolume - feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes' properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC will - be deleted together with the pod. The name of the PVC will - be `-` where `` is the - name from the `PodSpec.Volumes` array entry. Pod validation - will reject the pod if the concatenated name is not valid - for a PVC (for example, too long). \n An existing PVC with - that name that is not owned by the pod will *not* be used - for the pod to avoid using an unrelated volume by mistake. - Starting the pod is then blocked until the unrelated PVC - is removed. If such a pre-created PVC is meant to be used - by the pod, the PVC has to updated with an owner reference - to the pod once the pod exists. Normally this should not - be necessary, but it may be useful when manually reconstructing - a broken cluster. \n This field is read-only and no changes - will be made by Kubernetes to the PVC after it has been - created. \n Required, must not be nil." properties: metadata: - description: May contain labels and annotations that will - be copied into the PVC when creating it. No other fields - are allowed and will be rejected during validation. type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified data - source. When the AnyVolumeDataSource feature gate - is enabled, dataSource contents will be copied to - dataSourceRef, and dataSourceRef contents will be - copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string required: - kind @@ -5381,90 +2657,25 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from - which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a - non-empty API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic - provisioner. This field will replace the functionality - of the dataSource field and as such if both fields - are non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t specified - in dataSourceRef, both fields (dataSource and dataSourceRef) - will be set to the same value automatically if one - of them is empty and the other is non-empty. When - namespace is specified in dataSourceRef, dataSource - isn''t set to the same value and must be empty. - There are three important differences between dataSource - and dataSourceRef: * While dataSource only allows - two specific types of objects, dataSourceRef allows - any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves all values, - and generates an error if a disallowed value is - specified. * While dataSource only allows local - objects, dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the namespace - field of dataSourceRef requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept the - reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It - can only be set for containers." items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of - one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes - that resource available inside a container. type: string required: - name @@ -5480,8 +2691,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5490,43 +2699,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes - to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. items: type: string type: array @@ -5538,27 +2722,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem is - implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference to - the PersistentVolume backing this claim. type: string type: object required: @@ -5566,87 +2737,37 @@ spec: type: object type: object volumeClaimTemplate: - description: Defines the PVC spec to be used by the Prometheus - StatefulSets. The easiest way to use a volume that cannot be - automatically provisioned is to use a label selector alongside - manually created PersistentVolumes. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: - description: EmbeddedMetadata contains metadata relevant to - an EmbeddedResource. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. They - are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a namespace. - Is required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be - updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object spec: - description: 'Defines the desired characteristics of a volume - requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the provisioner - or an external controller can support the specified - data source, it will create a new volume based on the - contents of the specified data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource contents will be - copied to dataSourceRef, and dataSourceRef contents - will be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, then - dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -5654,85 +2775,25 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from - which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty - API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic provisioner. - This field will replace the functionality of the dataSource - field and as such if both fields are non-empty, they - must have the same value. For backwards compatibility, - when namespace isn''t specified in dataSourceRef, both - fields (dataSource and dataSourceRef) will be set to - the same value automatically if one of them is empty - and the other is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t set to the same - value and must be empty. There are three important differences - between dataSource and dataSourceRef: * While dataSource - only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves all values, - and generates an error if a disallowed value is specified. - * While dataSource only allows local objects, dataSourceRef - allows objects in any namespaces. (Beta) Using this - field requires the AnyVolumeDataSource feature gate - to be enabled. (Alpha) Using the namespace field of - dataSourceRef requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant object - is required in the referent namespace to allow that - namespace's owner to accept the reference. See the - ReferenceGrant documentation for details. (Alpha) - This field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify resource - requirements that are lower than previous value but - must still be higher than capacity recorded in the status - field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used by - this container. \n This is an alpha field and requires - enabling the DynamicResourceAllocation feature gate. - \n This field is immutable. It can only be set for - containers." items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the Pod - where this field is used. It makes that resource - available inside a container. type: string required: - name @@ -5748,8 +2809,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5758,42 +2817,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes to - consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. items: type: string type: array @@ -5805,80 +2840,25 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the StorageClass - required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: - description: volumeMode defines what type of volume is - required by the claim. Value of Filesystem is implied - when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference to the - PersistentVolume backing this claim. type: string type: object status: - description: '*Deprecated: this field is never set.*' properties: accessModes: - description: 'accessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array allocatedResourceStatuses: additionalProperties: - description: When a controller receives persistentvolume - claim update with ClaimResourceStatus for a resource - that it does not recognizes, then it should ignore - that update and let other controllers handle it. type: string - description: "allocatedResourceStatuses stores status - of resource being resized for the given PVC. Key names - follow standard Kubernetes label syntax. Valid values - are either: * Un-prefixed keys: - storage - the capacity - of the volume. * Custom resources must use implementation-defined - prefixed names such as \"example.com/my-custom-resource\" - Apart from above values - keys that are unprefixed or - have kubernetes.io prefix are considered reserved and - hence may not be used. \n ClaimResourceStatus can be - in any of following states: - ControllerResizeInProgress: - State set when resize controller starts resizing the - volume in control-plane. - ControllerResizeFailed: State - set when resize has failed in resize controller with - a terminal error. - NodeResizePending: State set when - resize controller has finished resizing the volume but - further resizing of volume is needed on the node. - - NodeResizeInProgress: State set when kubelet starts - resizing the volume. - NodeResizeFailed: State set when - resizing has failed in kubelet with a terminal error. - Transient errors don't set NodeResizeFailed. For example: - if expanding a PVC for more capacity - this field can - be one of the following states: - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeFailed\" When this field is not set, it - means that no resize operation is in progress for the - given PVC. \n A controller that receives PVC update - with previously unknown resourceName or ClaimResourceStatus - should ignore the update for the purpose it was designed. - For example - a controller that only is responsible - for resizing capacity of the volume, should ignore PVC - updates that change other valid resources associated - with PVC. \n This is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature." type: object x-kubernetes-map-type: granular allocatedResources: @@ -5888,31 +2868,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: "allocatedResources tracks the resources - allocated to a PVC including its capacity. Key names - follow standard Kubernetes label syntax. Valid values - are either: * Un-prefixed keys: - storage - the capacity - of the volume. * Custom resources must use implementation-defined - prefixed names such as \"example.com/my-custom-resource\" - Apart from above values - keys that are unprefixed or - have kubernetes.io prefix are considered reserved and - hence may not be used. \n Capacity reported here may - be larger than the actual capacity when a volume expansion - operation is requested. For storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used. If allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation. If a volume expansion - capacity request is lowered, allocatedResources is only - lowered if there are no expansion operations in progress - and if the actual volume capacity is equal or lower - than the requested capacity. \n A controller that receives - PVC update with previously unknown resourceName should - ignore the update for the purpose it was designed. For - example - a controller that only is responsible for - resizing capacity of the volume, should ignore PVC updates - that change other valid resources associated with PVC. - \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature." type: object capacity: additionalProperties: @@ -5921,43 +2876,23 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: capacity represents the actual resources - of the underlying volume. type: object conditions: - description: conditions is the current Condition of persistent - volume claim. If underlying persistent volume is being - resized then the Condition will be set to 'ResizeStarted'. items: - description: PersistentVolumeClaimCondition contains - details about state of pvc properties: lastProbeTime: - description: lastProbeTime is the time we probed - the condition. format: date-time type: string lastTransitionTime: - description: lastTransitionTime is the time the - condition transitioned from one status to another. format: date-time type: string message: - description: message is the human-readable message - indicating details about last transition. type: string reason: - description: reason is a unique, this should be - a short, machine understandable string that gives - the reason for condition's last transition. If - it reports "ResizeStarted" that means the underlying - persistent volume is being resized. type: string status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type type: string required: - status @@ -5965,86 +2900,39 @@ spec: type: object type: array phase: - description: phase represents the current phase of PersistentVolumeClaim. type: string type: object type: object type: object tolerations: - description: Tolerations, if specified, controls the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . properties: effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. type: string operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. type: string type: object type: array topologySpreadConstraints: - description: TopologySpreadConstraints, if specified, controls the - pod's topology spread constraints. items: - description: TopologySpreadConstraint specifies how to spread matching - pods among the given topology. properties: labelSelector: - description: LabelSelector is used to find matching pods. Pods - that match this label selector are counted to determine the - number of pods in their corresponding topology domain. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. items: type: string type: array @@ -6056,126 +2944,27 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select - the pods over which spreading will be calculated. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are ANDed with labelSelector to select the - group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in - both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot - be set when LabelSelector isn't set. Keys that don't exist - in the incoming pod labels will be ignored. A null or empty - list means only match against labelSelector. \n This is a - beta field and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled by default)." items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes the degree to which pods may - be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference between the number - of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods - in an eligible domain or zero if the number of eligible domains - is less than MinDomains. For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with the same labelSelector - spread as 2/2/1: In this case, the global minimum is 1. | - zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew - is 1, incoming pod can only be scheduled to zone3 to become - 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) - on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming - pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to topologies that satisfy - it. It''s a required field. Default value is 1 and 0 is not - allowed.' format: int32 type: integer minDomains: - description: "MinDomains indicates a minimum number of eligible - domains. When the number of eligible domains with matching - topology keys is less than minDomains, Pod Topology Spread - treats \"global minimum\" as 0, and then the calculation of - Skew is performed. And when the number of eligible domains - with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. As a result, when - the number of eligible domains is less than minDomains, scheduler - won't schedule more than maxSkew Pods to those domains. If - value is nil, the constraint behaves as if MinDomains is equal - to 1. Valid values are integers greater than 0. When value - is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For - example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains - is set to 5 and pods with the same labelSelector spread as - 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | - The number of domains is less than 5(MinDomains), so \"global - minimum\" is treated as 0. In this situation, new pod with - the same labelSelector cannot be scheduled, because computed - skew will be 3(3 - 0) if new Pod is scheduled to any of the - three zones, it will violate MaxSkew. \n This is a beta field - and requires the MinDomainsInPodTopologySpread feature gate - to be enabled (enabled by default)." format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat - Pod's nodeAffinity/nodeSelector when calculating pod topology - spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector - are included in the calculations. - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included in the calculations. \n - If this value is nil, the behavior is equivalent to the Honor - policy. This is a beta-level feature default enabled by the - NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node - taints when calculating pod topology spread skew. Options - are: - Honor: nodes without taints, along with tainted nodes - for which the incoming pod has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - \n If this value is nil, the behavior is equivalent to the - Ignore policy. This is a beta-level feature default enabled - by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: - description: TopologyKey is the key of node labels. Nodes that - have a label with this key and identical values are considered - to be in the same topology. We consider each - as a "bucket", and try to put balanced number of pods into - each bucket. We define a domain as a particular instance of - a topology. Also, we define an eligible domain as a domain - whose nodes meet the requirements of nodeAffinityPolicy and - nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. And, if TopologyKey - is "topology.kubernetes.io/zone", each zone is a domain of - that topology. It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with a - pod if it doesn''t satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to schedule it. - ScheduleAnyway - tells the scheduler to schedule the pod in any location, but - giving higher precedence to topologies that would help reduce - the skew. A constraint is considered "Unsatisfiable" for an - incoming pod if and only if every possible node assignment - for that pod would violate "MaxSkew" on some topology. For - example, in a 3-zone cluster, MaxSkew is set to 1, and pods - with the same labelSelector spread as 3/1/1: | zone1 | zone2 - | zone3 | | P P P | P | P | If WhenUnsatisfiable is - set to DoNotSchedule, incoming pod can only be scheduled to - zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on - zone2(zone3) satisfies MaxSkew(1). In other words, the cluster - can still be imbalanced, but scheduler won''t make it *more* - imbalanced. It''s a required field.' type: string required: - maxSkew @@ -6184,44 +2973,21 @@ spec: type: object type: array version: - description: Version of Grafana Agent to be deployed. type: string volumeMounts: - description: VolumeMounts lets you configure additional VolumeMounts - on the output StatefulSet definition. Specified VolumeMounts are - appended to other VolumeMounts generated as a result of StorageSpec - objects in the Grafana Agent container. items: - description: VolumeMount describes a mounting of a Volume within - a container. properties: mountPath: - description: Path within the container at which the volume should - be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly to - SubPath but environment variable references $(VAR_NAME) are - expanded using the container's environment. Defaults to "" - (volume's root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -6229,224 +2995,106 @@ spec: type: object type: array volumes: - description: Volumes allows configuration of additional volumes on - the output StatefulSet definition. The volumes specified are appended - to other volumes that are generated as a result of StorageSpec objects. items: - description: Volume represents a named volume in a pod that may - be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will force the readOnly - setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID of the persistent disk - resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the Host Caching mode: None, - Read Only, Read Write.' type: string diskName: - description: diskName is the Name of the data disk in the - blob storage type: string diskURI: - description: diskURI is the URI of data disk in the blob - storage type: string fsType: - description: fsType is Filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. properties: readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: secretName is the name of secret that contains - Azure Storage Account Name and Key type: string shareName: - description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'path is Optional: Used as the mounted root, - rather than the full Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: SecretRef is reference - to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume attached and - mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: points to a secret - object containing parameters used to connect to OpenStack.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap that should populate - this volume properties: defaultMode: - description: 'defaultMode is optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error unless it is - marked optional. Paths must be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. type: string required: - key @@ -6454,139 +3102,66 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: optional specify whether the ConfigMap or its - keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). properties: driver: - description: driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated - CSI driver which will determine the default filesystem - to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward API about the pod - that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a Optional: mode bits used to set - permissions on created files by default. Must be an octal - value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: Items is a list of downward API volume file items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field properties: fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to set permissions - on this file, must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource @@ -6598,114 +3173,35 @@ spec: type: array type: object emptyDir: - description: 'emptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the - SizeLimit specified here and the sum of memory limits - of all containers in a pod. The default is nil which means - that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume that is handled - by a cluster storage driver. The volume's lifecycle is tied - to the pod that defines it - it will be created before the - pod starts, and deleted when the pod is removed. \n Use this - if: a) the volume is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot or capacity - tracking are needed, c) the storage driver is specified through - a storage class, and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this volume - type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that persist - for longer than the lifecycle of an individual pod. \n Use - CSI for light-weight local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation of the - driver for more information. \n A pod can use both types of - ephemeral volumes and persistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC - will be deleted together with the pod. The name of the - PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the concatenated - name is not valid for a PVC (for example, too long). \n - An existing PVC with that name that is not owned by the - pod will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC - is meant to be used by the pod, the PVC has to updated - with an owner reference to the pod once the pod exists. - Normally this should not be necessary, but it may be useful - when manually reconstructing a broken cluster. \n This - field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. \n Required, must - not be nil." properties: metadata: - description: May contain labels and annotations that - will be copied into the PVC when creating it. No other - fields are allowed and will be rejected during validation. type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified - data source. When the AnyVolumeDataSource feature - gate is enabled, dataSource contents will be copied - to dataSourceRef, and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string required: - kind @@ -6713,94 +3209,25 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object - from which to populate the volume with data, if - a non-empty volume is desired. This may be any - object from a non-empty API group (non core object) - or a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed - if the type of the specified object matches some - installed volume populator or dynamic provisioner. - This field will replace the functionality of the - dataSource field and as such if both fields are - non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t - specified in dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to the same value - automatically if one of them is empty and the - other is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t set to the - same value and must be empty. There are three - important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types - of objects, dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping - them), dataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - * While dataSource only allows local objects, - dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the - namespace field of dataSourceRef requires the - CrossNamespaceVolumeDataSource feature gate to - be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. type: string required: - name @@ -6816,8 +3243,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -6826,46 +3251,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes - to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -6877,28 +3274,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem - is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. type: string type: object required: @@ -6906,74 +3289,38 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to the - pod. properties: fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string lun: - description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' items: type: string type: array wwids: - description: 'wwids Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' items: type: string type: array type: object flexVolume: - description: flexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. properties: driver: - description: driver is the name of the driver to use for - this volume. type: string fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends - on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: this field holds extra - command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: secretRef is reference - to the secret object containing sensitive information - to pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the plugin - scripts.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic @@ -6981,184 +3328,88 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running properties: datasetName: - description: datasetName is Name of the dataset stored as - metadata -> name on the dataset for Flocker should be - considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of the dataset. This - is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type of the volume that - you want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name of the PD resource in - GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: - description: 'gitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' properties: directory: - description: directory is the target directory name. Must - not contain or start with '..'. If '.' is supplied, the - volume directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. type: string repository: - description: repository is the URL type: string revision: - description: revision is the commit hash for the specified - revision. type: string required: - repository type: object glusterfs: - description: 'glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' properties: path: - description: 'path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to - the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether support iSCSI - Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether support iSCSI - Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string initiatorName: - description: initiatorName is the custom iSCSI Initiator - Name. If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the interface Name that uses - an iSCSI transport. Defaults to 'default' (tcp). type: string lun: - description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if the port is - other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP Secret for iSCSI target - and initiator authentication properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -7166,148 +3417,67 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force the NFS export to - be mounted with read-only permissions. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents a - reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the ReadOnly setting in - VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string pdID: - description: pdID is the ID that identifies Photon Controller - persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine properties: fsType: - description: fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in one resources secrets, - configmaps, and downward API properties: defaultMode: - description: defaultMode are the mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. format: int32 type: integer sources: - description: sources is the list of volume projections items: - description: Projection that may be projected along with - other supported volume types properties: configMap: - description: configMap information about the configMap - data to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -7315,91 +3485,42 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: optional specify whether the ConfigMap - or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information about the downwardAPI - data to project properties: items: - description: Items is a list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field properties: fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to - set permissions on this file, must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource @@ -7411,48 +3532,16 @@ spec: type: array type: object secret: - description: secret information about the secret data - to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -7460,45 +3549,19 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: optional field specify whether the - Secret or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is information about - the serviceAccountToken data to project properties: audience: - description: audience is the intended audience - of the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. type: string expirationSeconds: - description: expirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, the - kubelet volume plugin will proactively rotate - the service account token. The kubelet will - start trying to rotate the token if the token - is older than 80 percent of its time to live - or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. format: int64 type: integer path: - description: path is the path relative to the - mount point of the file to project the token - into. type: string required: - path @@ -7507,148 +3570,76 @@ spec: type: array type: object quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime properties: group: - description: group to map volume access to Default is no - group type: string readOnly: - description: readOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. type: boolean registry: - description: registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes type: string tenant: - description: tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin type: string user: - description: user to map volume access to Defaults to serivceaccount - user type: string volume: - description: volume is a string that references an already - created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string image: - description: 'image is the rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'pool is the rados pool name. Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is - nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Default is "xfs". type: string gateway: - description: gateway is the host address of the ScaleIO - API Gateway. type: string protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. type: string readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false type: boolean storageMode: - description: storageMode indicates whether the storage for - a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO Storage Pool associated - with the protection domain. type: string system: - description: system is the name of the storage system as - configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a volume already - created in the ScaleIO system that is associated with - this volume source. type: string required: - gateway @@ -7656,54 +3647,19 @@ spec: - system type: object secret: - description: 'secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the Secret, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. type: string required: - key @@ -7711,76 +3667,36 @@ spec: type: object type: array optional: - description: optional field specify whether the Secret or - its keys must be defined type: boolean secretName: - description: 'secretName is the name of the secret in the - pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within - a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name to - override the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine properties: fsType: - description: fsType is filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage Policy Based - Management (SPBM) profile ID associated with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage Policy Based - Management (SPBM) profile name. type: string volumePath: - description: volumePath is the path that identifies vSphere - volume vmdk type: string required: - volumePath diff --git a/charts/agent-operator/crds/monitoring.grafana.com_integrations.yaml b/charts/agent-operator/crds/monitoring.grafana.com_integrations.yaml index e786166447..960b2f73ac 100644 --- a/charts/agent-operator/crds/monitoring.grafana.com_integrations.yaml +++ b/charts/agent-operator/crds/monitoring.grafana.com_integrations.yaml @@ -20,55 +20,26 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: "Integration runs a single Grafana Agent integration. Integrations - that generate telemetry must be configured to send that telemetry somewhere, - such as autoscrape for exporter-based integrations. \n Integrations have - access to the LogsInstances and MetricsInstances in the same GrafanaAgent - resource set, referenced by the / of the Instance resource. - \n For example, if there is a default/production MetricsInstance, you can - configure a supported integration's autoscrape block with: \n autoscrape: - enable: true metrics_instance: default/production \n There is currently - no way for telemetry created by an Operator-managed integration to be collected - from outside of the integration itself." properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Specifies the desired behavior of the Integration. properties: config: - description: "The configuration for the named integration. Note that - Integrations are deployed with the integrations-next feature flag, - which has different common settings: \n https://grafana.com/docs/agent/latest/configuration/integrations/integrations-next/" type: object x-kubernetes-preserve-unknown-fields: true configMaps: - description: "An extra list of keys from ConfigMaps in the same namespace - as the Integration which will be mounted into the Grafana Agent - pod running this Integration. \n ConfigMaps are mounted at /etc/grafana-agent/integrations/configMaps///." items: - description: Selects a key from a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be - defined type: boolean required: - key @@ -76,26 +47,15 @@ spec: x-kubernetes-map-type: atomic type: array name: - description: Name of the integration to run (e.g., "node_exporter", - "mysqld_exporter"). type: string secrets: - description: "An extra list of keys from Secrets in the same namespace - as the Integration which will be mounted into the Grafana Agent - pod running this Integration. \n Secrets will be mounted at /etc/grafana-agent/integrations/secrets///." items: - description: SecretKeySelector selects a key of a Secret. properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -103,60 +63,26 @@ spec: x-kubernetes-map-type: atomic type: array type: - description: Type informs Grafana Agent Operator about how to manage - the integration being configured. properties: allNodes: - description: When true, the configured integration should be run - on every Node in the cluster. This is required for Integrations - that generate Node-specific metrics like node_exporter, otherwise - it must be false to avoid generating duplicate metrics. type: boolean unique: - description: Whether this integration can only be defined once - for a Grafana Agent process, such as statsd_exporter. It is - invalid for a GrafanaAgent to discover multiple unique Integrations - with the same Integration name (i.e., a single GrafanaAgent - cannot deploy two statsd_exporters). type: boolean type: object volumeMounts: - description: "An extra list of VolumeMounts to be associated with - the Grafana Agent pods running this integration. VolumeMount names - are mutated to be unique across all used IntegrationSpecs. \n Mount - paths should include the namespace/name of the Integration CR to - avoid potentially colliding with other resources." items: - description: VolumeMount describes a mounting of a Volume within - a container. properties: mountPath: - description: Path within the container at which the volume should - be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly to - SubPath but environment variable references $(VAR_NAME) are - expanded using the container's environment. Defaults to "" - (volume's root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -164,228 +90,106 @@ spec: type: object type: array volumes: - description: "An extra list of Volumes to be associated with the Grafana - Agent pods running this integration. Volume names are mutated to - be unique across all Integrations. Note that the specified volumes - should be able to tolerate existing on multiple pods at once when - type is daemonset. \n Don't use volumes for loading Secrets or ConfigMaps - from the same namespace as the Integration; use the Secrets and - ConfigMaps fields instead." items: - description: Volume represents a named volume in a pod that may - be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will force the readOnly - setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID of the persistent disk - resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the Host Caching mode: None, - Read Only, Read Write.' type: string diskName: - description: diskName is the Name of the data disk in the - blob storage type: string diskURI: - description: diskURI is the URI of data disk in the blob - storage type: string fsType: - description: fsType is Filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. properties: readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: secretName is the name of secret that contains - Azure Storage Account Name and Key type: string shareName: - description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'path is Optional: Used as the mounted root, - rather than the full Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: SecretRef is reference - to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume attached and - mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: points to a secret - object containing parameters used to connect to OpenStack.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap that should populate - this volume properties: defaultMode: - description: 'defaultMode is optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error unless it is - marked optional. Paths must be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. type: string required: - key @@ -393,139 +197,66 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: optional specify whether the ConfigMap or its - keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). properties: driver: - description: driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated - CSI driver which will determine the default filesystem - to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward API about the pod - that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a Optional: mode bits used to set - permissions on created files by default. Must be an octal - value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: Items is a list of downward API volume file items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field properties: fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to set permissions - on this file, must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource @@ -537,114 +268,35 @@ spec: type: array type: object emptyDir: - description: 'emptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the - SizeLimit specified here and the sum of memory limits - of all containers in a pod. The default is nil which means - that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume that is handled - by a cluster storage driver. The volume's lifecycle is tied - to the pod that defines it - it will be created before the - pod starts, and deleted when the pod is removed. \n Use this - if: a) the volume is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot or capacity - tracking are needed, c) the storage driver is specified through - a storage class, and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this volume - type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that persist - for longer than the lifecycle of an individual pod. \n Use - CSI for light-weight local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation of the - driver for more information. \n A pod can use both types of - ephemeral volumes and persistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC - will be deleted together with the pod. The name of the - PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the concatenated - name is not valid for a PVC (for example, too long). \n - An existing PVC with that name that is not owned by the - pod will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC - is meant to be used by the pod, the PVC has to updated - with an owner reference to the pod once the pod exists. - Normally this should not be necessary, but it may be useful - when manually reconstructing a broken cluster. \n This - field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. \n Required, must - not be nil." properties: metadata: - description: May contain labels and annotations that - will be copied into the PVC when creating it. No other - fields are allowed and will be rejected during validation. type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified - data source. When the AnyVolumeDataSource feature - gate is enabled, dataSource contents will be copied - to dataSourceRef, and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string required: - kind @@ -652,94 +304,25 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object - from which to populate the volume with data, if - a non-empty volume is desired. This may be any - object from a non-empty API group (non core object) - or a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed - if the type of the specified object matches some - installed volume populator or dynamic provisioner. - This field will replace the functionality of the - dataSource field and as such if both fields are - non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t - specified in dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to the same value - automatically if one of them is empty and the - other is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t set to the - same value and must be empty. There are three - important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types - of objects, dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping - them), dataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - * While dataSource only allows local objects, - dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the - namespace field of dataSourceRef requires the - CrossNamespaceVolumeDataSource feature gate to - be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. type: string required: - name @@ -755,8 +338,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -765,46 +346,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes - to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -816,28 +369,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem - is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. type: string type: object required: @@ -845,74 +384,38 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to the - pod. properties: fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string lun: - description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' items: type: string type: array wwids: - description: 'wwids Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' items: type: string type: array type: object flexVolume: - description: flexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. properties: driver: - description: driver is the name of the driver to use for - this volume. type: string fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends - on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: this field holds extra - command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: secretRef is reference - to the secret object containing sensitive information - to pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the plugin - scripts.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic @@ -920,184 +423,88 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running properties: datasetName: - description: datasetName is Name of the dataset stored as - metadata -> name on the dataset for Flocker should be - considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of the dataset. This - is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type of the volume that - you want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name of the PD resource in - GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: - description: 'gitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' properties: directory: - description: directory is the target directory name. Must - not contain or start with '..'. If '.' is supplied, the - volume directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. type: string repository: - description: repository is the URL type: string revision: - description: revision is the commit hash for the specified - revision. type: string required: - repository type: object glusterfs: - description: 'glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' properties: path: - description: 'path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to - the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether support iSCSI - Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether support iSCSI - Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string initiatorName: - description: initiatorName is the custom iSCSI Initiator - Name. If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the interface Name that uses - an iSCSI transport. Defaults to 'default' (tcp). type: string lun: - description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if the port is - other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP Secret for iSCSI target - and initiator authentication properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -1105,148 +512,67 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force the NFS export to - be mounted with read-only permissions. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents a - reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the ReadOnly setting in - VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string pdID: - description: pdID is the ID that identifies Photon Controller - persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine properties: fsType: - description: fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in one resources secrets, - configmaps, and downward API properties: defaultMode: - description: defaultMode are the mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. format: int32 type: integer sources: - description: sources is the list of volume projections items: - description: Projection that may be projected along with - other supported volume types properties: configMap: - description: configMap information about the configMap - data to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -1254,91 +580,42 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: optional specify whether the ConfigMap - or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information about the downwardAPI - data to project properties: items: - description: Items is a list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field properties: fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to - set permissions on this file, must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource @@ -1350,48 +627,16 @@ spec: type: array type: object secret: - description: secret information about the secret data - to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -1399,45 +644,19 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: optional field specify whether the - Secret or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is information about - the serviceAccountToken data to project properties: audience: - description: audience is the intended audience - of the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. type: string expirationSeconds: - description: expirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, the - kubelet volume plugin will proactively rotate - the service account token. The kubelet will - start trying to rotate the token if the token - is older than 80 percent of its time to live - or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. format: int64 type: integer path: - description: path is the path relative to the - mount point of the file to project the token - into. type: string required: - path @@ -1446,148 +665,76 @@ spec: type: array type: object quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime properties: group: - description: group to map volume access to Default is no - group type: string readOnly: - description: readOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. type: boolean registry: - description: registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes type: string tenant: - description: tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin type: string user: - description: user to map volume access to Defaults to serivceaccount - user type: string volume: - description: volume is a string that references an already - created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string image: - description: 'image is the rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'pool is the rados pool name. Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is - nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Default is "xfs". type: string gateway: - description: gateway is the host address of the ScaleIO - API Gateway. type: string protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. type: string readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false type: boolean storageMode: - description: storageMode indicates whether the storage for - a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO Storage Pool associated - with the protection domain. type: string system: - description: system is the name of the storage system as - configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a volume already - created in the ScaleIO system that is associated with - this volume source. type: string required: - gateway @@ -1595,54 +742,19 @@ spec: - system type: object secret: - description: 'secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the Secret, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. type: string required: - key @@ -1650,76 +762,36 @@ spec: type: object type: array optional: - description: optional field specify whether the Secret or - its keys must be defined type: boolean secretName: - description: 'secretName is the name of the secret in the - pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within - a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name to - override the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine properties: fsType: - description: fsType is filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage Policy Based - Management (SPBM) profile ID associated with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage Policy Based - Management (SPBM) profile name. type: string volumePath: - description: volumePath is the path that identifies vSphere - volume vmdk type: string required: - volumePath diff --git a/charts/agent-operator/crds/monitoring.grafana.com_logsinstances.yaml b/charts/agent-operator/crds/monitoring.grafana.com_logsinstances.yaml index f36440ab0c..517bb30c2e 100644 --- a/charts/agent-operator/crds/monitoring.grafana.com_logsinstances.yaml +++ b/charts/agent-operator/crds/monitoring.grafana.com_logsinstances.yaml @@ -20,114 +20,60 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: LogsInstance controls an individual logs instance within a Grafana - Agent deployment. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec holds the specification of the desired behavior for - the logs instance. properties: additionalScrapeConfigs: - description: "AdditionalScrapeConfigs allows specifying a key of a - Secret containing additional Grafana Agent logging scrape configurations. - Scrape configurations specified are appended to the configurations - generated by the Grafana Agent Operator. \n Job configurations specified - must have the form as specified in the official Promtail documentation: - \n https://grafana.com/docs/loki/latest/clients/promtail/configuration/#scrape_configs - \n As scrape configs are appended, the user is responsible to make - sure it is valid. Note that using this feature may expose the possibility - to break upgrades of Grafana Agent. It is advised to review both - Grafana Agent and Promtail release notes to ensure that no incompatible - scrape configs are going to break Grafana Agent after the upgrade." properties: key: - description: The key of the secret to select from. Must be a - valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic clients: - description: Clients controls where logs are written to for this instance. items: - description: LogsClientSpec defines the client integration for logs, - indicating which Loki server to send logs to. properties: backoffConfig: - description: Configures how to retry requests to Loki when a - request fails. Defaults to a minPeriod of 500ms, maxPeriod - of 5m, and maxRetries of 10. properties: maxPeriod: - description: Maximum backoff time between retries. type: string maxRetries: - description: Maximum number of retries to perform before - giving up a request. type: integer minPeriod: - description: Initial backoff time between retries. Time - between retries is increased exponentially. type: string type: object basicAuth: - description: BasicAuth for the Loki server. properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -135,67 +81,40 @@ spec: x-kubernetes-map-type: atomic type: object batchSize: - description: Maximum batch size (in bytes) of logs to accumulate - before sending the batch to Loki. type: integer batchWait: - description: Maximum amount of time to wait before sending a - batch, even if that batch isn't full. type: string bearerToken: - description: BearerToken used for remote_write. type: string bearerTokenFile: - description: BearerTokenFile used to read bearer token. type: string externalLabels: additionalProperties: type: string - description: ExternalLabels are labels to add to any time series - when sending data to Loki. type: object oauth2: - description: Oauth2 for URL properties: clientId: - description: The secret or configmap containing the OAuth2 - client id properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -203,19 +122,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -224,15 +136,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -241,61 +150,34 @@ spec: - tokenUrl type: object proxyUrl: - description: ProxyURL to proxy requests through. Optional. type: string tenantId: - description: Tenant ID used by default to push logs to Loki. - If omitted assumes remote Loki is running in single-tenant - mode or an authentication layer is used to inject an X-Scope-OrgID - header. type: string timeout: - description: Maximum time to wait for a server to respond to - a request. type: string tlsConfig: - description: TLSConfig to use for the client. Only used when - the protocol of the URL is https. properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -303,47 +185,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -351,76 +214,42 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for the - targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object url: - description: 'URL is the URL where Loki is listening. Must be - a full HTTP URL, including protocol. Required. Example: https://logs-prod-us-central1.grafana.net/loki/api/v1/push.' type: string required: - url type: object type: array podLogsNamespaceSelector: - description: Set of labels to determine which namespaces should be - watched for PodLogs. If not provided, checks only namespace of the - instance. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -432,41 +261,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic podLogsSelector: - description: Determines which PodLogs should be selected for including - in this instance. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -478,20 +285,12 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic targetConfig: - description: Configures how tailed targets are watched. properties: syncPeriod: - description: Period to resync directories being watched and files - being tailed to discover new ones or stop watching removed ones. type: string type: object type: object diff --git a/charts/agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml b/charts/agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml index 015c0339ce..610193f440 100644 --- a/charts/agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml +++ b/charts/agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml @@ -20,89 +20,41 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: MetricsInstance controls an individual Metrics instance within - a Grafana Agent deployment. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec holds the specification of the desired behavior for - the Metrics instance. properties: additionalScrapeConfigs: - description: 'AdditionalScrapeConfigs lets you specify a key of a - Secret containing additional Grafana Agent Prometheus scrape configurations. - The specified scrape configurations are appended to the configurations - generated by Grafana Agent Operator. Specified job configurations - must have the form specified in the official Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. - As scrape configs are appended, you must make sure the configuration - is still valid. Note that it''s possible that this feature will - break future upgrades of Grafana Agent. Review both Grafana Agent - and Prometheus release notes to ensure that no incompatible scrape - configs will break Grafana Agent after the upgrade.' properties: key: - description: The key of the secret to select from. Must be a - valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic maxWALTime: - description: MaxWALTime is the maximum amount of time that series - and samples can exist in the WAL before being forcibly deleted. type: string minWALTime: - description: MinWALTime is the minimum amount of time that series - and samples can exist in the WAL before being considered for deletion. type: string podMonitorNamespaceSelector: - description: PodMonitorNamespaceSelector are the set of labels to - determine which namespaces to watch for PodMonitor discovery. If - nil, it only checks its own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -114,41 +66,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic podMonitorSelector: - description: PodMonitorSelector determines which PodMonitors to selected - for target discovery. Experimental. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -160,42 +90,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic probeNamespaceSelector: - description: ProbeNamespaceSelector is the set of labels that determines - which namespaces to watch for Probe discovery. If nil, it only checks - own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -207,41 +114,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic probeSelector: - description: ProbeSelector determines which Probes to select for target - discovery. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -253,62 +138,35 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic remoteFlushDeadline: - description: RemoteFlushDeadline is the deadline for flushing data - when an instance shuts down. type: string remoteWrite: - description: RemoteWrite controls remote_write settings for this instance. items: - description: RemoteWriteSpec defines the remote_write configuration - for Prometheus. properties: basicAuth: - description: BasicAuth for the URL. properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -316,78 +174,45 @@ spec: x-kubernetes-map-type: atomic type: object bearerToken: - description: BearerToken used for remote_write. type: string bearerTokenFile: - description: BearerTokenFile used to read bearer token. type: string headers: additionalProperties: type: string - description: Headers is a set of custom HTTP headers to be sent - along with each remote_write request. Be aware that any headers - set by Grafana Agent itself can't be overwritten. type: object metadataConfig: - description: MetadataConfig configures the sending of series - metadata to remote storage. properties: send: - description: Send enables metric metadata to be sent to - remote storage. type: boolean sendInterval: - description: SendInterval controls how frequently metric - metadata is sent to remote storage. type: string type: object name: - description: Name of the remote_write queue. Must be unique - if specified. The name is used in metrics and logging in order - to differentiate queues. type: string oauth2: - description: Oauth2 for URL properties: clientId: - description: The secret or configmap containing the OAuth2 - client id properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -395,19 +220,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -416,15 +234,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -433,106 +248,57 @@ spec: - tokenUrl type: object proxyUrl: - description: ProxyURL to proxy requests through. Optional. type: string queueConfig: - description: QueueConfig allows tuning of the remote_write queue - parameters. properties: batchSendDeadline: - description: BatchSendDeadline is the maximum time a sample - will wait in the buffer. type: string capacity: - description: Capacity is the number of samples to buffer - per shard before samples start being dropped. type: integer maxBackoff: - description: MaxBackoff is the maximum retry delay. type: string maxRetries: - description: MaxRetries is the maximum number of times to - retry a batch on recoverable errors. type: integer maxSamplesPerSend: - description: MaxSamplesPerSend is the maximum number of - samples per send. type: integer maxShards: - description: MaxShards is the maximum number of shards, - i.e., the amount of concurrency. type: integer minBackoff: - description: MinBackoff is the initial retry delay. MinBackoff - is doubled for every retry. type: string minShards: - description: MinShards is the minimum number of shards, - i.e., the amount of concurrency. type: integer retryOnRateLimit: - description: RetryOnRateLimit retries requests when encountering - rate limits. type: boolean type: object remoteTimeout: - description: RemoteTimeout is the timeout for requests to the - remote_write endpoint. type: string sigv4: - description: SigV4 configures SigV4-based authentication to - the remote_write endpoint. SigV4-based authentication is used - if SigV4 is defined, even with an empty object. properties: accessKey: - description: AccessKey holds the secret of the AWS API access - key to use for signing. If not provided, the environment - variable AWS_ACCESS_KEY_ID is used. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic profile: - description: Profile is the named AWS profile to use for - authentication. type: string region: - description: Region of the AWS endpoint. If blank, the region - from the default credentials chain is used. type: string roleARN: - description: RoleARN is the AWS Role ARN to use for authentication, - as an alternative for using the AWS API keys. type: string secretKey: - description: SecretKey of the AWS API to use for signing. - If blank, the environment variable AWS_SECRET_ACCESS_KEY - is used. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -540,47 +306,28 @@ spec: x-kubernetes-map-type: atomic type: object tlsConfig: - description: TLSConfig to use for remote_write. properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -588,47 +335,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -636,57 +364,33 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for the - targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object url: - description: URL of the endpoint to send samples to. type: string writeRelabelConfigs: - description: WriteRelabelConfigs holds relabel_configs to relabel - samples before they are sent to the remote_write endpoint. items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -712,39 +416,20 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array @@ -753,33 +438,15 @@ spec: type: object type: array serviceMonitorNamespaceSelector: - description: ServiceMonitorNamespaceSelector is the set of labels - that determine which namespaces to watch for ServiceMonitor discovery. - If nil, it only checks its own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -791,41 +458,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic serviceMonitorSelector: - description: ServiceMonitorSelector determines which ServiceMonitors - to select for target discovery. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -837,23 +482,12 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic walTruncateFrequency: - description: WALTruncateFrequency specifies how frequently to run - the WAL truncation process. Higher values cause the WAL to increase - and for old series to stay in the WAL longer, but reduces the chance - of data loss when remote_write fails for longer than the given frequency. type: string writeStaleOnShutdown: - description: WriteStaleOnShutdown writes staleness markers on shutdown - for all series. type: boolean type: object type: object diff --git a/charts/agent-operator/crds/monitoring.grafana.com_podlogs.yaml b/charts/agent-operator/crds/monitoring.grafana.com_podlogs.yaml index ff6531f61e..f22d051b51 100644 --- a/charts/agent-operator/crds/monitoring.grafana.com_podlogs.yaml +++ b/charts/agent-operator/crds/monitoring.grafana.com_podlogs.yaml @@ -20,325 +20,146 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: PodLogs defines how to collect logs for a pod. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec holds the specification of the desired behavior for - the PodLogs. properties: jobLabel: - description: The label to use to retrieve the job name from. type: string namespaceSelector: - description: Selector to select which namespaces the Pod objects are - discovered from. properties: any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. type: boolean matchNames: - description: List of namespace names to select from. items: type: string type: array type: object pipelineStages: - description: Pipeline stages for this pod. Pipeline stages support - transforming and filtering log lines. items: - description: "PipelineStageSpec defines an individual pipeline stage. - Each stage type is mutually exclusive and no more than one may - be set per stage. \n More information on pipelines can be found - in the Promtail documentation: https://grafana.com/docs/loki/latest/clients/promtail/pipelines/" properties: cri: - description: 'CRI is a parsing stage that reads log lines using - the standard CRI logging format. Supply cri: {} to enable.' type: object docker: - description: 'Docker is a parsing stage that reads log lines - using the standard Docker logging format. Supply docker: {} - to enable.' type: object drop: - description: Drop is a filtering stage that lets you drop certain - logs. properties: dropCounterReason: - description: Every time a log line is dropped, the metric - logentry_dropped_lines_total is incremented. A "reason" - label is added, and can be customized by providing a custom - value here. Defaults to "drop_stage". type: string expression: - description: "RE2 regular expression. \n If source is provided, - the regex attempts to match the source. \n If no source - is provided, then the regex attempts to attach the log - line. \n If the provided regex matches the log line or - a provided source, the line is dropped." type: string longerThan: - description: LongerThan will drop a log line if it its content - is longer than this value (in bytes). Can be expressed - as an integer (8192) or a number with a suffix (8kb). type: string olderThan: - description: OlderThan will be parsed as a Go duration. - If the log line's timestamp is older than the current - time minus the provided duration, it will be dropped. type: string source: - description: Name from the extract data to parse. If empty, - uses the log message. type: string value: - description: "Value can only be specified when source is - specified. If the value provided is an exact match for - the given source then the line will be dropped. \n Mutually - exclusive with expression." type: string type: object json: - description: "JSON is a parsing stage that reads the log line - as JSON and accepts JMESPath expressions to extract data. - \n Information on JMESPath: http://jmespath.org/" properties: expressions: additionalProperties: type: string - description: "Set of the key/value pairs of JMESPath expressions. - The key will be the key in the extracted data while the - expression will be the value, evaluated as a JMESPath - from the source data. \n Literal JMESPath expressions - can be used by wrapping a key in double quotes, which - then must be wrapped again in single quotes in YAML so - they get passed to the JMESPath parser." type: object source: - description: Name from the extracted data to parse as JSON. - If empty, uses entire log message. type: string type: object labelAllow: - description: LabelAllow is an action stage that only allows - the provided labels to be included in the label set that is - sent to Loki with the log entry. items: type: string type: array labelDrop: - description: LabelDrop is an action stage that drops labels - from the label set that is sent to Loki with the log entry. items: type: string type: array labels: additionalProperties: type: string - description: "Labels is an action stage that takes data from - the extracted map and modifies the label set that is sent - to Loki with the log entry. \n The key is REQUIRED and represents - the name for the label that will be created. Value is optional - and will be the name from extracted data to use for the value - of the label. If the value is not provided, it defaults to - match the key." type: object limit: - description: Limit is a rate-limiting stage that throttles logs - based on several options. properties: burst: - description: The cap in the quantity of burst lines that - Promtail will push to Loki. type: integer drop: - description: "When drop is true, log lines that exceed the - current rate limit are discarded. When drop is false, - log lines that exceed the current rate limit wait to enter - the back pressure mode. \n Defaults to false." type: boolean rate: - description: The rate limit in lines per second that Promtail - will push to Loki. type: integer type: object match: - description: Match is a filtering stage that conditionally applies - a set of stages or drop entries when a log entry matches a - configurable LogQL stream selector and filter expressions. properties: action: - description: Determines what action is taken when the selector - matches the log line. Can be keep or drop. Defaults to - keep. When set to drop, entries are dropped and no later - metrics are recorded. Stages must be empty when dropping - metrics. type: string dropCounterReason: - description: Every time a log line is dropped, the metric - logentry_dropped_lines_total is incremented. A "reason" - label is added, and can be customized by providing a custom - value here. Defaults to "match_stage." type: string pipelineName: - description: Names the pipeline. When defined, creates an - additional label in the pipeline_duration_seconds histogram, - where the value is concatenated with job_name using an - underscore. type: string selector: - description: LogQL stream selector and filter expressions. - Required. type: string stages: - description: "Nested set of pipeline stages to execute when - action is keep and the log line matches selector. \n An - example value for stages may be: \n stages: | - json: - {} - labelAllow: [foo, bar] \n Note that stages is a string - because SIG API Machinery does not support recursive types, - and so it cannot be validated for correctness. Be careful - not to mistype anything." type: string required: - selector type: object metrics: additionalProperties: - description: MetricsStageSpec is an action stage that allows - for defining and updating metrics based on data from the - extracted map. Created metrics are not pushed to Loki or - Prometheus and are instead exposed via the /metrics endpoint - of the Grafana Agent pod. The Grafana Agent Operator should - be configured with a MetricsInstance that discovers the - logging DaemonSet to collect metrics created by this stage. properties: action: - description: "The action to take against the metric. Required. - \n Must be either \"inc\" or \"add\" for type: counter - or type: histogram. When type: gauge, must be one of - \"set\", \"inc\", \"dec\", \"add\", or \"sub\". \n \"add\", - \"set\", or \"sub\" requires the extracted value to - be convertible to a positive float." type: string buckets: - description: 'Buckets to create. Bucket values must be - convertible to float64s. Extremely large or small numbers - are subject to some loss of precision. Only valid for - type: histogram.' items: type: string type: array countEntryBytes: - description: "If true all log line bytes are counted. - Can only be set with matchAll: true and action: add. - \n Only valid for type: counter." type: boolean description: - description: Sets the description for the created metric. type: string matchAll: - description: "If true, all log lines are counted without - attempting to match the source to the extracted map. - Mutually exclusive with value. \n Only valid for type: - counter." type: boolean maxIdleDuration: - description: "Label values on metrics are dynamic which - can cause exported metrics to go stale. To prevent unbounded - cardinality, any metrics not updated within MaxIdleDuration - are removed. \n Must be greater or equal to 1s. Defaults - to 5m." type: string prefix: - description: Sets the custom prefix name for the metric. - Defaults to "promtail_custom_". type: string source: - description: Key from the extracted data map to use for - the metric. Defaults to the metrics name if not present. type: string type: - description: The metric type to create. Must be one of - counter, gauge, histogram. Required. type: string value: - description: Filters down source data and only changes - the metric if the targeted value matches the provided - string exactly. If not present, all data matches. type: string required: - action - type type: object - description: Metrics is an action stage that supports defining - and updating metrics based on data from the extracted map. - Created metrics are not pushed to Loki or Prometheus and are - instead exposed via the /metrics endpoint of the Grafana Agent - pod. The Grafana Agent Operator should be configured with - a MetricsInstance that discovers the logging DaemonSet to - collect metrics created by this stage. type: object multiline: - description: Multiline stage merges multiple lines into a multiline - block before passing it on to the next stage in the pipeline. properties: firstLine: - description: RE2 regular expression. Creates a new multiline - block when matched. Required. type: string maxLines: - description: Maximum number of lines a block can have. A - new block is started if the number of lines surpasses - this value. Defaults to 128. type: integer maxWaitTime: - description: Maximum time to wait before passing on the - multiline block to the next stage if no new lines are - received. Defaults to 3s. type: string required: - firstLine type: object output: - description: Output stage is an action stage that takes data - from the extracted map and changes the log line that will - be sent to Loki. properties: source: - description: Name from extract data to use for the log entry. - Required. type: string required: - source type: object pack: - description: Pack is a transform stage that lets you embed extracted - values and labels into the log line by packing the log line - and labels inside of a JSON object. properties: ingestTimestamp: - description: If the resulting log line should use any existing - timestamp or use time.Now() when the line was created. - Set to true when combining several log streams from different - containers to avoid out of order errors. type: boolean labels: - description: Name from extracted data or line labels. Required. - Labels provided here are automatically removed from output - labels. items: type: string type: array @@ -346,107 +167,57 @@ spec: - labels type: object regex: - description: Regex is a parsing stage that parses a log line - using a regular expression. Named capture groups in the regex - allows for adding data into the extracted map. properties: expression: - description: RE2 regular expression. Each capture group - MUST be named. Required. type: string source: - description: Name from extracted data to parse. If empty, - defaults to using the log message. type: string required: - expression type: object replace: - description: Replace is a parsing stage that parses a log line - using a regular expression and replaces the log line. Named - capture groups in the regex allows for adding data into the - extracted map. properties: expression: - description: RE2 regular expression. Each capture group - MUST be named. Required. type: string replace: - description: Value to replace the captured group with. type: string source: - description: Name from extracted data to parse. If empty, - defaults to using the log message. type: string required: - expression type: object template: - description: Template is a transform stage that manipulates - the values in the extracted map using Go's template syntax. properties: source: - description: Name from extracted data to parse. Required. - If empty, defaults to using the log message. type: string template: - description: Go template string to use. Required. In addition - to normal template functions, ToLower, ToUpper, Replace, - Trim, TrimLeft, TrimRight, TrimPrefix, and TrimSpace are - also available. type: string required: - source - template type: object tenant: - description: Tenant is an action stage that sets the tenant - ID for the log entry picking it from a field in the extracted - data map. If the field is missing, the default LogsClientSpec.tenantId - will be used. properties: label: - description: Name from labels whose value should be set - as tenant ID. Mutually exclusive with source and value. type: string source: - description: Name from extracted data to use as the tenant - ID. Mutually exclusive with label and value. type: string value: - description: Value to use for the template ID. Useful when - this stage is used within a conditional pipeline such - as match. Mutually exclusive with label and source. type: string type: object timestamp: - description: Timestamp is an action stage that can change the - timestamp of a log line before it is sent to Loki. If not - present, the timestamp of a log line defaults to the time - when the log line was read. properties: actionOnFailure: - description: Action to take when the timestamp can't be - extracted or parsed. Can be skip or fudge. Defaults to - fudge. type: string fallbackFormats: - description: Fallback formats to try if format fails. items: type: string type: array format: - description: 'Determines format of the time string. Required. - Can be one of: ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, - RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Unix, - UnixMs, UnixUs, UnixNs.' type: string location: - description: IANA Timezone Database string. type: string source: - description: Name from extracted data to use as the timestamp. - Required. type: string required: - format @@ -455,26 +226,14 @@ spec: type: object type: array podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes Pod - onto the target. items: type: string type: array relabelings: - description: "RelabelConfigs to apply to logs before delivering. Grafana - Agent Operator automatically adds relabelings for a few standard - Kubernetes fields and replaces original scrape job name with __tmp_logs_job_name. - \n More info: https://grafana.com/docs/loki/latest/clients/promtail/configuration/#relabel_configs" items: - description: 'RelabelConfig allows dynamic rewriting of the label - set, being applied to samples before ingestion. It defines ``-section - of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. Default - is 'replace'. uppercase and lowercase actions require Prometheus - >= 2.36. enum: - replace - Replace @@ -500,67 +259,33 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source label - values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex capture - groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source label - values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing labels. - Their content is concatenated using the configured separator - and matched against the configured regular expression for - the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name which - may only contain ASCII letters, numbers, as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written in - a replace action. It is mandatory for replace actions. Regex - capture groups are available. type: string type: object type: array selector: - description: Selector to select Pod objects. Required. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -572,11 +297,6 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic diff --git a/charts/agent-operator/values.yaml b/charts/agent-operator/values.yaml index 4df2427768..d2ba96000f 100644 --- a/charts/agent-operator/values.yaml +++ b/charts/agent-operator/values.yaml @@ -37,7 +37,7 @@ image: # -- Image repo repository: grafana/agent-operator # -- Image tag - tag: v0.39.1 + tag: v0.40.0 # -- Image pull policy pullPolicy: IfNotPresent # -- Image pull secrets From 5462fcc7b2e6af0ee50ed7249837efaab8085b82 Mon Sep 17 00:00:00 2001 From: jcreixell Date: Tue, 27 Feb 2024 13:32:10 +0100 Subject: [PATCH 15/69] Update doc Signed-off-by: jcreixell --- charts/agent-operator/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index befe252886..09b1f5cf61 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.15](https://img.shields.io/badge/Version-0.3.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.0](https://img.shields.io/badge/AppVersion-0.40.0-informational?style=flat-square) +![Version: 0.3.16](https://img.shields.io/badge/Version-0.3.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.0](https://img.shields.io/badge/AppVersion-0.40.0-informational?style=flat-square) A Helm chart for Grafana Agent Operator From 04af38b54cd3182c8549d456f222a39a4faa26f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Tue, 27 Feb 2024 18:31:18 +0100 Subject: [PATCH 16/69] [grafana] Add `serviceAccount.automountServiceAccountToken` and document `automountServiceAccountToken` MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan-Otto Kröpke --- charts/grafana/Chart.yaml | 2 +- charts/grafana/README.md | 3 ++- charts/grafana/templates/serviceaccount.yaml | 4 ++-- charts/grafana/values.yaml | 11 +++++++---- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 58b806fd97..56a93c042e 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.3.3 +version: 7.3.4 appVersion: 10.3.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/charts/grafana/README.md b/charts/grafana/README.md index 6f645c564a..e0c004c642 100644 --- a/charts/grafana/README.md +++ b/charts/grafana/README.md @@ -137,6 +137,7 @@ need to instead set `global.imageRegistry`. | `extraSecretMounts` | Additional grafana server secret mounts | `[]` | | `extraVolumeMounts` | Additional grafana server volume mounts | `[]` | | `extraVolumes` | Additional Grafana server volumes | `[]` | +| `automountServiceAccountToken` | Mounted the service account token on the grafana pod. Mandatory, if sidecars are enabled | `true` | | `createConfigmap` | Enable creating the grafana configmap | `true` | | `extraConfigmapMounts` | Additional grafana server configMap volume mounts (values are templated) | `[]` | | `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` | @@ -223,7 +224,7 @@ need to instead set `global.imageRegistry`. | `admin.existingSecret` | The name of an existing secret containing the admin credentials (can be templated). | `""` | | `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` | | `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` | -| `serviceAccount.autoMount` | Automount the service account token in the pod| `true` | +| `serviceAccount.automountServiceAccountToken` | Automount the service account token on all pods where is service account is used | `false` | | `serviceAccount.annotations` | ServiceAccount annotations | | | `serviceAccount.create` | Create service account | `true` | | `serviceAccount.labels` | ServiceAccount labels | `{}` | diff --git a/charts/grafana/templates/serviceaccount.yaml b/charts/grafana/templates/serviceaccount.yaml index 784e71ba67..ffca0717ae 100644 --- a/charts/grafana/templates/serviceaccount.yaml +++ b/charts/grafana/templates/serviceaccount.yaml @@ -1,7 +1,7 @@ {{- if .Values.serviceAccount.create }} -{{- $root := . -}} apiVersion: v1 kind: ServiceAccount +automountServiceAccountToken: {{ .Values.serviceAccount.autoMount | default .Values.serviceAccount.automountServiceAccountToken }} metadata: labels: {{- include "grafana.labels" . | nindent 4 }} @@ -10,7 +10,7 @@ metadata: {{- end }} {{- with .Values.serviceAccount.annotations }} annotations: - {{- tpl (toYaml . | nindent 4) $root }} + {{- tpl (toYaml . | nindent 4) $ }} {{- end }} name: {{ include "grafana.serviceAccountName" . }} namespace: {{ include "grafana.namespace" . }} diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index 520e10991b..03a183c146 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -38,10 +38,13 @@ serviceAccount: nameTest: ## ServiceAccount labels. labels: {} -## Service account annotations. Can be templated. -# annotations: -# eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here - autoMount: false + ## Service account annotations. Can be templated. + # annotations: + # eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here + + ## autoMount is deprecated in favor of automountServiceAccountToken + # autoMount: false + automountServiceAccountToken: false replicas: 1 From b2121269062b7fc68dfb5d12c850299d0e7d84a8 Mon Sep 17 00:00:00 2001 From: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> Date: Tue, 27 Feb 2024 10:51:51 +0100 Subject: [PATCH 17/69] [grafana] bump kiwigrid/k8s-sidecar version to 1.25.6 Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/grafana/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index c39ea874ce..a5b72c0ecb 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -833,7 +833,7 @@ sidecar: # -- The Docker registry registry: quay.io repository: kiwigrid/k8s-sidecar - tag: 1.25.2 + tag: 1.25.6 sha: "" imagePullPolicy: IfNotPresent resources: {} From 69123057603b3bcf6852c780bf8d2cf79c078da7 Mon Sep 17 00:00:00 2001 From: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> Date: Tue, 27 Feb 2024 10:52:55 +0100 Subject: [PATCH 18/69] chore: bump kiwigrid/k8s-sidecar in README Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/grafana/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/README.md b/charts/grafana/README.md index 6f645c564a..41c33cfe09 100644 --- a/charts/grafana/README.md +++ b/charts/grafana/README.md @@ -161,7 +161,7 @@ need to instead set `global.imageRegistry`. | `lifecycleHooks` | Lifecycle hooks for podStart and preStop [Example](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/#define-poststart-and-prestop-handlers) | `{}` | | `sidecar.image.registry` | Sidecar image registry | `quay.io` | | `sidecar.image.repository` | Sidecar image repository | `kiwigrid/k8s-sidecar` | -| `sidecar.image.tag` | Sidecar image tag | `1.24.6` | +| `sidecar.image.tag` | Sidecar image tag | `1.25.6` | | `sidecar.image.sha` | Sidecar image sha (optional) | `""` | | `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | | `sidecar.resources` | Sidecar resources | `{}` | From 80fd72d9c6e4cd2b955a1d760d96b75aa9c9b42b Mon Sep 17 00:00:00 2001 From: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> Date: Tue, 27 Feb 2024 10:53:13 +0100 Subject: [PATCH 19/69] chore: Bump Chart version Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 64043bb3a8..58b806fd97 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.3.2 +version: 7.3.3 appVersion: 10.3.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From d8ad02c79c9941299ab53e2008d915b8436b100e Mon Sep 17 00:00:00 2001 From: jcreixell Date: Tue, 27 Feb 2024 13:23:29 +0100 Subject: [PATCH 20/69] [agent-operator] update helm chart for v0.40 Signed-off-by: jcreixell Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/agent-operator/Chart.yaml | 10 +- charts/agent-operator/README.md | 6 +- .../monitoring.coreos.com_podmonitors.yaml | 255 - .../crds/monitoring.coreos.com_probes.yaml | 264 -- ...monitoring.coreos.com_servicemonitors.yaml | 273 -- .../monitoring.grafana.com_grafanaagents.yaml | 4084 ----------------- .../monitoring.grafana.com_integrations.yaml | 928 ---- .../monitoring.grafana.com_logsinstances.yaml | 201 - ...nitoring.grafana.com_metricsinstances.yaml | 366 -- .../crds/monitoring.grafana.com_podlogs.yaml | 280 -- charts/agent-operator/values.yaml | 2 +- 11 files changed, 9 insertions(+), 6660 deletions(-) diff --git a/charts/agent-operator/Chart.yaml b/charts/agent-operator/Chart.yaml index 89f5353632..ed134809be 100644 --- a/charts/agent-operator/Chart.yaml +++ b/charts/agent-operator/Chart.yaml @@ -2,12 +2,12 @@ apiVersion: v2 name: grafana-agent-operator description: A Helm chart for Grafana Agent Operator type: application -version: 0.3.15 -appVersion: "0.39.1" -home: https://grafana.com/docs/agent/v0.39/ -icon: https://raw.githubusercontent.com/grafana/agent/v0.39.1/docs/sources/assets/logo_and_name.png +version: 0.3.16 +appVersion: "0.40.0" +home: https://grafana.com/docs/agent/v0.40/ +icon: https://raw.githubusercontent.com/grafana/agent/v0.40.0/docs/sources/assets/logo_and_name.png sources: - - https://github.com/grafana/agent/tree/v0.39.1/pkg/operator + - https://github.com/grafana/agent/tree/v0.40.0/pkg/operator maintainers: - name: Grafana Agent Team email: grafana-agent-team@googlegroups.com diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index 9a321ce611..befe252886 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.15](https://img.shields.io/badge/Version-0.3.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.39.1](https://img.shields.io/badge/AppVersion-0.39.1-informational?style=flat-square) +![Version: 0.3.15](https://img.shields.io/badge/Version-0.3.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.0](https://img.shields.io/badge/AppVersion-0.40.0-informational?style=flat-square) A Helm chart for Grafana Agent Operator @@ -8,7 +8,7 @@ A Helm chart for Grafana Agent Operator ## Source Code -* +* Note that this chart does not provision custom resources like `GrafanaAgent` and `MetricsInstance` (formerly `PrometheusInstance`) or any `*Monitor` resources. @@ -63,7 +63,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | image.pullSecrets | list | `[]` | Image pull secrets | | image.registry | string | `"docker.io"` | Image registry | | image.repository | string | `"grafana/agent-operator"` | Image repo | -| image.tag | string | `"v0.39.1"` | Image tag | +| image.tag | string | `"v0.40.0"` | Image tag | | kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets | | nameOverride | string | `""` | Overrides the chart's name | | nodeSelector | object | `{}` | nodeSelector configuration | diff --git a/charts/agent-operator/crds/monitoring.coreos.com_podmonitors.yaml b/charts/agent-operator/crds/monitoring.coreos.com_podmonitors.yaml index 3e1fae0fc5..153677bb17 100644 --- a/charts/agent-operator/crds/monitoring.coreos.com_podmonitors.yaml +++ b/charts/agent-operator/crds/monitoring.coreos.com_podmonitors.yaml @@ -22,140 +22,81 @@ spec: - name: v1 schema: openAPIV3Schema: - description: PodMonitor defines monitoring for a set of pods. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Specification of desired Pod selection for target discovery - by Prometheus. properties: attachMetadata: - description: Attaches node metadata to discovered targets. Requires - Prometheus v2.35.0 and above. properties: node: - description: When set to true, Prometheus must have permissions - to get Nodes. type: boolean type: object jobLabel: - description: The label to use to retrieve the job name from. type: string labelLimit: - description: Per-scrape limit on number of labels that will be accepted - for a sample. Only valid in Prometheus versions 2.27.0 and newer. format: int64 type: integer labelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be - accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer labelValueLengthLimit: - description: Per-scrape limit on length of labels value that will - be accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer namespaceSelector: - description: Selector to select which namespaces the Endpoints objects - are discovered from. properties: any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. type: boolean matchNames: - description: List of namespace names to select from. items: type: string type: array type: object podMetricsEndpoints: - description: A list of endpoints allowed as part of this PodMonitor. items: - description: PodMetricsEndpoint defines a scrapeable endpoint of - a Kubernetes Pod serving Prometheus metrics. properties: authorization: - description: Authorization section for this endpoint properties: credentials: - description: The secret's key that contains the credentials - of the request properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error type: string type: object basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -163,64 +104,35 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenSecret: - description: Secret to mount to read bearer token for scraping - targets. The secret needs to be in the same namespace as the - pod monitor and accessible by the Prometheus Operator. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic enableHttp2: - description: Whether to enable HTTP2. type: boolean filterRunning: - description: 'Drop pods that are not running. (Failed, Succeeded). - Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase' type: boolean followRedirects: - description: FollowRedirects configures whether scrape requests - follow HTTP 3xx redirects. type: boolean honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. type: boolean honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. type: boolean interval: - description: Interval at which metrics should be scraped If - not specified Prometheus' global scrape interval is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string metricRelabelings: - description: MetricRelabelConfigs to apply to samples before - ingestion. items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -246,85 +158,46 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array oauth2: - description: OAuth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. properties: clientId: - description: The secret or configmap containing the OAuth2 - client id properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -332,19 +205,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -353,15 +219,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -374,37 +237,18 @@ spec: items: type: string type: array - description: Optional HTTP URL parameters type: object path: - description: HTTP path to scrape for metrics. If empty, Prometheus - uses the default value (e.g. `/metrics`). type: string port: - description: Name of the pod port this endpoint refers to. Mutually - exclusive with targetPort. type: string proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. type: string relabelings: - description: 'RelabelConfigs to apply to samples before scraping. - Prometheus Operator automatically adds relabelings for a few - standard Kubernetes fields. The original scrape job''s name - is available via the `__tmp_prometheus_job_name` label. More - info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -430,104 +274,59 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array scheme: - description: HTTP scheme to use for scraping. `http` and `https` - are the expected values unless you rewrite the `__scheme__` - label via relabeling. If empty, Prometheus uses the default - value `http`. enum: - http - https type: string scrapeTimeout: - description: Timeout after which the scrape is ended If not - specified, the Prometheus global scrape interval is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: anyOf: - type: integer - type: string - description: 'Deprecated: Use ''port'' instead.' x-kubernetes-int-or-string: true tlsConfig: - description: TLS configuration to use when scraping the endpoint. properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -535,43 +334,26 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -579,71 +361,41 @@ spec: x-kubernetes-map-type: atomic type: object insecureSkipVerify: - description: Disable target certificate validation. type: boolean keySecret: - description: Secret containing the client key file for the - targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object type: object type: array podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes Pod - onto the target. items: type: string type: array sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. format: int64 type: integer selector: - description: Selector to select Pod objects. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -655,17 +407,10 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic targetLimit: - description: TargetLimit defines a limit on the number of scraped - targets that will be accepted. format: int64 type: integer required: diff --git a/charts/agent-operator/crds/monitoring.coreos.com_probes.yaml b/charts/agent-operator/crds/monitoring.coreos.com_probes.yaml index 7ece55d2ac..13fc36f9aa 100644 --- a/charts/agent-operator/crds/monitoring.coreos.com_probes.yaml +++ b/charts/agent-operator/crds/monitoring.coreos.com_probes.yaml @@ -22,91 +22,53 @@ spec: - name: v1 schema: openAPIV3Schema: - description: Probe defines monitoring for a set of static targets or ingresses. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Specification of desired Ingress selection for target discovery - by Prometheus. properties: authorization: - description: Authorization section for this endpoint properties: credentials: - description: The secret's key that contains the credentials of - the request properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error type: string type: object basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over basic - authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' properties: password: - description: The secret in the service monitor namespace that - contains the password for authentication. properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace that - contains the username for authentication. properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined type: boolean required: - key @@ -114,62 +76,36 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenSecret: - description: Secret to mount to read bearer token for scraping targets. - The secret needs to be in the same namespace as the probe and accessible - by the Prometheus Operator. properties: key: - description: The key of the secret to select from. Must be a - valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic interval: - description: Interval at which targets are probed using the configured - prober. If not specified Prometheus' global scrape interval is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string jobName: - description: The job name assigned to scraped metrics by default. type: string labelLimit: - description: Per-scrape limit on number of labels that will be accepted - for a sample. Only valid in Prometheus versions 2.27.0 and newer. format: int64 type: integer labelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be - accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer labelValueLengthLimit: - description: Per-scrape limit on length of labels value that will - be accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer metricRelabelings: - description: MetricRelabelConfigs to apply to samples before ingestion. items: - description: 'RelabelConfig allows dynamic rewriting of the label - set, being applied to samples before ingestion. It defines ``-section - of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. Default - is 'replace'. uppercase and lowercase actions require Prometheus - >= 2.36. enum: - replace - Replace @@ -195,86 +131,48 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source label - values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex capture - groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source label - values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing labels. - Their content is concatenated using the configured separator - and matched against the configured regular expression for - the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name which - may only contain ASCII letters, numbers, as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written in - a replace action. It is mandatory for replace actions. Regex - capture groups are available. type: string type: object type: array module: - description: 'The module to use for probing specifying how to probe - the target. Example module configuring in the blackbox exporter: - https://github.com/prometheus/blackbox_exporter/blob/master/example.yml' type: string oauth2: - description: OAuth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. properties: clientId: - description: The secret or configmap containing the OAuth2 client - id properties: configMap: - description: ConfigMap containing data to use for the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -282,19 +180,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined type: boolean required: - key @@ -303,15 +194,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -320,87 +208,49 @@ spec: - tokenUrl type: object prober: - description: Specification for the prober to use for probing targets. - The prober.URL parameter is required. Targets cannot be probed if - left empty. properties: path: default: /probe - description: Path to collect metrics from. Defaults to `/probe`. type: string proxyUrl: - description: Optional ProxyURL. type: string scheme: - description: HTTP scheme to use for scraping. `http` and `https` - are the expected values unless you rewrite the `__scheme__` - label via relabeling. If empty, Prometheus uses the default - value `http`. enum: - http - https type: string url: - description: Mandatory URL of the prober. type: string required: - url type: object sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. format: int64 type: integer scrapeTimeout: - description: Timeout for scraping metrics from the Prometheus exporter. - If not specified, the Prometheus global scrape timeout is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetLimit: - description: TargetLimit defines a limit on the number of scraped - targets that will be accepted. format: int64 type: integer targets: - description: Targets defines a set of static or dynamically discovered - targets to probe. properties: ingress: - description: ingress defines the Ingress objects to probe and - the relabeling configuration. If `staticConfig` is also defined, - `staticConfig` takes precedence. properties: namespaceSelector: - description: From which namespaces to select Ingress objects. properties: any: - description: Boolean describing whether all namespaces - are selected in contrast to a list restricting them. type: boolean matchNames: - description: List of namespace names to select from. items: type: string type: array type: object relabelingConfigs: - description: 'RelabelConfigs to apply to the label set of - the target before it gets scraped. The original ingress - address is available via the `__tmp_prometheus_ingress_address` - label. It can be used to customize the probed URL. The original - scrape job''s name is available via the `__tmp_prometheus_job_name` - label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of - the label set, being applied to samples before ingestion. - It defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -426,69 +276,33 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex - replace is performed if the regular expression matches. - Regex capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label - name which may only contain ASCII letters, numbers, - as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array selector: - description: Selector to select the Ingress objects. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. items: type: string type: array @@ -500,40 +314,21 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic type: object staticConfig: - description: 'staticConfig defines the static list of targets - to probe and the relabeling configuration. If `ingress` is also - defined, `staticConfig` takes precedence. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.' properties: labels: additionalProperties: type: string - description: Labels assigned to all metrics scraped from the - targets. type: object relabelingConfigs: - description: 'RelabelConfigs to apply to the label set of - the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of - the label set, being applied to samples before ingestion. - It defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -559,88 +354,52 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex - replace is performed if the regular expression matches. - Regex capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label - name which may only contain ASCII letters, numbers, - as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array static: - description: The list of hosts to probe. items: type: string type: array type: object type: object tlsConfig: - description: TLS configuration to use when scraping the endpoint. properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -648,40 +407,26 @@ spec: x-kubernetes-map-type: atomic type: object cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -689,29 +434,20 @@ spec: x-kubernetes-map-type: atomic type: object insecureSkipVerify: - description: Disable target certificate validation. type: boolean keySecret: - description: Secret containing the client key file for the targets. properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be - defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object type: object diff --git a/charts/agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml b/charts/agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml index 5d661184cf..ff62f8f267 100644 --- a/charts/agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml +++ b/charts/agent-operator/crds/monitoring.coreos.com_servicemonitors.yaml @@ -22,106 +22,61 @@ spec: - name: v1 schema: openAPIV3Schema: - description: ServiceMonitor defines monitoring for a set of services. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Specification of desired Service selection for target discovery - by Prometheus. properties: attachMetadata: - description: Attaches node metadata to discovered targets. Requires - Prometheus v2.37.0 and above. properties: node: - description: When set to true, Prometheus must have permissions - to get Nodes. type: boolean type: object endpoints: - description: A list of endpoints allowed as part of this ServiceMonitor. items: - description: Endpoint defines a scrapeable endpoint serving Prometheus - metrics. properties: authorization: - description: Authorization section for this endpoint properties: credentials: - description: The secret's key that contains the credentials - of the request properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error type: string type: object basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -129,67 +84,37 @@ spec: x-kubernetes-map-type: atomic type: object bearerTokenFile: - description: File to read bearer token for scraping targets. type: string bearerTokenSecret: - description: Secret to mount to read bearer token for scraping - targets. The secret needs to be in the same namespace as the - service monitor and accessible by the Prometheus Operator. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic enableHttp2: - description: Whether to enable HTTP2. type: boolean filterRunning: - description: 'Drop pods that are not running. (Failed, Succeeded). - Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase' type: boolean followRedirects: - description: FollowRedirects configures whether scrape requests - follow HTTP 3xx redirects. type: boolean honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. type: boolean honorTimestamps: - description: HonorTimestamps controls whether Prometheus respects - the timestamps present in scraped data. type: boolean interval: - description: Interval at which metrics should be scraped If - not specified Prometheus' global scrape interval is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string metricRelabelings: - description: MetricRelabelConfigs to apply to samples before - ingestion. items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -215,85 +140,46 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array oauth2: - description: OAuth2 for the URL. Only valid in Prometheus versions - 2.27.0 and newer. properties: clientId: - description: The secret or configmap containing the OAuth2 - client id properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -301,19 +187,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -322,15 +201,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -343,37 +219,18 @@ spec: items: type: string type: array - description: Optional HTTP URL parameters type: object path: - description: HTTP path to scrape for metrics. If empty, Prometheus - uses the default value (e.g. `/metrics`). type: string port: - description: Name of the service port this endpoint refers to. - Mutually exclusive with targetPort. type: string proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. type: string relabelings: - description: 'RelabelConfigs to apply to samples before scraping. - Prometheus Operator automatically adds relabelings for a few - standard Kubernetes fields. The original scrape job''s name - is available via the `__tmp_prometheus_job_name` label. More - info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -399,107 +256,59 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array scheme: - description: HTTP scheme to use for scraping. `http` and `https` - are the expected values unless you rewrite the `__scheme__` - label via relabeling. If empty, Prometheus uses the default - value `http`. enum: - http - https type: string scrapeTimeout: - description: Timeout after which the scrape is ended If not - specified, the Prometheus global scrape timeout is used unless - it is less than `Interval` in which the latter is used. pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ type: string targetPort: anyOf: - type: integer - type: string - description: Name or number of the target port of the Pod behind - the Service, the port must be specified with container port - property. Mutually exclusive with port. x-kubernetes-int-or-string: true tlsConfig: - description: TLS configuration to use when scraping the endpoint properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -507,47 +316,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -555,119 +345,65 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for the - targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object type: object type: array jobLabel: - description: "JobLabel selects the label from the associated Kubernetes - service which will be used as the `job` label for all metrics. \n - For example: If in `ServiceMonitor.spec.jobLabel: foo` and in `Service.metadata.labels.foo: - bar`, then the `job=\"bar\"` label is added to all metrics. \n If - the value of this field is empty or if the label doesn't exist for - the given Service, the `job` label of the metrics defaults to the - name of the Kubernetes Service." type: string labelLimit: - description: Per-scrape limit on number of labels that will be accepted - for a sample. Only valid in Prometheus versions 2.27.0 and newer. format: int64 type: integer labelNameLengthLimit: - description: Per-scrape limit on length of labels name that will be - accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer labelValueLengthLimit: - description: Per-scrape limit on length of labels value that will - be accepted for a sample. Only valid in Prometheus versions 2.27.0 - and newer. format: int64 type: integer namespaceSelector: - description: Selector to select which namespaces the Kubernetes Endpoints - objects are discovered from. properties: any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. type: boolean matchNames: - description: List of namespace names to select from. items: type: string type: array type: object podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes `Pod` - onto the created metrics. items: type: string type: array sampleLimit: - description: SampleLimit defines per-scrape limit on number of scraped - samples that will be accepted. format: int64 type: integer selector: - description: Selector to select Endpoints objects. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -679,23 +415,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic targetLabels: - description: TargetLabels transfers labels from the Kubernetes `Service` - onto the created metrics. items: type: string type: array targetLimit: - description: TargetLimit defines a limit on the number of scraped - targets that will be accepted. format: int64 type: integer required: diff --git a/charts/agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml b/charts/agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml index fab68b18e6..4ec31d67a4 100644 --- a/charts/agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml +++ b/charts/agent-operator/crds/monitoring.grafana.com_grafanaagents.yaml @@ -20,81 +20,32 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: GrafanaAgent defines a Grafana Agent deployment. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec holds the specification of the desired behavior for - the Grafana Agent cluster. properties: affinity: - description: Affinity, if specified, controls pod scheduling constraints. properties: nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). properties: preference: - description: A node selector term, associated with the - corresponding weight. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. items: type: string type: array @@ -104,33 +55,13 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. items: type: string type: array @@ -142,8 +73,6 @@ spec: type: object x-kubernetes-map-type: atomic weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: @@ -152,50 +81,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. properties: nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. properties: matchExpressions: - description: A list of node selector requirements - by node's labels. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. items: type: string type: array @@ -205,33 +102,13 @@ spec: type: object type: array matchFields: - description: A list of node selector requirements - by node's fields. items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: The label key that the selector - applies to. type: string operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. type: string values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. items: type: string type: array @@ -249,61 +126,22 @@ spec: x-kubernetes-map-type: atomic type: object podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -315,52 +153,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -372,40 +177,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -414,52 +198,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. items: type: string type: array @@ -471,47 +221,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. items: type: string type: array @@ -523,33 +245,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey @@ -557,62 +260,22 @@ spec: type: array type: object podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) properties: podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. properties: labelSelector: - description: A label query over a set of resources, - in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -624,52 +287,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -681,40 +311,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -723,52 +332,18 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running properties: labelSelector: - description: A label query over a set of resources, - in this case pods. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. items: type: string type: array @@ -780,47 +355,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. items: type: string type: array @@ -832,33 +379,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. type: string required: - topologyKey @@ -867,83 +395,47 @@ spec: type: object type: object apiServer: - description: APIServerConfig lets you specify a host and auth methods - to access the Kubernetes API server. If left empty, the Agent assumes - that it is running inside of the cluster and will discover API servers - automatically and use the pod's CA certificate and bearer token - file at /var/run/secrets/kubernetes.io/serviceaccount. properties: authorization: - description: Authorization section for accessing apiserver properties: credentials: - description: The secret's key that contains the credentials - of the request properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic credentialsFile: - description: File to read a secret from, mutually exclusive - with Credentials (from SafeAuthorization) type: string type: - description: Set the authentication type. Defaults to Bearer, - Basic will cause an error type: string type: object basicAuth: - description: BasicAuth allow an endpoint to authenticate over - basic authentication properties: password: - description: The secret in the service monitor namespace that - contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace that - contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -951,57 +443,34 @@ spec: x-kubernetes-map-type: atomic type: object bearerToken: - description: Bearer token for accessing apiserver. type: string bearerTokenFile: - description: File to read bearer token for accessing apiserver. type: string host: - description: Host of apiserver. A valid string consisting of a - hostname or IP followed by an optional port number type: string tlsConfig: - description: TLS Config to use for accessing apiserver. properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -1009,47 +478,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -1057,210 +507,102 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for the - targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object required: - host type: object configMaps: - description: ConfigMaps is a list of config maps in the same namespace - as the GrafanaAgent object which will be mounted into each running - Grafana Agent pod. The ConfigMaps are mounted into /var/lib/grafana-agent/extra-configmaps/. items: type: string type: array configReloaderImage: - description: Image, when specified, overrides the image used to run - Config Reloader. Specify the image along with a tag. You still need - to set the version to ensure Grafana Agent Operator knows which - version of Grafana Agent is being configured. type: string configReloaderVersion: - description: Version of Config Reloader to be deployed. type: string containers: - description: 'Containers lets you inject additional containers or - modify operator-generated containers. This can be used to add an - authentication proxy to a Grafana Agent pod or to change the behavior - of an operator-generated container. Containers described here modify - an operator-generated container if they share the same name and - if modifications are done via a strategic merge patch. The current - container names are: `grafana-agent` and `config-reloader`. Overriding - containers is entirely outside the scope of what the Grafana Agent - team supports and by doing so, you accept that this behavior may - break at any time without notice.' items: - description: A single application container that you want to run - within a pod. properties: args: - description: 'Arguments to the entrypoint. The container image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. - The container image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: - description: List of environment variables to set in the container. - Cannot be updated. items: - description: EnvVar represents an environment variable present - in a Container. properties: name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the pod's - namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -1272,111 +614,53 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set - of ConfigMaps properties: configMapRef: - description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap must be - defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. items: type: string type: array type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -1384,97 +668,49 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period (unless delayed by finalizers). Other management - of the container blocks until the hook completes or until - the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. items: type: string type: array type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -1482,40 +718,25 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -1523,71 +744,37 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -1595,126 +782,62 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. type: string ports: - description: List of ports to expose from the container. Not - specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Modifying this array with strategic merge patch may corrupt - the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. items: - description: ContainerPort represents a network port in a - single container. properties: containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: - description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. type: string protocol: default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". type: string required: - containerPort @@ -1725,71 +848,37 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -1797,97 +886,51 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resizePolicy: - description: Resources resize policy for the container. items: - description: ContainerResizePolicy represents resource resize - policy for the container. properties: resourceName: - description: 'Name of the resource to which this resource - resize policy applies. Supported values: cpu, memory.' type: string restartPolicy: - description: Restart policy to apply when specified resource - is resized. If not specified, it defaults to NotRequired. type: string required: - resourceName @@ -1896,23 +939,11 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only - be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. type: string required: - name @@ -1928,8 +959,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1938,275 +967,103 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object restartPolicy: - description: 'RestartPolicy defines the restart behavior of - individual containers in a pod. This field may only be set - for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod''s restart policy - and the container type. Setting the RestartPolicy as "Always" - for the init container will have the following effect: this - init container will be continually restarted on exit until - all regular containers have terminated. Once all regular containers - have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init - containers and is often referred to as a "sidecar" container. - Although this init container still starts in the init container - sequence, it does not wait for the container to complete before - proceeding to the next init container. Instead, the next init - container starts immediately after this init container is - started, or after any startupProbe has successfully completed.' type: string securityContext: - description: 'SecurityContext defines the security options the - container should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' type: boolean capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array drop: - description: Removed capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. properties: level: - description: Level is SELinux level label that applies - to the container. type: string role: - description: Role is a SELinux role label that applies - to the container. type: string type: - description: Type is a SELinux type label that applies - to the container. type: string user: - description: User is a SELinux user label that applies - to the container. type: string type: object seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's - containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -2214,139 +1071,61 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. type: boolean stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. items: - description: volumeDevice describes a mapping of a raw block - device within a container. properties: devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim - in the pod type: string required: - devicePath @@ -2354,40 +1133,19 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume - within a container. properties: mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. type: string required: - mountPath @@ -2395,9 +1153,6 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. type: string required: - name @@ -2405,190 +1160,88 @@ spec: type: array disableReporting: default: false - description: disableReporting disables reporting of enabled feature - flags to Grafana. type: boolean disableSupportBundle: default: false - description: disableSupportBundle disables the generation of support - bundles. type: boolean enableConfigReadAPI: default: false - description: enableConfigReadAPI enables the read API for viewing - the currently running config port 8080 on the agent. type: boolean image: - description: Image, when specified, overrides the image used to run - Agent. Specify the image along with a tag. You still need to set - the version to ensure Grafana Agent Operator knows which version - of Grafana Agent is being configured. type: string imagePullSecrets: - description: 'ImagePullSecrets holds an optional list of references - to Secrets within the same namespace used for pulling the Grafana - Agent image from registries. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic type: array initContainers: - description: 'InitContainers let you add initContainers to the pod - definition. These can be used to, for example, fetch secrets for - injection into the Grafana Agent configuration from external sources. - Errors during the execution of an initContainer cause the pod to - restart. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ - Using initContainers for any use case other than secret fetching - is entirely outside the scope of what the Grafana Agent maintainers - support and by doing so, you accept that this behavior may break - at any time without notice.' items: - description: A single application container that you want to run - within a pod. properties: args: - description: 'Arguments to the entrypoint. The container image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will - be unchanged. Double $$ are reduced to a single $, which allows - for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references - will never be expanded, regardless of whether the variable - exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: - description: 'Entrypoint array. Not executed within a shell. - The container image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: - i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: - description: List of environment variables to set in the container. - Cannot be updated. items: - description: EnvVar represents an environment variable present - in a Container. properties: name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' type: string valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. properties: configMapKeyRef: - description: Selects a key of a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: - description: Selects a key of a secret in the pod's - namespace properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -2600,111 +1253,53 @@ spec: type: object type: array envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be - a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key - will take precedence. Cannot be updated. items: - description: EnvFromSource represents the source of a set - of ConfigMaps properties: configMapRef: - description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap must be - defined type: boolean type: object x-kubernetes-map-type: atomic prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: - description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret must be defined type: boolean type: object x-kubernetes-map-type: atomic type: object type: array image: - description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' type: string imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: - description: Actions that the management system should take - in response to container lifecycle events. Cannot be updated. properties: postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. items: type: string type: array type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -2712,97 +1307,49 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period (unless delayed by finalizers). Other management - of the container blocks until the hook completes or until - the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. items: type: string type: array type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. type: string httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -2810,40 +1357,25 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. type: string required: - port type: object tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. properties: host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -2851,71 +1383,37 @@ spec: type: object type: object livenessProbe: - description: 'Periodic probe of container liveness. Container - will be restarted if the probe fails. Cannot be updated. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -2923,126 +1421,62 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: - description: Name of the container specified as a DNS_LABEL. - Each container in a pod must have a unique name (DNS_LABEL). - Cannot be updated. type: string ports: - description: List of ports to expose from the container. Not - specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Modifying this array with strategic merge patch may corrupt - the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. - Cannot be updated. items: - description: ContainerPort represents a network port in a - single container. properties: containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. format: int32 type: integer hostIP: - description: What host IP to bind the external port to. type: string hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. format: int32 type: integer name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. type: string protocol: default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". type: string required: - containerPort @@ -3053,71 +1487,37 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: - description: 'Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe - fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -3125,97 +1525,51 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resizePolicy: - description: Resources resize policy for the container. items: - description: ContainerResizePolicy represents resource resize - policy for the container. properties: resourceName: - description: 'Name of the resource to which this resource - resize policy applies. Supported values: cpu, memory.' type: string restartPolicy: - description: Restart policy to apply when specified resource - is resized. If not specified, it defaults to NotRequired. type: string required: - resourceName @@ -3224,23 +1578,11 @@ spec: type: array x-kubernetes-list-type: atomic resources: - description: 'Compute Resources required by this container. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only - be set for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. type: string required: - name @@ -3256,8 +1598,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -3266,275 +1606,103 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object restartPolicy: - description: 'RestartPolicy defines the restart behavior of - individual containers in a pod. This field may only be set - for init containers, and the only allowed value is "Always". - For non-init containers or when this field is not specified, - the restart behavior is defined by the Pod''s restart policy - and the container type. Setting the RestartPolicy as "Always" - for the init container will have the following effect: this - init container will be continually restarted on exit until - all regular containers have terminated. Once all regular containers - have completed, all init containers with restartPolicy "Always" - will be shut down. This lifecycle differs from normal init - containers and is often referred to as a "sidecar" container. - Although this init container still starts in the init container - sequence, it does not wait for the container to complete before - proceeding to the next init container. Instead, the next init - container starts immediately after this init container is - started, or after any startupProbe has successfully completed.' type: string securityContext: - description: 'SecurityContext defines the security options the - container should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' type: boolean capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. properties: add: - description: Added capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array drop: - description: Removed capabilities items: - description: Capability represent POSIX capabilities - type type: string type: array type: object privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. properties: level: - description: Level is SELinux level label that applies - to the container. type: string role: - description: Role is a SELinux role label that applies - to the container. type: string type: - description: Type is a SELinux type label that applies - to the container. type: string user: - description: User is a SELinux user label that applies - to the container. type: string type: object seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must be set if type is "Localhost". - Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's - containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, - if HostProcess is true then HostNetwork must also - be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. type: string type: object type: object startupProbe: - description: 'StartupProbe indicates that the Pod has successfully - initialized. If specified, no other probes are executed until - this completes successfully. If this probe fails, the Pod - will be restarted, just as if the livenessProbe failed. This - can be used to provide different probe parameters at the beginning - of a Pod''s lifecycle, when it might take a long time to load - data or warm a cache, than during steady-state operation. - This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: Exec specifies the action to take. properties: command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. format: int32 type: integer grpc: - description: GRPC specifies an action involving a GRPC port. properties: port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. format: int32 type: integer service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." type: string required: - port type: object httpGet: - description: HTTPGet specifies the http request to perform. properties: host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. type: string httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. items: - description: HTTPHeader describes a custom header - to be used in HTTP probes properties: name: - description: The header field name. This will - be canonicalized upon output, so case-variant - names will be understood as the same header. type: string value: - description: The header field value type: string required: - name @@ -3542,139 +1710,61 @@ spec: type: object type: array path: - description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. format: int32 type: integer tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. properties: host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' type: string port: anyOf: - type: integer - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: - description: Whether this container should allocate a buffer - for stdin in the container runtime. If this is not set, reads - from stdin in the container will always result in EOF. Default - is false. type: boolean stdinOnce: - description: Whether the container runtime should close the - stdin channel after it has been opened by a single attach. - When stdin is true the stdin stream will remain open across - multiple attach sessions. If stdinOnce is set to true, stdin - is opened on container start, is empty until the first client - attaches to stdin, and then remains open and accepts data - until the client disconnects, at which time stdin is closed - and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin - will never receive an EOF. Default is false type: boolean terminationMessagePath: - description: 'Optional: Path at which the file to which the - container''s termination message will be written is mounted - into the container''s filesystem. Message written is intended - to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. - The total message length across all containers will be limited - to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: - description: Indicate how the termination message should be - populated. File will use the contents of terminationMessagePath - to populate the container status message on both success and - failure. FallbackToLogsOnError will use the last chunk of - container log output if the termination message file is empty - and the container exited with an error. The log output is - limited to 2048 bytes or 80 lines, whichever is smaller. Defaults - to File. Cannot be updated. type: string tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. type: boolean volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. items: - description: volumeDevice describes a mapping of a raw block - device within a container. properties: devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. type: string name: - description: name must match the name of a persistentVolumeClaim - in the pod type: string required: - devicePath @@ -3682,40 +1772,19 @@ spec: type: object type: array volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. items: - description: VolumeMount describes a mounting of a Volume - within a container. properties: mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. type: string required: - mountPath @@ -3723,47 +1792,23 @@ spec: type: object type: array workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might - be configured in the container image. Cannot be updated. type: string required: - name type: object type: array integrations: - description: Integrations controls the integration subsystem of the - Agent and settings unique to deployed integration-specific pods. properties: namespaceSelector: - description: "Label selector for namespaces to search when discovering - integration resources. If nil, integration resources are only - discovered in the namespace of the GrafanaAgent resource. \n - Set to `{}` to search all namespaces." properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -3775,41 +1820,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic selector: - description: Label selector to find Integration resources to run. - When nil, no integration resources will be defined. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -3821,91 +1844,49 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic type: object logFormat: - description: LogFormat controls the logging format of the generated - pods. Defaults to "logfmt" if not set. type: string logLevel: - description: LogLevel controls the log level of the generated pods. - Defaults to "info" if not set. type: string logs: - description: Logs controls the logging subsystem of the Agent and - settings unique to logging-specific pods that are deployed. properties: clients: - description: A global set of clients to use when a discovered - LogsInstance does not have any clients defined. items: - description: LogsClientSpec defines the client integration for - logs, indicating which Loki server to send logs to. properties: backoffConfig: - description: Configures how to retry requests to Loki when - a request fails. Defaults to a minPeriod of 500ms, maxPeriod - of 5m, and maxRetries of 10. properties: maxPeriod: - description: Maximum backoff time between retries. type: string maxRetries: - description: Maximum number of retries to perform before - giving up a request. type: integer minPeriod: - description: Initial backoff time between retries. Time - between retries is increased exponentially. type: string type: object basicAuth: - description: BasicAuth for the Loki server. properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -3913,70 +1894,40 @@ spec: x-kubernetes-map-type: atomic type: object batchSize: - description: Maximum batch size (in bytes) of logs to accumulate - before sending the batch to Loki. type: integer batchWait: - description: Maximum amount of time to wait before sending - a batch, even if that batch isn't full. type: string bearerToken: - description: BearerToken used for remote_write. type: string bearerTokenFile: - description: BearerTokenFile used to read bearer token. type: string externalLabels: additionalProperties: type: string - description: ExternalLabels are labels to add to any time - series when sending data to Loki. type: object oauth2: - description: Oauth2 for URL properties: clientId: - description: The secret or configmap containing the - OAuth2 client id properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -3984,21 +1935,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client - secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -4007,15 +1949,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -4024,64 +1963,34 @@ spec: - tokenUrl type: object proxyUrl: - description: ProxyURL to proxy requests through. Optional. type: string tenantId: - description: Tenant ID used by default to push logs to Loki. - If omitted assumes remote Loki is running in single-tenant - mode or an authentication layer is used to inject an X-Scope-OrgID - header. type: string timeout: - description: Maximum time to wait for a server to respond - to a request. type: string tlsConfig: - description: TLSConfig to use for the client. Only used - when the protocol of the URL is https. properties: ca: - description: Certificate authority used when verifying - server certificates. properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -4089,51 +1998,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing - client-authentication. properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -4141,89 +2027,46 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for - the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object url: - description: 'URL is the URL where Loki is listening. Must - be a full HTTP URL, including protocol. Required. Example: - https://logs-prod-us-central1.grafana.net/loki/api/v1/push.' type: string required: - url type: object type: array enforcedNamespaceLabel: - description: EnforcedNamespaceLabel enforces adding a namespace - label of origin for each metric that is user-created. The label - value will always be the namespace of the object that is being - created. type: string ignoreNamespaceSelectors: - description: IgnoreNamespaceSelectors, if true, will ignore NamespaceSelector - settings from the PodLogs configs, and they will only discover - endpoints within their current namespace. type: boolean instanceNamespaceSelector: - description: InstanceNamespaceSelector are the set of labels to - determine which namespaces to watch for LogInstances. If not - provided, only checks own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -4235,42 +2078,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic instanceSelector: - description: InstanceSelector determines which LogInstances should - be selected for running. Each instance runs its own set of Prometheus - components, including service discovery, scraping, and remote_write. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -4282,98 +2102,43 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic logsExternalLabelName: - description: LogsExternalLabelName is the name of the external - label used to denote Grafana Agent cluster. Defaults to "cluster." - External label will _not_ be added when value is set to the - empty string. type: string type: object metrics: - description: Metrics controls the metrics subsystem of the Agent and - settings unique to metrics-specific pods that are deployed. properties: arbitraryFSAccessThroughSMs: - description: ArbitraryFSAccessThroughSMs configures whether configuration - based on a ServiceMonitor can access arbitrary files on the - file system of the Grafana Agent container, e.g., bearer token - files. properties: deny: type: boolean type: object enforcedNamespaceLabel: - description: EnforcedNamespaceLabel enforces adding a namespace - label of origin for each metric that is user-created. The label - value is always the namespace of the object that is being created. type: string enforcedSampleLimit: - description: EnforcedSampleLimit defines a global limit on the - number of scraped samples that are accepted. This overrides - any SampleLimit set per ServiceMonitor and/or PodMonitor. It - is meant to be used by admins to enforce the SampleLimit to - keep the overall number of samples and series under the desired - limit. Note that if a SampleLimit from a ServiceMonitor or PodMonitor - is lower, that value is used instead. format: int64 type: integer enforcedTargetLimit: - description: EnforcedTargetLimit defines a global limit on the - number of scraped targets. This overrides any TargetLimit set - per ServiceMonitor and/or PodMonitor. It is meant to be used - by admins to enforce the TargetLimit to keep the overall number - of targets under the desired limit. Note that if a TargetLimit - from a ServiceMonitor or PodMonitor is higher, that value is - used instead. format: int64 type: integer externalLabels: additionalProperties: type: string - description: ExternalLabels are labels to add to any time series - when sending data over remote_write. type: object ignoreNamespaceSelectors: - description: IgnoreNamespaceSelectors, if true, ignores NamespaceSelector - settings from the PodMonitor and ServiceMonitor configs, so - that they only discover endpoints within their current namespace. type: boolean instanceNamespaceSelector: - description: InstanceNamespaceSelector is the set of labels that - determines which namespaces to watch for MetricsInstances. If - not provided, it only checks its own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -4385,43 +2150,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic instanceSelector: - description: InstanceSelector determines which MetricsInstances - should be selected for running. Each instance runs its own set - of Metrics components, including service discovery, scraping, - and remote_write. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. items: type: string type: array @@ -4433,77 +2174,39 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic metricsExternalLabelName: - description: MetricsExternalLabelName is the name of the external - label used to denote Grafana Agent cluster. Defaults to "cluster." - The external label is _not_ added when the value is set to the - empty string. type: string overrideHonorLabels: - description: OverrideHonorLabels, if true, overrides all configured - honor_labels read from ServiceMonitor or PodMonitor and sets - them to false. type: boolean overrideHonorTimestamps: - description: OverrideHonorTimestamps allows global enforcement - for honoring timestamps in all scrape configs. type: boolean remoteWrite: - description: RemoteWrite controls default remote_write settings - for all instances. If an instance does not provide its own RemoteWrite - settings, these will be used instead. items: - description: RemoteWriteSpec defines the remote_write configuration - for Prometheus. properties: basicAuth: - description: BasicAuth for the URL. properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -4511,82 +2214,45 @@ spec: x-kubernetes-map-type: atomic type: object bearerToken: - description: BearerToken used for remote_write. type: string bearerTokenFile: - description: BearerTokenFile used to read bearer token. type: string headers: additionalProperties: type: string - description: Headers is a set of custom HTTP headers to - be sent along with each remote_write request. Be aware - that any headers set by Grafana Agent itself can't be - overwritten. type: object metadataConfig: - description: MetadataConfig configures the sending of series - metadata to remote storage. properties: send: - description: Send enables metric metadata to be sent - to remote storage. type: boolean sendInterval: - description: SendInterval controls how frequently metric - metadata is sent to remote storage. type: string type: object name: - description: Name of the remote_write queue. Must be unique - if specified. The name is used in metrics and logging - in order to differentiate queues. type: string oauth2: - description: Oauth2 for URL properties: clientId: - description: The secret or configmap containing the - OAuth2 client id properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -4594,21 +2260,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client - secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -4617,15 +2274,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -4634,109 +2288,57 @@ spec: - tokenUrl type: object proxyUrl: - description: ProxyURL to proxy requests through. Optional. type: string queueConfig: - description: QueueConfig allows tuning of the remote_write - queue parameters. properties: batchSendDeadline: - description: BatchSendDeadline is the maximum time a - sample will wait in the buffer. type: string capacity: - description: Capacity is the number of samples to buffer - per shard before samples start being dropped. type: integer maxBackoff: - description: MaxBackoff is the maximum retry delay. type: string maxRetries: - description: MaxRetries is the maximum number of times - to retry a batch on recoverable errors. type: integer maxSamplesPerSend: - description: MaxSamplesPerSend is the maximum number - of samples per send. type: integer maxShards: - description: MaxShards is the maximum number of shards, - i.e., the amount of concurrency. type: integer minBackoff: - description: MinBackoff is the initial retry delay. - MinBackoff is doubled for every retry. type: string minShards: - description: MinShards is the minimum number of shards, - i.e., the amount of concurrency. type: integer retryOnRateLimit: - description: RetryOnRateLimit retries requests when - encountering rate limits. type: boolean type: object remoteTimeout: - description: RemoteTimeout is the timeout for requests to - the remote_write endpoint. type: string sigv4: - description: SigV4 configures SigV4-based authentication - to the remote_write endpoint. SigV4-based authentication - is used if SigV4 is defined, even with an empty object. properties: accessKey: - description: AccessKey holds the secret of the AWS API - access key to use for signing. If not provided, the - environment variable AWS_ACCESS_KEY_ID is used. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic profile: - description: Profile is the named AWS profile to use - for authentication. type: string region: - description: Region of the AWS endpoint. If blank, the - region from the default credentials chain is used. type: string roleARN: - description: RoleARN is the AWS Role ARN to use for - authentication, as an alternative for using the AWS - API keys. type: string secretKey: - description: SecretKey of the AWS API to use for signing. - If blank, the environment variable AWS_SECRET_ACCESS_KEY - is used. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -4744,50 +2346,28 @@ spec: x-kubernetes-map-type: atomic type: object tlsConfig: - description: TLSConfig to use for remote_write. properties: ca: - description: Certificate authority used when verifying - server certificates. properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -4795,51 +2375,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing - client-authentication. properties: configMap: - description: ConfigMap containing data to use for - the targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the ConfigMap or - its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the - targets. properties: key: - description: The key of the secret to select - from. Must be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' type: string optional: - description: Specify whether the Secret or its - key must be defined type: boolean required: - key @@ -4847,59 +2404,33 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for - the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object url: - description: URL of the endpoint to send samples to. type: string writeRelabelConfigs: - description: WriteRelabelConfigs holds relabel_configs to - relabel samples before they are sent to the remote_write - endpoint. items: - description: 'RelabelConfig allows dynamic rewriting of - the label set, being applied to samples before ingestion. - It defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -4925,40 +2456,20 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the - extracted value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex - replace is performed if the regular expression matches. - Regex capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated - source label values. default is ';'. type: string sourceLabels: - description: The source labels select values from - existing labels. Their content is concatenated using - the configured separator and matched against the - configured regular expression for the replace, keep, - and drop actions. items: - description: LabelName is a valid Prometheus label - name which may only contain ASCII letters, numbers, - as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is - written in a replace action. It is mandatory for - replace actions. Regex capture groups are available. type: string type: object type: array @@ -4967,96 +2478,47 @@ spec: type: object type: array replicaExternalLabelName: - description: ReplicaExternalLabelName is the name of the metrics - external label used to denote the replica name. Defaults to - __replica__. The external label is _not_ added when the value - is set to the empty string. type: string replicas: - description: Replicas of each shard to deploy for metrics pods. - Number of replicas multiplied by the number of shards is the - total number of pods created. format: int32 type: integer scrapeInterval: - description: ScrapeInterval is the time between consecutive scrapes. type: string scrapeTimeout: - description: ScrapeTimeout is the time to wait for a target to - respond before marking a scrape as failed. type: string shards: - description: Shards to distribute targets onto. Number of replicas - multiplied by the number of shards is the total number of pods - created. Note that scaling down shards does not reshard data - onto remaining instances; it must be manually moved. Increasing - shards does not reshard data either, but it will continue to - be available from the same instances. Sharding is performed - on the content of the __address__ target meta-label. format: int32 type: integer type: object nodeSelector: additionalProperties: type: string - description: NodeSelector defines which nodes pods should be scheduling - on. type: object paused: - description: Paused prevents actions except for deletion to be performed - on the underlying managed objects. type: boolean podMetadata: - description: PodMetadata configures Labels and Annotations which are - propagated to created Grafana Agent pods. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a - client to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object portName: - description: Port name used for the pods and governing service. This - defaults to agent-metrics. type: string priorityClassName: - description: PriorityClassName is the priority class assigned to pods. type: string resources: - description: Resources holds requests and limits for individual pods. properties: claims: - description: "Claims lists the names of resources, defined in - spec.resourceClaims, that are used by this container. \n This - is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be set - for containers." items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one entry in pod.spec.resourceClaims - of the Pod where this field is used. It makes that resource - available inside a container. type: string required: - name @@ -5072,8 +2534,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5082,151 +2542,60 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object runtimeClassName: - description: RuntimeClassName is the runtime class assigned to pods. type: string secrets: - description: Secrets is a list of secrets in the same namespace as - the GrafanaAgent object which will be mounted into each running - Grafana Agent pod. The secrets are mounted into /var/lib/grafana-agent/extra-secrets/. items: type: string type: array securityContext: - description: SecurityContext holds pod-level security attributes and - common container settings. When unspecified, defaults to the default - PodSecurityContext. properties: fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit is - set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions of - any volume. Note that this field cannot be set when spec.os.name - is windows." format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will have - no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". - If not specified, "Always" is used. Note that this field cannot - be set when spec.os.name is windows.' type: string runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field cannot - be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. properties: level: - description: Level is SELinux level label that applies to - the container. type: string role: - description: Role is a SELinux role label that applies to - the container. type: string type: - description: Type is a SELinux type label that applies to - the container. type: string user: - description: User is a SELinux user label that applies to - the container. type: string type: object seccompProfile: - description: The seccomp options to use by the containers in this - pod. Note that this field cannot be set when spec.os.name is - windows. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile must be - preconfigured on the node to work. Must be a descending - path, relative to the kubelet's configured seccomp profile - location. Must be set if type is "Localhost". Must NOT be - set for any other type. type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - a profile - defined in a file on the node should be used. RuntimeDefault - - the container runtime default profile should be used. - Unconfined - no profile should be applied." type: string required: - type type: object supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary GID, - the fsGroup (if specified), and group memberships defined in - the container image for the uid of the container process. If - unspecified, no additional groups are added to any container. - Note that group memberships defined in the container image for - the uid of the container process are still effective, even if - they are not included in this list. Note that this field cannot - be set when spec.os.name is windows. items: format: int64 type: integer type: array sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. Note that this field cannot be set when - spec.os.name is windows. items: - description: Sysctl defines a kernel parameter to be set properties: name: - description: Name of a property to set type: string value: - description: Value of a property to set type: string required: - name @@ -5234,146 +2603,53 @@ spec: type: object type: array windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by - the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. All of a Pod's containers - must have the same effective HostProcess value (it is not - allowed to have a mix of HostProcess containers and non-HostProcess - containers). In addition, if HostProcess is true then HostNetwork - must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. type: string type: object type: object serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount - to use for running Grafana Agent pods. type: string storage: - description: Storage spec to specify how storage will be used. properties: disableMountSubPath: - description: '*Deprecated: subPath usage will be removed in a - future release.*' type: boolean emptyDir: - description: 'EmptyDirVolumeSource to be used by the StatefulSet. - If specified, it takes precedence over `ephemeral` and `volumeClaimTemplate`. - More info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' properties: medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all containers - in a pod. The default is nil which means that the limit - is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: 'EphemeralVolumeSource to be used by the StatefulSet. - This is a beta field in k8s 1.21 and GA in 1.15. For lower versions, - starting with k8s 1.19, it requires enabling the GenericEphemeralVolume - feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes' properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC will - be deleted together with the pod. The name of the PVC will - be `-` where `` is the - name from the `PodSpec.Volumes` array entry. Pod validation - will reject the pod if the concatenated name is not valid - for a PVC (for example, too long). \n An existing PVC with - that name that is not owned by the pod will *not* be used - for the pod to avoid using an unrelated volume by mistake. - Starting the pod is then blocked until the unrelated PVC - is removed. If such a pre-created PVC is meant to be used - by the pod, the PVC has to updated with an owner reference - to the pod once the pod exists. Normally this should not - be necessary, but it may be useful when manually reconstructing - a broken cluster. \n This field is read-only and no changes - will be made by Kubernetes to the PVC after it has been - created. \n Required, must not be nil." properties: metadata: - description: May contain labels and annotations that will - be copied into the PVC when creating it. No other fields - are allowed and will be rejected during validation. type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified data - source. When the AnyVolumeDataSource feature gate - is enabled, dataSource contents will be copied to - dataSourceRef, and dataSourceRef contents will be - copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string required: - kind @@ -5381,90 +2657,25 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from - which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a - non-empty API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic - provisioner. This field will replace the functionality - of the dataSource field and as such if both fields - are non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t specified - in dataSourceRef, both fields (dataSource and dataSourceRef) - will be set to the same value automatically if one - of them is empty and the other is non-empty. When - namespace is specified in dataSourceRef, dataSource - isn''t set to the same value and must be empty. - There are three important differences between dataSource - and dataSourceRef: * While dataSource only allows - two specific types of objects, dataSourceRef allows - any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves all values, - and generates an error if a disallowed value is - specified. * While dataSource only allows local - objects, dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the namespace - field of dataSourceRef requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept the - reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It - can only be set for containers." items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of - one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes - that resource available inside a container. type: string required: - name @@ -5480,8 +2691,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5490,43 +2699,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes - to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. properties: key: - description: key is the label key that the - selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. items: type: string type: array @@ -5538,27 +2722,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem is - implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference to - the PersistentVolume backing this claim. type: string type: object required: @@ -5566,87 +2737,37 @@ spec: type: object type: object volumeClaimTemplate: - description: Defines the PVC spec to be used by the Prometheus - StatefulSets. The easiest way to use a volume that cannot be - automatically provisioned is to use a label selector alongside - manually created PersistentVolumes. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: - description: EmbeddedMetadata contains metadata relevant to - an EmbeddedResource. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. They - are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' type: object name: - description: 'Name must be unique within a namespace. - Is required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be - updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string type: object spec: - description: 'Defines the desired characteristics of a volume - requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the provisioner - or an external controller can support the specified - data source, it will create a new volume based on the - contents of the specified data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource contents will be - copied to dataSourceRef, and dataSourceRef contents - will be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, then - dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string required: - kind @@ -5654,85 +2775,25 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object from - which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty - API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic provisioner. - This field will replace the functionality of the dataSource - field and as such if both fields are non-empty, they - must have the same value. For backwards compatibility, - when namespace isn''t specified in dataSourceRef, both - fields (dataSource and dataSourceRef) will be set to - the same value automatically if one of them is empty - and the other is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t set to the same - value and must be empty. There are three important differences - between dataSource and dataSourceRef: * While dataSource - only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves all values, - and generates an error if a disallowed value is specified. - * While dataSource only allows local objects, dataSourceRef - allows objects in any namespaces. (Beta) Using this - field requires the AnyVolumeDataSource feature gate - to be enabled. (Alpha) Using the namespace field of - dataSourceRef requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. type: string kind: - description: Kind is the type of resource being referenced type: string name: - description: Name is the name of resource being referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant object - is required in the referent namespace to allow that - namespace's owner to accept the reference. See the - ReferenceGrant documentation for details. (Alpha) - This field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify resource - requirements that are lower than previous value but - must still be higher than capacity recorded in the status - field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used by - this container. \n This is an alpha field and requires - enabling the DynamicResourceAllocation feature gate. - \n This field is immutable. It can only be set for - containers." items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. properties: name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the Pod - where this field is used. It makes that resource - available inside a container. type: string required: - name @@ -5748,8 +2809,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5758,42 +2817,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes to - consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. items: type: string type: array @@ -5805,80 +2840,25 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the StorageClass - required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: - description: volumeMode defines what type of volume is - required by the claim. Value of Filesystem is implied - when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference to the - PersistentVolume backing this claim. type: string type: object status: - description: '*Deprecated: this field is never set.*' properties: accessModes: - description: 'accessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array allocatedResourceStatuses: additionalProperties: - description: When a controller receives persistentvolume - claim update with ClaimResourceStatus for a resource - that it does not recognizes, then it should ignore - that update and let other controllers handle it. type: string - description: "allocatedResourceStatuses stores status - of resource being resized for the given PVC. Key names - follow standard Kubernetes label syntax. Valid values - are either: * Un-prefixed keys: - storage - the capacity - of the volume. * Custom resources must use implementation-defined - prefixed names such as \"example.com/my-custom-resource\" - Apart from above values - keys that are unprefixed or - have kubernetes.io prefix are considered reserved and - hence may not be used. \n ClaimResourceStatus can be - in any of following states: - ControllerResizeInProgress: - State set when resize controller starts resizing the - volume in control-plane. - ControllerResizeFailed: State - set when resize has failed in resize controller with - a terminal error. - NodeResizePending: State set when - resize controller has finished resizing the volume but - further resizing of volume is needed on the node. - - NodeResizeInProgress: State set when kubelet starts - resizing the volume. - NodeResizeFailed: State set when - resizing has failed in kubelet with a terminal error. - Transient errors don't set NodeResizeFailed. For example: - if expanding a PVC for more capacity - this field can - be one of the following states: - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] - = \"ControllerResizeFailed\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizePending\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeInProgress\" - pvc.status.allocatedResourceStatus['storage'] - = \"NodeResizeFailed\" When this field is not set, it - means that no resize operation is in progress for the - given PVC. \n A controller that receives PVC update - with previously unknown resourceName or ClaimResourceStatus - should ignore the update for the purpose it was designed. - For example - a controller that only is responsible - for resizing capacity of the volume, should ignore PVC - updates that change other valid resources associated - with PVC. \n This is an alpha field and requires enabling - RecoverVolumeExpansionFailure feature." type: object x-kubernetes-map-type: granular allocatedResources: @@ -5888,31 +2868,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: "allocatedResources tracks the resources - allocated to a PVC including its capacity. Key names - follow standard Kubernetes label syntax. Valid values - are either: * Un-prefixed keys: - storage - the capacity - of the volume. * Custom resources must use implementation-defined - prefixed names such as \"example.com/my-custom-resource\" - Apart from above values - keys that are unprefixed or - have kubernetes.io prefix are considered reserved and - hence may not be used. \n Capacity reported here may - be larger than the actual capacity when a volume expansion - operation is requested. For storage quota, the larger - value from allocatedResources and PVC.spec.resources - is used. If allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation. If a volume expansion - capacity request is lowered, allocatedResources is only - lowered if there are no expansion operations in progress - and if the actual volume capacity is equal or lower - than the requested capacity. \n A controller that receives - PVC update with previously unknown resourceName should - ignore the update for the purpose it was designed. For - example - a controller that only is responsible for - resizing capacity of the volume, should ignore PVC updates - that change other valid resources associated with PVC. - \n This is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature." type: object capacity: additionalProperties: @@ -5921,43 +2876,23 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: capacity represents the actual resources - of the underlying volume. type: object conditions: - description: conditions is the current Condition of persistent - volume claim. If underlying persistent volume is being - resized then the Condition will be set to 'ResizeStarted'. items: - description: PersistentVolumeClaimCondition contains - details about state of pvc properties: lastProbeTime: - description: lastProbeTime is the time we probed - the condition. format: date-time type: string lastTransitionTime: - description: lastTransitionTime is the time the - condition transitioned from one status to another. format: date-time type: string message: - description: message is the human-readable message - indicating details about last transition. type: string reason: - description: reason is a unique, this should be - a short, machine understandable string that gives - the reason for condition's last transition. If - it reports "ResizeStarted" that means the underlying - persistent volume is being resized. type: string status: type: string type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type type: string required: - status @@ -5965,86 +2900,39 @@ spec: type: object type: array phase: - description: phase represents the current phase of PersistentVolumeClaim. type: string type: object type: object type: object tolerations: - description: Tolerations, if specified, controls the pod's tolerations. items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . properties: effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. type: string operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. type: string type: object type: array topologySpreadConstraints: - description: TopologySpreadConstraints, if specified, controls the - pod's topology spread constraints. items: - description: TopologySpreadConstraint specifies how to spread matching - pods among the given topology. properties: labelSelector: - description: LabelSelector is used to find matching pods. Pods - that match this label selector are counted to determine the - number of pods in their corresponding topology domain. properties: matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. properties: key: - description: key is the label key that the selector - applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. items: type: string type: array @@ -6056,126 +2944,27 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: - description: "MatchLabelKeys is a set of pod label keys to select - the pods over which spreading will be calculated. The keys - are used to lookup values from the incoming pod labels, those - key-value labels are ANDed with labelSelector to select the - group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in - both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot - be set when LabelSelector isn't set. Keys that don't exist - in the incoming pod labels will be ignored. A null or empty - list means only match against labelSelector. \n This is a - beta field and requires the MatchLabelKeysInPodTopologySpread - feature gate to be enabled (enabled by default)." items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes the degree to which pods may - be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference between the number - of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods - in an eligible domain or zero if the number of eligible domains - is less than MinDomains. For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with the same labelSelector - spread as 2/2/1: In this case, the global minimum is 1. | - zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew - is 1, incoming pod can only be scheduled to zone3 to become - 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) - on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming - pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to topologies that satisfy - it. It''s a required field. Default value is 1 and 0 is not - allowed.' format: int32 type: integer minDomains: - description: "MinDomains indicates a minimum number of eligible - domains. When the number of eligible domains with matching - topology keys is less than minDomains, Pod Topology Spread - treats \"global minimum\" as 0, and then the calculation of - Skew is performed. And when the number of eligible domains - with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. As a result, when - the number of eligible domains is less than minDomains, scheduler - won't schedule more than maxSkew Pods to those domains. If - value is nil, the constraint behaves as if MinDomains is equal - to 1. Valid values are integers greater than 0. When value - is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For - example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains - is set to 5 and pods with the same labelSelector spread as - 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | - The number of domains is less than 5(MinDomains), so \"global - minimum\" is treated as 0. In this situation, new pod with - the same labelSelector cannot be scheduled, because computed - skew will be 3(3 - 0) if new Pod is scheduled to any of the - three zones, it will violate MaxSkew. \n This is a beta field - and requires the MinDomainsInPodTopologySpread feature gate - to be enabled (enabled by default)." format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will treat - Pod's nodeAffinity/nodeSelector when calculating pod topology - spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector - are included in the calculations. - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included in the calculations. \n - If this value is nil, the behavior is equivalent to the Honor - policy. This is a beta-level feature default enabled by the - NodeInclusionPolicyInPodTopologySpread feature flag." type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat node - taints when calculating pod topology spread skew. Options - are: - Honor: nodes without taints, along with tainted nodes - for which the incoming pod has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - \n If this value is nil, the behavior is equivalent to the - Ignore policy. This is a beta-level feature default enabled - by the NodeInclusionPolicyInPodTopologySpread feature flag." type: string topologyKey: - description: TopologyKey is the key of node labels. Nodes that - have a label with this key and identical values are considered - to be in the same topology. We consider each - as a "bucket", and try to put balanced number of pods into - each bucket. We define a domain as a particular instance of - a topology. Also, we define an eligible domain as a domain - whose nodes meet the requirements of nodeAffinityPolicy and - nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. And, if TopologyKey - is "topology.kubernetes.io/zone", each zone is a domain of - that topology. It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with a - pod if it doesn''t satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not to schedule it. - ScheduleAnyway - tells the scheduler to schedule the pod in any location, but - giving higher precedence to topologies that would help reduce - the skew. A constraint is considered "Unsatisfiable" for an - incoming pod if and only if every possible node assignment - for that pod would violate "MaxSkew" on some topology. For - example, in a 3-zone cluster, MaxSkew is set to 1, and pods - with the same labelSelector spread as 3/1/1: | zone1 | zone2 - | zone3 | | P P P | P | P | If WhenUnsatisfiable is - set to DoNotSchedule, incoming pod can only be scheduled to - zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on - zone2(zone3) satisfies MaxSkew(1). In other words, the cluster - can still be imbalanced, but scheduler won''t make it *more* - imbalanced. It''s a required field.' type: string required: - maxSkew @@ -6184,44 +2973,21 @@ spec: type: object type: array version: - description: Version of Grafana Agent to be deployed. type: string volumeMounts: - description: VolumeMounts lets you configure additional VolumeMounts - on the output StatefulSet definition. Specified VolumeMounts are - appended to other VolumeMounts generated as a result of StorageSpec - objects in the Grafana Agent container. items: - description: VolumeMount describes a mounting of a Volume within - a container. properties: mountPath: - description: Path within the container at which the volume should - be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly to - SubPath but environment variable references $(VAR_NAME) are - expanded using the container's environment. Defaults to "" - (volume's root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -6229,224 +2995,106 @@ spec: type: object type: array volumes: - description: Volumes allows configuration of additional volumes on - the output StatefulSet definition. The volumes specified are appended - to other volumes that are generated as a result of StorageSpec objects. items: - description: Volume represents a named volume in a pod that may - be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will force the readOnly - setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID of the persistent disk - resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the Host Caching mode: None, - Read Only, Read Write.' type: string diskName: - description: diskName is the Name of the data disk in the - blob storage type: string diskURI: - description: diskURI is the URI of data disk in the blob - storage type: string fsType: - description: fsType is Filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. properties: readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: secretName is the name of secret that contains - Azure Storage Account Name and Key type: string shareName: - description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'path is Optional: Used as the mounted root, - rather than the full Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: SecretRef is reference - to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume attached and - mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: points to a secret - object containing parameters used to connect to OpenStack.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap that should populate - this volume properties: defaultMode: - description: 'defaultMode is optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error unless it is - marked optional. Paths must be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. type: string required: - key @@ -6454,139 +3102,66 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: optional specify whether the ConfigMap or its - keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). properties: driver: - description: driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated - CSI driver which will determine the default filesystem - to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward API about the pod - that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a Optional: mode bits used to set - permissions on created files by default. Must be an octal - value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: Items is a list of downward API volume file items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field properties: fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to set permissions - on this file, must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource @@ -6598,114 +3173,35 @@ spec: type: array type: object emptyDir: - description: 'emptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the - SizeLimit specified here and the sum of memory limits - of all containers in a pod. The default is nil which means - that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume that is handled - by a cluster storage driver. The volume's lifecycle is tied - to the pod that defines it - it will be created before the - pod starts, and deleted when the pod is removed. \n Use this - if: a) the volume is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot or capacity - tracking are needed, c) the storage driver is specified through - a storage class, and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this volume - type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that persist - for longer than the lifecycle of an individual pod. \n Use - CSI for light-weight local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation of the - driver for more information. \n A pod can use both types of - ephemeral volumes and persistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC - will be deleted together with the pod. The name of the - PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the concatenated - name is not valid for a PVC (for example, too long). \n - An existing PVC with that name that is not owned by the - pod will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC - is meant to be used by the pod, the PVC has to updated - with an owner reference to the pod once the pod exists. - Normally this should not be necessary, but it may be useful - when manually reconstructing a broken cluster. \n This - field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. \n Required, must - not be nil." properties: metadata: - description: May contain labels and annotations that - will be copied into the PVC when creating it. No other - fields are allowed and will be rejected during validation. type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified - data source. When the AnyVolumeDataSource feature - gate is enabled, dataSource contents will be copied - to dataSourceRef, and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string required: - kind @@ -6713,94 +3209,25 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object - from which to populate the volume with data, if - a non-empty volume is desired. This may be any - object from a non-empty API group (non core object) - or a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed - if the type of the specified object matches some - installed volume populator or dynamic provisioner. - This field will replace the functionality of the - dataSource field and as such if both fields are - non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t - specified in dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to the same value - automatically if one of them is empty and the - other is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t set to the - same value and must be empty. There are three - important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types - of objects, dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping - them), dataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - * While dataSource only allows local objects, - dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the - namespace field of dataSourceRef requires the - CrossNamespaceVolumeDataSource feature gate to - be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. type: string required: - name @@ -6816,8 +3243,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -6826,46 +3251,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes - to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -6877,28 +3274,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem - is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. type: string type: object required: @@ -6906,74 +3289,38 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to the - pod. properties: fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string lun: - description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' items: type: string type: array wwids: - description: 'wwids Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' items: type: string type: array type: object flexVolume: - description: flexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. properties: driver: - description: driver is the name of the driver to use for - this volume. type: string fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends - on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: this field holds extra - command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: secretRef is reference - to the secret object containing sensitive information - to pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the plugin - scripts.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic @@ -6981,184 +3328,88 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running properties: datasetName: - description: datasetName is Name of the dataset stored as - metadata -> name on the dataset for Flocker should be - considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of the dataset. This - is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type of the volume that - you want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name of the PD resource in - GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: - description: 'gitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' properties: directory: - description: directory is the target directory name. Must - not contain or start with '..'. If '.' is supplied, the - volume directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. type: string repository: - description: repository is the URL type: string revision: - description: revision is the commit hash for the specified - revision. type: string required: - repository type: object glusterfs: - description: 'glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' properties: path: - description: 'path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to - the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether support iSCSI - Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether support iSCSI - Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string initiatorName: - description: initiatorName is the custom iSCSI Initiator - Name. If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the interface Name that uses - an iSCSI transport. Defaults to 'default' (tcp). type: string lun: - description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if the port is - other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP Secret for iSCSI target - and initiator authentication properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -7166,148 +3417,67 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force the NFS export to - be mounted with read-only permissions. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents a - reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the ReadOnly setting in - VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string pdID: - description: pdID is the ID that identifies Photon Controller - persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine properties: fsType: - description: fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in one resources secrets, - configmaps, and downward API properties: defaultMode: - description: defaultMode are the mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. format: int32 type: integer sources: - description: sources is the list of volume projections items: - description: Projection that may be projected along with - other supported volume types properties: configMap: - description: configMap information about the configMap - data to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -7315,91 +3485,42 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: optional specify whether the ConfigMap - or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information about the downwardAPI - data to project properties: items: - description: Items is a list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field properties: fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to - set permissions on this file, must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource @@ -7411,48 +3532,16 @@ spec: type: array type: object secret: - description: secret information about the secret data - to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -7460,45 +3549,19 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: optional field specify whether the - Secret or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is information about - the serviceAccountToken data to project properties: audience: - description: audience is the intended audience - of the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. type: string expirationSeconds: - description: expirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, the - kubelet volume plugin will proactively rotate - the service account token. The kubelet will - start trying to rotate the token if the token - is older than 80 percent of its time to live - or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. format: int64 type: integer path: - description: path is the path relative to the - mount point of the file to project the token - into. type: string required: - path @@ -7507,148 +3570,76 @@ spec: type: array type: object quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime properties: group: - description: group to map volume access to Default is no - group type: string readOnly: - description: readOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. type: boolean registry: - description: registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes type: string tenant: - description: tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin type: string user: - description: user to map volume access to Defaults to serivceaccount - user type: string volume: - description: volume is a string that references an already - created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string image: - description: 'image is the rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'pool is the rados pool name. Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is - nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Default is "xfs". type: string gateway: - description: gateway is the host address of the ScaleIO - API Gateway. type: string protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. type: string readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false type: boolean storageMode: - description: storageMode indicates whether the storage for - a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO Storage Pool associated - with the protection domain. type: string system: - description: system is the name of the storage system as - configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a volume already - created in the ScaleIO system that is associated with - this volume source. type: string required: - gateway @@ -7656,54 +3647,19 @@ spec: - system type: object secret: - description: 'secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the Secret, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. type: string required: - key @@ -7711,76 +3667,36 @@ spec: type: object type: array optional: - description: optional field specify whether the Secret or - its keys must be defined type: boolean secretName: - description: 'secretName is the name of the secret in the - pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within - a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name to - override the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine properties: fsType: - description: fsType is filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage Policy Based - Management (SPBM) profile ID associated with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage Policy Based - Management (SPBM) profile name. type: string volumePath: - description: volumePath is the path that identifies vSphere - volume vmdk type: string required: - volumePath diff --git a/charts/agent-operator/crds/monitoring.grafana.com_integrations.yaml b/charts/agent-operator/crds/monitoring.grafana.com_integrations.yaml index e786166447..960b2f73ac 100644 --- a/charts/agent-operator/crds/monitoring.grafana.com_integrations.yaml +++ b/charts/agent-operator/crds/monitoring.grafana.com_integrations.yaml @@ -20,55 +20,26 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: "Integration runs a single Grafana Agent integration. Integrations - that generate telemetry must be configured to send that telemetry somewhere, - such as autoscrape for exporter-based integrations. \n Integrations have - access to the LogsInstances and MetricsInstances in the same GrafanaAgent - resource set, referenced by the / of the Instance resource. - \n For example, if there is a default/production MetricsInstance, you can - configure a supported integration's autoscrape block with: \n autoscrape: - enable: true metrics_instance: default/production \n There is currently - no way for telemetry created by an Operator-managed integration to be collected - from outside of the integration itself." properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Specifies the desired behavior of the Integration. properties: config: - description: "The configuration for the named integration. Note that - Integrations are deployed with the integrations-next feature flag, - which has different common settings: \n https://grafana.com/docs/agent/latest/configuration/integrations/integrations-next/" type: object x-kubernetes-preserve-unknown-fields: true configMaps: - description: "An extra list of keys from ConfigMaps in the same namespace - as the Integration which will be mounted into the Grafana Agent - pod running this Integration. \n ConfigMaps are mounted at /etc/grafana-agent/integrations/configMaps///." items: - description: Selects a key from a ConfigMap. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the ConfigMap or its key must be - defined type: boolean required: - key @@ -76,26 +47,15 @@ spec: x-kubernetes-map-type: atomic type: array name: - description: Name of the integration to run (e.g., "node_exporter", - "mysqld_exporter"). type: string secrets: - description: "An extra list of keys from Secrets in the same namespace - as the Integration which will be mounted into the Grafana Agent - pod running this Integration. \n Secrets will be mounted at /etc/grafana-agent/integrations/secrets///." items: - description: SecretKeySelector selects a key of a Secret. properties: key: - description: The key of the secret to select from. Must be - a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined type: boolean required: - key @@ -103,60 +63,26 @@ spec: x-kubernetes-map-type: atomic type: array type: - description: Type informs Grafana Agent Operator about how to manage - the integration being configured. properties: allNodes: - description: When true, the configured integration should be run - on every Node in the cluster. This is required for Integrations - that generate Node-specific metrics like node_exporter, otherwise - it must be false to avoid generating duplicate metrics. type: boolean unique: - description: Whether this integration can only be defined once - for a Grafana Agent process, such as statsd_exporter. It is - invalid for a GrafanaAgent to discover multiple unique Integrations - with the same Integration name (i.e., a single GrafanaAgent - cannot deploy two statsd_exporters). type: boolean type: object volumeMounts: - description: "An extra list of VolumeMounts to be associated with - the Grafana Agent pods running this integration. VolumeMount names - are mutated to be unique across all used IntegrationSpecs. \n Mount - paths should include the namespace/name of the Integration CR to - avoid potentially colliding with other resources." items: - description: VolumeMount describes a mounting of a Volume within - a container. properties: mountPath: - description: Path within the container at which the volume should - be mounted. Must not contain ':'. type: string mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. type: string name: - description: This must match the Name of a Volume. type: string readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. type: boolean subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). type: string subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly to - SubPath but environment variable references $(VAR_NAME) are - expanded using the container's environment. Defaults to "" - (volume's root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -164,228 +90,106 @@ spec: type: object type: array volumes: - description: "An extra list of Volumes to be associated with the Grafana - Agent pods running this integration. Volume names are mutated to - be unique across all Integrations. Note that the specified volumes - should be able to tolerate existing on multiple pods at once when - type is daemonset. \n Don't use volumes for loading Secrets or ConfigMaps - from the same namespace as the Integration; use the Secrets and - ConfigMaps fields instead." items: - description: Volume represents a named volume in a pod that may - be accessed by any container in the pod. properties: awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty).' format: int32 type: integer readOnly: - description: 'readOnly value true will force the readOnly - setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'volumeID is unique ID of the persistent disk - resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. properties: cachingMode: - description: 'cachingMode is the Host Caching mode: None, - Read Only, Read Write.' type: string diskName: - description: diskName is the Name of the data disk in the - blob storage type: string diskURI: - description: diskURI is the URI of data disk in the blob - storage type: string fsType: - description: fsType is Filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults to shared' type: string readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. properties: readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: secretName is the name of secret that contains - Azure Storage Account Name and Key type: string shareName: - description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime properties: monitors: - description: 'monitors is Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'path is Optional: Used as the mounted root, - rather than the full Ceph tree, default is /' type: string readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'secretFile is Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'secretRef is Optional: SecretRef is reference - to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'cinder represents a cinder volume attached and - mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'secretRef is optional: points to a secret - object containing parameters used to connect to OpenStack.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic volumeID: - description: 'volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: configMap represents a configMap that should populate - this volume properties: defaultMode: - description: 'defaultMode is optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items if unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error unless it is - marked optional. Paths must be relative and may not contain - the '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. type: string required: - key @@ -393,139 +197,66 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: optional specify whether the ConfigMap or its - keys must be defined type: boolean type: object x-kubernetes-map-type: atomic csi: - description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). properties: driver: - description: driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. type: string fsType: - description: fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated - CSI driver which will determine the default filesystem - to apply. type: string nodePublishSecretRef: - description: nodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: volumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. type: object required: - driver type: object downwardAPI: - description: downwardAPI represents downward API about the pod - that should populate this volume properties: defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a Optional: mode bits used to set - permissions on created files by default. Must be an octal - value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: Items is a list of downward API volume file items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field properties: fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' properties: apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". type: string fieldPath: - description: Path of the field to select in the - specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to set permissions - on this file, must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' properties: containerName: - description: 'Container name: required for volumes, - optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to select' type: string required: - resource @@ -537,114 +268,35 @@ spec: type: array type: object emptyDir: - description: 'emptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the - SizeLimit specified here and the sum of memory limits - of all containers in a pod. The default is nil which means - that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "ephemeral represents a volume that is handled - by a cluster storage driver. The volume's lifecycle is tied - to the pod that defines it - it will be created before the - pod starts, and deleted when the pod is removed. \n Use this - if: a) the volume is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot or capacity - tracking are needed, c) the storage driver is specified through - a storage class, and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this volume - type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that persist - for longer than the lifecycle of an individual pod. \n Use - CSI for light-weight local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation of the - driver for more information. \n A pod can use both types of - ephemeral volumes and persistent volumes at the same time." properties: volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC - will be deleted together with the pod. The name of the - PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the concatenated - name is not valid for a PVC (for example, too long). \n - An existing PVC with that name that is not owned by the - pod will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC - is meant to be used by the pod, the PVC has to updated - with an owner reference to the pod once the pod exists. - Normally this should not be necessary, but it may be useful - when manually reconstructing a broken cluster. \n This - field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. \n Required, must - not be nil." properties: metadata: - description: May contain labels and annotations that - will be copied into the PVC when creating it. No other - fields are allowed and will be rejected during validation. type: object spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. properties: accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified - data source. When the AnyVolumeDataSource feature - gate is enabled, dataSource contents will be copied - to dataSourceRef, and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string required: - kind @@ -652,94 +304,25 @@ spec: type: object x-kubernetes-map-type: atomic dataSourceRef: - description: 'dataSourceRef specifies the object - from which to populate the volume with data, if - a non-empty volume is desired. This may be any - object from a non-empty API group (non core object) - or a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed - if the type of the specified object matches some - installed volume populator or dynamic provisioner. - This field will replace the functionality of the - dataSource field and as such if both fields are - non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t - specified in dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to the same value - automatically if one of them is empty and the - other is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t set to the - same value and must be empty. There are three - important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types - of objects, dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping - them), dataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - * While dataSource only allows local objects, - dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the - namespace field of dataSourceRef requires the - CrossNamespaceVolumeDataSource feature gate to - be enabled.' properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. type: string kind: - description: Kind is the type of resource being - referenced type: string name: - description: Name is the name of resource being - referenced type: string namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. properties: name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. type: string required: - name @@ -755,8 +338,6 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -765,46 +346,18 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: selector is a label query over volumes - to consider for binding. properties: matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. properties: key: - description: key is the label key that - the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. items: type: string type: array @@ -816,28 +369,14 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem - is implied when not included in claim spec. type: string volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. type: string type: object required: @@ -845,74 +384,38 @@ spec: type: object type: object fc: - description: fc represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to the - pod. properties: fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' type: string lun: - description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' items: type: string type: array wwids: - description: 'wwids Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' items: type: string type: array type: object flexVolume: - description: flexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. properties: driver: - description: driver is the name of the driver to use for - this volume. type: string fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends - on FlexVolume script. type: string options: additionalProperties: type: string - description: 'options is Optional: this field holds extra - command options if any.' type: object readOnly: - description: 'readOnly is Optional: defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'secretRef is Optional: secretRef is reference - to the secret object containing sensitive information - to pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the plugin - scripts.' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic @@ -920,184 +423,88 @@ spec: - driver type: object flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running properties: datasetName: - description: datasetName is Name of the dataset stored as - metadata -> name on the dataset for Flocker should be - considered as deprecated type: string datasetUUID: - description: datasetUUID is the UUID of the dataset. This - is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'fsType is filesystem type of the volume that - you want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'pdName is unique name of the PD resource in - GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: - description: 'gitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' properties: directory: - description: directory is the target directory name. Must - not contain or start with '..'. If '.' is supplied, the - volume directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. type: string repository: - description: repository is the URL type: string revision: - description: revision is the commit hash for the specified - revision. type: string required: - repository type: object glusterfs: - description: 'glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'endpoints is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'readOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: - description: 'hostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' properties: path: - description: 'path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'iscsi represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to - the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: chapAuthDiscovery defines whether support iSCSI - Discovery CHAP authentication type: boolean chapAuthSession: - description: chapAuthSession defines whether support iSCSI - Session CHAP authentication type: boolean fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string initiatorName: - description: initiatorName is the custom iSCSI Initiator - Name. If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: - description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: - description: iscsiInterface is the interface Name that uses - an iSCSI transport. Defaults to 'default' (tcp). type: string lun: - description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: - description: portals is the iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if the port is - other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. type: boolean secretRef: - description: secretRef is the CHAP Secret for iSCSI target - and initiator authentication properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic targetPortal: - description: targetPortal is iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -1105,148 +512,67 @@ spec: - targetPortal type: object name: - description: 'name of the volume. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'nfs represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'readOnly here will force the NFS export to - be mounted with read-only permissions. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents a - reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: readOnly Will force the ReadOnly setting in - VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string pdID: - description: pdID is the ID that identifies Photon Controller - persistent disk type: string required: - pdID type: object portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine properties: fsType: - description: fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: volumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: - description: projected items for all in one resources secrets, - configmaps, and downward API properties: defaultMode: - description: defaultMode are the mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. format: int32 type: integer sources: - description: sources is the list of volume projections items: - description: Projection that may be projected along with - other supported volume types properties: configMap: - description: configMap information about the configMap - data to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -1254,91 +580,42 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: optional specify whether the ConfigMap - or its keys must be defined type: boolean type: object x-kubernetes-map-type: atomic downwardAPI: - description: downwardAPI information about the downwardAPI - data to project properties: items: - description: Items is a list of DownwardAPIVolume - file items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field properties: fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' properties: apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". type: string fieldPath: - description: Path of the field to select - in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic mode: - description: 'Optional: mode bits used to - set permissions on this file, must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' format: int32 type: integer path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' type: string resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' properties: containerName: - description: 'Container name: required - for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: - description: 'Required: resource to - select' type: string required: - resource @@ -1350,48 +627,16 @@ spec: type: array type: object secret: - description: secret information about the secret data - to project properties: items: - description: items if unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. items: - description: Maps a string key to a path within - a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. type: string required: - key @@ -1399,45 +644,19 @@ spec: type: object type: array name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: optional field specify whether the - Secret or its key must be defined type: boolean type: object x-kubernetes-map-type: atomic serviceAccountToken: - description: serviceAccountToken is information about - the serviceAccountToken data to project properties: audience: - description: audience is the intended audience - of the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. type: string expirationSeconds: - description: expirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, the - kubelet volume plugin will proactively rotate - the service account token. The kubelet will - start trying to rotate the token if the token - is older than 80 percent of its time to live - or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. format: int64 type: integer path: - description: path is the path relative to the - mount point of the file to project the token - into. type: string required: - path @@ -1446,148 +665,76 @@ spec: type: array type: object quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime properties: group: - description: group to map volume access to Default is no - group type: string readOnly: - description: readOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. type: boolean registry: - description: registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes type: string tenant: - description: tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin type: string user: - description: user to map volume access to Defaults to serivceaccount - user type: string volume: - description: volume is a string that references an already - created Quobyte volume by name. type: string required: - registry - volume type: object rbd: - description: 'rbd represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' type: string image: - description: 'image is the rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'pool is the rados pool name. Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'secretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is - nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic user: - description: 'user is the rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Default is "xfs". type: string gateway: - description: gateway is the host address of the ScaleIO - API Gateway. type: string protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. type: string readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic sslEnabled: - description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false type: boolean storageMode: - description: storageMode indicates whether the storage for - a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. type: string storagePool: - description: storagePool is the ScaleIO Storage Pool associated - with the protection domain. type: string system: - description: system is the name of the storage system as - configured in ScaleIO. type: string volumeName: - description: volumeName is the name of a volume already - created in the ScaleIO system that is associated with - this volume source. type: string required: - gateway @@ -1595,54 +742,19 @@ spec: - system type: object secret: - description: 'secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'defaultMode is Optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer items: - description: items If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the Secret, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. items: - description: Maps a string key to a path within a volume. properties: key: - description: key is the key to project. type: string mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' format: int32 type: integer path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. type: string required: - key @@ -1650,76 +762,36 @@ spec: type: object type: array optional: - description: optional field specify whether the Secret or - its keys must be defined type: boolean secretName: - description: 'secretName is the name of the secret in the - pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. properties: fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: secretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object x-kubernetes-map-type: atomic volumeName: - description: volumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within - a namespace. type: string volumeNamespace: - description: volumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name to - override the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine properties: fsType: - description: fsType is filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. type: string storagePolicyID: - description: storagePolicyID is the storage Policy Based - Management (SPBM) profile ID associated with the StoragePolicyName. type: string storagePolicyName: - description: storagePolicyName is the storage Policy Based - Management (SPBM) profile name. type: string volumePath: - description: volumePath is the path that identifies vSphere - volume vmdk type: string required: - volumePath diff --git a/charts/agent-operator/crds/monitoring.grafana.com_logsinstances.yaml b/charts/agent-operator/crds/monitoring.grafana.com_logsinstances.yaml index f36440ab0c..517bb30c2e 100644 --- a/charts/agent-operator/crds/monitoring.grafana.com_logsinstances.yaml +++ b/charts/agent-operator/crds/monitoring.grafana.com_logsinstances.yaml @@ -20,114 +20,60 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: LogsInstance controls an individual logs instance within a Grafana - Agent deployment. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec holds the specification of the desired behavior for - the logs instance. properties: additionalScrapeConfigs: - description: "AdditionalScrapeConfigs allows specifying a key of a - Secret containing additional Grafana Agent logging scrape configurations. - Scrape configurations specified are appended to the configurations - generated by the Grafana Agent Operator. \n Job configurations specified - must have the form as specified in the official Promtail documentation: - \n https://grafana.com/docs/loki/latest/clients/promtail/configuration/#scrape_configs - \n As scrape configs are appended, the user is responsible to make - sure it is valid. Note that using this feature may expose the possibility - to break upgrades of Grafana Agent. It is advised to review both - Grafana Agent and Promtail release notes to ensure that no incompatible - scrape configs are going to break Grafana Agent after the upgrade." properties: key: - description: The key of the secret to select from. Must be a - valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic clients: - description: Clients controls where logs are written to for this instance. items: - description: LogsClientSpec defines the client integration for logs, - indicating which Loki server to send logs to. properties: backoffConfig: - description: Configures how to retry requests to Loki when a - request fails. Defaults to a minPeriod of 500ms, maxPeriod - of 5m, and maxRetries of 10. properties: maxPeriod: - description: Maximum backoff time between retries. type: string maxRetries: - description: Maximum number of retries to perform before - giving up a request. type: integer minPeriod: - description: Initial backoff time between retries. Time - between retries is increased exponentially. type: string type: object basicAuth: - description: BasicAuth for the Loki server. properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -135,67 +81,40 @@ spec: x-kubernetes-map-type: atomic type: object batchSize: - description: Maximum batch size (in bytes) of logs to accumulate - before sending the batch to Loki. type: integer batchWait: - description: Maximum amount of time to wait before sending a - batch, even if that batch isn't full. type: string bearerToken: - description: BearerToken used for remote_write. type: string bearerTokenFile: - description: BearerTokenFile used to read bearer token. type: string externalLabels: additionalProperties: type: string - description: ExternalLabels are labels to add to any time series - when sending data to Loki. type: object oauth2: - description: Oauth2 for URL properties: clientId: - description: The secret or configmap containing the OAuth2 - client id properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -203,19 +122,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -224,15 +136,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -241,61 +150,34 @@ spec: - tokenUrl type: object proxyUrl: - description: ProxyURL to proxy requests through. Optional. type: string tenantId: - description: Tenant ID used by default to push logs to Loki. - If omitted assumes remote Loki is running in single-tenant - mode or an authentication layer is used to inject an X-Scope-OrgID - header. type: string timeout: - description: Maximum time to wait for a server to respond to - a request. type: string tlsConfig: - description: TLSConfig to use for the client. Only used when - the protocol of the URL is https. properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -303,47 +185,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -351,76 +214,42 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for the - targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object url: - description: 'URL is the URL where Loki is listening. Must be - a full HTTP URL, including protocol. Required. Example: https://logs-prod-us-central1.grafana.net/loki/api/v1/push.' type: string required: - url type: object type: array podLogsNamespaceSelector: - description: Set of labels to determine which namespaces should be - watched for PodLogs. If not provided, checks only namespace of the - instance. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -432,41 +261,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic podLogsSelector: - description: Determines which PodLogs should be selected for including - in this instance. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -478,20 +285,12 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic targetConfig: - description: Configures how tailed targets are watched. properties: syncPeriod: - description: Period to resync directories being watched and files - being tailed to discover new ones or stop watching removed ones. type: string type: object type: object diff --git a/charts/agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml b/charts/agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml index 015c0339ce..610193f440 100644 --- a/charts/agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml +++ b/charts/agent-operator/crds/monitoring.grafana.com_metricsinstances.yaml @@ -20,89 +20,41 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: MetricsInstance controls an individual Metrics instance within - a Grafana Agent deployment. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec holds the specification of the desired behavior for - the Metrics instance. properties: additionalScrapeConfigs: - description: 'AdditionalScrapeConfigs lets you specify a key of a - Secret containing additional Grafana Agent Prometheus scrape configurations. - The specified scrape configurations are appended to the configurations - generated by Grafana Agent Operator. Specified job configurations - must have the form specified in the official Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. - As scrape configs are appended, you must make sure the configuration - is still valid. Note that it''s possible that this feature will - break future upgrades of Grafana Agent. Review both Grafana Agent - and Prometheus release notes to ensure that no incompatible scrape - configs will break Grafana Agent after the upgrade.' properties: key: - description: The key of the secret to select from. Must be a - valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic maxWALTime: - description: MaxWALTime is the maximum amount of time that series - and samples can exist in the WAL before being forcibly deleted. type: string minWALTime: - description: MinWALTime is the minimum amount of time that series - and samples can exist in the WAL before being considered for deletion. type: string podMonitorNamespaceSelector: - description: PodMonitorNamespaceSelector are the set of labels to - determine which namespaces to watch for PodMonitor discovery. If - nil, it only checks its own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -114,41 +66,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic podMonitorSelector: - description: PodMonitorSelector determines which PodMonitors to selected - for target discovery. Experimental. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -160,42 +90,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic probeNamespaceSelector: - description: ProbeNamespaceSelector is the set of labels that determines - which namespaces to watch for Probe discovery. If nil, it only checks - own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -207,41 +114,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic probeSelector: - description: ProbeSelector determines which Probes to select for target - discovery. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -253,62 +138,35 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic remoteFlushDeadline: - description: RemoteFlushDeadline is the deadline for flushing data - when an instance shuts down. type: string remoteWrite: - description: RemoteWrite controls remote_write settings for this instance. items: - description: RemoteWriteSpec defines the remote_write configuration - for Prometheus. properties: basicAuth: - description: BasicAuth for the URL. properties: password: - description: The secret in the service monitor namespace - that contains the password for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic username: - description: The secret in the service monitor namespace - that contains the username for authentication. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -316,78 +174,45 @@ spec: x-kubernetes-map-type: atomic type: object bearerToken: - description: BearerToken used for remote_write. type: string bearerTokenFile: - description: BearerTokenFile used to read bearer token. type: string headers: additionalProperties: type: string - description: Headers is a set of custom HTTP headers to be sent - along with each remote_write request. Be aware that any headers - set by Grafana Agent itself can't be overwritten. type: object metadataConfig: - description: MetadataConfig configures the sending of series - metadata to remote storage. properties: send: - description: Send enables metric metadata to be sent to - remote storage. type: boolean sendInterval: - description: SendInterval controls how frequently metric - metadata is sent to remote storage. type: string type: object name: - description: Name of the remote_write queue. Must be unique - if specified. The name is used in metrics and logging in order - to differentiate queues. type: string oauth2: - description: Oauth2 for URL properties: clientId: - description: The secret or configmap containing the OAuth2 - client id properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -395,19 +220,12 @@ spec: x-kubernetes-map-type: atomic type: object clientSecret: - description: The secret containing the OAuth2 client secret properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -416,15 +234,12 @@ spec: endpointParams: additionalProperties: type: string - description: Parameters to append to the token URL type: object scopes: - description: OAuth2 scopes used for the token request items: type: string type: array tokenUrl: - description: The URL to fetch the token from minLength: 1 type: string required: @@ -433,106 +248,57 @@ spec: - tokenUrl type: object proxyUrl: - description: ProxyURL to proxy requests through. Optional. type: string queueConfig: - description: QueueConfig allows tuning of the remote_write queue - parameters. properties: batchSendDeadline: - description: BatchSendDeadline is the maximum time a sample - will wait in the buffer. type: string capacity: - description: Capacity is the number of samples to buffer - per shard before samples start being dropped. type: integer maxBackoff: - description: MaxBackoff is the maximum retry delay. type: string maxRetries: - description: MaxRetries is the maximum number of times to - retry a batch on recoverable errors. type: integer maxSamplesPerSend: - description: MaxSamplesPerSend is the maximum number of - samples per send. type: integer maxShards: - description: MaxShards is the maximum number of shards, - i.e., the amount of concurrency. type: integer minBackoff: - description: MinBackoff is the initial retry delay. MinBackoff - is doubled for every retry. type: string minShards: - description: MinShards is the minimum number of shards, - i.e., the amount of concurrency. type: integer retryOnRateLimit: - description: RetryOnRateLimit retries requests when encountering - rate limits. type: boolean type: object remoteTimeout: - description: RemoteTimeout is the timeout for requests to the - remote_write endpoint. type: string sigv4: - description: SigV4 configures SigV4-based authentication to - the remote_write endpoint. SigV4-based authentication is used - if SigV4 is defined, even with an empty object. properties: accessKey: - description: AccessKey holds the secret of the AWS API access - key to use for signing. If not provided, the environment - variable AWS_ACCESS_KEY_ID is used. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic profile: - description: Profile is the named AWS profile to use for - authentication. type: string region: - description: Region of the AWS endpoint. If blank, the region - from the default credentials chain is used. type: string roleARN: - description: RoleARN is the AWS Role ARN to use for authentication, - as an alternative for using the AWS API keys. type: string secretKey: - description: SecretKey of the AWS API to use for signing. - If blank, the environment variable AWS_SECRET_ACCESS_KEY - is used. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key @@ -540,47 +306,28 @@ spec: x-kubernetes-map-type: atomic type: object tlsConfig: - description: TLSConfig to use for remote_write. properties: ca: - description: Certificate authority used when verifying server - certificates. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -588,47 +335,28 @@ spec: x-kubernetes-map-type: atomic type: object caFile: - description: Path to the CA cert in the Prometheus container - to use for the targets. type: string cert: - description: Client certificate to present when doing client-authentication. properties: configMap: - description: ConfigMap containing data to use for the - targets. properties: key: - description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the ConfigMap or its - key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic secret: - description: Secret containing data to use for the targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' type: string optional: - description: Specify whether the Secret or its key - must be defined type: boolean required: - key @@ -636,57 +364,33 @@ spec: x-kubernetes-map-type: atomic type: object certFile: - description: Path to the client cert file in the Prometheus - container for the targets. type: string insecureSkipVerify: - description: Disable target certificate validation. type: boolean keyFile: - description: Path to the client key file in the Prometheus - container for the targets. type: string keySecret: - description: Secret containing the client key file for the - targets. properties: key: - description: The key of the secret to select from. Must - be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: - description: Specify whether the Secret or its key must - be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic serverName: - description: Used to verify the hostname for the targets. type: string type: object url: - description: URL of the endpoint to send samples to. type: string writeRelabelConfigs: - description: WriteRelabelConfigs holds relabel_configs to relabel - samples before they are sent to the remote_write endpoint. items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It - defines ``-section of Prometheus - configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. - Default is 'replace'. uppercase and lowercase actions - require Prometheus >= 2.36. enum: - replace - Replace @@ -712,39 +416,20 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source - label values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source - label values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular - expression for the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name - which may only contain ASCII letters, numbers, as - well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. type: string type: object type: array @@ -753,33 +438,15 @@ spec: type: object type: array serviceMonitorNamespaceSelector: - description: ServiceMonitorNamespaceSelector is the set of labels - that determine which namespaces to watch for ServiceMonitor discovery. - If nil, it only checks its own namespace. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -791,41 +458,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic serviceMonitorSelector: - description: ServiceMonitorSelector determines which ServiceMonitors - to select for target discovery. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -837,23 +482,12 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic walTruncateFrequency: - description: WALTruncateFrequency specifies how frequently to run - the WAL truncation process. Higher values cause the WAL to increase - and for old series to stay in the WAL longer, but reduces the chance - of data loss when remote_write fails for longer than the given frequency. type: string writeStaleOnShutdown: - description: WriteStaleOnShutdown writes staleness markers on shutdown - for all series. type: boolean type: object type: object diff --git a/charts/agent-operator/crds/monitoring.grafana.com_podlogs.yaml b/charts/agent-operator/crds/monitoring.grafana.com_podlogs.yaml index ff6531f61e..f22d051b51 100644 --- a/charts/agent-operator/crds/monitoring.grafana.com_podlogs.yaml +++ b/charts/agent-operator/crds/monitoring.grafana.com_podlogs.yaml @@ -20,325 +20,146 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: PodLogs defines how to collect logs for a pod. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: - description: Spec holds the specification of the desired behavior for - the PodLogs. properties: jobLabel: - description: The label to use to retrieve the job name from. type: string namespaceSelector: - description: Selector to select which namespaces the Pod objects are - discovered from. properties: any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. type: boolean matchNames: - description: List of namespace names to select from. items: type: string type: array type: object pipelineStages: - description: Pipeline stages for this pod. Pipeline stages support - transforming and filtering log lines. items: - description: "PipelineStageSpec defines an individual pipeline stage. - Each stage type is mutually exclusive and no more than one may - be set per stage. \n More information on pipelines can be found - in the Promtail documentation: https://grafana.com/docs/loki/latest/clients/promtail/pipelines/" properties: cri: - description: 'CRI is a parsing stage that reads log lines using - the standard CRI logging format. Supply cri: {} to enable.' type: object docker: - description: 'Docker is a parsing stage that reads log lines - using the standard Docker logging format. Supply docker: {} - to enable.' type: object drop: - description: Drop is a filtering stage that lets you drop certain - logs. properties: dropCounterReason: - description: Every time a log line is dropped, the metric - logentry_dropped_lines_total is incremented. A "reason" - label is added, and can be customized by providing a custom - value here. Defaults to "drop_stage". type: string expression: - description: "RE2 regular expression. \n If source is provided, - the regex attempts to match the source. \n If no source - is provided, then the regex attempts to attach the log - line. \n If the provided regex matches the log line or - a provided source, the line is dropped." type: string longerThan: - description: LongerThan will drop a log line if it its content - is longer than this value (in bytes). Can be expressed - as an integer (8192) or a number with a suffix (8kb). type: string olderThan: - description: OlderThan will be parsed as a Go duration. - If the log line's timestamp is older than the current - time minus the provided duration, it will be dropped. type: string source: - description: Name from the extract data to parse. If empty, - uses the log message. type: string value: - description: "Value can only be specified when source is - specified. If the value provided is an exact match for - the given source then the line will be dropped. \n Mutually - exclusive with expression." type: string type: object json: - description: "JSON is a parsing stage that reads the log line - as JSON and accepts JMESPath expressions to extract data. - \n Information on JMESPath: http://jmespath.org/" properties: expressions: additionalProperties: type: string - description: "Set of the key/value pairs of JMESPath expressions. - The key will be the key in the extracted data while the - expression will be the value, evaluated as a JMESPath - from the source data. \n Literal JMESPath expressions - can be used by wrapping a key in double quotes, which - then must be wrapped again in single quotes in YAML so - they get passed to the JMESPath parser." type: object source: - description: Name from the extracted data to parse as JSON. - If empty, uses entire log message. type: string type: object labelAllow: - description: LabelAllow is an action stage that only allows - the provided labels to be included in the label set that is - sent to Loki with the log entry. items: type: string type: array labelDrop: - description: LabelDrop is an action stage that drops labels - from the label set that is sent to Loki with the log entry. items: type: string type: array labels: additionalProperties: type: string - description: "Labels is an action stage that takes data from - the extracted map and modifies the label set that is sent - to Loki with the log entry. \n The key is REQUIRED and represents - the name for the label that will be created. Value is optional - and will be the name from extracted data to use for the value - of the label. If the value is not provided, it defaults to - match the key." type: object limit: - description: Limit is a rate-limiting stage that throttles logs - based on several options. properties: burst: - description: The cap in the quantity of burst lines that - Promtail will push to Loki. type: integer drop: - description: "When drop is true, log lines that exceed the - current rate limit are discarded. When drop is false, - log lines that exceed the current rate limit wait to enter - the back pressure mode. \n Defaults to false." type: boolean rate: - description: The rate limit in lines per second that Promtail - will push to Loki. type: integer type: object match: - description: Match is a filtering stage that conditionally applies - a set of stages or drop entries when a log entry matches a - configurable LogQL stream selector and filter expressions. properties: action: - description: Determines what action is taken when the selector - matches the log line. Can be keep or drop. Defaults to - keep. When set to drop, entries are dropped and no later - metrics are recorded. Stages must be empty when dropping - metrics. type: string dropCounterReason: - description: Every time a log line is dropped, the metric - logentry_dropped_lines_total is incremented. A "reason" - label is added, and can be customized by providing a custom - value here. Defaults to "match_stage." type: string pipelineName: - description: Names the pipeline. When defined, creates an - additional label in the pipeline_duration_seconds histogram, - where the value is concatenated with job_name using an - underscore. type: string selector: - description: LogQL stream selector and filter expressions. - Required. type: string stages: - description: "Nested set of pipeline stages to execute when - action is keep and the log line matches selector. \n An - example value for stages may be: \n stages: | - json: - {} - labelAllow: [foo, bar] \n Note that stages is a string - because SIG API Machinery does not support recursive types, - and so it cannot be validated for correctness. Be careful - not to mistype anything." type: string required: - selector type: object metrics: additionalProperties: - description: MetricsStageSpec is an action stage that allows - for defining and updating metrics based on data from the - extracted map. Created metrics are not pushed to Loki or - Prometheus and are instead exposed via the /metrics endpoint - of the Grafana Agent pod. The Grafana Agent Operator should - be configured with a MetricsInstance that discovers the - logging DaemonSet to collect metrics created by this stage. properties: action: - description: "The action to take against the metric. Required. - \n Must be either \"inc\" or \"add\" for type: counter - or type: histogram. When type: gauge, must be one of - \"set\", \"inc\", \"dec\", \"add\", or \"sub\". \n \"add\", - \"set\", or \"sub\" requires the extracted value to - be convertible to a positive float." type: string buckets: - description: 'Buckets to create. Bucket values must be - convertible to float64s. Extremely large or small numbers - are subject to some loss of precision. Only valid for - type: histogram.' items: type: string type: array countEntryBytes: - description: "If true all log line bytes are counted. - Can only be set with matchAll: true and action: add. - \n Only valid for type: counter." type: boolean description: - description: Sets the description for the created metric. type: string matchAll: - description: "If true, all log lines are counted without - attempting to match the source to the extracted map. - Mutually exclusive with value. \n Only valid for type: - counter." type: boolean maxIdleDuration: - description: "Label values on metrics are dynamic which - can cause exported metrics to go stale. To prevent unbounded - cardinality, any metrics not updated within MaxIdleDuration - are removed. \n Must be greater or equal to 1s. Defaults - to 5m." type: string prefix: - description: Sets the custom prefix name for the metric. - Defaults to "promtail_custom_". type: string source: - description: Key from the extracted data map to use for - the metric. Defaults to the metrics name if not present. type: string type: - description: The metric type to create. Must be one of - counter, gauge, histogram. Required. type: string value: - description: Filters down source data and only changes - the metric if the targeted value matches the provided - string exactly. If not present, all data matches. type: string required: - action - type type: object - description: Metrics is an action stage that supports defining - and updating metrics based on data from the extracted map. - Created metrics are not pushed to Loki or Prometheus and are - instead exposed via the /metrics endpoint of the Grafana Agent - pod. The Grafana Agent Operator should be configured with - a MetricsInstance that discovers the logging DaemonSet to - collect metrics created by this stage. type: object multiline: - description: Multiline stage merges multiple lines into a multiline - block before passing it on to the next stage in the pipeline. properties: firstLine: - description: RE2 regular expression. Creates a new multiline - block when matched. Required. type: string maxLines: - description: Maximum number of lines a block can have. A - new block is started if the number of lines surpasses - this value. Defaults to 128. type: integer maxWaitTime: - description: Maximum time to wait before passing on the - multiline block to the next stage if no new lines are - received. Defaults to 3s. type: string required: - firstLine type: object output: - description: Output stage is an action stage that takes data - from the extracted map and changes the log line that will - be sent to Loki. properties: source: - description: Name from extract data to use for the log entry. - Required. type: string required: - source type: object pack: - description: Pack is a transform stage that lets you embed extracted - values and labels into the log line by packing the log line - and labels inside of a JSON object. properties: ingestTimestamp: - description: If the resulting log line should use any existing - timestamp or use time.Now() when the line was created. - Set to true when combining several log streams from different - containers to avoid out of order errors. type: boolean labels: - description: Name from extracted data or line labels. Required. - Labels provided here are automatically removed from output - labels. items: type: string type: array @@ -346,107 +167,57 @@ spec: - labels type: object regex: - description: Regex is a parsing stage that parses a log line - using a regular expression. Named capture groups in the regex - allows for adding data into the extracted map. properties: expression: - description: RE2 regular expression. Each capture group - MUST be named. Required. type: string source: - description: Name from extracted data to parse. If empty, - defaults to using the log message. type: string required: - expression type: object replace: - description: Replace is a parsing stage that parses a log line - using a regular expression and replaces the log line. Named - capture groups in the regex allows for adding data into the - extracted map. properties: expression: - description: RE2 regular expression. Each capture group - MUST be named. Required. type: string replace: - description: Value to replace the captured group with. type: string source: - description: Name from extracted data to parse. If empty, - defaults to using the log message. type: string required: - expression type: object template: - description: Template is a transform stage that manipulates - the values in the extracted map using Go's template syntax. properties: source: - description: Name from extracted data to parse. Required. - If empty, defaults to using the log message. type: string template: - description: Go template string to use. Required. In addition - to normal template functions, ToLower, ToUpper, Replace, - Trim, TrimLeft, TrimRight, TrimPrefix, and TrimSpace are - also available. type: string required: - source - template type: object tenant: - description: Tenant is an action stage that sets the tenant - ID for the log entry picking it from a field in the extracted - data map. If the field is missing, the default LogsClientSpec.tenantId - will be used. properties: label: - description: Name from labels whose value should be set - as tenant ID. Mutually exclusive with source and value. type: string source: - description: Name from extracted data to use as the tenant - ID. Mutually exclusive with label and value. type: string value: - description: Value to use for the template ID. Useful when - this stage is used within a conditional pipeline such - as match. Mutually exclusive with label and source. type: string type: object timestamp: - description: Timestamp is an action stage that can change the - timestamp of a log line before it is sent to Loki. If not - present, the timestamp of a log line defaults to the time - when the log line was read. properties: actionOnFailure: - description: Action to take when the timestamp can't be - extracted or parsed. Can be skip or fudge. Defaults to - fudge. type: string fallbackFormats: - description: Fallback formats to try if format fails. items: type: string type: array format: - description: 'Determines format of the time string. Required. - Can be one of: ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, - RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Unix, - UnixMs, UnixUs, UnixNs.' type: string location: - description: IANA Timezone Database string. type: string source: - description: Name from extracted data to use as the timestamp. - Required. type: string required: - format @@ -455,26 +226,14 @@ spec: type: object type: array podTargetLabels: - description: PodTargetLabels transfers labels on the Kubernetes Pod - onto the target. items: type: string type: array relabelings: - description: "RelabelConfigs to apply to logs before delivering. Grafana - Agent Operator automatically adds relabelings for a few standard - Kubernetes fields and replaces original scrape job name with __tmp_logs_job_name. - \n More info: https://grafana.com/docs/loki/latest/clients/promtail/configuration/#relabel_configs" items: - description: 'RelabelConfig allows dynamic rewriting of the label - set, being applied to samples before ingestion. It defines ``-section - of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' properties: action: default: replace - description: Action to perform based on regex matching. Default - is 'replace'. uppercase and lowercase actions require Prometheus - >= 2.36. enum: - replace - Replace @@ -500,67 +259,33 @@ spec: - DropEqual type: string modulus: - description: Modulus to take of the hash of the source label - values. format: int64 type: integer regex: - description: Regular expression against which the extracted - value is matched. Default is '(.*)' type: string replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex capture - groups are available. Default is '$1' type: string separator: - description: Separator placed between concatenated source label - values. default is ';'. type: string sourceLabels: - description: The source labels select values from existing labels. - Their content is concatenated using the configured separator - and matched against the configured regular expression for - the replace, keep, and drop actions. items: - description: LabelName is a valid Prometheus label name which - may only contain ASCII letters, numbers, as well as underscores. pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ type: string type: array targetLabel: - description: Label to which the resulting value is written in - a replace action. It is mandatory for replace actions. Regex - capture groups are available. type: string type: object type: array selector: - description: Selector to select Pod objects. Required. properties: matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. properties: key: - description: key is the label key that the selector applies - to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. items: type: string type: array @@ -572,11 +297,6 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. type: object type: object x-kubernetes-map-type: atomic diff --git a/charts/agent-operator/values.yaml b/charts/agent-operator/values.yaml index 4df2427768..d2ba96000f 100644 --- a/charts/agent-operator/values.yaml +++ b/charts/agent-operator/values.yaml @@ -37,7 +37,7 @@ image: # -- Image repo repository: grafana/agent-operator # -- Image tag - tag: v0.39.1 + tag: v0.40.0 # -- Image pull policy pullPolicy: IfNotPresent # -- Image pull secrets From a7ede052a7a44824db99477d21f580ba4adfe72a Mon Sep 17 00:00:00 2001 From: jcreixell Date: Tue, 27 Feb 2024 13:32:10 +0100 Subject: [PATCH 21/69] Update doc Signed-off-by: jcreixell Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/agent-operator/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index befe252886..09b1f5cf61 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.15](https://img.shields.io/badge/Version-0.3.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.0](https://img.shields.io/badge/AppVersion-0.40.0-informational?style=flat-square) +![Version: 0.3.16](https://img.shields.io/badge/Version-0.3.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.0](https://img.shields.io/badge/AppVersion-0.40.0-informational?style=flat-square) A Helm chart for Grafana Agent Operator From bd3913c3188f4fec8f00261122f4be5f6deb8c92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Mon, 26 Feb 2024 13:17:24 +0100 Subject: [PATCH 22/69] Separately configure automountServiceAccountToken MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan-Otto Kröpke Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/grafana/templates/_pod.tpl | 2 +- charts/grafana/values.yaml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/grafana/templates/_pod.tpl b/charts/grafana/templates/_pod.tpl index 80fb466097..ed22993c96 100644 --- a/charts/grafana/templates/_pod.tpl +++ b/charts/grafana/templates/_pod.tpl @@ -5,7 +5,7 @@ schedulerName: "{{ . }}" {{- end }} serviceAccountName: {{ include "grafana.serviceAccountName" . }} -automountServiceAccountToken: {{ .Values.serviceAccount.autoMount }} +automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} {{- with .Values.securityContext }} securityContext: {{- toYaml . | nindent 2 }} diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index a5b72c0ecb..b965d185e3 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -48,6 +48,9 @@ replicas: 1 ## Create a headless service for the deployment headlessService: false +## Should the service account be auto mounted on the pod +automountServiceAccountToken: true + ## Create HorizontalPodAutoscaler object for deployment type # autoscaling: From 8b33737b5ef0a2bcde433a9c3af7f9884c48035e Mon Sep 17 00:00:00 2001 From: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> Date: Wed, 28 Feb 2024 14:20:19 +0100 Subject: [PATCH 23/69] chore: Bump kiwigrid/k8s-sidecar:v1.26.0 Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/grafana/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/README.md b/charts/grafana/README.md index 41c33cfe09..0ea5cdaf01 100644 --- a/charts/grafana/README.md +++ b/charts/grafana/README.md @@ -161,7 +161,7 @@ need to instead set `global.imageRegistry`. | `lifecycleHooks` | Lifecycle hooks for podStart and preStop [Example](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/#define-poststart-and-prestop-handlers) | `{}` | | `sidecar.image.registry` | Sidecar image registry | `quay.io` | | `sidecar.image.repository` | Sidecar image repository | `kiwigrid/k8s-sidecar` | -| `sidecar.image.tag` | Sidecar image tag | `1.25.6` | +| `sidecar.image.tag` | Sidecar image tag | `1.26.0` | | `sidecar.image.sha` | Sidecar image sha (optional) | `""` | | `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | | `sidecar.resources` | Sidecar resources | `{}` | From 8a4f035e6c44e01b2a4706ca8c1d68ea0734315b Mon Sep 17 00:00:00 2001 From: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> Date: Wed, 28 Feb 2024 14:20:46 +0100 Subject: [PATCH 24/69] chore: Bump kiwigrid/k8s-sidecar:1.26.0 Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/grafana/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index b965d185e3..ec9584d5c0 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -836,7 +836,7 @@ sidecar: # -- The Docker registry registry: quay.io repository: kiwigrid/k8s-sidecar - tag: 1.25.6 + tag: 1.26.0 sha: "" imagePullPolicy: IfNotPresent resources: {} From 77a65b636cd979ed9e68f42c254ba49911c2fdbf Mon Sep 17 00:00:00 2001 From: Koen van Zuijlen <8818390+kvanzuijlen@users.noreply.github.com> Date: Wed, 28 Feb 2024 14:21:14 +0100 Subject: [PATCH 25/69] chore: Bump Chart Version Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 58b806fd97..56a93c042e 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.3.3 +version: 7.3.4 appVersion: 10.3.