From 190e21ea6f4748a8345ca37766f3689443261376 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Thu, 13 Feb 2025 17:34:14 +0000 Subject: [PATCH] feat: upgrade all operators --- admin/dev_apply.sh | 2 +- admin/kubezero.sh | 10 +- admin/libhelm.sh | 12 +- charts/kubezero-mq/values.yaml | 19 --- charts/kubezero-operators/Chart.yaml | 9 +- charts/kubezero-operators/README.md | 34 ++--- .../charts/eck-operator/Chart.yaml | 4 +- .../charts/eck-operator/crds/all-crds.yaml | 117 +++++++++++++----- .../eck-operator/templates/cluster-roles.yaml | 2 +- .../eck-operator/templates/configmap.yaml | 5 +- ...roxy-service.yaml => metrics-service.yaml} | 0 .../eck-operator/templates/role-bindings.yaml | 4 +- ...rviceMonitor.yaml => service-monitor.yaml} | 13 +- .../eck-operator/templates/statefulset.yaml | 49 ++------ .../charts/eck-operator/values.yaml | 88 ++++++------- .../ClusterImageCatalog-bookworm.yaml | 16 +++ .../cloudnative-pg/grafana-dashboards.yaml | 2 +- charts/kubezero-operators/update.sh | 3 + charts/kubezero-operators/values.yaml | 21 ++++ charts/kubezero/values.yaml | 2 +- 20 files changed, 229 insertions(+), 183 deletions(-) rename charts/kubezero-operators/charts/eck-operator/templates/{auth-proxy-service.yaml => metrics-service.yaml} (100%) rename charts/kubezero-operators/charts/eck-operator/templates/{serviceMonitor.yaml => service-monitor.yaml} (56%) create mode 100644 charts/kubezero-operators/templates/cloudnative-pg/ClusterImageCatalog-bookworm.yaml diff --git a/admin/dev_apply.sh b/admin/dev_apply.sh index e2a47903..4085ebe9 100755 --- a/admin/dev_apply.sh +++ b/admin/dev_apply.sh @@ -86,7 +86,7 @@ helm template $CHARTS/kubezero -f $WORKDIR/kubezero-values.yaml --kube-version $ # Root KubeZero apply directly and exit if [ ${ARTIFACTS[0]} == "kubezero" ]; then - kubectl apply -f $WORKDIR/kubezero/templates + kubectl apply --server-side --force-conflicts -f $WORKDIR/kubezero/templates exit $? # "catch all" apply all enabled modules diff --git a/admin/kubezero.sh b/admin/kubezero.sh index 9104ec6f..333556b5 100755 --- a/admin/kubezero.sh +++ b/admin/kubezero.sh @@ -121,18 +121,16 @@ control_plane_upgrade() { get_kubezero_values $ARGOCD # tumble new config through migrate.py - migrate_argo_values.py < "$WORKDIR"/kubezero-values.yaml > "$WORKDIR"/new-kubezero-values.yaml + migrate_argo_values.py < "$WORKDIR"/kubezero-values.yaml > "$WORKDIR"/new-kubezero-values.yaml \ + && mv "$WORKDIR"/new-kubezero-values.yaml "$WORKDIR"/kubezero-values.yaml - # Update kubezero-values CM - kubectl get cm -n kubezero kubezero-values -o=yaml | \ - yq e '.data."values.yaml" |= load_str("/tmp/kubezero/new-kubezero-values.yaml")' | \ - kubectl apply --server-side --force-conflicts -f - + update_kubezero_cm if [ "$ARGOCD" == "True" ]; then # update argo app export kubezero_chart_version=$(yq .version $CHARTS/kubezero/Chart.yaml) kubectl get application kubezero -n argocd -o yaml | \ - yq '.spec.source.helm.valuesObject |= load("/tmp/kubezero/new-kubezero-values.yaml") | .spec.source.targetRevision = strenv(kubezero_chart_version)' \ + yq ".spec.source.helm.valuesObject |= load(\"$WORKDIR/kubezero-values.yaml\") | .spec.source.targetRevision = strenv(kubezero_chart_version)" \ > $WORKDIR/new-argocd-app.yaml kubectl apply --server-side --force-conflicts -f $WORKDIR/new-argocd-app.yaml diff --git a/admin/libhelm.sh b/admin/libhelm.sh index 9d4fa19f..3075b081 100644 --- a/admin/libhelm.sh +++ b/admin/libhelm.sh @@ -46,15 +46,19 @@ function get_kubezero_values() { } -# Update kubezero-values CM +# Overwrite kubezero-values CM with file function update_kubezero_cm() { - kubectl get application kubezero -n argocd -o yaml | yq .spec.source.helm.valuesObject > ${WORKDIR}/kubezero-values.yaml - kubectl get cm -n kubezero kubezero-values -o=yaml | \ - yq e '.data."values.yaml" |= load_str("/tmp/kubezero/kubezero-values.yaml")' | \ + yq e ".data.