diff --git a/.ci/podman.mk b/.ci/podman.mk index 29e69d65..b4b086e1 100644 --- a/.ci/podman.mk +++ b/.ci/podman.mk @@ -1,11 +1,22 @@ # Parse version from latest git semver tag -BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null) -GIT_TAG=$(shell git describe --tags --match v*.*.* 2>/dev/null || git rev-parse --short HEAD 2>/dev/null) -TAG ?= $(shell echo $(GIT_TAG) | awk -F '-' '{ print $$1 "-" $$2 }' | sed -e 's/-$$//') +GIT_BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null) +GIT_TAG := $(shell git describe --tags --match v*.*.* 2>/dev/null || git rev-parse --short HEAD 2>/dev/null) + +TAG := $(GIT_TAG) +# append branch name to tag if NOT main nor master +ifeq (,$(filter main master, $(GIT_BRANCH))) + # If branch is substring of tag, omit branch name + ifeq ($(findstring $(GIT_BRANCH), $(GIT_TAG)),) + # only append branch name if not equal tag + ifneq ($(GIT_TAG), $(GIT_BRANCH)) + TAG = $(GIT_TAG)-$(GIT_BRANCH) + endif + endif +endif + ARCH := amd64 ALL_ARCHS := amd64 arm64 - -# EXTRA_TAGS supposed to be set at the caller, eg. $(shell echo $(TAG) | awk -F '.' '{ print $$1 "." $$2 }') +_ARCH = $(or $(filter $(ARCH),$(ALL_ARCHS)),$(error $$ARCH [$(ARCH)] must be exactly one of "$(ALL_ARCHS)")) ifneq ($(TRIVY_REMOTE),) TRIVY_OPTS := --server $(TRIVY_REMOTE) @@ -22,28 +33,30 @@ help: ## Show Help grep -E '^[a-zA-Z_-]+:.*?## .*$$' .ci/podman.mk | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' build: ## Build the app - buildah build --rm --layers -t $(IMAGE):$(TAG)-$(ARCH) --build-arg TAG=$(TAG) --build-arg ARCH=$(ARCH) --platform linux/$(ARCH) . + buildah build --rm --layers -t $(IMAGE):$(TAG)-$(_ARCH) --build-arg TAG=$(TAG) --build-arg ARCH=$(_ARCH) --platform linux/$(_ARCH) . test: rm-test-image ## Execute Dockerfile.test test -f Dockerfile.test && \ - { buildah build --rm --layers -t $(REGISTRY)/$(IMAGE):$(TAG)-test --from=$(REGISTRY)/$(IMAGE):$(TAG) -f Dockerfile.test --platform linux/$(ARCH) . && \ - podman run --rm --env-host -t $(REGISTRY)/$(IMAGE):$(TAG)-$(ARCH)-test; } || \ + { buildah build --rm --layers -t $(REGISTRY)/$(IMAGE):$(TAG)-test --from=$(REGISTRY)/$(IMAGE):$(TAG) -f Dockerfile.test --platform linux/$(_ARCH) . && \ + podman run --rm --env-host -t $(REGISTRY)/$(IMAGE):$(TAG)-$(_ARCH)-test; } || \ echo "No Dockerfile.test found, skipping test" scan: ## Scan image using trivy - echo "Scanning $(IMAGE):$(TAG)-$(ARCH) using Trivy $(TRIVY_REMOTE)" - trivy image $(TRIVY_OPTS) localhost/$(IMAGE):$(TAG)-$(ARCH) + echo "Scanning $(IMAGE):$(TAG)-$(_ARCH) using Trivy $(TRIVY_REMOTE)" + trivy image $(TRIVY_OPTS) localhost/$(IMAGE):$(TAG)-$(_ARCH) # first tag and push all actual images # create new manifest for each tag and add all available TAG-ARCH before pushing push: ecr-login ## push images to registry for t in $(TAG) latest $(EXTRA_TAGS); do \ - buildah tag $(IMAGE):$(TAG)-$(ARCH) $(REGISTRY)/$(IMAGE):$${t}-$(ARCH); \ + echo "Tagging image with $(REGISTRY)/$(IMAGE):$${t}-$(ARCH)" + buildah tag $(IMAGE):$(TAG)-$(_ARCH) $(REGISTRY)/$(IMAGE):$${t}-$(_ARCH); \ buildah manifest rm $(IMAGE):$$t || true; \ buildah manifest create $(IMAGE):$$t; \ for a in $(ALL_ARCHS); do \ buildah manifest add $(IMAGE):$$t $(REGISTRY)/$(IMAGE):$(TAG)-$$a; \ done; \ + echo "Pushing manifest $(IMAGE):$$t" buildah manifest push --all $(IMAGE):$$t docker://$(REGISTRY)/$(IMAGE):$$t; \ done @@ -58,13 +71,13 @@ rm-remote-untagged: ## delete all remote untagged images [ -n "$$IMAGE_IDS" ] && aws ecr-public batch-delete-image --repository-name $(IMAGE) --region $(REGION) --image-ids $$IMAGE_IDS || echo "No image to remove" rm-image: - test -z "$$(docker image ls -q $(IMAGE):$(TAG)-$(ARCH))" || podman image rm -f $(IMAGE):$(TAG)-$(ARCH) > /dev/null - test -z "$$(docker image ls -q $(IMAGE):$(TAG)-$(ARCH))" || echo "Error: Removing image failed" + test -z "$$(podman image ls -q $(IMAGE):$(TAG)-$(_ARCH))" || podman image rm -f $(IMAGE):$(TAG)-$(_ARCH) > /dev/null + test -z "$$(podman image ls -q $(IMAGE):$(TAG)-$(_ARCH))" || echo "Error: Removing image failed" # Ensure we run the tests by removing any previous runs rm-test-image: - test -z "$$(docker image ls -q $(IMAGE):$(TAG)-$(ARCH)-test)" || podman image rm -f $(IMAGE):$(TAG)-$(ARCH)-test > /dev/null - test -z "$$(docker image ls -q $(IMAGE):$(TAG)-$(ARCH)-test)" || echo "Error: Removing test image failed" + test -z "$$(podman image ls -q $(IMAGE):$(TAG)-$(_ARCH)-test)" || podman image rm -f $(IMAGE):$(TAG)-$(_ARCH)-test > /dev/null + test -z "$$(podman image ls -q $(IMAGE):$(TAG)-$(_ARCH)-test)" || echo "Error: Removing test image failed" ci-pull-upstream: ## pull latest shared .ci subtree git stash && git subtree pull --prefix .ci ssh://git@git.zero-downtime.net/ZeroDownTime/ci-tools-lib.git master --squash && git stash pop diff --git a/.ci/vars/buildPodman.groovy b/.ci/vars/buildPodman.groovy index 0a3a5399..e5ecff99 100644 --- a/.ci/vars/buildPodman.groovy +++ b/.ci/vars/buildPodman.groovy @@ -7,12 +7,14 @@ def call(Map config=[:]) { label 'podman-aws-trivy' } } - stages { stage('Prepare') { - // get tags steps { - sh 'git fetch -q --tags ${GIT_URL} +refs/heads/${BRANCH_NAME}:refs/remotes/origin/${BRANCH_NAME}' + // pull tags + withCredentials([gitUsernamePassword(credentialsId: 'gitea-jenkins-user')]) { + sh 'git fetch -q --tags ${GIT_URL}' + } + sh 'make prepare || true' } } @@ -36,8 +38,7 @@ def call(Map config=[:]) { TRIVY_OUTPUT = "reports/trivy.html" } steps { - sh 'mkdir -p reports' - sh 'make scan' + sh 'mkdir -p reports && make scan' publishHTML target: [ allowMissing: true, alwaysLinkToLastBuild: true, @@ -59,10 +60,11 @@ def call(Map config=[:]) { } } - // Push to ECR + // Push to container registry, skip if PR stage('Push') { + when { not { changeRequest() } } steps { - sh 'make ecr-login push' + sh 'make push' } } diff --git a/Dockerfile b/Dockerfile index aaa37c60..fa6b1258 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,9 @@ -ARG ALPINE_VERSION=3.16 +ARG ALPINE_VERSION=3.17 -FROM alpine:${ALPINE_VERSION} +FROM docker.io/alpine:${ALPINE_VERSION} ARG ALPINE_VERSION -ARG KUBE_VERSION=1.24 +ARG KUBE_VERSION=1.25 RUN cd /etc/apk/keys && \ wget "https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub" && \ @@ -18,19 +18,19 @@ RUN cd /etc/apk/keys && \ bash \ python3 \ py3-yaml \ + restic \ + helm \ cri-tools@kubezero \ kubeadm@kubezero~=${KUBE_VERSION} \ kubectl@kubezero~=${KUBE_VERSION} \ etcdhelper@kubezero \ - etcd-ctl@edge-testing \ - restic@edge-community \ - helm@edge-community + etcd-ctl@edge-testing RUN helm repo add kubezero https://cdn.zero-downtime.net/charts && \ mkdir -p /var/lib/kubezero ADD admin/kubezero.sh admin/libhelm.sh admin/migrate_argo_values.py /usr/bin -ADD admin/libhelm.sh admin/v${KUBE_VERSION}/* /var/lib/kubezero +ADD admin/libhelm.sh admin/pre-upgrade.sh /var/lib/kubezero ADD charts/kubeadm /charts/kubeadm ADD charts/kubezero /charts/kubezero diff --git a/Makefile b/Makefile index dabe8ede..eb8ab7ef 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,8 @@ IMAGE := kubezero-admin REGION := us-east-1 # Also tag as Kubernetes major version -EXTRA_TAGS = $(shell echo $(TAG) | awk -F '.' '{ print $$1 "." $$2 }') +MY_TAG = $(shell git describe --tags --match v*.*.* 2>/dev/null || git rev-parse --short HEAD 2>/dev/null) +EXTRA_TAGS = $(shell echo $(MY_TAG) | awk -F '.' '{ print $$1 "." $$2 }') include .ci/podman.mk diff --git a/README.md b/README.md index 46a7947d..3757a8c8 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ KubeZero is a Kubernetes distribution providing an integrated container platform # Version / Support Matrix KubeZero releases track the same *minor* version of Kubernetes. -Any 1.24.X-Y release of Kubezero supports any Kubernetes cluster 1.24.X. +Any 1.26.X-Y release of Kubezero supports any Kubernetes cluster 1.26.X. KubeZero is distributed as a collection of versioned Helm charts, allowing custom upgrade schedules and module versions as needed. @@ -28,15 +28,15 @@ KubeZero is distributed as a collection of versioned Helm charts, allowing custo gantt title KubeZero Support Timeline dateFormat YYYY-MM-DD - section 1.23 - beta :123b, 2022-08-01, 2022-09-01 - release :after 123b, 2023-02-01 section 1.24 beta :124b, 2022-11-14, 2022-12-31 release :after 124b, 2023-06-01 section 1.25 beta :125b, 2023-03-01, 2023-03-31 release :after 125b, 2023-08-01 + section 1.26 + beta :126b, 2023-06-01, 2023-06-30 + release :after 126b, 2023-10-01 ``` [Upstream release policy](https://kubernetes.io/releases/) @@ -44,7 +44,7 @@ gantt # Components ## OS -- all nodes are based on Alpine V3.16 +- all nodes are based on Alpine V3.17 - 2 GB encrypted root filesystem - no 3rd party dependencies at boot ( other than container registries ) - minimal attack surface @@ -73,10 +73,8 @@ gantt - support for [Inf1 instances](https://aws.amazon.com/ec2/instance-types/inf1/) part of [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/). ## Network +- Cilium using Geneve encapsulation, incl. increased MTU allowing flexible / more containers per worker node compared to eg. AWS VPC CNI - Multus support for multiple network interfaces per pod, eg. additional AWS CNI -- Calico using VxLAN incl. increased MTU -allows flexible / more containers per worker node compared to eg. AWS VPC CNI -- isolates container traffic from VPC by using VxLAN overlay - no restrictions on IP space / sizing from the underlying VPC architecture ## Storage @@ -95,7 +93,7 @@ allows flexible / more containers per worker node compared to eg. AWS VPC CNI - optional full service mesh ## Metrics -- Prometheus support for all components +- Prometheus support for all components, incl. out of cluster EC2 instances (node_exporter) - automated service discovery allowing instant access to common workload metrics - pre-configured Grafana dashboards and alerts - Alertmanager events via SNSAlertHub to Slack, Google, Matrix, etc. @@ -105,4 +103,4 @@ allows flexible / more containers per worker node compared to eg. AWS VPC CNI - flexible ElasticSearch setup, leveraging the ECK operator, for easy maintenance & minimal admin knowledge required, incl. automated backups to S3 - Kibana allowing easy search and dashboards for all logs, incl. pre configured index templates and index management - [fluentd-concerter](https://git.zero-downtime.net/ZeroDownTime/container-park/src/branch/master/fluentd-concenter) service providing queuing during highload as well as additional parsing options -- lightweight fluent-bit agents on each node requiring minimal resources forwarding logs secure via TLS to fluentd-concenter +- lightweight fluent-bit agents on each node requiring minimal resources forwarding logs secure via TLS to fluentd-concenter \ No newline at end of file diff --git a/admin/kubezero.sh b/admin/kubezero.sh index 08923887..926a9b4f 100755 --- a/admin/kubezero.sh +++ b/admin/kubezero.sh @@ -161,7 +161,7 @@ control_plane_node() { else # restore latest backup - retry 10 60 30 restic restore latest --no-lock -t / #Review: Use latest no matter what for now: --tag $KUBE_VERSION_MINOR + retry 10 60 30 restic restore latest --no-lock -t / # --tag $KUBE_VERSION_MINOR # Make last etcd snapshot available cp ${WORKDIR}/etcd_snapshot ${HOSTFS}/etc/kubernetes @@ -214,30 +214,16 @@ control_plane_node() { sleep 3 done - # if we are NOT member already, flush etcd to be able to join + # see if we are a former member and remove our former self if so MY_ID=$(etcdctl member list --endpoints=$etcd_endpoints | grep $ETCD_NODENAME | awk '{print $1}' | sed -e 's/,$//') + [ -n "$MY_ID" ] && retry 12 5 5 etcdctl member remove $MY_ID --endpoints=$etcd_endpoints - # Failsafe / etcd on ephmeral: we were a member but our dataset is missing - # -> remove former self so we can re-join - if [ -n "$MY_ID" -a ! -d ${HOSTFS}/var/lib/etcd/member ]; then - # Remove former self first - [ -n "$MY_ID" ] && retry 12 5 5 etcdctl member remove $MY_ID --endpoints=$etcd_endpoints - MY_ID="" - fi + # flush etcd data directory as joining with previous storage seems flaky, especially during etcd version upgrades + rm -rf ${HOSTFS}/var/lib/etcd/member - - if [ -z "$MY_ID" ]; then - # flush etcd data directory from restore - rm -rf ${HOSTFS}/var/lib/etcd/member - - # Announce new etcd member and capture ETCD_INITIAL_CLUSTER, retry needed in case another node joining causes temp quorum loss - ETCD_ENVS=$(retry 12 5 5 etcdctl member add $ETCD_NODENAME --peer-urls="https://${ETCD_NODENAME}:2380" --endpoints=$etcd_endpoints) - export $(echo "$ETCD_ENVS" | grep ETCD_INITIAL_CLUSTER= | sed -e 's/"//g') - else - # build initial_cluster string from running cluster - _cluster=$(etcdctl member list --endpoints=$etcd_endpoints -w json | jq -r '.members[] | "\(.name)=\(.peerURLs[]),"') - export ETCD_INITIAL_CLUSTER=$(echo ${_cluster%%,} | sed -e 's/ //g') - fi + # Announce new etcd member and capture ETCD_INITIAL_CLUSTER, retry needed in case another node joining causes temp quorum loss + ETCD_ENVS=$(retry 12 5 5 etcdctl member add $ETCD_NODENAME --peer-urls="https://${ETCD_NODENAME}:2380" --endpoints=$etcd_endpoints) + export $(echo "$ETCD_ENVS" | grep ETCD_INITIAL_CLUSTER= | sed -e 's/"//g') # Patch kubeadm-values.yaml and re-render to get etcd manifest patched yq eval -i '.etcd.state = "existing" @@ -358,7 +344,6 @@ backup() { cp -r ${HOSTFS}/etc/kubernetes/admin.conf ${WORKDIR} # Backup via restic - restic snapshots || restic init restic backup ${WORKDIR} -H $CLUSTERNAME --tag $CLUSTER_VERSION echo "Backup complete." diff --git a/admin/libhelm.sh b/admin/libhelm.sh index 94a29f88..7b982f32 100644 --- a/admin/libhelm.sh +++ b/admin/libhelm.sh @@ -1,7 +1,7 @@ #!/bin/bash # Simulate well-known CRDs being available -API_VERSIONS="-a monitoring.coreos.com/v1 -a snapshot.storage.k8s.io/v1" +API_VERSIONS="-a monitoring.coreos.com/v1 -a snapshot.storage.k8s.io/v1 -a policy/v1/PodDisruptionBudget" # Waits for max 300s and retries function wait_for() { @@ -166,6 +166,9 @@ function _helm() { render kubectl $action -f $WORKDIR/helm.yaml --server-side --force-conflicts && rc=$? || rc=$? + # Try again without server-side, review with 1.26, required for cert-manager during 1.25 + [ $rc -ne 0 ] && kubectl $action -f $WORKDIR/helm.yaml && rc=$? || rc=$? + # Optional post hook declare -F ${module}-post && ${module}-post diff --git a/admin/migrate_argo_values.py b/admin/migrate_argo_values.py index b049b0bd..680d7233 100755 --- a/admin/migrate_argo_values.py +++ b/admin/migrate_argo_values.py @@ -8,27 +8,11 @@ import yaml def migrate(values): """Actual changes here""" - # ClusterBackup is enabled on AWS anyways, same with cluster-autoscaler - if "aws" in values["global"]: - deleteKey(values["addons"], "clusterBackup") - deleteKey(values["addons"], "cluster-autoscaler") - - # Remove calico and multus - deleteKey(values["network"], "calico") - deleteKey(values["network"], "multus") - - # ArgoCD helm changes - if "argocd" in values: - if "server" in values["argocd"]: - if not "configs" in values["argocd"]: - values["argocd"]["configs"] = {} - if not "cm" in values["argocd"]["configs"]: - values["argocd"]["configs"]["cm"] = {} - values["argocd"]["configs"]["cm"]["url"] = values["argocd"]["server"]["config"][ - "url" - ] - deleteKey(values["argocd"], "server") - + # Remove various keys as they have been merged into the metrics template + deleteKey(values["metrics"]['kube-prometheus-stack']["alertmanager"]["alertmanagerSpec"], "podMetadata") + deleteKey(values["metrics"]['kube-prometheus-stack']["alertmanager"], "config") + deleteKey(values["metrics"]['kube-prometheus-stack']["prometheus"]["prometheusSpec"], "externalLabels") + return values diff --git a/admin/v1.24/pre-upgrade.sh b/admin/pre-upgrade.sh similarity index 100% rename from admin/v1.24/pre-upgrade.sh rename to admin/pre-upgrade.sh diff --git a/admin/upgrade_cluster.sh b/admin/upgrade_cluster.sh index 3cf7097f..1256e569 100755 --- a/admin/upgrade_cluster.sh +++ b/admin/upgrade_cluster.sh @@ -1,7 +1,7 @@ #!