From f1af7f14a7218c3db351630f9f3213e045823a8c Mon Sep 17 00:00:00 2001
From: ckm007 <chandrakeshavmishra@gmail.com>
Date: Wed, 17 Jul 2024 15:57:54 +0530
Subject: [PATCH 1/3] [MOSIP-34233] added helm lint and publish workflow

Signed-off-by: ckm007 <chandrakeshavmishra@gmail.com>
---
 .github/workflows/chart-lint-publish.yml | 62 ++++++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 .github/workflows/chart-lint-publish.yml

diff --git a/.github/workflows/chart-lint-publish.yml b/.github/workflows/chart-lint-publish.yml
new file mode 100644
index 0000000000..c8d6ba3bd3
--- /dev/null
+++ b/.github/workflows/chart-lint-publish.yml
@@ -0,0 +1,62 @@
+name: Validate / Publish helm charts
+
+on:
+  release:
+    types: [published]
+  pull_request:
+    types: [opened, reopened, synchronize]
+    paths:
+      - 'helm/**'
+  workflow_dispatch:
+    inputs:
+      IGNORE_CHARTS:
+        description: 'Provide list of charts to be ignored separated by pipe(|)'
+        required: false
+        default: '""'
+        type: string
+      CHART_PUBLISH:
+        description: 'Chart publishing to gh-pages branch'
+        required: false
+        default: 'NO'
+        type: string
+        options:
+          - YES
+          - NO
+      INCLUDE_ALL_CHARTS:
+        description: 'Include all charts for Linting/Publishing (YES/NO)'
+        required: false
+        default: 'NO'
+        type: string
+        options:
+          - YES
+          - NO
+  push:
+    branches:
+      - '!release-branch'
+      - '!master'
+      - 1.*
+      - 0.*
+      - develop
+      - release*
+    paths:
+      - 'helm/**'
+
+jobs:
+  chart-lint-publish:
+    uses: mosip/kattu/.github/workflows/chart-lint-publish.yml@master
+    with:
+      CHARTS_DIR: ./helm
+      CHARTS_URL: https://mosip.github.io/mosip-helm
+      REPOSITORY: mosip-helm
+      BRANCH: gh-pages
+      INCLUDE_ALL_CHARTS: "${{ inputs.INCLUDE_ALL_CHARTS || 'NO' }}"
+      IGNORE_CHARTS: "${{ inputs.IGNORE_CHARTS || '\"\"' }}"
+      CHART_PUBLISH: "${{ inputs.CHART_PUBLISH || 'YES' }}"
+      LINTING_CHART_SCHEMA_YAML_URL: "https://raw.githubusercontent.com/mosip/kattu/master/.github/helm-lint-configs/chart-schema.yaml"
+      LINTING_LINTCONF_YAML_URL: "https://raw.githubusercontent.com/mosip/kattu/master/.github/helm-lint-configs/lintconf.yaml"
+      LINTING_CHART_TESTING_CONFIG_YAML_URL: "https://raw.githubusercontent.com/mosip/kattu/master/.github/helm-lint-configs/chart-testing-config.yaml"
+      LINTING_HEALTH_CHECK_SCHEMA_YAML_URL: "https://raw.githubusercontent.com/mosip/kattu/master/.github/helm-lint-configs/health-check-schema.yaml"
+      DEPENDENCIES: "mosip,https://mosip.github.io/mosip-helm;"
+    secrets:
+      TOKEN: ${{ secrets.ACTION_PAT }}
+      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}

From 29909c04834969dfa4f0b861a63e0788a695dda7 Mon Sep 17 00:00:00 2001
From: ckm007 <chandrakeshavmishra@gmail.com>
Date: Wed, 17 Jul 2024 16:05:21 +0530
Subject: [PATCH 2/3] [MOSIP-34233] added deployment scripts for prereg

Signed-off-by: ckm007 <chandrakeshavmishra@gmail.com>
---
 deploy/README.md                             |  41 ++++++++++++
 deploy/copy_cm.sh                            |  24 +++++++
 deploy/delete.sh                             |  30 +++++++++
 deploy/get_logs.sh                           |   3 +
 deploy/install.sh                            |  65 +++++++++++++++++++
 deploy/rate-control-envoyfilter.yaml         |  44 +++++++++++++
 deploy/restart.sh                            |  26 ++++++++
 deploy/samples/sample_address_proof.pdf      | Bin 0 -> 11877 bytes
 deploy/samples/sample_exception_proof.pdf    | Bin 0 -> 13310 bytes
 deploy/samples/sample_identity_proof.pdf     | Bin 0 -> 12990 bytes
 deploy/samples/sample_relationship_proof.pdf | Bin 0 -> 12512 bytes
 11 files changed, 233 insertions(+)
 create mode 100644 deploy/README.md
 create mode 100755 deploy/copy_cm.sh
 create mode 100755 deploy/delete.sh
 create mode 100755 deploy/get_logs.sh
 create mode 100755 deploy/install.sh
 create mode 100644 deploy/rate-control-envoyfilter.yaml
 create mode 100755 deploy/restart.sh
 create mode 100644 deploy/samples/sample_address_proof.pdf
 create mode 100644 deploy/samples/sample_exception_proof.pdf
 create mode 100644 deploy/samples/sample_identity_proof.pdf
 create mode 100644 deploy/samples/sample_relationship_proof.pdf

diff --git a/deploy/README.md b/deploy/README.md
new file mode 100644
index 0000000000..23456638dd
--- /dev/null
+++ b/deploy/README.md
@@ -0,0 +1,41 @@
+# Pre-Registration Module
+
+## Install
+
+* Make sure your prereg UI domain name is set in [global configmap](../../cluster/global_configmap.yaml.sample)
+* Make sure this domain points to the public load balancer as PreReg UI is exposed to public.
+* Install
+  ```sh
+  ./install.sh
+  ```
+
+## Uninstall
+
+```sh
+./delete.sh
+```
+
+## Test
+On a browser open  `https://<prereg ui domain>/pre-registration-ui/`. Example `https://prereg.sandbox.xyz.net/pre-registration-ui`.  Follow the instructions.  You may use [sample documents](samples/) to upload during pre-registration. 
+
+## Rate Control Using Envoyfilter
+
+- Using Envoyfilter one can limit the rate of http requests coming in to a resource. Reference: [Istio Policty Enforcement](https://istio.io/latest/docs/tasks/policy-enforcement/rate-limit/#local-rate-limit) and [Rate Limit Filter](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter).
+- Edit the envoyfilter [here](./rate-control-envoyfilter.yaml)
+  - Edit these values in the envoyfilter accordingly.
+    ```
+    token_bucket:
+      max_tokens: <preferred same as tokens_per_fill>
+      tokens_per_fill: <no of reqeust allowed in "fill_internal" ammount of time>
+      fill_interval: <minimum_50ms>
+    ```
+  - Edit the workload selector label properly, like;
+    ```
+    workloadSelector:
+      labels:
+        app.kubernetes.io/instance: <prereg-ui or prereg-application, etc>
+    ```
+- Apply the envoyfilter in the prereg namespace.
+  ```
+  kubectl apply -n prereg -f rate-control-envoyfilter.yaml
+  ```
diff --git a/deploy/copy_cm.sh b/deploy/copy_cm.sh
new file mode 100755
index 0000000000..a3190c6d8a
--- /dev/null
+++ b/deploy/copy_cm.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+# Copy configmaps from other namespaces
+# DST_NS: Destination namespace
+
+function copying_cm() {
+  UTIL_URL=https://github.com/mosip/mosip-infra/blob/master/deployment/v3/utils/copy_cm_func.sh
+  COPY_UTIL=./copy_cm_func.sh
+  DST_NS=prereg
+
+  wget -q $UTIL_URL -O copy_cm_func.sh && chmod +x copy_cm_func.sh
+
+  $COPY_UTIL configmap global default $DST_NS
+  $COPY_UTIL configmap artifactory-share artifactory $DST_NS
+  $COPY_UTIL configmap config-server-share config-server $DST_NS
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+copying_cm   # calling function
diff --git a/deploy/delete.sh b/deploy/delete.sh
new file mode 100755
index 0000000000..211294a1dd
--- /dev/null
+++ b/deploy/delete.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+# Uninstalls all prereg helm charts
+
+function deleting_prereg() {
+  while true; do
+      read -p "Are you sure you want to delete all prereg helm charts?(Y/n) " yn
+      if [ $yn = "Y" ]
+        then
+          kubectl -n prereg delete -f rate-control-envoyfilter.yaml
+          helm -n prereg delete prereg-gateway
+          helm -n prereg delete prereg-captcha
+          helm -n prereg delete prereg-application
+          helm -n prereg delete prereg-batchjob
+          helm -n prereg delete prereg-booking
+          helm -n prereg delete prereg-datasync
+          break
+        else
+          break
+      fi
+  done
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+deleting_prereg   # calling function
diff --git a/deploy/get_logs.sh b/deploy/get_logs.sh
new file mode 100755
index 0000000000..faef22f6d5
--- /dev/null
+++ b/deploy/get_logs.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+# pod name
+kubectl -n prereg logs -f $1 | grep -v "/preregistration/v1/actuator/health" | grep -v "/preregistration/v1/actuator/prometheus"
diff --git a/deploy/install.sh b/deploy/install.sh
new file mode 100755
index 0000000000..937b271a3e
--- /dev/null
+++ b/deploy/install.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+# Installs all prereg helm charts
+## Usage: ./install.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+NS=prereg
+CHART_VERSION=12.0.1-develop
+
+echo Create $NS namespace
+kubectl create ns $NS
+
+function installing_prereg() {
+  echo Istio label
+  ## TODO: Istio proxy disabled for now as prereui does not come up if
+  ## envoy filter container gets installed after prereg container.
+  kubectl label ns $NS istio-injection=disabled --overwrite
+  helm repo update
+
+  echo Copy configmaps
+  sed -i 's/\r$//' copy_cm.sh
+  ./copy_cm.sh
+
+  API_HOST=`kubectl get cm global -o jsonpath={.data.mosip-api-host}`
+  PREREG_HOST=`kubectl get cm global -o jsonpath={.data.mosip-prereg-host}`
+
+  echo Install prereg-gateway
+  helm -n $NS install prereg-gateway mosip/prereg-gateway --set istio.hosts[0]=$PREREG_HOST --version $CHART_VERSION
+
+  echo Installing prereg-captcha
+  helm -n $NS install prereg-captcha mosip/prereg-captcha --version $CHART_VERSION
+
+  echo Installing prereg-application
+  helm -n $NS install prereg-application mosip/prereg-application --version $CHART_VERSION
+
+  echo Installing prereg-booking
+  helm -n $NS install prereg-booking mosip/prereg-booking --version $CHART_VERSION
+
+  echo Installing prereg-datasync
+  helm -n $NS install prereg-datasync mosip/prereg-datasync --version $CHART_VERSION
+
+  echo Installing prereg-batchjob
+  helm -n $NS install prereg-batchjob mosip/prereg-batchjob --version $CHART_VERSION
+
+  echo Installing prereg-ui
+  helm -n $NS install prereg-ui mosip/prereg-ui --set prereg.apiHost=$PREREG_HOST --version $CHART_VERSION
+
+  echo Installing prereg rate-control Envoyfilter
+  kubectl apply -n $NS -f rate-control-envoyfilter.yaml
+
+  kubectl -n $NS  get deploy -o name |  xargs -n1 -t  kubectl -n $NS rollout status
+
+  echo Installed prereg services
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+installing_prereg   # calling function
diff --git a/deploy/rate-control-envoyfilter.yaml b/deploy/rate-control-envoyfilter.yaml
new file mode 100644
index 0000000000..c3507f7793
--- /dev/null
+++ b/deploy/rate-control-envoyfilter.yaml
@@ -0,0 +1,44 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+  name: local-rate-limit
+spec:
+  workloadSelector:
+    labels:
+      app.kubernetes.io/instance: prereg-ui
+  configPatches:
+    - applyTo: HTTP_FILTER
+      match:
+        context: SIDECAR_INBOUND
+        listener:
+          filterChain:
+            filter:
+              name: "envoy.filters.network.http_connection_manager"
+      patch:
+        operation: INSERT_BEFORE
+        value:
+          name: envoy.filters.http.local_ratelimit
+          typed_config:
+            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
+            type_url: type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit
+            value:
+              stat_prefix: http_local_rate_limiter
+              token_bucket:
+                max_tokens: 100
+                tokens_per_fill: 100
+                fill_interval: 50ms
+              filter_enabled:
+                runtime_key: local_rate_limit_enabled
+                default_value:
+                  numerator: 100
+                  denominator: HUNDRED
+              filter_enforced:
+                runtime_key: local_rate_limit_enforced
+                default_value:
+                  numerator: 100
+                  denominator: HUNDRED
+              response_headers_to_add:
+                - append: false
+                  header:
+                    key: x-local-rate-limit
+                    value: 'true'
diff --git a/deploy/restart.sh b/deploy/restart.sh
new file mode 100755
index 0000000000..a8df25e792
--- /dev/null
+++ b/deploy/restart.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+# Restart the prereg services
+## Usage: ./restart.sh [kubeconfig]
+
+if [ $# -ge 1 ] ; then
+  export KUBECONFIG=$1
+fi
+
+
+function Restarting_prereg() {
+  NS=prereg
+  kubectl -n $NS rollout restart deploy
+
+  kubectl -n $NS  get deploy -o name |  xargs -n1 -t  kubectl -n $NS rollout status
+
+  echo Restarted prereg services
+  return 0
+}
+
+# set commands for error handling.
+set -e
+set -o errexit   ## set -e : exit the script if any statement returns a non-true return value
+set -o nounset   ## set -u : exit the script if you try to use an uninitialised variable
+set -o errtrace  # trace ERR through 'time command' and other functions
+set -o pipefail  # trace ERR through pipes
+Restarting_prereg   # calling function
\ No newline at end of file
diff --git a/deploy/samples/sample_address_proof.pdf b/deploy/samples/sample_address_proof.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..d1ee2511d6d925140a194ed51f45aaa14394bee0
GIT binary patch
literal 11877
zcmaKy1yq~cvd2p)P~6>8C=?F?g1ft0p_C%QH3X+fDeh8SiaW)vxVvjxinX}A^TN63
z-gEAGZ@sK<t$g`sX7--hGv7jfbgGiltROZnG`gvstrav7fE{3OY=tH$2-LKM*+2jc
zPDZv4HV{K2Q&T9!$;r?GYHx4Ghz3-J+M7C?K%f8y4QopyAUq1dmX8x4V{dN`_mZ?X
zaRR7A>`Wn02$WG+7!7{=7?$&|@Fqq85E@Wi2>?{KhuRw1{AC3G%ShVN1_oaPC~ac|
zgGfS5>`ftPKt+h1Im`mU!Nn~s3~+)$Ax5@nZfOy*BUTbGZ~`ubdrHyMhchF^x3b4g
z7imrrzR}~zW^LU_%%nzt`o*8ku{6BGz@Zu@V;4s3H>PokDHNwGy?RS2OtoA9nOG}q
z*)NOF>bt>8=(@t;76|BCQteOkWz1)*#I|RhW%zo!Py>_)f^F)MZIZ4X3UAtV#yU~c
z^VmPT5A5oF&JZ^bT`kWi-6j^qwe$$|z(86wp^2lfcv6X~O6H3cP$lr2d?I<)#W$QH
zdBC1B_7!D~EVy3ojd82Jf>)&!Np(nSIe@G{h|^^1BIU!77RErM+v&|1xIV86N1E1{
z#!xI5<5;iH@CK!jHKFOTtbZ2Z&jNG&RXa_02M7SDYGe*CnL5PD-Wh5FaRR^(7JhUl
z8W0#j|Bq7xYC_y#0HB;L+)(__cZomW<qXh(Qf@FA4H&%qkFGMDfX5?LhaVPD+TITK