\"values.yaml\" |= load_str(\"$WORKDIR/kubezero-values.yaml\")" | \ kubectl apply --server-side --force-conflicts -f - } +# sync kubezero-values CM from ArgoCD app +function sync_kubezero_cm_from_argo() { + get_kubezero_values True + update_kubezero_cm +} + function disable_argo() { cat > _argoapp_patch.yaml <= 1.26.0" + - name: rabbitmq-cluster-operator + version: 4.4.3 + repository: https://charts.bitnami.com/bitnami + condition: rabbitmq-cluster-operator.enabled +kubeVersion: ">= 1.30.0-0" diff --git a/charts/kubezero-operators/README.md b/charts/kubezero-operators/README.md index 4ef2a2d1..4d4e9ae3 100644 --- a/charts/kubezero-operators/README.md +++ b/charts/kubezero-operators/README.md @@ -1,6 +1,6 @@ # kubezero-operators -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) Various operators supported by KubeZero @@ -14,15 +14,16 @@ Various operators supported by KubeZero ## Requirements -Kubernetes: `>= 1.26.0` +Kubernetes: `>= 1.30.0-0` | Repository | Name | Version | |------------|------|---------| | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | -| https://cloudnative-pg.github.io/charts | cloudnative-pg | 0.22.1 | -| https://helm.elastic.co | eck-operator | 2.15.0 | +| https://charts.bitnami.com/bitnami | rabbitmq-cluster-operator | 4.4.3 | +| https://cloudnative-pg.github.io/charts | cloudnative-pg | 0.23.0 | +| https://helm.elastic.co | eck-operator | 2.16.1 | | https://opensearch-project.github.io/opensearch-k8s-operator/ | opensearch-operator | 2.7.0 | -| oci://quay.io/strimzi-helm | strimzi-kafka-operator | 0.44.0 | +| oci://quay.io/strimzi-helm | strimzi-kafka-operator | 0.45.0 | ## Values @@ -31,32 +32,23 @@ Kubernetes: `>= 1.26.0` | cloudnative-pg.enabled | bool | `false` | | | cloudnative-pg.monitoring.grafanaDashboard.create | bool | `false` | | | cloudnative-pg.monitoring.podMonitorEnabled | bool | `false` | | -| cloudnative-pg.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | | -| cloudnative-pg.tolerations[0].effect | string | `"NoSchedule"` | | -| cloudnative-pg.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | | | eck-operator.enabled | bool | `false` | | | eck-operator.installCRDs | bool | `false` | | -| eck-operator.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | | -| eck-operator.tolerations[0].effect | string | `"NoSchedule"` | | -| eck-operator.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | | | opensearch-operator.enabled | bool | `false` | | | opensearch-operator.fullnameOverride | string | `"opensearch-operator"` | | | opensearch-operator.kubeRbacProxy.enable | bool | `false` | | | opensearch-operator.manager.extraEnv[0].name | string | `"SKIP_INIT_CONTAINER"` | | | opensearch-operator.manager.extraEnv[0].value | string | `"true"` | | -| opensearch-operator.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | | -| opensearch-operator.tolerations[0].effect | string | `"NoSchedule"` | | -| opensearch-operator.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | | +| rabbitmq-cluster-operator.clusterOperator.metrics.enabled | bool | `false` | | +| rabbitmq-cluster-operator.clusterOperator.metrics.serviceMonitor.enabled | bool | `true` | | +| rabbitmq-cluster-operator.enabled | bool | `false` | | +| rabbitmq-cluster-operator.msgTopologyOperator.metrics.enabled | bool | `false` | | +| rabbitmq-cluster-operator.msgTopologyOperator.metrics.serviceMonitor.enabled | bool | `true` | | +| rabbitmq-cluster-operator.useCertManager | bool | `true` | | | strimzi-kafka-operator.enabled | bool | `false` | | | strimzi-kafka-operator.leaderElection.enable | bool | `false` | | | strimzi-kafka-operator.monitoring.podMonitorEnabled | bool | `false` | | -| strimzi-kafka-operator.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | | -| strimzi-kafka-operator.resources.limits.memory | string | `"384Mi"` | | -| strimzi-kafka-operator.resources.requests.cpu | string | `"20m"` | | -| strimzi-kafka-operator.resources.requests.memory | string | `"256Mi"` | | -| strimzi-kafka-operator.revisionHistoryLimit | int | `3` | | -| strimzi-kafka-operator.tolerations[0].effect | string | `"NoSchedule"` | | -| strimzi-kafka-operator.tolerations[0].key | string | `"node-role.kubernetes.io/control-plane"` | | +| strimzi-kafka-operator.revisionHistoryLimit | int | `2` | | | strimzi-kafka-operator.watchAnyNamespace | bool | `true` | | ---------------------------------------------- diff --git a/charts/kubezero-operators/charts/eck-operator/Chart.yaml b/charts/kubezero-operators/charts/eck-operator/Chart.yaml index 3c8cff1f..b260e394 100644 --- a/charts/kubezero-operators/charts/eck-operator/Chart.yaml +++ b/charts/kubezero-operators/charts/eck-operator/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.15.0 +appVersion: 2.16.1 description: Elastic Cloud on Kubernetes (ECK) operator home: https://github.com/elastic/cloud-on-k8s icon: https://helm.elastic.co/icons/eck.png @@ -18,4 +18,4 @@ maintainers: name: Elastic name: eck-operator type: application -version: 2.15.0 +version: 2.16.1 diff --git a/charts/kubezero-operators/charts/eck-operator/crds/all-crds.yaml b/charts/kubezero-operators/charts/eck-operator/crds/all-crds.yaml index 1ab83c3d..8e99dcc7 100644 --- a/charts/kubezero-operators/charts/eck-operator/crds/all-crds.yaml +++ b/charts/kubezero-operators/charts/eck-operator/crds/all-crds.yaml @@ -4,14 +4,14 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.4 + controller-gen.kubebuilder.io/version: v0.16.5 helm.sh/resource-policy: keep labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.15.0' - helm.sh/chart: 'eck-operator-crds-2.15.0' + app.kubernetes.io/version: '2.16.1' + helm.sh/chart: 'eck-operator-crds-2.16.1' name: agents.agent.k8s.elastic.co spec: group: agent.k8s.elastic.co @@ -1137,14 +1137,14 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.4 + controller-gen.kubebuilder.io/version: v0.16.5 helm.sh/resource-policy: keep labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.15.0' - helm.sh/chart: 'eck-operator-crds-2.15.0' + app.kubernetes.io/version: '2.16.1' + helm.sh/chart: 'eck-operator-crds-2.16.1' name: apmservers.apm.k8s.elastic.co spec: group: apm.k8s.elastic.co @@ -2372,14 +2372,14 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.4 + controller-gen.kubebuilder.io/version: v0.16.5 helm.sh/resource-policy: keep labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.15.0' - helm.sh/chart: 'eck-operator-crds-2.15.0' + app.kubernetes.io/version: '2.16.1' + helm.sh/chart: 'eck-operator-crds-2.16.1' name: beats.beat.k8s.elastic.co spec: group: beat.k8s.elastic.co @@ -2854,14 +2854,14 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.4 + controller-gen.kubebuilder.io/version: v0.16.5 helm.sh/resource-policy: keep labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.15.0' - helm.sh/chart: 'eck-operator-crds-2.15.0' + app.kubernetes.io/version: '2.16.1' + helm.sh/chart: 'eck-operator-crds-2.16.1' name: elasticmapsservers.maps.k8s.elastic.co spec: group: maps.k8s.elastic.co @@ -3459,14 +3459,14 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.4 + controller-gen.kubebuilder.io/version: v0.16.5 helm.sh/resource-policy: keep labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.15.0' - helm.sh/chart: 'eck-operator-crds-2.15.0' + app.kubernetes.io/version: '2.16.1' + helm.sh/chart: 'eck-operator-crds-2.16.1' name: elasticsearchautoscalers.autoscaling.k8s.elastic.co spec: group: autoscaling.k8s.elastic.co @@ -3818,14 +3818,14 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.4 + controller-gen.kubebuilder.io/version: v0.16.5 helm.sh/resource-policy: keep labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.15.0' - helm.sh/chart: 'eck-operator-crds-2.15.0' + app.kubernetes.io/version: '2.16.1' + helm.sh/chart: 'eck-operator-crds-2.16.1' name: elasticsearches.elasticsearch.k8s.elastic.co spec: group: elasticsearch.k8s.elastic.co @@ -4843,6 +4843,14 @@ spec: type: string type: object type: object + remoteClusterServer: + description: |- + RemoteClusterServer specifies if the remote cluster server should be enabled. + This must be enabled if this cluster is a remote cluster which is expected to be accessed using API key authentication. + properties: + enabled: + type: boolean + type: object remoteClusters: description: RemoteClusters enables you to establish uni-directional connections to a remote Elasticsearch cluster. @@ -4850,6 +4858,55 @@ spec: description: RemoteCluster declares a remote Elasticsearch cluster connection. properties: + apiKey: + description: 'APIKey can be used to enable remote cluster access + using Cross-Cluster API keys: https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-cross-cluster-api-key.html' + properties: + access: + description: Access is the name of the API Key. It is automatically + generated if not set or empty. + properties: + replication: + properties: + names: + items: + type: string + type: array + required: + - names + type: object + search: + properties: + allow_restricted_indices: + type: boolean + field_security: + properties: + except: + items: + type: string + type: array + grant: + items: + type: string + type: array + required: + - except + - grant + type: object + names: + items: + type: string + type: array + query: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - names + type: object + type: object + required: + - access + type: object elasticsearchRef: description: ElasticsearchRef is a reference to an Elasticsearch cluster running within the same k8s cluster. @@ -6562,14 +6619,14 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.4 + controller-gen.kubebuilder.io/version: v0.16.5 helm.sh/resource-policy: keep labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.15.0' - helm.sh/chart: 'eck-operator-crds-2.15.0' + app.kubernetes.io/version: '2.16.1' + helm.sh/chart: 'eck-operator-crds-2.16.1' name: enterprisesearches.enterprisesearch.k8s.elastic.co spec: group: enterprisesearch.k8s.elastic.co @@ -7731,14 +7788,14 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.4 + controller-gen.kubebuilder.io/version: v0.16.5 helm.sh/resource-policy: keep labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.15.0' - helm.sh/chart: 'eck-operator-crds-2.15.0' + app.kubernetes.io/version: '2.16.1' + helm.sh/chart: 'eck-operator-crds-2.16.1' name: kibanas.kibana.k8s.elastic.co spec: group: kibana.k8s.elastic.co @@ -9046,14 +9103,14 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.4 + controller-gen.kubebuilder.io/version: v0.16.5 helm.sh/resource-policy: keep labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.15.0' - helm.sh/chart: 'eck-operator-crds-2.15.0' + app.kubernetes.io/version: '2.16.1' + helm.sh/chart: 'eck-operator-crds-2.16.1' name: logstashes.logstash.k8s.elastic.co spec: group: logstash.k8s.elastic.co @@ -10293,14 +10350,14 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.4 + controller-gen.kubebuilder.io/version: v0.16.5 helm.sh/resource-policy: keep labels: app.kubernetes.io/instance: 'logging' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'eck-operator-crds' - app.kubernetes.io/version: '2.15.0' - helm.sh/chart: 'eck-operator-crds-2.15.0' + app.kubernetes.io/version: '2.16.1' + helm.sh/chart: 'eck-operator-crds-2.16.1' name: stackconfigpolicies.stackconfigpolicy.k8s.elastic.co spec: group: stackconfigpolicy.k8s.elastic.co diff --git a/charts/kubezero-operators/charts/eck-operator/templates/cluster-roles.yaml b/charts/kubezero-operators/charts/eck-operator/templates/cluster-roles.yaml index be7cdde5..dbd0fba3 100644 --- a/charts/kubezero-operators/charts/eck-operator/templates/cluster-roles.yaml +++ b/charts/kubezero-operators/charts/eck-operator/templates/cluster-roles.yaml @@ -103,7 +103,7 @@ kind: ClusterRole metadata: labels: {{- include "eck-operator.labels" . | nindent 4 }} - name: "{{ include "eck-operator.fullname" . }}-proxy-role" + name: "{{ include "eck-operator.fullname" . }}-metrics-auth-role" rules: - apiGroups: - authentication.k8s.io diff --git a/charts/kubezero-operators/charts/eck-operator/templates/configmap.yaml b/charts/kubezero-operators/charts/eck-operator/templates/configmap.yaml index 32d66d81..01708b52 100644 --- a/charts/kubezero-operators/charts/eck-operator/templates/configmap.yaml +++ b/charts/kubezero-operators/charts/eck-operator/templates/configmap.yaml @@ -13,11 +13,8 @@ data: {{- if and .Values.config.metrics.secureMode.enabled (eq $metricsPort 0) }} {{- fail "config.metrics.port must be greater than 0 when config.metrics.secureMode.enabled is true" }} {{- end }} - {{- if .Values.config.metrics.secureMode.enabled }} - metrics-port: {{ add $metricsPort 1 }} - {{- else }} metrics-port: {{ $metricsPort }} - {{- end }} + metrics-secure: {{ .Values.config.metrics.secureMode.enabled }} container-registry: {{ .Values.config.containerRegistry }} {{- with .Values.config.containerSuffix }} container-suffix: {{ . }} diff --git a/charts/kubezero-operators/charts/eck-operator/templates/auth-proxy-service.yaml b/charts/kubezero-operators/charts/eck-operator/templates/metrics-service.yaml similarity index 100% rename from charts/kubezero-operators/charts/eck-operator/templates/auth-proxy-service.yaml rename to charts/kubezero-operators/charts/eck-operator/templates/metrics-service.yaml diff --git