/bin/bash -e #VERSION="latest" -VERSION="v1.24" +VERSION="v1.25" ARGO_APP=${1:-/tmp/new-kubezero-argoapp.yaml} SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) @@ -10,7 +10,6 @@ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) [ -n "$DEBUG" ] && set -x - all_nodes_upgrade() { CMD="$1" @@ -148,40 +147,37 @@ argo_used && disable_argo #all_nodes_upgrade "" +# Cleanup +# Remove calico CRDs +kubectl delete -f https://git.zero-downtime.net/ZeroDownTime/kubezero/raw/tag/v1.23.11/charts/kubezero-network/charts/calico/crds/crds.yaml 2>/dev/null || true +kubectl delete servicemonitor calico-node -n kube-system 2>/dev/null || true + +# delete old kubelet configs +for cm in $(kubectl get cm -n kube-system --no-headers | awk '{if ($1 ~ "kubelet-config-1*") print $1}'); do kubectl delete cm $cm -n kube-system; done +for rb in $(kubectl get rolebindings -n kube-system --no-headers | awk '{if ($1 ~ "kubelet-config-1*") print $1}'); do kubectl delete rolebindings $rb -n kube-system; done + control_plane_upgrade kubeadm_upgrade echo "Adjust kubezero values as needed:" # shellcheck disable=SC2015 argo_used && kubectl edit app kubezero -n argocd || kubectl edit cm kubezero-values -n kube-system -# Remove calico -#kubectl delete deployment calico-kube-controllers -n kube-system || true -#kubectl delete daemonset calico-node -n kube-system || true -#kubectl delete network-attachment-definitions calico -n kube-system || true - -# Remove previous cilium config as the helm options are additive only -> fail -kubectl delete configmap cilium-config -n kube-system || true - control_plane_upgrade "apply_network, apply_addons, apply_storage" -kubectl rollout restart daemonset/kube-multus-ds -n kube-system -kubectl rollout restart daemonset/cilium -n kube-system - echo "Checking that all pods in kube-system are running ..." waitSystemPodsRunning echo "Applying remaining KubeZero modules..." -# delete argocd deployments as various immutable things changed, also redis restart fails otherwise -kubectl delete deployment argocd-redis -n argocd || true -kubectl delete deployment argocd-repo-server -n argocd || true -kubectl delete statefulset argocd-application-controller -n argocd || true - -# Delete prometheus-push gateway due to label changes -kubectl delete deploy -l app=prometheus-pushgateway -n monitoring || true - control_plane_upgrade "apply_cert-manager, apply_istio, apply_istio-ingress, apply_istio-private-ingress, apply_logging, apply_metrics, apply_argocd" +# Trigger backup of upgraded cluster state +kubectl create job --from=cronjob/kubezero-backup kubezero-backup-$VERSION -n kube-system +while true; do + kubectl wait --for=condition=complete job/kubezero-backup-$VERSION -n kube-system 2>/dev/null && kubectl delete job kubezero-backup-$VERSION -n kube-system && break + sleep 1 +done + # Final step is to commit the new argocd kubezero app kubectl get app kubezero -n argocd -o yaml | yq 'del(.status) | del(.metadata) | del(.operation) | .metadata.name="kubezero" | .metadata.namespace="argocd"' | yq 'sort_keys(..) | .spec.source.helm.values |= (from_yaml | to_yaml)' > $ARGO_APP diff --git a/charts/kubeadm/Chart.yaml b/charts/kubeadm/Chart.yaml index 895873c7..1c7c9f6e 100644 --- a/charts/kubeadm/Chart.yaml +++ b/charts/kubeadm/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubeadm description: KubeZero Kubeadm cluster config type: application -version: 1.24.9 +version: 1.25.8 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -11,4 +11,4 @@ keywords: maintainers: - name: Stefan Reimer email: stefan@zero-downtime.net -kubeVersion: ">= 1.24.0" +kubeVersion: ">= 1.25.0" diff --git a/charts/kubeadm/README.md b/charts/kubeadm/README.md index 1b594273..c7c68b88 100644 --- a/charts/kubeadm/README.md +++ b/charts/kubeadm/README.md @@ -1,6 +1,6 @@ # kubeadm -![Version: 1.24.9](https://img.shields.io/badge/Version-1.24.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 1.25.8](https://img.shields.io/badge/Version-1.25.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero Kubeadm cluster config @@ -14,7 +14,7 @@ KubeZero Kubeadm cluster config ## Requirements -Kubernetes: `>= 1.24.0` +Kubernetes: `>= 1.25.0` ## Values diff --git a/charts/kubeadm/templates/_helpers.tpl b/charts/kubeadm/templates/_helpers.tpl index 3cc93220..fbb46123 100644 --- a/charts/kubeadm/templates/_helpers.tpl +++ b/charts/kubeadm/templates/_helpers.tpl @@ -1,6 +1,6 @@ {{- /* Feature gates for all control plane components */ -}} {{- define "kubeadm.featuregates" }} -{{- $gates := list "CustomCPUCFSQuotaPeriod" "CronJobTimeZone" "NodeOutOfServiceVolumeDetach" }} +{{- $gates := list "CustomCPUCFSQuotaPeriod" "NodeOutOfServiceVolumeDetach" }} {{- if eq .return "csv" }} {{- range $key := $gates }} {{- $key }}=true, diff --git a/charts/kubeadm/templates/patches/coredns0.yaml b/charts/kubeadm/templates/patches/coredns0.yaml index 477219ac..21608adb 100644 --- a/charts/kubeadm/templates/patches/coredns0.yaml +++ b/charts/kubeadm/templates/patches/coredns0.yaml @@ -12,13 +12,3 @@ spec: memory: 128Mi nodeSelector: node-role.kubernetes.io/control-plane: "" - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: k8s-app - operator: In - values: - - kube-dns - topologyKey: "kubernetes.io/hostname" diff --git a/charts/kubeadm/templates/resources/51-aws-iam-authenticator-deployment.yaml b/charts/kubeadm/templates/resources/51-aws-iam-authenticator-deployment.yaml index 6896ceaa..febbeb2d 100644 --- a/charts/kubeadm/templates/resources/51-aws-iam-authenticator-deployment.yaml +++ b/charts/kubeadm/templates/resources/51-aws-iam-authenticator-deployment.yaml @@ -1,6 +1,6 @@ {{- if .Values.api.awsIamAuth.enabled }} -kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: name: aws-iam-authenticator rules: @@ -51,8 +51,8 @@ metadata: namespace: kube-system --- -kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: name: aws-iam-authenticator namespace: kube-system diff --git a/charts/kubezero-addons/Chart.yaml b/charts/kubezero-addons/Chart.yaml index 9f104a23..0072e8ae 100644 --- a/charts/kubezero-addons/Chart.yaml +++ b/charts/kubezero-addons/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: kubezero-addons description: KubeZero umbrella chart for various optional cluster addons type: application -version: 0.7.3 -appVersion: v1.24 +version: 0.7.5 +appVersion: v1.25 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -20,28 +20,28 @@ maintainers: email: stefan@zero-downtime.net dependencies: - name: external-dns - version: 1.11.0 + version: 1.12.2 repository: https://kubernetes-sigs.github.io/external-dns/ condition: external-dns.enabled - name: cluster-autoscaler - version: 9.21.0 + version: 9.28.0 repository: https://kubernetes.github.io/autoscaler condition: cluster-autoscaler.enabled - name: nvidia-device-plugin - version: 0.13.0 + version: 0.14.0 # https://github.com/NVIDIA/k8s-device-plugin repository: https://nvidia.github.io/k8s-device-plugin condition: nvidia-device-plugin.enabled - name: sealed-secrets - version: 2.7.1 + version: 2.8.1 repository: https://bitnami-labs.github.io/sealed-secrets condition: sealed-secrets.enabled - name: aws-node-termination-handler - version: 0.20.1 + version: 0.21.0 # repository: https://aws.github.io/eks-charts condition: aws-node-termination-handler.enabled - name: aws-eks-asg-rolling-update-handler - version: 1.2.7 + version: 1.3.0 # repository: https://twin.github.io/helm-charts condition: aws-eks-asg-rolling-update-handler.enabled -kubeVersion: ">= 1.24.0" +kubeVersion: ">= 1.25.0" diff --git a/charts/kubezero-addons/README.md b/charts/kubezero-addons/README.md index d1aea26d..28a0aecb 100644 --- a/charts/kubezero-addons/README.md +++ b/charts/kubezero-addons/README.md @@ -1,6 +1,6 @@ # kubezero-addons -![Version: 0.7.3](https://img.shields.io/badge/Version-0.7.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.24](https://img.shields.io/badge/AppVersion-v1.24-informational?style=flat-square) +![Version: 0.7.5](https://img.shields.io/badge/Version-0.7.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.25](https://img.shields.io/badge/AppVersion-v1.25-informational?style=flat-square) KubeZero umbrella chart for various optional cluster addons @@ -14,16 +14,16 @@ KubeZero umbrella chart for various optional cluster addons ## Requirements -Kubernetes: `>= 1.24.0` +Kubernetes: `>= 1.25.0` | Repository | Name | Version | |------------|------|---------| -| | aws-eks-asg-rolling-update-handler | 1.2.7 | -| | aws-node-termination-handler | 0.20.1 | -| https://bitnami-labs.github.io/sealed-secrets | sealed-secrets | 2.7.1 | -| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.11.0 | -| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.21.0 | -| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.13.0 | +| | aws-eks-asg-rolling-update-handler | 1.3.0 | +| | aws-node-termination-handler | 0.21.0 | +| https://bitnami-labs.github.io/sealed-secrets | sealed-secrets | 2.8.1 | +| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.12.2 | +| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.28.0 | +| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.14.0 | # MetalLB @@ -103,8 +103,11 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/) | cluster-autoscaler.autoDiscovery.clusterName | string | `""` | | | cluster-autoscaler.awsRegion | string | `"us-west-2"` | | | cluster-autoscaler.enabled | bool | `false` | | +| cluster-autoscaler.extraArgs.balance-similar-node-groups | bool | `true` | | +| cluster-autoscaler.extraArgs.ignore-taint | string | `"node.cilium.io/agent-not-ready"` | | | cluster-autoscaler.extraArgs.scan-interval | string | `"30s"` | | | cluster-autoscaler.extraArgs.skip-nodes-with-local-storage | bool | `false` | | +| cluster-autoscaler.image.tag | string | `"v1.25.1"` | | | cluster-autoscaler.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | | | cluster-autoscaler.podDisruptionBudget | bool | `false` | | | cluster-autoscaler.prometheusRule.enabled | bool | `false` | | @@ -139,6 +142,10 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/) | nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].key | string | `"node.kubernetes.io/instance-type"` | | | nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].operator | string | `"In"` | | | nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[0] | string | `"g5.xlarge"` | | +| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[10] | string | `"g4dn.4xlarge"` | | +| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[11] | string | `"g4dn.8xlarge"` | | +| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[12] | string | `"g4dn.12xlarge"` | | +| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[13] | string | `"g4dn.16xlarge"` | | | nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[1] | string | `"g5.2xlarge"` | | | nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[2] | string | `"g5.4xlarge"` | | | nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[3] | string | `"g5.8xlarge"` | | @@ -146,6 +153,8 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/) | nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[5] | string | `"g5.16xlarge"` | | | nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[6] | string | `"g5.24xlarge"` | | | nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[7] | string | `"g5.48xlarge"` | | +| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[8] | string | `"g4dn.xlarge"` | | +| nvidia-device-plugin.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[0].matchExpressions[0].values[9] | string | `"g4dn.2xlarge"` | | | nvidia-device-plugin.enabled | bool | `false` | | | nvidia-device-plugin.tolerations[0].effect | string | `"NoSchedule"` | | | nvidia-device-plugin.tolerations[0].key | string | `"nvidia.com/gpu"` | | @@ -155,7 +164,7 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/) | nvidia-device-plugin.tolerations[1].operator | string | `"Exists"` | | | sealed-secrets.enabled | bool | `false` | | | sealed-secrets.fullnameOverride | string | `"sealed-secrets-controller"` | | -| sealed-secrets.keyrenewperiod | int | `0` | | +| sealed-secrets.keyrenewperiod | string | `"0"` | | | sealed-secrets.metrics.serviceMonitor.enabled | bool | `false` | | | sealed-secrets.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | | | sealed-secrets.resources.limits.memory | string | `"128Mi"` | | diff --git a/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/Chart.yaml b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/Chart.yaml index 91ce0de9..e377626e 100644 --- a/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/Chart.yaml +++ b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/Chart.yaml @@ -5,4 +5,4 @@ home: https://github.com/TwiN/aws-eks-asg-rolling-update-handler maintainers: - name: TwiN name: aws-eks-asg-rolling-update-handler -version: 1.2.7 +version: 1.3.0 diff --git a/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/README.md b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/README.md new file mode 100644 index 00000000..23bb5e37 --- /dev/null +++ b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/README.md @@ -0,0 +1,13 @@ +# aws-eks-asg-rolling-update-handler + +## Configuration +The following table lists the configurable parameters of the aws-eks-asg-rolling-update-handler chart and their default values. +| Parameters | Description | Required | Default | +|:-----------|:------------|:---------|:------------| +| environmentVars | environment variables for aws-eks-asg-rolling-update-handler container, available variables are listed [here](https://github.com/TwiN/aws-eks-asg-rolling-update-handler/blob/master/README.md#usage) | yes |`[{"name":"CLUSTER_NAME","value":"cluster-name"}]`| +| replicaCount | Number of aws-eks-asg-rolling-update-handler replicas | yes |`1` | +| image.repository | Image repository | yes | `twinproduction/aws-eks-asg-rolling-update-handler` | +| image.tag | image tag | yes | `v1.4.3` | +| image.pullPolicy | Image pull policy | yes | `IfNotPresent` | +| resources | CPU/memory resource requests/limits | no | `{}` | +| podAnnotations | Annotations to add to the aws-eks-asg-rolling-update-handler pod configuration | no | `{}` | diff --git a/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/deployment.yaml b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/deployment.yaml index c4894cf4..30343ec0 100644 --- a/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/deployment.yaml +++ b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/templates/deployment.yaml @@ -15,6 +15,10 @@ spec: metadata: labels: {{ include "aws-eks-asg-rolling-update-handler.labels" . | indent 8 }} + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} spec: automountServiceAccountToken: true