zs7Z4Hxc;R*s!9-3OCxc6H-J7nT;v9E0C@N~;9(@-)(|_G6X5Z5)zN?&FsQQ$Ow|bb
zhsX|Zs6TE2+<%7uGoQzg|L({C<m2=h&KbTsynz%fO`QPxk7=tL{MAA{|8$cuf*IM^
zn?EjN4zI#LR^k22{9nxl0)TkI9K7%(|DOir;|BBmy#x2WP~9}8X3vY7>My`bvHQ7k
zr+ctTgcO|T3eP1c7epgOb(LsiKH{LFRXxM`5zI+LLLBetKuVbCC`s9?96bM-lYNjk
z6g`rkw;aI1#z|Aypm6P3(&T@bh4pYD@^B(_BI0D9S+A^>{!KZZU+W@YpgXt_TQpD1
zq{O;+oClT^{ON`BulXj_IGuc3w<kxxgY78<+^zDiumi0_8UimrqsE1WCKiaK__<N8
zMobm=&CHbvJUDgdNHX$($L#g`^G}c@i)Q*W7n^NDTwG^M9wfbJW4s65(Km*D?4*8i
zXAd9Xv^gkid>22C4(S)cJ|5*e(N1%{sh9{0fu01vaW1Rg0A{*`H6~kZ;?XSj&L-q9
z+^A=YzrT+Hh%^(TmcO8%IAalgyK_r7G(>w%(A^c>#%C|)6nE}@I2YYUa1?NongE<G
ztFFb5z&rjHpmd`DBf@`4oMO#<2A#NuHRPh;OcJt3<Fm4w5OC$$Yb$fhMl(b$yE!T!
z5*8;G7*6mb{Mdn$>9cn`4cRl6{1@#;TyGNaP4neb#N<yxdrmCc(|TBmqq)CW4g|!9
zF0>OyNrY1ORj;|x{Qi*86D>p)cZSBNEdBArB!rPNA~)-^-)3U;cvhnOrU9-;k6cKb
znER3T#En~hcdao7o|Fj6>MWSmE=4M3w=7}P)_SP4XF%9mPKaTU%mvYkXWMQHQ%vHg
zWZ`YV=o(v2r2Z)rapGp2c%Q)<eR!s*(X><I{_l(sn_wfZ9W?wflbT#)=co|U&ytJ*
zAqoWy;hfS`i!uq6r=LKP6J%>b71SEH4A(Zudi_spVhJs1$;a6y#9ThdQM3~*yZ*{1
zct;II&?v%Y$Gl{%NkoHbkc}hW26FUc3deD@dotoD(ScH%+bIS^eUyYl$RLP!zYy1B
zkujdMefW9T?lp*n>}S}i{ItDw{4y~q4p7n7jYHVo_8DQCSeL;OaE3yp_MA5u&ClO2
zv#SaDX^<+e0|RC#wO<}8g|fdN9oIA74}rZRIqD&_mLv}G-5g|Cf)Vn*IhM~V(&X1N
zjk%?tGFuQ-#18suwW}1SC?n2}TP%|>MN#Kh5+G+N6Si{};<@E_>lHuEkeX?C<f8Wu
z?o~(=HSu$X@jK9@<31$O%cUurKP^zTy#*-cIksEkjpZM;d!*nz1k-4uq+tolZj4JF
za$0ay_~kzt`@|cU-}@jJ!G$?5X^v=)@E|rqfH0cB)lS5Z;zl(R>?7;+vQ8b*fi0c<
z!FRMk`jA*QO-8BxiVJ;<Se?_suRDNC;9i(Dn`qfM1<@w1;iKN#!GwAW`WxvDMBvl=
z^n@v-c0w*{H;}>eX35pOnkR0gtk2#mhpnPm<aN7PA-)w;@D<6)J96FHsKIc{>(+v)
zd5IWE4f&N=A~|3hU^J(&g|taf!Wa+9nlKpWo-SqWY(kgMYVaBo%Afpv@<WDaa?E#U
zbEDmG{L@hjEUw#dl4;pP53@OW7H~nd{I=;+Ir2|w%A@)%9T?`JOB0b>P`ALA$1<`W
zdUKfFlb@JgVf$I+eixJc%U`yL+iy1WFH=v+uj#zT?rNwSV(gHG0Y_p@NS8Q^Xt%6)
zXbp0!2b(U-T`&}OdDo``eqS_*ZJ*fXfAw92soa7+KJG_6MAXT8#d~9hPrPq0J0)M{
z4vCtOUS2yDz16xF5_*2?-@SK=<A8EUbSd-gnb!wz6t7sS$b+nO0;Ky8{xzSxf|vKn
zO};8q>zB-@7|w{U6SVE-mgt9k9t4+yJ-)zk?Pa?V;3W65;iluV!s*TB&?(0uokzg^
zlUrt6l>IEqqqgx9ya#EOCx$t%{Ju;nFO%af<%%FIWf%C`Pi3wFC*OwLY$jjYc?7v2
zTufEByV6m8-thG)*zh};KySa;>bXQe_3Oso0=D~%D;#ZXWy0grhM;T_F89^Ex~HJb
z*6|CX^A`6(^p^jEAd)lZC-c%<*}gY354g#?oOsH8$h^#UopS!PE$e-|{TAi2D_+#(
z*CX@7Agm{Ar>@IBUe^zvnfC*2jVcctj5nv)KHUXAZm}v4%Q9ZqH?OWvFO)k9sCn0?
zh%=X`mhNyf@5@iO4l;gCT_|L>KJaF?8eX5?O%@!8j25&x#i}g5dVejvHFa@EetkN3
zpXhbX{BX4Oc)1AQE#0NvAM8x|?55pQXFgtC!gpH_*j`O;H=o>6<CvD-$9VbE{Y2$=
zWIi5ILJ}P3%~k3h?u%obIpoD(R*S~-xoG(Mde*Ts@4GbVXT`<4_$=g=6;$TLielXJ
z;RqkVu~h#9!isL}^Mt05kpL;Xf>-lK@g5}FGZ9y=IeXtLGweG<r@Lf?B4&6|>#??Y
zD#P7)1TPjhuNEtid78iduIPfT`x(BLD~V53vm!h%dJ~?7CA`k>qV2`l{Qd3O#^JJg
z#|4Y&-qH2t*^%>+p~;<%Rz`y78~R&4PO}q}#ifdDG_}=4-8|0){wdnS74xnr8?Alc
zpe7|t)z@BFE{sTDC#5$1(H4cqTn=%p?6WSCgA9r_vl2YlCN7m_Asr=k#%1;<UGuv8
zb0fh~{+PKr5x)!1v`d><8%%TszHpZ8JKWA4o{-Le8EtoK+Cr+6*y8h$Qfc&3+3XnA
z4oySSHSx(Oe(ie~0~~+t+|yLCZ(QoDxofI1@%={aSm>Otjp9Q7H>0y+Gv3#8rb|W(
z@{)bZgn`icXWS7NYv`BhgT}izh^j8^x7TkrZ-}PvxzQ_Ge+;@ZUld~(Ep1nOp7-n}
z#Q+3nDNkk0x@5t#z23d&6|U}tnFBsO7tB0G*o8pS6!vYWmAx<i7gw>3^Ut|s(!2B)
z@@&9gV-^Q9%z;(dZb+G(z~!KLZAi?qXD!}^X|2*-<37_O_!`?|+tcOzHg99d&GD9L
z*FLc`XepSl5uf&ZXzc^peoIZ}R#L!%qxJAuewBiQ;b^(ZMMcCe!fb^0Thp6`pk0k~
zzMBLSMhBq_sK{6k<#O1S)GfWYz*5AG)IIKlo+ERkyew&cJR>dy!J}5M5#fS%P{1m`
zNk2kjtf%R$39~7pDF~*riM3M}n7Pt^`or~tYR~6%k81n%RCQ}XNddWlIN3TozTV-A
zDLd|sIlfER?|IaH|Ma%u(s2X&oiXX^>d(o^yIys{tU>f&OzSIeOqYE6sDcvSLW0K4
z$;V>fQ}qWO$qOS~G&TnSS9uPdn^O-~mKczGvU%gV^4d7GEmig6=?2jtEqGcP8b8&~
znGG41Rw7HxW(wAe#lX3dTIR(HGXgUgGZ)UBu(9p?a-N-yoiCGpr<o*y<kIBZ82Ff&
zfwh6GfjZ$46{D{z@dZ6@Q_OGTnd8ZR<2Gert8reU-y+SQD5jK!uT^Na#+0ojR@!A0
z=$BLX$W$J|bTP%}RE{uj(S_wn`>YmB`7^PVr}I^`s3leNh2>CY`apHWswdEvPX?pd
zTV>Nd!HL-;B8>ji(Z?(;<+~8%Gdm9nFei^d|AEf-JES%pnVs!{FF%yqG>9sPHgVrd
znBLF2vF^GFdg6E+p)s2oGCHbXy6LKg(2PDMK5Xk?HvIVh!Hio!-M{7i^REQ0w>-Lp
zcQE4Zo1Lk7POtKB9XAzrtJ{bq28=@{p=_VZO)&>;uO)85X&NpiW*+)itR8Kt56Ywk
zRI^IPWx5E7E3iriZ=|yEnG#?nUv7nE{Fl&^jy(CwZJA&vv}PsTnq9wFVQK*!Sd3J<
zqpvH%iVkt=S6Y$0#RHH=ddNh`-|ix9&#J6|QgW&}-6(0!7Bb{`<L;2Z-ch6l&#p+`
zpp8-{X7@(S7tBsd*A;KzrPV_#pg+ybw|Wm3n?Oh6KRXQ9;;ydoH;BKDnp5q*duX@x
zv#8kzZL1pgV5w2H5qUb3jV?59F0iDjVZV!~&Iy?MM9GzFE_e_grAB1j?CDtEEV6H6
zmiBAi2<V=+&$(GRfYV7Kv!Fn7KsVj_swa_wRmdqTsCHbO<eMJagOhWE)pmTS!`0^0
zpmYQar5cCLX7p-@e<(5$*7LK2xq3iSCUO6nb!*x#i@jN3UwTHux4uuSuz6eUumw}D
zP3PiHQp`fsaLeiJj^08tj5KeLtYDOs=yBK^aT866$s~M8wq6dwlyW?V#BuWjJ*l#6
zV3Zt3fwnXx0I?>;m*{;f|L30h(~z^}FC|!#HJf4sQE|7JvGslzH)^6KM>X2kYO{qi
zl6@@Jdxe&z($48bPFkOfd*1N+@{bTz5ILy1zB78|6lE5>vY!%@o)*pxV@e?{EDtez
zRxE{`E$^)~wQI51eVt<UWr>=R0tccs;`dq&O;eik1*5oDRdQh~lU4MHg;S5kCRv$N
zdt{`wiE_#eN!2LUuw9B8wN?sEc0@eRx3b74pz!jQaOj|c)>%o^*clTgIHNHo*acQP
zo9(JpDk3}wWXBVuWEeW><8lcXo0=03sf`2I^y)}$=hzUYOn1w67vim1qfQ6M_ny=i
zGOChV?D4kYYQ!zz=E*VN8YCyLl<``b&stDwY$M)VH1gnB7LRT#=0(aebDMvx4aavv
zLxJ&Y;Dzqh2*ifZxCl-`SyZ6vZyajlA}td_sE|f|#UyLZFolY+-zm~Qs|o)cxsHp|
zMQFr8m>xlzOb*rpyYR|{!qkL|hg^|sBF9jPaCk2#LKu|>2;R4zIN_C6#F^v=-o6zk
zLzB9>Af`7i>`cp!%7J+4uJ}SgRL@ypR?j~R7yH|#($I!|_HHv&JOo#=kBGngCR{0u
zJ7<wlAJ!?AB^%EZnnu~eXQ?5j>}fw*xf+3>3#}J?nJ*R5VL~0m*`lJf)6byr5VD&f
z>Am+$bgz5sOixM1M7_RNLphl4ScYOq0XiY9brzcVif>=blr0?E3o^njs+XSe@;aR?
zH1ETZ*3DBi`j%8!eRTRvdf5AcktnnWJ4~J9vQ@V#bs{DUe=SEjICEUcI_LwINl9rs
zM@vqZmpGLo>%=nYz!M@BjqN)<t@wOn$od+7*a684hSi9`tSY7#Pi_=m(&fB*?h)tp
zEU{v=6TxJ8lb^r$Sq+FXf>No{?WWXs9Rp_bTjlT-KhZ4LIhis`>mHdsY`7M8v-nd)
zclNU80_i(zdY8b3l!2+8dj6xAm1gqqiOrjfD>){UgPO0)$kcT6p)pK&Qj++%#Sjux
zVjg+-gIRX9uftl958*t0Bm-O~_GCHhBr3Ulo>RP&(~^3+`5_9INyUt3efm*vVq-eH
z4f`CC*W+pKOW&^=wmlrMam)UsUh}#wIIyQvS}fY1HYmd0_77B0eE&Oi9P;B_dd{^i
zbBp2T$0m4i@}gOP-0<VrY{a+YkuI4H-T{WznRoo>1ieS6;!V#pDltqq7W60XzBHB1
z4i>HJ-U<vP84nN`0CPT|enm3pLYppmirJex&SMnT^Fgphw4X|@yHN{(e}vYtHS!d5
z>#5xO>(eTu>Qb5P0k)mQX0hYpeTU;BL86BmfdQ`>+v+VOr<W9!dS@C++J5{YQlny{
ze7)KlIZhE!{}a+hjcdx$F6A&a;*K1J^y(QrXK%B+;q&ChTs^H+E1inF9nBf5YVtE=
zf5K*5bJ(VQ_`Ff=aZxU5X;J@bD9z-gWJ-3?tY$pN?@d@QMN4+nQGgLX*PRhb-B3LU
z9b|_3wUn%uBwo(hjbOfniKkF80z_0d{o0k}T<;Tk=`ho(a*$EI-xsbL@`e@SNTDwt
z;-j>fVH~2DZdm--W@fzDR4-NBU$1u@BSJ>~FH2`JF#_0}_TLDN(@G?)GO;Q#vKs9D
zXq;+w+ORU9p%4t7k!Fpv&f#NUwwuW!!Tf$$BYX5kdO5VBCyY#7#1Uy8he-8Sp1KW>
zWt^Nq_!qGGzAPy6etUmz{#AYCzzA9P_wx~wb2k-m=IE?_%Vv{x_ji8*Bf}{pL##nF
zQlrFm6RqCTT?z~Op5!$^jsVd?jM;CZIHuhv!^A6ZN-*E3a)J!!&DJ!OQt(e~IRq#~
zqZDy9-U12)rxN#S!m^dCF?-Uq)iO0q$adc(bUpK)U=5X*jz>OGs!yBHy&bYs3rjPt
zW~aC6Cj}#VJkWsl1FLe{t4wQF0KS7mkqM||f`wL6ZVjtok~8UaHE{7YhDv_W4y#$o
zf|>TI<yO(w`$@tU9mkvGA*@4^>RXn@wABLD-~jPEM}rQsz}(BQ#jSmqjviC}iD+w^
zo7=$QN>?B<`UixE^xd7Hd_$_&lic^K<e7#uQv>q$&Grr>4XGOuOVcN5cKUkfud6*=
z4w~EGzwzX+Ds`dEd0nPnwC-m5S1$QGwYd2hXYD(ryiGLWBE!fn6u&alhztlv<~?wT
znF3F<OYv!NT65ct))dia=z59g&{rotpJLoOPPL2M(hb$zUU{3RCzHO08sSQXdRFY5
zHofDvL5#T;NpbnMpnNi$qd=84K6YJYQpoD3t1DC1!F}<YqVIJ@1-JD=bxNBP(%}w-
z(iYjCodpB9<=_ev|L!ODa}8!If>XyLWLonyK}Z)bgC?COlZHE0y-gKS3I+Mn0w07k
zA_n!B?$TwVW<x5&f51)!k6OykNECd+rDR0V^+|O;QBabCSLiSAjN1H|p-)07d}&ZV
zrybXLImU+U`1E%#S<4Q8*eu!HyMA@4pgWyui+A@GN#z^X=~z)im$r!yI)6Kz3$zks
zM@KtbrkONhrw}uGwPx4xPUDjIhmM1GV*e~(DOw%Cj_dWVDVJll6j1t|W9VD`@f}w2
z!Bt7ur5)wSy^^1m?-NP%aj$QhpINx~VQqu~_hlU$6(nBp@>Pnqq<c&hRg8TO8JJSg
zd|8a=j2Gd+zv8>xkY*|cJni0FI(TUo68JNsmqBwA|BY&2Y03h4`h}ReR`5b)Zn&<#
z@p3lzK)*cI+El-kvM{TSf?iy!tGH=xceidN0cA{UUUMl6C@HYp;+GU&%gU#2%3jTV
zaPd&7&g;xTrZRKgF$adbX|L~3JX@fVO~Z9RTECgqIHXrjbN>+bn`4>@tZ+;#o3v{U
zSSl{%Ddn-#+~?Ue_+eC!J$a;=9!Xxt{T+~wTROo%0164HbS90U-<{-6UEC))nclQ=
zb)4gFjj^$DNL1$RonLlnnlVk#cQ;<+wl><4N3XW&^4%ML%19-#{BH93Z!>CzBvjs!
z%JG3Tkno<G(p;hS9Agv7QUf1Evm1Y~z1%f7YuHIMDeuP#&X6FR$7cjj0Ksp;{n74G
zhV#yu#DOxLj%BgayMznRs@}GMPx~E}=21V6ta7w}ok{)FuIg#qu1S?*irk^O9whQ9
zdhgpdO@yegZUtnE*`*DTWo1!Plz-+)&uaA!Gv@g^ib7!C*PujpA9+9klI|cYOH?{1
zgOCYH>HsY2OwqHU;BEchcNKfVmVKQ;*QIc^%sZE)rUQMY-MEpX3upVSw=V?TUwbrg
zPj#rL7Zts&pDQU=2G6Y4xy_*b(BD;AAguqs_FK<|7b2dCy6<4tQvMTG=VUcFEIhTy
zDKy0~cK&v)^^*W6l%VI62`KN(uEMf~+$JRnVM}!K1KAHcZuMlWb;QP>7|`F}UOMSE
z;jlkM)3XKy^pJh@WJ$E9trkj!2;{m#We<Kue-il6$w!KhA{Zljy~ZL!TXN+&x4^Ev
zTfCNzX?V&%=@?>r{_aYQ#V=55dVIX15dMQ?Pw_m>jHn$I&~Y-_Se|sy-|vl;nf3gk
z`9e}qlV_dH(qgsk+7!#p3{R44PY_S*_zBZe&w8~$#%ANeNQ;oG&@or)eNYC_)1^9V
z_-pcO?}?L(Zayg?v;#9*Y)Y(+n%p<hgVyP_MH{?ha$2mj6r}`EPrR?8B|3TKZ$Evw
zvI^t%Z1^CZwMfuGJ|Z3@Z9X|cfl3@2L(W;N7^srpN3UfT$5bu%Y2jYQH8;+6A$;x5
z<BJLP!JBwhTlKP*@1^sfbP?$ysre{U&Tcf?sRi5*y?1&?^og$;Hj*>IyRm%-HoVq{
zpM-RF>J|)G_18saolZCH30?LENkvquQOR4$&0Cblvx1;k{S`})O3t~%(yi8$@RRq&
z1B`bClK$O-X~MbA3m?@`d%q3odXO@>JecXMt9}gP*&xDD!adskkTq($DI3`T@O^#v
z9S!yIs42s7m$~mieP*(AKKB9#t+n^8@f7q1t&i!1tZ$?ag#y%va(+RneCfs76O$6V
zD(k4L#0I=D&rdxoCny*xK1ovC+8++5sNZxv4sW7Oqo?oKqxUK2LXYZOsUUaqu%#`S
z<A#0|OX@ydf3{b@(?f$lReX@H&3@A<(ev)iBa7(0e?mR`7a^5_p)*<Zqkmm##Q~df
zM9||EZg#6R?DW^MVZb%tSMHsJRA5VntZ_9-`LGJcN&?p{tDE*{tTEC~H)S_T98XQe
zALjEm7y|N?qcM!-F`WukQj-PW*6f2gIpsB=obm<$Pu`O0<W#g{zsXoOFahptQbtBX
zG0(E(?moUMGL*zblq|nu*!RKiXXQy_m}`q*`N4Gcs!T?b$I3#${WsV7#gf^mwyU2R
zVokRA8E+kLGInp9j}$zKDm!%E3UnItHffToR~g&vXsxnv(%!dTt1J$21wU9a6ZR`L
zK&{vlOpkx#moEz{gAhpZIO)E1--cXOoO2|+r7uZ5`hc2AKW0gFwaXkMXQQ1m!wm^3
zUMI%TkgqO|=fp6F%v~0r^b#m)(*%+(m|wIsMF|1IWriK!0^^p3o_QvJcuNl`5P6aI
z?$|T=9Z&-h?hw9w{q2LhpbBF@^*#w%;pi8}lyW6>#gR;Nz9kpGyXI-4F|?tcx-iN_
zzQpy~--dZG-SRqT-g2k%!5jB`{_h@r*EMOsCW^<YVebCP`R_!CUT!CDsfVGU6d`%H
zYd3Uy)+TzMOxXtTAziT;CYIyh1CJ~+G%N-O<aBbKuvg@25#lk(l6Wr&C>4MFbTIPH
zSTvisI%?kplbsfKp0S7ki7k0|JkdG3I;ZD46R8vn#OY^q1>f-}_ipRb>i65d^B^*r
zsAy5;VoZ^a8snmC4)bb^(ap*Kb^U}m*Sj=xet*|RxHfaMPGx!lSUnHSWWIxfuOq}s
z$li%HWJKjwl(>>MMYaGPlyFPHCJs)k6DZh7><)t6LyP-iKi}{7ixpvPOazW2Ajo_q
zsu=Ay5kw^K0OcD^TnvR%QpbdqtH@zdtEYJx4>LbU4#K1q_Ij=z^Bt%Ayii5KxuC?Z
zvG8<Wz@L+<cEszt3JF`eJQY-I{<FK$iS6Mu-?Ob%zJ8=~%Wrcrk9OYrY>(LRY>(1s
z|7utJy!fPZXSCd=q&yklfhRzI-}d!k--1)-*G}(|Go3U}qyA|0>qrmNg~>%*1z`gF
zc)`ycVH2_s*Q_L_7#=OAXVM(o0|0Le6L7L}7RyVe-tGe^27Se<glTmW<B>v2W|L~$
zK)jonSw%EyPY*DRLVKv_Q*Dw`$i9BR75xN_Q50`LRpAm-k6MHq1^`|CxeU@#{ndlo
zf-u$%W4zRzi~j1IA`uFoO|YMmf}{9Bf$Hpwo(XR>zP*=vFIA|C>3j&!@DmaJo%r!)
zPG6+`lnndjTrgPlu!VkB(4>wx(=ega-EQ`EN+rvN8bcX|lQ^ZcFC6SQ(@e$pUgUiq
zZsU|XzQLioG@0?cyPx423}LPAlTn{W6lE}MT7e3;quYjW3YSt>lwln*3#2dga_<rL
zZkDp{HUqAmsyOI&u%boKK^2H6h|p{A>tiE_Z2tz16UMP1lKEBd!_9Latyz`$S3MH}
z-kQrY7`um^-q3BI>p@zk=+#Zn7iVJ<7`y%12&<`5535YR#%NDtXF>}ro`5Q}=z1Ov
znO>5;<PT<U`xr<>gIsrBgZn6o-*ttd$k#nsa#fLlD&nlAB@P~nZBUzy2XF?kO0z=o
zy4yz!%lv*mXe~?yGfAO1Vix61slZp-9jJZuFQ(yd+2$IEOj2Ac!NC{oI;LFY%qUJf
z9qC$nvzr^&ny8g6!Y1eCv+8p*sf6!SB75wUFW@}2Np)s$gnal*!8YgY8l{JvxuHSb
zDsVS_0P5<W`65VLJX4)?5kaKa$VrL|^S8J472<8t<!Gv3ewcl8k?~BX%AQ<?5gkzB
zn1VSMJittl-zxW3NLe~)q4t$~%NsSqnxu7g{E-|-E+pGJz|X*Vq?g{7eBsEG@5nyh
zI&we|ShEOgaMa1t#ZF>`QL2caf|IIT-q?~UeVC@uV`^m%o5nX;8WMUkU|a)eEz8S7
zDXZF#(=QRX0lE1p$*P<>e713VTh-ENkwxfkJ23nGmqh}CxdcaJP#=1C>PXy|GA^mD
zuY8+FEtd_GQRjXQlV6zQ_r4bsFf174c&#Mi&F{)HyJ!+HtrBRxR6}HYB82g+Ja{Q$
zRI~f5-75#WLdsKi3xQ2392eft{WGHIqU54Cl991xrp}ha=2CvKepRGNYC)^{5}$cx
zUr<*(=R)AZuOX^I$W4UOKoBhG;Jy{ZsLcE2&JyFUu5)0Hd9V9sV^UjrNpr6L&Gl;9
z5QiV#lDhAu#cfQ*Z4SpJkJ|?&b=d*9O~+y1r7Y?Q4+>><CPDo$nAeNwqx4_zFof^e
z=pwQK<(qMgMm@EBK;34eui1DS4V~;#t(RB<&I{_H%)^4C*hXV#M^RTDl2{@Q3mNLo
zS*wbznN-NOD2!er`>vM)HL(Zy{3r?j+`e`GF8)}4r(V?iEe%WS_Hq7gQc|Cx<BH?R
z<1XVbqW#*CV8=W?q45ltP@E0>r|Gwt7(1As{oAnio$vXZ&Y?PTmPgtHA46lqfg%G9
zEpok|-cqaqo!>8F6A^YRc4bp(KrOj2)u3OGQErSw3rcLtfxSzMr2$^9S{SQeR0%%L
zV8cFesZti=*5Kr#)T8{MvO-yW(u7Wc)G_F*9Np{cmw~v~G4-1Y&3{`|`rep0CFE$)
zphMnJir>fYf%JP|l*m|S!iv)^BdPGv!^<vnoOQsDp3LpRBeejetB)MYAC*5!_0JuN
z*o`_}tr9YN3BWcGiTnn|@I^Vrti?Q9(>Gj3&Kp$+Olr_k7^n}ju_2e_O?|Q}C+}C@
z5n`y~<50Mh@wOw|N<;_w@7POeiXL7&FF$+srI{$rcezK$7au3B9s_>6d(wgWTsad}
zS=6DEz`>WK?PQ|)so}s!^d#+-WnwXfKd+cUARf>Ave4GM;u0Spi`_bhLPH<J8}8YA
zUhB;6ZwE$utfhC*S#Kn3pvm4w)j5v!nDHK8snGB@Y7^Sep)N%G!Y}m5&MVFhO5fvK
z+nel(&1Q^!JJJ2xE8hv)Kj1eB#;`K2XcTAR|5y+ac;V<E!nGYVa<hV8hv@3R%0Uzu
zosfz%+K+3rzkdHa<gz`c2c1cILnV7TE-CPpB~Z5KnGh<c2i_;a5HyPR$3DOsf1yf|
z8w6wHZ`IC5)P2T;GV-kK8RgS0h%1&KFRQG}k<mhBwrRnuU=km^`pe1U%$u%-Q5N%l
z_ogcDFh1z~$22!AU>3|#-8qj$!+5yvx59TF!*BhXMyqotweb-l4KGN`_pbTB6Pwh-
zkf=|zaw}6AWddd@)zPZFKGGH{^#-XWsC|@R3={cS(ZFm?7RuN30nzJwl0p2p)f@gD
z--E7F5|kUUS(8?s+N8lIFCVEv34O0GrUrYS`3z=~gKHfm5*12u+4|Mem)v`?**bu=
zI<}?XH1n%pS*%MBKCmQD#P;*nV^&sl@i6i(y7F(AjHdiXug@A~Z9Oh^dJjP@GRht%
zS^~gc#J{`AslKZ+&GDmny)qq3VvUK-Udl5~P7nXzNGK*EhPVG%wCy38dIVd}lm(Ao
zgjvo+Ay2V%r1^s8kuvb5vR09Yd&6YOaVC%K&jGpn8x;4=)#3gv#n5v#EBC!$^4jE!
z6N<IfHJik7h#<2JUZG-i&8otZ1gio~X_=2!CV`i^7IKB$R)qout#Oq*w6YP$V34%N
zwh0ScthRfP>sB3}31dn5Nod7E@eU2HU^EN!Mf_Lkg80aydjt!`RYxGP;H$%hiL=_c
zog8d4ne3hqA?7kxIc+$Gb>9btAwkx~^;Ig8I7Lgv;bxh$ig;Uto7=Lv+`aj7e3SF9
zqWyckXnu#!Ck0Sg_NIOOVT;=66(95_<2fM6{M3sv(Vjz&?-Od{XkBy4_Gq&p<JxSY
z(qK(v?Ha`8w*<Y2;b3n46dPkTbBjU0q>MsLDNFD#Q#srOx!3A1!yxi8mP=s-bW-KQ
z^w3%xIisZ^Q#w<d8xM%h4FI2irX-Jpz&KS#D#bh)$i$6or6(FOVVzLxk-b;VRaVUx
zdy8yR;i&CY@;p^9J4RH&xrR@*%sDdU2yuZ^^1M*g`PE2avicGq?GN=uFq2?0{kSIO
zf?%DU#Q>_U!TZv(EN2nb*Xe~eg%;K}1K6gC!Ml~&Wq1?XA@I*`r8Z%?5py%HWJMh6
zU|L+ebt2B)+KHVg&3pmk$b?>j!Gp#hUoi_lMVO*WWzUL2rjhYp2M`7j(x6+*n=bU!
ztHr&}7?Qba`99xknt(sR=qHcH`uba4ydc=A1V5AejjUdkCWD|~Rvq=%XdQe^9<6%T
zjyU6*hhN_;uHb+0PDe&mC+~^QruCd+Nl4N4lA&<~;K_taO7YP%Ob$w>48#)%y5A?#
zOI!^$r;F4j2RM;nE#T6nXu$bALPa_6J$v#|bz@J9uy?+;EZyHcc4S??UVQ0&foHOx
zN2d_?Mx9t8)+qaBXw6yiuX(z7LjL?py29vt^pYf8g8vQC@%@E^{R^UdMBOAIP9{)G
z2bewdU+9~%ku4mr6N6eB*(hnkB^x7iCjb{3P|V2$j<f;z*uiWZJe*u`<<av|V&wpV
z*!VzP?A(v|8^l%{zy)UG<>Tezgo9=hMh>zNOLGetfCmIuIoLVjaGM+)TC+3}vwK7;
z;fUPhHpKs6>sYzDx!Ay9b{<{;D<=mR8xK1VJ12mHot+&3Vu!EH3+ChGg;RHr9&m&W
z!U1?h+#a#LKe;;4Bc1nOVBMqXza0L`6!2IHIIJgb<OF&A{%`qeI2*(M0P-Z{Bp<(e
zEEESk4LM0odl@-NB_jtoLud+5+Y;vfhpgf51kYK{&dmN18dQgvTf)gjcL0MJ91MlP
zfl?JH92T{-GY2sI+YK&iI6J`MQ`^Vtu|Lv<I*(YPJ`ebD_v`=;9v(JcPI##d0G!+a
zeQs`UHa<QM(Br1r0X!TWY#?qPJ|4hdIyZ<N?f|d20f37KpbrLfvw^@IoLm52PEIy<
zcr_pKSDt@I{hQ<e8O{J+U`d@nHumqT{tch~|HwgjWBeT)G>93o3Sft$tL~w%f3mUl
zZrU;iJ5)YryOyw}2GHkVPLmkFxjY|<Y6(Er98ErftiH5vDo|!dSx7aIjKY%6%j<Do
zC>14fP*3@Vk&Cyldc<mGC%eAlZAdwqPDQM)^<?4em-5klho(VDyFhG<UWoP<s&b~%
zfpZ(_Nd%`AO8hifmf}u%>__t<>5H)W#<<q<AKvG~hN~t#&snww)1_JPbh?oA%3r-C
zJSzz-J}aRw{N2W{FwGtcv@>Zsw3H_;^EZZQLZ}vKweC6UiFRLzMKK!C*F_Y69<a%N
zU16Hf21y-O;5b;@=!`V8ym44(|NdRH+pH{8s@a$K<Kd0`+Fs<a@l(PK>MOCZwEsPj
zk9_I>(X9XJ!N=x<&&U7Krc!orX85tI{?m-Cvj3h)QzQ6rz*`s2kNz<Z>hSZ_wAZq;
ze8h|apvSZP+r+p*A!cas@!~*(PuZU@05=%S2?m$}{-c55c<bW}VD}%5iyMy2{zC&j
zF8E&>2*kw!Z`}XV*x5nwHvOl@%>&=rKkRro;6&>`HJ*R23t|U@{%Hqd=i&Nab|7}%
zzvTgg8o?hS&_^a*!_os@8Tg#5+uOsRRF4&cKcyaL`rp-Zf*C<!f7A*D0&|1V=;)+W
Gr2hwim^=mm

