From 3e2e42b8ab8fd9e91df65b4c3230d725fd41d936 Mon Sep 17 00:00:00 2001 From: v3DJG6GL <72495210+v3DJG6GL@users.noreply.github.com> Date: Thu, 25 Jul 2024 17:14:19 +0200 Subject: [PATCH] (fix #2)updating traefik-crds to latest --- catalog.json | 6 +- system/traefik-crds/2.1.2/.helmignore | 32 + system/traefik-crds/2.1.2/CHANGELOG.md | 3 + system/traefik-crds/2.1.2/Chart.yaml | 39 + system/traefik-crds/2.1.2/README.md | 61 + system/traefik-crds/2.1.2/app-readme.md | 8 + .../2.1.2/charts/common-23.0.0.tgz | Bin 0 -> 96822 bytes system/traefik-crds/2.1.2/dashboard.json | 1568 +++++++++++++++++ system/traefik-crds/2.1.2/icon-small.webp | Bin 0 -> 610 bytes system/traefik-crds/2.1.2/icon.webp | Bin 0 -> 3696 bytes system/traefik-crds/2.1.2/ix_values.yaml | 17 + system/traefik-crds/2.1.2/questions.yaml | 205 +++ system/traefik-crds/2.1.2/templates/NOTES.txt | 1 + .../traefik-crds/2.1.2/templates/common.yaml | 5 + .../traefik.containo.us_ingressroutes.yaml | 287 +++ .../traefik.containo.us_ingressroutetcps.yaml | 224 +++ .../traefik.containo.us_ingressrouteudps.yaml | 104 ++ .../crds/traefik.containo.us_middlewares.yaml | 980 +++++++++++ .../traefik.containo.us_middlewaretcps.yaml | 87 + ...traefik.containo.us_serverstransports.yaml | 126 ++ .../crds/traefik.containo.us_tlsoptions.yaml | 114 ++ .../crds/traefik.containo.us_tlsstores.yaml | 97 + .../traefik.containo.us_traefikservices.yaml | 411 +++++ .../crds/traefik.io_ingressroutes.yaml | 287 +++ .../crds/traefik.io_ingressroutetcps.yaml | 224 +++ .../crds/traefik.io_ingressrouteudps.yaml | 104 ++ .../crds/traefik.io_middlewares.yaml | 980 +++++++++++ .../crds/traefik.io_middlewaretcps.yaml | 87 + .../crds/traefik.io_serverstransports.yaml | 126 ++ .../crds/traefik.io_serverstransporttcps.yaml | 120 ++ .../templates/crds/traefik.io_tlsoptions.yaml | 114 ++ .../templates/crds/traefik.io_tlsstores.yaml | 97 + .../crds/traefik.io_traefikservices.yaml | 411 +++++ system/traefik-crds/2.1.2/values.yaml | 0 system/traefik-crds/app_versions.json | 198 +++ 35 files changed, 7120 insertions(+), 3 deletions(-) create mode 100644 system/traefik-crds/2.1.2/.helmignore create mode 100644 system/traefik-crds/2.1.2/CHANGELOG.md create mode 100644 system/traefik-crds/2.1.2/Chart.yaml create mode 100644 system/traefik-crds/2.1.2/README.md create mode 100644 system/traefik-crds/2.1.2/app-readme.md create mode 100644 system/traefik-crds/2.1.2/charts/common-23.0.0.tgz create mode 100644 system/traefik-crds/2.1.2/dashboard.json create mode 100644 system/traefik-crds/2.1.2/icon-small.webp create mode 100644 system/traefik-crds/2.1.2/icon.webp create mode 100644 system/traefik-crds/2.1.2/ix_values.yaml create mode 100644 system/traefik-crds/2.1.2/questions.yaml create mode 100644 system/traefik-crds/2.1.2/templates/NOTES.txt create mode 100644 system/traefik-crds/2.1.2/templates/common.yaml create mode 100644 system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_ingressroutes.yaml create mode 100644 system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_ingressroutetcps.yaml create mode 100644 system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_ingressrouteudps.yaml create mode 100644 system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_middlewares.yaml create mode 100644 system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_middlewaretcps.yaml create mode 100644 system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_serverstransports.yaml create mode 100644 system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_tlsoptions.yaml create mode 100644 system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_tlsstores.yaml create mode 100644 system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_traefikservices.yaml create mode 100644 system/traefik-crds/2.1.2/templates/crds/traefik.io_ingressroutes.yaml create mode 100644 system/traefik-crds/2.1.2/templates/crds/traefik.io_ingressroutetcps.yaml create mode 100644 system/traefik-crds/2.1.2/templates/crds/traefik.io_ingressrouteudps.yaml create mode 100644 system/traefik-crds/2.1.2/templates/crds/traefik.io_middlewares.yaml create mode 100644 system/traefik-crds/2.1.2/templates/crds/traefik.io_middlewaretcps.yaml create mode 100644 system/traefik-crds/2.1.2/templates/crds/traefik.io_serverstransports.yaml create mode 100644 system/traefik-crds/2.1.2/templates/crds/traefik.io_serverstransporttcps.yaml create mode 100644 system/traefik-crds/2.1.2/templates/crds/traefik.io_tlsoptions.yaml create mode 100644 system/traefik-crds/2.1.2/templates/crds/traefik.io_tlsstores.yaml create mode 100644 system/traefik-crds/2.1.2/templates/crds/traefik.io_traefikservices.yaml create mode 100644 system/traefik-crds/2.1.2/values.yaml diff --git a/catalog.json b/catalog.json index a39cdd6074..19a46a5faa 100644 --- a/catalog.json +++ b/catalog.json @@ -25788,10 +25788,10 @@ "healthy_error": null, "home": "https://truecharts.org/charts/system/traefik-crds", "location": "/home/runner/_work/catalog/catalog/system/traefik-crds", - "latest_version": "2.1.1", + "latest_version": "2.1.2", "latest_app_version": "latest", - "latest_human_version": "latest_2.1.1", - "last_update": "2024-07-25 16:55:00", + "latest_human_version": "latest_2.1.2", + "last_update": "2024-07-25 17:15:00", "name": "traefik-crds", "recommended": false, "title": "Traefik-crds", diff --git a/system/traefik-crds/2.1.2/.helmignore b/system/traefik-crds/2.1.2/.helmignore new file mode 100644 index 0000000000..feb7464da6 --- /dev/null +++ b/system/traefik-crds/2.1.2/.helmignore @@ -0,0 +1,32 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS +# helm-docs templates +*.gotmpl +# docs folder +/docs +# icon +icon.png +icon.webp +icon-small.webp diff --git a/system/traefik-crds/2.1.2/CHANGELOG.md b/system/traefik-crds/2.1.2/CHANGELOG.md new file mode 100644 index 0000000000..941abb8a21 --- /dev/null +++ b/system/traefik-crds/2.1.2/CHANGELOG.md @@ -0,0 +1,3 @@ +*for the complete changelog, please refer to the website* + +**Important:** \ No newline at end of file diff --git a/system/traefik-crds/2.1.2/Chart.yaml b/system/traefik-crds/2.1.2/Chart.yaml new file mode 100644 index 0000000000..b42af03a9b --- /dev/null +++ b/system/traefik-crds/2.1.2/Chart.yaml @@ -0,0 +1,39 @@ +annotations: + max_scale_version: 24.04.0 + min_scale_version: 23.10.0 + truecharts.org/SCALE-support: "true" + truecharts.org/category: network + truecharts.org/max_helm_version: "3.15" + truecharts.org/min_helm_version: "3.11" + truecharts.org/train: system +apiVersion: v2 +appVersion: latest +dependencies: + - name: common + version: 23.0.10 + repository: oci://tccr.io/truecharts + condition: "" + alias: "" + tags: [] + import-values: [] +deprecated: false +description: Traefik-CRDs contains the CRD's for Traefik +home: https://truecharts.org/charts/system/traefik-crds +icon: https://truecharts.org/img/hotlink-ok/chart-icons/traefik-crds.webp +keywords: + - traefik + - ingress +kubeVersion: '>=1.24.0-0' +maintainers: + - name: TrueCharts + email: info@truecharts.org + url: https://truecharts.org +name: traefik-crds +sources: + - https://github.com/traefik/traefik + - https://github.com/traefik/traefik-helm-chart + - https://github.com/truecharts/charts/tree/master/charts/system/traefik-crds + - https://github.com/truecharts/containers/tree/master/apps/scratch + - https://traefik.io/ +type: application +version: 2.1.2 \ No newline at end of file diff --git a/system/traefik-crds/2.1.2/README.md b/system/traefik-crds/2.1.2/README.md new file mode 100644 index 0000000000..0c9c76e098 --- /dev/null +++ b/system/traefik-crds/2.1.2/README.md @@ -0,0 +1,61 @@ +--- +title: README +--- + +## General Info + +TrueCharts can be installed as both _normal_ Helm Charts or as TrueNAS SCALE Apps. +Both solutions are fully supported, but we heavily advice the use of normal Helm Charts where possible + +For more information about this Chart, please check the docs on the TrueCharts [website](https://truecharts.org/charts/system/traefik-crds) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + +## Installation + +### Helm-Chart installation + +To install TrueCharts Helm charts using Helm, you can use our OCI Repository. + +`helm install mychart oci://tccr.io/truecharts/CHARTNAME` + +For more information on how to install TrueCharts Helm charts, checkout the instructions on the website: https://truecharts.org/helm/ + + +### TrueNAS SCALE Apps + +For more information on how to use TrueCharts as TrueNAS SCALE Apps, please checkout the [quick-start guides for TrueNAS SCALE](https://truecharts.org/scale). + +## Chart Specific Guides and information + +All our charts have dedicated documentation pages. +The documentation for this chart can be found here: +https://truecharts.org/charts/system/traefik-crds + +## Configuration Options + +Please note: For TrueNAS SCALE, only options available in the GUI are supported. +Hence most of these docs do not apply to TrueNAS SCALE + +To view the chart specific options, please view Values.yaml included in the chart. +The most recent version of which, is available here: https://github.com/truecharts/charts/charts/system/traefik-crds/values.yaml + +All our Charts use a shared "common" library chart that contains most of the templating and options. +For the complete overview of all available options, please checkout the documentation for them on the website: https://truecharts.org/common/ + +For information about the common chart and all defaults included with it, please review its values.yaml file available here: https://github.com/truecharts/library-charts/blob/main/library/common/values.yaml + +## Support + +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/general/sponsor) or contributing back to the project any way you can! + +_All Rights Reserved - The TrueCharts Project_ diff --git a/system/traefik-crds/2.1.2/app-readme.md b/system/traefik-crds/2.1.2/app-readme.md new file mode 100644 index 0000000000..fa812a6617 --- /dev/null +++ b/system/traefik-crds/2.1.2/app-readme.md @@ -0,0 +1,8 @@ +Traefik-CRDs contains the CRD's for Traefik + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/system/traefik-crds](https://truecharts.org/charts/system/traefik-crds) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/system/traefik-crds/2.1.2/charts/common-23.0.0.tgz b/system/traefik-crds/2.1.2/charts/common-23.0.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..0622a806d94b2598dfdd18d54aff29c4facf2e3e GIT binary patch literal 96822 zcmV)SK(fCdiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvHbK5wwFb>b(`V=T7TN}@7$-2wdIoWy~+mrD#j;&)knLY15 zTV9BSB&;cdLx6HLnSA$O;Y#o-$(HS8R@|+LMFNdRqtWPYG#U<>&xwCY_=OeG&{X!r_=1ToBbae%~q$^`~ftc0GG@YQ3k^w8jo%( z-MR1Nfxb@|WSIDLPyqmj3{RlLX3@Bg$$~mfba?aguQx2LzyN6ZxJ9x{8R;5Tw%bL z0UBuZDhrKEt6gu@8)o^7qvZbrdJ&>ev;dUK|7N4tYc|vJzu(@;|7Uq#fm#i` z_sAG}Kr%sPDt__RKztk_2B7O=E;peEhx*=PNFbGKJ%7>SXaXaTQCUo2cZw$1M*srKNC>Cs#DkPx z!Z`wL1{t`=o(IMVL=?GVVS%0phM!KTf^Y(T{+TRL7)Bm)L4ZR3U3|7dCY$6~fFLAe z1h~i*-^9-wA%MB4&XymcaDg2Jh9P0ZA)ahQzSQpqfH@^qZ**g-nr!aGi}<2MtsFG#0VCSd=n2#s>1No2^itukuJ{v9)M<}@g8Rje>%B| z3ojg2T9`vVb{s@0;9MdH4~iG!_dqErHE@lf`)i09y7HYI6nU!|KnsT*KLC~*emqAc zV$@;*^+p5YdYO-?`3(T}F~iV1MIKy^kVAZz4nVVIz6U78#Erjn%@@_0`4oSdKbLqgG6|b_r&^#!9*+ z1y4XIn}&$~<^iQ}2|;smIef25=L#YIUCYWcVU#HsOpT7&>{S4mBgVy}C7_O7m&(@{ z?`)|K7}0`5O(EA+lI7Tz{anMW0Kh_sCipH5SiLR+4Bp(&kPm!>T;%Sp(F})uCL}%u zBm^#|@^3anV1hp*7tFEidgva8yo4{PhkZ_Rib_eR3R!E)PaNKd7+eC0;~?-bqE>Uf zUk_?+l5WQc6{W7vAogoxNU>wM?G?BRq-1Z{b5gTPw?JmK9Y_a`LeZ>Lia0ZjF}EXP!TFX<(7Y9v6u zLqb{;J$|9S3f}#IeLRomz$Y#ma)m@_R($?o|5CjhfTKpEp=(H{6uiwy0Oo`;5D=FF z=(~WMjMAV3*mu0h#r_mHelQiaU4p34e&jdAWts2RphtWpU{r*55gdD-UQR2b&7TRm z<1MOL0A_H(0Yhcr)m#)H-$lN&)T2?ayaK}z&tZtYr4%uY0OZpsMBp9)m-v5;@sMD^ zJn|S0Jh^;PaF5vx_=qy(0@DIUw4$n=h+1m0NJP&*2Of5?(E5ae7!M4Wa9rC1!b%0i z_m-99kW}y-PKB};qJU7$ggZkCmV^5lfpe|}1d-D1g8VA zXx5vJdh`F#8EkcXgWed8Cx;!Uanu}lUD$Cut=8dqa(L9}cG^AEZac8uZ^DVwo3zJn zw>56|4qM|+!|nIRt+tCQ6@l;x@frHeICjUw;m7L>#YF*ePtH%T)i1hm%&&^llbtBU zYzY*A3RN#GfTG}uW*wkQ2yQ~3nOPiS?y3~Z8&jqN;=kn-3?u)TexxWIfNt+Fe)T>i zQDD78(7p1#wrlQ+ky6E%`t@=jjLvR8o}Y?;-}8Tey889T@bn04cb>y1LPb%b7gtoxp%*bm!s6^V9rMUu)cf z01%I;fcf#m@#vRF0TmDipxS7(T1J2liCfIDN~RS+4~Q!#kQ~8Dni18DlNt1gd0513$$Dql*V--UAvm?W`wd!#O_IWmwY+oY-GPUAD$#%aCu@uqB9tB zvz2Sem$7u$pFq11>|sceW(&U7kC2BPMwDc{i^eGQ5ks_&$pH+V*#K1G-0gJ?pMNw<=!Aq0 z*YKx=vwpzEr5KV^6nJFG*-+{NBL*3oMBWH7YN<24Px7yks2eNRBp@D{F6HYJ;!_qv z>@$rvBOVI1mMq>-XNKI!L*b<$f?SV6OvLh{Js#?PD8*~~wUC4)@|jk}9f$wAA$Q1< z=M05&?2ESFhtNU8q)F9lC=Pw&5{DjeHu4B`53bLSPd}X1=k8ubzvJ|tL+qzqI%aJN zgwC?G-pJJ%i+4YD!3Xr4uA{KA)>JT?8pKRmu$)X@1p`94Mkv|jF$QV(( zfjlF>yy>{V)h}N_{gZU{DjTZKJ5Ucu$f){Ld56H)uhkTgK&Y)8$m>;57!0R~3ElS( zqjIlonio$uo8vb4Gj})Ri1@R0R?g`gJV(EC14S4SXo14z{S1Xj7=_s3ovqyb{|DgX z&55dUYMi&iomR;@b5pKdTX-m}Y}uh+Z7w=Qr}X$Fr+@w^0XOKzO8~(bI(Jb3BF44Xr2@puXwde^SpH#q zbgb6{tpK=1V%We@dxK>)dd zM%WC6TH%eqOKi9zjh*;yLIiQy6Mu3MWrO%do$;-Rd=TnLvEydhcI#fu1Pv*L`5#^yQm>f>%Vj5p{L^n?Kf8vZ(8TjxGQ z;Y1icnuoIm#f}9dN^j?gHII%uwMJJU79w{B*?^lV&1_{DvDpYw;p&fvE21cr995-c zj`YuJTq1y!-jmQ(CG^i~7RI?oF9poJ&w-k*lX+jY@ju1X;r8nCyX(QiVXJ1q!eLqd zS1a2q0NkYy=h&$Q3uhIiT#*w)DiJtVBQ+N?I1-MGr)v*@Oe+A~VV{rHP%8-R6Y(Np zg5tRu05#<3Go}pt)8VHR@k#%#IlT1Ri0f*i4K$gorMC-kW?kS&?vn{#Cy_!G1CaJ?7t>2bi(lfTS3iZ&GH;%^&yIv>9X@^n6a z1oDEdiLe{wC;7vCi-arP2pID|M^4$qa3adc{6**?n>KicWP$lQV!BbcUd1E`@xqjl zKg_pR;6#7~C!=$|-ieis_<-9Tx(r|Ixm6@)lUQH@neND$dmh~g<#=`<((UsYFBiM7=Ru_A#(Q&loXaS zBsVh{Qd5xD>bd`Kog81BS^L?QSK!L`WH@n%CMXm^P=a6a=d;g@D+-=b z;*{?>3e^VJKmPgDZ3w5iwO=7^Z{chlMxHkkmOmAicj~1W{Y@*yd}&p51VVEdh#KZs zrUB`OP(GSm6llV$Y3>{I9|B;2~Ko4aoDB>*$o9T`sR2AO&N%#cX#nxU5}#M#g!n#kxc0#f4$&{QTlv2v0uJ=~3MBW` z1tuIV5+I*fAU*uTrs`rK^LLv00s2Hajh&xx;FJ(>S zyP&4t=-+Wqq+%#{t}@iDR8q~$uey%iwrSLE(!6-h`v(SZH3TcHsLr`3fgqj;nIr4e z5`B^H449wE9Od;*{2n0$<|LHi4L|-UoU)1D{rDq*47}kV1lX@%_bLEP2w@iQy#lAi ziNp>jM^|p)3MU3|W{Atxh>5X`xemB?4M3E0s^B<)_;wW_Us6>t58)z8=(jS`Lome* zdBHviRNKU-*hQg^*5y1DV^G%M0S$;xNmv2k9)_GFZJCDuE@KL)bglAL9#~=RDuzed z{1wB73c{;buPWmIHZ?{8a_|H@;F=Hyu2f*0DE8`=_DhS{Jn2JHz{RlL&#*HCQp|}6 zH4*bPMqrA36hemFiY(51%qLhuJTj1bu-G+`4aRe{{PW!49LEXk zm>lqb4^%-DhtsaN59QFk_O90z1fPf>>>!8N4?hA={1_; zW~1XAj(a`iI9)hyHYZ1iy-B~-Y&IMS`xA(uGw#4n-)%O!t=@RjYL;TjAoj#EwHi%R z)QW2Ab?PmRXQS1J4T#3b?I5>*)OOm3jmeSIY>y}1=49M++wIP{-E5=gQ3D<|j{40` z*KuLL({qm6ZQ)}t#?v9LvXE9I%FEVdVS{R?-fG7IScj;8*l!*lj{Dv5(P3xOYq#3{ z!#;v;*KNa&+vrW4ap$nx8FzW7#$$w>R;xE|_MOS3(MF}HLNCDn8uXOqEY@ru#TY^t zH5$DxY91jM!p@|3)M&e%UI(Fmqu1y*n@!j`Y#(*H?VgLqN1aK#IqvnEtzM_!=ybb> zr5I8tgv^<(Mo|^iILbqD8bvf|_1$jo2zA@t#!(A7okP@i4tw23Yus+4&S7iPK5BIv zhey4R+iUa=$K7uC5ca!nr`UFxEhTH2n-M$0+?Za`W)jsOACWi?1C#5LfPth8ao0qaCOe3Dx zEvMC+Ou8N9cE-p(LY+wy9`&2;R8cS96FswW9*Su>4IU+^Ki0S<@Le8|{9p+i0}L4YxgMA2ym}x9@b1 zdTy`TY&XYFYute2#v$q*xoy;HcAH0?@wnAI9FN`3q*Bol=qDaV{u;z{$F+NiSxwio z<0)f8c2Ea($48TPA9me_bLbv5+#;RIA!oAjE_i%jJJmPb<)o=FP!_Hx+F*$UP#(W0#x}8b0 z-{pMUJ#xCOULQ7{!(PMfcPH(m!*WR(A{TE=U{NU_S#;ECwhoV)&e6E%9Q7v6X0y|F z+{433*KHoTlXkZ?p7h7vZoe^U9=5uZUVq$0P1tf>#OGT%b%{SE51_8BmXGjJt9OW6 z?W0!T>AeXB8H8te_;)irD=ALS^ zTWi-ln>Dz37wran>o@pG=&-AL$Pl*_oEZt-RO1U?zaG-WIMx4B{YK}g**`o)sJk`>oW39s1YS+;UvY@uM=*3ZrT0A!(Uey#rg#i{C9w^( zHQ?AJ779zN(P}o1njN!x9k$1Z<9^5ObU75pg{WS61&-sx#c@$b1}sC@ zRdGnJD^IhySfqS_;S$`TC7^hYJs5IhoJ0QW9Af{k8cw}%G_|dq2p6-C?qtuCWlw~; znUMSs@J{*Kg!@1Sis_o*jgGsLQK0)kcp3KrVotqY->WM)=fWcwiepp4Ys6;I2TcuT zAIy0xR8kkpLo)GaQ45B5$OVvU6zT=BZ>qxz7N#~3D8jDeqe1}4uyq`!JB~gF(08Rf zMLONnClx}nz%H^+k;`M|%BwPmOFq^bx@;?P5WN_XeUz{STK0gtbwu47Ua`X=>56IW z2(gKy$LU%&K*292FdY2tZL{7ys#xBbbSyQmsn4QwrqxWMTs0!%NWU{VR9@wJd_+KB z?BlUYE2b9zwH(FPoSYHL;`wOvw)kSsM!XVURdv3MibMc{2HhI6fD3&+TLVa` zrueJanI-3YO>OMeJ>o#mDw9DjfNT~c$3a-7#m9m5!XP+=Y*q*BVir5q4pMLB=FQY6 zA)l_&1#IPK0e^c7n)PO<*2sY-Lw|-Ln&8iQV6T+(Pf7?q=<)uKVKy1eW*u;p<>mNu z-kcGEV5$-ATpY#Wu=eLtEPOaGL?r`9?2K*#T|^A83qAIGrq+|2i&2_u>);(>GZpSC z9O`@yNe1VmAIO6y046y@^TKKI&1=k~ zalafCGOlbuh9q1|9GFRGlc82PX{^*uCT^L7{{VeBjkjuYSE+JTQs=foVF*Kg{(>}Tn0oOOR?h8Yq>>NoUI1xkT+kWC?~%q%K6w(#7sGH=;r2Pl*KkA0hN)R zCVhzu1W7aJttAiG=aqqdW;spGSA_?*weT!EwhcBt&cGrFyE%~{9;*C z*s3COJC_t>2xW>2g%fJD#Cfs$%o4L*Uj(#M4mXjrArmqs&j{ysjudco&~dFi7y>7q*VAElPdQ( z%Siwci2>yHE{7!ZS#X_L>cLzF0|Y~lE7}ao7y`adBFLf;?I(Ajb>L0}L+CT4EDh+e z2zuTU+>`K57;5hjN0Spmr2v5bfe<2&INQq&ClRR-F_E4Cvl)pP2aO$McB571sE8sE z`5x!$C5ga2^aZCgX`ev`LQL-}ufRY45u(XI|M|wG2$UqR!2s7Op3?f=p*Zbn^cH$R z1LPdMQU&Y2JP?chsVe%H)@0FyUND2Ly+Z3#5P1XJQY5r)YLsowU`$RZeOB9|6l4rK zGm*eV8Obn2KD$N}>-g|1AWn?ySQ*6(%)qOsg?k})STg???7M3~lw^M|0b13CqFYow zxvZsX$+dQ^s&cU{Xq6(Fdy~&ZH8-V|n$rta_R=yMQWhnOtxw-Xx8;mu74w5moptjK8ri1D%$)a8^|v6 z@n|aJEb%2dQUwD55~h)U?h&5OSe%(FWl=lCm$S(7XP6FR-yw6mr}a20(aiPu(7dRJ zQe72RbOIx-b8w5?vW4SEt?LJsNwK6R)uv3D zY2YC=7o)2k#zXn$g50BUsPIvRrFCYsSzCom>e@mhv|fpTCczg@h#*6W1dKBGmy71m zcPoj^jFKqHWR2UU38tzyszJL;0Sw_BF_9a?Xo#Uai=v4Yio}WPo3KJ_;J+dJ%Yl}{X`2IuoRaxrAOh=`BZDL(|C%n=K*Lsw3_JpZvywV{RWocNfLa32K3 zRexK|T1}SH4iMK8;M&DyO=oImrCQpN?5G#?du}Bhu%n_TRh+ao=cA{LHbE?wJe9>{EuS87z9Lcr8dddImVaoW@Di*55 zH@S4hrg@?UCz(o>LM|{Ai=hlVfB*5^Xv}1R!uwDx+Eb|mWLk{%u58;E`K`*% zf{1FUreRexhNz1+hKU+mrj9ynpFq)97HHBJFV z3lwtA*mY~fr*&SG8t=5;fkZBdd>1Lt=p9-XZ(u>!RsO#fEgSRi)9_L?UkB%Gjix#1 zbmLY8E??>b+j_CL4|!vJ&ewAc5M|o9`#=SQ?(2QsePH%Qxea8;H%j|k?vz8{75kI2 zAPnOmWSN96M2-l^jRlWxvJzu^qk$J~1j~~7)R*5(TsQV7B(~3UpyZ{X*X>(>jXg3x z;6m&`9AvmVqz7T-*Xc~@D5_j6I%+j=9I=_O=NaKm`^aHh5$3c?>Y6ZOvpbU!Lc%zv z00K@u2Zkd1nbLK|zM_w0Mx!wDxd9$g6zUw#K%H(=9y!b9%3HZ5e)_HBpn%=Fe#(a` z-4+%~E~4xf+sZQ~&RzG`oX*p)(PtLITNq9gwIN?#Zganph>c0)ySIEiZiA3~Ufz1* z_)&r)oT`=uJF!_&Q%ZL#?aeU|R)lq|;x08K5<`6wpWiPZZMD@bBKB)=&%h9>y%f>< z{Gm+FNuue@8q$b)1W$F2bGZgDEaM-TbTi*DzUE*R(A!Ds{tPll$X^)4#d3oxFR1C% zQl0W~aflp|Qqz*cs?iDd)X6d+(_T&RG#*Q-L(>GOl|qdIStSMuK*H9Q9$^KzvNl|o z-1}L`{B1exq{~Q|cKCPXit$TKJ4p(U$m0y^1c#U_W3z76Eh_zlJ(S}5bsHicUrkd@ zCAf<-Nt&x}Qln;{G!dFRasfqwIB}xRdA&*w3SS&8N@@WJ|9MO#>s?^RKKATa?_>iRNQF2@@ClDIkX>$ z352T5woHjg&nY=yf8((D=TF1SJWJnL5W;ql;H{IHmYU(aTBeIqci8hr_n0{|Yn4Nv zMbcYWNs=fg$E%<#OgJ*hsbc7GxvcrTSAnMY7$@{KbO0_9N@x?bd~V>zNW_Jc?y zNTC{HS~1j@wJb%5d}eIwtLQpbZaVOJTMu*H&-(JEJAULROMxqDM7Od!hr1z zhyIdFSR4|cOJ_^)^I^5&8(E_lkjJbT7T-N+;jrpIVErguK(Z@Hf>>6ooL9u=xX4f+ zP6di4=IO*7_LJLvpjPAhf=C}ybFtV=g4Ut#g!~Ia*+_!=8j#%NQMu*Asb$*NYFwW* zKYik(cu7ekV122oBgzN$1?4SP?LG@B11;WSvFu35n*6}4l(nOr{6J8^zB`0#aVD(9 z?ln`_GXWX!CpO6N0{QzAgCLL~+<2FkzZWY&0B7dZE)FTP_)@xmKJZe~A1LuU#UiJL zUhnPDpyULECR!&pX3~a(<|YJK~~xQ3R3ddmKm?*G_xEG>U77!zJNo!r|fwstN%5m}S{YpvyeTGGKsb z*ML`Bdn#P36Ol@Czf5(6N<}sZQB5m+Bm@(&4452g?D`Et!K zVk*s^A53+?93Pk&=8P;w{+zh7ihh}j47NfSq@PvjSTJRIi^Y$(VqavEng#_{IOjes zD#cwWe3ckOit51Z=?Ix+_K1E2|I(*I{*`)#?Kk4?0|$D@9b0b~@*v5-EXR{MC#Op3 zNkb-J7+?Ov2p{czy$BkD`cUl6QD=tcC~l|OwHj^qcUN~<2!W2hk#$H+NI4Fm%9 z(sWp4N+|@Ut_`zc$_#NF=tx96Na{O9bSFI-FpruUXv~TdG-j?Q=+FI2sX~$?p%q<8qx z*Cg`z8Y^J9wslK|P0z&&c%x+B9uT>HYJmqG1l}kX+|#42 zZe(D!uBxadTN8tD_J*EkadGm=_FNOyjmOYx-fle9r+8HF^fzs@qL5oC1x<^I8S_gL zZ+mj75JtHjsi|w-)s&#RT2%A6OLNd5Q6uKC8*wZ`3E;m1k4%Aw7RcMr&-Em|2?Kz_ zkc9g>3(vmX&oY$T2QC^%(|y3gc<09>(+dt+UPYY5Angg267J+!EJGpk#8_L=v$4z@ zA?v>8Jts!jmQUDy>_~_VwA* z5Hb=<%UovFLSV#4fv@e-ohc`@;9_Z`NF7hC{$|Oqn?}z~C>^hhWu$B%&r;^Knz)ll zhq@3S)l0h(Z@6Y5%9Ag-T~SwC^WpapL*im24m}SEci&*Z2buA5V-Naw>Ohy;Y|=9% zL6-5-c!97W;N{1Qi+VgV>QWkwoxE^U-zcUFB}Q7eqg3qC|6Bl*eP(-%rWN=+CW{aK zTP*gD5XQw}aPDJv`p%>(&qIBz%bN2`g7(WF zP9;u@(f?c|!(nRRnQ z^pk#qG*$`t3GYE!0}Bix*N+iYA=pN88IN@xe57a+d3+45lPqc8nByr|3=PW(0-bRA zeJSMk@clkO3*^f_k%&?3BJ1FK!nFd_=na5Pso3z7mv)9I){Uv%68Byd_RhED^i@>7?Cm9|5`5Vfj!jp`l2^ zh{i;WR9z<-5RP{_Dq`v?-qLI*e_p0LsZv~mk)VA3>{Yy&Q#WynJCIxbVI0n6_Ho3i zd+Q8FJm*L40if-{!NGsa3yc2t-@NeOV!82q6k7Vme=Em`%KH1a`hTn4D309U>JAA} z{T}-+xuv4j7%a8HANPsr3m12CmU&AW&)bzR+1=hiIpxv9~~y58gmnjZ!XUWpvM zIs(Ho$yL|;v3`t)S>Ap)cbgX5%5PQp-VjMn2u(t$|fjM@4 zJe|dd@MB;DP;CJIzaRPksw-+q&{y|93a_;>F#r^K6RQx`hZ!Gsj_kyx-(alDqVXNqBZr*bIZjHNK zmsoF$L^}QSMz1|Px%iDjk8&j}h(z{fl|fpal;MT#li}CM#S~bVx38D3OyrNuxkeFy z)Wz)j^{V|S-6`oY)|bVLTvXyTIMsuWIh*)|A$3^yThRr%a038WHxZcZXqal1qc31P$BQrA~kHxD2ud@wl`d1PkJ2arcr{F9T%@vw6@ zBazs_-H<|Y-4~f?kL@}oUbuOud9CesmqR=uBK=HL{gh!q#}S)x3E-%URjNLDM)F)J zl|Zg@D*8lh+K6kW<>?CRD#?l{coTR+QTX9y9vSL;pp#tD19?u&&cJ?f8wb_ZS>SEl zMx)Va^g5j%SOs zOj39C2)HvyhtfRO$Jz#Om1iZcB(DQ{O&89k*k0g&sT-9BZ`0S9C-K$;H+T!)(^FxsK4uxE5Ka-xCm~gn^Q2ljarEs{SrVqM znksBfjY>61@jQCRFw#>ZIWLn9Y&JqVI)2>|(qZnoBcwjAGeWxEJlZC}iLD+;9KV?sh= zf2t%T_NOsfjjT^o@kxYanV2+a71dONQgx(2P%2X73(68vsk)yKmFo%1SX`PO=Z5+q9qdLJbzRRS#-5TshIh4ff%3xyyvU<4EnBTvaGRqPNbSkb6ZmSB$3HV zpQ68CTI>FHo;B@1rF=ce{99%JwL1Nb{nu>l?7wGur2Usxozf>!RrmzWwd}^;F?{e3=Jt$O_drC)UqCvkLU%yu5sqE|x zz}e<`NnS%;$D0FMe5}@LoV%<1&qqy;s%ohaKzt4w{9ytMst46{Z(mw^KmI9N|Mf}N zM=$=X*Z*d}onHSN-Bx?I{y)d_gzLX%q4L#V<&WUYLJb^@v40@4m(@Vc5&uvRp#Wfi zf_==EtCa?uIL01kSRcoQt{dmUxIDYLJwE+# zewlc4ef(?LVwv`Pn?d|e)=G0i|4}Pt85N#>p)72Dt#xv<^=Y;IH?2QZ{I8V%&1N?( z|J(hY{C}3`o8AA@Y`5X=U-86!sZF=MW$;_wa*K&xy5Y8StNm%7BKf}ve4+YJ@N^D? zhs*vSR?GiJx6w+<|7O3_Ztdj%b38`>SIH$Ocq+6ymE_YX{xT8adZK#~_;tfNc{;xf z85|V)C3tn!d_4-JQWXVtIvapLYDT1S5$a>#<@#MGt@o@2+a>qDgwFrk2>zc(=#|cY zm2Ugwksg2*^S{$-^wa+T#?JnKp2y68HP&0Q{rNmo5X;T~l&P)i2t(W0`UQbqybbLH z81kZWGTVLuUXu}_W!dw&W#+T7FiX7&mUZbD zI~qb|;z=IKMUa(40ysEe|ufn6i*i@CGBmphxIlGE~CW z@8!iWb^KXe8>i?6OyL?B{qN}Z!`11>i?g`C8bj&-0O0g;boFwy_yUVkik#anxfu>w3ujAy%eEdA^_=??L6%cn?NByK<)VXz< z|5k2I+s^ULAK zo7>^lwHlFs6YPWPel-C+Bc$zN)-zMj=|bO~;6;BCyA}CLpcaL^CBar9SNlg5^cQiB z);9Ewauxp}ZqahuYNw=5!n_`d|5Qr!cl?y<|LRVWr`G=)&30D*-^Kqt%kzZ#zv7;a z^nX=nr~j|JbGTJKKA|8yan;1`|kgdQP!A*h}enX^gTY-HZT&5}pSTKEY!W6n z-LkSx;Zw31_tGT%uAkERZ!R%?oCjc){oiY+t0J^8+MY#=Ly)*$Ph%&Peab{kWeA-+>`&{JU$HnMZtgoxe%E*1{*?jf-NPlV-1+2Q=VFFI zAkUdcB3ZAvA56|uSA=C&I1c)XS)KhsC9V{Pkci#%5R@0FKrafBn#gK5^k#Hx^<3Sc zdo#KnU7h^Ge;+Jhco0T@-bLhYof79xmA^T@IlDbQzgAT|JhrNcKFfl~A8&rXy}CR( zljc?_yP6xqlXlq6==S62?0PgjUJFXh^l2!^Cnsmao7>aN(K^VOi^;QAVWEu{S1-O) z+@NE2Eq}hb8Qu=Bum1kOw-@K5o3l%KFfZ$aTDx_5d%9^!*zKc7LseI>8?dKmqnq3F z;iKW&7r7hYoFhlwTfJld$R^^8-%SH&f4{jtzCFHvuL+auxY&$9>09PaV>id=7o(Ho zi?h?GXjfg}A2T|ibibVaZywopE|>LPF8Uxy!il!QQIPz0pWm`6)&J%7uupCOciX*w zI{vrO?CkXa=Xi|%FUK0Z(HFCDjf77f6)n4$G6DehxDduywv;3@I8y zHY>>;lYye^R6$+r%p@%fd8ej{MXnI*PLoBTZn3A8?1d*%w^V^_GU;%&(eL-G70l2) zwnbKkF4yE$DI$KkqEF<@UpZSyYeXw6fGT9!fYiS&Ns_&Z`b*JSY`JD6j*n;o#zmRb zpBI6z6=`v=w9Hb@C7T(zRRVPdugQVhKC4N%Tjn$Y$PhxTk~SSuoTvtvge5+%+#MHr zuc^9Wi;t>cX=z22F(|if1gGc*tc(!mRWaLT8@A_8_V9duouY|l8-=MkDQS^Y(~vR2 zTM9^OFzh%&v6hMMR^t)ci%B^nR8*?yKZ?31G2<3!A}PQk@I_t#U0q&bUFGGf6&Nux zMByBZgyqTn+RD6jX5`*CzvQj2GDdeA2kgGcw2tYym3a*&#B))&{pl^?KEpz?DXR#) zY^`rw?C{Nr_Lv8xyTlkEYS1?wQd2+AUnmDdG<1r?trNqvokNnWM`M)*v0i^;?z19! zZ8lbNruOx#jJAKrEgtca+c;NzmL=0DqTg~mzYGwl-s2EWBN)2XWPpKbkhh1JbC4{U z*YdBrgx$Q5$}4bC@n&Th*hTW%ey>8-?3NSuaSU#^*In?G+kbqt9%=low*UJ5RyV!> z+ivdSKcD3(I{(iF%8Q))*J4iVro5QG-l|$CPHJ%)=zM)vsUWeiNhSbT1b%ksJHBa` zrt(v&GAmC0+Z*9IC;sD|8U?N>=Vp9-LlmnTExDShnw5cZL|v%~Vp*-LjL*ieAWcZ~VI5jpXNpV783SEK(YRzab_Z1RAUv3`meueW%Wn0Dw5 zt5a6wn9geuJV4<}g4@U?_&5t9pW?OWW0+>Ee>*~%qD40==2#@w6(WF6wJ zvTMp{C$;|7q?6?~qntMPN(mPO-jr?{d=7{eR1=3_#odYOjznW**mom~Q+)w(<^8I7 z0wSNIW9OF1Cb|)^%~rOX!d?DVw_W77u<3ml`JK;-rDP%7~u!ef=6g>r})nDf^SXri?4YKvrvz6A&(IXV3+{VA;rTmUfv8rWMuSLRxAHh%O zfB$e6--tQIY!;0<@$#Yo4ltz=q6de~!^4s!_h#Y|_exw}NkJ7xj0iJ38M$yn?vP*2 zyB}h+!Oaas`ZkBx9;Am1vO2HwM6)F4OxL$b#)r=m%jfYVBsB2GUt3GM`Z@Zg4|J!cw z{6Ej~JmLA@TtT-o`q$LjodM1}11z_KviW>g1<69sBlp7)FR+KE=!{DlbxEe)cPbB@ zJ^pxleslZl_4&iU<_?fLLiCqL27qLWUwv(Z^wYisAbJ8Zjx zV7*78~nJXg`?5oI4xI7Q%%jkzijNB40Y_R8+DG?+uryAZW4Ok=0P-d_6D#yT+N zR(u&LJl&-HV~?*{A)c#VE3Pk2X`CA~WAl6ot?XhCB-n8b;#sK%6YW~RQuMRM!8%0z z`qi9n7e;5`fj3Hpuqo#Xd1v)Ep#7dc*IZY1AGWfpS|(MY@G@R_)$}LmVOK~VL&!4XrC04SWX|j$Ub|)Q zzl)VyqPknRckA}EuG=&~&S2wdItq~U0DkA_CYOBv#3EL2)!Fkke%725dOt6JZX_TU zKUue{9C*-Z@*depHXfEdpveA{ z`6}oZvj45L|9Z_<`uu;d+idRazvp;_op&k*dxY3FEI=0p9$C(j&%QAu(DZUmGtf+d zmoNlPaA=r5Vc3yyQ*$ZGeb>{}yxdC==fSns)=LXoh z0d{VH-SaI!MfN}P-GJb2SpRFB|LSD!|7&-5_W!dyDr=P->}^>8nsJ`b_NOvskTCxD zc*JJbAmP4j3>5mUDuK-Ucs zrD#p7*sN@(-WHV~-h4npwka;6&Pym^tJeRKhn>gX0JLKL?=;%Y^!-2W)^7cOmM5|P zi^1Ne5+DHnDK!Drv#sq4m}Nl0_&4?0m=Dr(Mcx-EvS`9aAJRWD-NqB zUcF9sK~-8n54-%kT(o3bQi%cor&k5lpZ@3cvbvW}ljaj9*SMb{O*It5+)L$86B$9w zO)g0;t%0-80dg2}!9Of;|5V#Q#1|**|M3_4&wVhC7?=_!epSJne-rG3>OQC@+qSXV zTO;vvT8DEnb;tsR%lh3Rtz&YKQR)Qd-;-hoB%6PW>YbItP&HV+i^eGQ5krFdN*L7q zjDJ$lcc&=+Cn$>6l$O)XmONj-R+O%`o|Z<1F0@5ettBrSQqVU;!~EJJDm&NRf80}~ z|IbK>eC@c*-)Us>e|8$X`#+!MQTabDpYOTK;=Ci3N?QrZVX8LCer&yzYp-3G;9Zw1gSfErE=)cP(jzY#jW$~-pC+xSggdEk5i9~p;u7m8i~w_^-J@0rP3Y` z{9~2%r_&OjU#U*<`Bs$ar=-tQsn0bl21@YtjgY?AXrl51=Y$yY_i}288_y-%N~!$| z_FapZZwjWKl(i1=SxC4wDkDzn!0eI7^C`%F!{0#Zun$2c6lmE5Z-|7F)@(2(Axg6|mc>WdNd}ERSs)K9#_)Qi-=tD6eEC|bw*g?Ep=qd8k)#W~pvgoHp?HYzGmIN_UjD! zV8loOjy(@x$~(Q!&2|R?8z87sMuGsj)e7L#WQh>d1q8Q<8KYjrdRXdu=@Ryh820MC zjbqQNW>7CCLzOu-jatb?LMx|@#Zz?$h3o_L;k4WXT{wT%Ik1!0E(;-=;Je4RDXzcG z(ke|UDa0pY(BFQ1e5bMBiCX|`Pfr8Ekz!(7)ae_GE2us%m`&PHahuF(S}@F zXX3lH6eTVr;m?e*AT~w=$YwN?%}webuV;1fnG+vq!Rr%QN8We7Z@R$ypX=-eUS75U2*17*%> z|A}w{YO0@SEybkL6hf+KDY^^oXK%y5lL2)^e0}s4;9f;1_kue8VE6sX}1iY-- z6}ADS!)t~in&8hRkQ7-4DOxBol74NkSMdl~>s9gzNXW7v0Pv&v7=;-yyf`T3l(b$g z`4hd&op3uvR0_=X?Uo8;i+F(SF*+!r>=F!?;+?)WBHypG$lF6*|IRb7xBDM8}Ob+Gs zwWE;tjN{1rZxddUSYHwnNdg%qJw!I?H88s)9PA3pu{7nFN7I{1G4&F*53p~+tXqXL z$L6eWD%31dJ`-z}>Jh7F*|WTjjR&~6WiO%(g(oorYc_46ToV@~hqb?O39q`J12=0b zWlncxIN5Hyh)FXGCreI`G$WTSl&dAm&dK^cJw^WCZQcFx!y5O0bUW$%uif@8|LgNS zVjbGj-5=lHy&vn}`SC*ceQf=%kMHE3kKG*~yIA0FJfF)p@AudxLfIuk*(E~RB|_OH zLfIuk`L>=S`)?j`;``HI(RfD4-HGjh+SD*yVgI$;?Nt0vtJT?^|9zfE*m@sI274QZ zVHq>M>@Cq{JukmFdR5JJ?vh>wBma8oRkc>#I9*zQ<4dT^$95|gbzVwScaAClGelEN znL<7tE>PCf@4-q|c<(Ibou&M&mh!#iJF2Z^wRxakr#Fmr>142Yv9_g{T6fL-Ht@5( z%~7#(hW@)yxW2KcNdHqoSjUV(XEsMZJLO9Neu(yUjIs|DBrI(wk6H#S?KW$I}&=5r}$jW_dftNK^R+C zaaOGVL*ij)`K0;Zn(baUo&UApX>@n%|8qPd|HHdPmIrHHlEbg|+Skh1p!g;b6{}B@ za3R5(8>U`J)ZI=JhAha~=lq~_3<(mhlb9h<;e}E(WCtaitRY)w{j?1UwLwC7Kq`j> zrLsvK@->ev+Bv$%%Or5fW0hShhXVTSk~$={j)1r$>w=jt$s_*O*BF8blxKwZIIrNI zph;fKI-WLhWzL3J!ie))Wjpwstn?ki(EkI7?=geVgE(Ub!Kl2&=mRF)` zPJxTE@fSJ(|1hWf{+VL%0$8X7)R~5~9w>!Ytqi2bZXd+Z%M_0+sU&m>T>hQ%1?QBj z0Y=h?4C;)e^aLuT^aS!=CQk$hjFkmk+aVM=L@marojsqNRLSdPLh_K`sLWzhn{jIl35wcq5J{V;uf!B z&DJ{cP$dZ3w8&s-eOwn+8{Px(eE|R1s=#`jW7Wv=Oy*-5w{V%{Q;Tvbtp$MWic~8s zR4{Ty=&s9DMfD%WPNihph>=PmZJmX3SSq%hMebY$glIR|*#ZCk%za zMIKTCyQk8VJ&>B_UIhS(e^(UYf0=%yv9hW*-{UpoefhXkops{OY)C5w%W*CBE|i05kO zZ}1j~qd?&jR3&OvP(9_tgsP?myLzy2MtpcS>$Rwo+G|LhIg7ui+L4(z>gjA7Uy3ua znQ)yn>ueIEQ?`G#i(39JqL#VNnwSj=-8h4ljZyXgRcFYX*Xis)=XtJ42lfA}RzdX+ zp&&26V>!%VQBPj)6pLTCHeM#@xGkE$+n692KnJs>tVbCM;Z#jCJ)x!RKQ%S4ZJ{K~ zC*_o=rQoF!vgOWS=s1Yd55%?euoY7=SU7d7%H!hfVz~ok@2a_x;7LxkdNC)F&*Xs? zrKQ_%G8vIbkjaLWfRMH1NWkjCeH5E&iS$x$v;I zg_nc`Rja){3r^B(N!X1lxml)hu$HNl_bWwV%GujVhW?Aat16w3t2ssMbK+*)VTIhJ z__R*vio2zl+={diYiFE9}2c zub)2u+32=+`G20}5$0V$T-OZtSPb@7Ou#G;y{t``$JC`pVnKy`A0en3a>iJ znOAM&1Dv^|^i&4|q#hWb0~lr-{~qH1hr|Uj-at`pcTDroV(@$)rh=X%G_f;~aqQ=4 zZB9fPnP1qE#NY{Y(G;|tll3Fp?cNGiHM_Z*7yBnNeV6oV!_dFSi;9%i{;U~_a)S@| z@@Sr`{^wo5F~|P#0%8x2J)~mN>{oG?WkyCU#QrpCWLZViiI&$#0e=4I!!#0!m#ff7 z6kd%;#`hNaGXy<0TMmhPw!k8tuWfY~e>a%bOIm%3&7ea4Kg1-&Y$?>hCq4huXmg!E zb^fQ_-<|(`mPhLUYOuxFZ$6vOwx$4F2tc+@nx4zRq@AnJrTh%fWB z8nwRJ?OhUJe-SsWRG;Kb^ncP*sQ)dT=gR-yX>?oJ{O`N--_P>o#{Zmn5YM+01eBLQ z`B|fYPF95hova@RB#IUU*L*t3#M1z<5ahhfMNNJax$Cj-0!Hlm)#~0Fu|Owl1p`@I zy$Wyn21s>ZMj_R~o8vJ>K3h8s$a#V|pg5}M@u5IQyB!natq}thgV`_)=sS+%5flBp z(5%ye06?I=Q?dUvDmI?jQ}C(7jJ^+re!UwDbie^u+33S>EXaf$>{RRjfTu|R565t8 z2EeNL|86^-|Eb&Q?BYM3>^7U zR|Np3x&XMxE&?P3J`wR7^72~QFaBp5E{#N&v|6ryB}=WPjZ4BmRnUe&1V(H|Li~Gv zrtL3Z;^6laNsMdap(?1#e-c~3F*S>mE)|B7>uY$60lu7;%IA@-lA7arJN@*#*H6C> zjnQ0}U9K{U87<0gQCZxc*m#G17yDBsJ;;zc<35UcySou z_aTXbl6hAF;L)q~is@xEn)O7Gx+MMBaY*Fn1qVM=7OmI1LiRt|U@o-(NW>m>=-YZ$ z*nj;-yO*~Adi}=E{(Fu`W6Dwk9 zo&3C_;JSHvzicO0@|Ue7_e~;`&FE`B6~agpQ4-@9?7KD<__Ad0_5XZxGrW#jK{_Pf zBPRGN72P%G%a~e7_GO=!!0_5@RbnIyXrh*^>=DDBUYP2tcFqc+v;~8issR*{ABZ2v zZHlan!5VB{KMYM3-BNu_ro_(Wh*aYl&PaYQ;2?8lS#iV`n7rIxqVC^Nw?d#Xr z(6ibrG}sKs=2>7bl408x^1IC1DY`syM(sSSXj}AJ|0>$`x9I{HBA;EONkM|a_+Z8KF#cLc%pa6U<#uSe8&Z#mady^&{aIOmd~%nGmIFU<{o*_`mJzT&mPH>neJjvP(PDtC39FK=lonAR@M*e&zH7Nch6HlMgAX( zobVAT9}>^1_}_M?lk)%c8qHn)zh`-b{W=nZy^RO}$u=(=1E5&9GzuUtvrZg9T$(Kd z)gu2Z`#nFsL;QVJMh8`L<0KB6?%O^}CgF;kCkAgp^(uhBMJUmXx~an23lNm4Iw)j# zf*q)xIM(rO1M@AYCbN1mFX6ef@50Emfah?EhLPuutj@31ic6e36w2%M{!R4-n8_wH z?G-~WD7sESu0*{e*@_#v7U0dcHD4;`K@oo!h`ZbQe72p>WSl>z+s}|@r{Nn9QnA*MNwGVy-Vq=Q)9{+?Xn4wUd zn1QYfAn?&W@c4=-mdK~imGEbLiuHf#7~h5gP_F+s+s#Hg{wZ_sOZ;KH2e3Ken6bj8b?rzS^EQ=xuh+DVHuH83->RuYxUuVcq zAd0CtzNf}5AnrbxkWef*BDnB;xDP1NqMU+z;xoX)WqdfA4>#vNDGL-J-bA|F>c$>1 z{Za>jEsXY3zmnypBAc!u-1T;^s(fBn_x7^WS9A7T6JB{ftgbnOD_JrMF@ULBqO!yT zklrKDOENs?CR>c8bL5qxxI(08J?#s+N3CI$ug~ z&#|-PR;WFkGDfwjU*BN+4haK|X&@{Raoth<}C&pPlQnD)@*p@cRzDb?Jlb1^iL446UXy2drv(S@R1#6Mk3dEVl$?7L*KzzOt;saCQ&y#@m`s%Y zCFeGigtC#0oGEf;C+p-owL2M)ebQ!m&g9R=Y)dLY1$XKcLtHTYs!%MsZzkCU16%h@5m#jnfsgZjO{#4 z{{fLoU%ytkBoI?RIdzm=NKKcr!WK>CHtRO@u)_79L53!gN4F3JzGD6FbvoVj`rmBq z&i_BlBiDa5*rV+Pfx9U1$a0RJY26n^2v%}7!7N8HbK*VlL&Y(2QTSa98w@XjO9 zwVVG0J?sj}V~AQt$n*jZgMh|)mn=ej7fX1I?r!C7-efTBiu?Uu zz=>G2jhb>Ksk4Xi!Xfat`{$mNf1 z8JaUZuyzbSXGk86-Zt!#OUhx!E;DgI;@DzGlEs#kj10xOpXvvi5syp8>X9$0@T zQRS{*#Me>WXjAm@8;f~R*IoDjLv}cd?f>}Jn8!K*R-ONDwbJ?j`n&TV&-6$eUj!1* zVXzg?zvP^6;Ob8slNDb7RLQk`{)swkdJ}BYZ2dF|rs^n&9L4;LKi}ltoos4WQ=zsg zkjWi(^ReXU0rWg_|A}~Kp93g!{#l#;U)H^gR6~j8NC2Xkq_1yEHS~66{ne+m_2QJy zT0OF4%spoT4B;Fx6pC=G_}4(40KPiC8rbIt)S0oneeilAgke$)ETAWZOyKeF>ATdy z>pSrEYl-(#p8BcJ;T<~n*;RN+NKlnf6UoBzVqw01t%RHd@VwwQ)x=l(D4M+VN*vG5 zlT;E=O28G-Q|une>>+}p_U}{zFcL6HLD8j}zJgx7UwsSx*RK_+U#tB5ABdZC`E0s` z-R<-F9JyE@rvDF7xWBQdNdI4`?FN7PD;m!TxjV5Bn{8$htkD14?ezVxtyaIa+y8r( zM+n(Z>A_B(EZl-okYT4p3omOXl;c)zIIOO_jw!JkN`79c)%8~8n_2;3<2+QW#`&q@ zlb}1tl>Zr`DW)vUziuYO=LwT&*;^AzrBcb-6-$^{jBW zK6P1?y+5z_-Ua4&Hl_kKm8W%)h=Q=)e2F`{b_(5gp91~QK_RQnp%14hJh-(I**`=H zTowP>Py7E`&33Q3)Bm31k-D9AQNb4UzQi>NFRAa@d|RsLr3$X2-=(Uoa`@TBGv2-x z3Ss6doo#sfGMbk?LC#CvtOXi6~UJ2tIW zhvcYrl&}a1B9F2>BUA#Iqle^fKp)bMF$(bLFlpEQ;y*oMPk!&AptneQOf> z3Cx`${ofC!2e)JB+(p4t=YMJU8|m|3y?$$V|L3zjt5i=vnARm5*ctY>;DS8(5nRGK z_NR&aXk=4jqi66I=xf9OvZ%=qHE}a|dI7axSOC_^v?7fOp?R9vMJpcFmxtOdpj8j~ zQ#PxDR=2&kRue{s?Nr8LBUPXkBt9)VOF%2>a0Cv@=_t$Qa%Vt z1-cs4cqNdFjX=Bw@lulfV)Zw#1GcS1#{WJ}E>P=futhW~0j3GH9?%EQfgZ z=QLdk`q+E!zS8y9)6sMdYjSQ+%`2E|FQW1(Z%9h#JNGfe(8Ir@qWc{27=^w(wl#PQs$?=r z3>)?-gT5oL0kkiGcs(bsyyKl0aG^(hl&C4MTKqtK%t*-9_PpC3T}*i?wY~a35ehNN zO+@h8i6|p;tAx0cFw@>B3Q+iwqA(|Oz-#OeL&Eis{3b#aQ8fH?l26=fyW^% z!r&fyBTi|qjwxnabpz+ZVWNr!g+3lc5aKxummdQcGBjf0|Hs~&cejmWiQ@0?d0Dr$5rL2B=)nNsyCC)1imDspwv9h!{(-oNn zE-to6$Xus`BpV>( zYZyfk<5wu=<1|B0PPCfl$et_>rjm!kI|%TkfZz^3U;sbT>AZylR6vZ# zbt^62Jl*E=V4&4o9Ek#Q!`D`W@2gga0?Xmb&nozl6d_R6jI*Pzsa{znfE?Bt1r?N( z^^x=v0s((*iQSA)44K&cq+z;j?SW{h29E5`-0*xItCRM%E;^<@5}A@^Fpd4x>oNw% zCr_eKl_S(7w5TwzwFKV+7fueUb3l{<%6yqYC33&O3>Kk*nY0qR)tdRy4wh4&;g_-A6Uus9*?X%EgXL<_ zcy|hbb8OZ=wfTELCG@}Y#2 zY?