serviceAccountName: {{ template "aws-eks-asg-rolling-update-handler.serviceAccountName" . }} @@ -25,11 +29,11 @@ spec: image: {{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} env: - {{- toYaml .Values.environmentVars | nindent 12 }} - {{- with .Values.resources }} +{{- toYaml .Values.environmentVars | nindent 12 }} +{{- with .Values.resources }} resources: - {{- toYaml . | nindent 12 }} - {{- end }} +{{- toYaml . | nindent 12 }} +{{- end }} volumeMounts: - name: aws-token mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/" @@ -52,5 +56,5 @@ spec: {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: -{{- toYaml . | nindent 8 }} + {{- toYaml . | nindent 8 }} {{- end }} diff --git a/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/values.yaml b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/values.yaml index 8a5d57af..1c93f45f 100644 --- a/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/values.yaml +++ b/charts/kubezero-addons/charts/aws-eks-asg-rolling-update-handler/values.yaml @@ -2,7 +2,7 @@ replicaCount: 1 image: repository: twinproduction/aws-eks-asg-rolling-update-handler - tag: v1.4.3 + tag: v1.7.0 pullPolicy: IfNotPresent #imagePullSecrets: @@ -22,6 +22,17 @@ environmentVars: #- name: ENVIRONMENT # value: "" +resources: {} + # limits: + # cpu: 0.3 + # memory: 100Mi + # requests: + # cpu: 0.1 + # memory: 50Mi +podAnnotations: {} + # prometheus.io/port: "8080" + # prometheus.io/scrape: "true" + serviceAccount: create: true #name: aws-eks-asg-rolling-update-handler diff --git a/charts/kubezero-addons/charts/aws-node-termination-handler/Chart.yaml b/charts/kubezero-addons/charts/aws-node-termination-handler/Chart.yaml index 0ee89da6..32d2ee98 100644 --- a/charts/kubezero-addons/charts/aws-node-termination-handler/Chart.yaml +++ b/charts/kubezero-addons/charts/aws-node-termination-handler/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.18.1 +appVersion: 1.19.0 description: A Helm chart for the AWS Node Termination Handler. home: https://github.com/aws/eks-charts icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png @@ -22,4 +22,4 @@ sources: - https://github.com/aws/aws-node-termination-handler/ - https://github.com/aws/eks-charts/ type: application -version: 0.20.1 +version: 0.21.0 diff --git a/charts/kubezero-addons/charts/aws-node-termination-handler/README.md b/charts/kubezero-addons/charts/aws-node-termination-handler/README.md index 4b9c8843..2fe7d391 100644 --- a/charts/kubezero-addons/charts/aws-node-termination-handler/README.md +++ b/charts/kubezero-addons/charts/aws-node-termination-handler/README.md @@ -56,7 +56,7 @@ The configuration in this table applies to all AWS Node Termination Handler mode | `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the full name template. | `nil` | | `serviceAccount.annotations` | Annotations to add to the service account. | `{}` | | `rbac.create` | If `true`, create the RBAC resources. | `true` | -| `rbac.pspEnabled` | If `true`, create a pod security policy resource. | `true` | +| `rbac.pspEnabled` | If `true`, create a pod security policy resource. Note: `PodSecurityPolicy`s will not be created when Kubernetes version is 1.25 or later. | `true` | | `customLabels` | Labels to add to all resource metadata. | `{}` | | `podLabels` | Labels to add to the pod. | `{}` | | `podAnnotations` | Annotations to add to the pod. | `{}` | @@ -123,7 +123,7 @@ The configuration in this table applies to AWS Node Termination Handler in queue The configuration in this table applies to AWS Node Termination Handler in IMDS mode. | Parameter | Description | Default | -| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| -------------------------------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------| | `targetNodeOs` | Space separated list of node OS's to target (e.g. `"linux"`, `"windows"`, `"linux windows"`). Windows support is **EXPERIMENTAL**. | `"linux"` | | `linuxPodLabels` | Labels to add to each Linux pod. | `{}` | | `windowsPodLabels` | Labels to add to each Windows pod. | `{}` | @@ -138,7 +138,7 @@ The configuration in this table applies to AWS Node Termination Handler in IMDS | `podMonitor.sampleLimit` | Number of scraped samples accepted. | `5000` | | `useHostNetwork` | If `true`, enables `hostNetwork` for the Linux DaemonSet. NOTE: setting this to `false` may cause issues accessing IMDSv2 if your account is not configured with an IP hop count of 2 see [Metrics Endpoint Considerations](#metrics-endpoint-considerations) | `true` | | `dnsPolicy` | If specified, this overrides `linuxDnsPolicy` and `windowsDnsPolicy` with a single policy. | `""` | -| `dnsConfig` | If specified, this sets the dnsConfig: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config | `{}` | +| `dnsConfig` | If specified, this sets the dnsConfig: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config | `{}` | | `linuxDnsPolicy` | DNS policy for the Linux DaemonSet. | `""` | | `windowsDnsPolicy` | DNS policy for the Windows DaemonSet. | `""` | | `daemonsetNodeSelector` | Expressions to select a node by it's labels for DaemonSet pod assignment. For backwards compatibility the `nodeSelector` value has priority over this but shouldn't be used. | `{}` | @@ -152,10 +152,10 @@ The configuration in this table applies to AWS Node Termination Handler in IMDS | `windowsTolerations` | Override `daemonsetTolerations` for the Linux DaemonSet. | `[]` | | `enableProbesServer` | If `true`, start an http server exposing `/healthz` endpoint for probes. | `false` | | `metadataTries` | The number of times to try requesting metadata. | `3` | -| `enableSpotInterruptionDraining` | If `true`, drain nodes when the spot interruption termination notice is received. | `true` | -| `enableScheduledEventDraining` | If `true`, drain nodes before the maintenance window starts for an EC2 instance scheduled event. This is **EXPERIMENTAL**. | `false` | -| `enableRebalanceMonitoring` | If `true`, cordon nodes when the rebalance recommendation notice is received. If you'd like to drain the node in addition to cordoning, then also set `enableRebalanceDraining`. | `false` | -| `enableRebalanceDraining` | If `true`, drain nodes when the rebalance recommendation notice is received. | `false` | +| `enableSpotInterruptionDraining` | If `true`, drain nodes when the spot interruption termination notice is received. Only used in IMDS mode. | `true` | +| `enableScheduledEventDraining` | If `true`, drain nodes before the maintenance window starts for an EC2 instance scheduled event. Only used in IMDS mode. | `true` | +| `enableRebalanceMonitoring` | If `true`, cordon nodes when the rebalance recommendation notice is received. If you'd like to drain the node in addition to cordoning, then also set `enableRebalanceDraining`. Only used in IMDS mode. | `false` | +| `enableRebalanceDraining` | If `true`, drain nodes when the rebalance recommendation notice is received. Only used in IMDS mode. | `false` | ### Testing Configuration diff --git a/charts/kubezero-addons/charts/aws-node-termination-handler/templates/deployment.yaml b/charts/kubezero-addons/charts/aws-node-termination-handler/templates/deployment.yaml index 33f31bb0..1c79b403 100644 --- a/charts/kubezero-addons/charts/aws-node-termination-handler/templates/deployment.yaml +++ b/charts/kubezero-addons/charts/aws-node-termination-handler/templates/deployment.yaml @@ -146,14 +146,6 @@ spec: - name: WEBHOOK_TEMPLATE value: {{ .Values.webhookTemplate | quote }} {{- end }} - - name: ENABLE_SPOT_INTERRUPTION_DRAINING - value: {{ .Values.enableSpotInterruptionDraining | quote }} - - name: ENABLE_SCHEDULED_EVENT_DRAINING - value: {{ .Values.enableScheduledEventDraining | quote }} - - name: ENABLE_REBALANCE_MONITORING - value: {{ .Values.enableRebalanceMonitoring | quote }} - - name: ENABLE_REBALANCE_DRAINING - value: {{ .Values.enableRebalanceDraining | quote }} - name: ENABLE_SQS_TERMINATION_DRAINING value: "true" {{- with .Values.awsRegion }} diff --git a/charts/kubezero-addons/charts/aws-node-termination-handler/templates/psp.yaml b/charts/kubezero-addons/charts/aws-node-termination-handler/templates/psp.yaml index 70c576e8..c84d69f3 100644 --- a/charts/kubezero-addons/charts/aws-node-termination-handler/templates/psp.yaml +++ b/charts/kubezero-addons/charts/aws-node-termination-handler/templates/psp.yaml @@ -1,4 +1,4 @@ -{{- if .Values.rbac.pspEnabled }} +{{- if and (.Values.rbac.pspEnabled) (semverCompare "<1.25-0" .Capabilities.KubeVersion.GitVersion) }} apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: diff --git a/charts/kubezero-addons/charts/aws-node-termination-handler/values.yaml b/charts/kubezero-addons/charts/aws-node-termination-handler/values.yaml index c965358e..ea7b7f77 100644 --- a/charts/kubezero-addons/charts/aws-node-termination-handler/values.yaml +++ b/charts/kubezero-addons/charts/aws-node-termination-handler/values.yaml @@ -23,7 +23,7 @@ serviceAccount: rbac: # Specifies whether RBAC resources should be created create: true - # Specifies if PodSecurityPolicy resources should be created + # Specifies if PodSecurityPolicy resources should be created. PodSecurityPolicy will not be created when Kubernetes version is 1.25 or later. pspEnabled: true customLabels: {} @@ -259,22 +259,22 @@ daemonsetTolerations: linuxTolerations: [] windowsTolerations: [] -# If the probes server is running for the Daemonset +# If the probes server is running. enableProbesServer: false # Total number of times to try making the metadata request before failing. metadataTries: 3 -# enableSpotInterruptionDraining If false, do not drain nodes when the spot interruption termination notice is received +# enableSpotInterruptionDraining If false, do not drain nodes when the spot interruption termination notice is received. Only used in IMDS mode. enableSpotInterruptionDraining: true -# enableScheduledEventDraining [EXPERIMENTAL] If true, drain nodes before the maintenance window starts for an EC2 instance scheduled event -enableScheduledEventDraining: false +# enableScheduledEventDraining If false, do not drain nodes before the maintenance window starts for an EC2 instance scheduled event. Only used in IMDS mode. +enableScheduledEventDraining: true -# enableRebalanceMonitoring If true, cordon nodes when the rebalance recommendation notice is received +# enableRebalanceMonitoring If true, cordon nodes when the rebalance recommendation notice is received. Only used in IMDS mode. enableRebalanceMonitoring: false -# enableRebalanceDraining If true, drain nodes when the rebalance recommendation notice is received +# enableRebalanceDraining If true, drain nodes when the rebalance recommendation notice is received. Only used in IMDS mode. enableRebalanceDraining: false # --------------------------------------------------------------------------------------------------------------------- diff --git a/charts/kubezero-addons/ruh.patch b/charts/kubezero-addons/ruh.patch index b88c55fd..21d24cb0 100644 --- a/charts/kubezero-addons/ruh.patch +++ b/charts/kubezero-addons/ruh.patch @@ -1,16 +1,10 @@ diff -tuNr charts/aws-eks-asg-rolling-update-handler.orig/templates/deployment.yaml charts/aws-eks-asg-rolling-update-handler/templates/deployment.yaml ---- charts/aws-eks-asg-rolling-update-handler.orig/templates/deployment.yaml 2022-12-16 13:10:26.049272371 +0000 -+++ charts/aws-eks-asg-rolling-update-handler/templates/deployment.yaml 2022-12-16 15:56:00.880666339 +0000 -@@ -25,7 +25,31 @@ - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: --{{- toYaml .Values.environmentVars | nindent 12 }} -+ {{- toYaml .Values.environmentVars | nindent 12 }} -+ {{- with .Values.resources }} -+ resources: -+ {{- toYaml . | nindent 12 }} -+ {{- end }} +--- charts/aws-eks-asg-rolling-update-handler.orig/templates/deployment.yaml 2023-04-12 15:49:08.744242462 +0000 ++++ charts/aws-eks-asg-rolling-update-handler/templates/deployment.yaml 2023-04-12 15:55:44.399489809 +0000 +@@ -34,6 +34,26 @@ + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - name: aws-token + mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/" @@ -33,4 +27,4 @@ diff -tuNr charts/aws-eks-asg-rolling-update-handler.orig/templates/deployment.y + {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: - {{- toYaml . | nindent 8 }} + {{- toYaml . | nindent 8 }} diff --git a/charts/kubezero-addons/values.yaml b/charts/kubezero-addons/values.yaml index 9e8d7168..44fae66e 100644 --- a/charts/kubezero-addons/values.yaml +++ b/charts/kubezero-addons/values.yaml @@ -31,7 +31,7 @@ sealed-secrets: fullnameOverride: sealed-secrets-controller # Disable auto keyrotation for now - keyrenewperiod: 0 + keyrenewperiod: "0" resources: requests: @@ -179,10 +179,18 @@ nvidia-device-plugin: - g5.24xlarge - g5.48xlarge - g4dn.xlarge + - g4dn.2xlarge + - g4dn.4xlarge + - g4dn.8xlarge + - g4dn.12xlarge + - g4dn.16xlarge cluster-autoscaler: enabled: false + image: + tag: v1.25.1 + autoDiscovery: clusterName: "" awsRegion: "us-west-2" @@ -201,6 +209,8 @@ cluster-autoscaler: extraArgs: scan-interval: 30s skip-nodes-with-local-storage: false + balance-similar-node-groups: true + ignore-taint: "node.cilium.io/agent-not-ready" #securityContext: # runAsNonRoot: true diff --git a/charts/kubezero-argocd/Chart.yaml b/charts/kubezero-argocd/Chart.yaml index 390cf37c..9c828403 100644 --- a/charts/kubezero-argocd/Chart.yaml +++ b/charts/kubezero-argocd/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: KubeZero ArgoCD - config, branding, image-updater (optional) name: kubezero-argocd -version: 0.11.2 +version: 0.12.0 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -17,13 +17,13 @@ dependencies: version: ">= 0.1.6" repository: https://cdn.zero-downtime.net/charts/ - name: argo-cd - version: 5.16.10 + version: 5.28.2 repository: https://argoproj.github.io/argo-helm - name: argocd-apps - version: 0.0.6 + version: 0.0.9 repository: https://argoproj.github.io/argo-helm - name: argocd-image-updater - version: 0.8.1 + version: 0.8.5 repository: https://argoproj.github.io/argo-helm condition: argocd-image-updater.enabled -kubeVersion: ">= 1.24.0" +kubeVersion: ">= 1.25.0" diff --git a/charts/kubezero-argocd/README.md b/charts/kubezero-argocd/README.md index a579daba..363d1840 100644 --- a/charts/kubezero-argocd/README.md +++ b/charts/kubezero-argocd/README.md @@ -1,6 +1,6 @@ # kubezero-argocd -![Version: 0.11.2](https://img.shields.io/badge/Version-0.11.2-informational?style=flat-square) +![Version: 0.12.0](https://img.shields.io/badge/Version-0.12.0-informational?style=flat-square) KubeZero ArgoCD - config, branding, image-updater (optional) @@ -14,13 +14,13 @@ KubeZero ArgoCD - config, branding, image-updater (optional) ## Requirements -Kubernetes: `>= 1.24.0` +Kubernetes: `>= 1.25.0` | Repository | Name | Version | |------------|------|---------| -| https://argoproj.github.io/argo-helm | argo-cd | 5.16.10 | -| https://argoproj.github.io/argo-helm | argocd-apps | 0.0.6 | -| https://argoproj.github.io/argo-helm | argocd-image-updater | 0.8.1 | +| https://argoproj.github.io/argo-helm | argo-cd | 5.28.2 | +| https://argoproj.github.io/argo-helm | argocd-apps | 0.0.9 | +| https://argoproj.github.io/argo-helm | argocd-image-updater | 0.8.5 | | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | ## Values @@ -30,12 +30,12 @@ Kubernetes: `>= 1.24.0` | argo-cd.applicationSet.enabled | bool | `false` | | | argo-cd.configs.cm."resource.customizations" | string | `"cert-manager.io/Certificate:\n # Lua script for customizing the health status assessment\n health.lua: |\n hs = {}\n if obj.status ~= nil then\n if obj.status.conditions ~= nil then\n for i, condition in ipairs(obj.status.conditions) do\n if condition.type == \"Ready\" and condition.status == \"False\" then\n hs.status = \"Degraded\"\n hs.message = condition.message\n return hs\n end\n if condition.type == \"Ready\" and condition.status == \"True\" then\n hs.status = \"Healthy\"\n hs.message = condition.message\n return hs\n end\n end\n end\n end\n hs.status = \"Progressing\"\n hs.message = \"Waiting for certificate\"\n return hs\n"` | | | argo-cd.configs.cm."timeout.reconciliation" | int | `300` | | -| argo-cd.configs.cm."ui.bannercontent" | string | `"KubeZero v1.24 - Release notes"` | | +| argo-cd.configs.cm."ui.bannercontent" | string | `"KubeZero v1.25 - Release notes"` | | | argo-cd.configs.cm."ui.bannerpermanent" | string | `"true"` | | | argo-cd.configs.cm."ui.bannerposition" | string | `"bottom"` | | -| argo-cd.configs.cm."ui.bannerurl" | string | `"https://kubezero.com/releases/v1.24"` | | +| argo-cd.configs.cm."ui.bannerurl" | string | `"https://kubezero.com/releases/v1.25"` | | | argo-cd.configs.cm.url | string | `"argocd.example.com"` | | -| argo-cd.configs.knownHosts.data.ssh_known_hosts | string | `"bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==\ngithub.