literal 0
HcmV?d00001

diff --git a/deploy/samples/sample_exception_proof.pdf b/deploy/samples/sample_exception_proof.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..74c21e42f5b6c5d75cee8dfb6a9dbdc1a02b2e07
GIT binary patch
literal 13310
zcmaKTWmp^S)^2GjR-{l|gS#Yw;85I3aVu6NxDzNY#oeK}ySqy%?ozC{LyH$HdcwQq
z-QWJsIde^}nYm}lEP0+QKkh}VC@#qgWaC7mo&L4Ijs^s90Bj8{&;$h7Rn1{mPymCY
zfwi3#R3GYM1hs>i+uG>cIoR5oFru+5I@lUJ89^NY3@Vo92JCP<0Bc?_K+4wE6s{+3
zYvc$}hT0fI9iR@3LPBWp+b6@|za1DE0Dx%hqVfRt_qGn!23CIyas4eMX>J9B`(T%}
zGJrwFp+>gGP&D>;P#aU2834ou5fTD8!W^Im)@Uwi5wXj%en9lVad$jk{DZS;2<reQ
zolU>&*H?<%uj!hWh37LP#^d%<rV`r*;}B(iMvscgJ`k=%9xXa4P?1MY2f4TVRqk96
zOC4O;WFs!?Idf1H`e`2`V(y9z#QSg*M9#PFnlwfy+}a$xGFMr)Ao2OE;K}&CJ=bzP
zyq8;*Y0WS39n;I7lTPvirLxiJ7i8qGY0I;{TJS4@25U%Po+FFBCVgIQI#Tk5K!Rn~
z8D&9*MpPHXLqf!(^fgy`vgpxtppQw2p5`2gJPY8iDiaZB_lqA0VPq?k%GF=jO80n6
z)1!~3<(d3#(NiMqLdsKR9TZ>4=e3LFUXZQ*l;D4+;-9Go{hdWsS34+xUD3c4o;+o!
zqpg#J5!4X?FEYG{Mk-JkK>M%yv8zH|U;uU*Yq+53Kd)l{yvpdJu}iqXq*P$=LOiKT
zfdNm&REC$0UDDPD_Jm1t0yzJHJ)!bYV{-#hTNi*f2ONX|K>%)E5ZsIyTpDTva|Arq
zSs9I81?J#n1XDC{_zUEKx7J^`0LVYh|1+Ma$A9(azvFRyGUo*M4sRtnb7Mz<_EXr(
zx_>tl_kXL28NdvzY)zlsn8LI0UtW0r7XL?^0RbQm2p9qn^8eF{Kp+PQ{GZKu=z;2@
zDsg#S+|t-;dn}jueoE#Bk`4pNqtLuXK{TtWBJ{0F0TAH;aBz)LgPZz@u)|-4Z*u%>
zVh0y(&ie;r@O3k6R`C2>Yx*1<3iita*}T2EFKO{JAWgbjx$1c2K2CL4>Eu&$DzTX<
zRw;bHe1r+4l0_)uw9|1K)r7>!(;DIpknva8oYl!?c3kjGB~jo1Y%&Kku|_3V&~02u
zW2Fg{H*MXW2Z3Ysf?(4lKSM5@=F;yK^0084D>ECLTp8WtD5z!IQMQ?P(i=rPsc-8$
zsXhG%c<#&cU*QXPwye`p>2po(vYFXv%MuyWp}~At>pxEZtQ8_xx<OIO{2c=NR6nNg
z;q}AQyjdJ?FH_0V+B~C^{X(X0j{f;WcKN_bd<uqmf?3qr2ZBl-?;)pxUg<_EPvgm0
z*U>llYUNV5t<fDH?SKD~!|1GOe4`d}y0;5qw>gDixRIC(M5(dsPBl>JNt1+>P~dIL
zB{i~)u7d56r);scD5xp<Nod*FZX&{BKBp>?+elI_h2JO(fAn4o4=u*!@gMS`wgYPg
z4TvUirpCLLCb8!{yh?0L6T8XT!P`}4GC|T1z+_tqGif)Y+D=Q{UOS8!bbd)ek5P?6
zRFfF8qbw+&f65ses6=@tzvoEq#^^?W6A0{C&1-XEP5_vwB5l$CMw|&~QwNS+yCv(f
zPwNy68<PPG5SlPXhf{ZB*`x~SC1-ztKDj!0xG8&u)<jwZUYG}_qUY~5uwyfO7t}UM
zf$d6_wl{F@HHzlA?9cKBaYgtWN%ZzJx@F~aHBJ3BNn<Iwj9tV>NNFt?-{~Mp7^I2d
z2YPFMno9aW8auhM{6*OD4)Mkc;lm(WT?~d9J^uvdqzq<OSlV0e6CT$AjCYh+90|%k
z=3Ped?~C8E=Oci9^i}9wMNF0G%qXA;wX{3YSYPB8PAdo4l?q8e`rLI1<-PFhVh4&L
zd=$Ds2=vicM0n}zNqND};ZFH6yN3g>M>weC;w8Qe>Dz!VL$nvj%Gh?VPcl_SU-;y!
zqLaRRu_*<7d>%9f_(+uSJZN(5+EkUzo(BUVGFnqa%$FLtnu#j^JhI^Iy6{WHdKZxM
zxuy(W7t<QOsywwX7bhA|qGW&61W)L*{%OKB#1g~|y6VIdpF$NbJF18XiUJuN`e~kz
zWD&^kvr$i@vU{HwPMUY^tC9$dgUzVy3VOh1I8_;R{f{CTs>o?C1;kCKa3^ZbiK}7?
zUU*a4V~z$trl*+ERV9x-8+-W>v7_|DPH6Ob!$fjdt(o&3^#?$80<rI_efm>B7=+7L
zNNR)10*S4lc|bU62O&vXNA~w7#T3W_fvxam7bJwai0c8NJTIW@_ny@n)7mXeDE)<w
ze3&o6M03|GT0L<&AA)J+HQG8BFCVsq`S;dc!)7l}3hO`*<oDrYFZ9^#G0H=a3z_#k
z);@f|(2*i|R+;x|^H>>K7qKmrO>%6e>(f4Q3!)3FE}D))5(4+LtI6^G!meL?rd|3I
z+o$cY_8$Ey;x)++ukP^5#r83}+F{hXsBIy98^;rs`%G)2Fs>8)kjAO{u0=D!6Xze#
z+Fo2kmSu#IS0v^Tjtlgk9cTaAw4JowOR55O=0|kNpEIwu;~eLb_*_j#bgfQS`eI4n
z2`;01MB5-p?yIkvtdV?|X+&t8IP79;0YC5wiht^Tl+~scdiUvt5e&<Y<Q}O>cZ0eP
z^_pRs#5>~Q?G*w=T$A4s@=@L@!lN|SGm6617nxbeo9<==629I!qo<t{aX6Vd@7Jd5
zXdjpa#dNz&_bJyL>+r4x1kpWw4Z8@;N$eVXlFax|#?Ki}pf_T7cy2GRLG7|p2#=!t
zKJI3wcjM<NJ)KjVU32@WYb15At_yk^_Y}Gs_hr`j&sFbee=yrq2)<dBKc1@Xx<4m9
z5ez}zb6vYVe}3}94f~q19oIVsQ}!<S0sW4ooz&a+;eF+^N6ORJ?PzyjE_*Tyznv4G
z1otTHRdy-tJFS_XBb^lWcu#4c?(R9dkzBuQe{qL%&EhHH?yEm7v<7q|aM9U7bz^@(
zcbZ1{n6`raFjw%{*|?v17qocZ`Dm8<F!^czJgNgajpY?2|9GMex%Z<mn8r%0+aFe_
z-aqyXlJ{2laef6CxROil=uDDdWw*ZZGM~P>s@XsG8ZJ1FgLr1v?cYAUu)g{AC<eKo
zdHiwybn>J=WF8eh?*2GGKAV2D{OfF&_r7_2k;=A`Lc6k)H}uJbX4RQ%a6W((58oNx
zYD#lHjZZVeZNy8bV;sAgYe109Sz@Pe^)|^p!|GT&$$%e9WlZEHmu!K8pIH@)T1skv
z)qO3Z#Af)w&Cwt0o7Id}6)-VDcFx29`2&{da7z}J-uzH%bw_1C8dtZ8V8jeBUL(Sv
zx!MsI0+v5ygo9)gnCxXsv=hUyL<D|E#&RV+k#es2#+#1<PF1{fRnwcy28Wj=!hRCM
zWDRDFmQi#4l@a;`og}}^Q_t#_e%E~5-7#<$hTP#Xm!WWZg{ZYA>6&_>K<?4!6Rd|=
zt2DV8BbdV2yDIWOCVdDHDyo`duSypPpVi(IOZ>{FTrx4FdurxE&{Sgp)vms5tfjOf
z#UeE6rx&H4It~9l`7=T@K-<2*Dskl_<Xg=3a@B3}d?(#U0o`+|#bQ`yQ<;0+YtFpy
zSniXE;lF@onMs<__c83id34&q;PvNa!Kw#V;EBc6oE_wYS6-+`atZV^)u*xt8<rm%
z0oG;RpS19qP2v{btwgb}H!=;cBcDqxi&Xu7MR`mzal_9t(%?X{TE3LOQb`WpfgOkO
zb5K)iR%!1=jYP)$EQ`30KQuT#WfBT{OgYx5&^T7phj1Bv7xumAM4H`uwPWyY9@m-9
z5=u~Af3SNXdHLKuglx;`8s>#5Tvo?494}my&{SA#{c{{$gRlZbeo%3|GIPIs#J)j$
z%3QUoi<tW0I5JpHxB!{|JZFELe?QVyHsY&oiU9G`4Zg*3#%PVRHoU4~6WFG0$n@+H
zf<7Ae^CTj1J5XSq2sQb6@ap$g?sETLZqna)T+?UN%a6iQ4`jfT^{YW_|4?exbsv3J
zk&=I;z8UQpVvxHI`9}BcKCmA{DjYJcu>Mxi`>x_m0R75-!I9H4Nh^PAYn51@0cI`W
zrLaH%<Gey@HGf7_`a1dEALbFH1!%P>Bs3j!aKym07JA?zedgf&rd8_l{^~$UdY{Xg
z(6iyU)xs`<2TJ8uoc*JJ;|bK`MQ7xvQ^7mS-aJjb!q@^_rp<WCd<m`WGIa=((zffi
zHMH}r*@5(vPJNMAeH5|sx1T&tkuA#YYWIrw6C8^tY3rW3y-o8j0YH<x9?tKaL#n1J
zh8CRV+}2#}C0ru>nO$QicE?=fmyAh_Tti|oR(3V;pRhZLz2BrMmG8DDR69b-HwkLl
zGE8|^c|J#djN1z){#=&1)p$Do2L(!13Z34w5@MK40jjlQDFxghk||U4&g+Q}?~+&_
z;CRiO<-V6}BOSks11VxKk57^e>6s`WXK|~&`duS-*C<O?w}$nTK}_&veCqzy5Xc!Q
z*kc*Y(qC7a-5)paS@mjK3-wkxB(9rYBy0$Goh0qsBN}r%npaolyoVFQ<&Cm4w$-g|
z71IsT7#BYA^gP%j`^Q%mO#=H1z3_^(ZD4P-Y*MY{Hr=Md1K(ZZa!J67l2_2m@lK}(
zU5OOBiWakaSMLcVv6nq}CeZBy+Teo=i91tUXV=M#FGA=!(f(*1O1X`$Swk41L`Oyc
zBE^yK+z^SSN509{CtWdH<W+UwxDTFtOiTE*YdAh3DY|-)v}c7olSkd^$1DA3So?e~
zO_kkP%_yuk-5vEAkZP`Fg6_wm-XYhZbQ{9qPb7VPVJ^tt=?a@93hDaN{F%^?Qnw^+
z$T>=ZQbl5(7#%x%*E932(`%ouM8<czO$B|Fyu#_jHJp{ruV^}Wh19h|PmcmJ|136T
zYOO7>e!jY4ST+JF)-s0kM%E+&S6&qdC`42$erO>O#r#DXfRa~_bGbVtJrllfM3pNQ
zQAP-C^Uz#~{+dtghlG#C@RNe=V6G7mpGk1=X5zk?ccG(f1l`u{gGFfnp#$Fmq_npz
zIUGrCJ^W@4u^+NOsi>lg@v=XP9cTX|7?k1;<&<zTju1?sFX5Jf+^deE@QmLOj7fh6
zJH*B{pQDv9{H&Zqyx4m+BO=&mB43Q`DeqJz5=9<+E-qsmT}K83_@KGTOIp^GL*?D%
zVF#||WL)wyW;V4m%6MfK)wmahqxj6y%tb}qO)&89NW<8*m6Y{VUUO#{Qwm;LMTiMf
zsRUMzte5=nJG15Zn-mLuz=Yy=;h~b9m%EaTnnX^4w6D|#`^6*Fl;S+XI~2nME2g-w
zRu}A@MkE|lyBq#|{WDtoD_7Rh&n1vQd{<qnoq%-Unl7YIQ0>CfJ?SPsG9^5qMcNrw
zHj~?^P<*UQ{Ca-E2cnp?8)f~IFic7xgL3x$^eJaYLAKD)>{?6<VF;m`p$F?%;+Sbz
z134EmvtK!xDYt<|4POqYlT#L$nYjj|;*)yB3b0*>FgWt^B}qzYEq9@E|MwYf5VhM*
zF|EWsck2@BR~u)ZIRDX=R5M;JI>te^q94Wdw8P?2pWkG?R`Se<%=nHBEHHTfAyBEm
z&EVs=nJz_UJ_>LRhed_OPdf~PKRI6CqmR*kl0DLxy*-%_em`pdeuwb4?jwx|njmkn
z1;cT6?z&xFm10qFF`8qjP-N^rrNsSs*y%^RVmT?qQzbIv#U+k5!VN6M9z=b-un8TS
zoI{nLZ_LwoZul6LNo|79=#*+|3u&wa8O)Cvd9~UZQRI(eBMm>OzDmDyY?)HA_z)ze
zb#sN=NHb(v_|md)q-4&LFD167Jl#u{NlECySSvQPKy`*$C?l^)AtqmOXn{UiB4-6(
z?f0o^ysV(G$y8PXC}`g(x1!(_)v5~dxp0j#i<kKK*h%i0*yV6ctjrX0d)b@#qXj-(
z7@;=w@LY?GEKy}B%OV8%y|m<nONt)FL}?D^3uZ8dclGs{0Tt(U4t8*vEXUhN9Ie4E
z#_$fBWgj^+Q>Djh4j37kk>AaHWI^PPW}Byt;-{DV4X6EoHp%2HQ`~Ur@mIYP*!eDh
zA`O%zVD#s#sW$Tt%*rp28vH64Em_^^E;d{~zj;6AqNW1<wj&TfV>=x}1xgCjiDATP
zkyd2=2H<a|`{TJtC4N|=nm_~+Wbc#SF&A_V-|2Os8lQ>lk13=(qXH@DboZ&sS00xO
zI><n9X@yvWuto-1g?5B4rcWMQ!!Ua8>D=Qo$M}28-z8pI2g>xxzTsZBZqdFSIwP?Z
z*=RT{?D>R_p3E(=(sGi)I~M9~Atc`b+jV~#K;>0o(=%I1AyC~Vk#b$&|7WW>e3M2j
z5Gk$k-PRiKB1b%Xt5w4gQKIHu6U|7qab$LoqKJ6g=P6EKNwq8)Iglq=^@nl>FdE|V
zq<G3AA}EHOnju#ri%}Oa2r5+)nx|TfF>@Zcq_vLabmY<XK#J-WK9t4LcV0M@6d{e^
zoVV&DGD&^w*JC*McJ6uk%+l6}LMuB#BbTYBX{R3O3_1o+-}mMZ<w|p=4dVxyydx#@
z^`)3ED||%Mtet~QIFqfixUPRiClFRon{0xmxfhg`dhjH+@<Rk9G^~q@pkrKwbvn6*
z;ivi7V48a+M7NPfFf-63!o`ZO{!4tZ6A%7@S^@@>icz>knNvf0K|2KM7qKAzW1I63
zaw;c(_+?+8=c+9c+nLN-Co#mQGhD1fOe?uUEQrAfCNY~miOi%EbkaD>0U+&|ueUt(
zK_>z?7Pc+v>UGT4TP7LJRn!NH3zz{)BR&+)NIGVZ=$5EVzFV|+$h%JZX2(^vJxu&<
z)$yek<0~cvTG}jsv~aqBq=)3WPS3{>{nb;x+pWH8&l)+5#ZK~J^23Uq+W9`~(u!u;
zy=|>iER0<uy=+pxy9og=XUrfp(u0~05n#ZKUkvZ(sp1|XEU%r=H0Krp(-+IeP5RCK
z9rF7%!cgxJ%q@?^O=lN}C0<_H?CQ!^4(+R`+VOXS)Yc{@rR!;FuLLz*ZIo?bOY!X?
z%cI=Qj~mjy{i)lsPSE0suupuqiJQs%)Lfp!y6+83*lFhqt{v2BnYRQYMEQ(ZhL5*J
z+uJa+gZ08jG12#l{gnN_TjeBuFga>lAX=BHfbT4uJz~)VG;_OvNb;P?AV~@b_hHJ9
zxLj=112L?odbz|0as5H)ms<&mMS3a>xCcgC=EWK3Q?c0=bDPwynJ$ltSC*Y#(Q1MZ
z_`ie=rS>;Fo37dy!i1YPD(=&;_&g4x4wjNuO~H_3_lmvCUq=T*cfX}tgnzoIN?*Kp
zIo@CmNob)mmlUfgNPd@B)U3!8#ycmQA`{*;zfEM7Qju1m4dZV#UQh!ourLE<Yf1C9
zO!<CH>uSn>i5_oF8>2C3l-u~lR($oDBUNE%V1XZ}I=Egcq5<2KZkwvIFEoVywVL!P
zso?8^Nj!Qc@soH0ji&di=){^oG4o!=uD|CxzAl%&zSfT)##p4-BfoF8xqY!WNf&O1
zA!$~?PffjzGM73(C}QZt{Y$6OAp?3ZOsv+!6a<xHGQ4W+GbRGw^7q4hB<X{uuPZkf
z^4dJ_Jjn%>==(r-zHdxJ7JeW!p&Kb_W=hi~wX4xM#O>7@%BJ*Hw&ZakV%y85n!ol_
zqRF||Oadr+uuw@c_H-H8f3hKhI8=qpA=7W<_=Ysuc8ZgZDD?0)hwxC#^~H#`T2|T2
ze{`A1V&FSia%)M?$;01NRg-exM<Ej6193-FEtD&}5y=!k<VuxLTuER24rVr>$yYsA
zz2fY0^US~nkmigzYj*bqLWh~(r`2)dMd#~q3u+X%esABjH;@H1M@)Pcl^%O595GL*
zk)ZR!yoDqEt}(_ZgubU}pjabMF`lA)BJ*nGPm-Xc4X&eC%{M%UZe0pax^s<@nlHN%
zQNNQWTgS;?gWX@mOolu(<J$HV;C+}xV6z7kM1F%z0dR{gQobD}lHljPe13MvGo_&j
ziDH28Sfe#SE0W7Gr$&|xxk9lub#vy_&)rJbYFZ|iv07q{Zfi`f`rjBaOM2@^KTAGZ
z+IQQ}Pq&F`6d-*+kmQjXk)wj$Df2#BDThia!7RGS;8O(R%iirX#c<L0OQ)kp7BOZ&
z7d*HqMLV-ZkxZspGrqn@MM@PNK`_eu$`s-oHcLZE;_5$6gVlUJ5-iw^86o(FDwUS5
z&!LV`?lqXBC5H<5rBCmND2`{0TnK-?>e2M~-&Pv)8G#JeZ>-*=$qI9=uB<9mrWI$H
z3a?hrR%kVgFgId3z1yjmt!K=UuhZaT;XWZrh$x8oLATvVmm9=S7U_$WVZmWHYSM_s
zX$Ih0RNYm@|LR;}ZsNk`-1==D=lAz5^DDb?=Z=sAE5$;QIYTQ&nq`v)=_|VR5zX`9
zLuKY#n|>d%5i~Y(u`Od|)Hpf45>$re=I^~aK%w6T%M-?C+#k13<+YcntKvcHsHE0q
z13Z-9m2VKFp%=2`X8!umM4H`}wNCK;y{j$__sIdooY5WjFCN}DTm#Ma$(ugA=MgB9
z)MuBm4>iOHK5Ux=No*Njgl?5;zu1m^@O5xUH`Z#-&3hM%g-6*~BmiW@IH5MvqQ-Z7
z5wcDCaepNn%Cd&pq7~h2`_c7a#CJbgY@XD_CC`1wZ}}qduwUr@&vlDFbAKm!sn92@
z;FjYrZ0d8PC-V1(SRbQo)IfRtsF~}OA}(d!04?PyBuk<O7>_}B@&I-`(&{^I^OGq~
z8)e+lG6x%oc?lIpQ5Al-dpweurgH7bRD`5hlmr;%KB-_VS~I2knjj`xha#dSVSkp-
zGR~>Ee%YeRf}Wc!bqOX78;X2?-?S_xe<Y;uF^r=nc@9cn@3RX?GrsnjGH!WKgHDhC
zl2njRKu~SW&d}GEnzrNEAl1F9-~|UVh96QlC8`l-Yu&)SL%93yZ1whsJQ|V2_|zNY
z#8(>TmUIKLh>Q+?vEiD2+jLS)qM_0h%PG%6^ddVx@7`=BrB28GrZ8#8Hx+#;OZ1L@
z=V7N1x8uHebNS23@OL@j!eRf9-oaNw8;gM&gCatS<i(>7HL4mGCF8$-7njJ%*SnPq
zUFaRF_s3!O{u({87o^|FNCPd943=<zPaU@#wHud7-cFALf`6f}s;!VTGlMmh1e(<y
zKNy-;rp3&Hcg+p+2P3Fh^S)(w5gK>Mxa1plzZ1MA3Z`}_eRj%i-a=FRg(B`t_v93k
zN&RjWY2i{pnleFJjlHR~nNK3m(tz&b{BSqaWc;?TdC#7fL}9F9BwC2}UHS>#x^h7i
zgJO=`lydVq<FJnE2hpRiq-?aKM!)7KcIW4BTU#2B=9k+&r>9wV>$#I{FQkOMt8cj;
zShPoMT-$Cl8ZVt!A10=)W{sBhVaFzZ$+oX*A98Lz2OiZAYUr!R4&p_msG3=i9F<+m
zOCcBU=8}s`W)fe8Nw0+auWs*S7Z*z90Xmi}`UwRo<)!CX%|@w=i<)Ceh9;$B2%8i0
zO@Vh%=zRXbfwHkPBk1<AV*Jutn6vikVY${<!GTpS7{WM9E~R>HT^2)ZkR{vJY&Yx*
zSVIzo4Xi1OFc3B+T(#P4<oqHQI`S%TCu=>K)Fx4&fVo~J1Ri244A1sP!7_PH`2%!4
z_YX4j7kcT7K6R-JJ|i+wq!1FoIng8=0du-1KC)O>Q%GSnE68%njC|{k`vE18rA5)k
zGB~6J%-?GZX!&7NEKC)CtkTYNL_=zgtp*e2-c@Qlh=w?vz@HeR-aU&s=3%|%^h|Mb
zzT7z2-uX>dnr_MRE3LC;^;bAA7M~ETrK<6ljcLi^A&lSJBq|EIW{OoZY7yE<1RB|a
z*{YjVXq;=3NBPIdy@^}9P|k`{4GTvvoX+09+>^A4ve`ll;0W6v#o)Dpgi6pA%*=z!
z0hba;VPA<OL|OVI1#Qjs+%sb5=*29g1HVV37gG`mtBZxNnrrw`L+<%2g_^HHSjIFk
z@uM^u3Dh73fRY~iuHSli<17$h)kUPuFwWR-B+J)~9foh8$glftIb*&1Sq;?T7}gbO
z0!?f+Fc(CLly+_|Rbcu|v7WbY_4>z`jEqDJ&V2Xjc198Cvmg*sz9HHuI?~Y^S!+h;
z+JXk%WxBoF-QFg6OfZ*0@s_RCXtYnJv!&EM%iwmaP-C@?o?h5?YUl`RHL<OMRh#m@
zOjUMRJ<76O^q{16lcL1CKg0v@I1OQn9#h{AS7edd8gAtOJY*MwIuQSbb~1yfMFUM&
z{`D+5Rcp{mNQ6t?k{)=ANRld!M<Kbefst92tMg;9a)xgHJC5`WmCedA5^WB7bB@t5
z-rVB^#>gy1a$vu!ptu(n_D@PQx8SU_2Smru1ILu2g5ti4-PNCeT4HUV3giR4iyZB$
z_&N(*5{1A#)ZQ@{R=2#7waVHcb#3-4{k69FdQc_nBU=79xBT{Rt`U~<E8}OCwYD&u
zcf;~66B54B{RBgxpquK~N}ViGA3zM^tW_^Ab7nf2J(rR)ZP<rc2TcD2!u+bdL*|s5
zC3cpUU=qYvRf{Ss!O`Kw$tSj9ShP0!c?`ni293ne7kHb6MvYbRY>fZ7dPWCLS5-1F
zQ>l6iTJ2}Um}1#^@)|b``AUuCtr!=(!dd!qu%%*L@?1FGJW_ZKbhpCVdx*K{=a7qD
zUl`r@IPcn>5Z#M6-sg;ZY0)C27QKls1!kd|Nc#i`berRhWMn}1c>h$4fOX4eM?`+(
zup`@91%9S*pw&-1KX4puq-RS*!9w9-%JXre(=z}@pXe6ZFK`csU%VfXNK#H5mU~m0
z3y9ZvjfO!a05fA$S2~N3`%uEIdod&d?O7p8xv%mZn<ijyw*9btfV~`6z@lR}SU9(O
zF@qO)IEH)_v7#gt-mbUm^%bw*#<k?OmSn-Q!m*M!x2C+sL}X%-l&!TCI!Lk0?(qQX
zSDVvw-r1U(a=eLj*=tK^T~zm=QJ;N#kh{3u`u!7CvZQ(EJDi9!f7_c1#}1{86ZyxT
zv}62u-(AB?882z`$kPT^w~giXZ<6V!h5?LO6oylf&|cGoOC>qteg*f))?4?otyA*S
z`E(wW5d8Xb?n|LRh7D`R<Ysqo=fCzOx(*Quu3@5M+w!}}ev14tc?h1Ta9R5`e&PXk
z{)!s?HZ;eUTH_418DB^u(!3p}*FTulO`bgKzn%D*gGP^dSf`aVEK3;_YvIPBd=p{d
zdjqY3F(2>lCxOBf7{ApS>=<0GM^a|g;D*slTp=R4Bd(d>HUJvvjT}L<J+rka{!C4{
z2&MB(%vi<u?>x%`BBM=<_;g5Y@K__~3Q8k>Sp8z@hmAj<&B-WFH`3iRJ1tXXpYR{l
z+}28P2>4;}v+7Pc!W_#zLp5_!Pvx<s{b+vkkD_1^8O&pCKdSx6_KPCvAKm@u<tcAR
zu9CD7W9nGcN%HesKrA-7^Q2gkq@Nv#LKbCe?by=2sv%W4;#*;y#PTT%BR$CTXaz#O
z`&Em{!_ZIe%F1P5ux%Qd8gRoBh;#*dtz={-2h(JY)ti<p7UNY@<*UDphIYG#F5A?`
zsHgQ!wXLu$<5$~jhmX2yHd<93)G;Iyh6!>8t@iOoR#pf1&g0q7G&{HA5`3Y;PY0<?
zlVfoj_+cpUr6lm4iW~LaCI=B?aee-xI<3sApGN~x_qD`$<DMxi6JF4^w6F8aPEFOU
z)lKU8r^6pJfI0VWOa9_;2gmwQF<BGdHzbyUl}pqsH#b8nI5B8In~MZXPmk>{x9RB%
z8v`xijd3=GuXJUAd9wYLP+WzUPkBiCg`!F#TD@OQeUPo)hRPe#x}+s}ebGuK6m=9E
zaM{n4+Xmj?B0Gf&zdowh^Cvi|3@nYWp6VGSRE-YN_&G8%++s}u8m?Q*Vp2aD3V9>o
zk>}nn%)wCZ{z7<+;+I~d18kYdYBVIIzjI?YhtjEec_S_j-9K1udM`*gVCrL9xa6M%
z;arocaAOc<z`L5{QQ@2pR5=~6jAYz`)$9O^a!$vxMRrf6LFX|jjDJ!oZpKQaJFV=v
zPRm=>lUWOgY^Dr9HK2@&_5jmkhC*po7J@@2;aR&JD)ph<Bw3!PA^3Rse&8n1cBa4k
z7W?9Gqx5u-!QaN|N4j(<ZVlt;VeEpi>S_p6?BtGf6X_N#_{Ie$87eh&ddp7VJh&Zy
zamZ+s#<XlEW*j%3%Jh8`nGGvHwx5+KeI=fgJKt@>np2i{<(xuESi)mncv2~edo;{g
zHgtq;IZ0$t-`0CPfzFF2nu$nI$d)eFoDr1zyki6|OcqAlUg#x>AG>cJa`WfG>QsB5
zq6su8m8_>FJbFAVqMR2kA0Tp{x|;31o51ST5=~3g{&neDELDJ{`CBi=pI@)^y-vk~
zth9ugg`<P=q$yKnZvyhjJs$C13x}P^^&NP*zI=+$+)PQh7<tuuTM3~=x^F4xvnY*3
z=)}c(?>(?kShdp!tr)=Y>sN1pgf#vZC4Xj7NtyVQZHbLt!h0GcuZ6C!a4P{J7E+jT
zzpw8#P%-jj5n`+DwkFo46NAUkkg?@Ui2`{4WZytlMWFey_HX5T32BCrs7azSbhZ7S
zUQiduic5Xf{GiQCJ{Yq-(3iWbP>T2S^o0gqL}5uxto?l5X<T%fs4gc{=ZlZTGlC%{
zI_DRD`ub}*ww_ll-Sf<H9>QndH=q&RRpGaHxakSf)9F9mH)=b30)&qCvS%Pa%-W)C
zo*j?&Iiw)3XvaAnKNBRmK+5>xeCCdcch1<&%E3!|qxB9vIeT0d^;JFWxINV@@p`tE
ziKTzxdqy4+%U4&K6r<`oI`aUk@7yw_?JnqF6s2MzLux#MiPNGM1rnSw1)IsN(v6g+
zs3DIH9R5gecad^Daz?a7na#LZUnaeOV+K4U@VU~-!c3TRuP>NZwPVdn*th}>2y$Iu
zthTSQe0|fyUFUS3rPgqNSg1x>Pg>VyvPJL4^H#`F>CE-jslR%BJ#FR+os=WFoe)o)
zkXYMWj}KRemL&2TH#VryYkfD>eW}~mO;eTNw9VB5Tn65B>bsaPI7=Hc%=VFt$~{B{
znmL#{pHBeYm=br#!Mw6;XS!W-*gvqz#piubaGparvlwQu69G$sRSNM8yt2-PN1q}X
z6+ueeZ@@oQ+hBy0ky+6cn&BKo2AJJ${)?}}V->boM4E67kh`(9aFp88=Mr*`SH?<>
z>$VRhXh92U(qlI9gRG{UG#eo*IQAF*h>ItPi&<Yo4iFMTnzFp9F1M2E!sZRx7kKG(
zW%>crlc)J_`##0Q0SWIH6F5Vu?0Ub9gfL{Vx@N~NIx{c<1DMfOwxW(zH4B$@L4Dnu
zcN~{?!jE4lWaCf7v`LR*7yHusuBQD^_+R68P+Ya%>9)ilzX2gfN;YA@ztP738;WEH
z)|KAU@yVxw!PNpo|49_b*EVAFzIKFPdsdNJuC)y%WO2{U5XV-Zw_K+Z&ZfSl_kQu6
z<PHONm@rmz7Hb`gLO_q|?G<}+6YEdkPSdA<bXP*b$>g6LC@Gk8?kmHpb_3hNI_r-Q
z9}5k5AoR8kBfne~G68re<e+HYza{t_sTefjUxoV>#R98H@Oxwx!n(6R!{?K<tE@5d
z@2>dkuKt3YuPHw(24$Tl@tuAlTwNwAIggUrWj`yd(!T!l>du@<csw)y)bUOM<b`C<
zwqg1wF1^`{*hqpmJMvZaD|_G&#$A;5nZUy}A@?f6!XMvWlw52&>JbsmsE=FxE}3J0
zys(H}{WAi<JG<%UG2z}~pDb{B7b#HHL=c=1ve&6a5NxJxU!6*uZAM6=q3F7kF(70Q
zS0d2@U|*qGi2nHL$g*$E9v0xYCZh<n08UpvhPUCXH+FiyomOYO?<h96N&)$5(Nj#)
z=6J;(2~GRVYUhV@=>Y-J^YSrvoub~i&a)2;mYG98j*Sml%kFVzy@)I;KOPDj92(4K
zjQ()ca`&$n?hX{eJ!F}3lC2Sl{rV#ldWcnZ37I7~Jp5B87*+qPj0I=YcMLTjR1!0p
z2sE6eB<Dq&?H_y*ZT5_h!bg4{VJYHuQZdSxb0O575gqKS1!W$-7;=s_<H0Ydcc`i!
z&!<li4<!_VA_{LKGTu@vWFgSoadwmXr=tX6Z=gupU5WJ1$-$n7VN1d@*Mz&y@ma}v
zm*aUM?I4>F1HXFO!MSnFhQb=Yuqx`wTbllaL$uaD=3lkR;3WC6h}|=gY)};DqpoBB
z7tdb=m+YNYajxOX`onW7m~@6>AidQ;YLUWyHhbuT8x(PUUJ}hrb&&}w!Q0g2lGY$W
z{~9iAtO6@9;f>g_gXE%}1N4h4TT@IW%hJcvgBK4`HAbXcUk{}2D))g2PB)LA({3AY
z^hZ0U9^cu&6C2CTCKRjFO)6Wg3Hn3fqF$pH_&JsDJ}KC&^l{_B{=u;ZDk7J&MsF=G
zk@irWt@UtfR>|jHAv_fbX}pm#eeBVXStF+UX?1}mPSA~7^E&-7iIswQBmrZLA*^~<
z+Iw13rQN*7yr{V6`zkKSA9-H7Oh&ceW^AL`3!GsE=92O=O_Co<Ttaa1Gt^6z_;e)I
z9%|`jT6qS&324cHW1Q~`l{h7ex9g{ww5(yf0ww9CQo@<|;lSZ|EhVw4SP8*;RsMDm
zABzqNxVKPpxVv6SWjXmGm8i7=p;@Vet<TKOGrU(~mN@hJ;SORr(!N8S8GKvOT#$_r
zl=55BH2gB$At|c-fqNppNAH*#^gi1$hs3gQM(TLjJU9`BDq~ua<UZi~^F8E}kzZM*
zJ;IYJC-BC4h~d(FR5hkDyu`+=D55$!HVSr$dYuK#lorAusa>Pi9hN^?j$a#=@;uoN
zLGdsFZ_9Of)M}j-zdNzE87?heNlT)4ZR4w#$$(U@r0y<woNVpNWt=;^sh<g?uCTe}
z<kHAFLo^*~X<rTJSPjOG*3b-(*lLExv1nu%H!BOt7_6Qc)4Lqpy1{>4Zyu^O<e)qw
z4dG^AxV7(ivKcj}KTqJc|7@ELH@nr*T@|RL{8JjBIKAXrPGw^g0zuR+$^HF#=4J=G
z_EG-SN=bl9vpv~l?p@`o0RNQoGA|V<hi+bHxeBVYyjG)<;j}$yicxXP9WfKqhZJTS
z!F<cz3(av!b5T!zI%k^(c>b`&^66=GYUK_EmMnz0ylVWARVm-`Rt(x=xzAACM*W;9
z>AK;Y_Ja7Vo!EE$vhW|+;!2ZWa)3D~ma@3KJ?x6H5=2SiDAx_O@`F?aHOpUR(JD0;
z8e%~f`0DfzKkO(idu1t45Ca!Geu-+yb57|jH#{#KG+VFxvA4%q`;$BM-GDWYSSaT4
zVC@G>!_)MT5rhF!HW1!6P3}PHYgZG;*we+|oi$e^BhC*4`1pfRyBd;sGn+#grV5AP
zAGOEBll-2`iCG_nhH4JWU*^;chZ(k_0W#su^ktgKd9gK`G2w5xl=91^Xz1A~%T8oM
z%HR5(cRp)L;*I{_++^OrS+@V+CO<KV#i5Qy4(4_+TZexzir*Vp!&%EB4(0|{@~Uvi
z%D~hSz=_5#;%EeC3IljKxY$74U`{ylr1=D~f`C9aULYq2oUW?^gIcQtIJww(czHO%
zJaC?{ft@te+|&#P;0D4`5C<5}8J2-_fz6FXY@RslaOUyTXNdkqS!RVmIN7+kIJkKL
ztY8o)8#f0x2N+HT=HLJTIpCgoxOl-la5D3g2AmlT1p%Iz!%uAJf6|qKPo(Gn!B>6~
z{fENekpiAF0p~!A8aP6q-v39uDo%#5zj)4KGU89Ko)QIuhan@bYAYopE^lB5r)C?&
z!#0Px{spVJI>KX?u`#iI;$ka9P0itia903>2%LEjg){aQ9N=txa~o3t!@tzvpo)_n
zoZoN#ls%3o(zeDETU(o(>*?z`03dE|HXblMRk{E$1fUIpK-hSBLBOYv<_3Y-fDmrp
zCw}$cI0VQ6SAb{yf2#lW#Ki?+19E}DoB$p$n2iITTHt?J;r^Ga|FHI-UjAP`{=>U2
zydL5jf5q{yBK*fd!~c)J4dQ_Z|Mw_?Zp^Yp58!pcv1e%Wk{-(++fS5;KjH&)&VveW
zpGndePY?oksBHB&^R$byPIw(7-NJwFG*1qRoZHY(=J@HEo7-pLGr#5|jW>}&Q$}r6
z(d-?-2y1K7H4QS#y$wmAeS5xMT3gFZO1}Mloh)pnOuY2`S&-$jn+<_chrReAz(nmO
zj{EU>_b4+3b`F3aGBuZ=9i{hs?zEZMpVLmX5j(DD!Ol1F7lIbit&)iAX|7?>cBh+2
zNd<xaQsB|Zr+#~44U&A<ECI?E`k`Qp9LKB!Mn!wH!UL~`%G*QGe#pUi9_zq94nuD4
z?-cY`KRf`duq)caLrU$n#`qq?ax8{BS!t7Daq~9MwB(V3AMpQQGf{Q_dl^4f`Tx@5
z|L)wUmW8jX|4VaA*uY0Qo_g`$EzBzYuXSu}0AEt@hKG~+|5`-K@Up7fs@a%7O@9D@
zPbK}2b>`v#H9><fN)Q@+ZT|BBK)ATTTmTcmzcC<u*5K&?*!&yg<o@3n5I&^vKjnZR
z9>{-V92`JS_!9Updk`M@Jj8!t++g^w@ZT8EfBOXjd3gU91_FZq+b<Br^%VWT?7<ui
z;2V#_)3A<;xf?t)@ZCY#))v0MJ!J^Kw>|9y|H_sl%)kNmSFV5{US9aT53PiP<o^Lr
C+_QTC