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From babd3b222e2a65b83e113bbbff533bc5b3b3575e Mon Sep 17 00:00:00 2001 From: footur <3769085+Footur@users.noreply.github.com> Date: Thu, 29 Feb 2024 08:39:53 +0100 Subject: [PATCH 26/69] Update Loki to version 2.9.5 Signed-off-by: footur <3769085+Footur@users.noreply.github.com> --- charts/loki-distributed/Chart.yaml | 4 ++-- charts/loki-distributed/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/loki-distributed/Chart.yaml b/charts/loki-distributed/Chart.yaml index 4535797966..5ce722bf85 100644 --- a/charts/loki-distributed/Chart.yaml +++ b/charts/loki-distributed/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: loki-distributed description: Helm chart for Grafana Loki in microservices mode type: application -appVersion: 2.9.4 -version: 0.78.3 +appVersion: 2.9.5 +version: 0.78.4 home: https://grafana.github.io/helm-charts sources: - https://github.com/grafana/loki diff --git a/charts/loki-distributed/README.md b/charts/loki-distributed/README.md index d9fbdd1d1e..d1aada7ba8 100644 --- a/charts/loki-distributed/README.md +++ b/charts/loki-distributed/README.md @@ -1,6 +1,6 @@ # loki-distributed -![Version: 0.78.3](https://img.shields.io/badge/Version-0.78.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.4](https://img.shields.io/badge/AppVersion-2.9.4-informational?style=flat-square) +![Version: 0.78.4](https://img.shields.io/badge/Version-0.78.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.5](https://img.shields.io/badge/AppVersion-2.9.5-informational?style=flat-square) Helm chart for Grafana Loki in microservices mode From 6162f55ec4f4f2eab4ba46fa05653606f22a9496 Mon Sep 17 00:00:00 2001 From: Jan Jansen Date: Thu, 7 Dec 2023 08:46:58 +0100 Subject: [PATCH 27/69] [tempo-distributed] switch to new overrides format Signed-off-by: Jan Jansen --- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/README.md | 15 ++++++++++----- charts/tempo-distributed/README.md.gotmpl | 12 +++++++++--- charts/tempo-distributed/values.yaml | 8 -------- 4 files changed, 20 insertions(+), 17 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 6e04c1a684..5f9ec77378 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.8.4 +version: 1.8.5 appVersion: 2.3.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 2518eeec02..de831de8bb 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.8.4](https://img.shields.io/badge/Version-1.8.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) +![Version: 1.8.5](https://img.shields.io/badge/Version-1.8.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) Grafana Tempo in MicroService mode @@ -45,6 +45,10 @@ The command removes all the Kubernetes components associated with the chart and A major chart version change indicates that there is an incompatible breaking change needing manual actions. +### From Chart versions < 1.8.0 + +Switch to new overrides format, see https://grafana.com/docs/tempo/latest/configuration/#overrides. + ### From Chart versions < 1.6.0 The metrics generator component in the chart has been disabled by default, but the configuration for the processors was not empty, resulting error sin the distributor log. Here we align the default metrics generator config settings to both disable the generator and remove processors. Users who wish to keep the their processors enabled, will need to update their values. @@ -452,7 +456,6 @@ The memcached default args are removed and should be provided manually. The sett | global.image.pullSecrets | list | `[]` | Optional list of imagePullSecrets for all images, excluding enterprise. Names of existing secrets with private container registry credentials. Ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod Example: pullSecrets: [ my-dockerconfigjson-secret ] | | global.image.registry | string | `"docker.io"` | Overrides the Docker registry globally for all images, excluding enterprise. | | global.priorityClassName | string | `nil` | Overrides the priorityClassName for all pods | -| global_overrides.metrics_generator_processors | list | `[]` | List of enabled metrics generator processors ([service-graphs, span-metrics]) | | global_overrides.per_tenant_override_config | string | `"/runtime-config/overrides.yaml"` | | | ingester.affinity | string | Soft node and soft zone anti-affinity | Affinity for ingester pods. Passed through `tpl` and, thus, to be configured as string | | ingester.annotations | object | `{}` | Annotations for the ingester StatefulSet | @@ -840,9 +843,11 @@ metricsGenerator: # x-scope-orgid: operations # Global overrides global_overrides: - metrics_generator_processors: - - service-graphs - - span-metrics + defaults: + metrics_generator: + processors: + - service-graphs + - span-metrics ``` ---- diff --git a/charts/tempo-distributed/README.md.gotmpl b/charts/tempo-distributed/README.md.gotmpl index 2df88f9e03..72219e0359 100644 --- a/charts/tempo-distributed/README.md.gotmpl +++ b/charts/tempo-distributed/README.md.gotmpl @@ -39,6 +39,10 @@ The command removes all the Kubernetes components associated with the chart and A major chart version change indicates that there is an incompatible breaking change needing manual actions. +### From Chart versions < 1.8.0 + +Switch to new overrides format, see https://grafana.com/docs/tempo/latest/configuration/#overrides. + ### From Chart versions < 1.6.0 The metrics generator component in the chart has been disabled by default, but the configuration for the processors was not empty, resulting error sin the distributor log. Here we align the default metrics generator config settings to both disable the generator and remove processors. Users who wish to keep the their processors enabled, will need to update their values. @@ -261,9 +265,11 @@ metricsGenerator: # x-scope-orgid: operations # Global overrides global_overrides: - metrics_generator_processors: - - service-graphs - - span-metrics + defaults: + metrics_generator: + processors: + - service-graphs + - span-metrics ``` ---- diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 71b84f4dff..3955e5c1bd 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1255,12 +1255,6 @@ config: | - dns+{{ include "tempo.fullname" . }}-gossip-ring:{{ .Values.memberlist.bind_port }} overrides: {{- toYaml .Values.global_overrides | nindent 2 }} - {{- if .Values.metricsGenerator.enabled }} - metrics_generator_processors: - {{- range .Values.global_overrides.metrics_generator_processors }} - - {{ . }} - {{- end }} - {{- end }} server: http_listen_port: {{ .Values.server.httpListenPort }} log_level: {{ .Values.server.logLevel }} @@ -1359,8 +1353,6 @@ storage: # Global overrides global_overrides: per_tenant_override_config: /runtime-config/overrides.yaml - # -- List of enabled metrics generator processors ([service-graphs, span-metrics]) - metrics_generator_processors: [] # Per tenants overrides overrides: | From 3831194ba2abd2a0ca7a14ca00e578f8e9d2abc6 Mon Sep 17 00:00:00 2001 From: Robert Fratto Date: Thu, 29 Feb 2024 15:18:31 -0500 Subject: [PATCH 28/69] [agent-operator] update helm chart for v0.40.1 (#3004) Signed-off-by: Robert Fratto --- charts/agent-operator/Chart.yaml | 4 ++-- charts/agent-operator/README.md | 4 ++-- charts/agent-operator/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/agent-operator/Chart.yaml b/charts/agent-operator/Chart.yaml index ed134809be..19bbce5cb8 100644 --- a/charts/agent-operator/Chart.yaml +++ b/charts/agent-operator/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: grafana-agent-operator description: A Helm chart for Grafana Agent Operator type: application -version: 0.3.16 -appVersion: "0.40.0" +version: 0.3.17 +appVersion: "0.40.1" home: https://grafana.com/docs/agent/v0.40/ icon: https://raw.githubusercontent.com/grafana/agent/v0.40.0/docs/sources/assets/logo_and_name.png sources: diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index 09b1f5cf61..f9f3657974 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.16](https://img.shields.io/badge/Version-0.3.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.0](https://img.shields.io/badge/AppVersion-0.40.0-informational?style=flat-square) +![Version: 0.3.17](https://img.shields.io/badge/Version-0.3.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.1](https://img.shields.io/badge/AppVersion-0.40.1-informational?style=flat-square) A Helm chart for Grafana Agent Operator @@ -63,7 +63,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | image.pullSecrets | list | `[]` | Image pull secrets | | image.registry | string | `"docker.io"` | Image registry | | image.repository | string | `"grafana/agent-operator"` | Image repo | -| image.tag | string | `"v0.40.0"` | Image tag | +| image.tag | string | `"v0.40.1"` | Image tag | | kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets | | nameOverride | string | `""` | Overrides the chart's name | | nodeSelector | object | `{}` | nodeSelector configuration | diff --git a/charts/agent-operator/values.yaml b/charts/agent-operator/values.yaml index d2ba96000f..3592169353 100644 --- a/charts/agent-operator/values.yaml +++ b/charts/agent-operator/values.yaml @@ -37,7 +37,7 @@ image: # -- Image repo repository: grafana/agent-operator # -- Image tag - tag: v0.40.0 + tag: v0.40.1 # -- Image pull policy pullPolicy: IfNotPresent # -- Image pull secrets From c496df41b1c7a0187ccf93aa37c43d155b9a8c1b Mon Sep 17 00:00:00 2001 From: Robert Fratto Date: Tue, 5 Mar 2024 16:20:17 -0500 Subject: [PATCH 29/69] [agent-operator] Bump version of Grafana Agent to v0.40.2 (#3007) Signed-off-by: Robert Fratto --- charts/agent-operator/Chart.yaml | 4 ++-- charts/agent-operator/README.md | 4 ++-- charts/agent-operator/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/agent-operator/Chart.yaml b/charts/agent-operator/Chart.yaml index 19bbce5cb8..f709132ebb 100644 --- a/charts/agent-operator/Chart.yaml +++ b/charts/agent-operator/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: grafana-agent-operator description: A Helm chart for Grafana Agent Operator type: application -version: 0.3.17 -appVersion: "0.40.1" +version: 0.3.18 +appVersion: "0.40.2" home: https://grafana.com/docs/agent/v0.40/ icon: https://raw.githubusercontent.com/grafana/agent/v0.40.0/docs/sources/assets/logo_and_name.png sources: diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index f9f3657974..79833c180e 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.17](https://img.shields.io/badge/Version-0.3.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.1](https://img.shields.io/badge/AppVersion-0.40.1-informational?style=flat-square) +![Version: 0.3.18](https://img.shields.io/badge/Version-0.3.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.2](https://img.shields.io/badge/AppVersion-0.40.2-informational?style=flat-square) A Helm chart for Grafana Agent Operator @@ -63,7 +63,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | image.pullSecrets | list | `[]` | Image pull secrets | | image.registry | string | `"docker.io"` | Image registry | | image.repository | string | `"grafana/agent-operator"` | Image repo | -| image.tag | string | `"v0.40.1"` | Image tag | +| image.tag | string | `"v0.40.2"` | Image tag | | kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets | | nameOverride | string | `""` | Overrides the chart's name | | nodeSelector | object | `{}` | nodeSelector configuration | diff --git a/charts/agent-operator/values.yaml b/charts/agent-operator/values.yaml index 3592169353..cd1c3618cb 100644 --- a/charts/agent-operator/values.yaml +++ b/charts/agent-operator/values.yaml @@ -37,7 +37,7 @@ image: # -- Image repo repository: grafana/agent-operator # -- Image tag - tag: v0.40.1 + tag: v0.40.2 # -- Image pull policy pullPolicy: IfNotPresent # -- Image pull secrets From 1fdc908daf5326c54b6c333c3391aced39c4be4d Mon Sep 17 00:00:00 2001 From: Tero Paloheimo Date: Fri, 8 Mar 2024 19:14:51 +0200 Subject: [PATCH 30/69] [grafana] Update to version 10.4.0 Signed-off-by: Tero Paloheimo --- charts/grafana/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 58b806fd97..839240051d 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: grafana -version: 7.3.3 -appVersion: 10.3.3 +version: 7.3.4 +appVersion: 10.4.0 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.com From e510ba7e52b8c6b1fae46de38f5cf38875aa2355 Mon Sep 17 00:00:00 2001 From: MH Date: Mon, 11 Mar 2024 16:26:32 +0800 Subject: [PATCH 31/69] Update Chart.yaml Signed-off-by: MH --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 56a93c042e..27d41d8200 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.3.4 +version: 7.3.5 appVersion: 10.3.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From 94d460c37d11577460112d8c28947cf576210992 Mon Sep 17 00:00:00 2001 From: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> Date: Mon, 11 Mar 2024 09:39:15 +0100 Subject: [PATCH 32/69] [grafana] bump kiwigrid/k8s-sidecar to 1.26.1 Signed-off-by: kvanzuijlen <8818390+kvanzuijlen@users.noreply.github.com> --- charts/grafana/Chart.yaml | 2 +- charts/grafana/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 27d41d8200..0d8eb8364d 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.3.5 +version: 7.3.6 appVersion: 10.3.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index 65dabd2506..81fcda59a0 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -839,7 +839,7 @@ sidecar: # -- The Docker registry registry: quay.io repository: kiwigrid/k8s-sidecar - tag: 1.26.0 + tag: 1.26.1 sha: "" imagePullPolicy: IfNotPresent resources: {} From 1b924fd98cce79db48b97840e555eb3d8ef1817d Mon Sep 17 00:00:00 2001 From: Piotr Gwizdala <17101802+thampiotr@users.noreply.github.com> Date: Thu, 14 Mar 2024 16:42:48 +0000 Subject: [PATCH 33/69] [agent-operator] update helm chart to use new agent version Signed-off-by: Piotr Gwizdala <17101802+thampiotr@users.noreply.github.com> --- charts/agent-operator/Chart.yaml | 8 ++++---- charts/agent-operator/README.md | 6 +++--- charts/agent-operator/values.yaml | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/agent-operator/Chart.yaml b/charts/agent-operator/Chart.yaml index f709132ebb..d9125e9eba 100644 --- a/charts/agent-operator/Chart.yaml +++ b/charts/agent-operator/Chart.yaml @@ -2,12 +2,12 @@ apiVersion: v2 name: grafana-agent-operator description: A Helm chart for Grafana Agent Operator type: application -version: 0.3.18 -appVersion: "0.40.2" +version: 0.3.19 +appVersion: "0.40.3" home: https://grafana.com/docs/agent/v0.40/ -icon: https://raw.githubusercontent.com/grafana/agent/v0.40.0/docs/sources/assets/logo_and_name.png +icon: https://raw.githubusercontent.com/grafana/agent/v0.40.3/docs/sources/assets/logo_and_name.png sources: - - https://github.com/grafana/agent/tree/v0.40.0/pkg/operator + - https://github.com/grafana/agent/tree/v0.40.3/pkg/operator maintainers: - name: Grafana Agent Team email: grafana-agent-team@googlegroups.com diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index 79833c180e..7a5187eee1 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.18](https://img.shields.io/badge/Version-0.3.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.2](https://img.shields.io/badge/AppVersion-0.40.2-informational?style=flat-square) +![Version: 0.3.19](https://img.shields.io/badge/Version-0.3.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.3](https://img.shields.io/badge/AppVersion-0.40.3-informational?style=flat-square) A Helm chart for Grafana Agent Operator @@ -8,7 +8,7 @@ A Helm chart for Grafana Agent Operator ## Source Code -* +* Note that this chart does not provision custom resources like `GrafanaAgent` and `MetricsInstance` (formerly `PrometheusInstance`) or any `*Monitor` resources. @@ -63,7 +63,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | image.pullSecrets | list | `[]` | Image pull secrets | | image.registry | string | `"docker.io"` | Image registry | | image.repository | string | `"grafana/agent-operator"` | Image repo | -| image.tag | string | `"v0.40.2"` | Image tag | +| image.tag | string | `"v0.40.3"` | Image tag | | kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets | | nameOverride | string | `""` | Overrides the chart's name | | nodeSelector | object | `{}` | nodeSelector configuration | diff --git a/charts/agent-operator/values.yaml b/charts/agent-operator/values.yaml index cd1c3618cb..57d3991f65 100644 --- a/charts/agent-operator/values.yaml +++ b/charts/agent-operator/values.yaml @@ -37,7 +37,7 @@ image: # -- Image repo repository: grafana/agent-operator # -- Image tag - tag: v0.40.2 + tag: v0.40.3 # -- Image pull policy pullPolicy: IfNotPresent # -- Image pull secrets From 493018983d58813ec1d53059c064ada2b3f0415d Mon Sep 17 00:00:00 2001 From: Fausto David Suarez Rosario Date: Mon, 4 Mar 2024 23:24:19 +0100 Subject: [PATCH 34/69] use new cache config, update tempo to 2.4, update chart version Signed-off-by: Fausto David Suarez Rosario --- charts/tempo-distributed/Chart.yaml | 4 ++-- charts/tempo-distributed/values.yaml | 22 ++++++++++++++-------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 5f9ec77378..1e0da083bd 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.8.5 -appVersion: 2.3.1 +version: 1.9.0 +appVersion: 2.4.0 engine: gotpl home: https://grafana.com/docs/tempo/latest/ icon: https://raw.githubusercontent.com/grafana/tempo/master/docs/tempo/website/logo_and_name.png diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 3955e5c1bd..4e64b1bf8d 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1263,6 +1263,20 @@ config: | grpc_server_max_send_msg_size: {{ .Values.server.grpc_server_max_send_msg_size }} http_server_read_timeout: {{ .Values.server.http_server_read_timeout }} http_server_write_timeout: {{ .Values.server.http_server_write_timeout }} + {{- if .Values.memcached.enabled }} + cache: + caches: + - roles: + - parquet-footer + - parquet-column-idx + - parquet-offset-idx + - frontend-search + memcached: + consistent_hash: true + host: {{ include "tempo.fullname" . }}-memcached + service: memcached-client + timeout: 500ms + {{- end }} storage: trace: {{- if .Values.storage.trace.block.version }} @@ -1294,14 +1308,6 @@ config: | path: /var/tempo/traces wal: path: /var/tempo/wal - {{- if .Values.memcached.enabled }} - cache: memcached - memcached: - consistent_hash: true - host: {{ include "tempo.fullname" . }}-memcached - service: memcached-client - timeout: 500ms - {{- end }} # Set Tempo server configuration # Refers to https://grafana.com/docs/tempo/latest/configuration/#server From 28bb52592b5d59518db785be7d0138f79a422cc2 Mon Sep 17 00:00:00 2001 From: Fausto David Suarez Rosario Date: Mon, 4 Mar 2024 23:28:53 +0100 Subject: [PATCH 35/69] update docs Signed-off-by: Fausto David Suarez Rosario --- charts/tempo-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index de831de8bb..4c91447334 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.8.5](https://img.shields.io/badge/Version-1.8.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.1](https://img.shields.io/badge/AppVersion-2.3.1-informational?style=flat-square) +![Version: 1.9.0](https://img.shields.io/badge/Version-1.9.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.0](https://img.shields.io/badge/AppVersion-2.4.0-informational?style=flat-square) Grafana Tempo in MicroService mode From 4b1fdf03cc1d8dbf1445a6c3442d581380d247f4 Mon Sep 17 00:00:00 2001 From: Fausto David Suarez Rosario Date: Mon, 4 Mar 2024 23:38:25 +0100 Subject: [PATCH 36/69] Add bloom to the cache role Signed-off-by: Fausto David Suarez Rosario --- charts/tempo-distributed/values.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 4e64b1bf8d..428af32fc4 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1270,6 +1270,7 @@ config: | - parquet-footer - parquet-column-idx - parquet-offset-idx + - bloom - frontend-search memcached: consistent_hash: true From 5fd216a760d52a5ba88536c2a410f3ad3195516b Mon Sep 17 00:00:00 2001 From: Fausto David Suarez Rosario Date: Thu, 14 Mar 2024 20:28:28 +0100 Subject: [PATCH 37/69] make cache configurable and add comments Signed-off-by: Fausto David Suarez Rosario --- charts/tempo-distributed/README.md | 7 +++++++ charts/tempo-distributed/values.yaml | 30 +++++++++++++++------------- 2 files changed, 23 insertions(+), 14 deletions(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 4c91447334..9fafbd224c 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -244,6 +244,13 @@ The memcached default args are removed and should be provided manually. The sett | adminApi.terminationGracePeriodSeconds | int | `60` | | | adminApi.tolerations | list | `[]` | | | adminApi.topologySpreadConstraints | string | Defaults to allow skew no more then 1 node per AZ | topologySpread for admin-api pods. Passed through `tpl` and, thus, to be configured as string | +| cache.caches[0].memcached.consistent_hash | bool | `true` | | +| cache.caches[0].memcached.host | string | `"{{ include \"tempo.fullname\" . }}-memcached"` | | +| cache.caches[0].memcached.service | string | `"memcached-client"` | | +| cache.caches[0].memcached.timeout | string | `"500ms"` | | +| cache.caches[0].roles[0] | string | `"parquet-footer"` | | +| cache.caches[0].roles[1] | string | `"bloom"` | | +| cache.caches[0].roles[2] | string | `"frontend-search"` | | | compactor.config.compaction.block_retention | string | `"48h"` | Duration to keep blocks | | compactor.config.compaction.compacted_block_retention | string | `"1h"` | | | compactor.config.compaction.compaction_cycle | string | `"30s"` | The time between compaction cycles | diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 428af32fc4..a35fabef0f 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1263,21 +1263,8 @@ config: | grpc_server_max_send_msg_size: {{ .Values.server.grpc_server_max_send_msg_size }} http_server_read_timeout: {{ .Values.server.http_server_read_timeout }} http_server_write_timeout: {{ .Values.server.http_server_write_timeout }} - {{- if .Values.memcached.enabled }} cache: - caches: - - roles: - - parquet-footer - - parquet-column-idx - - parquet-offset-idx - - bloom - - frontend-search - memcached: - consistent_hash: true - host: {{ include "tempo.fullname" . }}-memcached - service: memcached-client - timeout: 500ms - {{- end }} + {{- toYaml .Values.cache | nindent 2}} storage: trace: {{- if .Values.storage.trace.block.version }} @@ -1328,6 +1315,21 @@ server: # -- Write timeout for HTTP server http_server_write_timeout: 30s +# Use this block to configure caches available throughout the application. +# Multiple caches can be created and assigned roles which determine how they are used by Tempo. +# https://grafana.com/docs/tempo/latest/configuration/#cache +cache: + caches: + - memcached: + host: '{{ include "tempo.fullname" . }}-memcached' + service: memcached-client + consistent_hash: true + timeout: 500ms + roles: + - parquet-footer + - bloom + - frontend-search + # To configure a different storage backend instead of local storage: # storage: # trace: From abc03f1ad59f36c27a1725e24acd790717f2ed6e Mon Sep 17 00:00:00 2001 From: Pete Wall Date: Tue, 19 Mar 2024 10:28:59 -0500 Subject: [PATCH 38/69] Add info about the Kubernetes Monitoring helm chart and a reference to its source repository. Signed-off-by: Pete Wall --- charts/k8s-monitoring/README.md | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 charts/k8s-monitoring/README.md diff --git a/charts/k8s-monitoring/README.md b/charts/k8s-monitoring/README.md new file mode 100644 index 0000000000..eda14dbec7 --- /dev/null +++ b/charts/k8s-monitoring/README.md @@ -0,0 +1,8 @@ +# Kubernetes Monitoring chart + +The source for the Kubernetes Monitoring Helm chart can be found at +. +Releases of the chart are still published to the +repository. + +If you have any issues with this chart, please file them on the [Kubernetes Monitoring Helm chart][https://github.com/grafana/k8s-monitoring-helm] repository. From a48b70f066d70d134a55962b2eb83d5e94fd6b94 Mon Sep 17 00:00:00 2001 From: Pete Wall Date: Tue, 19 Mar 2024 12:55:53 -0500 Subject: [PATCH 39/69] Update README.md Signed-off-by: Pete Wall --- charts/k8s-monitoring/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/k8s-monitoring/README.md b/charts/k8s-monitoring/README.md index eda14dbec7..cb8bfad19c 100644 --- a/charts/k8s-monitoring/README.md +++ b/charts/k8s-monitoring/README.md @@ -5,4 +5,4 @@ The source for the Kubernetes Monitoring Helm chart can be found at Releases of the chart are still published to the repository. -If you have any issues with this chart, please file them on the [Kubernetes Monitoring Helm chart][https://github.com/grafana/k8s-monitoring-helm] repository. +If you have any issues with this chart, please file them on the [Kubernetes Monitoring Helm chart](https://github.com/grafana/k8s-monitoring-helm) repository. From 6d17b3fccc459f3f0490d046981a7b7528c266ca Mon Sep 17 00:00:00 2001 From: AvivGuiser Date: Tue, 26 Mar 2024 17:32:11 +0200 Subject: [PATCH 40/69] [tempo-distributed]: add action to to relable Signed-off-by: AvivGuiser --- charts/tempo-distributed/templates/lib/service-monitor.tpl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/tempo-distributed/templates/lib/service-monitor.tpl b/charts/tempo-distributed/templates/lib/service-monitor.tpl index a068dff4a4..896110f61b 100644 --- a/charts/tempo-distributed/templates/lib/service-monitor.tpl +++ b/charts/tempo-distributed/templates/lib/service-monitor.tpl @@ -47,7 +47,8 @@ spec: scrapeTimeout: {{ . }} {{- end }} relabelings: - - sourceLabels: [job] + - action: replace + sourceLabels: [job] replacement: "{{ $.ctx.Release.Namespace }}/{{ $.component }}" targetLabel: job {{- if kindIs "string" .clusterLabel }} From 9f4977690ec32a652182352c45773279c4f3c499 Mon Sep 17 00:00:00 2001 From: AvivGuiser Date: Tue, 26 Mar 2024 17:35:21 +0200 Subject: [PATCH 41/69] [tempo-distributed]: bump chart version Signed-off-by: AvivGuiser --- charts/tempo-distributed/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 1e0da083bd..e9936a850e 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.9.0 +version: 1.9.1 appVersion: 2.4.0 engine: gotpl home: https://grafana.com/docs/tempo/latest/ From e9bbb485d1a7ce165e427d01095552dec30d479f Mon Sep 17 00:00:00 2001 From: Heds Simons Date: Tue, 26 Mar 2024 16:56:12 -0700 Subject: [PATCH 42/69] [tempo-distributed] Update GET to v2.4.0, bump Tempo to v2.4.1. Latest GET release moves to Tempo base v2.4.1 and includes Arm builds. Signed-off-by: Heds Simons --- charts/tempo-distributed/Chart.yaml | 4 ++-- charts/tempo-distributed/README.md | 4 ++-- charts/tempo-distributed/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 1e0da083bd..ebf70e588a 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.9.0 -appVersion: 2.4.0 +version: 1.9.1 +appVersion: 2.4.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ icon: https://raw.githubusercontent.com/grafana/tempo/master/docs/tempo/website/logo_and_name.png diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 9fafbd224c..02f86079f6 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.0](https://img.shields.io/badge/Version-1.9.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.0](https://img.shields.io/badge/AppVersion-2.4.0-informational?style=flat-square) +![Version: 1.9.1](https://img.shields.io/badge/Version-1.9.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode @@ -326,7 +326,7 @@ The memcached default args are removed and should be provided manually. The sett | distributor.topologySpreadConstraints | string | Defaults to allow skew no more then 1 node per AZ | topologySpread for distributor pods. Passed through `tpl` and, thus, to be configured as string | | enterprise.enabled | bool | `false` | | | enterprise.image.repository | string | `"grafana/enterprise-traces"` | Grafana Enterprise Metrics container image repository. Note: for Grafana Tempo use the value 'image.repository' | -| enterprise.image.tag | string | `"v2.3.2"` | Grafana Enterprise Metrics container image tag. Note: for Grafana Tempo use the value 'image.tag' | +| enterprise.image.tag | string | `"v2.4.0"` | Grafana Enterprise Metrics container image tag. Note: for Grafana Tempo use the value 'image.tag' | | enterpriseFederationFrontend.affinity | string | Hard node and soft zone anti-affinity | Affinity for federation-frontend pods. Passed through `tpl` and, thus, to be configured as string | | enterpriseFederationFrontend.autoscaling.enabled | bool | `false` | Enable autoscaling for the federation-frontend | | enterpriseFederationFrontend.autoscaling.maxReplicas | int | `3` | Maximum autoscaling replicas for the federation-frontend | diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index a35fabef0f..1a5c825f50 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1875,7 +1875,7 @@ enterprise: # -- Grafana Enterprise Metrics container image repository. Note: for Grafana Tempo use the value 'image.repository' repository: grafana/enterprise-traces # -- Grafana Enterprise Metrics container image tag. Note: for Grafana Tempo use the value 'image.tag' - tag: v2.3.2 + tag: v2.4.0 # Note: pullPolicy and optional pullSecrets are set in toplevel 'image' section, not here # In order to use Grafana Enterprise Traces features, you will need to provide the contents of your Grafana Enterprise Traces From 0dfb439bf49e3cf27b5e75fe2c6d680f369aa181 Mon Sep 17 00:00:00 2001 From: Ivan Zareichuk Date: Fri, 29 Mar 2024 17:13:21 +0200 Subject: [PATCH 43/69] Add override for test image in agent-operator Signed-off-by: Ivan Zareichuk --- charts/agent-operator/Chart.yaml | 2 +- charts/agent-operator/README.md | 3 +++ .../templates/tests/test-grafanaagent.yaml | 4 ++-- charts/agent-operator/values.yaml | 9 +++++++++ 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/charts/agent-operator/Chart.yaml b/charts/agent-operator/Chart.yaml index d9125e9eba..769bc0b7af 100644 --- a/charts/agent-operator/Chart.yaml +++ b/charts/agent-operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: grafana-agent-operator description: A Helm chart for Grafana Agent Operator type: application -version: 0.3.19 +version: 0.3.20 appVersion: "0.40.3" home: https://grafana.com/docs/agent/v0.40/ icon: https://raw.githubusercontent.com/grafana/agent/v0.40.3/docs/sources/assets/logo_and_name.png diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index 7a5187eee1..af69bb038c 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -64,6 +64,9 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | image.registry | string | `"docker.io"` | Image registry | | image.repository | string | `"grafana/agent-operator"` | Image repo | | image.tag | string | `"v0.40.3"` | Image tag | +| test.image.registry | string | `"docker.io"` | Test image registry | +| test.image.repository | string | `"library/busybox"` | Test image repo | +| test.image.tag | string | `"latest"` | Test image tag | | kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets | | nameOverride | string | `""` | Overrides the chart's name | | nodeSelector | object | `{}` | nodeSelector configuration | diff --git a/charts/agent-operator/templates/tests/test-grafanaagent.yaml b/charts/agent-operator/templates/tests/test-grafanaagent.yaml index 9e9d9132de..4001da4e9e 100644 --- a/charts/agent-operator/templates/tests/test-grafanaagent.yaml +++ b/charts/agent-operator/templates/tests/test-grafanaagent.yaml @@ -107,12 +107,12 @@ metadata: spec: containers: - name: busybox - image: busybox + image: "{{ .Values.test.image.registry }}/{{ .Values.test.image.repository }}:{{ .Values.test.image.tag }}" command: ['wget'] args: ['grafana-agent-test-operated:8080/-/healthy'] # Wait for GrafanaAgent CR initContainers: - name: sleep - image: busybox + image: "{{ .Values.test.image.registry }}/{{ .Values.test.image.repository }}:{{ .Values.test.image.tag }}" command: ['sleep', '60'] restartPolicy: Never diff --git a/charts/agent-operator/values.yaml b/charts/agent-operator/values.yaml index 57d3991f65..2c75016249 100644 --- a/charts/agent-operator/values.yaml +++ b/charts/agent-operator/values.yaml @@ -43,6 +43,15 @@ image: # -- Image pull secrets pullSecrets: [] +test: + image: + # -- Test image registry + registry: docker.io + # -- Test image repo + repository: library/busybox + # -- Test image tag + tag: latest + # -- hostAliases to add hostAliases: [] # - ip: 1.2.3.4 From eec567ad39da2bb8afff081dfcd5111b777f11c3 Mon Sep 17 00:00:00 2001 From: Ivan Zareichuk Date: Mon, 1 Apr 2024 10:16:21 +0300 Subject: [PATCH 44/69] Run helm-docs Signed-off-by: Ivan Zareichuk --- charts/agent-operator/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index af69bb038c..49afcf11e2 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.19](https://img.shields.io/badge/Version-0.3.19-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.3](https://img.shields.io/badge/AppVersion-0.40.3-informational?style=flat-square) +![Version: 0.3.20](https://img.shields.io/badge/Version-0.3.20-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.3](https://img.shields.io/badge/AppVersion-0.40.3-informational?style=flat-square) A Helm chart for Grafana Agent Operator @@ -64,9 +64,6 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | image.registry | string | `"docker.io"` | Image registry | | image.repository | string | `"grafana/agent-operator"` | Image repo | | image.tag | string | `"v0.40.3"` | Image tag | -| test.image.registry | string | `"docker.io"` | Test image registry | -| test.image.repository | string | `"library/busybox"` | Test image repo | -| test.image.tag | string | `"latest"` | Test image tag | | kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets | | nameOverride | string | `""` | Overrides the chart's name | | nodeSelector | object | `{}` | nodeSelector configuration | @@ -78,4 +75,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | resources | object | `{}` | Resource limits and requests config | | serviceAccount.create | bool | `true` | Toggle to create ServiceAccount | | serviceAccount.name | string | `nil` | Service account name | +| test.image.registry | string | `"docker.io"` | Test image registry | +| test.image.repository | string | `"library/busybox"` | Test image repo | +| test.image.tag | string | `"latest"` | Test image tag | | tolerations | list | `[]` | Tolerations applied to Pods | From 9b57e57657f616e53ceddc9222040d2cfb60c2b1 Mon Sep 17 00:00:00 2001 From: footur <3769085+Footur@users.noreply.github.com> Date: Tue, 2 Apr 2024 13:52:31 +0200 Subject: [PATCH 45/69] Update Loki to version 2.9.6 Signed-off-by: footur <3769085+Footur@users.noreply.github.com> --- charts/loki-distributed/Chart.yaml | 4 ++-- charts/loki-distributed/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/loki-distributed/Chart.yaml b/charts/loki-distributed/Chart.yaml index 5ce722bf85..efdd9ead60 100644 --- a/charts/loki-distributed/Chart.yaml +++ b/charts/loki-distributed/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: loki-distributed description: Helm chart for Grafana Loki in microservices mode type: application -appVersion: 2.9.5 -version: 0.78.4 +appVersion: 2.9.6 +version: 0.78.5 home: https://grafana.github.io/helm-charts sources: - https://github.com/grafana/loki diff --git a/charts/loki-distributed/README.md b/charts/loki-distributed/README.md index d1aada7ba8..c84763a8ff 100644 --- a/charts/loki-distributed/README.md +++ b/charts/loki-distributed/README.md @@ -1,6 +1,6 @@ # loki-distributed -![Version: 0.78.4](https://img.shields.io/badge/Version-0.78.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.5](https://img.shields.io/badge/AppVersion-2.9.5-informational?style=flat-square) +![Version: 0.78.5](https://img.shields.io/badge/Version-0.78.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.6](https://img.shields.io/badge/AppVersion-2.9.6-informational?style=flat-square) Helm chart for Grafana Loki in microservices mode From 3761a1f71151edcf2f91cd5aa503ab09cb8e2647 Mon Sep 17 00:00:00 2001 From: Robert Lankford Date: Thu, 4 Apr 2024 11:12:11 -0700 Subject: [PATCH 46/69] [grafana-sampling] add sampling helm chart (#2918) * add sampling helm chart Signed-off-by: Robbie Lankford * wire metrics generation toggle Signed-off-by: Robbie Lankford * add simpified sampling policies Signed-off-by: Robbie Lankford * set 2 replicas and disable autoscaling by default Signed-off-by: Robbie Lankford * set back to 1 replicas by default to pass ci tests Signed-off-by: Robbie Lankford * use kubernetes resolver for loadbalancing exporter Signed-off-by: Robbie Lankford * add README.md Signed-off-by: Robbie Lankford * helm-docs Signed-off-by: Robbie Lankford * helm-docs Signed-off-by: Robbie Lankford * update helm-docs; add decision wait Signed-off-by: Robbie Lankford * helm-docs and fix typo Signed-off-by: Robbie Lankford * quote decision_wait Signed-off-by: Robbie Lankford * add transform to drop unneeded resource attributes for spanmetrics Signed-off-by: Robbie Lankford * more doc updates Signed-off-by: Robbie Lankford * more doc updates Signed-off-by: Robbie Lankford * move sampling to grafana-sampling Signed-off-by: Robbie Lankford * additional docs updates Signed-off-by: Robbie Lankford * remove sample file Signed-off-by: Robbie Lankford * shorten names to pass tests Signed-off-by: Robbie Lankford * update png and metrics pipeline order based on PR review Signed-off-by: Robbie Lankford * remove k8s.pod.name from default dimensions Signed-off-by: Robbie Lankford --------- Signed-off-by: Robbie Lankford --- charts/grafana-sampling/.helmignore | 23 +++ charts/grafana-sampling/Chart.lock | 9 ++ charts/grafana-sampling/Chart.yaml | 18 +++ charts/grafana-sampling/README.md | 124 ++++++++++++++++ charts/grafana-sampling/README.md.gotmpl | 63 ++++++++ .../sampling-architecture.png | Bin 0 -> 218180 bytes .../_agent_config_deployment.river.txt | 5 + .../_agent_config_statefulset.river.txt | 18 +++ .../grafana-sampling/templates/_helpers.tpl | 9 ++ .../templates/_otelcol_auth_basic.river.txt | 8 + .../_otelcol_connector_servicegraph.river.txt | 20 +++ .../_otelcol_connector_spanmetrics.river.txt | 26 ++++ .../_otelcol_exporter_loadbalancing.river.txt | 22 +++ .../_otelcol_exporter_otlp.river.txt | 10 ++ .../_otelcol_exporter_prometheus.river.txt | 8 + .../_otelcol_processor_batch.river.txt | 22 +++ .../_otelcol_processor_filter.river.txt | 17 +++ ..._otelcol_processor_tail_sampling.river.txt | 60 ++++++++ .../_otelcol_processor_transform.river.txt | 46 ++++++ .../_otelcol_receiver_otlp.river.txt | 39 +++++ .../_prometheus_remote_write.river.txt | 20 +++ .../templates/configmap_deployment.yaml | 8 + .../templates/configmap_statefulset.yaml | 8 + charts/grafana-sampling/values.yaml | 140 ++++++++++++++++++ 24 files changed, 723 insertions(+) create mode 100644 charts/grafana-sampling/.helmignore create mode 100644 charts/grafana-sampling/Chart.lock create mode 100644 charts/grafana-sampling/Chart.yaml create mode 100644 charts/grafana-sampling/README.md create mode 100644 charts/grafana-sampling/README.md.gotmpl create mode 100644 charts/grafana-sampling/sampling-architecture.png create mode 100644 charts/grafana-sampling/templates/_agent_config_deployment.river.txt create mode 100644 charts/grafana-sampling/templates/_agent_config_statefulset.river.txt create mode 100644 charts/grafana-sampling/templates/_helpers.tpl create mode 100644 charts/grafana-sampling/templates/_otelcol_auth_basic.river.txt create mode 100644 charts/grafana-sampling/templates/_otelcol_connector_servicegraph.river.txt create mode 100644 charts/grafana-sampling/templates/_otelcol_connector_spanmetrics.river.txt create mode 100644 charts/grafana-sampling/templates/_otelcol_exporter_loadbalancing.river.txt create mode 100644 charts/grafana-sampling/templates/_otelcol_exporter_otlp.river.txt create mode 100644 charts/grafana-sampling/templates/_otelcol_exporter_prometheus.river.txt create mode 100644 charts/grafana-sampling/templates/_otelcol_processor_batch.river.txt create mode 100644 charts/grafana-sampling/templates/_otelcol_processor_filter.river.txt create mode 100644 charts/grafana-sampling/templates/_otelcol_processor_tail_sampling.river.txt create mode 100644 charts/grafana-sampling/templates/_otelcol_processor_transform.river.txt create mode 100644 charts/grafana-sampling/templates/_otelcol_receiver_otlp.river.txt create mode 100644 charts/grafana-sampling/templates/_prometheus_remote_write.river.txt create mode 100644 charts/grafana-sampling/templates/configmap_deployment.yaml create mode 100644 charts/grafana-sampling/templates/configmap_statefulset.yaml create mode 100644 charts/grafana-sampling/values.yaml diff --git a/charts/grafana-sampling/.helmignore b/charts/grafana-sampling/.helmignore new file mode 100644 index 0000000000..0e8a0eb36f --- /dev/null +++ b/charts/grafana-sampling/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/grafana-sampling/Chart.lock b/charts/grafana-sampling/Chart.lock new file mode 100644 index 0000000000..a54564640a --- /dev/null +++ b/charts/grafana-sampling/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: grafana-agent + repository: https://grafana.github.io/helm-charts + version: 0.36.0 +- name: grafana-agent + repository: https://grafana.github.io/helm-charts + version: 0.36.0 +digest: sha256:6d04a55dce2c09c4c250c6453e0d58f7280750bf04fce51027b4e235062413e5 +generated: "2024-03-11T15:41:30.921516-07:00" diff --git a/charts/grafana-sampling/Chart.yaml b/charts/grafana-sampling/Chart.yaml new file mode 100644 index 0000000000..44e076b128 --- /dev/null +++ b/charts/grafana-sampling/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: grafana-sampling +description: A Helm chart for a layered OTLP tail sampling and metrics generation pipeline. +type: application +version: 0.1.0 +appVersion: "v0.40.2" +sources: + - https://github.com/grafana/agent + - https://grafana.com/docs/grafana-cloud/monitor-applications/application-observability/setup/sampling/tail/ +dependencies: + - name: grafana-agent + version: 0.36.0 + repository: https://grafana.github.io/helm-charts + alias: grafana-agent-deployment + - name: grafana-agent + version: 0.36.0 + repository: https://grafana.github.io/helm-charts + alias: grafana-agent-statefulset diff --git a/charts/grafana-sampling/README.md b/charts/grafana-sampling/README.md new file mode 100644 index 0000000000..6ad9785b72 --- /dev/null +++ b/charts/grafana-sampling/README.md @@ -0,0 +1,124 @@ +# grafana-sampling + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.40.2](https://img.shields.io/badge/AppVersion-v0.40.2-informational?style=flat-square) + +A Helm chart for a layered OTLP tail sampling and metrics generation pipeline. + +This chart deploys the following architecture to your environment: +![Photo of sampling architecture](./sampling-architecture.png) + +Note: by default, only OTLP traces are accepted at the load balancing layer. + +## Chart Repo + +Add the following repo to use the chart: + +```console +helm repo add grafana https://grafana.github.io/helm-charts +``` +## Installing the Chart + +Use the following command to install the chart with the release name `my-release`. Make sure to populate the required values. + +```console +helm install my-release grafana/grafana-sampling --values - < + - name: GRAFANA_CLOUD_PROMETHEUS_URL + value: + - name: GRAFANA_CLOUD_PROMETHEUS_USERNAME + value: + - name: GRAFANA_CLOUD_TEMPO_ENDPOINT + value: + - name: GRAFANA_CLOUD_TEMPO_USERNAME + value: + # This is required for adaptive metric deduplication in Grafana Cloud + - name: POD_UID + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.uid +EOF +``` + +## Uninstalling the Chart + +To uninstall/delete the my-release deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Upgrading + +A major chart version change indicates that there is an incompatible breaking change needing manual actions. + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| grafana-agent-deployment.agent.configMap.create | bool | `false` | | +| grafana-agent-deployment.agent.extraPorts[0].name | string | `"otlp-grpc"` | | +| grafana-agent-deployment.agent.extraPorts[0].port | int | `4317` | | +| grafana-agent-deployment.agent.extraPorts[0].protocol | string | `"TCP"` | | +| grafana-agent-deployment.agent.extraPorts[0].targetPort | int | `4317` | | +| grafana-agent-deployment.agent.extraPorts[1].name | string | `"otlp-http"` | | +| grafana-agent-deployment.agent.extraPorts[1].port | int | `4318` | | +| grafana-agent-deployment.agent.extraPorts[1].protocol | string | `"TCP"` | | +| grafana-agent-deployment.agent.extraPorts[1].targetPort | int | `4318` | | +| grafana-agent-deployment.agent.resources.requests.cpu | string | `"1"` | | +| grafana-agent-deployment.agent.resources.requests.memory | string | `"2G"` | | +| grafana-agent-deployment.controller.autoscaling.enabled | bool | `false` | Creates a HorizontalPodAutoscaler for controller type deployment. | +| grafana-agent-deployment.controller.autoscaling.maxReplicas | int | `5` | The upper limit for the number of replicas to which the autoscaler can scale up. | +| grafana-agent-deployment.controller.autoscaling.minReplicas | int | `2` | The lower limit for the number of replicas to which the autoscaler can scale down. | +| grafana-agent-deployment.controller.autoscaling.targetCPUUtilizationPercentage | int | `0` | Average CPU utilization across all relevant pods, a percentage of the requested value of the resource for the pods. Setting `targetCPUUtilizationPercentage` to 0 will disable CPU scaling. | +| grafana-agent-deployment.controller.autoscaling.targetMemoryUtilizationPercentage | int | `80` | Average Memory utilization across all relevant pods, a percentage of the requested value of the resource for the pods. Setting `targetMemoryUtilizationPercentage` to 0 will disable Memory scaling. | +| grafana-agent-deployment.controller.replicas | int | `1` | | +| grafana-agent-deployment.controller.type | string | `"deployment"` | | +| grafana-agent-deployment.nameOverride | string | `"deployment"` | Do not change this. | +| grafana-agent-statefulset.agent.configMap.create | bool | `false` | | +| grafana-agent-statefulset.agent.extraEnv[0].name | string | `"GRAFANA_CLOUD_API_KEY"` | | +| grafana-agent-statefulset.agent.extraEnv[0].value | string | `""` | | +| grafana-agent-statefulset.agent.extraEnv[1].name | string | `"GRAFANA_CLOUD_PROMETHEUS_URL"` | | +| grafana-agent-statefulset.agent.extraEnv[1].value | string | `""` | | +| grafana-agent-statefulset.agent.extraEnv[2].name | string | `"GRAFANA_CLOUD_PROMETHEUS_USERNAME"` | | +| grafana-agent-statefulset.agent.extraEnv[2].value | string | `""` | | +| grafana-agent-statefulset.agent.extraEnv[3].name | string | `"GRAFANA_CLOUD_TEMPO_ENDPOINT"` | | +| grafana-agent-statefulset.agent.extraEnv[3].value | string | `""` | | +| grafana-agent-statefulset.agent.extraEnv[4].name | string | `"GRAFANA_CLOUD_TEMPO_USERNAME"` | | +| grafana-agent-statefulset.agent.extraEnv[4].value | string | `""` | | +| grafana-agent-statefulset.agent.extraEnv[5].name | string | `"POD_UID"` | | +| grafana-agent-statefulset.agent.extraEnv[5].valueFrom.fieldRef.apiVersion | string | `"v1"` | | +| grafana-agent-statefulset.agent.extraEnv[5].valueFrom.fieldRef.fieldPath | string | `"metadata.uid"` | | +| grafana-agent-statefulset.agent.extraPorts[0].name | string | `"otlp-grpc"` | | +| grafana-agent-statefulset.agent.extraPorts[0].port | int | `4317` | | +| grafana-agent-statefulset.agent.extraPorts[0].protocol | string | `"TCP"` | | +| grafana-agent-statefulset.agent.extraPorts[0].targetPort | int | `4317` | | +| grafana-agent-statefulset.agent.resources.requests.cpu | string | `"1"` | | +| grafana-agent-statefulset.agent.resources.requests.memory | string | `"2G"` | | +| grafana-agent-statefulset.controller.autoscaling.enabled | bool | `false` | Creates a HorizontalPodAutoscaler for controller type deployment. | +| grafana-agent-statefulset.controller.autoscaling.maxReplicas | int | `5` | The upper limit for the number of replicas to which the autoscaler can scale up. | +| grafana-agent-statefulset.controller.autoscaling.minReplicas | int | `2` | The lower limit for the number of replicas to which the autoscaler can scale down. | +| grafana-agent-statefulset.controller.autoscaling.targetCPUUtilizationPercentage | int | `0` | Average CPU utilization across all relevant pods, a percentage of the requested value of the resource for the pods. Setting `targetCPUUtilizationPercentage` to 0 will disable CPU scaling. | +| grafana-agent-statefulset.controller.autoscaling.targetMemoryUtilizationPercentage | int | `80` | Average Memory utilization across all relevant pods, a percentage of the requested value of the resource for the pods. Setting `targetMemoryUtilizationPercentage` to 0 will disable Memory scaling. | +| grafana-agent-statefulset.controller.replicas | int | `1` | | +| grafana-agent-statefulset.controller.type | string | `"statefulset"` | | +| grafana-agent-statefulset.nameOverride | string | `"statefulset"` | Do not change this. | +| grafana-agent-statefulset.rbac.create | bool | `false` | | +| grafana-agent-statefulset.service.clusterIP | string | `"None"` | | +| grafana-agent-statefulset.serviceAccount.create | bool | `false` | | +| metricsGeneration.dimensions | list | `["service.namespace","service.version","deployment.environment","k8s.cluster.name"]` | Additional dimensions to add to generated metrics. | +| metricsGeneration.enabled | bool | `true` | Toggle generation of spanmetrics and servicegraph metrics. | +| sampling.decisionWait | string | `"15s"` | Wait time since the first span of a trace before making a sampling decision. | +| sampling.enabled | bool | `true` | Toggle tail sampling. | +| sampling.extraPolicies | string | A policy to sample long requests is added by default. | User-defined policies in river format. | +| sampling.failedRequests.percentage | int | `50` | Percentage of failed requests to sample. | +| sampling.failedRequests.sample | bool | `false` | Toggle sampling failed requests. | +| sampling.successfulRequests.percentage | int | `10` | Percentage of successful requests to sample. | +| sampling.successfulRequests.sample | bool | `true` | Toggle sampling successful requests. | + diff --git a/charts/grafana-sampling/README.md.gotmpl b/charts/grafana-sampling/README.md.gotmpl new file mode 100644 index 0000000000..5cae818919 --- /dev/null +++ b/charts/grafana-sampling/README.md.gotmpl @@ -0,0 +1,63 @@ +{{ template "chart.header" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + +{{ template "chart.description" . }} + +This chart deploys the following architecture to your environment: +![Photo of sampling architecture](./sampling-architecture.png) + +Note: by default, only OTLP traces are accepted at the load balancing layer. + + +## Chart Repo + +Add the following repo to use the chart: + +```console +helm repo add grafana https://grafana.github.io/helm-charts +``` +## Installing the Chart + +Use the following command to install the chart with the release name `my-release`. Make sure to populate the required values. + +```console +helm install my-release grafana/grafana-sampling --values - < + - name: GRAFANA_CLOUD_PROMETHEUS_URL + value: + - name: GRAFANA_CLOUD_PROMETHEUS_USERNAME + value: + - name: GRAFANA_CLOUD_TEMPO_ENDPOINT + value: + - name: GRAFANA_CLOUD_TEMPO_USERNAME + value: + # This is required for adaptive metric deduplication in Grafana Cloud + - name: POD_UID + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.uid +EOF +``` + +## Uninstalling the Chart + +To uninstall/delete the my-release deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Upgrading + +A major chart version change indicates that there is an incompatible breaking change needing manual actions. + +{{ template "chart.valuesSection" . }} + diff --git a/charts/grafana-sampling/sampling-architecture.png b/charts/grafana-sampling/sampling-architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..ebd068947d610bf81fcfcd1bf7a907bcc3446515 GIT binary patch literal 218180 zcmeFZbzIY5^gljD1p^SJq^2N(fRsp=0jMaUq%;@^(jD7SM37blM4Cx=OAcv7T0&|{ z_vis*+xN9V{XBl3&mX`4-}__nx^?ckC!Xird-qmDO@;ad%Lxz&M1AM>tp~sd8whml z2h}m)3D3HWJ%~c<D$_?mmXZd z6r+){km92Fie2N$_oG>Zg508coCV&8UZT(F>Yup&E$Q>rHSGr=rT{*{_klq)iNzGr zg&nnf9o=1>ot;av>gwowT}!hMOP8$5XHC=<)Ft{5c6f2zdbFJ@A3)2Wmyf?V|DPYg z7atTA+o69Syse}A_hn{1(*lOrPIg%jZ^UiycqL-y_K;Gm&~&-Mu`Q{6 z^or9serK!l)28$#ImFtmd%J^F=aHX7b zc{_>r6060goh}a!Upx!`Bs5t2@qT&Bj$QMP3CAQtt{HZ<8NbeqUlzf|ir}Jwg0MAY z@ESt48Riv?e;SMzrSuzFK&aD#4im;ylzPdnS{R3E z-FYSwjF%V1>7SZJgayMG8+K4!lZj1#ikjrZ-oeW-vg zD3PjnzZ-LMh*1BwOiLS*fEb|$ha@o3%M!;ojjN-h zfb-B@@(WEn`tGTl;$3_esgY0F(i>l8ryG;AsO>iat_>;?^-38F}=NqgYF&MKRwijKL8njYbvl00Qf$|z#Fq`;9-n$q~phs*It`i%yR9jrrK%-E-C@R&JdDBD~6o_GGpFxmau3tHqwV1Mi6(9q`)(ba~HVU6lif(D7&7H zxuHUpV@Og8$ERPzO+GL`xu>9~Br%;b_(&MB=Yd$DrEq3(&kib$GHfAKIkulGjEaTS zrj9RY1BUe87^IhFp{BWy@#saQV@Yzgb>80j_LQ>_3$`YdtO5nK6W+fP@%z#KNCf+S z6%B3Vo6u$%PGVOD97jS2hH^TUDY0xkCqvm~wpSM|j}j>W<)qI!)3b*yIK3_%OH`py zifB-hW+%4F0l$P_6T56FhQr)Z7(_})NMx&kA&*ztNe%VvkkG1!kc|$Bek2};{)%|! zBGWrhTqRTNakkv#wK_mbA`UB8A@X79R<5u)EAsOAYdA~qEt=q^cRU{W!}XK7;zLQ? z@Mjdae*C}!K5qt(|B9M4*k=RdU?{J!6Rc#8T-a*mYB@H0YI4*p?q*KcwH3J*y=Ba9 z5{b(NpMYt$?i_8{b`{Rrj;G4Fsp2v;*ZPi&fkd&rdy`ZH3WD-Ny6_L*VUnYlCTfwS zA<(RG^@N3t1^5>V@3DVNkzIUvwB$0W6^K@y)6O>7FZ5EPH5>jM;i1pgg(pSFo*GHL z7(Na%BWV@L^nFb-JWJB~VgPZP1;ZEb4}=$xQ+C4nX~|rqnm+wJHbqZghmd;rDf^KO ze*}?sL}NDX-~A$1uUmL8sqfGy{~1YrPTK(3CWw;Ab_Rp&iQY2!%Q%woU!Sdb_1v@s7#()dFg27tD2UaT1{g0ff(kMbBJaUMRA=j}@-nial)vBoeTd<{zO5lL=9CES&4ev&*=%W=~?erH^y zi0iJ$eprS7@&3)7=it^bs1GKL*{`Z_&`y>|-%y_eJ8>F{c!23iYqY;q@cMY~rJ+JH2a~K- z!Z_Hy!3o)HC|fNE8dbxjP9!Y}c_dV)@iXn1o5BY$wgmcY6$4jskswY71gdmf8tOrH z8m-9LN$sFs+bT`3rt=3|y)>f4J6KFTc%T&oY%R6Z}Z5eL4KRPpq6c-mKWytqbe_0;A zhbw?=`tH>r6kL}Mj8_4#N?5ZJU3y{zTRLg&6cNCreSU(=P)oaY#{LJo`A%G-MP2SB zJ;|_%zJx~>p>OWiT>oq~XNjlWC6Nmn8y*^Bj>`^qih|FIToWZp$^G8T{GV~cP|p^4 z{6Z_89oZ}txHklGg(kMM;k;DVNz0geJ3Z&i8tsgP#2?iOa-C`&cZ!S(6@|Y?FA*qGG&#<;H8h^>6@s_vLMY>w zZ+egjHC+>zPyx0Q6b36WUhHJP-u;!)G7)IJrCqaaGHU${iJ07QCzpYIp1gI6!Z_WM z!9)>BAgr{fK;GOnsCK?@{(5P|;k#rO1c}M&RylAt&!!Nc*Kh&P*OK>a=PY@!w#~UD zi3j=A4$Dnfc-cB_nv>Li(--Kw$$uel>cDYF-1*5lt3(`lPvsYx6Fz?7S4eV8{fB1) zKbk-5kQQk34baOny~%KUY8`QS^4rJ6KbuP@uX!F)9wQ5t%CC%c?+o%hiFNBl*>XW3 z>GkPoywO+{8r<(oX>zI-w$-0ViC}fv-?8XFtG;i#iv9TvpDFFJo|tu(CxK6-CKG_c8tReL`9r8G|?Til3QeRch=(<0RLn+)!;-b8EqFE8e2+OY(t(9QoxZ z(JK(#SQ$Fe7i~Jc7q%rY&%yY6AXh=_zH@2Kz$aUwbajQqnz3egW|$CTrgOr)`KhKd zaAh2fcDQ-M!D7VD;QQ7Zu9L-WZ7zt@vWHb}F#bN=^-%w@31P;l+ zY2h1N=C6!%y7b&}zprWg2*`e@$&VR6^6n%_jyHoyYX&L^Ou4-}(?LslG*7CjqHrIJ zF`9^hwi$Y zetK`?tcBgLJZ&-iEfSXdNz!9I`e##Jxh)p4u)Q3X{p51|v$FDhHVj^Qyitf=aC>_+ zGHZrmG5s-=_na3uW-@PTY0%u*R$4`{{`z9|CiBJp6*pa0|I3cE=^kZWL*-GmY44ZU z&u=+svx|MxhYs&M&U_Dwe-l9moVNlY0sOuAqS+j_RCyD)EhccoJyK98NL0#6T_LJYVp=(CZ*PCg(O$6EqmX&VIn&frHd!;T^G4mI8 zh%FCXfCD=fwN*iJF|oBO`VQ%|oDW>SU6A z#r@2gOWn~h8lv*iraS7DkH8f#442YAI$j=}mH!=#Mm|vqb2(!cErHxuN=K=9mqL(> z=Lg!hw^7-u(a`=ox-WSbLJCh`NURMQ^uXhov`3Vy&j7fe8aTLwY(=RD^ID%De;DTY7QFB{5JfqqhO+ar5sp&zNkX4@ri!1zU9>vYERf=sbnZVOt)E7wKR z8>`C$c2j8SNPiO{T@dKQr?KCbn}!)1BsYL1xdG4Dp$mzJlGGOp zH2Yrt@KE|%rKaMgbbV=S5v&!Y<0dEd-JGq_T~B#6OEAFLb&l8AD>gaI3oUOlykGwU z664GDxT3W{^9qMk|MqpweZ)fiLrcNK5_HvV3{HE1(b3{I9~T^>je6t%ru?#(aq3un zeGx?s9fwKt=s=k}HKgjc;`gysCRIs?i8d?iMf0N|#k0j-b_26FT42OrI0+0mP#@Z% zLvyiT%y)|#K$^jq!-eUO76vW75EBd>8cY^0dn;{U`dv`H0rYEKhJCDN#F!~yq+B6y zuAE9z&?z>k#aOwusBCEvd26Z4<+Dt6XPif&_d1E3K;Ks94VMvKbPPY}3E zZ!Y9QU0BT=)DpbYEO+yK6-%q!6fQriEosnncH=9o!D7ab3}a4vTipcD#HX=KalN1? zC~@UO|KN%03@13zM`E2yQlcj)T){aM-4Zq~ADFL<#-@jh+OnF(o@6r4r74zi!`1K+ zon_|3E?piqSt)mg38bbXcu`Ec|HCnr30H^MxcYIxTNPPNvKHeyt*tGN%GXnfeu3Ak<#`0~YpCV&9y1UtEH^HVLluem=tJHK_&4g0NaKiRB8 zJNWgaQ&``VIrF7RS=T-nog$-akl;8Q;gzcK!CBtpr<)++@l~qzaw0maQTbsGj!mOy zEFN>%tPC!iPENPmX&Wtin!NK09*WcpOKo{!V32>srjv+Q0LWK+TJjOA!%^Ww+@Q+- zlGvN{#tBjz<}Q1iCw=Q{*6N3NZv=;4Dz}SvyY{xe+iBKVKl2qzT&X;>_wYBW&xT)C z8!{IKa2)8}5u`Ee>o7;9A@1~#n<@&PxmFW{2%OEfb;$DaMAOPE%Z=A4bM|VEB4fKs3e?R1U$xeYX$Yy?P5EfPA9i5*~^J03%U_sbe%{0Aau{-1aFXQL4$-O@9{n>b( zYjlge+l$Y-YQNY)`pt4Ajjcsn1o?6zoJQ$KZoVFkbsh+=aMXVZrwWMXc-T}8#qGBP zS&gxvAfW-H&;=Ax>^57THhnrRemKeCzRcZQU&p;rSjW?%nfZANf>7|${X)a%BIfjt z%D*Sg7*MKjc`uC(S4tKaNSt_zpEen1e$DR~>3mbq<^BzkLN)kD*;-DJXl8&6lnEB} zg!8;+Z_EV&FWJUP6-|eSg>qdZ*8&~sZe+~<>a`KP@ia(>#WrB=!&%0+*e<{^Tv-Yz z^4u5~7T$$6{eD=aPFpeJ_WJqEJ1>EUp5M=oRXaA-X1C#ZDt|SOdaO;*@^rF0R5NU- z_eqIwKB;bY3OlVfFMICp;U$|ubm`{DE5-(F{1l)9cRG0@vQ07p@-=U=p@+J2FC7XR zwO7rhdHj8$S;Thy#-R50uj{ye+$1ExmWMkJAJX)@JNN)i2ug||Zn+g+`kF5vGPw6K?X&8m zC7zl2*ZsGa5&?w8FqQ_j0f7WU^GNwRVmL6ZyXM$01gboH)GO65lun$Fy8H*{XRR|u z0TUYy!wl0z&3|#H2XZCwj;d|>_oVg|F>2Op^H$v@8E!E~q2{vUmxFE3Or=0HlT3!6 z+rHbdo42?YgHCgqw4U7EY>VVaNYOiqSD7dFx>DvdQ*d9XyR$O7i_V$8yM2W_IpNaS z)`VW^yo2`Z3RSz2^1R1|1Vu6Lv6&fDyW2SGI^UZgIQxZQX?xaKK%lgq}&36 zJ$Ej3FVI-tk}`?*t_+n@vTt-)6BcCBJ1r`YzW<*^&te%?8Usf#f>@ zr$9cw-*Isoq|nU=dRB5l1c+bvCbpN0&MUt5o6&ar*m_0Ha7w#RS9>foON{D_Qt1Z$ zKwd} z#4Vy@H@c%?iasp`+4D;YzrBQ}k+uyG8F({f7cYmQrIZgl!`&i1Z6rIJ2%gwgvd^4i zmT9(53~jmFAQg0i&8TV{>JT6`Q|BQFap5X|D=sD9BLhid^_b3OtE}Uth=C+tC?xGn-MZR(QG_HQ9;Bx3qC*O$F z>l0MROBuciP}7!{<_+psCyJy;ek{KVq_UQKmWiY#!JH)*G69r3N97~`1%?o4by^v1 z*EZ-(z$*MyiccNmA848k!zWqp@@7G>TZzMe&~wfY3}!zF zA&MTX5E~twthZ9{*9Hr+2rR3&Dn6{ljVXDUp3r4nCU)C<&l$=Ljgn@LtfEm3yIwg^ zo@6eY$gc~1=p3tuj~2rJfF1%RT`i`#!xDl!MKHUH3RFOr#&(WZ-jGTDu&LDD z{Iv0>b(|~N9T)?ZbajNrSoN-^HlOsjM%^4F@Ar_2$q1grOi8^v4mLS`;uJ=jrwkr^ z9DOpFKVy^@~}JTu$O=@Bz;-D$X;U~PpK z&n?rIEmG%ZV!YUxx~>h}G^rO!{W_C(a|N(H5QXwG!4pUd&}INBYpsX}CicV94Zh=T zRLlj6N-eQhU)wg1G-ihx(w_`tJVkqQHIa>evc)Tt$|?W-#IRt!W0yPzQH)#^tom_l zHpL4)9#b*8wTMzMq_ykNyOeMJ&^i6>lW2CyK;h1OSdCHX^h6WXg(Ya2zdnH5yt8#} z+zXL2tTDW7JsK~QNK<=bZ25_pkF%bPQKNK-u#U+r_9JZ2W9iC+>aLNI!J?=TDTzuW zHR;;e{>Y5&?Gd}jE(vcPq%Lpj^x9kQR@}ybR!3s?YJA` zY%ZYr<`6Tw`GSp}f|I>wC?74B1<(Dp?UUB3fi8=-ibk(_7FH~ZD-9Zv&*c0^Y0j;= z59aHtGL2mC^Fdw&-20E%?wi%RsZMuf(Mpug6KjNcv(jUu!OGZ$CvPXKJm0f((P`(B zZjDLj<;E}r8>>(FgiVc1n+eTeB$X1o#*AbSDzWP9Emvu znv346<|R%aTd3co>f#S)&kX_T6}`9R^e^RaEK<_+rdM;jaKeDg+Zpf%S%W5ceTUfy zmj{pZ3?AKzb4z^E)M?~O5vZsf>U-ltq1<%NAn&OGn{1iF_|Y$GW?M6{2;P;`nvX`2 zQG!){w|;xl_qD{i0SJv`d^?-X6(!{$Yi@l&X2OkF2aej!Oq!%ZmgE=se z^z@;C012t$=;euTsHwMtDw^R2ER4K#N)-+ayNiPg%!UlL+2MValF)tk{<2>4vANN1 zZ4swxeBqVvC$1@(Ua9Q4=ebfbcK3yKN0YRC1~UdQp2tS+^w|#=jmHip2%6yL&!77F zv?bG_YAj5iS$3T77;-|&3t^)N4E*0G)v8)IWti5x@A&&MH3NBl7t>$?Hm ztPKJ=Ur|t`H{&|U_7W0v3$z1=K#r$^P{^!2Bh0V5P*IxyNdm}ztu%_=zdy8ljCX&@Q;MZ5c;^^j-16IA=*i|+s>a5yZ4XZ0< zHF5SW?%|iqBOU|@-rZC;K~K^pm^4+eflQ5nq#b#igBU~dA>K#x!w!LN0@5(LY z$|vlhIvtgi#+)BV%U6_3C0!YEj)3MKL49~TgBBb~$#4ZAnK8|049eluJ&p?F6;L3+ zjzc&grzFB#-?jWglkbH1B;VTN%Ff!PQo9>nJs-P;y6l>7mi4pF>W`(PfP8&UAaZ;5tm64$&A&M)#)tL zrPP8)Jjjb%xfAhWiKl8PA4q8HDz!&*1PQ3JvF^7csx@<8QFT;V0>)$EDwHze z>@36UK%4?;b~3v4D??B(vH!yP0fX1QoQ)rgO!j5-N`x(ovbM@i@_8F&?y4bk{t-(J6FANoubb%T@MuG}OuiUCv^WZ%y~34H9O7 zV01F=T<@#oY4UOhlE(cxE$6Ta@cA{B75U2_mVBKeIrukg8Z^HPF$q>n&!v^|O<==9 zT}bAp#=&&g*0 zkb0HE{YnI0GYN`^8cSYCr?{2*zJBWc%Hxf|i3t)ISRR38tc-V@ydEz%VqB1PUtIzF zBdNX149Ebh_J={89WERyQ(~qy9$+6f#|XI0cBc0a3=Hy@+j5?A1OfnpG1bZDoIy5- zZ!`X$YI{~x)d|_wcV_!mHL+7-@v<-7ouL8gg7<7yUx(Z++fX_d znxZI?UMFdM)0QWMs-l}#^E5)x41UKPlRI0}yDZr3&NTL&@%Ka%c)Ql%#8`Vg;^ucG zT~T{Q*YgpbrC3J})Obx-F`8-P^{u;MPEN+Kx4q{b5@#m_r4=IsHOybo-k0vOvBTFM z2AQsLz7U&#Ms(tP*ZqMFteW?_HJH{Esdhm#JUU+l{rRq$74hRk~Kb!XHoP#=_xu_&PIrqk^w)K&CSz@mZ zZ&cVX&F?YX@i22i+B4NYF$dZ(avPXwTjSBdB!9`p9p`u`g?y)_&QkMhuMX zJ^?q7WrtM&IH%VWO4W9MoY5E}nYZD4X>GjOyWsl@iwLbz#d>VcldeQq#V` zE}1ABE_#DArZm7dm#z!<;hBg53$~k4-~Am%&;CwT@_#eAR#qmsvTJmN4>%~qq%_i7 zY7Lehl{e9|jJ^#VQ(>GHq+NMLKYPQ4436?U0>}A*ofAb&0;DV_+zGIV{naVOnr+%h z)xi6zRoD-%QRf))FO;i340zSW#;t_cJf)zXo|c}dslqD=_21yc!c( z4o0IT1OKzL3|(FiR5*qiP}+BN!z-PdL?d7HZ8%2-*+{tw8dEmdx=IJKKc!2vQGKCW z99lfQaGIWzSroO+%ARodgEJJ^LylJu45ht!q=E6uOvBuVXlwV;KD8Z5-D*P6}w?PP^b|H{KHQ(5z_sRLZg+%_t{P$lSc8GnS($mn* za8df|2l{dGpJ~=~;(;Sk%&t^c`36dFKl03636OWo6Zm!8sbPh7HyK_g?Rt%&tNby> zYS`~$v(=s3t1xW-{&_8vCfw)82Bz2#Z=R>OQHMmicE!#7$lR5g0CIAhl5Sp@M{te1 z--V(Du~|DGlREM=Qtwu=`6;dNKV_%2v#HUE44izLtPS#MvhPtM;Wr>rk{KT#|5kyb z4#=k&IxY`W`o2PqzN!KCCGrK0Jk!6h-izRz2SN^kN40{dJB}l7X+oXd1I>Rt;69qq z-Bj5yi&t}4dtCkI{fO-LkYipg;`aR$b{6clyE8(8fe~=M@-{CWmH;b*`O0$)Be3Vp z;kzGP^8$qDMS}`dUqy+SL^IY5IzisP?{tQ^u1#d;y2P7p5w>Oe-;CN`w~;lDjeq}% zZMIqD0UIikeKyKJbNHo~-z1~#SRVb4b$a~#(GoK|)EI_+ z=9^L@<0hZEg2Z!TuLSO<%!x+5HC3WFi+U51vQr3XkJCwWmHy=TImxs6PpVDDj1B0^ zTNXo7_8+901@#Jw7us5|x9lbKFK5ueTz)1$kBodHRxcdjYEuBY_0lnCvIlK8bbn#v ztN3OYet+`1X?_X6_6vnnv&yn-=L|}(K8qUs`n$mDOp?J2#T3lz!Hefub}sxK-(G8ZtY6aBe+Q&J)nZ9X30A+r4&zM=A+-{A$b z+2o#N`5n{ZJN^k}O!ndt~CYJrSZn4g=JD|@#%*k120GLvVxJNQ+cab&hn9p!ol(Cd844dd#B zOB>^>@`+gkO4SKzP6mS$a#mhTe&}(`lcsLMCdbUHw7WN3*4zo1{A>NLtx~V#>}q#6 zvVI85;*s%ev&yH-KNlNBFYHPn;C--D19!mN%MPQAc<|Y;`DfNVEoAy2kz)o2Pj_JL7+BSp0OsZ#8_DB&4gx$i;YJpxvnx>-~8lt2W(OEna%|M@`p;cOp{2 z$ZI*jWL&T~M@vMV?rw~DcyxBkH_cNywtRfL-ush5w0G_o=lL;T1V`&1Q%rlsCISFWbC7{9SaV6Bt^e^Mt_|ltj zXAp_9>$f+ul-3~N>)0o6UL69Jy`N(W!4YFY(0bwf)`VskkmDJOcTQB-8qa?hf_XSm z)J#g5o6Z;6%+xggYBS6_VY9t4mx92f@y3i7vPX|`x5)o=wO`X2g*l$l4jo=u2o!8PgN}Y~od4Dk+7;6E8;qaCU#^-g zSVqOuoq2I~HKu&W2)-;Hf~rJ$^CY4{pl*q2c@1nb(f91qNiKjQLqV8}9CrZ5Sv- z32mT9PcyhUVvU0rKG}HB%E038KdBpWPmN){^3wFiE?%gE9_H{1%50^t0 zKvROpZUA^SD1S+~y+G3}hC-D~pycQEVz|w^mn!QH2j==n(v8IL7Kuys)`Po0(xI7a z5cG->^xE-WVeg+ahRl)tQQBJQk zAB@_r0taS;=qWhyUln$|PO`7E`%=u(s==SxeeoaYotbCa?En_(SiRO0b7Rt*Wu3EbuiO=iDM(c0=Za2Y|roIm4d{Lr( zBgz4)3wdD;%x@SL)+8@#YlmC62TfE{>M~t_ zr%xNj?ib2<*7I%G#aGAsP7N((580X9JHCka0Mo9qwC7m$YehiT0{LfTEaO}&bt*V( zeR1;&SQDl*ftRz|Y*GVl9YWu3$Qr0D&Dw;ecf_?YVLffGOrS?s{e<@K4qTWBnea-v z?^3^$7vN(hXfC6E_7VoJus5rE^5&w*Uz~r+Vx9oEynxzNf^IF+K^x&ZRxpyky~`tK^D3E zBl4l?l^Q=%LTx_9ra3l=Qku3@*cv0RCrfV6(9tiya_g;U~(A z3D&08vt6i!7|)?cE;_`I zpellPYBHDQITp4zl)w^wN9vvS<<5f6OYo@U+?hE7_q*pj?WOODRT>-U06X6V>(Uwq zn3g~d&0YM#0Z7Hp;bWm%lBCkUyPT@i$F@R#!;gpECR-yTjfBUVqyzTnf$UmMvIhCa zK)A0fB>G=<5>3@4Uw@cO+Y3~h&Qj(hor0cH`NjKinRVz|Jq4*#sf+?7ZD!751chGOp-m2h7bufA@j@rjNNYkPc#keB=Y$nEb+s%>m2) z;}As?>0BwuhvN)+;($%1w6q`xzkA=vg9HBR+m9rd>`EPX5@qKpm!E2h9U>k*Q-mG~ zl}^&%xy>(2Dh&7C!*#qYB5hLZp9Pv)J!i?+e&|U)w-K+2MCh+jFp#$53B0Bhvo;;1 zBA>FIQbckSI#L`w&gP<6d_pDbJh`Ei<)GWo90k&OU!^mW-?WOelovVPk%k3DssC-b z^+q2-dhBD%t6nz*6(x}~bN^R{gxCRt#|kPdrMJb26+KRqRu=>^O+Hv?z+T&Z+&W3> zsP$#7D&dsPXY2_v7E&g!%f_T z1cu=FO|0XyPsR3xuU=WH!L#_+J7w~kCwUFuZzPIb9p|6_jVaK$L1HXXK2v(hVyFnF zha|mHA=2n^<}bTGsb?^M4}?!OY-B z__X89e?iKHKa+b*(wFs10RPqnjGt~2#{!O5!E0fC`y_z}i2bJb?&<^5t}-xj{(pF@ z*OQm`N1b@41^)qU-?Tg!g{~gRF(l!Go%YxKK23Y#ugHzGY5w&WBN(9mRrbV7HKvwY_Q@;f9%0)PEto&XiKil&I4(w%& z3K2^b<&T7lYSWy1{+P@g;%KItfZzV-<zlX~=75jjL$34&1&eZqJ! z_58qaO~XZ2VrWcI_~zk`sZ=_$p3J@Bd`v%hV6+HE@aZ~v(TKg8o&)+Cu)QSoM|-3! z~sXfPpJV5y^L`K_R!7JQOCQBZve2DEOJh(Kr?Qa8` z1&m-&8KC79*C#tb`>*aEIC<^k!-(LZWK&?i7O^8fWudCXh>%7~0r z5VMlyB;C-FhQnluL=+bq=L4=_pWC0@d5x`)V@2R7TX z&X8;h(16^JY4W{FqEQMbR28l|;E~E->+|hHIN2<9yX}!KJFEjjlevA>BW9OucZoy$ zbo}l1^066h5@>%9IDwo?WZDGvjY5LR$~p>I$rr2R&c+md2PPq26MUZUhH?*67RgHy zpg>IEvF((1W5LFxE)>D@ClBOPlk(&LY50HU7_%&syoJw-<}}II6T0J*$jSyXfW+5k zBu<0yg1no%Ajc2|6%rX9bMhC#D^Y#S0I_(1PBJn zQVF`MWm0%sn>Z<-ztk3JOas`5bdPq5XchmsvP^kJtrgmTT|-RM{}ALSr~g%`T2Zo5 zCMbQ{y8|N*Uq2Fjpbvl@7ttnr44;)u)GR&e`pN&G5`0ONyq1KHo+y*8yD9(azfdmi zTgXB^N$fz1i2w?4$o)qZ9w9Sq51J+Me?r@3k#01G^AOw{>p*ECaV0;zga{I6OBpF7Dwx{^z>oENwb7ERHuBv#`9O#_ScO-t(W=RXdO z<}4pkF96BVOe5ctBrmq!F_Pzb5Y= zsGq$}Mm+_$iP}>jVf}(hgRGX08UP|rfNAdh)p9G7U$+n3aJcW+;1wcc>WToHqe^k0 zUg~6(0gzk<#W9NCL=hsB4Pv}Wfd7C=SRtDPVnJQXU+gC4`;`Q(0m(mT%9zC_3P95P z#L82I$pI0>AIO8{d`wix@T-3sJk7ZCv6UPrNC9^I$3oUQvJdqUJahh!wYeAhZ0*be znBDt4O8Jk8JRq6yS@)d4pRNh*JXf;rlS(%TCi{N^;{OFlW+nbvW56l>1GuHS-H2|m z8@R{8u8}ZiE&2ydjA`Uq{rDeYMa9b+Z&uQCOj+5vVM1#nls(@kc4=y?|2q(2)2a|7i1D@(& z*c(8kkx(mWOO%9gT0koQAbldO1e_#oD$Fcaao}X~54_;>RdI`xR6j{!^Cht^AmK#a0Q&R;#8VDp@QMsK_l`68{Rvuru>J{mi9`@$L^3r3fNC9QAa>^XR~TT|aP&o$>AhctXr$>l& zrmh2~{4Y~96_U+8dYhj9>pZNGb$JI`(|Wy%4DtYo0Aw~=$*L(Otj|g4k09> z5E!_)xR4hcND48Z(z-#S7`RlPCYDF;0rGT0iO_?OH_+nlq%`3>far7&a@ix>x1v&B z)=;rW9$-XgqfOWe_CsTglak7_g?B8ZC&Z#R?8EL%Y7PfKyu4BcjcXsqaG(t%%Gz_9 zTfVP&3`3wz=tsMy5_zf-Kypca?3uX7?p#fd(O~}I=h?Vf=-5n+dU0YN7Pc-gz2daQ z)dCyaki@a$vC}*GUK}lmNd$ro@6y%RG70Myfjm`9c2_9q`ITEfzJmT)2>(Xu;@~y9 z)!gne8y`y|9~1?g_yN;W@&Y?;JzKvveSr7jqF0Bg6>$p9WaB*+vM4&gD=}W~op>i-cQj%16KkUNs8g6h zSk@r8TyA*DTDv8161j%jaod*x=E$0eT!YOlGL-Yw%rwukphrXTZC$^2Oz`+z_kH!7 zvFz6YAwRGUii0K8Z0Ej!rfgi6&e#2Z-(QLWCahRaZRLAsc&#jL`R!6i)(^5vQ>013 z7tc{%(>v6vVpM18vScxUqy(z3mk(TIl4!=t$qs3}e7;rF^1OZIE&+SdoFm_x1#p?U z>EZC`wd?S!E!J@!h_##2!5cu+^D5Rhj!np7->-WJGnEck)|TQSk(MAyNK5>%qp&nnE-iJuew(F@PyaBs^Au;U2?2OZ@jas-$Fx~hgxCu2kCd_9 zU@85b8+G{Z;>c#n#uku|OZ$@@DLd?Y#-}OBff>HhxhLGSFh4yBt2I0Pv)n{&K3<~l zSBFKzh_BoD?fEeY0tlaau?1oJ+;1cEz!RUjh&K7C(>1Ow;9+MTnv!cvFV2@E^tq@k zXD3Fy7DoVwJsE<3^gZS!Roz5RXzl|s+Z#g;<&+A$&_^B{dc)g$J-?UD>Ija>^ZX4J zRDzSfCt3mH_pn^ylMWJgolkv8lZH7r-&2fNTlI|WLM$;A-}62*g!<8B-k{(b-mUNd zE1UFujZ~ejFF2HT_0OmYehzAUf}mfpmdpZ>RUFsIAewr>#UG=f_EFLs z3m5xDFU*$*|J1Xso4}$YMzA5uI%@JV)wfdNiP+KnR5yjqc{7HMp2Q#4U*W&;;w2cH zQ=C0le9Ol@4IXgcbO|wR`d_v4bR#p713tj}aFM7ljgN<=^tSox_S=$WA)MWHf+Sg* zLRK?Iw{>l2SxYGxOYklcWIG6K3~G5iedtT=qi+BfW5Idt%{JkKFfTCesLwXAt(NDj zovZ{Tn89?`tr|5XHy@wqt$U7(xedcHxJFRh5$FYVg`2Rqh*lp7=tq-d{hi0sRUCCb4G22_aq$dFqv9HEWc1 z&=#ah=X>&7e<(PP9rS0oNquL${SZ(UGuN9oSBOS{`(>7(bypA0LDpsC2!a z47UZk{_uzF!QjIxiw(+$RqAA$^xjJPHEIO**argt$uPWZHZ+IFK4pokw6(BbX#qxo zS-2At?*^R)u*h+_ZCI)sFu(%?1x$s|XE$7P{&9AfH~=kVy;5!}J&3l$Pcnr1D6uL; znY&wW7MB~Vq44-eZ$dgNd2KMe2!2a~lQ;YJOOsBTZ}&>vL$BI5iRBCI}g_9wr@2eN11^m}=v?kRo4<>vdNo&&0|A;}kFSyr2@mu-;m z2xM4ko^!YFY?_Z}!iOpMhmO1Lk8f`Otm^%LRDESwRNvS301^@k5-O>nw1jjIEg&&4 zLrSU$NOzYs5{if-JyJtSOP7e!-Q6J|E&c96{QaMIf8e@cm~+nFd+oLEb+0(9kx|#i zu)-Cakz+51Bt47`G;iqquYC&YmY{9rjjK@UwXWN1Y&7I?>*q7Iyg=A3Ocr{lC=D(g zl$45w;Io{P)48cfE4ikz{!<6Nbk}l7qR#TCwDSbtumC4TVeuaT$-RA3jU6|_WUEXo zS#iwJo0qR}+wg4vOC=g)aRnB0SWpX7R(sLcfMdCK7HNpAgyjRM+|+Oh;~b^kpniT= zpc)H1vO>=s-4Dk&GuM3%A0d}0gCfLFF4X*&t0cmsr*)qjBEw&9R&E0geedoX({-I3 z=g*YxXyD!C_wQ;^l2@Rl3n0#@6CIABFm}Ez($o#3F-8mchtzeE-m)kfGx&Q(qk`sCcU#Yf9fKB=&KX1C{K4Tr#RM?T|G9P zDA0QxIl)tw20OIz{tK>gLtkAg(;t#vQ|Xde^`@^yf@PeL!fbSB3nfKsLuiY|h5JJP zUD;`)-)L1{wKs2Gf+v4-@&VN=c`13oC$+-cm!JO^Tku#t7TOEMw0cct38#%NIpwU4 z!Ldos@_t*)p~xn3foYAB(5D{Ar`F5OgW7XfpHV@(H?Lt}O&&7FqU}Ezj#1t!M&5FF zk+aT}I1yzv`|$O-veT0((N$b*A_UOreGj(e1GyMakdUb%${#j@d%nHUd+fx3@udQJc64~o327x zH+S|!XJqIRh)B4GAqSu~^8zC;*>zAI^6)l8cjqYNGq9TzS(UJ(dfAJI$cl2P9NS=Np{Q;)%?^*1c1 z-e`*3D=+A48c4+Vb{QCIEo6;fGb&13K*uKSjJ}mRUWPcjwT`6y82PV>Ql9KC^rU>o zXIt`m?1Yvy?X=ja6N`1PvYM0S;p8ZSJB8Z7NkGM?U+%~q!}TM<4t4z38UofP3rzAF ziLr@)mCOCnS_Y!dQ|$%)vKsH*8l#@ku5ZjhzW&h#gnZYDWru&4b2NQE!z6FHLX9XTQ2i={Vv5RgQ-?Ug$A#gOoe|HHq2F1*Ycq z7V?A83l(3#4V03m_^wi{%Lu?vt)O9Dk3Ar@P^TC(5VY0Yr(Vpm~?s(Z}h~nl#GMWlwI` zd0HLL%s{QO5*Q5JJ2a(tpcI@Z1){MU;tl9){yfm^gy}`vj6`nw+e|c|N9{{`Q0%T1SOv1TtkcTUvE6) zpF{(SLc@m{{h!?dKf@`|xPWrt^23YoUvR~;+xd^C_>^W8Rxdvi%G#{@zi~HB-Xg&M z4&AvVUmR77|Aw-C^AxFO!C|=k8kaPq(#2s$2WuvyhrzO;hkbYT=0j6PeSLB@%)t+Z zx4@ryUDzFatoZ-p>QR^e!JtTS%@}z^)KYT&Z6^HlQAAm5Se9oLNNLRaoh6Gdhfi zb@}vw3Dl8m<9QPwd%=@w^VHU;{rwmCF^)6tWt0Wviu@#3zHp%+yohJ4C2Sn;(fJ@E z%+!~*1S;?$^x_J)Hrp*_-eh;@f7J%)C;U~KxFZ>EWcLL@1N52YUgBBLxj7I9m16E2 z5T4!dQR?nH@@qcM4V_>@^YT@*CKq&+>wkc}TVD1{{T+;yJC;}42exji3m-Wuw#*)V zd^ag7gijq&JU9N%*}!hq-c2!1Keji&4I7{-BZU$=AY(AxZ-uF1Xz&TfGF1bpq1m9< zcAT$b5!lgrxK^xI|(~^LTU~U_OGKnjP@5=zBnagH1K%z$Bw2azImak0wh$b+BDy{(0~3 z-Hk>@iSRCN~ComGfsk9XhQcvpM=Sg~$r{T;{f$44urLk3g^prPl(YH_#i`QJyg;hZW< z$v$Vli(Ygk&G6N0+gXdduZ|zJX78M|Wp*CgoS8XpaDF>Hmd@;~xS3S>t6GYW($_$+ z*sJjGS?I^;V5R;)YgJ%dvN4GRVr+f!jFx1tx?K!;P%4FM+dX&oBCz`A+~#hO$3%MC z*awE&&2qbVa)U`u6{RAXl3eMIDfk)$HOK5?0FT3O90pn&@4abU{H*NUJ- zd6ZLl{pI8I-B#!AJC-SZBZZ2+V8=5TR#69mbc%W;CI5G;>$g`RDgaznIc z{J%y0rR+kFz4sS;Udk>nzme`R;M_RRE68wM^U}*`{eIp1_bbOCeV25P%^DZ&hO9h1 z#^(F9bjC=p9A$rH1G;Wf<6N+2s6o~6dC zL?Sxs)nP_s;_DfEYq)l8d!