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=\ngithub.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\ngitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=\ngitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf\ngitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9\ngit.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8YdJ4YcOK7A0K7qOWsRjCS+wHTStXRcwBe7gjG43HPSNijiCKoGf/c+tfNsRhyouawg7Law6M6ahmS/jKWBpznRIM+OdOFVSuhnK/nr6h6wG3/ZfdLicyAPvx1/STGY/Fc6/zXA88i/9PV+g84gSVmhf3fGY92wokiASiu9DU4T9dT1gIkdyOX6fbMi1/mMKLSrHnAQcjyasYDvw9ISCJ95EoSwbj7O4c+7jo9fxYvdCfZZZAEZGozTRLAAO0AnjVcRah7bZV/jfHJuhOipV/TB7UVAhlVv1dfGV7hoTp9UKtKZFJF4cjIrSGxqQA/mdhSdLgkepK7yc4Jp2xGnaarhY29DfqsQqop+ugFpTbj7Xy5Rco07mXc6XssbAZhI1xtCOX20N4PufBuYippCK5AE6AiAyVtJmvfGQk4HP+TjOyhFo7PZm3wc9Hym7IBBVC0Sl30K8ddufkAgHwNGvvu1ZmD9ZWaMOXJDHBCZGMMr16QREZwVtZTwMEQalc7/yqmuqMhmcJIfs/GA2Lt91y+pq9C8XyeUL0VFPch0vkcLSRe3ghMZpRFJ/ht307xPcLzgTJqN6oQtNNDzSQglSEjwhge2K4GyWcIh+oGsWxWz5dHyk1iJmw90Y976BZIl/mYVgbTtZAJ81oGe/0k5rAe+LDL+Yq6tG28QFOg0QmiQ==\n"` | | +| argo-cd.configs.knownHosts.data.ssh_known_hosts | string | `"bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=\nbitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO\nbitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=\ngithub.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=\ngithub.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\ngitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=\ngitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf\ngitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9\ngit.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8YdJ4YcOK7A0K7qOWsRjCS+wHTStXRcwBe7gjG43HPSNijiCKoGf/c+tfNsRhyouawg7Law6M6ahmS/jKWBpznRIM+OdOFVSuhnK/nr6h6wG3/ZfdLicyAPvx1/STGY/Fc6/zXA88i/9PV+g84gSVmhf3fGY92wokiASiu9DU4T9dT1gIkdyOX6fbMi1/mMKLSrHnAQcjyasYDvw9ISCJ95EoSwbj7O4c+7jo9fxYvdCfZZZAEZGozTRLAAO0AnjVcRah7bZV/jfHJuhOipV/TB7UVAhlVv1dfGV7hoTp9UKtKZFJF4cjIrSGxqQA/mdhSdLgkepK7yc4Jp2xGnaarhY29DfqsQqop+ugFpTbj7Xy5Rco07mXc6XssbAZhI1xtCOX20N4PufBuYippCK5AE6AiAyVtJmvfGQk4HP+TjOyhFo7PZm3wc9Hym7IBBVC0Sl30K8ddufkAgHwNGvvu1ZmD9ZWaMOXJDHBCZGMMr16QREZwVtZTwMEQalc7/yqmuqMhmcJIfs/GA2Lt91y+pq9C8XyeUL0VFPch0vkcLSRe3ghMZpRFJ/ht307xPcLzgTJqN6oQtNNDzSQglSEjwhge2K4GyWcIh+oGsWxWz5dHyk1iJmw90Y976BZIl/mYVgbTtZAJ81oGe/0k5rAe+LDL+Yq6tG28QFOg0QmiQ==\n"` | | | argo-cd.configs.params."controller.operation.processors" | string | `"5"` | | | argo-cd.configs.params."controller.status.processors" | string | `"10"` | | | argo-cd.configs.params."server.enable.gzip" | bool | `true` | | diff --git a/charts/kubezero-argocd/values.yaml b/charts/kubezero-argocd/values.yaml index f8e34453..fb97514a 100644 --- a/charts/kubezero-argocd/values.yaml +++ b/charts/kubezero-argocd/values.yaml @@ -29,8 +29,8 @@ argo-cd: .sidebar { background: linear-gradient(to bottom, #6A4D79, #493558, #2D1B30, #0D0711); } cm: - ui.bannercontent: "KubeZero v1.24 - Release notes" - ui.bannerurl: "https://kubezero.com/releases/v1.24" + ui.bannercontent: "KubeZero v1.25 - Release notes" + ui.bannerurl: "https://kubezero.com/releases/v1.25" ui.bannerpermanent: "true" ui.bannerposition: "bottom" diff --git a/charts/kubezero-auth/Chart.yaml b/charts/kubezero-auth/Chart.yaml index 5d17fe4e..452a186e 100644 --- a/charts/kubezero-auth/Chart.yaml +++ b/charts/kubezero-auth/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: kubezero-auth description: KubeZero umbrella chart for all things Authentication and Identity management type: application -version: 0.3.4 -appVersion: 20.0.2 +version: 0.3.5 +appVersion: 21.1.1 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -20,4 +20,4 @@ dependencies: version: 11.8.1 repository: https://charts.bitnami.com/bitnami condition: postgresql.enabled -kubeVersion: ">= 1.20.0" +kubeVersion: ">= 1.25.0" diff --git a/charts/kubezero-auth/README.md b/charts/kubezero-auth/README.md index 1cb849a7..5fd3eceb 100644 --- a/charts/kubezero-auth/README.md +++ b/charts/kubezero-auth/README.md @@ -1,6 +1,6 @@ # kubezero-auth -![Version: 0.3.4](https://img.shields.io/badge/Version-0.3.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 20.0.2](https://img.shields.io/badge/AppVersion-20.0.2-informational?style=flat-square) +![Version: 0.3.5](https://img.shields.io/badge/Version-0.3.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 21.1.1](https://img.shields.io/badge/AppVersion-21.1.1-informational?style=flat-square) KubeZero umbrella chart for all things Authentication and Identity management @@ -14,7 +14,7 @@ KubeZero umbrella chart for all things Authentication and Identity management ## Requirements -Kubernetes: `>= 1.20.0` +Kubernetes: `>= 1.25.0` | Repository | Name | Version | |------------|------|---------| diff --git a/charts/kubezero-auth/templates/keycloak/operator.yaml b/charts/kubezero-auth/templates/keycloak/operator.yaml index 4bdd9c60..f31e3b22 100644 --- a/charts/kubezero-auth/templates/keycloak/operator.yaml +++ b/charts/kubezero-auth/templates/keycloak/operator.yaml @@ -4,20 +4,20 @@ apiVersion: v1 kind: ServiceAccount metadata: annotations: - app.quarkus.io/build-timestamp: 2022-12-13 - 14:29:14 +0000 + app.quarkus.io/build-timestamp: 2023-04-26 - 10:32:03 +0000 labels: app.kubernetes.io/name: keycloak-operator - app.kubernetes.io/version: 20.0.2 + app.kubernetes.io/version: 21.1.1 name: keycloak-operator --- apiVersion: v1 kind: Service metadata: annotations: - app.quarkus.io/build-timestamp: 2022-12-13 - 14:29:14 +0000 + app.quarkus.io/build-timestamp: 2023-04-26 - 10:32:03 +0000 labels: app.kubernetes.io/name: keycloak-operator - app.kubernetes.io/version: 20.0.2 + app.kubernetes.io/version: 21.1.1 name: keycloak-operator spec: ports: @@ -26,7 +26,7 @@ spec: targetPort: 8080 selector: app.kubernetes.io/name: keycloak-operator - app.kubernetes.io/version: 20.0.2 + app.kubernetes.io/version: 21.1.1 type: ClusterIP --- apiVersion: rbac.authorization.k8s.io/v1 @@ -179,24 +179,24 @@ apiVersion: apps/v1 kind: Deployment metadata: annotations: - app.quarkus.io/build-timestamp: 2022-12-13 - 14:29:14 +0000 + app.quarkus.io/build-timestamp: 2023-04-26 - 10:32:03 +0000 labels: app.kubernetes.io/name: keycloak-operator - app.kubernetes.io/version: 20.0.2 + app.kubernetes.io/version: 21.1.1 name: keycloak-operator spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: keycloak-operator - app.kubernetes.io/version: 20.0.2 + app.kubernetes.io/version: 21.1.1 template: metadata: annotations: - app.quarkus.io/build-timestamp: 2022-12-13 - 14:29:14 +0000 + app.quarkus.io/build-timestamp: 2023-04-26 - 10:32:03 +0000 labels: app.kubernetes.io/name: keycloak-operator - app.kubernetes.io/version: 20.0.2 + app.kubernetes.io/version: 21.1.1 spec: containers: - env: @@ -205,8 +205,8 @@ spec: fieldRef: fieldPath: metadata.namespace - name: OPERATOR_KEYCLOAK_IMAGE - value: quay.io/keycloak/keycloak:20.0.2 - image: quay.io/keycloak/keycloak-operator:20.0.2 + value: quay.io/keycloak/keycloak:21.1.1 + image: quay.io/keycloak/keycloak-operator:21.1.1 imagePullPolicy: Always livenessProbe: failureThreshold: 3 diff --git a/charts/kubezero-cert-manager/Chart.yaml b/charts/kubezero-cert-manager/Chart.yaml index f8efd80d..babc0c4c 100644 --- a/charts/kubezero-cert-manager/Chart.yaml +++ b/charts/kubezero-cert-manager/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-cert-manager description: KubeZero Umbrella Chart for cert-manager type: application -version: 0.9.3 +version: 0.9.4 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -16,6 +16,6 @@ dependencies: version: ">= 0.1.6" repository: https://cdn.zero-downtime.net/charts/ - name: cert-manager - version: 1.9.1 + version: 1.11.1 repository: https://charts.jetstack.io -kubeVersion: ">= 1.24.0" +kubeVersion: ">= 1.25.0" diff --git a/charts/kubezero-cert-manager/README.md b/charts/kubezero-cert-manager/README.md index 00bfb498..51736f04 100644 --- a/charts/kubezero-cert-manager/README.md +++ b/charts/kubezero-cert-manager/README.md @@ -1,6 +1,6 @@ # kubezero-cert-manager -![Version: 0.9.3](https://img.shields.io/badge/Version-0.9.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.9.4](https://img.shields.io/badge/Version-0.9.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero Umbrella Chart for cert-manager @@ -14,12 +14,12 @@ KubeZero Umbrella Chart for cert-manager ## Requirements -Kubernetes: `>= 1.24.0` +Kubernetes: `>= 1.25.0` | Repository | Name | Version | |------------|------|---------| | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | -| https://charts.jetstack.io | cert-manager | 1.9.1 | +| https://charts.jetstack.io | cert-manager | 1.11.1 | ## AWS - OIDC IAM roles diff --git a/charts/kubezero-cert-manager/jsonnetfile.lock.json b/charts/kubezero-cert-manager/jsonnetfile.lock.json index 62435b50..ffb2c5e1 100644 --- a/charts/kubezero-cert-manager/jsonnetfile.lock.json +++ b/charts/kubezero-cert-manager/jsonnetfile.lock.json @@ -18,7 +18,7 @@ "subdir": "contrib/mixin" } }, - "version": "f1842b6ecf67a8102766cc914eaa2a8c7ad97314", + "version": "9d2cda4e44a26f064d8578e258bbba2fc3cd5b73", "sum": "W/Azptf1PoqjyMwJON96UY69MFugDA4IAYiKURscryc=" }, { @@ -28,7 +28,7 @@ "subdir": "grafonnet" } }, - "version": "30280196507e0fe6fa978a3e0eaca3a62844f817", + "version": "f0b70307b8e5f12236b277883d998af129a8211f", "sum": "342u++/7rViR/zj2jeJOjshzglkZ1SY+hFNuyCBFMdc=" }, { @@ -38,7 +38,7 @@ "subdir": "grafana-builder" } }, - "version": "15484ab1cb78eb7588e6b79ac52fc04e63f552b4", + "version": "e0b90a4435817ad642d8d049e7dd975264cb960e", "sum": "tDR6yT2GVfw0wTU12iZH+m01HrbIr6g/xN+/8nzNkU0=" }, { @@ -58,7 +58,7 @@ "subdir": "lib/promgrafonnet" } }, - "version": "3c386687c1f8ceb6b79ff887c4a934e9cee1b90a", + "version": "eed459199703c969afc318ea55b9361ae48180a7", "sum": "zv7hXGui6BfHzE9wPatHI/AGZa4A2WKo6pq7ZdqBsps=" }, { diff --git a/charts/kubezero-cert-manager/templates/prometheus-rules.yaml b/charts/kubezero-cert-manager/templates/prometheus-rules.yaml index cbf455b0..2734b4e6 100644 --- a/charts/kubezero-cert-manager/templates/prometheus-rules.yaml +++ b/charts/kubezero-cert-manager/templates/prometheus-rules.yaml @@ -1,3 +1,4 @@ +{{- if index .Values "cert-manager" "prometheus" "servicemonitor" "enabled" }} apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: @@ -51,3 +52,4 @@ spec: labels: severity: critical +{{- end }} diff --git a/charts/kubezero-cert-manager/values.yaml b/charts/kubezero-cert-manager/values.yaml index 1629bdc2..c5780238 100644 --- a/charts/kubezero-cert-manager/values.yaml +++ b/charts/kubezero-cert-manager/values.yaml @@ -23,6 +23,8 @@ cert-manager: leaderElection: namespace: "cert-manager" + #enableCertificateOwnerRef: true + # On AWS enable Projected Service Accounts to assume IAM role #extraEnv: #- name: AWS_ROLE_ARN diff --git a/charts/kubezero-ci/Chart.yaml b/charts/kubezero-ci/Chart.yaml index fc9ebf82..d929e8d5 100644 --- a/charts/kubezero-ci/Chart.yaml +++ b/charts/kubezero-ci/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-ci description: KubeZero umbrella chart for all things CI type: application -version: 0.5.25 +version: 0.6.2 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -22,16 +22,15 @@ dependencies: repository: https://gocd.github.io/helm-chart condition: gocd.enabled - name: gitea - version: 6.0.5 + version: 8.2.0 repository: https://dl.gitea.io/charts/ condition: gitea.enabled - name: jenkins - version: 4.2.20 + version: 4.3.20 repository: https://charts.jenkins.io condition: jenkins.enabled - name: trivy - version: 0.4.17 + version: 0.7.0 repository: https://aquasecurity.github.io/helm-charts/ condition: trivy.enabled - -kubeVersion: ">= 1.20.0" +kubeVersion: ">= 1.24.0" diff --git a/charts/kubezero-ci/README.md b/charts/kubezero-ci/README.md index dc80155d..82e0bf06 100644 --- a/charts/kubezero-ci/README.md +++ b/charts/kubezero-ci/README.md @@ -1,6 +1,6 @@ # kubezero-ci -![Version: 0.5.24](https://img.shields.io/badge/Version-0.5.24-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.6.2](https://img.shields.io/badge/Version-0.6.