literal 0
HcmV?d00001

diff --git a/deploy/samples/sample_identity_proof.pdf b/deploy/samples/sample_identity_proof.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..b8f1d9ce038134306615613689312907d2845988
GIT binary patch
literal 12990
zcmai*1yEeey0$|IA;H}tgIkbca1HM65S+m>xLbf=!GpUK+&#FvYY6V{PLO}td!MuS
zIrrB6r@Cs^dRO<?-Jf*TOg)QIK}3uJ$jFL7Ik~^PiU0&K1FQ`#5O{f+RLmV9U;vH1
zfu#)utY>ZvwsJ6caMiQ1v$i&&MPO2}vo>}#0^0#-ls}mpFhR`#EV)1cacgT+=r9p$
zBYS`n*vc4e2ezZ-=SP5EKHCNTZQsZM07PICk_9lyS=(6}K>qH;_ID>SbBF_U4kj^(
zfdg0sY-DW=MqrWwTbVkT0a)1B`S}6%4t8JzO9Ypcu&7ZBSW>i}WB%?G#MGg8j#yHt
z$g(30LhmvxU;1DrH3^6;BD+V0k<*=@|2A=o^s(Tz*LjcVk-pgaDY0(?GhXld@|71`
z2+rN&Z{0GM>YIg5hkBw#lQNqor@$`s1R)3x{I%jbx@k0f(e=TF+Jecp4_^;E(m?xZ
zv+1e|TO@BrUCK{ZVXnp=tZtcRDjI<kp`26ffqrl`<2MUtm{Zt{DHucqN{|%dc;sxU
zuOCrDKaPKn&lf8C2;&rnpIJY{y=5)Y12(#wN^uoQB&W6l?7z_v%?zSqH>4K9=hAfT
zr*qzi5d=I8h~V*|W6r^f*ij#UZ*3=(FigI9cJN=W_{-HSe|u5I)dmb;QZO)uI!_5~
zZ|!Jj1hxl2V+;+Vkuul;p#4Yum{h<n4ge-eOK3--zrKb4`j*r|U=nq45Lb492I6_B
zI0*0@OeJX8n8d8D9G*2XRsidt+OsMPHa0g9vUUMzGebpoAPazliv?;%7}^_}O!k21
zI4dDADLdFX8aXH!*!>|gLsRRIO91;{=KtEy^X<P<^WXcie>Ud`ogJD=(&onY0PW{(
zE9v~5OdS6`OxVD|0Ag+WJdG*T3;#6>=ilA`Ofw*Wg&D-b0^Q{Qk%~ZO4j{`vlkw2w
zt&582)p0>X-8Eb4cb-qna@52Um@nU=y@W}Ec%#25dW#|HEurv@GGi^j3m-icafh=$
zv@tsi#fTcfzVl|iWj)__F!W1b{m|De7OM|;4~16n1~#kB*AK1N!@swdQuI;_xgD*i
z3zYLlniq);MPiT?%-a(7lC;zY?$9a_V#Io;<Wnl`hAbmUy-3gAg(b3-Oxz{xN|Ev7
z-ojw!Va2DUU)gY<&5|zjHoJKUKh&5$Al~|lNX`yx{;W(`?tGMpseFBjxRuf<(@4G_
z=0z6awmt>I9o4>B3+_q&%F;{bHPRG!)xANEs0euNdffy^KeC`wyGEP!abbCOk==Rq
z7WsEsKPdtKi?glTnYbVBN@+cpc15HDImmEnN+FSE7YZBazi=3Nye4XLc_Pz;?%Ux)
zwyHxPHoJuDAFKNG>dQCpy8{S`h(%&A`#x<~zlU71qk6#KcH`M!u8AHFuK8D|<y%zc
z>orw7+CG+^&PRHs_Fdt<U7V8?;7kM$NVNCUpi*bQ+(SGFj8+83zJyoCFMmlLeORI*
z36e~#GTeQ+$6;;0KbON`rs;(8U0=+mYyI0=@5upPngmy)Bdu|S=p1~MU6#CzQUC;;
z`<*p@B*U$+`{6gNXvvqftJr2t&my#kh^N@IHA|H*F;MG5cFmhYhM<9Yg(a#U0zLY{
z84?C%V@+#m&y)vS0<E~(Au8E$wMp^$8E$uT!yzr9_~6Qb5^~r?WDa~OV2li(>Z6RQ
zUBq0QrC4l;aHwRaQTQn)wM@>NQv1f$nl#DcDb^@Q@vq&P3`)WQ;$82fmZS{Um}wB!
zLnB8|f-K=ZjlzZBZMmRA#xMlF@N4_9SHc_`!*ln+I7m4}V(w7kGQV|6;Ej1DLxsxh
zALUcfCLAM1`+@2EOV74rn$)Hh5Dl>h75GIJg^4m1b71A#a+F?{*j(F-Tb~~}FurZp
z%%(8<{F^U@+sX_+3F^Nyd;BzH`bL8WC<Av|rtjnFEsF75nY28iqYXyo715h}+*k!K
zeOhc-_;K$WK@Gn)QdTq#vF~k}tTd05vC>3hzCN9lYGY_CZ-#E;S)&48iYvO_BM$X2
zub2^_6#KDx2&%S?79@$i_+&;=9w*j~I))egqIbe<g|qNg8d*hnp?97Vn+@-Dk3jZY
z4C)CyeZDX_xh&gLdGpFHS_cFhy6NugNmc^X6vk85q!*Bkpi}w$$UPsB_wQYYq*tG*
zWMSCHRaWpZOvkHl1PT&!VYPQyS0F0_W+-egw<nPF=~Gd7qfL4Qa$Paz^WSo&k9_qK
zF;xWJR8cZ!;H(HGg`L@(q1Z%rb+d9jk}_nfttchIL*na0f33Y6vr9tdjURcL27k|!
zDsKv_J|?sR=YVp8i@}s5+7@C4JTcV5SQe+JbW-3s!O(hrPstF`D&LxA?-MWeQFOce
zdIIdgZ^KsdqBIlHJARUB?O2go=S|ZWMxp-Lw(A|b20RzGl2@hQrM>sP-FFD?C{MKR
zuuo<k%sn`Cs82bn5$e;_V9WB@@|$7mldW<FeK-_N?{)4NbYPkiOJ6OKovJkuxDb}W
zEy?YBJHJ@Y<k=-y(Q#lnalZJpvgn|5Z|#8k@LG3ER||FF!z}D^w2Q#v3lDFrSC46*
z5f^AqQ5`@hf(>wZ-?e>o+Ug3DtzfOP=6#ZPM{cw)&=#@1qH85Q5<bI+jxV;AIH1}j
zcZr+9o+vgjJ-&X3Jc8$^vgP4>u^`wA{}{yn@?D<5i}Vcm^~N2^;FsxHr8jyz=0T$h
z94DH;u)I>!vWMHYcS%<etKn|Q_>eq;4BO((>2315)XfM_MlWbiRPT)L+1!wC=$hps
zV4j5LeHzWg??*2Jx;S=iSF|r)omjeI+^7e6W#@Sxk4?5Y?<U^RS8K14xG}awFJ*80
zxbMQP{KmK*4{2+ilx{=a0j~sJNZo_)B-VN_OjiVUrf;M#<e~P1x*jgLPn3UQdqwhR
zb9lp3e3r9**_u)3tv4~>=8N$p>J`%ZL2sO=t!!6kg#)@~?O(|E;a4wE$KBgHF(Sr(
zpKj*|UcsziIInnl-aR$RKivx~<UO6|c;592tW65=x953Xkn=xuVtU-cQ?E{56JPF1
zN1X2-KYf+=(!0C3mOt5b|1Q7m9xA^~?|G-YJ9$mAKDo@(o_8F{?-_Bi>;4Gqd8hpp
z;c>VBbh-Q7Z22Dq_~f2OFLwoS@}6e@Xyx)=S5L6%j7u52*7iypzd=#fZ3N%kRvNLV
zEKcNVPB<@5@WT>**Lx&`2uLi5nnsM9-#<RuZWFnF_u@gCry-6psE?nRM&so(fWuVd
zm`J-ljSy*;xD@~pNu#wJa#Y@y4;@}`@_4JEb~LbeqBQNa4{OZM8h{B_i_*FaQ$i=b
z&-OLkJV3lR#CYw*<p@ko^WEjWtXsZbnvz8^vtt(6S4AH~b4XgY=$tG(xSAHMF4a#q
z@;cxdOo&edZl+H^t+#e^|0?9AzivRfspCqRmPfWW1Y>7*TbFA&SAAkYZI4fX?NzDz
z11@ck>boTP)b(cx)`8r1CMsRixikbGb$zeog7mxsF_!M*W~mG7BSlW-iq3rbR$WCq
z1PK+-q^GwNXTm1p+;*C<;;wcj)Bw48_#goGbh&*w&uEz-@D!38KZo*tyN{AD+b=8g
zd&^JX9)ph&28&G{Uk>CwBHOKKfFek^`jk2P;>iI^OCfRZ%FAxMIo0Xpi)v1#4wi~m
z$}%jATdp-;)0<$<IV{C9t<}*<S3F${&-<JlpJyHu+FUwoCRnaIwJ86P_WZzSJajaN
z>1-$_bn>xoEIk31d|HF&H|2cy(zdDx&J)9O(Z{@{ycP?K_WV)r*;WMIoljc^!gCZ(
z+@FkaE2j?#oXFjSnmhQ{vTs#Bvp>n0E634zsnFZXDb7#p;WL6h8r<jSWp4MU30!*+
zGX?1dcpeGeoPA=Zt}`^&UWHxi_>p|Y0$T;7mJ5UX$$EvDf?HMeGZg~c7-89?qif(k
z*L#3?#pLw0bLU5->Di0XZu|}DTi1K;&!FX?bL_{rPim)hKcqD9i&bdC2FNZfYAR8-
zg$LX%0veRVghwd@E(7L~2%(-Q;UHrECEF^pa<R7B7>-5aS{LXxb5VS}do&lCN{Vft
z0K;&DPAb#E|Lcp+smH+^=gtv5Bc~lkU+l`r0~Iq99G(ycgKgpH_{!v;i<QS-`Vm6X
z*5#vPrtqUto=2nb=TiLW+xShfOso4hH6Ebl?p9@)U|Cz*0;x<EF>@uYSnvP>xEVuL
zS7k}@icXI<(6&dlXiwdK`Wt~-Z+_L(=3dEO;9g)rVgN3Z7l&3DVpu%BQO~HXunf8E
zWv*l{)uh%W&gA}<iN-eOPjnJ~r{OBT0ZOT`Gc=uH>1l^Y7BBoO-jFT2b*}fZ*7~1r
zL?NJ2P>MCtNMO}lhY!etv-0QjH|iesENRmfv<^7$^7V!jvX&xpggn1o6-5|AnAQij
z2@ekp9}~yr7DHXQj&5UEJ|NRGjm-~OnJ67+v=*vufq&mNOYs%2MC?fj!@|WR@1hQ1
zIHB`(efnA)IHcYYPF?<c6*spM<0=e;+F#xqJC>G=iZi+O?Xd^R)zkjmM@N#Y8zm=F
zk2^jMY)|BEJjAeq11^5O!;O9j$o7&yv@~TC*!@i?zLIK_YTfjnp^KhJmA<*?o}_uX
z|0yF>9TktNioMu71P%N?NKc3!33;ywLP87S-Yg=Mt5={^gq1)qYn#Us9^`ka#0yjF
z$?k$5<id6WB9p99rEs*#=a*;PYOLqAhcwG1hbg;;ZsDgO=>|%8W}31XR=Jn&j|v+*
zFp$m9qI-S(N^jNnxh9UiT$Qi&!$PcY>^URPw8Ee>fyKILQ*>*0-pOU}C{uOnsK?L#
zN1uEjvz%4*J(cATp<HyIDX$Jxy5@iE%t5*ee=`rr+Xhw)pwJyAwl%KR3>bzwbF2-z
zuYWcX6{&lnxS#D%*Z+YbmwAhGK)2h)OR&Vl&LeT+7wDav1|ow<M#<)hK)iTit}HPz
zKAW9L_ld!#@Zf7yItF~sjCwD{RvUw5ez?s0CVi_9=iA1nV3VBRP38r({b>|+gS+MP
z#W+>{W(wFN`FgVDwVELTN!b=OoKBF)K6q_~F*_MSdlg~D!&4T;63t-qUTHCa>sG6z
zm_vV`qU6>LU4B-6x*FzG7LzJ`4PG*^0OnqGx?PN+LGNsxvQ_R3<;3R&ff-v%tp&qC
zQcaTC;SbAHw&CgekMYA=*u@q#IG5RsMaad-AEyXEE_64MCmPq+nP}irSHY$Ro4hLe
zl(pM#G47imr8mjKp(Rj|nad4AGkd>>3s$xNQk9KW9NN&K<X5<1nblL6FS#U^%p@kP
zZl?3#<e-ahKY6fK?rCLXH8>QIKQTdb6p7X2S(Lqmcy-${y0(^97%<&CV?vk8)^eNF
z=j2p6lT{~g!CA`=D6c@D{h*zuH@~16qOJFqaz=LChNGphf^<M_H7*G+2rrhuWkx@Y
z#++X|MC(gzd+kV75|9l)RWYfFY%DbreJ=PLPqx^8$}cn|5pnQqLhZt;2Bm!avtZd>
zbcTnUq^!?6M-)00I&$h?DtN-dS`jmna>0nDR%eRCEaTZLoOmKC$=R9I$bzBf`Q9^`
zQ(UGrT{f&N)xjg(p+gZ`g-JY%ogzQX-mz^o`f6>rzQI9Tc<Mi;WC+4AYWb~4p<zHR
zE{lBG?7>PDj)Q}M2~;(Z8}E%|5vb2!{sAOGVs!c>k-=XWXr)aMh%Nl!<DIZVZ-|~0
zCR1&s<eN5Y=48Sl8r&JCxb)t_>0%~F4wH?znN2*I1KyxN8Jv(nz!n((_+!DmpUtu}
z>-`~hq4won18sYQB#59oX=KaKYCo4GesVvMq(s_ge53F+Wi&NsT0x%{-sVtt2ic^4
zMB(iXNGdyx5R_;TTj^(Bqv(9DK}=ZU(<aFt+>QEGjpepQGb?%AV0HbxGh*=FET4Pc
z7ZjtS;$-gZs!6wx#4@t2tMwu;L-GocVM^$vCd*mQPjN$z@#yk_AOfF(LcbRW@=Q|3
z5tu_VCt;j^jyRV^{@MEn#mE*lsl%xZ6)wF88Cxh$R+|y$y*#+Htk(o`?^_Oohs+LR
z!^Ttz2?Ipi3o7aRW@Pq)%h{AoSRsz<u7<-?0aha}s`g+bb&@@TS_=_$%>mH@8Z3NS
z<NR=gZ;K1>H$in`U%8D-=n#!R%Y{b12VKVjlQ7ra5*zD6vt_0S$tq=tI(k)PEjef0
zHliT!Cj=<Pk%nj`J(@i4^H!dm;Rykw^62jbDCNMlyp6~VJ?6P8lbyMN3{LxM^W{sE
zOEl_%qz}11?)*)k;)>SvwqzcP(41TJ6lf-J_X4eNkJ`!47mRV1<I0IVsn%VhNQKGM
z>SQ)H=Cpw^*6j0#v6ICWHwOJ0hCvv@Oxa(8T;NRE5m^gg%5M3MIin{J2XJS9=p&gr
zUts(ebZ^#<U-DAc{H5f~T<BSknk#V-PF_>XhHR9nTzs<pdc_THGUgCRGBHZFK8hH@
zq0>5Rh)#x}VTHT5d)klTi38p2VtWBomtXaro^6&OLV{B~<zuTV(M7#qtqvZ$)%i}-
zncUcZFJG(H@T8bz_Z!1oi#4I>1fe$`IPr(EM)Sd`epD3EETmCpolg6r7DwdUo?@gD
z3T)vt^vM+nZwtR=HzDtVphxIrt3|W?Ac=r$R0XFFOyL=!Yd3oan%C)QnwmOAIycJj
z$a;J)=<JehbvktG#C3WH(TYOpNVjfv_Y!MxfBJkDR@nDbz(UX8UEooT@Gh_u_ec82
z#bs*cxD8q+c{(P&!_Q}u+tKo+>^r+{FvW}($x67xK0s?Vo#44@WchHcCli`*v04X7
z<s0g706kccGJ^s>M!{!1=VU_QJiwWR^K71H$uNCcBRN^s;^&nPgL`#e(y0D^U7GVW
z_F7m+NqHH5ITJ3p>f)>Tc@>?#niC3Z^u~y7<Q!qhwM5lfuq3wAi>)Gw(nT1?9L)rQ
zHJcN2oZ+zBS`8h>4EeaPv`pWW(^f~Fctn-!rhQDT8tc=vjR+1t)^@)7T%*Yv8)}BU
z)i`V?W^`J{5mMAAS&Lwlm7B5(%DgVSu;oxCf>EQWl>H6ETDT_RpWy>rs3sCXlSoxH
z4q+}bnNBzwJh9Clwy5JS4hFI@P%?1I0!`?aUYv8n@Y}0-f7gtDiG@;SQ;*h5SzN$M
ztFR_}p6jZlTpta84ofLK5P*cwOQV8@@Y)Kz%+I{O)&oAoWUSx%uF9uVe4o?^KNH&e
zx!o^}kBOl6yGc5Cqv>|^_0`3~tWu?IUt3bd@$Jff2T|yQT-VK-PH-5zxKdaEQPrF=
znJD%^ot7QMn7utxJa{opFt=cUHc8dq=2L)hjg9B&+c2$SL$deOC4<N8+V91sbCggo
z=%)Ga9rRqj{MN5mFIoStOI_b;LEvSxe9e6sgR5TeZ;=@@_2J8r$~nq%p&#m#=#Qy#
zOQX^J<!es%EOA2S4pqEN|D({*Z{#088H&RP!7LTq4)?eQ96p(;peGaIEJPDYjlMOi
zL=e7>1RiE92CcF_{B~idIVO7Ki6AM!HNvkw?MqynH=Kuw*ME;N7?xu{r!7jx5yVfQ
z>j(RwR*G@4HZKu%QT!T+CrVa`YKenXh$^~4<4?eOe-<t)ERGaqz6;=EAjrt`yxTKp
z)|0QYznF?Aos`Jz<dXmugLuspu#lH*7#8Iel|oJrROK6YU*Pi+Ak0RRbz3UAxA>_E
z>`w3HHETW4t<C5ZOzoxamG&6T5Om}oq1+7S_E1XGhZ9|jV~<fT%wCV=vlg(L|6cD{
z{b0Xu0OvoJ;`1550#r)J^_t~VNBfyOISl6PbbeofdX7>|H2Y4OoDE9PJ3Ewjth-nA
zCYnR%cfGeoJB#sz-9t+sj2$w)thxy+k`XO;Uc~?G7ImqJ9a0EpWviNuq^M&vLqxi`
zHP4AyIUrHAw3)+(EG<APxcVWhYRQVBZCg0awVAWpelf#gN1w~NfVI|cy-phMw1IcO
zqh9Se^rBqTmmNr)xeRt1=(NVnfw5A9Z)EMhgkoR^6^i(ZfEFAnXgC?;0}Zj<)<%x6
z^@~K5k8vz<=q?Z$jrE;|_wYBO^vmhHQf$ObTquDywru@<A-o-VA=jfGZe5WYfjvua
zBjYKldhE(?GA;(P>F6%nS&5ApD1e~KsQST_4$$!4kE_9hQK8r?+bdhf?`28HJKGQi
zIrUM;l;e+w%=7i_ACK_XQu_8|ER?%=mlSuam)fjVW|C);IcTnvLP?J7xZ&|!g4^4M
zodS)#+mU7<=?6(eWIr#4O%T@z13PyeLR>Ab99-&6370>hu$RwgBpN~VDTb{o1^^PM
zuEkniEfYPEd1ig;D#761Z}kbR9bHlJCNJge8Js}Qq4HiDAXY+dBn?-O&fJ_;4XNF)
zxG3zZH{oxpV#Z(E;rAL}vyr-aXD#%m;D4nR!K%0;!xsVIb9%R+;yg-R-H>YRGQJ9J
zG%i-at;sG$-K&ivf0T`%q?4*}6TP}*@Ub&({qTeQb#3v2rV`a$V6cLgN~ydQc^0zP
zgrEPCgdvxa@&yX5kx!0324ZCnp#}+$=LfAjefAK1lHJ5deR*Gl`Anu#eC;Rg%@gOE
zJ;cD*MeZo(hK`G&Z#tQ-UR>?qbW^WSXxwK9zFMz%8)z&mM{ImGH;Go5NfyPx2_oYh
zHWqttx<w@l)K(c`psFgAfTwE`wdN#~BE!+l!4C`2jW9vGV$w+!)JytGPDc8JKZ%ua
z5^`B<GH<9IIIItPx9D(SH%U593(xIn*BFuX(^C#fxwtdJHgz@E#y`baBzOYc5U~@E
z8S-)!fO(ohXR4vMqAeM8?D{i}wXYb489oda{_D3__Vsf_1q{9Q&X58I4sj`m+MI=$
zWL=cmi=#M)a!PJ`Dc`8DpI<hqOc7`_H&Cr4UniGT&FL${{gzd?FnsJhNa!v|{y^)y
z-?gxOAKFpJXI~GG`8lWoBYM#`Uzj(&TY$C6$R#x;rhkIW5uY(`O-{1^!o;MoP+PXb
z)iQC<bBSRjFEw~}e{e&~iNf6QOvIWZyM0WbYnYG0T<r|$`2F%l=p;+o$x`3qE?4kc
ze}$%!yYSf55|=zSy{r{h0Vy&JTn}Kd-Gkzxu)tXW*8YPPw*DijPCORQxe<mkr_^0r
zXgDP9FskvJ^sg_{x(nDCIQld1d^Sogd3!p)n-1Ud*P9VAt&O}r%FV9g(?u1zj`)SD
zK3naVl#~=l(MYS16%0^9-r724;fRe>m;jI<Y)uf=1|YloO!JrjFde)~<(p^c9jsiw
zp&$HsddkLh-PE3Lia5s*alP<Rx5!r~aPdC*RAY3Ok7o`L_akWT^WwQPUzB=;ekxa=
zI6N6wiKJ=X3AeM(!0yqcvPv=^JV|5|Ki|>WMd8$BkrMMV1bzGmwK2{wS&XJRItMc+
zYW5i4NHU<EeL!6MN&Kq4L@Za%0Fe?n{An@au#1!R;pao6Gi>^bZdMU{=FHLul`hNT
zpo<rLfx=ZjA24pRE4Yr`4{zXR*+2g}|2Rr;6(VkJ$?drEoiCoSmW!`M8;5_wexvUg
z+i7zku~o|PYhEVLN)fwIApgK-CmBq{a6hkbrOC}GE7L_0PTc}EWfH}f!K&oG-J5KT
z(B}AxOBRKLCE2u4K?zjI00UkO#n~L3??TX2tc2pzR_?(!T~t?RGVIGpTm7@tJmb_X
z*^1#It%RB>yB2%@PqB_+`)<9Sr3w4w+kuQ6S56H5u~9J_Qg(9;X)+{z5>*6zl2(C>
zD^(g3P58T9y5s9z$_wEVg$b|9;$Qxlc<;d<KWIL(TN9R|JKu-?+5mkr8PjeFf)yeo
zQ&i!s)qW6!gyG9Z;I9=btF^S&6wXV@G)v9U^=EUg#4)^AY$YISSq;p(>spgu-j?Qt
z4Ne6a(5#-I8xMq_dz4dH-&&YHmBYxdb-0APf6W#7Mp%(VUTPQbt`TLLVB-x5THr}N
z$;RK^lsu^>`38zoJsOdPxfK-GG0iUTsji;F%6>Z<y0nook=}{tJHhM^ehuq<GD5A_
zv~oM!bDij9alf)YIl@&!qi{{qXf%EIc6NCh)K+e}Rz+{M6q}mPVc<H7!G1D9ANWf~
zJdXZ5n7*f4hstR>@f3C1i$FIU=Dwgr1>jpUV4kV*r9b}I`_;C6$Xki{1k!QRE%~9q
zKO&^rER*~5t9akxG<CWG1xt{943|Y?rHtx1;%oX%P1OO;$$~ky$GxUsUudPW%}uV%
zJsIVlUi+VZ<r>)spSdS0Fe#4>zS_Ll@8FJJ9`tidd}-iU^JRbi&E_fZcYxQ|PYUJS
zt+_4%?0lRIUOtEKd*?<#%37ZE5L`}18=Vc^wAnPT#0m4ph4I~nfo8g6_1jtQnZ}vC
zEefHXtPg$B_ygsBca><0%SaJgEX*P$C$QmJ*opC`XG8a_;)-&D{DT}h_<m25db*of
zns#;*Si1|Il4)mD3S{PnWGxI!W$B5LS@*noohEOL!P~}3vSO;MVsYv5AuPPerZ`{`
zzk)J<rp0tIQJG>%{F3^_o;^*F_RtKFJfy;`OOwKi)+&r7-Eh1)#N#2aOi|j<(;HDy
zZ$=&BEJvL_qwX-zR656zO#xVLdbMGJl;F?I+9pJT&id9s{+Q*0$TNE@kxuQ?T^rZk
zAPg^iXWMn-<>FD%lIPLN=K>^-v^UppIcciB9jSC3faPCx^3D6N2SbUIBSRQ}ybp|z
zqgX1~!1fdJg-6C$3Rc}<^DpNkP*!d-FH~owBflCM8ww<@N^3S7e^A~tMLE`FHh*ji
zX{|phwPpfA>@Ay^+{AAcuGEBk;o^xKHWSmBtc|VfM}O>94_xgfxe8iK*B_M5h<YXQ
zJatQ_sDJeA-^G-c9z6oxXWGXfL-ejHG&Et$BdnsWKQ4#m5PpARkz^g9_Lz*|+a}z^
zY}tiRJCA;4y26#<8TAgVW!U5yo!e^Q@iQN&Tg(i1FD!E>R&fKF5J<utISpCrU2JaF
zJ+moOKNx>k)rCE*ZN+=lk6Yyru-BV}??Bzt-m)Ft@yTh^KdtqpzBVpO<x70s+Y`3z
z8T6a50&zwN)@g*CS=WHtDacMEJi8Mk<x%Y?W906<>!u=;E|;t-rtO?T0YlX{iG+Pz
z^fCu##@#PDYKH<D+7FgB;Djs`@oZEM*Ct<^SX6R3W()2Q==$i5c}#%9rBEdJ>?;@-
zAqzeG%$lDCwH53}$%i`G77EziX6%}wVj+rxeN0PQ7HZlEB$uJV<5_Q*qN${?!>X`G
z634ATEHXq@-7apgBK&atjR;bKN1bVAi9{7n8mIb0Bwq?4PGK?qn73LZKWHkL#b}!e
zb-JjiC({zznuBOJTNqHb*L_SN=Bs5F@V>sX8j@~jJ_#JWh$Jzi!$Zm~4PKm(o)Pdj
zrf9f2ttKHS*u5-W-g9tJe6LAkcd1p#yDm_dAk{KS2wdOBh)IS1HjA$cFSf(?5ZR*B
z-~RZI*W};2q%KVbx}H34B60Z*eD0D4KpHbk<f!NV12<{E5Sbu)y(GL%yM1Ms@(dms
zUxy*N=}%K|EL7QwpKFk-4B4alji&|=aRw!;InXtSsA$b9HQt->Q4bKa)9<#vdMJRs
zMk_IPPwuu59Lb4qJgANSWL>pK%oY+q;3gMCzQ-MORUfG1fOW`#LTF`PMfuCfG3Yoj
z)!4nWwWdz7a?lmy&=xgshbG3#p6eqDANA+z<fM(bZh`rwO$P}<_o&H35xH9DD5g2`
zyzM+xT*at)%6Xos=o60^zfUVR%DEi=7_E4ZL9o{nrxcQc@f=)iZ@KDp(+*{Mg0A{S
z3WCBLnhTbUH=-`>7$&LnuJa;P$gC}bu`Z0=CY2+lX9i&tcd5roJTJaq)?R~iNaG9Z
zMz2kSmR~&$`M4YBx`ThKc$qjgqzUKcGv|9g&F{bCvx!J4Mxxz8-g;GekwSBv{w`+n
z_heu?4S+lN3jfxJw>7O(v>?Y?BB6bh2qvq^TMxnHa+v<j4woW-PJS6{L^}W3SA?^d
zO3Zor8O-vd=y2v5wgLuX0`^#F*f_7i?j`l*`7eI(Dw1RsR$`cw2zX+lBcl=f>wli}
z78Hg0bT$l+Zg@Qpb-_qN(u-Du)3C1`V`IZ~7S>#9SOOR(U>}378WStk{>X-%J@}1~
zVjysAsDWUpf3)VEpb9NFLi<F+Kn3|X`q{y4xq|4e(@Amc@t=k0N;W$&6_|zJ2x$lC
zH?0q3$=#_GVv}3kPZ|*y96C6{#PK3%*ER*5%bspKnRPst(pJ(lwUH-x<t{x>Y2!X;
zM9jOp)}+o59_JAPoU1BQwmw|Vh&1xFjfynFQ0t~&kVa%M<$tmAnO`j*H%toOe^|Q0
zyRW$kuM0ByYVA_g;hrK&{5GwfFeQ0~3r9x#i#m;vCq|Q7Xedndp3I5Z4-D~1r6hTV
zYVV#&m4zzoTc?=!WT)wHua&(L7GF$7#8ZZt;g@7|f15BPVi39I?Ms85(qH-oRG&0s
z$=MpWJDo?1AxZzOd&Dmhw}P^!-A~{)MpfpywpjR08$nkeap02VD*pQ8xB6v|g-m3}
z!=T2x!SNKt6vTd!1vDnKbiPy<$oB%NbXn5$r&#gWmTLH}*p|gr$dlUl5B*0ZM-g2y
zD^&6pL7yBV$;i$Og9vQUcLc|rMDNr6G=p!5W|2R>-Fw0J<`;?^oS!T*jRo5n*_dSp
zUzS+ET4e)UtGk0wRCw)ff@1vI_t6iw--JHv1I@_HaLgEX*uN<b1VxEv#AY03z*bUa
zxipqBh%PrTs`nXBY9dM**NTpgK%(Yk^Vs%wZzSEc_~dX2b3>4ca&WK9rY669cH8S`
z+C?jvR;)B~NQw#&%*|X6@d*`>WE5%q+@K@*o#rcjkBFqmDP#aKcA-{B@oi*v2eato
z4T`@bPn49Hwrh%4z{9Umfz98S1T9|Cpn{Fs@w}7f3xFAq#Hzb(OYd@atVhHcmkrhq
z`<T<1+?XkVeA(BYW5oHkabxXR0ceJ0hV#cGQvjwH{LYpaCcRSDintHw6XDqKQ?S7U
z_RgBMuX}Q9SZVW&j+$<zD$DBHtMyTN=B1%m>yq?Ar|ONZhln8v2Dt``5i~zoqoiUN
zj_!RP6V~=i6OJQJuQ|*Oo({9&PiAQmI`-fj1PSs<rjWFdSia1|S>ZZ*&-hruiwcst
zE%~!Ij%~S)g=FZkzQBT+_8q#9wOXL+adrx%d&r)=8NA0o!2A4&;iZ<#be0Fcd+8;W
zJ4!k%c*pD2z|$+AZJAG9ZA<P*&LGz8^JK1^*8A>VYFC}G^K-1Q{)|>%U)}k_(T~rl
zjAw87BD{x28+VNomxP^@Xzk(zFbcoGSiBVK6!V5%$X&!)iyXTnjKoH3xYM$EDHN~!
zR_?>j7wNXQZx}dnQ@qC(s-Ty{32<^B%+^$FyzyEuSDRjX&2?2Jvj6HH^^F_(vysQ9
zQ_J0{VSE0zbT%MmbyB8Ss2f|Z2y^5e;HIhy=g}0W->*+_{Mf-wr_qaFOg_Y2sUeQC
z|Ft|^{HH>Gmai!LyLg6(8;#!cVk7c>GgD&HnaEM@Gw6Q?17tvw9TIiAXo5rt0Rs;4
z1UmVu=SSWbVXyViVQ%~m+fp;?heQE6n|mF*Tx7$GDx6ZI*YDIS%`P+^UlH*8n7e#&
z@>P);!(`5;wuz*+fx)$bW`Y^~4oHE>*w2BHyG1PvQ3HtpE(uQS?H!VF%;GIlm$_nA
z2<kvMHZ?b&;>HaoXLkhXB`;dPlj)Dnql$rF@3#gFFzwg4nnEYgV56z~Q?QJ}8T5Es
zZhr~JjpKY~)03V{`05zsV0m3P_lVb+$#e15%Ym*j%}zywm_83}P@FsF7x*(XI8l`Q
zYvm2BgmgnyZgyf3&(vsZ7?)@f!=rW8)vdrtux<G}FyES&a7aP%{1a{rZ+Z8V+sx+U
zcCe923@<@2kYb*dwt?+azSsJ>(glXf!qj1_28H%LE;#HoJ(ZGP>oOShD>9`1K3W)b
zZ)DrNS3LJ9!BhI9TYzpK$;+RSO{02l?VUHHpJOdr>R~daHNj9MZi*U?k!9rP+{@h8
zlOmI7%0UI`wEAbsm9mMsSXI3T>^#FxRnri5!r{Wi<o*=0rJg|1>R7`V!Fa{kC+MF?
zR&r;{l>PdlAW)t%O;YjHX#;I+F=K-f%JlF|mY(d}o&?8<(0o#j{;V|a!elLcVuI3;
z#I@*b@M=ST!Q({$V^67-h<Qv|5HRT%nvtzyHJ!4DsRunUu6nOfCh|(tQPqf?1TsRr
zNw|rhsG_U=06Uh_X0*h66TV)Ry}zH!Dsnt(6&m-3Ds52%_o3!S=~nFujz>YcIo6Xg
zswbdiK;lYt*jTYNwAcz#98$5X6wZ3ZwV@A8m*xVon~;hpaf!z_O2!Y0yZ3Ddy|TkW
z+?4*|5h6NJAk*hqvpuciytyffUnX{_l)G3&On>gdZ+v$CT}BI@j|rS6zmLW;9;rk@
zk4VO)spJP%h{NhP#8)!DyC&;?8#x#e{E_iEr~DXP>44vxri<T8(wB0gwA~v%GhmZo
zNwCCentLPk*}gm%dy1%eZGl~{+Nd_yaoAkOLs?*o*Ih1ILR%|4tbJy0Cq=(zhRtIO
zRb>=wy3==BhqcPYLU?va;*;a`N#9A5zO>_dF7VQKAiQyQQ~a1M{}G;1jfs(6V&Rj_
z9I8ru&>nD27yL&vA~V`(miXo3DIA|jM_6RCw@YPJ)uEdVf(?r`Kk6p`eu{#6!#J`K
zU<QVr>j+bHFK5|%5mcBpE}AWhJrk2}7p$j4QRsn-ifU|SM2Mkkg+&cVPum1>{cU$P
zJybUH^vgEGY|bvzhPd-kz$v4Yiom?UN>5A$mmx(7mzd35OgO&ZZ^8tavs1prl3YTC
zvz&>0CBDk6m`@`PC#vaBQ>B6Ng?i-aOoUG0U~eS?Vi-vj0BBSU+M1Hxw1HE`)U#d=
z(2#<l9){uR^B`7TEq$VBSp40b#vBB^o~Yb>%a|Dg4pOlWqB?A*<8pfg_K&cD;4?}*
zA<ox47XMGkmg{d^^iRn48HE)A+Z)-L+c;R;{fWlP8CXK`TR}T>1Bk2&RDu|o+5=b-
zm;~*OpvWtLi<ym)g#*M2Rh~yaOAIVPAR`x$m6`n+j|E$*0a)1>Ik`AlL7Y(F)xbsq
zY;J1i0N?;ZRVbbcg<mD1P^-C-pw%;c4Mk|5mm%~Ad&|Ji&dSKf#>~M9U;weOGIB6;
zFoU2>D>E|y$PAsClZ^|+38iwMM?eu*Fbm)rfqlk$|Ke_e&-CtpfVa<G{~Yl5P65xJ
zfWo{&2KM0R=l|HRvZJBHAHc4#q{#E5XGcMKTIijMwYa2+tbq-bG5!lL|3g-GwTJFm
z(#pj887fu+o0>z(W>)}>AQT}7L(y}2J1ACeZe<Ff`PVS0sO)G1<<u>oy~q4aAFDrO
z$J!ih&#Pw!uyAlNa)O|)(gA?j0ov^B?2KGoEWqbQGXpqSSQvrq99$fLzjbyXGjssd
z<NrDQk2^Ltc19o@3y2lK2?8-PLtP8}hYgN@P4y3J|DQQ@0PN7U{(EvAXgEaF|JcUA
zV(<?x|Nr8Up=tC_3Rx#|*utL~&HvgpSaXSy@lp8|I%6Cn<DIbOyARRhuPrbPKi*u0
z;eX2XdDSwM0$Qc8_?4$72|u1Z-6Ra3t<tfUr9O!MIwi+Y5<$q$S%LF*fe^>lwhsF1
zPc1A-75l@*QBg=0;YTYW)SI>}b^0+Ww)V}cU0&xR;4){n9a>exYoBaqx1(Wc0df&R
zCrke_={lX}t+I6^&>Qm=Ki$rnw(bie%Q7ls)dO|p>BX|7OpK>Ju7ZF_uS<3Z(-xla
z$@(SQVc5;Lioz<d2fhZg+>oHml`V7eds1{pRdaDI!h%`fTlbY`NMm5_u1d@Op1l4#
z`tio1B!c2zxX(~tkdC)?z^tn1>H!uDGwk*MEZ^to{x7Nh?~Hv;RcJN+FG($G1$`Ic
zIS2opx(pKks$XLRXemJx9ZIABQ9Me}c&b>dTA4q;z5oC|$MPTb<zfdmL4Xz`3j(wz
z|M~#f+1NmA029E!H6Rq0fBpch{;jccK$rht8t~cre`r7!HdZJT{~sDNGmsTp<^QFz
zbN<hM93Ut^|6lz$o{Qo?G$4?T6Z$g1e`%c0oBvM@T5<oF*TK#Jdf?bSzigsx?gsS?
q^i)u?wuYW-&mMxFY0oFXzr1DdU|{F)hp&Jv>>SYdRVYQ}#r_{rqZ~8<