a/charts/kubezero-operators/charts/eck-operator/templates/role-bindings.yaml b/charts/kubezero-operators/charts/eck-operator/templates/role-bindings.yaml index 4b57a3f0..0db9f278 100644 --- a/charts/kubezero-operators/charts/eck-operator/templates/role-bindings.yaml +++ b/charts/kubezero-operators/charts/eck-operator/templates/role-bindings.yaml @@ -85,11 +85,11 @@ kind: ClusterRoleBinding metadata: labels: {{- include "eck-operator.labels" $ | nindent 4 }} - name: "{{ include "eck-operator.fullname" . }}-proxy-rolebinding" + name: "{{ include "eck-operator.fullname" . }}-metrics-auth-rolebinding" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: "{{ include "eck-operator.fullname" . }}-proxy-role" + name: "{{ include "eck-operator.fullname" . }}-metrics-auth-role" subjects: - kind: ServiceAccount name: {{ $svcAccount }} diff --git a/charts/kubezero-operators/charts/eck-operator/templates/serviceMonitor.yaml b/charts/kubezero-operators/charts/eck-operator/templates/service-monitor.yaml similarity index 56% rename from charts/kubezero-operators/charts/eck-operator/templates/serviceMonitor.yaml rename to charts/kubezero-operators/charts/eck-operator/templates/service-monitor.yaml index 96eb2d5f..0d4a3d9c 100644 --- a/charts/kubezero-operators/charts/eck-operator/templates/serviceMonitor.yaml +++ b/charts/kubezero-operators/charts/eck-operator/templates/service-monitor.yaml @@ -1,4 +1,4 @@ -{{- if .Values.config.metrics.secureMode.enabled }} +{{- if and .Values.config.metrics.secureMode.enabled .Values.serviceMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: @@ -19,10 +19,13 @@ spec: scheme: https interval: 30s tlsConfig: - insecureSkipVerify: {{ .Values.config.metrics.secureMode.tls.insecureSkipVerify | default false }} - {{- if (not .Values.config.metrics.secureMode.tls.insecureSkipVerify) }} - {{- $leading_path := trimSuffix "/" .Values.config.metrics.secureMode.tls.caMountDirectory }} - {{- with .Values.config.metrics.secureMode.tls.caSecret }} + {{- $insecureSkipVerify := (ternary .Values.config.metrics.secureMode.tls.insecureSkipVerify .Values.serviceMonitor.insecureSkipVerify (hasKey .Values.config.metrics.secureMode.tls "insecureSkipVerify")) }} + insecureSkipVerify: {{ $insecureSkipVerify }} + {{- if (not $insecureSkipVerify) }} + {{- $caMountDirectory := or (.Values.config.metrics.secureMode.tls.caMountDirectory) (.Values.serviceMonitor.caMountDirectory) -}} + {{- $leading_path := trimSuffix "/" $caMountDirectory }} + {{- $caSecret := or (.Values.config.metrics.secureMode.tls.caSecret) (.Values.serviceMonitor.caSecret) -}} + {{- with $caSecret }} caFile: "{{ $leading_path }}/{{ . }}/ca.crt" {{- end }} serverName: "{{ include "eck-operator.fullname" . }}-metrics.{{ .Release.Namespace }}.svc" diff --git a/charts/kubezero-operators/charts/eck-operator/templates/statefulset.yaml b/charts/kubezero-operators/charts/eck-operator/templates/statefulset.yaml index a970a17d..39f96c42 100644 --- a/charts/kubezero-operators/charts/eck-operator/templates/statefulset.yaml +++ b/charts/kubezero-operators/charts/eck-operator/templates/statefulset.yaml @@ -51,7 +51,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} containers: - - image: "{{ .Values.image.repository }}{{- if .Values.config.ubiOnly -}}-ubi{{- end -}}:{{ default .Chart.AppVersion .Values.image.tag }}" + - image: "{{ .Values.image.repository }}{{- if .Values.config.ubiOnly -}}-ubi{{- end -}}{{- if .Values.image.fips -}}-fips{{- end -}}:{{ default .Chart.AppVersion .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} name: manager args: @@ -89,7 +89,7 @@ spec: {{- end }} {{- if or .Values.webhook.enabled (gt $metricsPort 0) }} ports: - {{- if and (gt $metricsPort 0) (not .Values.config.metrics.secureMode.enabled) }} + {{- if (gt $metricsPort 0) }} - containerPort: {{ $metricsPort }} name: metrics protocol: TCP @@ -109,49 +109,14 @@ spec: name: cert readOnly: true {{- end }} + {{- if .Values.config.metrics.secureMode.tls.certificateSecret }} + - mountPath: "/tmp/k8s-metrics-server/serving-certs" + name: tls-certificate + readOnly: true + {{- end }} {{- with .Values.