#@bhn~z4)Z$;4mfP9wmcCBJDKP1Z43j6gk!)qT!<6i4 zukD0V2w@kGYXS9Kk}pX*tIz2=#Gmo1kcfuuxLkoTJjRD+bXu~(C(MNYe}>&Ro5m|c ze3|ss51*wmmi21-4%vW@wXU|i!soM{u;z3H6C;l+@7#I6oQ5(bJrbC3?2}@Wn}$RaaJ10HIm3eW$bHJtU!K_J;Z?^q7wvjY8VaDbD(uH{$tPS$wbq~vG) z_EIh#iG_RRis=LKAyv;=(k3IVu`jT%N2@ucycA2#f^nP-mT-!tMcnt**C3C%D!gFB zW`+NUJz5nxy;S37zgBS7h3zc2xAD$ohRxm#1kevVHZ`o?f#SN>IL*e^8 z+`DZt@f-)ZR1sq8q|Tw!UGz7=e& ziiepM=ckSLyij-Fs6r~8)P-s%`)m)uKtGaPbNMILu`;T7myM>u!-8{KtRA?*!)*WsK|ek*Of)YLw0 z^9!IHER2e#uLM)&iZ89_?*?NtGaih0cwc0qvp8HGe@{2eczra0hgi^;?R-}91gR3I zy>x1J z5xc>ZTo6cq7`}YWuL@IMZO;+sWZfv5a@G82WSgndSff$YLcPqEB{oyF#*eb{-@>Rs zK|D|LVLR6@*?=oPiG9Vwd%YWd9cN(RBH1>AEC@m3wC+K@qLa2HYrT$AyM%4~93c~t@;C`isiE#yJxlwY=q`^dw_Sl32h{ylJTVQigfcw@PMvM88-@Bya4QAis+W-S; z`7#Y=wz9RT=4~#pyddEfcFd}z|C!b(M`ai@l7&z0wf@pjiHo$kqP7+Mam`?}wsZ{Q z7*zHRH0N#Au40u3ww>kDwolN5V5Ht7cxA|{#3!QLvFq*Z)uc0-Umv?iwIp@fBnpHm zN+I@tjTHa>LQ<@uRlzE5_#sqqX=uc!W%iYXzZ?X#&O-xI5T2moBcT1yR!=;QhCnPa zU<pX!J0#qaHZ`gyjq zi#5=OZ0%mMR{7j>Aa$k0KMHW^q*JeK*t^TihRj0T&hxZr zxXan#4FIr+GJo3cB(wshQ8S#lH0LQIVYd~C$UqW!xMbbbk%eMQvZ|wefFWZjq{*s$ z;(g_>pG?Wr$F$adyD3>k^*A#2QP}4X;XPQlu>Bnu4!q2GhEmS!$ah zT_+>fw9qz)u{PObqk^fFe684JbMpH^-A<>-OX&wx$#t%qh-2MUJpE=5x^ge{0u)Ah zoNTo)dD9kN8#44cy)6-SK(d)hyms>#n)`A=w2kb-`qs9gcC$RCgaA~=0{w)O=Qo$5^|mVc*3-d<_nya`oaI)Nggs% zR{pgUPDVpsZ4mHb#Q8L}l@2S#5N2p3M>K@t4LDAObJhy-FRKS|o9MvZEN%p`$YdcE zx}U`_anRn3!=sRmHcLvDzM?&vYZy}xx2waGrvWEu>#5YQC=%~bB~Ljke|-c9A=1wA z*;KA%d>^~(FR@h-fJfUb+*!HW!(L`ca%&tOot0e)c@!X)UwPL`LAINjqYqvkZlz~A zH5}A;r9AR88UqA%MaBS~$tw zZKK|3Q$6}lq9EJ0WB?fZ`sHM=(|(2hD)YtJZ3pzu3cq>{*&*Lmq~)$D8oK<%*mA&phC z6NRZ&cm|I4ZW1sj_i!jqj^o0t(!0y(@ zAj9aR#Uznv69cCvmR-*Jm%4SwW-sx)`SoWA)olh08s|T218q-#I}rLOH5={N|6cBh zVPWedWRIGLKXFbR(y^w^rE}Jin}s0tm{tqHI0$l$-~ZtMB(c<$9$~)(u51B3k+xnCd$Hat!)kxxpL1O z5sGx9LX|Xr>BC7R&+-WD$!GUwo#sS}*68teyJ{ylxVJ>U=eG^j%10%SI&;z$oKvgx z|0;)4q~$@E&9;D9q-c>YNi~0TNg5rs0=lvN*45=KWLH9^sJ>USPGCf95LVbty3TB} zF%#XEB-ItFWLoU(*&--nz$7fX*)-|6Y|L6IylezC|5~E5spi%P&TA8we2f+G<{qe+ zR#leKW?{XzK2~n?%b~?V_BSIYb2w^|bgl5?I)&s%>ELSvlbi-iFM(OKJ&q)J5a_x| z0{`Tao-9mKALeEB^eelR80;s?`ZVmg`8bbsv*Kr=x@Dbqrd?|JY{mPcQ-l1g)=xf+ z2zeNU-7zO6c^Ky4jfk!KV{Lwv&;(gqU;)6h-yBB6Dy8K_pFqCJ#}UIS0%Ecin;E;y zbbQxsFt|$I{?P0R%CP%Kv&7in%sNv`X&1r}UhS#MiEDwb>I6sFJ6Qr8N(DSg#kzB# zFLb*eA^6^P1Vp@lt{#$}jdx2H5ibJD=58&URT9Mqyqc{*gX7&lb5Yl^1Y(jzCZ*YZ zwwiA)8RVH$%zCvP7m!MRbX6tE%|1#nshV==5^FlP-rq@(t2T9`8)n{rld(3$YkPAb zdQ}FRH|!nLC}(Uww%HNCGl*TKzA5{4;my(X1Q)Nz+9?uhjTmPBwwt~v7PKW+ zRKFShF}xcdv#Lh&@CbMSbuS*{Qw0tW+D#1)>R&f$cyIjh?GrSeF8VZT#N)4i_Z9EK z#(!+``ii3(jL+!pt@)~H3o#|qS5;AU(Wdk`y14f?)y`Yr5ATM-`&t`EmNF*8zo_byC*sX`&lwKl0=Iv&-{wSO@9yNE4cA;o!h~W* zzq~&av*EZoujHtj_rqJpqkTe11vR)OL!Dm%YPR)*!oO*3^sHQm=(PfT7Pnc)V0F6~ zpDNM2c1h!i$xyjOz>15h@wOEfOXZDB zRP6#gehpbO%IjjgY75)u((H3Gwo5a?booSw?COZUB-bgD`S`%$IC@*BK4k&Kqz%uQ zI}gHlw)o?2g-nWBuN_(Pi&!1&x~y*{08R1=ycoJ-eq=DS{Nn%>C$Gkc$x}?+MLH!E z1rH!jKAvRO?z`_qo<{$Lk8R6MbO$QHCfPti)`3kT{1EmN%>-M(XC5(tmbB>6ZHR*h zfnKk+_uMYZ+HHEqt?hX(pfT#^=0%PKE}Y}q38p+uD6f~c2`@P zRt<;*o_Sth36sO+|fM;)_~J{0{V|fSt}SjpA#1fnA=9JlUKEfJJOw z*!h!CP_`9R9oSc(u0{3|1fw{ zpw|8zc#MCy9Q-sIN$Z6T7_Da6^0xRLAsT`zeY?`oM9^%Jtk(H$tGcMh|-+Q}!hhGM`erSu~Do@dZR%hDVkdO@EE*q2eSC zCU`lW5KqxK?p-)4Ovwu$2_I?oL(1Z`F6LPrckFm|I-QT`Yy4dLaiGpQfGy?Hz9Le* zQS~*S(pal~$K@LN?Nm}Yzb<&Y*5gu}|CQD{N*{wrlP~)KQIhzXR9bqLEgV5JzszH9 zu)jX0RdE8SSsl1gC1{JtmecqP@RL^9ZTKi?o*17WGHZ|`F3;4!?;}lPUHzb12~&Kv z8CcB!TNDWLkW=PRjoeI;_cPQGG|wXM=Hq2Q0rVDWoP7QB5kw@t8JdYzeL{=SLrpe4 zY-jr%t2CXpS_+u^w~Kd!r^j-icy2Y5#v!oR_+KV!)@Oigrq7xf? zG#?@4#b5uJ{3HHI7}`8&j^WE+qyD?4DISD3Aij}fZin;FTH zFYckMb7&3-v{Ve7Puvh#8FmewKid{XnT1hU0|-1clN6_JyqFqHs~CJuIX|qZeN_%n zNgu!dLUYB%6k|TLT_O=E(Eeyo)bo$+YWQEp(X#Kc{gbJ0d;mMLai-v4O=R}hdA0jt zp%5ZV#DMe}ia=^%zAV8CeY`%coOa)AW%D_!H^+tRWTYS~GP%FrxK3{6H6>ygac_Z?(ArH^kqT1n-HMI zK`>_=C^_?w^tKv^bVjh+s9jQH=5w63#rr4+MCiIe_#AuLlvI-i ziQ}OS6&g`rCSiPgi>T2o7oH670Q|+w$sSuz24QXJ+0vI%B$e z>rwACl!_}<;pvSrCTFYu}L6&lrRQPDWyv}M9G_YyA z;S0O}iEGE8%Gt_DHp5BtG zh|8NINE(tApXyr2Kx8IOac!|m>1K*~o;kgC_!8IPH7Th?X6`UU43orqdfRDC6U3d5j?0a0(%W zwjznCnxJgM+Z0F?^DXjNNaqWQ?rLeh6Hh@Mn%7qN%YKyn9NO(-tX6N)RQW70 zJ+#|l^!I&&ClqzjD1&g%nSoGElHMZaXI_gr@yzL?ncWW;bC~h&yj`x&+Qy?EAe_9c zokmXzb-e}z;nW!VQ$*?b@@waGrQ{C+}H|SS%_zFqVS0Z zn2A#@6!2vOh!)H$N<3jCjE-|S5@gj^sgmrP_+h!0^Xc`7?y|J*H)U_6%C4994tx%L z&N`2zJ2f+^@5*B?^FDPaXshY^oG%fmF5zYP)qGDs6(yaX^*VEtszZK<0RN9!rAI;W zTkXS&>4n|{g$)6|EV-WSql1sjE;X1i$ym~sA;~vmk65HlA+7h0 zT~j>>-*m&CgOCC9{+pRt)7GP9R8U<(HP?y5*Ir$wd zK}aKf13QW=+OA0+|24BwTK%g=9!f|3z7>8KU4+e5Dw&>bvdSm1DXe^`N-~)SszB(t zt)}S!Wgf$(J9`2K6 z<>Stg%&&|(x4GCKJgv3Rg3#X+QJPs~0}@aaPxR)qfRu46LyaBYKPn%rP!{cm8;lY} z;M5p2JsT}|7!IkZs)zyxJ_u&{OV)G?S1iReM3lV3)PFu3%CX)s^TnxdOMvPg8r$cO{!uVXR~@+22gE#0wkIAC}NYIz@8Y z(im(><_!BF^9oaPCoaB2@9kG{iNkW{TS&Ln9gT+1`kx32@{vYudk5)@I{2s~mo;4f zIN3F+E>(>CUQ8VO*(RCMuan}W9vUawhbCFXRRM zsJ{n8u2a$BTR&UpC)UI=;(NCL(n$Y$No2pT=;Jw$yi9feAkJuiVsNIr67GB}uRFE+ z#ExIW+)WC{HhpNWUy+J*&u*Vv(7dM}NJFMF5KhL38rjQKdvshfeMf=O%f@W@NQ{le zD}VBj?TUoqM3}-+KEW)JrqDs+W<_3zg{1p9SJ#V$rS=Uxyy>rqSYGCKWPM!i8sAy> z@f?;ZETdg67z2^5QvQA?+T@I zKL`ydIZ%5wE;neLHS-lkb2>o&GicC)>&aR_m)^h~T7wt+&EbuK5smPiEJ&ay*=L<9 z{`oaM6Vypss~qeaRmJ-UdYb#Jk9Dtu=0d>_!mL3QugHc8=CzTo7P^;d<=Be~V0pCN z%+&XaFUEMXcRL^gv}%L5zbMCixS_@@Hd%BK{An=Hp6tEebA>6r%6=EuTEGGBbT0HA zkk=-DizKhTrc{^=@a)X~*d%eVv7>0++*fzMiKB!D5!^x#5tU6Q-!DtAe2Kbr>pp2-8izF8UjauptfXuGCo0g0HEL zy&g1FbIJ;{(mS%$n0~$$XiBxoYMAm(Db|vVtLLd^*s<$com$e;a&C)An1@Q`=ANN4 zjywKg{ik&%iZ%AF0Tt0FI&R3otEZu{17;!jHn)mxZSW>}|2IR_ zD=Ov`Kkz%BN-FYGogNh;jJ3ncD3A3HNrs|4et#C|Ev3qvm2&)2JU%%{_v(9Q+s}LO zU&8i7;Zz2wpf7LQh^{Kn@AdB>x)tx1yI-XO@0ZA2q9r41ZPxc0^=@oO&W^>^vRQla z-xg;bItcWa!*5u2D1B>;ENSs!Cjb6`9KqXr@Jl8sruK#6o_@`*Q>I14Y)bCp!OC&F zX2F9Fd)DrpFg0szRtTa&EZ|4sHxLYk$-w9@y%g}|P^Vru6_pb#h%agXqd$vG9sHB# zWh>s&corWvc&nofo+F=-VfLgLeFKFaR#S(aE|zP9d7ZZNKi(u9Xnc_*f5PjzEKO(6 z(RSOpyV?O;b9Z=Q9!GwodPn6L;3BcwNP9%E{ZPc9QhrLWKQ@79a@2R+2TFJ6lo}@F zc0DJS3aswmd=TEq?S58aQ2b=>RavTi(EIHU5BjmPvOu)SHechMI#ya!Z7VYEh_4>2 zo_Z;6?#CZ!$NS5D(sBo<_-36zAxZ>4_Q_Y_+x{P4N5dG))4+=)j#T;`*n^I%InHHP zYMI72Exc4;j)YbC6e8Z^r!M6VX|!dnf9?*0>AK*Xn|C`w5VAe^MRKu2T!Ml!sQdoa z#tb%_1|Q=-Htnu>Vq7E^UTpgZYWb*r;Y7C8d7tef;(dFAfGj$-w?6`)0iu6&&34-KQXRV zNv7TntZ^LiNgI9lUOqKHE6?S@Txv}=N?Z4Z?x60dxG$wzSUpM04Yr&SVui_nbvo#c zQ4{l5JzDe38iUr?fPBu?5RLS^+_@*7MehErcb0pt?mf9q_OMr2d*A!Kl^EhXZowy$ zwnU!3vPa+#?`}Z%9tm{Z5lAo9NSyL0Tb8lwm4e8t*4usi2L*uE5S<(0JI4`ZO z%idEEJ?M0Or)SHF+?Ba3`nba$$)s`(Qy$^_w^anVUVo&kXS3 zD=0_?eQzGqBi{CAmo^WH{zrG#>GR=8BoT`$y5=~EY8$scRWUUW< z@o#np_>_D5`#L`7z8H|S=Z=p3k+kbh{_^YV8o5Yh;xsI<=Q2YV0@bEg&1J^~YjaUn z59P2RECWcPx3l;@HuB zg-=@&y9goBJxWT-GC(ek^k?hCMOb-8|M?A%GM&|_1z%%g%JaSY9t>^*%~R{nDlhL^ zQN9f!eqbGS03NSgwJyOSZ;52QCY9WLWTUj`wy4KFlBr|78 zY9_JN%&Ie&LUs<-2m^19jb>;oDHZbx2~vnL^p`Ij_I1$tu~eoP_@NuN zQqjNwvF%}DyO<`Fmsk*mN&OfdzqA+w>kZ_23IZ8WBGSB0EBZ_$(;2pom&MZ@5YhkJ z3oO;r4Tze~(XWA&F01vXz5VY}K0&0ytXDATAS!dxh{q%IKM4ix#2 zAwYyX0dC-HaU&{f1ib?|Dt~tXA)@{YfqfOykGtL#XqA;eS9|1Xn_~%z@>Df6VoJ*e zgl3SnwSM1-37jMXBjK@;r!~E4AU*tI_`Vx&!54}|A4>XGs)uP8IrM5CVJlaslp;Rq z>gidvzN0`ZhwtCz`Zmq=F(LRjqkuq}(!9D&OKaDdQpvvPaP(*E0}rQrEv`i}D`K^n zo{-OMXvv@QD;6Y8I=QVcgN1PP{hvfy4jI&G&7vvx`z%WxR$la(K#%CRRgEO9K%9x6bw0nFJhpmhfJcK- zs+3IR<#n2xfgmSbZvp3DsR6mMvEuwoJDG@(5J#n;J6jlY=D>|3kPq*_-jlv$k>qmN zet_Zt{$PqpqnyQ`d^uF*6$t#jxCh^|gI+3fa#DM_%T`Jry51|Eh|&w-w$dGP1#B6y z6+TTzf>1{!^$N{YTpLJHR(kBxURm|x)=BprpghQ+ghSka1q0Fw(i#Hnh|#(CSz^K0 z>4+xO^y{vY@uvB)LLQ6riCfv&*f+|1d7&(BaG0e8p;q?{l9wPB@-{YxSzf{*%|$J7 zyxvu9`H`RF`b}qNb?{0FYgqDkyMM?^;AsAPVDy?9ZD0YQaRrUqT5VfoxWbd$pu|4w`)9UWeRoG}9{ z0u#D!W@V*tqS-}vFTM3m@^2be)Q)WD-;QA5(ibj(Wyrm2xkF5e(dwMpO-&3coPQV? z7*wKME3ZMatd*4`28V~2JzL64ctwcF<3D}6fmQVsn%8%x@8k0!C_53IOcTc9_}SK6 zZGjX~ts$sz90VRIvWMu}wZ%la%}p*08Gy!N_e~Jotu7nZwzfYGtuE_ZAk1Q=HM<6B z56xzDvGM2z`1znT)YQ%@GAy7*I7`{$!y?Y37_l)X4^c$H5I$XLX(?k63r@=Z?mmuI zks1=tXMhQTmw)8R9BX(LyrWs_;8B;!&8p^wgM)*W2?ND{&~p zl7xe#NHq^K(dA#3Ao{|Z{v`?*9`)wU$v^~rf)Jv1yz53s#-7;QI(p-J7H1JZ$LTUt7ZCQ4N0@GulSf=tB7UsILoaj*YjcI)knYk^^Dcws2~IVSlIPT^eSU7M$Lw+m$WEPUF77 zw`tN*OZgUdm1;#=wT3q5?puF3i0|ku{~ZMM$FWesGz>seQhL^Vo}bM<+<~!zQS^Te z@e&7k{HXf+DqQZ^A6|o%raZv5bJfBXsEG#;9vn&>T;BBWqT;=p3yGDT#$!&EYLYvu zUt3+ZrKITj#0}}ELlnL=Unw&0Yrjg1h7q_?KMtJ^Q!=QiU*XT*ciwo%wE-M@S zRy%3bIktj97gAeTcv9E5jE4zXRg#uI>pC?-#SgJj;#}_E?>Mht-RmVGo#CwEJgLx7 zGD`l{UzX)U4yHnW43uG5kkPTRgv~(nzDlWs$h_|az@+g&dPvCx)u)L8u+!Du)+$Bf zdIFTP+B^Is6r9=vhaCjwB{YUe1VpfgYg$9E5)u&wUZct;IedLvBM&$XpbGUf6y@Ha z70t~2<&Ly;lk=}(JEp8FcPRU9MY9?nJMc&}LsAT`1pdrMm(}>XFIe4D%a+5$y|z0X zNmFHcenz`g8QJ3O=s4V)9&R<$=+?O>wV0l&O+&LD+LDmW=Y6mtMiIW389`8NS@FJQ zv$jy1eM`{8ivB&jj-_$j-8iWsHx9`zruI3rDrWM!p|ZDQO8LiKAN%y*?)|NtQ}ed) zSnz3&#+Q$kWh)O!lP_517N#s`kdF+G*AxT9sL%t)1rP`F>OJ@d_8^ffhjkfyWo@mz ztc)c<$1kM&%vk&v0VdST-2CTxh3Z9z47qa2|^UbmLU1Mac1+UBv zn}F5SplRSy`t> z!N#^OIg9?hclwR=Q^H=}m$xWsS(5ep7Y~-@GD73xF2X6b(B1nW&6NQjtZi9;bPTk+ z#z5#wU#9L;1{)y=)VMJyvY)4x72Or_jxHsY`Gvpshs7nOK2I0vE1L>WXR=6T2$T*Z znulW@?6K|&v09Qj(kYV;7ONpv?cO1=y$o(s~Tif!e^Q-Lx6MfDevX!Tg(5c{g%Y&3lZSERBqe7;8N# zG&!*e3@zz2^l~a7ebV-Mug17(uFSN8I@#0a{HjAQYDqBcdR@Kq=jy^Ekn%Bu9 zm=rX{Od&JvOt1z9d|s?41Nt^-aF7D+U4h~Ilf<*vutlh?M-Vy_`XXtoz_b{g6TMQ4 z=c9ty^7aTBbwTM^JN&DEn7iSR1V5|cOR|u`BU`k;7}XY^q`$9F*)4BW)?M=UOMReM z7NomW;cw!e+rAaA*+5m7qV?j1M?;rh6fDdM5xF2jL=F5Kam?VXnFXtG=D~;IR{Of1m#akZd?56_w@p*XH0ouX}3$oNO4P)q>I6 z7$5e9na6To{f897^&}uKMT157%;R8UEstUzpFEpV^%nlCL!IKqc>j!ooA`PwV$m;a zhK`T^;*OrhMYgQhPjuiQ=(kBFX>)DzR!{Gg1hHTQ3LqRc3oENUl|6a@4xbwt{g~bQ z%E$lq0UAbwL9A?z<)`lQ?E~ALd9AHxrC8J2-+^n1tXu{t3Q|7z$e&@nGi;o)Jqk=6 zMWL=Ufj5i4uQ-XGpE%?e7c=BI#K)(}#@Ajv>iL>-@Ynr-K4%tr<2??v zA{tW2qzAvoqmuo(Y$j^MU;}%O%*bHGf}~IbrBDKpj9Vs5P?HIMF`Jorlo>z-fC$re ze&w5>@%~F{{l4c zwbeIeiYpHCd&@{e3>tsz9j#AI#b}?$_*mbqd8K(V z0SEwTfnY^10PO=^e@uC}0Kn){XxQk-FhLR3l2=&RgZ|f)BqAar9d`a@>Y+J7;CIH} zIGguj=?Y|JpJCGaO8;2!k@Z(&ODED}RF*uK1HyLW&-jS}T#rK#1e%k*`u5F*V1%no|^9zo*{NEXDds$g;o_fuI! zUuck&ad0+s)9?E@i!$FMFfx&om-h;G9S8rqbmHYa0^!wx%x~XS-Dh-|zSN>8eP~JauocFX~ zZs=oLJ|1W5D<%va@}0^2FR-T!LgEnU^DK8*t=b#^>kvlMXV1Rj;0Cue$pGmKRk|Sy zo&@$eg@il;0tpHGDYTW$#=fih5&7IgZFduJR)65@)VIzf7-|gMNpwooA!1RC&4c%_ zJSrSh5}({7lbziE%fzJ69?}`kyGkxxBoz?$koDV&Wc7lLN+;W`AtifN8VLUJ2B)V4Pa69k+ZbxZDf}Ar+ZQdFl)1?NK(rg~68? z&Y~o^q2Vq~`>lJO1roD4Q{RSP@!`E@^mwC4?Yca%IAiQcp0?0sJgP~n!D-{fLj#uC z4UzDmRu-w}(-^Y^TU!(2Q8%2cr6V+W{;N6xjOZ#*b^n80W%CvVI*QHc*PQI<3ZH&G(H$U{3aDpCy10DG&q~$sqO&ZB4Wwx4= zxah&AAO!>E0DOFkcSpW6+mQZx??zo&H558>64~xvl2bjdQ)oQHP>)_2AM~9W0(u;rrheTzo?vcRn|PD z8>rH&#P$jyPjOQ;^Uso@6j1&>u!*NdE>AM+j-k+}P)0UfTSBiwHvufQHOUtb9d8e`eFXz**ZSs@g_v6eoE;G?PpGgA>b zoUtPxPN(7u%YG8iexl}|(|)xCbM>MR!>A~wmUsoQ0$1-sG#TE}0`p^=D|%)_pipl< z#&e|5dyJpomzj`}J(8J{yasd~C{ zwtuIyJ?V1ou;QKAwwwlp2_QA(h3{h(+-B>Ahg>GierZ1W+;W!iE?mBe3E4$DGU(wj z3r2kGCxY#`SbSnb3wwGEo+lS6)dQQhXe6bG*Ocql#QVxArx2l|F_Q|{Eu9|%ZUw_> z4Kr1?lY{0AgszDno3lwhq1>sdpn!?Om^gV0?mf;_QoIG;vFLNINQ=0?3_)q4UE9-_ z2}b?|!{GL-QQZ_`9LU1Yk1a&^D1&`PypPN)zo+jh(>7%U-wY+Tss8(!M4R@B5FV6o z@6NTgszif73JD2Rt~2f{Z-pW2C%B<mNo@pm^ znt{RQnT|9l6@BD|DxtF`!$khbk-X~G|NflR=K}I#E1UnpA3fJ_%Eh8Wi3MvgN0S6# zKklBy93D_QdWf+|sjH{`k$Dej1#b9}g23sboxtHxgws6$abjEgj0{9|(YZ4VOONZI z>}%}ULr%eW^B#_9y;}PsxQ5NR3Hr&UvE14|5A~VNBUJwT%L=R11zVI;r0lRew@rJ2 zR3x**L4g}fDZ3MHM4}hJr+XziByT&i6vj5JJR?jVxDcA*ss*gFw_Uot8mgzOLNSs zQGE;$7jEkj7i%o01CS&gP}FP9N{=y2JI8%};SR#&e#3+(x`>7jKw7&@Jx ze4rKRQ97iJ_FZAC+et+Wet&sNaK~g#?P^pb3`#h~q>QpiPYw@YuwVJ#AB__f5YW^_ z8#?sntKnQb`jvBxFd{C+^9YT0B^bVi2*=V z$LTXaz*)b0wt=@dQvh+tahhzrQu!M*WijUh`I3uL%_;WA!)gD0sqgiVm#@wimBsS% zI*0kh#>Knq!4TtBN<(RBm_N)%XJwRH+>bxjivJ>B(cKo&d(N!@ z|G|}jk^FBA8F=Mt6Nt2{2Nr6&Nz0#CEv;+y(luG z!`y~0XdDJ9;{v|HXH`XFuH!CP);@c?+z^$ZWHsc?N38MYIH}10C#(lV0Ws_%IxQ5m zj3ujap2U!6*3=K(vb40U03fYu4mh!&7;9Jxb_*wnFJN7n*;4#hvdZZ=B>=Y1cnAoZ z+3$cxp-X53$WDyS=D#JC&B*Vby)I>x?TGUDm4(8Vh=YTpBV0`$H4D9SFy=q8YW@_g zR;h&oA&1EojPG0)+Z{L1G(}*bKBWM})5yq(m3n5`M46?2Z?!Er^<#kw5oljP@_y=S zewH9$NGZt3D(2@^vx>!?f&zux-}LcRBR4M!xROqL+8rnG3o8EZhslz>-B2L8qOUdRiOS_?*%`CUx`@uHa- z;j9$Kjl7c9nK3i)3nFCCKZ*?_huEP)^WZl;sR6*k_2Z39rT@hs9LgD`3BhNIK7O2A zuL6iT6D}~5j!g^w0?PtVLpF)>KWgtOFHtD@Q%XK3!6J_9a`uZYfjtwM(e*V0YzAIE z4W~nQEEfuDR;gU)2PMIxS^t5eI6Nl2sWdvBFlKIPgB3Ns(R#@pbL{HhJ~=rFSoxuQ zSP>-zyZ5jV`&WmZxd#BntpMoYT>#OE?PQl&SO%g<|Iw9gd08tA;6iwIZinuGt3y|7 zoe$wrlOKPz*-mzy4+b=R6q7i>9At@*j6tFZQS0CDhdkl=jf zdQ8wy40`j-dp*)F1rut6~dY zXa`tK>Ax2o;b8f3dtWl%!VzVmv*6^rO$ohL&*uw2L^T$v8X7i&dkd%7-HEx$r%&~* z5m)@y@f@=_(LA3b_%79x&NQ^eU$Ie582z|hP=&i+dB62cZ#v!Fq!KnZJe&2lBuzTC zt6k^O(smoQVJ5-#CO#WT-bh_>10{J(P6P1%)cGPjy5tDcAX(f3D&jASv% zA{Oar9040aUp)41X0p6+bf)(swgtCJW_K4p%Lir3>IU`>2!9nkl89l({J1TRb!+DR zV!6|?C{JpCh7~8tLq5>eJF^YfFq#Q3dFW5QaLtH6Hm$$PHJUsuKpR)yDBpGzFmdyy zS+o}2bkp4{{zLJsc3&yfnTBq(BsAf%))XX6&2I%DBqIZ2QCPC=>A#nrvQA9F4Pc$( z9Cd;G>go@)k6yotZMy zVmViKo!9m5f@Hkcue8&jnNwz5+bvUqkp+C;IGVI~Gq{tloUa863+OuB?MJor!1ed_~nL19m?tSoYUYDGFYJZuC`4Bo9b7bpJkx~YJ*8L5r&=&pgi=8%Dt?JWF)@oVv4)nsZifpKyPSfUK{@^D?yaT!bXv@jI$} zGQ~~zc*;1ZFIGG;Ew}&Jn`57OsqU3Mv+K;Z;H%b~b*^-DX-WbeA3t7Dak}R;hhMK* z|3rlYsW?10>$8{fjG=t}qw@FWo^lMV@AbRA6NI-K3*uFgxhign_td%4`xbP+W*8u6 zblmuT($!KveR*LAs;lkE`PFdFyF~&DMo-R@)s=)@^@8eIa`SGUp|Icp2Nw~4D{i}~ z$4t-Ck_QNny}A;W?qYsnMoja2+h&6$nCOKe>Pf+1L>w8KvY<+|lsMy8aVhO> zuY7T#>$=3(XiJ*-fKrf&^W?Rv4n63_I;C1>uD*cq1DLcg$-Zw}sb=(P&q#g0`FYg;2tL{QPllR`!gRvi^^ z6;why_7t6(Ey_R_wcLEuDn%l21uU2Dc|w@4>7GaQw#fupguH6n+{1wCeLUVWRbf%sIk zYO7@yPFU&9yz3A?#d|C3AI5(&VLCwcV)Pe##!z@IyIRM*>d`4|u&(nRXb(e|rl1SU zm+usmjvVKgGOSZPF2e+R*j|MjY;4e!^d4z$DA>@1EV~LstEv!m#mJ^S!bQrFG&@SX zf*ef&LstWBY`(o+g?+tK;o;r7wTo#B5ASotB@%g67}lTp`=cqBOjz6W{cqzeJ(9z5#22d1Gv)dha`?jo#F-?QN{ z@|6zhwW(wiD(bIpu$523jD~IX@*&0FBzeuUnoq_5(b=3qv-I-KUTth{xuTDqXSX{K zV{lTXg*cbe5Mmxp0P)SH-u-adOEXjqnvrZFPN09dsX83M4#B68-7~jvt)i`!`?`c5 z@P&lEL2nBVNkG4ePNVEgBi=t~2*|+Kc(2tUSLhiz73PR0(scT9hiElBp(vbq@K(XY zKAsDcH}e>D<=xoxexmWhBRhCbUu#~D;2(q!yf9oz@as9($FMadl-Jzwj9r8LqH!&5LS)ng*c+9OCu-m zA^$;c>+;O&uaDv1*A=wd1eSd%T3g`p|+eYzipRnL$*E(sHDp~+1kX;SBKd7a*S578>PAQA*%j_Q* zNNck-edZ1OfKSnn>*J`~m~_q!<^N12ziFz@M=neVB%s))rXw5mc#NRZZA*ff|<4apQ1nD#!kt}X>eXg z{Q)Q0t(;H&pb@kBul7l!_;CmTrhJMEQ<@(hAOC*j){v}v23zq?;v1}K5I%*{$QAl7 z5zu7#N}ozd8&$MTks!w&ZA9@8A5yFYymj)|lB*QT#QUrE=kfKbToDYH!qrPz#UC?b zh-K?6QQI-@NKoD`O`0l+c$?FADsBsNyx7(6sBZ40bNJN0v9%>nDG0H9SCFs{x`5Ls zjKu?5Nu|Yf@c0eI6}{KO1|R7xtLMUA$}M-VL#P&a)pk}JuNK@A`T?@^6!&Z0{`qd` z^pP|(TZcel!^eY}C}O?6Te19E3XE1{ji-L3n_D4DckT*G_JF2$DZS8*t&NA% zGL;gnXinRuZ2&$&f=^H#mIV_SfRV!x^^WkR=o?Dxt8p93C3p=N0oQ!A1QWeQiZlHG z7lABFTut!g&KkJn&gY5OFj6n))`1tn+MnFc{;v%)?i3h!8Aa(r!TL)Gpu3 zHpON;X@CU6xiV+yu|M*apN#*e?g~WD%svd1qyyVz{@>P}KzRSzGS4j{G#U$Zjm0LGD4xAQzL-HJ3FNRLi zI_?jS{p1LFhzlofSM^!llypwmuouB_ZrIqD^S#dE7o(Xz8dCPQ{BemepFmXB*Y%Or zeM}@-Nwf?TI^W-IgjTOcA@FPmrlziu^vueKZNScg&wFDzhFRa%^ec%Rrth{5mGzp` zc>#&QLaBDtHw~(_kv}4)!#@dHEc#*E)lL~ios8Vi{(R--7JL+@JKOZ)hX-l}&&hA) zXJTJlmMbfHep59iRfw*MLXqyg0OVGAJO!u?aDNmtnjDS#f~1Qa4s90MZ6cFtNZskWH8L8+jlZG9m+|6 z1E)Gs)%DBFlrrDpw(GuoXVK~;##`6rlIBW)n#P&mj5WQ4bUma(!e7~CjovUwau2+g z%C<%GwDVJom?sIfn(P%oP<=XZ9_eC;sTxe}X*I?_J#-QNzZ4*TB?vJqwHm zu1pjuf}o=n-Ru0RIy))tby>t^=#aowCYfdW*IX;#;kwieN}QGFYr0qyjlV~offweT z&fIGA^N_*o(t8)7T28k@flDUOAW}QrVqnUy7TtK^rFp+2W0#y&M)0WT7}16=R_%hg znl}lar1wU+!C*`E7|=46Vly19>p+qzDO<%q;MsT8q<~}F^Tj<%>#~Y9f{_WYzZJVT zo{ZPy^Hr`Uw+DBr%6HQx#xFZuInsM-bl(fQE^>9Ce6^@S*6Ha*j?GZ|7U*+%nsha; z?FJ{@D)v6vt{-u(YrEX}7B;TPGi|D+4}R)`>aTL|8>T{RMKVl_Hz&TXG_P4xMI3IP7B zs;^Vev>uQHtbpj(Z85q}nXYo66E{up>m(tTDU6Sz`mldX0B}zU4tVzinwi1R_$Sku zwQjSzElh2G4QCyv?vlt=CkY~_2vqX?UKTq0h#N#-i(+;v@LNq&5A{j1NBziAcEks1 z896x}fUTF37<{GnRc0938oDi;Yc^EHOZJ9bprj4kiG@7$hg~#F#TL|@P-*{RWM9m1 zP+8`jH0aQ;Uhetw`OV&u&nDF||DAc%w8``Z| zJfzpEG|HQuc?fZNQm76LWd8>y;%YG%LaIsrh<`t$8~SZzPqg{A|N3bXrQIH@k)a<4^hFqOz@n z!$bOlHbmvG?mnJI_Dr5nIY#e%wu+|?Cf3fS6N*>7wq9=8<1p}1-I=+N*?X1LL(%Oj zWG@=IgLw-i04TCU?P-gNG9`MKPkV7rhY8#}!&gbjixXk%>Vp^NdR@5QrfF=#rY3%E z@wfmzRi%s-z3As)Za}D#i|sK$tp5iGk@3ph0Z<} z;vPymL|$TXkQ^&w;=8#o2t7{;&IfPY*_xnO9#iH%1XAp;-$svEnr8o_rEp+5S25Rq znm*OT`56)*5p&yC*b7-+KMEbT00IV|V3~m7Zr~(oWBw*nu>LGojF13A_1hTJ`&=b& zV4#ZV{`#r~h5glE&Cxx(fNJJOWWvcNC%sL&3KbLGDcM)d#PbXkf06yoWK-kdg`YpR zMILZY5N!)npcO8nAM7HuMKMH(LMiXU5l!vdLZv(RMfSz;p(Sqpo6`3noe z0%N~m>llt%okC0;@?x=Jmr0s@)bpw5votolA{|)M!6nlJ@eCQIAt(fQ-G8;Yf1Bf>AJ;M`$;Y0 z;;eclaYKVsZ7%zJvs4La{B1AVBu4nkJB0VOvT&8I`ls;*Z%xzuE6QMdqTBy0t*yqb*F;@IEU9od?6d%o;#aluhmz%L;1u&~RX z_@M6Ei8C`S{Zff*ZW~R*nH)(xXklr&m!tGoYq-5WG4Jb}vD+ExTe6c-54;%@VX>&< zvW*FD=yTa?{0jH#T_q&wlv+5o%rZF1HE%F{?%l9|YhG~(*Hnu`pZ)kYpAnVBquVgy zBj?aaga7y6V72#sBA*Aiy*}1I&;F7vE}fmX>|6k2C1JM`ULjxc0PRipLvNnM(`zBA z0DOh7`zIWAQs5=5OCT^36;}>MwEn%n33p4CldLBVW_W~^nx6L5{@JI~ue6RIoh0oc zh;Q6J4$(4jUS4B0S@v`gH`#OEoogEE$i88JcZ|`wru#gYeVLJYGg`>%vHZOoX}^@_ zvU7@e`XT_LI}QR0ZLLQOU?@m6G3VL3R-+Z6@JVviM3(R&W9>RBcN3%um2yRU3T_UImt}ZtfSn-0ZXKaX$w%zP090NuwCp#&%Kght(9gys&a1G*=TVhWXQ) zZ`jy`zfUaQlnq2}cG3D3f@l|!(~c0=KB0}$)W4lrtQL?(%|K^k2uDns$Cfl3f@ zSUvRShIIbYG!GK*>nrrt!d7hpdrv%>`qrLvUkTr9W}+aK>{T@Nc;uspaY3b|8F--w zQ^fbx?spu9L>tQ2h9z#KR+l>WI{#62oA6V%W#q+y_K}mfy>#{bEhYVTVL?i2p<-pU z-nCV?jvhv?^eMEP#e6YTDbz}41{F3jw&TOa^Qdwmr9YhF`dPcQurZd|C*ow1hS80h zgbA66VAhmvmpY@4u!o10|MfS{O4eAKzi=zc@ZMsA>*ROg^NviDqXLps?_@prFInvc zuagA2iYu;r;941(4<7%!WVTNfJ-vSyN3I1dml1M&AUHK%{W$>CuLRYM$&2@BFstkMTBLhvMZ+Le zIO4VF_cfrK74S36W{Rdy95dY*6`{1!VF_$jR~9~vB#L2ba}KTX*iI(N2yeiANjMSE zKD{vzo`-t1uA!+43$rRbA_`d(baV1e>9FOPnrqc4SxaU zl6y=c6aOg@oN0R+JUWisvAu%S=L2k;HI1i+NA$U~Cec^R+L}trm~%Ezz7xB&pUceC zk6zNv`_huK>YL7buKSlc_Mt!Uu{e}%MIAUq99JknBp4kc^Xh@ zV?lf*T)fq>Q44N+=45LEL%L7e$=h#A+D__r!fR%F>FG@mIO z6`mwbEgR6{D=zK-30X({>1?vGzH+gzn*2U@^P8&4Ft^u(hadjxy`I$MWH9AqXV-Hs z3{E7yk82Y$oU2i&{|YBqPQa6QJSEIm8o-X@2W$Gb6d+JaHJt20aEOLlcNa9Wxl@wG zuwT6kKd11WQw6cFsOyJA@GuW%d?vE^mttSk;0NPLlRVx#zC?qkT_Ptw`bDOya|rT@ zOzl$8%E$?UYoq${nHg;sG+(Q|TXUO%C#tW>h$UmEo0v0io(p!{snqJ}ioXfwd?_j2 z5P6>2;{+Ax*GCEblS+vk!!rk;yty$h(U^fw`S=Zw?b!Y5Ior#P9U5-oA0*sr?D89u zUF!rNEE^zJ(6k)&tmS$|iIgZG4?=>;RfnUMl%F?o;#2xR+u194x`vMOmT)LP z;B8d?b1T;~s5qDTT>577gyDRMteB|H-r@Ee9G*bs&+>v_$@YD2@{K;gul>A^rv$FnR_DFisvQyS7oe zJyXgQvNehyaxB4g*kefHbF&S0_LK;rEpEw>P->bYlQukC9r#Kx$69>9s)UnOTQCOs z-d@|x`(j397tsxZaR;=eaN%-mbTp?y`mW>ewHKf{GGT{veuO%-E=kIWb#>SOv6kk} zE4}4b`@igIIP5i4XrCgx%qNx4N?QG^XWwN0Co2xBbGnK2q@m}y65yt1rpm7d57Ear z=UUYyZ}KAw{LQgl8X!so4s5y=PSk|DoR&d#bFYYZEQv{z?V?)F}$BC6bn*P9#BwHrgjqJB->>#V0dPDS3R$KVqbUp zl&I6I`UfC~aw0=Fm?$~DgSF2&OG7O?=Dxn(l%=-!+J&1Ho6IlgtZi5K0>C<=E%cg( z5Y~*FZ>6CuQV|%qj~9BIA}WmOzNJdgauh-+=ZR|b5Bg37)0;oTiFY3|2639VmMt!I zJ3zH7>Pz}!EA))$pjv9lZ5wpaN#+?&^WP-3jZ&hC!g78N>fFxhx^(qwwMG9P<4p|<$xH=^2{x9l;zO}Fn;XP< z%@z0C|I^rc_u~xwe5E~DAo*B|7@4a|;N$ZOtrG=UVw5dFfJa1WDK!-c6i9-`2sT zgsdDs6;i9#N0HxbH~GDtU*QOyi~XJy4V>USam8K<~@Jh&WHE3g&CAW za|aD8u@-|bhCqm&cR1hh-D~6Ns0qW=62W^Gy)h$TUTMXD$M_+V?<#qR+~;D7Njiqo z&+nI#i8Y}8f%&X0uhIMGG7xiM8B~T4@z6UP@t2>Kp9O|e+PcHOjPmuujrOVvrxR^R zi*^f4Z!-pkk_n`w1v-h`Qn|@Qp?L2<7q&Y{Szja2z~D&-1nx&GzHrd+f{-wZE`TVU zfM8!ifLznx)j(NEco9c-mRW4uFh@x`*CrgM!4}STL$x+Rv!$T7t@Pu_w~}QqAy8a3 zc0bP*QqJ%s4JFm00;M7FzZLeqektMTkVfd8^5sRx?yjE%-H}J%0|8r2w{@a{92*y7 zdOD7h((*rE_NV0Mb9^)WY?NQPT|dJn!gw-b6h?FWF4IH2#v*E*51lp72+$-x%UN5D;=Iz)_Yfss zYeSV3x|L^~K4+O}2b?(VT1fL>0my(U;#Spm`q!RxKt!J4Ft@tfmb6EOCgt8^jSv@u zP`$_2<%W-GdPezrB+0Dx2ja6|zo8UB&c|m7v4jputU{&~SSlw=R|s^A-W6PXp5+jB zUD_ynp`WXg)NR|K&68`jxLI&!W-FLxHh4|5kSkeZ>hs!6=Nf|ucn>73rW)|p*1zud z_Lj5`8u%d8Y&w8uLf`x0c6!lu-gCmkiA%bA*QRfq$w<_h;8B|47{Cj6>gzS8

7N zGQX-YS_qTA)V2U{?aB$Sf4o;6!fnC@VyRy>bme|@NT`#q5+o%?>5r6qU<3MX2o<9P z(PHFU)>xAF4%=p0wC78f4+kE7Mgs23-M=lnTTMsWPZ_96Lr3n_Zc?F3k6Ejm`7>Q~ zQtD`vi<;>2N!_SOB*IRQy|0c_e!V3^2!iQ-Wk?2!ck5Tcm*#%4-+`6%U6mVi8Ne9( zOaL5!a`c<{GjjbMw)7`uJk@BteTv2$=rFyEBzx8g&6nFhxC8$3Wl|~iuX4j-I0|1TCbK(w#)6$&Vkm(^ z3M(4p1s57)&I!lk`AY9H(mg#bq$uMmC}QCsVzg8Y(t;P=FmeX_LD3T?}wQ6XR993&4i6GPA z0+8YHtA{3sqZghnd$%o{+RIvR|GR`v1p+zFE>Rh>xKc}@JN%B1!FvYyVFs9q5`5WNo5PA)gl*ZE^KN9-iK87%yLSK3S zg|^b_=4WQjF(AZ$p;wGA%K8cULS9hV?8c2>Kyal7GQO8D64zEOUMD|uvEfx1hErv+ zyoY)u>^JVFIHaT@-JWMYclczyxSbq?H6a4-V!gN~{7dL^p~KMFm<2;4wr5ZeUOn9^ z9IJ>v=4*=9I-=^1Q;PC@l<;cukv=DA3Au*xC#ssr{J#>*oTcTmvcmh@YXxI3x5E`( zH()e!wTfLwbA%P?xPi?z@79`slldGt&isthLktKw&3F&wloD+`CvkET*QQ8#fIMuOO#pJoa?Ae((sI&SF|3K>0#U8wbN`56VinF!Ca%_6g3Kz2_|f#z()XM2ZxH z#YQDZMXENfbT3CjoMzaxZm$CJ+X?l=KW9(_ir%1oWj=* z94&GL%IK;W?xO1TG_dHxN@Fnd#XTAZU0zp(x%A#|XD}7}DDYG1SZ`e?e(QcXTyJ@e z$luJk_^r-YNuvk_Na6{S?Ke+DG3}5bv5#6*B7-_KS?^=ocq#n|-O0xrfu3#5Cqw}T zUF=QIR9n))g?OFE+_v<`Q>8Q21wUh%_<_p3OXylh6Nl!=KWz>?NL z#CdXp7ypX1>Ql)6&1y4S%U@CjMJaSJ1=L3-X@U7fqC z=e4b^EtaJyGQHNV+?91&OUp*Qa>Kr{naqIiq=Y37;W1-L^3ua|BTcDah6E{G{#Qh| zZ8}um?s1;PhRNOdt^B4(~|pJ)@k5o5nm&M zZsk-k$riu${!1y3S}$S3v&7__h0Qt-c*I$7CF^Zi^u~{CTItMiS!+%LN5l1K*~x%_ z!wnkOieTVqk=VH%bAMu7;SrRF{GVv=tKw|9bQpEz+Mn9HF<;q-k(!=Q`65HarLFDc z148#wIv>b=S;sc$*$^G*YKBuh7&5+!7n+k zR||dQkO(%LvJGTH#XS9NS$*KqTWRY+A|{>K$9f^k+BQGD52rrttOg2Pw&2q-MlMRH z03`uaa57*F7~)XmmOTYI{h4YrEY5N35<*AM!qc@STDZQR&prodS`f;I`?8{8&nz z8!#7kF3r~|FL~BiJ<-p|tTGLz6_s_Ls&X!y*W6n?#QS97ULwaPnUuA(GjgF~P^waU zWmfa$z4uC_E^x-vzS^--+PuwC=Hq?l;}VT!$LW=rOFd_y0D-2ry=&h9iRt~m@@nYS zNquOw!Q`NwTNM1tT*#^A$l7-ldF&pjjrLbc0tpoxf}`fM`c2;Uw%H2dj}FX?X@0fKU|rER?CD%6cYIIKSff>Q`6s4fq~T4FCAy| zpL8-rd$4n{Izk!>U+&&?LZRaYU!VG4Ezg@MktAXQ!vvsyi*BqUeK~XLtX@!W{z;ub zmzv2dY*%wPjtD7|4heRip0ruV*}Dc|v*y-mveP*ms*g&zC&gyp!~#gR9q`?3KMUnrMhu*tr@*E#iEZ?08CkjF(@l*Y$m4_kx;!bbkll z(6TA~-8ISi<;q6XKDCK|{XMb$9VS!V&PqZ5PqKAk5gWx9-{~y0_v`WQ=-WpeUJ~XG zHTvx#sFx?U2czka_m3uBG25gEmwk0f0=B}{6$|W1x-)C~rxlakZHiX{BvNvi1jPjM zg9FMtRDz#dZoQ-q6PWcARdumLX#I4&>F>itvNPZ~t9VQ=Az8iZ%1$&#N_RhpJ(XN z>iRJM?N7oX+5`T#=6Lr}&lWfF3vS|4X|FxSEUWN~Rz~v)KsG#jOgXq^&3alzB&>6l zh8KTs-9Jm(aF|+lZtW>;UEA}6D@hbc^n)_91HdM)5EAIN^9)J^9T(2U>a)GpT1ZXE zpW4N`=NYq&gTV{+0=~*ta7G4L?>V+S0C~PlsogY{<$}g^E8EL72eljv0|+~=Dg!Dm zo4+3grEy`xjk5CcGA@pZ`avN$XtD)tcNO-tOP|8_aK8f4GDU^Un(@Z!DmzY4%?CYX z$uGQ6B_UV^h!{JW`EDhcs2ye6-F%a%KB8*$H5(?AK%mdKZOJ1~uWRvGuz8Bjf?909 zk4wM*Ky1IG&Y-=@p-^2yiv1ZZ%a|hL%+@|FJ9SG6h?9o z7wEpJx6f!A%Z$0~TW(bR?gUq0k>9rE+V^O1jIG3-F8n%LKX$0UX|5dOzEZ>D#x6_u z$4~@j)ju&|RoLjo?y{O)$s-j-N6fZbl^5E?YG_N6w$KNmTFQ3<{E2_ZW!-aAtQh*5 z1B#3>hAyiwVe6AV@n>x;hPl((Kt1Wb7*k)zCbW}gB@O9dz#$^8h_$#c`!U{@tuc{X zi8jk~YEJdOeHDG4@pgpl#`e1W%mdzp5nV>=LIYdOVc#Z=_kj-)zgoYHQA$g2mpFr{ z%L3lz5I#wc_%{^w+F6#?g*pAZGRro?y!!HAfOz7q<;D7lMHk-)*(^@fPTTzAXTnD7 zo;ae!xA7Bug{pH?ro`<0lQrsP>eX+l%E+E)Kw@tA47)0)LoOMHK+-HLuABh^W~t$v-5n;nO{?zgtp1m$=`Ots zaqHaN*K3k@An5FcEV(;(DQ%Ug=`#0K6@t#I6?U?}fmZ@kAo0P03vZsjQIW_Yb%Yxo+Gvkw0Y{{O`yDW@=={b zwu#O^w5GNOC=Ol925W&3F6c4UP%el zWx-;`jZ5p%nblf_jv{rxe8Ve;ku5L_(>mNtX3B0>eG6)__QF)aRBZJ4=%4NPqNwBZ zsY$=uD{X}xA?o8^_)F>MBo&fXZWT%C{?^fcDPw+BUr(4TyOe#7ql(_?O^*qM>> zRH6j@;jw(8sTyvY^UPjv8A>La&ApI_*C|U?GVSeO$KM3hU?aToC3jxlkYqp&$v2P} zqDY^Cm-p;wZ5xtkHh$i7xpTC4bpKRK>zRb)gjOw}sXkyZE%d*jBN~$Ohefi=-$kc$ z4+E}2!c1?4mSi#N!_sv6$H(n*H4*(Ig?*Q-s<&6}7*@^5Ne(9`e)yY{w~Mt`q8AuM z7q#XsntV5l3a@KGINlFd>CLC;4M%gb;fPu2QQ?}<%3E`CbMq6FI8TqFJqm6ei4MkO zJq_;4SNaBlf5NAFA1H9)OQpdpE*v{)a#pcw_d1sL*(_hem}aS8j7cI&w_1c^ocovT z6|ci+HT*~IB}M%GZ|4(Bsp|-%>(an-cjI$~oAmai%M@(pnZL(D)#-I|B-{~VZ+ zfN%DqFY}4`A0p9wUj451#eeW$g90OPdKmdyq`d@bgb8{T1hgIg{I%#m2E3$(ORiHLV;O zDAVy~yWyJ5dBBft9^F&-8!BB8fi=UBc{+b{Vy4|Y@z3nhMf-gsZC{ndSQ=HZMQxd2 zomg&ThRq?pO?B1ca6L+!B&tl$YdG)?Nz5x2{q@E?yAPd(#u0{+&jyZeK9NCj@T3+N zb70`JBJU!}IOPiea&SL7o(lC?o<`bOSWsRGkexUbXfuh<(TF-NK`53Q6l_DbXS3}u zC(|m$L*cp(w^=`&%Qt>$TTlw}my>RhEAU20KM!m@(4~0E!tnhx_HSn$jfxXL_m951 z3~tM1JVDp~k{h(D^VuaJxq9erQ=>4igKskz21ez*kGcukcU@F z30pTKG~C-W+!;*&H6b+UF8{oo|Ns<&O2M92&M}61+Ukj<@T3_x~WKRK77iwjD3wTG?>B zJnhO$Og}y%OdiPyL=Lt+XNv%--64<3$clkOP?+v(H2FEm!h0TIw&KC`Au^Kf<($&S zt!cIB99y+tI}T2|8bAHE9#k`w4Gs-0YPkG4TJ4;=btk7TYU);k^}^&rf4_tAVdjD<`&U0%nZiJn#_3`9R~ms327;`( z0i#kL02FqVW=>3+CoX?Ez7Q^lul*vgO>4Tx$ z669`NVaE$?TE=AJdsNCtk#4=ZgUVys9^p(BLJfzi8#JGRp-&X5V!u!Bo9#x&b(_VU zgqDia1$#P;yl_1dF>>vLox&SPp>Os!_^><5VADgG_e}vJ!%543NLb&jT+VIk@0ZW_ zbRMy&H(*o~h>vU8aE2b^%4u}8vt|F)dSIT~9Dsb*`H?Q4r*U27tTqxFs+q5|_Q~^A zE~7gQTadUU@d>`?)SRBNe?t=Z<)ILptJg zEL&_mDaY&F{vU+9H2uIR@P1UfN|^2`kj4rr#mJ<3}!C>^41~y$z_@tWspkt2v#lwZ|~g>Q{1%VcS8ZN;DqvHWjkdBuzez) zD+JX&oVS6#-lIwyL)Q&tHC^mMo4OiKA7CqWZuCrYVU@AJ&|Z6MnIj}Dl8IA27vz@f zG+r8=??pFSWPoF7TSH-RVG(qzjoyLSRIU|*8#!m;Oys9fHHgH%LFqDiE|<=%4%#E3 zJQQcBP~+EWcVom>hLrTeqY#3ASBRwgs*Dk#eLtOH5gi82p}eEGPwoQ#cMf72)&@Ogfr>58!lSyu8=*4EO$ zxTgzRk0?33-U+6_t=+HSP^PEV)CW!|CZZ&BTX)!1Nk9v@+s&k`>!a+fkYxVEU zSOT-od{L$~=l0~@Xjsdk-l?&%_kbM_&S94L8l0fBvnmCRC!)% z^^J!#UTPc1x#~K1v=R8P#ZOpxUuZcKfE6Yavo6IWtamx%&y8Tg*mHgAxl3tD29#x+ z%ONkX>OemXVCD38t}0*kTy5_)=#$W$hs6Tr#tVgW`%14TBsyySb&qQrzayEXaq=oC z@L%fj&h`qRDd7OKTv*7qBUUP4lKvMeG+NsWf|u_xce)4(Sv++dH*x=iY6~;MslTu~~fT@<~lrlY(92fql`!@5jpRCLr2I zPA-McKVV{FLg|Zad6)D1|6}Sb!>Vedb-fe?L@5Q429Z=ky1TojyQQQXDe01qMJ>9! zLqJNpySuyVynK7_>pJr%{DB$c9r29&v5M;1RwNDtzcAI&nMzDdEYG(jt!Xk?Paaz= zR{RiEI=t3%IWs(f1^E{qF}(I43Kk#Dfgh6Ah(UF87+zfQdeJ5F9R*M_mUiSMZ_j1_ z6YhPt+5-9`v+1i`zuN4jEy^$5oU*|^L6WsP=L?m`ypi*R*~kmQ`hJxh)b_z=foK;+ zMYPVZuL!0i;U`L7U!tGSak*Nw&AIoWdMua=ylRthbp(XVu`f008m!|}DodZW>zK|e zJ#TU*5u{xqHNEw`GLruz*NNdq6$BJUPXnvf7{J@E(%T|CpKNAB?qCu*kC!J|M z+UEC;BV`3XN$_++-(W%O`*=tr$Zl!)MJPfQ;VcwW&vx)PUT~Vw`pJXU;i}kJ^zW9+ zQDRm@6e&}L7Jd02qmUfmV9ScnR0Gc3yW4mR)77Y!;Leffl?z1K>hl4ET|F@Sl0V5Z*E)M|%!p5+!;yw|}bAf4Z~GM3Nlt{?u_76gbG7 zfNu;ZlD2a7Um?9BO1{w=#{*3Tt~*ZH7j4YOy(Gf)uT(%JL7Q)l@fX?ZR_?<*ve#$p zHRVrl_rFm$40Z$dqVx9KaOh-uK{8A-mNSTu=*AVY z3fy!_u+mA=Tyi5DD*@g+@T6cNT_WExO{3Bxk3I04QO;7mwg2$2TpK>cYrpAAcTzZO z%9(|^9kzto6e@elh`=5udU|#OMM?1zn->s@m_3xxt3v40ws~KRSJmiU@p$I4e)X@1>c+!d;w-t=IXy*p z^SSGLiV7;SpYMOS|+o2Hy7$N&GC^DlY>DO zoIh~9hDWL#pcf$&U6U_Y3&0IO17($99XVgBu{@i`pAzkNj62oW6$^S;WR{KsqTrB; z%v@OZafyga6Nc8`CtoI=6Ee6uL8Ye7FB9f(yc9_$>5ygaw;t4(^Pj?pOJs>lgd@&A zx&76PdMK4}Z^h*!2F4DJ)i}IyUE7Q7o7Zou;c_VzS)cE8A+r>|Dzsh$WWiKaMfT?z zz!Cf+L^0at|mmfHo>z&!?wgsmzOn!(IIR2)P}0^Tsc=DlOodQ4O2bowPb1Ae0zj$E$i~} zitaS>{|#T&;*G}2PyG}63dYl0uW)h^$f09E7rO9)-Og^1Ytfn}&+dg_u(vR6Qzgs( zVW3}_O=u1jr#aGl*~123W>u=W*_4e%xU*mL-LO zm{!(wwVTRTqRIds$2)`>8Joxk$?~`VwZ?-S0cnjJPj!_OmCE6N>-~f zIgWSFah-DG?qADrPOPVjK0s;zR$fOg30LW+fLp-ZG~7HJB(qj*lX-m5tl7LHe8A{& zN;%fq&?Zyh{@3Q4#&fz?-ncI!zCPcP_?k{q6-NZ_fPb4%FDYjtfT(G+ms!sBlyt>-w3l?u2b>de*d$o$Oe|x%^kVZY@kqy5Zq}RkXp7 z2m<+)aS{`8y8JskJKrgEBtPQf;1m@Vk$#mFds8G$L1{L32!;Tms9@)CpBNy&pODmy zid9=Tn2*!1km|gMSr|VZ_9*m=>Irqx`TC{pAnD@r+o2J8F)4GWeSKyUQM4DIbhkTVxadAP-oB7w>y%l&rxEJA% z`zfGn)vY?M@As@8y)}b_p1P!EM31ad{)n7SQi#?%HT5HaMnfYaCB{R+e$3OMQHO_v z)5C%47l!dAk)9NrZiJ3bXZ2L^Di;Qu$0o$Qag(*qPvuR-Pc8`DrX=}C`0WOX_>d);m{7*t^5GPL9(YtF+P!SPHdY1bVk2VAe2sS#r z&>$4yph+Zc90BHLQ_#hG^<5Zg_(-ESS`jA++5C@e2y=3f?jceh?+0ww6*2Q78j>+LIWqOYBpCy6uH}Y8XKl< zWohZaFOtOaIQI&V(&=ocz-p?|nH-^ysbV=z8}e$Mo|V-c@D3^^;2>jfl!C$RB6;}; z%%R5rk4H03YEM^njh=*227_08K0flFL5#EKnBQx{V-hq7()hxRB?zI=pTk&$*S0y& zf47O;sADjym8~^NZ-E*=%?KDj3Fm^yXxfOo*Yj<@8=8#~%Ez*R>7j;CMD5r?3QkM$ z>4y2eWm-Q}9Rz15=yVEx&yZ8RJK4Uv=_6efzi98bgno4#PSky@{QSs8w>GCK^32Tp z5vH1oMFd4AXhWaplRW;X@N?dKN;135!JuGTGP@U^2IT()Vz4mCelrZjA1bn*fJ21% zli%;TZSP|}DR?EuppIW}4`YDWjBGDPyaxc2OpMz8-57wbD)QuGv%haRcfHOTF58gD zx1wRfZ&2=152j^I`@rrYDi`_4 z#qoeAEKe?*W%zlW+mWCU3DZHJ(!40b*A}P9=}=>=#nQ2?&OF@$2JlXdz1YfPCP2e++D=NyScK`61f|BL~jc-F+Aq;mMFNT28 zgW<18o8C*kVc~o{#qrz{tDoSnO)I8&dPi=Pm*k{|%0_JPf{Q-c|FQ34>RBCO?|g$n zJpCgw-8=WmGT}_K_EX9N+uauYPdy5!|CuJ>QtB{TO}K$5m}|OI=CSY_)T5Gdo*&uP zGT=OMo1^osGvSi3ifM{RB5_Jb0st6(j0B2tQLv{VjznNe5qoiKcj8EIsx5b$@R?f| zk}stToa4qy_&?*%J1+95j^+zFTz`a<1(W;+i&=?P&(E^a;kfMbOkPB-7HKArisDGP zfPwS`9@<%IHCW1RaQ&r3il3vjDT}l_hGfrbzl+fKaO6;7c*v4wji*rf={fL)A)JNK z$py=>je3|qPOql>nlQ~%BF?LI)i4y3us#q&Octl1utluR{E7~wwH{eeVx_0k?nx%s2A zPY$x`d*tp2B^n*fMJ4}~;C>PI+5hR)5>vuuw_*3IXTHC4E0X2#aV>e;81WRz;|)Lw zmBs#FFQVM{J5^iDw4|OfKV~J(H}ybFk-;!PasJ~QyHc_5 zQ}!(kfjCjvjV&w~0f?J2)0mer^{>#zGd%m|RNMRR-yG(G>u3M%fh?S~wr2T)?*sy2 zl6eO856(rz5ajCqE?dI4!{%`jn9rA>C?}>AX(NYy$>jJ6*WXB9R;-omWmd{!#KNCy z3`T7wi0rB&NaP@L)yA$n_0pMdng3;2)7A|R&Uq#l2 z2u?h@m3P#A0_~oGqa)E3*N3d*mO&0$L2`wcFkKzezj{wXv+lD_Tm(R6uLFQIlgJ!> zn0kvblZ*wz7|JqWL5Riy0~o+&`p+?m1Pvg#z{UCxlljEPN2J5%U!Asol=%2__UvI3 zEO0Q)F5u_w_AVHAFDGASUC7vvsNN=>*}RgZQlg)!J=RVZ7si1QAtB#NV6X#!yGqd07M)&KNo-9Sw(~ zpyB`6b6x#-x*rhhT-_{hMlGZ;{f407>hOYx z@MWRpCu`rkxj`oH|B;Y2BJk%rfMf##v6s}vIo~>{H=@RL(_pu*KRFGA%fm{X|6yTv zr*KI=3GkG>Rq|-2{rJjQh?>tLv(knIP`SjJNFYjHL+EB;E3aXHuVT?`JtJRuwz`S& z;nI1Nnn^JyGP11z7dVcniHI~XF)?i7LU}z==c`{Do z`8| zs(96-l!cbZu8o^1efHPhrUM(PS+pb8x{0PmyM$HTFOTe&-3+N|h9?d4R@dHIjxC1$ zHSVAQqy%q!aAwn@74gh>g&%0 zlkV_u7u_x1s{%*W$9?=j{ruDi|25|mv$QZlmO=^mJR3PblB(dXC8w_%)3={rg#HiJ z?Z6zJ`RSGZ$^PF*1YK! zWZWQxStM8P_5xqjjfb$>2IOj7(p#bftoqFg%efjRL@HYC?aMxKp`oD;Cp{H~MbwYG z(2{*{_H_n+jpb2^h<-y-JK5Bl1?2k`2(FJENAS3Jxb3c+@2Xqfnw_&_N#|^lN$!u! zC&fC)-nsRqSw}n8mo=XDeA6WTzVoX2vb{3BZ-D?>wi=#_{SzQ7*rb}%gv{Ix9jUBR z{(aSL6HDk#;^6%KK!Etp3Fr0nu=|B=|NUK?uL9ZX{UNmGB~{0ztXWg0m6gXV0aE16 zn?5$b!O+nh$0rZ9-EFoV-@vw^vq%&?=UK!n)uw8fHsOpg!N;Qu#axQGrrD^?hi4)e zxAXUJmRN*9(+)u4#qqJjW)GT)XYp~xG-U7@lZQv5Kj2tQhcE+6Er=pp%m+tm*HmJE z+l4qJyltW^7qK9lZ6|Q+i5gOB>glXrH7P$w9|plV6!)=%z;zE{z#fuI#-hPyeyA#L zPcoK0sWp43ShT&rU-5+8!T{W6a~++b1Y;|!zE@0v-onPoa&tex@}fIe8S1dr=>`;! zjug4Hm(pC|djivUmx0nq?b1KEecc3yP1KTfe`m2BZ|>)3+Z?8#^%h^2F6Krt=m+&S zzHP0p17;G=w;`C}J@j)QI%`hZS#R{wxLDiKB7tqw!s_JnY{Fion>CO5F1N$Y8c>Hw z)5rB5Rv!&cT3xrz1OJMimQ${lxy!*vZpj7_)rCi7>{E$Ni!|=Yoev4U89cV`%p0CX z4Z?*@i?@#~YdY?WS>uqe1x!#}qy#GaoCzMzd%1f40kw30%Upcp$VrQn!O$zQ{je+^1abU3##EhW&bt2aGJpt8>B%k3B-SZT+ara|GP6 zd$HelzY(~q@_ciHj7DaFfya&%j9hzjZ57`01KHH8v@b|2>lLA)Cv)tnZJ9E+Ekmk^ zfY0LQUocEo_StNn)`jykVKR9n?*{S-r6T8!{SqPmOE);OAW5PBz?Fy6%vNt8x!RW9 zTeBsEH94pl3$V=RT-u)JxeOF;XTyG@7X9Aa1LxvH^q$6xKgfxy&P8ieh?}AD3+wRN z6Eq2$Wrl#lM@1P>xq(vf+PC;Aj;CcdUsNGL^M&6%Ez}&kOmcv*JZSe^7&KS*8COQw zWE|0~^ojU|A$Jr8pq(z45fPUEAQ>B{HN)VcshcioCR=bMTP`oBy>ersliMu=JouW{ zsdL`nX;gVsTilL2QBb{^;fs;sB=DH8uBtK$?Zw|XQs%^N881JcnTY#^m+o)Ct8-U! z>=1#hijRuX)^ZYh>RIgiVMolzDyzugPq#X{@!sFsyH?B+H@=#^f6Cj$nPYbFgb4-i z=6xJ(j}@P`PJy`ywc?U!Wl5$x5kxNL-XrHUqov{~A@*BU9h0~PaJ@3~Zqpxu4fO90W{UaT+A7l*6FJz(!j0jeuVHW+(?g)Ev zEpryeDRqCOIV{4I65BY{;J+E=iqufqOYBy_en&yxVXKw zl3dlELNsIKE&D(A{$9j#XF1~9)wGnh$h2FAZ-@8%N{}$)s@wJWvVU&dg9ZT^NfOfbyPG@w?_ z;=MwI=#mIV=D!B3s#6#Hv}~T=*zKaR>Euhh_5-yio5sU6>ZM}7V|)brkWEefbq^rd z0lDw(=*Im-&48`t=U*FDwwnd3O3_cn2Wm!`f}sE!or){lkLzLI_QUYR7>aiW@xNPhX4G~TG#`vF_&YSh7fdaxrk zR57_1_Pvm1?gsDaBnOP!pIrpEShq8i&8B|xLt8W7d7_p3a}}S;&Z42x;hbVkvqR@z z8Dt7_B~+Wwm)!=wVRz4k{88|2sopgmwOt&qtCub*k{`j+BA<&SD8B3|iq4$Hd@CPe z)*FlO@Ng}Ggo1Bcr{!XLc(rJp{FUcxpKUQJ3W{GmoJD%Zr`)eiuI?r#f2SRUMP9jn zjK_U1OIp-dDq_@4a$mzMpjJy^pD;s)Ne6tt#LdHDl|_OSGw@Z^E-fUs{!8-6)3)y1 zMwa0>2expv6!=A>ot?y+_DS?v_HJ&?5dHZru{{#Y#?kzd1$=l(NdfnkNAg#I;YP)2 z9xZ+W2gx72`4&F2spVE-t`uq`*Da>x1GHp$)kdv$pT{Oh;4WqdTZ|fRy(&WMI?S2dwC@)K9?Z!rk?coX!L^5(ni8|nNp zMp=#9ZmrSH3Butc!QjU%J!8w(krfe{bwV7VtzA(bJO*XT$ORW2-QNop;U3<}(u!gq z?FM%C;9Y@<0Cirb<}q1=}% z9!Zi1E+lsUW#ZsQTw^{tZ|zxA;b_{AyB1kbBR_`_DWvPdWIRqT_f~=z4IQr7;L2l) z%Su@GDx8j==X@>0<(1zu0i>o^H!s-Su7D436&qhFf76B94(Fcwf=zyfq?vhx)ne;0 zBznX3X8Y9bu*6jHWgh4%a~HJ<*V`4KW4>h{xj9l+IvFUDWkd-n?h`%-Vy55@coWI+ zS8^)6>CfD?LPD?o!y4&p1RPICH&K-g=+I|S&J!j;c`79}-HJ*3h-S3I>=##Q0i&Or zq~WlOCO})gMapHmvkU;;KqenraR959L&U9HI4xts?vLT(lkA9wx%ZcRVCkz0j{1pt8d@@83ruOOLq7ZOK2Dje}w{L zn(oBvh#?@h_D@cWxt(G#maZ`D9XNB}qceGfhwOq)k2}^d`3g6EtdUR5U5lKhKv5`R zY}4_Ch2Le00{ei-+*e*y*`gPvI6%7t&(TfZra|#29&o9_O-gLmNIm_`}^w_PTVN82_u|LbB)zPKSCHf5C>dzLK^@JfrG%_AsZ+dbQeE3)R2BY(- zkL5hKrZ1foOYmZ({Ms-6jMe214Ezpl6FFG0bHR(UI{{Vg&D(?>TMBqm4_vqcO##W;NS|#)ErC#W#&z7sAHnVg3d$*i@Vz;C)mbSK0U*0*vtwK#%Gwd^R$_F zvQUZB_y$3e7X=y!7{@_vM{)g5lkzKIp>`&XG#1|0F6_xWg@_qdXc;}nG6-s2q^)ES z3XWTv(qT{iy_Wmg7LL_MrGUBXUTiSD;3tdmM&-L#6C`6931C-1mw1Noq2rQ0=| zb331Ls(Yu?R=2Asa6d4$ne^ZIaWQR$UlPKIUWpu%SXKz1L_+c-zbEYr2A(*oQ>K;c zLG76}!alF83sN~S7QLDKeIsdCfS2W+(6fXWI!8Wvbd>uJQNqI`)4$D3{L-yJ;{2vj zjt-D8m5=A8(h3_%vAtYISm^Yu2zG1Y7C2)kg2gwZjdsnxSJ$M_bN!gsJD28zH5@k2 zg7h_k_1H0{KXounnd$nXc{LJwKOh!li`dLCQm#0>^K}O*#``nm+v)Y!|1~fmMD!SB zYMxQk#r<_w3R_0!YM{XKzkt~q2UG1EF+@|xQ9tQ{#k#hmT_3>+5N=b}g z98mRnvC|)$+uW((8?;G51;&W_LF>p)k_Ozo+(^zLAtBlBDA{fJ)1#ji(}Ku&*(e~B zV`I_G0~UV{KmvtCOj^*QdqR0NK9$Ry>Cz}y`aBFbm(l)ayMDO*m5dhAI*;}!5NdyX66fXxq9a`T(Va%)g(~^bNHO7e^msmYRy#knz|p0e2CP()p+~?Yv$!}5|GaQ zMb9CS!dv}Hym(67+k~OesL_C_{eZ|6F|QeAlc}wnT}uh!G?bElc8p3F#zpvAWac45z;`kvbebuFXLL%duNHDj?0Zaf@9bhvW-c&lr-k zwRNacuyE~>qQ~@5AbppnVdFPFx0rKq5sw#_oC48c{8XR-fFK0IL%WI$x7eV$UFPHR zr2)yUNUf36*&GjX$%FeeD&t93iGk2BEAz0jT+|aJEImYlO(p(d9g=gNwu18baN=<* z<9Q!{&*SM7*yKvtq>|x;G=WFC+8XGGKRsUibbvSz)L;GfQorUQz*fISzQKYd3Y5}s&r z@8Oaw+N8X*mJjwe2iHnB6Gv9g6%74;j9vrf7)dd#n`)tE?E@a!n@8 z-)Vw41y2NR6MnpWyst^m)+}4myItjZsFfmX6XxCjOlEGkoz-i~;^i%A=X(6hWq|#= z+|n7i(=Tlm$3^*wX_W-z?TKn`B5+Yoz{c*;+AsGxB#DK5p+v3pkM~6q_nJYak-fO= zZG`%$RGDYR{us$izGUR9eN@D$VC_XmD-CWTIPg- z)-p6yY882Mez0XMEA$)7zd473K-^DK@b>bGq=L6p;}=O9t+bE&uk@?V@vBcxdscH? z9e`7=-xK1lY1VeJI4l{%jLJ8xAO2-pW#9a15z%Sfr&!~_XVW&G%s)8Go}Qp$f6OJE zjg#3e?!`$`)5P$MIU%=W$~hT|hubcB1JLn%2!uhW*dz~{x}u0PolZ_#+)vqV7d@|a zlV%poa;3{u`mi%$F#WrerB)x%i#7jD?q~a+>-u+0a2sQZMx<7T$NVFkNy9Cfmf9uk zb@puH-?Y-m)Ev~m=Jy36`@4bZDo7A6_q0K7PDitzSoPl9bcKdJ*z5atUKgp#J+N_2 zed~B}&b|x$pz^cfV-gVd=33^3b7?fc3G}LXA>b5*rsz9%_SkT3ZnAvB-F3+;J77DM zVA2D9irmV6+>v%LN>XiN<|3+CdDr94>BvLtkTEG{2FtYt@| zo>KvCKh*X2I|3wubXaUG8TnPzAvY2+C18i+Tg=yw=6S5G|4L!J2l=Y>3(?=YBz~Si zYdQ6l?X;lcvl{`xMzw|dPV%K75HYdXWm3twNGkdpkQO#E8;aLnF!bEh9NrrCH7arb zw6WnxzBqU^_V8#RMy(c!PV)X78k%R(Py0vS0t~x>jv7GMP=PyZzS`u_kV#QdKPW1r zYt4TY*8t^&VirQXyjMpeXK|YC>b%h2;}WXk%0O-mvqD z7CiZgzJ8zr==baQP0~(Vmo#c7Esn?A!0RQ&&?=Q@Rd9%cODDSUXLP%VRPxMtFQD?d|3XXB3; zQ*r^@UZ>Li*vvLLql`Rmm+Hyl{JLNsb>P;8_jCe6OXc#wi;=Nxo02b@5!u39UDVCnpd0V2!{)_QuG1eRPkidts?2Ad9 zkF~8)&u)jbQmwu9%A}wne$giP&C9SS+eOTI%ja-3`n zO$3g;tPQKc;i4&L(rj4!u0xwO9TrSe-))wVkKLcj<9Sz4g}V<}#BLgOc-RC`>$Hx9 z!J%Ay`~jLc*KIL;X{XNb^DhKAke*Q%Dj>3K!K{^vgZPj>xnGUtU8L7(R+|f}D}ONg z*jwam%7s-wSHDOtVMI=ow0FwmIU1BME(XNWNG!loN>vwi!nEGCMB>8jkai=%t!?K|NXi7yuP4=e+ddw0t5WV;ed@y!%c}e5wR>>@$(|+;y;U~QP293Kr z+|xnKj8pE!sWrqoJEI0Qa|VDbRb%5MkkzsiXJ%(-|E(SPTk8;vVr5StPly$ZDZ>+u1vwkxV2Q> zF_QmPEF8S=l-w+z8X9)g+O1-G{rQp|4kG(DL6_uwrP#+6qyff`Zx?$3_?&=hrj%w{ zAtGD-;$h8>t4j5yottI=zaW^-do)b6mtT?&%*eJ@4uSDx zT6811ZUdYP&S6UGZF5FcRbp3XL%yS@OmE9Z*xtKIkI{98#djZ3Z8LClNsw^Q&)0cc z(n^OtZ>>CcG-BgCeIT?}?GWHNUPY_D1+)=lqqLrNu6Hg#aEwHeNBl5R#9?uL;)pRv zq)kk!L?_?fQ)H9ryf+*729J_8vosQyNY0StP~XnpJ_I3ij&5WuuLCNP!ddA@g=s;) zAg+>c!$gNx{8q@w6*n=rRU%d3#*Gq-Wr?_F@p%s&!Ynaa*Hqvi^%F;PDmRS&!Op(4 zNPb~ZLOZO9TD3ldN#39gTLV|7%|oz|-`QR`^T_H@IQR;m(hcL~!rfL9_`?Jmx=Or$uOJg(K6Tk}nLj%Ds%`uVT42SiNNO%~ZcL11Siq&T z$qshq7a^x2O5f>E;hJ^k0xm<)AZgc&y&s+9zXKItC5ldUXB`a=E;MxK*(i25PRI~_ zI&YU){LRvb5z8;K=-f2jEi8y`Ct&2FdZd%I3CBw!UDvjzl#YjL zxmvW?veDD8D6-oWpkng3l3B%&9Il!<&l#$L7N7BvJe)Su)wp{sHAewbyYP!piJtke zwWkqkfB($;_LpHlHO{7;_EhRP#HH-6oyH28%IPMy@A2WR4TdTL77!~2#*dCFUCb>pFegVR~Z9td<*C}5*$FBmJ! z#X^1@^vr&m0o42UnpN~?0^rU?B|aYNeK&CE)~#GvJCy;9uz1}85MH@NOKb`;>K`&H z>F4$r-&o|)OdcQFS3L__5C7{4i4fBl;NkP6m^H5}(~i*R)kiM6Umo(Ty?`PW75mO) zlqTXzk6sj5P-$6rHT4A1>+27j$%gl2SxBV+TV9UzhKunVsh*sgiZ4Shr`Dr4X|Qc) zwHzS|?U#EhXx0+RQ;G8%-ENsdOMVwHF^#@IMG z4&EY2q{JCCkAnI712)zJJv`>T&R6&hpG;V>pNb)3q_JR`mP?C^+qkVIb(^HYxf8;N zVQJT^MF%6_u+A?YALA7dptmYtjJUXZ7OF5phQpkuZvCLl;wS{1@vKDShZ?Co03(=B z=m_1GKaCGLKPto0a?GDqoH4B6NVX37_BF;?&Y7PNPQ%wpd zrLB5JAt2Pr|F@th<0}m};ucD;)Vleof2f_dMltBRe3@{2pAl(f7YFZ4>W%TKu}s$>FwK&;4{3*F$|ri@=E6n=O!eLFS9 zTMqZU&-jIU8zRXE%^^c!hTp=rqZ%y_ElgI9_UG#3O7lwd<6Mt~1zRZxU|x9utRk-` zVQ?adqi;TWd@^tRd!z1e^^eqUZBNU0D541{Ndwk=FOPNxvpsmLTDk7 zxfX5tTw{P6`=#&FkH-23M{LHARA_e0JNsPgY$)|O=?!wpQw_M&k7OAq{zJno&Bs`z z*N1tETE(?`MQ&HRsZ@oR?-qu2iFnbuk!*)w{k78R8CY0H94%|FoM$H|R+Qh-C7BRh zN9BY0AcW`dPMp+8+O&pyC+|TQ(b&5It*7gDT3GkG{TpPH`Pt&@>>n9s85s#h`XN2S zZ=Y>e7!T&1KX2Xi^6GmhN@Bohr4`J`0^5~!KXE8*2g43|P0fT4`EPf>8R}{5He8-n z+S6b4^iWm}tjIe`|1En}{~;Z2wUgraXZkC<{$H?s4lcPHPz|d2j{AQvr?BjZ-m`mxNl*O|i*%cyN6T3DfWU0YSc5G6b9Al0TJ$s8? zH~#X=8Qa?i2%m2C4bIO0*34;Vr{ubbtq_*;kjak|*RfhJ{cJq$#68(avdV{q;Xh|o zud$3_`aWU6iSjH-`)&p6+7-@@?NekU)=xUIbFytW@e-B9O|ZvS4p{0q0-0l$rt=W@=r z_;C7sQv2}Q!`F1OL}q<1fn1yLv8c}z<61ZDbma{V=8QtupcsvVAja?d-Hfn5UNDAt zch7neO1f%vv>aKg|311^_>EQg}UUg@Ve^e*HP<6MzIBxu+om79|mKp%Ae_kjA z%aSo$FRo8`-gBFTMxcky(h=Sv7-e|#4|U5p!b&{vwTM3kz55kPK@&@}f5ue|W_X$w zFTK$|@bl4l6H-%4jf}6i2)8b*cfW#$&IO$x&wUVAt@95V_M+-8k9du*4EH5iP?yh< z#KK^$ai;p(Z+{u2_~XpS`h>S81FfPHlJdv3j{Ov!0Hn0smtadZ<`X8+6?Tpz@DHfK zsLXwb(4PzS_n*saYm--1F?n6qZE5&IhOe$_5C5beIQUw>^%lWUsJZJmzvmStr#74l zK=PgsS@HIQm7}*XhY8LcU5j1Q${a@3prC$=I%XIhRjxIeAz&<@=f)LIOi2;9XO^E2 z&5nxe5%MtOHMrB+c{TV*c3k8rv!b&h^H!bh5rGkL53G(dP&vVt{SUy36847=vX>+g zK9C{6bc{t$Yjp?SV;7!daK1KZWFvzG#9s_h_lUY-aH3k;x#)InwzD}|sR+xIFJjO* z>G`_F{8J&&(7s`Yxwz13DH(ef0H%&zKH zLwlI^R-3;69|;=#FgpCrN=X-CGK13=f-os^!p6fbVGO@;$Bm0{X{YdvMDmXxGp0uU za;}Eaj2mfVme2>hJ?Hl){xGb(Lq|uy_V=6{?~+3#OkYK>7a(xvxP!cXeuVgey5;YV z!Cy}mGODLevBAD&rSmCMe!JY<(ju4L@w*0Gbac77bbWsm1bh2_1$>Bd$wBP>?V>^r zAb`sa^IIeiL3YS^w8zmNw#hK)1z-Zn%W#g*NX64=oq3o5k!1ZfZc6l#;q} zNk+i|E|ed!fAJpC%vOhJKchGZnr4I$rzqqMw<6$%?uavTMZN!6?jLG5`O#j}k!OUM#6C5Xi#hZLmoM}0vxBqR?gVn7 z_jCKM+~}W1@IBDT+H?-z_#X8i%r_`?!^ahTD;b!%CeP)$ALUVsdoms?ra?csp4;T! zy#C-DN+*MOy=5s}Yk8P)2Aschug9U$jJ|$ntWJBOEDQ0RNgph`?h&b<9F2FXW(dQH zFcui*N>Xv5A!n=hlO%nqDgNiXll~7WY?uuU5%Vo;Xw2T~Zt&R-P3~08x+JxxVikf} zP1*AGNoIQIE`i`fhxgb67^#;zKMtJ!rh$ix9)pWFx`h%Ps_JoQig|Finx*}6YP?+Pz8FpA z)?8NBbN{%Z*7!?4>Pe&kJX#Q=Fd@^&e@H^UawO7rpsS=b3Sn{4#PyE=97o0Ukx&SYmC=l z>b7!(b)i6GYI%va7$h>d1cY4el~x|#;DKkl{#VO7h!A!781Y#qt4h8Q!sfcq@?c|ZV##_&Y{7QdS>=blg{qFWl;2d_^Un}_qR zydJkTwDi(&ns9a>dKSLEvc6r9D>=tk&bTV`%tq8+yHQ;!L!>4y^)l7_a}KiUN?C+h ztc=oRZg=IEFZbr2i&*lJnB)5Y5+1V{IIw8dapk5K^fN-mS-v&<%8obPE==e#MQ%Kp zBC%k6Xr?G9N4dY>PxVF-k=@CcMi`O6nUD1q5;}VZ=hlpuqc-~Vt-|gLrF#*DXP@qb zgQH}YYt-*txjmxRTh@Ypb(->(vT&U#2}8=rB-hb+*Rn5jZ9K1h}|q}EbR=TZ@OFF8A97h1IRn%Ca{ z`tWuPYNcsS6pK0P>O~PzC_;67Te;=s{4+BdT+U2>M8)KJALXwabT#O#F%)iebh0&C z3`diX`3}=C$r4klUk2{AeiU1Xee+&w)?4_>YGwhS(jBV8&htZ--JSKTWHv(R8C|`0 z=DyLZ*KI-|LMt!h`-Y)q@;RpK@sks?#B1A$@{?x_4-c>H-{0T&prLIn76kuB!FyKE z@e&!YNTrNl{8jzi^|u?>Cqk$6{4B)$n<{8Mjk`{+P1v{(Ud%NhIBjOh%n}%<|)>;nia6f}|D{xmSu-8bnJX662%YucDifhXnRZ#$_+rvVS&eVX}4NWVCzx^ZNU9*{`9T{L_2+$M%qqKF(y zObwkQc##AMEK%UT_>IQO&kK<9SJo#t<%SC#DTp74Ykj*0{ZNEz?zOwJj9HyZ*JEQW zuxrjkLL_9jtfP_JgzNhBqwnkt|9zt=sY5#z0-q61a-O?^^@U5)Wi2vs&1Vsas3Z6D zzOLcvrQtl-g#8>dd%PJe zyKgiLZ4nR8&Y`hhUSnmxT;{&#ujl<%AoIa9v+84{&s!|fGTItppWmU&eb__RbfSl~ z=`K-Z|99s-4rR+f%h7ABZQ1!g!w>z$HV_hnS^hH0fb5*Lf#>FIy*yLbb7itg>$8UM zHX@C&fXMGFSN7xfMZ1->>T^i_f3P_micO z(1YqVOm>_PAEJeVH%?u7(ASA<8(P!kemuo0KXw)3ppl^|K`KE;eL}lZ6ZYw1Y$@rb@gC0^p~p(e9#t> z_wV6EzQ(efw2HU-7*h!`&_nl(821tJvz`n0+mD}2e^>4`=BXA|+o^Djjokj*x;>Q? z2-`m-4HF$y)rGCmL9Z|W_WYeFmT2=nlFIu$J|Jn^x=^8?a`|{Pq#6ioG9K)uehckF zLGYZ%o%z5Tl*C{>&<)0Lq*l$>+4T#fqcBS=E2}tUT;}eZ^WF8C?~eqZ zbcVFtjyu-w%;x9k%{)%a91pdauKYH~4zd1=CQkuH3M@DM+PvQ~ue6-Up(OqCmgr+f z?Ff_y?R^>6vI6H+JNH(j_fOOZ8iTE^A>smFJWXBYLY0rVmn|$DR!xDo(z&}T4viZf z*v$2JCskC9W8+NPTAuEnx#=V+FB;CaWbtFY0s|@Qu2w8x`Q$aAGcu0Nrf|5|oxwpH z1Pkrao^jR;SgE|J@I=;`|AZ;uu}7cRZar*8>+dh3M1+t|V!m5dTt-hk)QcQZcAm1|%gB zTqLUxguwACRU%vdGVA1cD!qcu-u}kP*lqCO>m*TO1uzJ<--cf%-k(sniUG#&xz?d^ zR_?p%DWiQ|15l1pey%6etM#%j0tsA%(*&z0c5JHhV9aYymW}0D^^B0)|9b{c$V`-2b=+$2^%L*b>plH`xYptkA$y^HBaQ6AA>+};ax3S_fYZSH#|Lg_jTJEGl z=q^4xzj4-{ihzRnUOGE(7qJ}*K)r;1-y~|0oDWS)CuTsiUiRyC^QYN=25WBinEVrY zoBflRgzCMk?a!?^0lbDcC~D9@@bL2Fdf?5IE@ZKwO7=P6%hG$eb6|5W*M6BRd8Ed{ z@%kO>3Y%2GKR;K05~?qt%O#!z`w{36D41oUtM1eN|ERj^K)Tu!}PQx zhv|vwnwjS4ZetE+VmhYVrkjb4>F)0C_CEH$-|z4Joj*AK!sk5C9oKzb*9~Jb;1aUh zf(1NKS=?irvHi+Y?D_0~xu@@Gg>gUX*17v6I?n4Q(c#BWWp9Pt$>WSj`@FQiE42>K z&861Q4i7)g0!DHuzqWD|l7I8xHaGhmlr0xER5IDlLzbGxd1=O+68aPl`h!>}`YE=1 zw1jB!nSS7BHJEh_*VCF1R_ZqOHhxObnbJzwGJ7d@MvWX!;dQcy9COUWq%yF3*2EPhB8Ja^G+AkvWyzaFzWODw%KJzf?E~7 z*2^T^`hGFY0O|+65SU?EFdVnH*{av}p&xXw{z$C6t^4){b;J~~8-poN=}KrzeOaaB zQQbw6t1`u7e>HmU(fKR8%_gT~2XK!TH!x1T{Pi3bus>wu<)F#hcn&@2V3*Eowl~2U z*_bNrX$19I$4Wa})vlD1zJ4kX>#j7===Lu_wn(7_{{FODoqgLNh`QTqWf_$|?#k`6 zgWuq`zFZH0-P8;JjZnZs2gimb~X;*u70Yy zzEwFEAvcW6b2)1B5V2322SU1XNa6MFmBZ5ohQpGa9BJ#ui+2-s&Lzv}VowBb2c#)u zPEVbvIqSy~d2QaU|4lUD%X{qedH=SQGhS|P;H_ry?c6Wf_lqGd4NWL1!O7X_Ta@pN z*MBNCt8)6=<#uQl)XJ+iIk`Ed&r}?;1 z&kert$dg(-)RY`l(OI7Q^d@kxdjA+gNUny?gXKEPf7X1FP>1Pmd0K8JxyN*9m-U@h z!>)495RkW$jGz1%y*+j)zEsI!g_cF;~jWcVM8*M7fD| zxym_rV>5w)Acb9_@l!Ed@2-@SbviA~Tuig`_F|C-Mn9Nrg3JHG%1TA|ZTTPn(HSd8 z?=sX8gZ9v#Vs_14cD8titNM2sq}73NdWM`&3(uH@S#ThhCfc#n6c*?shFTMKXXF*v z21!Ehv!5Ne)afc!$+dDmn&Kq401a?@vH$lvJnOkS-jie`-((#>_H}!|W;{KSRqiu| z=d)87R=H{=iom!(5bc8(rJ(8K7uFJZtM*4&9&a&aI4`r#Z0t2%dih89s_g-m7z8`!c z|8n>Hjc%3f-@u7E-vh=_&uszVyF4_|W(|X>WgLD~^nmKpST1unonDPEFvg$k)TDYo z{ZuRgVy69BB14u^{|aN_n)vv8fZ@jKP~|#q{XP`Vl%1XdOZAEkGc8IQ)E!wa!K$Lq zVrl^2yJ=kj0!Stcy6C*IzW8X$8z8QPWX9I!<@RHFV0<3C{(P&@}1$ zU$lqmNwIs%%b`+k_a?nee6e?0idRdm>v@vZh(rz{FVb~aKD1#e;cxaaFVuF9Qu3hs zvTCMf?_T&!Ex6BhspEu+5p_J9n#u&H`RhGur02TwyrO5F>f?wnvrvftuKwvhJdZSj z@|2aYrrxXRbjQ7q(-PU`4*)P!-R~OU^PH{%B=CcBgBHK#YUP^S%dP0X@9t;TFCCe_NA~~}5aYzF8H;y1k}UPQ zrjqmQ`|Em;T%DU@++Czmop2G+nNlyLc(Xt{En<#3ZTrb(pX@B^%*d3|N#QP!rLbP> zuM~ydGu|c%L0RBI{s5M98Yb!+K&gO zLjU{vJ+!|cvUWqHQwo*E3Wd9JNYT*zj+^sDL!VP#-+UvF1#luJ%#5(hXMz`xZKwPR zClGnEcg5DJd?WE%r64-*Py6wpWO`zF$Vf?sxbC77q-65sbuZhbT&#Pv`>pAF`|%94 z+J9`91czdDLmoD;m}0b#U!aX>iPflSLeih8u7iNDe{1hODQJ+OdHZ5~3`>>qosp5O z{lH{GzJMLh)w)vfM&tGrtiFo>JPvC%*ywVgza&Z3RO_qi;*P|W8-W)M+1-zt z5WOV)phTH_9%};m?s%c|jv){P8uH&_&Y7eiQVe+y zc35p*>=P5jO5>fj2znlb>8nvQk!M3g&|980*DrEEuy%M@$S44t6mvlZhP{H^& zg47XujS`a<*Jc4tC$m1=9#?9;zRA*T`h|!hF1tFKeL{3Ny0z^6OYBV$W})jugkOYp zq=a+Dx^oD`GdS^&r?*j^PYLV$Pz7KUZInh~ zd$4E?(gAYgXB}!7GH7vfvMb*Gkv&Ps&Z*h?gyhkCx{nh}=W*M+pGbOTTvlJ(Vy~pD zO9yI!9^u{G$&L+EjG54F1R54vW_1-?- zd3W9sch>8yJqe<57MmUV_3O~{&W`NK%9$#%bu+~z)RrJUQ)SQkTY9&$r)T&J%a5KT z=jQ>#BO~Z|QB^%wcEeNeIhJ^r;}>z>tFb2Fqr%T_ZkwXnZf-F0hoX9%1j=hE3`tVI zVxeuoC5JXbuW_U?C2EDh~66Efn_P$gDK(0{WCzfrC+sX^sjK3f0F_C?%BmJ6P zW;wwDDnl+Ot#M@5_ao@mj|MCF^3{NcVY2 z3O~CbdB{%c|e45@2V2ih2g{k@?)6JMosXacfQE^WKUJZRqsL=yN( z)dYRxa^huTMb>q5bK|g<9-|R4q{UkJ!#n4p>bM1*GYz|_hM3GCg!hStggktI_J!^L z72*tKTKiw6g zqP!ZHjy}s&4P{M}N^3>`K=xV~XB99vmwuH>+3fkC2dsCdS;T6D{A3Gw{e*ODe1tJ* zd!`tdMs#03xVJnIo|Il&T#P+tH&6rd&5U6t`jsxuFl+@_d56E5+n6wo_LhTIuxF~L zM|}a>EVngjx@fvzL3L_dPq%gV>LCeN984=>b6@ITn`IUV<`pC znwH0#BYWhv4KwM;|77svn+AkfE~MvUTPU@Bo47LN2O!-QtdllZUcPF}DJntoGX{+9 zvY_dbnUDb5k19qM;N5Qs(T%`u9?*@D$9-J8nqaXEwp~X9wO+2>3#w^)x)zC9H9MI2?@!_g(7sgcMzhE}aBLR>zR5wp?x9v3gxk zo|Nc#UeJ=eqBy6SnLw>QZ>pzHR$q<0Fc;TuD74I1K1(J~{d^B^sCM?QkdKP>zhAR7 zVCcD!>ZG-3+%oZWZ>YsNa(nNhlfp0j)V=T1iqM`fUtEj3fI3uEF5l~$Z`zMLW&h77)uH77LST9GgV)io_nWR4ebE>wzkDjQg zMK{lCZP+c<-r^n)h+!fVmpg`v87w9{yM1o?MwQA71)kx?n-_%-WJ=H#eHx50t;Itm z+8hiU`T5^QFHx6%N!YbFcK)if@`%SMm-DUWyKUce=3-6e`?91vGPOTSNX_}6eWtk2 z-yn*0c`W${m%FdX>cV0en^Fq{uZsdXYin(w?Po76pPlT~UU`LD{5Vnz<(^Za=7u&r zWwi`U^7J|!KPhqX%wJQb-XA{XYao!p-g3QkSk+m4QIqP!&lEq0f-(81B%OXqxSk^5 z^SgH(7OhfJy>fpMDp!X&;-jjct&6;7G)y6qM+wVp!p@GXtV|ivq4^ zFCys6b(a8YbdUr1T!p}gw$J!!!$nLpbS69$hdd;y7|0ucp|oo&ev-J_g^=?=FPL+U+?WacteLSaPIqH9l?Y#^;v&G=>lUKYNa&@WEfXgyV@t(_XV z{dj~pwcGLhThsR4&p#LRd8~4hRDFfMc9{6eX~tn~47nft+`n=KPfp#Ovj7;>_*44S z`*^Hfo5h8WCIc$gNeUzM8C8D>m;JcQh3r*J+5!-We7S&UZtkd083j>OFmMR~T||CM z*cd06%D@B%pL*LcwX-@Pobj!u@UcCx=hEQ?2nqIFbB!+X^DH_a_RG- zZi?(0ryWU>E#!`grn@u%^rmcLzw=w;bzJwmyu4iAIfcKnzW%hdtjkc?L|YmkkKWy= zlMyep?RWa|Bbwt&e*TntEC4|j_v)O1H2|!3LHqs7%b*~Dy|l+a8{=NPj`Li4OK=)33&v_y_inHWQti;SQ>t|MTxTHSSc2Y z?#J$|J4|hN0&wf{p?-21N36>tg^zUr=Q0{+d??>SG+t`xzr49bc~^blq*`ju+Ir=a z7N_d$T=h?9GBBaQ7!hQj?U|42#X3n&BC%gVz}R}i4`q}= zT`CXUgvH&@XUbS~C!gIXtdZjbO_)Y`-x!6J+9cRco|T!&z12TEOQR;3-795C^kYfWq z(veg-6Er1HlX4MC%1}`ptD#N0?KHAX1`TJtFKeE6nDkkyRv^ywcR?%S?Zky+k z+d`c5c7AESnQ?4(4R^&6J<&N4snJANixUY%$zOLbWjxw+96mln4p0!dfKAz9^v>51 z=i^OOSi~Ki0=yFAABgn+dzLtY2>M~(v5w1vz3bf#ZMn&-I4}f9oTa!l-db{}q)Uno`2Eg5nQ@yas-}A%PtF2PvOnaEE z$Bs7IXMKBSE85wUML$&%*5w)esW{*U>-Fkoer>R3UQdgnbV;u*y z+E@2g*5SBugz0oJ)o8_-9`k={EjM>X*V(xd!kjs|?{`Sp7|8bwjOmgup*p=X#RAoZ znq^&M=fEmKH4Y-bF8UA=&;5)dGOfOqvbUJsDSoXwDBLI5XhCdT2GyFi-u9~*Beoa? z@~2}y$k8>}?H%Re0jNBuySlyBQctYg4y){z+_>XwDaZv~xL&fZcK)0V{}m==NeKH| z)k>c2evJ6rgp5!naFR#rLf6s$(M-5XvS&XD1c{%lMl3C-qT&~4y(&vQFKq2lMb|22 zk8#e-Nd)aZjJ@gVW2n!TtKo}Bx`^k-0x=aIu1h(mS{PklS_Q&Qm~P6;Uz}8LP;Zrw z&PBYk16|NH^xh~eck5`aFAg+MXn)8d=hx?(S>+e{IAGpr{*0cSr!}j@?v9dq*y9Yd zb7}h#j_zc8uasJ4f6FfddVV09I}{Fp%Y(L;`k$vM(cbBO%mAV>bBQ(a3QHOo8NqQ<~^M9WifqM zSr@fY=ig*is~y>rSN?fzg+ZhcTiT7+R2S!L-00oAw;i3TTlIQ8-=B8_iP;A*jr`1a z@Ex0m(KKO?Q9o=~T~ZsYeE^$(CEt7 zJ64q@rWdkC(++p4-<-;1hNS6w0f{sts4Wxj;%#>vTiiX-28XWv`-b9%F1R$`OWGh26GDNuA zVD+x&ZL3t+O0)Lf&9^gCdEx=W&sN?dsxbEt2$D z02UBA0AlUwNX*AYgqE*H!d|R3E3w+kK%)2fp9htp($e|>{16HST~DpV14P{ru<#oU zhip+n43Pl|>EX?ewKtQ;kqkX!4KxsHOhN~mGy)h2CSYfZrln35U6ioGCKuT;Q{XVy@PTPLrF`vDAaSial(Y?Q#&NGg2|K#|;8Rw5_j$-QT zhg7w-t64K+0|WW|T~tpwUcP(=;@Uppq-cLD_D~nYw%7`SAt|O$no=?OcNoBmYQR}C zJ1frR=FLHra%(8>E~$&sHltj?>6Gy%+R`v72(dx;M}Wiqk*&3Rm*^`WHAlV1^0m#QIrX`U-2%(U zdAd(ks@{IvF&>@669pp+QkyUAfkHw|Z2ZW_2fb1gCtIpfFf6Dhs%|*$Xv;}y_C^0C zYYkv!PM>;{M-)ye6C5cF*kKR~-5d{r%E4R9-nTO$1(iCnMz+Z-pxC;0gB~bpEY^;% z#Qup~Sz&<);Jt(D7Y4oC{kF#C6GG-#lj)`pBOHWDKyRd>3x}V6)Q6A&%dR~0{^=mo zPKrt~$a6{v=>^($e66!&-rtIagztA%9p3pBQ*)^@HNd*_ZL=xgym_NieC+(@%9NOi znfV=?D!0TQd;a0B;b+Voen!pWXpGed(VWauKWWm*t(929B6|yGcN0T$nB3+3 znR+1qoLepLb89$k_L&Eyf$I7Y^k&&Jx5KK6D`b4F#>x9+E7&Cmfkb+^|6HH@@4w&V zGe5K#ScMPefI*&|T(rf5#l2(kS{FCO|_3kG9Pfr_O(sg-9E zIHB3E_uGv)c3U(yfX9(lTl=Z|*DNf3JtKt6>!_O}TLc@(PYweab5qX_mJUnYm6E z00{Xd+5sliI-TMnMgS;>u5@k+!noGp0$yp~aUOOt1O&Ox)SV@pMCJezt=T-IHn=K3 zesJ|VA;~%Np=Z|NtuNj6SRqzUtyJ7dIWv)m9Q&Oe(o$+stFaJ%a2-z1WQ0ot_;fh! zwY>cA;o%=8Ypr}sOAASu{49=+6k4Uz1O&bS%^y{fyRdWmCA$%V-w;s;|w!=_5j2Cfl>2C3P?ztrZ4d*AK-nWOg+XD~>+U~z%JJ)z7D3Sw6 zrz-@Q!*hz6?+JXC@Q|&P&O-QKHCu?~P*v@ZfgA+HXrFf*@z(RIy6mtM2R17sC$MGb4V3LfyiHWw+@bMK`2%;{E?&iiXYF z6sfu)BZK2}t06jTXkS{@8SKzam|SBOaR!0Ka(!}WP^BLKGmUMwKRe(GblBm>iw)ea zue&T>#sgEA0wui7Sow4sUd;|bGnp0JX!fOe30rqLv_YoE4LM(7J1gi%emEo91tvOI zpT{s}8Vbr@5Hi|3x%_t44cmH!y8qHOP;(yCV}p~ExloN2N$hC?kwN>>Le>5kK&^k161Zm#E6q+%*K@qeD=GN{K{j35j`#1h83(F# zUOxaUGwg{+wogQ%=mw?{&(tL(CVn2nn}rnAMM;iHCm?3lJ}%$qj`9*PNiUFdeF(p9 z@IpQb&8u>59&=g8ef-qcgh*0}B>7Wecdf}hqWkCnKRfaw$hH%@K zAkd>t>InZTHR$K%U_7zZqpK{CQcRWlgiT&A)lLP5{6+$tws$y2=fv6}vQfJV0Sc0} zpp*%w1&q2IUOc>Z41VIB@iK9zok`Pr$`)Eo2+4(Su?*x{JC+_2KQD^!SWELiPYh3) z|JEG`4=+%1Pc`Z4@t4`OE=sd`v$)JdzXt)>7F5KKxGX~8j*0MTtB)ya;N2;!gbP_mcST|Z=XL;l3*h&^#vn8hKA48M zlkvl#fSs1410Se)g-RDT(15WQ@y;7-p{M)Prm)%U(>^{{4AkyY${OVH+~WYi@(6z# z>kbPbCFU!zZsQjg6wHV6Sy??Ni7>aclnIJngp~Xmp6M!ZPr}wy?(z!?hcUiCk%}^n z)ASY~_takQ@`@6=V?5lYIM|V{D>OHnl%QU;32AS!(Ueewol-?59~mSIpwnawmVr^% zNDGAAXPTeL)ZZ4nmd=p>KWRYrc%ln{cj(>uoL$=?zV=82hod7SUE|}`N(TXNu3qrG zBfO#%h~2avp7^yZ6&Tcy0)25`Ofc;)Z4ctpxr@q(+d{-B0@Am2T_3Y1<+MsNMmh%# zv6Bz|!2RZzHj`LtNx^5!sAU_mtG$l6;xP+Ib6RCaQJYi&XV`l=*j6W}rwpB2>+hqX zZS~Xu_8SWrnt?D`PFbGWxzIQ<30l;AVoIC72R%=J1dfN zDtg^mr%3o{^-q!ia94;sBaWB?Itik%SDRG#XsCyEaMxym=O_1%+?LmcBVuSXVW)!6 z8a?*Bi7vwKn!2t{p%Pi)Kmga`Z^0yjNeqNRJg`GCO-M4_&k6AotZ^%Z%I)mzK>vMU zSsiyx2kV?tM{|K8G8k9#hg?;f41zHeaFS6+fdI@876qmr9xAzf*Tr)XzT;DD@Fe5q z<>m9l^v4Wo1(2y8vjThlewcIS@f1A28yWyFTv`563m3(SB@vy6w2%w2X$k`*d4-?6 z9$SbNQOsf#R$x9=$IHz%T=#g?{WZ?MUg6snJ=<`fC<@9F1n((*(pK0)fQO$rL+pMX zsV|uKPVq?uesfk<_7WN)zo$rl)`iS8d)`I|IlO;_kqCl4bI41hy?Z+L+8lHZ!QM>veb&_I7~bM6 zKs@^UAx<$kJB(iaS?l*iD8NMQs%kuW?t0KpWV$!o&|y~sp!kdPP7zkn=4iYZqZJf+ zSXWs&Z|2o%oHX<+@TlhXkZISyGxt?QU9x5<0*$@Vcu4DKbP76~SJOPSK=k@y&c7co zuB!E@Zi@2B6ZIMU>jd6DeO!}b42LKY&r8elIy@*NW6)TtRwS5v^gQ|^v>yb z>u`CTR!fd@5U1Zb>hJ{Mbsdsj9T#Nx7}5PCwn2e+{at|VXKdk(eU-{cY<@IDk`6&* zVt_+qj0O@NqG5{_412%`pPx&pK~9Z>bD{gAb~0I$z3a^bAe8_zRIgsD3c^N@YeCn# z7lDS$a~E=Y7p&|tB6<%?hfT8}Gs<3J>{h7rb;HOEAS;dPU*kmG?WNK?!9`9e&Sr#0 z`AEGqLULjE$rnJKDGk8@M3*Ipa^nacD;@5oq)>2E>G)HBVvj&;RWNipUkDz-gFljhghkta7Qo&2O`KbMdkMr*5&j9(?e@a<%(yn)o@T&W9Cq?Zz{IL1A z4RlKsr#0wKPEMkna3%-yBbKG$A{EF=N=ks%2GW9OT^ zG{s1E3_nRvPjytP03Y1(7Iywg2B2^I;4@O7QL8Zae^k$;$2^0&AK59g&j3GW=Lvu7 zb^Yz-?T-gn!D_RicK%$sK5^TT;VADc+k;xbim1{S%i%`FRw&~vtk~MJ5k*b*+2;c|dQ|Q9`g=JiT|}7B+u9%9 z=jZpMS@;$q_8~rh>lR>q%`9J2u>gM36T;Y|0)U%OtU$;UUzl1X8sMV6Zbamu~x)7Hn zLpeT=Kis|O++Irmt_=FOI_+DjZ+E#Pzq+t?r5Vka%mNv`FR#eG&*L8&)o^`X-4|0QlBr~xbDeHURA2;A4qvKD{DQ5` z&WIax4R64097r;xDFHfUDaa+2S|;@u|1|h6?lSP7T0>Y$fJ#<-{z=&VG4FlaG)hOBMSv57!fL=1vY6^3g!BAQhW@4gtO-z}J zOVfmYFhkHniW~|;n_3PJx%yA1jaH1fJa!c`vkeqDF4rMQR+E!Y2{L%S6B_CUV(TPh zi(+J`VaNJjedwY!V(g*5wCD(M^8RP=Cc3{A`gZj{|2Y@nomxWqoqtmUqt9Q>1^u=< zY$CjIcjOHlH#Te0;_2}FX=xPvZQ^FE*2lH(3Kq;r(uT4l-&XVzgZx}(zCx&JRFygj z_@9uGMRA&`=zhcnOMQ&W(2uq!j|xUog5Vb}<)%?qYVcWHfoydUrY))G;xtAmrMfL}K<14&L~lxRBlJ-b=|5YVhV zyf2ulAlMgOH{B_Q`V_N(7d^^*)gJ}mge5ABv3_^Wy@dCX=s&MTDtE)jip??-63Wn` z@ZzdhO@%VEW>_(s<>e}X=n(VkiVvBj+?&S>j?kMd=O~?9VrFMQJuU#iy9P0rclYGA z5TyG)oeGQpLI+UZe&P0kh4!zVz7K*@i;?5vFNIkiBPl{GS4Je&v-Y$!YR+2r$*P7k z47x4@q{wmKJX)my=Oy_x<*|U}Hy}upX?=$x$eA@JTTcHOz5DI;U<74`AGY-C*C!v- z#dJR)A(@%FxTpcD9Rnck%jE$V(4(D)2nD%wLoc)La=Qkq8aiuM#Gb_~PNxXT|2Q*) zeqn1MU)T!`Y;RUZ+pkiwZU2V_^!I*b3^qdngO}->+PKW;7Gg6^sbILuS=fS8)j=jH zuAja8?XV#7*EpTEI*x7+^~=eoD-zUXTP^}dRhL7dhvG!o{*s;a%Q3{*; zJmcI0RZV->)N)Q|1_Oi_g!qq}psfB@Rz)A~LRpQ*BR;Gz1~o4?H>X*2rtyiff3UUf zI`M+>LQ6xT0oG!Au_c56?IRctQgofWTU88XjPKbgo0U2Of>5LRT;y}@XVr`UCYSp< zTA9q`u1fClqeoGskFk~GVZGZL+jR{J<9@K#{f1GMtMy7=JPCn)-*s`M#Yad3s8gT%CuI z0;)Y2qX5ZK?I|G1ZtI4MI%^`z;|E@#;!wQq9hg^!a-2j*6{@xB9n%Ois#Lj&MwLW#aR?|Lu%V z34O`o|G5s}T`pO=PZ%Hzn{-+sN~X8sadFJ>Ud5TDs=Fz@(sx#vv9P z6`6u%CfN|^(b@w4eLQ6|!r$!x6fg(k$1-OIXb2?Px7;%&``*9d)O@qa(e@Q;B)b)I z;#+N1>WbM}Uw}&^Lhrd@><0W03P}X9d_v~Mff*pzkUs(;;Ltag`t8Fp%_0nd{n89 zzMZ79#x9>6NI4EpW_h{GuHL>dBtHOHh~9PLS0U=4omfP2f}YelRtCk>?)!G~{yGEl zQdO#uz*AsxF$k(!tD(h8T|Q^)pWm+@`Kf`)5fqQ_vhvCka@)f;cx&C3BQZO(We32({#d(`)XG5>$sqhZo0!~+5(#u`G5M5xT{&_Pw7Jv`@*M@UbkqH)Gb z=Za;rv%*0E5J;C2QUu~Ql%|oHWrlPEnr)nE13Z;J!FL}6(di@P&`pg(&2LZzb&X6t zAUAuaT3XZ?kAKJkV#>y@9?f2pw;Bp7LNeUI$cV;i3Z`;6~xV;+DE2 z0$Wi}ReRwsViET{itxOwRR99GqME}~VDB^o0|Ti3k?b#4ERcwP(@Mb3_tD{CvG$m@>@ zc&!%%r)NjF`!rl4>?5Dsay5k@Om*<=T}h(`hREU|Nz*m!pNF81{pX;AcLb;tL*j(; zpb1n)nAoyTN~hh!{j6=4@%57@iS>8IwptO##5Z@DoyiKbska`4-}_8cV>y>IQ+WwP z%f}v12t3VVRb8MLq9i0#XMZ-5+~;Q* zk^5X#^@FQ}!xrp0c-q!x40uN|_2Gt@FRi`I9r2⁣DB_LpbFB^)Mt3;u_kb8k7

1sHekmW znC`dnWR}>7#^{&>yBmC64 z_#_b#>XDI{4|*g#;27`o{sgl=kjDgU4HNzv_xu~P7k%!|6#-d?%XsUl2{s8r>kCG> zX;*G(eHgMUCZ2{|+~wXQ*t$|a=p{wgt^Ev;YbmH9KY$g$+)(TJy3#jsX{Y$!!K~c{ zjVFP|B(APi&W!Hy5;?ez>FY9&*vQu<%Xe)i#%AtT7yFq`kupMwrsJ$JZlilklc1Et!+d7>;9(u%|i^HCiIAtI8rsXsIJ zfBoK=hgWFCu1+cdIF@C4ZxR^QKl0u!ft#m23!{d4*imOZ0)>fLt5^NE@O3GhE3lAz z?&^8(i1Q#I{B+k-nx3BiMqb6ueF#Y!conFT!*hqVri_j>5Ug|Z_KzDG-~8;|%af3> z`#Fb)QSvrd-e6_Hm*>C!fOg8z>TMKVmd7Bdvzw+IxJdyPk|!z|quc219J(I@9K}}K zlr92IR!e`*-0`K2o`n=6L>CUk&R~{C`@v-)P+t}oXj4sIARSYnpz`82J{isrlEP!$jFN_vuf(=)xy}Wb-YWSFH zkSPv?Qo%S*#S#;^FtwBZgHlD`NPKAm-FMVXoi`1ohpoiDlF|<&mLZ6++;J;>aHK-? zu)_Up=;In+B+t!rZQ*BQy3XOt7(?!-6Kl&CYx)Y;A&#>5jPGM!n@0LC8~9OGHeN@2 zPxVvpuFXjP{?~s?2_}pdezGzppOBD@D5kfmDZM4xtH&GPF-awxhpjsKS#l#MC!dgz zl13Dg;skCTZ?r6*0D&>|3l>Juk-vg%csSN0=krfDy=HIT#1N1Yy#l9b=|Ftp{?j~P zNeDSS>Y}})>JvOV`Z0xz+3FM7?|F9f5q*Cd5h3kr?@pWh`Py;Q&5pEM*T$B96YrW5 ze)dsCiKloVoJ*(E!+3q;CCgORo$r5@_jt+|p-f2`0#!;}@{<1G_X78@?tbO23^z8B z>rxF}bq$SfKwO1>3D?`x;*__Go^S;8=FqnK7w_KJ?B8dOt2lw72|*CZ?!BCVKgKpN zJWE?^L3LgxK);+Eqfi>!PY_0Yg(F<8>Nj}w4u|yR##l!`o-&NWdm2#7dXsUwTKt7J zFL|44R3Ec$bHT@^r&<0zxoX(w5w{=%;V@Q}eXu?(sQVfpPk|^DN??Iq2Xe2b`YJqp+l^=Rwp9o z_o^JQUoj>|MMER{95er(7Ksv}BE}Kw4=Vg+M=(CS8(#oAGBQNlaS;Uth5S;kpuD`V zKMk;V)Ze^$<>+W?M5!HJ|1I7fOqtCn4=Hj$51Yb37Yif)&^<$Q6o(eYOY!t4N)uKm zK@$PKa(eycCTU~mOcl@D14v+k%T6Gt<)*0Qr%SM&z83N@V?-hl7L3E_mnj+yxAyo#0Vyw~8Qj$Hmdo zM?{t&otQ_o~Ht*$Kosga{pbXF{yCWGKmTR0=7_B5V?Bf_KM?cPwpfZTa|v zIl_)si_!;%7ZZJYU+zwtX4S_M6B10;dfhoGg0J+vF5(VvuY^9HG$`JL@5&PCRjUYJ z{IW0|pt&;}a@#7p`SA91~UoEiGM8s8bW4o(UPpKuJ!gy?PP&2AQ=IQCvCwsSxWH*3O>v zc_Ax_DhEG*EOBqal&$OTw9KIm@DhX+c0%ypk;rvfT3X6KeE5)VH#?i&vu_PlgpW|& zLn{WXsIm?gPUqb=v4q;B*Y(of zeGm5g^2Fjz?&_?&GkqIRsjcB^ggoS#(Cv9NQ||Kdpj=7b6|UZ8rbzAUgv6P;9}Q=E z5gvC}5x){`c6k-n+~?foh3_u<=pOEIT6&z-MbPPWikMBqH;nWSo=~_L6s;%m#Zl~04tgb&HR-pqP#Bywh1vYRSMT{lynjw8YBwx@g*s@ z1@CZKi+JC9EH=K-pR&S2_!boOHm{%{8UPCS7<83(a&*TC43EEcXWLE90J8i=d%SBG z&=KT<;9U%W&T$_^G)s{l-?S%$Fve5Ogn~3-I#bL2=;vfbfu}P~?Y(YHLSqb(Td}Q; zwy^_;e@{Zq0}LYgDW1O_ekLxyu_Xw786k3;xjeW2;F~y~OCdH+x+-oZk$}^*g$HXu z_`V1Ky#EH(KC(+v3U&&HZ*GalN<{cj%@W)l|E_;H`kGWXoZUdrR-pFr0)I;PbJ()S zYl!|vT8!80>gk#z(!-fO;k0aU694z5mQO4UlC%e5KBLP>zG*%Z(rtqo&=oT3T3LlJ zGYi4Kpp$GU`Q64B9Y`#`VS7_}S)_)`oH*>ZD3l5yfBS9C)N^34#DImR9>uS$wAwye zbBm8xIcL_JB!}@NJxtmAPHSWZLY=8&$nPQ;yL$!B!|d}V8}%!k8u8P7XC86XSt zezm)`b5TTkE)!$biM;x>VpbFO4coIf(S=LYNk5zMl+6baQWI@%e_VIooxdbxhe1PR zP#th_p=;EiY;xL!fP+(huc%E!g+6No%xaRa+GecS=4qQ$_Sz3c)V{h8BPbsaZp9~I z{SyFj#C-&1{527Ub`&NWl`^{&;mu&IcWePA-eA_hFzUF@aDSA7(eH@XLif*E%}{Bl zK>#O~4x(<5Ca=yAfQH62GSD@>Au~iC0qd7>7LlD1jy}~~TiI57*U1}UmYO7%_dN~lV5 zPtqA4ValwC=GfAAvJ?T{j9Sb;J@N%jc$m=h_3a6VMv9WEk&24ZmGkp&z)P|qEeg$A z#N9~-%f-@cP0-xNM!AJnkZskh#joKP)WbV{yx^lNn8RG(6*M(PM zp_xET@?Jsw#m#6DuPHf>Z?e^t^_MivK^3%15--n|=qyRAUEihRelp zPH_xa#WX_9gP6pP(n4_#f&w?KB{Jli>PKe7@gN&##|7AC^~;2TE+AIE@8bs5xW57Z zxBxDKA22^aSVddnZ<8857Ky`TT6l@4SMGjyld^mwa^2SV4(yID!9V&~thjEyynXr4 zsg@vcX2HHM^xN|oQ8@Y;YL{5#MwDiwQxIZ z^d^c2>!vD2e{IL@$%ePa)116iffF~?rL8HIs+`r4i}9YZ$eZ)udoRZ44L0W}HHzM{ zT8!#YF>A1@lQ)9w_C_}xcuaXzvxS{b)mY`!U?HRe77vqVKBh8I;QLl&tiXI!Hx`fvL+0Vs!WpA|k2pS233R3H8 zJze3$E)n8A>G$is0#$2d<1NOdq@*hoW~ul`N8T!xHgohfqEz#sHq^LZ2l}n*?8|`{ za=twpC!X>Fb<&dQP&V_3537}R`qR>2CpY)2!ClfPPZWZ@Ks~ti5|0YnzqS(R{qkx& z%B0|ZKr9!G=g@D>Ww*v#x$kD$fi2(Q%?B?Pk=ZTV=qax929bY18@sHqU@f4Ol#o!c z?nLXwhK^co-c?R<=9o48+3Ihz60GuxKH9TfGIgI#i|9MKxF#kQNUblv6Z*m^U;91E zv&ONwPyIZkB3g|&&stmktjI`wtQi=f($_tqb{U@Y=E-D^!oFvI${8CcqX!s?@@7s> zCKS%q;4uO!$LE8CgP)b&I#N;{YLV{^<_l~4gem-_<0E!=>6ntZ`1k-Ok~uiSt?1a0 ziQ7=eaK*R&5H_;|3Mz&m(?{CUXJOknTBl>jyUd_a7a$`<1>{(XZ&WbY$Q#n-5skS> zP)~`^j84>0*-e>#=o;IpvQbS>T}!>=-PkC5>*?gorYL`v$<+S^2RXg*?xsmW{)&$K z4zSRf=3y-;%)?uU=+wB%9@Nvuo46*6WtS?oi=X$`9LIUx|SA%hBQl5cMQKzdJtJ zWnp9UJqfr8eE;M^K=)3v)TH889>Nj|(E^x=<` zOqA#F3q${Esu;QMhh?Rz1ovZ!4P?35A24HSyqyQdlRf#gY%LqHW*xXVT`#u-ST$vH zA~Rzm2-LE+J_qBI6*^OtwjPfo>0~(un9u6h^Bj9ak0o{1?ql4D56im0G9%NyjFK-H zusGZeATD{jp(&uEcv3 z!yO_g+VnuV#2`6|^YYCtV1!nT`oROU05bV0+Vd*=8-++E(zSN1v!{6EkJH`LvYSuj z`qL9u9uN${<<+er1g1q;2FF{n>Gd~|o+tK)6BN}gEXBcc!((F)>Ytgtke^^DmK7t? z^xUe`_1N}#78)lIfT_Mq!a%u774@%fpOEUAoB(D`@P+SkBB!?ALmuFTBl~-;_+iz~ z)c0A?@bjznjC8wo+!=dJ4{NlmWR2WLy2;dslCnwOT=m&55OIbG4(EEJ#u@x^g?CzS zb|njv2Qob!lToFIFy@dLkKOB+<3milHz(W3-_ja#Q|76%)^LF1OEhM;$h73gBj{?m=BCioIJBEu>x|&@ z*c|U4^>r3-UC1Q57)(Cg+IOJIN<=d$2~Kntet#+8tj~C z_M%SD2Iyt;t&(57{I~aLx9v}lKHC8zn=CpwF#m2Fivp&-nDz(Nb8mdW)lk9m*^{i9UElcL0nq>h z@KWet#+y-(Dfc;ee)^tb*YCE-Xqt!RkjL!><&Z~>x!rkUeht27Cx6^vfx*KeL#71s zS=oq!6lU*bmgQ7y*p8hM<%Pv$&9>sP$)D*Z(Tp%CHck+X;5(a{?xt}7*ph#OXOb6M zo`^h{m^!~Z7m!yO5-@jUiq(c`FaJzi;l_{Lj3*a9ON27js;a3Ks*#P1loYt8rKJr* z;<6z>!4nPi@oG8B2LYy7by-^G;u5P=Lc8s!TxE&+4azZJKOs?%JlN>9p^) zyYsWMEP5T4>VD0+5Hfv6zf@htzp1U6w6VFD=eNH71b7}WJg_J>Fvw-k+uAbc2#JAuYSyooP*!d=at@GUvJ=S(%j2Viq#0&;E!t9v5EAx5#uKx$ zI>f^-7U#!wPv4O+uo-odn*C|N+@R)?s_+NxPY$`fWz_ebag9yTG{w#+O^x99)S4CU% zvrylXO|)dcD)X=CcX7eCLNixP+9I)EW>hm7i)@uKAn_^3o#w9b#i7Tn?A)A_I_%#M z=Yu8uXg*sLG1zjIklq#hD;wnpd9%0=FfDoWNYAEmqyGdN&>D0&cQPj0i4Bm(E9u=1 zY=2E0(zJ(YwVDoFVafbmetmLsvNluwrO66a@~z|Bw^`N4YAS4HgKCbag~OFMORb0f ze*ojd?ta87b!~a#wJ(rpfjA$U*KHxp%`?+k!fr98%!H>+(8#E{PxfS`z_IYn`$NjhXZKL#lMI<0$71M6VP&kna=>c zTFiWN(AWCuyTd>CZ&wQ}C%vaFrzsZcU_IaD5a_eV-YOHOA_IVBCH2k6!f%Dt=VqwyOU#U}2RFmTlk(bS+$ z%E@Z{y`a^iJPi2 zXjUyI!7i3Qlsf93JD(grC@LTj*X58BqsZYuUjdLy?cYCxufu1T*c6&|K<*UuZ$ea^ zVkA_nN}41QQD2%bKA|7TM`g_jWb@Xtd^G_dPUbsUHpkq8xY6_3*BjxzYc1e-9^KYi z`*u?bU&0+Z-=1qx5V6-wAGg}DmhsgLEd<3)5|hLZ)W1oJD-l+Q!$kyY-LAgHC@<`Qx?c7ne4u?9^LZclpLS3*acNkf5%1W@H3s!&j&lo{YFg zLvf7DRoX>LBnY@ZzvlYoV7$AznEI3mH#;zUTe`+UHYi^~n|bS4h6fL`X!1fM;}}?C zfz~es@iE~Vsk9;*n^yuym6T0LE1d|pB=bj2wu+@kotnAHz3uJhV+#bbOj?tmxOwDZ zj`?N4%>W?4Rhy88yNlI422V@}GZ_*uE+9a$`7FnMnUu!(pQiQbCHne0HlZhoA74^0 z0tYhyzh0sXc!4?ee}8QxYBzLh-iFLZ0>U)79`EvFWc-!JIe!&gPx9M7^MS@)rgq9vT};`K`crVN^RfJ znc?G*zmogm&W6+8pD4C2|!uS3q zw^%}N+I?0-EMy#a9}$dr;`(xmtkp?6a-t?=lbR9wl|;n%UPStUf6bG zUq8<|)ja?E{dezhtJcT_t2URY=XCP;TD@U8aWdZdz#_2l$4`i9u>{WX{KQ0B+n z%fu+G042gAHkaW+4R8G*8FTiw9!|Xf@tEninN>d%w6uBVII?PIXJzxS zXGKqOw`%*)L2CElm%HxwA+}A6`y&c}D458`)mO7sKqXN={<(fx&pA=opu4mgCdJi;>jbA2fnq?v)_PvmGgm?VYjPiJM+JOo^;EV`TD8xSzEjRwyr zL{jlIJfLH*l&>R@<&>lmlYa$+2gfM_gt>OeIW(Q@+2nd4z6YVE;C#%f3GR5qI;loV zn4Ea+zVcJ|WuBt3oyJ}DkIz34*DDPDz=>jl_#M!}a_3cMT2M5Px zbH#kez7}Z(Mp^PQ@vCd-Uy#i!(80G`G>v2N5cwF3;8v-iax+N>rodm}<#^j3gil*d zK>rxAp;@O~qUq}N;7A|WxoI_J zjd8g+G8^9y>MxjMC7b1J4U!CSt7@HKSw3f=-}H}XxVCm8Y<&2F=TJ|65+0e#ML&Ggq3z zetKaCb`%K(pAc31;z_j~I#XYAP{X-9L31I8V6vE1{ON2TsFbL%qTs3!i7F?~nW*Js z7S$ubnIht6@{D?_uyoGu)r%ZNA}Ah=a`xjYJ8e`9@9A{aW0YX**#4^X+Y8g(9Np#Rpum}@3(3Jj#?N<}QqEFKAT*yQ88h$EY8C1Wo2RjQe@E>_#ODXcK`fcapFVA(XA^$tr zPf+8=_hGz%jstvLLk$54-(_7e*xP)a#A_LSN^pq657MM%L0a(xh4>5D4(%)(D{i#9 zxjvQbZeLqIt?JHOo90vWR)L7wWb)L4b;y6)UN;nw1GmMRI$8Yug#}QRIswP{U?CD? zLb*D3c<(Ll>6ijAtXxi$Ptt3qD0wlxtMwM>+w)v0e&P&)r_4BKpW>e^!Frs8qw>{@ z<3OO!6gVnP637p4(Y^SiL%4nk%Lk{-(H$2X)Qkd93KyYJt?l^Eeadm$HMe>1<_3#8PviF= z<@U9HZBt2t@HW)FvO`_{V7i7R+^9LIDDCZFx)@%kDTI%#dFEl&U>fU(`K|lQT|XMt zMIc)r$kkG=@V==W2AAUn@xoeV-ulU4y>ElWTC8p(Z`!;9hRYM*4V;QDU(Vg2G}Pal zU#L_ty)vG&1S^}HFsnsQ`>zX9U6qRk`I*#D{F1KgoW8I8bz1LHx8`f)QkzUbp~enJ zCMVbFzdZOI_MhWF?7N-)6}665>FaD32>UWl=P5CRch%~z0{?=vfMjTl%H;!W^8TVE0TzR`Tl>b$749=5T*#!OGIDvdX?xnojFcmm23y=gP%(`{cR<6RU= zRE;Gx%VV8;;f+niMk-Kg2tEY8kTHI=b!g>d(ofUy+FbI|ZNB-hbt)O*P(k#R>S64u z;BP*AJyO-on!Tx|nB7#i5YrW-gu?8;YlHn+gI&}2-m>PEZs?wqbGwrvg2S?8Z%GkM zbz)i$`G5r$u*PNAynKug8r8YqaJ{{0C(9D>AQOC~AW9pBZ!OB+=21eoREj5u^V+%`K7%8aU?Wib=)651tBF_ZYPB-_l=ahQ{T&n$g!t12~@^Y$ru z-0;>VV}JZ3uF#FV%M@l^C#MXomr~iVhUWEz`|B3MZPNdEKZJUB{LJjebqu762_Lla z5g)!ZTk``mQ~@mwF`Xy=PUS4|3uj$`o#2|WEq1G$379G+@#D7l|5Y?Ch&|smyu$m` z#_Jcnfx1VEeTa-fYJrUA*InIzByO^vJYcyTedUx(;P3o2nE6z|c4V1}_sk6y5F9Vsc+ zjjc2>!&kX=m+c_9mGi$n9;=(hF8=>`Fs@p}*!AA8YzeoF0U>|Bx5}n0NM^S7al5nj)rTP`t{*!0%Y5uLB zwWnz@mztI=KR@VrstQQaICh{ECc?LowS{YnxrJ^aJ$7_ubFT(0R^3;3HJB zcBNyM3a7l}AJNaJJY_4)V%S^C6`9Y!%hQZl=QrvKxNEnl^aXBAeorXhdFx%xLN*y6 zpwg`~>1oAmYH&&I9w)fHwjIdPyjz8kNxhW5?L0k>r4{~ElKB60+ES*_aA%I*xK$whGo^3;BZHQ%w)OA~;bnT`m=*E{f1}~O z%*4h)~@gj2RJ6KlEFCVAQ>SUA4E zuIlAe0=@;UG74h?A__6?XmV@_Bl^!A=k@-nd1C(Mx00td2Il#g{eBT2G)Un4KZ_&y zYfPsHUuP+6=8=ksMXv@?$~0!WOuwYjy`Qx6J4c4A-Mif#l?YOZZFE&ph=xMRj(ZDg4+_ zy`x_3t_&ubUzr2M*|9Z}(t-_#@|K z8f<;|h6TFI=OUEbIQAjBqj8vL&(TOl|~Ud;9!2r)f)UI71fJ1IHJr;_F8>w^)L^}cdA9p7Eq*p62tS2&&?-a zaO+T_QMBfWT?hfAR=7z#`9Vrr8g*W|xxV}s?508 zedgMI(_n=L(5aLrz(=tY zMiQ^9^9~s*?}>c*zX#PiIgcWw)T1OX6HdiWuU=SQ3*EWDe)gomh2i!8Ootyj=VaZA zK63#X5o{Y!HbH(bvu6vNHd4_+a7h@%vvFj0!k}L~c_+?gu~?&s(bN(7!|ta$$({U7 zv!HD+%_f2f;of1eh5R}I56J@_$IiTlHf@?C>nz?I-IgyCMsn}H0)hzciU6nX za4G3ju!kcOx3%-U0r`Sbz=8MzY9SFkNDsf2tjiVsTU~eJs$}W*9r@twz2Y7E4cxw* z=Eu=2@U?-J$=|BO=PpDP7bH8ZXG?gyLzwYf!;=NEp-1a}7XRR^oY>0ecyZ+XuGE>?o6P0h`cf;)(YYW zGP>i$I2`qY)aEudI`_D}d#}lE2H)~g6OmJBN)u`(#L3MAxMeZ65?4m2{>39>W#yAO zdLfwtI;8){TCh(7SR!>A9)mfF*M^>-&DSFkI);W0D0^+T+03{StGn^y0Wi4;M2Hnp zF70ERPcYL@;rBQ=EH?i#iy>M-1!sU^T^a#`P|u{EmXLD@x_5HY``BsstohL zJPbcotmBlPeWT5Ip3F5bFUU)He_NwzU1uvoxWv@CJ!(01T6Ky2Yi@THb27w26ha_| zBgXX?S^1!OSW|`?jE**%R`GG8VU0)g{d*VtDf}77vuRGJZ())J;Dx2ulhyo&Mz=R{ zcv)LP>mQ+?edv+C5hId{WUTM{s2`ZQJXi@S~g>M7srs%V7FM5#H~RLEKJK zJOG^3i(^71MMl2Noz`QEryq+9&a~pRl>2tmoBuhrA36} z>dRFzqJcMRJG(lYQ5~sNU0q$&rdc`@E5Lg@1r9$jRVu#*dk-6Q}M~-AG$lI`EGv;c27v3G+##boL{P<}s?uX8J5<%`8Snf8iS=%!| zg2`rewQ_ptm~WLddd}8MEqU~xnxe<%-chD4?v`UK!O!bAi%94W_j@=taKF{XosOW; zZibE;W|0#pKVWj)aAbp}U_VW1DKxxof=X#Gu=-KGg{Djl6xkgTVG1=CbEoI#2>e8oGacULAHIL zRZ^L7=Lz-yz`&@K613=uwA2#iyNtwYGV)%*TN13#-0&R&!?5Mn>xr!ydexZ%gio1- zM82_!N;b|a(*l%OhqIaLy`+C8m&$+XXMPnmVNcxi44NAxTo`Y%5@>u~{8wG{-n@Ar z(WhbKUXXY6L1|O^@|(Y5X)ucykDSuaimXZEf$h5EPYf^WX;#yJqu(E+?a{3`D>h^vnC3A8 z@s!qdsb%Nl@=9_DZJ2+9t zd(%EJjjhNsUz5Y&9sa>V0ojItx@IMaUl4ipJz#OnCB3cg+?eImM6EUXLjGA7otO~7 zks>HPu&gPH4Zq(C41%JjB@)GC0!U^;RC2K&a~-`oN6=jN>k1Yc=JbLk%e^MARto#d zLk8)?H0dv7{Yix!B#vYjOrE}`(=})>wGtYFH~O+)&U^XZQ3jm#mk$WwPHB{EjinOx z8R;>_xrYmkxQ3l0Yx&(S3nV_LLIeTAc9;5HxC1mdrw*ylwM+E{;qMrFES6-Z=jBJk za)xijsdbAzj{JMaK2FfXP68_N4fIlR*-mW9Jq=2CU2)&qJ~>3q#4l6|E|O?XFvXC3 z)?sR|QT1>n@$cx=*gu(-n)s-WgDrf-5`j+rcC-s|oGeS*bx?D00iYE*!_T=0 zzZ2OwI1Hj1fqC3v@pSWId5(Z2kKta>3%&S#aq#en{X2|jN9$i_wt$6%c#oGRlQR+Q zf!l%s!ZDc9Ta@Wv%=7V`F}0znoU7V>*`Pc^gJ=-GgO80%;A9z$5COBWoLhYBu2zJ) ztY-JZrdK(I%@%4oa805oe7`n66(=H8ecroX8Qji)=ofw{owqJ?cuq|_R31nE@$k4F zD)n+EU{Z{!jP#+-vjxQofuPL74X9;gPhD~wIA5G3YNfoS;0`2+*96Zo0=*A$4HZ|4ClO`r^;TRfv_$QWA&6J-$ZHICBtm)`Q^8P{Ml zfs;_Ug*+$IPUi=IGG@d6d#^QYE3*?pAOrX!xgKPsJ#vQ_)b6mSD#Ht`Ep2*kJmq}N zo1r|be!GvghjB7RHSQ0R3R5b)c@s+bL%f3tlsSi&&n|>ggRK5+s%RzZF&B&;s4e4v z`L?Tll4*+dr6M1 z2(bw{rX61S-T-Mz%1b127jIZeXD4$6gpJ8xJBpNdP922*&t=1-XOMo-J9>BU>sHe$D&WWCQ3qtqq^x2hd z57cb~iJG?i`HQtgrN7CBM%`DrL`nB{gsH3=Rp$nIZ_kI!2W?cqzkEswxN0&Paa&&zp!w#W5$xTJK5^idjG0f=T^}b!5^j+( z`#Iysqu9qM*8GLyUlaLnAZ}3;fI^qH{INM{5Erd)dB=82KliV)PrrZDKOJ1YFQ+sT zR*tXRR{z)^aH(-}gS3@61U-^^n;g^MD$??G62@wCerdOT%1W6S*|#*kOkDV;pD&uq zmZ?U-WYv}Kr-`UobJODM;^Ja0*$gALknlaVNf7jQu=6Zr@ZIoCvjX(DeBCSjI5>Q= zu*6KqiSm4lG?DXg%WV1Gl!1q6UeMp}k}KW{&@M+6ekU`*y#En|y~VU|EHvL=rAF09 zLr;$U8idTm6=)c4=ME3xW2I*?qjujmF<)NkVST*TSnXENHI?rC;M4NQrI&kfH~tEw zMeQ;zdED+iedy)SrQ$)|lIJx>Ddvj$6^dB3-!tOc>C;KDZD7HQS<4y)mA6yjMkz4+?^ zH4dk)kZQYD!uQE6S=qBSWfFVj*|}u~pbeA(@EsmXB_7fkGVAXg!t;Vjbpzb}+5RD; zqh?Lqe^BYiHc&tcP%%GJtl8zx?X0JetDqPoqx2A2N%o_awZUcql-*_4pp_` zQ=WULKats&ON-+SS2HxHXUW!XXOM7D=;NFmnV$Z1_QQ@?YR#+L3H%TwX^wFwwzs*sys6)5l6N1xBIk%EVz!Yr5L+WEhYv;CFR{wbbU zv7$dEJ>|>_D04I@Lf5%IMau_LudZQsF0-newar=thss(SME|}u6+PLJHmGqXM7)5v z1s9@vfg8Yu9u};>PMsj-{7HZL{eY<>ZUcee=OD12@Oq|jdX|Mr?$7fzh-Hw5LSg2& z%-1!J&5!o$-+7<~pyIBNUn>y|kWuDK;3$1a2t~T!M(tA2|E5lJK~zSPzU(v*sZd4u zE!91;agkX?w_IK;AljB1&xCOIhG)nwf92%ngLHYmr5d9kWk;2n2J$BthcaZ=;v}1? z)3U_1ZMgSuB2FYo_A} zih3O`KPn|>N$6u4CUJl1FHEYsM7)Eg(E0WIRCl~juZL7EO_^tsJECG7^geapTPGD2 z6imHh2o!((BpJje&7@;&Xdq<9_4+DgxwxoE4zL-%mX_)uK5VF}y_+3es$qXdlV_D2 zA$gw6j-CqO7}#t;{;(CYS4ec7E5L-iyafU0by}GHmps?NJfqgmCh&un0fB<9Qx!&d zvUi?7Pdvr-I{M>I&fSx#ako%x!G5yARnzwv2Wbow0b%cv_@Z#j`6}`O7v;;e21d;% z?#~wSWxV7<$1B^{F0Kv>M%O~nSPg`~>W9<&$zQdZ5u!JSble`lKJ}ISuxOywO;r0K zH%#toH{hmh>?#E!ByLJ3r)?g_>-tUNiFr$f`o2M#du?s`S|+ITSE$=M*2wRF2-=I? z(A)j}SccnNkXHswHE7QS%>i!MubDvIYdiRgkxXe|G?I`hwbFmwyd~K&b93+77&?Y0 zlcdp|HkgpU1Gl&#CRc>E>=HDXNvs{~o2PGZZaEQFbuYN_Jt;#M%x0ms8_|L$@%dLN z01G&SRq|;)?bdZV(0l$&Bm4uJQW_ZblQ*z9-0Jd!nBrb!FvU#=F~gPDj(-+@4UH30 zw@F|QD>e(~NVD3hvm$K&HkVD$8HN6|^X!RWA|dV@U0sG%HnEU6=S7W?UioMYpLr$* z1chZ$cZSVT>9>q;y8m2z+1q<%#hyK5t{Tndx_XaZ&_>(q|2EMzmyf2Z^*Q?b4n z)afB{>>Pl|{s#+d=SP0QSx(I+`j?+@6QPj#ePcg!(-=P4K~{QcPCpZvoDu;;YS2OhjEw$OA)6V{i^8{rBbd;i@n*z*n z=`(RORjg00k7ZIH##qtq-WyjoT0Gp_ z)LA~60U(WaONm6qrUnMtlYq0@>~9(1vRfskCg_S6cDMY4n+4Aa_xDTu+mo;{@w$Hl z(p}x!3WJ-|^IuwQXX}=q6AJMcK1;hs))yfs(4$xD`|pIlfNVz6x~WF`RJiyh*Z#x; zSMBNFId`M3{xil(DUl4Tar7Y>1pR$HcP|ykVMn&^$c5;XzPR}D*aJCnw*jyQs*%Vl z;NCZ2p}X&JjGtQVT+Y!qg*;(E1)v^YSb_^AQ&F-|YqVl`$3CeplY;U(c~O z$#g{Onv@Y$k@!}dUBgp!CTz@uu8s!d8qXr~WQ<>=T&JuPDhfJi0hU&U_uYJz5dtcDj+uR=a%7I(UkK!$dpC_w zrPAfJT}FI}j)Z0$Wl*Nu`Uao=aWE#j+p^y``i7{zmKABmWaGvcFql)Pi!a492X5Rq zZ2FR-CXZ){7>Drge9M#nbSQ=JWK+4<-TF{na^Kzc{AxZpaanSqQ7Jcd*3*C5$^f{V z#N;i`q^rFTck9CRRJzypiJCsq*vB{JTczW={TwOHch@-Aw7`Es&?WkWWrM&PUrsA zj{B;vY%c_%H|u1~ggKO1q69&r85Y|%`e%f&D5mIE)T}88@FS1W#qW`m ztLvhRYp)O)7rpdbqi^X|#MjT54iYyZPZ7Y4%rJiQ#~U*nc_+zy=yHP&;B-`(vsQ85 z3b$&%Zg8i0(8R|`h9Z^mLOaSzsT9!8#Hw_ENeQ@Jc@#-ge!a01KHmG_Z+!5NxQaOq zGcPGn{p-4>YR6r>Vsrl*tfZzlo3{=p(0f>M<1!ep`%F1J zFHbVAzw5`6dd+#5z^roZQjQU}(uJ^qR5-ehq}v{&9M((i*FY zK3c`odtu$aMkPs1>pO+;AzgmXI(7WGJ)eEpqHks@;lZii#) zobV3^qi^Q*QKfhw^5E5K9v5N&wkL|0=h}WO#+Mfx`P!teN)Zj!Ko<8wzm(4K(5kVh!fgO%RE9= zvx~vKGMeU$=eUQ#2|C03!R{9^gwh49hk<0P+Y#r9r?IYB;b<4{*s|#j%1%)RQ??Ch6G|4j;GOoLi_zEM9ZlFZK764sHzHX5Jc6%Pu2yd8{~C!&pC) zwS9Q%lQDOSJj#;TJ(Wm-Z+p%LOUF+*n3Q!q;Ws(l5pk?J3BiXL`hv&C?n`p*RM8ACKnSU31~0Av@IvBA8kIVz z$g^Zz_sI%=q))vEs?99O`&r!}U0!8FNGj3skDS?iy(?NY({GI^X}a5idiVyn2)@#J zM8`fIo~KhgVMlla^-NC|2TXqExz2mi$^VtV*L0U+GT9_GYZyL>ONOiea^M}5IDO?H z!^wmgX{=CAX*RwwWrd&50NEN2UGy(` zhBIEwo@iG0`T3H!fZ2K1{%0wLU>6W3kzXTN?*aRRe9E|cE>8Es#1nDtm_#JgS9yI6 zH*YCxbWHMzd9=JjSukNZSPpa#4}3ICoA#_$c^CVZF)R7e)+%^S-%V$GZER=yg0Xxh z#P6(*m^7|udHHKUE+Ejj{&`-Hj@y)cD9n`q4Z$HChkW<0aa?6+_F-6e)V}oE+{TO( zH{;OCwHUg#+4mhc*XM?v<10AI@z5dE^j*xzD`SJhUCABQ0KL_w^Nm}}8DX&OY17(z zx9F!%!XLL2rnj2~rA*&3IiGA?Ce_DWoU1LIq#7m{o<2Bcw(@xQyJf4Mzu4q(rP}`e z)EE3q*QB%?x+T<68h`81(#f<*S$+blwM8L^AmE>qGMW0|eHk1(`dpr`S-@%V7s9l$ zBQt604aSF(75ofe3JcF}C+$H%67RR%+(9U#AD&O^ytY=yUnu)QM~i7zvsD;Ve^j8M z1LhuP=ccFr_T?evSGMI3JKSn#jKD0bJ>Pa`P=wiIpDT(l^SP^D7*IN1jV>gSNsE;b z8lfpiSC)Q17PSoF+H1-QrU}hpY1R0;K^&bUPc6H}4@=}0*RqZ+z%Wk9i5}G3`+D!Z$YZsN=^3xb&1M+do>j9rzo91Jar90*ZxMyBJznOMycrrlVqUqM@Y_N9s=sw^VtwWt zXVco9%Zf(}Wj7}|nT5}0m^FApz(rzf^TMH^01h96{Vqlh0b<+6t_+7uaH$G`+(7o+ z4m~6-CB@mlsd+?;@{9pTvwpsT5fe&59dH}7>X}y`2qf4$)_Jvr*;!xw9FQJb_p><( z&ri0McYlRg5%&$(wmQIw30Lz7FLIs@(~14fv=c~S{TXQXO3)j6<$~JE@6a0TUPib- z^j491K~WVp)JFG75ZdzF>Ri#eiO?>rGV{6npW<3;X3dvCJHNPOrXZGc9^D4txa|GP zb|04+XgkhHy(DRNcsBYSZMGq0pH@qDdU9f-W-rxh->%TYgNakA>>=OvzajhmT;uY3O0KrjCz8c^fZD(oY3$@Nv9)$9_kBx0SKw4NVy`L@jSIw5`8`ikK z8K-~HpKUmA<2UUu!w3!MxbAwUeO;GDqvO}2`kMaICAyU==rPHELs&lJPn)$JBvG$B zcJk!fbCvr5xa;L$X5>+7RsQDRpdd&HV^Dv5^N8xCMg*NZ%$fT5t-SdIgrIC!_XXoo z$gt@`3vGco z;bLT3S~?nck^CVR9f+~>BVLsm9A4>(McM_G zLk@rxk{=+q>=YT=3Bo2jsTVMH?URXR*N0a_0oPTPE=#TVxS1(M*d`AFi>t3{NO}!b zC9j9oj^mzqhvU;CE*pN&cp+XH)Og(wK6BXu=G=4_M;zD@(kvVTu#D>FHTrVyWjaffq6(3< z|IqRATXg+=5L1!Xr$Ru!8GE$erRRRDVtfv7!iuie+`qE5fMD31uD9mOj+O>V=po6* zZ7kWsk;k>p7fC?2vE<3syu+Ei;bfMXUh(pj`LE*d&o~DoK z_c1AW{MV$GXZgKGfi=H^gV(%7sM+&U5XtDUFdqzGpPi7;Msss1UZ#)_C`3S3mp{9O zgG~ppd3sbg$H(8KI|c`Fxg|fml@75DdS-pknw%h)sny-)_F(oa@i%tT53)#$xmHh0D7>nY%(#PtSNt}S1`{$MJjX!t!E_{}$d2i>9E36@J=2KSj>sDJN@i;sSn zpGE4hwYfa`okKeVoqby33&Ba9b?B{wDIIc6$^Emq2t=3#vF{{-Ga6i8h0Y>z>Ra7) zVyn;Qr$?WY$ex^qJ+rRGdFk-q5i4Q{__k zrR1(@Q=JwF*QqsSny<&OH9}W4+ucr&N%l%WhQR|&lX+0eG&~oe*wsA~u#8@$*-i4B zf2wc{2@1gtlB;l~1T}{?D=VR9^90vL+@^4h>-nwL=Y{hg53k-b%EZOT7gybGDE#pw z@%#{zx-%qox~1J&=7DJ?=`z@c<|GcJOh)o}zQi4P$whCTsYV}6j-D8h)8sHij; zbc1v^N{W@p>Xrf@g@-U3tCxjctH5Q z@RsB&KVR~qw}7iUNRLt)kAUFM`Vb1tf}}26ggoj|Pr*?%1|kB^E%upm$5*@|NiNT#F9Jf=K#|JgkzLzy=U!mo^b@oXo+h&$owk8rtv6oFj| z#PL>+P!11Vd^6PiNzKOeKx6IC_KMM zp0fl@yt5EVRc=Q7#njDw8C zfH%plG`5wBc!XK&@l25HVn3mAd+kluG$?(NBXfI_4CAfr72Uu zmL>tfh|2IbY5w8Um*|leZ@`f#YE`{m91%pT!6@}I^Yzx0qaX~qsN{Nm7FV8nbsZ_5 z+F66Y1UlcK&z@&a?}F>xU_RxLrR6x2D>yUs>0s4tSf7+Vv&MNj(lf$1^~`y6??L=~ z$1K~QnULqUZ7%<1?ms$uBX~=|r%|bO+at)?7fGN$xX(MS5a>zI4+aM+10BAEEzGRg~r0 zL#C~(jcWR~$_YOE10!q#Oy*d$pG2Pl(squ5^7X8r@>937_;+nl`cJQoDQ;&H=`C>Z z-ES^Di^JM=+>g`;hwNV1Y>lSjJzc25fA4s*Zy^5oqKrb3;*;~$aW&N&kG$6tP41ec z*sHr%NkGR`Bmulot=9-OZs;CYu|}m#%H#dO_mv41-FE*~djPNUMP?6`Y?rp7q3Gg#l|L9w3Y3zN#lK$}2wgu&yJ76} zkQZ@&zc70YGX1^GmU$r%K<1*dP%xHo_=XY-aAMLr0vGwb`N6AJK^0T*z44Fu^qri3 zjh%urjEXP~dugjksy@P-`4+DR{~F9mF^&JfO%8KqIr*b_9mer@{oR1rmKFiU8X=G} z=5Z*J$CfQ=I#<$V<55-~GEGuf{eHH>THsYg@Cbn7SMKh4BNoTZ;%j(glaq`&2p|Bt z>Aq&E0-CA-2gCe--=HC?rEl8bl|)Da(&fXGG(zxX0rT=R(FBC`hi_6MdUar6NwsBe zXGWeJ-Qli-{S}AY{c7_B3Qj>-ha>P4z1|LNm{_4wo7s0KZd%erfmA8+tI_cof+u%~ z)7;%#;Fl&d?9p3Qk%fSd!xrcsJbO<6sF6}QkJ{77e5!qzA9_*fRvq+;bI(m$+DAsN zO49RY;v2I#PT1m)Vbd@$xn!s59vh4=0Ge{n#$Lg zS^$6iyH|l-BTeq;PB7QZ*e7tKl-{9j-C|pN(7UZ<>GTQ^_GZ=wu_@RP&l-Ctz9POL zB7_ZPyr*%y7uLUk_@Q)Tc;7%{A>FOMDS?%PBOfW&`>(S;`uO+}7kuLzBVa$1!uA$3 z?n||6Oq&Un`Z;j*eC|p>&q>L6wr?HH>I1ej zugpwiIv(M?1>?kjfJ_#kLyYcAADjdgwIAszfq_4!8ZTT6-s?P|_3rl@*4y0P zjzgSo^AoDjHBrUSMMi#Eop2EldkL*|^S}MB!ZjNO-NS;!erPw8$43AMyo2{2V`uVO z`XEpO8|&|5(26k~b{fNJHpmXt?XAjG8lCgh003iotl2}|#f6~Ii%?D@q7aaE7)V40m&e9@P0gg zCZAQ<;aQ ziW&Cy62Mj&i)Ty}A@hXA39IjJsmN%c-HS&~PfC7E*nDGt z`ohRQiIndkKUZvIq`3gOvn~xkxq!==iOr0Rz&8svQqg%$?~G)~T|*VgDR>RR49wAv z`Y9qOXM&r@cye!vrqNQugvZ0w1s;;=teg&oNCl-U!XI#ALLd+YHsUPsbC{$T4S~?k zc73lNFHo)iUKwpjrbrEe2yQFx9sG%Y&(6)A2)~J;i#FdFrt{Z`sI95oSd-S4xnXFI zTK5)Q!x7A(Gq(q?}UblPppCgi$#6;Zo*b4D|P#Sk zS$fW5j|FKjlsn;Cer~P8QKN(l7GsLrjsQQ7{0?{^kl^Z1EpD1+i>v;)nk)XZ#6$)^(y5NsyMk&I3p|Eqhe^*{lqtg-+dC2o;<8= zaehdU#AWxH5?-NO^jlon&yJWiQQ+nw`Qy{LJwf#Rya~&#l7hL((B!1Kac>RPP#q$t zpTw&oc=p)=-)BQYPN_FH(yUD~cfe*eW;}*LAn8rk9`_(We*um2{+*@^jLr4h9<}1S z8B^VBhKO^|dpUv-!N*60w0A4nzVETz*fPE~_nnO7x}m?}iVyA)I4+aB&(1)i) z)5!k_VQK2*KmF7x26z{9%bd4vDA_GEmf)61uJ<&5buO%otQvV8E`lb?eD>Nrm#TYK znON&rtN$XezfEj8-%T%jz*&IdmT(sW@p2J*Ll3snec_S-;x%{>UeegeS7pEcxloq) z;T_s1xBE6Fdj{U$Z>g{F?`g4>b(+Kv*&o7NPCLaH-)|0QV0dX7-NetVAO(??J(CoatQRgOphOMHmo(9L!G;cGqvRR8rY`cl_tq=Y)g0;oKu ztE@b`$S_1pAYMV4<3*P$r&`dWLMJFGKHjBtiyk#N6WQx_`C;EHiRYi0$JhoOCs}B) zIb1Y+ym7?EB^M2~+DuDy-*zdFOM9K}mMOron~?cq%{oS@C7J}uhyfm|A^!ht4lbaH z2`In5i43=&oS*L>x7m+Bv72k+Fu%Fx={dx#9e1 zycNgOT~~H)jYMk_$fwVU8Btl~(l4m$x6iU{IUQ(;cn8gjuD;&Bm>4zt0BV&-U$e*} zwtW4f$-vjo9$W2k|KITii~C`g_UI^k*{0^flW=iIY6yavKpEi- zC3Rn_W*}mRp11hRR8vFX0Y4Rk_b_gsawLq+O3pD$qABtI-^Opx-##U1&qusaZ6@`U z>%PFHlTb?JVDF74!eif25h7$SfH5eocY9+ezmbwm0E>v9Gd4PEv|_JE(tSn(@%8I_ z&&49zGjTy(E?fB5U+#k{t#!qbJieg&v)ebV*5}qjaC;3NsK-eC@0tH@LeQ-h!F}>_ z-2rfz8YFR?e7x$sWQxILhUg7Tq(7#Rrx*X9b>jz`!xO6N?!23$6I?