#8=4pq>k5l7x=OCB;5Lk)X@e8a*k8#Y&)g_2fo)}<{aDI30$u#U?zGpw*nE`)(n z3aeOYm}gn@lQ>h5>(~U&lJoq_%qdpG%X!n?kz@>U6s9n~4H_|^XY@&)Q^@XTAE@?t zOj#IbyeJL=Ob?^F(^Ig&wM1L(8eyM}OW9Tzkmoy1OBUP%SBmfRftL7&js)uwiWkPd zvK32Gu5D-|8HYnC?@qm}oGRc*CmZ%RDL7JVCVRWY*+d3XB ztNPI~h{7>UqYztGAZ)p6rswi1$&!D>Ixisxm$IOJ)|F+BLEukiUv}$fRE$HGRR67P z`IMcNbOglx);R_E&eu08#%b5n62epb6thZ!j*VeHKNPU7qk|S^2N6?b6=?jQ7-e;= zu$lutr`IBWd)wPEQOc^TI@htxWHttDxLDtedwG2H6bCx~y#nS4Q}*e>cum5gJ_E*L zJvQNY?HiJrt{sKmwAoPAxx4$ScaWvJxAGE_6X_!+($rryniA~~d)Mf{ag)QP$$@3NaH`qrDvOolDC{{ z*9%W9MFdy{FSpN2+TsE$?-iAKdA}6x*5X31r;d<@`F0d?EH9>{TJ}xpK}3&~TBJtX zq1aAE$UICK$5oZ6@zeK!6BA=QXmJ1)E?SbSS0PgEAgb1`@rw_B4}X8}0Nq3djNgmT z?^F5RgKnDKvOPr?8r@fKvgCu7F`>)nCb^vzO@o|x1u%|GDLx(9!j*t4MW7>7IBLB& z%R^n$>&|?%$mL+|QU$WDVFHlxuX%-h8ky$PZM4P$0thI39td9F;@jE*&^YA4WWE(! zA$D71u8Djav4r{yjID%Ko&2I??iU!o5{Mc>Db>s}h&mW^94+zUs|;m{U41H%WZ==; zv9G0KkPoe`$ej2CqLv>YQQz1~UV0Wvl-@%7Kzt%MMoI$6fFIGcV z)CMCU#RLY%c{k! zBE`_ew}26v!s1~;Y)ddr`7>R_7Hm=_%90CzvEkaO(+m16kvZ*)!5n=Nw*O1V_tV;4 z|66!!?LTvb(#6d`8~y(e4sH9-gTsTvwf*NRo=+|8Klw6PiT@98%JKifUH*X|&UOAj za>+jA%X9$J(E2LYpqG3G9@PPe_t9TjjOuJK3}Y1I%Oe`u@OEmzh_1{F&C{ut1~#Vc ztp}y@dx_AFZp5`}QySgGXKO*dJYT^TYI$vYeSKBD+G|VD#2c&rUriCe0;RgU0sjSc z>N9%|H7Tv>;pyh`(hgRxnjYSwNfyb5>344mC{a;<*F{|nS7?EilXv96JPq>DsSEaO7gjc_K= zH3FT1MqN65c+S#<@hexXZ4hL{8=VKihU>z9Xs|N>VTZ|&~v zt>wQ}JPq<+j$&bhVMu+0Nt(W%GjK=GRIp3<%5Ooz)`~HO2|H7y#;~lYGxNy+2*#-g zf(u53c=^ENIj4W`i3M-lRf&e%dCoa~(j*-YNQy|_(l)0rs)YXQgk->+F%+XHFl938 z#S|7r5>xI_LeXDa&OzoB7{WG_udM<#5bJo!>X_kS9^NKtLK0(Idu8PSY*3K$B0&#w{k+TIhYmSx?OmkS^o`T7$OIkle z&Vf!9D(XDa-f0$qqSiPh(deZUG`YpHk^?Tcb0y9<4>=4#kfS(|uej}|jV)btRq=!Q zjSY%l@nh~Ri*uA@L|cx&MFC|o&#G86@;}7W$p05;49N&i@YN)pEBi|`|G#r+=l|Q@ zS;v1~&C|sHtLZN$DSRXuz-VJuIl!p=?a2ZLdadLEqsG^g3EV01$OUep$CV9?_A2EA zgJ4z32rla1j-23IGHY3(Vtm%}f+;VsoGETPKDs)egAMle_mYV6(q%fCh8@y%Jz3~i z#ro-+19BQiIhjE<62oY=FHJpz9|EJMNKCeeN#62 zswwR*BQd=$>y;DDO6h;=ZBZE^O31@3X=L(gWF^_L0;jm)gjF-gRRz7C26{Jobi8^B zP$l@LD%xReOH!gLH~qbZ{pog?=A%#=?O%DRxnD@qf-gM9U5ba#*Gk9r>*xNjSeq>} z|Lgr&r~Ypc!Sume=l-t~$4HS3htfWN9A=X+Jpu*91QoE0vIw$j<~9;8)<+_yq>QJ0 z|buLw^`(kcgDk{*?rX^xFtdDKfm zF#rLhM4nKAd$S-Jh0*96M{$g%u)r{y6bX3{EX~)!crC2`xX%po-!+RLJI57Jll*sZ zcxd1M9PaL{<-b)tw*1F~1TR_i<3PU$sgGmYTHq^-&nWAa6&uC8vgiyFo~X2la3?42 zYsq!W_3`K!1Y2MWJfr^?nBrBK#U_`7i>N1g&iq(1rc(>LP>{^2TT2AV0 z0jjJ9_SRw53@O+2YBwF&zYS4WMf55r89dJjET&=lB7DFuBuf39Vj9px35%0Hd56bo zvdjZPzx4R4(!`BXYoi2vQx@Q4+$h0c>34EpUmV9pR3qws8}j&aa9pWCUWc-_OBd$< z9r;h(lK0=kZ2Dr7!_yIr?iLFH-5~#M@9*wd@t+U(*8V@MdAM{(=NO!2Q!qdUcroGZ z2b@~~AyO(c#=ap^^`>#S{Y5H;14+jJB}Kxg07=V1Itku- zWWy%$3`g{LjtYW7h;cH^`0gZ3 zx%Hr>flV^@GDq>e2ZnB*Cpj#UgS)4%!uy; za1?+o5Txin09zeRZDqQN;nK3wjnvIQb$#ZKb}&Q0qe7k!fUK5ak)12<^?GI`W_qNE zVk%!vS5HXBA(0U*7@SZUvX*dMNR}OG*GwAKe+Evnn62Cd1Jw-;o`MKJR08$qi0V2% zPvtln;UQfWnXWa{M^hh%43+&)usQ*6Cq#Bfq_gz)#)x<=$}I`u3N@cK&jPNgA~aVa zUBac8of>>jk!(yT)Utwa0f92$Q9*7H=XvSo(ChJ;rQ1?BLoB?F+c)srI0 zhJo3TS;K?LG1z3W!S#1#kkQW|$%v;}YXUTEPysesVsAwWdMUc^fX$SMF3VOJ?2dS; zN{ZKZUmZTFBs83?)bx60gek%5fX!hGjA_w1Q063YR-Em1-njC8tY(SDXPFkEyZX!a zTK-Q9t+NOR*u?+sI{BXt4-eMy|5ozw#4_?w2fsi9LA50~lPa1Tfu|UB%LPUm6|Mrn42WQ20yPG`P9ra2Hf|jJ z^C2N1v_+!-4E!-lQV8xLxXaKzUxJDY9295_%xQQIQb_)U*;$kj06*qw5+x*kU=Xj7 zVwR&Y1BD9Q%eG#e6fh#`!*eQ%Fy|rG-Yp!3(*#Wly0k;J11LPYCeVafI4FK`GsJi@ zh8P4B3?<7LbWGOVI6LJu2da~%Kd<6g4FMoSHU=fr`kam($3x%1w8R7_*^o<@f=g9W zrhEt%AO=)=cn%Ue{z`d-G6)ctVbwA(von}OAz0L$ zhg@S^YV4Df6ripnn&c?83uIY~aG88S$5Am@Yhyi9qTdbvDclh5sU#s^y6St&1w^|lw~2TfpYctUxGRI!96#P%GSgu4{h z&_H4i_RxpSnnkQ*5zT4;N^Bz5Y1gB$in4_UP7#-m^|NW#>$T!G)2Otgb;{hD4Zh(v z|ELUP^&-(n?Au@@OLUORzQ#Hjt zV>TXiatP;R{s{|2Nzf#X*&%$(40NWjATU-mf*^KL5)Q*810m*A={`wQfJu?$AcbK} zj|vJ5mrcH&jBjCqOMn#68IVS^;P!#{gF;emh3S3xfaN_nqmTg%7&jS41QtDdP~X$@ zLY&)xnXR%G02v|7oI1>0-eD&D!pxO_4KdifOS1SvM(F8)O>Xv|WF%n!J=hCCAO^#5Sz(5C;p+iU;7l{`9A#4LOAyg+%u zGQ5?JIE+OuGw*-cxkts_B}$X%VFt`IUN2|$>Jb-3DdKm3#ymIaVo3jrisYa4 z7)&owd@>;jMS4Wy z{97x1Z&f#zY|$@um3rFLvgLD(C$MnM>;u{<@G8v0AuNm@cEQ=loU1Q0ly%`aClBDQ z1M*!^Z3*u|X@sz5csDm13`~orHA$ZFgdiR{!P!16h zt^`W{a@wzPBoNBKk)5*L9YZh|9 zdo&BS>Vm_zG?(ED{FUxs-?Hq&iv~N&$}Zuz+R*`V@5RzL)`U-NV)jkehsD<0m}R{HLtqFVvAr5l|ySnFP)< z4A3OwCbd2ACLb1I48ct?fv-=l!S(6M%QJ9s9kl67#RaeF5w#rrSkWj=06{42wZiVl zI5X?$KhN5;nC}07wXpx&w(bA64|WgM_rEK7xOzuQ7=uX`aq2lh1sK8%79mNpArFNG zq{c*Z875XNJw`_wbk%lVD4r8aqke*#GYb%L@5n--OtJ_Z?24!;*OLL0>AHbb^!l~F z97maZY7sok{8hRUUN%z>EIt2KN$Zt}$DtW%gUnMe9^3OLagtf z);+Zqj`o7-km|Vdj{P>F57Y6_H zHtha$tNWLCo15Lg$=}_-b)L!Joxg1a9P>gqVFp;Bz-%&xMH2C)8-*C^<{9UN8Ky{`$Dg`?>M?h4+B>EaBw&m%0Z*r8 zE!-3RP-y#x%v}nn1*GCQn_o^aDZY|92{Df^aQjfIv3bAc~H9l?+VuI$ZHDVkt{ z#xqtLAVg+v={_v7BpYH?&7s{5BO?1(Qhs)WqS8gOeZvbGsn51-o8dN%$#JP|j2BwG zF*%;KjqyT@H&)I=*_^mIyJr_?X0x)motkjt-bJN6kL&OX<5)tS){`>g$w19L- zlQ8912aluwJ>1@Q@;`6w9IomADxUgnn&rb@eA|oEI$%+(=t>CM8#zchJS z#copp3U4n%jP0BBJjD1O6=uZe2^W7#p7+R(_dUUsatV-K%`xN!n%t%k1WyA%5P&!e zbM9u8WCRvDO1Vu8<=VNs3skl+fW1e|wp}!>S#@t<65ovTR7WgFm<$VuKcq+f{!{#a zD0BW4AMNk$?(`YPtS4@qa_vPNlJGXfh5(o$jMLfL`WwdS7{%~7PH=de!nxbdQ9*u1 znApv0&3PiP>$d`xmFw&MBfgF7di33q)p2WtTlY^b(|chFe{>9j;@&zi^lvCI2L`2Q z!gI@tkEY#x8%rCZ6c(OWjt7|2fEB09MEsa81`4NJqHlLVD}!ombT%kSz$&&J0~BBq z2TEjD%U-q5T@3=ZNVRh1qP0uPC8ZTMR+(LXWR@LOm7}XeE2kEaQLf{5_v*sqV=L!R zp9Rm%MNIy`x-f@bg4KtyW+0K?jfSDL%Qg?DU88z9?UL04YLu+8muiZM&rTwK^e_^x zj3)RW4uucs@eoKt-_b+yn=??!O7X@@4HU(o`xJNG29@t($8>OApofK)(V4B0K<>Ce zESW$po~3q{0Q2Er3Cxo7f%+@+0lQ0FF6nsbeT(bC$86qOYa{gesKuO1? z-{6B_8pIG(c1|y3Z_nxgzihz8ph{*Ua9M-OI&72jN$6n``}uRdg4nI13j3?M65XSG zBZ_)*(>7N%s*PGz;Tu_0p?_E!;Q1+C5aT9-T&Os>k;-YGoFwwQY znkf6s0%n+3Z0ch+*!f0hj{VRXO(7*Q(a4=o@{q$La5uSyMFt6E9y7NgPNFVl_|z0-Mw8W{^#C0{?kgHW;!$$ z3xF?&(p7DPzj!TgqqRRPXiw=1`b0(vp%jP3sClWS_+rf_s9!=9M8|3&&QX#PR;kNq z`4JGvuIWFIzfTsJu?E}aEZ)26+}(t;q%2sT69y_L^Tm<?@pzDJkcf!@MWNJMQ4yB|ES&*A z_5-ks88GP3AKT+=IP>{HY73`pdhTgoD$w!N{p5Gp_f{|9G|~JZ{S9ko4+S$)(7v{V z>bde_E+NLMl$`zIYf>J*-}I7fM6zK;%KB{#R;I>kf=tC7Wqewjt2%+=bx}M#f%Ge{z@ekb__olik|^N{}qnYACQ5Z ziT}g9bBTZr{NK+0p`HI>duxBq|E=U%od3hSD`5RBg262GjD4#7J6n5VmL7l`9z6N& ztK>1Y+yGr^E0Y&!n#8c6zwvHYQWb@WKPxEfn`K)TrjZiLs9D$S5)3fXA_rIO}*ZcDqPXOS>P9&V!pj@AwUY*@gVBa9` zP<{RjTGM|o6o8L+|97}+$N$;dTHpV#=9%UE*QLhA&w38;NH>r5i4{B@4BuD$H`{YP z$IAT z%6T)XzUgQ_k9%`VrfujyLYNd`ekHX|vz`P^^#9<{rvE$J``c^!zlul1XW=soWNgUi zfbFOl+>c-e#wcc4wxrszO-u@7hag1Q3hI^m+BT=emoHCbg(Jm;S-h7fn7N)A`gH(n zP&#%wq*Zx*v0~^xgN0M3w1w65{64Mh7?Kf+OFgSNU*vJ8bB@01+SO=z#%W62x+eLz z_n0e04Gm@Wt%*;^T^=v>_bcC&)|(rIqe&5Y1p}XCQiXY*km8239(pSdo8qa^BZ+KJ ze&rwdR?GS+v7|8jv(e8lU!K^5arCc8P`iev!z8F)xk-Si z7f0q5NEQ-FzUCde+GLV^0=3L%zDsw|{Z?fa#qjCU%7Ir?`0eS&{uQ2C&i`u?W^tIJ zY{pFR4d?&<-j;3uzjLs&j{mxnXP)yKt97t+XMl|)OGtd{v$o0+Cg)i~uKzE)4Psd^ zJ)b4B(opOq&(kDgB)p;|rDvxj7~SE?n4L6QWQ|WAS9SMP2LbO*wdZ|YmtU4prLmV|QM{;a4|N*;{Fb^Mt4n{VA_`-XG^?KY@?ZPl<| zp#lM8s(AHpOP^>ER&ncX&|1|EH^GuQDlm%>OK{C<$iI9yX5H2>Q$%UvDN0$aGgi%b zwG`-Vf9tTh%kUzQ@5A&O4#zMf*U3KxaPwU~d}g@e-%_lM|68db5RQ#grX8pQL`CdR zpLi_GX~{>m)(g7mIyg2X_K4W%Thzcx`_O=$17cAu*U~0`TF8G3I{?9NiP!{5C5&%g-=(i+`Ly(Mfgp=Fb6!Juac@DGZAjIGv z0{D?02MI|Zm_V2iS_Jb@jEE|et_R9{K^EZvhn8pt7YeE*zpav zVnsoH)ot$wAlN=ImY5t;IyS$C*x#B3vNi#2V}E6iNtKsM>+(NPl7Zkk2%Hvcr?^5- z;A$v9FiLJ=k%a^XPVO*cX}P)uRdco-^;Xp@C!7L@Vb&_+u4=XQ2CVLUl3@~N5wv3p zCIgTXu&KAJih|D|$w&um&(>>IU-o*)!sD?Wlz}b1>oM(mUE53O`549ajPn)t3dK<0 zBf5?+C?I26O?|#^)%bP~yC>8dX|Zg?#fUMG6wEwZN3>~Uw1lx_R~){vym`otv6O*` z15HO{s=Ab7qy4Zlfk|s`&S9ls<{4Jerj5}OhE?zz?oiZfT2nN938yd(>~Y}evTypF zz@k8u-%#QIgCrZE00c3-ozOo?5k}B~RyQM(QIe<_O;@BYZk`|;>O7MrQK-YVG3}zA z>$z!0@*)|B#lxFCrg9r8LIQ^m71JX=CngD+)k#Je1tkZ20SE>u3hA$oIWKd~j2A=2L1rvF!w?o#EM%|a zt_^*ZwJxFpY*Oy8r#QV1*c=)!ws!U&yGyr_+(VdwZ5C^pw&<{kJ%=6i_pEM3Rh`Jz ztqbGbDxz3;g8C>^Fb^wY8NpP^+7g72xNCPq72%O~x0W?mkPqMAh8QaQ`L?WjhL+<1p2c>)k9KfQ>g!)^T39lo5R?9|Pt@y5*Y2q;F5i6 zSNgyea0ovNFTkT?5d6>E?e1URz1`~m<=wNl@%{MS2BS7WWXaAG7;_uxNsdVY!*Qwd zbVpK4kZUy5!Xt$q zsr}Xk_Kwkc&&d?ASioXizV)m*QPXq&GyjVuD_t+x)}p0F6y*d1af&==nfw{LQc4tC z-oK1}@{JWXV%{-n?E2U1phqH{TbBC1Obe>-|9Q0i6~uqv-E-nUZEbI@{eM^TG~fTr z`PcJ5NcL$tPFWRZ)G`xc8}n&ZwkiLYNI)TSHF}aUR$QCOTApi(>Z{VSnqcZLQT&R( zbCjqiVlAPxmrndf=OWXj^48I^TK1oT-?_yH1ed&+Zh=rAr%I#(^SDV>xDRy0!L8Hj?z46YaT)0d2@yT0pB)b@H*h^cu6p z)ht$IMA@ufuaCK6RonWKy{K5SD_gWnT(;lZ!kuI3qS=;i9Wni`Si4qFGynJK`5(3q z_ni1&`}=GE|CKz={GW$1&dTHY&0^@Lr&PSP86HQZ+VG`9Bo(Bs*6L+3%NGr^3RAq= z>sxuS&0v-$TAar^%`+Td$w-Zl=jG6`J>!wmxDiflp~O zxPkBtrGzz)Qd>1#gJYZFo#m9Oq5mTA0`9+;Kd+g`)b*?ifu{H`drtnJ-Tk%vznZ57 z{TGuj6VeKOzznBAJ8eN_z7KiVtObL1Zj&!%ln}l|fmoxU3tl5h?(ahkhRGCWzO+Ef zKU@N8od%>KwZg(NPQIs<4D-cZETs%N4##>l5`DIuToyjtl)52T%I2jG`q$0PQakD` z60$T8ySYi2IoW2*&@+mBJjH^71Z9gV(2S9jK^Ocgb$`~(aL}&wr$=djidB?$pFAj* zl!jdI#}@%xo&R&@eUMMX`MWvW+7){cn2x+oAaxx8$Egm$54L5O`c&_K9F1T+Nn!lcqKTlJ^gsK1HvhkU zaIlX5w34U&{hzfS@bUxz)618&(_jE(q0;7l&`1cawJ~p2XdT32siAd975Sn2&%mqj z4uTLwD1QKGz?fSNu*t(_@czP>knseQ7ZB#BwDyKGJEDn`IOZP5a(Jb+g&nui=$_eF zz$%NY34JQNGi1BA=C|=y#z3J1X1Q!pP0g6@+G_H<UiP_&S4fWFq#6wqGKt*tY9Q1 z!ppu-T0h^{V!B6Z)SVC^6#T30C2hb2;7XI_$@`>vV|uAXhJhDt4q1;7L&F2Dy(8FX|;FFtgSlD#$g^f?bh1T_z>XDs-uX`aDuY1 zc+gLyX~k*8TJ##stWTU(JyrCdgh>XA{`;^P;)O1MTG0R9twa0%XM1aJP5)Q%i2Off zQe+s=$>yPx7bE_B@$@J-k3y~H2>9~li73a(GyQ|oWdc7EMW$H}Z~dfTMTM<3qn?}` zvCxGCfdXbRvt?r>Uf}kmMYbZVBTIICF@stPshhVHz>lN|Pv~!xBJ-Q~HsLLk0kGZe zS)gMTHMdt8G}kn>P*Bn&f`PgcFAIu(gavb4F&klTtJ_)3({6o8Ea7RQ|MYv9#gBRa zzrC}yZPWk#{lhi=U&Uk4e=*rhJOTv7AL0~HeObN-WL;zwIVlER^?dh}*&0&r1EN!1 zLD(BmsXj;6l>0k)n&>~wri-%wP4xfZaNn~3*giPiU-SPfc?|l0mQ9yK_F*>tAxJ*! z$0PCm&t;AajljZe+QMph1k;?IM;e+hCOKsJV&?E01p&{QOa%|x;Xnkt?{Gq2X8*kN zk$AsiY3hp-I)R2+eHDZxV=6TTgvS8RL zMr?q7@rAu$AlT5=PUJYegXbB!C|)C!2eM_~X=)whVyLyoelF1X$c%7h-0DVBiT4|P zxPk+A!7I!s`JaOXrZN5L5hzgsHZuq|Q<#CxjVbsH?%)IN@JN|vgi!Srd9mO%mWhPFVj1h- zydr(Wkh=qt41m0@oN{1l3CKT>?8S<1|3RDN5!!eucS&o?X4C3z#_7&ak{d<22qFP}k*?qT7yCP2jExb->g@CNKfpjVXj*dJ_$E83BZ z)wrH9i?mp)NhXLHWl9QZ91?@4n5UWH42`8`bY6O_HE4dRUC7 zIH)5UoFS(5aBnb4Q?aMT7N|hOp@1cOm+?S{Gb(9K9-%zBN>)O`k}rtNd`vwFi&L8AXTt@=YZFWFRUb=P1n*w z{--?UW9onR4h|1&{qMonI{wE>9!LJCv%NGW00s7=C<1t2maGh@l+ScYK^GIWvs&Qf z(IK$cmMLSH#au{}^?C|;$NHcn(O}V7C9P37nw_F8ta-#UzagUC0~dKe+RMZ`eelbf zw}^~p?}(T@D#h|#h68LNt6lQSxunIsf+C$apDZ_*=)^`*ljgjQdIR!`^(O@#b}vvP z9X+aS)Fc`8s%uIH3Jzuyi%Ox05eZu`nn5hm2Ga^PVU*zdI!BpiHOBj4P!z8qB-*Qr zd7z8~wOOtZsRUlfnzfh@KRt{CL$aiE^I#}^|7St(T61K!aBGq{1TJ%n98#Rnf>M;U zhadnyCYS^Y*~VVEqEn5Q*)P$34OO!y=YTHY!NNT~E_KnZ)k-=sTCO}*H5Hm5!R|%b zqLx~^Qohpg@|)az1+$kH{Qt`YlSj4xINWvOKkOf_@BdcvIQ;+1rP+RnrSqfk|GY1c za~TLT-&G)+3Xew;Ep9V?GpR<{juu>=hv4x0wzKkz4I~(_E4en2Y#;Y_lFx!T734U$ zK8^gQkrm*7S;OdD0lFo9*MMay=Q_|h14^2&rploB%exp{^kitF|AXWsjL#M`0;#9} z+gtlP4*fseUdR7g$z#y}pXp>T&k97Yogd-^C_A&%BcT5boJ>&?gDgowj*^VP0{e3P z`_d99oLXf_D0|S5BO#k6aT1<}Ip!(~M;_!ua*;C+tKRG1&tIIMygxm;ytd35_47;- z61%vB;^Ro|=Ff|}E6NNWf@PeWpIO2TV;G$Z`f+s3A`AW}Mp>;SsJ1n-Hh<~ky z<@8&P2(PI%bou7|MP)ne<2=o(x*W#&M71m!5!N&Lp;FYXAsfZVmi13R7MIYmOe6RYwr0Kv_F zQwk8!1*KDfc9q#Qi~8*MoFLv`pWV1%%%i3v6%U`d<~>?KE+OFFD8#>9zL`tN80M23 zo>+wAM4Rdl^GVR@*s59`bHl2^e;ToMYcG6-bEoE8FHOb?vBI@Fn!SeFt{opkh#PM> zo#iR7nRy%wD8J=uy1ZR4Ki?KGylZ(^T|Z<-6kBb$eDB*0RZY$BahPNi#=>m1HN`>v z;_CeOvnzTYpZs+G^8Duf?3(XYdFa+~C%Prk%nkp3etrJa%d__{&VD~Xm5m0J5e_O@ zp#C#(J^;le%aUveLd+!tI!lZsCz!Fkn_B=CGJ!$oIeS+?Mo0n7rZ#WQCK(mlDN%9@ zy<(D`;5Qf+Y=WzcF#1f(&~*VtA^*wJYLIAEK{Gj&*+IOyKD&CqIFyAU(4$R)_+>s2 zzg%6sxqQDk7%v3R5l$BwLgeRbx}*vi#?12k;tIqFV#XGWwf7vPkN|v8ij=FqebQzfa`{siY6UZ^WadBj%{b&I=)ltB5h-P>}^AJMfj&Q)bcWy zZL~~M01~#^%8o*SuQ}x8y_&?dSHK+Mgdi<{`0N%{B|aLwcXMJy!r^jIA>nXd9P&w; z^8Ei*>Si_7L0L8c!TI1dB9{fkFeA0ecW8yg$OUFr4NlVg@Bvdf0#3DXq+XS!4{z1P z>>6Kf3`>A5(tMTcTi0Zkc=+(FQv<6p{tO6Wip)iLkf!rLO$IP}h*J27`M-)deJjVI2CVM%Dz5@3{9QayqmVMZd5W3TeUS7a!LPd`tN0?lbupkDhV~L9N3h*P0 z0uYP{$;Cg|sNk>!LjnL}u)MbOr9Y1Lis=8kYX1)o8dWHHPL*s;4Q?3F8LN^C># z{+q9d6vi*mXFT_4owPj_DzwkvwYp>dSWgrGm!pC#8UVB@{?E?gj&1+7yR+v1R`MA9 zADiqYMt@`QehB7I^km75pUij#i)j+U*WnmGSAUh9muoY@3Yao@j$*FifgVSHd95L9 zCK!k;eZ5}KvgsXI81zI*lY8Ot$Osk;S_qVos|Dln!y{oagv3xsX{TiW892#eW+A~Y z^hB4O5I=&qs0D4N(T=ZGqR+15N@9#(#f`0pg@blD1vxSqDn}$K6VOtIOLQ$SlCe^+ zT0OH6zZ6B6hjz8=c!`4!+T;|(vdzVCKIcER1#8XRv(+aT0U8p|a2D2gGa9Kr; z!6tKeFyEGraBj0zu6QKMFAGFagi>8!L881$U13zuMP2DsylISp{8(*XI84!PnDz!? zn%;)d-3wk!9ibAnjz7Aa8c`+psV2>id52V$Jr@1-kD7IDEr}|>Wi}>2B)v7}gq4yl z2?*t|O!6ESz-g9igS3$xAxuhe@-GIi=T>Kg!77!#EgHiLJx!!g2o|9s9^lSOn!){oe-Ae5}?7LH18GF|KlFG zhJ?s=7%=!TPm?GiDYIRs9S8SGni{oOZ*JJ(5*83(LJLG8hL{_MC}4@+V*DHoPyyh_ zaGa;`IbC@VXu>VZLvV9?$xwgu;*wJyHjOM_CtWYuWPA&Yo(PjTg0#Fg1PsMnC|lwf zo}?Jj_94d#+g+9Y3)!s;8(RkF^~DVc2LsA&Ys3E>gjf|3U1l@E(2+nfZ~B~YBl!_b zbIf^kHGJTH1T$k|sqir==m~=c1Hrj}ZOQ4!cpBw@eklLGNE)an`;Xn-11JCU{yP8D zN*<>%VbwcK7NcaY~ zbxb(9z^>qjNkVxP0#X=a!Z3CQanyihU!FbTsBb-8|A&5 z#;uZ5{Myv@+kcwRe{>5MyZ~tQ|K79X{~zw{9jwp)RXm3N|B_AivW|QT>&H<3i>@r& z?1RCj!oIE=Ns}qeAjSa*=n<8O-*lCdNp6~fFaS4}Er_92k*bzqkw<~JdGGj){0u!D zTLtx0+h+v9E7m2UGy|mT1JE@Y4Q3c&S}?k0IwZcGB9bFbJ>F^%bv;CIj`~0YOR0x_>_h};>4Q4w256lsV=z+>sfn1qWl^~cVDv){LEXV z6CA?V!hgkPatq+^p#^O@#G7Oc(Zp*dQj4bAsDVN7D{yT%*Dd+c=7@nra*3RAO~1cW z2D$9fviM}1O=e}vzjTg_$Qe4~POvW^%uiAN;13vEe{f1rHY4GWYlL$cfig+e6c+bI zLLfhD<-IsD7LYn^)oYIQD_9I+38DP#Yp;SeWjT#XVIbl9$rmsUAFg49vY5&Q^u(PM z@Mcs%JVI$q<%>xaL5%fRqWQ8~4vPfE@^4R2A<5S>Bn&2$-%hC%MP<+Q#34Q=LgkI; z5IVABgA|42U@xFuB>cYzdx4X{sl8nAPEYa?it98xi#ADS04#YM<86Ox{G-%|m4UX!GXZi6pdI$5GPqL>M`D&yM{xPt&ux_7>wx*Lk^W%A%*IyhV3J`1 z!pC~ZHajs>Oth)z(!K2Wh89_iZany50x`iyPXLJW$&rX=FJZ~g zy(ph>6R&urX{MXSFQ&VM^6wUHgcNt=wWJ9p^oLd}mJ1Vxz z6Y?C4VaP1JCK;<+UR%m;_569tYui`dSquej&}y;pDCbL*^d)1les`k!cvG-(~KFKED+-G71feq$l$n&QynmvIZaKbzUVo>f!g1|T=(FlYf4+(+AlI&pS z-IXnmLsd(ZRQ=%#XujjlKvh5a^h3*YPSBCMd~*btLiDKLFW?Y<+}>i%^^5+CyQ>g-izh1ahyf8TkbS71mCAv=8iIf29i|DVmRzyH1WcDwtRcc0mR-)?pP z^6pt@lfI=tKac;`*>Lmw$ejU#|Iw;#zCF9V`Q_Db?~=cLhV0e9cmB3v-ps+GK*cLO ztVT^kZ}Tz@lMI|^1P+;i28TVc-FXf+f2LBdc(K*nr>|ZmX+pOqf4RT4HSYKm6P3ts z@{Fo5=49=xf7!q3|I&Ze|4p{_3x#ZzO8S>c|0e1GlJs9C{ofK*Hlc-0l#>kHKF}>B z%53fI(L!e*bCkhM_F#K=4<2;P`$x5m>}yPmG`TlbQApqr6?&>=dF%vQ+VDRhv%CpY zj6fL2RNkhvF96&WXh1oU`!FM%N#yo0%m~%CeJZacHBLz)F^AqkyErZP8jl#_LiJu9 ziGd*MddL{cu5C@FI#AP#4cp6m(e7A1avNw*y1lw4d*;>rcKqD$slICLad57Ib#_J7 zv{c<~XTd_`cbTNZ#NxDapj?c8m-#C61o=FqHb1?j`q7ss-&MC=QCj+nRg^eU;wli) z4sfIWjz23^8|{<5PV7v9^kf?#Dj?8i2dEf_1p8y`Fufdi#pj9hB>ffGTR3}c`0Csh z+&8mv88ruPj$%*z;w5X)MQmeMLjE?i=N9d?qTPZZ9LL&U!+g?9G6GZfF8Ry$z8#2Z zLvKYbecp_0MV6_Hbu`Q;9@E%IjH=B2u!x_44hh)w-X}PW^#4&%$aQd{=%K_8HNF@*nxCKK15YNG6 z=tRDubT@R)w4mi&Z&wx3To!(VVc{=Hzo=p?=)S)k&zHi~*}kCaZY6*0^)FwZuPj3PA7FAFqCQf7Kcxgw{MS&Un9>fARE zj8a=Xc!{Dg9U)8tUNx0}%f=fT&H2B;zVeU4JiJZPgd~uu^FOH=Fj2Xt$|Aim7P{Rq zj*n~>wXqTa-5MqOC&O8tHUQqftGeK+Y%DHN&LPlWt#K@?&4MIr!o||nTA#{|xpJyq zOB23(`mOhF+1I?|3Ef_5!+Tspr4c?XaDoZUR8T1GO?6->t&k~r!_v&XG0#3PTAgIS z*+A1q)dxhR*0wsTS)bZV*{9-O)sNEj)<#^A${0?Q2)dTI z8&i}{xK-ljY^N-*_zF!j(o3+65u>(~H7dSwa&Ywxd`&hD-^lrujiQrE%XmHjArLQF zauXhyfdz*c!!Q#OF3d~(QHVj9fe_1U)XM*+jh2LIG1_LMGa$Ef zhH8Xa?I*Q3(^qRlQr}C7!Nn97MG^}`R!tw|Y267gY&Bt0BMnu*C5l#{S2ISXUq5~> zOiISda71XqNzRdC;Y)=2I~)*LfH7^%<3n%VCrEZP5Wg8qXT$n6&G9d)G>V zMgzw68D?hGRd|+p3nhhT$t8n9(X*@e0#-!9r_W*CfonvUMOctZM?t`Gq0R z3b8~*9Sy1@>#EQ^6)|kh@CB$KSB#Rj)Kl{Od@ctoB4sjItreAKKRec*WKnGtg1r>o zgUwWW;TZ2b+}z2MkV>ZdKFkQSD7;Ow7=%1_-+vslTFfHp_1Vq)pUz*ucz=C%_51nh znRVueaeOM0wb$vx>UhmSZ{qy-)3ZQ=wT}bYnwd&cybNqis}_095o<2(AdF*$OEs&{ zK)ynl7@0Pym|0A+G8<=t!7Yr!35HY{r7|Z$AR3|ji~-=(`W6mQ0Rg^GNHj{aAuSVT zh>TzXCKwhxJmE`7Fq<4RbR-qSPJg}l<28uFoR&20(wi7v^V+xKn66YPCOEuJ;q}4k zoLTtm=z|G;mgBt@y5-5=u6Iq58)n!Ob;m^w!n14(wj%6=FZETf&u&<5-5KlrGHacm zFaCIab~Rg_7bmChFMdC}x;lSRvBQ_X#Va^!RyBwVrv33-t*M>CP-tiI$$Ia#%h|MpKlkP`=A;c^#s#+RAaAd}i#sAb5 ze)eG!ruwi@9jZ=~SiznK-R2R>qg@AK;c9hwT(K zv&H_Lq%Z)%&myqL4SI=&_#!(i3RL*6{j7LZl{sQ(VF`4KY4mkg1xuMBHaC*OddIij zq=_{nds;DDeyuHOEOs^<;?(P001uzTR-|35ff$A4YPW1RomWG^ub zoCfuWU;>Q(ESm|KqLgnoT8Pbo{xw1|yoSXT7U#nZ6)<+ZCQ&v>hT|{~K!9OXKoWpp z8WFDt<=V_B_?;WF@X4IX#7K0z{|wx`d~tOIWCYKD2d@zUzn|VPb_Y!exW2h|oJpC- zgU>RFIn8gX&s8=_d`dSnXzST|=)h|d5;&No*N|9-Jq+U)C?m>KknMK0Zu%G&5hVR- z#5`i@g2QaVdBXFXsCx601tkEAZ^>%;`&F^PJ*G)&qcp6xmPS`k>Q~;QTV$#BJ00-3 zybGx?$l@LEy2eu_^)OX?<$HhiC74tRnxapO)@%u;|BUj=bk*2isTKpPAO&oRY66G) z)Kgz7L=Z1HJh}A(6YpmM#oI4X9uB3D>qD?C;1g$b<+P_~b&9P^ofLb`&=j0^L4$Or z1-ZE_;2`-3f_~t`s9x7rfs%#@r7JAb9Tx~gFhIq9Si}IQAs&IZ{YF$b@^VD&6Yw?4 zs0jEg!sG@i2`vD@Pf45c^{uHT(6viA4?0 zEfdPB6^e-YMe|r(w4PR#rV#B~z*O)Oxf^lpBu~lWka~G|EEMBYi&R@LbHhb>d z)=YE*BVK1*D>F!XvN-8SniVFj!E&5(Y33m^n51bYhNgyTVL}ZphkLR{;6`Hij`=Z= zJMJm&KBZiUYSSs}u8f+qu7a0tJs6r9y^L2O?7*=KAIBV!=#~kwnvrC{S9(t0i+qXF z@MbpN!Gl`4+x0A~PBDd7St>BBxaw?67edBrrg@r5?#9!Cq)1ipy$~g>^Mh2Bu!PC1 zGaJErc&ExS(MX?*dKpQGOp45Ps}b3JwRFlSY0C5YiXd$mglP(L6yv^TU_uucuWr{> znL@|m9RwI=7_!WrRA}-f$MWn53m_BZ>SaA+afz-v9_syP;2IJTO)x=Yz;+DEm<>w~ zi*bT6v)uQjI*;~x`J_2kB9#MJ8paujwYcmn4cd&6oU2Eg#=z}cHTsQMdUA`pi%oS0 z6`F|cC5)SPZ^i2BwAMkI!_$8TnD-f%xCHahEK9j7*)3#LjUMhS({>J{WROI4*+Mr4 zkVGRGUso(}s{>w~y{?!uX@$o`mmE}1J1A)m8&c)!h%rvnYjbZUsWX$< zR*sxU#mi$4vZA`NdqVzH?&{~lBbW`PexGQHYHD%~TLM#-(nd(Y3^Txq6cfV@i0q9I zm?wh5*S>T8mY#A%QO z-0BEup#QsDhdUPi-`hD{$A4YPW6*ywsgH65RHwB5ferxG$*(L3EcXbYy;{~0Aj^bg zM9TzyW2|sAg4{Slq*H&iQ=?nsGL`FQcO|+N8S(v!GM_13ZWzzCoE9+|?F{GUm@e00 z%*opzW~HJ3U%osM%m1hf^ax?X?UU#)c2Zj)ZHT@z9k7dS@vgM5Vn~XxwH)EkV3OxN zVsI5ggyg@%Fop#dc$F`lNUs^UkynwJEK@6G!YQ+|xVJEk8;{j3XHj7C&i3C|g9CtW zsGZt(~nyC;$7w_FDhDlBb@ymFu7~3v4}I^OG$3v4FAi6HtHXL_|Y?7V_m@(~E5Q zfJnNi7p$gQ^1TWaE3PyYzB@CcGP%Huic) zl&}WGIX*^H$dBn{0HP6$?zsJY0Rd0278VfTNlqyu@4#R}CI$3oJ5{z=PLme8^>&Zu zn7*X|-ucF^*~7^lTixf$#>qi@mZ(ex{P1%E(^#8|Ns$I1xSjCBJ%CwM{Knja!zh9n z^WWU-n*A<;o6*fQ*glg}w#toVZG1(c6 zF1enJVxja;$pEOczbs}tF0j+^4VK9(m^(}tLsE7_ckqjEFGI|o4_&~jhHkcbS-_m0 zq)d=BLH&v_lY7+RH|;*12B3EZQy5~{6SktN0n>pJ6~qN_^ylrJ-9Q1?%O}}TFFPV6 zKkE0NPWyQ&P1%(uMe40{^mO`vo=%x-hG!hgpKmZMxIdv7xU!YndQ=3w4ULox8~=!J zBOMv~_fa(Bec(W(0&O zMj%ha2S#R5N;zK;p`w5h5!ud3k_|h2g$e?9#B8*mKo&xShcAE4E&!O%;}c4dm>r%% zv?~c1SA~dW!LL!|8kC=YRrfQ-l$A;ptw53u#d|sl?A@eD`71h}>=hfIT6S{w zqahLOhI&@DiX6<&?8TvcJ}snZTpX{t=-)<|F?>#R{s;j9QW?SgjgzwGVgtyxIUv?bE9<2 zwUG`~3mjGeHr(x}X+E5MY`Sl^j1vvVseYz0&gU?{=In)^6N18^A(qc&yNJ0JZQ`d6h=vXXu$~Fp! zCn>2;v#j=ImJjW5_XNVwVLE|VnwO8Py5N@2^5H@&X5)KUGVOPJmJgS+Xxd4lUY51% zNas9jKTqWNBpHW8D1FzD0IPJGCNLxC^ve?~`v{fZRnDj*uz&Dp`GTdTRByalBSrh7 zg2*wcURLF#l*$93r711nnJMtNRV44AneOlj0Cw_!J?XxlJ|BQCIC=TlNz6IS31REx@ z0eJTg{M*0L@j?aRh@HMXe}D4k=GSAV@L!*Zv882Sp8tM!%tn>JrYkB1!3KRVO2$YG zSpjj5G7OJ5HZ`(CS0I`Y(8XXE?0~;(pSTnirHSztfbK|jfi8f+{+yRRytr~c=SenH zFFN8^G5~KuupvvG_|CiVHR^6bNXocasl!1fm1gjx##VEP?wZ;2O!M6QU8H+^>T z^IU{m$*i-HZc%MbyuUW_esywne)8g{m5^^S>CFUOB6W3faZ^FZrRJqTh+OK_{Lu+F zqpJe*@dN&lhVeMbKzG87XS<_dz>>X>oM^J?oY|JAqr#p_=#R<-5%q_^1e0;v}#Hzz-xT%TFHUFhn>zv}vX z&*fbGLaQhEW7_)`i?di=+8CW$2t5V1>_KpZxUlj42wyuY!6+o2jn^RG7{9kP-nFd`diJmN< ztO*@Q^}ut*#skE*wt^GHXi}u0+hvyP-R=Z)8t57OFTs)dK@$_?2QE?^{rN9{-tE(l z_vHt+e!c{KCXFyNNR6n8=ss22<*O0HN^jd&^3ai{}CnxT>Sw~Utj)WIY&vXSSLB}6BS8bx-~ODA5<6HeDPi5W{A(=VKHxP4N<$#6LFiANH zePEvEpFXjgU%tExo=8Q8Syv4<%DCC_+tTj%9qoBOe4k)?Ts(m88*Y@0StuCLjfJ%{ z`(tDpEGt#T{u6dmib1w8O{>~{L_^(2dRo~33a#~=&R@;`U;8^-w*S}m;X3~3Y98kQ z^^JLd$!n52*Dt>jtMdDr-Q`OH^!j^QAPa;@*9%wP?D!xXw>~Ys$wsZb$&CBVdRMaD z-K~Q_LDtGke;B$5(?kjbAys(ebd;=-;S4|batqAF_a~Y6O$KH8_e__R7*j=X7j213i<4| z^ij0^8_W2UKF37*tIO%G`obqr`z*+2SwKw6GF%(w5?I`?(dM9*<;g%!+?XBZKuH^Y9@9pM&{{{+BCkpBeaN0k3`$GPPoFSG^aAQR?%a*zkcTyl^H&YW^k1*AFUAQReLfk-SEe02*5 z?ZqDl2uZO3LRbGhK)%sKt`|(02dgi}p(Q*pfVSwM^~aSG)S}RU(xX&PpoRp4=m)1ER?qbFd0iIEuR#-i zpO@V?Ak7uU(1kEh07Dnbd`!6?&U`Gnzh`tWQ&?)T%npm26S;i-S7nB|UvxuUKsP3! z%lH~2#lNYsno~u;G_ICU!{R)xc^IvRqt!wNJT^bug8#!PEf!(_8uLH6@t?PM4)@pm z-zuJOk^ke~7B%djCj`@M+#3a8^KT63<3xKdeWU7mpg;fR&;B^i4I!H+MQUhJU3ZnT z$FBC&a<6ITa9D+9F*qeKK2AD&qmXWO@amA};%^)P^RPDt5HZxVGbB2cZ<2>FoQ*`* zMLAnd+``h&dNx{%AN2;^Sc<>{k$8~ysY0wt#L@4LzI!z*2k?5xc@Xn{xFApaI$uxh1MEPZb2#OFlF4^RXsBs?C zmtNILDW{dM3Tm4Rlz47BGri(4MYmzv8-!_k8%B4+>zT5*Y*1xy%0ohwpp;uy0vcnz zdgVG&3_*GYBVA9bexyF zLK8wU*vw$X*w~}mep>Y@^<(vpb>ppr&pU8Gf|)U_B0}(6UaVnh!Ve9dv84y^TCNyL zlNp?6eOC>JuhVvioi6KaW8EBEc#Bk#4!bJ`qZhM)l>DG{+2$F0tpR%nlFT>b)r_|n zydRwNo>EhetPBdX=3`hdN8oGD08R)p8zH!@G80v(8jHe5Kz~j)*?WI z;;{4;9VVC*57)|aStZO>R{0Y$qG#Ui!5+*a6hrQpLFlnayLdlBsj>z)%ju^0AqAs5 zAmF2?I1sul?TDnK$D%!RPXaYF{({PbqAd7XVBqbi(Zh;EIxff1u6?WmcMAkX2Yd(z zdFflg%DA{{hot)ia2zJ7tjzwNdRX+oQSeZvQ*^KK zssm`VKv1I!2{R<&EXE+?Fb|ye>l8q>i16l>qLHqI1Z83IpzD6770O1|a?Qaiu0`+o zu_`oPC0C#w{((BEB!-*< z%0F~oS>|?{D;tzYx)PFw-jot4WIH`A5|8-Aond8Ks?BOlCL~FFWodERl`L|D?Mn{? z0(bgPSuG0F6czyp&iRA{Ah?5+ddZ$#^L@%W+)hW=dG?=y^DH4&{2%x+m)-GYzY;bQ zln_D~>*g4m=2#n*fQQA@sbc>b_-R7GASo~b(FjI&v>vm%7L1QbnyKvd6=(1m>TCMO_dr%3=Vui^z10H>+ryIEV#8wH1N;%3W`g@Ub)=$+_ zfBu^nyz{aE4d?&C){bNUf3Ul@|6j?YsXef;kxV(KDrqe$O3OVSaIPfVt+)qs5iQ?} zQerF)L3ViPq%H^~k=yE2a3_`mlG&A2eZ$j89-V;`)W!Ou1&ydS`6yY9{xk3g1fy^Y zK`AzJ(-xGa4`3Tm=_bKEr>T7`E6k3;W=(USDG&@kGb_NK>G5pJA7wv|T@lEFC7ZM$ zXlG9CDQ?tu?wL)Fu|n43YfP80IEvZ=rh*n-x$t9xNl<~advHqY*fty=FKV-U%?zLH zqh3Xv&vG(d=1(uo*+8+=f{te-Vc8Q8m$t}w-a?={-Z-c_t5mM`pA&v>p{R;%!&um+ z!80zmdDX(Q7{R4XWt+(q=H*5ujiIlf%i7r#<8>g{Zn4zrLr z-&S-?_D}&rXYZ7xu5K?{?7ceiB+WL5TaB5=XsoPTqZXWjuCViuO}kK$$u;Oj!tThT zd%ba&%icaQH@I3oj9J;m0uIF$*AVUhjU)7*W|~Loel3^mDK= zZRls$mfaY4G%Ul#V6n7Bw=PFQ%RFe9#O8-r16T;drw z-mtc&DBM<*i#OM7Q8Kc(uscF>7)L!VtK!VV$0|2@ux!YbkZhTX2CG)&<|xFM1so(F zRnYK&Lzw-f&`^|1ld?{PU#hrVI?+h z60OADVpVr663f8>aL&QOSwyqo<7pSbbjX-%>2#REVoE9;NyS%(sJ4Ze)o#Dr-0tf5 zWyUs|9DoVn7Jd2QKI6A5e5u&PmFfS6s-VrQ$|l6-(aJg-sFFKwF}d(kRMfpIB~Zaj zDnrIR0ai=+1E1cSDQ99+K$ebHV_KF7P15@E2-7C zz_^}%Yd08FA%81l2)&9SX~MM!r9O1p4Y~-GyNH3ww~$7eC`qDU1_O_3xcgkNdC)17 zha|D?I;foW+k%TRfCY#VBn6vmZqbhuV3`eRaaV@Jp?#kqB5e%qN*>fPm&1x{g7#dH zBgpEGHQVTBXhNc5s`Lv9ZMKucV>?ky5W&JZFvNaYqp;+V_Jb>8&U#3btWhPi6}G6> z`Y@n+Zp}gpOHQk2AzW7Tqecm7ell8*G?WziJ#&8bVXvD0nbKMnscS8&wM4WJ+7*Ph zss-L&aC-o_+lX*=fY*z0JpkNZplf++xD}$jc$aZshLRU@M?Y?F8qgwC%76vBAY{(& zp~84h3Y4FhpDcs-tu!mh756q|ZSJ_Y?`g&##s>jTHPQM~W!nG5P{>}2+p&HX zv*OO}H%-C0#X9ex9rd)aqdC%DB)GsZ#{W`zqjbkPMl<-xPM`C{Lb?uh3dzgz7PtKD zjejQqVrx^{fyj3|y&LoZ^M=^cVvBz5@*PY-8cce)P$!3nJvJa;YArx?##AEtIZOHE zh>vGUq<2+euPtM&Od(;8rm{vL$_E3my=AQ$n>6hH1YXe{$_>PG#7*3C1fzS+zCpI^ z*iX}QpSGl$CBAoZx639&n9%JmL9UeTOme36=|f>R0g#zt{xQcnGKF?)^v^iL@9mj4 zQ~>4FZgYu80qToRQ{v@J?^t#qaYRYB2T7Hb?0esAZJsty?foxK3N#U6cXmHfZubTz zaDqBof;ahp?H}0r-}jGBHt~Pg^0Z?1+Bz6&tDyhj7h2=?F<4)VIuQ14kG@Ln0Jp46 zqj*#?T6rOi+W9b-az`1jK^uml^sx^1L~^*|1_PU3{FsIQ?Lg6uhEGU|6_l2xQYL zmaCwD<}X{WCF82lj(hBppVVJ|0YK1Hd0lR4>u_@{6;ug#h#v7K(>3%tPNjig?3CcqBJqvV{a-O zx(MwSL_vAoZIu_p;oZOBaZ#2dF3#PGJti0_B8dvKHCdMLq`Fw&^~o_xc>< zXo5b!M_CL*bQZ@T_{Tqf|KEXGDzNO~3kk5jl-LIi0eT}w3nJ0I(*S*M6rAR0Y?fqi zeAic7>WjAY$1?rCYuKZCMmn`F#dS8XFDw;mDj3&4ypG>s$8%lId*e6ezH|;H9!mcR zc`@>o>@q(I*4g%!xOFdbJS*?An+-}B_H@*XPDO|Y9d(vxfqe`7#mM1NQ_s4y{UY5g z8tb{KF*vy(^^PkuR6rJTkNK`-Fholvs_|%b2hL1UJQ~3k=`0POk|9}yEbt;9Cqpg; zd&@wDpM^9Z_9m#%$l798X|_EcMoToOMO@snqAjl2GF{lRWwywBYgwc2vIE8fdh39a zd)YE0{r;A@VTGzW$(L40T@_kD zOCB#*eWBabIi!%|+vF>&_CC*LU{=;}Qx>Kt*6oocZiI7Eq%#LR$F9Fcy|R;q^}g+p z)k>=vI^!L;G9K?jPjTe#ITsa8@1$jocc{1apu}K@?AG@I2Ryt*_dtwUbk^IrYp?El z)q#4?L!DKi-4D)BS`$967LuER4ZGWac_GsKZEY7;O+5W-)TXWK8z*lF@>_($) z-LEP@>IEa(j;@*e%E}Ldm)k`Llk+OT>Y1&ea=1XV8p>{vJN=ME>oJmKQCCdkD(GMRD;ln4VzSJR zKj4R^L)8_-vX)Y%$`>^%RJqt4)v3|vbEjZE$zA zOg^_*e6jO1Cygcfh+ffFZCgGyY=w7kGFcGFCFSU+9bhXH(n_>AHLMnOa2p%b3fDC0 z#Z_b5-dZ&Wpz6={B?0b)_+E6!|?* zf6e_V6gtZH+Jy@@L%%~e1cme5F)p7~(2x>iXAzGK=78^86vkY+BepOyGmsIcNeBz` zZFLj=>6O6F3CfMhtemddO5oMC;)n1JyhVV_a|G@Xh|;9sQ2?TO=7Ew)_Yp$b%RlCn zsLbZ1_%*?Q7^`4l{c0!UpQp1MmdsmjUw!>Z?}%ug#mq8 z7r0?~2?srokY^xAJCG1O;VEqvFvoQ3RG4sk0CQgrS<9~C&aL~rO>M7EZuci}NoR>+ zcn3vbp4A~#9NqZ2&4t4ORox)Z%-bJ-Np>gXE6zWdb#{LO=PWlEfPl={oe*DJjL9Ok1bBYKh$n9tR!&L_&AC9qD@H^#BJMCnFPSmPp0|jZFya3zFA2ju z3amLVH$k)MgTFUR3}`24wGg#@oeip9dsU2W#4nvBw-Ud+{dZ>}&6j#g=n)zZ^R72f z=LNIoSHhrvjp~<7TTf$u@M-8Z;H#g-ss)(l+JQUGL-gVGRT6!^ zstTIWVOQ=6Cw8;l5#s>%JrmMxp0z&S`#*Wk-TegP_^f0WO9laM@c-O9 z8rk{Z_f9tXf7bH|PybRLV25iep~EPmvSSKh9EU>N_k?gsQ_#N8G52tQmCvi zX%hu%p64i`hf997P6=NK6FL?^LCl}oIqm9i;8dSnmv3}C1b+r9*u4K=vy{6J7yo;2 zw10eP$NxS)-0c6gJZ#(WDPGUk=Y1`;>t$8C*QO|*4aszuMgBeowcYE5S?#<3*WItYMNu=hyG5;_+QCm6PL$FCs@nBB_{YRg9Sm}$TK=~Mk zXc=j+f&L%v@7eJ`4vzOX@juq`h=5}+#XJKw(G5ajmPS_@3VY!S&LX=^BSX~kWRIZz zPem3Zme8pDIbdW+SeRj+)v_{agqCT7mgT>sb`&R*^1e>g%F?I{+iDzJ-)3}}c5;zK z=(B5Xp&Po=63;|&Z!WzM#^|LDy`~rtSI$~^|FbxzI3%b5kn8Lz!dOp^*}>4RXz4AD zVVL&-#wR`y6RejpK{jk@u0Ts7I*I(J$aPu|F3VdeF3Iiu4P}^N-8oS%MZ378p6z3p ziHKXs?1*mC1>y=HF-93btlbdxQMg(3Rs*>~&&F%B+ZyYBS!&^|6^cJQ%afd^$rw-O zTt{Z~&3zrZHo?K!@!1o10+U}hm8<<=k!!Bze6d3{amX!B?`&kat* z_%H!jYd0P9_lQVsBxM}W^i}B3g^tHS?x<~?$leFm+H$XJ_0{89l>9>_vb>IA&c&8_ zFRxU#frojThWoq55puJvm+2H?$Z30FnM3QIy5U*-wu6m`RA|xG|2ys-fI~> zP?P@m;Lwi$GdkQq+Q|Rwc%1z2%4)eJ8Xd%4kDgS&N^3p~a}l! z&Gl4=r`7&nQ3c$%|My4s{m;Sv#{X+APu2d9xk|Y6*4K5kz3lo}Y5~m+&tGr$`l?UE z{x2;BAMXC=VDH$?|GKx)|E=X|x3@K0a!nP*gC4QtulTcXWtM4x?+fHon(scTIp+(a z;oAFJz3{+WLto-@OIzXXruX(WZA_1COG72*Vn>h4@6iN(eglhe3WERh5$^nJZ|6U+ zx3_oxCjZ{~+u$ep_uy|^rboecjOc%f@$&d!P#1>wDFHj6oIl-GnOXe}!J9deIbSH8 zbO;P5FagXfCYjGrjzb;>FNB2ab6L2%A-Lez{?f?x-*^6f$h09chCM96EF}dvJ}7IE zVW5_@>o8Ga80KGR_%pkZI~V$9pOKiBHV1#+sdmwj_T!ic_YtN|nG=??1e{-R)qKP= z&gAn1-~?QqpS^wwNDA%{Lj$?R8TYS)IG(%4*V2N$&0vNhZZJT0rgm`+kW_}qjIZYa12-(zbw!%8Y`L6`!L|VjC3@+lDbqq}-@#Wvrf~o0n9OHDZ-a0f7~*X}e5|Y-GG+b@X8!8x zb4~AIj*69^{>lWgMeHOVHGwPrBKFuL(p6yGZA<|x8`P}!I2L8fu;A7L8j)sUvi zB&~v!f3xduxK{JiO#dI={`26(wf{Ui+0g%WJoWaUJ(K=rZ9lcDEtCh{9K~eFay{d& z3`;HxF=eCXsV;q1V}#g!ewmB&JWrGVN^b%X(Ekri1BTL8gvUpf^{sd*ytn5dkl$+( z#B8b1vKkOCP!^~6Gn5no2(AiPpz%DuLiE=Qh-PVWrDZv&fUOK!TLGLZ(44+TRC2Td z!KIv6ume8G8)$a6#R-6bhtXlHQu#3xJW2T46vtq@`)}W#7y)=0!w?W`c!KjZ(0{I& zUxoO$$p5x?vS-u({r!#o|5_e#|3hb)0Laspq+{#)XC=Dd;%;Y4-sZ60`n)FIGA@SO zrMPuE(MZ0)3uP$cPwk_AXHHA#zdI6t_C4a_+Wn!MAT*NOz)9E0+Y*a!VVpX}P6+*t)H>*lMi=^eNcg zDSALmomp#fd35Ouz{Q#VwNJ!tc;}z*Y2g1dgTP9Mz{d06-oB&%+uP{>*7A7IfAV@s z&VE0FfVq~M)9id;2_?45AM%6n`6z!3gw)S0dxghGKuY(J(sg49K1>lyZ+)N6r3fGl zm!&r8F3oS_6n1j+u*cT*m?~3!4Yi+6A!Tf?{giZBG9<13mRan}7cKda@I};%3qIu3 zQpc*E{2vuUn%yA%sarOuxE`Md`d{XySm6xVME{SD9Qr@n*#E5O;c?8we1qTAboWB> z+h=(!GpLDsYOZ!F3!FXy;!t|ZNVquNNLN02vod@Fbkk*CRu}Sp6)3E{r0(da73p$l zTq=`GtwEI)&0bSf3M6cMvX(fdn$2;_I77Tf8Aymu9ZnON-|Ml27T2X!fr=?q-LGFi zXb;KA15`gQ{b=7|a9XuhN9cp#k)4>l^gm0Z-A`~{q;JxBQi!ksXJJTxeMoOnM`qAO z|Bnys`~Uspz0rpLuj4W7zv-0EDyDoDhCl`Hy0*P~yvl?YrFSHqQG$iDwMKG{Fs(EoKj2K_&mQ@$#(S8M0dQg&?weUouK zgA?@b=AVp;=jn{uGHutWP}D|bHLp~D*UovW4Iy=_K=}+O{Iu5@6s_`dfPDM*WCth( zlI`ihuRYj!*>^2%HcNLZaX8FTmJ(c~`MvhCfD^5O%Xu7MrZEnAxT~^Qrath}MRD%{ zQxx}FsvFL9Sz%H{IB|-zxBd$1(y0}G=}VYI%ivZddLQs^MMI~Gmkq&Jkl-XjNdXRB z=lrgK!hF&~m)is-ZDkn{^+i0KAwuYU!(u8XwEXy{{Ki9*b#GQ*DQ?5%0;_Mj6;hS; z%IcUc4PhQ?1!QSn^soe2GYgOW948ZilEuFhKvICY z``HbZR#140B34YMh0uAhFFZd8P_lS2&rra-SY`rIvUruJv(=|hG}M0bP_ifsw*i$! zAAgxF`kE`l+pZm|zGK&~G3jlU+UshbRIjW}9G=bdzuKMuuQGVIk{Y1l{C{xZ=zsV2 zPxdzF|8+e4j4!8pB|{J6*en*!<3Inaf%L2fXeS7=2#mkE*Qi}M#f}sFQ}yr`&d@XM zH&@fz{t!~h8J5e$P>yODxNC%yd4Xe@C0mTcN;Suy#<5w@`Wq3pCdNq1OXfhW_`qNN z7TpIRC~Ma^tZiWdlF=V^BDjKYZwDzj9!Gp!lV7Ad7Nq2iseQTqZw)_QSSsc)NhF>(KsK)sg?M^ z)1HINNx|dz4F}+$JqE!n&6$^e0zMvG>xk4kySB}0MMpjqvKLz2Qz!R=xMAIqev?DP zsif6}cyOceScjP7|8dbm*fYMy$?ej|!AAd|<6~R@f3&}e|Ff3IIRCj* zzUtx6ZSm2b1${&5`)KHyfVG=?yD$uV>V5;rT1#(F`SsX$FFBG{E!7+zDhmIY9H*N8 z(___Hj3Gg*>H!<*|Nh?bfgAs4L;u(E81$bWVu6_RRVlx=d>$>yH^$JrH;=%x6Tqi` z9iKK1%dJJcd{AB7D!nUB0rWH=j{ie!UraTh_HlO2&l(_2z()tQgcKOo6oX{E%I z96ga1rl0^fw>4>Xn6gHI?=Ip{*mC+9^Yi44)VeB zN47>dtLxO9$n+8$PG&sy^k3ZlJ?!~!ba>$8|Jpy<(EqhOF8!Cc%RTUb>Z{|&!w1wD z9)cH$OZfHk0x>ENouwc(@&ma>)}zO31#o@62IfH9_-itUdisBP@#1^Q{~P_^S{|4F zUtYZEgZ5uuym-`fpTYkSG@s)4yU_g0ix(d9Nx^BP_q5R3Z)5G8 zj6LDJg(I(Qv@WHz(eXwK|3RK=`mbW=U9rTo4;TM`-xL3T?{E|UV=a$C|1ap213Kq` zPda#wNwF$3uolvz`eqGyHYuC;W_Am z=AkaSSZ%zC0SC(slOe&Bu|EvSm^(EVFrT1;2R1#6W0t~)%E(qQ1HCc3itUwSBh$>1 zW_>I%vZF_@*!>B-q{lOCLYU?hK*%S@0uhPwrH^BbLlpSoPIK2$%}B-Sja1R9sg;r7 zbF#5!ElCS!=F;3k758uwIhkajj4X|+5LX{pqo-kc?fPmDVPfN1ZJRM{J#jyOd@-kn z|0lRO?v?ed*N>93|$}~_oP6x zfN>jdtSbEpXglr8k^;tY+v4+VlEVn`;zm?4mNH!Tm6tFJaLS%kBWC>>$|oo?$L~7` zTUc`GbDO|sPG=sMphp$U%-p@T0nJPVb_iKYa)xB;RB~38d@o7nN9Kq-4sQja!h}t(f@^x+H z2u8TC#;90X%(L329!0!A9Y}G;DpKLOG}af`4HRjE*?P4Bqw=FA;jpkR7EiAyfZFhC z>v2LTPlQ(2dYr-5w{ZF$rp!irK`yvpV>DxnB9%i`Vv!Tp=HcQht~lObx%jr^cunE& z#~N?@Q3&C7(DDMMry;BaG84nUC%`|x9^|k3RO^3|G*Y>y9`^qKx@qYy9@@Nx)PQpD`(LG6_zF_Jj4!Zzo)t=k^)cS}>(j zIRvkwVQXQZy&?B7~+4BW=y;~@f;V6)ZqpU#_k{CJr7U!%jLeJB6N z@xkW)e=Uze|1Z-B$TDxEmLQq@!c zx-#-@cc!yNP$(D5DZhs;)sHQQ(hqyFTDLijf|3LI2IUh(JG{$rfs6t*9B6Bj%^Pk8 z=u%NB?}k%Ie!2X0`An^{-v}*mh?q`ByJtB9qdl;{2lfw*yso_PSrqYWjMBv1u_vzk zdWmv^Nr93OX*WAOF6azqEI=+H53dS zd-ZMiZpRZ)*@e8>)<&OD%e>vR?x6BpLkDSI8qctG)>z(aL{o1=v)v5DSEgF`TGiAJ z*Ok_43|!QW!7?~)isZ{CQ)|VUY8Ip0#RC(LIS~n5xOD1L3s>EBTSc!v;^WS4wJ$}p zr0g=hH}Dn#GS3l6QWiuD1jQ656B4lS=1gd)h@DS2R0AtmF@XNS+NWPEC(@P>_&u?f z?_GqjY1z9!63|k;i{R)I1~nO5rVnWSI{8w@RO@a%&>=0FkSWe}{cN`+>$b$CE@--| zWyKBf0GK?1V$+6m2;(@tyUg(d$7q6Hk`Tr`OT1e&lcgfh#}H=l2FJL-hzwyAsa?Fy zBweR`j$rgIiSOU1Y4Hljh-=yhmBr`D8F`x~wD_QGJ1)R>MPa%az*m5iVgN>i+M@ja zt1P?ImphlByHt|2lEzsVT$)H4ka?EHXoivk##{;vz;>7>Av6jO-Eu;3J3IuVy_12* zuey!XAm=4I<$qY14S9EIm>&w4N5}tRiszEOMF?dt|CqzLu^q|?e@*Zo4Fv~v`9Q2Q z-$%DPGeMcc1p;Xj--CIA|Cl2l_L9`uqO^m_hw&`Ui}#F}wxo4a6jNEip>z{eT*|hV zKRy9vs|?GFYH$aWf-s!`P9gwV;(74@JO`t_{X-B=8Tj+M8{lM?+2_0eM)zK0w1QZ0OX#81v7i6>xkk!&FP%pO;I8<{%F~L%DZ*B z`p}x>km~DrV~4Tf&~2sP!t1Mw7cia3f&>*qoGlKAIQvwA`v3%N`39Qb!XmKoJm_}M zt)Dn>!kpa9O)%!%fa{UBi}Z@+E%Fx$0?(eU(a(sAwK|z!h0zCHl*;f!s^ARa)R#_P z$|-&`5O)kdrIcIhob3}&j;)ph*6UXf-k*x;EWU&HBmluX#{1u3GJ{1ptxvVoFoaeq zm~4{k8_Uuund$+wsqVLLPedtpb>QFqoVpHY@D^Pp#k>4%npVtt*__@f&rsBWIZHKH z&-uQ6d*Z%zA{J|bin|PKSQE!s+_!i-2OqDW_^PJg zgJ_j&fD`ahfN>pE&^xm$9`CwaU#w13XJWSMa{pNAd#p4+9I~pyHM1$E!JR^zbehp@ zmZF(|FGGSnY)FQ+J~j7$IZl~K7DGbbia-!c_0eSiad0xS@Ba?>N1OY)?olrl}Q%(PK z#Ex8C%3H|*uqpn-!GRtB?c{j0iT}Ko$Dsf3`IO5X;46}TV*x!{vTu!|Z<4Pi1DD6z zMyen248tVoLhy}on3PqeO72eSb#E1=S;S-I+S7*a_Xn9@UGNqy*k!t=Hh2YbJkK8_ zIkPbuk2au}{LCJo+ZQN{(|dZd4Rq5+5L^|oK;wDL4IOuE-Q_l2`4Tm%UvCVG!si>= z85bXUXV+ky=01$LJvJjFE7#73$9H;a`2Rd9@C>bf{A=R>2cvx_|LguH{=<46lmGK6 z@A3F&FQUgQ1~>!hTM`gGv_1MQCj?ldFuARS;JXO|eM5IK25ADW&d*-I91e%p#oZK= z|3bCNSB!ux&cbT>_cPqEA;Y!qOoBMjGLiwlBDHs@aX0q>V~vOCGspk$GBtnConCFjGXT7PH-`u z->_C_sRWYU8IGbD-N78~-o)w6?%vHf+&dZ_ABP9y|2(=G!JESn9>V`T9vvS4=V&}S zJlH#kZuZeG$wRGjWc;1Q^9fGK?(O^rr#z-tvRRzWR)cw7JV^rF3qxMe?{YN>o_YA{yo)oJvfu{5S!RXLF z{~zsd^#5ylO#08K9EdsZhYL8%=<%`w&ro{j2T^R%dddNZDU|1BtIJ;EP+M&_y2y!n zeXfCDQHD?Ma{!}gWWL*ZsNmE!gIO|0b%z$)A*ch2^a?**=<2@KLB$Z;*gH=Ov$;{5 zyBt`6SxRW(E0b(+!U_q&lZ1zVgA7R@pOWh#_<3G{k53oZ;113@Op z8BUnv?=LwF(Iv_;3kj7bQMa71jr9M>%Kx{&e{!&~|6a>u(EktRlmj;BfKNIQv%V@L zs9jQzmLW8Zs&B?HDf@VMopJ5hOq!{~)iI7>H^uRT!1VHS29pR_&OydunR$H%Mx%qe z?pQcK{Z$JkwqATKETM+}r!mT*SOzO)0B@lGM|*qD{olc8L;u(EnDoD#@|8(_+0^4D z?D`n`CgWP;Zl=EnAmmzirlwc>(2{JI@MLLJ4UCU;uLy-wa{C)9={UDQvrJpkjMhnc zpma)|w}r(yQd^x~O z;8}QJ3A-BVcAAUOL$~N&Mj>KzH}H-s@Fq3V#&wJCuUUu2Tj65O_DlsD2x5BHj|{R3 zZ||l-@rfMB)!1rQJY(nrE$h+=e;`m;KM1k#4L6ST`?yIa;Y-t-DoA{Rv!$kA+pl%#zq;5Q=IVh zY{l_m0D^IxLi*QWDJ(eTMIr=(WInq=xsHv+wF$H{c$QjIt|=aeLM>*kDCabk60?`L zNW`pAZ|o}(y_%SN_MZREE9>v;>hqn%UY7w4DuPhBH)qSt3vb)OGzVKF_x_didt>z8mE){t1L$_I!