literal 0
HcmV?d00001

diff --git a/deploy/samples/sample_relationship_proof.pdf b/deploy/samples/sample_relationship_proof.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..1679c4b9f811a5e751506d14a577a5d4c1c50210
GIT binary patch
literal 12512
zcmaKz1yGyawy=>Fic{Q4aVe7EUfkWi0fH5GC|a~gDei8CLUE@+ad)@k?xeW<;XCr3
zd+wb-vuBd5ckQ+IvUlErC$uUOQY=7LPE^{-gS|CWAb=fUZ(@xqD9EN^<zfQ?FgSy4
z9c&=RP7oWgi<P~dv!#`Tv4fMny*VQ)n~IaYnX4(p3BaKK!3xX<GX=2a;{Zt8+grf4
zO4yq^1JodPW)LTc6Qi&&D(vI4ZH~Wvn1TU7R5me10GpD%lP%chZzZn3m87g}Twp%f
zq+ln2NI*>O%^;|33J^OB7fS$$hg(<};OycA0o$T_q({Y$T6eOe_ni2mW+1E6-bC9F
z3AvOC*%MvDE$R`uR9rrQ>*Br|)^MSI9v^)a*5yX5ZP>XSr#f|W`~AZLXHdpKc<F%L
zyY{U$nRAj~+Q8Vx7Tn~jlT%t?=%g!ynNmBRdJ=Eb4naM`cWAxUs9f_t_Z=J=`yc5X
z3UW3s=YE}*Bm|-wGcDunOhXF_$!X-QoYqdn7-ju$SwFI^74Y&=6yAM;7sP1)B&M5i
zF4s~}O9`NsHlJ_}HZy&xs0J_FXgM`at#lj&L>^y#nyp&yL|4-a&zrCQJd!OT+rj)*
z`up3I0TXly1!zQtX2tStMx*qkpOuf9oS3&bby;VXz<n>BA{FFo5x?Cn)`nE2>2uQm
znVx^9AM|%-H9Q?405%n{1uUUz5NCT=CsT+s09JcgVNKN`E&%<%YRaYo@o)jK$=bpc
z#s2v&{?B(=LsT|N4;N{57g%wgw@PyWo(rr7D<zwhy`9UmOo|i0`48E%R1sok1s1dS
z0O+&Bgxo+7fQJtRGb0YuhS<3{1D<QIhRUYy;^b=Tq5^jMOUMpux4%9Dxc_PXpYc3@
z{a4HWJ09m}bFMJ&u=bL-GIIv#KZmVm_;-Wx{P#9-unXA6-s0Jf1uP5y<%Rce^?$S;
z5CG)k;^Bq``TuE8AUlYI^FJH($Q#8&L-O*ZxasOL)@X8`e~-pTAj1WqC?kXL23sZ$
zgB=0PB}#>Yjlxv*0*@?#H~hW9yI$~=<1DdiZzV1^B7aBr#wRqpz`VRqVT+LrOvkal
zZ6(KD?5v$1Pd@&BO1m2VnQoj>!mnAsKUJ*0<K_;Kl0bn=K<(9@othwoDpP5FnNZz0
zC{i%K*c|@-rVaHbsaH8mm-s5|43)|kbRMi;NQhS^=gW?Na}i^osVP*P^O(vZEdA)3
zd;MXD%}#f~{G8)6PExM#uX|^$-TH#IPmj39bf6(#pS_Om(NepXfIf~_H`Ro7HEgsz
zDWAP(MOPY6OQ(x=>{>kNRA<n0H*@P=Mrd=j#KlW-Itj(pHI~&veg$;(jvH(7Z%WtX
zv}@Y*nDr1)Wi8ivbeF^pM%7bCU%IT8(q8DJ9uMDPKiEt8-mE8T%GVmt^M^6XeVrY(
z(_KoP5In@#d^1{-#A;>yx<5}*;ti0(XYYKbfbWj(NTM~g@B9_YvM!^SBWNH#=2My~
zx1Cg=B|E!}xc^HHbTXxas*G&jl6=1WA>*I-Z%L{gJP%Uxv!<)oZREPFSHmR$-N>gl
zaLW1V^G#$`h`^chuN!7!Onof+#8wnsW1Ok)Os#0Pa+bmz%}u>c3`{hL+&53+$*uCJ
z@+0K}TG|vG^i^l*wh86|7o=vHgWkn9)Z3hR^)pp15Q;q~b1xTj+p>$q-tD4ZmqLbv
zd8vuM{N-$X)45E`l9qQx&PlQx1c3wHv_0ix{vRgd`_&nOeC?)<_A>^;qfB+(!*pJx
zzTwIiqS1=TEyJT@Ra7Oi7z@74fe`vY!ryTe%COlClktTBd*NBk;Pv`ZYho}glXd|D
zW3rg<1y2Q>R0Y`s4B92+;OOAn3e4nQ6sq8iVcdtPF~0OBDfo1yLc(rng5>F+5>IiH
z+JfUc0C(GmHbh0fi|iYWe-7`=fJOx8E8Dn<jQMG%t!w|Kzb8&$Jn0QWBKNCgHb;gn
zcr=DrZ}YuZ*;jWoB*X){HQ?Unbo8l~wza?JMAwn)ZjaHxxrrR0`I5WVK8`bJ^}+#t
z=8gj_+m6Z<;T=9r^pZ?EFCak!vlPKsY?>2EN8B`^R^v6F*aqW^^miNnxWzagv0eNn
z2$>4g?XnuAH_3GJ>0%oJe>mZJ6X>LbKjEXLE78MSs2Fat59iCa>*6Tq^tU6W;@o^C
zDW>2h^+;AKC|=zeb9s+D43|mg$T}Q(AD3!HP!X&IKZ5uexUEj@06&aWH&NU^X{EG@
zsK-zlmFgd{Thn*vg2WXlqQ0&>g<zm?q2kLujLaI-5Kkbnk_VYWHBdqeIKt6Z(cd)G
zla27-86$3Y4mcTO;>T@BB|sd_s}5-U>LJVmZ}d(+fN-L!?~NXHW#B>p;W+9ln-yf!
zwkdf8-iXSPC4-btCTW6cm0u6TKzRqAEzekDC0B``(u2>?KbG0wemueD%_)-};?g@p
zcpe0-v1zFMDwhlJRNF<?OvI4+Y_^7=;qwf<pZJ05M{)-dL**oR`|OdvG^l<PnFqBY
ze2eV*unYbv!2(=M0yly^VykHV<aE2hF3D;JlzH`JccJe9`tg>lWyr7wr6I)^u|<Df
z$c6mWsEOhl`IhBW__JR=X~5N_VmtdX`XNHA)Upej1KKj`l3cyCQ33Mqm%iVYX<f*B
zO7F2AFdH&_v6kMPy;(r_PCow9BIcL-(LY*dN%jiCeVo$Yukg;lc`v$MdhfAM*ekN5
zy-h`XvmDycMgNWTn#T5Xi-PjF)+&V;+%=~yqOdp?LRJCAs&fr_gZBDG4dOL|5W08F
zBcA7HBZO8Nwn^&twh5(G;RSrp0Hc^|o&^l=1d5lfQqk~FtY@ybXr~xnWY=^;uRSv_
z<ptj<OI}Xs*C2a*%|vQtIl~r0^bXB@*(yH@|2uDodUX5_M<koj|0$c0dX&n}1LZoW
zs}l-3rCuQP3=uBW_Lrvd74t*%l`BUO$(!|;ru9`Sm(G+rJVQE__rkr#cfj&dybJg}
z2ESSlB{&uM+`D_!r#>Yg>i^mc`Pw+^@oA;V@0{{@^2xJ9_#rUsbdU1By{PR8SNP#4
z<u%k@xxI*T|7veA`eM)iDM;B*{}x*Bw>pU>m*wl=uPnmgb1S+xiG_K(Xa4}x{3`t5
z58Xq4MD)4+{v<B^u=R8ceO|m-k69E&Pdm5JtnkUFgXiV9R3viq6rfC)6)!0=EE}H{
z7js|p-N<_-R6izbDKZc_HLQwQ=SHS9A1QO!%mXi8VuiwCG|7j|-AaG~KfZ8Tve+7q
zBD2C7rJ2O)B)9J_*C_v<68re`>tAXorV;OB1gv-jK51QbmeiR%sIQXRclovw2u#3H
z{-JT(;9MdZD2Eisl$|csgE#Ack*KXsvj&mVaq!#^km!AH3DWxDs00CH{y7C|SH)2?
zuPtAGC+rN&LjPSI?<zq;r7ij6^U~*sYC})8Oh>EJ4;PiGlvaM7Uk0Qjj7^h{EoPG`
z{jo$|`kFO6;R;S+$i)p%p*hMi@+ORQ6KQyCS<JIiNSu^GDV(b>5}2S)(llhA=xTeX
zCAM=10&@=BnRhjOF|ri_W`d^pUOy?C?MRO)4l`zxH3e`QaeamHccvwVESQCQ-57uN
zvhJ5*hleC0Z5*bAc?x}cI2XLA7P+8J)nuL!TkxEN|IFKOZc^i(v(<bk@B8MMYhc6L
zHXo<xQtz74lC=4lC9wx}4v#wmYg_($c)%(BPJGOb=>C>!_l_U>NQYKsyEJgc<o@ld
z<TnY(3rpfqCk9S%MiFXZ-l^a^GveESSy}IipEc+=h{ZHp;{KhDM4$a&a`mV@=;|i6
zaZZLiA!A@+?#70^In{796Ea$Tb;BzhnAI<$wGa;($eNN{nw)m~V{)W+<kWfh6XR#}
zpVqNENIruT<4FC*T4#Ar>QZEiZSRU7{*^C(AE!CkZHfP)GUbr4fz3?2YH{A&jb|~u
zNN^Oh3Tv+D(D{<3S8EmNcuhDncyTo8!uh85UaFPw>f&Dfu{Ji>j8PQQp!S24NuIsL
zbwFwfi^0CwYTt+pL5R>Qtwz6Qc;V-Q-BH*t>w8*+LW|bs4V{%ro{z=uJ|~4M$17#L
zuVX7htj0bO#{AMq&tl=l&|agtCO^EVH4i?X(4in5R0=WQuHu*j)uE=g1TDAw()T_}
zU$WOgQSXRM>&{&GwsX9B%Qw{>vU>DyK&>&xo%QEF_oUt5bnrrB^EVkc66gvvb#qF!
zxEaA)#9J6!+2_IM<i}woMPAcyxw4U_&-M*m3%sgtGjB7wr9bL@?8Uawv1ynZGrjKO
z?ckl!u}`<Q0ok$JakSc4hqwxd$F2Sf_?Stq!m4H+kG#udR9bkxbM0KQ(^&H^r3+l_
z&7nWa_Fmt!u5N%mHQGFGFO0<h2jx!vDciLr1n0Zy<Q}^4+l90@sy~rs8*drNwJ3X*
zGQ~%~qieand767)U?<grK6)Ra_6;eaXpajb!ckH`{(G7?u><p>Io?a>SJqUe9^y?r
z>0a~z$PHeo{X^J#E0-a>K<3bKfN}D#@HuU{AUt7WEsc^eomGWL9*-?&$K$6E78SyE
z8#eQu&ZH-bW|IoHx;LX=yE4}!rj#<<>u|JBdJYG4xYcVUnu53(d5DC!%c+#+zxRx%
z4N$V*{=APKp!pNV9aRfPHt^py(cPrdE93gcRu!CIp&OqUe!c2lAoJ&qWIBSqIvh*$
zTECZNItYc<PG_XQA|mA!n`gBZ(^o9`B})f|$V;O`z6I;#Umq=V%q>p&CH5zOPGZMB
zP!v6gNl45Ba(##$dvA6fIYx>xYEsIM9$v1ODIBKr%=hcD{Qf>Ib?!;;m!Q0p_QlxP
zQXsU^@zVq1IKsHj(VKk@V^JI3*Nq4kt~l$5ZzF9eOs2$>x1>EfUO))(uave8WAq@5
z+s%}YTZXUMBE)Ij338`H_uQqT^ddz|9g}~C-8_EMyQ%3zEvR*W4XuFJdnKyRyynM>
zra7DrWYqw=DctO;La60Klkf;JnBNkmiqItUc&OL`=ohoLCV!?7?`76#xXU@InS5ei
z*{fJAP2{caw;a<5<{(kqD7T&I4A`z9IaN;n%69%pfLDXgV2OFaP$FbRSIQ#~eDLVU
zrcr((>{rnMO|kW-d+{agV2yvc_qv|9Zd>UzSGI-ogVeUEVo@gE)AZZNw_vo4h9Y@I
zHJ9mORh$2$Gx(^aZ=vYS)pStRrFrvRZ{s{vMLYdv=}QCN?zWnUf=Ed08Y5R;6K{$Q
zkp}Ouu_3O~AMJ?OK?&)pi7(e~i!r#SDYD9eelp3L!&jqdac!W(S8}gQVxv(=OFE=(
zh<sv_F${mWW6V!`N=C<Rb0L?Z-J|Jka|R_ON}WYs12Xl=mH1A+-rc?Bch}@9CDl1l
z<^Ql0;SzInXiyYtpRvGRF+*Qb`PwI&WwhA#xU@U3+#lzl@W6w_cySKf{KJ`y;gG}-
z6MvhQUlfBC>^UIqA>pxZgd??*(<%d;TDLHpkw~!cMMa=Y>Lh)9^(vTI@UbUxANoUL
zKfTUN-daXksFlu7CW%A1WRA6&x<|(rF=ghFzhBnz*R<ln>|0#wbLAk>pg%YKQWLAa
z=~Aec<gytT(qib^)Z*Vy5lZ`VD;i50C;8;!BQC)#y?e6)BJ?``Pp6^1Ni|(^=zJri
zvK1Xlw~82le7t#y(08^_aDiH2MPN@QNJP-Dk56dn#CU%y=ADlQ)^Z)^7bgE(AK}XO
zq^lrH3eeh@VvO+?r3=AjJf>INA)eLW=BKseIMt_Ipwmzu`^(PQ`T+ot(FPUz<jfm~
zYrP;9tb0DHQ7?6HP<VGxIAS;Ufj`Z(sVvRWfK^YVs*SZL7`KE34=dVnDX&kDXe-?p
z9Ai}xGEH{RA(Lk`X3F`C34${Dp>t##Mb#$q;zp@LRe3Yak~Z!ntviI60$)&A<hJ47
zv9sEZiHQBnKofDbfWXF=?}5dVl)S*i_H`?%K;?4ONrl59vipP2ha`;O#&I!4A(~=v
zmxL_gkZ4?J*R_;E2meLrRL8ih+sy5sg^}%%#7vo9!M0<lyWLLn&GAS9*RW5>B<{Rp
zBfY^#Notqr9x1T8L&@QJ^&j<SF`EbIJjP;%N1TpGUQQZ^(X_$*TtZY+$PvG)Orn!2
z6RM;XA#sUmvKbGLtmo(@wrXgpCL~~J^aM;ZsNe&M+`c-sOsOu9%u|R;3^q$?2#PLF
z9cLf&+Dx<=iuM)wLX@oDa;<lFZQu5E!m35oY`-D3<j%CQ=~GJpiYNL)!b8lH@<{BS
zL7R}<MmwfvuX81{hUQGZm6aw)H{W?=zq9=rx_3Li*xL9sCq|#rRSp<>us0#IXV2$a
z7aEjt%d8|<zqbB9t;fglgZ@0jY)GgQrz~3aSCHBZ3lIwDH-xCd<T0K%5#68o1K;&g
zL~S=}0&s5}KXG)SaMGdC=vn~#kbC=mX;P1>{Q600M-MUSv-&?$W!Xgmjcse^(LeE#
zSl8%ba13h&q;?@#<T&RP4=)`Wl-sxn7YNzSZ3(W|B-co_v`z^uz6I}C%#7M(%@3Do
z))u?HeB)nOqLsF6#!gbUsu(tz!wfVHogT1=wX31a4QCE#kjH_9|Iou7A4o5@DpUwG
z*<F(tH@CbE#6C<qc~4+6gyW>^YR$zoxqrrAVXVnrqHqL$YgSx;3_7l7A}t$YI#&vH
zERQJ%y1noB+nT!y7uXeCsCkPY<agXT(rHyZ(iz%ssG8~4u&&a0!Twk_8G;l@$V;iu
zGsU7#aKgkK!N#n=<9!IcGmS2r%-yRH(;}=>C`YsC2&*r_>^55p;E@XV=EBjY)^9Ck
zyyi&C!slpPSI6;|1I)hH@Hj(jS&RA@{cu^QJx@P7YhFP3L7=r5f_0^JF>f<@>0I7o
zFt>FS#@79@CAcmm7G1Bf-;6Uh*IbOtaa#c`CDMT^2chVD7q2*<Z1kk9AnR~ps^=73
z5IA|GlskLG1zIFfd93r5t&X1z*kc|y#G}83iqd0q%m#e5EyJLsgTkdNowbjt<VF#t
zSX}Hq0i@ZA%P{6t<o9Bb!Qbi~c-c6BI*`#j5Q<OGdl%~sY%&~vJT|AjUN%mUuOYws
zqjjG%>qaS6L(E|iL7cjGIYz|Si6J#3BCBvJm2p5YGWqsNx*An?v!+6FQ^U)Ty{KW_
z+1E)a^cxj-MxkHEsQFgZ$;#TA=^qo;ykh~kCY>^YHH@k*Yv6%f6&M_g8!M+lJ4xpL
zVd=tAP-$by1Y}jX%UdzntrWjVE{>Vf9jVYXZn^u}o5liRd-AKKLiZ}(<h#dr49W`K
z?OlTCisanp8wACK5mOP8``tLx5fxFq=xZ<V%)%LW2Zdky;LCksX|jXeiB@K8^sUvU
zd71(h2h)vT+)dNgZrOw<zLQ4)zrx>wD8Aehvv{jRhV?VxzFolm!rtvf*nG^5>`o}_
zL6PORlMRkk6YhTVt5kIzErx`_8wQ+4)gd`x&(iN%HAAA6*&L5OLN1`8Bvnb<G82)8
zA8D)?Hd5D`rn@aMU!g={H|;oQ8+$4y37O&p-#8~VM{3ig8OcC3pS+80o?BZX1Hbn?
zQd2@lKEY~KapvXZ>j?vXRGwI>?k$rTfx=^~yQv4&tfsbCe0g6~O77fTDWUU4!*nkM
zmdQ`u6r%<clPC|a=u|9%RZO2~p^eV<4uoS%bcb1jmP&cXA*GR>3!I?64x#gAF=6WH
z64jWV9GL<J`a{&#>lGrC=5BzS{FA?F#FL%6%TC0@8@Il~<$KA<<LbMv%!V(0tL@k6
za&mpv1J&>03`__KMSr=0L>VWL6y5Y&1mm+=*vEFHb3{K?H%ZiPS1|E<HTK(7#`O<v
zyhQ>cMyN+Fd{VW?RU@DexjUYjTWZ};TXY|9#DCv1D(A1{e&i(lbpOLcTTYjqXqwHl
z3Ef2HO}Q%TSJ7N5)r4=dcz4{Jgk(uyB!RDl9Ph5^Ez>1Tf5U&kVS=KvW&^)d>@YdX
zjFqAS1(q669t{)>pmfCZ{o>vPjeY$V!8SlF^Id)Hc@`irDet9&k<(y;H2oxJyPixg
zeN9M1XMCR!-5;`pf*JZ8xdVv<iBOQva3w}14?|JO&Yaf#?7RZOkCXu$>O*yp3^iNy
z6uNn)BgfgZ1N_(Qwpzy^5`!ghJ)yOr>SRN|bv3><T?O3%XD=r~M~p2f<#ooKja##N
zse1MI&Td12YxAl~@N%l%KDbk?U&}ci9h?g<pH5Nrqmq3PQ(<o8?bmf788QVDu+5-6
z2Yiu0B7aJC=%|;<Y-%kghCsCa3J#lrI+M~}p5oTAX~)|w-Draa|HB-*^aquA=k|<{
zuy<W>2drP;z{P@tp%1E0^i@)=!3oFW4fV>IP**VXK2na7$4z<Dp<^yyv$mP>$~JQ~
z)>*>5S9@aOe1shB-8*5qi^1H8i7=gjL@sb1Pwd=?aAG<rH~wbzO-fd`ac|Xpad3Ze
z=e$9o(3HTz;|h{(Z+(`LP|johfcx*M5@kOD1EJG0R=3$GUdNVos2P^M`cfsw)&ug3
zjVfrPU)*A9<U2I{9Q0o)*nWFbxKuz~9;WdAQYSm^R1Hafl{J>z5n9zx&a!xWNP#mu
z<28@YvJrNQ>7+USOO%RD!F!2b^3{;yg3erBg@@i+O^Vrbg(|QLy_?;45y8aU(IfaD
z9CLVYlOiH{PmD+3yl_^Ka4s=e+eP}VB)8cfICG5?huKcTiOGzPq>KHbVH&T5rL)D|
z_B#tlaCokbY6_6K7X8QGux;`Ch}=?!Kl0pWXGz3IpR-@Yh%~Xl+epO^!==&8l{dwj
z98j7ea$8Kj2v6Y!=-x*uGkEvn{{Ca~i%o6zeWgI_5w^W%%vB9fO;W!SMIu>=ymN(w
zg-I@b_lBxwQL3eErN>mWdfhx_Ju@St9o8&|*qJ&`VSdmANe$8k<4DSxGp>2jkn5<N
zK)18!z@Md*)MADo3K4w8Yy`6V`WG~nlbfP3cw?`_!I)KKLw6J9BzGem?9!X6@Y|FV
zuCm}tVX4X>{0ZbjSF;NAP{Clb2?DYzXX$r3{*1Q>)XKJ<a9ByH!cTV<rB)N*)y-A_
z?3tDcQ=2U0`v*NKMMcFyob*j*HAC6Y27fFd7i#qQgsR>sSl88-!uq39g2UD)%L~o6
zJ1Z;XX<25(<@Xt$T7C|HoPU;|3fTagt=vyejDG+Acz~!}H6IQ2oo`M`U>_wgztKDq
z7<(G#g+zn1=KB<-#Zt=7Ea=YpEezL-N7QjOBe-xWV$_z#!=|T;)U>nYetFjphwwEa
zfF>dcTNssg$2KF$8KlK;OtuR-g`(DsQy1wp&EuG=WfSHf-Sd_yrA~_xM^9Q2y{nvc
zHEMyim%*nXuMfF&yx(%;6)=Zyz0X#q(b-Tok?vd5ZdO0gWw<JCNdHv+^TVRe<9fR=
zF4S=1V@h4;vGsD@b<T=u?_+ia^UP2qZ$Dit#!rmaec|0PMO|-=zMZPMln)ZOHYa<9
z-A2=g@jLkvd0jR(f>wsyV2w|em%v0}q;R2z?gXt*(7wddrC5)c(LNT(9yRH=k`KS@
z%wFXF`Rd-Irb?OmimumJ?N;{IWiTDuy*D`g{qQ^ahm9ElU(@Er@ePmPkC~mHs|};w
zX?l7E*2%T12RnVN`W=z9TPDq?m&~1=<n*k~!-*<&Sbqh@c2VW$e`S+T4PHEQm{Uyg
zsf(GnAWeD5@iTAt%@eh$(%Gdn)FQq}>f8Mdm@=`Ps7^9>H)EdHwX=Hjk9CY&i`}Vw
ztNFA$EOIG~x9D9Qx}-`PLvJyp^68gpUpzkG`u!Or<ls;|kYpt<_>AldRiP5VgJ*%t
zH$XO`diF!L1HKA!epu5PU09IV-8tFx?o!1og@gI^=F30LBU0d~{(jldNTyD5PI8}&
zi3h-uzE;T{poi8)j~&y|^!l9w*+BD5GQOsd+w(=6cl#?Q^<~SPH$3i80&9Un!N%Jj
zA7Z}wIPFVT(@xe#ll*QEn*ue1CNJ;Bf_04yTu<ePqDvh7^ER6z17aJ^5p-x*GT9Bv
zm(?YuO1NU2Nt%VO+s}V0o~uLmGx{tn&?8dNX!)F6iYkuRIHkOfnOTF2-n~IB(WpRy
zGc#Rvqip2IaK;Z#k{z>j&~DX>W@DmgosC0bx}s<lD6r8d(wNmxgLhyP3JegY(<TC!
zts>1M%nR!G4->C3oN4b&;SJ4L+*oX<L-;z~3Ll_dT36PCo^=;wguL43^*aV7E_$rh
zuKYh-ehjzr?vO0f^%mw2>AcD~L2D2U;B<b^j)sk)<XkM-i7<sK@_x|xsBx%Mh_Aoy
zerSm-F^~2`$CIRp*T4{ug*hGbL?iNsAw)4-XQE5OTi=1#>!a8W-@IFz<VAsnnU{i8
zV2K0bVE>3%is&G8vnV*I*xsK_C|%)3;ZT;ij5lRuUzbCFfE$E(0ABklWGtvANJ1^#
zPxgoPyt8?if~)ruxd9HtJh0o*qW&T!u)E@C?&vQoN#XC78*$C!7C0SaaA*w@V>CgA
zK8s`1PoBviLgvbfJGZ4pw5(EHULpC;5epr)?h5RDp-3EXSdTjW>YpcuHfOPJ%7jEv
ziN?ip=bKg;K-{>8Bgf(C=;FSKROO5qutrNQg=b1wK!nIkfg$^uvEMp;NdqZ8BY+QU
zVO!YqSM0~a*-_%<k26z}Xl(b;1%cL9jm5QwljBoc2=)AT4Dubr+apC~sIQyQ$8OKd
zgd&YP?b)}`qM8@-CzgiiJ1-+L8~c23Gzl~K3mUG6MDr+lEw)xJ@hQVHG{c--LhoCk
z!zv}Bw`_S5f!>`wk5eC8MO)WM{WgU}j2uWtyY}Pm5hj*87wdP&N0BKxcOwZI6yTrW
zB7Er1efy{$@))<tM2<c#3(f7&wjErA{~VuvJDz8?_y_T~cctDd5Ej=@=KJ^1KEY%1
zWx^9uR$=;el%K@b7Uj~_%kIB<vig;ymb0BA`X!zoC+*JoYJR<w`qE{_8NfjjR%(8M
zQiJbTXaR~P{v=gBZ$ri5WLDj!3N1hIJqDqHBp3CD9L+&#<1^se^!NHTVdDC6v?C<a
z1e>pRHc@J7Ux}gBa4o*|Nbmks_bRE&-a)CN%*|l&Md-teg@qTo{YYDSWZa=qhb9fO
zXG*&d5(^9CVs8~%maXVR$!(WWSi>I*Hb)IGzfOvtS$>cYlYT)OeYq(s8_D`GYQ!pf
z77r&XEhnZXNZZ7|6dAvXYncY<lawXO=AdPy4T!~2$^W=CzI8XxEUQ9Q@NR5NR#q`L
zo~GuHr<!uMZB@2}(_r0kjhPdDUNf0})Ah#zKj+VE)@tf~fpxM*%2G_8U-Jap9v^-e
zK5o)J+Hea+f!-vqk3tL7>6|z@dnpZDvwpUGn&=O$v*K&DVY}&ah(OxVsD5g$6BacZ
z2zh_IdT2lip_ZmTN0v@{v?#X`6&?tFZ|-Yn#Jxo&orf9{W{mxq#;pA{>wHX$t#5F&
zpvAyNTT>6u@HXpbSCSLad)PyT9Gd)ju?l*<-B91|#M7ZBjU_{r|NE8X*LmTV60e)m
zj5r9qp4@HaU*fCty$GF&k7h17pTNoGbLASlYx^J|H6~LM^xn~MD+s8;R~Tve3)=LT
z8CpwpMgP^lJzP5N@gOF2ZSP(SvPFTEl62_s!|(K+e9HSrr+o0cnCpzGCuqSi&TnbV
zp~<8D#dT7GQ{}M?qK%PO{@M&~;^UkH72mv^$Zhe<?c^of)tzj^ob(l$+xUS!x@!<-
zGjq1C<sI@M^=a|?Rhd*Oi|=wtc!nR6YnMmJvbR#?&K#{R&?pBRBm8V1ju?a4Ci)Di
z5%%X)Cp`%k7XrmxVh?lX^CJdbvGwwj&`A}Nkh9ust@yV&_%*4CVsb^FYlybc-hAX%
z3FSLL^qRCH$tReQJ8Slcr^vc9I<}J`SVLJ)O5v9pqq}=tn=JXNk7@KCZ6J@Dj48`g
z>(DdeG>Chuwl{Ny)xsIm0iMQm$Ad=OJNBvbgTSx~k}XQZ&ry+5^g=|y5A<V9bB}uF
zMmeb~OZ#uqXZDV?_<TKE%v7z6U%w$H`5z-6X>|P#8`T7<9>4ej@A@owA%xWd{{pX;
z-x6h)U<_V0&x~PjxoMV<Ra;haQKR&mxNJ_e=<BayM(^P*Q7u_55qAl`iVl2^rOoEb
z&d8>&qRY>BF;<VPEOIesjbpJ$*QBXt89z*?OIdc3Gv&<S<Vw|2jtq|q5658sOn_Au
zS=cC^Tg+VaO+4SRF4u4)Ho;5*M2u*RYIYBFVn=H8{T?d;#@0r!jQzU45KGR`1S!hJ
zQE%v|kXY$s4R&2zkLc+>d-X)L^CQWx3rqUL^%~3Nb*_F-Mi<t^Lv{urn6m4Ez%OFv
z6j5xa9d(QacE+FC(V|Gca96%d_UAnPzkX*UsJygfg$1iL)(fEaL)_ggk057MJ;eu%
z7$fuF{05e_A(G#7Ih3ExvezUv$q$Ct$<ygzo3`))>AG=E4f-X8?z@l6kvnq{bgXoy
z#N`O03QTCf3s@xAOFOzJv7KL@*4OWfo|J8%-VEX)fv*rV0OT52)<`TbiQA75>!bPK
zk&4!T>Hz2vkD*N5P>gY8`*;klNWW1L>g&on=`r=XUO9eO;BEl&`yvvM*EyKAr91#7
zer!<4+V+dtQ<ve0IbMr)xA3w`fB7efTPa^D|K+#Y>#TaS=9U=8GjDpAotFguOz+g+
zIg66MLu!q)aAiAf8tWIYK^Bcqa-T#7JqRt^<&F`rsAQueeM5T{NrH&!5aBEDABvFn
zLt5+IYRQLolvf5$FL~huE?5!h0S+^Kt1n&<q{Az{dw*%*fPkQG?vDsPO`{wd`ID%`
z7q_=Tc5h(0_s^wv)3{z(t_iIB?Y6TeYRVJzDe$6&TtKI{v(%L2pdrJxrs@ltZm(o%
zUb<^~5C5l9>I_%2sxR0F9$`^IO#C{Q2afYqU(;L<!Q@w!U)*M1zbEG_rA~9*E#;i*
z^jXG@fT&T&v21h|iu0SlZHW%N%T}edSwYUKz-=JJi)q9Tf|h=Bur8FTuG`d<xDc1d
zXCdYZ5D5>7HX)`ccmUv|K^ca2Rb9>*_#NPwVL57kM;S;3K+LaZKgGZyZ~v=1EHQRX
zzlvh+m|_>vR=!zbL)OA3h2q6*M6VNws9ZT3GjygLqw~`<kWQpf$0_zlnw_i35uANz
zUcvj_X|vc`<MXE=YG`BVo~bneRDn%ux)*X>&e0-t*mT@3zTzl*$P-`Ov9Ck?QU`M)
zW{UNqlX0150!MD=ii%}lDJ$6g%W*sQ38pz=S)FH_lE~%*;Ad!{kI2KD6K1dIfu^5+
zlKnpyTiA+>w|z>odxK&_5k0z(E|13wb}ykZD|eSN;}I&3;`LWzF*X-QUximbnm3hN
zMrozbd@<--%OFTT%J6?IncVRdKiYLptEYP4wD;7oZm_H#)(?C0BF}~bNr2Z-cq)rg
zAYFH%b3sfzGA$CLhq32%57h>C-smouIgwD0MBLye=e(kpdV0SZC|LuSCx%hgyN(zy
zMl)9wNe4;uv4}O+-6{5oB@(@bm&1|&a|enXd3l;q|9(gFw)(OlY=&I?up-j<1xjz2
zb>}ptT{)OKsRLbwdirV{tSVS-N=0gOA}YU=sFG|Sd?XsS+y%c@t(l?r<!R0!iZK3I
zAe|pLV>CY(mK5vEw1oeo@(fZtErKu%Bs+Z*amOo6-BN7lC4QY5+2auNo{Biib<OxQ
z<&2$0RuwhZ^x`}{m6grhk4Q+?i~{b~z}$XMPZI^V{6NfzZ~)ocZCpl+j$dy#Wq2S`
zTXtasTiHUJRgwsN)hSN-24CjiZfVeMHZ4?tC~2;$E>H+pI#MeXlB8s)rbh<x@u|@@
z242df2=$YT(FtmW=NF07a2SSHaLOf7?Y&hDAG$Tl2hcg`w)H{IWl`^p=!BR|1;*%2
z1>jOvKO2=L`~ob3nj9a=&hj?R{S=wM@p<3y*&aLe3L2iI{wBJsb;|Z!x#y0ls|g`}
zD4Slpd9?od0h&%(oJn0GefPcDQfW9c<Og5Q%>MCs&N$a&;(iay#(}(C^v4;<!zfen
zQ_RS|qy_D|?uNWyev^hqG~p-{{_`TCBw@>voai|qZBo#f*Wsd1wOdQ%o%>MTJFAm&
zXuz*Ua$=cvCpL;H!JO8QV}q{$kN_r?(b$R}q@*vYD3VApygwJz+G=&E8LbYq{i4aI
zN_JA7zZ#x!#N2OK{f+;&oSZORs}v74+N9#4h;?c@NStN*i21aRXe7;u@JBL#bIzcp
zgjIF2numsQO1B#9zYX{-WZ@mExhkr+FC}#w8935RKZzJTB~)tox{m##T<8!>K^Jw)
z!x<?}`?ZE@-sQXAj93}ZOR+!-{N+YqcI4yJ6|#KA{2B0>?`k|e0mxbyfnUkFfTOr@
zr!nD&0(p7IRfj-6@r01XrpWrgF-*R{fx>@an9s1J1jO0Y$;!dS-svCkq!QQ`255>p
zS%Ga7HDDqeu!S>#6O~QW*%Ssv0{GauSV24-oG{7r&Swz|2nb~519Gy%$V7D)h^-cY
zlZ%y?kC&5!7luTF9b_O@7M3mm9w1B#V&{P2k+LxC(aKcR?ityIL6*<Q5c`YHWZ~xK
zWaZ*w=ivpgaDX^jdDwZ_IRGGbc6I=e9p;&ri;sgB#%(_DfI*ND5a1b-d<H-NNoE3{
z`Og1=W<IO_W5eH(0-iGg!#%~o&XDKp{}HdctBK2BNT;~0#Pg-+M1f#o$VzC~OUp_q
zf*oKKsu?V7D;Lkd#Oj{Tu$X1-%<Z4CQ#FW%6^woL1Tcugz+(suSXOp|!N^v27668S
zZG#EbT^(SAv+Z;C*q`}S?PoAmpNH%D^z1Ogn1_{@1C}a700%dK69%kubF=dCfq;Af
zP9Q*^8^{j349hP}l?Mc31#<K7@%+8%FB4o`+^j$@7zqmC<=|jthb0vFAG$pMa_}FP
z|I^mr{{HRD5SDcb?Y~a@uT=jBxc&bFQb9cb14lKC8MY2)#}2;o4A)&@WwqAuLZe#J
zV{O>Qs`c?tj^tJ`4Rc&u<Pn(>LuA?+x&b-HavrIF&kx=l9%>Os3)JXX1(k<TLwV&S
zL8xL*&EHSAaVKdU9qL&KinK5|ikbX3mo*7LaPt~=FKv*^8b!UMo_<v{TIk%QU;EgD
zk`Np}#r2A8NoiD}tpeo@%3LG<57r|$w;|(o)5%wyyKgf?MiB^yc}WVTXf*e=Fs6sg
zQnPWM_Bqua+S`&*_Ld4J;|puGYhIP~Av70-8*f{Rvc2{S+XGcakK5#We%@yJCg{eP
z`hFY2dD2;w|FOE^r$}|y5fHnTWW)S5D**l1Q>%u@QcPxT(ftJ?qGLqW{~puly8a(6
z{O`_uZb{hG{2$FLX$K?KpL^}!Ey^PEuQ@dX!$t<y&@e9fuOU%`6;#7s)6VJ{ZU+FL
zi}@dO<lzJ{M}-X?2o*Ma|9k<sxwtsE0Oo*y%YZO!`uPR0`?rjf4>pniB?JC1Js^mk
z8y4n&>v6$|>Hm`Pu*0b6|CVvXPWxXnUiSa?3j_i|usQ!9dO#ot*MHjs0(oGA^=~~F
zCot^B;`ID;1a&JfSY}|;uV!x#yMH}r2zKv!p7eiZ%h?6&<nmXpfUxQ0Mx~{dRF?XG
DBw8zn

literal 0
HcmV?d00001


From 1c2c9b8366fee92664322159909a0f102357390b Mon Sep 17 00:00:00 2001
From: ckm007 <chandrakeshavmishra@gmail.com>
Date: Wed, 17 Jul 2024 16:17:10 +0530
Subject: [PATCH 3/3] [MOSIP-34233] added helm chart for prereg

Signed-off-by: ckm007 <chandrakeshavmishra@gmail.com>
---
 helm/prereg-application/.gitignore            |   2 +
 helm/prereg-application/.helmignore           |  21 +
 helm/prereg-application/Chart.yaml            |  20 +
 helm/prereg-application/README.md             |  11 +
 helm/prereg-application/templates/NOTES.txt   |   1 +
 .../prereg-application/templates/_helpers.tpl |  60 +++
 .../templates/deployment.yaml                 | 135 ++++++
 .../templates/extra-list.yaml                 |   4 +
 .../templates/service-account.yaml            |  12 +
 .../prereg-application/templates/service.yaml |  28 ++
 .../templates/servicemonitor.yaml             |  36 ++
 .../templates/virtualservice.yaml             |  31 ++
 helm/prereg-application/values.yaml           | 452 ++++++++++++++++++
 helm/prereg-batchjob/.gitignore               |   2 +
 helm/prereg-batchjob/.helmignore              |  21 +
 helm/prereg-batchjob/Chart.yaml               |  20 +
 helm/prereg-batchjob/README.md                |  11 +
 helm/prereg-batchjob/templates/NOTES.txt      |   1 +
 helm/prereg-batchjob/templates/_helpers.tpl   |  60 +++
 .../prereg-batchjob/templates/deployment.yaml | 135 ++++++
 .../prereg-batchjob/templates/extra-list.yaml |   4 +
 .../templates/service-account.yaml            |  12 +
 helm/prereg-batchjob/templates/service.yaml   |  28 ++
 .../templates/servicemonitor.yaml             |  36 ++
 .../templates/virtualservice.yaml             |  32 ++
 helm/prereg-batchjob/values.yaml              | 422 ++++++++++++++++
 helm/prereg-booking/.gitignore                |   2 +
 helm/prereg-booking/.helmignore               |  21 +
 helm/prereg-booking/Chart.yaml                |  20 +
 helm/prereg-booking/README.md                 |  11 +
 helm/prereg-booking/templates/NOTES.txt       |   1 +
 helm/prereg-booking/templates/_helpers.tpl    |  60 +++
 helm/prereg-booking/templates/deployment.yaml | 135 ++++++
 helm/prereg-booking/templates/extra-list.yaml |   4 +
 .../templates/service-account.yaml            |  12 +
 helm/prereg-booking/templates/service.yaml    |  28 ++
 .../templates/servicemonitor.yaml             |  36 ++
 .../templates/virtualservice.yaml             |  32 ++
 helm/prereg-booking/values.yaml               | 419 ++++++++++++++++
 helm/prereg-captcha/.gitignore                |   2 +
 helm/prereg-captcha/.helmignore               |  21 +
 helm/prereg-captcha/Chart.yaml                |  20 +
 helm/prereg-captcha/README.md                 |  11 +
 helm/prereg-captcha/templates/NOTES.txt       |   1 +
 helm/prereg-captcha/templates/_helpers.tpl    |  60 +++
 helm/prereg-captcha/templates/deployment.yaml | 135 ++++++
 helm/prereg-captcha/templates/extra-list.yaml |   4 +
 .../templates/service-account.yaml            |  12 +
 helm/prereg-captcha/templates/service.yaml    |  28 ++
 .../templates/servicemonitor.yaml             |  36 ++
 .../templates/virtualservice.yaml             |  32 ++
 helm/prereg-captcha/values.yaml               | 420 ++++++++++++++++
 helm/prereg-datasync/.gitignore               |   2 +
 helm/prereg-datasync/.helmignore              |  21 +
 helm/prereg-datasync/Chart.yaml               |  19 +
 helm/prereg-datasync/README.md                |  11 +
 helm/prereg-datasync/templates/NOTES.txt      |   1 +
 helm/prereg-datasync/templates/_helpers.tpl   |  60 +++
 .../prereg-datasync/templates/deployment.yaml | 135 ++++++
 .../prereg-datasync/templates/extra-list.yaml |   4 +
 .../templates/service-account.yaml            |  12 +
 helm/prereg-datasync/templates/service.yaml   |  28 ++
 .../templates/servicemonitor.yaml             |  36 ++
 .../templates/virtualservice.yaml             |  32 ++
 helm/prereg-datasync/values.yaml              | 419 ++++++++++++++++
 helm/prereg-gateway/.gitignore                |   2 +
 helm/prereg-gateway/.helmignore               |  21 +
 helm/prereg-gateway/Chart.yaml                |  20 +
 helm/prereg-gateway/README.md                 |  11 +
 helm/prereg-gateway/templates/gateway.yaml    |  16 +
 helm/prereg-gateway/values.yaml               | 409 ++++++++++++++++
 71 files changed, 4419 insertions(+)
 create mode 100644 helm/prereg-application/.gitignore
 create mode 100644 helm/prereg-application/.helmignore
 create mode 100644 helm/prereg-application/Chart.yaml
 create mode 100644 helm/prereg-application/README.md
 create mode 100644 helm/prereg-application/templates/NOTES.txt
 create mode 100644 helm/prereg-application/templates/_helpers.tpl
 create mode 100644 helm/prereg-application/templates/deployment.yaml
 create mode 100644 helm/prereg-application/templates/extra-list.yaml
 create mode 100644 helm/prereg-application/templates/service-account.yaml
 create mode 100644 helm/prereg-application/templates/service.yaml
 create mode 100644 helm/prereg-application/templates/servicemonitor.yaml
 create mode 100644 helm/prereg-application/templates/virtualservice.yaml
 create mode 100644 helm/prereg-application/values.yaml
 create mode 100644 helm/prereg-batchjob/.gitignore
 create mode 100644 helm/prereg-batchjob/.helmignore
 create mode 100644 helm/prereg-batchjob/Chart.yaml
 create mode 100644 helm/prereg-batchjob/README.md
 create mode 100644 helm/prereg-batchjob/templates/NOTES.txt
 create mode 100644 helm/prereg-batchjob/templates/_helpers.tpl
 create mode 100644 helm/prereg-batchjob/templates/deployment.yaml
 create mode 100644 helm/prereg-batchjob/templates/extra-list.yaml
 create mode 100644 helm/prereg-batchjob/templates/service-account.yaml
 create mode 100644 helm/prereg-batchjob/templates/service.yaml
 create mode 100644 helm/prereg-batchjob/templates/servicemonitor.yaml
 create mode 100644 helm/prereg-batchjob/templates/virtualservice.yaml
 create mode 100644 helm/prereg-batchjob/values.yaml
 create mode 100644 helm/prereg-booking/.gitignore
 create mode 100644 helm/prereg-booking/.helmignore
 create mode 100644 helm/prereg-booking/Chart.yaml
 create mode 100644 helm/prereg-booking/README.md
 create mode 100644 helm/prereg-booking/templates/NOTES.txt
 create mode 100644 helm/prereg-booking/templates/_helpers.tpl
 create mode 100644 helm/prereg-booking/templates/deployment.yaml
 create mode 100644 helm/prereg-booking/templates/extra-list.yaml
 create mode 100644 helm/prereg-booking/templates/service-account.yaml
 create mode 100644 helm/prereg-booking/templates/service.yaml
 create mode 100644 helm/prereg-booking/templates/servicemonitor.yaml
 create mode 100644 helm/prereg-booking/templates/virtualservice.yaml
 create mode 100644 helm/prereg-booking/values.yaml
 create mode 100644 helm/prereg-captcha/.gitignore
 create mode 100644 helm/prereg-captcha/.helmignore
 create mode 100644 helm/prereg-captcha/Chart.yaml
 create mode 100644 helm/prereg-captcha/README.md
 create mode 100644 helm/prereg-captcha/templates/NOTES.txt
 create mode 100644 helm/prereg-captcha/templates/_helpers.tpl
 create mode 100644 helm/prereg-captcha/templates/deployment.yaml
 create mode 100644 helm/prereg-captcha/templates/extra-list.yaml
 create mode 100644 helm/prereg-captcha/templates/service-account.yaml
 create mode 100644 helm/prereg-captcha/templates/service.yaml
 create mode 100644 helm/prereg-captcha/templates/servicemonitor.yaml
 create mode 100644 helm/prereg-captcha/templates/virtualservice.yaml
 create mode 100644 helm/prereg-captcha/values.yaml
 create mode 100644 helm/prereg-datasync/.gitignore
 create mode 100644 helm/prereg-datasync/.helmignore
 create mode 100644 helm/prereg-datasync/Chart.yaml
 create mode 100644 helm/prereg-datasync/README.md
 create mode 100644 helm/prereg-datasync/templates/NOTES.txt
 create mode 100644 helm/prereg-datasync/templates/_helpers.tpl
 create mode 100644 helm/prereg-datasync/templates/deployment.yaml
 create mode 100644 helm/prereg-datasync/templates/extra-list.yaml
 create mode 100644 helm/prereg-datasync/templates/service-account.yaml
 create mode 100644 helm/prereg-datasync/templates/service.yaml
 create mode 100644 helm/prereg-datasync/templates/servicemonitor.yaml
 create mode 100644 helm/prereg-datasync/templates/virtualservice.yaml
 create mode 100644 helm/prereg-datasync/values.yaml
 create mode 100644 helm/prereg-gateway/.gitignore
 create mode 100644 helm/prereg-gateway/.helmignore
 create mode 100644 helm/prereg-gateway/Chart.yaml
 create mode 100644 helm/prereg-gateway/README.md
 create mode 100644 helm/prereg-gateway/templates/gateway.yaml
 create mode 100644 helm/prereg-gateway/values.yaml