^D-vGm3Zd+Fx zvch)Smdc#y9AoSb&tUves^OD3f@ zkOZxaoLZ*RiMPs{|~Uf9fyqwg_AQhAPzlEuiB3w=@QC$a>v}eS6wB<1CcB5 zul?S5C6=40?!S(hYo}#4AYQ%~V6S|Vnc^9_Rq0XsjL1kS??t-E>60>U9EuT0tJv+T zIOsDcDootFaP`5zB8X9r5+N-u&(OIR594vL`77l0oBgGv$hZeREK$A279#~yOpQ@D z3vx4vq2fxgUlcE7NoipQOj71yYG=2M$jlwDhR_!u;h7ghdrEJJxM| zy-ldLuCF7|Fouwyic;9}DyK?VVBLb1>s^290Dt5g2(3T#B~bQi1Qs)AbcRoW2JZ#( zKs{xw;6icycjyWEpy;Ok#c|$`ouRs>O(e?)E|HYH2kgRZUtF~+H>#46nnIIl>+Vs# z7OZtoKe^!`MW7JcXWSGc1OzuDtIhIV<BO-V3T;n9Dy_j6x|sJ-UV4_5jgeJq zhw^XKd{xA@1{XB7N;6l^m8r^CrXg3Nm2}J+NdlhT_WaVNyxQZl!xzuP*H~d*iN8tt zZ@2yFXc%SRvyH?3R9JF z-)xcGQ$D_Go;xo*zVZ+Dji?qR6Hh8s$A9WHY4JXDyA~Q@)b;Q=IIr`U;-lr z^g$R9FY?+_(;??cX9o4We8BGb8iJ@wco(w18g8Z8qNt_*a?Blkc-!3}wUgO)H_cNI-C#N`*b3*VuqtW`b#rk<6^z01m>Kh-;mJ-T8~NHv2qrD?VgQzw8_8A!(B18^ z7t(eYGVU<^%=6V%?oyQ6-@cF5TpT7ML{An-KiE4Cc^2J+qU(dE!<}2Ut!Z{@xJFTia zS#)2Bbl6i;+5>z{;av4qkre^igMt^qpT;{+z-XS(9Y{LGnuw25r|&l$vS*aTE40kk z*#{N^Pu0yXF)?n?>BJz`c;#P5_LK?Pu>W?*b)Te}^D{(263A{kw8LiD;Tr}FVu=E= z8|Am5kIq_N;_%)Y;I48Q5Zwl_*MwOi`1vnv*X6{%_?}c_Smk1P4|}`Jn3(|C1*#8U zaQm6H${ieX3_)Aey?a}KQw1sx(A!7Xb8pd(MHYM2Mfn!~;MBB=!Wh?s_n478YybgA zw%tKkxu6S^A~7|EayB9WQicrkxHFISz?M(eg$cDDUE=|S8S?X~CCMT^6Y2=}^){{K#v>Tbp}y6$Bt#MM|U-iAJOO@em-=rXr= z8GDP)vpW4bH{Q9|$Zj~nEDUTLu^vEv=3~gXAJ8Nh7t3%)16z2>fNB_o^%Zu=ZA1jT zihxJjF%>vUq>yy}t?@l`xl)ys*CdSbRAwUIKfn4^ zfuvUXld(7ADMBJc2$LgE$BC+KItBxNt>GCfU>Q4dkK#|bxgR+=_MPNr5$i#i?l6U< z&$|W3w(ZQgZg)oh-5=y-)N&Fv2vBOy%8Aw6<&utNJRX(KV4bUXYz9iQR^coG^Y&ko zZ5H%pL*`6Whlq1+{KvlYSD!BZt^UT!$K%Mq89J3#1>&EMF?pxyg*{Y~V`J5CK2}zh z-3IZ{p-SE>3u$!H=TRcl?pD7z)PEF|j2}rBO*14Qf)6SmLKLV#L0~5&&TRE7 zl5IG_w$A2#GQ88qhKJ2T{N=*oS9*A}y1Laj3kLlxoSY1{P=P6YJX_dF(2V(kTdcA^ zl$TR56*;F^i=>>Sx;Y(5D=X;VY`PRVTnf;kvG&FMa+7qWb38YNzsE062%L>q-8_^$ zRN#142mR*X`;ikh*R0}Qgw^ENNQ$P|_@zT0RN1cdfN+a#)?^65=^sZHnSUPw;w$d?jex3w=A2A14w5FzX z;Pf?>e^_rCk0tQ))=-?af?1$yLHu5{bTVL>VH6uO{6yUt1|JK`d>zEVyRc!fq#WON zEvsq#VVfQYQbA}F&oQJe{Ac%U{ z@qMzTKnhn43xZ|H?5mfbzT3;<>C9*|F0qi=+nd1dxILv=-W`z6Qx7FjWw*IVfXHAxcH}Fnb#WB2jo73E#Ol+gm3Ocw*{<>o>V@A8Bnc zVjkrql+_dND=p;KMFa*p2}AeCfoO>Bwl`~ ze}ru+mht0OLxD$*3728)jS!FR3lJj9FSYuqe=GKp|4`<=q(+#a`xo(iYG+5f(eR^8 zS@G{II8m~ZXY%!V$z9nvs0N#Mi*rh6-RN=F9yV%(3M~?=rm6N zKbLk4Xr-{;(bevwvll2@2dIu6ee(BA%+i?Z#wM*d=U~9;atW#PzC(MU>?OTm4w4Oo z&pJPlo-O*#y>#}BLpS&C5^%p~XhCu%-le?Z=0Q1~tZTKxQU~nRifY=qdKAAhxDyQQ z_p`3sSP<1a7-xNkIBxLJR`*|AmBo+Gat#}@7Yr_eKwLk#4|i!fvxUo^!fu!} z>^+z5>~juxRl8Kbk&ti>+O@Vjwg`9sg^j26k{Z9pdf)+^l?tsSuE^E%hMLc^J-Sv_ z@~TMdk_X&>$Y>BzM0Kk|A6>A!=-zB?9r9SX0xe>aeR~__}-MbDc4>({5x0T%*fE z^TKP_>9AqfHGSAw5!%06^pMY3ApiQ2<;!AVuZJj6l0_qF;qx35~q>l(Q>`DIJYw7)b}y5DQFKyJ@eT3+?JY%s&z zZq70`lq_@w_x5jE1U@_#j08qG=5q0qu=u)&tjdwiBsRoy;Y$By_(zxG7kXJC%%;`A z&#JDxtKfbjoACBe*b}}T?2yd0GLR{l{F^X@4+$n|Oj~mOb(GHVoJ!PH+R@DEhv z|J>cFr;=bz@%yH!qEO?o?LTfIQjt=meG$RIWFz`L@%M`*h8#qxqJmM~ldknT7+aHY zoE}{@HJo~|0@Ob7^R}t~H2CFr4g=f2KW36&E#Nsd+7P?RhsZQmAE)J|l&qTg>#;KM z3;k6Jtqw_7tL>$7M9(JKr3ok7T+DsSdy;nCzHn7Pr%K19rT5?umdlQ#Ln7Ugb8OvQ zO|B3|8p3b|x_ORaMKWfinBv-cc!?N0yd$8u@KlcL6oX-`0yc@?Ir5)c1(R=^7|9d6 zl8{}lIJ2n_KbFZtGUuy*7g~I34^CLClMV$0PzG zFb>`JFwIRRq2L-DGt!q#mOb`8XGm4=U^d(YR1H%7?ZA=pU)YWhs{pVgMUVZ8s0SJz z{g7kxJo~Nw_s0+`?PJyfLy}y>1lEe2v0e^*MeSFazt#U-K_SC$$7&113KeIF-JxDs zX(;GG{qfWWBIXsaQdDR0t9?hOk<>Z(m12Hc27jWa!}2tY6;m*@Q*d6orRM*%JLUJ& z*@tK0IlSJlZ8geK>#~eRmPY>GhPq=He~6rdcft_3%3sBZnWV9&nl4v#>OolTloA@{ zfQ4NUDu@9|=hYH5F#;JE3Re)R>$D8{Nsa8$$J>GAQD+Az?O7aek%CA?kEDl=2L7>& zgqz!D@eYsOY7vHD{^^Aw|CFj);j_xiM|}`4TrmOx-Kf&YzWbE2AFH|(CygFMASRiG z9|B4qd(8iw>J{uy(43 z2#la0LUBngatWzD;TKk?D?~D;y3XdNLPEg=IIYiSH-YrlU(Meh92i&4(-q0yLyJ}c zE?0=7V#6AfAs1ttax+rX+Vx;G@Vw^>ZcmP4#hpkuu2Xo@j*!H<--3`plJBC)?gD3s z^KxwPlx?TC_ixRuH)=D!9y!&%@U5AT8x5(lXbd}k?|Qt|L)tt#CK9V1-^_O}@7bSA zQQ7xeoD3U$>F!c5dE7Asne0;PH$IT_u70^8%hoUN)%Ov~=5zH(g!7}g`$o9bHGW|` zx^ds&FsyK?t@6$fj(4=#%k*&cy4mYc#2#vCbY@HYNHo{a-|NyV zXjRn@-r_AT(7#Yu;8Y`6Nx^P)t<&pHf38`c%Ymw7yPB%v<701>H=HTK6jooOrl&2p zS#sy{^YgGNG@I7&Sa?2wcq(ayCP`NRb+hAG?c5S-t81cjxvr`}-+))yq^)g|>HQLU zrZSL=$=hO>c~Q~0$sbCCXubghd+#)^7oN&Ya}P63i_(}<`k!rz9b_7kJZUzYBJxYt z`kIAESJ`o?ZE>Arz$5mc+8N(VCMl9q%1)LqJIGt9HdWm@ZM{%Vo2_41SqMmB_5AL1 zA0o(Sol;MLw?=W)%Fj-bxf{;Xa$(0q(YWnYd}z;UYE^QrDk^O=&E${yQ;)k(Vld@( zxrM<{9gF(BL^mR)+vGWkRVT^gL8sR4egTdFS(KQD99i!Tr3B4Y$~(}FMT`vz6fVXJ z9wR0-8gXDVQ7R1m_U%WgDk%zL(sBWTc)!KRq^IHr(-Mv29iU>H+Ep6KqPy04Uq#z( zPgIRA*%Wg0{G{h^dkDyh+yZP?$C)oxb5dadT|5mX_8)KHy5LvWOPULM75rq3No#!7 zMGjcN5mL}(NQ3ean9f=p+U0#gXPJznoijJ0Dw=^n7>*6uC2h~$i1k*~3R5K-Yj10p zM6S=<{v}n}qoXAzz^+9SP_fNGLu*>aY{#_ube?^wjmz(YjYr9RKzV4^JG}4Z{nFIh z@)W+XzLmVqR8KAb7LD(xnhBMu^k@a7lX6i%!$We_r!1@~O=mMlGpaCPVgB!#HXfJS zuhTqi)Zvs_37I_BLc3#|X-!ECy9{ia@K+MFPNn_UEpQK7?SrvD>`BYznts^@8xKwt zz~0eXVBk|f*m2~-ge;@D9YNx_q`Kt0H3!A^)H@WzgeNg{r{ii#Dq@c5HB$lXSkec9 z%raW%afo%{t6gnWnab%MfDZ&B>>f1I*dO@JC05JijhH=55y1Q&eG`7I6+{fOKHRII z$3+v6DS_zQTrlgob=+To^&GawFC6w?kYr<;`gymL=<@a${iS6dR|@SzOm@&l5E-5y zhLxc`ay2ID?6Vb4=I7~9ONo7S%CDxD|3nu(EEvd#3L5UZe+FfCseBoY#QRQ=2cv`V zXtwYfvHJp6IbtAGieRUwP#*9o?U(VhIQJ}#7tr#}7v{hxVf0p}eL7Am+4mpGpPXVR zWj$|BD2jr!lxedG!SY7BeFP@8*$VrBqeN>o*CbxPGvuNIC@Jywd1ha%=;re^Ft>HL zu+3}^hp+#x6E`Y=q@O~ZU1(GRC}L9ghv^G{S! z>_B2KoOZYmPwuy%L@lNyN2P1tMM1lyVVr}fOUKeKXumt+Q3ltnvxuK5B}!-v2;v^n zZtPPahg;D>eajl>WB#5*GU4D%zanL9#NL1-{o|Yu8~e427V_LPa*$~lCiNNNQP|0HHWX( z|ATExyD$7WupkCWm*k$tJ?~1&Y&2=9tNeH6S$-{!-qt`m)~X?Vk!mZlA^l?GeTryrbECkvB$8lpB?7 z_#0}Hh4W?yP{_Z6Hv zMA0GI^*R-xX{75(yzSmt#;h69cB_iz0@9>OiR7=E^ssAnmVUv@fr*ca{X`H}%(2={ zkXyC*6V?8)jSlgU_nJk!Zk*k!X}5-|3!myF+Ww2kN=;ZKRFwnMqHV#B*Uu};x40FR zD|u(ygNC+I*9{aBHFW2yk`E|T?htVbGvV9~1u!0`t4WYSfzy+`i$b&470!WNl984! zlueoZ4C-w<3nd<(KSxpYIeV(Bzy21Wl_x*seg|=H<4KIsswF+-Gtvoh@es`B{rtF%vZsvWakCe6zAFG}QZ3Gff zz;0%-AtJbG_4HbVTMg^?iIxNAd{9X4SbuDvM+km(POjTSXLgcih}O-xH7KQ%Xjza3T21nye*~;?PKPj^{>4ZGGt(Yp9f{`h*cKV*8X9x`(nDx zo67I*|C7+m*Vgg(HHw>AN9E&fpbiRt3x{p*mbT2beWixo zY)_qt^_nR(B8nB~l z88V#0qZ1N{O5)};+vUwmY5oN_on5EL9$_){)W(B$4-MAdiRkJ&h%+?T>o>vSCo}h* zKsj6?*RIbTG=s&8bPM2X#|*2oyY=Ru4V<}Y%}b%&YnSRuiz;RcrSqypwRZ&t)R7Hb z?48+`(m-%qLE1D!@YARH^s7r$z>j00nVEwIORIA?4#K*}e}4YV=Q^P9Z7eqq0QJ=oQg$en z-JzLLsSM4F8)Ksf&A4e95J`gdVWAvs>_lebmODp!`^$gSiss9TC_0KjEpxM~KGJHk zf`G?)KL*SdHXSIDyzs^}Je&;w+jLBH$4lv7lL!$ExdGBiw{h-93Q~iTAmdb>pl{pS z-f$G%@|;s3nV5ji&_Ab5kzWzpl^)YxdxlR&^o?GemTd+?1Uq=4@aCeVa8Vj&F9su8 z&9d=rgC#r=y*}DW+)+xB*romupWUIYM-4+VYdW-zyRM)AAR(;B)W7B)zL42`-N0lq zXQ>K13J7tbs~g>SXuLPP&Gg6B@p-#3q(4v#g%tAO$a<~rMJ>_MuS6M_*}Lhm2XVhIJmM}X(tVSt}xKe1UWDJ;8^J>~#UKB{(CUz2EY z>M{GUyLg{l_rHMcVJ?%2A9I11jHPB{(p)F7i&_j?rsgj^3;lF>lyv3?ZB)lo0+;VS zw@_->VmmeZelzw%a5caWb`xYVbMDjG!M4ML*3y#%mG(q;6pv;~xXIkiSoNQ%^Q30y zRvo7WLzF)BtVp++9d%u-nN~Wc>)9POxIa|G8h+NwfwbAY)osUT_5uai!_vayPj}L+=Z#Mp8ZS@8fzy`K?s7hoiWTa>nfa*dHSzs1 z?}LmqoJ7#ycw3ii6ohz9vbi4HGx*sK@6cNl<&4&opAD}dvh;%ieAzKx2OZ=NV4wyw zwf!;on`6TT$9L6kZR@dOECPBCTM-j^=(qLf)p&uZYmZ1R(G^gU%b!pB%7G1uzuI3T zMWd#Q zJk+p;kvKT?{vng+RLDAds9uy1gM3`_xi|gRPhK}ZL)&TpgEV?Z7dTvw+sku-}+6H0!dmQC?L~ZSan7H@> zf$RApDGz8NVy=@wQ#ad1iu#8#;}9gBdA@e?H2@t!-ndiTwv`pEQ5UNIp?o_>qVfd5gvFlQ_8~I9^D%+)v1{X1 zgO6XcN^bUG#|&{R*BO4d+33{#*Y7^W=V3q`5qi ziyxUT+%^^3t4DyKu60=f)KHa{!nh;M*zQCvKf{kamE%FllH6?6DmC`n28TEBIKr&WMz zt7=vr zm)hkVo}a56crvI(I=8Kt(KKf=ionGyb&X7N^}YL6C=XiEpyXHU96D5J%jLQ1D!`RXD9u#2#oR zS-iUWoAAzI!jS67Lw$Te^jQw8f2dm`J3Q9j{kN4>+H#Lo{Hi1hk6Zlx6BYr*G(GCM zj4LD0BlO!0>Zjs|y_`+1Oj4ns7Yla1ka&LyvJt{yzI^fNOZ@FsUO-sOEJW9Mlc*Es z29K~?g}DWD^eR2FD)_{#WdLY0lXM15`1*g?_GBRin{1Y@dei-a?`x|YsFTD$Rj;8% z9>_n_!;!5vyBL5C!keLFKCD`Au(OCV<~!y;$@h+ov*BwrAx#t|UUfF&orqa_(!XXl zO#h|&dPC!czehPoSo`dk#T2~;KAI-8iZGNq6zwS6T*%`cJc+*Tgx}U)!Dg+*H%T3y zkwo8e&I;OO_G-hE19APbRnM&hgJ!#$A#xGbW84OnpypD2DHE z{Tg5|2U%Us>YcLA17*skIF=H(c?s70(s4Tab5}d;=u5t^RZUd=S)Fyk!NC5?m@BH& z1{K}1w=vB*{pLT!OB1>WPAlKXlC|9r`Rk8HSB^KEJwhGzaPhMq^n+QbxUERvefpj<3}|;-*t0t45#qa^+waUJWtrOI zw8|uhtrK78kWXNwpbVC|(wM?lAhvetN~ILILNe^H6gz-&T% zE=S0*Tpwfxzl6iilr}aJQf{~?7mNQu&Px9j(fKP2$ z6oPGisioqw9X`L%wS6RNdfnDSHa2ol*`#Vv^SK>}-jR^|uWfJd{f6acD#+#qzfi@4 zpYFaXQ5d9hY)aRpJ1xmrA8I(8GIY}L*6MzZB>F%XtH+P@N}F|^)KO6>5R~T9^?Y7I zP!US|i8yR^CULw(@ zZmd)iV_B3)tmA2|WNL}Y>4rM`sF$IF$%H$=pV_=4(XppI_uYDhLEY0C0e(4)wDWI- z6vk!1&V;Z&!V&QkAddadUlg?axKcXR)uSdxi{%aQ3zx=0Xwg9FQW0+Nm&7W^C%~&s zrdFZ}Wog(YD$!R`p`|xL=#U({G`@Mp0z^P~pzogY>vrg%$hgVKkpt-C1J z0*T)Hvxwc&*gN7Hqx3(go38ScJ1(uIlVuj>-Fx@yyz$A5r=6nxpAlmzcD^*dqP<*9 z95w7lvY3!OC4oJn zSEU#~v$(_eIi^3GVFTN5qwFWZG9DJqfUzJw*>@^9X+_O(1UrGD_ixaHE1msxOdM(y)n zx)H+_0}($vLOFEMe!{^S{ox^Xn>E6mpf4ywf$j@GTN40=_PzQZklcqATAo*9B~_m1 zdDDic=bJZiCm$M>OV`7A-foV-xCdRHTVrXxHXF6)v03yf5}pa#ZzEBBmd)Cqoud~e z#YTx$4}pZ5IysH^Cf6zufq4l7w6V&#M6OK2XC@|}eEhYFii&YC%|T5SVhciq_jqs) zm$U!O9z)gW>_y_J4T7$xe;NmO0d;#NKTio7bFB1Z*hBXHe~$hkO!xT6!j8Yn;1A8` z)VQgmcJ&Pgy$(MOw~LeJby;PmA=RmN*x$gVfY3}#^@JVC@RtP5w7fR+Kl_;I1jdPA zg1AZ732$a;R8ZGHC#jh)1KL~~%eW7!h zQroMHb)N*&0p()@LKlN>n-ZI17zNFj-RRr75-(x4?_c8W6*{QkTu|k_GN1>n@kYn_ z<%!j!jl?4BAYs~t9dYPN483)X^VL}L*DTO-@V|uQl9jh zSp5D@`=iT$ZKu}Yx#@ALczEW4I?^Z+|^)1A0%B ziIsw&1;4NZh_Mu$e!)GtxbZEfotjCW1Vz2rQo<$vJ6^G#A(Fww8xYSZPfBj}?Wb>|-$KZ7Fe_;C&_e>a>l}_7N z5{x~}Pi8OJN~UBuA1L94Qd7|0DiNs9_K{mP^qwV;>9X+S5no$MEZK&l|Ij$Dx-)mR zjSNVVsL-{u-y4nwC5}+{fOp*reTW21h>G}Y^O!SF6M^bf0RhvjED}s{3yXwQLg>mb z#k_QB<^&6>iw|)@tu9>S)+Jn)t968B5f|D{Y%$ILd&gqH>LH_CQ)Vc!!RC510 zx+%tmyFFs88FsaNRzd>}r^U;X69;CW?|3qgpJL9;2#&1@;qS|Na^W^tFkaqNFj30?h`i+3TowJG1)6 z)W-0BDNwf>8Uy;k8&AmUD7kFy-CRc8=^tkf-n0oty_k}Vsae^QAKRHJ31jI-tOrM1 zk(#<=`MiSuWz>9h(?q}Am_Bv`985|-H(sCFFni+RmG0WX;kkx?&Ulq}_gE!!NJ4KA zul(jy=7!rA;PgG(wXC0^g=R=h;kmP3HMFDqssiU)K_Rl#tfX;rQ$i(>MCVj;dGodl zHC$GFXK8~!n?Ryn;a*Cyre_2^t&S19BM+j)iL)ZWA6crLjM$S~t`7*BEY(w<)vM?Y z*|vneq~B$KZB4sh<{}!3wV%LcR|hJUlV$o^4}M%L2;x8xNLvTa;HU~OowgNRnw(H> zmAY?XwoO!<{nw`*Xe}!?amoaH*UgnRy~A<1BUwb`)Plr?f#;meDZ=(&8uo=B%OGU9 zT*)`o%>;)s<*cL6IfEJk>3XT0oyKTSsA5h+0_!K%j40`E-(P_iOh;JPbOBu6@%=xg zp6c%mR%J>9b#f0&=^T=F<6N80j#0%b`;Do&(%ogm-9KWwOXDrFCrbn(QD;(R7Bn+r zAt}AK0sj8}a-_Fb=Xd|Wn~|o&oRQ-mD-Rk6PVA`LxF4PSAY7OWFjI2d>`Dlwz2+Oc z|NV>GIWGwTf8%azw*xALq3AKvhW<2rZ@u+lCV`wD$Bcc-!L^dpVo*xtS1|tN{C|jg z>#!!@xcz^i7(>8dqBMe10!lL)B&AbY6chxd2BYiaL_xZw8wN-zIZ8l6knZk|(KTSd zYd*i{`QCphhr+?VJFe>;=lOc;aTRW9NB4}bZjH>DK{CTNnEhCm{>IHZi-Ml6320@F zXo#}ixD3fOs3O;9W)2?hWqn}x(Q{yvwfzkB=4bv3L9TL zKh|1~m%-d+=Xb)^n(YzupP)$#IeTtz880A3p?!OSoBWwi2J26RI(}|xAFl*RZZI%Z z5UWZXUMXB z_%w;_!>bS-?JWm1Li#v6yXEmPJw3fZ)X2c<75*y{w3#GyArOeJW=L^((OOc-6(69A z1#PzZ?b(cSH>VUT`rV?X0+~V*(jgC%vUHFLL>)~OlaO)?5Welsog0+s1f_W5D^R@H z#j#KgBm{$FAv}szQ|+RH-YJ4+9f85?@V;wK76ko46q7p&j6OkYk}FRCPYCYl)mB) ztHhImh(|@0qI>1tHAmO!h#`IHQ8`(iovI8MH8;iHEpP{4>;hvX1Bj3M0^Z`Em(E}z z8WipK1$TA%2&@0Qf46}iN(Fos>C?l7lP^Ij>kUx7bV2EJN&A2-(ZB~EBrPZPR`r)>vS}bxsE-K@9aV;PNH5@ zXTa|Z%)Qlk$D(mV(iQRN;m-}=VR(((>YwWF)hx_2Q)+5zB7v#n%rjJ4*!HIEtgY#3 z0@7?p>h&T*u&nCjZdlSo1t~YxWU)WM1uNmA*7L?1Bq>0=J_ei}wfNAl7KfxwP0V^l z>4#noGcX9_B*CM?k$2mi*-Su2p@6i`s*|tqDdEnprlpttzbXyN1L&=45PP+?TwPL0DB8zQ>B4oFCem=cm1W3(7^LXhrrOQQ}-rV2AFvozJ)udj5K^-|3DNmP><#kSI41Ra&~ad}{0?XmE-fnf} zB$jH-8<_D-(JH}c=9tLVXY_iS>#R5H3jc%6*y}X9^d1{g&_@|3ykt`1X!(&g{VzS? zjq=(pEolw}`;sE7Gpk|U*}n{bL`@zP8z*PPV~YvaQw?|nu^&GrDf-?fipuelH1u~R z2BxH=*fQ9xm<}JIRPJ~Cw=Bo2qe6^lIZ_zV9I#;QPHVmS=cTonhnGtr1Nj^C-Y$L> zU8Fi6#l*y9I&}<+RXF{MZ)un)gx2Xln^`#yG_l$r^IQEOD=!Co*oxT{B&Amo*qI@6zz?Se{5sqKK zv$8a#q!aAfo>4+Iug0Uf`K6(sD`nU;XOq!eN`(Bbl+S*@kyNr|FkjNHxo;hlt(2B% z2(3ahN86k%7-~w*pg}Q_+KdV4&ffo$Gx_o8hc{8`kcHXTs?{dkzzsYT=9EnW5Zd;Zy1o^==JQqwe@`()go9D}!hhzarj#M{GmJ6L3d!L77^>a#d+^UArAh_;N*5AK z%2IZgU$?VUzhVSHJ575RLe?(3?s0xvb_H_KB}sMd;_t*plhG1>?Q-vw#ONc{cXYU< zbeYVQ^3nTz+`N#%eqccl)ZIFDb{5joXcOY)U2_(prW0ovy~WnPzuFHaCx$5#SH`8lQV_7krps@R=4}I5Ujm)A#0zegpL1Pk~%f+6B)h0Rs=kL|EO>E^S?FW z-^XxxcNBVooCv>8E57qAqELj2t!6Ka=iF~tgl*$wc`_+H;*&=@=2k5z+W$83Xw-R} z-P6n0eI{&gh8wXld56H&7e2FzGLswwJBmm7Y~u_U zG9ThFxj=6u3kR+`TOO&KgOit}PK<#VPcGo1eRQ%-2-pI#d*4EAE+pnAk<&+8+KM?p ze->{^#t(yn@e)aFyEIe#D=2O-=}CJOJ3_eK<{$;|A1qxqQU$)kd|nB9BojIOPZf_k zY*J7d3U-IgeyrCL^WhxcwY#qk+(_&+rX{;gw%Kl3DOVDvcTCKnV|AQ(Mpuct8^Hq1L&otfIQ;G2P%7HtQFPOsRw%zzGkq z|G)K$08{e$ysj1dF&^zE8ch+x2O>AN*P?D+>5!O zVTAtj)kvR|0=MxtmUW9)_cM?8j#~9z7c9ok{TdY!T48M{Yyco#!0z(LASsv|A^KzF ziPlmMl7}vYm<^*sg$e7J*!FfaL3ubo zxeAhC^W0Y$+N|IuCS?yCC1(ZZ`U5sZrkX9#{p|{s5J2Hg;5s%TjKJ zj$$CU92>L0{Gjvg!M1BC|q=SR2ERsv8i-&1@AVQ^tY^>!DuXZO&*JMQtg)1e|tc72>8_v1RhDas~a* zr9W$ZWP<4EZM$kK_h&o1rX`O4m;#U-?~!z1^Z z%TJ(+fy1*$z8g@5G6*Ti%WuZki>;ksY*n+q<9(Kw+6&yh;i2j&rWe%WkM+BPI~wsSzL(H3ERTusQW}Xf)tKS@o;H|>@wqd-^l998fVTpS-oKY z|DGb@@-~53Mp0g_f6bAf9|7;(2Ig-If}9b!Ohy;}yl1%UhMNrTx_ZID4WXD;n2fqX z5qb|mS~w1Rbz19y9?!regmUOUt=OV75ka(HeLNTRJ;uUcE2FEGV{r2GW0_xpl3fgx zS|ckq!*7X|htFb0Yfw~Ml9kgNtm+mr3Mc5Fy&w(OVE2rDL1+x-85i6mN*(K?gr5#} zjBT#_I9C1hk%M#gT}zW91SU@b=l-`Jv!>z_Sl7C%rgeqnxOBahL{%(hOd!6(i(*@B zzI^WutA|Hdj&~wm02&gB=ka#<4NxR*rpH#`VHX6PfqW8Rlp$FUs$urZjUirpCfq(g5{5hUi=2aVh(yY>fnsaM3g5112 zRTP8U%frx?m6wkxNREkkr}!%bke~PA&Oxv*$QyC7<-9hK8KRzZxC2Gi-kb*BsOQzXhgn(~lz`3BOL zdwI{KQ+dwIMzeL_$g+N40Mk&(*n%eRnBa|Lu(vpal-Hx?{-g6XJm|=HyU|;J5l2NF zKQ#5K{%D+`q}wyEU&K~tMUg3^`>chwdUp8D=pf!5^U$qx_yUm0$4hn=NEvSZ-)91M zAk`D7RBF8f34x>*^zL1Gs{46M9D6S+FF0sj$f-C@uRVJU?fNgY8cH)s#MW`&NBE`5 zimS<9yl99@nizPV{nIj(Kl0}QIRl-LsHnnw`|YSC5vQSQGe2gqjyNrMshRlIVtA~_ z=2TLq!pDkrn!Z)^*lxP~#GZNle0{aR;u=jF6a)xY2Zz9-pcFJE=K1cjh6(iI479e7 zyxT=z3-NgJAL0j7oGLnRdX zefz395>ke)I{B`e1aBr~fN@sxd`D~+hQxWVteBnWKd+Tag(8t-T*a1=kS@^>{%0ZM)oNj(fuPe80vGEe@(#R%f;v~7t?to@ z+sVr2jNa9VJ=-*r{;e`cE$2)dmLE+hJ<1NHw4EHQ{HymqQL?-gV!3j4zgmq4&Y4a@!r+`x7QhnU@l944c2aJ4wrhRz@1wNoBXpA z=bGq?w!AGVpq}|@nC7b=zYV*jfnTvFNMN<{wj>B}8Lwr{RNLZ87B11w5&jOnORLrj>0}}D!+cy^Jh#77{?eDpwY=u`f%pUzv zCzXtaXvN=xL)H>-;#=6r>-4(hDFc9{^%&GRDb1Nr{+mu(uJPHgt(6N1_Wbz&$BDjH zYs!@56wWR!NOr@j-MiyI-xeJio2hqi0=^D(b!FwVm#4jb+q+wGgh(PfN4r?%zTvU) zUkZk_Db1kI@;wt`CEW>Bm>qXKb>E+ZGU90g$N|fpugF<2@b5DCC10XAY$=B)SN;a2 zbQ~dU)>g{*{<~Dt#D*A{aLXt|O#W}G^C%nO3<-oM0-1&iZV1RUMVz;N+gDb;QR9w* z=O$l{!*M_8pQRgu{=U5$%kXTj^!o+yJ-h>+D!$ZYK-yuU7u<6jsE@Oxsz_nL-e_GO zD*b}>B!;lj5i796Y9b(4r67ZPdBx!qVChIaN*S+b;#JHH>&Uv5l*;40yqd*Iz+fH=0Chz%SrIGQu~|W;ONsfO?}$A}jxA>|5W^T`9LHURxHB z-vlKdQ7|0SET3~R;OG)c_dVvNnNu1SA}OWTD*uvFq1eOtd0hxDK7c7KnKu~!xjgtC z7sFNEK&Ux^e}tsQfOXH{bOjp&c091$Q4i)4WQlFp%%j}1oF{spHg_e8*erLE(P*dx zB22})3?kDBW&pRy|RMtX96@Q%k{{wML_8{*?g~3^Y7iX2mb-3SKw_0X)rp1~tD)`&&4`B7LEt;4wAavj+q! zw4zrSN|_Zx+>ch>K-NaEB9vS8M#uaH>KoPfRrr zmrai`Aao$!W8urj#lZS`z+7ngeVL?M88uyf!8=g1NaHhrU>&7OJ>4y!C;)bQ#ZVdi zjJgzP&!)Pc?G^8tYSzLP04dXsV+gEjKZZ%(AflXuPs3K-wMUlQLEVPRI|J`kZ9da-Y()}!TS&{tSU>2IkKYZzvc)BJhp^hgxT z;Dr@fK7UU--1;fFCBUe3>b@}C$Fqp=27^kGtaLEor8&w}rsDwgqf4)_W|RQ%;WV7C z+N(;m5AY{*AlY;%n(bdlyLtmj=r1cp8k9?ictHKjVocRR)epknEMWkLKGW%l($QI#5WkUWz3l; zCz8;|;3D(%Qn95sX<7=p21L-jdDcKux9S>2^1LlUeIMBm=^pIM9cIR=s{9zXh_BDb!dmS4HJRxe+=&g?^A(8hx#A`uG#K1a8`r2Hs-={ zFS2o+nM%g3v{GLE-rO8klodXo$DV$n=wU6z^qbIF7BaWvhSNZMsHvA`fzion`bO7EhQG}Tn_bZY4WK1A-pySse5@hNm>M+04=FCf%s^tC<#5%BhxQNG2Ts&Orwb{_qvsaxm zv2ixFk4;Xm8-XR$sgA!3EM{a7-&em$?jkn&N(>May*mn&^vcSuM#J0ia^UeeKXx!{ z+8jH0rFO4{Lg~AqGgwpmJU4(Fe`tSQ_&d(I21%lXNa-RqZgrz`GBJm#VgZWDwe`(; z;e2_vI4z>j6-L~KBzG`}hrFr%)D_GdYI&6e7{HUA;{7}NeY{llzr`%4%N>Q{&6e+9 zhy-@|HLgqT_JJl^*aqm|Q z0N2AGCfi}$fPTU?4OnyZDUx_G(Hd`lRrhn2y_};A{M6v?-f(zVQHG3VykPKn8F@!7 zkCfXYE-{?{bDUn8F-z)vH|R8QM&}n|#Mbe$vhWr<<^74n!`!KotlHY+bJw2rqI%fL zi?_?RSUsph2<@IJr>oe2r?JauO^tbV@t49-nWg9JZ}1ltE!p_V@8`~-lZMsHJLvgb zs-CJw3~5)#8RGdLSB@WGI}qW*cFSGC_W&?;b9@X;BIp-kcJ0`fOvy_KKMZcz>-#IK zy1~Ht7i+r!1&qLULeSUa7s)dLp)8s(XTDGC=+hRsX2E~jt!}Wlh;P^xkraLjJe8eQ z^|`g<;ALu8A~C^W+$LZPy4yL8#Q=EP0VO8Mz1OU}lJ`nZ^2MEO899>!3FBw?xf3U9 zaXIA#(@giUtH3#C&gTQuQi7?u#iJU8*W4?0c8fTx366zePOD%J;-UTJb@>?%t1fz^ zOG!aCd*O>0sG@imWcX6Td~>E@x8bw{iC^JC`m8QX{vs9ktIf5%&HU&~kUZ9VzsUL= z-U7z7V~D=@)fgH0uS(3>%C|#66#UfUgF+?_IHJ4d7$c* zA$x@{LuKg9E*$NKN>?UiyOF^_s2^XH$wViqNGs93x7=CQl|B^Pk~U0^Br(B zUO#62U(fgY#>XT1Y7Lh#>O>igTzK95$2>j>J>@xj9RMK~lT=CU56S=~H|;i7n&;4tE`r<9vzKoxJ*ILW0m_6XIV=$FiQEI&6hd=CU9CL2!- zr`5$u_^|Hvz<5$?sgw6okC_RyrWTR2I*+xT?mB-EwAM-(-XzclH&TcON@MOi+x1Hn zG>>0hn&Q433}(`XZtm@38H^0$H~+?&ABI|H9tc|Zu@wE(L`Xe8_PNvp;cal6+K%qC zMc+v*hOn7FY?R;qSuv^KZ5!`aws+xVcaBO@@2Ogus3Ysb8DT!~f_>1D5I-7KAEu2+ z1$9$g&1LL?>1mp0LOGg@n}5`yWd?u>r<_IS8@h3zl2}GOJKd0s%K71bs!Z&cmRbO@ zNe{fYhYD6!>d!gp+ka$0ZYUJbW71ov5zjLW+arRo#ci4^QshwC zC?%0p#3puY0hy%qfG_w+v~?Q53HXXPp_VHzHsLAIfZ)b?Ga#5qw5C8>d`&sTCHAk> zXUoVyi_k_PpR`}Fa{t|+xT6>Rfwgdt&&R`_s~_D89i?Y^7l$bq@Hw0P5UI3UV>162 z!CPDGonC%las?K(;5nMJ*$I2IJAJiq*tr1r>WD-!6dj~_Tq^l|*Nr4tn&}}5wN;O& z=?bY=BA7r%TFqQ%Sxv3b_u?f~$0OCZ{?d^5%|jouBcko%Ii!jBRG&wLjdB*%ydg;H zcoHu|q~b|}1e%hV5!&HM51d7Um;vgv)AVVbjqrzwN{8p;syNQgic&nG6INDMCLFML ziSyKCH0|&C$x$d5SAn222d-6XnsT8J6AyQesF>QvlXe`+Nc}aFRJ9=Yg-0g@Tg{P~ z!9c^)_lkaQarlv;!bDNpOAYPuuZi~IaH=G)19jWJIXkz|>csK-hEG>7TEwSF^2tDq z38W>}XtcBawnNdACo0YP9K<*7emWA=TGCturTS&KF0kNEkfP`{M$M1Sa zcb&A1plpxsr&8{;XMYwomL0eUC z%O+jto%P6|Gz7&_fd*9X3x=Nv5_WfODxCd$y++$AUUH3A)kNCR(C{zM#b2@LAd5?i z8QD8G+ff?rDEn~E;@cBPB%q0Tu8C{?>(qo(I1Fz7Vro}-aF3SzOw`vsdNr>LS4$wg zO8u7)G{6$~sLKhJ+3Hh}bh~{&*p)1I!ZEa0`78hc=W0{8(RgFPcgv~G`G$<%5?t5T z^vpTJdaLG7yeNinqX*I(CA>?f)8+Kt>(>KUIbM-b9j@Xz{_4)YK0e_;0IhtAi& zmI9@y!BLf|nZATN^@wIes@cfAdWBhKHe+bMu&#-R&fisz!moyp(q|9E{ut+8R3+|! zRdLyNY(MN_3D|B7P)c!))wxsH1{otlK*MLwP!ME)tI%KSVt$T;d&sjYCLlTgWH(5s z%<~ZI!}s<@XY7z!1oy4ARLaZ~U{Vkl?0S6#BK0&Kvjr5DvUNG`Bd@M z1>aT9?1)$^Bzw*e@AN;U6?P(6kzc7+ac zPl?>c1eT~syE8+5Y6aIZ9Tl_daP`MAlA8_@AG0}1c%&??JVMtq^Sm^_w{tRwrTYH+p zZop8N9vgIjzE1yeTJn_Xp^xHWXs_e2k?Z6_VG-%Nz*!<-FBoW{XoZL}WwS}?sCe`E zLH6A9%k+!^tM?e#fLcq25m!PAk10%Z9ykj?_uzD!C+VZfC6TC*56e%?BV)X~3DJWz zQR)*|QeLELv9B)bB^0*WzA<|E-9b-R9b1ueRj~7 zpx7hz;P0B6O8(xug;^&x-L?eoZO7ysoUtFXGX&5k#gAudMMzTJRfmstQ`excnpNvt z3c~bs!mW#a`*c48c&EDhzV4pxw^fdtn;@pEDD>wi^S0+WhR1~s{`^wdh1CvI>esb; z3rbgw#(se+J*+-bOsfuUFhuW(`t8}(=hRRBP%Wt5Zag&O6q^F#aS2ZOz7H}=m*&hb z_TRa!Bb|#i*+e)Nw8;ur6>onFM|W{SchnIcZC`y{3}Ut4OxA3^?>{wJe`96UCR&uD zsOgp4b(NEF=U4btjAsB(=plAbxd0v82yrgZ3~P~NiUvkt&UJ}eyk1dV|087+@4MVJ zHxGL~&QVmRE}#4ayy9aBnvjR#{PvmLieu9c$#_9v!0uR&p3y=gA1P*@qhpL*M^6T< zt$=VMCaNU?F_l5AV_2>^UpF5TJ*8f7iEABn;%6ovQNA#&J>3J3d=)^>cvSTE_SQ6! z6Qnx8aMoYN%zHa|zD_MYtEBxxHVj9kV^cDv^{B&T75ukbI_R1G>FSC4DDxIXq6 zAyrE}{uQwu8VA^g?$b&m|M<{SmvArbe{*cspC4tEpCXq>OAj|>!{Ah^b+g!weIFxQ z+!#||>v z=nPV+{e$;Gp2q9!XK@AYP+W!&S3u|-{A^=7h31>JUCJ5?rM!cg-I;J-cjWmxzxJE& ziG5o{Po2JW`V;4+>j74!oz^u<7+UsiO4wg5NC)hi){Nq0TqBNA@@rISbp)~I9h0TP z?Z}uf{_5T{c|ZB?NMS$>x9NAaF8t1gJMf(SQ;2m<@)YXc~Iu+xJNEh4W+E_CMU) z{zS6g_Z^c9$Y_6%9H+J1P34~6kZ?t6wy^FUMt5wYYbEkvDQ*7 zp-iQ9*>q=Lu46H0&_7~=g<#N6RLoNuCC@Vawe@G%NB*$pdeVjOS8_hfB3F?vv`la8 z^Xy-M&Y*AdT0h-1K}HKj%~P$BSR2@Qwe~(C5I2#=+=f$}dK0z)niF&b4Iu7dDTr1n+%4~(PvQH}NfMH-VMZp*SbMV0Ef@5Vg6 z+`av_oIi+jO=gGS-ru`Ge~>oUoD8OfI&M->vM4{u1CQ!6IcEl~)RhoX2^*BkTajlZ zS*2p>7*Y1KtW}Dsf!gbTiq#>$b1*F_ue0OpMZ!jo-JS72yoc3?3qY@b{bug~Wt{-Z z+s<)<>Y|qY4XwjbGub%h4nA9~|NhaK>aG5Ggu6*mq+MP7gC(Y|BhS65#AOksAp^3ce^(CQcC(^h=wB@&jy2^t@JCS80dd>bJonQNM z)4V1&KZc!-@t6~w&@k4#0oT-heTu5C>L^t8dW`H|*($gKRu-+N`Llo3j=Ov4|cBR0!E+ zVRT;QR(^nuFd6)i?tSpX1qV9jx@yRb)FBeHQc!IgiKCK?MJI%-(?yKkEvOjkz>g4i zfyG~b6;4~v9T%-&sc5#xFTR3Hu1T4#$;dwOuvK@2KxorrQ+29)AW%CL@o;$Ia^RF3 zYjs;onM$KyZl(1#Dyw&%Co$F$t0`>y=GaEmpTgU9FB`H%jvmJG1lLdOkwB~-7tROf z|5T6iB#J=al;NW7hQr~BM>*zW&fcXTCSR8{S;$=dsfy}&9_!tBio^Hbzg)yJe5j## zEmse|!e+a$_VIq^L56e2o@5eDq0tdqH_~P@%F)cXy^n-^uDk&dYHCQuZc^G9gD%_q z2gcI$@70G*J%YveRD9Izl_tZ0(Eq`ILg`WtIsvI@-zaPgO;H7F%9(jr9h-G)w$|r( zA(HTc<~A6MmO_>m;>SB3lvyeaGLs-!FgfMH{?;Y9)%^Bs<)6IvYBL=q^k5kMspYNO&XgRczMTWlrr1u(07aNyC^SU0V0GFKOR1xW? z&;9~N6&H-lJIg6PB7$O+gTabP(UFR`RRS}@25OJIxv=&XQ>UvXHRLdO@$EIjlrb z!?6@DFyCVk8h9C+b5qqmJojfWXVFIIs?@^s+ul2}d{y0@2;sh?%TWABGg*^x!pg&A ze|wO)GtiJ@&U~fi<1l|!--|HUt zmwf*8;$@Ptbrj%(sj1gl&QY6fOPrgom-%NI26(@vwqP+SEIX{q6T{*+9AZ7M(h3N9L`~4~ph*@nYnVXe z#^!2i%&P-X&ZRs!)lB-LoHdq2)GoKDv*D?lpjY((jAHW#EklXrL>alYwSn8P?_kzK z?r)|qAR`awyCCQby0qs)65tF~xUH)-PWL5mq@~o>niVTMz&315byCe%N^Oj@*fx+b z__8RzXa6?|1;?MV+Qo5t{`0~RLsF`itLA;L?CqZ%?tDQ!FC%`N5dC#46{@i5%!dvM|sR(|A@C28~N(z82s3b_MwxO!Tk?Ac^yP|{a$ zhBVItf?zsv%@vmCTeGRBfJILwJvUCmW_Nw1qfpF~9lyZFVZZErW zd_%)X8Ts_O1YY+l7XKBS5CRoql6@-3SCGhtn+aW8W9Sy;6SzjwX8NJxIMj=rh- zC8VFj#e)aHqbA?V?;JZ?#V53%`chM;Qn6e69+Oho2+Tsm-az_FQqE%o$6(}CsssB% zW+6x6jvoAFy0uoZA}BFCkN58Ln79WIS1Iz>!iBVA|2V2uccIQK7yGebv_r9g&4sHhkE43r)!UfoSM%Z-gqX1I7P(=z!jrhzCO+(S1(`KTJX&LbT zh@*@s1=qHcW05214@yo;f4i;^TKU|n``p&;I#SvG-Ja49J99X{QIZqF zox-pbEXSC8NdA9X5vf`a(KC*FOB=X33=ocny+KY6&ch(Ao5q>1liK?qdd_-_SSBmRV+fRkHcooTj)^rlxqJY{xP%F_%R-t5#?`ojfH#{((no$KG&Jj;CWG$Q?x2#=oq0>kLKE%~{%z=v5-Z1i}%K&@%kcQU!$JnP$EFT9+&V`W z**MxVQbP(>)|PK`*`nfTAj9 zX8Uiy7`K%)L0lEmMbiA{6mQJ#kGJko@yF0uJ*VdEp`$ALy4 zfSoSPDJAA0gswM@8NYUDi1lV=cWzi)`SuQUvJ+&a3FCn1<{M2&`G}UsYg?N_VepGg zqE}=&+p^TeWbrN}vJqX?lAAy^@@3k*-I@C~y_#RntC$pw$UE;0f7LjrxQc=o@#RI{ z2d3Bw0VP-ECaV|XtecZ8Wm`h;-Py37C$q_~rqvhIS2Y6$Jh9p&1_XS)Eat={WVd(u zXFGDV-R$NsIYm}^6UTvBg$mKF7qb&S62Ldswk0L4DV-*BLg(4IANRuKQ)8)##LjOD zt}edrebEXt06LVLOey{9|1Z6>eZi53>jV8>09>FRn4M*2hd2y#bO*HsxTIvUEF=FBNF3Vr4FwR;Yz5DVZPag>hce-GGNiGA1r`Q#7jRV_2Q<3c zRXwJ!P)i_F3Vi%5h~tf}!)~3|Xved8jQ|E!4E^j`zcQ=*Lq(aeKr>|PL8|WrO$!HYcc(`mWb?S z?>3obeyG9v$i2rcn;VJqbdt`tYPVG!Q3a8gwF2FeWrQ)7GEH{R)T%%ILE5VK$+3mh zCnLI6kiYhGnp4P=@{jjQ0gKx)`;YU*orP|@H{!KVT|OYznygdS#D#<<3i7wlSPUrQ zIbupFxWd6+Ty)Mg+AKkH$VihCHa=p9ym0e~o4JUn7cCN`_z@B4Q zNmEDBh^6u0y|bg-a?S!OA6y@NXF36;CYh%&TMT%!fwkZK>HFWd$iNZ0EvVn&K2PN- z6>wVwa~2>tKI?i7GMHa=yU{#y68e5DB=3}&_Nwp#)vMVPTN22rsz$(Yi*l-mlK}JF z0e!dE_vr+0Dt-MN$KE<|+VBa0hhn<%}KQs37d?J zj449c#b@1@Sz?q=ur+gI&`DvpG=!ou?0wAIz)UAOOIKwWy-OVi^N%)X^w+dg~IVB$v2WlhL}{ z3oAa_7+tT;mYh7Xs?qdIMO!{lic!d(*^%I6h4mjElr2*#pLR&?Yl?}5#`%uE7HRe{ z1jKC3Z%dspZtz^+r5uxfs@N)(B*`Ko^hMj2(d~isk_zLyi;vkR=3liw=JGAyu2`n) zN?Ce!+>qhfU*hSuL$ro2{MP)n_51b?C9cLZ;<2btrDvc?%N+wDrHTZW{?N5Q2+{TX z*zYuQL?T{q`rlUYrz^gkqx_{Q#X8ZuLfG$#3gzC3OwK8k1FNTx*k#yYl2ZTOLFqQRc{jjF`0}atUq-2Ud|=$b zipnx|vn;CE5ZH_h>ZaXYY8KdxU)l!h8uZ=zOCLXgQkB%{wwJk~23@ii=xl~XQL)7H zH-S+U!VJ$r(F73IcS=n!7!pG{5eTJa3tTVW?e{-(hUwS`g5v)=aIN}&n!l=OOq6ie zT{}6-u9y~6jP4TlmX0gbpvx>&XyBYw=$(i1=4xx}2xTzBtkw?ZD63V@iZ!c5A=b&d zFNTMY&fCoW^|LE__N#!4M(5oW@bSpBdOE)v1p_Ux-@aizrJFGJ#+Q8eHQ7{B#&=C9 z&B20PP>s`)v2a!)O0)Cvu<1I7jswEz&`Ba%O$Cng_>L9)mQQz)XL`smo}3VWyA2!m=}We48o4(0ifwMNP%=&Sz`=cPVDJTH2D z+LEOMSSuT3(!$rR_@TFw#;O>da7BEZ6BlG6p;X{9C3&p#ykfxr&4It~A1?d>7?6vm zkT1m`X0y_Pj(`D=igTQ0HkH9NSmdYR0TMRaH-CojD>S5U+vLAwwVqMX=N;bv4I_K& zuWGja>3MpX<=j$|vSeUf$-V)r**6`;4Ph|nG}`Q<-sB3Nz8!V% zxop}!eO6{?Qb*^zyQ0@o?1(#qx7g3z&EcUVKU?Xj`&{uG-9vW=lGx5XNpb?cE}ju! zY}acGlRaALP$XGvapkoh*mFaR8PN9x2ct?H)L%YYA=;H}hSUYZ{nqr%Snr$S3t|s7W!`cC-#a%ygNY~RVDaonkWjCQ?DmmYhF;~3pb<)V;9eBrc{p zP(GLDn&j<2Y#I3hUz{w;huL7}vX%TeCeN0yh(0*k%XTiXjJ2BrxJ5F%5v@)t2t*S> zOGXv5{=$Wz@{?Yfd1|nH6V6KL#ow6C!##j7CY^Oh6F|}%_G7~~-*%C&JMjVdmktmV zaaP8bB#oeLd)4&dq7_gtCC)3}7K|Y9VUpdJT1AdHpWPnp%&GQB7NU!nN2x{h@#o5F z2{g*5W61zLfN>FO-P~I`jhtq<&s#cmet<&$Yo0Y870yxy_w~W`d#4XZL%G{3TrOvo5PfV4J zyaXzkcNw&bO8b_hK;~Qm)VslSYB(H0A?dWD=u`0(-{F%j?7QZxrCljkVb3Oy_qjOP zVARk-#-WQfMl54HkGhyBElBHQxFynqoGRJ)_mAhNw@uCZDXC_9YuKJe^Iz6g^A32Z zdIVG)f-d7UBHv>=z>hueEX|R7V!Pmk3W*q0{C72cTYe)0qo2*7KWtml^jHmi0VDK^ zXNB;MfrI>e)HX(ET%e`}4ykhjG%v8jBS~C2S8RFj`K`m zfD>>J9gg8wFIG}^nt7&HNz@+6n8Q#`jROv>ftb}}I z5&oZo1l@I}yM!H2B0Z9p^ySt<%RY1B0>245^lI|Q*ItHYq-!tIz z|Gnn}A9Uv4JNKS@_C9N`z1Dx137WGQxid9^WQxuzw!;r@_rDX)PITxWYisSrFJ&wM zFAUJk;h2z|C)(O}=75l9zCDFg0^1Ucu$rAQ0*LIPNcIuz*x`qqn8?J%Ly=7kS2QTmbpEkgN`be9v95F;;4%iBxHQ-8|h)9-NObKJm)7gzJpW^vI<1zkyBhbK#dAHj8$sVXnDzBOP0}m`D+UkQi8%{HU98FMp|G0 z8ymyE==%)=ibIwTNE6b{G5!^Ymb_abXx{CEfK32ekT)-0E%MEsXu2)<$KG7+k5#V} zslIfimIzR@cWgArjFf+xM)zM|6QJ~0iHJ%90(}J_Z`UVyveHAr;Y9wqFg}PqgVW5> zt4ik4eDSrynx%k5E38TN?VPmMw_b|`7*imtGPSiUhVUvtrAG=*ftv<8oIp>GJO!;% zEFBz(?3IBRPntrV=@yChEwTtIUZ5TI2`FDNBX+$G)vgk9wHCR&>~gO|mA6Fn89eRE zgLdw*DzOh8B!^B~L=t-cdcTi68Osqe)&o(dFSlWEBXA2;6;{(hxv&zHdCUQ;yuLr? zRs`ggN?KaR6U|Gm;n!h;hm0b~?g5aY<8qjHUCt`VY5}3mh7|X2>O8#xBTG0asrc77 zyP>nAA9!%KT3yiJyoTUAVWMy=B3_O1wGiLrZ{9;Iy&jd0+ZYHV8lNm~raM@dw+6V+ z2ckS5mAvb|>c2emnzOh*Rcgtew*Ix)_S?=NE(~vxWo%f|^l@YoAXHs{0Q?bJ>iiJC zQ-yprfLFxG+*LZ<;~1?H=xfd*2yRo^42q|gAf@<_W6-vV@1RNkw_DpUQ;tj}Hp5IV z^fWq%ztZ*75M5n@!Z@5}jh|?9AtkG>hcN}vPIgHO57|~Px0*|sm1R$UC__9Arcj4x z)3ZJ9gJXH*%vlKxM+zH*Ip589u6uQOwX@A&CiYTKpV0`CE2bkuSSl-vZ*CwJglSX3xsc>@E3 zUMH+qUS>50J|3<z)qeU*T4RsRLbQQhR+4m<|;1N zOt~~`MVWC~PTRjOW;<(@DmhT<|Ee9Cfb`cKt^I2TJ)wSD<6lwH$PujDh(B7&+fjgr<;c?qH2=ghvsXI2@U9&~zI5&g(iLZ8qSXu_W z&I|Y+W8S7l$*J8RxfXeWDA0e-=)6oVG8eadPIdV>>^~Mi@|&s1d$Is`$Hb*LXpzLk zyDWq8pB6d+rP_CXe&0Gg1>ZvySdM30`(mDC*442Ioka zjGB*wuP4Gh3F78x$iE6j)ueQg6cLGkpA{knQxFpd8WMra&ws;vDznMK)J2C1I2^zJmRTR znXAC-FM7MS9sA!vLwa-os`xijW01X3z*xS!wkRV5PU*fon|}t{YfN95KiIH6*lmrN z&X&cy@2wHjME#=)V(`}q5|#yy-E`)3H6~DDJ+YN?8^{xZq0nT@YJ5`^%E9lOkYzDG0|USC&ga!up& zp1IestZ{RxhavzfycwypH6r4*5uoAs$`>B?cbZ|q8Hz&=R==hSc@NWnfuQ}TTF`Z6 zsyZ4Zw>Kll2^gL8ETn@q6X0bEP2gJ>gH#ud9vjLj?AIR|V2~oo63?6-tG79P@&}L0xF;9K9`{Mzc%ZSOV>_OBe!R7F68=ZOwq(q zgbWzj%@2@jGe{2T&9U)+9*2AZ#GKDe=TLsFLCk+YZ(srgGte9qeJy~#F_=wp$6o7e z##KP94fLrI8B{$kP#}{BNewccAO~G%R92uL1lhv@UTSW|z+?~yf7KLyTRqyFJKlC{ z1@N$g`xFNpXk*#}I!8#|`skU%V}^autc>8_R@Y8!mUea;*==1z zN|3?A9n<6u3m{a^u8*=^+8&QLw6Dq+HJz8whOVa)RtWem4PO8m!GyyXI90aGPcYay zFSegu;#~ndG-C??z%bS6Fs`9V0E!_ab=z^k^@KfV9X~<6$x6UKJ0o)r;0Jz$`b?2f zVzQB+;Qbpw5la-38FA(U`tBmkmR3`R+V7DvZ}`6eN?y`TENc*lDhVw>c0cuvcfC5M zu$pnjNfBWoOQG`oV?uFl6VUj*Gh7TMVl>|0ZM~Z0+39g-z_-7c zu&swbdI?&ObMgN*-aBvnC__550wZoJ z+9{xHJh8wo5XQx8{#mva8SGs;HcLUgFDc3}8DooAQ~Z{h<1M?(6Yr^J{3sli1Ee=G zPBXw3ar;S!sq*g2;k#T7>FctkmgVL|m%plJqQmiwwa$|WexO6|Iym;pvCja}VWaEI zf#|W@=ORN!+s#T1{?XeR>d!zC&1$}w{v)V`iDjeq(}SP)IA$|x9x8It3QB#J*PT0V zp#Gev937h76sa%(_}LBA%1U4RMCPhY2TxfIUH1#f{llVJrXMV!MN+`SfgoA&;OU{6 z!9P7S&}@ueGe;6#loPHh%Cs)yFnirKio75(W$vG&!S5$a$<0sxkmu)_RpQ_#mjdT& zN8G$Kb}i7PId+l2<;7~0NCrN%X)&1oxFb+){{46%32gXqWWxGbv(&}e)cqVenLX8Z zJBSPiJ({hDzY+IiKedMs?Qe~63EG$I zwPu$X9G2vF{I{l?|5B`OV*L#aeSvbaK8c8=t1`a8O`ZnugH9r*bwFDMBF1*0PnEc* z3M4Jl01|$W4#dhP8_r&{+W%G#VxY)ZjC%)m9`z~0(8;wLGArj=LR(~ea<}Ags?EXC zks*2t;cpuUyrEsP9nhTLd;273DV*vpbg2Bn?OP{$8K4Ag0TSL)N~E)^Sa?&U_iM(J zZjo-5YFzP6Yf#O#9eX!Y8w@3{84HVvXz~nM_eG~B5l0m=u=f8a(gyL?a@UOmqQojn z1Dy!#pU0awa|b8@*gDL-sXZWDE&lrU7fJnm7%w%WLI$-ow{!Z{<|Rnyj{;t+OScBJ zN(gwx6~8TJ3~#Rk>ovVDUPC5#y(X)T&jA52+OBC%JeLe? zDEDIXLd{$loQbm!H#E4?4>PtwMn>3<2V1BAx80eSD2pivVmV0e$AO)_{m6e;Cgceg zj!+!T<;|ZNk-?9J2qlY1a7(IN6j&4&DBqN?y);^dIhchE!TAO0&+UFom73i35BbC2 z2ohADB#&rEMW%;OoYW>dzpW3lEjUC?AFkmTeM@)uq4f_Rfd{il{`h&~MS?y+3d9s| zNZoZe0f4#z=r=2QI?-Lx|92^!D^Oy7uoi*TOMmf4zZj#jvJ_@oagMdhO37s3f;P;_ z-6mpr3DbVj_`Fa^m4lapQR_=Tkl9^@wR3E1;7X&afFgkvL<@RG4t{s)-hbhCFujTO zfv(~kka$8Mv#+%r4(A?-KfF1uNm{XFHCkkCulelE>P7Ops(tPgE$6nsh_(T4qPL)! z+>~b!*(fu3MNejK>mTx6yqhr?@hHajRR5MfSih=)+U>Dob-sl>1yBV9U=8U z5FoI4eKO=ZtbIhpC+A51T<9U4CmF9o9j<%Ho`KaU-hpTq%sb>p>t-RR-bMm7Akc7> zwnpxZ%fceW;4U#N+FR&f2nmBT5V8j^!kWn7Zr^Fv{f!?Di8F?UQ}D#t=?<|GkRVXf ze-qyl!|j?A`xj%WzX0zW91p$z*u9*5!2hIP{S^T;Zl?Y$bCG&a6}vfE3iknK8`73t zf%)b;O7hLI0FJCecseB@`x9puF7Tr)p_GS5N8C+lid<{G2~AuJJK_-U^Xg}e|DIf? zGT3B8o1#g;WD{CYd9h>*JPB^Ld^zY)n8!(XLnUCfp=*nYljy&x+IhNY9|7l ze4XQ3L?OR=68lB2!9CO1JcHqZ0fp#q;TD2^7(X7m1W9?3WPvP!+BfL>Z0xl&2#mkD zCA`S#bBY?qg|48@#GpX(t+?r|4ndZhH*YyR6YG!?@=E2c(v!AV!(c@NagX&K{2OX0 zKn4FLBQk`jO1n}A@Z?(FP5s9p4{w-jZKn0A25?pd$cCtzKvOE4hi@l{P(;721IqZqqnDtz5np z0cuxdcogey_tfGfNbD5{a%N2~KTR}U^(LP2@|hidoetII`z@Bx2~R>8ZXVwd6AN`Zb`is?a*wm& zH^-Q05{1Qs(GNp`6L>g<^cW8PHpo+lH8E^RG6t8(SY9Pnntef))SHSSRMM>Z6VthB z^2V4H!ZN5vjec`LZ;_Mx01*Lz63AHa*>6^I4oP7=hgiim1Ei{nGRf<`I-(i|!ZHuH z1MXIM#Dh7fM~Wzk8d)p~cmmE=zn2z%#IR1tejhWgQ|M%(;2y3wZA?d1*HDF||Gvs- z@_MLr@o!(@{QxN^(tC3k!TA*o2yv%CRN%9opLbR;1lV_?c8GhOW5Z`V-QwpFkJZx^ zK0OZlE#C@4$Q%B_XYj@g##IBL+~VYTu!qK1Vcr%pBPXHJ1V|#gE0c4D_DGG9kMOI= zs(c6`t2&{O57>$ke+*Bqii(QzwSv6Ni#tx6ZGyZEHK2v0)@!X=$+}0Vql5iP?);bf zXzfWED@p-Unxq3sY|@%dnIloyt+UWj@@}gB?xQBl%Tclv_w!<*F<_f zqTzI@sGW$JeYfM}s@SPWIQq+R(rU`DT6^tN47iA64tZ;+I93qpTRLNw*&uYka$K%? zn9N4ZIPTW_dfOhX2UX0s3qG(}cEvcDXb>4ZJNWtWmgytMTj{}XeCUiv zh8iKmz0R+k4jXn}e@$qz+vsxt^SkDqs_F_4eG^q@VSdl2Z*uRKKgo}ET_Mg7(~cd+ zwFyp8{sLT9m5=G2%H8IRW3NYl8b4^Wx*fSYyIe^263D-pRLD%7p7X4`(sP_JsPH%| zct2ffCY#9W<&whVc`ml)=x>n_-e(%2`hAV0 z`t+Rkh{d9@hpRcjAh~Aa^7$op5IZrNmM^s;JU(jgERh~14jZJMksUujm~lNdX-XBD zCdure`Aa%y*Izi%(F`Ys>$;^lB!sd|{kD*wQB;|pe01i1P~=sxE|tHtPa6)ix{Ufj zPfjUw#tE9S?G79Dz~CCKB{1>&bd>hNfp*9? z=7?*JQ*X0=HCZr!+i&3V_O|43V@b8QvJUWauC8JQzc{b=@89aL$;n5J5mQEF#A96v z(^gFtrxYjB!vak3)j-NA5*NO0WoD(o#~_uYRVYqXVsxwET(+%Iov*J}KWb!o^2Mxs zYICbJY*QW1o7mhOZRc6+*r=j(SKH(yPxloUyNap0obL8BAypH1^p3QEuZ_p7#~pF) zdHhs&9#k(ma8xf9t1xj87LRpk<~n*DUQI1Kx;UMqzWEf$qqx+W)E`HnXy07&z9V;{ zWWDdxSEq_-SPF$v*fqJpD}57cD6x89M{pN z<}nMEm7mXIRzP__!0swn4N8x%`^{?C&3^i8NBHbEG3kc_Wq$}%h{0RmPvCGnUhdqQ zd#mxMw$*y$2M@MwOREWkW#SiNHln18(?pdPoLK28XY2A_SthX4%lT%4*-FHWOCaci z?VI8>J1IWfxZIgxdrfgc!Oy7}k#tr!j8NChuAYw)VONaE@O{ENWD&_vTPVjQa2p$H z!nc%6Ws)oygUXJ_e^AlsOQ>z>mE0bD_SeZap`}nBiZy8+PuWqt_kKM0Q_LWOiP4)F zXc@U$K4_3zGg>=&A9@pOg!W7Xy^mszy&`1J9+k_}no}u6qDt&|J}OW?!>PdgmF2-^ zlk~AX`K`jk2>ZEF^p_E7J9hCM3TIdLKN4vNgq;uEIYWT}JR2y=JLMfNHEGrRk0x4X>X^ z2pp6FFr}8#a?)EQggtZg+OfUGf}sz@1~J=DPk5ghsRv~Yo2NbsEw|9q%b4H!Q4Q{r%C4q=tzVH_eh;up3f4BqEgWamD>6af|8M z-HlYc!^_V8YLA0VIZ~DwQFc(Hq;qAi!f8%^4V>yP625$j0Ue5!uS=8-Q?)YU579g&VK6bo@ZX_Q%X(rIEv_z_bf_o3lqV zhsIRz6xT{dgtg0cSxp5Mh7972rkoB3BN~e;i@LU1ip~mB2SG$oo@SLsM*36^rlG`? zl;hf`In;`6@t1@1xuI_?!kRNzXb0N$H)#;{Ap*CB2qW6lG`Y7uBSy#7Bl+j-8^}Es zP>yzYsZoMZOKC7xe$HC2{ycG65gVDyn2MzGNgw?}hq<-rZ3$o{`dui%Q>N#+9#ZoEECTIa2Vx9BRd`c+$M(Q;Oik~1vMMt zZ56nTP&MO|)VG*K7x@n?sb5Y55q`~vvqB4#iX|EP^`|_}yJ8k~mW`8M?uTvzcVGB5 zlXzJ1ahRM{Sv3{ZUL=@S-G2OIpnt$YFO3CV!B?=g@EF9T14?r3q7KIVw_?pO2d$U; zq~C>p7S4I}0sUjM(X&(iH9I+YYv^xBQAyK4mr}8t~!YLFoSv_avV@? zyA25lYzuF_2=H2c(oWQAe{Pg4N<0h?yjd{^2U0^>^SI_ndC#iaK$P<6tulUTk ze0JWGx{kG#XsnIDFrlIld-hT8nZrb7`P5U*h$vjz%(KD^qoPLF5x&0>V;P$>7wU@k zSHtFRQ`-&8F}g+Dn08(g(T-N%&T6JGzoVYQ{81nZ=9b>Vy03poH@~mU{adSJ4=45A z^~3W#{=#7vkhgk)h_a}Z`86}sVoP&~suw^J1QniGG)t0@2)Hfy8_Q1rl8v4?mfTY< zC+LR-=ff~zKKf@=#M*X&biCw;7<9}TGlE-x>F~s}@S^L^bbj9U?95Lo!kZ}jOLN$l zmS|O2G2h-Sp+9E6#KniGwZxc zwU0)uzT(pzU$uQ6tG<+DRy%C|*VesvSKZ|OhsnHdk%e>->u$1ha46Sl8APUUZWY_5 zx2MBC^#r%IB*sy3YGoehTp}!@_S7MkY+U97BQLn0J^SgduE1$7wwqH&DhqLa#B4~z z8J7W(iu4th7Dn}mgjIaxr_C8Nh*b_u9>t{>^M6??q#ZU>9F=7O66>*n@E5LkT6aRB zSR-E~eC~~(>_3<74k&OMFH9Z_&~jsuh$ui)Rx#=8PNSRAZ;OL7VC*6_ye~|XnOFD{$k8W_ z-@d5Vw4?!BE#&YXn+)Hc!gM*?u6oEqHRD8I`S^vmGa=~q^~{ZPwX__2Je!!5L^m?< zZD!Z+Np+=oaz+N-=zgocySlh#j&KuNNY0rW+lS2K3Fr$TCdiCQ#c)?!wkH^W<)?Y^ z0xjz9MOV0RDD~T?lNZ5T%3Cb6vZ!mf9mIpNVS4E!pqN_55k^uRT0pcXd;l0V!bX}s(m0a&(Vu?J`sQ`k5hDKZ*92QpP@7me#&bwc2 zyR+u5O$qeK$jDT5JLojwU7dzF&FT~(K*IIx?CdtNX5J4wbMwywqSzx@!p#Be>yuhx zqI?(@+`>&(+V5Mj54$%P{PSPXn=4kr>@MG3#tl1{bx#z3xQHLs-+2q^3ZQK7kX-lt ze9un*n8-!098*heH;DSJ*~|}JofYxe3;w_`ncLyASLZ^laav(dH^Qq!^w@)M0(g>!BvJwbC{`$_2k|u|ZT}1KXZ@$y5LC2g{#c1YB-1D7RMK04tpTgrd z0^J@xCyEb-US{1MT0hC^xcs7)jkdY?;jQf$sgISntPw@c{-Wxp||7tep_wK zv##31Nkd+>4vzL_i5Ojh8uCNjLkv-kKFaj78%nOCV3SStmca%6D^q*EZtRtac9nDa z-sPPHc9q{Ip#rZ-O+yQ}m)|f%SBWRQvI%jKYPku zjy`UQFA{6=;&lAUVLkOU4*#0N>om+!M|@}F&tN;WYT+HkQ=&+@BF2T)nMf+Xzj$zv z$VFLpROJhEf?C(6HNNPLXtpr(#F6IO$#_XFRwAZQ+A zQ7l9FhP|EnoM!cKsRZtk^OpGF%AjO!Ph0KRQm37@pfXESjgSQIG>Oqtxnh}$8 z<|mvNIs1x&26D^+^?kuWfc3Zq_d%rw~R)c4|7Vv zlC?c`0-t(`O(y-AwUnx)4vXR)Aq^ch|CQf7Uc$v072dWzp~ONU*ajPcl->p*Y8cKP zYzcU(^bM=pQ$NCz=Unhs2mJrNt1hV*Kc{r_J$mH@FJ5g-Ydef;BJYQ*E&wh6h>4G` z_Q^UG*!hLDsIV1$n)|9}ee$9$9-i5uMaY6x+BU}Yr(z+{@)q^h;Btk_r(AZGjh>CyP9MfEdAY+zQI?$%|UnIR5sdEa8H)A=hmOr z9M5XM2lK`BEIxutaB!emv-|JapGwyVI$=8MSGK|s?J!8HlS-${>48g;wN*uqkh0`0 z`hiGRrc;Xhj2uKdb?7Nf5S@Zuzp>nKN$3m0hH7QWT|tl2t?$Gtb?76!Ca<31mi32= z-VTVG*)!@e_*SDGF|ub2uMHLvv>NG>D&m1B5=cq}tf_oP>j{RB7NkbCr{Ta)S26EL z-2d|aPN5^I!Y1OI4VD;<^=G}KHdc5jwH}?&fiU7p)tddM;|5gmQ|iB2vEgy8fnI~V zX~kLZkSo%R=a~ft{O*|I2FL_*J%hZyF_ubFT?h}qb7gkis&2(5dB<@;d~`Nct+<-S zK20%}7F?)*^FlRbT`2O>Xj$t%_Z}7B#e&otR6uzwa`bxR?-qG~64_X^!4{x@)L!3h zUa~qfQ-7SeVVL$!bEd{*xLw2_Hd3*2e!|GwGic(OV;pC#=yM`I-um7=-}5UD|Afs% z*Zjv?KH~;)=F*+^#GE-2y?{kMxvl)sJ7hI_f)|Yk{7X--(tV}KoWKTh)TVmgW7`lv za$eD~7_Wp2)Ib^7ucSUDm{BD@R?ozJ-VFH=uJU#C$6#Jjqv{3Msi*}!Hd9XSjoo@y zZxV3FeEjSpxdqhzuFxj*mO?LxY+YYegD)eCqAF)jzZT2{o!U+Bx-sUkzsY7m$_{sz5x%6de?NA;aA zWr8{t=9h$3G0CI2$>fSD^rNjVp=AKqt(GFqYtr)ZsVi{wmUPq}9AwZ1j(>LZKa_D| z<>ikBMrc6vwkxJ%&ROaVdxo#r`ovlALJx4T= zA8?y#67|^S8VtWy^WZ+JY%Y0J+b=ErucQMJO3uO~&lQsQSEEQH^nRyHGH_o;=AGT? z!6XsM#3ZU*(%P6eL-V{J4pnboUlGGWYHDjwk5*wTE?7rgjtw3joaUfz3=ZCf=H4{{ ziW+?DF0_{T)(`D`+INEq=z9ZjHtTDsBiQMac^%%jX|u)=L6wZLEdNSX^=~E`S2e(o&*Mor=%)(xg*068ve*i7eiyReGM-B))D?`%Lt91Lo@b5x zXiKl`Sd2EvQe$W~{0=(Lu!b)o`~|F;#PX5K7%3-7D^Mm7WXSticu$1yGaT1GX zaN?u$fy%XG{hFqPVv7-vU?`!9_VL`+n=&Ph2vjq@=@F;{CiZ6g0e~eRva4jS=2Qx9 zt!@KY@}^b>D2Ho+q??xkZ!v9P$z#w)&p-XBEWS)=mrh_lzmOiv!k)mT`?kGZqJf3E zpx8gj)pJ$6PLD2(55}Pz5zFr?phuVgxjnHx`HBo7Sfv3ATy%mZaJUS1@kABhb?E1vK@KL2DMt(rA2*dwx@|dog?#yg<{h?FoW!%Y zHJPi`8+6A& zI0DfX(0w>TiA)I_a6aeCMC|A~J1_SQQ1_UIZful!T`kRav6LD02R7{MX(x%LJ>^#` zs@pNOx(^>$)Ai_eyQ6`FX))~>=ECrMJ?BTfT)Lb%)y3M`tGsfHjR#rV4kqM80m=i2 zA(^W9y*(Sdb7y;_Y@Lh7n?)TcZ0qxp4=!LqR0BnD3kX&7s^ug@$AcBnR1=^DMD_|% z2QxG7hbO#ArzhW+LATK+QNa78+RpNOoTb|2=av$m5A_^Q7C`r)VI5_K5}OAox;}sQ zEIM?DX}c#FN){GYpeOh9ds$M%ujSy%6)^``cWdH=+=SGAy02%wV4JBOU#%&N`8$e` z6|sh<k6`Wg=XGqrDMOI4x){8k^?h8zdJBncb&lH~?+7vA6I5Et=!L53 zxb$kduD4|?w}`-O%EJH#81X1#WPN3KflgLC^q~4X!E1FcrdU)KKF5P>&2UuijgN;1 z!-M^0^A}2L-(q!4FX0mYUB8c}tqRa*hRl`KbGm>JJnO4EpzwlO75XVFQcK0?sSHZ< z|98LOz+@rC)dY}t2NVkk!}4-m;k7nJ^Au~GM0lGu-;^J>C2>-uq5jTiihcaVKa9{) zL6HM}bPZk8xZp%+iLI9+ebt$=#j7W{GxSSOFz>sDCHcqAg1!=KS&r>#D?fou+A8gN ztkW;%n3ohka;BXh_AzL9psX`Srs0d_nRgI7_y=oN)%O1c%7f*t0lY&BRiqXMI_plU zxI$3bikD3!)BHJV$c?>u6(zY;nZ^k`#Iq?@Ye*wbwtqd-;w2QL&1x8?(<$FnH)iSd zjb!I00|F?R-*3Egcsc}n3zBN5ahr!>zSw170-6_f+m%wse$f9t$W2tbQ$S9>8Tt7& z?~q44>T9B)P0u3TrkHfogG5xW4T0=Wee@*@P5DZaU&`&$b=<(3PE^nr44fLe4ic-2 zi{p6zeml!Qlfxouc;BJ-*e>1l`JnW|8TM^*2P#F4uy7%!{D)s*Y(;)%X zZF9}MsyAJT-dUZ9GS5Qo2+O>b+_PlRRO#Fo47YUSuL z-O|P;w9b38fVTX{``Bp@$o3l@xHJhIILR-1!E&^%fCbABA~k|E{a?+>{qY<{g7;j` zd=9Oi`>A=%9OT)pX6x7Sp1y1+r#FbD zG5=7n;NzfWbg!5G``2#T6){5bMAK16o z*JtJwiZ%KW7D*CMFnYqegLr)zvyFT7*pcLJ?MGW(>!F6fyQu%D1mHB(x>&>ztVIqz zhbPR;_o-QliHT+JzGhmUki!#-$vJaUd`eF%AHr{iPbMVr`6Ze?>&8?YoisYb}X37K=gOCCaT!rX0%Tvr(^13`W(Sdt&RPZ-7CkIF_?C^SdP9+L>gcqYd zlh#WFLC>v!m{$2X8)ShWMGeOe4)Q_m+i(Fp?@%LSoT3G{Gu<Z>b0ZeDWJAu__C=l zm@IH}OqP`T@u>wfsvZC?glc#1{$q<>|GGDkiIim2dbc3_-_mQq>h2=h`>m6#fn8A0 zsxK*FC(qljI{?<+KBm&KK-x@q@WEFCnLhiBc>YWb%3nL?Q8ZA{HY5#PtMH@>^#-y- z5;Z6pW4u5T=D#7t`p}7c$S9T5UhFRx#PzYdAwO?z`{$SSoCXeGx`|jPQZw3>JJ%yb z!-V}K*fB=oKJ#~LeS9}0dV<%``RF&wi;Im<8=_g*Y$<65gmJ(-6GgZ0lf_XW}?~Yzu?35Kh9Q{B@4B)!`2xH zDv5j8dqx6BBTaL=zLg}bI`jXX7i`0XZ38m`vKWaW-aREgfz8drtOr6q^s2tT8%JxM zr$=k2A0mpCI1PUb6h-#npgg13&l>46wz2WyDZ%+DYEQPWPsxtZHN4WZ0%&QDy>=Lx zr5@J*cPH2Q13c!*yCf&WvlP3*mgZP5lH~Ov>^dg=iG6DhvdjR&h zF)oZM<!t~t7Q7#YJV`@=u_@jklg-B7e!&g-r#uh+vh~0 zo3h%)O7(e+cX)5e^w(F>iFquQN%4gcQY(obhm9?xm_^yFfpHG9?sE(iXIl@8b zE>Yz7%@F8|i*)%GJeNgc%Z+*{ms*{&-z-VKHlHN`d}HeZ35%*Vj`v!y$KAvS!RzHv zPas=7KjkPqlq>KERL=bQjt(4b23gZ}EDQ`XK%!%V;87m=0Vb(Nb7HkCOYK_A>-&M6 z_KO%O+wM6ffHR^m(35NVAyjKe{e{B@vronyYWorGdQHYVwSd?>5b+o7ACpSxXst{} z-~iK`S(&Crj_HRA&50>d(PkO*)qeg-K=;MGXs)V#frva*z^&EsC4L+M)mUQ>hkaC zBf^%#4ox3L_2fQ$$pYjQ1?{lYcg(fd8_OjAb(j-3s=#Z)f(XBck%u!zvmWexfg z%Wz445_aM<3!R?uwTsXXVYQ)6xZb!MD^$*)1?aLmBqK@b-{Tn2?xH%alcZhF$%G8> zRaOsUP^x%OhM~=#NYakiw5OZ(Vs89R?XOmuUrl+b)BNp%vS1LQY*!G%(Y@^2To=Mo z2YZh-gwRA!gp%b}*Xri}a9L`1(BZn@v^i+6)~=_rPyv5*;kiYsLV}er?4l?d~+Ou{&ec<#RSjN1UNqd3r_(en)|5e>vzNvMNTd zsBhn4U@Qt&BOHXWAgOiHAzBQaB^sO7KRsVT*7(VtBPSk)a+VK0|9RU&q4yRIO{r>#VF#KwD5 zy>#XX>6Nzgw}Se|Q6CxZv`D}sM;?lNqJco*=|{abTU15J2kU+G@ZwFIfG}i@Rk|&i zLXQlha0^uMX1n4Xv=M(I140Nk(L=C~dvf)GzhIa==60995Qe(H9bK-`l&I z9n(fEFqBs5c93k`8y__lwfG5lH`LkluW{$AS06bDHO*d(VJDTz7Lmxv5Vh;Yn%tSv zH}%DNtoE5F%4R|v#E*>eVpptzqVdtc!{hn4Y%|#V{gNhi$PG1vW~_C5!&nR z@9)s*7pOV1HdKOiVv@TK++AsVQaPsByMNDJXmuU20(h7jcj*zqs`AAXQ&es;vu7&P zw{Kr`IhqzXV?cA&)Fu**Me%xqFT!|A+-C4ot5F_=HGAeXR0==(P-dWDU~6a?5!Qz+F=X9}tDvWa{UgU}Xwh{y^%V{Z=lX&`44vCW);Vk@v`&uZ=tKG;*F` z-5vFDW1QW3a)E1Kit?bue~go`lbe~6oTZeWNNK-H%Bm)*^8q)#Da9iX9q)5Jxth+jY@1+lYwHWYExpLy(}P3VtTA z&8Bd<-5HpPTgoJ$76tJNL=h@k?;No?7ZF00G_iT01X;t=Lm$@L|ZG&ER1848a;an=I}a}iA}V~9Z0FLI7Ir)?Ate^-dYC&42Xi3 z^x1DL@`{MvyMW50Y5%0Tze438*JCT5O2u586}3P&z_3zbIDlkk-!sPt)l>{K>SqAV ze6RxN!TPh1;^8ub0)eCRy|qBHmmfmrdxCqtl&5$G!v&q>9#F(l+R-jPXkc|{l{#u* zuv_?5?L(V1PMVK-8Al%V@gfK=E-orjL#6W#oARlNgG~IQZ*K0JA{;s^5fn(?!c0x> z&v%a=wcqicy$>e&&P>>jm;|VtpGqpB+~Mo-IUm3bd;WY7v6ubLsJ^Lff*uRfmPuW6 znHD&AmRd%F7WdB7doblJlg+v5DmB&r6yRVGF%%O7bSQVb-`x*nLCm z8fOjV$6hJ=SsR!#A-H4H_#eDx@gAWAD(kx%{AMgZ+_rG8D|eHV3K@ga-yc4b2CCoZ zqsQ%_nDga{;<=kg&+^f56wT*wPmSu+vPiF=&CFX}5A(5A$@T}lK7Pc97(R5VIDkR! z<;nX8*i9;sJP0?2Le|RJK_5(WD7@r$D%V*4eNH>O!L}R#qFI_6P9gF*coqnTn z1QkWkxhqu-0D(+Zl&f$8n{XMe@Er-E%8wEBR2Mo3A{0m) zAkxHE-x1Fhy3B;r=k%?fYT`m7tv2Kmcc_I3FdmCWA>$Yr-rQnLuE0nVdE`2KF=Zkr z`oTa&WDokbLRCFL26AWd%%{qmAzNMfOlAk} z<1FKIw)Nv^-seM}H2_f|T;12>}dY#ya&0A%S)mIZPP?umV$g>+0(<^yod z2x5olY=H?d4FDW?J|9sFoxXJg_uTJD;lKW2YOVb~QC|t<{L7d@X`b)ogjHBxoc=~d zQ+&Fft8COWbWa>Ci_QRdcyIgX)pz_qfLQycE~W*8I&_HQLTAat)3X@@2@%F5mxg{c z(?ykR#{Bcdf(x4{KZV;S{=x?mNe9kra@1{upUT~pVr6?S4pGeccYlT1?bnfu@%!Vn zr`)CTl7(tf!enJ-mzb}Ihs(fesfp4|lDR>x^!xJb0qbV;O&o9Yp+Ur_T8i6g_7Db) zi-MGFyCkSG%I`UJ5_757hK2a)mwlRATI>*SbF*b?Aux%QE_x&E|Gpsf4junTDKn=A zRcl8oGD$=irUQ>sU@*Iiq4i1+4^##P!m(`I#z%Gu@XYKT`}AY11Wt>2hVMe{S?ji$ z;}D{>nC^P6Ti*3bB%j#R_R6&tA%-a}%O-e`v)^1SaSi?FTu8Q2C$+iGr!2D$-{gU~w=aH&3TO=lzWVgZsNQ$5 z{D3A#j)_~h?0vPX1^`x&h=3>|Bt&B052|!nD+nsis^9p?IbTk{!4pD+g@-%CnWIBu z4^FKYf37bJ(R2htyk97Ipa1SE%XKs@)C6@CCIuk^0)tsIp{X75%CnjlNwe|rguOjQ zG{_nYdRTULcHXzIF#?Gz)ItRVOD_ZeLwdH2XRC5NYNjM*jDGK=zvReZ$CsL0{v=>H zReyqNw=wc{M6$K)fKP3lE@@-)@m@0#gwPxMOQo}T=tSGjmv;lGbNpHL#paA7pqG1y zG3?M#YpCVC;EK8iiL_x-7;P3EB86!$`QL*Oe)1KK=Cpsn>6|%!w?Tp-wefu~R z{pTUokUK3o`{I0XR$$4Tp^xDohLw(bl6f3N)(V9^RJ=O^P~!TQ*AA@!R0_S61H26L z4UyLkUYbqG<94ZQQ@3HkN9g@MJ+AbFm=8|R88sgAONH+8?t;yb8}6A>)F%==VjC`7d{#0>4({>TxDPo zy*f2Zl`~EvI56RQi~|u`1+Vj{q|ePN2{e$lp7;Dey8Z*6>i_*8$B$h{Xc%ROBC;Yg z9I}h7C|gv>3J2LEWF4cdgk$fStYd_dviCe@I2?Pg!|!qG^?JQO-`oH8f81`4ah{&% z`B>NEy6)Hgx~@M9o3`kp^slP2GR=}USQ@*>2VlMT^)aTe-8_OKuTrxP93NLGHRz=+ zCkidrZCq*si$21|UvV}#LPYBmbmtllmyJx5Q?imwBY>2v__Sc{H?{ICO5Jyulkh1y zV5v#>UUc-vN7Ssio3{?*!C_YD@fFk`X!1G;SUb#VPLE(1PK0AyZ-Jx(nd$q43?hZQ z{soXwrSGc$O!S&E5DRs3Lw8>()*(JZe7pLwYrtu;D?B_jwJBng$v#Vjkr@NMg^%W0>fg3*o25z%nxjldKh zKp@pR-;irJpqCte>mWz)^BVeiP`uxzdw`{v`^B(Fr$(a|VP_dK-%mYL1C=O&;|1_xzI-(f4{&vVQP}Gkn*jzLDT@yV z1G6rYq1jC>ns>J4zW-d9{g2#3|g5kxf74JJ7{qm?@ zbGolcjn7!I6TS5Lba-?3bXZM2IK!MDOni^{gEO~p7f#3KN!wBvaDgs9Y-Ie)eE9}K z1%tqnlB8h_k604cM->|KC1qvZY4m|$(m?$f_mc0LI=AB%FuNbSA6FoOiATHyx9HD~ zFz#Kdani0kBl7)JcAc>HF`;q`n#z(&E|U)fW%)9`dl?di*z3$|ucm}l01Et+0$sDq_3vn_m(HW8ZGY%u09dWrlkP#j#` z)o!e#qk|p-tF%(emY|P_jNICn^sOWYk4SWpmyhppqi)?sbOV{Mw}_As9YgB?_T>bD zcTf;%!TPAG@mJ+k+3gfw6c=8?Vu(a^IFyKz!z&FnsTewS9(8-Q%QWt)0&lFop7dsI z;%TeNM^(7A)R`#DU98M0%Y`WZUkat&0_1oOppr09ox!SFjVZH3i-9fN#^tXF(G4@! zR#bE|B7i(Fnw}+8a+gtz|9RpVsjLcel);9XJVw_)-D#M#i1DX=iWWf{nRhuIJz;gI zuzD~Dr%&zYA0|?LEo^Kf%F#-3G{~R2je55$RF5!pxj%x&maXc2baDSal=;>} zYPzqI2cV_erbl*qF7mwCY};16ff<`mFR8U* zGD1W-xyZ2LPlsRc!mW92@S+2mOMQ=?f#EKmQ37CHIsUi8z*&M~gp}5jl05)ZR8nv6 zy?yhuRlnl;-2|{S@ePI;<+~{3Jwml_(doy3Fh0DV%&l>O-W*E2iZ<(zIcZDaZTDjh zd^fRKwZyx-&55|{!XN1m z$Ub5AH){W)Qs4$VJ9P_@?_HV3iwt7)EG$J0c9ehoiS;jE5gt6GhV(p!Za-u$^0AjZ zZxk2(q1oh26X!WpNn!Z|FYss}4yoO1Pjohv3E1EqnqM(hrAA8@|6!rr_*_sL2hTWZ1}-W%lGS7B>|5aku0c$4!L!e!x448 zMwShJ&-zK%dET1qHzgR;rreAgD(Sz8sZO86nJs-uO&VR7{v8-r=XIM##?)fJvO2!= zY}lXdT(5ATVowvz>$ZD+ub|7~zu9TrU9r_X+@4RRpb?GJh#c3?6ZQ_=C7EyjRUuM5gk*Ix< z>|>nC(GPagwuXh+JBEhW$P$`)_if8|wJU*z*6k-Fo891vPp5Bq5qc=v2lU)>-Ym%eX zb@-SK098(o`1O(M)oS?4-F7r0d}_4K_D#jX_I=Ve>E%10{l97k z?V1xf<;ersC5ma@ajQ<7d(#E_-#oNc2pjn~?3&t##tfplmKOWw&%Ie7eM^1f)F`t= z95SKK3q4=m4kkkMUFJBMBr^fdqF*I$ce?KSs|u_ zH{hb>)JGv$;R^ab7hSF33}d({q3$n=%XvfrfIaa2=g zhO?MlDp17&h}Wb-<>77YG~jKTt{$h3(y47qXCf2K=6K*%v6j z%iN%&!|M{YFU`zu?YUpx#t%o&Qx%_=yu9Dfl1U+4w9>FOmX%i|)3bL8n1)qdSxFGJ zqw|<(s%#V8uw@5`dmcI z!6Pbbvr0M0of&<3@0v0f9^a zK{6~XE}ECHT)QTMA3NW!YxJRKlCQi|C^3*8{$KN|vt&P1$ja|mj!u;{^mP(LO0CD1 ztdU|$Y8nVBEftqTd^ zE%!kYNy*eFJ+Qx_IufrexxC|dXW9IK!cVuo?ab0Gins%Xw7r|E9kS zd$ILoQnvjuE}P6XmCsWLa%s}v)k_| zg7Q$JYjC>9wATi^1EYccb=l+`prG6VSYVv+cK8Ahq+V2*+Qd*;rV%J@xHQ9JjY4&{ zKql@N%G}2Nz1p{QNy^PExlSK_{H{O<2%Y>f2w$0d_bed4?`y?pjE=q`f^b!45)oQW zF)|^xBJmWhW-O8JO3sw^?N(Y6M0w9VW@M&yeaZ2y_Y7$W*e$%LRJ20F{_=k90kUii z`h9K*c`3jWX_TSA`VuyYJ23M()u>kI?0oG$dA3zENYP6BeNV<}T?!I)35x6RTIVqi zY72X!6DOoFd%C29le9+mxjmgo)fI85aQpp6=-Aa~hPU9o5&ZdbVd9}H%UxL9Md4*U zd^b<|&RMcQ^h*n`+VH#2FLNH^SK7b8b&P)*q?Ys6NxY6HC4>uccz6J5o@PZg`PN-! ziU7HBq?p&YL9l}}44FCnrdd&8#)mn-Tj4w%#6c7GmPT7yIW0pSF7Cb=oXxJodODIS zYOEN~zH_CDy*Hb8w>`sO{xTiM*z()BiHrRl=&Kq6dX4p)9t_j{PLl{K;ePX-HL{bh zm!i!3eKwCLJuxKy9a~o7jKZZSIqzK)S2>LG_~%xg1Y`9#+K%<>8=N=C>(*&rd_0_O zw6hEc(9`KdJMC&vieERWIIva1&)mK5{~%` z@nTTX@Q6!dgyn2Yn0<2cFk|I?!n~x7!#zTq)i&t{W4tSB&OVZ5(=iwbma-&rFxG~ zi3BE0L`By!uG(hY4_tMWzkYX1PL_=%U;-gee+3lxVo>aZLm#^(8zBy>z9g&iImeL) zB~%n1OGUl>C?vgGcvd&GJte&lKh^F&NJjLuNvk`H$aQs|qH`WT-`YJQ*>ifYADrQ* z-_z#3zUJ`y{-m$?s*GNe@=v|+Eu4lZ z{#pOR=ZQh=bw;gXn;n0U9PCE&%gXA=-e>E+L#oj^p+(zp4cBJ(bSa`|(N>=dKXK$}nDN5b3dUM}qZY$=REz z6F(UcCFA=zZA~$*S*fwC9oR!?Et`0Dl4$)jLVFUAv85=T@nU{4+1zE3H5Wpq%JyFV z@pDY0tLaGkH`AoP)c5-K&49gU{y;!Xc<%Nh80go9n;s}{B-f57!d>0OrJg|J9{JfW z>cxywnNvHH5BdH?{j0=)vM{oyBOS*7i+OlIN8^FiLvStSWGI4`1rzQlrDfT$v z;vbWNm&Es(cFub-D8I%B=om8aL1B})^Zm5r^XJ+Ef>K*rKbdw~Z*+pD_% z^_&C|s|WD&bW9lT^hSywNkOQS5dI~@hhndWILPP#5ITukq84p<9969T1=OLt3zCy1 zrKG6c`^uO~LPH)1W*FgwVt6Vt;WX-~lm_JbsA>0}j3DpvP{2)R12mt~aHQvTYTE>qunNTWjoihMA*io>o)_#oIUnkluSe*S_kt^y-tx5oK|+1 zI|DvSz8t$SRV%!A_FWPqNBS+{uzhM@PC9N?frpxSD2Iab|uQhLl)_0ij%M732HOmOr@oyoc7l=H+<&H8NO!+fFv@%BP6{xX?A&M+OB z;BbHEZ|*b~9;&Hv@_Fp7e4vxo5(GBgYn=~q+3#eX2Xx?Qq9`?JUct2ToCMSe@HrB6 z5+nc?hPr@vN%P<8gCkNxDONUVkf>vj{vnOSt4JaB*g!E zHhIC+qs9q$o*I0DK2n^;IZ zs68!X{iUE%&d*SFNF7$gOo*bS0$St(iAA!%eEQhV{et*_|MFZ7GGhpjoR?rEDZB)BTN&OPYu*Czq;D=!3RDY3(k{WpRqiX; zf^%0{>I{NmV(OG$dbj5und=|{L0$zkh%2a+9`w03nN_-n{hfwB+j*u^OK<{Ux);5T z7}!+jq`pGNP68=Z)^cTUcM*52$6m>P4i)gkHvOKjFtQ5GrSeP@q)yuil%V-?-!H>7 z{wnLMW{Jxx0?NN#)Oz4{QEgr+k>X@jgYyO@mWDFEZuIXp{n!JYjE+u=yAu%-E+dc) zUeB}Z+9{ssvlm~*2$1vZt5p&*WnJN3I}9&&a6YSn!Mbuy?C{%t!}Ei~-T;sY&oW`W zLoVa~4N?&1pb0WDaEH%QanqdtqQ6r_NW^e&_FN96ClwIx>ygn5L?je_*%P?GjzvV~ zE&1e+AM;WG3mG<#K!lTp(HLbwG4xC6vV#8-ob+LXjAJ4MXoR`#%7#CI;>Kqzx1P+cA}(7%B-FQGNIL0!m>wZJ8UV(F zaG1;?LX)@pY&fbh^_$gg9n?c$h{*WdtIW{MlBoPuf~%|TT6fRMVh^rc&#+8>bvkI0 z7(LbS18b@C+Gh{8?SjFc>^J^~KPS|Ew9`Pa$KXuomvP~9fS;`9usTMW`ksXM$%i*{ z5$}y<`%X^k^n3w&418=@xG~8K3AyEvD>?d5`Va~R3M#5=ki#@eS}Uk#cS^D!z#vP;I~TCty1*d-)$RXdDwP0Zn%_!^`#P6Oi?v^Y(^&{qA+g_%!Z` zBd3H?g9#lj$$_X+*9`kC6Y0YC-aV>>%5Nkd&2sXuD{OLV8MDscC#e5T>c3+Mmt7-s+fBnOWS3s7% zjX3g6xdKRf)jJu+}4d%(_=!PZJtkldT&oIU4qxnGKo5a{D=WaW- z7?d=+udlliyG`1biC=jaYLdfjqLj^H$)S_GFq{NH71DA9`gYn+LE(gcm1ftk`6CtI zopl@@5_u`2gSi3ZNI_=b>wUTL#?BVWpcm(0867B!e9}AI36|DMAi}yJw<`n6Wrg0` z`n4lo@;;`PnF4pzDBRNM^{D@dTCDE`weg#sVl(H+<(iDI4!SbS;IQBp?&?uz1NCFV-`0vHq^>a>S@Uf(}jtxsi(2}Pb@bR*WJw0qNi}x*J}5M zT2mj_7oLoD*TbS+88|I0!awIhnQ$w&2$i1P*bAX^q#zSm=9V_<>*PJ@WB9J{Eq@wK(iu@!17+stvhDOV$7zz6N*mqt%^_oB~n@qy&k zW%G?_Y6-0$8Gsw`X8jCcY4!U707V0|ksU%sXxQ1dOsc?Q_oFH>(Wtn6XWUx{fVn+i zC4Mb$MkZR#TG_5yKy3_lQM4AFo(8}l^|z}g_WHDye5?=n4Ef^Jmz949(W~>3g>Z;< zO~9-D#k+b7h>Hb+_NO~y1Wh}>x-3S z*&B}q*KZP?Dh{-0v{x}bnXLT&vSGaE>3Pg2j193_##(v{2;Pw#Tymg(#3BX)WAnTn z;5Q%703Q<{O&;EW4G+J-0QsKQrLb&~xPVK8roMQw5J#>jeiIN{LYg69Jl>ELSXr`! z)}~%$BMVhSTiqQRA7ue?m6+tN)RK}1B}{d8z`>@&{k(*Ies&fx6#DyKZQ%p$yS;i$ z@P5aNO!S&!xo;=VCaR5e%jTjAP_Pm|uafLT#~Vu`$?BO|9-Rn%BxB_i@D5!kKuIH zqAtoEwJ@2OJHX`SC7=bqc*i1t!jQ$KHXK6+ymO8SXX zH7l${;JzsCLCKXqn5oBd{$ftI8#)SjCc47b9NywR3PelN2}|p+7$_m$aks9V1p+xh zIT8p*AK8e6R=z|UgeyhM3Yo>G!wbmk1wt{#4Cj~$VC%OmGWj@)s0+E3)hz+D)jKDH z!uW?ON#}UhM(>t5Ai?m~SK@UR{tKaOmPM?v^<#X&Z7l;8SN1@U<`F)nMjJtA3lw7w zQw+7S`|p4}y-VZK%6=IER5|N?j>C%-QEv=N1X?NYjz@C|Dmxd}F!UWb#?w@d{|YgW zNRAek&S;hL-LniILz?C=N=_J8$+9lSc~?%LEyanc710r@Neltr;G8Xf>bZrTJd8%k z%mqf!dT%`cyn*9SvgnjiVhUYgIeqtZJG${zwdck#?yF|U!r}g0V9q&4GnPiN9S z`)Ro_ohEi@I4HPg)1$miV#bafvAJZ;^PL-7%Hx*V{Fo{68l=Z)*)lV#_w0a$vjc=- z89*79q$V+3O3h?PA!pw98KS2Iki+c#*GZ!G95y;!)Wi@=76SQiT35|(pd+4@ocUS- zBe;gzPT4@1X~ixRM3c(9)4%Rn+YF6O230Ccv z?gq~!7LHKy;_y>X9zA<Skt&r1>^Z$?!AgQzD} z`1A{Zl$S3gN@mPHC!j6w^QB|#Q6%oRj>(}RwQs>7ju0aRov!F7xL%0rHK!7Bq3m-X zUwZottc<>(c>n8MfqDK+pSw#D1s?gIIzk9`^s_laPduMT68h45(SeW+J=3=4a}b98K2@)NLmgv`yIMF@|QCsRQQ%jts} zr+(hXbs`WMI{D+4fP}R4FK<-C0t>UA&lOOZX*ykzFl6nhPLKsvmX#zN_?lW*?4XoI z$DySE&_#kPuf5lf^IXREagw@?MTCLQY6QAJ0u3H23F`I+bC=|yH0#w3 zU)H19_w27TA?M4nAML6RI$Z1LRfi|6Rg`{ z!`NzMoR-?0j4xW7)=BG8*?1*2w$ASkiVhseJn+j{67oK0?G$Xn(6jhV|5aK6K3NfJ zJDkZXc_t__({L{=Y3D!-=(2~R0vdM$0!~BNNFcI!$+G}ryNx0BMo<>sR3V7(WZx?k z;%$il7v#yZUBMMRk>jSnqQm1jtTrg?a1K9kHdW~rO~}$N1pqys<@faRx*pFEqwKs& z+6~OW(raQ4e7kold@5Z%(WNL+Vj7$E+}4-t;S*POl#RdzlAVtX99l~0u2LF}eB8>J z8$BJP7(6Vg^-jg?-BNtUj|;xBqwZNtT&>(k8qZtTE0#oW=$|rhZRBVysdW;hgi827 zj%TS|5aDOk@t(QGX=w3r``Xz4?7T=^iNi-TVj?Dq97@%I;YnST&BkoiUA;CPZVKBN z(w+Koaca!F1+SnLr4wlRy`L zs?frBmZQbTSMwY+OWS*$rmX8Nx4_<8m^;fm^)igl04itT?TO=zZPB{Vf?u777sE$U z>~D(w1Fko%5o=UIkc7he@G(^7xIP1BCKjFRy!l%-dWPV?tP)Bxh>fxOmFc zBQgRftLk4n?G5>Qsn!?wuD*#G$2c9}fFA%SXO8(WzSBZ zA(B4qYKsJMVDFuHqbavhb{3lxV?TCRG*m1XC`$+?J4#uAL}+NaW{f>Iu{oI}P4J(s zWl$(0$9yS8$Y1tcv#U?{HXa@=<`(&6YIOD7MoksKsv#WxVn-utttXq`Pk$y$-nI9h zL1)i-A8Hfr#AaWN6jb9yJZw9SS#qi^d+NC$Ihj`}aV00_nO>*klb;4YBk=17xg=7} zfE9vQe#*?5K+m5@fwJz-!a_o?fb&TN2pm#Kl+oCu^sktM11^Pp$XGTqT3r{oFMz-q zEQwui7yfF8y4LK67(R75XAua$spSi}l*Oj5?6&q#s^9S`wb3&$##AHZ?V>Q>9HZJO33%<}orZJ9?cbob zy-YiZlxaWl@76Ey!#O-wWIuDaie5#QWaeHfc^l{>()c~;O8X^1*xZ;0-DV?Dsr zvIQ#b@QyeaFenTMl#wB;rx}naf7mjN14@rME?t9NzA)#84aMwSF|1m3r2ewT1(g_q zKV3h4E0}uHc_fmvWcS-{-Hwxk`hoxn(c`00&6&{YT3_R_SrK|t83Fw1ngglsBlDaUV})_hl3z&_yqATSTD<$9Z0BQ)$@H|(Ac3+i&0bLJI)8g9A#W&YzK+iJ&2(+sl z^y8%y*Ox5kR@E__b`1{h ze=RGrl2{3d|IAA(r|&DTX!4*V^o?9&N;hJl5+9F<-FtGN0AckcDZD+kcuuuzkpqpAjJ0CMr-^S358f< zYU?-6LriD1xA6$3J)ai>g~U6}frGCFapf{1{lpe_Ly5mgnIirWd*Q`p4+41pvIOjBork{jIIuJ@ovpzoG8MeZl+#0(|tJ^|;-NLnnM z6vbF%X=K9c@YZI;J&WZ+pIf4M5*~@IG@Rk5yKvdcE3Vkpgp68;zOfmCVeRC6|Dz++ zsxSzCllaKj|2{B~_*ts5o^ccTNh=I`-JE~f(0@@ZCQWk6o>qDr<^3-ADAjd)9?i20 zua1{Y4zCl?nsc$_%`!P-(ypy5^GK9ai-lSGn0`e!&r_-mPrUH$dNuh{xhEIo#G8lR zCzt%&A^dBbxB;uF3|SW7EA+4yqM{!tbh&ypoYt?(XPU|hJj_5ytDqxdhH(A%Rh5+I z0kXOTvcKBt7)WQfN5@ubYdO4;Q^I^H($h%|YhR?fr%J;iLCeH3HcK3;&iJY>nSz@D zbD@*HDCqT^r4e+ARFayIL=UXO7fX31{61BT7xTS#yW@Q}Ke=+(e_~|79nQr z|LYW_hw2<_^Lw3dD}nDm6+# zi!4Si(_zU=jvw|;Nfh8Wt+PK5)UjZr zQ%pUd^}QUxu&8tBEt}V7n1Q0z$GhF`M_YDSQ=X1QWSdjBJugIdUzpsHe6bY5ANWF> zEbdGb^YZl>vyj7KWwxE%va?R@rfWy@OP^t?jbDzO>3*uXJqm0QLNG9%+J*kyHTwt0 zGE0GomEw>3307~CxZ7p9N>IH9l2?~Ww4TX4bNwqA|LLkT4c;B90qv^L>R=f@pO(C) zXe|1HcV;**S3gI$_6qt-)!`i)c>etdlH+tkiOS;>fIvlp)*n_Sy!KT!?>MTpPJ+J1 zyqkhCBxT#ZYmD+js=J71p1)(v041PXe<-dQ{9xz#(y~W6F6HRst;P-Zvuv9F1Na*hXALdB)PwC zy@$Et9iXk!0lL_K4MxVxA}4Bh9tzYjGip}rKBKaCPOPJK~p+VaJl+nAcdE((KU8$-UU;jg|N ztCX6D5-R#^E3LwLtm6sQ49+p8`R>%MSxhUN2Y$VD6kbamYjUCqZ;;Tle=vZY%?jck z+_wu$#Tf}5G&EW*J98|HSV&Sn7Ty*Q!e7Fb7(4glb0yQFD))N z9dCvAT0>eUDKR%9uE2T5j$_Uk8?f7_Bk!Qt8@&e_O_i-}>@30y?;EW;)(TGg%i^)^ zR)wxYHXOj)4ZChz-{(9a*a|(09G=G@_LJPd=3EvV#oeTlao(A>Pt5w!NZqIo7tSvp zPSLV&AL8kl?uraHG_PuzYG{(2dgRJpSgyKrHx`5K0aZZng#H`)13JT+8bc(%wwUHA z0)^yijvya5@tte*>`I{XvDA+N+Eo^xl1fE!rut3jvCWwE*yR;O=BoYOuODujk`#(a zkr{X~=L^LXo|nN@3PwtejO0C7JX&7E`qBTf zXhT0FaA2v+Xbrd++op?9ai}XK`_TskseWT`aFWv`2->w{6a4B-aLFUrIvlkRwr{^% zHRwJ2b*p=)p~U;v;oy@~}~I zii6^1C(ZA(0o|hGsdnD!y~Y+Tv!xgXwM!y53X7GV?VI zlM8YjJ*SrJ{;$6fY8pI`Mj6_CZ@RuTc*p|F)!(kVt z+bN1!b zT(?2&e0AVnT5jdyGcKXJNp`_5^oqezlM8{pU?_T2bv5I4i!yDi4KF9 zgoH=!kv_c_>fqy!!CB7-%Zhq>(+M@&j~z%w>c3w&T@vkt_`!DGQP7u}{NWW`Ra*U* z4h;&A$*)B#-vUUrurk9ZP=x4KU4Ood1nwJL+#2rX>eaPA(U%XXCtt3V66*H*j3hI1 z#N;C6n^=3}c$x#Knl|Y#koOjyvrMhcKdA`tV~-f-B}Vk5lIA;g_XIaAk$GhkIvHw@ zTU7PZ7Y(gYUlH@&3$CjPi!1C_BQ zM|oFv3$-y;O&z85>F1i=>(fWY-X2bExmR{-;eG3@Gxays_)_(Pvt>>Vd;mi^LvWx~ zm{!H;iLdlRAmVf<>BZ7i!?2EU68EO8IAl+g%iJg3&I*F2Wi~pYz5Bq4Xno~x^2uc ztC0dKQRM6eXs8{NBHUjLRvj~c*xuN`_JqPJKwi@?$h1cT+yAO1$Hix%twWTfB-tI9~%fq309JjIMQ+nQq zpPn9VN(&t@py-QPPFlL@S;_ItEFjbJ(~R&K!9R_f`a6)z8jWew9Ss}B3a+cRC&mOx zc6f)+WSL(^tTUy)RXqFt%O7xYHk-G%L+M4E1es_pOPNBcx5|7tAakA3_xI0~w7pNlvQOqp?i$l6Q&QYkiXe^SkDP4R>eY(C zZZz;I#qO;O#vyVx8uLB0%Z*e;*SBJb`3huYnXE`lI0>THEU!x^@Bm z>)gSnbbq<}TYKscrA&dkwGFY(;#$?1;_hL7a;)P(h%Zeky@)MEqhYs6ggt}uSnb5) zha^4FYfIQ{O6SMD-LC;(xs9vX;P1otJ<-9GXq(>@JN5I{WirT0P8A@sub;dPsAuYK zgDQ+xQ>xFuo~IneMl^=I)~nHqR~6h&Es4!Ne#!l4Rfx#vK%8hN&Z|oz9&kp_1J3B+ z)jMo|qN4tGgq8mzIU!qorUtNmI19HQ35;Y=-mk~lQBS1A(kheyLx7pcR>?4)y_Vs6 zLFH{%jZ$gS-=wrOmNqXtzJwL?a+T+;B zd(~3j>Hp{;3bUjUfG**1ml;VT5RvTDT+8r9dt&0}Mugnub?>jv@+cz&M{)ZlbVSs1 zDBY^pPnHMC=@)y$WUN;VIrJJcHt%MRqqT*Z;mg0hNXpp?QN}1?ktI9gxAfJU$uCOX z^XoR)wGV??5`pR@LJ`5s?YG@7%OUD9P%7Q2ayBcXonQPOd8r(M3;r9h&t$ps5U4}{ zv?!J(nUlrO8W33!lMo`O2t8j1m|kl)SKmfd8YZGQI#p4O=neI=y;&FWbkwEt;z3B) zZ^tOiZ_TrU>Jln|j2&Eb7Va@qHp>~baiCrq%iMk&p`qh$x9&ZV(0D3iuzv6Aw>lCI ztsm^kssIVfJDC;NK778LDZV+<{$<+a`5}u;=1efc25FC!;HNOexvcXzT`A9dbCxb; zc?ln#NvI_L^$(8m&l4-i12uv*76jpS1p3*LK^eI$`t#M{?E1VsphUZZxyzKs82}PV z_%U{G>-xl8f7Hv#LwiXibKL^_)Tb@6vAtL)$qPm!X_VYaarYJUQ@tyt9ubHhMab1d znXEol3Mswn;IaYFoT=;M&1*4`7;> z4|C@d)EhmEzl;l}_;zWWQ`x39ht|+G_(U5j>;r+%0%#X_aFU}hOVm~9#iL9CEG2n5{3mI8F6`#2*Q>zAq4ZuD;A;`{L;%WYbJ zg|Dg>QoqR|ZKWHyuoZp`J|ES0)BipI{D2E`KM%p&r)z!t1~_7&L<*Wp96Yy`E%H2K zk{;{i2*cIOud~a!gDbD~Ow6>oDCcOqKWw_a1j_cc&hK(mOYEcl-& zNc=5)PtsuE8?xIr6u7Zhlrz8fR9xZH8fGU6sWk3&LxJ#3@HRD>Yz8=UK4>o0(*I9L z!cH|qiqxnS>()CuuB?v zIO=cfdG(Woz;5W>A4s+1`7pya)ywcv$LG7wfr3d@SDj{t7P=Jl8e72CNKE=Z%|8V* zKD5fdqWHJ8^q)Jm`TJ4wf<5co@OpT$;LLLp|5s=*x!(OjDdaoGI$=PFpE`4kLr$o|)Dh;u9h7c%KQgs$Z8ze7f0_)H;8D~$E{DB!;h zR(6pKauMpYX4t-*6W`bl?AHR9Jxy`@bpv_bS%+6G40!X0WX1nZJiM{r_HYbjhgC1LSm3 zthvrk`oB*2rq4ov2m4R!V>Rdnxa+^S1mBrHoTSP8m#C$O8*eobBcK6(|CU2e^?b92|fV*8@8Gr6CE)8|)~m zqmzEx^BN${#5+e!5BWl@o^gSfPdl$@BB&r@qbn!NMB-BTfWLmkX52-s{|?Gk1{3IE z(Vaq-R8Z_*u=Hix1?|+$w=PIfz8u1tQYd92Dd;Wv(~GyqrO4v;>iB-=vX|E{$&z7c z{R@ay-PW&O1nHp5T3tWTd@uY`e7i2>ywCG&7r&K7O+PS-{O`$pPmn+efoy!Gsi5-D z*#1Xpmz5_^1$Wc#^M6!g@v7Uyb&5_60Al?8%jp_&w1i4yl&&c1HlU5&21R`H^hJvc zifivV`LQ4CBRA1&Px=xn%-HdDRNSy#eO?MKw{);wDm?gN!x|RE5$+il|7YYem+*^6 z`GEq?ZaSL@l$K4b4zFddDZeOknMB0U-do6z6gdp?Tro5&NC2`K7~!ms0Se9!)+roZ=Twu_upkwgXP?(HKJ_fZP$ns>8FGfm!oxON7Ol&b;@J9IFqw& zYZgp6jQr zNmp)b@C=M9SAqV5)GgoemlL5Bajlm$X(*2HOjZHM{LMx(#tOAn$qg&?R|I)lgS#qX_%OmeCNay)Hxh1 z5gJ@v9C575bl!#y)Xf$PS*?)xG{i-$uMCJ4`?r%WR>UHXr;lPJAEgbad&{hCD|Vy3 zj`x!0emqJrLSf{{en-+*39pIj2*rc^AU*%@UNy=hBmgOL9s>prBnESCmzzEo6sWr^ z=`t~@^}5VM=fnu*@)2LX7j@z>bsRl*xbC$+6NJ_IYF(nYVFk96N8qpHJ+IG8m}BmD z=(0IVC$I&@#~r_s!vdM|&OpZghCVNKcKV$_3?IQ%p5p3~E^dcdH|> zb=^~XdwSPo=mpD;8gqM4%%^_W0MxLs;2p?qhf76~yxxvjNCee@R2X^IoJ_XUx?WLI z7%YOKhHg#?G*vczVqOO`_8)Uny@w=A-so-@t##k0@+!Jc9P8pG3(aB_+pvJ2NYl{E zHGpL5gZs=?cRQxqDC>WOq>Iayw1W~$;rsR8KkVK6Uw}LzHT`uZJ!=m@46f^?&0k!o zKc3M4RshD8JG^17_Ep_B_XTOUjl_Yf!SYJ6rzGvm#yu+DS7(IMNCqoM^aD%Eea@)r zW`T?PZRoQv#e1KJXDx_XV33TrzBZ2L3}K?u z#7;DxZR#WSuoLyiO>NItyD7=30((ay4JHxC!s}Ekl~x`Z63o`u&~$+e(frUbw8wgJ z&_KOC@8{2yf>eVlRstx)r<=l?C zAaL-5Z7`aTVW?cTKppNyP^(4&l?;;aejaf{s;Z?mxtVxwZqC;A%ekNk8!{SJtiQR! zc7zPoLCIM#WxXk=R~NWHQ8}Xnztne+MhQExwRYq`r|!oRp#o>GaLPax5-Pj!Rizo? zR>btXCR3-qG>0=5Q+>+zw!cUl<;_eDosu?W^Y9;6cxpMz)p{l9Dmn8^Ivn08Aj$%XQ z;aW4fp^CeA^Be|fMZ=&WG*>lVJLZfOU*wh_sx=y~G%}aQEtL$!X*$U2JXy7?>f*V$ z391!z`Vo0^a?n_pa5z|ymwYiM;n2~b_?^h`|1otP@KFE%-zKs`lvPw@i>$LUD`jM7 zlTh|vN0H4Tv%*DK|c!_jtXYujljie!V2( z^3@f6`*>|%G%(-Y_5zv#agp3@3osS3S6aaH$!v)Q>3ITeTRn_trplsMxnyeYqqq%n zghHi`ZxIIq?NG}Z)7nKzZoe`N@wQ*P!AuhIDbId9x9o7EX#(n`sPH@hHAkv2Zr5I$ zJx)Ap<0T2=+G^T7Z1)VR|M|YyA&hYlM4mT^dD|~{UNMCgjEN6CTRZXlEb8_y$X6;N z!wdMs>3bG2R(gEVD9+Z0cV2Ntv}{pD}Tz zO(!2QZaeienSN7;wx3RSC(nGhkF;6_o7nYkXvNk9h<}7GuUDfnUYJ=B%%Lo{SYX`h zi^DM57Tk(idUPO_Pe^AwJ%cda8bYPS1$dVKHqZ*BDxu@O>#n1!p<==mppD@gF&B?FUah6B+Q|w$B8gDwlekeYz{JD-wizUz>`z$TzmF2EY@nG00`c3yy;cA(@bBu1 z9cv?a2l&%s=O{2Pr&B{!plE9*=urs0Ui%MmRniYZA=56zqxEJ|n+*(J^F!f0_el3t zLg3`&20VD`+1A^yLv}LXqitx#6if>w=4HKb>N30gZ#u)7ms}8rskNDA&Q#j+5)dg8 zL%YsA0xFk-{n_$D0l^23OuSDqaxsCR*lBhCE=G^9mzG1V+cJ0`T-QIOlKEs6?1N;< zw)P;G9Y64YCf`TdIB`e;rECIDodkRV_rC@mtb&z+XJ&-jC7E-0@?t zOly;Uz;)p3g|BYP+YA^plgnd z@e%WlGWgczUZ=fey4IfYWe z2m)CTV;1e2K!I69e}`=wQMV1?q^7mb7U2WX;x+02hT&U3TfC?@8{UDh{4UM=d?BHY z`~yLld#+w$K~S4sWD@=hHLGwA@R~qP#RKE4UqEd{v3D`KN%91749IdW^hd59spw!Hl+=yPiyvvn{4^jyb=EaG1bOtZ7z8t$@OF*^TniLtp=$dD7N# z5ljG2Z6dlH1Lf==SmfiJ2%7-AOYmIwtp0xy;v0WX`*)QyIYVKrw788tXmPr}FxQ(i z5n(NAwkH}0Vu-pZ@g?-mv_>sn-7<-NB(S_ypq7_hr>V;-u$kUTO|#5T&8E{3s|HM6xt7C@GD<>Vu_*0D|?32+6Yz^(jUx)C^!NKA>^-bR%Vt^ z^6-qkj;v?fnZ?Sl*2D1Z@+X>s6o9KxQ~(pltTEf@k7yTTzG`0eI4LBNqBwbsQb_;k z;d;y4yvBVX5W9Agu?yg?ujytRevid9-GDyq+OsPCCN&j#NGRnTQR#5wXY5BYiCgL0 zNE>Skcw*c$fhuEDwh9!Y;?g0%7m8ev_o ze>xfQ3t+wVFDiWfw_4wn4B<06xcpX4J@eySfXL=YPOK~vT*@)X3PK+AO=l|)#;*@w zH74l#A`Y|D-tm9k8thw>Qo9ghs)4MtNnw1UL%Vn3E+gyNeQlw2s3y#{8`Lu;rqea^ zda1{PfQ+;{s=sCOa0by%$#OSwsIUJ{Wg;um55|4w2cPckOCL-ZVCWrmwZQj0Ut=i< z(UIEC7y=_dQw}^_mX??-WBu4nFZylvMAT{WaO>=@QZ9}9$o@FxgQ{;&A2>P}Bpudb zR*rVpsh-*qK0)@&1~#3^n!kEg=xLgsO~vXvi1#q>McgB#y2nL7hyQoQ0HJF2)bT}k zW6!zJxKnG#`*?dl`0t?`7=WDjeZi4FgvV!1mv3z<*=;uB=I#K6Fgl*d&ICLgY$njn=!1sz}({VSdFHXB~doUN@v~IsivtD5v>dx026IZf=i(~~{biGYr;{(;a8tXeiBzPa z`bs~%g)RPUAPee~GPxwrkp4yHy40I(S44UJmHbbJAJsWy9=ts$CH6I$tlE-!d9l^z zQS;}u7Xk9?tXnsVM&KPJw*YYQ0YZAqS9!73eC>mfqxf|>|7YwNUk!86r0q4BYzHyz zEY#s{SCGACYQ8qmRl54B9yNp+6uW+$xOzMksVC)io4;tM0cgW&+VVK-u0u_b2XY6n zSe>8(&SxX9gQtn}8G-ZeBD^akQQ7N<^83ELGv@TZ2+t>8pggM!0wv%5=KqVayFTj4 z{o=|5PBcJ+NCjaB*HEWGo9g>4_yJh-^yN3F+VM5a0@BV4kDRs<7yWaYgGh_7MizlS z*556VFdDhGG^ECETfj*?;6M)FnO+NfC2BhK?$rT{{)9r$UCjizxyh7Ev(x<9)G=?V zebfBr3#;JUo5r4_y6j>u2iGml2;U7@2;cR$Tw?kvi5c&fI1UrXs&a%nSqf{ zb2`w9*<&LMPU6Zqk3lRs&_zxE`;Gk};#e}S|5j~RSZ6)nMOw~|_S<}ZXPx+b{>yq= z7FtpuJR!;lgdQxeig*uru6PBL0@1m}RQc=izUObhkq@An&nx&na`Eb)?q@07PY!Yw zdqJZzK6xXkGf^u0MN%h>`H5}Q87bv>(Xd*a0u$1YBm|PZEg*n5 z$guzB@fg&L-aLQs#SfXqOYrS?v*`W)<^^KXgEa6(lgAi*udnN_{QDhr8lwvM*PR>< z?yAv~45E>9IGZ`}pyw;Uo!SvUJnF-(H%OYu4l*Q_h{eSysB(j=yy})=iteKct5uPhA&bH8bTE(OMv(FO{7Bb+Z=V) z2sU|}{5Q=EJW^Cw38ph+Dd{&}8|QH{#1*LxKDGst<>W2`)_~R9DfWk^UT?nE1LoVO z-*CG4mfhENpAu&iJP0ct}oHv5;Nv3|w0Q}ZYV%>+_K%%27>D@H^W$E$Gk5p;T2@$-9;kF6PHoz*ArT<_7Q5u1vB*Wc=P=TLv*Hw($bo(y zDCPe8lLYeHXh=M>)rd8jnb5Mihn3iBg7X(S_yN1uYR$~VX*{o-d7I?(uWVLSJ+*J| zk}ddzb;Cv1yD%NWSQHG@?$^E7CH?=!{K!ZSd^`bDx&bPqTdy|!^`gGue~oUFle+EU zs#)%yCq;XAd%@EVKV=2 z_8=IjXN+r7|ZhUhWN9uHvF3Xp#p|U3|_jiuM)>CGmIM?FDUqs+zB4R z?Xxonf{UfaW)sIHwGRADpYy1io)KWm;h0iDB8GWJqW`)4st7|yD-GH&Vp z!Pri(8$)iYH3{cX7?v_=yAefnKC%38Tf^Zwgp2ZV^Z$1ozs;i`wF4dZjG_V-=n ze1xyskxjO+U(80A3Ap<1bqarcvxF~vgZeAuS8GqgWV7Bk{FL9bZ#;O(uVU%>9{+B2 z0`YgfD^^v{tIrO0kkgpCsWaU}H&lUkUZMJ|QO#yrJ(N1J&{22Rt?2QZWZp^IJmwhA z^kL*aSBEd7MH=7O`MQ7Nc-{Wm{3dbW-s@}QA$(_^!inxD2dcv|n3-84J%4m*^V#y; zw{K+EWcRw9Z-@s;!!vb{@55a)0?*)Y#}8thPIm`fmv(_h;hQb5Bl~Zg0$CF)Dd(={ z(^o87*JbteW~e&cT;;htZ31F%)^lG?VQkITVx_VIF+jn);0_zlwRHCD$0w0J4bF>e zc2>);t^)^(%bi|SA{zqJt4)t{;$xkP!4f8QTZ69=6#7Hm-TBK=5U#$27Omi?j1rq> z|8$@?%0L<>T5Z8LFqz-EWATnN(T^L>9URf*EUbD2s-)}^j#SZ-Esd-A&4S>KeQdzfx&#B=32yot!reL* z1KXjksB^OfDV9!Gw!qV^D%lEG??(%^=bNMuDLZTH&wET(&eARckUM{EXlf1_75C+f ze{80zVrqx;Mn3bM>A7Pg#_3H0B4;xch+_KEj*H{*v-Vy`mOR@1=$co} zH`o6`1iBvL^X2$_>YPvgi&G%BK@lY~H%&{k=ti?^-lAvRU1}${Sl-x+YpV99)P+u(rXc*46n{$O z+H&L^1BWvHe5H8_J;}vSPxsm=1d%f()3dgE9C#v80_wDhA9VFI)`>(ZD*T^Lel<0c z2p>oAMaw#_r!M&y-}>`*ywndH>L;o|dqY54(#mch*zXT4^#TRS5pWL}LvHt_v}h?l zm7}?J_~+$sJh}UnUg=FZDP-ExiI9;^}8fW zRICh6v3CmoiIA0_J^(Vf1o&hbCLpp{(jc2?K9-#`m=hatzqq&seEoW@SKaT z%(i_oTf&s4j=c5aNnhnl-&mSz{aaYp{KL=vEZ}Z5Jx>l0zKjyw0L$I}Hd8CSY|tte zER0{KwvgXS6!Z6ft#AEK!{Hl(VdiEVOifI7W+8nlgS+7`YnLI@UT5sb=L+!=(W}6l zvRu7#_8k7bFZvOQsgVm!&%dfYt7kF!$T!?WOmu>7upA!#I zWeT`9o%vjvh#=21=Q4#Zj-mnA8_%u;0iHj!3<;%%ZEi%5B^k?o12+0Yk}&+g>!wnX z>N>nm6G+Jdt`>`IjI`=RmPD1Rzxr5)o_^Vv+F0 z9kQbU5pl;Uu*UU+g&~3J%7BXZ*)bzA#I{o3^tiRE{CKGaOrR=s@x;1Lfs(vy{qy|J zL?c(GGa7MqTP4(#9>a~^E;2CmRO~RT*UVUhyolr%2@L{Owf0uAKVO`ADeZt1tv+Gv z1H6hEruo$U_D4NkCYuZno!y@a=ZF^YTAxg!I`qu@V^U#IpC9tWSp|^MmrX`{Ve&RU z*Z_sZ8@QW-Wp_LDeOq&EGJFJN4o8MTvFRW$z0`Q(kJ4GR`#1j?E;adl zmO;P-IDIj>fi66~elb%o@5-jEzobu3TXKT;Q_J}SJ736emv#R;7qk#}dNGQnoCAQ> ztVPT0a2D_{`K_chp9-o3K%15!+ORS$qWDOQ92ygqoKLpMAo`x8nYDnx1xbM0G?((z zQ&p#GTQ7_6+t|PDJfaB?wxP=XJNZ2-`FQ!34P`T?z8ivm@aQ_*atPT1%T=3x*@*_c zvYDn|A#PUeu{27;EHn?o+}314d&k4u`fp(oj_EEDna`rXUpSy7R-R9H6cm@+u)C%T zb^C+)Sn~iCFNrH+9|eJp;OhK0CDPy}u(?>&2UobIjz?(W@fS9Q2(RbGlw%+*_eZqX zn_#-uob~Gm6IN#S?(5u5YO3;u+Xox5pFyZoa}+pDa^DDsT>^J_emR=O_I}VH7yTyR zp2d+Kb5#-8i!8=}ZD4ZJ65gBkt&7R=T;P8B0veKA6dN~+Iv}U5-u7yqQDm9h;{;S$a{ej!%^IOD;mi}-X;Z2`1?ql!l zg+c#IEcbQF+v6Sol3gwLw3zUsvsEmQ4=MZtCCarG1Lgvh@Lk>|tMGG0Dq4kN0FP4k ztwl8Qp{mcxMyt?>c+)Nd1pfkT`SgPeUnhOF2ZG3XvtN*x!N&bO27zoouTIY%&Gt62 z>4#9+$n5vJ!7%!|L=6qw8c!~J!%?bh1!Tc7&&P86$zSq!s(nq-g%8~=KnMu+`N1bM`wfPxW^hXbMwqt5S;4P&By@NA3|og73316Zo$9p@gdDl zhSvO8DXAXQo2a&8_@XJ)6QPW)`P^~f?Q%iAt8QzV+I5`ThPxHltN2nw48||;n22F> z1=&^q;~q2SI$XH5GLthH46A_^=J3c%yqXj?&AA~Xr7BuQLDIuJHtaf)&)4}dy5SKv zC}4f5_&GL+Y+uRS?tMLWkx6xT=22;BpXbeFZ5wDB0!1O{Uy3;a27!0%bA=82w#Nxi zDQMUoWlyjryd&(tEyS+jZhYZ7|2!?80U0rY{0A!4p1Us}36emv%OoO!PNLE(E@un( zWCwX~l+Z~O(uwhGhB-DRXLv91l3vY?2tpZ#W6Zd2=p-sC@18|Mk87=0){^8b6334}<+PFKw8i5bc{DKfHZ6@EXJT#lmOD<2x$Je$ z(wV#laYc`3%LW(rn#L$rbVDGU?_vr~%|@GE2`-DvBFNOBAk1XP;?;ROt0xSK<>gHs zzDbw|y9PdBFyL&)*|85$SoxAfmp6-PZ`L$AW~}dS(aE9CJNAf`}IcjK0|RQ&Y=h zn?C=&sl%{Wg1li1%OcVJ;E(;G)dfiB%5UGYhX>OxJZZ4qp8;*T_dNukoaoKHL)xB= zIX@KABoh9CmizjBW`FwID#Dgp^qeYhS8r*(Fr;Eu#$UPsyZR&7vW0d(*kmwsw?UTR z-0~31HNJU>buytMuwx2|S1Do~};q*5q z@pAsCotwRiF4L@Av*})|4%m=%Y|rxD4&Up_SRa!ZoLBVcz1k?SosSvKmJbk-Bwxc8 zOrQ=i+Vj_#*oD~ zUffXNUlH(!quk5q5`zP1B?`$q&JXe!LzCI(`wP(~hH`kA**T_|!|F!$PE-uV^<+?n z@_<+=c9*sBXs!?1>}NKQIk5oJY_^{>VGt9M4()YrHV8=0 zy}>TuiN_kU-Yia~r$&IM2IPr+vX5L!T?g{=PjH8XrYlJ0-4Bd}sw-PEp4qsProOOW2l`DN>qs%m+E#6T;#APTfz9i zMElekJxgMW-38?+_~`aTxk&NI)1*JQ1Zke8KVm(0Y%KSkw>iD{Sa;oe=tPUEL;o6s zSfq!rlvSuJcQt#*@pD0g1he+3sj0plCZiSbnDp4nj87S#lj=!-ozTdAeyJ$kkavYr zkM z>%}b4<~X&x8C2LM8HI>?o3pfI7|F4Yi{#kOeuNSvmkLuJIUz+1yNvqG;o23 z@MdDtjZytD#98ejh)pnzeaVwvZ%tukFEs+o#V=AVzOth^x=%t#DG0F0b$+&fS3gd8 z1hwZlhP5y;d!VZlq>^-Y6cIb;OQ_C(!rGaoEq=k$J}jVq#ZtK|^LSZAHXEM$bqWsi zpi0|n2Rys5Nn{JkUZn;#9JdlM`sEr0tbzAGX;4SU7(h8^5(r(( zx1Ic#WBqD4o%N~CqA70nJ$C2h*^E7$XZ04mSsw=g>l)9167oxMY|;3l2&Ko{h|%CBK#hi}((hl5x|?%!PXNxb=32fYYVx*_T)u}m(t2fb zX#dHt3V|mxP8K#uSuJ|vq2&%gpi!Wgs%!uX#(r%RZ~tHz@L*=D<*)eUN|t?`2LPCt z?xikp5c}(aBn!Qjl-DkgV1>GO=Bp3w{nsvwb{zSi?gm!T8FX9O=!graroc#ETBbwF zN1BZvuJt#MGBd6S>*~$rbb(Y5ObP+NY> zHSD&c0oSh19u>CjdW@xz4bm%?!ppU|>=OgmsLvMmVI?XnEe^+^!|VXr5w zOB(_eZ2Sf5Zc#DLUJ!{orxxZ7G~V*;_?m=V12CUg-e_;9L}I^4 zb)#+*sONM#xf?~O2?gAZJY1i&fo>63^kfIG-P&b+HRG#eT55H!N5#ybT$2gJhEpwI zIBFzH2l?b`sojiUEan=k*uFu`){*oc>T7W^B~Ja_jiQd)AG7HOB<-`&uGMWW9siH( z2@RzHs^I!9yw#v4GS04*jJ%U0UpC{w6)6&8bW%ugt>VbO>ELsJ9?)oM!}OPJnzUQM z=@0I&tmE+ntJV%XKf4fx1a#ta5+}!o={L;mOWFLkqc(OC&9c?YY62f2YVM`syVc_m z5ob+T39n~1r7!~%6MyfTM*eV|LG-*};IWww(kQA~pQU*h)Re&2JW--gyrNRfi!&ei ziBei75T`}+mgXfWJfU5R7&knH1v9n#X$7#-PJOy1MSAs|_1DSP;AsB&2i=_%&Lakt z%$bRWv49BT>L-N-Tf23~e{4wbhllu7rLJ#Z7^{lM0i0j;FvG2BC)Kyy@{Ma58#ca9 z&%FQ>{6w-uv%bW;G*;SGAYBG)?z{S7ZD^~sS-9H#{@JRwhRkdOzq=CM3eB_8RG)L4 z8eL%XOqO+`!5N*#sfANxM>TI`4k9Gha{B`Bs>RBn{S;J1yYm;GZnI|(ocDp`MvQE7 z+zi}rez-GI*3?v^{wSwoD}21dOgJEiqFZzs10YIYhu%QtT8r;+%uqdRldHGGd7zv3 zJpHo6`y+Le?PwjZbB{R7uZeQaWK}5*Y)MIo`3pQ}YH38DK$FY z(#Acs^pX67{F96V{!t)N3FmmxSCxZ>U;DXJbY+v37ZN_8f2Q8B-3rw}w~6*-`c~s6 z8In8KaKGB2v&WK=WoCXm2-sF3$KcU9mvhHg9n#G^rSrP@Z>y@R+ICuz)Hukcgk;HM zN#*kN?&-oKquq~|*MuFrTcf>C0di!Ng7pEN(!>`QvB*P7DQdl);AY&;ZV#^)>oh8W zr*FgTUK%lK@7mDQ!bvY(f0KgOc}RkQ z{<(iIzE9jYAPPTRyYg)XL(*1)R=Fjj@tz47mt2We6?UgLRK00OFDiCl$qfM3Pk%#S zIRrMU-+9D_AtV`YuHOY!23##SuOn3MT(2}oS@-R0f3d-&&5K~T_IwGhcIo9x6IND? z=1!_;K-BEzZ%h<$4+--2p6L$;u{n5k-6H+c;??1j=d(c^i*jllkeX5JQ5_x3%T90br-VF)V~W_4yurB zp5!HKG>TJ z;NW*g03rA~DK=eFyOcu15cx#&GSdMCW%Ir4)cs=9BlEI~Hqv2Wqc67XkByCm28a_# z?d$1w;f|KgP(O}L0|Iw5x-D|N)dfxvxrC)L*XlzcZg3a>P4?p9C8w9swk#%r;&pyJWFzkM)1|rx z-@Cx0%O=tat7uaQHI2zcu&Be+i}hFz57nVdUdQ zHz*c2)i2|P%t|jIEtl0To~MllflqQ^R1bI43~Y)z9ls8*IH(4GfL)&DjC@P3r=&? z9jOJ&fGJ@iUx714fVJIEBVDdpZC~hU`Gkhi-z~*+3x!#lnWsaJKy^`C(Fg<6(I&zA ztQWfYU%ZQ*nvNIxj()J>6?HmEj*wMoGSEjJ`sl>n2ZAd~WD&B_ZI@NbN;vcFz&2J{%)!y6(O7o7!R{3i@AMp?wR_*;|(w9}S}LJ#~B+m~Acg_Pd4M|djvz-%?Asm)|4~F1mG=NdPq~9+vptO(5S^$A-nS{Rz%TxboqXw;#1uvuc%q8!cM1c#VyD@jwstAu@Lpa1tgHuM3>Sm7e=-w_JHVh z59)UHrDZ80nUi&Pv}{Z(s|TU?zly9n!D ziJ>P{_@8#dz9xyEpZBVI-BT;-f<$&`-g0K;91kt#XIb9(-$A~e<6(gXtG$mujflGATF6S00VMCJ-V^YZVoq9uo{tSq#0ODf$*VwD2=6Ou1rNg^zz1CVab^L~5^BBvfiQRZ|d(96ZgzryPGv;siNR|e|bz+F^8(Kf3#Lg&heIU-M5>g zL-IaC^dMGUlN7<48CSQzR?Og?*PM?aT=HCc+SX-k@XW(zZTCq$o~CHY9ZSE4Pmt4X zxcd_7{IF{tHFNrUqYHM<$Et^dc?rYL&rZ4!PIW6^D(ig}r5gmKTs*9(3*kFe}_l=-MxYI0@n^SK;~mP2A2G0wrtAAF^nkw0C6wF$YzGcJXr5~ zhD~gLskL0sRO#Vi4-9oRXU2Q^RsF`7su58mBcpNI<{BVIJ3T6Q-yA8nyQWjTHJo1o zSvv#??AB2Erbk<%)~hvttNs(hX*I&f9;+CJ=~U}=+k*sX8vF4?Jf~_23_+cH=T)1m zOKD+{9BCcGgcNfwN7`u zDXnSAua8F9CTh*%FSON1b_0`L4vO$Tn4> z7u{D%R7+U}jUVyyjv^RY)zSo6A=e8h79ZC9MRA!jcc2G?eJZa2hHvGbgUh}s`uWi( ziZGi|nY)aS^V~6A%{3|g=A{53P`!MwKuwz!*KaEZrRzc6K=>t(qkJaS-tahCMYF!N zF2x4pNM798;l)%0ezNwqN$wE|u#22o6bzCAppkL$nyO8Xq5nCEtgij#?0{BuySJRK z6{tQspH+UL2#0ZDdLXo*RpZ|sYb~ckOqeVw3(NMe7f6kLEocbPd+l;kWBzWo2lu% z=3i|X-yWXOcX>E_+u%a0&{-XuY|fWOZY$lPqH2T;iYjo=#g(nSm1HAF^}p~j>Q^5K zb*P{e&$(&l<*A^I+nPm062-o;H-6fI_7rD5o{ZY)m_Of&Z=SC^9v_PLJ2#a23h=&` zzUR2XSxLvgJ0eKTz^r)&>nPkEBVO|5ljC!>rxjIINq~H`6A!c$3E)eY@_4;G58ST zwNw&8l0*N~+2I!l=zFIao16uJv&yp@)AMJJ)?7K+>xs@61UYe%`%~Zx*brCNfJ7U+ z^?y`aWpFm|#j6`YPTFLHl70?A6g=?VsS@{1k8RtjnNJ=YQ~v_!teR5b6RRMgL=NR@ z?H|x_3-#qR=5N$o=6xZ!M+Axh*_vf!m^nW$6ak)mf~4aFJ#U0cWbhVM**yQj3Ft|t;X#Ik6{r5SxeShq3MFN-5`|{Kao%G(H`~^U}l>f86&BuT3DjY|` z|9?Kf8_$paB^3rYGJ!&fz%_CI#5*euegTdqkmf?%zyA~O%}Va?#0tEL6>ke|AQ3{R zcPYtc&(;55ZJIZ@diM?2pz2yzYfk>0A3uInR#l~EQjU$Mcr{x@E@HI#2%+!?>jPzh|&dqb5#G2i9RUSejfa@N6G*MRc|S)dUqVYr2P) zRE>q0%`@KaT&$&nOi$0cFShkFd>!&;W@d(!OZ3Ha{@{O5T%qBQf<;~WSkfoEJ5iof zP@t#R>BP0vPypt5$~ZqCfUfW=DK0Xyf{NSC6FS@i7UOYdeel+w$CPh);stRtejtE1 zT(=lXM^{rcIJgKTEa*)<;)MHNvq+0#6pR7SbwB1}1$No}(alXtK+Coq^@jG$$b@=E zy=f1jKt1_tmR4CJ_$(c~ghiF+)y$oI0CU9XctM%)!|tHyG}0tw(YuWrBOBpgBFm4^ z({dX6rH&Br-1meZvs~4~>)=}di{byvBnT-U5-MrodBSmU+G?R!;^1SB1%+fAE(nhlL?c2GB!2= z?t%CxIzse&CANc%`ROJ{<-^yni|E<|CEZ^@A12TvmU7FqY+cD}(nDhzKUUfbf1FlC z#kraPon_lRiGIUUycS8VHecbe=6)`b=R4D=`kHqI{r#^wtx@g@PMa;Cie0G<7 zcRa+Dx)#5D($h{*-t`LPE79n|7%3(9>#dP*MaOu2!&jx&SM=X6NefX6tDUa&=zrn)+3VQkQ#?2u^NozZ z!!KG`PnC-8u>CRDYmY}kxbUD&gEdQ;^gFin95=>)B2^5x>6~DPs|OWOnD*AO50t5u z46C%dBD77%dCK^x+Dd;r^eu|9LCX2RIrn zSwS9eq8H^d133G0*Z2cJl*v~dNNdJtV`xl$;U>AXhm2)1n$EGy66UBz!xco8r>=a2 zN}tNgp@BX%b|w4O$*l1uM>XkK7&Q397L0rB#D}zo`fX1Pns#OJXK%d&*0vSYKtnkC zHH#~aC7+|CX?lH+*#-Pa}KU0UQxozVszNszA^T zk~z2n-g#{W{S|vQ_`}Znvk5kMf-BTcK^0i<6<4MYnZnQ!!zj9_Wg&D3mwK8I)nrAZ z*^I`KSVwaehdn)(gi7Hwut4_Zy1|86{I}lq>x6D-bmVK|Eto6ad_~`a+qOZen@oIQ zppecfQsxsRmx*PQ8T(Ys78%(ZYT#62I{O66K-}#hu-Z#JChQjQE)31liGoL^_@*4q zxi57H!^fhl>gqm}7}rhl=0aQ~qU4>nwK;wc=+R0=?sWABo@IbJ+_Yx6It^x~rqr=j zeAo`AFh5F@L%IH#xt%j6X%`1+Hd>&ZrsaauRV>^fh4T$FmVl~z9am@-v2V>!`e!)J zLsk0a$y-j9X=ei3sSN4Y;I|d1Z$?U69Y+>ZmvVoZo0y*-YflAIq0SB-lKDA zx(z-GSv)3w#;AGs;mxL(iGn@K8Fdp<eFm?l;KG(qbN`d zDdBa&t`Blbl~u~qFCfnQxo4!;6*jZmHM6I?b^^cbQVw zktvAP2UkR&Cl*p|veGf}zbSs9$Uv$9drM2$z3}&5@yr|7zghr?*#mIy72@lUJ0RDU(c*SDd62XVCyGaadtog~1Efx9_+^ zGj#Kkz7=L~oxNULB8gD5fysGsoIRrPAfDd!#Yl z+jN(70mFV3ekhHw9HD?pxNK`8={V`x&)KOsqCdqemsS==00x_iXbwhP_DsB8CAXU6Hut43{0_{5}=DC`Py&PN9A@y{!khu`n&=@tcvd z`Yc%V8WmeuB!t=}8ejE||K z1!$$~{g1oflCVWuriZKPsz$J=Ym_Wdxp4SXcOn6w0*vP`8s&6a-|&|9M)KmGz4>DD2k(qe zuZ?T1Un`YkwD6L`aSU+NL}T~*9a1Pnav-*TetvmJVv%347!NP+}SYB9@W|(#}M<3ll|0 z?31xG91`Y8M(Y$a4HRDw?5SpF`79xT&C1#ti+;2?{pGq$)ux^>BiX*)@A= z897F+6n3XiGfAA}63fp{)2{K4wQ_%hsC^}6X8r_Q0HQS?Mx$5}rpJXfFV;=GTv2{+WHkHi!Hb4DMI)ubmjd~a5@udr@Lsil zdBtP{cP_vVcuTot&p!b6o*Y&Q4aE7?CyO~bpw^=z{hI67x>!H^ZVOY_HJGu*5(GL3 z%`85&$+^JU`Ac#{9{+eg%gb8{?$#XdYUUSTuX2Ko>{CRTx|h#c@zYb1@ivFipg3o!w<#5Pa+=ImoIL&3zC(OoJw=&k|mRhdsA}4aNjvlc}eB74E`4Qf7dT2m`{q{Y1it=&&%= zXqXiOVlvOgR_6&G32=F|vK#@q3*?*wQPiKS%n6r0U8xNezlLYj4QLN~R3s5nYSm6Q z>(x$@z!wyeL5YY(w5J!>DUFrpqDRFF^0Eu7)w9ejlWn?`V6dfM%rs!Cc68WcT?QZ7 zf4IbOKLp5OfU68r{m#<|T4s3Gv*Ign-cHug9S_sIEN=|+Jv`ZQP=>m_2W2a@zN8ZQ zIUOmMqQMrH#S}nRN1;Y%~c zrW7$VpZV0_09@3rcWuW+5x^AxMkoJ2C+qH2Vs09|$PrZ*wq*jEn~dJ8OIs}A;n-|E z(SR?{1>yi{VxoU_X+u5FtnyleDe=e);0BVUk=b}4()UYEXG}Bqs1RMm!*vhqy&KpC zuDmcGN6MD_3PGm1I{TaCVqQWYvMx8JtfJE4&L!Z*IR?ZFs_9PIdkO(KY>etX1O=eG z<`es0`@6xXtPU>cCiRQ)-o<0cCObMQj_>~t&%n_vb`2tb*jl{NEQ*i6X^Z;p{SXHa{8_}}AqkJHI zOpN>AdWhEJx~z4Z^p=7^BXWM8T8&=W*-|e%M?s6;T;=A=b59$t%o|_jKmGLZ5VR6z zG+9&Fp2dhszOsk#rH5|`4AN#x$W~koVTn9x*2ma>I3B&M=& z5yqNrgb-seGw-?Ydq&Uy|Ka`ketORD*K(gZ_c_JAU`lv8u{pA z>Bvo~^2-dsmQW~2Q}ex6wh!U4Ly2eN)jeyWw$*pF|1NpakPJH6&X$u}7^A0G@|F2t zS?fdQ49>QV%;Rm4tO;H2V4_MndFA9QetZ!$0twJSX-zmPh(7=Yoba@Y3ao??@LdI8 z_y8qi(=|ztmml4$pn#B7;_Qo}xcP^Hlg)%7y!~ZF3Db$BX_S8qkmJqM;^%EN z1`h|;z52)OlPb>?aEl6*a%H^4p>TNaVt;I>dRy4JbxR>I(3C$Bf;%K2v=YVkc)@EB z33rFHtpo^GhQmf42WtsyL45++;8*sAsk7GjY5wOQI^YT%pc8h=!4&aGe!0g40jS}_ zPvD*jzw$Yeb?m7D9rx&D-6<$?9raVBUiU=DKD^{c@wz{<+4DsuLbnIwwt?!V=9P#S zDYr?OiaIiz$lHwUAcR8QfKuD|BaZo}B3b8rsu61&N z{c6ouIuag}=w=Feo#I2OP-}o8jFCpWbrP=W=X2<>JiC7|O2uB{+F=0nrlAy7s1k64 zalJRP5Y?Ti`ut;eT1f$}JP!Bn@Yf^A{l+E*hj420 za_sR{NCXk8PLktVEax?9FF2V9vwI33yi%q-%H@0z$S9P|0iD(5@+D;BJ>Vhbj-u>~ zvVUG#f!HG8U z+d&f(y7Y0k1VwV%HTe5oDG>0K8^~+KIbLwERzYtRFzS@@iY1iT;pB%^67N7lA;qa= z8&;k}=z(K6? zkTkg%OV;=hw0zbhJs0XBL-|td_A>AjD7Y&F0{i6jH670~I_5ib@C?fDdKyG{jXN!S zPC3mEbfn$v{Z(`KDu7mQjGcuhCFuEGTv<)r+Xta{86uIv5>?+ep~XniQL50sR4dMK zu_%DH@G2hvT4-{N*IT!Je-K38((6L4Im6CBn*4-qziXPZbK7Qf!L383CHz;_CO<4O z;uYKB;dv=VticX)(K=>U?{}4TTgcpNVubXd*pssyTKiIL+_%%ad43bxkP>1Y8{urS z?=pnt;cH8Tso0>v@t5|b;2TOe<0pKyeY)Ly00^fzlFrKK>b|uZ(Ori=X>V2R)Hs}4 z)AR&;A3{jg_=lzT{kAHa^D14yO>cgID3>jIgd2*diyXtO++NlNx*~(uMO5{U+r>k2 z08_*EXpl;qgq_eIhtO{Idh!V?co}3sd@*sUXwRFw!vKTn7e9YK<^z6(N}rsxkm#H% zZK|VWPH8W5a^8d~4^a@0*HBizdMeNKuo1~_fyVmvNwVzLi~B;yIqZbORe#nwVP18@ z-Lkt^-Q$RJR)OJabN8j-Es zA!&XnYD6n)M0b_0=+p0h&;(cqo{S@XJUih_gccy}CJ46m1{B%T=D6Sv!haw)%O+lKwj2O~ zk`lys7ILWQ2bFgvca-f=D_IQrVvB#)xPRkQXgn^k&^K62W)Xj~Vh6?X7n)g>EUs!J z1D#LAZG%7p#qD82RAgkH_>|CY+fp%GBT?Vw`A}J_1BptK@QoEzw4)FKM4# z*;ZS8wr%!uGwYv{1DX7ZxpS3!&(H>9A)P75Wfm5r=)xkjst0$?4TdtX4O7ge53bEW zB!Q6z>s!$3sC@Ajt@`yHQ3J2Z?Ni0USXQ%ou(WgcbXVNA{NksDc8rnZ5dL%RRc_{M z(0e<&$k~ii#ys~rRZ&3}LDr!aTs<+U-0F|aGbKpiFH~H75x7&QA4dpsy z&K%E)z!&x|M?p&LXGKEM^@x~flG8&N7TA#t^iNg=;RO|=Aj4+Gs6ol4*o4VjCAE@1 z%-Ao-^}PPV@0^`B!I~0vT8hC!F_pOeHp`|Hxu)-C3|OAj9VF-UOj8Sm@9U%XLjLZ} zTex781Duj2D$8C!qML$Oy`zWGG0)}6}@ ztQ)5+>)QjE)f1$+LKo&}<0pwBKE2ZRyWykYW3k9OR)-D z|HypAOuhFlJGnDvpYZ5U0p1_vfxxuw1|cQY?Z&)zs);=(_u8`(U*(nAx%TgMF*$%< zMz?$wX9YpB^HlcxghJ*#)_~$mvS(SkED`eQJev)9MG`O~Exf>lP(0)qpHs8)sUHW^ z#So(W)$nGD+?o5kR;OfNw9KE`oqcqJ_?-fKeZ8q*`4^%t2B2fNQ3!9z%VPyKte}bc zs!o#71!ATzZ+MJ_#k$z74@yN7T=T5J04uTQ`Csf->up?*bBgEEqX*a=)Ct48_zj9W z4N>pN$BcTl77vmP2v1n!&|*f^?+DespnOw+yvnlLOV>oZ$XYFgSREN^*Y3LFEIrt` zS&hD+Cfj>GOiD@P_5 zt>qZ>cV3AqcQULcR^=)Us){Fs>R}YNZB<!WS$j2B=TN%y=VcHQeq`K zBwwFWZaS?IBIzKMp(;K!{$ljvm~#H z4v$?Wlv7jWlnup`?^s{M{hb`OYA*)PZvZw-$CA1P6jxtOvpH|dCts~iR8lfs-)00^ z9f=m2Nfw7l_wgjgan<>HEQCh44(Dv<_0IQW?JdJuq$VDb7#`szg~t{+;55sUdy<}sJ$^<$v-C2?w*+ZF;?`D|e<;nWi)hEiEd z(>H2F4jTAF4~d|UbgB<41*+YfZv>aUsNP7NJs_0FU+!>4^5FdU*FSxaiSi)ToMTPL zd-zvRP6U&Qlha+z!v!^M=dqIBh3!lIL>klcT=5KT?DG%_;{RM3pc|Y#=Sb8$QH2&* z1?S}DA;KlU1Cm@iq5aQH+lRXHfpXzl`BX~H<)Trv!~D$rp7wJpV!a7$oHU61%y1WukI=XnY~dduYeJ3M*Cb)^Tv!(Q_yvO zZ?KAYY;p-RdR*ceq5j0+ah#IM?URfpGijH|uM$KG zs(I2oXWX=i<*A0fF)_)MwcjiOap=+yT+`$P$V$tlFC~5*xB-M3DIB9*cOxGzRI%}e zV_ykv^z%R(1$Cxv&SiApZ|o%H6d0*7P(?uAuQ&bIX#&oa?$g$g54kHgY-fw_ntGYE za8zOFt0s2SSLKEBv3@y;|g)jjo@`!V7SDb@-05ERa3 z(?!1+sz8&0N?T z$IW-RwMr9s(jyf_2UT|srFpByVag76%3L=cHf#7Rc`%q&E%U(r9@f=v%DvU|>MY%G zl3LJ9Iy%LQZCS2cey{VsdTcw3`^!S|IOwk4d@p4R2Pe5z()h1g4<<_$GxoSN*|cdkPgc)-G76u=q%LLL%&J7 zHmx+wU|sGcDdo^QzLTfESuK95`bnFTxp=dU@r1BHnPgSXI(CG)d3Z{gm3MI&y?c=5 zz{F2$9st$X=NHg?+&u?&bCFvt{+BIi*zp!D{_!=FBazIhD;CPtW+j zA8xon^DWV4b~4uq}Zlt;i%QqFlNMV)GrE*vMT ziiWMpMquu4dXdR7pJAY)fKzn!N47L8KN2~q%TBK%|Hsbu+;bTow(%x-U+}2EIfbo? z91DSOkH7^33^J;~-WAa6)swVcQ0KTp{uReewkn~%Tmc@kZWkDm?=9Q$So6GVV$x;= z!2z^W_~Vv=TbI9wbTsEP2;~?0y7xi#T0nKPC10)_#YGAJf1}L58F2am^$I3!s{N>mea!Ee_GQ(x0s3jM*M)w34EYgi2jJO4&!Cj= zf`I$86}++bGB`A30I%@BuC%6E=chI*L# z<-)EwSs*z9L{I(=kuq->q=MP7L~^&?K_0;_^q+>1>H;_;5b$(^J>}_8?zXy7Hn90R zjM*pbM5FS+K+zW5{2Eiu*^tFm%%*~KN~mA?80bfg*d`wg{0wOA?IKuX9%PLnx|1Wa zH<`K712*ZfjD=T2;q2kdKTvFcapR5_qjX0$HaI?vRcs$din?Js%pQ$CfS}mK1&t00 zj8Tvv!