_Z)Lv13~a#XBZ1;*(@hw35ohV%;#KaOFRWwFwIw#j9-+Bvptdr*gB zad_iH;EbcO z>FzWo1vAEa0zeFJP%Ld)c*H6eF6}jaFG5&};Z<(o87g4JY&AqXymGTMjc}V`dIIsP zCe7x61ze3#Qh;MF!z5{h&cQ`sq`CO^flavm#kGRrt1C1YkBGqd?!~*) zGEpU^Y|j8m!5so2OaP1`K++kDn~5WSHv;o?ohz!B&^o~W+ zF|`jv@D&v4|G-%czJf%Ia__sRjIZYZi!`3k(5kxM|J9uTW&hyl#M1vBA0BP=ziW96 z{{I`F@>Q9=SUHcDwJZ30X5^-U?w>T7MPg>K5KHPIlUC^9d6Hl|z}F;|)mt*MN+-VD z)ubwk3D8VUg*J>r{!A`AzQBBD#To!DY>GYkA#96g;gKz@SmC@#GnCITA)5FFEJIc+ zTUu$K8JP8nn;ya*1FdjbR`8hgHq`J~Yd2uPEMg|&s5J_9&8P_~o`GT`Bs^(hIctBde68WPf0}LU@3S~|XI>h0uVnw-DyNGDHSND@*>PtCC&i1X{DKo4y7vXqsm#(X zFOBGHN=3~np>NAeCx6g{;TXp84GeEzh}aZ5`zq6Un+v3kBr#+&@&5OBJ|5P|lV4{x z#-cNuEO-uno(e}}Y-O4W-%3Y+fFN6hvZ9C9wHWM>wa_w1L8j-)`3j00&y3TBvnxsp zAFz}uu$Zn0ZrRKlV3sMzR)SbIvIcmybZIMrthKWSsLOnAD*;_Lvj&)xF$mFgb0(!v_3GAckabBB?$1yh3_U3n7 zOwUv+n(CJ_TuaMa%B)(nj_az(RVsBA^N9s$z^z%thPSk4JM7SRJ4JsKIKyym%h=0v(UepDS?2hKLu zvRzi+6*OKv48ZoJ0NdMo%^YPh4k0N;@zKDWrOcvpFp7qEFi)5TbK|;WYmXM!^6dP6 z_Wtd~+h4fGO~V^uW&_C{;0W|@GG^ID5aKv&22?F|4t4_c2iM~+?U-`tV@cN33AnF zs&Rb+ywzegyE60uO zQkN6AHqy+%2ZDE53%vL;-)kXZb&a8{64=vVDDGW%{ggRSqb zQ}&v{V!Cp-w2_K_#j71=er>FV+$JL;#n1MB% z{|=5v`?mk@$=?3v{I`zBIREjf2HWyZZ_w{Kuu`G^*baemAU&S|w!tg5`FV~Y^NCgO0ua2y zG15NKp8*K2((sn01k)$X0Mg^^U=GUio;7I+&kVNAfkSVnqaUqEM`nPs^ua?m!sU4- zrIO>{)?zg$t!(MX8erbPmO*CK;LMWd{1qe=FreM$yqnrb$(`xCgr z|3arK6;h5S=<{fgA$&LAef#$ExBVBpBhzV#byhc0!dCjz5KW%?}dHLa&H~)Q& z|MnHJSO0tPx2*td7wHw#0CHHI&<0yvqs6#uuzfWjkMU;|acsQYz1;n<`^)Z|-TwwV z08NHq^vmEGuuI|HOT7C5@BV^!-{9T<#;Po)g)d`>6L66fXo7Np6L521P}zf*+1o#) zgg<$V3X_53{8!^4@Yv+Pawr?s->RxV zO`rDXQ~os%Zll`SsCIsUrLKKUFh!(Lg^)=yf@BI^NQ?jg)Te$OJ<`SF0jv6sH7jWsc{UX%&F}7UvhOc23DX72?<rv(Cycfr!S@QvOS?WVy8VH4-JV!P!y?UfQ%~ci*3T*(2^J#?@?R~6Aby5Zn4Oh-hc91! zGg;--Mkq^`d&A^}X>PW(<=U!Z&`9P+9Sy|-32CSzjj88c1C$UE~2 zc47#+;PIfWvYGy?$Sn`#|2;a{I~qCu-}@W=-&!7n{;R3(mkZRz{&{S?KpV@$a|B@_ zvm8O=bvZ>-P&adjjd$n9yK^b;PF+0}$LSr4uEg>!6~$pZCk4ts%T|(u7v&)O14EGmMu82c)7KZ6ODL$mPC{n9yFp>YZ-c*tPb7Ap$x#*VxUE7JGK;a z!p1Spc^v9nwIm1XMY(zhD~=$X?KFp`Ea6sBN^e_?KmcoOuhpP6n(7J95~Ut0u_9_c zE%pJkcb8TW;0u1iVeC<6PdZNXl0pr^Z(1n=V2-3|?yYefWzty3thtTjba$c0zsuSS zLM4F|RMBFCG60A87@*G?HZq+#Q8?m~h7O(5GBVon-riEzhE9W0?3gg~o1DihqpcJE z-AQp*1=$kUhN7t+v;>|>tdU;5@>te*v8QU8zrZhiQ_4x`=wg04fF4F-CFp9*qMKNC$;i^3|YRU_#zw z;#Dald4?y)PrukPIF{PHN}{X8g0ls7tW8kD;=A6`s4(kGLy0ZFmLrp8_#a;9*tR28 zEnI^+JF0(_jkg}Zg8=|!8>a?LoZOfrfEoUc0$JYPFMjmn)kj@ z2uJ3uIIFW}cI>jlFii@G6O=67sFTj}PaC6PPbj~o)zijiZrw+m-&5N@*n?hTg)nC+Z|LJg52}68z z19JPBc3l+8rfI2(M)_1-vM@+i79u);q6rh7p(s_HF%L1XL$!=xCV-Jr7;Dx5&GFIX z;iF9CW(v63>%E=Bp`8R9w)@K%OS5FO|yP*IZ2!GB);DZj&vM1BX(F z+*FKrkNoKi|0(+N2D3C2#lGO55*@2VoqS4KNBrbi`LP3kvSR>CjLuEG+65EzXd%iF zprV`^GtfePh0a)u6WIC$;SqrB=z+_Szgu)~3N;l(u%%4qgce)|Cij5T0x0#u3_Dn2 z$|vP?ISlp1yFKd1p40?BF_$jhk8YnVGC!TRdsF~C%VIP`Ng?)mdG$+?ErL8gsO7=t z`4OHL_8*Jzf$jeeMn{hQ-@(TJdo7P)|8e=-dC!&~-duK%&gO%TqGxN5t!xoWfw~%% zq)2l(VGs7Po=p?co%s8ye4`p>lv4;cUVX#eQgiT`_WyrKW=cntb~#iqJn7Eo!@@YuLOckSD< zW`A`GwpCMJ4jV&XeRe)11Fgd3ps|B|}I44Cqd(D>4O2d`L zMP`rBfZl<`fqumDtrBkD;SagdC^J^if7Q5G8@6yc`mSSlx1 zbquCi0yOO4e6S^s%Dx~}%nYu?-wY>b3y5QQ!@T-t@bj+;R4?>N6t)kyyj|YTj^6}B zBY9hN4WBvBS2mp29Sm#6AHV#c<21*`{do)tSwZj@ zPt*PX-kz2Jaep*AI@!qo>v-xVS+Nd6x(*&vhUKv}FI}d5nIlRfU#E8{zZB2}Ab5)w zD7Qme8?kJ7JwNw%0*%&HG(l@%=K?~&HjWwn#%i}C_qKqjgSe|L`uAReo9BBzUizQk zz;O2y6X|u=&t>DlHPHWqlaa0e**n?W#Q#~#W8MF==>}rH!D~u`$7v4ef>=c(MC)6= z<3E-~!26%i&XqmD?oZ$n<^&Px`V64h0MFP_JDj5MmQXfAtMOYC!VbSwQcms#Kr_&6 zU*JVd-^|r)pRrfQU9~deNS44EdS+K(hcxHz+9+Y1tqE*4Y^%TLH7}D{t}3IyAxh|> z(ur829EHr%S&nBgckSjSr2XDdCpD)w^=kJga4`ljjx7oc=$@iyS(X3JE8ci2x`VR{ zJO@P~1A;B{M3Bi+u(HXfEEyBX6k)p9KGTW|bM+$a}JqUg(FxFZ@ zVfW{nJuymKrI4_wk#MDBSVz$ioN@fql5>KS3Ha#QKifBH8Y7qto;hosoka%MHMUbS z{*zUaU4+wpa0<-so@jnZ;;OvH#M26N`I_=MPCB#yFY;vn{2V|lrLgu7f z#mR!e5&Pi`-bXq59kWea`W)#-iTr1HYUF=1XKa4;BS6#r-{Fbv|8;z_zw!TC%VX+) z#f%`Ju80s6e>+Ei%yEvQW-(RK0ouTI0NB5S3XYNJk;s7s;c8TWCsM*)sUz74?M(h%)#0D_?zD#fuWI(8o+kQ#vOjX-KkRSpKi2Ya`cL=F zrBD|4V*}3in$SQ0rWuZGv3=9Rin^)+Meufi0v9YJV2uBTz=DU+(#|AXEME~Hlh1r{ z3du`xjbwcG-iR?~NJ+1_|6;#2JvYA>U~e%2@_I^X^QCT{4NAYf(lqiKJeobDe)Dja zM5+s^+IR1Xm_4+#pJc@YQ8*ZY?JXUzMudLR$t!x!z>KBkh+Xr8tDK2-o6w6=Xmd6L;u(Du!S$< zKJ-HQMZA#q4nN)edqndsoqNjCe$O8Hy#+(^jB5#1y&;}6j~G?RBn)CsL^QXusEXo7 z=2@2JRwgRX{i=B+V6hN`+xZR36I38F#Oba$_w0ys&rYGIbujsgebW$W;e#sR_etWk zTD8jCB&b$zmNyd*i*G|zZ>H&j#sN|>SR?Ld0rPu1p@Y|(-0ZP#Fx$S!11v6w$3@8( z^{{CmdQy0n@%|Rw2d(@){#?hJ&C~L!;Qx#u?0$k#gt?deSxH+v%K{Dj|9F4z(Dwfw z9UX1>|2iJQ|GDC8hj{|WuYU&Gbgw20u!e^--mKPYb0j;DV=&a~Z)v|ch3i9SsN@0$ z_>)>0V*ztaC3TRaG0IUAqGyzaKyE}un~~_$YPAzJs?pY$(ohuA$3si$zYQDGDa=tM zTme_L>*S|d;U)@r)68>DoCBpxS%z|@ltl|fzZG`~C15s>3!KGbMvY^?;}TjzZd$3T z*A3wdO>wF`S(^s2lQ_MBF$ma{#W$|MsK3Hclpn$B}1MT&%|0BJ6Ny-q_IKLar0Yf(cpB-)Dfs1Pif(cfpl+IP?DTc79>p`aLxOJZg? zPw)ce1PzPvF3YvB!y((jEWwd8TNRd=UI8&qVe~VMVG^SJ;2 zZflFB4iYW&Y3UAFe{F&SSWvh|!+s?ZMXYJuO5beTahmLvqwKkx4Y|G3L%_BqQr%|A zU71yhC#sw1V~XsQ6y2wYw4Eav3qP|nr`BPn#q{FLJCChQm&=*Lna8-k1C6r=QTp`- ztnK9-yse{~A;W#hAsXY`zGb+AH``K%>q%5wQT~#sSW^D-4Y|Gi)l#%-Ayf!BS_>7T zd<&tXdMV2`a5BjeAw#dqh+zulgoIN>1-)Qe6d9?qoBZ?MqCVcI{`{Y%`NP})93Jf3 z_Wvh)d;6R7|2iIvcU-3GIJFwLU@K>dL;i!E-%M*vXj6G%&n9>y#8T zoV?Y@5?g2$`a-RwXIR^@J}kZ6<#Yn&5VkQ1hMHblsu z&x=bt-kXC?mKM1(vK!A>E5YiHJZ4Vg1Z}H{*`~UxwCeHUt+XGN(tsy{iPxyhM4Uc4 z_Y7HodK93b(mXm~Km;EBxUpzepjFn1JaT#jbEGVt8#4v*k}ISMqM-QdiM#2|K zdrCV^s%)tnt+VX#=~JGn|_v{Pe6UZir> zvGPF+Yvfu+WY1oWKa!lI_AW`XhT)ZDEk~PXw)0DpEidbuR1yf~og|xl00$)jTGKAS zJYsD`xgp<;d-kQLST2#9 zmsnlSvQ_J*+qreEEWmRx(HAV&4r>Ib(#=voe5{MCG2jiFmT5Dvq^G5=@LrXivG#PU z+DG7c`Q1njLl#b!COO|*wb$yY)&GirsZf8;Qef?V3b_vF6VBRegd6NX_D<~hkNXFQ z2OItGS{}>(Ba|w-K3HK`>igDg2V$y#nLS9CLy-n}A6np=d{rgBzkPe6ew=#Zay<~O z>AL@sQpdKp3v1l}M|S>~gQL+V{>NG#YyWH0+Xn^EntNx1gvHfvF!dge1RG$LBswZQD$%M|D&U$P5igDJQe%jboJ_y5*Q6XR+?Z9;(=uZ z|D5PL(Tu-3t?*>jOJU!QY#^Qa27X;?X@VwlVztX|>APd_4rb|8mI5GG-TCd?6K_w_ zimgQ9<37Hv{B))NIC}+WIBp{O#?wIm_m7VDZ252RV3YrQEssV2<@EMJ@?~3(jmnpB zKeX5dvX9a%3+k^+XeI#s`7j=@*-b-+?6j#2(%4rBR7sN2d{^~sGjP()wd z$-X(#j`Uu3S_0xF_+}rR(wCrD8Qgdbi9|z`Rc<$V-j-!MTNIU5OIKSufh8(njVYF= zW6$WSmK^4h?8{$HaB|ZGcZ-#*TZ&bS@#1oE7_fhi1AE;#D~p&-|7?B}V={f47Vi;^?$4qqM}*Yp32Hk3jU4^Y@%|?M_j(?S|5r_K zFE^tVZ9g{opn4qr9t5{UN3;X)?Wyh!b(5yC$(gFa99XA9t&``i8mKW|)f;;(6!5S8 zbfy0U5rWg?Y&^yZF4`Rf8|eSR-my*p4-XGE@n6^SSoHsjPcM-3+XvmZmds-#_YU|E zeJZp%G|4rTZyS_-qMWVn!zd}3|Ha!hK~3jA)tA;<_oJURoQ`t2-m?P8d;GKd;paa! z1aq9|5ABnN7ISP(Gs9`3b4p>=hM{QGG@lW(Q{Wj&=gin?DE_`eVVXofcV0XOuH&|7 zz-Q>KK1#1`@zdk;TxsUxw8R~^y}jzEXj!7PTbD;y@ns;_;y6xWaZHbfI8pxwjyr;C zKFzsvtL$NK0JbOE@BcVH+}m?&FS$zj)T&9eCP}Vg8IJJd9@yakxDK&u+`e)7moD#| zp2%hY{B&*tAzZ4(@H-jU``@&*Z2#UIYxDH^w3Yv^G87VJ{zZ30fBOH?$g%(0JKW^| zUCU$1f67G@&a5L({F+rOUqO-MS*b8*@=T3O zOkc)6yx)O-cYATEDW-?uD@bq>p`-x&u0Fq|KSeLc5rLu-o;}b3g4K4zYJIPCDd+Ec zBOE;9rz8I_H)aO`ph^FKvVUOn|NTw=pY=Qz|1YC0^eX_A>*i5P06O@6i2xgx{}*EU z{h2@Z%!8Mt|8L<8^=1FRe|UWC*#94I&VOrpD(F9*--qDU31?xC>Zb1U(=N5$s8=gIbm zWwAf>(~)sGU>v6* zERg7qX-D!UrbvxN|AC|b-9Op*|F7q<_`izX-Yf4Nfx57k*64c)aH;j%Eq<>YkuQv|H9t!RzqCPI zH4dhl12?>{?Bel+!;~ODU|7r&U$v2VCGP%|;W7X8kDvb+X$~i7_Y(|5M97;os(0{i zc$)bC-pP^0|M&KeH~fDs4q)Saibp6&EJ`X|!?-0=*viz+Uqe~=!5`pcRqBGNpeW!r7j$hyt>e9GD3 zstgG8l$an03e>(T;CMqBau|OqOGWtzrI)eLwJuAwJwxA%6NO$PelZOu}@5^82>SR8?rb zP$N}?pd{ky^vHv)*b=_BYqkcy2Uxr={#vh&7KrS39lN;f1J<6FH1FsuDANBTg34|r zzCZC(FaITDa(;EOlJM6i{`<)C{}>&gZ2Ujg^Dq_9+gDfM{OV$*OCBLA@)hIJ`P3+T zDD_!F+4BT|D8~zw^Gb|qio*Q;@CjgAYFUE+4IsCWU|**&N8%&>lOC;UeToqFLS$TP zB_+$D_hcp#608r=GW#S2EO0pFU&~WEow^*s0s#o-3I1b_z!WA?jGl?n@3LY2TaID` z3EF{KwzEj%`3y0?4RLwE-~63bWIdOo|3=^iomY#3q!5`fz6fH)mc&G_-0;6 zdq_EJ9zPSSH_JFuOlVC#4vSXpug%`-=|7p>tbzU?+4ujWmU$Qym{?mk`YK3#~zO*2avR2MXOz<|S%q!GF*-~?Tv zFh|9EH0F>b(&5n$J}*ErD42VQe6y!#WQF&AT?Ljf=m zU`HTL*pN)VNS~ho2zCOHqhg*X1O&k|a5u%_6wDAz2*}YNb3_W9OaKIzzcGbXIxj#- zJJ6cAIzM~;a_9elbyYS+`(p-mOf{7zz`W$`ob%an&{wt%Ud9B8R{0=uJi!T! z)!_8HT(`!m;4!#EfD&<>0GI%?$7cY>ckrI*E!#lY=rda|yDCl8%t??gC>MYmq< zSqT;vW4cI~1y@Qt0wE+wl}XZKij&C`z;~irFlrd5&q1KCM@u7Zz-!!Q8(&VJ`*@{R zz*Hn!k#y-Q+w%70fcqQ-{|NpO1g1Vx;F&h1t+u)*r9pz<(4b)fI#zvk_wQOzg?6p8 za0?&RIIfK~qps$C2}WwL#wKUE!Fml9P-*O1-Jf>_RB62#lX#ba^YjKou=D?d7df1y z$rzI|(3KU-|fr=AvL6RsG_c z*21;d89{cfJX~Hx0Iv%e7MLEHwV5jPSe15aCMMH29 zy5Cwwuc^vxtM&!JR{Ux(h;PGIPCyl)_bl^l75ACJ46;QSfM5|80SK4~^8!<5kc>${ z#gUNU00h&N6qm4=1|T5po+1NNLJO9nILPw!pNuTqJfxB>PC$(s3{p6{A(W-~?3U~DEFVZt0*DN1KI3gh9N6zQxfMOsC# zT2J-Nve@kIUStGb=HBWGWD3dKS66fi`BYToL0ixm ze+I#>-~Nsc-51cs2O2BPpriD!;CGZCcPlid{5J8!yBF_H!C4%qcOXsTdq6T2;xP{C z&LLoznS+?`Zti6O;=dW%uy^$1>2ttlZ|B=L{U%pTSeg}f7zBOe)@o%1^UoS|us+0S zeOv>!X!s05=Av57<+Eyqt0k6Z#qbv0H*63E5G{%m11{2D22~bB4E3}v5y3!#(Jqhy zE2(B~C9D!hlw3Gja~)BV_iE0liDcarV59zP{dAE3uHO9oF!JB==+Kq_HvV60c})4Q zcSnG~mi)JZ+rXbk{=0hfbCvujm)C>Ke;_D*-~;7u{vD*ka>V^hg}OjkArbPG>$yKy zV7H!MnB1POfO(@tu9)w23v7bXVbZj}y(&+6u71BrMyH0vGWY!(k+!58x1NscZLPVGr%Tt)z^HK1df6APP zfZMo#d>UCCMMKWO0IKIpqvhy7v;FET|KDhIY@h!Rj*mC_-`DbVpnwl<2Hb}gYD7!m zH0fxDYE|oEhiVf7*Dlg*yg!3fv)%4j3PxKzkU%rP@tIspuEQJga-Huj=WZVV(?I`A zKL0_M=&l29p#Mkoo8|w1vdRClo<}5{;Evs5ue13EYQp=_2KyFLXN7Pd5db*tof8z% zKXa5sC}(vq)2NHq)<2-08KRkFW)T)#_sSKPraD$Pb~S7sQJKW1CXd^^z_CmyBj!c9 zc$QCN%mxLbuQFH1veAHmyFmwvzgTN7@HKFY?)6hhh=PIZkj`?|pg+oi2Sq-oA_IG= z0OaPb%-q&FQY=DtKw*Ny3xu-sG`rWT8tH8K8H8DM*_nd00%aUe+IB#uX)X>`Tgp08 zcew4vu6hwVr={wK`PN~vYI< zAe0W!SsL+|Vy0XdXEr#inH|g1nI28Ow!ac5VEY!`6JJ|{fzg`1avYawk2z^M+9dT4 z7^J!J;Vh0_98~0avSI>wrR%IR)l%z`G>(lzSvO7Uo81FN`W5~c@{z|Xr(#*fZi|QS zWy{_EY;{(d5W+w33W9+DCAOD>#u=KG0;9tS&patD+=2QMUsOZz91NElsgYjAZj_~- zki^0Yztt>bWQ%Z^w2CnF)VX7e|@TL6g^++u|IRT7#B>Ew1E7&N)Aqcx1JGdJq89$&RDf?tq070k_?5X zt=N^mplGeuA*V)e!JtTXqQ%SF zc}man?amhCc^r$wgo-JqfnRENxm)Tu&1axIH5eIOS3S(=BQi39vCLPx{<-uEtkFCR zqaaJ;>~~k>UV_bTgtO9v&^T{ODOayY-<8a|t$3I%LR;kIyWEN*%XU=(Z*ejKI4M$< z_ETENB@s7$d!`AFa^F#ELC+yDnb7*`UMwXlGcP7gC7q>&;F}n!cz0^d+TyeqA6tJM zDc!@;I;U9cJ|Ue!oVa3b4LE`E)orXQ_FE|tlmYRoR)%y>wG|E3U@d$o3JGp~ZJ;j- z+6@@z>5N-emR_L*6$MTvgpxm$kaXC;M#j z5jTEfFo~emGD!fR6CQV;jZqERL5Y^+;M=z+hW@zP-aiyUqbytrO&ns}lc7xqK z8^N#^=r(c`$Fe#?CU&S>E{}3qsUlj1C5*DJnIWHC*ZL);-k~F1o4~Zdd1u|P)`Kw# z!$DnWW^KEac%+MwqJ>WcLl7%oW{%K0^V{y#%+h-_HoFs&tp|B|QkjK7z^ z>|_)hx$ZCec;&x&f#cmza9*St%4bVh{FqO@{5KjMk4CoqH#*+Pe`|TTNS7uB#3Hi; zo%S6%@0cabCE%aw4QLjSm<5SiGJz)E&=<@j3q`iIxfagM3VAjVWQpGi-=}k~K0;jb z%wREn#@^26q>!I*0p?7u6LxEF(s@#_)eDL=RYTaifdtWBnU-^xx&4#?(+(3{04S{* z89ymfFiqo#%aUbFysnwQnl1ff?ysAn#P4ANGkF(Tsjm*q- zsEphw9G7UKtIccCzqZ?`qhO%U%pWF_6#fC&a){nGwztI+Lg1ztWp0*0p&sMe%G% zrn}QLy$w!5mZKeGxlSiO>!6^yXejx!jowcoPyvWa6U4FbhMK(d-UKGu$N>W zhK$@jyFueLM?35-Qv~BQdB%RxwSl51SsGo5TlyR^r(bT`ehS{A1+%#d7CEh)3i9{=7Z+9UkS=j!Jc{=P)A%aBO^0 zbZQt??tt^Zzx(~I_3p*l`KNcky?p=v;>Anr)2nyCzkT^$yflvG0#%>cDedLwB8OJ@ zF`nVV05;6#r(l0?Z*Qi(oS|7t@w)#DR;W&I^gd#|KnWs7Q+$!5&nVQ}PiHfjI71F$ zVZGTcX4&o(!MK>-mv~1o!fWV=b!1#a5&UWcZ+l$PEDYk_Rb7)9;SJYLe{=U@smjJh;?Fd7t2&SjhV1e z(nTFjrRXN5!16AIrq^$c*#=EHg`D7pEtF}EJO{zfdw(kxeRDGcwL}e$ zZ3DnXPp9vOWvcH0Dvf>lqA#v*->fY`AI=D$Z*7wT7GNg?!BZGG6$e%=4j#)f3ch_~ zf9Oy<^}*M#0`^yoy~@j31L8TMZ&({1KzVf?fgJQx@NtX(b=_PAjtk1bJ~j=vqN$+6 zRKHUsqhX@y0i^3hm-J})X`Y`xoixvM32l7_vv1$@peIoT7zJUezKS&cn~Mbg?9NHP zODGRW#^msGlz+Oz2@GSf0|7_P&MyqciBJ`aMfVlZV**=zbTIZP0alay{Xb&W3<98}AYGt5#}NuZ`Ob8i(!XR}2hFKvfXQW=7cdUgY1}jqmDUF> zNR%_AZpIHKO*0{Ihz|%tBY>ZRQJ;Yil-P}9I02aO=xEFy0w>`7V)xes7vKXTg`RAc zr54F&pqRpzIsW^aAwa2^S*T7oC*N6BV1Y1cOp-(t7gUa!dn0C?ZRcRM(j?oDpn9tGMvn#;TH4Q-N4ed)oY3W4 zCn#Uw5SgueG}>mKWOa~vg_8)d1nxx&@GOhb3?&6%Kt-rPVHugsKZ_SyzGIwBazw~8 zW{ARgiZWZa{9wffWA83_Eop$#K;%Uq(mS@=2E`1MCHz=LUyPd=)-nR?qIDl^22*fs zNGg1p#adMDTGLMtJ58X-KYX_Hw7zT4V~zE>U9SE8hcQ~aU4s~maZZZA3z{f{cFV(bGDW>cS?QrHhr5d5~JK zh_3GfO>*IKWc(TyIYeW8YcCQl%!ViTxr|F8!Z7<=RC3I~PA}^%FK^yG^B{qFUSG3$ zolvB^g;g&_exIdSSU_x7^;MQC7l5$;xI;HgU#%i}=pEoOu$Q3Tn5)FVV<7L|wU+B@ z>5`Et80p`oKaSpbmuCNC&)cfUTfRC-!YWHPM0xQBCUAoC>Ms?Gq7*rW#7P{VBQN&6 zux=IHgMNE^Si~J@D5XYe&Z-Z2+C%Q+LVwdCP$3N#=z@?r62*jsb6$RR=z0$$YnDHf zv=l+^5MU?SBBci}AjBj~uw;SRYWbRw1Fm@WmNJUyti6n4acp*1x_-w=|4m}O~k>D%Yo#~h}Xi%n0yL~l4Wwl>1 zz^{OXNcsv$nipqrHicD!;KQz+Wmb=8*>u36yzo0sS-ZzW2%lP^IK&L7Om2^iutXjR>0Q&`Ba3%8ub49{x$d=$1$TIlCv_65j|HL z`l5Nxbg`u?_UZ2KQ*z22&lL(eI&_jO>;8_5Dcy8uNhA;BZd28bZK>fY<#CK)0_GV5 zmyW|wZt1+iS+v^TWCdKQmyPy0|A#xIUCqZV<;!V9*&Jmt{!1& zR%yIuFssbs3?y-50y;84+*$K;0`7{tQ_rG8#6PQz=RhqQUJ3oz84-vF(O0-sLLbf*Fqmp ztlOILxMwl7+q_p0oo?64wk$Dm!#n?EPYwTdm~$j5hdhRbt`pNr@$e|DzW7t8UfN}>9*+NunN6QDLp|n7 zdH<>tN|SXxHFDoj5>Da&sMr)vC{G$bt2fP&gG$&n=1%K%uVcV(O?#|+{B zviI)Gaoot>;Q70s0^38!h+eYAi%4zgi#f3rN!vU}qPQe&A0K}X4_Jj}!>TUS04P#D zV{goBY{d7y+&sw!ZdCvZb?X~-X++FetOgQ^Tjmc5Ak*0jg{8AcqjFqoarT$Sl2sAq zQtBu2J>v7q{tlampolLU?MivOGnAk&zf{k_)HUHTM^t9Ug6D`#5d%<5%^leiwM_)R z3lk~dOZqi>!eOaVRam5Iw1rJ;y$Zwa@LHYGApcGHhBuh4^8L@={{HcvFaM8@UToz5 zI#Rp*7t=sYfm?EhBi>&Jz%(VIyzj8w@<{Tgynrf;$ap59GAhtXk-a{gr5(Y<5jf=| z6I<{*;YY0dE7e6Bs7r@}=}?V{<5E+DYtfW_TJ~Nmd8f@=Q0dMs8FR}~e&O1bzl5^m z+pE*f-b!>$No`FVqtVBk8sxveEA^{&!*V_~&?^6r_Wk&u`^TH}pS7flFL*0@ig_S& ziYV{<3>3+mMEahgCE5io<~S@7Swq&FBBv)UT~9Bvv>>OldvIO;Tz9j%lxj|mYWp$j zVJz1`%=U27z^GH1$FKcJK$RGpPTbawsfOUQdH9PJP_ipnm-m;im{znC*2`7eH8wp&w4JRttX zcho`ti{e78D#8`{FZk#x|8}mJa3*` z1+?1#4-fqNUx&vB8~MME)Fl6n+%y8mJpb;e3M#MTdt4yvBv^6zfWGd*dhldXP_@jq z9nAcuDS?Yl-r?Yaq4rxtg=kKy1;au1uk;9-_k`bboK!uT=>Yqhw*4fxayP2$sjKz~ zU{3(=;?nc4Ek1sn;6yv+dc;X0eW*WD%%#a)y{UxM_G&vNROE*#*!QRDPH|rgrT{bM zdc$Sq6U{P0B#6nQS_X-j(DD+O;KM2?4_$0#nph~xRUfU@XzO|IYAvK@JIMbj;uJ?K zl>f(jFDmkXWB*@I>Vp6E1n4RE&9n*0eM8aO2bfQRt-#wdcjI2bqPk_1vxSl2s_UM> z)NTB@2gojAZ(wuoRqQpO*c+H4*7l$(dc865M6dQquRWrT7RkE%C{Loec%C=VOElQp^gku}yeI!Ewe9~7s{6ma7keB1zmC*p|0gFv&)uJzG+~{bbA;SG z0IG(-*3Zh^xb;&6lm$?g@Hc*np|0CLLuEy0K_$CheNCr9s*rsg;IoQd$QhJvQ-`Su+k4pW^M)0X8+qeIQHfL(ZS~Z_gd1j zC8PliO=WK@;w1%ezmu~O`4@Z&jZhZz;lKH%^A4aSrH_7owAo$aUchNUrSiJt zpQ2Rb`OlBuXe@pJRC4y&903(g>U;=Pc0%njQ1!W{2)4ApGKW*(kGT0^grVyJ4uq2`+wPcdF0>!K0eyK|5;D!u%%Pepmr zA8Fd|mQB*Ayx9+WdYvZ-(+IO0PO_|u0jd>;MC$Xe!S@V}^F$tDMvx%}68s(kq&-mY zdXD|uIsr=uV;3!44Le65Fl9Ok_2Bw{APJkL(eqy;7)=)S{?Ts#srY}~KYn?zIsacv zYFz(%9*pEPaG!Bdq*1*3mxC!5iGrsy>6(jN_TN@E<%?hBkZ#-UT-r~6Rc5H~s!gXb zgAwL4@W&qm=ff)*VYe=8gG926+;BqSJvvRG4kc!4@qeh+7Ao4Y){`hgjJ+i>Vnv14 zw^xM-QQMG_BE2hE7y(bhRBGLT#Lp}>%l|2PK=cMhImLW-I&Uc8Hu-=2!hip9u)n{t z|F0!=lK*lVFg*>N;J%--I@n?;GUg=>xP~-OPuTYi(P7|t!CeOWwj83PqL4%7TT1e* zHyK&V&>43nl96~cF3P%=5ThJIYuN?f(sgnX5YX-mr$r@OcIluW=Bf$A*sq$HQba2D zq0&Sr22N#C;aXaWHTg#lqiNBFA$mf679FGXHbYT41(eDxyUWWWzo|T9Kf}2Eb$x2K zS^hHxLssnn@9^ad|Nigc;o(O9uOoGm|9TpH1|lC?;5cxEtas#Nm?U>FdVi*aP><|l zu3f|Szf{Q-sPr!_MXJ)s65(BIsLkHCfnb4chyU%BwNr5D!TL>x!(hXHqmHi!lH^l# zlfsNm2zS`4`KgY}%?8Fz&GNrIEnngN&x51Gy~_R1{muKowWLn+znlika{*iLPp@)a zQ5}l?K$4qT8rfb>QSWu0YkSkpOt1;<$k9MFo05y zq302?OW#^$I}Bwt5@48(zTIbYQA8av&Sh)jj?~oL)OEF2#w-HP!mAI~THO57%^8BB zAfjA0H}*;a=14Ysi}-}Z)~r2ENQ#DFc!nv8_z(<@lJ(Da>>3I}{;^B#bhnDweE3_o z4g*&d?m7FNTEnb$a)10OVvC^ue?)f^Lf$|B6~iaKJ!K9;x^1ertgVfBZ41Df!C1NmWO`+-Z0bTQ}PR zlbY9mlwg$dQ<9GH0xkes?LSrge{itD|7%H|*1tUsTqBV6gR%wLAKI6zd3~bmqV1ga=MgYpTm>qVnc6si{O{nVY`39U^n+Ka{;BHFk?? zjpkZ?>cmCRkVJfB8H~CVmia0aN`p(VpbWaIvxSaC;w~24c z3@?djxCS$9a$Mm&cpX*;}raCSpMoE6xPhDg-r-`0spigIYO0 zNO0uY$xZEj`@fNEd5$1vMaS+BoGlc5H8f8vex211pcNbrGi-+8!1KHIwx>l2il_Fj$z%>q zV#=;!iq;4mpZS2&?7{x(a6q>PShl48{FjBFiv7|`)t~#K>>8Qhl149kvv->0jLVBS zmqy;kLooch;+mskM)O;&XdA3M^0%6m9xQi{s-Wg=dp@Nh$~H)&-aAQGBw5=^!=?Ji zQgn)ophRPHimph4ql$yXOnq(YWSLJ8krc2q+86TK_7Duefj9|yUvURU*XB^02XQ-1 zTFWT89P5VkhUV_TOd*dZiw#Rj!X20M4^ZA#JO5jbA7Fw~-hFT!n)8f~)vmRSjmPl3 zgJWEcqQ7bTlWn-#wh#cq=>v(Rq6m&&haS>KuwQ_zD9}gJvHZ`~s(t~Onf=Fdu$(YittM_^A7_;y>@wGdjD@)Ak|KRoW!y86d0pdQ`Q|u5QFUVy19lW(<@= zj;Dy^{02oNjajGz1I{^3Yu&XVy0B~Zhl+!EW|07LEHH8 ziy;_}69UD*w&$5t-P$fTq$$8DNB4*>V^iuitXp3_OE`FjQ(oUc`z!5&dx{`ORC&hR zo1+^#%;ARC-?z2?aBro}PY`3O?T2e#5t7a2EPMN@f7?HQk=#p z<=~(fv+kYuhR1hKzTny2!o2AFm-S5O4E{MpW3}$+7biqFC_xb?+L1}+b9uv1%&}*j z`~;^-1DS36E?|g_rYWg#gv*ipt%V&ob7x+@AUF}$|Jvp7^Is!M(%;D4O@^YCz5h8p z*gvYg|2f+De_uPaR+=u=pBxC0HNR- zWeJSX2pEqsVwWVdjWk$6@qdsz_8n%N(AgV2#awZi=F>YwMUzx6Fvcln6BL8r$ekoZ z5r;T+N$(4?ESFAI#(C04y3E;){GlYzA>}x|KSMB1aEb~L@GcV&1|}fZzlh#t8a9jx zElSE!`ikvrbo zQ(Ve1*G}g21o-2R!Efa5wvg!nuna{dl1uCIwOp{)-`+l9VC7 z2m)-g{|L>`O-}D+q&;O1w10o)9`E#K z!91{ZKUassCNgp}gW8jqer%~$S`5h#?X1Xb^-NT4MPHz`X8Ea2|D!A+vnfg!0RV0K z|K*Wy|JmQ$-}rx8OH%s38094b0B7c`9RWzq&U~$JzK_;|63Sj(2Tbt#`zdh(isa=8 z*JFh4dO={{HEdMX3K*K~u9Nwa%3nN)p+DE1D=fi$VpY9YHJ+3+PUyKJ?=mqG+n}Qj zI$Ab5YS96MHhjtd3!nY`Tf6>$aq#lkzyI-KZxjD-ElFzmrJnsf&AE?I!DKuRYH^A< z#fX7BG$s^*DWvb!=>%r-ctRO`-J^tKb@nsO5~SSsXqC<|MRD+GC7G3nD^i!6(+@Tw zc@l#=1ZbX04Ienn$smPEf)dQ8s;VjcfT#I1P-Td?pbWV@NV&%kD3zxqfofpH@dK)u zm&JhLvFIatA2wG{!R&J#iV`S_3Q8i6v_RkDsSccO*qOqaydNs7F&!@R&lpEjpaw$F zKy->zAr&$IAK(EdIVu9&W`to`Uf(etfs3&W{GyJ8cFJ=l22%8ZXh|&wajtk&H&^8G z5l?hOPsSY4Z}cF&0=KtsLO*~+Od_U3!;g_XrXphieZYwJqBqXWSU0Bo?eQ#CPhL18}S^mm*oIu8Zve%tcX@;Cn2zlD>|cb25b- zM^Mbd7>T;$5%_U}(t-pQ^IuGR{j-XgFWMK)q6C5a98#Eagcx{+M)xC8Crt3)5oOyd zKK~s86Os}tNLLz@r>Z%+wnviwnK!T&>I~7CzavUYDt9O%Q&efLrULMEied~oN@lvh zFfY1F2cs@3fJruiy9s(giG)X(0g@&&(=lg=0sWon33sAkE^?d==F(ln2PrO^^&9)X^cLg_^;rZ#(>*m zGX2$j?zJ^o)nTS3vpS-BtAq#aZCWn2w|`k7ymuK0AbeNDczDhJ(ZcOV>HyQ7B9+ri zXU16jsB#(%T{_hRL3>t}6jCf*nL4^f6tvs=#~*`Q0qIpzC#$TJ(Stqz5~maGCZK$z zm*=on+C*?!eQLq~8HraO|NG^Oql*8}%<)#&koU6z_=9m!1FA*10vqL{wx##U7LE`G-tYc+Y7iWu9ba8dsv7(Es z(|Idm6G+h&C1RI;={QPnS%jf-^D?0}6M7ZB!RdR}frDzHxz`+$+jZ;uT+4#9^RIrj znfrfq-o?Fb-!Y_3;s3fbl~GJ&+}A~sOK5*IHl78Oo5tx_;G$fbU)a*~mR z+|O<@ieP+7QpPF7DW7jLTYT3NUO^*-3_3|LWX;cTy0C4LS`nk^B9qk+nD?!hU?OgQ z)75DG?J=>m%@33GTM8p|g(xPmaU(Eq`x~h)zHm87jGwK==YLZ5E#C|$ST&Y)`)GQF z7GT@wP0Y3L8KPa3VUc$+b>xMs%SbGbw~8R_Oy4-ye|5PNEx0R6++^@EMT^MfPS50O znt@ZyPo1W?U%EEODYd31by+J4yj>U@bez^pD<#}%+jkAFOO#WxqhmU$6OnFNZhWF>g^ z$8n*4cg1(cGDta=K}kOAOJij-%Mg6}OA9kazRj)rO{z)F_^%B7Q@Dcop?^rIw)_A4 zNB;Z2!{hzU{lB#&$Nxh)w#)Pa@k2F;{R#k|f6GD?_O4dw;;LNmexH4fqLRCEMbExQ z;pOh{Zs3P`VryVA8N_}LWvWf;)W z@=t61YBLlAP+gBq8II8oU<5oOpk=wbIVmq(iroxRE4|Od|Gw*agCsuU)Ls7V zfHwWV=lg#=c(H%Dx6%LWNZ$MZB_n{qoLMCX@U1U;_gc~9?mki1VQ;$T*XF?%FR0Ip zhPdv0+N?3I($=3{wf!zVlXt0y)g6AL+Aiv_$TsWia*8=#%r%{!irTKU;H9UA?qN)&m92-oBYv2fby~a${|2G%QhIG z8wLpX*aie_(y~%_{Xd`W|KB?3|AWIlPyZjhJlMSdSxYM3|1VkbZ|wdZUga*;=I=Dw zGx$5dRjmD$l1=t{C$kBKX3pmqO$bXeK{zu4&iwWP}Z&n4pk>rUbqV*#jX^G9m}Sl=mtJ<&EcfKE1m zx-Q!o0XAs~sk{C+ANv~t+Vua6gBQO37e8zFvjH%mJRj>jcE%(S<$f^?~!iXJdIybYfWU2iM%(q=q# zl*iCIQXa}Z->|rQ)*iLIU_(aASCzKL7cN?E2N<4ZmCe1U<(a4Db!9FO9l|8r18c=R zDsnvk8l0rDGYoo~mBSDi2$RQc{PVA+r$3REPY^}QeF{=GLv0c5Y_JEbY;WJ@OXVxT^*rb>b`x~-EfWmmSc(lG!EFw2rz zQQ%8mtSdtFQvawI^@`ae3{JMjJg?d@;kzpo|9_5X&zSiqG8Fy-ulbzJglRk}$0 zHxzLY<&2Z549Yyl31T|{GEFK5IMpb9G=tNm{Q-hzYJ@&;3U9My=(udybLu}&Sxzmt z!yrRc2MA}ta`OQNM3cOF5TyBSu%Ig_ve9n>KyNv9zlHA+kku;)DC!XKMWCIZPTsx& zh*CmXdv&^Z%!`eo*-UsiOL{m|A;#ar>>1nc-j$IoCCyOveW`0O{;Q${GS;gWr(}nk zlzY5hRWR+Kua)-26y76nl_!a=re9Mk9sxTvM!wPp+G%3H>RcC)9csINeRA5X26_jh z4s_2ya70s>fQytPI))MIRSVL^i_#scG;qFGMF#A5ADFoYqyu@z35EB{TV=m0RKc!` zQM=XAMSIuPzr)-LyY?GS?qo~ zR~O)#E+dS;&g1)@+8|KAL#>bKZbHcWe)2|@>9S5KnIb+xIRkGIr#R|2L{n9!Lq(^E z^4+&Eh4=aoJjRj0^!<=QS+Kp%=QoIhj8HKT3rMk3*go-pUCG~=H0zvPU44K3rq5uC zvOy*`8^C3y+Wnu{p)bh*)Uy9OJoL|h_K%JaH~YV}BYnD5r24nm1UKrspQ;$0o_`IlAY}+7m~mAL z%w&jsP67u>jTS0N!l$lxqqj6ir-EmuSvMD1a5^S*s)H>tP&y9kz9W?cBjcOXtzN)_ zdz2yyxs0mB1&aAw0y4{^gqxTb%Gqi+?OJbesW+b6Ys8x`u zt4|&KfQZCsSA}B&FphV{@)!fEPL}*5BZD?z9FvrdL|Ij|I5V}+RD=AEaop3^R_>2=y%*BNZm2UnypyYxFCo?LmEuxdyMrN=tKDUlI{T zVjGQN;uhUV&o4Dq#X{XiggRGO!aZ?MAhLUx*4+l!w4pc*kue)FR#8Gh6}t$vmqGDUetH>%iE);(q#jH zAR^h!y)^2*Et%$wpCOc;ii}%D&v>~n^{AMun_sbAk#+YgHnfIKG4FD6gH-Tm`IF1Y zuYw{&-1XIWU+f%yW4!t!slW@psj)s-XsNcafP7rty7>J~Raf;J>|0?QMcK?IUAm+03(6jiZ z^cP;NiTi}y!DKXs%2&M!3|Kvcxa1Rz#hIX_3 zx|NgtF`@dthTv}se{@-Jv%Zz(DmQm;-<`dC1z^N;8Krun2ErK3 ziZ-g&GaxT_c=d(e;x@~fDdJFouv>D5Bi`*vTwuDqhSB>xW6y82qtIA?2y}>a@gDNA zf2WFge%j4QajHWQv_lg=?%S}^9^kR#7gqFmgy0IcBv}(A#F@Sor znNjk9zJAht-NcsF?#6v8aA+$y=VA--Zh&&)V8*W!Jn4g5`nUL62 z_^X_ML;pEPaK;)EAHkfp8rnXlx+Ow~nPF2TyN#Z_TjGr0+`_<8IGU;A;GD@WHWOq@ zQp|}^$0K!{^8d*Z#pXn6;7`}H*Mgqe-RnDUJKzx~34jSBT6=AD}o-#uxwO200lbR7v$y@>QkhK{lA%(3mXC2&i{}0y!a3MFZW(-?7wSCN;;aM z1~(ae6vIF7!_UC|V(YDE2ctn*&U&G_D#Jn1Z0o&d`SFP?2&VpCW(0EyyxEpebgpYq z=(<65tq$gfNYP*Zrq4A*Jo79OrdS2tcqR$Y=wL?ULk82>v;vh7Gmse)>!K>h>!Zvf6ZbF1zCG>J_46LZ_g_y$W{#R{}9Gfe&JiP2mS+ zi%C#=&nIHK9UL9@0Na){2w?518EU918j5Nv@1g6fDYRr?K;MPB==4}X_wK}l6R|oR zj@_dDcW~gJ z{~zof9d6$Lt|h5^LzPE9O9O&|2SB|5VW4~!&tb{31>)peh;zSahkI5+=vF6woAj0S zZ-?9pXo+@79>F70s?EIWivczjupL0v9sW|vmHT|Vp=pdh?1=xGCRvTfA1WScH32lM7mf&dV&i7+%BYbwNi5qP(}+Lrw#h+(l$-1pYoh= z4x`BwrTk1RTkN#Ik8b_^ROu&~8uhbjk(MRn@)mh-sGrkyZUE%Z#4`WN_kZ^*{(tvh9&O_Pt|bYOFmUdF8KXh-C9pP!xXue>BRQUb4ZbyxNd$0-%i0)# zEci;nHQ7!wXiJ=$IqCxau`CuiYnHHTl0ofU=7AY`%Cx=qeE6|!8nzEj5Rw)GrRng$l z-R9)(lS=jS-@D4c01Rw9|2y74^6fwSFE{>Q*OJux-->S>Y5!S*`KRJGrY7^FpWLZD)p^4#Pf{qc5}KKCN>vUpst! zr(e|>@7KH)>$%pwnaY5ss$Jv)n2s1AVP*FV)3G8PTY(~gZ(5WOiaDvu^p17t+jT+F z+jf8`3xQ13$@un5KYtBw)Pv&Z);LlB8o-Ce4fO&f%E$`CZSc%+Ff#U@<_I`uc3Spf({(?8RYcO$ z)r`Qcn5^odB4!{)4Bw|ndh~fD^t~GSN6aS$5mR#LUzMs@Ru+W5row)}R~4#4h>H|+ zqsT(0r%(PKUCq>MoP53R(8-$*nei=U0~zfWKoTm6P{c^`fFziZff6duAKW{6rSxjQ zd}l8hpY3fO1;Ktl<3~d%r-eJ$Fp~yIBj~hyE6kZ{FDIa2vZXbj>^GwQmWc{u;6N$zuHih|JwnDy+&WqWprf98o{+5D33g#VJSk6ozBU1|HVg z`K9Adw(BfGwUdqYLeJ@Pq|e6+Ng6 z*ser4T7MT#~ zey3=n{JWa1((++LuQU&` z){`p!e~buSh6|v=cX|B<5S;~ey#JxI+h!E=$-nbq=5Nit5B;-s_roUS-~aG^4FhlA zCNYjf(z)m%c5udjPTMBi@Lfc!+uE*1TC`BI+mKaV7Ac0(tuGKbQfy(}o{&cp!;HlG zNqhAzTa!w&%We5h5sp=tC+FRe;GC4I!~(D zyRpNHqBKuXfN|fXwb9sLZmQS+`ojN}jNP#i3TV6kd3fOK|CcY1_BZ-}9jS8v(;4>V z+yV8Xz|?~QCu282;IeDM0`~_W9JrIa1|m3_ETB*&-S@hv+t8+qqX8Z|Um*?gzbbs- z)HMv&-RFX-H)S?gO;?rb<$oZS(wthL{r=~^fB%2)<>vnXT9Oo58HwX!sPE)ZFYPWs zFeF#6djUZTtG@}F#do$o32@;ErL|oF&EmU07eB8^3`)jB*aOFNBrv;T(UEk@ik?ggqOgdH7B>+729`KUHwUQjuLFwv!Ch z6{|xIvg7Is8NeVj)nkNOAlD4#WPjCN9IL}`vQ*=lhAr_i(=9A-p}56NFvSkTV+Ttd z#l2r~{0_#HOx45xY8OSGJ70iOPG{B5QSGn0D>BR|;Upr-uxQx`X4#egs;-2%zkNrT zOMy@?hv-2t%pjk5-yxsaC3EUk`#nv5#C#&kpQN#qJ=g^#Wt`>_4?pt?V)X)U@<{cJ z0-Zk8EC*XZPd7e`LU;3Qd}4o(?PYf6J)>zsm-9O+T-)8l)`~hiD=fOX5BctwcZxx* zh_RsK{O-7}!ws449s#{haGApYmFd{l)d`+6bV*`#aTU7v=g3`e6@%ecN@DaY&W53D zc_rPJD|s$ECJcAI$dNzWcz#$^HMFYzEX0)6A<~?$uS9QEgOq? zM9T^P+JgTM4h}2#zmJYL=l|mDjTSgeNU)y`5!G=DF!!-cwBGJ8`z!uoTs` z!ZT=l&Q&@?9>>TIbYkuey`W$jNf@vGckJxeg-DpTMMfqYXT z=HGXafy(?*R06N!r5g{N-k&BAPeVq#5Hb>NshaSb5K)6zVVqESkAzGcrR6pvG|G;- zt#05upOQ3zE>QP=m~qH)6!@fKNy;}XHNOpG%#`r--&Hm-se0#Bqa>Gh`I9XmyvMjb zDtjPFK1FTenVtUe;$=GRWz##~ChNo5o42pQ>CHu-SDW^nVbilR>BVT-`jlm8^sxMO#nK>SRSa zW^J z2k-`?(RsPaM1Na!pIJXPnu!skQLRzgju?Ot8yZKP9Q zxsUwe6zrM>=wImo-a5T0qsyBC48uTOm&zY-;G=(6hZ#QLw>ceokKU|0O5x@9B+3ZG zoXF?+RX)P1#|o1!sNP#Q1?&*&<#e_`hDqK*hOSXY?3S~`S6{K`ve9;6_M9f}hr2v_ zZ@pP@=!*8;s9@%O89rcDV}O}hR=uFt^5VFd}wxeb0k%nh}E3sPR2~Kj@uZ2(_)JE z*|FIBld!4t`uyhh;`G<+^Q(6^7q{=Oe;QVYrLpAI$<57=@2=0h$&b>A{wJy_dh+AV zuP3Lc=QlUM{^$8mzh3x-VH6?88jIhYpI)EeT2wp|Y7Y@2;r3E5J| z6fubySa@eLcGO{bWi_!+QI_CHO(2C#dH~cyZCABVSi{vWH_?tJRo<&1v4uC5*&2WH z$l;oj7>{Sh0&A?VmBF&1TUynXU$I^B%Up`GAPqTGV@T1sypH=Gr|}RBugm_i@faAw z41Y^Wo|PbMbO)pN`5hV-lC9vnuI_sO_zLe{qw&z^u$v(v^tEBHvCONf(qg{AcFkGL z`4ruxFk=(ay!R2A0(&2)c*DNbJzY`-nJyUGt(q$9@v-=|YUb6al;7k@q97MA>;dt2 zs3yZk04ml(L_xI1Lfm>I#ch1A`{B#Emf|$H{*L%E!GAH70q~zsQ87r>O+f8=Oout- zp!AZ3P&YIl7dWNu6O_tK=t#oVXvM)FSG^&RrNRdiK~rPncF^jhJ_8jVhhAc=U68r# zb;2qxfAzw+?kZZvMyMQsVHPnQ@cX4U_EvV8aRhTdxj~F!lGglshFL@&5S@i2RHx&` zkNJRcfg{ER&T8g8safhd&5BNGOgtTdZ)l1*Vk1nR%lWh$O<-2{ZqK5icTw$gLd{Z1 zb&h9k|G`Mw)}HQ)WU(_BoBqb*>?%|J{XcpKmvjNJ?fu8$zW@H?cyDj>{$njk`G0+V za=NTnA7a|{ya1?*EdPy%df6i5UX%z)8k)_vS=7u%-Qxbp_0TWqk0@eaT9kk9K84dD zQFFLR_?DuW5slXq<(NHvSV+M}>%)+mFf7K!o~7wcn3T`->$_K z)4p-I7=tLu8Am_j7=ia_24aF#EFO7FaR)%g#12_K4-R{Od^UmXKhezV5J{E_y2H-b z1MNb=NFy4(j6O2mIc?;^gG)PVm;&e2i;V5|S%y^8;zgTuoO{#!??`2W8a!@d;n z|8fF3k9Vsce^nmO)vr~;!&8zs8&Js)7NEjoovY5Lul&*S<*O+8lCQJNe~aAQ4*wOu zUETfL4Oo>kUs=b{sjH9kUQ-^YhzKHvsjW?{@!}<)}gR)~Dv7L2JM6mWp+m zLG;f>23>B1V!2Br$>XW!mT`xc(F` zd>Kqy=z?qq+(zhS?3>-xDUQ-KFaF!!-qFhq{$EFO@V_4G zCGP_?)%msqMd2sh6#%H1=z3GkTRC&>63kFkHw)&Mr`$7W9_H9Om^s#E3t_T;G&>2+ z(B{I~mxLCJ8QTxdX_@iap}ImKZ@}H>kQ(rx<(6kLBXAr3J3jQ!|6d**ZqEPLlH8z1 z%ew-gCeJ*fAKapAxDH^|=fEx7E!FOmxEQus>xH#cxeieu9JgG{ye?pOYCouDmHZ5^ z4m6KU+o*iW_Xy^Ry!KICC0G!JI&+~L1Z`S;AA6_=oB5A0(u1p=K79;akN;dJAgi?h z9lzN3?SK1+`y2eXjuh}*vNRCryMgEh1O39Q2ZCNNSWvLmAI@6Qpvzw$Jm@=PX+nfv zTbBt6>pi=)!$P<0=LZa1hp5Bwe97o=Zs$uM1w`!W&u9I&PF;s$9dT&OdjDiCp?%#O zeatAZEB;%=4A_SMULO1Bzx(@#dmH?>jua4{Q4s`o`5?I>U3hU4@;;845?-4*5Z zI7Rk2EfNRX4v(mKG(xc-hfSh%A^vQk@R1liH_1s2_@B`C34!tA8-N!4f3$b>!pHwF z4>tIJElEnnAN5c#>*0@?I(@NzQS2!m`xNuN+asSMd%x#BrkJy#FyEeLM`5b(wRA!m7d_rH`#zDq7iFpJv#-LES4s-Ni)h1iNdeMjwdnR3gx{ zssbx7tRxjP5^^mtV?ff<|LP9Nnfk;~f+9|6S6gVSQPVUxBk@g!BESg1T)M7K|IEP{ z;zU%N;sj&_r`)KD%DfMHuGT~YUaKYHVi>?KIRB8Lh@%+%tPA}jeQ0x{yk`&F*1_CR z-`_zD&rp_-*%YO`AEu72a?3&Z71nMzf9XOc!MH_|odg+!;hulJ;gTmc>@d z*ng0_ek}ba3ap5kQ%cg_3`LZri!!y@nQhX)HSPZ*MEUL%rtn^D2E|`^j3YRYOZe9N zKmPvjVE^Ue@n-+Gj-*s&Il9Z*0%jBwiur7w3qRImTgSPNsLtMwS=B$$j!baSXE!Fs z54=@t)gH{o-I?9Xmdp9({h5U@8#i2n_~&;B)4iYT`}pZkW|Utu2rTB5Q`uX+yu~I& z?>lw?jDO2n*i9ZDJBX&9UZ)MOReTpSmLsZK_vLMSpX8lk?cDCpfDIB>>oD!}@@nkp zyM?d)xPP_b_X_@dkV^3RuQMw4n-@D|qfM-j6 zE8_w=Xr{5C=$M*v&&U*WQyL6)C%I5-YbyFab}7j5c=v$lBgGtf+&NV`qzXwk0>dJr zk9TRts%?7?aj{9CS*n%)T7j>@|NH(?_5Al}e{=r3mgIP85MqC30E|3-(8hmh(~n5X zAx^;rB~ySXEsh^yh6`#MGw+9BRA`$vWmA^1tQ9ax zN~!)#F$YH5wjBbGO{X$2lszi`eh_dly$3&?ynQ1Y_8&LzE{8U~Qs}Ew?X=L^oB%c< zkLJ%u%qLO_E84o<Zs5zS^M?|9p74H#O@X%5cZR8R@XR$gkU*`2Bz=M2LJ z_HU9&E%HA`4>&^ei+-8f@R7DPM_@3`nH7n zR5^*N=m?dshl+6OTD6YI5M`KgltwK9{F@3ctRpO9Mn^c~Wsiuw!s6ED0`W6h5~!gB z@6u!jepb|e0dnZXhVTv*x7lzC%E4FriF?Aq&tI`$hJlfHO=j~Mx;H79TI4^T!h3X; zCy6@In@iv(G2OIgnj?`*LuTFseiohdMuMq;ZweJYBJW14%VBeiVkgt`? zf3MblI>0ZyupaOT8eI?`vW?jN+)|tTPwy#W3)p`Ct&9CaCz&=j|=yZ5~!H+f{8nWx6i3xGYzM3K{Nn|3-FiQZ=>6e`}YxI{W`& zCH~+3!Qm$U-&#_e{P!k6e;r^EsMiBtExtJ@MFBcJZ9=+yU-eO~_KP(SRY$Umjc9mf zQPKt?IdX-8h)v|7bDeoeo;eRU7NFInHu+EJoJJojwaEX2gTp;P{@3x#P5g(oq*nQ_ zCqS*>H~+SNW)D#*>PO{YmWtTo)9l91<^_Rr$~bb%k ztj~BY2wY4zBR?#9W$1Fe9RLMS)3yHDlKvI!`EMKa9P>M^K?_^W7#4lSX8cIbjr#e^cK3& zdAn6G*!Z|tH>etkx=YOT9=?_=wbyhZxrNp1SSW&-rL13!>NP^lN|H8ri` zM!3Vv$_=`~*eiVuyCDJ#8+b$Ui?pHF9jeVf?Q>4Ov5(pJfz{@dp$u;rxGWkJP&nlFE{TC6FNs5}cyZV03o#>kTIq z4gLg9l^d2HPH#YrDI1LLF@G-qU$H+J-Tj?Dm;Y}*OzxkH|1*EGhxB<#=nh8j^9+n} zg4p2e5qr!AUyttK`@z>EJ{A8a6yFcN{(lF50zW{CNzTB<**P1GGD?0!5g&|jjNo&X zos!=MqX!m|7(M?KB&J^fZ!S*HFK^CQQ%Cdq-`_u~#DCjAda=3xwU+ccXE;TSfg6%j zc|#{cDMMg?v_BYJK?Z8AwQaAGD?e@hj%i1tO*>;>ip!*)_5DT4FPpQSyLe z6b_vL02z;Qgkb_G$_T@p(Af@%AcqOL2ZUFJ>e{n*P zaw1z?;Z}A*q`P3JhLV)@(wn@~N25Vaelb8}k|g9&Xod(f!~mpd2gEtjoL~x4$aC>g zw5NuUx#|TO_;XpWVCBzp#-I;bf+H*%luAZ+CBhcW=MQq1UU)bhsNO(*4Wpn=?ahF!)9~nHdv0RrSF;l5+qPq0AK~ zP+4WGsoWz@QOcR@Rnb*9WXvDMd>Uj4f($9oED?VN5_Auf|C`esN%v=LMCkosa7j3h z&|n~@Wt}8@CYv0SC>M3@0A1C;{`tRjj(`30e{YNRE_QP;1@AJH4m1tZQQ$lBh#nB# zkwqQZr92U#2b6N<1?LWdDU1<-4-hBtE?SBRcNe$=wb(NfK}^vNCXu7@`j-9u5BW&;M1^ zNB{cg{}vqp0jDrVQ%K*7sS+kW8Vq)qnFfPK6?BW}l&JwW8VF1fMRzlBFGN2BGm^_u zQC-7{?57Z(-h@3H|jDsw{OK_CT2E{xCMSHa@fPiHv5}E`E5`~2DXSkZbVrmYGS^GG_(L^i> z5RoZjs#1G-1jmW0IVlMaL|!h2*VO8Ynw`Q2r7k7um}Me12^8K_m`w)CBa~J6P?8|3ekiJ= zXiOna72%v2h38J$!9d7`h-5-t=xz~v8!V=(TmTYRpx7;^2BKU*QX{fKs9$#k7yvBS z9^{BC&(!YGEN_@)2}W$dkQhmhl9>v}1*1vxbTre#S`~8rJwQ4ebR$8LR4=j6qGkw2 zgTYUxJ0p^^3`aT1Su!&y!fA|HnzEjv1BDbY{U=0Fu!BZGO-(>ighXFfdBdqqb5PKf z{--qrEj9m4tvR)hM9)MdRpN(9JK&fIDWT`-!0vk)O~+j&kjt?Z6D6J1FCLr*Fohv4 z)gjC|5f~s68gWppOjVsN1l+O)2IzGs+XIsXNFX-QBg(?^Sm+3gRI$LN)R0{c)0tKh z(ns9P)^-#m013$jI{!egm z1Fo*${cv%1eg@uM4o)rw$~n0K7dJw~zdpISxEbjp@2Yn-F5cdN zlQ(a`k0;mHCzrPu=QrTw@(i55yF9zNy?A$dvokpVudD0xn;Y=%8eF`+dUJ7pwgWCM zPv3lhc5(SFc=qGP?RW3KzXfkD-d^0Eh%(zYwRhhP-kx8des^+td-D3?&Bg6cJK&p( z+e<<5n|IgX1YDh5-(H-4|K{WxTz!9i_3q|;2VB0p+`YK`=KA9D+w-^Qm$y5DtHJHX z?VIz_U|)`8^2LmVr6*ZI98WVM z_&sZ zp*!PjU@;mDUW~vckxNT$DO{DMRf#qgz}e_iF#1|a+kdamPtM++kEZb|>S(?H<@^8H zKiJ#c|5{HfPC?!%KmCKjpZ)|c;Z!KQn`nZjXfW6X`l{l@|UV*>j54&5}YICDX z;xtAd{yG@^I}p^AcHjMX@K-mNG-oUF|1Q03%Y0I3qYn{6F$2ekG6)2WxZHe7n9nDa hJQnVjKQYO-Nt?7uoAhO;|33f#|No)qwPXP73jov*rx*YL literal 0 HcmV?d00001 diff --git a/system/traefik-crds/2.1.2/dashboard.json b/system/traefik-crds/2.1.2/dashboard.json new file mode 100644 index 0000000000..dccba9bde7 --- /dev/null +++ b/system/traefik-crds/2.1.2/dashboard.json @@ -0,0 +1,1568 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__elements": {}, + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "9.3.1" + }, + { + "type": "panel", + "id": "piechart", + "name": "Pie chart", + "version": "" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "stat", + "name": "Stat", + "version": "" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "Official dashboard for Traefik on Kubernetes", + "editable": false, + "fiscalYearStartMonth": 0, + "gnetId": 17347, + "graphTooltip": 0, + "id": null, + "links": [], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 9, + "panels": [], + "title": "General", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 2, + "w": 5, + "x": 0, + "y": 1 + }, + "id": 13, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "count(traefik_config_reloads_total)", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Traefik Instances", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 7, + "x": 5, + "y": 1 + }, + "id": 7, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(rate(traefik_entrypoint_requests_total{entrypoint=~\"$entrypoint\"}[1m])) by (entrypoint)", + "legendFormat": "{{entrypoint}}", + "range": true, + "refId": "A" + } + ], + "title": "Requests per Entrypoint", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "https://medium.com/@tristan_96324/prometheus-apdex-alerting-d17a065e39d0", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 6, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "(sum(rate(traefik_entrypoint_request_duration_seconds_bucket{le=\"0.3\",code=\"200\",entrypoint=~\"$entrypoint\"}[5m])) by (method) + \n sum(rate(traefik_entrypoint_request_duration_seconds_bucket{le=\"1.2\",code=\"200\",entrypoint=~\"$entrypoint\"}[5m])) by (method)) / 2 / \n sum(rate(traefik_entrypoint_request_duration_seconds_count{code=\"200\",entrypoint=~\"$entrypoint\"}[5m])) by (method)\n", + "legendFormat": "{{method}}", + "range": true, + "refId": "A" + } + ], + "title": "Apdex score", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Mean Distribution", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 5, + "x": 0, + "y": 3 + }, + "id": 14, + "options": { + "legend": { + "displayMode": "list", + "placement": "right", + "showLegend": true, + "values": ["percent"] + }, + "pieType": "pie", + "reduceOptions": { + "calcs": ["mean"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "multi", + "sort": "asc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(rate(traefik_service_requests_total{service=~\"$service.*\",protocol=\"http\"}[1m])) by (method, code)", + "legendFormat": "{{method}}[{{code}}]", + "range": true, + "refId": "A" + } + ], + "title": "Http Code ", + "type": "piechart" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 9 + }, + "id": 23, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "topk(15,\n label_replace(\n traefik_service_request_duration_seconds_sum{service=~\"$service.