diff --git a/helm/prereg-application/.gitignore b/helm/prereg-application/.gitignore
new file mode 100644
index 0000000000..b3c94bf643
--- /dev/null
+++ b/helm/prereg-application/.gitignore
@@ -0,0 +1,2 @@
+charts/
+Charts.lock
diff --git a/helm/prereg-application/.helmignore b/helm/prereg-application/.helmignore
new file mode 100644
index 0000000000..f0c1319444
--- /dev/null
+++ b/helm/prereg-application/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/helm/prereg-application/Chart.yaml b/helm/prereg-application/Chart.yaml
new file mode 100644
index 0000000000..241ad883c6
--- /dev/null
+++ b/helm/prereg-application/Chart.yaml
@@ -0,0 +1,20 @@
+apiVersion: v2
+name: prereg-application
+description: A Helm chart for MOSIP Pre-registration Application service
+type: application
+version: 12.0.1-develop
+appVersion: ""
+dependencies:
+  - name: common
+    repository: https://charts.bitnami.com/bitnami
+    tags:
+      - bitnami-common
+    version: 1.x.x
+home: https://mosip.io
+keywords:
+  - mosip
+  - prereg-application
+  - kernel
+maintainers:
+  - email: info@mosip.io
+    name: MOSIP
diff --git a/helm/prereg-application/README.md b/helm/prereg-application/README.md
new file mode 100644
index 0000000000..2d6e5d7ee2
--- /dev/null
+++ b/helm/prereg-application/README.md
@@ -0,0 +1,11 @@
+# PreReg Application
+
+Helm chart for installing Pre-Registration Application service.
+
+## Install
+```console
+$ kubectl create namespace prereg
+$ helm repo add mosip https://mosip.github.io
+$ helm -n prereg install my-release mosip/prereg-application
+```
+
diff --git a/helm/prereg-application/templates/NOTES.txt b/helm/prereg-application/templates/NOTES.txt
new file mode 100644
index 0000000000..8b13789179
--- /dev/null
+++ b/helm/prereg-application/templates/NOTES.txt
@@ -0,0 +1 @@
+
diff --git a/helm/prereg-application/templates/_helpers.tpl b/helm/prereg-application/templates/_helpers.tpl
new file mode 100644
index 0000000000..eb661564d9
--- /dev/null
+++ b/helm/prereg-application/templates/_helpers.tpl
@@ -0,0 +1,60 @@
+{{/*
+Return the proper  image name
+*/}}
+{{- define "prereg-application.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "prereg-application.volumePermissions.image" -}}
+{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "prereg-application.imagePullSecrets" -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "prereg-application.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message.
+*/}}
+{{- define "prereg-application.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "prereg-application.validateValues.foo" .) -}}
+{{- $messages := append $messages (include "prereg-application.validateValues.bar" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{-   printf "\nVALUES VALIDATION:\n%s" $message -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return podAnnotations
+*/}}
+{{- define "prereg-application.podAnnotations" -}}
+{{- if .Values.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }}
+{{- end }}
+{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }}
+{{- end }}
+{{- end -}}
+
+
diff --git a/helm/prereg-application/templates/deployment.yaml b/helm/prereg-application/templates/deployment.yaml
new file mode 100644
index 0000000000..cf1a48e74f
--- /dev/null
+++ b/helm/prereg-application/templates/deployment.yaml
@@ -0,0 +1,135 @@
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  name: {{ template "common.names.fullname" . }}
+  annotations:
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  {{- if .Values.updateStrategy }}
+  strategy: {{- toYaml .Values.updateStrategy | nindent 4 }}
+  {{- end }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        {{- if or .Values.podAnnotations .Values.metrics.enabled }}
+        {{- include "prereg-application.podAnnotations" . | nindent 8 }}
+        {{- end }}
+       
+      labels: {{- include "common.labels.standard" . | nindent 8 }}
+        {{- if .Values.podLabels }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }}
+        {{- end }}
+    spec:
+      serviceAccountName: {{ template "prereg-application.serviceAccountName" . }}
+      {{- include "prereg-application.imagePullSecrets" . | nindent 6 }}
+      {{- if .Values.hostAliases }}
+      hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.affinity }}
+      affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }}
+      {{- else }}
+      affinity:
+        podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
+        podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }}
+        nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
+      {{- end }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.tolerations }}
+      tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- end }}
+      {{- if .Values.podSecurityContext.enabled }}
+      securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
+      {{- end }}
+      initContainers:
+        {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
+        - name: volume-permissions
+          image: {{ include "prereg-application.volumePermissions.image" . }}
+          imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+          command:
+            - %%commands%%
+          securityContext:
+            runAsUser: 0
+          {{- if .Values.volumePermissions.resources }}
+          resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: foo
+              mountPath: bar
+        {{- end }}
+        {{- if .Values.initContainers }}
+          {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
+        {{- end }}
+      containers:
+        - name: prereg-application
+          image: {{ template "prereg-application.image" . }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.lifecycleHooks }}
+          lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.containerSecurityContext.enabled }}
+          securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+          {{- end }}
+          {{- if .Values.command }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.args }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
+          {{- end }}
+          env:
+            - name: container_user
+              value: {{ .Values.containerSecurityContext.runAsUser }}
+            - name: JDK_JAVA_OPTIONS
+              value: {{ .Values.additionalResources.javaOpts }}
+            {{- if .Values.extraEnvVars }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          envFrom:
+            {{- if .Values.extraEnvVarsCM }}
+            {{- range .Values.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ . }}
+            {{- end }}
+            {{- end }}
+            {{- if .Values.extraEnvVarsSecret }}
+            - secretRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
+            {{- end }}
+          ports:
+            - name: spring-service
+              containerPort: {{ .Values.springServicePort }}
+           
+          {{- if .Values.resources }}
+          resources: {{- toYaml .Values.resources | nindent 12 }}
+          {{- end }}
+          {{- if .Values.startupProbe.enabled }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }}
+          {{- else if .Values.customStartupProbe }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.livenessProbe.enabled }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }}
+          {{- else if .Values.customLivenessProbe }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.readinessProbe.enabled }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }}
+          {{- else if .Values.customReadinessProbe }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
+          {{- end }}
+        {{- if .Values.sidecars }}
+        {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
+        {{- end }}
diff --git a/helm/prereg-application/templates/extra-list.yaml b/helm/prereg-application/templates/extra-list.yaml
new file mode 100644
index 0000000000..9ac65f9e16
--- /dev/null
+++ b/helm/prereg-application/templates/extra-list.yaml
@@ -0,0 +1,4 @@
+{{- range .Values.extraDeploy }}
+---
+{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
+{{- end }}
diff --git a/helm/prereg-application/templates/service-account.yaml b/helm/prereg-application/templates/service-account.yaml
new file mode 100644
index 0000000000..da4c00c643
--- /dev/null
+++ b/helm/prereg-application/templates/service-account.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  name: {{ template "prereg-application.serviceAccountName" . }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+  namespace: {{ .Release.Namespace }}
diff --git a/helm/prereg-application/templates/service.yaml b/helm/prereg-application/templates/service.yaml
new file mode 100644
index 0000000000..018e6985d0
--- /dev/null
+++ b/helm/prereg-application/templates/service.yaml
@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  name: {{ template "common.names.fullname" . }}
+  annotations: 
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+spec:
+  type: {{ .Values.service.type }}
+  {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }}
+  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
+  {{- end }}
+  {{ if eq .Values.service.type "LoadBalancer" }}
+  loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }}
+  {{ end }}
+  {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }}
+  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+  {{- end }}
+  ports:
+    - port: {{ .Values.service.port }}
+      protocol: TCP 
+      targetPort: {{ .Values.springServicePort }}
+  selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
diff --git a/helm/prereg-application/templates/servicemonitor.yaml b/helm/prereg-application/templates/servicemonitor.yaml
new file mode 100644
index 0000000000..15f48fdeec
--- /dev/null
+++ b/helm/prereg-application/templates/servicemonitor.yaml
@@ -0,0 +1,36 @@
+{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  {{- if .Values.metrics.serviceMonitor.namespace }}
+  namespace: {{ .Values.metrics.serviceMonitor.namespace }}
+  {{- else }}
+  namespace: {{ .Release.Namespace | quote }}
+  {{- end }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.metrics.serviceMonitor.additionalLabels }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }}
+    {{- end }}
+spec:
+  endpoints:
+    - targetPort: {{ .Values.springServicePort }}
+      path: {{ .Values.metrics.endpointPath }} 
+      {{- if .Values.metrics.serviceMonitor.interval }}
+      interval: {{ .Values.metrics.serviceMonitor.interval }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
+      scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.honorLabels }}
+      honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.relabellings }}
+      metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }}
+      {{- end }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace | quote }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+{{- end }}
diff --git a/helm/prereg-application/templates/virtualservice.yaml b/helm/prereg-application/templates/virtualservice.yaml
new file mode 100644
index 0000000000..dd94e2012b
--- /dev/null
+++ b/helm/prereg-application/templates/virtualservice.yaml
@@ -0,0 +1,31 @@
+{{- if .Values.istio.enabled }}
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  hosts:
+  - "*"
+  gateways:
+  {{- include "common.tplvalues.render" ( dict "value" .Values.istio.gateways "context" $ ) | nindent 4 }}
+  http:
+  - match:
+  {{- include "common.tplvalues.render" ( dict "value" .Values.istio.match "context" $ ) | nindent 4 }}
+    route:
+    - destination:
+        host: {{ template "common.names.fullname" . }}
+        port:
+          number: {{ .Values.service.port }}
+    headers:
+      request:
+        set:
+          x-forwarded-proto: https
+{{- end }}
diff --git a/helm/prereg-application/values.yaml b/helm/prereg-application/values.yaml
new file mode 100644
index 0000000000..d1f0b9e16d
--- /dev/null
+++ b/helm/prereg-application/values.yaml
@@ -0,0 +1,452 @@
+## Global Docker image parameters
+## Please, note that this will override the image parameters, including dependencies, configured to use the global value
+## Current available global Docker image parameters: imageRegistry and imagePullSecrets
+##
+# global:
+#   imageRegistry: myRegistryName
+#   imagePullSecrets:
+#     - myRegistryKeySecretName
+#   storageClass: myStorageClass
+
+## Add labels to all the deployed resources
+##
+commonLabels:
+  app.kubernetes.io/component: mosip
+
+## Add annotations to all the deployed resources
+##
+commonAnnotations: {}
+
+## Kubernetes Cluster Domain
+##
+clusterDomain: cluster.local
+
+## Extra objects to deploy (value evaluated as a template)
+##
+extraDeploy: []
+
+## Number of nodes
+##
+replicaCount: 1
+
+service:
+  type: ClusterIP
+  port: 80
+  ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific)
+  ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer
+  ##
+  ## loadBalancerIP:
+  ##
+  ## nodePorts:
+  ##   http: <to set explicitly, choose port between 30000-32767>
+  ##   https: <to set explicitly, choose port between 30000-32767>
+  ##
+
+  nodePorts:
+    http: ""
+    https: ""
+  ## Enable client source IP preservation
+  ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+  ##
+  externalTrafficPolicy: Cluster
+
+image:
+  registry: docker.io
+  repository: mosipid/pre-registration-application-service
+  tag: 1.2.0.1
+  ## Specify a imagePullPolicy
+  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+  ##
+  pullPolicy: Always
+  ## Optionally specify an array of imagePullSecrets.
+  ## Secrets must be manually created in the namespace.
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+  ##
+  # pullSecrets:
+  #   - myRegistryKeySecretName
+
+## Port on which this particular spring service module is running.
+springServicePort: 9090
+
+## Configure extra options for liveness and readiness probes
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+##
+startupProbe:
+  enabled: true
+  httpGet:
+    path: /preregistration/v1/actuator/health
+    port: 9090
+  initialDelaySeconds: 0
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 30
+  successThreshold: 1
+
+livenessProbe:
+  enabled: true
+  httpGet:
+    path: /preregistration/v1/actuator/health
+    port: 9090
+  initialDelaySeconds: 20
+  periodSeconds: 30
+  timeoutSeconds: 5
+  failureThreshold: 6
+  successThreshold: 1
+
+readinessProbe:
+  enabled: true
+  httpGet:
+    path: /preregistration/v1/actuator/health
+    port: 9090
+  initialDelaySeconds: 0
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 6
+  successThreshold: 1
+
+##
+# existingConfigmap:
+
+## Command and args for running the container (set to default if not set). Use array form
+##
+command: []
+args: []
+
+## Deployment pod host aliases
+## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+##
+hostAliases: []
+
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  limits:
+    cpu: 1000m
+    memory: 2500Mi
+  requests:
+    cpu: 200m
+    memory: 1500Mi
+
+additionalResources:
+  ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources
+  ## Example: java_opts: "-Xms500M -Xmx500M"
+  javaOpts: "-Xms2000M -Xmx2000M"
+
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+## Clamav container already runs as 'mosip' user, so we may not need to enable this
+containerSecurityContext:
+  enabled: false
+  runAsUser: mosip
+  runAsNonRoot: true
+
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+##
+podSecurityContext:
+  enabled: false
+  fsGroup: 1001
+
+## Pod affinity preset
+## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+## Allowed values: soft, hard
+##
+podAffinityPreset: ""
+
+## Pod anti-affinity preset
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+## Allowed values: soft, hard
+##
+podAntiAffinityPreset: soft
+
+## Node affinity preset
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+## Allowed values: soft, hard
+##
+nodeAffinityPreset:
+  ## Node affinity type
+  ## Allowed values: soft, hard
+  ##
+  type: ""
+  ## Node label key to match
+  ## E.g.
+  ## key: "kubernetes.io/e2e-az-name"
+  ##
+  key: ""
+  ## Node label values to match
+  ## E.g.
+  ## values:
+  ##   - e2e-az1
+  ##   - e2e-az2
+  ##
+  values: []
+
+## Affinity for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+
+## Node labels for pod assignment. Evaluated as a template.
+## ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+
+## Tolerations for pod assignment. Evaluated as a template.
+## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+
+## Pod extra labels
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+##
+podLabels: {}
+
+## Annotations for server pods.
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+##
+podAnnotations: {}
+
+##  pods' priority.
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+##
+# priorityClassName: ""
+
+## lifecycleHooks for the  container to automate configuration before or after startup.
+##
+lifecycleHooks: {}
+
+## Custom Liveness probes for
+##
+customLivenessProbe: {}
+
+## Custom Rediness probes
+##
+customReadinessProbe: {}
+
+## Update strategy - only really applicable for deployments with RWO PVs attached
+## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
+## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
+## terminate the single previous pod, so that the new, incoming pod can attach to the PV
+##
+updateStrategy:
+  type: RollingUpdate
+
+## Additional environment variables to set
+## Example:
+## extraEnvVars:
+##   - name: FOO
+##     value: "bar"
+##
+extraEnvVars: []
+
+## ConfigMap with extra environment variables that used
+##
+extraEnvVarsCM:
+  - global
+  - config-server-share
+  - artifactory-share
+
+## Secret with extra environment variables
+##
+extraEnvVarsSecret:
+
+## Extra volumes to add to the deployment
+##
+extraVolumes: []
+
+## Extra volume mounts to add to the container
+##
+extraVolumeMounts: []
+
+## Add init containers to the  pods.
+## Example:
+## initContainers:
+##   - name: your-image-name
+##     image: your-image
+##     imagePullPolicy: Always
+##     ports:
+##       - name: portname
+##         containerPort: 1234
+##
+initContainers: {}
+
+## Add sidecars to the  pods.
+## Example:
+## sidecars:
+##   - name: your-image-name
+##     image: your-image
+##     imagePullPolicy: Always
+##     ports:
+##       - name: portname
+##         containerPort: 1234
+##
+sidecars: {}
+
+persistence:
+  enabled: false
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack).
+  ##
+  # storageClass: "-"
+  ##
+  ## If you want to reuse an existing claim, you can pass the name of the PVC using
+  ## the existingClaim variable
+  # existingClaim: your-claim
+  ## ReadWriteMany not supported by AWS gp2
+  storageClass:
+  accessModes:
+    - ReadWriteOnce
+  size: 10M
+  existingClaim:
+  # Dir where config and keys are written inside container
+  mountDir:
+
+## Init containers parameters:
+## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
+##
+volumePermissions:
+  enabled: false
+  image:
+    registry: docker.io
+    repository: bitnami/bitnami-shell
+    tag: "10"
+    pullPolicy: Always
+    ## Optionally specify an array of imagePullSecrets.
+    ## Secrets must be manually created in the namespace.
+    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+    ##
+    pullSecrets: []
+    ##   - myRegistryKeySecretName
+  ## Init containers' resource requests and limits
+  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  ##
+  resources:
+    ## We usually recommend not to specify default resources and to leave this as a conscious
+    ## choice for the user. This also increases chances charts run on environments with little
+    ## resources, such as Minikube. If you do want to specify resources, uncomment the following
+    ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    ##
+    limits: {}
+    ##   cpu: 100m
+    ##   memory: 128Mi
+    ##
+    requests: {}
+    ##   cpu: 100m
+    ##   memory: 128Mi
+    ##
+
+## Specifies whether RBAC resources should be created
+##
+rbac:
+  create: true
+
+## Specifies whether a ServiceAccount should be created
+##
+serviceAccount:
+  create: true
+  ## The name of the ServiceAccount to use.
+  ## If not set and create is true, a name is generated using the fullname template
+  ##
+  name:
+
+## Prometheus Metrics
+##
+metrics:
+  enabled: true
+  ## Prometheus pod annotations
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  podAnnotations:
+    prometheus.io/scrape: "true"
+
+  endpointPath: /preregistration/v1/actuator/prometheus
+
+  ## Prometheus Service Monitor
+  ## ref: https://github.com/coreos/prometheus-operator
+  ##
+  serviceMonitor:
+    ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry
+    ##
+    enabled: true
+    ## Specify the namespace in which the serviceMonitor resource will be created
+    ##
+    # namespace: ""
+    ## Specify the interval at which metrics should be scraped
+    ##
+    interval: 10s
+    ## Specify the timeout after which the scrape is ended
+    ##
+    # scrapeTimeout: 30s
+    ## Specify Metric Relabellings to add to the scrape endpoint
+    ##
+    # relabellings:
+    ## Specify honorLabels parameter to add the scrape endpoint
+    ##
+    honorLabels: false
+    ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with
+    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+    ##
+    additionalLabels: {}
+
+  ## Custom PrometheusRule to be defined
+  ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
+  ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
+  ##
+  prometheusRule:
+    enabled: false
+    additionalLabels: {}
+    namespace: ''
+    ## List of rules, used as template by Helm.
+    ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html
+    # rules:
+    #   - alert: RabbitmqDown
+    #     expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0
+    #     for: 5m
+    #     labels:
+    #       severity: error
+    rules: []
+
+istio:
+  enabled: true
+  gateways:
+    - istio-system/internal
+    - prereg-gateway
+  match:
+    - uri:
+        prefix: /preregistration/v1/login
+    - uri:
+        prefix: /preregistration/v1/proxy
+    - uri:
+        prefix: /preregistration/v1/applications
+    - uri:
+        prefix: /preregistration/v1/documents
+    - uri:
+        prefix: /preregistration/v1/qrCode
+    - uri:
+        prefix: /preregistration/v1/notification
+    - uri:
+        prefix: /preregistration/v1/uispec
+    - uri:
+        prefix: /preregistration/v1/logAudit
+    - uri:
+        prefix: /preregistration/v1/swagger-ui.html
+    - uri:
+        prefix: /preregistration/v1/webjars
+    - uri:
+        prefix: /preregistration/v1/swagger-resources
+    - uri:
+        prefix: /preregistration/v1/v2/api-docs
+    - uri:
+        prefix: /preregistration/v1/csrf
+    - uri:
+        prefix: /preregistration/v1/application-service/swagger-ui
+    - uri:
+        prefix: /preregistration/v1/application-service/v3/api-docs
+    - uri:
+        prefix: /preregistration/v1/transliteration
diff --git a/helm/prereg-batchjob/.gitignore b/helm/prereg-batchjob/.gitignore
new file mode 100644
index 0000000000..b3c94bf643
--- /dev/null
+++ b/helm/prereg-batchjob/.gitignore
@@ -0,0 +1,2 @@
+charts/
+Charts.lock
diff --git a/helm/prereg-batchjob/.helmignore b/helm/prereg-batchjob/.helmignore
new file mode 100644
index 0000000000..f0c1319444
--- /dev/null
+++ b/helm/prereg-batchjob/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/helm/prereg-batchjob/Chart.yaml b/helm/prereg-batchjob/Chart.yaml
new file mode 100644
index 0000000000..b6245b7584
--- /dev/null
+++ b/helm/prereg-batchjob/Chart.yaml
@@ -0,0 +1,20 @@
+apiVersion: v2
+name: prereg-batchjob
+description: A Helm chart for MOSIP Pre-registration Batchjob service
+type: application
+version: 12.0.1-develop
+appVersion: ""
+dependencies:
+  - name: common
+    repository: https://charts.bitnami.com/bitnami
+    tags:
+      - bitnami-common
+    version: 1.x.x
+home: https://mosip.io
+keywords:
+  - mosip
+  - prereg-batchjob
+  - kernel
+maintainers:
+  - email: info@mosip.io
+    name: MOSIP
diff --git a/helm/prereg-batchjob/README.md b/helm/prereg-batchjob/README.md
new file mode 100644
index 0000000000..2ce7693f7f
--- /dev/null
+++ b/helm/prereg-batchjob/README.md
@@ -0,0 +1,11 @@
+# PreReg Batchjob
+
+Helm chart for installing Pre-Registration Batchjob service.
+
+## Install
+```console
+$ kubectl create namespace prereg
+$ helm repo add mosip https://mosip.github.io
+$ helm -n prereg install my-release mosip/prereg-batchjob
+```
+
diff --git a/helm/prereg-batchjob/templates/NOTES.txt b/helm/prereg-batchjob/templates/NOTES.txt
new file mode 100644
index 0000000000..8b13789179
--- /dev/null
+++ b/helm/prereg-batchjob/templates/NOTES.txt
@@ -0,0 +1 @@
+
diff --git a/helm/prereg-batchjob/templates/_helpers.tpl b/helm/prereg-batchjob/templates/_helpers.tpl
new file mode 100644
index 0000000000..a00328dd2f
--- /dev/null
+++ b/helm/prereg-batchjob/templates/_helpers.tpl
@@ -0,0 +1,60 @@
+{{/*
+Return the proper  image name
+*/}}
+{{- define "prereg-batchjob.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "prereg-batchjob.volumePermissions.image" -}}
+{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "prereg-batchjob.imagePullSecrets" -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "prereg-batchjob.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message.
+*/}}
+{{- define "prereg-batchjob.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "prereg-batchjob.validateValues.foo" .) -}}
+{{- $messages := append $messages (include "prereg-batchjob.validateValues.bar" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{-   printf "\nVALUES VALIDATION:\n%s" $message -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return podAnnotations
+*/}}
+{{- define "prereg-batchjob.podAnnotations" -}}
+{{- if .Values.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }}
+{{- end }}
+{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }}
+{{- end }}
+{{- end -}}
+
+
diff --git a/helm/prereg-batchjob/templates/deployment.yaml b/helm/prereg-batchjob/templates/deployment.yaml
new file mode 100644
index 0000000000..aa6b0f62cf
--- /dev/null
+++ b/helm/prereg-batchjob/templates/deployment.yaml
@@ -0,0 +1,135 @@
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  name: {{ template "common.names.fullname" . }}
+  annotations:
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  {{- if .Values.updateStrategy }}
+  strategy: {{- toYaml .Values.updateStrategy | nindent 4 }}
+  {{- end }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        {{- if or .Values.podAnnotations .Values.metrics.enabled }}
+        {{- include "prereg-batchjob.podAnnotations" . | nindent 8 }}
+        {{- end }}
+       
+      labels: {{- include "common.labels.standard" . | nindent 8 }}
+        {{- if .Values.podLabels }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }}
+        {{- end }}
+    spec:
+      serviceAccountName: {{ template "prereg-batchjob.serviceAccountName" . }}
+      {{- include "prereg-batchjob.imagePullSecrets" . | nindent 6 }}
+      {{- if .Values.hostAliases }}
+      hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.affinity }}
+      affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }}
+      {{- else }}
+      affinity:
+        podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
+        podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }}
+        nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
+      {{- end }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.tolerations }}
+      tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- end }}
+      {{- if .Values.podSecurityContext.enabled }}
+      securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
+      {{- end }}
+      initContainers:
+        {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
+        - name: volume-permissions
+          image: {{ include "prereg-batchjob.volumePermissions.image" . }}
+          imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+          command:
+            - %%commands%%
+          securityContext:
+            runAsUser: 0
+          {{- if .Values.volumePermissions.resources }}
+          resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: foo
+              mountPath: bar
+        {{- end }}
+        {{- if .Values.initContainers }}
+          {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
+        {{- end }}
+      containers:
+        - name: prereg-batchjob
+          image: {{ template "prereg-batchjob.image" . }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.lifecycleHooks }}
+          lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.containerSecurityContext.enabled }}
+          securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+          {{- end }}
+          {{- if .Values.command }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.args }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
+          {{- end }}
+          env:
+            - name: container_user
+              value: {{ .Values.containerSecurityContext.runAsUser }}
+            - name: JDK_JAVA_OPTIONS
+              value: {{ .Values.additionalResources.javaOpts }}
+            {{- if .Values.extraEnvVars }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          envFrom:
+            {{- if .Values.extraEnvVarsCM }}
+            {{- range .Values.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ . }}
+            {{- end }}
+            {{- end }}
+            {{- if .Values.extraEnvVarsSecret }}
+            - secretRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
+            {{- end }}
+          ports:
+            - name: spring-service
+              containerPort: {{ .Values.springServicePort }}
+           
+          {{- if .Values.resources }}
+          resources: {{- toYaml .Values.resources | nindent 12 }}
+          {{- end }}
+          {{- if .Values.startupProbe.enabled }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }}
+          {{- else if .Values.customStartupProbe }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.livenessProbe.enabled }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }}
+          {{- else if .Values.customLivenessProbe }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.readinessProbe.enabled }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }}
+          {{- else if .Values.customReadinessProbe }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
+          {{- end }}
+        {{- if .Values.sidecars }}
+        {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
+        {{- end }}
diff --git a/helm/prereg-batchjob/templates/extra-list.yaml b/helm/prereg-batchjob/templates/extra-list.yaml
new file mode 100644
index 0000000000..9ac65f9e16
--- /dev/null
+++ b/helm/prereg-batchjob/templates/extra-list.yaml
@@ -0,0 +1,4 @@
+{{- range .Values.extraDeploy }}
+---
+{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
+{{- end }}
diff --git a/helm/prereg-batchjob/templates/service-account.yaml b/helm/prereg-batchjob/templates/service-account.yaml
new file mode 100644
index 0000000000..f9427ed978
--- /dev/null
+++ b/helm/prereg-batchjob/templates/service-account.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  name: {{ template "prereg-batchjob.serviceAccountName" . }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+  namespace: {{ .Release.Namespace }}
diff --git a/helm/prereg-batchjob/templates/service.yaml b/helm/prereg-batchjob/templates/service.yaml
new file mode 100644
index 0000000000..018e6985d0
--- /dev/null
+++ b/helm/prereg-batchjob/templates/service.yaml
@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  name: {{ template "common.names.fullname" . }}
+  annotations: 
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+spec:
+  type: {{ .Values.service.type }}
+  {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }}
+  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
+  {{- end }}
+  {{ if eq .Values.service.type "LoadBalancer" }}
+  loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }}
+  {{ end }}
+  {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }}
+  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+  {{- end }}
+  ports:
+    - port: {{ .Values.service.port }}
+      protocol: TCP 
+      targetPort: {{ .Values.springServicePort }}
+  selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
diff --git a/helm/prereg-batchjob/templates/servicemonitor.yaml b/helm/prereg-batchjob/templates/servicemonitor.yaml
new file mode 100644
index 0000000000..15f48fdeec
--- /dev/null
+++ b/helm/prereg-batchjob/templates/servicemonitor.yaml
@@ -0,0 +1,36 @@
+{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  {{- if .Values.metrics.serviceMonitor.namespace }}
+  namespace: {{ .Values.metrics.serviceMonitor.namespace }}
+  {{- else }}
+  namespace: {{ .Release.Namespace | quote }}
+  {{- end }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.metrics.serviceMonitor.additionalLabels }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }}
+    {{- end }}
+spec:
+  endpoints:
+    - targetPort: {{ .Values.springServicePort }}
+      path: {{ .Values.metrics.endpointPath }} 
+      {{- if .Values.metrics.serviceMonitor.interval }}
+      interval: {{ .Values.metrics.serviceMonitor.interval }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
+      scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.honorLabels }}
+      honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.relabellings }}
+      metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }}
+      {{- end }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace | quote }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+{{- end }}
diff --git a/helm/prereg-batchjob/templates/virtualservice.yaml b/helm/prereg-batchjob/templates/virtualservice.yaml
new file mode 100644
index 0000000000..17a2ca4d73
--- /dev/null
+++ b/helm/prereg-batchjob/templates/virtualservice.yaml
@@ -0,0 +1,32 @@
+{{- if .Values.istio.enabled }}
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  hosts:
+  - "*"
+  gateways:
+  {{- include "common.tplvalues.render" ( dict "value" .Values.istio.gateways "context" $ ) | nindent 4 }}
+  http:
+  - match:
+      - uri:
+          prefix: {{ .Values.istio.prefix }}
+    route:
+    - destination:
+        host: {{ template "common.names.fullname" . }}
+        port:
+          number: {{ .Values.service.port }}
+    headers:
+      request:
+        set:
+          x-forwarded-proto: https
+{{- end }}
diff --git a/helm/prereg-batchjob/values.yaml b/helm/prereg-batchjob/values.yaml
new file mode 100644
index 0000000000..95702a09bf
--- /dev/null
+++ b/helm/prereg-batchjob/values.yaml
@@ -0,0 +1,422 @@
+## Global Docker image parameters
+## Please, note that this will override the image parameters, including dependencies, configured to use the global value
+## Current available global Docker image parameters: imageRegistry and imagePullSecrets
+##
+# global:
+#   imageRegistry: myRegistryName
+#   imagePullSecrets:
+#     - myRegistryKeySecretName
+#   storageClass: myStorageClass
+
+## Add labels to all the deployed resources
+##
+commonLabels:
+  app.kubernetes.io/component: mosip
+
+## Add annotations to all the deployed resources
+##
+commonAnnotations: {}
+
+## Kubernetes Cluster Domain
+##
+clusterDomain: cluster.local
+
+## Extra objects to deploy (value evaluated as a template)
+##
+extraDeploy: []
+
+## Number of nodes
+##
+replicaCount: 1
+
+service:
+  type: ClusterIP
+  port: 80
+  ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific)
+  ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer
+  ##
+  ## loadBalancerIP:
+  ##
+  ## nodePorts:
+  ##   http: <to set explicitly, choose port between 30000-32767>
+  ##   https: <to set explicitly, choose port between 30000-32767>
+  ##
+
+  nodePorts:
+    http: ""
+    https: ""
+  ## Enable client source IP preservation
+  ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+  ##
+  externalTrafficPolicy: Cluster
+
+image:
+  registry: docker.io
+  repository: mosipid/pre-registration-batchjob
+  tag: 1.2.0.1
+  ## Specify a imagePullPolicy
+  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+  ##
+  pullPolicy: Always
+  ## Optionally specify an array of imagePullSecrets.
+  ## Secrets must be manually created in the namespace.
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+  ##
+  # pullSecrets:
+  #   - myRegistryKeySecretName
+
+## Port on which this particular spring service module is running.
+springServicePort: 9097
+
+## Configure extra options for liveness and readiness probes
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+##
+## TODO: Probes have been disabled as they are not working. FIX.
+startupProbe:
+  enabled: true
+  httpGet:
+    path: /preregistration/v1/actuator/health
+    port: 9097
+  initialDelaySeconds: 0
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 30
+  successThreshold: 1
+
+livenessProbe:
+  enabled: true
+  httpGet:
+    path: /preregistration/v1/actuator/health
+    port: 9097
+  initialDelaySeconds: 20
+  periodSeconds: 30
+  timeoutSeconds: 5
+  failureThreshold: 6
+  successThreshold: 1
+
+readinessProbe:
+  enabled: true
+  httpGet:
+    path: /preregistration/v1/actuator/health
+    port: 9097
+  initialDelaySeconds: 0
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 6
+  successThreshold: 1
+
+##
+# existingConfigmap:
+
+## Command and args for running the container (set to default if not set). Use array form
+##
+command: []
+args: []
+
+## Deployment pod host aliases
+## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+##
+hostAliases: []
+
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  limits:
+    cpu: 500m
+    memory: 1500Mi
+  requests:
+    cpu: 200m
+    memory: 1000Mi
+
+additionalResources:
+  ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources
+  ## Example: java_opts: "-Xms500M -Xmx500M"
+  javaOpts: "-Xms1000M -Xmx1000M"
+
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+## Clamav container already runs as 'mosip' user, so we may not need to enable this
+containerSecurityContext:
+  enabled: false
+  runAsUser: mosip
+  runAsNonRoot: true
+
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+##
+podSecurityContext:
+  enabled: false
+  fsGroup: 1001
+
+## Pod affinity preset
+## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+## Allowed values: soft, hard
+##
+podAffinityPreset: ""
+
+## Pod anti-affinity preset
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+## Allowed values: soft, hard
+##
+podAntiAffinityPreset: soft
+
+## Node affinity preset
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+## Allowed values: soft, hard
+##
+nodeAffinityPreset:
+  ## Node affinity type
+  ## Allowed values: soft, hard
+  ##
+  type: ""
+  ## Node label key to match
+  ## E.g.
+  ## key: "kubernetes.io/e2e-az-name"
+  ##
+  key: ""
+  ## Node label values to match
+  ## E.g.
+  ## values:
+  ##   - e2e-az1
+  ##   - e2e-az2
+  ##
+  values: []
+
+## Affinity for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+
+## Node labels for pod assignment. Evaluated as a template.
+## ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+
+## Tolerations for pod assignment. Evaluated as a template.
+## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+
+## Pod extra labels
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+##
+podLabels: {}
+
+## Annotations for server pods.
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+##
+podAnnotations: {}
+
+##  pods' priority.
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+##
+# priorityClassName: ""
+
+## lifecycleHooks for the  container to automate configuration before or after startup.
+##
+lifecycleHooks: {}
+
+## Custom Liveness probes for
+##
+customLivenessProbe: {}
+
+## Custom Rediness probes
+##
+customReadinessProbe: {}
+
+## Update strategy - only really applicable for deployments with RWO PVs attached
+## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
+## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
+## terminate the single previous pod, so that the new, incoming pod can attach to the PV
+##
+updateStrategy:
+  type: RollingUpdate
+
+## Additional environment variables to set
+## Example:
+## extraEnvVars:
+##   - name: FOO
+##     value: "bar"
+##
+extraEnvVars: []
+
+## ConfigMap with extra environment variables that used
+##
+extraEnvVarsCM:
+  - global
+  - config-server-share
+  - artifactory-share
+
+## Secret with extra environment variables
+##
+extraEnvVarsSecret:
+
+## Extra volumes to add to the deployment
+##
+extraVolumes: []
+
+## Extra volume mounts to add to the container
+##
+extraVolumeMounts: []
+
+## Add init containers to the  pods.
+## Example:
+## initContainers:
+##   - name: your-image-name
+##     image: your-image