*qK7Ved(#4&{7$N(^3gR1~0{(=EQr&0AMC@BJ{@!H8YS$%DJ1z*rLvzg>$= zH@6+raVP~QV=&7K$mdMo#>O7JurFQReyn&W))2OW`Oyh1nfv!Xi1&;u)ef+iAm6Br&4v)^ z@r-ir4agiALB44O$j#A7c|By4fs!A~-haTbubfRy9Hv~p`!Cr4SE-12@72)MKeADw z^|x)z9|wD?pN7|>ClMY|OdhOKKZn-gD%28iJFF()Cv}j=@)Vt(}DF1$19A z>iNVt0OpANyWnG~-qKinD2=0nz>eU&hNTlSL)<(#OFF_~-11$@max>yRRc)Xs@?M7 z+6K=pXaqG@VG|P*gf7NxBB8kfuF3~T^gNq(M5EP?kjg;XETmm+a`9G}&>lpTH~q7} zUWBcRmN9&26=Zx=)2>#Sy)A~CAH2W0Bv#{O@0hw!Vx19( z2_1sL^~0aGBc2aJM~-qgIDciY2sl#>)%m=yVbok>RAa&OTHm!5tJGgQnJDv=Bp?T` zh$Ar8*VSG{Q74*(*G=b>^lq-M zZe!!vtr5Be$=KP{S6owJ_J|(g0{5Ll2kjlb$VB6*H-3JeW*pQi!xyGK;~55Yo2#sm zK;P-VhCXv6z)Cs`Yx`no4b{SrJ)TTpsjo5 zO=m{Wilt9IuSv{-R|2d>=-W5$3Uj5xF;CQBy2KR%iq104yX_soJvI0tE9>A2zPYv% zVzTYZIx$M$HLqEVAIaE=-mn{n1hOM)esE3E7nb@$7W$3#V23?4D0eFMkcZo|PXqKC zkM#5f&!R4HIUf{x=rD8itdDB*5SxY`7F_ftdR!x_Qlh*N!wyQLCnT)V(X+jzC+HM7 z4q6smfyKJSZ@RgDf>N(rHT#$_9=kyZ1|%P(my3$uTs?y3uGHmf=os_x8v3dWBN!Z8 z=ETIrBx2mn(VBRvugyGT%|PMyB=Jp-t~qOP*wTdkh!lI?*Lx~z-<1Byb;OV_JZ z7n5IiQ__W1MSl9lZzQo*bE6j^wKLv*>b;hMH-GsP#x;FgKrRRNLg!k7tJaf7@m6W2 zO_K#U7`s|s>%|H_yF?J{PjeG*(j0>5Dg4Rl2@W?!>UwRXrfRK@g5zH?v)+nevHN z6@NOdrm2#hX=)D0E)d3Tr*@yCzCbL+QoIBG)2+2sK|u8n!<6?6j_~$^^l&{YpD4z< zp%;i1e0r4^Kw6d2d%sylzC|@ok{g6|MF%<_eJ^HV2s2wm^A4=f33EIarHnb2WOijs z%aJ>Dd)Ji^*D)$D z*V)VLm>k&^Yg|c$=T}ZR=d9T4d#ChUkhB%4jHJGuA}Q&S<*V)g0|>zw2Rfc!7TJcn6t{&w}>75B&RB(@j*fLT-LXtuA;=5 znHd}8b=(!Ig+f3OCB9Ou-{0zNYz+1OeMIy)sI1ZBX}oisg8hd5c1o{uq{JN0TpZW5 zVB7Avwf&sU#P@i47SDpl7kQ*2Yw_@xMcy;NjqkM($=;a_O_;AclH#_v5w)YX1y)UEbc z$K0X;eR0kSjkczr45UnFMn!38 z@X>5-@+rab!KyCi-?OW<+a;eHbd~jwBfU?7-WB=q)t3tHIlc?>-}C&{rKRbXH*p{+ z2`;q?(ZSS)&1Bh}Gp!=RMugcJ#G0i|yvnr#kcM9(n@Epao}liaWlGNRbCt$1jLBc4 zO{6iwvQlCkV8~jdfy-X656Wl65+Y6vj_}Rmhnet?4?b_y<59x@y*NEBeWE}R&qsdh zIwgf4r>Tfz(D2R%g$mX+@bU_}B`v2K6Jv2L=aM->7FY52ePc=3 zX)4IYdcrXPz8i@n?@k?6+#;Ku?Eka^xCgM)pTrJMj*T`DSiEb@La=$>+IdDBbmZ&dv{*n z3hN-??vJWWvM~^C71^=@*~WAiWnY@N_@k78!O`~Uanuq{5!qK!fJ^oBuo ztGk{@cae(x&KLI=*+d_q5>&9>YGe&v-W+lZb-DQL$rI&nntgZmRCb*t2r!@5`)yaE z$-L@p!#YU5B});-<|$^g9t@TxPR5X|Mcc78(>(^X>fYBe#F zyq{XI)!_{JAp3&$CwUF64M)|;-5WBe-xSQ&tJ_b|`=^|i%j^~jMaxgC8)A~}b7Wbb zDl~PKD+?A6JDsVw-phZR2@)?l-@|Q|gBf}Ejn?_X)253&H?`_}W=?_iWbKrR(H+ z|Eyvg){7F#TX-rFCwnUIet@Ui@7xIYvZ{Yt>%@)`Q zMf^ux|FP450tDfO|3oH?f&Y}mfBN|U%mSIV4_GyKzF_`Y9YlNjI>slmk2~D{AE0wr A=l}o! literal 0 HcmV?d00001 diff --git a/charts/grafana-sampling/templates/_agent_config_deployment.river.txt b/charts/grafana-sampling/templates/_agent_config_deployment.river.txt new file mode 100644 index 0000000000..c78b8e702a --- /dev/null +++ b/charts/grafana-sampling/templates/_agent_config_deployment.river.txt @@ -0,0 +1,5 @@ +{{- define "agent.config.deployment" -}} + {{- include "deployment.receiver.otlp" . }} + {{- include "deployment.processor.batch" . }} + {{- include "deployment.exporter.loadbalancing" . }} +{{- end -}} diff --git a/charts/grafana-sampling/templates/_agent_config_statefulset.river.txt b/charts/grafana-sampling/templates/_agent_config_statefulset.river.txt new file mode 100644 index 0000000000..44e8b7f671 --- /dev/null +++ b/charts/grafana-sampling/templates/_agent_config_statefulset.river.txt @@ -0,0 +1,18 @@ +{{- define "agent.config.statefulset" -}} + {{- include "statefulset.receiver.otlp" . }} + {{- if .Values.metricsGeneration.enabled -}} + {{- include "statefulset.connector.spanmetrics" . }} + {{- include "statefulset.processor.transform.drop_unneeded_resource_attributes" . }} + {{- include "statefulset.processor.transform.use_grafana_metric_names" . }} + {{- include "statefulset.processor.filter" . }} + {{- include "statefulset.connector.servicegraph" . }} + {{- include "statefulset.exporter.prometheus" . }} + {{- include "statefulset.prometheus.remote_write" . }} + {{- end -}} + {{- if .Values.sampling.enabled -}} + {{- include "statefulset.processor.tail_sampling" . }} + {{- end -}} + {{- include "statefulset.processor.batch" . }} + {{- include "exporter.otlp" . }} + {{- include "auth.basic" . }} +{{- end -}} diff --git a/charts/grafana-sampling/templates/_helpers.tpl b/charts/grafana-sampling/templates/_helpers.tpl new file mode 100644 index 0000000000..eabc133596 --- /dev/null +++ b/charts/grafana-sampling/templates/_helpers.tpl @@ -0,0 +1,9 @@ +{{/* use the release name as the serviceAccount name for deployment and statefulset agents */}} +{{- define "grafana-agent.serviceAccountName" -}} +{{- default .Release.Name }} +{{- end }} + +{{/* Calculate name of image ID to use for "grafana-agent". */}} +{{- define "grafana-agent.imageId" -}} +{{- printf ":%s" .Chart.AppVersion }} +{{- end }} diff --git a/charts/grafana-sampling/templates/_otelcol_auth_basic.river.txt b/charts/grafana-sampling/templates/_otelcol_auth_basic.river.txt new file mode 100644 index 0000000000..2a34fe93ba --- /dev/null +++ b/charts/grafana-sampling/templates/_otelcol_auth_basic.river.txt @@ -0,0 +1,8 @@ +{{- define "auth.basic" -}} +otelcol.auth.basic "grafana_cloud_tempo" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.auth.basic/ + username = env("GRAFANA_CLOUD_TEMPO_USERNAME") + password = env("GRAFANA_CLOUD_API_KEY") +} + +{{ end }} diff --git a/charts/grafana-sampling/templates/_otelcol_connector_servicegraph.river.txt b/charts/grafana-sampling/templates/_otelcol_connector_servicegraph.river.txt new file mode 100644 index 0000000000..f3e97c52e3 --- /dev/null +++ b/charts/grafana-sampling/templates/_otelcol_connector_servicegraph.river.txt @@ -0,0 +1,20 @@ +{{- define "statefulset.connector.servicegraph" -}} +otelcol.connector.servicegraph "default" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.connector.servicegraph/ + dimensions = [ + {{- range $.Values.metricsGeneration.dimensions }} + {{ . | quote }}, + {{- end }} + ] + latency_histogram_buckets = ["0s", "0.005s", "0.01s", "0.025s", "0.05s", "0.075s", "0.1s", "0.25s", "0.5s", "0.75s", "1s", "2.5s", "5s", "7.5s", "10s"] + + store { + ttl = "2s" + } + + output { + metrics = [otelcol.processor.batch.default.input] + } +} + +{{ end }} diff --git a/charts/grafana-sampling/templates/_otelcol_connector_spanmetrics.river.txt b/charts/grafana-sampling/templates/_otelcol_connector_spanmetrics.river.txt new file mode 100644 index 0000000000..1c12d34c13 --- /dev/null +++ b/charts/grafana-sampling/templates/_otelcol_connector_spanmetrics.river.txt @@ -0,0 +1,26 @@ +{{- define "statefulset.connector.spanmetrics" -}} +otelcol.connector.spanmetrics "default" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.connector.spanmetrics/ + {{- range $.Values.metricsGeneration.dimensions }} + dimension { + name = {{ . | quote }} + } + {{- end }} + + namespace = "traces.spanmetrics" + + histogram { + unit = "s" + + explicit { + buckets = ["0s", "0.005s", "0.01s", "0.025s", "0.05s", "0.075s", "0.1s", "0.25s", "0.5s", "0.75s", "1s", "2.5s", "5s", "7.5s", "10s"] + } + } + + output { + metrics = [otelcol.processor.filter.drop_unneeded_span_metrics.input] + } +} + + +{{ end }} diff --git a/charts/grafana-sampling/templates/_otelcol_exporter_loadbalancing.river.txt b/charts/grafana-sampling/templates/_otelcol_exporter_loadbalancing.river.txt new file mode 100644 index 0000000000..f2ec7ef43e --- /dev/null +++ b/charts/grafana-sampling/templates/_otelcol_exporter_loadbalancing.river.txt @@ -0,0 +1,22 @@ +{{- define "deployment.exporter.loadbalancing" -}} +otelcol.exporter.loadbalancing "default" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.exporter.loadbalancing/ + resolver { + + kubernetes { + service = "{{ .Release.Name }}-statefulset.{{ .Release.Namespace }}" + } + } + + protocol { + otlp { + client { + tls { + insecure = true + } + } + } + } +} + +{{ end }} diff --git a/charts/grafana-sampling/templates/_otelcol_exporter_otlp.river.txt b/charts/grafana-sampling/templates/_otelcol_exporter_otlp.river.txt new file mode 100644 index 0000000000..6b1c68285a --- /dev/null +++ b/charts/grafana-sampling/templates/_otelcol_exporter_otlp.river.txt @@ -0,0 +1,10 @@ +{{- define "exporter.otlp" -}} +otelcol.exporter.otlp "grafana_cloud_tempo" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.exporter.otlp/ + client { + endpoint = env("GRAFANA_CLOUD_TEMPO_ENDPOINT") + auth = otelcol.auth.basic.grafana_cloud_tempo.handler + } +} + +{{ end }} diff --git a/charts/grafana-sampling/templates/_otelcol_exporter_prometheus.river.txt b/charts/grafana-sampling/templates/_otelcol_exporter_prometheus.river.txt new file mode 100644 index 0000000000..9813580b4e --- /dev/null +++ b/charts/grafana-sampling/templates/_otelcol_exporter_prometheus.river.txt @@ -0,0 +1,8 @@ +{{- define "statefulset.exporter.prometheus" -}} +otelcol.exporter.prometheus "grafana_cloud_prometheus" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.exporter.prometheus/ + add_metric_suffixes = false + forward_to = [prometheus.remote_write.grafana_cloud_prometheus.receiver] +} + +{{ end }} diff --git a/charts/grafana-sampling/templates/_otelcol_processor_batch.river.txt b/charts/grafana-sampling/templates/_otelcol_processor_batch.river.txt new file mode 100644 index 0000000000..4c1f6b58cb --- /dev/null +++ b/charts/grafana-sampling/templates/_otelcol_processor_batch.river.txt @@ -0,0 +1,22 @@ +{{- define "deployment.processor.batch" -}} +otelcol.processor.batch "default" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.processor.batch/ + output { + traces = [otelcol.exporter.loadbalancing.default.input] + } +} + +{{ end }} + +{{- define "statefulset.processor.batch" -}} +otelcol.processor.batch "default" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.processor.batch/ + output { + {{ if .Values.metricsGeneration.Enabled }} + metrics = [otelcol.exporter.prometheus.grafana_cloud_prometheus.input] + {{ end }} + traces = [otelcol.exporter.otlp.grafana_cloud_tempo.input] + } +} + +{{ end }} diff --git a/charts/grafana-sampling/templates/_otelcol_processor_filter.river.txt b/charts/grafana-sampling/templates/_otelcol_processor_filter.river.txt new file mode 100644 index 0000000000..b02087ef7b --- /dev/null +++ b/charts/grafana-sampling/templates/_otelcol_processor_filter.river.txt @@ -0,0 +1,17 @@ +{{- define "statefulset.processor.filter" -}} +otelcol.processor.filter "drop_unneeded_span_metrics" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.processor.filter/ + error_mode = "ignore" + + metrics { + datapoint = [ + "IsMatch(metric.name, \"traces.spanmetrics.calls|traces.spanmetrics.duration\") and IsMatch(attributes[\"span.kind\"], \"SPAN_KIND_INTERNAL|SPAN_KIND_CLIENT|SPAN_KIND_PRODUCER\")", + ] + } + + output { + metrics = [otelcol.processor.transform.use_grafana_metric_names.input] + } +} + +{{ end }} diff --git a/charts/grafana-sampling/templates/_otelcol_processor_tail_sampling.river.txt b/charts/grafana-sampling/templates/_otelcol_processor_tail_sampling.river.txt new file mode 100644 index 0000000000..0e752a8089 --- /dev/null +++ b/charts/grafana-sampling/templates/_otelcol_processor_tail_sampling.river.txt @@ -0,0 +1,60 @@ +{{- define "statefulset.processor.tail_sampling" -}} +otelcol.processor.tail_sampling "default" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.processor.tail_sampling/ + + decision_wait = {{ .Values.sampling.decisionWait | quote }} + +{{ if .Values.sampling.successfulRequests.sample }} + policy { + name = "sample-successful-requests" + type = "and" + and { + and_sub_policy { + name = "status-code-policy" + type = "status_code" + status_code { + status_codes = ["OK", "UNSET"] + } + } + and_sub_policy { + name = "probabilistic-policy" + type = "probabilistic" + probabilistic { + sampling_percentage = {{ .Values.sampling.successfulRequests.percentage }} + } + } + } + } +{{ end }} + +{{ if .Values.sampling.failedRequests.sample }} + policy { + name = "sample-failed-requests" + type = "and" + and { + and_sub_policy { + name = "status-code-policy" + type = "status_code" + status_code { + status_codes = ["ERROR"] + } + } + and_sub_policy { + name = "probabilistic-policy" + type = "probabilistic" + probabilistic { + sampling_percentage = {{ .Values.sampling.failedRequests.percentage }} + } + } + } + } +{{ end }} + +{{ .Values.sampling.extraPolicies | indent 2 }} + + output { + traces = [otelcol.processor.batch.default.input] + } +} + +{{ end }} diff --git a/charts/grafana-sampling/templates/_otelcol_processor_transform.river.txt b/charts/grafana-sampling/templates/_otelcol_processor_transform.river.txt new file mode 100644 index 0000000000..7963a325aa --- /dev/null +++ b/charts/grafana-sampling/templates/_otelcol_processor_transform.river.txt @@ -0,0 +1,46 @@ +{{- define "statefulset.processor.transform.use_grafana_metric_names" -}} +otelcol.processor.transform "use_grafana_metric_names" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.processor.transform/ + error_mode = "ignore" + + metric_statements { + context = "metric" + statements = [ + "set(name, \"traces.spanmetrics.latency\") where name == \"traces.spanmetrics.duration\"", + "set(name, \"traces.spanmetrics.calls.total\") where name == \"traces.spanmetrics.calls\"", + ] + } + + output { + metrics = [otelcol.processor.batch.default.input] + } +} + +{{ end }} + +{{- define "statefulset.processor.transform.drop_unneeded_resource_attributes"}} +otelcol.processor.transform "drop_unneeded_resource_attributes" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.processor.transform/ + error_mode = "ignore" + + trace_statements { + context = "resource" + statements = [ + "delete_key(attributes, \"k8s.pod.start_time\")", + "delete_key(attributes, \"os.description\")", + "delete_key(attributes, \"os.type\")", + "delete_key(attributes, \"process.command_args\")", + "delete_key(attributes, \"process.executable.path\")", + "delete_key(attributes, \"process.pid\")", + "delete_key(attributes, \"process.runtime.description\")", + "delete_key(attributes, \"process.runtime.name\")", + "delete_key(attributes, \"process.runtime.version\")", + ] + } + + output { + traces = [otelcol.connector.spanmetrics.default.input] + } +} + +{{ end }} diff --git a/charts/grafana-sampling/templates/_otelcol_receiver_otlp.river.txt b/charts/grafana-sampling/templates/_otelcol_receiver_otlp.river.txt new file mode 100644 index 0000000000..386a604a5a --- /dev/null +++ b/charts/grafana-sampling/templates/_otelcol_receiver_otlp.river.txt @@ -0,0 +1,39 @@ +{{- define "deployment.receiver.otlp" -}} +otelcol.receiver.otlp "default" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.receiver.otlp/ + + // configures the default grpc endpoint "0.0.0.0:4317" + grpc { } + // configures the default http/protobuf endpoint "0.0.0.0:4318" + http { } + + output { + traces = [otelcol.processor.batch.default.input] + } +} + +{{ end }} + +{{- define "statefulset.receiver.otlp" -}} +otelcol.receiver.otlp "default" { + // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.receiver.otlp/ + + // configures the default grpc endpoint "0.0.0.0:4317" + grpc { } + + output { + traces = [ + {{ if .Values.sampling.enabled }} + otelcol.processor.tail_sampling.default.input, + {{ else }} + otelcol.processor.batch.default.input, + {{ end }} + {{ if .Values.metricsGeneration.enabled }} + otelcol.connector.servicegraph.default.input, + otelcol.processor.transform.drop_unneeded_resource_attributes.input, + {{ end }} + ] + } +} + +{{ end }} diff --git a/charts/grafana-sampling/templates/_prometheus_remote_write.river.txt b/charts/grafana-sampling/templates/_prometheus_remote_write.river.txt new file mode 100644 index 0000000000..1ddee68f17 --- /dev/null +++ b/charts/grafana-sampling/templates/_prometheus_remote_write.river.txt @@ -0,0 +1,20 @@ +{{- define "statefulset.prometheus.remote_write" -}} +prometheus.remote_write "grafana_cloud_prometheus" { + // https://grafana.com/docs/agent/latest/flow/reference/components/prometheus.remote_write/ + endpoint { + url = env("GRAFANA_CLOUD_PROMETHEUS_URL") + + basic_auth { + username = env("GRAFANA_CLOUD_PROMETHEUS_USERNAME") + password = env("GRAFANA_CLOUD_API_KEY") + } + queue_config { + retry_on_http_429 = false + } + } + external_labels = { + "__metrics_gen_instance" = env("POD_UID"), + } +} + +{{ end }} diff --git a/charts/grafana-sampling/templates/configmap_deployment.yaml b/charts/grafana-sampling/templates/configmap_deployment.yaml new file mode 100644 index 0000000000..0255b35e12 --- /dev/null +++ b/charts/grafana-sampling/templates/configmap_deployment.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-deployment + labels: + {{- include "grafana-agent.labels" . | nindent 4 }} +data: + config.river: |- {{- (include "agent.config.deployment" .) | nindent 4 }} diff --git a/charts/grafana-sampling/templates/configmap_statefulset.yaml b/charts/grafana-sampling/templates/configmap_statefulset.yaml new file mode 100644 index 0000000000..2a0a5499f1 --- /dev/null +++ b/charts/grafana-sampling/templates/configmap_statefulset.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-statefulset + labels: + {{- include "grafana-agent.labels" . | nindent 4 }} +data: + config.river: |- {{- (include "agent.config.statefulset" .) | nindent 4 }} diff --git a/charts/grafana-sampling/values.yaml b/charts/grafana-sampling/values.yaml new file mode 100644 index 0000000000..71b9ab18c6 --- /dev/null +++ b/charts/grafana-sampling/values.yaml @@ -0,0 +1,140 @@ +metricsGeneration: + # -- Toggle generation of spanmetrics and servicegraph metrics. + enabled: true + # -- Additional dimensions to add to generated metrics. + dimensions: + - service.namespace + - service.version + - deployment.environment + - k8s.cluster.name + +sampling: + # -- Toggle tail sampling. + enabled: true + # -- Wait time since the first span of a trace before making a sampling decision. + decisionWait: 15s + successfulRequests: + # -- Toggle sampling successful requests. + sample: true + # -- Percentage of successful requests to sample. + percentage: 10 + failedRequests: + # -- Toggle sampling failed requests. + sample: false + # -- Percentage of failed requests to sample. + percentage: 50 + # -- User-defined policies in river format. + # @default -- A policy to sample long requests is added by default. + extraPolicies: |- + policy { + name = "sample-long-requests" + type = "and" + and { + and_sub_policy { + name = "latency" + type = "latency" + latency { + threshold_ms = 5000 + } + } + and_sub_policy { + name = "probabilistic-policy" + type = "probabilistic" + probabilistic { + sampling_percentage = 50 + } + } + } + } + +# @ignored Ignore agent deployment +grafana-agent-deployment: + # -- Do not change this. + nameOverride: deployment + controller: + type: deployment + replicas: 1 + autoscaling: + # -- Creates a HorizontalPodAutoscaler for controller type deployment. + enabled: false + # -- The lower limit for the number of replicas to which the autoscaler can scale down. + minReplicas: 2 + # -- The upper limit for the number of replicas to which the autoscaler can scale up. + maxReplicas: 5 + # -- Average CPU utilization across all relevant pods, a percentage of the requested value of the resource for the pods. Setting `targetCPUUtilizationPercentage` to 0 will disable CPU scaling. + targetCPUUtilizationPercentage: 0 + # -- Average Memory utilization across all relevant pods, a percentage of the requested value of the resource for the pods. Setting `targetMemoryUtilizationPercentage` to 0 will disable Memory scaling. + targetMemoryUtilizationPercentage: 80 + agent: + # This chart creates the configmaps + configMap: + create: false + resources: + requests: + cpu: "1" + memory: "2G" + extraPorts: + - name: otlp-grpc + port: 4317 + targetPort: 4317 + protocol: TCP + - name: otlp-http + port: 4318 + targetPort: 4318 + protocol: TCP + +# @ignored Ignore agent statefulset +grafana-agent-statefulset: + # -- Do not change this. + nameOverride: statefulset + controller: + type: statefulset + replicas: 1 + autoscaling: + # -- Creates a HorizontalPodAutoscaler for controller type deployment. + enabled: false + # -- The lower limit for the number of replicas to which the autoscaler can scale down. + minReplicas: 2 + # -- The upper limit for the number of replicas to which the autoscaler can scale up. + maxReplicas: 5 + # -- Average CPU utilization across all relevant pods, a percentage of the requested value of the resource for the pods. Setting `targetCPUUtilizationPercentage` to 0 will disable CPU scaling. + targetCPUUtilizationPercentage: 0 + # -- Average Memory utilization across all relevant pods, a percentage of the requested value of the resource for the pods. Setting `targetMemoryUtilizationPercentage` to 0 will disable Memory scaling. + targetMemoryUtilizationPercentage: 80 + service: + clusterIP: None + agent: + extraEnv: + - name: GRAFANA_CLOUD_API_KEY + value: + - name: GRAFANA_CLOUD_PROMETHEUS_URL + value: + - name: GRAFANA_CLOUD_PROMETHEUS_USERNAME + value: + - name: GRAFANA_CLOUD_TEMPO_ENDPOINT + value: + - name: GRAFANA_CLOUD_TEMPO_USERNAME + value: + # This is required for adaptive metric deduplication in Grafana Cloud + - name: POD_UID + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.uid + # This chart creates the configmaps + configMap: + create: false + resources: + requests: + cpu: "1" + memory: "2G" + extraPorts: + - name: otlp-grpc + port: 4317 + targetPort: 4317 + protocol: TCP + # The statefulset and deployment can share the same serviceAccount and rbac roles + serviceAccount: + create: false + rbac: + create: false From 1e803f80bcb8ca5522824e5563c9cb804c564243 Mon Sep 17 00:00:00 2001 From: "Marco Maurer (-Kilchhofer)" Date: Mon, 8 Apr 2024 13:01:03 +0200 Subject: [PATCH 47/69] fix: Push charts to GHCR requires login (#2998) Signed-off-by: Marco Maurer --- .github/workflows/release.yaml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 800c0a59b9..e46c9e748e 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -47,14 +47,19 @@ jobs: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" CR_SKIP_EXISTING: "true" + - name: Login to GHCR + uses: docker/login-action@v3.0.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Push charts to GHCR run: | shopt -s nullglob - for pkg in .cr-release-packages/*; do + for pkg in .cr-release-packages/*.tgz; do if [ -z "${pkg:-}" ]; then break fi - if ! helm push "${pkg}" "oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/charts"; then - echo '::warning:: helm push failed!' - fi + helm push "${pkg}" "oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/helm-charts" done From fd1b69d33a0fcbf7ebc5df22e394b132d72aa0ad Mon Sep 17 00:00:00 2001 From: gasmick <33287410+gasmick@users.noreply.github.com> Date: Mon, 8 Apr 2024 14:42:12 +0200 Subject: [PATCH 48/69] [loki-distributed]: update AppVersion Signed-off-by: gasmick <33287410+gasmick@users.noreply.github.com> --- charts/loki-distributed/Chart.yaml | 2 +- charts/loki-distributed/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/loki-distributed/Chart.yaml b/charts/loki-distributed/Chart.yaml index 02bde88422..f6befe5899 100644 --- a/charts/loki-distributed/Chart.yaml +++ b/charts/loki-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: loki-distributed description: Helm chart for Grafana Loki in microservices mode type: application -appVersion: 2.9.4 +appVersion: 2.9.6 version: 0.79.0 home: https://grafana.github.io/helm-charts sources: diff --git a/charts/loki-distributed/README.md b/charts/loki-distributed/README.md index f51f6e671f..d40ea8b510 100644 --- a/charts/loki-distributed/README.md +++ b/charts/loki-distributed/README.md @@ -1,6 +1,6 @@ # loki-distributed -![Version: 0.79.0](https://img.shields.io/badge/Version-0.79.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.4](https://img.shields.io/badge/AppVersion-2.9.4-informational?style=flat-square) +![Version: 0.79.0](https://img.shields.io/badge/Version-0.79.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.9.6](https://img.shields.io/badge/AppVersion-2.9.6-informational?style=flat-square) Helm chart for Grafana Loki in microservices mode From df8e0423badcb7e15fcf77637deba16be9ba614c Mon Sep 17 00:00:00 2001 From: Arve Knudsen Date: Fri, 12 Apr 2024 08:51:35 +0200 Subject: [PATCH 49/69] rollout-operator: Update to v0.14.0 Signed-off-by: Arve Knudsen --- charts/rollout-operator/Chart.yaml | 4 ++-- charts/rollout-operator/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/rollout-operator/Chart.yaml b/charts/rollout-operator/Chart.yaml index acff27d8ad..817940e6e3 100644 --- a/charts/rollout-operator/Chart.yaml +++ b/charts/rollout-operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: rollout-operator description: "Grafana rollout-operator" type: application -version: 0.14.0 -appVersion: v0.13.0 +version: 0.15.0 +appVersion: v0.14.0 home: https://github.com/grafana/rollout-operator kubeVersion: ^1.10.0-0 diff --git a/charts/rollout-operator/README.md b/charts/rollout-operator/README.md index f0de8efaa4..360e462007 100644 --- a/charts/rollout-operator/README.md +++ b/charts/rollout-operator/README.md @@ -4,7 +4,7 @@ Helm chart for deploying [Grafana rollout-operator](https://github.com/grafana/r # rollout-operator -![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.13.0](https://img.shields.io/badge/AppVersion-v0.13.0-informational?style=flat-square) +![Version: 0.15.0](https://img.shields.io/badge/Version-0.15.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.14.0](https://img.shields.io/badge/AppVersion-v0.14.0-informational?style=flat-square) Grafana rollout-operator From c946bbc836b6c5748326dd6d2f09a7a8ef4a8517 Mon Sep 17 00:00:00 2001 From: Tero Paloheimo Date: Fri, 12 Apr 2024 15:38:52 +0300 Subject: [PATCH 50/69] [grafana] Update to version 10.4.1 (#3039) Signed-off-by: Tero Paloheimo Co-authored-by: MH Co-authored-by: George Krajcsovits --- charts/grafana/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index ab3f6a3636..167bdf17a8 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: grafana -version: 7.3.7 -appVersion: 10.4.0 +version: 7.3.8 +appVersion: 10.4.1 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.com From 6b7cfd944455a46b3c2f65010dcf7c48bd39cb3e Mon Sep 17 00:00:00 2001 From: Paulin Todev Date: Fri, 12 Apr 2024 15:27:25 +0100 Subject: [PATCH 51/69] Update helm charts for Agent 0.40.3 Signed-off-by: Paulin Todev --- charts/agent-operator/Chart.yaml | 8 ++++---- charts/agent-operator/README.md | 6 +++--- charts/agent-operator/values.yaml | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/agent-operator/Chart.yaml b/charts/agent-operator/Chart.yaml index 769bc0b7af..7f83bf24b1 100644 --- a/charts/agent-operator/Chart.yaml +++ b/charts/agent-operator/Chart.yaml @@ -2,12 +2,12 @@ apiVersion: v2 name: grafana-agent-operator description: A Helm chart for Grafana Agent Operator type: application -version: 0.3.20 -appVersion: "0.40.3" +version: 0.3.21 +appVersion: "0.40.4" home: https://grafana.com/docs/agent/v0.40/ -icon: https://raw.githubusercontent.com/grafana/agent/v0.40.3/docs/sources/assets/logo_and_name.png +icon: https://raw.githubusercontent.com/grafana/agent/v0.40.4/docs/sources/assets/logo_and_name.png sources: - - https://github.com/grafana/agent/tree/v0.40.3/pkg/operator + - https://github.com/grafana/agent/tree/v0.40.4/pkg/operator maintainers: - name: Grafana Agent Team email: grafana-agent-team@googlegroups.com diff --git a/charts/agent-operator/README.md b/charts/agent-operator/README.md index 49afcf11e2..693da6935e 100644 --- a/charts/agent-operator/README.md +++ b/charts/agent-operator/README.md @@ -1,6 +1,6 @@ # grafana-agent-operator -![Version: 0.3.20](https://img.shields.io/badge/Version-0.3.20-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.3](https://img.shields.io/badge/AppVersion-0.40.3-informational?style=flat-square) +![Version: 0.3.21](https://img.shields.io/badge/Version-0.3.21-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.40.4](https://img.shields.io/badge/AppVersion-0.40.4-informational?style=flat-square) A Helm chart for Grafana Agent Operator @@ -8,7 +8,7 @@ A Helm chart for Grafana Agent Operator ## Source Code -* +* Note that this chart does not provision custom resources like `GrafanaAgent` and `MetricsInstance` (formerly `PrometheusInstance`) or any `*Monitor` resources. @@ -63,7 +63,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | image.pullSecrets | list | `[]` | Image pull secrets | | image.registry | string | `"docker.io"` | Image registry | | image.repository | string | `"grafana/agent-operator"` | Image repo | -| image.tag | string | `"v0.40.3"` | Image tag | +| image.tag | string | `"v0.40.4"` | Image tag | | kubeletService | object | `{"namespace":"default","serviceName":"kubelet"}` | If both are set, Agent Operator will create and maintain a service for scraping kubelets https://grafana.com/docs/agent/latest/operator/getting-started/#monitor-kubelets | | nameOverride | string | `""` | Overrides the chart's name | | nodeSelector | object | `{}` | nodeSelector configuration | diff --git a/charts/agent-operator/values.yaml b/charts/agent-operator/values.yaml index 2c75016249..b1610a0321 100644 --- a/charts/agent-operator/values.yaml +++ b/charts/agent-operator/values.yaml @@ -37,7 +37,7 @@ image: # -- Image repo repository: grafana/agent-operator # -- Image tag - tag: v0.40.3 + tag: v0.40.4 # -- Image pull policy pullPolicy: IfNotPresent # -- Image pull secrets From 5e3fae68a26bacb10a6c70fe7d67ab703ff26275 Mon Sep 17 00:00:00 2001 From: Paulin Todev Date: Fri, 12 Apr 2024 16:06:27 +0100 Subject: [PATCH 52/69] Make Grafana Agent maintainers to be owners of the agent operator chart Signed-off-by: Paulin Todev --- .github/CODEOWNERS | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index b139ff55fe..ce6681f871 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -17,3 +17,4 @@ /charts/enterprise-logs/ @grafana/loki-squad /charts/tempo-vulture/ @grafana/tempo @Whyeasy @dgzlopes /charts/synthetic-monitoring-agent/ @torstenwalter @zanhsieh +/charts/agent-operator/ @grafana/grafana-agent-maintainers From f24cdb9b5530e6a9812797fbcecc600c3255a039 Mon Sep 17 00:00:00 2001 From: Heds Simons Date: Thu, 11 Apr 2024 13:52:33 -0700 Subject: [PATCH 53/69] [tempo-distributed] Adds service specific features for enterprise gateway inline with gateway. Namely: * Service type * Service port * Cluster IP address (if type is ClusterIP) * Loadbalancer IP address (if type is LoadBalancer) The gateway component already supports these, inline with similar config options in Mimir and Loki. The enterprise gateway component does not. Can help in situations where specific cluster/loadbalancer port mappings are required for external IPs for a cluster. Signed-off-by: Heds Simons --- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/README.md | 11 +++++++---- .../templates/enterprise-gateway/gateway-svc.yaml | 8 +++++++- charts/tempo-distributed/values.yaml | 12 ++++++++++-- 4 files changed, 25 insertions(+), 8 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index ebf70e588a..41429d7631 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.9.1 +version: 1.9.2 appVersion: 2.4.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 02f86079f6..babba59334 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.1](https://img.shields.io/badge/Version-1.9.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.2](https://img.shields.io/badge/Version-1.9.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode @@ -387,9 +387,12 @@ The memcached default args are removed and should be provided manually. The sett | enterpriseGateway.resources.requests.cpu | string | `"10m"` | | | enterpriseGateway.resources.requests.memory | string | `"32Mi"` | | | enterpriseGateway.securityContext | object | `{}` | | -| enterpriseGateway.service.annotations | object | `{}` | | -| enterpriseGateway.service.labels | object | `{}` | | -| enterpriseGateway.service.port | string | `nil` | If the port is left undefined, the service will listen on the same port as the pod | +| enterpriseGateway.service.annotations | object | `{}` | Annotations for the enterprise gateway service | +| enterpriseGateway.service.clusterIP | string | `nil` | ClusterIP of the enterprise gateway service | +| enterpriseGateway.service.labels | object | `{}` | Labels for enterprise gateway service | +| enterpriseGateway.service.loadBalancerIP | string | `nil` | Load balancer IPO address if service type is LoadBalancer for enterprise gateway service | +| enterpriseGateway.service.port | string | `nil` | Port of the enterprise gateway service; if left undefined, the service will listen on the same port as the pod | +| enterpriseGateway.service.type | string | `"ClusterIP"` | Type of the enterprise gateway service | | enterpriseGateway.strategy.rollingUpdate.maxSurge | int | `0` | | | enterpriseGateway.strategy.rollingUpdate.maxUnavailable | int | `1` | | | enterpriseGateway.strategy.type | string | `"RollingUpdate"` | | diff --git a/charts/tempo-distributed/templates/enterprise-gateway/gateway-svc.yaml b/charts/tempo-distributed/templates/enterprise-gateway/gateway-svc.yaml index 0698dc62b7..1c5c37b611 100644 --- a/charts/tempo-distributed/templates/enterprise-gateway/gateway-svc.yaml +++ b/charts/tempo-distributed/templates/enterprise-gateway/gateway-svc.yaml @@ -13,7 +13,13 @@ metadata: {{- toYaml .Values.enterpriseGateway.service.annotations | nindent 4 }} namespace: {{ .Release.Namespace | quote }} spec: - type: ClusterIP + type: {{ .Values.enterpriseGateway.service.type }} + {{- with .Values.enterpriseGateway.service.clusterIP }} + clusterIP: {{ . }} + {{- end }} + {{- if and (eq "LoadBalancer" .Values.enterpriseGateway.service.type) .Values.enterpriseGateway.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.enterpriseGateway.service.loadBalancerIP }} + {{- end }} ports: - port: {{ .Values.enterpriseGateway.service.port | default (include "tempo.serverHttpListenPort" . ) }} protocol: TCP diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 1a5c825f50..2720dc418b 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -2009,10 +2009,18 @@ enterpriseGateway: annotations: {} service: + # -- Port of the enterprise gateway service; if left undefined, the service will listen on the same port as the pod + port: null + # -- Type of the enterprise gateway service + type: ClusterIP + # -- ClusterIP of the enterprise gateway service + clusterIP: null + # -- Load balancer IPO address if service type is LoadBalancer for enterprise gateway service + loadBalancerIP: null + # -- Annotations for the enterprise gateway service annotations: {} + # -- Labels for enterprise gateway service labels: {} - # -- If the port is left undefined, the service will listen on the same port as the pod - port: null strategy: type: RollingUpdate From 5b6794a6647f8714155c9e22829d78feff7dfc32 Mon Sep 17 00:00:00 2001 From: Jordan Simonovski Date: Tue, 2 Apr 2024 12:13:54 +1100 Subject: [PATCH 54/69] fixing imagePullSecrets for enterprise components Signed-off-by: Jordan Simonovski --- .../templates/admin-api/_helpers.tpl | 7 +++++++ .../templates/admin-api/admin-api-dep.yaml | 7 +------ .../templates/enterprise-gateway/_helpers.tpl | 8 ++++++++ .../enterprise-gateway/gateway-dep.yaml | 7 +------ charts/tempo-distributed/values.yaml | 20 +++++++++++++++++++ 5 files changed, 37 insertions(+), 12 deletions(-) create mode 100644 charts/tempo-distributed/templates/admin-api/_helpers.tpl diff --git a/charts/tempo-distributed/templates/admin-api/_helpers.tpl b/charts/tempo-distributed/templates/admin-api/_helpers.tpl new file mode 100644 index 0000000000..0400e2aabd --- /dev/null +++ b/charts/tempo-distributed/templates/admin-api/_helpers.tpl @@ -0,0 +1,7 @@ +{{/* +adminApi imagePullSecrets +*/}} +{{- define "tempo.adminApiImagePullSecrets" -}} +{{- $dict := dict "tempo" .Values.tempo.image "component" .Values.adminApi.image "global" .Values.global.image -}} +{{- include "tempo.adminApiImagePullSecrets" $dict -}} +{{- end }} diff --git a/charts/tempo-distributed/templates/admin-api/admin-api-dep.yaml b/charts/tempo-distributed/templates/admin-api/admin-api-dep.yaml index 469417a506..ae0d733c33 100644 --- a/charts/tempo-distributed/templates/admin-api/admin-api-dep.yaml +++ b/charts/tempo-distributed/templates/admin-api/admin-api-dep.yaml @@ -37,12 +37,7 @@ spec: {{- with .Values.adminApi.initContainers }} {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.tempo.image.pullSecrets }} - imagePullSecrets: - {{- range .Values.image.pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} + {{- include "tempo.adminApiImagePullSecrets" . | nindent 6 -}} {{- with .Values.adminApi.hostAliases }} hostAliases: {{- toYaml . | nindent 8 }} diff --git a/charts/tempo-distributed/templates/enterprise-gateway/_helpers.tpl b/charts/tempo-distributed/templates/enterprise-gateway/_helpers.tpl index 2b25560845..8205976c09 100644 --- a/charts/tempo-distributed/templates/enterprise-gateway/_helpers.tpl +++ b/charts/tempo-distributed/templates/enterprise-gateway/_helpers.tpl @@ -31,3 +31,11 @@ Return if ingress supports pathType. {{- define "tempo.ingress.supportsPathType" -}} {{- or (eq (include "tempo.ingress.isStable" .) "true") (and (eq (include "tempo.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) -}} {{- end -}} + +{{/* +enterpriseGateway imagePullSecrets +*/}} +{{- define "tempo.enterpriseGatewayImagePullSecrets" -}} +{{- $dict := dict "tempo" .Values.tempo.image "component" .Values.enterpriseGateway.image "global" .Values.global.image -}} +{{- include "tempo.enterpriseGatewayImagePullSecrets" $dict -}} +{{- end }} diff --git a/charts/tempo-distributed/templates/enterprise-gateway/gateway-dep.yaml b/charts/tempo-distributed/templates/enterprise-gateway/gateway-dep.yaml index 011322ddfc..0da57a1548 100644 --- a/charts/tempo-distributed/templates/enterprise-gateway/gateway-dep.yaml +++ b/charts/tempo-distributed/templates/enterprise-gateway/gateway-dep.yaml @@ -35,12 +35,7 @@ spec: {{- toYaml .Values.enterpriseGateway.securityContext | nindent 8 }} initContainers: {{- toYaml .Values.enterpriseGateway.initContainers | nindent 8 }} - {{- if .Values.tempo.image.pullSecrets }} - imagePullSecrets: - {{- range .Values.image.pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} + {{- include "tempo.enterpriseGatewayImagePullSecrets" . | nindent 6 -}} {{- with .Values.enterpriseGateway.hostAliases }} hostAliases: {{- toYaml . | nindent 8 }} diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 1a5c825f50..f3b080decd 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1920,6 +1920,16 @@ adminApi: annotations: {} labels: {} + image: + # -- The Docker registry for the adminApi image. Overrides `tempo.image.registry` + registry: null + # -- Optional list of imagePullSecrets. Overrides `tempo.image.pullSecrets` + pullSecrets: [] + # -- Docker image repository for the adminApi image. Overrides `tempo.image.repository` + repository: null + # -- Docker image tag for the adminApi image. Overrides `tempo.image.tag` + tag: null + initContainers: [] strategy: @@ -2007,6 +2017,16 @@ enterpriseGateway: # hostnames: # - domain.tld + image: + # -- The Docker registry for the enterpriseGateway image. Overrides `tempo.image.registry` + registry: null + # -- Optional list of imagePullSecrets. Overrides `tempo.image.pullSecrets` + pullSecrets: [] + # -- Docker image repository for the enterpriseGateway image. Overrides `tempo.image.repository` + repository: null + # -- Docker image tag for the enterpriseGateway image. Overrides `tempo.image.tag` + tag: null + annotations: {} service: annotations: {} From 0d12d217a9cd55c51d75b7aa17c6a193f15655ca Mon Sep 17 00:00:00 2001 From: Jordan Simonovski Date: Wed, 3 Apr 2024 11:36:52 +1100 Subject: [PATCH 55/69] Ran helm-docs on tempo-distributed The config overrides from the values.yml need to be added to the README.md to ensure up-to-date documentation for charts. Signed-off-by: Jordan Simonovski --- charts/tempo-distributed/README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 02f86079f6..66360c152b 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -223,6 +223,10 @@ The memcached default args are removed and should be provided manually. The sett | adminApi.extraVolumeMounts | list | `[]` | | | adminApi.extraVolumes | list | `[]` | | | adminApi.hostAliases | list | `[]` | hostAliases to add | +| adminApi.image.pullSecrets | list | `[]` | Optional list of imagePullSecrets. Overrides `tempo.image.pullSecrets` | +| adminApi.image.registry | string | `nil` | The Docker registry for the adminApi image. Overrides `tempo.image.registry` | +| adminApi.image.repository | string | `nil` | Docker image repository for the adminApi image. Overrides `tempo.image.repository` | +| adminApi.image.tag | string | `nil` | Docker image tag for the adminApi image. Overrides `tempo.image.tag` | | adminApi.initContainers | list | `[]` | | | adminApi.nodeSelector | object | `{}` | | | adminApi.persistence.subPath | string | `nil` | | @@ -369,6 +373,10 @@ The memcached default args are removed and should be provided manually. The sett | enterpriseGateway.extraVolumeMounts | list | `[]` | | | enterpriseGateway.extraVolumes | list | `[]` | | | enterpriseGateway.hostAliases | list | `[]` | hostAliases to add | +| enterpriseGateway.image.pullSecrets | list | `[]` | Optional list of imagePullSecrets. Overrides `tempo.image.pullSecrets` | +| enterpriseGateway.image.registry | string | `nil` | The Docker registry for the enterpriseGateway image. Overrides `tempo.image.registry` | +| enterpriseGateway.image.repository | string | `nil` | Docker image repository for the enterpriseGateway image. Overrides `tempo.image.repository` | +| enterpriseGateway.image.tag | string | `nil` | Docker image tag for the enterpriseGateway image. Overrides `tempo.image.tag` | | enterpriseGateway.ingress.annotations | object | `{}` | Annotations for the gateway ingress | | enterpriseGateway.ingress.enabled | bool | `false` | Specifies whether an ingress for the gateway should be created | | enterpriseGateway.ingress.hosts | list | `[{"host":"gateway.gem.example.com","paths":[{"path":"/"}]}]` | Hosts configuration for the gateway ingress | From c24f8cb67a6c25945bf339e5eb007bd7d934cac0 Mon Sep 17 00:00:00 2001 From: Jordan Simonovski Date: Wed, 3 Apr 2024 11:40:34 +1100 Subject: [PATCH 56/69] updating version in chart.yaml Signed-off-by: Jordan Simonovski --- charts/tempo-distributed/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index ebf70e588a..41429d7631 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.9.1 +version: 1.9.2 appVersion: 2.4.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ From d739d7e412d7da26eb4039353fb6fc9e0fc1dfd7 Mon Sep 17 00:00:00 2001 From: Jordan Simonovski Date: Wed, 17 Apr 2024 19:34:56 +1000 Subject: [PATCH 57/69] Update README and chart to match recent patch bump Signed-off-by: Jordan Simonovski --- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 41429d7631..4153f810d7 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.9.2 +version: 1.9.3 appVersion: 2.4.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 66360c152b..d04e83c501 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.1](https://img.shields.io/badge/Version-1.9.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.2](https://img.shields.io/badge/Version-1.9.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode From 7eb35238fff33a59812f9ad629d271a8439a5d05 Mon Sep 17 00:00:00 2001 From: Guilhem Lettron Date: Mon, 25 Mar 2024 11:26:08 +0100 Subject: [PATCH 58/69] fix: lookup volumename on pvc This fix upgrade problem where helm try to override immutable field Signed-off-by: Guilhem Lettron --- charts/grafana/templates/pvc.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/grafana/templates/pvc.yaml b/charts/grafana/templates/pvc.yaml index eb8f87f077..c0edad2c46 100644 --- a/charts/grafana/templates/pvc.yaml +++ b/charts/grafana/templates/pvc.yaml @@ -25,6 +25,9 @@ spec: resources: requests: storage: {{ .Values.persistence.size | quote }} + {{- if (lookup "v1" "PersistentVolumeClaim" (include "grafana.namespace" .) (include "grafana.fullname" .)) }} + volumeName: {{ (lookup "v1" "PersistentVolumeClaim" (include "grafana.namespace" .) (include "grafana.fullname" .)).spec.volumeName }} + {{- end }} {{- with .Values.persistence.storageClassName }} storageClassName: {{ . }} {{- end }} From 2a8391839c6c436ed5f7d820643d7225784420c1 Mon Sep 17 00:00:00 2001 From: Guilhem Lettron Date: Sun, 31 Mar 2024 12:13:09 +0200 Subject: [PATCH 59/69] chore: bump Chart version Signed-off-by: Guilhem Lettron --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index 167bdf17a8..efd3bd081c 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 7.3.8 +version: 7.3.9 appVersion: 10.4.1 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. From 2db1a252b6d00e6da58d3119a3ee1cd6c8aef235 Mon Sep 17 00:00:00 2001 From: Robert Lankford Date: Wed, 17 Apr 2024 15:18:39 -0700 Subject: [PATCH 60/69] [grafana-sampling] fix property case for enabling metrics gen (#3087) * [sampling] fix property case for enabling metrics gen n Signed-off-by: Robbie Lankford * bump version; run helm-docs Signed-off-by: Robbie Lankford --------- Signed-off-by: Robbie Lankford --- charts/grafana-sampling/Chart.yaml | 2 +- charts/grafana-sampling/README.md | 2 +- .../templates/_otelcol_processor_batch.river.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/grafana-sampling/Chart.yaml b/charts/grafana-sampling/Chart.yaml index 44e076b128..a5b985588b 100644 --- a/charts/grafana-sampling/Chart.yaml +++ b/charts/grafana-sampling/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: grafana-sampling description: A Helm chart for a layered OTLP tail sampling and metrics generation pipeline. type: application -version: 0.1.0 +version: 0.1.1 appVersion: "v0.40.2" sources: - https://github.com/grafana/agent diff --git a/charts/grafana-sampling/README.md b/charts/grafana-sampling/README.md index 6ad9785b72..0c10e0ec84 100644 --- a/charts/grafana-sampling/README.md +++ b/charts/grafana-sampling/README.md @@ -1,6 +1,6 @@ # grafana-sampling -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.40.2](https://img.shields.io/badge/AppVersion-v0.40.2-informational?style=flat-square) +![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.40.2](https://img.shields.io/badge/AppVersion-v0.40.2-informational?style=flat-square) A Helm chart for a layered OTLP tail sampling and metrics generation pipeline. diff --git a/charts/grafana-sampling/templates/_otelcol_processor_batch.river.txt b/charts/grafana-sampling/templates/_otelcol_processor_batch.river.txt index 4c1f6b58cb..25fb2ef497 100644 --- a/charts/grafana-sampling/templates/_otelcol_processor_batch.river.txt +++ b/charts/grafana-sampling/templates/_otelcol_processor_batch.river.txt @@ -12,7 +12,7 @@ otelcol.processor.batch "default" { otelcol.processor.batch "default" { // https://grafana.com/docs/agent/latest/flow/reference/components/otelcol.processor.batch/ output { - {{ if .Values.metricsGeneration.Enabled }} + {{ if .Values.metricsGeneration.enabled }} metrics = [otelcol.exporter.prometheus.grafana_cloud_prometheus.input] {{ end }} traces = [otelcol.exporter.otlp.grafana_cloud_tempo.input] From 12b2e5099dad30753653fe286751e15bb4ab3dc8 Mon Sep 17 00:00:00 2001 From: Zach Leslie Date: Thu, 11 Apr 2024 13:31:41 +0000 Subject: [PATCH 61/69] [tempo-distributed] add initContainers to generator and ingester sts for future UID change Signed-off-by: Zach Leslie --- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/README.md | 4 +++- .../templates/ingester/statefulset-ingester.yaml | 2 ++ .../metrics-generator/statefulset-metrics-generator.yaml | 2 ++ charts/tempo-distributed/values.yaml | 2 ++ 5 files changed, 10 insertions(+), 2 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 41429d7631..4153f810d7 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.9.2 +version: 1.9.3 appVersion: 2.4.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index babba59334..2b574bd5bd 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.2](https://img.shields.io/badge/Version-1.9.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.3](https://img.shields.io/badge/Version-1.9.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode @@ -494,6 +494,7 @@ The memcached default args are removed and should be provided manually. The sett | ingester.image.registry | string | `nil` | The Docker registry for the ingester image. Overrides `tempo.image.registry` | | ingester.image.repository | string | `nil` | Docker image repository for the ingester image. Overrides `tempo.image.repository` | | ingester.image.tag | string | `nil` | Docker image tag for the ingester image. Overrides `tempo.image.tag` | +| ingester.initContainers | list | `[]` | | | ingester.nodeSelector | object | `{}` | Node selector for ingester pods | | ingester.persistence.annotations | object | `{}` | Annotations for ingester's persist volume claim | | ingester.persistence.enabled | bool | `false` | Enable creating PVCs which is required when using boltdb-shipper | @@ -591,6 +592,7 @@ The memcached default args are removed and should be provided manually. The sett | metricsGenerator.image.registry | string | `nil` | The Docker registry for the metrics-generator image. Overrides `tempo.image.registry` | | metricsGenerator.image.repository | string | `nil` | Docker image repository for the metrics-generator image. Overrides `tempo.image.repository` | | metricsGenerator.image.tag | string | `nil` | Docker image tag for the metrics-generator image. Overrides `tempo.image.tag` | +| metricsGenerator.initContainers | list | `[]` | | | metricsGenerator.kind | string | `"Deployment"` | Kind of deployment [StatefulSet/Deployment] | | metricsGenerator.nodeSelector | object | `{}` | Node selector for metrics-generator pods | | metricsGenerator.persistence | object | `{"annotations":{},"enabled":false,"size":"10Gi","storageClass":null}` | Persistence configuration for metrics-generator | diff --git a/charts/tempo-distributed/templates/ingester/statefulset-ingester.yaml b/charts/tempo-distributed/templates/ingester/statefulset-ingester.yaml index 79abf99e9c..de84ca588b 100644 --- a/charts/tempo-distributed/templates/ingester/statefulset-ingester.yaml +++ b/charts/tempo-distributed/templates/ingester/statefulset-ingester.yaml @@ -55,6 +55,8 @@ spec: hostAliases: {{- toYaml . | nindent 8 }} {{- end }} + initContainers: + {{- toYaml .Values.ingester.initContainers | nindent 8 }} containers: - args: - -target=ingester diff --git a/charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml b/charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml index 286e68c37e..02e330eda6 100644 --- a/charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml +++ b/charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml @@ -55,6 +55,8 @@ spec: hostAliases: {{- toYaml . | nindent 8 }} {{- end }} + initContainers: + {{- toYaml .Values.metricsGenerator.initContainers | nindent 8 }} containers: - args: - -target=metrics-generator diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 2720dc418b..277070988c 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -112,6 +112,7 @@ ingester: # - ip: 1.2.3.4 # hostnames: # - domain.tld + initContainers: [] autoscaling: # -- Enable autoscaling for the ingester. WARNING: Autoscaling ingesters can result in lost data. Only do this if you know what you're doing. enabled: false @@ -239,6 +240,7 @@ metricsGenerator: # - ip: 1.2.3.4 # hostnames: # - domain.tld + initContainers: [] image: # -- The Docker registry for the metrics-generator image. Overrides `tempo.image.registry` registry: null From 24b1b912982860cf1de241cbb53776647db9d02d Mon Sep 17 00:00:00 2001 From: Jordan Simonovski Date: Fri, 19 Apr 2024 12:24:59 +1000 Subject: [PATCH 62/69] Adding image pull secrets support to tokengenJob Adding standardised imagepullsecrets support to tokengenJob Signed-off-by: Jordan Simonovski --- charts/tempo-distributed/README.md | 6 +++++- .../tempo-distributed/templates/admin-api/_helpers.tpl | 2 +- .../templates/enterprise-gateway/_helpers.tpl | 2 +- .../tempo-distributed/templates/tokengen/__helpers.tpl | 7 +++++++ .../templates/tokengen/tokengen-job.yaml | 7 +------ charts/tempo-distributed/values.yaml | 9 +++++++++ 6 files changed, 24 insertions(+), 9 deletions(-) create mode 100644 charts/tempo-distributed/templates/tokengen/__helpers.tpl diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index d04e83c501..876059ccfe 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.2](https://img.shields.io/badge/Version-1.9.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.3](https://img.shields.io/badge/Version-1.9.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode @@ -780,6 +780,10 @@ The memcached default args are removed and should be provided manually. The sett | tokengenJob.extraArgs | object | `{}` | | | tokengenJob.extraEnvFrom | list | `[]` | | | tokengenJob.hostAliases | list | `[]` | hostAliases to add | +| tokengenJob.image.pullSecrets | list | `[]` | Optional list of imagePullSecrets. Overrides `tempo.image.pullSecrets` | +| tokengenJob.image.registry | string | `nil` | The Docker registry for the tokengenJob image. Overrides `tempo.image.registry` | +| tokengenJob.image.repository | string | `nil` | Docker image repository for the tokengenJob image. Overrides `tempo.image.repository` | +| tokengenJob.image.tag | string | `nil` | Docker image tag for the tokengenJob image. Overrides `tempo.image.tag` | | tokengenJob.initContainers | list | `[]` | | | traces.jaeger.grpc.enabled | bool | `false` | Enable Tempo to ingest Jaeger GRPC traces | | traces.jaeger.grpc.receiverConfig | object | `{}` | Jaeger GRPC receiver config | diff --git a/charts/tempo-distributed/templates/admin-api/_helpers.tpl b/charts/tempo-distributed/templates/admin-api/_helpers.tpl index 0400e2aabd..3b72a6633d 100644 --- a/charts/tempo-distributed/templates/admin-api/_helpers.tpl +++ b/charts/tempo-distributed/templates/admin-api/_helpers.tpl @@ -3,5 +3,5 @@ adminApi imagePullSecrets */}} {{- define "tempo.adminApiImagePullSecrets" -}} {{- $dict := dict "tempo" .Values.tempo.image "component" .Values.adminApi.image "global" .Values.global.image -}} -{{- include "tempo.adminApiImagePullSecrets" $dict -}} +{{- include "tempo.imagePullSecrets" $dict -}} {{- end }} diff --git a/charts/tempo-distributed/templates/enterprise-gateway/_helpers.tpl b/charts/tempo-distributed/templates/enterprise-gateway/_helpers.tpl index 8205976c09..cb030eee62 100644 --- a/charts/tempo-distributed/templates/enterprise-gateway/_helpers.tpl +++ b/charts/tempo-distributed/templates/enterprise-gateway/_helpers.tpl @@ -37,5 +37,5 @@ enterpriseGateway imagePullSecrets */}} {{- define "tempo.enterpriseGatewayImagePullSecrets" -}} {{- $dict := dict "tempo" .Values.tempo.image "component" .Values.enterpriseGateway.image "global" .Values.global.image -}} -{{- include "tempo.enterpriseGatewayImagePullSecrets" $dict -}} +{{- include "tempo.imagePullSecrets" $dict -}} {{- end }} diff --git a/charts/tempo-distributed/templates/tokengen/__helpers.tpl b/charts/tempo-distributed/templates/tokengen/__helpers.tpl new file mode 100644 index 0000000000..f23d971c38 --- /dev/null +++ b/charts/tempo-distributed/templates/tokengen/__helpers.tpl @@ -0,0 +1,7 @@ +{{/* +tokengen-job imagePullSecrets +*/}} +{{- define "tempo.tokengenJobImagePullSecrets" -}} +{{- $dict := dict "tempo" .Values.tempo.image "component" .Values.tokengenJob.image "global" .Values.global.image -}} +{{- include "tempo.imagePullSecrets" $dict -}} +{{- end }} diff --git a/charts/tempo-distributed/templates/tokengen/tokengen-job.yaml b/charts/tempo-distributed/templates/tokengen/tokengen-job.yaml index b73c699031..c516237ab5 100644 --- a/charts/tempo-distributed/templates/tokengen/tokengen-job.yaml +++ b/charts/tempo-distributed/templates/tokengen/tokengen-job.yaml @@ -33,12 +33,7 @@ spec: {{- end }} securityContext: {{- toYaml .Values.tokengenJob.securityContext | nindent 8 }} - {{- if .Values.tempo.image.pullSecrets }} - imagePullSecrets: - {{- range .Values.tempo.image.pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} + {{- include "tempo.tokengenJobImagePullSecrets" . | nindent 6 -}} {{- with .Values.tokengenJob.hostAliases }} hostAliases: {{- toYaml . | nindent 8 }} diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index f3b080decd..5ad5a5faa8 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -1900,6 +1900,15 @@ tokengenJob: env: [] extraEnvFrom: [] annotations: {} + image: + # -- The Docker registry for the tokengenJob image. Overrides `tempo.image.registry` + registry: null + # -- Optional list of imagePullSecrets. Overrides `tempo.image.pullSecrets` + pullSecrets: [] + # -- Docker image repository for the tokengenJob image. Overrides `tempo.image.repository` + repository: null + # -- Docker image tag for the tokengenJob image. Overrides `tempo.image.tag` + tag: null initContainers: [] # -- The SecurityContext for tokenjobgen containers containerSecurityContext: From c38312a69a8b891638c796965a96b015a5936f45 Mon Sep 17 00:00:00 2001 From: Jordan Simonovski Date: Sun, 21 Apr 2024 12:48:14 +1000 Subject: [PATCH 63/69] version bump to 1.9.4 Signed-off-by: Jordan Simonovski --- charts/tempo-distributed/Chart.yaml | 2 +- charts/tempo-distributed/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/tempo-distributed/Chart.yaml b/charts/tempo-distributed/Chart.yaml index 4153f810d7..f80191dac5 100644 --- a/charts/tempo-distributed/Chart.yaml +++ b/charts/tempo-distributed/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: tempo-distributed description: Grafana Tempo in MicroService mode type: application -version: 1.9.3 +version: 1.9.4 appVersion: 2.4.1 engine: gotpl home: https://grafana.com/docs/tempo/latest/ diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 5feec2a1e5..a4bbdc85b7 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.3](https://img.shields.io/badge/Version-1.9.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.4](https://img.shields.io/badge/Version-1.9.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode From ff0df54487dd598e9b3b9735f5afe7a887f10d8f Mon Sep 17 00:00:00 2001 From: Zach Leslie Date: Thu, 11 Apr 2024 13:31:41 +0000 Subject: [PATCH 64/69] [tempo-distributed] add initContainers to generator and ingester sts for future UID change Signed-off-by: Zach Leslie --- charts/tempo-distributed/README.md | 4 +++- .../templates/ingester/statefulset-ingester.yaml | 2 ++ .../metrics-generator/statefulset-metrics-generator.yaml | 2 ++ charts/tempo-distributed/values.yaml | 2 ++ 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index a4bbdc85b7..e06a21e4a7 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.4](https://img.shields.io/badge/Version-1.9.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.3](https://img.shields.io/badge/Version-1.9.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode @@ -502,6 +502,7 @@ The memcached default args are removed and should be provided manually. The sett | ingester.image.registry | string | `nil` | The Docker registry for the ingester image. Overrides `tempo.image.registry` | | ingester.image.repository | string | `nil` | Docker image repository for the ingester image. Overrides `tempo.image.repository` | | ingester.image.tag | string | `nil` | Docker image tag for the ingester image. Overrides `tempo.image.tag` | +| ingester.initContainers | list | `[]` | | | ingester.nodeSelector | object | `{}` | Node selector for ingester pods | | ingester.persistence.annotations | object | `{}` | Annotations for ingester's persist volume claim | | ingester.persistence.enabled | bool | `false` | Enable creating PVCs which is required when using boltdb-shipper | @@ -599,6 +600,7 @@ The memcached default args are removed and should be provided manually. The sett | metricsGenerator.image.registry | string | `nil` | The Docker registry for the metrics-generator image. Overrides `tempo.image.registry` | | metricsGenerator.image.repository | string | `nil` | Docker image repository for the metrics-generator image. Overrides `tempo.image.repository` | | metricsGenerator.image.tag | string | `nil` | Docker image tag for the metrics-generator image. Overrides `tempo.image.tag` | +| metricsGenerator.initContainers | list | `[]` | | | metricsGenerator.kind | string | `"Deployment"` | Kind of deployment [StatefulSet/Deployment] | | metricsGenerator.nodeSelector | object | `{}` | Node selector for metrics-generator pods | | metricsGenerator.persistence | object | `{"annotations":{},"enabled":false,"size":"10Gi","storageClass":null}` | Persistence configuration for metrics-generator | diff --git a/charts/tempo-distributed/templates/ingester/statefulset-ingester.yaml b/charts/tempo-distributed/templates/ingester/statefulset-ingester.yaml index 79abf99e9c..de84ca588b 100644 --- a/charts/tempo-distributed/templates/ingester/statefulset-ingester.yaml +++ b/charts/tempo-distributed/templates/ingester/statefulset-ingester.yaml @@ -55,6 +55,8 @@ spec: hostAliases: {{- toYaml . | nindent 8 }} {{- end }} + initContainers: + {{- toYaml .Values.ingester.initContainers | nindent 8 }} containers: - args: - -target=ingester diff --git a/charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml b/charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml index 286e68c37e..02e330eda6 100644 --- a/charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml +++ b/charts/tempo-distributed/templates/metrics-generator/statefulset-metrics-generator.yaml @@ -55,6 +55,8 @@ spec: hostAliases: {{- toYaml . | nindent 8 }} {{- end }} + initContainers: + {{- toYaml .Values.metricsGenerator.initContainers | nindent 8 }} containers: - args: - -target=metrics-generator diff --git a/charts/tempo-distributed/values.yaml b/charts/tempo-distributed/values.yaml index 5fb7e4290d..f3126609c2 100644 --- a/charts/tempo-distributed/values.yaml +++ b/charts/tempo-distributed/values.yaml @@ -112,6 +112,7 @@ ingester: # - ip: 1.2.3.4 # hostnames: # - domain.tld + initContainers: [] autoscaling: # -- Enable autoscaling for the ingester. WARNING: Autoscaling ingesters can result in lost data. Only do this if you know what you're doing. enabled: false @@ -239,6 +240,7 @@ metricsGenerator: # - ip: 1.2.3.4 # hostnames: # - domain.tld + initContainers: [] image: # -- The Docker registry for the metrics-generator image. Overrides `tempo.image.registry` registry: null From 70ee8298947aa0b18027fac302ecbcbe8f822db4 Mon Sep 17 00:00:00 2001 From: Jordan Simonovski Date: Wed, 17 Apr 2024 19:34:56 +1000 Subject: [PATCH 65/69] Update README and chart to match recent patch bump Signed-off-by: Jordan Simonovski --- charts/tempo-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index e06a21e4a7..73cfa4ae95 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.3](https://img.shields.io/badge/Version-1.9.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.2](https://img.shields.io/badge/Version-1.9.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode From e9237f7060c7be4e04f5e5427cdf61db8ee76a64 Mon Sep 17 00:00:00 2001 From: George Krajcsovits Date: Mon, 22 Apr 2024 15:57:42 +0200 Subject: [PATCH 66/69] Rewrite deprecated set-output calls in update-helm-repo.yaml (#3095) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit See https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/ Signed-off-by: György Krajcsovits --- .github/workflows/update-helm-repo.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/update-helm-repo.yaml b/.github/workflows/update-helm-repo.yaml index 8382c1f231..883f675808 100644 --- a/.github/workflows/update-helm-repo.yaml +++ b/.github/workflows/update-helm-repo.yaml @@ -79,15 +79,15 @@ jobs: if [ $(git tag -l "${name}-${version}") ]; then echo "Tag ${tagname} already exists, skipping release" - echo "::set-output name=changed::false" + echo "changed=false" >> $GITHUB_OUTPUT else echo "Releasing ${changed}" - echo "::set-output name=changed::true" - echo "::set-output name=chartpath::${changed}" + echo "changed=true" >> $GITHUB_OUTPUT + echo "chartpath=${changed}" >> $GITHUB_OUTPUT fi else echo "No charts have changed, skipping release" - echo "::set-output name=changed::false" + echo "changed=false" >> $GITHUB_OUTPUT fi release: @@ -166,14 +166,14 @@ jobs: description=$(yq ".description" < ${changed}/Chart.yaml) name=$(yq ".name" < ${changed}/Chart.yaml) version=$(yq ".version" < ${changed}/Chart.yaml) - echo "::set-output name=chartpath::${changed}" - echo "::set-output name=desc::${description}" + echo "chartpath=${changed}" >> $GITHUB_OUTPUT + echo "desc=${description}" >> $GITHUB_OUTPUT if [[ -n "${HELM_TAG_PREFIX}" ]]; then - echo "::set-output name=tagname::${HELM_TAG_PREFIX}-${name}-${version}" + echo "tagname=${HELM_TAG_PREFIX}-${name}-${version}" >> $GITHUB_OUTPUT else - echo "::set-output name=tagname::${name}-${version}" + echo "tagname=${name}-${version}" >> $GITHUB_OUTPUT fi - echo "::set-output name=packagename::${name}-${version}" + echo "packagename=${name}-${version}" >> $GITHUB_OUTPUT - name: Install CR tool run: | From b190f33a8cb2fe84bb84e3b266b92008e52497c9 Mon Sep 17 00:00:00 2001 From: Jordan Simonovski Date: Tue, 23 Apr 2024 07:44:59 +1000 Subject: [PATCH 67/69] fixed up README version Signed-off-by: Jordan Simonovski --- charts/tempo-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index e06a21e4a7..ad6947fced 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.3](https://img.shields.io/badge/Version-1.9.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.4](https://img.shields.io/badge/Version-1.94-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode From 3387fc538bf75cbf0c353f8c5969048db596d858 Mon Sep 17 00:00:00 2001 From: Jordan Simonovski Date: Tue, 23 Apr 2024 08:28:42 +1000 Subject: [PATCH 68/69] fixed up README version Signed-off-by: Jordan Simonovski --- charts/tempo-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index ad6947fced..7418d0a137 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.4](https://img.shields.io/badge/Version-1.94-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.4](https://img.shields.io/badge/Version-1.9.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode From 3f4a3d5efe50be832fa7c14ce132ab3b4cd0cf36 Mon Sep 17 00:00:00 2001 From: MH Date: Wed, 1 May 2024 20:50:05 +0800 Subject: [PATCH 69/69] Update README.md --- charts/tempo-distributed/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tempo-distributed/README.md b/charts/tempo-distributed/README.md index 7418d0a137..c74b45a53f 100644 --- a/charts/tempo-distributed/README.md +++ b/charts/tempo-distributed/README.md @@ -1,6 +1,6 @@ # tempo-distributed -![Version: 1.9.4](https://img.shields.io/badge/Version-1.9.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) +![Version: 1.9.5](https://img.shields.io/badge/Version-1.9.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.1](https://img.shields.io/badge/AppVersion-2.4.1-informational?style=flat-square) Grafana Tempo in MicroService mode