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} - {{- if .Values.config.metrics.secureMode.enabled }} - - name: kube-rbac-proxy - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0 - args: - - "--secure-listen-address=0.0.0.0:{{ $metricsPort }}" - - "--upstream=http://127.0.0.1:{{ add $metricsPort 1 }}/" - - "--logtostderr=true" - - "--v=0" - {{- if .Values.config.metrics.secureMode.tls.certificateSecret }} - - "--tls-cert-file=/tls/tls.crt" - - "--tls-private-key-file=/tls/tls.key" - {{- end }} - {{- if or .Values.config.metrics.secureMode.tls.certificateSecret .Values.config.metrics.secureMode.volumeMounts }} - volumeMounts: - {{- with .Values.config.metrics.secureMode.volumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- if .Values.config.metrics.secureMode.tls.certificateSecret }} - - mountPath: "/tls" - name: tls-certificate - readOnly: true - {{- end }} - {{- end }} - ports: - - containerPort: {{ $metricsPort }} - protocol: TCP - name: metrics - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 5m - memory: 64Mi - {{- end }} volumes: - name: conf configMap: diff --git a/charts/kubezero-operators/charts/eck-operator/values.yaml b/charts/kubezero-operators/charts/eck-operator/values.yaml index 7ed5334d..90f8f998 100644 --- a/charts/kubezero-operators/charts/eck-operator/values.yaml +++ b/charts/kubezero-operators/charts/eck-operator/values.yaml @@ -24,6 +24,10 @@ image: pullPolicy: IfNotPresent # tag is the container image tag. If not defined, defaults to chart appVersion. tag: null + # fips specifies whether the operator will use a FIPS compliant container image for its own StatefulSet image. + # This setting does not apply to Elastic Stack applications images. + # Can be combined with config.ubiOnly. + fips: false # priorityClassName defines the PriorityClass to be used by the operator pods. priorityClassName: "" @@ -178,29 +182,12 @@ config: port: "0" # secureMode contains the options for enabling and configuring RBAC and TLS/HTTPs for the metrics endpoint. secureMode: - # secureMode.enabled specifies whether to enable RBAC and TLS/HTTPs for the metrics endpoint. (Will be enabled by default in v2.14.0) - # * This option requires using a ServiceMonitor to scrape the metrics and as such is mutually exclusive with the podMonitor.enabled option. + # secureMode.enabled specifies whether to enable RBAC and TLS/HTTPs for the metrics endpoint. + # * This option makes most sense when using a ServiceMonitor to scrape the metrics and is therefore mutually exclusive with the podMonitor.enabled option. # * This option also requires using cluster scoped resources (ClusterRole, ClusterRoleBinding) to # grant access to the /metrics endpoint. (createClusterScopedResources: true is required) # - # This option requires the following settings within Prometheus to function: - # 1. RBAC settings for the Prometheus instance to access the metrics endpoint. - # - # - nonResourceURLs: - # - /metrics - # verbs: - # - get - # - # 2. If using the Prometheus Operator and your Prometheus instance is not in the same namespace as the operator you will need - # the Prometheus Operator configured with the following Helm values: - # - # prometheus: - # prometheusSpec: - # serviceMonitorNamespaceSelector: {} - # serviceMonitorSelectorNilUsesHelmValues: false enabled: false - # additional volume mounts for the kube-rbac-proxy container. - volumeMounts: [] tls: # certificateSecret is the name of the tls secret containing the custom TLS certificate and key for the secure metrics endpoint. # @@ -212,27 +199,6 @@ config: # example: kubectl create secret tls eck-metrics-tls-certificate -n elastic-system \ # --cert=/path/to/tls.crt --key=/path/to/tls.key certificateSecret: "" - # caSecret is the name of the secret containing the custom CA certificate used to generate the custom TLS certificate for the secure metrics endpoint. - # - # * This *must* be the name of the secret containing the CA certificate used to sign the custom TLS certificate. - # * This secret *must* be in the same namespace as the Prometheus instance that will scrape the metrics. - # * If using the Prometheus operator this secret must be within the `spec.secrets` field of the `Prometheus` custom resource such that it is mounted into the Prometheus pod at `caMountDirectory`, which defaults to /etc/prometheus/secrets/{secret-name}. - # * This is an optional setting and is only required if you are using a custom TLS certificate. - # * Key