+##     imagePullPolicy: Always
+##     ports:
+##       - name: portname
+##         containerPort: 1234
+##
+initContainers: {}
+
+## Add sidecars to the  pods.
+## Example:
+## sidecars:
+##   - name: your-image-name
+##     image: your-image
+##     imagePullPolicy: Always
+##     ports:
+##       - name: portname
+##         containerPort: 1234
+##
+sidecars: {}
+
+persistence:
+  enabled: false
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack).
+  ##
+  # storageClass: "-"
+  ##
+  ## If you want to reuse an existing claim, you can pass the name of the PVC using
+  ## the existingClaim variable
+  # existingClaim: your-claim
+  ## ReadWriteMany not supported by AWS gp2
+  storageClass:
+  accessModes:
+    - ReadWriteOnce
+  size: 10M
+  existingClaim:
+  # Dir where config and keys are written inside container
+  mountDir:
+
+## Init containers parameters:
+## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
+##
+volumePermissions:
+  enabled: false
+  image:
+    registry: docker.io
+    repository: bitnami/bitnami-shell
+    tag: "10"
+    pullPolicy: Always
+    ## Optionally specify an array of imagePullSecrets.
+    ## Secrets must be manually created in the namespace.
+    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+    ##
+    pullSecrets: []
+    ##   - myRegistryKeySecretName
+  ## Init containers' resource requests and limits
+  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  ##
+  resources:
+    ## We usually recommend not to specify default resources and to leave this as a conscious
+    ## choice for the user. This also increases chances charts run on environments with little
+    ## resources, such as Minikube. If you do want to specify resources, uncomment the following
+    ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    ##
+    limits: {}
+    ##   cpu: 100m
+    ##   memory: 128Mi
+    ##
+    requests: {}
+    ##   cpu: 100m
+    ##   memory: 128Mi
+    ##
+
+## Specifies whether RBAC resources should be created
+##
+rbac:
+  create: true
+
+## Specifies whether a ServiceAccount should be created
+##
+serviceAccount:
+  create: true
+  ## The name of the ServiceAccount to use.
+  ## If not set and create is true, a name is generated using the fullname template
+  ##
+  name:
+
+## Prometheus Metrics
+##
+## TODO: Enable when prometheus url is available
+metrics:
+  enabled: false
+  ## Prometheus pod annotations
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  podAnnotations:
+    prometheus.io/scrape: "true"
+
+  endpointPath:
+
+  ## Prometheus Service Monitor
+  ## ref: https://github.com/coreos/prometheus-operator
+  ##
+  serviceMonitor:
+    ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry
+    ##
+    enabled: true
+    ## Specify the namespace in which the serviceMonitor resource will be created
+    ##
+    # namespace: ""
+    ## Specify the interval at which metrics should be scraped
+    ##
+    interval: 10s
+    ## Specify the timeout after which the scrape is ended
+    ##
+    # scrapeTimeout: 30s
+    ## Specify Metric Relabellings to add to the scrape endpoint
+    ##
+    # relabellings:
+    ## Specify honorLabels parameter to add the scrape endpoint
+    ##
+    honorLabels: false
+    ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with
+    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+    ##
+    additionalLabels: {}
+
+  ## Custom PrometheusRule to be defined
+  ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
+  ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
+  ##
+  prometheusRule:
+    enabled: false
+    additionalLabels: {}
+    namespace: ''
+    ## List of rules, used as template by Helm.
+    ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html
+    # rules:
+    #   - alert: RabbitmqDown
+    #     expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0
+    #     for: 5m
+    #     labels:
+    #       severity: error
+    rules: []
+
+## TODO: Enable when prefix url is available
+istio:
+  enabled: false
+  gateways:
+    - istio-system/internal
+  prefix:
diff --git a/helm/prereg-booking/.gitignore b/helm/prereg-booking/.gitignore
new file mode 100644
index 0000000000..b3c94bf643
--- /dev/null
+++ b/helm/prereg-booking/.gitignore
@@ -0,0 +1,2 @@
+charts/
+Charts.lock
diff --git a/helm/prereg-booking/.helmignore b/helm/prereg-booking/.helmignore
new file mode 100644
index 0000000000..f0c1319444
--- /dev/null
+++ b/helm/prereg-booking/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/helm/prereg-booking/Chart.yaml b/helm/prereg-booking/Chart.yaml
new file mode 100644
index 0000000000..5fb60d7991
--- /dev/null
+++ b/helm/prereg-booking/Chart.yaml
@@ -0,0 +1,20 @@
+apiVersion: v2
+name: prereg-booking
+description: A Helm chart for MOSIP Pre-registration application service
+type: application
+version: 12.0.1-develop
+appVersion: ""
+dependencies:
+  - name: common
+    repository: https://charts.bitnami.com/bitnami
+    tags:
+      - bitnami-common
+    version: 1.x.x
+home: https://mosip.io
+keywords:
+  - mosip
+  - prereg-booking
+  - kernel
+maintainers:
+  - email: info@mosip.io
+    name: MOSIP
diff --git a/helm/prereg-booking/README.md b/helm/prereg-booking/README.md
new file mode 100644
index 0000000000..c767333e58
--- /dev/null
+++ b/helm/prereg-booking/README.md
@@ -0,0 +1,11 @@
+# PreReg Booking
+
+Helm chart for installing Pre-Registration Booking service.
+
+## Install
+```console
+$ kubectl create namespace prereg
+$ helm repo add mosip https://mosip.github.io
+$ helm -n prereg install my-release mosip/prereg-booking
+```
+
diff --git a/helm/prereg-booking/templates/NOTES.txt b/helm/prereg-booking/templates/NOTES.txt
new file mode 100644
index 0000000000..8b13789179
--- /dev/null
+++ b/helm/prereg-booking/templates/NOTES.txt
@@ -0,0 +1 @@
+
diff --git a/helm/prereg-booking/templates/_helpers.tpl b/helm/prereg-booking/templates/_helpers.tpl
new file mode 100644
index 0000000000..e911b7ed10
--- /dev/null
+++ b/helm/prereg-booking/templates/_helpers.tpl
@@ -0,0 +1,60 @@
+{{/*
+Return the proper  image name
+*/}}
+{{- define "prereg-booking.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "prereg-booking.volumePermissions.image" -}}
+{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "prereg-booking.imagePullSecrets" -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "prereg-booking.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message.
+*/}}
+{{- define "prereg-booking.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "prereg-booking.validateValues.foo" .) -}}
+{{- $messages := append $messages (include "prereg-booking.validateValues.bar" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{-   printf "\nVALUES VALIDATION:\n%s" $message -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return podAnnotations
+*/}}
+{{- define "prereg-booking.podAnnotations" -}}
+{{- if .Values.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }}
+{{- end }}
+{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }}
+{{- end }}
+{{- end -}}
+
+
diff --git a/helm/prereg-booking/templates/deployment.yaml b/helm/prereg-booking/templates/deployment.yaml
new file mode 100644
index 0000000000..5317252685
--- /dev/null
+++ b/helm/prereg-booking/templates/deployment.yaml
@@ -0,0 +1,135 @@
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  name: {{ template "common.names.fullname" . }}
+  annotations:
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  {{- if .Values.updateStrategy }}
+  strategy: {{- toYaml .Values.updateStrategy | nindent 4 }}
+  {{- end }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        {{- if or .Values.podAnnotations .Values.metrics.enabled }}
+        {{- include "prereg-booking.podAnnotations" . | nindent 8 }}
+        {{- end }}
+       
+      labels: {{- include "common.labels.standard" . | nindent 8 }}
+        {{- if .Values.podLabels }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }}
+        {{- end }}
+    spec:
+      serviceAccountName: {{ template "prereg-booking.serviceAccountName" . }}
+      {{- include "prereg-booking.imagePullSecrets" . | nindent 6 }}
+      {{- if .Values.hostAliases }}
+      hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.affinity }}
+      affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }}
+      {{- else }}
+      affinity:
+        podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
+        podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }}
+        nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
+      {{- end }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.tolerations }}
+      tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- end }}
+      {{- if .Values.podSecurityContext.enabled }}
+      securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
+      {{- end }}
+      initContainers:
+        {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
+        - name: volume-permissions
+          image: {{ include "prereg-booking.volumePermissions.image" . }}
+          imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+          command:
+            - %%commands%%
+          securityContext:
+            runAsUser: 0
+          {{- if .Values.volumePermissions.resources }}
+          resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: foo
+              mountPath: bar
+        {{- end }}
+        {{- if .Values.initContainers }}
+          {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
+        {{- end }}
+      containers:
+        - name: prereg-booking
+          image: {{ template "prereg-booking.image" . }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.lifecycleHooks }}
+          lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.containerSecurityContext.enabled }}
+          securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+          {{- end }}
+          {{- if .Values.command }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.args }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
+          {{- end }}
+          env:
+            - name: container_user
+              value: {{ .Values.containerSecurityContext.runAsUser }}
+            - name: JDK_JAVA_OPTIONS
+              value: {{ .Values.additionalResources.javaOpts }}
+            {{- if .Values.extraEnvVars }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          envFrom:
+            {{- if .Values.extraEnvVarsCM }}
+            {{- range .Values.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ . }}
+            {{- end }}
+            {{- end }}
+            {{- if .Values.extraEnvVarsSecret }}
+            - secretRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
+            {{- end }}
+          ports:
+            - name: spring-service
+              containerPort: {{ .Values.springServicePort }}
+           
+          {{- if .Values.resources }}
+          resources: {{- toYaml .Values.resources | nindent 12 }}
+          {{- end }}
+          {{- if .Values.startupProbe.enabled }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }}
+          {{- else if .Values.customStartupProbe }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.livenessProbe.enabled }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }}
+          {{- else if .Values.customLivenessProbe }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.readinessProbe.enabled }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }}
+          {{- else if .Values.customReadinessProbe }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
+          {{- end }}
+        {{- if .Values.sidecars }}
+        {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
+        {{- end }}
diff --git a/helm/prereg-booking/templates/extra-list.yaml b/helm/prereg-booking/templates/extra-list.yaml
new file mode 100644
index 0000000000..9ac65f9e16
--- /dev/null
+++ b/helm/prereg-booking/templates/extra-list.yaml
@@ -0,0 +1,4 @@
+{{- range .Values.extraDeploy }}
+---
+{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
+{{- end }}
diff --git a/helm/prereg-booking/templates/service-account.yaml b/helm/prereg-booking/templates/service-account.yaml
new file mode 100644
index 0000000000..b58a0f2c6d
--- /dev/null
+++ b/helm/prereg-booking/templates/service-account.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  name: {{ template "prereg-booking.serviceAccountName" . }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+  namespace: {{ .Release.Namespace }}
diff --git a/helm/prereg-booking/templates/service.yaml b/helm/prereg-booking/templates/service.yaml
new file mode 100644
index 0000000000..018e6985d0
--- /dev/null
+++ b/helm/prereg-booking/templates/service.yaml
@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  name: {{ template "common.names.fullname" . }}
+  annotations: 
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+spec:
+  type: {{ .Values.service.type }}
+  {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }}
+  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
+  {{- end }}
+  {{ if eq .Values.service.type "LoadBalancer" }}
+  loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }}
+  {{ end }}
+  {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }}
+  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+  {{- end }}
+  ports:
+    - port: {{ .Values.service.port }}
+      protocol: TCP 
+      targetPort: {{ .Values.springServicePort }}
+  selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
diff --git a/helm/prereg-booking/templates/servicemonitor.yaml b/helm/prereg-booking/templates/servicemonitor.yaml
new file mode 100644
index 0000000000..15f48fdeec
--- /dev/null
+++ b/helm/prereg-booking/templates/servicemonitor.yaml
@@ -0,0 +1,36 @@
+{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  {{- if .Values.metrics.serviceMonitor.namespace }}
+  namespace: {{ .Values.metrics.serviceMonitor.namespace }}
+  {{- else }}
+  namespace: {{ .Release.Namespace | quote }}
+  {{- end }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.metrics.serviceMonitor.additionalLabels }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }}
+    {{- end }}
+spec:
+  endpoints:
+    - targetPort: {{ .Values.springServicePort }}
+      path: {{ .Values.metrics.endpointPath }} 
+      {{- if .Values.metrics.serviceMonitor.interval }}
+      interval: {{ .Values.metrics.serviceMonitor.interval }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
+      scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.honorLabels }}
+      honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.relabellings }}
+      metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }}
+      {{- end }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace | quote }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+{{- end }}
diff --git a/helm/prereg-booking/templates/virtualservice.yaml b/helm/prereg-booking/templates/virtualservice.yaml
new file mode 100644
index 0000000000..17a2ca4d73
--- /dev/null
+++ b/helm/prereg-booking/templates/virtualservice.yaml
@@ -0,0 +1,32 @@
+{{- if .Values.istio.enabled }}
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  hosts:
+  - "*"
+  gateways:
+  {{- include "common.tplvalues.render" ( dict "value" .Values.istio.gateways "context" $ ) | nindent 4 }}
+  http:
+  - match:
+      - uri:
+          prefix: {{ .Values.istio.prefix }}
+    route:
+    - destination:
+        host: {{ template "common.names.fullname" . }}
+        port:
+          number: {{ .Values.service.port }}
+    headers:
+      request:
+        set:
+          x-forwarded-proto: https
+{{- end }}
diff --git a/helm/prereg-booking/values.yaml b/helm/prereg-booking/values.yaml
new file mode 100644
index 0000000000..4ffa7517ac
--- /dev/null
+++ b/helm/prereg-booking/values.yaml
@@ -0,0 +1,419 @@
+## Global Docker image parameters
+## Please, note that this will override the image parameters, including dependencies, configured to use the global value
+## Current available global Docker image parameters: imageRegistry and imagePullSecrets
+##
+# global:
+#   imageRegistry: myRegistryName
+#   imagePullSecrets:
+#     - myRegistryKeySecretName
+#   storageClass: myStorageClass
+
+## Add labels to all the deployed resources
+##
+commonLabels:
+  app.kubernetes.io/component: mosip
+
+## Add annotations to all the deployed resources
+##
+commonAnnotations: {}
+
+## Kubernetes Cluster Domain
+##
+clusterDomain: cluster.local
+
+## Extra objects to deploy (value evaluated as a template)
+##
+extraDeploy: []
+
+## Number of nodes
+##
+replicaCount: 1
+
+service:
+  type: ClusterIP
+  port: 80
+  ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific)
+  ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer
+  ##
+  ## loadBalancerIP:
+  ##
+  ## nodePorts:
+  ##   http: <to set explicitly, choose port between 30000-32767>
+  ##   https: <to set explicitly, choose port between 30000-32767>
+  ##
+
+  nodePorts:
+    http: ""
+    https: ""
+  ## Enable client source IP preservation
+  ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+  ##
+  externalTrafficPolicy: Cluster
+
+image:
+  registry: docker.io
+  repository: mosipid/pre-registration-booking-service
+  tag: 1.2.0.1
+  ## Specify a imagePullPolicy
+  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+  ##
+  pullPolicy: Always
+  ## Optionally specify an array of imagePullSecrets.
+  ## Secrets must be manually created in the namespace.
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+  ##
+  # pullSecrets:
+  #   - myRegistryKeySecretName
+
+## Port on which this particular spring service module is running.
+springServicePort: 9095
+
+## Configure extra options for liveness and readiness probes
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+##
+startupProbe:
+  enabled: true
+  httpGet:
+    path: /preregistration/v1/actuator/health
+    port: 9095
+  initialDelaySeconds: 0
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 30
+  successThreshold: 1
+
+livenessProbe:
+  enabled: true
+  httpGet:
+    path: /preregistration/v1/actuator/health
+    port: 9095
+  initialDelaySeconds: 20
+  periodSeconds: 30
+  timeoutSeconds: 5
+  failureThreshold: 6
+  successThreshold: 1
+
+readinessProbe:
+  enabled: true
+  httpGet:
+    path: /preregistration/v1/actuator/health
+    port: 9095
+  initialDelaySeconds: 0
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 6
+  successThreshold: 1
+
+##
+# existingConfigmap:
+
+## Command and args for running the container (set to default if not set). Use array form
+##
+command: []
+args: []
+
+## Deployment pod host aliases
+## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+##
+hostAliases: []
+
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  limits:
+    cpu: 500m
+    memory: 2500Mi
+  requests:
+    cpu: 200m
+    memory: 1000Mi
+
+additionalResources:
+  ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources
+  ## Example: java_opts: "-Xms500M -Xmx500M"
+  javaOpts: "-Xms2000M -Xmx2000M"
+
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+## Clamav container already runs as 'mosip' user, so we may not need to enable this
+containerSecurityContext:
+  enabled: false
+  runAsUser: mosip
+  runAsNonRoot: true
+
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+##
+podSecurityContext:
+  enabled: false
+  fsGroup: 1001
+
+## Pod affinity preset
+## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+## Allowed values: soft, hard
+##
+podAffinityPreset: ""
+
+## Pod anti-affinity preset
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+## Allowed values: soft, hard
+##
+podAntiAffinityPreset: soft
+
+## Node affinity preset
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+## Allowed values: soft, hard
+##
+nodeAffinityPreset:
+  ## Node affinity type
+  ## Allowed values: soft, hard
+  ##
+  type: ""
+  ## Node label key to match
+  ## E.g.
+  ## key: "kubernetes.io/e2e-az-name"
+  ##
+  key: ""
+  ## Node label values to match
+  ## E.g.
+  ## values:
+  ##   - e2e-az1
+  ##   - e2e-az2
+  ##
+  values: []
+
+## Affinity for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+
+## Node labels for pod assignment. Evaluated as a template.
+## ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+
+## Tolerations for pod assignment. Evaluated as a template.
+## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+
+## Pod extra labels
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+##
+podLabels: {}
+
+## Annotations for server pods.
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+##
+podAnnotations: {}
+
+##  pods' priority.
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+##
+# priorityClassName: ""
+
+## lifecycleHooks for the  container to automate configuration before or after startup.
+##
+lifecycleHooks: {}
+
+## Custom Liveness probes for
+##
+customLivenessProbe: {}
+
+## Custom Rediness probes
+##
+customReadinessProbe: {}
+
+## Update strategy - only really applicable for deployments with RWO PVs attached
+## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
+## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
+## terminate the single previous pod, so that the new, incoming pod can attach to the PV
+##
+updateStrategy:
+  type: RollingUpdate
+
+## Additional environment variables to set
+## Example:
+## extraEnvVars:
+##   - name: FOO
+##     value: "bar"
+##
+extraEnvVars: []
+
+## ConfigMap with extra environment variables that used
+##
+extraEnvVarsCM:
+  - global
+  - config-server-share
+  - artifactory-share
+
+## Secret with extra environment variables
+##
+extraEnvVarsSecret:
+
+## Extra volumes to add to the deployment
+##
+extraVolumes: []
+
+## Extra volume mounts to add to the container
+##
+extraVolumeMounts: []
+
+## Add init containers to the  pods.
+## Example:
+## initContainers:
+##   - name: your-image-name
+##     image: your-image
+##     imagePullPolicy: Always
+##     ports:
+##       - name: portname
+##         containerPort: 1234
+##
+initContainers: {}
+
+## Add sidecars to the  pods.
+## Example:
+## sidecars:
+##   - name: your-image-name
+##     image: your-image
+##     imagePullPolicy: Always
+##     ports:
+##       - name: portname
+##         containerPort: 1234
+##
+sidecars: {}
+
+persistence:
+  enabled: false
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack).
+  ##
+  # storageClass: "-"
+  ##
+  ## If you want to reuse an existing claim, you can pass the name of the PVC using
+  ## the existingClaim variable
+  # existingClaim: your-claim
+  ## ReadWriteMany not supported by AWS gp2
+  storageClass:
+  accessModes:
+    - ReadWriteOnce
+  size: 10M
+  existingClaim:
+  # Dir where config and keys are written inside container
+  mountDir:
+
+## Init containers parameters:
+## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
+##
+volumePermissions:
+  enabled: false
+  image:
+    registry: docker.io
+    repository: bitnami/bitnami-shell
+    tag: "10"
+    pullPolicy: Always
+    ## Optionally specify an array of imagePullSecrets.
+    ## Secrets must be manually created in the namespace.
+    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+    ##
+    pullSecrets: []
+    ##   - myRegistryKeySecretName
+  ## Init containers' resource requests and limits
+  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  ##
+  resources:
+    ## We usually recommend not to specify default resources and to leave this as a conscious
+    ## choice for the user. This also increases chances charts run on environments with little
+    ## resources, such as Minikube. If you do want to specify resources, uncomment the following
+    ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    ##
+    limits: {}
+    ##   cpu: 100m
+    ##   memory: 128Mi
+    ##
+    requests: {}
+    ##   cpu: 100m
+    ##   memory: 128Mi
+    ##
+
+## Specifies whether RBAC resources should be created
+##
+rbac:
+  create: true
+
+## Specifies whether a ServiceAccount should be created
+##
+serviceAccount:
+  create: true
+  ## The name of the ServiceAccount to use.
+  ## If not set and create is true, a name is generated using the fullname template
+  ##
+  name:
+
+## Prometheus Metrics
+##
+metrics:
+  enabled: true
+  ## Prometheus pod annotations
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  podAnnotations:
+    prometheus.io/scrape: "true"
+
+  endpointPath: /preregistration/v1/actuator/prometheus
+
+  ## Prometheus Service Monitor
+  ## ref: https://github.com/coreos/prometheus-operator
+  ##
+  serviceMonitor:
+    ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry
+    ##
+    enabled: true
+    ## Specify the namespace in which the serviceMonitor resource will be created
+    ##
+    # namespace: ""
+    ## Specify the interval at which metrics should be scraped
+    ##
+    interval: 10s
+    ## Specify the timeout after which the scrape is ended
+    ##
+    # scrapeTimeout: 30s
+    ## Specify Metric Relabellings to add to the scrape endpoint
+    ##
+    # relabellings:
+    ## Specify honorLabels parameter to add the scrape endpoint
+    ##
+    honorLabels: false
+    ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with
+    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+    ##
+    additionalLabels: {}
+
+  ## Custom PrometheusRule to be defined
+  ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
+  ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
+  ##
+  prometheusRule:
+    enabled: false
+    additionalLabels: {}
+    namespace: ''
+    ## List of rules, used as template by Helm.
+    ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html
+    # rules:
+    #   - alert: RabbitmqDown
+    #     expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0
+    #     for: 5m
+    #     labels:
+    #       severity: error
+    rules: []
+istio:
+  enabled: true
+  gateways:
+    - istio-system/internal
+    - prereg-gateway
+  prefix: /preregistration/v1/appointment
diff --git a/helm/prereg-captcha/.gitignore b/helm/prereg-captcha/.gitignore
new file mode 100644
index 0000000000..b3c94bf643
--- /dev/null
+++ b/helm/prereg-captcha/.gitignore
@@ -0,0 +1,2 @@
+charts/
+Charts.lock
diff --git a/helm/prereg-captcha/.helmignore b/helm/prereg-captcha/.helmignore
new file mode 100644
index 0000000000..f0c1319444
--- /dev/null
+++ b/helm/prereg-captcha/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/helm/prereg-captcha/Chart.yaml b/helm/prereg-captcha/Chart.yaml
new file mode 100644
index 0000000000..30153703fd
--- /dev/null
+++ b/helm/prereg-captcha/Chart.yaml
@@ -0,0 +1,20 @@
+apiVersion: v2
+name: prereg-captcha
+description: A Helm chart for MOSIP Pre-registration Captcha Service
+type: application
+version: 12.0.1-develop
+appVersion: ""
+dependencies:
+  - name: common
+    repository: https://charts.bitnami.com/bitnami
+    tags:
+      - bitnami-common
+    version: 1.x.x
+home: https://mosip.io
+keywords:
+  - mosip
+  - prereg-captcha
+  - prereg
+maintainers:
+  - email: info@mosip.io
+    name: MOSIP
diff --git a/helm/prereg-captcha/README.md b/helm/prereg-captcha/README.md
new file mode 100644
index 0000000000..08bfcec6cd
--- /dev/null
+++ b/helm/prereg-captcha/README.md
@@ -0,0 +1,11 @@
+# PreReg Captcha Service
+
+Helm chart for installing Pre-Registration Captcha Service
+
+## Install
+```console
+$ kubectl create namespace prereg
+$ helm repo add mosip https://mosip.github.io
+$ helm -n prereg install my-release mosip/prereg-captcha
+```
+
diff --git a/helm/prereg-captcha/templates/NOTES.txt b/helm/prereg-captcha/templates/NOTES.txt
new file mode 100644
index 0000000000..8b13789179
--- /dev/null
+++ b/helm/prereg-captcha/templates/NOTES.txt
@@ -0,0 +1 @@
+
diff --git a/helm/prereg-captcha/templates/_helpers.tpl b/helm/prereg-captcha/templates/_helpers.tpl
new file mode 100644
index 0000000000..dc74f31b50
--- /dev/null
+++ b/helm/prereg-captcha/templates/_helpers.tpl
@@ -0,0 +1,60 @@
+{{/*
+Return the proper  image name
+*/}}
+{{- define "prereg-captcha.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "prereg-captcha.volumePermissions.image" -}}
+{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "prereg-captcha.imagePullSecrets" -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "prereg-captcha.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message.
+*/}}
+{{- define "prereg-captcha.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "prereg-captcha.validateValues.foo" .) -}}
+{{- $messages := append $messages (include "prereg-captcha.validateValues.bar" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{-   printf "\nVALUES VALIDATION:\n%s" $message -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return podAnnotations
+*/}}
+{{- define "prereg-captcha.podAnnotations" -}}
+{{- if .Values.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }}
+{{- end }}
+{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }}
+{{- end }}
+{{- end -}}
+
+
diff --git a/helm/prereg-captcha/templates/deployment.yaml b/helm/prereg-captcha/templates/deployment.yaml
new file mode 100644
index 0000000000..7ff9adf5aa
--- /dev/null
+++ b/helm/prereg-captcha/templates/deployment.yaml
@@ -0,0 +1,135 @@
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  name: {{ template "common.names.fullname" . }}
+  annotations:
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  {{- if .Values.updateStrategy }}
+  strategy: {{- toYaml .Values.updateStrategy | nindent 4 }}
+  {{- end }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        {{- if or .Values.podAnnotations .Values.metrics.enabled }}
+        {{- include "prereg-captcha.podAnnotations" . | nindent 8 }}
+        {{- end }}
+       
+      labels: {{- include "common.labels.standard" . | nindent 8 }}
+        {{- if .Values.podLabels }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }}
+        {{- end }}
+    spec:
+      serviceAccountName: {{ template "prereg-captcha.serviceAccountName" . }}
+      {{- include "prereg-captcha.imagePullSecrets" . | nindent 6 }}
+      {{- if .Values.hostAliases }}
+      hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.affinity }}
+      affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }}
+      {{- else }}
+      affinity:
+        podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
+        podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }}
+        nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
+      {{- end }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.tolerations }}
+      tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- end }}
+      {{- if .Values.podSecurityContext.enabled }}
+      securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
+      {{- end }}
+      initContainers:
+        {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
+        - name: volume-permissions
+          image: {{ include "prereg-captcha.volumePermissions.image" . }}
+          imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+          command:
+            - %%commands%%
+          securityContext:
+            runAsUser: 0
+          {{- if .Values.volumePermissions.resources }}
+          resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: foo
+              mountPath: bar
+        {{- end }}
+        {{- if .Values.initContainers }}
+          {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
+        {{- end }}
+      containers:
+        - name: prereg-captcha
+          image: {{ template "prereg-captcha.image" . }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.lifecycleHooks }}
+          lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.containerSecurityContext.enabled }}
+          securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+          {{- end }}
+          {{- if .Values.command }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.args }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
+          {{- end }}
+          env:
+            - name: container_user
+              value: {{ .Values.containerSecurityContext.runAsUser }}
+            - name: JDK_JAVA_OPTIONS
+              value: {{ .Values.additionalResources.javaOpts }}
+            {{- if .Values.extraEnvVars }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          envFrom:
+            {{- if .Values.extraEnvVarsCM }}
+            {{- range .Values.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ . }}
+            {{- end }}
+            {{- end }}
+            {{- if .Values.extraEnvVarsSecret }}
+            - secretRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
+            {{- end }}
+          ports:
+            - name: spring-service
+              containerPort: {{ .Values.springServicePort }}
+           
+          {{- if .Values.resources }}
+          resources: {{- toYaml .Values.resources | nindent 12 }}
+          {{- end }}
+          {{- if .Values.startupProbe.enabled }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }}
+          {{- else if .Values.customStartupProbe }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.livenessProbe.enabled }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }}
+          {{- else if .Values.customLivenessProbe }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.readinessProbe.enabled }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }}
+          {{- else if .Values.customReadinessProbe }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
+          {{- end }}
+        {{- if .Values.sidecars }}
+        {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
+        {{- end }}
diff --git a/helm/prereg-captcha/templates/extra-list.yaml b/helm/prereg-captcha/templates/extra-list.yaml
new file mode 100644
index 0000000000..9ac65f9e16
--- /dev/null
+++ b/helm/prereg-captcha/templates/extra-list.yaml
@@ -0,0 +1,4 @@
+{{- range .Values.extraDeploy }}
+---
+{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
+{{- end }}
diff --git a/helm/prereg-captcha/templates/service-account.yaml b/helm/prereg-captcha/templates/service-account.yaml
new file mode 100644
index 0000000000..54adc267a9
--- /dev/null
+++ b/helm/prereg-captcha/templates/service-account.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  name: {{ template "prereg-captcha.serviceAccountName" . }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+  namespace: {{ .Release.Namespace }}
diff --git a/helm/prereg-captcha/templates/service.yaml b/helm/prereg-captcha/templates/service.yaml
new file mode 100644
index 0000000000..018e6985d0
--- /dev/null
+++ b/helm/prereg-captcha/templates/service.yaml
@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  name: {{ template "common.names.fullname" . }}
+  annotations: 
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+spec:
+  type: {{ .Values.service.type }}
+  {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }}
+  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
+  {{- end }}
+  {{ if eq .Values.service.type "LoadBalancer" }}
+  loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }}
+  {{ end }}
+  {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }}
+  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+  {{- end }}
+  ports:
+    - port: {{ .Values.service.port }}
+      protocol: TCP 
+      targetPort: {{ .Values.springServicePort }}
+  selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
diff --git a/helm/prereg-captcha/templates/servicemonitor.yaml b/helm/prereg-captcha/templates/servicemonitor.yaml
new file mode 100644
index 0000000000..15f48fdeec
--- /dev/null
+++ b/helm/prereg-captcha/templates/servicemonitor.yaml
@@ -0,0 +1,36 @@
+{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  {{- if .Values.metrics.serviceMonitor.namespace }}
+  namespace: {{ .Values.metrics.serviceMonitor.namespace }}
+  {{- else }}
+  namespace: {{ .Release.Namespace | quote }}
+  {{- end }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.metrics.serviceMonitor.additionalLabels }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }}
+    {{- end }}
+spec:
+  endpoints:
+    - targetPort: {{ .Values.springServicePort }}
+      path: {{ .Values.metrics.endpointPath }} 
+      {{- if .Values.metrics.serviceMonitor.interval }}
+      interval: {{ .Values.metrics.serviceMonitor.interval }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
+      scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.honorLabels }}
+      honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.relabellings }}
+      metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }}
+      {{- end }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace | quote }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+{{- end }}
diff --git a/helm/prereg-captcha/templates/virtualservice.yaml b/helm/prereg-captcha/templates/virtualservice.yaml
new file mode 100644
index 0000000000..17a2ca4d73
--- /dev/null
+++ b/helm/prereg-captcha/templates/virtualservice.yaml
@@ -0,0 +1,32 @@
+{{- if .Values.istio.enabled }}
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  hosts:
+  - "*"
+  gateways:
+  {{- include "common.tplvalues.render" ( dict "value" .Values.istio.gateways "context" $ ) | nindent 4 }}
+  http:
+  - match:
+      - uri:
+          prefix: {{ .Values.istio.prefix }}
+    route:
+    - destination:
+        host: {{ template "common.names.fullname" . }}
+        port:
+          number: {{ .Values.service.port }}
+    headers:
+      request:
+        set:
+          x-forwarded-proto: https
+{{- end }}
diff --git a/helm/prereg-captcha/values.yaml b/helm/prereg-captcha/values.yaml
new file mode 100644
index 0000000000..075752f3c4
--- /dev/null
+++ b/helm/prereg-captcha/values.yaml
@@ -0,0 +1,420 @@
+## Global Docker image parameters
+## Please, note that this will override the image parameters, including dependencies, configured to use the global value
+## Current available global Docker image parameters: imageRegistry and imagePullSecrets
+##
+# global:
+#   imageRegistry: myRegistryName
+#   imagePullSecrets:
+#     - myRegistryKeySecretName
+#   storageClass: myStorageClass
+
+## Add labels to all the deployed resources
+##
+commonLabels:
+  app.kubernetes.io/component: mosip
+
+## Add annotations to all the deployed resources
+##
+commonAnnotations: {}
+
+## Kubernetes Cluster Domain
+##
+clusterDomain: cluster.local
+
+## Extra objects to deploy (value evaluated as a template)
+##
+extraDeploy: []
+
+## Number of nodes
+##
+replicaCount: 1
+
+service:
+  type: ClusterIP
+  port: 80
+  ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific)
+  ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer
+  ##
+  ## loadBalancerIP:
+  ##
+  ## nodePorts:
+  ##   http: <to set explicitly, choose port between 30000-32767>
+  ##   https: <to set explicitly, choose port between 30000-32767>
+  ##
+
+  nodePorts:
+    http: ""
+    https: ""
+  ## Enable client source IP preservation
+  ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+  ##
+  externalTrafficPolicy: Cluster
+
+image:
+  registry: docker.io
+  repository: mosipid/pre-registration-captcha-service
+  tag: 1.2.0.1
+  ## Specify a imagePullPolicy
+  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+  ##
+  pullPolicy: Always
+  ## Optionally specify an array of imagePullSecrets.
+  ## Secrets must be manually created in the namespace.
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+  ##
+  # pullSecrets:
+  #   - myRegistryKeySecretName
+
+## Port on which this particular spring service module is running.
+springServicePort: 9089
+
+## Configure extra options for liveness and readiness probes
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+##
+startupProbe:
+  enabled: true
+  httpGet:
+    path: /preregistration/v1/captcha/actuator/health
+    port: 9089
+  initialDelaySeconds: 0
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 30
+  successThreshold: 1
+
+livenessProbe:
+  enabled: true
+  httpGet:
+    path: /preregistration/v1/captcha/actuator/health
+    port: 9089
+  initialDelaySeconds: 20
+  periodSeconds: 30
+  timeoutSeconds: 5
+  failureThreshold: 6
+  successThreshold: 1
+
+readinessProbe:
+  enabled: true
+  httpGet:
+    path: /preregistration/v1/captcha/actuator/health
+    port: 9089
+  initialDelaySeconds: 0
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 6
+  successThreshold: 1
+
+##
+# existingConfigmap:
+
+## Command and args for running the container (set to default if not set). Use array form
+##
+command: []
+args: []
+
+## Deployment pod host aliases
+## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+##
+hostAliases: []
+
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  limits:
+    cpu: 500m
+    memory: 2500Mi
+  requests:
+    cpu: 200m
+    memory: 1500Mi
+
+additionalResources:
+  ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources
+  ## Example: java_opts: "-Xms500M -Xmx500M"
+  javaOpts: "-Xms2000M -Xmx2000M"
+
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+## Clamav container already runs as 'mosip' user, so we may not need to enable this