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero umbrella chart for all things CI @@ -14,14 +14,14 @@ KubeZero umbrella chart for all things CI ## Requirements -Kubernetes: `>= 1.20.0` +Kubernetes: `>= 1.24.0` | Repository | Name | Version | |------------|------|---------| -| https://aquasecurity.github.io/helm-charts/ | trivy | 0.4.17 | +| https://aquasecurity.github.io/helm-charts/ | trivy | 0.7.0 | | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | -| https://charts.jenkins.io | jenkins | 4.2.17 | -| https://dl.gitea.io/charts/ | gitea | 6.0.5 | +| https://charts.jenkins.io | jenkins | 4.3.20 | +| https://dl.gitea.io/charts/ | gitea | 8.2.0 | | https://gocd.github.io/helm-chart | gocd | 1.40.8 | # Jenkins @@ -34,8 +34,10 @@ Kubernetes: `>= 1.20.0` # Gitea -## OpenSSH 8.8 RSA disabled -- https://github.com/go-gitea/gitea/issues/17798 +# Verdaccio + +## Authentication sealed-secret +```htpasswd -n -b -B -C 4 | kubeseal --raw --namespace verdaccio --name verdaccio-htpasswd``` ## Resources @@ -82,6 +84,10 @@ Kubernetes: `>= 1.20.0` | jenkins.agent.image | string | `"public.ecr.aws/zero-downtime/jenkins-podman"` | | | jenkins.agent.podName | string | `"podman-aws"` | | | jenkins.agent.podRetention | string | `"Default"` | | +| jenkins.agent.resources.limits.cpu | string | `""` | | +| jenkins.agent.resources.limits.memory | string | `""` | | +| jenkins.agent.resources.requests.cpu | string | `""` | | +| jenkins.agent.resources.requests.memory | string | `""` | | | jenkins.agent.showRawYaml | bool | `false` | | | jenkins.agent.tag | string | `"v0.4.1"` | | | jenkins.agent.yamlMergeStrategy | string | `"merge"` | | @@ -92,18 +98,18 @@ Kubernetes: `>= 1.20.0` | jenkins.controller.initContainerResources.limits.memory | string | `"1024Mi"` | | | jenkins.controller.initContainerResources.requests.cpu | string | `"50m"` | | | jenkins.controller.initContainerResources.requests.memory | string | `"256Mi"` | | -| jenkins.controller.installPlugins[0] | string | `"kubernetes:3743.v1fa_4c724c3b_7"` | | +| jenkins.controller.installPlugins[0] | string | `"kubernetes:3923.v294a_d4250b_91"` | | | jenkins.controller.installPlugins[10] | string | `"build-discarder:139.v05696a_7fe240"` | | -| jenkins.controller.installPlugins[11] | string | `"dark-theme:262.v0202a_4c8fb_6a"` | | -| jenkins.controller.installPlugins[12] | string | `"kubernetes-credentials-provider:1.206.v7ce2cf7b_0c8b"` | | +| jenkins.controller.installPlugins[11] | string | `"dark-theme:315.va_22e7d692ea_a"` | | +| jenkins.controller.installPlugins[12] | string | `"kubernetes-credentials-provider:1.211.vc236a_f5a_2f3c"` | | | jenkins.controller.installPlugins[1] | string | `"workflow-aggregator:581.v0c46fa_697ffd"` | | -| jenkins.controller.installPlugins[2] | string | `"git:4.14.3"` | | +| jenkins.controller.installPlugins[2] | string | `"git:5.0.2"` | | | jenkins.controller.installPlugins[3] | string | `"basic-branch-build-strategies:71.vc1421f89888e"` | | -| jenkins.controller.installPlugins[4] | string | `"pipeline-graph-view:144.vf3924feb_7e35"` | | -| jenkins.controller.installPlugins[5] | string | `"pipeline-stage-view:2.28"` | | -| jenkins.controller.installPlugins[6] | string | `"configuration-as-code:1569.vb_72405b_80249"` | | -| jenkins.controller.installPlugins[7] | string | `"antisamy-markup-formatter:155.v795fb_8702324"` | | -| jenkins.controller.installPlugins[8] | string | `"prometheus:2.0.11"` | | +| jenkins.controller.installPlugins[4] | string | `"pipeline-graph-view:183.v9e27732d970f"` | | +| jenkins.controller.installPlugins[5] | string | `"pipeline-stage-view:2.32"` | | +| jenkins.controller.installPlugins[6] | string | `"configuration-as-code:1625.v27444588cc3d"` | | +| jenkins.controller.installPlugins[7] | string | `"antisamy-markup-formatter:159.v25b_c67cd35fb_"` | | +| jenkins.controller.installPlugins[8] | string | `"prometheus:2.2.2"` | | | jenkins.controller.installPlugins[9] | string | `"htmlpublisher:1.31"` | | | jenkins.controller.javaOpts | string | `"-XX:+UseContainerSupport -XX:+UseStringDeduplication -Dhudson.model.DirectoryBrowserSupport.CSP=\"sandbox allow-popups; default-src 'none'; img-src 'self' cdn.zero-downtime.net; style-src 'unsafe-inline';\""` | | | jenkins.controller.jenkinsOpts | string | `"--sessionTimeout=180 --sessionEviction=3600"` | | @@ -128,7 +134,7 @@ Kubernetes: `>= 1.20.0` | jenkins.serviceAccountAgent.create | bool | `true` | | | jenkins.serviceAccountAgent.name | string | `"jenkins-podman-aws"` | | | trivy.enabled | bool | `false` | | -| trivy.image.tag | string | `"0.35.0"` | | +| trivy.image.tag | string | `"0.39.1"` | | | trivy.persistence.enabled | bool | `true` | | | trivy.persistence.size | string | `"1Gi"` | | | trivy.rbac.create | bool | `false` | | diff --git a/charts/kubezero-ci/README.md.gotmpl b/charts/kubezero-ci/README.md.gotmpl index 28a0fceb..5b389823 100644 --- a/charts/kubezero-ci/README.md.gotmpl +++ b/charts/kubezero-ci/README.md.gotmpl @@ -23,8 +23,10 @@ # Gitea -## OpenSSH 8.8 RSA disabled -- https://github.com/go-gitea/gitea/issues/17798 +# Verdaccio + +## Authentication sealed-secret +```htpasswd -n -b -B -C 4 | kubeseal --raw --namespace verdaccio --name verdaccio-htpasswd``` ## Resources diff --git a/charts/kubezero-ci/values.yaml b/charts/kubezero-ci/values.yaml index b39fa88f..d8c30de3 100644 --- a/charts/kubezero-ci/values.yaml +++ b/charts/kubezero-ci/values.yaml @@ -121,19 +121,19 @@ jenkins: numToKeepStr: "10" installPlugins: - - kubernetes:3802.vb_b_600831fcb_3 + - kubernetes:3923.v294a_d4250b_91 - workflow-aggregator:581.v0c46fa_697ffd - - git:5.0.0 + - git:5.0.2 - basic-branch-build-strategies:71.vc1421f89888e - - pipeline-graph-view:144.vf3924feb_7e35 - - pipeline-stage-view:2.28 - - configuration-as-code:1569.vb_72405b_80249 - - antisamy-markup-formatter:155.v795fb_8702324 - - prometheus:2.1.0 + - pipeline-graph-view:183.v9e27732d970f + - pipeline-stage-view:2.32 + - configuration-as-code:1625.v27444588cc3d + - antisamy-markup-formatter:159.v25b_c67cd35fb_ + - prometheus:2.2.2 - htmlpublisher:1.31 - build-discarder:139.v05696a_7fe240 - - dark-theme:262.v0202a_4c8fb_6a - - kubernetes-credentials-provider:1.208.v128ee9800c04 + - dark-theme:315.va_22e7d692ea_a + - kubernetes-credentials-provider:1.211.vc236a_f5a_2f3c serviceAccountAgent: create: true @@ -231,7 +231,7 @@ jenkins: trivy: enabled: false image: - tag: 0.35.0 + tag: 0.39.1 persistence: enabled: true size: 1Gi diff --git a/charts/kubezero-istio-gateway/Chart.yaml b/charts/kubezero-istio-gateway/Chart.yaml index 325ed350..a5d4f3a5 100644 --- a/charts/kubezero-istio-gateway/Chart.yaml +++ b/charts/kubezero-istio-gateway/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-istio-gateway description: KubeZero Umbrella Chart for Istio gateways type: application -version: 0.9.0 +version: 0.10.0 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -14,9 +14,9 @@ maintainers: email: stefan@zero-downtime.net dependencies: - name: kubezero-lib - version: ">= 0.1.5" + version: ">= 0.1.6" repository: https://cdn.zero-downtime.net/charts/ - name: gateway - version: 1.16.1 + version: 1.17.2 repository: https://istio-release.storage.googleapis.com/charts -kubeVersion: ">= 1.24.0" +kubeVersion: ">= 1.25.0" diff --git a/charts/kubezero-istio-gateway/README.md b/charts/kubezero-istio-gateway/README.md index 09aa7d34..72108273 100644 --- a/charts/kubezero-istio-gateway/README.md +++ b/charts/kubezero-istio-gateway/README.md @@ -1,6 +1,6 @@ # kubezero-istio-gateway -![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.10.0](https://img.shields.io/badge/Version-0.10.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero Umbrella Chart for Istio gateways @@ -16,12 +16,12 @@ Installs Istio Ingress Gateways, requires kubezero-istio to be installed ! ## Requirements -Kubernetes: `>= 1.24.0` +Kubernetes: `>= 1.25.0` | Repository | Name | Version | |------------|------|---------| -| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.5 | -| https://istio-release.storage.googleapis.com/charts | gateway | 1.16.1 | +| https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | +| https://istio-release.storage.googleapis.com/charts | gateway | 1.17.2 | ## Values diff --git a/charts/kubezero-istio-gateway/charts/gateway/Chart.yaml b/charts/kubezero-istio-gateway/charts/gateway/Chart.yaml index 6f57321c..800334bb 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/Chart.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.16.1 +appVersion: 1.17.2 description: Helm chart for deploying Istio gateways icon: https://istio.io/latest/favicons/android-192x192.png keywords: @@ -9,4 +9,4 @@ name: gateway sources: - http://github.com/istio/istio type: application -version: 1.16.1 +version: 1.17.2 diff --git a/charts/kubezero-istio-gateway/charts/gateway/templates/deployment.yaml b/charts/kubezero-istio-gateway/charts/gateway/templates/deployment.yaml index 474a8123..550e3818 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/templates/deployment.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/templates/deployment.yaml @@ -49,6 +49,9 @@ spec: - name: istio-proxy # "auto" will be populated at runtime by the mutating webhook. See https://istio.io/latest/docs/setup/additional-setup/sidecar-injection/#customizing-injection image: auto + {{- with .Values.imagePullPolicy }} + imagePullPolicy: {{ . }} + {{- end }} securityContext: {{- if .Values.containerSecurityContext }} {{- toYaml .Values.containerSecurityContext | nindent 12 }} diff --git a/charts/kubezero-istio-gateway/charts/gateway/values.schema.json b/charts/kubezero-istio-gateway/charts/gateway/values.schema.json index 84f0489d..11aacbff 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/values.schema.json +++ b/charts/kubezero-istio-gateway/charts/gateway/values.schema.json @@ -191,6 +191,10 @@ "networkGateway": { "type": "string" }, + "imagePullPolicy": { + "type": "string", + "enum": ["", "Always", "IfNotPresent", "Never"] + }, "imagePullSecrets": { "type": "array", "items": { diff --git a/charts/kubezero-istio-gateway/charts/gateway/values.yaml b/charts/kubezero-istio-gateway/charts/gateway/values.yaml index e44610b9..b62c3eae 100644 --- a/charts/kubezero-istio-gateway/charts/gateway/values.yaml +++ b/charts/kubezero-istio-gateway/charts/gateway/values.yaml @@ -90,4 +90,8 @@ affinity: {} # If specified, the gateway will act as a network gateway for the given network. networkGateway: "" -imagePullSecrets: [] \ No newline at end of file +# Specify image pull policy if default behavior isn't desired. +# Default behavior: latest images will be Always else IfNotPresent +imagePullPolicy: "" + +imagePullSecrets: [] diff --git a/charts/kubezero-istio/Chart.yaml b/charts/kubezero-istio/Chart.yaml index f90bc982..8df274c1 100644 --- a/charts/kubezero-istio/Chart.yaml +++ b/charts/kubezero-istio/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-istio description: KubeZero Umbrella Chart for Istio type: application -version: 0.9.0 +version: 0.10.0 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -16,13 +16,13 @@ dependencies: version: ">= 0.1.6" repository: https://cdn.zero-downtime.net/charts/ - name: base - version: 1.16.1 + version: 1.17.2 repository: https://istio-release.storage.googleapis.com/charts - name: istiod - version: 1.16.1 + version: 1.17.2 repository: https://istio-release.storage.googleapis.com/charts - name: kiali-server - version: "1.60.0" + version: "1.66.0" repository: https://kiali.org/helm-charts condition: kiali-server.enabled -kubeVersion: ">= 1.24.0" +kubeVersion: ">= 1.25.0" diff --git a/charts/kubezero-istio/README.md b/charts/kubezero-istio/README.md index 088ce17d..5cb3b69a 100644 --- a/charts/kubezero-istio/README.md +++ b/charts/kubezero-istio/README.md @@ -1,6 +1,6 @@ # kubezero-istio -![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.10.0](https://img.shields.io/badge/Version-0.10.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero Umbrella Chart for Istio @@ -16,14 +16,14 @@ Installs the Istio control plane ## Requirements -Kubernetes: `>= 1.24.0` +Kubernetes: `>= 1.25.0` | Repository | Name | Version | |------------|------|---------| | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | -| https://istio-release.storage.googleapis.com/charts | base | 1.16.1 | -| https://istio-release.storage.googleapis.com/charts | istiod | 1.16.1 | -| https://kiali.org/helm-charts | kiali-server | 1.60.0 | +| https://istio-release.storage.googleapis.com/charts | base | 1.17.2 | +| https://istio-release.storage.googleapis.com/charts | istiod | 1.17.2 | +| https://kiali.org/helm-charts | kiali-server | 1.66.0 | ## Values diff --git a/charts/kubezero-istio/dashboards.yaml b/charts/kubezero-istio/dashboards.yaml index 92cd2459..92682ff3 100644 --- a/charts/kubezero-istio/dashboards.yaml +++ b/charts/kubezero-istio/dashboards.yaml @@ -1,22 +1,22 @@ -# Revision 148 = 1.16 +# Revision 162 = 1.17 configmap: grafana-dashboards gzip: true folder: Istio condition: '.Values.istiod.telemetry.enabled' dashboards: - name: istio-control-plane - url: https://grafana.com/api/dashboards/7645/revisions/148/download + url: https://grafana.com/api/dashboards/7645/revisions/162/download tags: - Istio - name: istio-mesh - url: https://grafana.com/api/dashboards/7639/revisions/148/download + url: https://grafana.com/api/dashboards/7639/revisions/162/download tags: - Istio - name: istio-service - url: https://grafana.com/api/dashboards/7636/revisions/148/download + url: https://grafana.com/api/dashboards/7636/revisions/162/download tags: - Istio - name: istio-workload - url: https://grafana.com/api/dashboards/7630/revisions/148/download + url: https://grafana.com/api/dashboards/7630/revisions/162/download tags: - Istio diff --git a/charts/kubezero-istio/templates/grafana-dashboards.yaml b/charts/kubezero-istio/templates/grafana-dashboards.yaml index a1c27109..a27aed99 100644 --- a/charts/kubezero-istio/templates/grafana-dashboards.yaml +++ b/charts/kubezero-istio/templates/grafana-dashboards.yaml @@ -11,11 +11,11 @@ metadata: k8s-sidecar-target-directory: Istio binaryData: istio-control-plane.json.gz: - H4sIAAAAAAAC/+1dW1PcOBZ+z69Q+WELtoDq5pZkquaBAMlQS2YoSDJbuZRLbYtuLW7LkWToHpb97Xsk2e17X91gGL8kbclI56ZzPh1dfP8KIcu2qR+EUli/oG/wjNC9/hdqfDwkUGqdXNkXl398PP302+nnK2srrvZwj3iq/oKzIZEDEoqk0iXC4TSQlPnqlaRCjgPdqIslFizkDknqAi/sU//MVfVBSaOm/veIrFS3+oUH+PfHlmGJk58h5aSEqbj/PsfX2MdJ49QtLY6F8CFfcUu4iLg73Nnf2YuI2CrvLsA+CKvYWTAo7SpdnOpoeh9lIqWVwvSLYizr8mCns9NZgjeJex4p9vYpW1zkbaJE7PtMYmVASoumU8ujQk50mpACNb2QevJMtdTdSkpTIilnFd4hvqbpFyR5SFLlA+qWlFKH+cfMY1w1yPs9vNHZQrvdLvxzcLCFupvppmOujxJe0D/QkUe4zJCQaFAMegxz14rqHvT/P15Fws8PqzMBv9Ax8yVnHrrwQBHoJG4DRcJF3Z3u/s6h7s8iLpURu9fYE5ozq+8TqUfd68P9A1OiTPATY56kQSxSEL5/o0eUUZBWe8kIc5jn4UAQN92Hrulz6l6wRJ1GzDmV3cHz7n6qYAQFndTzWD3H8sla3WEn8RUT6n4kvodKz3g0EnhsTFz0xYhIFP0TZ3flVo89ioW2AM1IQkEP65Isy0qj58TvS81mJ1NOyl6fYa/WNfW8tMSqhXqwqFC75UI9OExcPukT3812hW/7eTaUEYScE1+W1AzxqKyU+iWlYsDuikNQwljySt6+xV6YyLTADJivrk23pgvvqCszVpizdDOUQ8+7YNSXH5l2C7ogFZoI6MyXuE8KOg3UX3Hs0lCktWLKiyYAYnMJJ9q/XHtMJn0IwikRf8CwBpWTHH0iwA4pszQhsXNT6EVIEgTEPQf2C3US8z5JAYKsp1VOZBRo8kQ43KDKBdnK+7r3DhsGzAcx/PrdCijQ/t162ES9MdoAwaQdo7JjxodY6khBh8Q2vGVfAfEQDkp9jx2p/W03U22M8f2knft7BN2gh4dsK5xcG0RxZE2KH6JfKdcwALQwYJ5bcBlD8h6GIZQqhWfKL0k/ik65P7ga0GtZ/IvI+VwoyZR5nom7vU+PAMy1J82NAcG4zA1hbf527L+o79Jb6oYwUgojIYWB0kBjhEc050d6oXNjTCHNixqv0ShQ7JZEvNzb5eN4Ml6//SiQOMYjMsUCE+uBprnMajwGplkiVAXrv8OCFCzJuKTC68YnFYpTzCQGtdVYOtPOsMzyx0WtQ4jrl7ljXX5ObidUZ1BKPlA+Bg44rMABu/PhgEtigi36LJTnfoEg4HVOooczBPq6AgO0EKCFAGUQAGaWDhHCvqVcQqyxh2TI+NjujSUR9zgIAAlohOACFFgCAADlZRZUBg52p4KDL4Y+9FHTV4EQzrLlSkCq4ZlePi8MgBKgHV/WLY2FOL6MiJjO8m8rstxniklQkxT2gODAFmNRE7+l8+/F5aCoQkDVHKhwUV6x5zGngdxquir4PVmO3zpZXZCloyncvK/bfKkfClKvSlf2Xb8pnVJ/GyirEMNpjWLQwaJWOSzI7pUiYDq/H1bk12EQpyHu8dhD3zF+Q/0+kC8jpiev/Pq/75ZLhcMg6I6/W1soYK4qM/LY3vnnf/WvbT3hhcentJSTmE60MaF/s0KG7x5ZhpGUOButS4oL5guuQOgO5nOI6rghmYNcJG8zBktlDLRtthmDBmYMXsys+nC+WXWbWG9n1dWJdY4lSWKT7QShHao0FcQ+KHWFrdWVCrIL45Rv3eGPzbXn5RcBJQvMxox84im3kk5WLjnUqnltAjCLKK7GGqvBsmVNZ2F4tqTx1CXR+dHbTKD7lJDu+OJzi+faFaBHpLOFcwvDue7ufHjudYvnWjw3PVdyLaJInM+QrD/JtCxkWXv+aIpMmpo0avgWE9DdTQsr1pYmsqwnBhVgg3SIPVHWTsKBz3yyKAOd9JaLNoH0ZIjjzXyIY/+pEUe+uIUcDYEcfWb3GWehVJJ97CW838Nhj3DErtGHCQ2VIbPBs/MS6ttoWvck/cmj6d94iv4YezS7+xV7Ct/Mt0nT7Je+CMUAnflGV+r4S32bNTNBp3ZQkDuycwUKFwjeQSpJq1yknr2gINTtL4El3uQU8maWPg6qNs3uvqz8RVZTq6EJhAX6i3CWQhUVMb35aCNj7zWvV2ljtkeusI1B36vRCdDDccWjLTgdeyFwxefYzLG1KlvkEdk69d3IUFbe2TebMe8RGTsHXEp8wmvYojmbMf6IjF0CeKwEvqd1ciUquYpJLgFa+dQWcTiptK53dZLr10CuOgauj7KKyr2hTTrvdZGL79OnEYX4+KLmEWl1mRg/KVlhisGCte7qsjpWu6nr+eXkcvD7GAcyhKGPMLrF4ODlOIHggKYYXwsEfzMvBK93BVHttTgdBnJcfrnBV4VnCzXtsuOL2kaWhGCA4DYn/yGOzKcDNxHjaAP3BEhozj/Yzt50Uffenxm4ShNFXHR8cqVuv7imfVEP2k+YJ4tKizReWqczpXWyrLT4otLijZfW5UxpHS0rLW9RaXmNl9b5TGktOIHIzR/uOJWAdoEfmFOV7u1c+2zuT0UC+mRImGfSsRiXOmpqXjVdPjwYQFITt3Wp/CyiDp1m4VL+XOnqcjAW3zT+jZUjY/nqeqVLoL2eOX7JnNlWu2HISDbTFnRS/thQON0e/vXcR79mdcbg/9CojENOH+3CZbu7uN1dvP5lPR2/kLJbRCWS+IZAOdPrewgjx0SPMHDV6h+UY6R3N64j69A9nHvlb7/duVxfCmH3BaUQBhBmGfjxof0zxL6kHtno7BxsoVyQ1jassApQDvbjmGBtG/duArS+B84j64/UwUEHrT5jK2X8bbMZf9tZfe5VznfTGX+7evqngvHGc77zdo5kzpOiUSUvNMHPLSBdEZC2YLQFo0tvPM9jxszRtrLdYrt7FTvPD9qlqjpxZskGs7/lfYI6xKpZkkcdaVO/x0Lftb1oi9Aj3sk1KwuqCUOz9i4tgLxyrLNQZnm3B1IGtjqSZ0fjyJZO0BiJ/BHRm4gEbSiKkaIYRRQjoLiGux9migq6eV6SAvrmFtTxOgWlVPa8JKUo3mw4Bj6ONNCmY9t0bLvPq+EQuHDdQyUGbi98aHdelcZdUH2ULVIXY6sYeUud4jnMteeH4muvryICVodeCWdPxtQMZt4tuS2nuLVGZfEC5q7/wArz/WiLVnzGA93fQ8+V3zI5bQiuOTq5Qh+ZT4FL6vdbcNOCm/aY7JLHZPcqPr91uD/fMdlT/5aN13RC9inW0l0iMfUEwjADlMhwp5ZewNki6uul9iG4ucc4Mbu3W4H/Oi3+a/Hf9CNwRBmu7ZgjqXYYCMkJHtrOKL6DM6pRwQbQB+CQ7T4PnKff2/dvs6PXN7scRZ2naatl4pgO7WsY+s9FNOg9EKvOFNV0fNV3QBoilpJC2Sr3CxgVugADlDYJmDN4rDPHyu1emo7nAdxPCUYNsScmbrRYdDUsuubTlDUh0Seisk2y1X0ishJidVuI1UKsqlhZDSQgvNFbMgVCbK77DjQFEo40FXPBqAbfgjaDkzbAtsmedi/X+g8WCPqXvi9MDUdOfoIFSoGw78KDCGBAruf2sMIhgspIvbu2DWFlddGOsDbAv9gAD6rcmJEu4CNzZ/hzyKVcRqMUvVMUo49gqCsfws+eyXi5wjoCq0x/oHvpBb85bEquWUxLSUN7+5mWc7SE5cxhOI2XyHTzaMrXG1N0C3QFwbxF0Ksh6HdtiqqBKarqtdIM9s2MkfpWUfc7VUdcD+dbRv2T9AaM3YhGrp5mhFbA+Krgg4KCBlF31nAaZL+4SA1h3yX+lfHreeoj2b9tpwbzTQ1mzANYIKPIkxKfspDzyZSi0Pvf8tjy5MhmH3seGdugIerqXRF2gAU4p9XuHv0yaU6gjavQmfZBx6Mlbj4pUq0WROujGm1Ea5abDV/SM5fthNxQnTDQQqc2+dgmH+vDErmko/WoIKOw3345lLHXqR1ltEiiRRJxTBbmy3829aOL32xhAr9Ji6wWms/iRteDJ4q0X5v4XzftzwRWxB+PnpDe4okWT7wMPPEqalYNOjWeFNd7HZPOsIQzIEP8hXBhAr35zCA4yrEZFy7m5ruh4B/7ieKtM3Umxpo0Lckw8ACH+/0JyZY6UZyylPuyEJtRiiCePvNSsEjdwUiryyXXOPRyCtMGm64t03+8GpEemtR3vNAlR15Z5C03A2sIHdCS16MRloZUqdokuiZuCamku/qcrjqWXVz3jau/xNylaxJddjOlfTLKvypuaPCZe1dj3yn7PGPkc1JkZ8xHuYAHo2OqGYy0e238r+Wzu+1u7KzAV0ZlVubPAgruiid/HFFvxyEl7VGsg1SmrdtJPeylH7rD5PdB6nc3/bDXSdekXOpu6nfXNRz/iHlQqxIpfc3sJd3wYbrhdC+7++kHN/n92k3TG9OSEd9fTOMVq8fZnYg+Y5SELj0U9Z2rnHnowsM+QScA93sMc9O2FWo8bO1tb388//L1azSib5NR33318H/gWcmR+6MAAA== + H4sIAAAAAAAC/+1dW1PcOBZ+z69Q+WELtoDq5pZkquaBAMlQS2YoSDJbuZRLbYtuLW7LkWToHpb97Xsk2e17X91gGL8kbclI56ZzPh1dfP8KIcu2qR+EUli/oG/wjNC9/hdqfDwkUGqdXNkXl398PP302+nnK2srrvZwj3iq/oKzIZEDEoqk0iXC4TSQlPnqlaRCjgPdqIslFizkDknqAi/sU//MVfVBSaOm/veIrFS3+oUH+PfHlmGJk58h5aSEqbj/PsfX2MdJ49QtLY6F8CFfcUu4iLg73Nnf2YuI2CrvLsA+CKvYWTAo7SpdnOpoeh9lIqWVwvSLYizr8mCns9NZgjeJex4p9vYpW1zkbaJE7PtMYmVASoumU8ujQk50mpACNb2QevJMtdTdSkpTIilnFd4hvqbpFyR5SFLlA+qWlFKH+cfMY1w1yPs9vNHZQrvdLvxzcLCFupvppmOujxJe0D/QkUe4zJCQaFAMegxz14rqHvT/P15Fws8PqzMBv9Ax8yVnHrrwQBHoJG4DRcJF3Z3u651d3Z9FXCojdq+xJzRnVt8nUo+614f7B6ZEmeAnxjxJg1ikIHz/Ro8ooyCt9pIR5jDPw4EgbroPXdPn1L1giTqNmHMqu4Pn3f1UwQgKOqnnsXqO5ZO1usNO4ism1P1IfA+VnvFoJPDYmLjoixGRKPonzu7KrR57FAttAZqRhIIe1iVZlpVGz4nfl5rNTqaclL0+w16ta+p5aYlVC/VgUaF2y4V6cJi4fNInvpvtCt/282woIwg5J74sqRniUVkp9UtKxYDdFYeghLHklbx9i70wkWmBGTBfXZtuTRfeUVdmrDBn6WYoh553wagvPzLtFnRBKjQR0JkvcZ8UdBqov+LYpaFIa8WUF00AxOYSTrR/ufaYTPoQhFMi/oBhDSonOfpEgB1SZmlCYuem0IuQJAiIew7sF+ok5n2SAgRZT6ucyCjQ5IlwuEGVC7KV93XvHTYMmA9i+PW7FVCg/bv1sIl6Y7QBgkk7RmXHjA+x1JGCDolteMu+AuIhHJT6HjtS+9tuptoY4/tJO/f3CLpBDw/ZVji5NojiyJoUP0S/Uq5hAGhhwDy34DKG5D0MQyhVCs+UX5J+FJ1yf3A1oNey+BeR87lQkinzPBN3e58eAZhrT5obA4JxmRvC2vzt2H9R36W31A1hpBRGQgoDpYHGCI9ozo/0QufGmEKaFzVeo1Gg2C2JeLm3y8fxZLx++1EgcYxHZIoFJtYDTXOZ1XgMTLNEqArWf4cFKViScUmF141PKhSnmEkMaquxdKadYZnlj4tahxDXL3PHuvyc3E6ozqCUfKB8DBxwWIEDdufDAZfEBFv0WSjP/QJBwOucRA9nCPR1BQZoIUALAcogAMwsHSKEfUu5hFhjD8mQ8bHdG0si7nEQABLQCMEFKLAEAADKyyyoDBzsTgUHXwx96KOmrwIhnGXLlYBUwzO9fF4YACVAO76sWxoLcXwZETGd5d9WZLnPFJOgJinsAcGBLcaiJn5L59+Ly0FRhYCqOVDhorxiz2NOA7nVdFXwe7Icv3WyuiBLR1O4eV+3+VI/FKRela7su35TOqX+NlBWIYbTGsWgg0WtcliQ3StFwHR+P6zIr8MgTkPc47GHvmP8hvp9IF9GTE9e+fV/3y2XCodB0B1/t7ZQwFxVZuSxvfPP/+pf23rCC49PaSknMZ1oY0L/ZoUM3z2yDCMpcTZalxQXzBdcgdAdzOcQ1XFDMge5SN5mDJbKGGjbbDMGDcwYvJhZ9eF8s+o2sd7OqqsT6xxLksQm2wlCO1RpKoh9UOoKW6srFWQXxinfusMfm2vPyy8CShaYjRn5xFNuJZ2sXHKoVfPaBGAWUVyNNVaDZcuazsLwbEnjqUui86O3mUD3KSHd8cXnFs+1K0CPSGcL5xaGc93d+fDc6xbPtXhueq7kWkSROJ8hWX+SaVnIsvb80RSZNDVp1PAtJqC7mxZWrC1NZFlPDCrABukQe6KsnYQDn/lkUQY66S0XbQLpyRDHm/kQx/5TI458cQs5GgI5+szuM85CqST72Et4v4fDHuGIXaMPExoqQ2aDZ+cl1LfRtO5J+pNH07/xFP0x9mh29yv2FL6Zb5Om2S99EYoBOvONrtTxl/o2a2aCTu2gIHdk5woULhC8g1SSVrlIPXtBQajbXwJLvMkp5M0sfRxUbZrdfVn5i6ymVkMTCAv0F+EshSoqYnrz0UbG3mter9LGbI9cYRuDvlejE6CH44pHW3A69kLgis+xmWNrVbbII7J16ruRoay8s282Y94jMnYOuJT4hNewRXM2Y/wRGbsE8FgJfE/r5EpUchWTXAK08qkt4nBSaV3v6iTXr4FcdQxcH2UVlXtDm3Te6yIX36dPIwrx8UXNI9LqMjF+UrLCFIMFa93VZXWsdlPX88vJ5eD3MQ5kCEMfYXSLwcHLcQLBAU0xvhYI/mZeCF7vCqLaa3E6DOS4/HKDrwrPFmraZccXtY0sCcEAwW1O/kMcmU8HbiLG0QbuCZDQnH+wnb3pou69PzNwlSaKuOj45ErdfnFN+6IetJ8wTxaVFmm8tE5nSutkWWnxRaXFGy+ty5nSOlpWWt6i0vIaL63zmdJacAKRmz/ccSoB7QI/MKcq3du59tncn4oE9MmQMM+kYzEuddTUvGq6fHgwgKQmbutS+VlEHTrNwqX8udLV5WAsvmn8GytHxvLV9UqXQHs9c/ySObOtdsOQkWymLeik/LGhcLo9/Ou5j37N6ozB/6FRGYecPtqFy3Z3cbu7eP3Lejp+IWW3iEok8Q2BcqbX9xBGjokeYeCq1T8ox0jvblxH1qF7OPfK3367c7m+FMLuC0ohDCDMMvDjQ/tniH1JPbLR2TnYQrkgrW1YYRWgHOzHMcHaNu7dBGh9D5xH1h+pg4MOWn3GVsr422Yz/raz+tyrnO+mM/529fRPBeON53zn7RzJnCdFo0peaIKfW0C6IiBtwWgLRpfeeJ7HjJmjbWW7xXb3KnaeH7RLVXXizJINZn/L+wR1iFWzJI860qZ+j4W+a3vRFqFHvJNrVhZUE4Zm7V1aAHnlWGehzPJuD6QMbHUkz47GkS2doDES+SOiNxEJ2lAUI0UxiihGQHENdz/MFBV087wkBfTNLajjdQpKqex5SUpRvNlwDHwcaaBNx7bp2HafV8MhcOG6h0oM3F740O68Ko27oPooW6QuxlYx8pY6xXOYa88PxddeX0UErA69Es6ejKkZzLxbcltOcWuNyuIFzF3/gRXm+9EWrfiMB7q/h54rv2Vy2hBcc3RyhT4ynwKX1O+34KYFN+0x2SWPye5VfH7rcH++Y7Kn/i0br+mE7FOspbtEYuoJhGEGKJHhTi29gLNF1NdL7UNwc49xYnZvtwL/dVr81+K/6UfgiDJc2zFHUu0wEJITPLSdUXwHZ1Sjgg2gD8Ah230eOE+/t+/fZkevb3Y5ijpP01bLxDEd2tcw9J+LaNB7IFadKarp+KrvgDRELCWFslXuFzAqdAEGKG0SMGfwWGeOldu9NB3PA7ifEowaYk9M3Gix6GpYdM2nKWtCok9EZZtkq/tEZCXE6rYQq4VYVbGyGkhAeKO3ZAqE2Fz3HWgKJBxpKuaCUQ2+BW0GJ22AbZM97V6u9R8sEPQvfV+YGo6c/AQLlAJh34UHEcCAXM/tYYVDBJWRendtG8LK6qIdYW2Af7EBHlS5MSNdwEfmzvDnkEu5jEYpeqcoRh/BUFc+hJ89k/FyhXUEVpn+QPfSC35z2JRcs5iWkob29jMt52gJy5nDcBovkenm0ZSvN6boFugKgnmLoFdD0O/aFFUDU1TVa6UZ7JsZI/Wtou53qo64Hs63jPon6Q0YuxGNXD3NCK2A8VXBBwUFDaLurOE0yH5xkRrCvkv8K+PX89RHsn/bTg3mmxrMmAewQEaRJyU+ZSHnkylFofe/5bHlyZHNPvY8MrZBQ9TVuyLsAAtwTqvdPfpl0pxAG1ehM+2DjkdL3HxSpFotiNZHNdqI1iw3G76kZy7bCbmhOmGghU5t8rFNPtaHJXJJR+tRQUZhv/1yKGOvUzvKaJFEiyTimCzMl/9s6kcXv9nCBH6TFlktNJ/Fja4HTxRpvzbxv27anwmsiD8ePSG9xRMtnngZeOJV1KwadGo8Ka73OiadYQlnQIb4C+HCBHrzmUFwlGMzLlzMzXdDwT/2E8VbZ+pMjDVpWpJh4AEO9/sTki11ojhlKfdlITajFEE8fealYJG6g5FWl0uucejlFKYNNl1bpv94NSI9NKnveKFLjryyyFtuBtYQOqAlr0cjLA2pUrVJdE3cElJJd/U5XXUsu7juG1d/iblL1yS67GZK+2SUf1Xc0OAz967GvlP2ecbI56TIzpiPcgEPRsdUMxhp99r4X8tnd9vd2FmBr4zKrMyfBRTcFU/+OKLejkNK2qNYB6lMW7eTethLP3SHye+D1O9u+mGvk65JudTd1O+uazj+EfOgViVS+prZS7rhw3TD6V5299MPbvL7tZumN6YlI76/mMYrVo+zOxF9xigJXXoo6jtXOfPQhYd9gk4A7vcY5qZtK9R42Nrb3v54/uXr12hE3yajvvvq4f/BUkT7+6MAAA== istio-mesh.json.gz: - H4sIAAAAAAAC/+1de1PbuBb/v59C1/sYugMhTggl7GtK6bbdKV2msL1zb+lkFFtJtPi1khxgGe5nv0eyHcux8iDQlqbqTEOiI+txnj89LF0/Qsjp9WiUpII7++g9/EboWn0CJcIhgVTn8KR3/PaPo+enL5//eeJsFuQA90kg6ccsDokYkZSXRJ9wj9FE0DiSWUqCuEpUoT4WmMcp80hJS4J0SKNXvqQnhkIz+pu8WVq1KsMNfH7YzLrEyN8pZcTQqaL+IcMDHOGycOobkwsmvJgmjAnjee92GzuNdt6ITXN1CY6AWfXKkpGxKj1Zq2h+HSaW0pnMjOpsNFXZaTQbzRX6JnA/IPXaTqvJ9b5NhIijKBZYKpCUYlapE1AuJjItmwKUfkoD8UqW5G6WqRpLzF2FPCRSbdpHgqVESx9R35BKvTh6FgcxkwWyYR9vNDdRy3Xho9PZRO5jveii10/LvqDv0dOAMFFpQilBPurHmPlOTrtRfz88ypk/bVavOHxDR4SP0GHxKMp5ityGu9PYVdU4xKci7+UAB1x1yBlGRChje7Lb7mYpUvNO4zgQNIH0pkpU8ozSIFC/AhqdK7PKpKRkbzAz4JIgkZSV85NPx7+cRQjJL4iLq4D8fOYkMaeyG/sI93kcpIL8iPqxEHEI9Z456gF4BKMRIwPIPxIi4fvb21R2uUHjMwcJzIZEAK3XD3B0DilF4QOofYvTf8g+ajeTyx+RIJdiyydezHBWaRRHUKEnBbmPaDQijAqo9ScaDhFnnqHC7QALwsU25MjStvpBSoJ4GG9FcR9750MWp5G/lUYDBmL3G3w81Jo0InQ4EvuoA+2BipAS3U/bOOPM9u159CNiWYnwTeuv21HlZ+zL9INyhCMDK4dUjNJ+w4vDrEPZp4mxv8QJiVACHBjELJStRmKEBQK/MgYrgfJRGlFJQxf4Col4juC2/djj26AfHkkE3+bES4H3V9vGehWVyAo3FynEVLkC/PWAelshOO0hCUEXzTXAAxHxhKoC2OSjW9YT9zlhY9ynwcxOhHFERcwU20LqsVg+QT3CG3ldfZbL6w0hPhqRIPl1XgOg+C0ajeNgTHxzjb/HNAIJkVwBQMIhyEdcySY0dIXL/pb+eMiofxyXDjdzhPCzrXmrC/jd2tESLgtfkf++kr8LDzYpO7MAFVPABqbihdsucUXFw6ikMFauGFgRaoFGmUm1qRNDkLndvUQ4tWYIKtRTOiZhOOIJZpnD0h3+xDNLB2KOgh72RuSUhiROheYocy8I/uVg4ht071vS32HwI2YS12IdysNNawfCTGcn+99sdCsBJ8vRfgKBqNXdRDtNmWXPkKcDFPdJC7J0VClPHhecKrm+MHg60uKxEmmcaMlDnA6nBBPiy6KfblPXlZBGBUFP5qP4YponUhxgE0AK/NcSfPJ5OY4wOyeKg1KgNTVYWtN3Fyh6u1a0UuhWs/wNoRBcRDCtHQZFj5Mq4ClV4Sg3gbFiltYGFbMLKugw1ol/peAABlcTcipinRwzCjqPCzgxgt//gAXhoKIvxE898oehZUr7A6+qpfnYgIs3sXgD3XU0yodN/dkBJYHPK6aYgULZxYlsJ5QbXcpgjpVO1YQQ4iSh0fA0s1/XlF5td6VbBXBTTZHxTNl/vZWyaFMDjYWBlxkuKKxVFlYzRzChQ7DIY/DtarSm2ZEj9UoRCqbkYY34TiXPqax5Sg0BZYgBvay6xDzxN9CGk9yddprfaXSITbVnVNrMR1T3j3Ayh+0D8DHyOdm+KoNE1nDnzfbTKUI8eWAO76R3Pwd7mw4XNAiqYL4NQN519+Bjrysdo7tX8Z0DWU9tTCAL1ovJSmlJF9ttV57P3ZrRIymADsWk4fSQWcX3OWwjl0lWtQwyGzwNNyjgXLKhEIMaCwNw5T0BY5DgmpEkZuCQAC9kzv3MuXnvhh8eP5b9bTYrIxjNe/2GPaF66FbIIPNswD4lFy6IHELszBHKxFXzqf4WEfpFAMA6QG+zDqB3kjekPpXAwZ4DyICFNrCUBqWr4p6uioo6XxVj2Xrn5yW1sLDfhYqoMhYzGHg8tJhiNqZICGSLhESud8YWex8LXOgx6h7Qxe6S6MK16MKiC4suLLr4dOhC4opbwYpNBN4yAbMmPQ8U51//O3M6jR8mcANto1sXmT9aFVIZMQSEzB4n4Hf45wExXYh83a783+jMBjQnqecRztFb6DraiOJoq3N5OWEWf2whjp02WbdpE7e1JLJpWWRjkY1FNhbZfFpkQ+8CbX4GaLOjQZsHi08MmGTn8pJbwGEBx9oBjr0lAUfbAg4LOCzgsIDjCwMcnS8UcHQs4LhvwPFNq9v1dnZvizC+8Xd2cBvfDVHInXRf6daPXTOicF0LKSyksJBiPSHFtNd5KJgCVGQjoUEseud7vOcNhj0yBgPn1zLCApJ4R5lIcXCS7T2ViELRgYJ9H4DEY7SFNlYvxCcBEUSVEzMky0kT9ANqflRsshIMCclvmapVLEGmn4zoQNQJOW7J+47yzq8ThvFSpja/WhzzVeCY3WVxzI7FMRbHWBxjccwDwjGHEGBppOz9bRqsCmTmlLL+SEbrPJK9t1DGQpl12VYyE8t0LJaxWMZiGYtlHhCWeYEFucBXK2IYw9Prj13yTlvIYiHLumxMmQlZdi1ksZDFQhYLWR4QZPl3DFyIsf88EmxV4DKzjPWHL0XXkew7tTMvFsas/WaYJxbFWBRjUYxFMQ8IxeR7OO4CYmYVsf4YJu+5hTAWwnwV+2C69ig3i2AsgrEI5iEhmGNC2NMUvHgkqKfMfkUcM7+g9Ucz9f6j4zignkU2Ftms/baYrj1HzkIbC20stHlI0CY/7/Ve0M3CstYf4BhZYDGOxThfyT6arj1RzmIci3EsxnlIGEdGY2njyuJVLF51HWpBSeuPbyoM+PpwjdLSqeC1DGIo+wzu67slroBqube9A6pbvwOK+gqE/TEmjGX361XxlIrYT+ZeBpXgIcmbXlEIRhKChTn1kDLwwXlwHWtXSHksrh0UpVzDS4J9wmqUmIkaJICEjn7nIOHeLMeirqyao044oJjr+8Sq+qPjD72Xs6Cohj3nnEa4LEIt880+lbCOLUAXwcIK5/If+Ld1dLR1eIhevtwPw30+5WR84tEQK0TZqhCkJtQdfk44VX75QF5/NjvP5F7DchdeeeFiLfufTF1uuj3Jsu3384v/LvLHtya0X8eYbUl0AeHNIz9/e93reSQIeu19hi9uvpfU4qGS2FLEas0JFuBklZr65VuavQujOkCYl1fJleytd5zjiIrMWOrEii9+XxVb4TXBYn0SVetVN3LsKzthwlmIuiZKbZXZIGbpDp3PKpZ8goBb8RjEo8bE6JuntxdRlIZ9iCBGEcljWJcX0HGniV5D1yLvyspotowO7ldGt5JQ10poCQk9+5wS6loJLZbQ4eeTkH4rymwRORI6OV+3kJ7PE1K11Y1uZ7ojyG00m7ObvYxY9ZvZlhewHdPMGNNUTymuD1e+zQYM9ztamTUe+X7uUOZWo5UeFHXP/uSW0Dbfqmw17pNqXH6/+ZTC5amlRrnLaxQ3yXEZZeKC0Whoh68fLSQZ7X7iPj7uwLY+ubzs9HwgVy17f8U02rjrtXZAaTWb5a12/Su0YWLKJprPqio9V/jHm+hspmuVTTlzGtkfU6bZlLLaM2f2QoBcBakSR4Y523xtgAscCZNrWbBsEJAhifxSK6+vjYy6uWnMoJR9QTdT3sS4JLG5tGpsjEAn4iHDYe/vFHpHA7LRbEiDMytNz09Z1raQBgHlxIsjn/f6qXdOxJzrDJXOBMSsIYv0Rl2k6DabTbXAs3KLP1VjrULfi0If3KNCd784he5ahX54Co3uptHP7lOju1+cRnetRq+bRh+uptH3fs/yqoj0Ljc0r17pOqlffdT4IBTz+dwx1MyNOPl+m5enp8fbL94eP0PFhJ6+2YbhiEt+1rk5GeJlyZ95N0tl9+hSu1nazRW3s7jN7ur7WezOFbtz5WNPBduNKwt0+uBKEI5O5CY8q9Wr7ZGotvpuy08Ht9o9kQnvLfEIHRPrlj7dBorbickK5kFuDrPh/CEt2n6CSL3aoq1dZ1vjdTa7ym5X2e9ty8bHWLQVXtJjOcDr9SXe+3gTVHaddtHU1L2uwRokzWEcZqX8QKV8cKe5xdNnxx9hVlEFqmdFyLkuJ7X6mNVeXXekP31NoqFQ04TNSjoxZV84O0nVRJ27eFKye9s5yZ29Wacul7VlIq1WBhwZRk/5qeJZ/S1aead9PbV4D7FOCfGlKZVGhlRGhyNxYtRc/Z1c/RVzaeSG3Ma302/0qVbCp6dBZeIF9TPZzpuVrb3HXXkTutgBi4f1Od9EPsWwT1Ouz69m6XX9AZb6hKkJW2cQxNrLqdk7uMXc8lT7lLswqSlYvlebSoRUkiTEf529eF2lLR2ApS/O3HA/pYGfeVcvDpM4Al5sImDHvb9VbHBIkxrBC4FWX8t6lws7899Gfv9hqbeR35Jhfv7C1APzX1N+JRmHnhVt55J57wjjcmq/zD0Bh9e6VWBG/Lpd5FP6zWmT6BUukUY+HVM/xUH9VIYijzq0omzAJb6kU44pW27mNRjvhLlliOokRXHKwlRus21PbPj9h1oTr/DlvBWHUrcyiFlVG4kgTCOPIB4eYE5qepa5sFr2zIfVkuuHB8wGNQ+gnVPHd9TM4KoudRUhTKFBpr8m40mrH+mFyk9VrLQ/aVqy2+1mZvIO90YkxIXSF2tw2dKSGotgdp7lBIsuJZ+ZjjMpWpAwCQCPRMNJk8GDc6GpyrUpalWkwkmQncphwEjF+/s+GeA0mHFAyIRqPBYlh2a6bdLIC1KfPDWfW2HUAyeECqghe3GQiQY+9MNkJifE6OM15++UsCv1+kYdpBTk4gggp3ruTCFLt5I6JJfTWfk5TWDMenIVeaYzgXKnozW7oj7SB9xkMqZheUJIeRpJfLHlFt6qOHAENLzyWELBX7Hy4bz1vSLQ6C7F6Wg4zW1qP9r6Dzcsv3e0767+o93UKZpPbWnfXT/r8YeiDzIsavJaWIte8K5esF5La0f/oZ0888TX21u0pcK+f2IFEZw+iy94PqifjmJHwE90WJm1cFIFPJ0Xexev2e+v/psb8nhi7J1HN/8HBvVxgHC0AAA= + H4sIAAAAAAAC/+1de1PbuBb/v59C1/sYugMhTggQ9jWldNvulC5T2N65t3Qyiq0kWvxaSQ6wDPez3yPZjuVYCSFAS1N1piHRkfU4z58elq6eIOT0ejRKUsGdPfQBfiN0pT6BEuGQQKpzcNw7evfH4YuTVy/+PHbWC3KA+ySQ9CMWh0SMSMpLok+4x2giaBzJLCVBXCaqUB8LzOOUeaSkJUE6pNFrX9ITQ6EZ/W3eLK1aleEaPj+uZ11i5O+UMmLoVFH/kOEBjnBZOPWNyQUTXk4TxoTxvHfbja1GO2/Eurm6BEfArHplychYlZ6sVTS/DhNL6UxmRnU2mqrsNJqN5hJ9E7gfkHptJ9Xket8mQsRRFAssFUhKMavUCSgXE5mWTQFKP6WBeC1LctfLVI0l5q5CHhKpNu0hwVKipY+ob0ilXhw9j4OYyQLZsI/Xmuuo5brw0emsI/epXnTR62dlX9D36FlAmKg0oZQgH/VjzHwnp12rvx+f5MyfNqvXHL6hQ8JH6KB4FOU8RW7D3Wm0VDUO8anIeznAAVcdcoYREcrYdrbb3SxFat5JHAeCJpDeVIlKnlEaBOpXQKMzZVaZlJTsDWYGXBIkkrJyfvLp+JfTCCH5BXFxGZCfT50k5lR2Yw/hPo+DVJAfUT8WIg6h3lNHPQCPYDRiZAD5R0IkfG9zk8ouN2h86iCB2ZAIoPX6AY7OIKUofAC1b3D6D9lD7WZy8SMS5EJs+MSLGc4qjeIIKvSkIPcQjUaEUQG1/kTDIeLMM1S4GWBBuNiEHFnaRj9ISRAP440o7mPvbMjiNPI30mjAQOx+g4+HWpNGhA5HYg91oD1QEVKi+2kTZ5zZvD2PfkQsKxG+af11O6r8jH2ZflCOcGRg5ZCKUdpveHGYdSj7NDH2lzghEUqAA4OYhbLVSIywQOBXxmAlUD5KIypp6BxfIhHPEdymH3t8E/TDI4ngm5x4KfD+ctNYr6ISWeH6TQoxVa4Afz2g3kYITntIQtBFcw3wQEQ8oaoANvnolvXEfU7YGPdpMLMTYRxRETPFtpB6LJZPUI/wRl5Xn+XyekuIj0YkSH6d1wAofoNG4zgYE99c4+8xjUBCJFcAkHAI8hGXsgkNXeGyv6U/HjLqH8Wlw80cIfxsa97qHH63trSEi8JX5L8v5e/Cg03KzixAxRSwgal44bZLXFHxMCopjJUrBlaEWqBRZlJt6sQQZG53NxFOrRmCCvWUjkkYjniCWeawdIc/8czSgZijoIe9ETmhIYlToTnK3AuCf9mf+Abd+5b09xj8iJnEtViH8nDT2oIw09nK/jcb3UrAyXK0dyAQtbrraKsps+wa8nSA4u60IEtHlbLztOBUyfUbg6cjLR4rkcaJljzE6XBKMCG+KPrpNnVdCWlUEPRkPorPp3kixQE2AaTAfyPBJ5+X4xCzM6I4KAVaU4OFNX37BkVv14pWCt1qlr8hFIKLCKa1w6DocVIFPKUqHOYmMFbM0tqgYnZBBR3GOvGvFBzA4HJCTkWsk2NGQedxASdG8PsfsCAcVPSF+KlH/jC0TGl/4FW1NB8bcPE2Fm+hu45G+biuPzugJPB5xRQzUCi7OJHthHKtSxnMsdKpmhBCnCQ0Gp5k9uua0qvtrnSrAG6qKTKeKfuvt1IWbWqgsTDwMsMbCmuVhdXMEUzoACzyCHy7Gq1pduRIvVKEgil5WCO+U8lzImueUkNAGWJAL6ouMU/8DbThOHenneZ3Gh1iU+0ZlTbzEdX9Q5zMYfsAfIx8TravyiCRNdx5u/lsihBPHpjDO+ndz8DepsMFDYIqmG8DkHfdXfjY7UrH6O5WfOdA1lMbE8iC9WKyUlrSxXbbledzt2b0SAqgQzFpOD1kVvF9DtvIRZJVLYPMGk/DNQo4l6wpxKDGwgBceU/AGCS4YiSJGTgkwAuZcz91rj+44cenT2V/m83KCEbzXr9hT6geuhUyyDwbsE/JhQsihxBbc4QycdV8qr9FhH4ZALAO0LusA+i95A2pTyVwsOcAMmChDSylQemquKuroqLOV8VYtt75eUEtLOz3RkVUGYsZDDweWkwxG1MkBLJFQiLXO2OL3YcCF3qMugd0sb0gunAturDowqILiy4+HbqQuOJWsGIdgbdMwKxJzwPF+df/Tp1O44cJ3ECb6NZF5o9WhVRGDAEhs8cJ+B3+eUBMFyJftyv/NzqzAc1x6nmEc/QOuo7Wojja6FxcTJjFn1qIY6dNVm3axG0tiGxaFtlYZGORjUU2nxbZ0LtAm58B2mxp0ObR4hMDJtm6uOAWcFjAsXKAY3dBwNG2gMMCDgs4LOD4wgBH5wsFHB0LOO4bcHzT6na9re3bIoxv/K0t3MZ3QxRyJ91XuvVj24woXNdCCgspLKRYTUgx7XUeC6YAFVlLaBCL3tku73mDYY+MwcD5lYywgCTeUyZSHBxne08lolB0oGDfByDxFG2gteUL8UlABFHlxAzJctIE/YCaD4pNloIhIfktU7WKJcj04xEdiDohxy1531He+VXCMF7K1OZXi2O+ChyzvSiO2bI4xuIYi2MsjnlEOOYAAiyNlL2/S4NlgcycUlYfyWidR7L3FspYKLMq20pmYpmOxTIWy1gsY7HMI8IyL7Eg5/hySQxjeHr1sUveaQtZLGRZlY0pMyHLtoUsFrJYyGIhyyOCLP+OgQsx9l9Egi0LXGaWsfrwpeg6kn2ndubFwpiV3wyzY1GMRTEWxVgU84hQTL6H4y4gZlYRq49h8p5bCGMhzFexD6Zrj3KzCMYiGItgHhOCOSKEPUvBi0eCesrsl8Qx8wtafTRT7z86igPqWWRjkc3Kb4vp2nPkLLSx0MZCm8cEbfLzXu8F3dxY1uoDHCMLLMaxGOcr2UfTtSfKWYxjMY7FOI8J48hoLG1cWbyKxcuuQ91Q0urjmwoDvj5co7R0KngtghjKPoP7+m6BK6Ba7m3vgOrW74CivgJhf4wJY9n9elU8pSL2ztzLoBI8JHnTKwrBSEKwMKceUAY+OA+uY+0KKY/FtYOilGt4RbBPWI0SM1GDBJDQ0e8cJNyb5VjUlVVz1AkHFHN9n1hVf3T8ofdyFhTVsOec0wgXRahlvtmnEtaxBegiWFjhXP4D/zYODzcODtCrV3thuMennIxPPBpihShbFYLUhLrDzwknyi/vy+vPZueZ3GtY7sIrL1ysZf+TqctNNydZNv1+fvHfef74xoT26xizDYkuILx55Odvr3o9jwRBr73H8Pn195JaPFQSW4pYrTnBApysUlO/fEuzd25UBwjz8iq5kr31jnMcUZEZS51Y8cUfqmIrvCZYrE+iar3qRo49ZSdMODeirolSW2U2iFm6Q+eziiWfIOBWPAbxqDEx+ubZ7UUUpWEfIohRRPIY1sUFdNRpojfQtci7tDKaLaP9+5XRrSTUtRJaQELPP6eEulZCN0vo4PNJSL8VZbaIHAmdnK9bSC/mCana6ka3M90R5DaazdnNXkSs+s1siwvYjmlmjGmqpxTXhyvfZgOG+x2tzBqPfD93KHOr0UoPirpnf3JLaJtvVbYa90k1Lr/ffErh8tRSo9zFNYqb5LiIMnHBaDS0w9cHC0lGu5+4j4cd2NYnlxedng/kqmXvr5hGa3e91g4orWazvNWuf4nWTExZR/NZVaXnCv90HZ3OdK2yKadOI/tjyjSbUlZ76sxeCJCrIFXiyDBnm68NcIEjYXItNywbBGRIIr/UyqsrI6OurxszKGVf0PWUNzEuSawvrBprI9CJeMhw2Ps7hd7RgKw1G9LgzErT81OWtS2kQUA58eLI571+6p0RMec6Q6UzATFryE16oy5SdJvNplrgWbrFn6qxVqHvRaH371Ghu1+cQnetQj8+hUZ30+jn96nR3S9Oo7tWo1dNow+W0+h7v2d5WUR6lxual690ldSvPmp8FIr5Yu4YauZGnHy/zauTk6PNl++OnqNiQk/fbMNwxCU/69ycDPGy5M+8m6Wye3Sh3Szt5pLbWdxmd/n9LHbnit258tBTwXbjyg06vX8pCEfHchOe1erl9khUW3235af9W+2eyIT3jniEjol1S59uA8XtxGQF8yg3h9lw/pgWbT9BpF5u0daus63wOptdZber7Pe2ZeMhFm2Fl/RYDvB6fYn3Hm6Cyq7T3jQ1da9rsAZJcxiHWSk/Uinv32lu8eT50QPMKqpA9bwIOVflpFYfs9qr6470p29INBRqmrBZSSem7DfOTlI1UefePCnZve2c5NburFOXy9oykVYrA44Mo2f8RPGs/hatvNO+nlq8h1inhPjClEojQyqjw5E4Nmqu/k6u/oq5NHJDbuPb6df6VCvh09OgMvGc+pls583K1t7jrrwJXeyAxcP6nG8in2LYpynX51ez9Lr+AEt9wtSErTMIYu3l1Owd3GJueap9yl2Y1BQs36tNJUIqSRLiv8levK7SFg7A0hdnbrif0sDPvKsXh0kcAS/WEbDj3t8qNjikSY3ghUCrr2S9i4Wd+W8jf/i40NvI78gwP39h6oH5rym/loxDz4u2c8m894RxObVf5p6AwyvdKjAjft0u8in95rRJ9AqXSCOfjqmf4qB+KkORRx1aUTbgAl/QKceULTfzGox3wtwyRHWSojhlYSq32bYnNvzhY62Jl/hi3opDqVsZxKyqjUQQppFHEA/3MSc1PctcWC175sNqyfXDA2aDmkfQzqnjO2pmcFmXuooQptAg09+Q8aTVT/RC5acqVtqfNC3Z7XYzM3mHeyMS4kLpizW4bGlJjUUwO8tygkWXks9Mx5kULUiYBIBHouGkyeDBudBU5coUtSpS4STITuUwYKTi/X2fDHAazDggZEI1HouSQzPdNmnkBalPnpnPrTDqgRNCBdSQvTjIRAMf+mEykxNi9PGa83dK2KV6faMOUgpycQSQUz13ppClW0kdkovprPyMJjBmPb6MPNOZQLnT0ZpdUR/pA64zGdOwPCGkPI0kPt9wC29VHDgCGl55LKHgr1j5cN76XhFodJfidDSc5ja1H239hxuW3zvad1f/0W7qFM2ntrTvrp/1+GPRBxkWNXndWIte8LZesF5La0v/oZ08s+Pr7S3aUmHfP7GCCE6fxec8H9RPR7FD4Cc6qMxaOKkCns7L3fM37PfX/80NeTwx9s6T6/8D/yK5D3C0AAA= istio-service.json.gz: - H4sIAAAAAAAC/+1da1PbSrb9zq9oa+beghQhlrHBOpWTKjDkTGY4CYOZnKo55LqE1Ni6yJKjB4FQzG+f7tZbahn5Jcn2/hACallqde+9e629ttXPOwgJg4FmTFzHFn5Bf5K/EXpmP0mLIY8xOSqc9QeXV19+P7/+2/m/+sJ+0KzLt1in7ZeWOcbOCLt21KhiW7G0iaOZBj0lanCeJuyiquzItulaCo7aJro71IxPKm2fcC7qtX/2uxW7LTvhhfz8tu89koW/u5qFOQ8V3H9oyXeyIUcX11Tu4WAQfks3PGDL9p/u6KB9cOh3Yp9/u4lskMHK3mwy4t4qfjh2o+n34A2pljuYRnYYebfsHDQPmnM8myPf6jh7t+vk4eyzhZMoG4bpyNSA6Cx6NxV0zXbCOY26QlpuXU13PtErifvR0diQ8B+VnIMN1qdfkGO5OHZ8pKmco5piGj1TNy16QWt4K+8291FLFMmPTmcfiXvxSwdPfRI9C/pfdKJjy0l0IZpBe3RrypYq+G0v7P9vO/7gp93qk01+Q31sPWgKRmfBp5E/rEg8ENsHR+xOAlY1x3/QO1m32TMJQwM7zN+Ojw6PvCPU+K5NU3e0CTneZAc1B1uyf1OxI3U6ktiSxGPpmLXqmnHPPM2bOGYOHM9TTF2XJzZWU4NKbqmpl2Y0y97op2byB/m71Y4deAx65//9RP8Ohi1pjGLzKIohyd4lrYj10nCwQY1MeK9qD0jRZdv+9SaamrcjLKvYQg5+dN4q5FRs3Qgfboz3Nrn0h/751ddPvfNf0F9tb1bev2PHSfs7crkPsVknN7vTsK72TONOGyae3g+hd7KrO3amhfbStR1zTFteEk0v+8lrmMQSyOh6gfDbTs6J3BkIZ+Ewdc30TPBmI5wRMfeebGa6UuJY0pLCw2OTeaIwcsZ6cgDNSTJAVDKN6R7mPrK3fn2NYt7xgUiCa+IcR3OYjwqpw5ZskB5Y3jMlY1IsgNCnie4fu3vSxmVlhK+1MTZdejXD1fX9pA+Q+HYqK/dDy3QNNR4xkud8lXUX5zcn3YwdZxGz1SaRstP2/jUPpL30cHpnHR6TeNqS9lG7SU/r5pzXIa3icYuc1mFXO96Lz0DSkgqsBzVyyzvTGsvMhs1JqotD2R3ibOfG8mMwJ2Iz7Y9jYnt+Y7rJHpk/ePNITWtEcNTI1NULivfs1876XbbuMZt5aqTzRZw2J+IcFQw47ekBR2wlj1G/f5B1nhfkBKMpIYeY/O9+IHhgA53qH1tbgzOIL8vpE/6f2I929xSe4jpm+hTT0kgMCBZjYUT+/klinaxnfAOrroK/5PSWRQFdyXqoD+1t57PpfCZDIqRav+2nr8O8xc6ELA/f0WEIbWaqT9DQlXjw3Ikcy5OJZgyvvZgn5rVlny0zBAE+Y91EjslWg5ynSC1mmQfIvTiJ3MMCF28lL54bwoiLn5EodmkS27Wzfi5QO2aNwWCSpdDAikNwV+a8a9ojjulPTNu50x6zy5Df8JFYXF/7yS7faf5P6hwL8z/Ljk/9KBuq3wlIfH3q7iwWaNljZAfV8R5M+PzuhNNohh8sOOZ05b0n8YATce80XU/ygUPCBUSxS34QdEMWJLGbWbfu6L2zy7gXdHD8ct7VWnSJkw4z1/HD9tRIy0A/uaQ7NjiwQraG2Ckw3Phx4nWJAoJd2x3vaoQR4F2NMhBGt7Ht2AOH0Bz92cIT0yKB9df/3Ah//U7+uhH2yWLnaAaLWwMfU7Fm//cb4eXPzvjb3h4dsWZT3MtOW7QaOgS60Ito2M6eFoT0j7LisGEUM6cQQ/SSDBzjsB08SS0j0ywjXPdszuAGUK6n05iNrrxRQl/pZGCBC+BsErx0cpKcjBRelIj7TjftO+yMYr5j0icUfp3RbYJANZPnsA8FGRvFtRiArT1A5UDKRRBqFu8uCFBVrGhjmYGxzNjUD7xOsEUJlmtozlJBbLcMFJsGLiuAsUdzwNg2wFiAsQBjAcYCjJ0Hxq4CwO6TtWNCghQeKMRkG6Stc/AmxLXoHVohai4JLc8FiiUCfiSJ/jvoTAfIfVdRsG2jKzJGaNcwjbedx0cUDKu9t4WQWX4Yvg6XZV2T7V4AaJ+TjnMrW1y4w1LhF9gYOkxqaWbacN7H1iqFqrEQJWYO/mbJquZl05vLh3TJNOOrmG6kqSo2+p6P8gbdE0uOk8AODzHjPql+EmsYGif2dVrsi5/yMMxpCSgav5VKoufjifM0pf3f2DJzmsman9eiGTktljYcEQ/mSLHppSMNxGhQzbloLp57SUNnbPPkFtrwQ1OdUca0ctB2Bs1k1vuAJclDPl8toh1N6B2oXbu0C51sG9+4yISr2MJsYbzTzVQY9VaOLwl3S6MKBecFEhKWlXvuXWmiZYLVCw+OZNtnXtN3R2RZNQk5GQ++u7LhaDrebR5QKp+z8A5U11O1B2MSEDQbE4ip2oNbV7nHzrzLscgW+9sntKtjtuoTYNvcQ6aF5u/eKnq2MGLgM6UCeMKLWx/Du112mkJx0LG/iDFI9TYGae2Mwa+R4cTYOW1BmmYLp0u1BanetiCBLUhTbKE3FxlJLV30eT56DDyTPKBtV3jop504H+yPtDuH/0l+3v/Mn7YUjQlrrZ7T0Ea2MsVSQRuZZ44AznDNICBGmqFqD5rqylNKUmLlkLGaQw/Hyo8aBwZ7tsZLPcfqYOj4pFm+n0jifCofxIVAbQrEf5IfiyTJIivm2G5Qy5rtHG00h6eyjblG60Fa7sc8TMtt4ic8Xo9osWcYUQuoyXNwsqK57vjEtypGWvLYCm27wA/hk+3wblRDLekvLUlS2kfzakd/Udtt+VDevGqmU6hm4uUMurPrQF3QgUAHAh0IdCDQgZaiAznKhLAsBWsPWB3cPjl4mjiDinKr2lAqYeniTo6gc927JLTHG0d0SscRtBuoxYda/O2qxe9OB6/SMYBXAK8AXgG8AnhdfS3+jRCDq1tekE+/MY0tKMiHgnwoyIeC/EIF+a9h2S5gWcCygGUBywKWXWVB/swodmlV+fPi5zUvzfehMpTmQ2n+BpfmdxcszZckKM2H0nwozS+5NH+ONbnM+vyFuwdF+jU1C2k9zWKry/VLsAoJrGIjCvdT+gAU7kPhPhTuQ+E+FO5D6VPRwv1X9KJ0dh0EIxCMQDACwQgEowUq920SkKBqf7Gq/T79xjJU7Mc+8y3auyYYqN+wga3YSheOjkXcgLtXSgmbX4h5m1+0y9r8onfx6fzzNfrjy9U/Lr6cnPW3fO+L1nQI2O7Uc++LWWZx7ba+AD32NT22uSQ99ojjOhntNc91Ogvqsa1OMT12CWIrBzvNI6aus1qKZBv9pNoyqKbLVE0L1ff7pMpXFlxLc54GE1PXlCcS8ceu48r6wNHtgqVSWbjsxa/BD5PwDlNWvU9Yyg892zagRJMNXnCWYUeVVlSmSH1gH+VeYR8l6rZK+RZCGnc/P6f7h15eDrJHo16TdkSCzHOy8/To7o2rdg9V8lMVm+Pri/6eMM+3IFpzKWoLGlIjbUmvUyg6fRzqNc2Y0DpZ07Ip3hJNbaogW9Cu6qjJfTIUkyyfw0CVswlLRX02POjEUMlhbxxQj65MMyp13BV566S6bH7KkVNEeolqXvp71CvWwQROqQLIeeXJecC8yqqELcy8uKWwC1Ovoyqp1wrKXKGOFRjZ/NtGoOIEDc37ZZbqgPWc21osd1Cqe/o15w+VktLlmk0DnGlZzB28aS5v2nje/dpXACM+DnWy1dbJ5r3fYRnUVCCQUBSAYwPHLvpmFFuxtElQJri1BLxbUPkUxUX5d612iSqHose/iQoUHih8tbtE1ZDdinOJZqXuYLVRo1YjKpPqKSMyub1/eUGXnWa1iYEStu7aLg+VwEM3y0OlGT30tBwP7YCHzuuhHfDQzfLQzmwe2ivHQyXw0Hk9VAIP3SwPlWbz0LNSPLQsHtoAIrolw7beTHSKQ55vFO1sAO8Eh1wD4jnFIT9uFMtsAM0Eh1wDnjnFIX/bKFLZAFYJDrkGtHKKQ/5tk75/Fb4VEeq+tvL9iFDrBbVeNpRzxcq5uisp5+rWvJwL6rWgXmuF9Vozp3q997+BBAOFRnOZlgSmtf6mVX2JzMz5N7AtqO1YxLQkMK1NCFsVVyWUirYgNbm5anqp2AoMaXNV4FKBFBjS5qqXpcImMCRQ3VajutHX64PiVhfFTcXKbWavBBDeQHgD4a1E4U08WoXydgTKGyhvoLwVyQX571GDRCNIb0tPD4Ftgfa2spQRGBeIb6vKIoFtgfq2MvVtCcYFOUqQ38CSQH+rE5gCSwIBDiwJFLgaKXDhvmKgvIHyBsobKG+whVhMeuO+wvx4QeWt21zpFmKwCRjoYgvoYvzddB1lQoCrgrUHrPrAda32v5oHtm7CPrr13Jt5WdbU2C5zKsliNnWrp1NqaOjKtzt0R+6EwgLE694l6oWGBvSnWvpzCpsnL5n5ZJ8DiA8Qn9n2Tl6c+bSA+QDzWT/mY5NxTeDUGQgOF9ICTN1cYjODsTTAWoDULIPU9InNIccEOgN0BuhMaXRmJ3W7yCt7OsXm6A8/EEWzH5q/RR5jJzYBQe8ExdR1eWJn/JAL7IUUgGSAvtWOHUipGAzHB2EtnHsPnYvNEJ4LE9nAetLGE5SNrGmOB8SF98TnkaLLtk1WM0q8bk3ZUt+OsExAIXLwo/OW4lJs3Qgfboz3JB4bH/rnV18/9c7RH1+u/nHx5eSs//4dO07a35HLfagnGZtKrQ451Co+E1M1pcPce3rf1ZKKcIQgFI6ccYoamGyDYk7Hy5zGdA9zH7kIUwk9LXXYkg3SA58jZmhX4Hz0aQRISyyclmjWQY89WjApIa1Wjl3BtxzXOWeBZBv9pNtjQ+5i9bkL/10fs2ctXmecIVEli0V0cuqjCTqq2g6jo7wTUpSUnOpR0k5ISXmfSjJjXt1hWGupEBOsiqvyOukT1un9JychEoeek4+B6pn6KGxrc4m2ueaGXrU3tMYGt4ICguVb46amVtIvp7FpeexZNEYhvUMnhorCQtoeXe1mTLhwV/mty7ikTcVDM4mjS0zKmJCUgepaYHN1E5kXpnNilXSONv+b0htQqEGhXjrLewVz54PkpRbkJvBfg7R1Dt7UDYnTzenqMVr1GpaNYSKVMuAVWFYDHHHVwwWeuApP3Hj233cVBds2uiIGjHYN03jbeXwMkyD2Xl5WAIouqi268NGma2jLJ8gCAaaiAEwfmH4xpk+iqGJpTIXPitZb/npb7ndsW4tmAdo1f7vtChIF8PJbSCT8uche99N2Qiq21/1aUWlxQa2PvtSGsBux2WzuIdNC848pDGf93hG0WHqi8lcQ7868RRV4+HweLoGHb6WHV/0e6N2Z9w4DD5/Twzvg4Vvp4RW/jXt35k3dwMPn9HAJPHwrPbziV6LXgIc3gIgv1cUb4ON1Y+Ilvpm+BrS7AbwbHHqziXeJGwTUgGU3gGaDQ282zy5xn4YakOoGsGpw6M2m1VuzYf2Zb8ds6wzPuqACsCYVgPD9Pqj6g+/3VVbY111JYV8Htq2Hyj3Ytr5wbpu/yxxoVlBZtvrNV8ECN9ECqy99mjl9CCYIpTlV7fYKFrihQbDi2pHykSDkWbe5tKF83Af2ts3Ke/kgD+xtm4Xh8iEd2BvollXpln3tJwbNsn6apYoVFldAugTpEqTLqqRL8Wgl2uURaJegXYJ2WSBj5b/YELKmIF5WlcQCEwT1smr1EmwQ5MuK5UswQdAvq9Yvl2WDkHAFAbNU7AcGBwpmqUAPDA4kzFJhHRgcaJglaZjhDougXYJ2CdolaJegXXK3VeRuqNBdVLtsrXRbRdgYEZTFBZRF/pbkjjIhSFfB2gNWfaS7zlv/LYZzN2sz8qp3ACzB4BpgcaUb1aZuZndKbRFd+aaJ7sidUFgSet27RL3QDIFEVUuiTmFb+iXzp+xzAH0C+jTbrvSL86dD4E/An9aPP9lkXBNQdgaGlI96AckuiGRrvkH6UuypAQZVI4PabGrUJ2aJHBNIEZAiIEWlkaKd1O0ir0xLu9H0h/ZvkefYCS7DLkEjEo0jtPWw6X1EsJURHssR+GsdeYedJ+9Oqmzde2cS/BgZpfCJLllCeGkHjyc6CY9GRIoIYLWdmBVH4xMD689JPKiTeMKNEOQGj76IyhhW0rGZU8VbecQySNDGQgwJKIruqvhE58D5HMsjay6JbpzT/WgQp5GxVpPtbp4Ow8J3F1uUQAkTHt30mr8GTxdvieZSTBwd4sf0qfa9NvmXpfefDIXT7cBeYt3eSY1dbOZkXQ+6kxqW2JzGB70AqaazphkaZ/f3uacscBBhhnmzsx95bdLY7QZeSN/lYKy9lcxYdqmkvsmmxf5n0DUh2Zp5BnqMf7JvD95DxhpcG197F4pT27mNZHbHD4c31/mjM7gBoCJbvPJhOc8Yk48b2uJ3AuXnNsSABqzU+lrrbX3lmUVqhkOr6Ok0SReu4OhzQCZmMBPbUgx7Fjthv9DyRnJdj3/GX9mSkeMopaOmmEch4wzyxaN73kDyOB3dByO6JZfsFr7xf2a68yyO8O7gTURpb4TdP//vRvj2Zu/gzTtwkYpdZDbH+KFX6Bip3EquaXonUi/OM+PVuc1i3ZrRp8KM0mIudQgutZhLpYnjXMsOy/Kt0LsKpS85K8ArScVZPGn2DGqxPsBStBl+M5u3LLAWoSW5S4Fsf04uP9+uV+xRy+rlVi9V7H+aan7x8nQaM0o/Q3fn6QaCYf54KwbJcsEx/WNC4mMTTblnSq7/YX8kB4HUEs9YC51xlJEU438cNuMtUYJeaMV+F1WPwH8LekSlnpjbvHqX+IWP4heO36XVjv8RubRwrMb7G/QlMRg/TSNKycXeI0gdIfzizZlsj25N2fIuJ7is0kG4+PvA/fvJw9hPqz6EqVdx5+W/Q/SFP5SxAQA= + H4sIAAAAAAAC/+1dbVPbSLb+zq9oa/feghQhlrHBmsqkCgyZzS6TsJjNVO2Q6xJSY+siS45eCIRif/t2t96llrFkW5bt82GYWC2r3845/Tz9HKufdxASBgPNmLiOLfyC/iSfEXpmf0mJIY8xuSqc9QeXV19+P7/+2/m/+sJ+UKzLt1in5ZeWOcbOCLt2VKhiW7G0iaOZBr0lKnCeJuyhquzItulaCo7KJro71IxPKi2fcB7qlX/2mxWrlt3wQv5+2/e6ZOHvrmZhTqeC+oeWfCcbcvRwTeVeDgbht3TBA7Zsv3dHB+2DQ78R+/zqJrJBBitb2WTErSp+OVbR9Dp4Q6rlDqaRHUZelZ2D5kGzRN8c+VbH2dquk5ezfQsnUTYM05GpAdFZ9CoVdM12wjmNmkJKbl1Ndz7RJ4n70dXYkPC7Su7BBmvTL8ixXBy7PtJUzlVNMY2eqZsWfaA1vJV3m/uoJYrkT6ezj8S9+KODXp9EfUH/i050bDmJJkQzaI9uTdlSBb/shf3/244/+Gm3+mSTf6E+th40BaOz4NvIH1YkHojHBy1Wk4BVzfE7eifrNuuTMDSww/zt+OjwyLtCje/aNHVHm5DrTXZRc7Al+5WKHanTkcSWJB5Lx6xU14x75mnexDFz4HieYuq6PLGxmhpUUqWmXprRLHujn5rJH+Rzqx278Bi0zv/8RD8Hw5Y0RrF5FMWQZOuSVsRaaTjYoEYmvFe1B6Tosm3/ehNNzdsRllVsIQc/Om8Vciu2boQPN8Z7mzz6Q//86uun3vkv6K+2Nyvv37HrpPwdedyH2KyTyu40rKs907jThone+yH0TnZ1x86U0Fa6tmOOaclLouhlP/kMk1gCGV0vEH7bybmROwPhLBymnpmeCd5shDMi5tbJZqYrJa4lLSm8PDaZJwojZ6wnB9CcJAPESqYx3cLcLnvr19co5h0fiCS4Ju5xNIf5qJC6bMkGaYHl9SkZk2IBhPYmqj9We9LGZWWEr7UxNl36NMPV9f2kD5D4dior90PLdA01HjGS93yVdRfnFyfdjF1nEbPVJpGy0/b+ax5Ie+nh9O46PCbxtCXto3aT3tbNua9DSsXjFrmtw552vBefgaQlzbAe1Mgt70xrLDMbNiepJg5ld4izjRvLj8GciM20P46J7fmF6SJ7ZP7gzSM1rRHBUSNTVy8o3rNfu+t32brHbOapkZaLOG1OxDmaMeC0pwccsZW8Rv3+QdZ5XpATjKaEHGLyv/uB4IENdKp9bG0N7iC+LKdv+H9iP9rdU3iL65jpW0xLIzEgWIyFEfn8k8Q6Wc/4BlZdBX/JaS2LArqS9VAf2tvOZ9P5TIZESJV+208/h3mLnQlZHr6jwxDazFSfoKEr0fHciRzLk4lmDK+9mCfmlWX7lhmCAJ+xZiLHZKtBTi9Si1mmA7kPJ5F7OMPDW8mH54Yw4uJnJIpdmsR27ayfC9SOWWEwmGQpNLDiENyVue+atohj+hPTdu60x+wy5Bd8JBbX136yx3ea/5O6x8L877LrU7/Khup3AhJfn7o7iwVa1o3soDpex4TP7044hWb4xRnHnK689yQecCLunabrST5wSLiAKHbJH4JuyIIkdjPr1h2tO7uMe0EHxx/nPa1FlzjpMPMcP2xPjbQM9JNHumODAytka4idGYYbP068JlFAsGu7412NMAK8q1EGwug2th174BCaoz9beGJaJLD++p8b4a/fyacbYZ8sdo5msLg18DEVK/b/fSO8/NkZf9vboyPWbIp72WmLVkOHQBf6EA3b2duCkP5RVhw2jGLmFmKI3iYDxzhsB09Sy8g0ywjXPZszuAGU6+k0ZqMrb5TQVzoZWOACOJsEL53cJCcjhRcl4r7TTfsOu2M23zFpD4VfC7pNEKgKeQ77UrBjo7gWA7C1B6gcSDkPQs3i3TkBqooVbSwzMJYZm/qB1wm2KMFyDc1ZKIjtVoFi08BlCTD2qASMbQOMBRgLMBZgLMDYMjB2GQB2n6wdExKk8EAhJtsgZZ2DNyGuRe/QElFzRWi5FCiWCPiRJPrfQWc6QO67ioJtG12RMUK7hmm87Tw+omBY7b0thMzyw/B1uCzrmmz3AkD7nHScW9niwh22FX6BjaHDpJZmpgznfW2ttlA1FqLEzMXfLFnVvN305uIhXXKb8VVMN9JUFRt9z0d5g+6JJcdJYIeHmHGfVDuJNQyNE/s6LfbFb3kY5pQEFI1fSiXR8/HEeZpS/m9smTnFZM3PK9GMnBJLG46IB3Ok2PTSkQZiNKjmPDQXz72koTO2eXILLfihqc4oY1o5aDuDZjLrfcCS5CGfr86iHU1oDdSuXdqETraMb1xkwlVsYbYw3ulmKox6K8eXhLulUYWC8wIJCcvKPbdWutEyweqFB0ey5YXX9N0RWVZNQk7Gg++ubDiajnebB5TK5yy8A9X1VO3BmAQEzcYEYqr24NZV7rFTdjkW2WJ/+4R2dcxWfQJsm3vItFD55i2jZXMjBj5TmgFPeHHrY1jbZacpzA469ucxBqnexiCtnTH4OTKcGFvSFqRptnC6UFuQ6m0LEtiCNMUWeqXISGrpov356DHwzOYBLbvCQ3/bifPF/ki7c/jf5O/7n/nTlqIxYa7VcxrayFYmWSooI/PMEcAZrhkExEgzVO1BU115SkpKLB0ylnPo4Vj5UePAYM/WeFvPsTwYOj5plu9vJHG+lQ/iQqA2BeI/yY+zbJJFVsyx3SCXNds4WmgOT2Ubc43Wg7Tcr3mYllvE3/B4PaLF+jCiFlCTfnB2RXPd8YlvVYy05LEVWnaBH8Ke7fAqqqGW9JeWJCnto7La0V/Udls+lDcvm+kUspl4ewbd4jpQF3Qg0IFABwIdCHSghehAjjIhLEvB2gNWB7dPDp4mzqBZuVVtKJWwcHEnR9C57l0S2uONIzql4wjaDeTiQy7+duXid6eDV+kYwCuAVwCvAF4BvC4/F/9GiMHVLU/Ip7+YxhYk5ENCPiTkQ0L+TAn5r2HZLmBZwLKAZQHLApZdZkJ+YRS7sKz8svh5zVPzfagMqfmQmr/BqfndOVPzJQlS8yE1H1LzK07NL7EmV5mfP3fzIEm/pmYhradZbHW6fgVWIYFVbETifkofgMR9SNyHxH1I3IfEfUh9mjVx/xW9KL27DoIRCEYgGIFgBILRHJn7NglIkLU/X9Z+n/5iGTL2Y9/5Fp1dEwzUb9jAVmylC0fHIm7APSulgsMvxLzDL9pVHX7Ru/h0/vka/fHl6h8XX07O+lt+9kVrOgRsd+p59kWRWVy7oy9Aj31Nj20uSI894rhORnvNc53OnHpsqzObHrsAsZWDncqIqeusliLZRj+ptgyq6SJV05ny+31S5SsLrqU5T4OJqWvKE4n4Y9dxZX3g6PaMqVJZuOzFr8EPk/AOU1a9b1jKDz1bNqBEkw1ecJdhR5lWVKZIfWEf5T5hHyXytir5FUIadz8/p9uHXl4OslejVpNyRILMc7Lx9Orujat2D1XyVxWb4+uL/p5Q5lcQrVKK2pyG1Ehb0usUik4fh3pNMya0Tta0aIq3QFObKsjOaFd11OQ+GYpJls9hoMrZhKWiPhsedGKo5LI3DqhHV6aCSh13Rd46qS67P+XIKSK9QDUv/TvqJetgAidVAeS86uQ8YF5VZcLOzLy4qbBzU6+jVVKvJaS5Qh4rMLLyx0ag2QkaKvtjltUB65LHWix2UFbX+zXnDyslpYs1mwY406KYO3hTKW/aeN792k8AIz4OebKrzZPNe7/DIqipQCChKADHBo4965tRbMXSJkGa4NYS8O6Myqcozsu/a3VKVDUUPf5LVKDwQOFXe0pUDdmtWEo0q/QEq40atRpRmVRLGZHJbf3LC7rsNFe7MVDB0V3b5aESeOhmeahU0ENPq/HQDnhoWQ/tgIdulod2inlorxoPlcBDy3qoBB66WR4qFfPQs0o8tCoe2gAiuiXDtt5MdIpDnm8U7WwA7wSHXAPiOcUhP24Uy2wAzQSHXAOeOcUhf9soUtkAVgkOuQa0copD/m2Tfn8VvhUR8r628v2IkOsFuV42pHPF0rm6S0nn6tY8nQvytSBfa4n5WoW3er33v4EEA4lGpUxLAtNaf9NafYpM4f03sC3I7ZjHtCQwrU0IWyvOSqgUbcHW5Oaq6ZViKzCkzVWBKwVSYEibq15WCpvAkEB1W47qRl+vD4pbXRQ3FSu3mbMSQHgD4Q2EtwqFN/FoGcrbEShvoLyB8jbLXpD/HjXYaATpbeHbQ2BboL0tbcsIjAvEt2XtIoFtgfq2NPVtAcYFe5Qgv4Elgf5WJzAFlgQCHFgSKHA1UuDCc8VAeQPlDZQ3UN7gCLGY9MZ9hfnxnMpbt7nUI8TgEDDQxebQxfin6TrKhABXBWsPWPWB61qdf1UGtm7CObr1PJt5UdbU2C5zqshiNvWop1NqaOjKtzt0R2pCYQLide8S9UJDA/qzWvpzCocnL5j5ZPsBxAeIT7Gzk+dnPi1gPsB81o/52GRcEzi1AMHhQlqAqZtLbAoYSwOsBUjNIkhNn9gcckygM0BngM5URmd2UtVFXtnTKTZHf/iBKJr90Pwt0o2d2AQErRMUU9fliZ3xQy6wF1IAkgH6Vjt2IaViMBwfhLVw7j10LjZDeC5MZAPrSRtPUDaypjkeEBfeE59Hii7bNlnNKPG6NWVLfTvCMgGFyMGPzluKS7F1I3y4Md6TeGx86J9fff3UO0d/fLn6x8WXk7P++3fsOil/Rx73oZ5kbCq1OuRQq/hMTNWUDnPr9H6rJc3CEYJQOHLGKWpgsgOKOQ2vchrTLczt8ixMJfS01GVLNkgLfI6YoV2B89HeCLAtMfe2RLMOeuzRnJsS0nLl2CX8ynGd9yyQbKOf9Hhs2LtY/t6F/66P4rsWrzPOkKiSxSK6OfXVBB1VbYfRUd4NKUpKbvUoaSekpLxvJZkxL+8wzLVUiAmuiqvyGukT1untJzchEoeek91A9dz6mNnWSom2ueaGXrU3tMYGt4QEgsVb46ZuraRfTmPT9NizaIxCeodODBWFibQ9utoV3HDhrvJbt+OSNhUPzSSuLnBTxoRNGciuBTZXN5F5bjonrpLO0eJ/U3oDCjUo1Atnea9g7nyQvNCE3AT+a5CyzsGbuiFxejhdPUarXsOyMUxkpQx4CZbVAEdc9nCBJy7DEzee/fddRcG2ja6IAaNdwzTedh4fw00Qey9vVwCSLlabdOGjTdfQFk+QBQJMRQGYPjD92Zg+iaKKpTEVPitab/nrbbm/sW3NuwvQrvnbbZewUQAvv4WNhD/nOet+2klIs511v1ZUWpxT66MvtSHsRmw2m3vItFD5MYXhrN87gubbnlj5K4h3Cx9RBR5ezsMl8PCt9PBVvwd6t/DZYeDhJT28Ax6+lR6+4rdx7xY+1A08vKSHS+DhW+nhK34leg14eAOI+EJdvAE+XjcmXuGb6WtAuxvAu8GhN5t4V3hAQA1YdgNoNjj0ZvPsCs9pqAGpbgCrBofebFq9NQfWn/l2zI7O8KwLMgBrkgEIv++DrD/4fd/KEvu6S0ns68Cx9ZC5B8fWz7y3zT9lDjQryCxb/uGrYIGbaIGrT30qvH0IJgipOas67RUscEOD4IpzR6pHgrDPus2pDdXjPrC3bVbeqwd5YG/bLAxXD+nA3kC3XJVu2dd+YtAs66dZqlhhcQWkS5AuQbpclXQpHi1FuzwC7RK0S9AuZ9ix8l9sCLumIF6uahMLTBDUy1Wrl2CDIF+uWL4EEwT9ctX65aJsEDZcQcCsFPuBwYGCWSnQA4MDCbNSWAcGBxpmRRpmeMIiaJegXYJ2CdolaJfcYxW5Byp059UuW0s9VhEORgRlcQ5lkX8kuaNMCNJVsPaAVR/prvPRf/Ph3M06jHzVJwBWYHANsLjKjWpTD7M7pbaIrnzTRHekJhSmhF73LlEvNEMgUaslUadwLP2C+VO2H0CfgD4VO5V+fv50CPwJ+NP68SebjGsCyhZgSPmoF5DsnEi25gekL8SeGmBQNTKozaZGfWKWyDGBFAEpAlJUGSnaSVUXeWVa2o2mP7R/i/RjJ3gMewSNSDSO0NLDpvcVwVZGeCxH4K915F12nryaVNm69+4k+DEySuETXbKE8NEOHk90Eh6NiBQRwGo7MSuOxicG1p+TeFAn8YQbIUgFj76IyhhW0rGZU8VLecQy2KCNhRgSUBTdVfGJzoHzOZZH1lwS3Ti3+9EgTiNjpSY73TwdhoXvLrYogRImPLrpFX8NehcvieZSTFwd4sf0rfa9NvmXpfefDIXT7MBeYs3eSY1dbOZkXQ+akxqW2JzGB30GUk1nTTM0zunvpacscBChwLzZ2a+8NmmsuoEX0nc5GGtvKTOWXSqpb7Jpsf8ZNE1Ilmb6QK/xb/btwetkrMC18bX3oDi1LW0kxR0/HN5c54/u4AaAFdnilQ/LecaY7G5oi98JlC9tiAENWKr1iettfdWZRWqGQ6vo6XSTDvV01y5mG7alKNkvvWYh7B80sZE83GOe8Ze1ZIQ4SuaoEeaRxzh3fPGInjeEA79t7NiLqB4ut525tv+8Xl0RY3938Mb/GunH7p//dyN8e7N38OZdYSdogRMsxAkCGIs+B4y6mD8Ydi1dgbOxUZFXcGou6CDRvs58LnIILrJQFynmGD/0FTpGaoMx1zS9G6kX55nx8txmvmYV9KlwW3U+l2qDS83nUundkxIgTLWd5YOwmbbxOYtA/LYycKy4fDClYgBmG+EiZZAZU4Nq7h9zYrSFuAqgtY31m2LeMgdcQwtylymqcBCafaHX/1hQGc63/iX7XbV92WpkyP5P5c0XTxvSmIH7qtCdp1ULhvnjrRgItIJj+teExNcmmnLPsof8L/sjOQjk/bhKKnTGkQomxj8cNuMlkSgstGL/FlVv0/hb0CKaXhBzwVdriT/4KP7geC2tdvxDFB6EYzXe3qAticH4aRqRDBR7dy11l/DHnmeyPbo1Zct7nOCy7Drh4u8D9+8nD2NfynsI5T5x5+W/87UUwAi4AQA= istio-workload.json.gz: - H4sIAAAAAAAC/+1dbXPbNhL+7l8B83o3cs5xRL3YVifNTGwnbebS2Gc56UzrnIYmIYlnimT44tjx+H77AeA7CcqiXkhK2g91IwIEQWB38Ty7S+BxByFhMFB103Vs4Wf0F/mN0CP7S0p0aYLJVeGsP7i4PP/93dVv7z73hf2gWJNusEbLLyxjgp0xdu2oUMG2bKmmoxo6rRIVOA8ma1SRHMk2XEvGUZmpuSNV/6DQcpPTqFf+ye9W7LGswhP5+3XfeyULf3NVC3NeKnj+yJKGki5FjasK93IwCL+mC+6wZftvd3jQOWj7ndjnP86UdDJY2YeZY+6j4pdjD5r+DN6QqrmDqWeHkffI7kHzoDnHuznSjYazT7tKXs6+WziJkq4bjkQFiM6i91BBU20nnNOoK6TkxlU15wNtSdyPrsaGhP+qpA7WWZ9+Ro7l4tj1sapwrqqyoZ8ammHRBq3RjdRo7qOWKJI/3e4+EvfiTQdv/TZ6F/QP9FbDlpPoQjSD9vjGkCxF8Mue2P+/7viDn1arDzb5F/rDsG41Q1LQWXA78scViQdi5+CQPUrAiur4bzqUNJu9lDDSscMU7uiw3fSuUOm7MgzNUU1y3buoOtiS/KeK3bbY7nQ7h2LnsMtKNVW/ZarmzRyTB47qyYamSaaNldSokkeqyoURTbM3/Kmp/E5+tzqxC/dB7/zfD/R3MG5Jaex1IxuS7FxSilgndQfrVMiE14p6h2RNsu1frqOpeTnGkoIt5OB756VMqmLrWnhzrb+2SdNv/ji//NfH87dnP6OfvvvTcvATFQNSKuPXr1glUvkVaftNTATIk4cq1pRTQx+qo8RI+PZ0KLmaY2dKaJdd2zEmtOQpUfS0n2zDIFJBRtqzil93cipyZyOckXaqzfSs8GYmnB0x95lslo57iWtJqQovTwymlsLYmWjJATTMpLWofk7T3c19f29l+xJZw6MDkZjdRB1HdZjyCqnLlqSTHljeCyatVcy00FeLnh97elL6JXmMr9QJNlzamu5q2n5SO4jlO5Hk25FluLoSNyXJOl8kzcX5xUkFZNeZLW11iA3tdrz/mge9vfRwerXaR8TStnr7qNOk1Y5z6nVJqXjUItW6rLWjvfgMJMVqhpWiRjo6NKyJxATaMFNdHEnuCGc7N5HugzkRm2nlnBDZ8wvTRfbY+M6bRypaY4KwxoamfKRI0H6u1u+SdYvZzFMhnc/8dDjm53hG69OZbn3EVvIaNQJ3ksbTghzLNMX+EJH/3TcEd2ygU/1ji25Qg+iylK7wXyI/6vAhrOI6RrqKYanEBgSrtDAmv38QwydpGd3Aiivj85zeMiugyVkN9UG/7XwynE9kSIRU6df9dDtMW+yMyfKQHx2GUGam6gQ1XYkXz53IiWSaqj668myemFeWfbfMEATIjXUTOQZbGnLeIrWyZV4gt3FiuUczNN5KNp5rwoiKnxErdmEQ2bWzei5QOWaFwWCSdVHHskMAWabeFe0RR/RNw3aG6n12GfIL3hOJ66s/WPPd5t9TdSzMv5ddn3orG6rfCXp8fuqGFjO07DWyg+p4LyZ8evWWU2iEN8445nTlvSX2gGNxh6qmJZlCm7AEUTwmfwjUIQuSeJxZt4b02dll3DM6ON6c11qLLnG9dqYd32xPtbSMDZAm3YnOgRWSNcLODMON702vSxQQNGx30lAJVcANlXITRsSx7dgDhxAg7dHCpmERw/rL/66Fn76RX9fCPlnsHFVndmsQ4KtBCK9YzfBXTnVWKfhxLTz91Z183dujQ9xsinvZeY6WT4dgnYGNiem0s9WCNeC9JDts3MVMFSK5nr+CI022g83UujNNlMKF0ubMRoD9PuiyQVbrEbr0BhZ9ofOHBS7ms0lFjVSSksbFMyxxdTtOqxurMZu6GfQdhV8Kalpg2wopG7spcP/IrsUwb+0xLQeFLgJqsxB5QUyrYFmdSAy/ZcamfnjXxBYlaK6uOkvFvcdlAN801lkB8j2eA/l2APkC8gXkC8gXkO88yLcWmHefLDYmsWp4IBMZ3yWF3YMXIRRGr1CdkHlJiHwu4N0j8KrXo/8ddJ8D4X1XlrFto0syrKihG/rL7v09CmbC3ttCWC7djZ6H5JKmSvZpAJofk8p5I1lcSMXc9R+xPnJYaKiZKcN5t62VZ1dlZlDMXPzVkhTVc/I3lw8bxcNCuHGsKgrW+56W8gbdC+gcJcEjHmHGr1L9JNIw0t/aV+ngZLzK3SinJKCB/FIaw303MZ2HKeV/YsvIKSa4Iq9E1XNKLHU0JhrMiR2nl6c02KN2OKfRXMz4lIbn2OZFgWjBd1VxxhnRykH0GcSUwRQBE5NGfE48S0jLpE+gcu3SLnSzZXzhIhOuYAuzxXeoGSkz6q0d5wl1SyMXGecZEmKW5VvuU6k7x8TKRw/yZMsL44bGmKzEBiFAk8E3V9IdVcON5gF1F+Ss1QPF9aLwgwkxCKqNCYxV7MGNK99iZ+YVPA0cULFl/ukvkSGKmwfU0DCDFgRuN/eQYaH5X6ge77IwLuEzvhlQi2cb34dPu+g2hdmhzf4iAtfbNIHrbYHA+clJnLViTnnrTZO3k6XKW2/T5K0H8lZc3npT5O10LuqWWubp+7z3PCIZZw4tu8Qj3w3IubE/VocO/06fBAYBmDN/hlNcL0yge0zjP8nKZMAFZUQkOMkLDPwNAvao6op6pyquNCWdKJbkGssk9cC+dK9yuIInlrwYQCyHiQ5M2t3ie/Q4d+Uj3RDNTuFBD9L9LN7KSHw5QhtkKGc7RwuN0YlkY660erife5sH/LlFfM/T8+Yy9g5jKgE1eQ+OezpXDx/4UsWYXR6lo2Uf8V34Zju8B9UwqPe3Vq8ndw7nDeL9Tel0pLa0eZloJ1ufiZZMIZuSinb8TCIsBOQgIAcBOQjIQUBuKQE5RzYJsdGdwc2Dg6cFvAqyK379TMjLo2D/RLxuWVjG6h1WquxabUihsPRgXk4A7+r0AvVJ77CFrixpOFRliNQBzgacvc44O3NxFqDdBaANQBuANgBtANrlAm1v4Z0JyKaqrgheL7tD2wmqTzW6HgGoTt7zNdr9JBisX7GOrdgyHY6ORXSYu9tGCbsniDm7J7TL2j3hw6eT88+fzlDwxX1/2zdMaE/Hr51uPXdMKDSPa7dJAmSvPpe92lxS9urhIkEW8XDB9NVWd7b01SXkpnKw3zy5p+ucXIokG/2gqbiQZLrMJNOZPsv2SaGfp+RaqvMwMA1NlR+IzZ+4jitpA0ezV+SG3kezIHJWZlvyd+15uE6q6Xb08QvNfkrdMKWFfZT4lKaUz8jToP3xMd0/9PR0kL0a9ZqUI2KaHpOdp1cb165y3FbIX0VsTq4+9veEeT5jb82VArig+O2C/C0uf8tmlEsUzqk5pzNKYh2TA9PbNNjo5AH12fCgt7pCLnvjgE7pClgwc5C78m9d6mDWj+dIKc6+xOzC9DZbK87LEzjZ2JBeWF56IVC8sj5QPFwovrc4xzuskuOt4PND+L4QqN/8+xKgipkgfxOD6rD4nBsnVD2M1Y3XmpOUSrnycgVtFxR2jcYRNHY+jd14B8JzW8xEjgX4ALHaDxDzdiZcBscWCLQVBXAWgLNg1j09+cfvbJsnYda94VutRf0ItdrqqBxXQ3ynI3BFgCui2q2OFuXcC+60sRwEL84VLyx1G6YtH+ca0aVUTxlZyu390xO66DardXCUsP8UWIFy9sYCK7C2VqBX0AqclGMFumAFyrMCXbAC224FusWswGk5VqAHVqA8K9ADK7DtVqBXzAqclWIFyvIL7IIZKMcxsAt2oO6egSlK/26j3ACg9CX5AUDpa+8ImKL07zeK9YPSl0T7Qelrz/unKP2vG0XyQelLYvmg9LWn+VOU/rdN+tAyPI4B8iK38mAGyIWEXEgb0h1j6Y7HK0l3PK55uiPkM0I+4wrzGQs70r39JyGIBml1y0+rK+zgBWHcWGGsPr2rsOcRpBGyjFaVZVTYIwbCuMmmseJsl1JRIzhlIeeiIowIogeR/4oAIYgexJ8rgn8gehAFrUsUlB6hAhHQukRAFSwzwwKBUAiEQiC0qkCoeLiKSOghREIhEgqR0Fl8Wv5OkeBihVBoDUKhII0QC61RLBTEEYKh9QmGgjRCNLRG0dAliCN4ZyEcWhVOBNmDeGhVoBBkDwKiVUFAkD2IiFYUEQ0P2IRIKERCIRIKkVA4SzMWCuUegXG8YCT0uLnSozThMEyIUy4Qp+QfRO/IJoG6MlbvsOJD3Q0/1XEeoLsJR9BXfbjjauVvFwRwugCWJGObehzhCRVNdOlLKhqSJ6Ew6fTq9AKdhqIJFKtainViArtaLrvKvgeQKyBXueQqc3E57KoF7ArY1fqxK5uMawLZFiBRXBAMwBbI01zitQvyBcSpGuLUJ1KKHAMoE1AmoEylUaad1OPi38ve0BUF/eFbomj6Q/m3yHvsxGYg6J4gG5ommXZGEbnsQUihVMYaWp3YhVQ4xiMLO6nJ9yhAL2xIMCUda0kZT9BCsgo6HtgXXhOdR7Im2TZZ/yi5uzEkS3k5xhIBnsjB985Lin2xdS28udZfE3usvzn/fHVy/vnTGeq/u/zy4fRd//Urdp2UvyLNvakn4ZtK39oc+hafiKmxMbGT+1DvI8DeLEQksIVjZ5LiH4bp+ItMqudlzmO6h7mvPAsdClUtddmSdNIDn4hmuF2gfPRtBPB9LOz7aNYhsCweLej6OFptYHkF38+us2cESTb6gS0DPCQleEj8fWcC8hrnkqal6rJqShplgbapDof44MXzdPHZzMg4LQ0JMHkCq5omtGR471S/ZYX0806mTLQbMlFOXdqqnzsqE7GqioFyekZYKCJW4zHZQVRP58YskrG75ZKxgqyCImKzqT6Lc9cZGbHdhGyaP3sWDQx6S6hTmGB7SteOgg4M7pq5dR6MtIR42CBxdYlODgOcHJB1C+SoboHhxdmRWCU7osV/UrYAYWUIKy+dND0DirkgtUB8eXl4OQENKSzveoh8QcRMT3dcmzFY+GXXgAdUShSXKwm7oA6rHYQt0IeNZ8B9V5axbaNLInCooRv6y+79fegIsPdSzBgC+dUG8n3A5erq8kmiQLCZKADbBbY7G9slFlO2VBbYzcZBt3wrXu73p+1FiXCr5jvxroArw0a9wKVn5NKNwqdPKf5R6oMJMQgqQc6GrmS3glkO73wuY3bWDFw+zhanh6XoNi6EWojNZnMPGRaaf6Q2fJDWgKFXvgVxo/BRW6BnhUcK9KxyPat6b+VG4XPFQM8KjxToWfV6VvGu0Y3Ch6iBnhUeKdCz6vWs4u2wq+Vnu0DQNmKU1oOhlbjTd7V0bBf4GKhVaYSsxE3Mq2Vfu0C/QK1K418l7s9eLdnaBbYFalUa3drUrefTn8+gM1/uIFmoVslC8DkMJAjB5zCV5QAdryQHqA2ncUOSD5zGPbNjlH+8E4QdtiZdpbDPDyRmyxMvCruzQGK2PIWgsKcGJGbLg+Gl4hhw6K1dVLdU1ALysXbhyVIxCsjH2sXZSkUkIB8QMCoUMArOLIZgERxcDDEjiBlBzCjYQe1wJUGjDgSNIGgEQaMZnC3+tk7gn4Oo0az+FxAZCBsVdMmAyEDcqKCXBkSmFiKzVpGjJcgMuPY2OXQEAgKxo1UDFRCQTQ4egYBA9GjF0aPwIB6IGkHUCKJGEDWCg3fSYSPudsO9RaNGhys9dwdOzoGYzgIxHf6hko5sElAqY/UOKz4o9Y7NKOAV48LXUk/NmApJa3beaA1PFp1DCHZBCuCYlCz1OKHCg/rEUCNDR2Ea29XpBToNZQk4SLUc5ATO/Vwy/ci+B7APYB/Fjv1cnH4cA/0A+rF+9MMm45pAnWt1gCVQj/2qBWAXJABoB6Edlz6FRUPyJCAfQD6AfJRGPnZSj0t8y3ZDTT/qe2Yomv5Q/i3yHjtBM6wJapeoNaGl7aZ3i2DLYzyRIpDVOvQuOw/ekxTJuvVqEpwWCaXwga40Qti0gyemRiyjHpEPAgxtJybF0fjEQPFjEndpxJ5wLQR5wL0f62NMJqnYTKnipTwCF8TBYyaGGBRZcxX8VuPA5hzJI6sisW6c6r41iNO1WKnBjqhMG2Phm4utB3amKo/WecVfgreLl0RzKSaujvB9uqp9q5qfLa3/oMucbgfyEuv2TmrsYjMnaVrQndSwxOY0PugzkFc6a6quco7wnHvKhE8BHBEKzJzOu+m5iWP/oDkopHEPiXEOzM5CmSyMYrvtRg3wQNxMzewVEJNXBy9iOO5aaPz1n2vh64u9gxevZpeg7NJNbQUTE/vfwTAJydLMeNJr/Mq+fHoDHitwbXzlNRSntOsstH/4k1lEZr9z7ikksrky+zhdztKo/ylfOFOSnXrMzLzCf0Kq/h5rvTFdcVb2LtyHLfxGBVU45FmLKbC43gpcHEnkJHDF0ERUg4soKrITlz6V59mJ5OuGZuIbof9FTAR71sAjK43AdbC3EgDiS18Llo/ZxCI1w6FUfNA9ShCsImgqBsqRE9uSdXvp8CdyPlEDSGUx7QWKmbBcT9G89rQQxKpNVwuuActCcaCGS1bDYsr3XVtb5XvOQ8xMSy7mqY9mLvYe1UC3NmjtYloby+YPfGoFFNeLW6xQc6ekf83/XcpTfoCliDaW3beCGsaLNS2mbJ16KBv7Pw0iPHkeWJXJou97HXpxIUE3vr8UgzCI4Bj+NSFxm6nKtywW7t/sD+ogiJLFYxFCdxL5msX4j3YzXhKFXoRW7N+i4jGpr0GPaJQupizPPiXe8GG84fhTWp34j2gJFo6UeH+DviQG44ehR87WyOPO/N0Rtj6T7PGNIVlee4LLkkWEzzd2/8+rM9X3mN+FXnVx5+n/5UfvnAaOAQA= + H4sIAAAAAAAC/+1dbXPbNhL+7l8B83o3cs5xRL3YVifNTGwnbebS2Gc56UzrnIYmIYlnimT44tjx+H77AeA7CcqiXkhK2g91IwIEQWB38Ty7S+BxByFhMFB103Vs4Wf0F/mN0CP7S0p0aYLJVeGsP7i4PP/93dVv7z73hf2gWJNusEbLLyxjgp0xdu2oUMG2bKmmoxo6rRIVOA8ma1SRHMk2XEvGUZmpuSNV/6DQcpPTqFf+ye9W7LGswhP5+3XfeyULf3NVC3NeKnj+yJKGki5FjasK93IwCL+mC+6wZftvd3jQOWj7ndjnP86UdDJY2YeZY+6j4pdjD5r+DN6QqrmDqWeHkffI7kHzoDnHuznSjYazT7tKXs6+WziJkq4bjkQFiM6i91BBU20nnNOoK6TkxlU15wNtSdyPrsaGhP+qpA7WWZ9+Ro7l4tj1sapwrqqyoZ8ammHRBq3RjdRo7qOWKJI/3e4+EvfiTQdv/TZ6F/QP9FbDlpPoQjSD9vjGkCxF8Mue2P+/7viDn1arDzb5F/rDsG41Q1LQWXA78scViQfi0UGLPUrAiur4bzqUNJu9lDDSscMU7uiw3fSuUOm7MgzNUU1y3buoOtiS/KeK3bbY7nQ7h2LnsMtKNVW/ZarmzRyTB47qyYamSaaNldSokkeqyoURTbM3/Kmp/E5+tzqxC/dB7/zfD/R3MG5Jaex1IxuS7FxSilgndQfrVMiE14p6h2RNsu1frqOpeTnGkoIt5OB756VMqmLrWnhzrb+2SdNv/ji//NfH87dnP6OfvvvTcvATFQNSKuPXr1glUvkVaftNTATIk4cq1pRTQx+qo8RI+PZ0KLmaY2dKaJdd2zEmtOQpUfS0n2zDIFJBRtqzil93cipyZyOckXaqzfSs8GYmnB0x95lslo57iWtJqQovTwymlsLYmWjJATTMpLWofk7T3c19f29l+xJZw6MDkZjdRB1HdZjyCqnLlqSTHljeCyatVcy00FeLnh97elL6JXmMr9QJNlzamu5q2n5SO4jlO5Hk25FluLoSNyXJOl8kzcX5xUkFZNeZLW11iA3tdrz/mge9vfRwerXaR8TStnr7qNOk1Y5z6nVJqXjUItW6rLWjvfgMJMVqhpWiRjo6NKyJxATaMFNdHEnuCGc7N5HugzkRm2nlnBDZ8wvTRfbY+M6bRypaY4KwxoamfKRI0H6u1u+SdYvZzFMhnc/8dDjm53hG69OZbn3EVvIaNQJ3ksbTghzLNMX+EJH/3TcEd2ygU/1ji25Qg+iylK7wXyI/6vAhrOI6RrqKYanEBgSrtDAmv38QwydpGd3Aiivj85zeMiugyVkN9UG/7XwynE9kSIRU6df9dDtMW+yMyfKQHx2GUGam6gQ1XYkXz53IiWSaqj668myemFeWfbfMEATIjXUTOQZbGnLeIrWyZV4gt3FiuUczNN5KNp5rwoiKnxErdmEQ2bWzei5QOWaFwWCSdVHHskMAWabeFe0RR/RNw3aG6n12GfIL3hOJ66s/WPPd5t9TdSzMv5ddn3orG6rfCXp8fuqGFjO07DWyg+p4LyZ8evWWU2iEN8445nTlvSX2gGNxh6qmJZlCm7AEUTwmfwjUIQuSeJxZt4b02dll3DM6ON6c11qLLnG9dqYd32xPtbSMDZAm3YnOgRWSNcLODMON702vSxQQNGx30lAJVcANlXITRsSx7dgDhxAg7dHCpmERw/rL/66Fn76RX9fCPlnsHFVndmsQ4KtBCK9YzfBXTnVWKfhxLTz91Z183dujQ9xsinvZeY6WT4dgnYGNiem0s9WCNeC9JDts3MVMFSK5nr+CI022g83UujNNlMKF0ubMRoD9PuiyQVbrEbr0BhZ9ofOHBS7ms0lFjVSSksbFMyxxdTtOqxurMZu6GfQdhV8Kalpg2wopG7spcP/IrsUwb+0xLQeFLgJqsxB5QUyrYFmdSAy/ZcamfnjXxBYlaK6uOkvFvcdlAN801lkB8j2eA/l2APkC8gXkC8gXkO88yLcWmHefLDYmsWp4IBMZ3yWF3YMXIRRGr1CdkHlJiHwu4N0j8KrXo/8ddJ8D4X1XlrFto0syrKihG/rL7v09CmbC3ttCWC7djZ6H5JKmSvZpAJofk8p5I1lcSMXc9R+xPnJYaKiZKcN5t62VZ1dlZlDMXPzVkhTVc/I3lw8bxcNCuHGsKgrW+56W8gbdC+gcJcEjHmHGr1L9JNIw0t/aV+ngZLzK3SinJKCB/FIaw303MZ2HKeV/YsvIKSa4Iq9E1XNKLHU0JhrMiR2nl6c02KN2OKfRXMz4lIbn2OZFgWjBd1VxxhnRykH0GcSUwRQBE5NGfE48S0jLpE+gcu3SLnSzZXzhIhOuYAuzxXeoGSkz6q0d5wl1SyMXGecZEmKW5VvuU6k7x8TKRw/yZMsL44bGmKzEBiFAk8E3V9IdVcON5gF1F+Ss1QPF9aLwgwkxCKqNCYxV7MGNK99iZ+YVPA0cULFl/ukvkSGKmwfU0DCDFgRuN/eQYaH5X6ge77IwLuEzvhlQi2cb34dPu+g2hdmhzf4iAtfbNIHrbYHA+clJnLViTnnrTZO3k6XKW2/T5K0H8lZc3npT5O10LuqWWubp+7z3PCIZZw4tu8Qj3w3IubE/VocO/06fBAYBmDN/hlNcL0yge0zjP8nKZMAFZUQkOMkLDPwNAvao6op6pyquNCWdKJbkGssk9cC+dK9yuIInlrwYQCyHiQ5M2t3ie/Q4d+Uj3RDNTuFBD9L9LN7KSHw5QhtkKGc7RwuN0YlkY660erife5sH/LlFfM/T8+Yy9g5jKgE1eQ+OezpXDx/4UsWYXR6lo2Uf8V34Zju8B9UwqPe3Vq8ndw7nDeL9Tel0pLa0eZloJ1ufiZZMIZuSinb8TCIsBOQgIAcBOQjIQUBuKQE5RzYJsdGdwc2Dg6cFvAqyK379TMjLo2D/RLxuWVjG6h1WquxabUihsPRgXk4A7+r0AvVJ77CFrixpOFRliNQBzgacvc44O3NxFqDdBaANQBuANgBtANrlAm1v4Z0JyKaqrgheL7tD2wmqTzW6HgGoTt7zNdr9JBisX7GOrdgyHY6ORXSYu9tGCbsniDm7J7TL2j3hw6eT88+fzlDwxX1/2zdMaE/Hr51uPXdMKDSPa7dJAmSvPpe92lxS9urhIkEW8XDB9NVWd7b01SXkpnKw3zy5p+ucXIokG/2gqbiQZLrMJNOZPsv2SaGfp+RaqvMwMA1NlR+IzZ+4jitpA0ezV+SG3kezIHJWZlvyd+15uE6q6Xb08QvNfkrdMKWFfZT4lKaUz8jToP3xMd0/9PR0kL0a9ZqUI2KaHpOdp1cb165y3FbIX0VsTq4+9veEeT5jb82VArig+O2C/C0uf8tmlEsUzqk5pzNKYh2TA9PbNNjo5AH12fCgt7pCLnvjgE7pClgwc5C78m9d6mDWj+dIKc6+xOzC9DZbK87LEzjZ2JBeWF56IVC8sj5QPFwovrc4xzuskuOt4PND+L4QqN/8+xKgipkgfxOD6rD4nBsnVD2M1Y3XmpOUSrnycgVtFxR2jcYRNHY+jd14B8JzW8xEjgX4ALHaDxDzdiZcBscWCLQVBXAWgLNg1j09+cfvbJsnYda94VutRf0ItdrqqBxXQ3ynI3BFgCui2q2OFuXcC+60sRwEL84VLyx1G6YtH+ca0aVUTxlZyu390xO66DardXCUsP8UWIFy9sYCK7C2VqBX0AqclGMFumAFyrMCXbAC224FusWswGk5VqAHVqA8K9ADK7DtVqBXzAqclWIFyvIL7IIZKMcxsAt2oO6egSlK/26j3ACg9CX5AUDpa+8ImKL07zeK9YPSl0T7Qelrz/unKP2vG0XyQelLYvmg9LWn+VOU/rdN+tAyPI4B8iK38mAGyIWEXEgb0h1j6Y7HK0l3PK55uiPkM0I+4wrzGQs70r39JyGIBml1y0+rK+zgBWHcWGGsPr2rsOcRpBGyjFaVZVTYIwbCuMmmseJsl1JRIzhlIeeiIowIogeR/4oAIYgexJ8rgn8gehAFrUsUlB6hAhHQukRAFSwzwwKBUAiEQiC0qkCoeLiKSOghREIhEgqR0Fl8Wv5OkeBihVBoDUKhII0QC61RLBTEEYKh9QmGgjRCNLRG0dAliCN4ZyEcWhVOBNmDeGhVoBBkDwKiVUFAkD2IiFYUEQ0P2IRIKERCIRIKkVA4SzMWCuUegXG8YCT0uLnSozThMEyIUy4Qp+QfRO/IJoG6MlbvsOJD3Q0/1XEeoLsJR9BXfbjjauVvFwRwugCWJGObehzhCRVNdOlLKhqSJ6Ew6fTq9AKdhqIJFKtainViArtaLrvKvgeQKyBXueQqc3E57KoF7ArY1fqxK5uMawLZFiBRXBAMwBbI01zitQvyBcSpGuLUJ1KKHAMoE1AmoEylUaad1OPi38ve0BUF/eFbomj6Q/m3yHvsxGYg6J4gG5ommXZGEbnsQUihVMYaWp3YhVQ4xiMLO6nJ9yhAL2xIMCUda0kZT9BCsgo6HtgXXhOdR7Im2TZZ/yi5uzEkS3k5xhIBnsjB985Lin2xdS28udZfE3usvzn/fHVy/vnTGeq/u/zy4fRd//Urdp2UvyLNvakn4ZtK39oc+hafiKmxMbGT+1DvI8DeLEQksIVjZ5LiH4bp+ItMqudlzmO6h7mvPAsdClUtddmSdNIDn4hmuF2gfPRtBPB9LOz7aNYhsCweLej6OFptYHkF38+us2cESTb6gS0DPCQleEj8fWcC8hrnkqal6rJqShplgbapDof44MXzdPHZzMg4LQ0JMHkCq5omtGR471S/ZYX0806mTLQbMlFOXdqqnzsqE7GqioFyekZYKCJW4zHZQVRP58YskrG75ZKxgqyCImKzqT6Lc9cZGbHdhGyaP3sWDQx6S6hTmGB7SteOgg4M7pq5dR6MtIR42CBxdYlODgOcHJB1C+SoboHhxdmRWCU7osV/UrYAYWUIKy+dND0DirkgtUB8eXl4OQENKSzveoh8QcRMT3dcmzFY+GXXgAdUShSXKwm7oA6rHYQt0IeNZ8B9V5axbaNLInCooRv6y+79fegIsPdSzBgC+dUG8n3A5erq8kmiQLCZKADbBbY7G9slFlO2VBbYzcZBt3wrXu73p+1FiXCr5jvxroArw0a9wKVn5NKNwqdPKf5R6oMJMQgqQc6GrmS3glkO73wuY3bWDFw+zhanh6XoNi6EWojNZnMPGRaaf6Q2fJDWgKFXvgVxo/BRW6BnhUcK9KxyPat6b+VG4XPFQM8KjxToWfV6VvGu0Y3Ch6iBnhUeKdCz6vWs4u2wq+Vnu0DQNmKU1oOhlbjTd7V0bBf4GKhVaYSsxE3Mq2Vfu0C/QK1K418l7s9eLdnaBbYFalUa3drUrefTn8+gM1/uIFmoVslC8DkMJAjB5zCV5QAdryQHqA2ncUOSD5zGPbNjlH+8E4QdtiZdpbDPDyRmyxMvCruzQGK2PIWgsKcGJGbLg+Gl4hhw6K1dVLdU1ALysXbhyVIxCsjH2sXZSkUkIB8QMCoUMArOLIZgERxcDDEjiBlBzCjYQe1wJUGjDgSNIGgEQaMZnC3+tk7gn4Oo0az+FxAZCBsVdMmAyEDcqKCXBkSmFiKzVpGjJcgMuPY2OXQEAgKxo1UDFRCQTQ4egYBA9GjF0aPwIB6IGkHUCKJGEDWCg3fSYSPudsO9RaNGhys9dwdOzoGYzgIxHf6hko5sElAqY/UOKz4o9Y7NKOAV48LXUk/NmApJa3beaA1PFp1DCHZBCuCYlCz1OKHCg/rEUCNDR2Ea29XpBToNZQk4SLUc5ATO/Vwy/ci+B7APYB/Fjv1cnH4cA/0A+rF+9MMm45pAnWt1gCVQj/2qBWAXJABoB6Edlz6FRUPyJCAfQD6AfJRGPnZSj0t8y3ZDTT/qe2Yomv5Q/i3yHjtBM6wJapeoNaGl7aZ3i2DLYzyRIpDVOvQuOw/ekxTJuvVqEpwWCaXwga40Qti0gyemRiyjHpEPAgxtJybF0fjEQPFjEndpxJ5wLQR5wL0f62NMJqnYTKnipTwCF8TBYyaGGBRZcxX8VuPA5hzJI6sisW6c6r41iNO1WKnBjqhMG2Phm4utB3amKo/WecVfgreLl0RzKSaujvB9uqp9q5qfLa3/oMucbgfyEuv2TmrsYjMnaVrQndSwxOY0PugzkFc6a6quco7wnHvKhE8BHBEKzJzOu+m5iWP/oDkopHEPiXEOzM5CmSyMYrvtRg3wQNxMzewVEJNXBy9iOO5aaPz1n2vh64u9gxevZpeg7NJNbQUTE/vfwTAJydLMeNJr/Mq+fHoDHitwbXzlNRSntOsstH/4k1lEZr9z7ikksrky+zhdztKo/ylfOFOSnXrMzLzCf0Kq/h5rvTFdcVb2LtyHLfxGBVU45FmLKbC43gpcHEnkJHDF0ERUg4soKrITlz6V59mJ5OuGZuIbof9FTAR71sAjK43AdbC3EgDiS18Llo/ZxCI1w6FUfNA9ShCsImgqBsqRE9uSdXvp8CdyPlEDSGUx7QWKmbBcT9G89rQQxKpNVwuuActCcaCGS1bDYsr3XVtb5XvOQ8xMSy7mqY9mLvYe1UC3NmjtYloby+YPfGoFFNeLW6xQc6ekf83/XcpTfoCliDaW3beCGsaLNS2mbJ16KBv7Pw0iPHkeWJXJou97HXpxIUE3vr8UgzCI4Bj+NSFxm6nKtywW7t/sD+ogiJLFYxFCdxL5msX4j3YzXhKFXoRW7N+i4jGpr0GPaJQupizPPiXe8GG84fhTWp34j2gJFo6UeH+DviQG44ehR87WyOPO/N0Rtj6T7PGNIVlee4LLkkWEzzd2/8+rM9X3mN+FXnVx5+n/DuugKwaOAQA= {{- end }} diff --git a/charts/kubezero-logging/Chart.yaml b/charts/kubezero-logging/Chart.yaml index 87a9a260..f82e9577 100644 --- a/charts/kubezero-logging/Chart.yaml +++ b/charts/kubezero-logging/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero-logging description: KubeZero Umbrella Chart for complete EFK stack type: application -version: 0.8.4 +version: 0.8.6 appVersion: 1.6.0 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png @@ -27,6 +27,6 @@ dependencies: version: 0.3.9 condition: fluentd.enabled - name: fluent-bit - version: 0.20.6 + version: 0.24.0 condition: fluent-bit.enabled kubeVersion: ">= 1.24.0" diff --git a/charts/kubezero-logging/README.md b/charts/kubezero-logging/README.md index b4f1f474..f5353826 100644 --- a/charts/kubezero-logging/README.md +++ b/charts/kubezero-logging/README.md @@ -1,6 +1,6 @@ # kubezero-logging -![Version: 0.8.4](https://img.shields.io/badge/Version-0.8.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.0](https://img.shields.io/badge/AppVersion-1.6.0-informational?style=flat-square) +![Version: 0.8.6](https://img.shields.io/badge/Version-0.8.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.0](https://img.shields.io/badge/AppVersion-1.6.0-informational?style=flat-square) KubeZero Umbrella Chart for complete EFK stack @@ -19,7 +19,7 @@ Kubernetes: `>= 1.24.0` | Repository | Name | Version | |------------|------|---------| | | eck-operator | 2.4.0 | -| | fluent-bit | 0.20.6 | +| | fluent-bit | 0.24.0 | | | fluentd | 0.3.9 | | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | @@ -72,9 +72,9 @@ Kubernetes: `>= 1.24.0` | fluent-bit.config.customParsers | string | `"[PARSER]\n Name cri-log\n Format regex\n Regex ^(?