*\",protocol=\"http\"} / \n traefik_service_request_duration_seconds_count{service=~\"$service.*\",protocol=\"http\"},\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)\n\n", + "legendFormat": "{{method}}[{{code}}] on {{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Top slow services", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 9 + }, + "id": 5, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "topk(15,\n label_replace(\n sum by (service,code) \n (rate(traefik_service_requests_total{service=~\"$service.*\",protocol=\"http\"}[5m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "legendFormat": "[{{code}}] on {{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Most requested services", + "type": "timeseries" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 17 + }, + "id": 11, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 18 + }, + "id": 3, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "label_replace(\n 1 - (sum by (service)\n (rate(traefik_service_request_duration_seconds_bucket{le=\"1.2\",service=~\"$service.*\"}[5m])) / sum by (service) \n (rate(traefik_service_request_duration_seconds_count{service=~\"$service.*\"}[5m]))\n ) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\"\n)", + "legendFormat": "{{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Services failing SLO of 1200ms", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 18 + }, + "id": 4, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "label_replace(\n 1 - (sum by (service)\n (rate(traefik_service_request_duration_seconds_bucket{le=\"0.3\",service=~\"$service.*\"}[5m])) / sum by (service) \n (rate(traefik_service_request_duration_seconds_count{service=~\"$service.*\"}[5m]))\n ) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\"\n)", + "legendFormat": "{{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Services failing SLO of 300ms", + "type": "timeseries" + } + ], + "title": "SLO", + "type": "row" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 18 + }, + "id": 16, + "panels": [], + "title": "HTTP Details", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 12, + "w": 8, + "x": 0, + "y": 19 + }, + "id": 17, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "topk(15,\n label_replace(\n sum by (service,method,code) \n (rate(traefik_service_requests_total{service=~\"$service.*\",code=~\"2..\",protocol=\"http\"}[5m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "legendFormat": "{{method}}[{{code}}] on {{service}}", + "range": true, + "refId": "A" + } + ], + "title": "2xx over 5 min", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisGridShow": true, + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 12, + "w": 8, + "x": 8, + "y": 19 + }, + "id": 18, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "topk(15,\n label_replace(\n sum by (service,method,code) \n (rate(traefik_service_requests_total{service=~\"$service.*\",code=~\"5..\",protocol=\"http\"}[5m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "legendFormat": "{{method}}[{{code}}] on {{service}}", + "range": true, + "refId": "A" + } + ], + "title": "5xx over 5 min", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisGridShow": true, + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 12, + "w": 8, + "x": 16, + "y": 19 + }, + "id": 19, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "topk(15,\n label_replace(\n sum by (service,method,code) \n (rate(traefik_service_requests_total{service=~\"$service.*\",code!~\"2..|5..\",protocol=\"http\"}[5m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "legendFormat": "{{method}}[{{code}}] on {{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Other codes over 5 min", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisGridShow": true, + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "binBps" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 31 + }, + "id": 20, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "topk(15,\n label_replace(\n sum by (service,method) \n (rate(traefik_service_requests_bytes_total{service=~\"$service.*\",protocol=\"http\"}[1m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "legendFormat": "{{method}} on {{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Requests Size", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisGridShow": true, + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "binBps" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 31 + }, + "id": 24, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "topk(15,\n label_replace(\n sum by (service,method) \n (rate(traefik_service_responses_bytes_total{service=~\"$service.*\",protocol=\"http\"}[1m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "legendFormat": "{{method}} on {{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Responses Size", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 39 + }, + "id": 2, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "label_replace(\n sum(traefik_service_open_connections{service=~\"$service.*\"}) by (service),\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")", + "legendFormat": "{{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Connections per Service", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 39 + }, + "id": 21, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(traefik_entrypoint_open_connections{entrypoint=~\"$entrypoint\"}) by (entrypoint)\n", + "legendFormat": "{{entrypoint}}", + "range": true, + "refId": "A" + } + ], + "title": "Connections per Entrypoint", + "type": "timeseries" + } + ], + "refresh": false, + "schemaVersion": 37, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "DS_PROMETHEUS", + "label": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(traefik_entrypoint_open_connections, entrypoint)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "entrypoint", + "options": [], + "query": { + "query": "label_values(traefik_entrypoint_open_connections, entrypoint)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(traefik_service_open_connections, service)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "service", + "options": [], + "query": { + "query": "label_values(traefik_service_open_connections, service)", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": "/([^-]+-[^-]+).*/", + "skipUrlSync": false, + "sort": 1, + "type": "query" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Traefik Official Kubernetes Dashboard", + "uid": "n5bu_kv4k", + "version": 6, + "weekStart": "" +} diff --git a/system/traefik-crds/2.1.2/icon-small.webp b/system/traefik-crds/2.1.2/icon-small.webp new file mode 100644 index 0000000000000000000000000000000000000000..ef3f00d1dda30cf504e4f2ff44d8072732da6a7f GIT binary patch literal 610 zcmV-o0-gO*Nk&Fm0ssJ4MM6+kP&il$0000G0000V0018V06|PpNdEu;00DryZQJqZ z`C+zg+h($D+qSJ_uPIu6|H0Cly*2wy-}^mdj))0>|D~{op}w*Jo~OTut(m2}PpAcw zXPd89VpC(XQBH>}ioyx`d?SRAPeSHUTnOy}ipCSoHij~!Qk*G(61y3WAH^x~X4%F0 z^ivSWL?3nnlPxq}Qyg}XJ@Co&KIRIDx|bAWkBXKiNx_Hws&JqJfxL7f8}K2JU)$XyI2InTk@B_%2}E7KuE+Y!Uvxk)Ip zrnJ@Du_|*!48yvpMzFg++rrDCA}uHs1Jp!7TttS?=L-vSgi-!#09H^qAT$900B{8W zodGH!03ZMY05m1A0Za`*4tsB6587fi!u0)_s|m60W=<~=YGA>7bhY00h(;%D0092} zpd+?Kx)X1n3>7_( z#(=!YPJ`K$b6eIe&2RB{he^4A)}i*L%u!q3KR%#M6mZdnx3=df-IT_6-Fyr)xT~@~ z=vA`Rm-@4swZJG-odJ8x?Z0Qk^630?91!mmnrL3u&Lww zk}I_B-G1+wIcq?4ZHTK4o)za|B({c`2zRuv5C`Le`RXvZU#;2k-CumRr0Pj*DApigX literal 0 HcmV?d00001 diff --git a/system/traefik-crds/2.1.2/icon.webp b/system/traefik-crds/2.1.2/icon.webp new file mode 100644 index 0000000000000000000000000000000000000000..cc0dd77b0bbb48e91f08f4496cb3d65f8b2e7ebf GIT binary patch literal 3696 zcmV-$4v+CtNk&F!4gdgGMM6+kP&il$0000G0001$005N$06|PpNOcDQ00E$eZTtB) zyMv{AYiq7G+qP}nwr$(CZFHSg+jg6@sgmbI(ro+xfB(;KL`(qw52@J5&a+9!ZoT>q z9zJH&;J)2Dv})+?Xe1Fdv18lu8_&NAj!H~UP0z~7%gstpPKb>RdU!{?~D$v zCL;V*13UMY!&aQ~&wn+;Oi(5!UhV2+Ai}>Do7QZ3Bxb#U7_E%#4zAYwyjV{#CVd+P z?zV~QE)=d|v-CNHwa=;wgWad)c6IxV=upd0r0qX@mxf(OFWDt*Web_EY?$^XM<;hF@6_QchY+!sQDE!15UBTB;y!{_>Ep&UR0^ zPMj@$)0lD6c}2uef5y50B)$%0TWbYxjpuBXJz91RNfX$HHe{1D{Yp~ zxfbPHS+fdy0mjZJnybbBcp=x6H@vm!-y(Sr*0_A4z}gxOGl~1#w1~&#R2(s7jckQd zF;5D>GnfY}v^YGV#ExLDUnsq-2B7vw9xT@~poq@vvj^)*Jpq98Gaf9{Fp8!ECotHl zfPP5=yyrXfcKa@=lrHBQ(WSZu zj047G5ciY1fc<8t)ZA0dk+RSE8S(JE1^fJB`S76@`XI}t6PP6YfKkl+Gfgi8g_kkCxlk96B&I5ITANyoI!npUgp@e+6acJ`DTy+yghM(xmngcGJ~Tzf)qPu!TeM-{zP-EG&KcImr>dD4 z+U-tK+%S=F0Nwnz+Th=cB_cp9s_y_{HLHSu>Ns@inqCG@vnR^{i(YQ*6S+0i_K%HU zXO~snuv?%gXaNjLy}-Vj{#l$@P2c+aS)*@AV0B;~y=R|KRGNqb(!1rWBmnfhT>#9Y z*X*m8lmZSKy)K##9R{-&;7AEbM9a`6~1|W9x z4p6N2s;v)Mt!la$HmJ!e(fD8S>ayUF`+(z*<1Saz}G8^1iJ^u~e_mT0Lc)~{?uc4>bRtAJL;iO_67^uY?c-k|FMVE-*^Fd%te zI0*on=jZ8Zyn)r$iogzFct>T5NLyh?=)A7DyN2!8>|ucMTg4RJ9@!j_ziBQJhA?j} zMng9o*}rnY{a8N$dQ-9^8feJ>;Oz;;+u9-s!*34&l1{;;u|EUD<5cRrfcy8tDpDul zZ)7Hw&6GkQf;60;(wUakUFx<`2JX9Z|Iw`-y`V+$2X}@h7Yvgyt&=ht+5$D2W-Dv} zz*%+B%*w&h)=;EP{s*rOX6MHB6|t<1JXfq!>!M5p09Dq~c?;8_9AvUKBCA6*X_}m zB76W;8JboQaP4iz_pu?0&~M+O3ukKaSI*IBt*p=k=Fn#VCfk&s{MZHGJE<87UNCvP z(*l|`cYTivm}3F^DKEmqPq&w8h~_+Ns8Q|8J^+pVrvZR$%WY?dp;pfU9rOSXN0Ano z_%wDk03fYhzn(3$n|sJKq&4jT7~V zPwWT1@1bAr{-7V(f7*3}dH{KDdmVo2dQ<=Z&1UNX(x9_jlWp0A3cS8L84IkbE>O$C zx*K8CoYZn*q`P6J--(JK=|{B%90}>4*+E8vsz-rATnmn&)?C~jcLGMCIO`jZ2=^Jn zM^cvLxSV+kJjJyG|I*NOMI`NuxI-g&B>&OddplLa@u<$7UfS(mFNH*?<62~Y{AgAG ztU^8@T`xFHJRrLR09MM=f zXVlJzs{#Y{iL}ro9^sWrmW#dDfB^pa&_K4F>&;X*zLJWNlewkmAhn27RBx4$E|sZE zV~Cg+YlKzG_#&_Y@Lsh~=Yjk@7>aEav&AShsHUCmGe+DFO?5wY-o($oJlme(*Qmb2x{ z4iJ2i6y6ieo5(t4N;4zCWhhG9&I``fM8W#MtGmV-f9RO z;uKci#ZLDfU7_C>AxGuo`-7lZ%lXp#hEo))d6j_JBM_QcQ)%S}*z;%}?SP=?OS?ZD zvdD2T@Ua7bb#+8*Vk|2GF~)UZ8Tsvk*7M1iVudu?0@7*!LW~-pSS^y#=9Uw zOO4%+C%Pto1TgQ3UFY6`^ri3b5)glXMI4tQQGJ-Gr|QKwSHO<3MF2_%dMAlyj+n2gm!&dRb;VAN5Cn4!D>rVkEFqr)^v9p#4S#%-W9 z2G1khYp+foc^|tKLjc%kf8AOE(jys59O+19_vC6bhm1%vXe}X?u76MNbJkQHG;4h~ zR;eX@aZglW)5YRy-41Rt8+IJ$H3J{<|5i_g=lrVt0@0-5%V&0tj<`J1T`ic@Q~&SQ zeAc%Z30gMR5KxFvtA_*KR(-{J7l1aNw6|fUM3dcl<@hid|H97lY$o6jmaHNA$SDT| zC5-6>+sAl6CdO>uHHN`ih$pcRN$h>*)`!!IpVOXJT`MrB_7(tm!n}JX-TyC9ex$c~ zS7zdW2MstI*cT&G4)W-CN(He^y%FPtZaVvZ_2%jqT|Y&lwRaa@xSeY7qo=Gp(cu4; zRgkXu1OG1mjl8|8xK$IJwa}DeyU=g^ll=N(Wf3p`%az-7^2Je!uDnlm-?$3^O6BHg z=HPvoMG9CpHJkuW9rZ-0BX~1}n%hS&hZEVp6YpzX(^JzIwSW)H9S>E*1@xO726B~c zbxt*ZN2m!-uvNAG8{r4t`yjso?EX~|HXyapMWk`%mmc4zYN?@!9 z{n}I=dU<3?J)_ku3j=|2Igfc#YtX6=|lLW46xtQqL-{@ z{VVtJq0|72=oUy{0WH(y6gUD+5wKC|I5+CWqGZa*WamNYV}l2~Q%^tbRd`xfAV6-li;wzf5;W^vI)y-T=% zfKZLVO-@UILpMHgy|Oq4upDnDh@Z3Wk^Q!9G?9^SJ4*KiYEx_s)TtA`T`0P7A~klI zw`Se0rch?R_?oJrozA>`J=X$)$>8zXgfWZ)2U*Mr1b@I&63^PIvjYp)gzEQO836)_ znoSBswX29z8p#5u9Dn@~dZ&vD6{xXh9~jYC0KYGrur$_wrAM2Di^{+5#nwS6G@sW-Xfk}sPV8nu?i zliJ5Hb$oDz-zbV!r?LSEV^>p{Ghdq2%G5y|y;qi+oPAL3tKWSH3m+H2Lj}X%wHlQ3 OZHz@g000000001dCN#https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true + diff --git a/system/traefik-crds/2.1.2/templates/NOTES.txt b/system/traefik-crds/2.1.2/templates/NOTES.txt new file mode 100644 index 0000000000..efcb74cb77 --- /dev/null +++ b/system/traefik-crds/2.1.2/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/system/traefik-crds/2.1.2/templates/common.yaml b/system/traefik-crds/2.1.2/templates/common.yaml new file mode 100644 index 0000000000..995efb03eb --- /dev/null +++ b/system/traefik-crds/2.1.2/templates/common.yaml @@ -0,0 +1,5 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_ingressroutes.yaml b/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_ingressroutes.yaml new file mode 100644 index 0000000000..31f9791db0 --- /dev/null +++ b/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_ingressroutes.yaml @@ -0,0 +1,287 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: ingressroutes.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRoute + listKind: IngressRouteList + plural: ingressroutes + singular: ingressroute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRoute is the CRD implementation of a Traefik HTTP Router. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IngressRouteSpec defines the desired state of IngressRoute. + properties: + entryPoints: + description: |- + EntryPoints defines the list of entry point names to bind to. + Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/ + Default: all. + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: Route holds the HTTP route configuration. + properties: + kind: + description: |- + Kind defines the kind of the route. + Rule is the only supported kind. + enum: + - Rule + type: string + match: + description: |- + Match defines the router's rule. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule + type: string + middlewares: + description: |- + Middlewares defines the list of references to Middleware resources. + More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-middleware + items: + description: MiddlewareRef is a reference to a Middleware + resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + priority: + description: |- + Priority defines the router's priority. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority + type: integer + services: + description: |- + Services defines the list of Service. + It can contain any combination of TraefikService and/or reference to a Kubernetes Service. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + passHostHeader: + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to + the client. + properties: + flushInterval: + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms + type: string + type: object + scheme: + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. + type: string + sticky: + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as + JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + type: string + secure: + description: Secure defines whether the cookie + can only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. + type: string + weight: + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + required: + - kind + - match + type: object + type: array + tls: + description: |- + TLS defines the TLS configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls + properties: + certResolver: + description: |- + CertResolver defines the name of the certificate resolver to use. + Cert resolvers have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers + type: string + domains: + description: |- + Domains defines the list of domains that will be used to issue certificates. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: |- + Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. + If not defined, the `default` TLSOption is used. + More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options + properties: + name: + description: |- + Name defines the name of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption + type: string + namespace: + description: |- + Namespace defines the namespace of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption + type: string + required: + - name + type: object + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: |- + Store defines the reference to the TLSStore, that will be used to store certificates. + Please note that only `default` TLSStore can be used. + properties: + name: + description: |- + Name defines the name of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore + type: string + namespace: + description: |- + Namespace defines the namespace of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_ingressroutetcps.yaml b/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_ingressroutetcps.yaml new file mode 100644 index 0000000000..e8356112f6 --- /dev/null +++ b/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_ingressroutetcps.yaml @@ -0,0 +1,224 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: ingressroutetcps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRouteTCP + listKind: IngressRouteTCPList + plural: ingressroutetcps + singular: ingressroutetcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP. + properties: + entryPoints: + description: |- + EntryPoints defines the list of entry point names to bind to. + Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/ + Default: all. + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteTCP holds the TCP route configuration. + properties: + match: + description: |- + Match defines the router's rule. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule_1 + type: string + middlewares: + description: Middlewares defines the list of references to MiddlewareTCP + resources. + items: + description: ObjectReference is a generic reference to a Traefik + resource. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: array + priority: + description: |- + Priority defines the router's priority. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority_1 + type: integer + services: + description: Services defines the list of TCP services. + items: + description: ServiceTCP defines an upstream TCP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + nativeLB: + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + proxyProtocol: + description: |- + ProxyProtocol defines the PROXY protocol configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/services/#proxy-protocol + properties: + version: + description: Version defines the PROXY Protocol version + to use. + type: integer + type: object + terminationDelay: + description: |- + TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates + it has closed the writing capability of its connection, to close the reading capability as well, + hence fully terminating the connection. + It is a duration in milliseconds, defaulting to 100. + A negative value means an infinite deadline (i.e. the reading capability is never closed). + type: integer + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + required: + - match + type: object + type: array + tls: + description: |- + TLS defines the TLS configuration on a layer 4 / TCP Route. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls_1 + properties: + certResolver: + description: |- + CertResolver defines the name of the certificate resolver to use. + Cert resolvers have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers + type: string + domains: + description: |- + Domains defines the list of domains that will be used to issue certificates. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: |- + Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. + If not defined, the `default` TLSOption is used. + More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + passthrough: + description: Passthrough defines whether a TLS router will terminate + the TLS connection. + type: boolean + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: |- + Store defines the reference to the TLSStore, that will be used to store certificates. + Please note that only `default` TLSStore can be used. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_ingressrouteudps.yaml b/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_ingressrouteudps.yaml new file mode 100644 index 0000000000..ac3f3b17ee --- /dev/null +++ b/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_ingressrouteudps.yaml @@ -0,0 +1,104 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: ingressrouteudps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRouteUDP + listKind: IngressRouteUDPList + plural: ingressrouteudps + singular: ingressrouteudp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP. + properties: + entryPoints: + description: |- + EntryPoints defines the list of entry point names to bind to. + Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/ + Default: all. + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteUDP holds the UDP route configuration. + properties: + services: + description: Services defines the list of UDP services. + items: + description: ServiceUDP defines an upstream UDP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + nativeLB: + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + type: object + type: array + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_middlewares.yaml b/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_middlewares.yaml new file mode 100644 index 0000000000..be0af55c55 --- /dev/null +++ b/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_middlewares.yaml @@ -0,0 +1,980 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: middlewares.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: Middleware + listKind: MiddlewareList + plural: middlewares + singular: middleware + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + Middleware is the CRD implementation of a Traefik Middleware. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/overview/ + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MiddlewareSpec defines the desired state of a Middleware. + properties: + addPrefix: + description: |- + AddPrefix holds the add prefix middleware configuration. + This middleware updates the path of a request before forwarding it. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/addprefix/ + properties: + prefix: + description: |- + Prefix is the string to add before the current path in the requested URL. + It should include a leading slash (/). + type: string + type: object + basicAuth: + description: |- + BasicAuth holds the basic auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/ + properties: + headerField: + description: |- + HeaderField defines a header field to store the authenticated user. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield + type: string + realm: + description: |- + Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme. + Default: traefik. + type: string + removeHeader: + description: |- + RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service. + Default: false. + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + buffering: + description: |- + Buffering holds the buffering middleware configuration. + This middleware retries or limits the size of requests that can be forwarded to backends. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#maxrequestbodybytes + properties: + maxRequestBodyBytes: + description: |- + MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes). + If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response. + Default: 0 (no maximum). + format: int64 + type: integer + maxResponseBodyBytes: + description: |- + MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes). + If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead. + Default: 0 (no maximum). + format: int64 + type: integer + memRequestBodyBytes: + description: |- + MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory. + Default: 1048576 (1Mi). + format: int64 + type: integer + memResponseBodyBytes: + description: |- + MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory. + Default: 1048576 (1Mi). + format: int64 + type: integer + retryExpression: + description: |- + RetryExpression defines the retry conditions. + It is a logical combination of functions with operators AND (&&) and OR (||). + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#retryexpression + type: string + type: object + chain: + description: |- + Chain holds the configuration of the chain middleware. + This middleware enables to define reusable combinations of other pieces of middleware. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/chain/ + properties: + middlewares: + description: Middlewares is the list of MiddlewareRef which composes + the chain. + items: + description: MiddlewareRef is a reference to a Middleware resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + type: object + circuitBreaker: + description: CircuitBreaker holds the circuit breaker configuration. + properties: + checkPeriod: + anyOf: + - type: integer + - type: string + description: CheckPeriod is the interval between successive checks + of the circuit breaker condition (when in standby state). + x-kubernetes-int-or-string: true + expression: + description: Expression is the condition that triggers the tripped + state. + type: string + fallbackDuration: + anyOf: + - type: integer + - type: string + description: FallbackDuration is the duration for which the circuit + breaker will wait before trying to recover (from a tripped state). + x-kubernetes-int-or-string: true + recoveryDuration: + anyOf: + - type: integer + - type: string + description: RecoveryDuration is the duration for which the circuit + breaker will try to recover (as soon as it is in recovering + state). + x-kubernetes-int-or-string: true + type: object + compress: + description: |- + Compress holds the compress middleware configuration. + This middleware compresses responses before sending them to the client, using gzip compression. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/compress/ + properties: + excludedContentTypes: + description: ExcludedContentTypes defines the list of content + types to compare the Content-Type header of the incoming requests + and responses before compressing. + items: + type: string + type: array + minResponseBodyBytes: + description: |- + MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed. + Default: 1024. + type: integer + type: object + contentType: + description: |- + ContentType holds the content-type middleware configuration. + This middleware exists to enable the correct behavior until at least the default one can be changed in a future version. + properties: + autoDetect: + description: |- + AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend, + be automatically set to a value derived from the contents of the response. + As a proxy, the default behavior should be to leave the header alone, regardless of what the backend did with it. + However, the historic default was to always auto-detect and set the header if it was nil, + and it is going to be kept that way in order to support users currently relying on it. + type: boolean + type: object + digestAuth: + description: |- + DigestAuth holds the digest auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/digestauth/ + properties: + headerField: + description: |- + HeaderField defines a header field to store the authenticated user. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield + type: string + realm: + description: |- + Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme. + Default: traefik. + type: string + removeHeader: + description: RemoveHeader defines whether to remove the authorization + header before forwarding the request to the backend. + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + errors: + description: |- + ErrorPage holds the custom error middleware configuration. + This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/ + properties: + query: + description: |- + Query defines the URL for the error page (hosted by service). + The {status} variable can be used in order to insert the status code in the URL. + type: string + service: + description: |- + Service defines the reference to a Kubernetes Service that will serve the error page. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/#service + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + passHostHeader: + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms + type: string + type: object + scheme: + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. + type: string + sticky: + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can + be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. + type: string + weight: + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + status: + description: |- + Status defines which status or range of statuses should result in an error page. + It can be either a status code as a number (500), + as multiple comma-separated numbers (500,502), + as ranges by separating two codes with a dash (500-599), + or a combination of the two (404,418,500-599). + items: + type: string + type: array + type: object + forwardAuth: + description: |- + ForwardAuth holds the forward auth middleware configuration. + This middleware delegates the request authentication to a Service. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/ + properties: + address: + description: Address defines the authentication server address. + type: string + authRequestHeaders: + description: |- + AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server. + If not set or empty then all request headers are passed. + items: + type: string + type: array + authResponseHeaders: + description: AuthResponseHeaders defines the list of headers to + copy from the authentication server response and set on forwarded + request, replacing any existing conflicting headers. + items: + type: string + type: array + authResponseHeadersRegex: + description: |- + AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/#authresponseheadersregex + type: string + tls: + description: TLS defines the configuration used to secure the + connection to the authentication server. + properties: + caOptional: + type: boolean + caSecret: + description: |- + CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate. + The CA certificate is extracted from key `tls.ca` or `ca.crt`. + type: string + certSecret: + description: |- + CertSecret is the name of the referenced Kubernetes Secret containing the client certificate. + The client certificate is extracted from the keys `tls.crt` and `tls.key`. + type: string + insecureSkipVerify: + description: InsecureSkipVerify defines whether the server + certificates should be validated. + type: boolean + type: object + trustForwardHeader: + description: 'TrustForwardHeader defines whether to trust (ie: + forward) all X-Forwarded-* headers.' + type: boolean + type: object + headers: + description: |- + Headers holds the headers middleware configuration. + This middleware manages the requests and responses headers. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/headers/#customrequestheaders + properties: + accessControlAllowCredentials: + description: AccessControlAllowCredentials defines whether the + request can include user credentials. + type: boolean + accessControlAllowHeaders: + description: AccessControlAllowHeaders defines the Access-Control-Request-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlAllowMethods: + description: AccessControlAllowMethods defines the Access-Control-Request-Method + values sent in preflight response. + items: + type: string + type: array + accessControlAllowOriginList: + description: AccessControlAllowOriginList is a list of allowable + origins. Can also be a wildcard origin "*". + items: + type: string + type: array + accessControlAllowOriginListRegex: + description: AccessControlAllowOriginListRegex is a list of allowable + origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/). + items: + type: string + type: array + accessControlExposeHeaders: + description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlMaxAge: + description: AccessControlMaxAge defines the time that a preflight + request may be cached. + format: int64 + type: integer + addVaryHeader: + description: AddVaryHeader defines whether the Vary header is + automatically added/updated when the AccessControlAllowOriginList + is set. + type: boolean + allowedHosts: + description: AllowedHosts defines the fully qualified list of + allowed domain names. + items: + type: string + type: array + browserXssFilter: + description: BrowserXSSFilter defines whether to add the X-XSS-Protection + header with the value 1; mode=block. + type: boolean + contentSecurityPolicy: + description: ContentSecurityPolicy defines the Content-Security-Policy + header value. + type: string + contentTypeNosniff: + description: ContentTypeNosniff defines whether to add the X-Content-Type-Options + header with the nosniff value. + type: boolean + customBrowserXSSValue: + description: |- + CustomBrowserXSSValue defines the X-XSS-Protection header value. + This overrides the BrowserXssFilter option. + type: string + customFrameOptionsValue: + description: |- + CustomFrameOptionsValue defines the X-Frame-Options header value. + This overrides the FrameDeny option. + type: string + customRequestHeaders: + additionalProperties: + type: string + description: CustomRequestHeaders defines the header names and + values to apply to the request. + type: object + customResponseHeaders: + additionalProperties: + type: string + description: CustomResponseHeaders defines the header names and + values to apply to the response. + type: object + featurePolicy: + description: 'Deprecated: use PermissionsPolicy instead.' + type: string + forceSTSHeader: + description: ForceSTSHeader defines whether to add the STS header + even when the connection is HTTP. + type: boolean + frameDeny: + description: FrameDeny defines whether to add the X-Frame-Options + header with the DENY value. + type: boolean + hostsProxyHeaders: + description: HostsProxyHeaders defines the header keys that may + hold a proxied hostname value for the request. + items: + type: string + type: array + isDevelopment: + description: |- + IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing. + Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain. + If you would like your development environment to mimic production with complete Host blocking, SSL redirects, + and STS headers, leave this as false. + type: boolean + permissionsPolicy: + description: |- + PermissionsPolicy defines the Permissions-Policy header value. + This allows sites to control browser features. + type: string + publicKey: + description: PublicKey is the public key that implements HPKP + to prevent MITM attacks with forged certificates. + type: string + referrerPolicy: + description: |- + ReferrerPolicy defines the Referrer-Policy header value. + This allows sites to control whether browsers forward the Referer header to other sites. + type: string + sslForceHost: + description: 'Deprecated: use RedirectRegex instead.' + type: boolean + sslHost: + description: 'Deprecated: use RedirectRegex instead.' + type: string + sslProxyHeaders: + additionalProperties: + type: string + description: |- + SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request. + It can be useful when using other proxies (example: "X-Forwarded-Proto": "https"). + type: object + sslRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + sslTemporaryRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + stsIncludeSubdomains: + description: STSIncludeSubdomains defines whether the includeSubDomains + directive is appended to the Strict-Transport-Security header. + type: boolean + stsPreload: + description: STSPreload defines whether the preload flag is appended + to the Strict-Transport-Security header. + type: boolean + stsSeconds: + description: |- + STSSeconds defines the max-age of the Strict-Transport-Security header. + If set to 0, the header is not set. + format: int64 + type: integer + type: object + inFlightReq: + description: |- + InFlightReq holds the in-flight request middleware configuration. + This middleware limits the number of requests being processed and served concurrently. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/ + properties: + amount: + description: |- + Amount defines the maximum amount of allowed simultaneous in-flight request. + The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy). + format: int64 + type: integer + sourceCriterion: + description: |- + SourceCriterion defines what criterion is used to group requests as originating from a common source. + If several strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the requestHost. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/#sourcecriterion + properties: + ipStrategy: + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + ipAllowList: + description: |- + IPAllowList holds the IP allowlist middleware configuration. + This middleware accepts / refuses requests based on the client IP. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/ + properties: + ipStrategy: + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position (starting + from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the X-Forwarded-For + header and select the first IP not in the list. + items: + type: string + type: array + type: object + sourceRange: + description: SourceRange defines the set of allowed IPs (or ranges + of allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + ipWhiteList: + description: |- + IPWhiteList holds the IP whitelist middleware configuration. + This middleware accepts / refuses requests based on the client IP. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/ + Deprecated: please use IPAllowList instead. + properties: + ipStrategy: + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position (starting + from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the X-Forwarded-For + header and select the first IP not in the list. + items: + type: string + type: array + type: object + sourceRange: + description: SourceRange defines the set of allowed IPs (or ranges + of allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + passTLSClientCert: + description: |- + PassTLSClientCert holds the pass TLS client cert middleware configuration. + This middleware adds the selected data from the passed client TLS certificate to a header. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/passtlsclientcert/ + properties: + info: + description: Info selects the specific client certificate details + you want to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + issuer: + description: Issuer defines the client certificate issuer + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the issuer. + type: boolean + country: + description: Country defines whether to add the country + information into the issuer. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the issuer. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the issuer. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the issuer. + type: boolean + province: + description: Province defines whether to add the province + information into the issuer. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the issuer. + type: boolean + type: object + notAfter: + description: NotAfter defines whether to add the Not After + information from the Validity part. + type: boolean + notBefore: + description: NotBefore defines whether to add the Not Before + information from the Validity part. + type: boolean + sans: + description: Sans defines whether to add the Subject Alternative + Name information from the Subject Alternative Name part. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the client + serialNumber information. + type: boolean + subject: + description: Subject defines the client certificate subject + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the subject. + type: boolean + country: + description: Country defines whether to add the country + information into the subject. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the subject. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the subject. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the subject. + type: boolean + organizationalUnit: + description: OrganizationalUnit defines whether to add + the organizationalUnit information into the subject. + type: boolean + province: + description: Province defines whether to add the province + information into the subject. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the subject. + type: boolean + type: object + type: object + pem: + description: PEM sets the X-Forwarded-Tls-Client-Cert header with + the certificate. + type: boolean + type: object + plugin: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: |- + Plugin defines the middleware plugin configuration. + More info: https://doc.traefik.io/traefik/plugins/ + type: object + rateLimit: + description: |- + RateLimit holds the rate limit configuration. + This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ratelimit/ + properties: + average: + description: |- + Average is the maximum rate, by default in requests/s, allowed for the given source. + It defaults to 0, which means no rate limiting. + The rate is actually defined by dividing Average by Period. So for a rate below 1req/s, + one needs to define a Period larger than a second. + format: int64 + type: integer + burst: + description: |- + Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time. + It defaults to 1. + format: int64 + type: integer + period: + anyOf: + - type: integer + - type: string + description: |- + Period, in combination with Average, defines the actual maximum rate, such as: + r = Average / Period. It defaults to a second. + x-kubernetes-int-or-string: true + sourceCriterion: + description: |- + SourceCriterion defines what criterion is used to group requests as originating from a common source. + If several strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the request's remote address field (as an ipStrategy). + properties: + ipStrategy: + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + redirectRegex: + description: |- + RedirectRegex holds the redirect regex middleware configuration. + This middleware redirects a request using regex matching and replacement. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectregex/#regex + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + regex: + description: Regex defines the regex used to match and capture + elements from the request URL. + type: string + replacement: + description: Replacement defines how to modify the URL to have + the new target URL. + type: string + type: object + redirectScheme: + description: |- + RedirectScheme holds the redirect scheme middleware configuration. + This middleware redirects requests from a scheme/port to another. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectscheme/ + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + port: + description: Port defines the port of the new URL. + type: string + scheme: + description: Scheme defines the scheme of the new URL. + type: string + type: object + replacePath: + description: |- + ReplacePath holds the replace path middleware configuration. + This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepath/ + properties: + path: + description: Path defines the path to use as replacement in the + request URL. + type: string + type: object + replacePathRegex: + description: |- + ReplacePathRegex holds the replace path regex middleware configuration. + This middleware replaces the path of a URL using regex matching and replacement. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepathregex/ + properties: + regex: + description: Regex defines the regular expression used to match + and capture the path from the request URL. + type: string + replacement: + description: Replacement defines the replacement path format, + which can include captured variables. + type: string + type: object + retry: + description: |- + Retry holds the retry middleware configuration. + This middleware reissues requests a given number of times to a backend server if that server does not reply. + As soon as the server answers, the middleware stops retrying, regardless of the response status. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/retry/ + properties: + attempts: + description: Attempts defines how many times the request should + be retried. + type: integer + initialInterval: + anyOf: + - type: integer + - type: string + description: |- + InitialInterval defines the first wait time in the exponential backoff series. + The maximum interval is calculated as twice the initialInterval. + If unspecified, requests will be retried immediately. + The value of initialInterval should be provided in seconds or as a valid duration format, + see https://pkg.go.dev/time#ParseDuration. + x-kubernetes-int-or-string: true + type: object + stripPrefix: + description: |- + StripPrefix holds the strip prefix middleware configuration. + This middleware removes the specified prefixes from the URL path. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefix/ + properties: + forceSlash: + description: |- + ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary. + Default: true. + type: boolean + prefixes: + description: Prefixes defines the prefixes to strip from the request + URL. + items: + type: string + type: array + type: object + stripPrefixRegex: + description: |- + StripPrefixRegex holds the strip prefix regex middleware configuration. + This middleware removes the matching prefixes from the URL path. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefixregex/ + properties: + regex: + description: Regex defines the regular expression to match the + path prefix from the request URL. + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_middlewaretcps.yaml b/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_middlewaretcps.yaml new file mode 100644 index 0000000000..6535b365f1 --- /dev/null +++ b/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_middlewaretcps.yaml @@ -0,0 +1,87 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: middlewaretcps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: MiddlewareTCP + listKind: MiddlewareTCPList + plural: middlewaretcps + singular: middlewaretcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/overview/ + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP. + properties: + inFlightConn: + description: InFlightConn defines the InFlightConn middleware configuration. + properties: + amount: + description: |- + Amount defines the maximum amount of allowed simultaneous connections. + The middleware closes the connection if there are already amount connections opened. + format: int64 + type: integer + type: object + ipAllowList: + description: |- + IPAllowList defines the IPAllowList middleware configuration. + This middleware accepts/refuses connections based on the client IP. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipallowlist/ + properties: + sourceRange: + description: SourceRange defines the allowed IPs (or ranges of + allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + ipWhiteList: + description: |- + IPWhiteList defines the IPWhiteList middleware configuration. + This middleware accepts/refuses connections based on the client IP. + Deprecated: please use IPAllowList instead. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/ + properties: + sourceRange: + description: SourceRange defines the allowed IPs (or ranges of + allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_serverstransports.yaml b/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_serverstransports.yaml new file mode 100644 index 0000000000..454e35a2a8 --- /dev/null +++ b/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_serverstransports.yaml @@ -0,0 +1,126 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: serverstransports.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: ServersTransport + listKind: ServersTransportList + plural: serverstransports + singular: serverstransport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + ServersTransport is the CRD implementation of a ServersTransport. + If no serversTransport is specified, the default@internal will be used. + The default@internal serversTransport is created from the static configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/services/#serverstransport_1 + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ServersTransportSpec defines the desired state of a ServersTransport. + properties: + certificatesSecrets: + description: CertificatesSecrets defines a list of secret storing + client certificates for mTLS. + items: + type: string + type: array + disableHTTP2: + description: DisableHTTP2 disables HTTP/2 for connections with backend + servers. + type: boolean + forwardingTimeouts: + description: ForwardingTimeouts defines the timeouts for requests + forwarded to the backend servers. + properties: + dialTimeout: + anyOf: + - type: integer + - type: string + description: DialTimeout is the amount of time to wait until a + connection to a backend server can be established. + x-kubernetes-int-or-string: true + idleConnTimeout: + anyOf: + - type: integer + - type: string + description: IdleConnTimeout is the maximum period for which an + idle HTTP keep-alive connection will remain open before closing + itself. + x-kubernetes-int-or-string: true + pingTimeout: + anyOf: + - type: integer + - type: string + description: PingTimeout is the timeout after which the HTTP/2 + connection will be closed if a response to ping is not received. + x-kubernetes-int-or-string: true + readIdleTimeout: + anyOf: + - type: integer + - type: string + description: ReadIdleTimeout is the timeout after which a health + check using ping frame will be carried out if no frame is received + on the HTTP/2 connection. + x-kubernetes-int-or-string: true + responseHeaderTimeout: + anyOf: + - type: integer + - type: string + description: ResponseHeaderTimeout is the amount of time to wait + for a server's response headers after fully writing the request + (including its body, if any). + x-kubernetes-int-or-string: true + type: object + insecureSkipVerify: + description: InsecureSkipVerify disables SSL certificate verification. + type: boolean + maxIdleConnsPerHost: + description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) + to keep per-host. + type: integer + peerCertURI: + description: PeerCertURI defines the peer cert URI used to match against + SAN URI during the peer certificate verification. + type: string + rootCAsSecrets: + description: RootCAsSecrets defines a list of CA secret used to validate + self-signed certificate. + items: + type: string + type: array + serverName: + description: ServerName defines the server name used to contact the + server. + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_tlsoptions.yaml b/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_tlsoptions.yaml new file mode 100644 index 0000000000..bef834eab2 --- /dev/null +++ b/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_tlsoptions.yaml @@ -0,0 +1,114 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: tlsoptions.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TLSOption + listKind: TLSOptionList + plural: tlsoptions + singular: tlsoption + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection. + More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TLSOptionSpec defines the desired state of a TLSOption. + properties: + alpnProtocols: + description: |- + ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. + More info: https://doc.traefik.io/traefik/v2.11/https/tls/#alpn-protocols + items: + type: string + type: array + cipherSuites: + description: |- + CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. + More info: https://doc.traefik.io/traefik/v2.11/https/tls/#cipher-suites + items: + type: string + type: array + clientAuth: + description: ClientAuth defines the server's policy for TLS Client + Authentication. + properties: + clientAuthType: + description: ClientAuthType defines the client authentication + type to apply. + enum: + - NoClientCert + - RequestClientCert + - RequireAnyClientCert + - VerifyClientCertIfGiven + - RequireAndVerifyClientCert + type: string + secretNames: + description: SecretNames defines the names of the referenced Kubernetes + Secret storing certificate details. + items: + type: string + type: array + type: object + curvePreferences: + description: |- + CurvePreferences defines the preferred elliptic curves in a specific order. + More info: https://doc.traefik.io/traefik/v2.11/https/tls/#curve-preferences + items: + type: string + type: array + maxVersion: + description: |- + MaxVersion defines the maximum TLS version that Traefik will accept. + Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13. + Default: None. + type: string + minVersion: + description: |- + MinVersion defines the minimum TLS version that Traefik will accept. + Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13. + Default: VersionTLS10. + type: string + preferServerCipherSuites: + description: |- + PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's. + It is enabled automatically when minVersion or maxVersion is set. + Deprecated: https://github.com/golang/go/issues/45430 + type: boolean + sniStrict: + description: SniStrict defines whether Traefik allows connections + from clients connections that do not specify a server_name extension. + type: boolean + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_tlsstores.yaml b/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_tlsstores.yaml new file mode 100644 index 0000000000..57c8e1bf76 --- /dev/null +++ b/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_tlsstores.yaml @@ -0,0 +1,97 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: tlsstores.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TLSStore + listKind: TLSStoreList + plural: tlsstores + singular: tlsstore + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + TLSStore is the CRD implementation of a Traefik TLS Store. + For the time being, only the TLSStore named default is supported. + This means that you cannot have two stores that are named default in different Kubernetes namespaces. + More info: https://doc.traefik.io/traefik/v2.11/https/tls/#certificates-stores + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TLSStoreSpec defines the desired state of a TLSStore. + properties: + certificates: + description: Certificates is a list of secret names, each secret holding + a key/certificate pair to add to the store. + items: + description: Certificate holds a secret name for the TLSStore resource. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + type: array + defaultCertificate: + description: DefaultCertificate defines the default certificate configuration. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + defaultGeneratedCert: + description: DefaultGeneratedCert defines the default generated certificate + configuration. + properties: + domain: + description: Domain is the domain definition for the DefaultCertificate. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain names. + items: + type: string + type: array + type: object + resolver: + description: Resolver is the name of the resolver that will be + used to issue the DefaultCertificate. + type: string + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_traefikservices.yaml b/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_traefikservices.yaml new file mode 100644 index 0000000000..5ceb028aa8 --- /dev/null +++ b/system/traefik-crds/2.1.2/templates/crds/traefik.containo.us_traefikservices.yaml @@ -0,0 +1,411 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: traefikservices.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TraefikService + listKind: TraefikServiceList + plural: traefikservices + singular: traefikservice + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + TraefikService is the CRD implementation of a Traefik Service. + TraefikService object allows to: + - Apply weight to Services on load-balancing + - Mirror traffic on services + More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-traefikservice + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TraefikServiceSpec defines the desired state of a TraefikService. + properties: + mirroring: + description: Mirroring defines the Mirroring service configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + maxBodySize: + description: |- + MaxBodySize defines the maximum size allowed for the body of the request. + If the body is larger, the request is not mirrored. + Default value is -1, which means unlimited size. + format: int64 + type: integer + mirrors: + description: Mirrors defines the list of mirrors where Traefik + will duplicate the traffic. + items: + description: MirrorService holds the mirror configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + passHostHeader: + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + percent: + description: |- + Percent defines the part of the traffic to mirror. + Supported values: 0 to 100. + type: integer + port: + anyOf: + - type: integer + - type: string + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms + type: string + type: object + scheme: + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. + type: string + sticky: + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. + type: string + weight: + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + name: + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + passHostHeader: + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards the + response from the upstream Kubernetes Service to the client. + properties: + flushInterval: + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms + type: string + type: object + scheme: + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. + type: string + sticky: + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. + type: string + weight: + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + weighted: + description: Weighted defines the Weighted Round Robin configuration. + properties: + services: + description: Services defines the list of Kubernetes Service and/or + TraefikService to load-balance, with weight. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + passHostHeader: + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms + type: string + type: object + scheme: + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. + type: string + sticky: + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. + type: string + weight: + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + sticky: + description: |- + Sticky defines whether sticky sessions are enabled. + More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#stickiness-and-load-balancing + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/system/traefik-crds/2.1.2/templates/crds/traefik.io_ingressroutes.yaml b/system/traefik-crds/2.1.2/templates/crds/traefik.io_ingressroutes.yaml new file mode 100644 index 0000000000..587207d7c8 --- /dev/null +++ b/system/traefik-crds/2.1.2/templates/crds/traefik.io_ingressroutes.yaml @@ -0,0 +1,287 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: ingressroutes.traefik.io +spec: + group: traefik.io + names: + kind: IngressRoute + listKind: IngressRouteList + plural: ingressroutes + singular: ingressroute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRoute is the CRD implementation of a Traefik HTTP Router. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IngressRouteSpec defines the desired state of IngressRoute. + properties: + entryPoints: + description: |- + EntryPoints defines the list of entry point names to bind to. + Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/ + Default: all. + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: Route holds the HTTP route configuration. + properties: + kind: + description: |- + Kind defines the kind of the route. + Rule is the only supported kind. + enum: + - Rule + type: string + match: + description: |- + Match defines the router's rule. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule + type: string + middlewares: + description: |- + Middlewares defines the list of references to Middleware resources. + More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-middleware + items: + description: MiddlewareRef is a reference to a Middleware + resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + priority: + description: |- + Priority defines the router's priority. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority + type: integer + services: + description: |- + Services defines the list of Service. + It can contain any combination of TraefikService and/or reference to a Kubernetes Service. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + passHostHeader: + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to + the client. + properties: + flushInterval: + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms + type: string + type: object + scheme: + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. + type: string + sticky: + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as + JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + type: string + secure: + description: Secure defines whether the cookie + can only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. + type: string + weight: + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + required: + - kind + - match + type: object + type: array + tls: + description: |- + TLS defines the TLS configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls + properties: + certResolver: + description: |- + CertResolver defines the name of the certificate resolver to use. + Cert resolvers have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers + type: string + domains: + description: |- + Domains defines the list of domains that will be used to issue certificates. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: |- + Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. + If not defined, the `default` TLSOption is used. + More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options + properties: + name: + description: |- + Name defines the name of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption + type: string + namespace: + description: |- + Namespace defines the namespace of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsoption + type: string + required: + - name + type: object + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: |- + Store defines the reference to the TLSStore, that will be used to store certificates. + Please note that only `default` TLSStore can be used. + properties: + name: + description: |- + Name defines the name of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore + type: string + namespace: + description: |- + Namespace defines the namespace of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-tlsstore + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/system/traefik-crds/2.1.2/templates/crds/traefik.io_ingressroutetcps.yaml b/system/traefik-crds/2.1.2/templates/crds/traefik.io_ingressroutetcps.yaml new file mode 100644 index 0000000000..ef6f9b8c18 --- /dev/null +++ b/system/traefik-crds/2.1.2/templates/crds/traefik.io_ingressroutetcps.yaml @@ -0,0 +1,224 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: ingressroutetcps.traefik.io +spec: + group: traefik.io + names: + kind: IngressRouteTCP + listKind: IngressRouteTCPList + plural: ingressroutetcps + singular: ingressroutetcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP. + properties: + entryPoints: + description: |- + EntryPoints defines the list of entry point names to bind to. + Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/ + Default: all. + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteTCP holds the TCP route configuration. + properties: + match: + description: |- + Match defines the router's rule. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#rule_1 + type: string + middlewares: + description: Middlewares defines the list of references to MiddlewareTCP + resources. + items: + description: ObjectReference is a generic reference to a Traefik + resource. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: array + priority: + description: |- + Priority defines the router's priority. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#priority_1 + type: integer + services: + description: Services defines the list of TCP services. + items: + description: ServiceTCP defines an upstream TCP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + nativeLB: + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + proxyProtocol: + description: |- + ProxyProtocol defines the PROXY protocol configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/services/#proxy-protocol + properties: + version: + description: Version defines the PROXY Protocol version + to use. + type: integer + type: object + terminationDelay: + description: |- + TerminationDelay defines the deadline that the proxy sets, after one of its connected peers indicates + it has closed the writing capability of its connection, to close the reading capability as well, + hence fully terminating the connection. + It is a duration in milliseconds, defaulting to 100. + A negative value means an infinite deadline (i.e. the reading capability is never closed). + type: integer + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + required: + - match + type: object + type: array + tls: + description: |- + TLS defines the TLS configuration on a layer 4 / TCP Route. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#tls_1 + properties: + certResolver: + description: |- + CertResolver defines the name of the certificate resolver to use. + Cert resolvers have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.11/https/acme/#certificate-resolvers + type: string + domains: + description: |- + Domains defines the list of domains that will be used to issue certificates. + More info: https://doc.traefik.io/traefik/v2.11/routing/routers/#domains + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: |- + Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection. + If not defined, the `default` TLSOption is used. + More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + passthrough: + description: Passthrough defines whether a TLS router will terminate + the TLS connection. + type: boolean + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: |- + Store defines the reference to the TLSStore, that will be used to store certificates. + Please note that only `default` TLSStore can be used. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/system/traefik-crds/2.1.2/templates/crds/traefik.io_ingressrouteudps.yaml b/system/traefik-crds/2.1.2/templates/crds/traefik.io_ingressrouteudps.yaml new file mode 100644 index 0000000000..60cc29d548 --- /dev/null +++ b/system/traefik-crds/2.1.2/templates/crds/traefik.io_ingressrouteudps.yaml @@ -0,0 +1,104 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: ingressrouteudps.traefik.io +spec: + group: traefik.io + names: + kind: IngressRouteUDP + listKind: IngressRouteUDPList + plural: ingressrouteudps + singular: ingressrouteudp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP. + properties: + entryPoints: + description: |- + EntryPoints defines the list of entry point names to bind to. + Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/entrypoints/ + Default: all. + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteUDP holds the UDP route configuration. + properties: + services: + description: Services defines the list of UDP services. + items: + description: ServiceUDP defines an upstream UDP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + nativeLB: + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + type: object + type: array + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/system/traefik-crds/2.1.2/templates/crds/traefik.io_middlewares.yaml b/system/traefik-crds/2.1.2/templates/crds/traefik.io_middlewares.yaml new file mode 100644 index 0000000000..66913e6530 --- /dev/null +++ b/system/traefik-crds/2.1.2/templates/crds/traefik.io_middlewares.yaml @@ -0,0 +1,980 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: middlewares.traefik.io +spec: + group: traefik.io + names: + kind: Middleware + listKind: MiddlewareList + plural: middlewares + singular: middleware + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + Middleware is the CRD implementation of a Traefik Middleware. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/overview/ + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MiddlewareSpec defines the desired state of a Middleware. + properties: + addPrefix: + description: |- + AddPrefix holds the add prefix middleware configuration. + This middleware updates the path of a request before forwarding it. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/addprefix/ + properties: + prefix: + description: |- + Prefix is the string to add before the current path in the requested URL. + It should include a leading slash (/). + type: string + type: object + basicAuth: + description: |- + BasicAuth holds the basic auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/ + properties: + headerField: + description: |- + HeaderField defines a header field to store the authenticated user. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield + type: string + realm: + description: |- + Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme. + Default: traefik. + type: string + removeHeader: + description: |- + RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service. + Default: false. + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + buffering: + description: |- + Buffering holds the buffering middleware configuration. + This middleware retries or limits the size of requests that can be forwarded to backends. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#maxrequestbodybytes + properties: + maxRequestBodyBytes: + description: |- + MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes). + If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response. + Default: 0 (no maximum). + format: int64 + type: integer + maxResponseBodyBytes: + description: |- + MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes). + If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead. + Default: 0 (no maximum). + format: int64 + type: integer + memRequestBodyBytes: + description: |- + MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory. + Default: 1048576 (1Mi). + format: int64 + type: integer + memResponseBodyBytes: + description: |- + MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory. + Default: 1048576 (1Mi). + format: int64 + type: integer + retryExpression: + description: |- + RetryExpression defines the retry conditions. + It is a logical combination of functions with operators AND (&&) and OR (||). + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/buffering/#retryexpression + type: string + type: object + chain: + description: |- + Chain holds the configuration of the chain middleware. + This middleware enables to define reusable combinations of other pieces of middleware. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/chain/ + properties: + middlewares: + description: Middlewares is the list of MiddlewareRef which composes + the chain. + items: + description: MiddlewareRef is a reference to a Middleware resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + type: object + circuitBreaker: + description: CircuitBreaker holds the circuit breaker configuration. + properties: + checkPeriod: + anyOf: + - type: integer + - type: string + description: CheckPeriod is the interval between successive checks + of the circuit breaker condition (when in standby state). + x-kubernetes-int-or-string: true + expression: + description: Expression is the condition that triggers the tripped + state. + type: string + fallbackDuration: + anyOf: + - type: integer + - type: string + description: FallbackDuration is the duration for which the circuit + breaker will wait before trying to recover (from a tripped state). + x-kubernetes-int-or-string: true + recoveryDuration: + anyOf: + - type: integer + - type: string + description: RecoveryDuration is the duration for which the circuit + breaker will try to recover (as soon as it is in recovering + state). + x-kubernetes-int-or-string: true + type: object + compress: + description: |- + Compress holds the compress middleware configuration. + This middleware compresses responses before sending them to the client, using gzip compression. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/compress/ + properties: + excludedContentTypes: + description: ExcludedContentTypes defines the list of content + types to compare the Content-Type header of the incoming requests + and responses before compressing. + items: + type: string + type: array + minResponseBodyBytes: + description: |- + MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed. + Default: 1024. + type: integer + type: object + contentType: + description: |- + ContentType holds the content-type middleware configuration. + This middleware exists to enable the correct behavior until at least the default one can be changed in a future version. + properties: + autoDetect: + description: |- + AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend, + be automatically set to a value derived from the contents of the response. + As a proxy, the default behavior should be to leave the header alone, regardless of what the backend did with it. + However, the historic default was to always auto-detect and set the header if it was nil, + and it is going to be kept that way in order to support users currently relying on it. + type: boolean + type: object + digestAuth: + description: |- + DigestAuth holds the digest auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/digestauth/ + properties: + headerField: + description: |- + HeaderField defines a header field to store the authenticated user. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/basicauth/#headerfield + type: string + realm: + description: |- + Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme. + Default: traefik. + type: string + removeHeader: + description: RemoveHeader defines whether to remove the authorization + header before forwarding the request to the backend. + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + errors: + description: |- + ErrorPage holds the custom error middleware configuration. + This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/ + properties: + query: + description: |- + Query defines the URL for the error page (hosted by service). + The {status} variable can be used in order to insert the status code in the URL. + type: string + service: + description: |- + Service defines the reference to a Kubernetes Service that will serve the error page. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/errorpages/#service + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + passHostHeader: + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms + type: string + type: object + scheme: + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. + type: string + sticky: + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can + be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. + type: string + weight: + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + status: + description: |- + Status defines which status or range of statuses should result in an error page. + It can be either a status code as a number (500), + as multiple comma-separated numbers (500,502), + as ranges by separating two codes with a dash (500-599), + or a combination of the two (404,418,500-599). + items: + type: string + type: array + type: object + forwardAuth: + description: |- + ForwardAuth holds the forward auth middleware configuration. + This middleware delegates the request authentication to a Service. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/ + properties: + address: + description: Address defines the authentication server address. + type: string + authRequestHeaders: + description: |- + AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server. + If not set or empty then all request headers are passed. + items: + type: string + type: array + authResponseHeaders: + description: AuthResponseHeaders defines the list of headers to + copy from the authentication server response and set on forwarded + request, replacing any existing conflicting headers. + items: + type: string + type: array + authResponseHeadersRegex: + description: |- + AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/forwardauth/#authresponseheadersregex + type: string + tls: + description: TLS defines the configuration used to secure the + connection to the authentication server. + properties: + caOptional: + type: boolean + caSecret: + description: |- + CASecret is the name of the referenced Kubernetes Secret containing the CA to validate the server certificate. + The CA certificate is extracted from key `tls.ca` or `ca.crt`. + type: string + certSecret: + description: |- + CertSecret is the name of the referenced Kubernetes Secret containing the client certificate. + The client certificate is extracted from the keys `tls.crt` and `tls.key`. + type: string + insecureSkipVerify: + description: InsecureSkipVerify defines whether the server + certificates should be validated. + type: boolean + type: object + trustForwardHeader: + description: 'TrustForwardHeader defines whether to trust (ie: + forward) all X-Forwarded-* headers.' + type: boolean + type: object + headers: + description: |- + Headers holds the headers middleware configuration. + This middleware manages the requests and responses headers. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/headers/#customrequestheaders + properties: + accessControlAllowCredentials: + description: AccessControlAllowCredentials defines whether the + request can include user credentials. + type: boolean + accessControlAllowHeaders: + description: AccessControlAllowHeaders defines the Access-Control-Request-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlAllowMethods: + description: AccessControlAllowMethods defines the Access-Control-Request-Method + values sent in preflight response. + items: + type: string + type: array + accessControlAllowOriginList: + description: AccessControlAllowOriginList is a list of allowable + origins. Can also be a wildcard origin "*". + items: + type: string + type: array + accessControlAllowOriginListRegex: + description: AccessControlAllowOriginListRegex is a list of allowable + origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/). + items: + type: string + type: array + accessControlExposeHeaders: + description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlMaxAge: + description: AccessControlMaxAge defines the time that a preflight + request may be cached. + format: int64 + type: integer + addVaryHeader: + description: AddVaryHeader defines whether the Vary header is + automatically added/updated when the AccessControlAllowOriginList + is set. + type: boolean + allowedHosts: + description: AllowedHosts defines the fully qualified list of + allowed domain names. + items: + type: string + type: array + browserXssFilter: + description: BrowserXSSFilter defines whether to add the X-XSS-Protection + header with the value 1; mode=block. + type: boolean + contentSecurityPolicy: + description: ContentSecurityPolicy defines the Content-Security-Policy + header value. + type: string + contentTypeNosniff: + description: ContentTypeNosniff defines whether to add the X-Content-Type-Options + header with the nosniff value. + type: boolean + customBrowserXSSValue: + description: |- + CustomBrowserXSSValue defines the X-XSS-Protection header value. + This overrides the BrowserXssFilter option. + type: string + customFrameOptionsValue: + description: |- + CustomFrameOptionsValue defines the X-Frame-Options header value. + This overrides the FrameDeny option. + type: string + customRequestHeaders: + additionalProperties: + type: string + description: CustomRequestHeaders defines the header names and + values to apply to the request. + type: object + customResponseHeaders: + additionalProperties: + type: string + description: CustomResponseHeaders defines the header names and + values to apply to the response. + type: object + featurePolicy: + description: 'Deprecated: use PermissionsPolicy instead.' + type: string + forceSTSHeader: + description: ForceSTSHeader defines whether to add the STS header + even when the connection is HTTP. + type: boolean + frameDeny: + description: FrameDeny defines whether to add the X-Frame-Options + header with the DENY value. + type: boolean + hostsProxyHeaders: + description: HostsProxyHeaders defines the header keys that may + hold a proxied hostname value for the request. + items: + type: string + type: array + isDevelopment: + description: |- + IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing. + Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain. + If you would like your development environment to mimic production with complete Host blocking, SSL redirects, + and STS headers, leave this as false. + type: boolean + permissionsPolicy: + description: |- + PermissionsPolicy defines the Permissions-Policy header value. + This allows sites to control browser features. + type: string + publicKey: + description: PublicKey is the public key that implements HPKP + to prevent MITM attacks with forged certificates. + type: string + referrerPolicy: + description: |- + ReferrerPolicy defines the Referrer-Policy header value. + This allows sites to control whether browsers forward the Referer header to other sites. + type: string + sslForceHost: + description: 'Deprecated: use RedirectRegex instead.' + type: boolean + sslHost: + description: 'Deprecated: use RedirectRegex instead.' + type: string + sslProxyHeaders: + additionalProperties: + type: string + description: |- + SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request. + It can be useful when using other proxies (example: "X-Forwarded-Proto": "https"). + type: object + sslRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + sslTemporaryRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + stsIncludeSubdomains: + description: STSIncludeSubdomains defines whether the includeSubDomains + directive is appended to the Strict-Transport-Security header. + type: boolean + stsPreload: + description: STSPreload defines whether the preload flag is appended + to the Strict-Transport-Security header. + type: boolean + stsSeconds: + description: |- + STSSeconds defines the max-age of the Strict-Transport-Security header. + If set to 0, the header is not set. + format: int64 + type: integer + type: object + inFlightReq: + description: |- + InFlightReq holds the in-flight request middleware configuration. + This middleware limits the number of requests being processed and served concurrently. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/ + properties: + amount: + description: |- + Amount defines the maximum amount of allowed simultaneous in-flight request. + The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy). + format: int64 + type: integer + sourceCriterion: + description: |- + SourceCriterion defines what criterion is used to group requests as originating from a common source. + If several strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the requestHost. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/inflightreq/#sourcecriterion + properties: + ipStrategy: + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + ipAllowList: + description: |- + IPAllowList holds the IP allowlist middleware configuration. + This middleware accepts / refuses requests based on the client IP. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/ + properties: + ipStrategy: + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position (starting + from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the X-Forwarded-For + header and select the first IP not in the list. + items: + type: string + type: array + type: object + sourceRange: + description: SourceRange defines the set of allowed IPs (or ranges + of allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + ipWhiteList: + description: |- + IPWhiteList holds the IP whitelist middleware configuration. + This middleware accepts / refuses requests based on the client IP. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipwhitelist/ + Deprecated: please use IPAllowList instead. + properties: + ipStrategy: + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position (starting + from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the X-Forwarded-For + header and select the first IP not in the list. + items: + type: string + type: array + type: object + sourceRange: + description: SourceRange defines the set of allowed IPs (or ranges + of allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + passTLSClientCert: + description: |- + PassTLSClientCert holds the pass TLS client cert middleware configuration. + This middleware adds the selected data from the passed client TLS certificate to a header. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/passtlsclientcert/ + properties: + info: + description: Info selects the specific client certificate details + you want to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + issuer: + description: Issuer defines the client certificate issuer + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the issuer. + type: boolean + country: + description: Country defines whether to add the country + information into the issuer. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the issuer. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the issuer. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the issuer. + type: boolean + province: + description: Province defines whether to add the province + information into the issuer. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the issuer. + type: boolean + type: object + notAfter: + description: NotAfter defines whether to add the Not After + information from the Validity part. + type: boolean + notBefore: + description: NotBefore defines whether to add the Not Before + information from the Validity part. + type: boolean + sans: + description: Sans defines whether to add the Subject Alternative + Name information from the Subject Alternative Name part. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the client + serialNumber information. + type: boolean + subject: + description: Subject defines the client certificate subject + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the subject. + type: boolean + country: + description: Country defines whether to add the country + information into the subject. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the subject. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the subject. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the subject. + type: boolean + organizationalUnit: + description: OrganizationalUnit defines whether to add + the organizationalUnit information into the subject. + type: boolean + province: + description: Province defines whether to add the province + information into the subject. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the subject. + type: boolean + type: object + type: object + pem: + description: PEM sets the X-Forwarded-Tls-Client-Cert header with + the certificate. + type: boolean + type: object + plugin: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: |- + Plugin defines the middleware plugin configuration. + More info: https://doc.traefik.io/traefik/plugins/ + type: object + rateLimit: + description: |- + RateLimit holds the rate limit configuration. + This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ratelimit/ + properties: + average: + description: |- + Average is the maximum rate, by default in requests/s, allowed for the given source. + It defaults to 0, which means no rate limiting. + The rate is actually defined by dividing Average by Period. So for a rate below 1req/s, + one needs to define a Period larger than a second. + format: int64 + type: integer + burst: + description: |- + Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time. + It defaults to 1. + format: int64 + type: integer + period: + anyOf: + - type: integer + - type: string + description: |- + Period, in combination with Average, defines the actual maximum rate, such as: + r = Average / Period. It defaults to a second. + x-kubernetes-int-or-string: true + sourceCriterion: + description: |- + SourceCriterion defines what criterion is used to group requests as originating from a common source. + If several strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the request's remote address field (as an ipStrategy). + properties: + ipStrategy: + description: |- + IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/ipallowlist/#ipstrategy + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + redirectRegex: + description: |- + RedirectRegex holds the redirect regex middleware configuration. + This middleware redirects a request using regex matching and replacement. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectregex/#regex + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + regex: + description: Regex defines the regex used to match and capture + elements from the request URL. + type: string + replacement: + description: Replacement defines how to modify the URL to have + the new target URL. + type: string + type: object + redirectScheme: + description: |- + RedirectScheme holds the redirect scheme middleware configuration. + This middleware redirects requests from a scheme/port to another. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/redirectscheme/ + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + port: + description: Port defines the port of the new URL. + type: string + scheme: + description: Scheme defines the scheme of the new URL. + type: string + type: object + replacePath: + description: |- + ReplacePath holds the replace path middleware configuration. + This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepath/ + properties: + path: + description: Path defines the path to use as replacement in the + request URL. + type: string + type: object + replacePathRegex: + description: |- + ReplacePathRegex holds the replace path regex middleware configuration. + This middleware replaces the path of a URL using regex matching and replacement. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/replacepathregex/ + properties: + regex: + description: Regex defines the regular expression used to match + and capture the path from the request URL. + type: string + replacement: + description: Replacement defines the replacement path format, + which can include captured variables. + type: string + type: object + retry: + description: |- + Retry holds the retry middleware configuration. + This middleware reissues requests a given number of times to a backend server if that server does not reply. + As soon as the server answers, the middleware stops retrying, regardless of the response status. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/retry/ + properties: + attempts: + description: Attempts defines how many times the request should + be retried. + type: integer + initialInterval: + anyOf: + - type: integer + - type: string + description: |- + InitialInterval defines the first wait time in the exponential backoff series. + The maximum interval is calculated as twice the initialInterval. + If unspecified, requests will be retried immediately. + The value of initialInterval should be provided in seconds or as a valid duration format, + see https://pkg.go.dev/time#ParseDuration. + x-kubernetes-int-or-string: true + type: object + stripPrefix: + description: |- + StripPrefix holds the strip prefix middleware configuration. + This middleware removes the specified prefixes from the URL path. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefix/ + properties: + forceSlash: + description: |- + ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary. + Default: true. + type: boolean + prefixes: + description: Prefixes defines the prefixes to strip from the request + URL. + items: + type: string + type: array + type: object + stripPrefixRegex: + description: |- + StripPrefixRegex holds the strip prefix regex middleware configuration. + This middleware removes the matching prefixes from the URL path. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/http/stripprefixregex/ + properties: + regex: + description: Regex defines the regular expression to match the + path prefix from the request URL. + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/system/traefik-crds/2.1.2/templates/crds/traefik.io_middlewaretcps.yaml b/system/traefik-crds/2.1.2/templates/crds/traefik.io_middlewaretcps.yaml new file mode 100644 index 0000000000..982caa692e --- /dev/null +++ b/system/traefik-crds/2.1.2/templates/crds/traefik.io_middlewaretcps.yaml @@ -0,0 +1,87 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: middlewaretcps.traefik.io +spec: + group: traefik.io + names: + kind: MiddlewareTCP + listKind: MiddlewareTCPList + plural: middlewaretcps + singular: middlewaretcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/overview/ + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP. + properties: + inFlightConn: + description: InFlightConn defines the InFlightConn middleware configuration. + properties: + amount: + description: |- + Amount defines the maximum amount of allowed simultaneous connections. + The middleware closes the connection if there are already amount connections opened. + format: int64 + type: integer + type: object + ipAllowList: + description: |- + IPAllowList defines the IPAllowList middleware configuration. + This middleware accepts/refuses connections based on the client IP. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipallowlist/ + properties: + sourceRange: + description: SourceRange defines the allowed IPs (or ranges of + allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + ipWhiteList: + description: |- + IPWhiteList defines the IPWhiteList middleware configuration. + This middleware accepts/refuses connections based on the client IP. + Deprecated: please use IPAllowList instead. + More info: https://doc.traefik.io/traefik/v2.11/middlewares/tcp/ipwhitelist/ + properties: + sourceRange: + description: SourceRange defines the allowed IPs (or ranges of + allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/system/traefik-crds/2.1.2/templates/crds/traefik.io_serverstransports.yaml b/system/traefik-crds/2.1.2/templates/crds/traefik.io_serverstransports.yaml new file mode 100644 index 0000000000..aad13e089a --- /dev/null +++ b/system/traefik-crds/2.1.2/templates/crds/traefik.io_serverstransports.yaml @@ -0,0 +1,126 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: serverstransports.traefik.io +spec: + group: traefik.io + names: + kind: ServersTransport + listKind: ServersTransportList + plural: serverstransports + singular: serverstransport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + ServersTransport is the CRD implementation of a ServersTransport. + If no serversTransport is specified, the default@internal will be used. + The default@internal serversTransport is created from the static configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/services/#serverstransport_1 + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ServersTransportSpec defines the desired state of a ServersTransport. + properties: + certificatesSecrets: + description: CertificatesSecrets defines a list of secret storing + client certificates for mTLS. + items: + type: string + type: array + disableHTTP2: + description: DisableHTTP2 disables HTTP/2 for connections with backend + servers. + type: boolean + forwardingTimeouts: + description: ForwardingTimeouts defines the timeouts for requests + forwarded to the backend servers. + properties: + dialTimeout: + anyOf: + - type: integer + - type: string + description: DialTimeout is the amount of time to wait until a + connection to a backend server can be established. + x-kubernetes-int-or-string: true + idleConnTimeout: + anyOf: + - type: integer + - type: string + description: IdleConnTimeout is the maximum period for which an + idle HTTP keep-alive connection will remain open before closing + itself. + x-kubernetes-int-or-string: true + pingTimeout: + anyOf: + - type: integer + - type: string + description: PingTimeout is the timeout after which the HTTP/2 + connection will be closed if a response to ping is not received. + x-kubernetes-int-or-string: true + readIdleTimeout: + anyOf: + - type: integer + - type: string + description: ReadIdleTimeout is the timeout after which a health + check using ping frame will be carried out if no frame is received + on the HTTP/2 connection. + x-kubernetes-int-or-string: true + responseHeaderTimeout: + anyOf: + - type: integer + - type: string + description: ResponseHeaderTimeout is the amount of time to wait + for a server's response headers after fully writing the request + (including its body, if any). + x-kubernetes-int-or-string: true + type: object + insecureSkipVerify: + description: InsecureSkipVerify disables SSL certificate verification. + type: boolean + maxIdleConnsPerHost: + description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) + to keep per-host. + type: integer + peerCertURI: + description: PeerCertURI defines the peer cert URI used to match against + SAN URI during the peer certificate verification. + type: string + rootCAsSecrets: + description: RootCAsSecrets defines a list of CA secret used to validate + self-signed certificate. + items: + type: string + type: array + serverName: + description: ServerName defines the server name used to contact the + server. + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/system/traefik-crds/2.1.2/templates/crds/traefik.io_serverstransporttcps.yaml b/system/traefik-crds/2.1.2/templates/crds/traefik.io_serverstransporttcps.yaml new file mode 100644 index 0000000000..b255d3296c --- /dev/null +++ b/system/traefik-crds/2.1.2/templates/crds/traefik.io_serverstransporttcps.yaml @@ -0,0 +1,120 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: serverstransporttcps.traefik.io +spec: + group: traefik.io + names: + kind: ServersTransportTCP + listKind: ServersTransportTCPList + plural: serverstransporttcps + singular: serverstransporttcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + ServersTransportTCP is the CRD implementation of a TCPServersTransport. + If no tcpServersTransport is specified, a default one named default@internal will be used. + The default@internal tcpServersTransport can be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3 + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ServersTransportTCPSpec defines the desired state of a ServersTransportTCP. + properties: + dialKeepAlive: + anyOf: + - type: integer + - type: string + description: DialKeepAlive is the interval between keep-alive probes + for an active network connection. If zero, keep-alive probes are + sent with a default value (currently 15 seconds), if supported by + the protocol and operating system. Network protocols or operating + systems that do not support keep-alives ignore this field. If negative, + keep-alive probes are disabled. + x-kubernetes-int-or-string: true + dialTimeout: + anyOf: + - type: integer + - type: string + description: DialTimeout is the amount of time to wait until a connection + to a backend server can be established. + x-kubernetes-int-or-string: true + terminationDelay: + anyOf: + - type: integer + - type: string + description: TerminationDelay defines the delay to wait before fully + terminating the connection, after one connected peer has closed + its writing capability. + x-kubernetes-int-or-string: true + tls: + description: TLS defines the TLS configuration + properties: + certificatesSecrets: + description: CertificatesSecrets defines a list of secret storing + client certificates for mTLS. + items: + type: string + type: array + insecureSkipVerify: + description: InsecureSkipVerify disables TLS certificate verification. + type: boolean + peerCertURI: + description: |- + MaxIdleConnsPerHost controls the maximum idle (keep-alive) to keep per-host. + PeerCertURI defines the peer cert URI used to match against SAN URI during the peer certificate verification. + type: string + rootCAsSecrets: + description: RootCAsSecrets defines a list of CA secret used to + validate self-signed certificates. + items: + type: string + type: array + serverName: + description: ServerName defines the server name used to contact + the server. + type: string + spiffe: + description: Spiffe defines the SPIFFE configuration. + properties: + ids: + description: IDs defines the allowed SPIFFE IDs (takes precedence + over the SPIFFE TrustDomain). + items: + type: string + type: array + trustDomain: + description: TrustDomain defines the allowed SPIFFE trust + domain. + type: string + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/system/traefik-crds/2.1.2/templates/crds/traefik.io_tlsoptions.yaml b/system/traefik-crds/2.1.2/templates/crds/traefik.io_tlsoptions.yaml new file mode 100644 index 0000000000..19ae64ec2f --- /dev/null +++ b/system/traefik-crds/2.1.2/templates/crds/traefik.io_tlsoptions.yaml @@ -0,0 +1,114 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: tlsoptions.traefik.io +spec: + group: traefik.io + names: + kind: TLSOption + listKind: TLSOptionList + plural: tlsoptions + singular: tlsoption + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection. + More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TLSOptionSpec defines the desired state of a TLSOption. + properties: + alpnProtocols: + description: |- + ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference. + More info: https://doc.traefik.io/traefik/v2.11/https/tls/#alpn-protocols + items: + type: string + type: array + cipherSuites: + description: |- + CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2. + More info: https://doc.traefik.io/traefik/v2.11/https/tls/#cipher-suites + items: + type: string + type: array + clientAuth: + description: ClientAuth defines the server's policy for TLS Client + Authentication. + properties: + clientAuthType: + description: ClientAuthType defines the client authentication + type to apply. + enum: + - NoClientCert + - RequestClientCert + - RequireAnyClientCert + - VerifyClientCertIfGiven + - RequireAndVerifyClientCert + type: string + secretNames: + description: SecretNames defines the names of the referenced Kubernetes + Secret storing certificate details. + items: + type: string + type: array + type: object + curvePreferences: + description: |- + CurvePreferences defines the preferred elliptic curves in a specific order. + More info: https://doc.traefik.io/traefik/v2.11/https/tls/#curve-preferences + items: + type: string + type: array + maxVersion: + description: |- + MaxVersion defines the maximum TLS version that Traefik will accept. + Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13. + Default: None. + type: string + minVersion: + description: |- + MinVersion defines the minimum TLS version that Traefik will accept. + Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13. + Default: VersionTLS10. + type: string + preferServerCipherSuites: + description: |- + PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's. + It is enabled automatically when minVersion or maxVersion is set. + Deprecated: https://github.com/golang/go/issues/45430 + type: boolean + sniStrict: + description: SniStrict defines whether Traefik allows connections + from clients connections that do not specify a server_name extension. + type: boolean + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/system/traefik-crds/2.1.2/templates/crds/traefik.io_tlsstores.yaml b/system/traefik-crds/2.1.2/templates/crds/traefik.io_tlsstores.yaml new file mode 100644 index 0000000000..18d4218231 --- /dev/null +++ b/system/traefik-crds/2.1.2/templates/crds/traefik.io_tlsstores.yaml @@ -0,0 +1,97 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: tlsstores.traefik.io +spec: + group: traefik.io + names: + kind: TLSStore + listKind: TLSStoreList + plural: tlsstores + singular: tlsstore + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + TLSStore is the CRD implementation of a Traefik TLS Store. + For the time being, only the TLSStore named default is supported. + This means that you cannot have two stores that are named default in different Kubernetes namespaces. + More info: https://doc.traefik.io/traefik/v2.11/https/tls/#certificates-stores + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TLSStoreSpec defines the desired state of a TLSStore. + properties: + certificates: + description: Certificates is a list of secret names, each secret holding + a key/certificate pair to add to the store. + items: + description: Certificate holds a secret name for the TLSStore resource. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + type: array + defaultCertificate: + description: DefaultCertificate defines the default certificate configuration. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + defaultGeneratedCert: + description: DefaultGeneratedCert defines the default generated certificate + configuration. + properties: + domain: + description: Domain is the domain definition for the DefaultCertificate. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain names. + items: + type: string + type: array + type: object + resolver: + description: Resolver is the name of the resolver that will be + used to issue the DefaultCertificate. + type: string + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/system/traefik-crds/2.1.2/templates/crds/traefik.io_traefikservices.yaml b/system/traefik-crds/2.1.2/templates/crds/traefik.io_traefikservices.yaml new file mode 100644 index 0000000000..f6a460a44b --- /dev/null +++ b/system/traefik-crds/2.1.2/templates/crds/traefik.io_traefikservices.yaml @@ -0,0 +1,411 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: traefikservices.traefik.io +spec: + group: traefik.io + names: + kind: TraefikService + listKind: TraefikServiceList + plural: traefikservices + singular: traefikservice + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + TraefikService is the CRD implementation of a Traefik Service. + TraefikService object allows to: + - Apply weight to Services on load-balancing + - Mirror traffic on services + More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#kind-traefikservice + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TraefikServiceSpec defines the desired state of a TraefikService. + properties: + mirroring: + description: Mirroring defines the Mirroring service configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + maxBodySize: + description: |- + MaxBodySize defines the maximum size allowed for the body of the request. + If the body is larger, the request is not mirrored. + Default value is -1, which means unlimited size. + format: int64 + type: integer + mirrors: + description: Mirrors defines the list of mirrors where Traefik + will duplicate the traffic. + items: + description: MirrorService holds the mirror configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + passHostHeader: + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + percent: + description: |- + Percent defines the part of the traffic to mirror. + Supported values: 0 to 100. + type: integer + port: + anyOf: + - type: integer + - type: string + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms + type: string + type: object + scheme: + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. + type: string + sticky: + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. + type: string + weight: + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + name: + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + passHostHeader: + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards the + response from the upstream Kubernetes Service to the client. + properties: + flushInterval: + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms + type: string + type: object + scheme: + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. + type: string + sticky: + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. + type: string + weight: + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + weighted: + description: Weighted defines the Weighted Round Robin configuration. + properties: + services: + description: Services defines the list of Kubernetes Service and/or + TraefikService to load-balance, with weight. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: |- + Name defines the name of the referenced Kubernetes Service or TraefikService. + The differentiation between the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: |- + NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + passHostHeader: + description: |- + PassHostHeader defines whether the client Host header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: |- + Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: |- + FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body. + A negative value means to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms + type: string + type: object + scheme: + description: |- + Scheme defines the scheme to use for the request to the upstream Kubernetes Service. + It defaults to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: |- + ServersTransport defines the name of ServersTransport resource to use. + It allows to configure the transport between Traefik and your servers. + Can only be used on a Kubernetes Service. + type: string + sticky: + description: |- + Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.11/routing/services/#sticky-sessions + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: |- + Strategy defines the load balancing strategy between the servers. + RoundRobin is the only supported value at the moment. + type: string + weight: + description: |- + Weight defines the weight and should only be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + sticky: + description: |- + Sticky defines whether sticky sessions are enabled. + More info: https://doc.traefik.io/traefik/v2.11/routing/providers/kubernetes-crd/#stickiness-and-load-balancing + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: |- + SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/system/traefik-crds/2.1.2/values.yaml b/system/traefik-crds/2.1.2/values.yaml new file mode 100644 index 0000000000..e69de29bb2 diff --git a/system/traefik-crds/app_versions.json b/system/traefik-crds/app_versions.json index 2925ef2c45..61513cacbb 100644 --- a/system/traefik-crds/app_versions.json +++ b/system/traefik-crds/app_versions.json @@ -1,4 +1,202 @@ { + "2.1.2": { + "healthy": true, + "supported": true, + "healthy_error": null, + "location": "/home/runner/_work/catalog/catalog/system/traefik-crds/2.1.2", + "last_update": "2024-07-25 17:15:00", + "required_features": [], + "human_version": "latest_2.1.2", + "version": "2.1.2", + "chart_metadata": { + "annotations": { + "truecharts.org/category": "network", + "truecharts.org/max_helm_version": "3.14", + "truecharts.org/min_helm_version": "3.11", + "truecharts.org/train": "system" + }, + "apiVersion": "v2", + "appVersion": "latest", + "dependencies": [ + { + "name": "common", + "version": "23.0.0", + "repository": "oci://tccr.io/truecharts", + "condition": "", + "alias": "", + "tags": [], + "import-values": [] + } + ], + "deprecated": false, + "description": "Traefik-CRDs contains the CRD's for Traefik", + "home": "https://truecharts.org/charts/system/traefik-crds", + "icon": "https://truecharts.org/img/hotlink-ok/chart-icons/traefik-crds.webp", + "keywords": [ + "traefik", + "ingress" + ], + "kubeVersion": ">=1.24.0-0", + "maintainers": [ + { + "name": "TrueCharts", + "email": "info@truecharts.org", + "url": "https://truecharts.org" + } + ], + "name": "traefik-crds", + "sources": [ + "https://github.com/traefik/traefik", + "https://github.com/traefik/traefik-helm-chart", + "https://github.com/truecharts/charts/tree/master/charts/system/traefik-crds", + "https://github.com/truecharts/containers/tree/master/apps/scratch", + "https://traefik.io/" + ], + "type": "application", + "version": "2.1.2" + }, + "app_metadata": null, + "schema": { + "groups": [ + { + "name": "Image", + "description": "Configured the images to be used for the Chart.\nIt's wise to use \"digest pinned\" tags and to avoid using \"latest\".\n\nCheckout the following documentation for more information:\n- https://truecharts.org/common/#images\n" + }, + { + "name": "General", + "description": "For TrueNAS SCALE We've grouped a number of settings here, that all effact how apps run in general.\n\nCheckout the following documentation for more information:\n - https://truecharts.org/common/global/\n - https://truecharts.org/common/#tz\n - https://truecharts.org/common/podoptions/\n - Image Pull Secrets\n" + }, + { + "name": "Workload", + "description": "These settings configure how the actual Pods and containers are running.\nGenerally, on SCALE, we only expose a limited subset of these settings for the primary workload and container.\n\nCheckout the following documentation for more information:\n- https://truecharts.org/common/workload/\n- https://truecharts.org/common/container/\n" + }, + { + "name": "App Configuration", + "description": "Every application has different values that may be required to run or have multiple options that the user may choose to enable or disable to change the behavior of the application.\nMost options should have a Tooltip (Circled Question Mark) to further describe said option.\n\nTo find more information, lookup your chart-specific documentation in the Charts List: https://truecharts.org/charts/description-list/\n" + }, + { + "name": "Services", + "description": "Service and Networking options for any applications are contained here.\nSome applications may have complicated networking setups with multiple options or some may have no options here at all.\n\nOptions here include the service and port configurations for the application, and more may be enabled or changed under the Advanced Settings and Show Expert Config boxes.\n\nCheckout the following documentation for more information:\n- https://truecharts.org/common/service/\n" + }, + { + "name": "Networking", + "description": "Contains advanced networking options that are not actively supported by the TrueCharts team.\nCurrently only contains scaleExternalInterfaces.\n\nCheckout the following documentation for more information:\n- https://truecharts.org/common/scaleexternalinterface/\n" + }, + { + "name": "Persistence", + "description": "Many applications will have certain options for storage to be configurable by the user, the main two being PVC and hostpath but may include other types.\nThis storage is called Persistence since it is not deleted upon restart or upgrade of an application.\n\nCheckout the following documentation for more information:\n- https://truecharts.org/common/persistence/\n- https://truecharts.org/scale/guides/nfs-share/\n- https://truecharts.org/general/faq/#why-pvc-is-recommended-over-hostpath\n" + }, + { + "name": "Ingress", + "description": "Ingress (more commonly known as Reverse Proxy) settings can be configured here. This is how Kubernetes connects your Applications in containers to FQDNs (fully qualified domain names).\nIf you choose to enable this you must have a \"Ingress Provider\" aka \"Reverse Proxy\" installed (We highly advice Traefik: https://truecharts.org/charts/premium/traefik/)\nIt also requiresa DNS service to actually resolve the DNS name of the FQDN specified.\n\nCheckout the following documentation for more information:\n- https://truecharts.org/common/ingress/\n" + }, + { + "name": "SecurityContext", + "description": "The security settings for each application and/or permissions that each application may have for the files/directories created.\nEach application will come with predefined permissions but users may want to change certain setting depending on their usage or capabilities.\n\nUnless necessary users are advised to keep this section mostly to defaults.\n\nCheckout the following documentation for more information:\n- https://truecharts.org/common/securitycontext/\n" + }, + { + "name": "Resources", + "description": "Resources limits that have been defined by each application are in this section.\nMost will have a specific default that some users may want to change based on their specific hardware or needs.\n\nThis also contains the options to mount GPUs or, more precisely, \"request\" GPU's to be mounted.\n\nCheckout the following documentation for more information:\n- https://truecharts.org/common/resources/\n" + }, + { + "name": "Devices", + "description": "These are special \"mountpoints\" that can be used to mount miscelanious USB and PCI devices using special hostPath mounts.\nFor clearity we've decided to seperate this from persistence on SCALE.\n\nCheckout the following documentation for more information:\n- https://truecharts.org/common/persistence/device/\n- https://truecharts.org/scale/guides/pci-passthrough/\n" + }, + { + "name": "Middlewares", + "description": "Traefik Middlewares" + }, + { + "name": "StorageClass", + "description": "StorageClasses define where to storage Storage.\n\nCheckout the following documentation for more information:\n" + }, + { + "name": "Metrics", + "description": "Contains options to configure Prometheus metrics for the application.\n\nCheckout the following documentation for more information:\n- https://truecharts.org/common/metrics/\n" + }, + { + "name": "Addons", + "description": "Addons that are supplied by the TrueCharts team to add additional capabilities for users to use on top of the application\u2019s defaults.\nThings included here are VPN addons, Codeserver for editing files inside the application\u2019s container, Netshoot for network troubelshooting, etc.\n\nGenerally not required for use but may be necessary or usefull at times for specific applications.\n\nCheckout the following documentation for more information:\n- https://truecharts.org/common/addons/\n- https://truecharts.org/scale/guides/vpn-setup/\n" + }, + { + "name": "Experimental", + "description": "Experimental Configuration Options\nOften these are not fully flushed-out, could randomly break or might not work at-all.\n" + }, + { + "name": "Postgresql", + "description": "For Postgresql we use \"CloudNative-PG\" as a backend, which has to be installed first.\n\nCheckout the following documentation for more information:\n- https://truecharts.org/common/cnpg/\n- https://truecharts.org/scale/guides/sql-export/\n- https://truecharts.org/scale/guides/recover-cnpg/\n" + }, + { + "name": "Dependencies", + "description": "contains dependency setting for which we, currently, do not have seperate catagories (yet)\n" + }, + { + "name": "Documentation", + "description": "We added this section to make everyone aware that OpenSource isn't always easy.\nIt doesn't keep existing without signficant ongoing support, so please consider supporting TrueCharts and other OpenSource projects.\n\nBefore installing, be sure you've followed the https://truecharts.org/scale/guides/getting-started/\nWe would also advice going over our https://truecharts.org/scale/guides/scale-intro/\nand many of the other documentation pages...\n" + } + ], + "portals": { + "open": { + "protocols": [ + "$kubernetes-resource_configmap_tcportal-open_protocol" + ], + "host": [ + "$kubernetes-resource_configmap_tcportal-open_host" + ], + "ports": [ + "$kubernetes-resource_configmap_tcportal-open_port" + ], + "path": "$kubernetes-resource_configmap_tcportal-open_path" + } + }, + "questions": [ + { + "variable": "docs", + "group": "Documentation", + "label": "Please read the documentation at https://truecharts.org", + "description": "Please read the documentation at
https://truecharts.org", + "schema": { + "additional_attrs": true, + "type": "dict", + "attrs": [ + { + "variable": "confirmDocs", + "label": "I have checked the documentation", + "schema": { + "type": "boolean", + "default": true + } + } + ] + } + }, + { + "variable": "donateNag", + "group": "Documentation", + "label": "Please consider supporting TrueCharts, see https://truecharts.org/sponsor", + "description": "Please consider supporting TrueCharts, see
https://truecharts.org/sponsor", + "schema": { + "additional_attrs": true, + "type": "dict", + "attrs": [ + { + "variable": "confirmDonate", + "label": "I have considered donating", + "schema": { + "type": "boolean", + "default": true, + "hidden": true + } + } + ] + } + } + ] + }, + "app_readme": "