+containerSecurityContext:
+  enabled: false
+  runAsUser: mosip
+  runAsNonRoot: true
+
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+##
+podSecurityContext:
+  enabled: false
+  fsGroup: 1001
+
+## Pod affinity preset
+## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+## Allowed values: soft, hard
+##
+podAffinityPreset: ""
+
+## Pod anti-affinity preset
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+## Allowed values: soft, hard
+##
+podAntiAffinityPreset: soft
+
+## Node affinity preset
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+## Allowed values: soft, hard
+##
+nodeAffinityPreset:
+  ## Node affinity type
+  ## Allowed values: soft, hard
+  ##
+  type: ""
+  ## Node label key to match
+  ## E.g.
+  ## key: "kubernetes.io/e2e-az-name"
+  ##
+  key: ""
+  ## Node label values to match
+  ## E.g.
+  ## values:
+  ##   - e2e-az1
+  ##   - e2e-az2
+  ##
+  values: []
+
+## Affinity for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+
+## Node labels for pod assignment. Evaluated as a template.
+## ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+
+## Tolerations for pod assignment. Evaluated as a template.
+## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+
+## Pod extra labels
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+##
+podLabels: {}
+
+## Annotations for server pods.
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+##
+podAnnotations: {}
+
+##  pods' priority.
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+##
+# priorityClassName: ""
+
+## lifecycleHooks for the  container to automate configuration before or after startup.
+##
+lifecycleHooks: {}
+
+## Custom Liveness probes for
+##
+customLivenessProbe: {}
+
+## Custom Rediness probes
+##
+customReadinessProbe: {}
+
+## Update strategy - only really applicable for deployments with RWO PVs attached
+## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
+## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
+## terminate the single previous pod, so that the new, incoming pod can attach to the PV
+##
+updateStrategy:
+  type: RollingUpdate
+
+## Additional environment variables to set
+## Example:
+## extraEnvVars:
+##   - name: FOO
+##     value: "bar"
+##
+extraEnvVars: []
+
+## ConfigMap with extra environment variables that used
+##
+extraEnvVarsCM:
+  - global
+  - config-server-share
+  - artifactory-share
+
+## Secret with extra environment variables
+##
+extraEnvVarsSecret:
+
+## Extra volumes to add to the deployment
+##
+extraVolumes: []
+
+## Extra volume mounts to add to the container
+##
+extraVolumeMounts: []
+
+## Add init containers to the  pods.
+## Example:
+## initContainers:
+##   - name: your-image-name
+##     image: your-image
+##     imagePullPolicy: Always
+##     ports:
+##       - name: portname
+##         containerPort: 1234
+##
+initContainers: {}
+
+## Add sidecars to the  pods.
+## Example:
+## sidecars:
+##   - name: your-image-name
+##     image: your-image
+##     imagePullPolicy: Always
+##     ports:
+##       - name: portname
+##         containerPort: 1234
+##
+sidecars: {}
+
+persistence:
+  enabled: false
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack).
+  ##
+  # storageClass: "-"
+  ##
+  ## If you want to reuse an existing claim, you can pass the name of the PVC using
+  ## the existingClaim variable
+  # existingClaim: your-claim
+  ## ReadWriteMany not supported by AWS gp2
+  storageClass:
+  accessModes:
+    - ReadWriteOnce
+  size: 10M
+  existingClaim:
+  # Dir where config and keys are written inside container
+  mountDir:
+
+## Init containers parameters:
+## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
+##
+volumePermissions:
+  enabled: false
+  image:
+    registry: docker.io
+    repository: bitnami/bitnami-shell
+    tag: "10"
+    pullPolicy: Always
+    ## Optionally specify an array of imagePullSecrets.
+    ## Secrets must be manually created in the namespace.
+    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+    ##
+    pullSecrets: []
+    ##   - myRegistryKeySecretName
+  ## Init containers' resource requests and limits
+  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  ##
+  resources:
+    ## We usually recommend not to specify default resources and to leave this as a conscious
+    ## choice for the user. This also increases chances charts run on environments with little
+    ## resources, such as Minikube. If you do want to specify resources, uncomment the following
+    ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    ##
+    limits: {}
+    ##   cpu: 100m
+    ##   memory: 128Mi
+    ##
+    requests: {}
+    ##   cpu: 100m
+    ##   memory: 128Mi
+    ##
+
+## Specifies whether RBAC resources should be created
+##
+rbac:
+  create: true
+
+## Specifies whether a ServiceAccount should be created
+##
+serviceAccount:
+  create: true
+  ## The name of the ServiceAccount to use.
+  ## If not set and create is true, a name is generated using the fullname template
+  ##
+  name:
+
+## Prometheus Metrics
+##
+metrics:
+  enabled: true
+  ## Prometheus pod annotations
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  podAnnotations:
+    prometheus.io/scrape: "true"
+
+  endpointPath: /preregistration/v1/captcha/actuator/prometheus
+
+  ## Prometheus Service Monitor
+  ## ref: https://github.com/coreos/prometheus-operator
+  ##
+  serviceMonitor:
+    ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry
+    ##
+    enabled: true
+    ## Specify the namespace in which the serviceMonitor resource will be created
+    ##
+    # namespace: ""
+    ## Specify the interval at which metrics should be scraped
+    ##
+    interval: 10s
+    ## Specify the timeout after which the scrape is ended
+    ##
+    # scrapeTimeout: 30s
+    ## Specify Metric Relabellings to add to the scrape endpoint
+    ##
+    # relabellings:
+    ## Specify honorLabels parameter to add the scrape endpoint
+    ##
+    honorLabels: false
+    ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with
+    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+    ##
+    additionalLabels: {}
+
+  ## Custom PrometheusRule to be defined
+  ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
+  ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
+  ##
+  prometheusRule:
+    enabled: false
+    additionalLabels: {}
+    namespace: ''
+    ## List of rules, used as template by Helm.
+    ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html
+    # rules:
+    #   - alert: RabbitmqDown
+    #     expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0
+    #     for: 5m
+    #     labels:
+    #       severity: error
+    rules: []
+
+istio:
+  enabled: true
+  gateways:
+    - istio-system/internal
+    - prereg-gateway
+  prefix: /preregistration/v1/captcha
diff --git a/helm/prereg-datasync/.gitignore b/helm/prereg-datasync/.gitignore
new file mode 100644
index 0000000000..b3c94bf643
--- /dev/null
+++ b/helm/prereg-datasync/.gitignore
@@ -0,0 +1,2 @@
+charts/
+Charts.lock
diff --git a/helm/prereg-datasync/.helmignore b/helm/prereg-datasync/.helmignore
new file mode 100644
index 0000000000..f0c1319444
--- /dev/null
+++ b/helm/prereg-datasync/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/helm/prereg-datasync/Chart.yaml b/helm/prereg-datasync/Chart.yaml
new file mode 100644
index 0000000000..2531c96ff8
--- /dev/null
+++ b/helm/prereg-datasync/Chart.yaml
@@ -0,0 +1,19 @@
+apiVersion: v2
+name: prereg-datasync
+description: A Helm chart for MOSIP Pre-registration Datasync service
+type: application
+version: 12.0.1-develop
+appVersion: ""
+dependencies:
+  - name: common
+    repository: https://charts.bitnami.com/bitnami
+    tags:
+      - bitnami-common
+    version: 1.x.x
+home: https://mosip.io
+keywords:
+  - mosip
+  - prereg-datasync
+maintainers:
+  - email: info@mosip.io
+    name: MOSIP
diff --git a/helm/prereg-datasync/README.md b/helm/prereg-datasync/README.md
new file mode 100644
index 0000000000..c3aeb613c4
--- /dev/null
+++ b/helm/prereg-datasync/README.md
@@ -0,0 +1,11 @@
+# PreReg Datasync
+
+Helm chart for installing Pre-Registration Datasync service.
+
+## Install
+```console
+$ kubectl create namespace prereg
+$ helm repo add mosip https://mosip.github.io
+$ helm -n prereg install my-release mosip/prereg-datasync
+```
+
diff --git a/helm/prereg-datasync/templates/NOTES.txt b/helm/prereg-datasync/templates/NOTES.txt
new file mode 100644
index 0000000000..8b13789179
--- /dev/null
+++ b/helm/prereg-datasync/templates/NOTES.txt
@@ -0,0 +1 @@
+
diff --git a/helm/prereg-datasync/templates/_helpers.tpl b/helm/prereg-datasync/templates/_helpers.tpl
new file mode 100644
index 0000000000..20e4a33251
--- /dev/null
+++ b/helm/prereg-datasync/templates/_helpers.tpl
@@ -0,0 +1,60 @@
+{{/*
+Return the proper  image name
+*/}}
+{{- define "prereg-datasync.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "prereg-datasync.volumePermissions.image" -}}
+{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "prereg-datasync.imagePullSecrets" -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "prereg-datasync.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message.
+*/}}
+{{- define "prereg-datasync.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "prereg-datasync.validateValues.foo" .) -}}
+{{- $messages := append $messages (include "prereg-datasync.validateValues.bar" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{-   printf "\nVALUES VALIDATION:\n%s" $message -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return podAnnotations
+*/}}
+{{- define "prereg-datasync.podAnnotations" -}}
+{{- if .Values.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }}
+{{- end }}
+{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }}
+{{- end }}
+{{- end -}}
+
+
diff --git a/helm/prereg-datasync/templates/deployment.yaml b/helm/prereg-datasync/templates/deployment.yaml
new file mode 100644
index 0000000000..6ab633f2cd
--- /dev/null
+++ b/helm/prereg-datasync/templates/deployment.yaml
@@ -0,0 +1,135 @@
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  name: {{ template "common.names.fullname" . }}
+  annotations:
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  {{- if .Values.updateStrategy }}
+  strategy: {{- toYaml .Values.updateStrategy | nindent 4 }}
+  {{- end }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        {{- if or .Values.podAnnotations .Values.metrics.enabled }}
+        {{- include "prereg-datasync.podAnnotations" . | nindent 8 }}
+        {{- end }}
+       
+      labels: {{- include "common.labels.standard" . | nindent 8 }}
+        {{- if .Values.podLabels }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }}
+        {{- end }}
+    spec:
+      serviceAccountName: {{ template "prereg-datasync.serviceAccountName" . }}
+      {{- include "prereg-datasync.imagePullSecrets" . | nindent 6 }}
+      {{- if .Values.hostAliases }}
+      hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.affinity }}
+      affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }}
+      {{- else }}
+      affinity:
+        podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }}
+        podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }}
+        nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
+      {{- end }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.tolerations }}
+      tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
+      {{- end }}
+      {{- if .Values.podSecurityContext.enabled }}
+      securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
+      {{- end }}
+      initContainers:
+        {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
+        - name: volume-permissions
+          image: {{ include "prereg-datasync.volumePermissions.image" . }}
+          imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+          command:
+            - %%commands%%
+          securityContext:
+            runAsUser: 0
+          {{- if .Values.volumePermissions.resources }}
+          resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: foo
+              mountPath: bar
+        {{- end }}
+        {{- if .Values.initContainers }}
+          {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
+        {{- end }}
+      containers:
+        - name: prereg-datasync
+          image: {{ template "prereg-datasync.image" . }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.lifecycleHooks }}
+          lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.containerSecurityContext.enabled }}
+          securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+          {{- end }}
+          {{- if .Values.command }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.args }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
+          {{- end }}
+          env:
+            - name: container_user
+              value: {{ .Values.containerSecurityContext.runAsUser }}
+            - name: JDK_JAVA_OPTIONS
+              value: {{ .Values.additionalResources.javaOpts }}
+            {{- if .Values.extraEnvVars }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          envFrom:
+            {{- if .Values.extraEnvVarsCM }}
+            {{- range .Values.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ . }}
+            {{- end }}
+            {{- end }}
+            {{- if .Values.extraEnvVarsSecret }}
+            - secretRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }}
+            {{- end }}
+          ports:
+            - name: spring-service
+              containerPort: {{ .Values.springServicePort }}
+           
+          {{- if .Values.resources }}
+          resources: {{- toYaml .Values.resources | nindent 12 }}
+          {{- end }}
+          {{- if .Values.startupProbe.enabled }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }}
+          {{- else if .Values.customStartupProbe }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.livenessProbe.enabled }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }}
+          {{- else if .Values.customLivenessProbe }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.readinessProbe.enabled }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }}
+          {{- else if .Values.customReadinessProbe }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
+          {{- end }}
+        {{- if .Values.sidecars }}
+        {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }}
+        {{- end }}
diff --git a/helm/prereg-datasync/templates/extra-list.yaml b/helm/prereg-datasync/templates/extra-list.yaml
new file mode 100644
index 0000000000..9ac65f9e16
--- /dev/null
+++ b/helm/prereg-datasync/templates/extra-list.yaml
@@ -0,0 +1,4 @@
+{{- range .Values.extraDeploy }}
+---
+{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
+{{- end }}
diff --git a/helm/prereg-datasync/templates/service-account.yaml b/helm/prereg-datasync/templates/service-account.yaml
new file mode 100644
index 0000000000..c040b86a41
--- /dev/null
+++ b/helm/prereg-datasync/templates/service-account.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  name: {{ template "prereg-datasync.serviceAccountName" . }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+  namespace: {{ .Release.Namespace }}
diff --git a/helm/prereg-datasync/templates/service.yaml b/helm/prereg-datasync/templates/service.yaml
new file mode 100644
index 0000000000..018e6985d0
--- /dev/null
+++ b/helm/prereg-datasync/templates/service.yaml
@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  name: {{ template "common.names.fullname" . }}
+  annotations: 
+    {{- if .Values.commonAnnotations }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+    {{- end }}
+spec:
+  type: {{ .Values.service.type }}
+  {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }}
+  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
+  {{- end }}
+  {{ if eq .Values.service.type "LoadBalancer" }}
+  loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }}
+  {{ end }}
+  {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }}
+  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+  {{- end }}
+  ports:
+    - port: {{ .Values.service.port }}
+      protocol: TCP 
+      targetPort: {{ .Values.springServicePort }}
+  selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
diff --git a/helm/prereg-datasync/templates/servicemonitor.yaml b/helm/prereg-datasync/templates/servicemonitor.yaml
new file mode 100644
index 0000000000..15f48fdeec
--- /dev/null
+++ b/helm/prereg-datasync/templates/servicemonitor.yaml
@@ -0,0 +1,36 @@
+{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  {{- if .Values.metrics.serviceMonitor.namespace }}
+  namespace: {{ .Values.metrics.serviceMonitor.namespace }}
+  {{- else }}
+  namespace: {{ .Release.Namespace | quote }}
+  {{- end }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.metrics.serviceMonitor.additionalLabels }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }}
+    {{- end }}
+spec:
+  endpoints:
+    - targetPort: {{ .Values.springServicePort }}
+      path: {{ .Values.metrics.endpointPath }} 
+      {{- if .Values.metrics.serviceMonitor.interval }}
+      interval: {{ .Values.metrics.serviceMonitor.interval }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
+      scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.honorLabels }}
+      honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.relabellings }}
+      metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }}
+      {{- end }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace | quote }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+{{- end }}
diff --git a/helm/prereg-datasync/templates/virtualservice.yaml b/helm/prereg-datasync/templates/virtualservice.yaml
new file mode 100644
index 0000000000..17a2ca4d73
--- /dev/null
+++ b/helm/prereg-datasync/templates/virtualservice.yaml
@@ -0,0 +1,32 @@
+{{- if .Values.istio.enabled }}
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  hosts:
+  - "*"
+  gateways:
+  {{- include "common.tplvalues.render" ( dict "value" .Values.istio.gateways "context" $ ) | nindent 4 }}
+  http:
+  - match:
+      - uri:
+          prefix: {{ .Values.istio.prefix }}
+    route:
+    - destination:
+        host: {{ template "common.names.fullname" . }}
+        port:
+          number: {{ .Values.service.port }}
+    headers:
+      request:
+        set:
+          x-forwarded-proto: https
+{{- end }}
diff --git a/helm/prereg-datasync/values.yaml b/helm/prereg-datasync/values.yaml
new file mode 100644
index 0000000000..dbfa7c9a21
--- /dev/null
+++ b/helm/prereg-datasync/values.yaml
@@ -0,0 +1,419 @@
+## Global Docker image parameters
+## Please, note that this will override the image parameters, including dependencies, configured to use the global value
+## Current available global Docker image parameters: imageRegistry and imagePullSecrets
+##
+# global:
+#   imageRegistry: myRegistryName
+#   imagePullSecrets:
+#     - myRegistryKeySecretName
+#   storageClass: myStorageClass
+
+## Add labels to all the deployed resources
+##
+commonLabels:
+  app.kubernetes.io/component: mosip
+
+## Add annotations to all the deployed resources
+##
+commonAnnotations: {}
+
+## Kubernetes Cluster Domain
+##
+clusterDomain: cluster.local
+
+## Extra objects to deploy (value evaluated as a template)
+##
+extraDeploy: []
+
+## Number of nodes
+##
+replicaCount: 1
+
+service:
+  type: ClusterIP
+  port: 80
+  ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific)
+  ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer
+  ##
+  ## loadBalancerIP:
+  ##
+  ## nodePorts:
+  ##   http: <to set explicitly, choose port between 30000-32767>
+  ##   https: <to set explicitly, choose port between 30000-32767>
+  ##
+
+  nodePorts:
+    http: ""
+    https: ""
+  ## Enable client source IP preservation
+  ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+  ##
+  externalTrafficPolicy: Cluster
+
+image:
+  registry: docker.io
+  repository: mosipid/pre-registration-datasync-service
+  tag: 1.2.0.1
+  ## Specify a imagePullPolicy
+  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+  ##
+  pullPolicy: Always
+  ## Optionally specify an array of imagePullSecrets.
+  ## Secrets must be manually created in the namespace.
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+  ##
+  # pullSecrets:
+  #   - myRegistryKeySecretName
+
+## Port on which this particular spring service module is running.
+springServicePort: 9094
+
+## Configure extra options for liveness and readiness probes
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+##
+startupProbe:
+  enabled: true
+  httpGet:
+    path: /preregistration/v1/actuator/health
+    port: 9094
+  initialDelaySeconds: 0
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 30
+  successThreshold: 1
+
+livenessProbe:
+  enabled: true
+  httpGet:
+    path: /preregistration/v1/actuator/health
+    port: 9094
+  initialDelaySeconds: 20
+  periodSeconds: 30
+  timeoutSeconds: 5
+  failureThreshold: 6
+  successThreshold: 1
+
+readinessProbe:
+  enabled: true
+  httpGet:
+    path: /preregistration/v1/actuator/health
+    port: 9094
+  initialDelaySeconds: 0
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 6
+  successThreshold: 1
+
+##
+# existingConfigmap:
+
+## Command and args for running the container (set to default if not set). Use array form
+##
+command: []
+args: []
+
+## Deployment pod host aliases
+## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+##
+hostAliases: []
+
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  limits:
+    cpu: 500m
+    memory: 2500Mi
+  requests:
+    cpu: 200m
+    memory: 1000Mi
+
+additionalResources:
+  ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources
+  ## Example: java_opts: "-Xms500M -Xmx500M"
+  javaOpts: "-Xms2000M -Xmx2000M"
+
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+## Clamav container already runs as 'mosip' user, so we may not need to enable this
+containerSecurityContext:
+  enabled: false
+  runAsUser: mosip
+  runAsNonRoot: true
+
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+##
+podSecurityContext:
+  enabled: false
+  fsGroup: 1001
+
+## Pod affinity preset
+## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+## Allowed values: soft, hard
+##
+podAffinityPreset: ""
+
+## Pod anti-affinity preset
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+## Allowed values: soft, hard
+##
+podAntiAffinityPreset: soft
+
+## Node affinity preset
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+## Allowed values: soft, hard
+##
+nodeAffinityPreset:
+  ## Node affinity type
+  ## Allowed values: soft, hard
+  ##
+  type: ""
+  ## Node label key to match
+  ## E.g.
+  ## key: "kubernetes.io/e2e-az-name"
+  ##
+  key: ""
+  ## Node label values to match
+  ## E.g.
+  ## values:
+  ##   - e2e-az1
+  ##   - e2e-az2
+  ##
+  values: []
+
+## Affinity for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+
+## Node labels for pod assignment. Evaluated as a template.
+## ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+
+## Tolerations for pod assignment. Evaluated as a template.
+## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+
+## Pod extra labels
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+##
+podLabels: {}
+
+## Annotations for server pods.
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+##
+podAnnotations: {}
+
+##  pods' priority.
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+##
+# priorityClassName: ""
+
+## lifecycleHooks for the  container to automate configuration before or after startup.
+##
+lifecycleHooks: {}
+
+## Custom Liveness probes for
+##
+customLivenessProbe: {}
+
+## Custom Rediness probes
+##
+customReadinessProbe: {}
+
+## Update strategy - only really applicable for deployments with RWO PVs attached
+## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
+## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
+## terminate the single previous pod, so that the new, incoming pod can attach to the PV
+##
+updateStrategy:
+  type: RollingUpdate
+
+## Additional environment variables to set
+## Example:
+## extraEnvVars:
+##   - name: FOO
+##     value: "bar"
+##
+extraEnvVars: []
+
+## ConfigMap with extra environment variables that used
+##
+extraEnvVarsCM:
+  - global
+  - config-server-share
+  - artifactory-share
+
+## Secret with extra environment variables
+##
+extraEnvVarsSecret:
+
+## Extra volumes to add to the deployment
+##
+extraVolumes: []
+
+## Extra volume mounts to add to the container
+##
+extraVolumeMounts: []
+
+## Add init containers to the  pods.
+## Example:
+## initContainers:
+##   - name: your-image-name
+##     image: your-image
+##     imagePullPolicy: Always
+##     ports:
+##       - name: portname
+##         containerPort: 1234
+##
+initContainers: {}
+
+## Add sidecars to the  pods.
+## Example:
+## sidecars:
+##   - name: your-image-name
+##     image: your-image
+##     imagePullPolicy: Always
+##     ports:
+##       - name: portname
+##         containerPort: 1234
+##
+sidecars: {}
+
+persistence:
+  enabled: false
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack).
+  ##
+  # storageClass: "-"
+  ##
+  ## If you want to reuse an existing claim, you can pass the name of the PVC using
+  ## the existingClaim variable
+  # existingClaim: your-claim
+  ## ReadWriteMany not supported by AWS gp2
+  storageClass:
+  accessModes:
+    - ReadWriteOnce
+  size: 10M
+  existingClaim:
+  # Dir where config and keys are written inside container
+  mountDir:
+
+## Init containers parameters:
+## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
+##
+volumePermissions:
+  enabled: false
+  image:
+    registry: docker.io
+    repository: bitnami/bitnami-shell
+    tag: "10"
+    pullPolicy: Always
+    ## Optionally specify an array of imagePullSecrets.
+    ## Secrets must be manually created in the namespace.
+    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+    ##
+    pullSecrets: []
+    ##   - myRegistryKeySecretName
+  ## Init containers' resource requests and limits
+  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  ##
+  resources:
+    ## We usually recommend not to specify default resources and to leave this as a conscious
+    ## choice for the user. This also increases chances charts run on environments with little
+    ## resources, such as Minikube. If you do want to specify resources, uncomment the following
+    ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    ##
+    limits: {}
+    ##   cpu: 100m
+    ##   memory: 128Mi
+    ##
+    requests: {}
+    ##   cpu: 100m
+    ##   memory: 128Mi
+    ##
+
+## Specifies whether RBAC resources should be created
+##
+rbac:
+  create: true
+
+## Specifies whether a ServiceAccount should be created
+##
+serviceAccount:
+  create: true
+  ## The name of the ServiceAccount to use.
+  ## If not set and create is true, a name is generated using the fullname template
+  ##
+  name:
+
+## Prometheus Metrics
+##
+metrics:
+  enabled: true
+  ## Prometheus pod annotations
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  podAnnotations:
+    prometheus.io/scrape: "true"
+
+  endpointPath: /preregistration/v1/actuator/prometheus
+
+  ## Prometheus Service Monitor
+  ## ref: https://github.com/coreos/prometheus-operator
+  ##
+  serviceMonitor:
+    ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry
+    ##
+    enabled: true
+    ## Specify the namespace in which the serviceMonitor resource will be created
+    ##
+    # namespace: ""
+    ## Specify the interval at which metrics should be scraped
+    ##
+    interval: 10s
+    ## Specify the timeout after which the scrape is ended
+    ##
+    # scrapeTimeout: 30s
+    ## Specify Metric Relabellings to add to the scrape endpoint
+    ##
+    # relabellings:
+    ## Specify honorLabels parameter to add the scrape endpoint
+    ##
+    honorLabels: false
+    ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with
+    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+    ##
+    additionalLabels: {}
+
+  ## Custom PrometheusRule to be defined
+  ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
+  ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
+  ##
+  prometheusRule:
+    enabled: false
+    additionalLabels: {}
+    namespace: ''
+    ## List of rules, used as template by Helm.
+    ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html
+    # rules:
+    #   - alert: RabbitmqDown
+    #     expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0
+    #     for: 5m
+    #     labels:
+    #       severity: error
+    rules: []
+
+istio:
+  enabled: true
+  gateways:
+    - istio-system/internal
+  prefix: /preregistration/v1/sync
diff --git a/helm/prereg-gateway/.gitignore b/helm/prereg-gateway/.gitignore
new file mode 100644
index 0000000000..b3c94bf643
--- /dev/null
+++ b/helm/prereg-gateway/.gitignore
@@ -0,0 +1,2 @@
+charts/
+Charts.lock
diff --git a/helm/prereg-gateway/.helmignore b/helm/prereg-gateway/.helmignore
new file mode 100644
index 0000000000..f0c1319444
--- /dev/null
+++ b/helm/prereg-gateway/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/helm/prereg-gateway/Chart.yaml b/helm/prereg-gateway/Chart.yaml
new file mode 100644
index 0000000000..fc728d09cf
--- /dev/null
+++ b/helm/prereg-gateway/Chart.yaml
@@ -0,0 +1,20 @@
+apiVersion: v2
+name: prereg-gateway
+description: A Helm chart for MOSIP Pre-registration Istio Gateway
+type: application
+version: 12.0.1-develop
+appVersion: ""
+dependencies:
+  - name: common
+    repository: https://charts.bitnami.com/bitnami
+    tags:
+      - bitnami-common
+    version: 1.x.x
+home: https://mosip.io
+keywords:
+  - mosip
+  - prereg-gateway
+  - kernel
+maintainers:
+  - email: info@mosip.io
+    name: MOSIP
diff --git a/helm/prereg-gateway/README.md b/helm/prereg-gateway/README.md
new file mode 100644
index 0000000000..3f0388fcf2
--- /dev/null
+++ b/helm/prereg-gateway/README.md
@@ -0,0 +1,11 @@
+# PreReg Istio Gateway
+
+Helm chart for installing Pre-Registration Istio gateway
+
+## Install
+```console
+$ kubectl create namespace prereg
+$ helm repo add mosip https://mosip.github.io
+$ helm -n prereg install my-release mosip/prereg-gateway
+```
+
diff --git a/helm/prereg-gateway/templates/gateway.yaml b/helm/prereg-gateway/templates/gateway.yaml
new file mode 100644
index 0000000000..d7a67a099e
--- /dev/null
+++ b/helm/prereg-gateway/templates/gateway.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.istio.enabled }}
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: prereg-gateway
+spec:
+  selector:
+    istio: {{ .Values.istio.ingressController.name }}
+  servers:
+  - port:
+      number: 80
+      name: http
+      protocol: HTTP
+    hosts:
+      {{- include "common.tplvalues.render" ( dict "value" .Values.istio.hosts "context" $ ) | nindent 6 }}
+{{- end }}
diff --git a/helm/prereg-gateway/values.yaml b/helm/prereg-gateway/values.yaml
new file mode 100644
index 0000000000..c77388f5ba
--- /dev/null
+++ b/helm/prereg-gateway/values.yaml
@@ -0,0 +1,409 @@
+## Global Docker image parameters
+## Please, note that this will override the image parameters, including dependencies, configured to use the global value
+## Current available global Docker image parameters: imageRegistry and imagePullSecrets
+##
+# global:
+#   imageRegistry: myRegistryName
+#   imagePullSecrets:
+#     - myRegistryKeySecretName
+#   storageClass: myStorageClass
+
+## Add labels to all the deployed resources
+##
+commonLabels:
+  app.kubernetes.io/component: mosip
+
+## Add annotations to all the deployed resources
+##
+commonAnnotations: {}
+
+## Kubernetes Cluster Domain
+##
+clusterDomain: cluster.local
+
+## Extra objects to deploy (value evaluated as a template)
+##
+extraDeploy: []
+
+## Number of nodes
+##
+replicaCount: 1
+
+service:
+  type: ClusterIP
+  port: 80
+  ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific)
+  ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer
+  ##
+  ## loadBalancerIP:
+  ##
+  ## nodePorts:
+  ##   http: <to set explicitly, choose port between 30000-32767>
+  ##   https: <to set explicitly, choose port between 30000-32767>
+  ##
+
+  nodePorts:
+    http: ""
+    https: ""
+  ## Enable client source IP preservation
+  ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+  ##
+  externalTrafficPolicy: Cluster
+
+image:
+  registry: docker.io
+  repository:
+  tag:
+  ## Specify a imagePullPolicy
+  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+  ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+  ##
+  pullPolicy: Always
+  ## Optionally specify an array of imagePullSecrets.
+  ## Secrets must be manually created in the namespace.
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+  ##
+  # pullSecrets:
+  #   - myRegistryKeySecretName
+
+## Port on which this particular spring service module is running.
+springServicePort: 80
+
+## Configure extra options for liveness and readiness probes
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+##
+livenessProbe:
+  enabled: true
+  tcpSocket:
+    port: 80
+  initialDelaySeconds: 120
+  periodSeconds: 30
+  timeoutSeconds: 5
+  failureThreshold: 6
+  successThreshold: 1
+
+readinessProbe:
+  enabled: true
+  tcpSocket:
+    port: 80
+  initialDelaySeconds: 30
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 6
+  successThreshold: 1
+
+##
+# existingConfigmap:
+
+## Command and args for running the container (set to default if not set). Use array form
+##
+command: []
+args: []
+
+## Deployment pod host aliases
+## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+##
+hostAliases: []
+
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  limits: {}
+  #   cpu: 200m
+  #   memory: 256Mi
+  requests:
+    cpu: 200m
+    memory: 20Mi
+
+additionalResources:
+  ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources
+  ## Example: java_opts: "-Xms500M -Xmx500M"
+  javaOpts: ""
+
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+## Clamav container already runs as 'mosip' user, so we may not need to enable this
+containerSecurityContext:
+  enabled: false
+  runAsUser: mosip
+  runAsNonRoot: true
+
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+##
+podSecurityContext:
+  enabled: false
+  fsGroup: 1001
+
+## Pod affinity preset
+## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+## Allowed values: soft, hard
+##
+podAffinityPreset: ""
+
+## Pod anti-affinity preset
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+## Allowed values: soft, hard
+##
+podAntiAffinityPreset: soft
+
+## Node affinity preset
+## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+## Allowed values: soft, hard
+##
+nodeAffinityPreset:
+  ## Node affinity type
+  ## Allowed values: soft, hard
+  ##
+  type: ""
+  ## Node label key to match
+  ## E.g.
+  ## key: "kubernetes.io/e2e-az-name"
+  ##
+  key: ""
+  ## Node label values to match
+  ## E.g.
+  ## values:
+  ##   - e2e-az1
+  ##   - e2e-az2
+  ##
+  values: []
+
+## Affinity for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+
+## Node labels for pod assignment. Evaluated as a template.
+## ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+
+## Tolerations for pod assignment. Evaluated as a template.
+## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+
+## Pod extra labels
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+##
+podLabels: {}
+
+## Annotations for server pods.
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+##
+podAnnotations: {}
+
+##  pods' priority.
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+##
+# priorityClassName: ""
+
+## lifecycleHooks for the  container to automate configuration before or after startup.
+##
+lifecycleHooks: {}
+
+## Custom Liveness probes for
+##
+customLivenessProbe: {}
+
+## Custom Rediness probes
+##
+customReadinessProbe: {}
+
+## Update strategy - only really applicable for deployments with RWO PVs attached
+## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
+## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
+## terminate the single previous pod, so that the new, incoming pod can attach to the PV
+##
+updateStrategy:
+  type: RollingUpdate
+
+## Additional environment variables to set
+## Example:
+## extraEnvVars:
+##   - name: FOO
+##     value: "bar"
+##
+extraEnvVars: []
+
+## ConfigMap with extra environment variables that used
+##
+extraEnvVarsCM:
+  - global
+  - config-server-share
+  - artifactory-share
+
+## Secret with extra environment variables
+##
+extraEnvVarsSecret:
+
+## Extra volumes to add to the deployment
+##
+extraVolumes: []
+
+## Extra volume mounts to add to the container
+##
+extraVolumeMounts: []
+
+## Add init containers to the  pods.
+## Example:
+## initContainers:
+##   - name: your-image-name
+##     image: your-image
+##     imagePullPolicy: Always
+##     ports:
+##       - name: portname
+##         containerPort: 1234
+##
+initContainers: {}
+
+## Add sidecars to the  pods.
+## Example:
+## sidecars:
+##   - name: your-image-name
+##     image: your-image
+##     imagePullPolicy: Always
+##     ports:
+##       - name: portname
+##         containerPort: 1234
+##
+sidecars: {}
+
+persistence:
+  enabled: false
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack).
+  ##
+  # storageClass: "-"
+  ##
+  ## If you want to reuse an existing claim, you can pass the name of the PVC using
+  ## the existingClaim variable
+  # existingClaim: your-claim
+  ## ReadWriteMany not supported by AWS gp2
+  storageClass:
+  accessModes:
+    - ReadWriteOnce
+  size: 10M
+  existingClaim:
+  # Dir where config and keys are written inside container
+  mountDir:
+
+## Init containers parameters:
+## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
+##
+volumePermissions:
+  enabled: false
+  image:
+    registry: docker.io
+    repository: bitnami/bitnami-shell
+    tag: "10"
+    pullPolicy: Always
+    ## Optionally specify an array of imagePullSecrets.
+    ## Secrets must be manually created in the namespace.
+    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+    ##
+    pullSecrets: []
+    ##   - myRegistryKeySecretName
+  ## Init containers' resource requests and limits
+  ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+  ##
+  resources:
+    ## We usually recommend not to specify default resources and to leave this as a conscious
+    ## choice for the user. This also increases chances charts run on environments with little
+    ## resources, such as Minikube. If you do want to specify resources, uncomment the following
+    ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    ##
+    limits: {}
+    ##   cpu: 100m
+    ##   memory: 128Mi
+    ##
+    requests: {}
+    ##   cpu: 100m
+    ##   memory: 128Mi
+    ##
+
+## Specifies whether RBAC resources should be created
+##
+rbac:
+  create: true
+
+## Specifies whether a ServiceAccount should be created
+##
+serviceAccount:
+  create: true
+  ## The name of the ServiceAccount to use.
+  ## If not set and create is true, a name is generated using the fullname template
+  ##
+  name:
+
+## Prometheus Metrics
+##
+## TODO: Enable later when monitoring is enabled.
+metrics:
+  enabled: false
+  ## Prometheus pod annotations
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  podAnnotations:
+    prometheus.io/scrape: "true"
+
+  endpointPath: /preregistration/v1/actuator/prometheus
+
+  ## Prometheus Service Monitor
+  ## ref: https://github.com/coreos/prometheus-operator
+  ##
+  serviceMonitor:
+    ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry
+    ##
+    enabled: true
+    ## Specify the namespace in which the serviceMonitor resource will be created
+    ##
+    # namespace: ""
+    ## Specify the interval at which metrics should be scraped
+    ##
+    interval: 10s
+    ## Specify the timeout after which the scrape is ended
+    ##
+    # scrapeTimeout: 30s
+    ## Specify Metric Relabellings to add to the scrape endpoint
+    ##
+    # relabellings:
+    ## Specify honorLabels parameter to add the scrape endpoint
+    ##
+    honorLabels: false
+    ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with
+    ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+    ##
+    additionalLabels: {}
+
+  ## Custom PrometheusRule to be defined
+  ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
+  ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
+  ##
+  prometheusRule:
+    enabled: false
+    additionalLabels: {}
+    namespace: ''
+    ## List of rules, used as template by Helm.
+    ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html
+    # rules:
+    #   - alert: RabbitmqDown
+    #     expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0
+    #     for: 5m
+    #     labels:
+    #       severity: error
+    rules: []
+
+## External facing gateway with a specific domain name
+istio:
+  enabled: true
+  ingressController:
+    name: ingressgateway
+  hosts:
+    - prereg.sandbox.xyz.net