Traefik-CRDs contains the CRD's for Traefik

\n

This App is supplied by TrueCharts, for more information visit the manual: https://truecharts.org/charts/system/traefik-crds

\n
\n

TrueCharts can only exist due to the incredible effort of our staff.\nPlease consider making a donation or contributing back to the project any way you can!

", + "detailed_readme": "
\n

title: README

\n

General Info

\n

TrueCharts can be installed as both normal Helm Charts or as TrueNAS SCALE Apps.\nBoth solutions are fully supported, but we heavily advice the use of normal Helm Charts where possible

\n

For more information about this Chart, please check the docs on the TrueCharts website

\n

This chart is not maintained by the upstream project and any issues with the chart should be raised here

\n

Installation

\n

Helm-Chart installation

\n

To install TrueCharts Helm charts using Helm, you can use our OCI Repository.

\n

helm install mychart oci://tccr.io/truecharts/CHARTNAME

\n

For more information on how to install TrueCharts Helm charts, checkout the instructions on the website: https://truecharts.org/helm/

\n

TrueNAS SCALE Apps

\n

For more information on how to use TrueCharts as TrueNAS SCALE Apps, please checkout the quick-start guides for TrueNAS SCALE.

\n

Chart Specific Guides and information

\n

All our charts have dedicated documentation pages.\nThe documentation for this chart can be found here:\nhttps://truecharts.org/charts/system/traefik-crds

\n

Configuration Options

\n

Please note: For TrueNAS SCALE, only options available in the GUI are supported.\nHence most of these docs do not apply to TrueNAS SCALE

\n

To view the chart specific options, please view Values.yaml included in the chart.\nThe most recent version of which, is available here: https://github.com/truecharts/charts/charts/system/traefik-crds/values.yaml

\n

All our Charts use a shared \"common\" library chart that contains most of the templating and options.\nFor the complete overview of all available options, please checkout the documentation for them on the website: https://truecharts.org/common/

\n

For information about the common chart and all defaults included with it, please review its values.yaml file available here: https://github.com/truecharts/library-charts/blob/main/library/common/values.yaml

\n

Support

\n\n
\n

Sponsor TrueCharts

\n

TrueCharts can only exist due to the incredible effort of our staff.\nPlease consider making a donation or contributing back to the project any way you can!

\n

All Rights Reserved - The TrueCharts Project

", + "changelog": "

for the complete changelog, please refer to the website

\n

Important:

" + }, "2.1.1": { "healthy": true, "supported": true,