must be named ca.crt. - # - # example: kubectl create secret generic eck-metrics-tls-ca -n monitoring \ - # --from-file=ca.crt=/path/to/ca.pem - caSecret: "" - # caMountDirectory is the directory at which the CA certificate is mounted within the Prometheus pod. - # - # * You should only need to adjust this if you are *not* using the Prometheus operator. - caMountDirectory: "/etc/prometheus/secrets/" - # insecureSkipVerify specifies whether to skip verification of the TLS certificate for the secure metrics endpoint. - # - # * If this setting is set to false, then the following settings are required: - # - certificateSecret - # - caSecret - insecureSkipVerify: true # containerRegistry to use for pulling Elasticsearch and other application container images. containerRegistry: docker.elastic.co @@ -333,11 +299,49 @@ podMonitor: # Prometheus ServiceMonitor configuration # Only used when config.enableSecureMetrics is true # Reference: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#servicemonitor -serviceMonitor: {} - +serviceMonitor: + # This option requires the following settings within Prometheus to function: + # 1. RBAC settings for the Prometheus instance to access the metrics endpoint. + # + # - nonResourceURLs: + # - /metrics + # verbs: + # - get + # + # 2. If using the Prometheus Operator and your Prometheus instance is not in the same namespace as the operator you will need + # the Prometheus Operator configured with the following Helm values: + # + # prometheus: + # prometheusSpec: + # serviceMonitorNamespaceSelector: {} + # serviceMonitorSelectorNilUsesHelmValues: false + # + # allows to disable the serviceMonitor, enabled by default for backwards compatibility + enabled: true # namespace determines in which namespace the serviceMonitor will be deployed. # If not set the serviceMonitor will be created in the namespace where the Helm release is installed into # namespace: monitoring + # caSecret is the name of the secret containing the custom CA certificate used to generate the custom TLS certificate for the secure metrics endpoint. + # + # * This *must* be the name of the secret containing the CA certificate used to sign the custom TLS certificate for the metrics endpoint. + # * This secret *must* be in the same namespace as the Prometheus instance that will scrape the metrics. + # * If using the Prometheus operator this secret must be within the `spec.secrets` field of the `Prometheus` custom resource such that it is mounted into the Prometheus pod at `caMountDirectory`, which defaults to /etc/prometheus/secrets/{secret-name}. + # * This is an optional setting and is only required if you are using a custom TLS certificate. + # * Key must be named ca.crt. + # + # example: kubectl create secret generic eck-metrics-tls-ca -n monitoring \ + # --from-file=ca.crt=/path/to/ca.pem + caSecret: "" + # caMountDirectory is the directory at which the CA certificate is mounted within the Prometheus pod. + # + # * You should only need to adjust this if you are *not* using the Prometheus operator. + caMountDirectory: "/etc/prometheus/secrets/" + # insecureSkipVerify specifies whether to skip verification of the TLS certificate for the secure metrics endpoint. + # + # * If this setting is set to false, then the following settings are required: + # - certificateSecret + # - caSecret + insecureSkipVerify: true # Globals meant for internal use only global: diff --git a/charts/kubezero-operators/templates/cloudnative-pg/ClusterImageCatalog-bookworm.yaml b/charts/kubezero-operators/templates/cloudnative-pg/ClusterImageCatalog-bookworm.yaml new file mode 100644 index 00000000..cba8b2de --- /dev/null +++ b/charts/kubezero-operators/templates/cloudnative-pg/ClusterImageCatalog-bookworm.yaml @@ -0,0 +1,16 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: ClusterImageCatalog +metadata: + name: postgresql +spec: + images: + - major: 13 + image: ghcr.io/cloudnative-pg/postgresql:13.18-34-bookworm@sha256:79ffc8faf88cbaf768791a23f15031cc400778321378237ead6cb77e8cfcf192 + - major: 14 + image: ghcr.io/cloudnative-pg/postgresql:14.15-34-bookworm@sha256:95b3f1a94c3d6755128a57e335d35ff196597078e09b93438009b8a9dcb2d409 + - major: 15 + image: ghcr.io/cloudnative-pg/postgresql:15.10-34-bookworm@sha256:4e8945ec4d6b744aa612f80c6b80cc525eafb411e44527c81f249fda35363765 + - major: 16 + image: ghcr.io/cloudnative-pg/postgresql:16.6-33-bookworm@sha256:7dfda49485274b61ada9bb347caffac01dee442ffd119eb19317a2692347657b + - major: 17 + image: ghcr.io/cloudnative-pg/postgresql:17.2-33-bookworm@sha256:52b78e8e4a297e268be168c7e107a2117072dc38f4a11d9d056ff0cc13d4007f diff --git a/charts/kubezero-operators/templates/cloudnative-pg/grafana-dashboards.yaml b/charts/kubezero-operators/templates/cloudnative-pg/grafana-dashboards.yaml index 8279c103..ef7f3ac5 100644 --- a/charts/kubezero-operators/templates/cloudnative-pg/grafana-dashboards.yaml +++ b/charts/kubezero-operators/templates/cloudnative-pg/grafana-dashboards.yaml @@ -11,5 +11,5 @@ metadata: k8s-sidecar-target-directory: Operators binaryData: Cloudnative-pg.json.gz: - H4sIAAAAAAAC/+19eXfbOLLv//kUGE3fe+20F622lOmZd7ylO+c6tsd20m+mneFAIiRxTJEKFy/x8fvsDwAXcQE3iVpd79zXE5MUARZq+VWhUPXyDqGKJCna2LbMygf0B/0boRf+X3pHwyNCr1ZOb6Sr68vPZ7e/nX25qex4t1XcJSq7f2XoI2INiW1ObsrE7BnK2FJ0jT0yuWE9j/lLZWxhU7eNHpncG6v2QNE+yez+WPBS5/6FO63AsPyB153E6Z/936vrs5ubT5cXgumfPY0NYppspuVNX5IIfa0kuVOj//2241CbqGRENE7vl1f3mkG+2wqdRHwN0sZTwiP51x+IYboTr+1V96pi8nhvHmON0iHyUqwSw1IV05rc8Mh5xG6h8L3AiFMM1sXGANsDEh/rGBsocmu2oRLG+XXKMQYG7mMNx0aJXvbHid4ILlV1r7HXmOKbhgRbIzyOj/Zb9Ebu70rmNpFYanGBLJMXTQsL2PAmdHU2rrBwVxVwxW348oxjkCfBV9yGrs44gjIiJjEUIliaW3oPRW/Gh/PVFNY0nRKY3uV66p2jMZnMexpqMit6p2srqvWJvam2M7ka4CIxd9BniMaJ/AFZhk0C14eKLLiq9HTtRFd1g73QGHTxVnUH1Ws1+p9WawfVtoOv9hXW5FvQfyOuvkJTsKj6IZb/mZ55UEYKu1irVneC10fY6g2PtGd6q49Vk4RuWnjAdfi38FVfqsxhV8eGXPHvvgbnkfTYK//fb+/cxytEVqwI1Sp9xexh9R8EG1QwDOuzrllDep/Pnemj8fBW11VLGXtr5DCNZqsq/0tVtHuB+cHmqaGPZf1Ri34vXws2XcrBxNCwitgrAjyp9VRbJl+xYcZ+ek/ImHFk7IZHvwlReqpuyxpdvQcyHngE+Rb4AVu7YxXToWMvUyxOo8o1UbFFZHTqETYgA5ZPFaGRj//ANlSRwKh0ghf6Y3ASjpQKiJopF3TBFPlKN0M8WWHreRjgFzZYI/D3k7fe7t+MRavvInzmLPvB4YF/QR+HxdxZdyYlnzSqerUeOWdI6SOVcMLl7oUJljnGPfLX/3dX+cn/666yM9Zlfk1xf2neVV6DosZf6+G3SkhVuJR2xTMmXJW+rsrO+MHfDQzdHh8/R2TOufxZl51VJH1sq1bwZyP89MkiIzZOPUgyUzesS8MZJ6jJmAkiPgVCeoIYBldHYU3FJdJQtIHojqafUg4QKhBNN0ZYFf1oTDR58j6hAnlQyKP30VxXxxbfF4mIFvQ5foL7hPZnBs6tRTi3GeHcRj7ObbUzOLfnECCsy7E2sPHAMZ0qVrSQMXZWeKg/nisaubBHXWKYwsVhz3xWNOUzHnv3hetAFaNFEX6UV0fu0oywcc81auwLHQfiawwTxtePQjuVKvjY+vEPm/fS1eqRtTvMt3aNBqwdvXFJcRcT1SWtXnTxap2cq9eqw+oxv0M3cNBZXOjiRe19vZZ38ZqweCye0Lu3x2a5ixeJFZ2otklxAromY1Xpcb8DOeoaGYRFmljwB9F3IPyAFRV3FVWxnpHeZ7fZL5ifxlwz775KkKXzmxRk8R+ODYVS4xkpGuphk7DfYkpYRbUNsjeZWF8hqnyia31lEF5sFxGZ0QXvua5V8GJgBawhnf2Q4jCzEnjgNeIejccUpoRRfNhbTGFD/2ZVeDkwxYpB5BArTnxETSZPYT0X9MXYQtOfX+gaqcQeeI3/plLLnApVCFpAIwhnU0udzSmhLppMZMGM3mXM0GfhB6zakU+KPFxsCfqU1cVkpLQ3GaDOosvAIERLJ0s1lSyO2DznWydLpz/pdDq5Ceas2rskakd8+AnvJ8oH7pq6altRTqDeAxnHBQKJiJ5JO3eZHc/9XRqvfEuUUVtTrJse9gMIQm2sUxVErZITk/4W07mJFqueATeiOL+WhPNbWQaLUsrzdrpUrzOfT5PDziEeD71HNCbwgZv/oVpa6T97t7FN+Sf4+YZC9TT2lHr0NtU+do9cCuWnQknbi683NaemdaFbF3ThKol8xnW2GbGB3rKbqfaT2dkrQg2VZp0MOW/HvWgmWUmf/EhX+xw/67YV5osihpaHY8LfHiJNjpCgG+CaLC6HJuH7T2PDgQRPWz1tPJDo/xkTcyuZlkHwiJoh76qZErNAoqAF2kWiFyum9IhVeqlHFCofkj0u+uLt8JeoZED9+o/M67ecUJU/WPhBw13QWFzAIH1nx+koEFWMx8lcncdj6eXgnN+UwRCpeEBRiMymTEykmKZN0KPiQB3vQ/bQBbEedeMe6QYyHfiMGJg0+pRQJhrhZ6TpFhriB4KIptv0vV2syZQf6Yso9KHMLKvsJz2dLSqlAe73lR6il4PjIGxxdGTSNUAsGL4ZUIgHnLkGY4pjemscA+8FjfGFjhiPzAJRzDHpKVgtH6RU5wpSaiWDlOpebSaQUgbB9mrTk+yZqKr+OAv6vrG7uyahDp9cgGxLJ9oMJMvjIjQyXAQVP5Mi9Gotm16t6emV6d0102WS2qYClGrWO83OwWG90wLnYaWch1rEeWjldB46VXAe5us88FdKFIFJfJt9I90ICm4L7nVuo59R8G0Mbode+WgoFmEvlhzzZ5Y9QF+1zeE8B+BxyOdZRggvgpvoEQ8bO7+xhPeibtM5HhR1l86PfhWmYUzDZy4flfBhq+fmneuPSFbMe8TXlLlwFPtRX4xKE+pRpWlRf09VkWPXWUSajUCfMU1wv8D9Wk33q71896s9X18i3f36HRsayyUpQrPO8mnWmaM/ke58nVCzTQ2gWoxiK8BmnfbSfDCW44TOqR14Iy5+JrlaqeT6GEH24LJuhst6kM9lPag1wGUFl7WIy7rF/kP/P+o+b43ZzEyWPvNARXJEeipWRttoq4Z20b3dJSqxJOcO9+hMyc8tkbrPFgn6cLFdLNGr4xtm++Jxepi+R7GeSxpme3sbXV6jrM8WToX7LKZkm0Se2+c6Y5TxmTmdyagnHE1Py+lV3txeXh/9erZg33J1HMTlGj8ZG/e7XWbn5mcA3WNdhJ27+EiX5iKygzNfK9nIyAo5zGclG432KlnJIf37h04vqJtiK/1DqUn2c13NJhmNVWwIVagoDDzWTWuEWR4nU+yGJbF8gqKBzve1arUankjfV9TshVLkRF7euGFMj/NsigesxnnDu/MR9yzdiHo4MfNRmSbo6GXXnlOC8TRUpiUCa0zNj+l8uCsRf5RrVd628Vhbz+kgwyZ0ctqEZj1w6HAiB7VRpYCtiCm3kJnABsHgTG1K8qBvC2J61DMFpj3aMihYCm+DsfG72CTSE1WmUk8fjRSroE344ydWbsNh0m/bbLMtz1CGrqoMzMw2WCWnyYjahNurm6LuBPtJHosRfPU8HIyTqy/oi6WoiulkCLIoH7om36k0WCZsT5W4PfVZMU2Wm2k4xC1/mypR6VHYFoM1I0WLzng97PJOgQES94H8EXLsdKUNII5oB97emdEfHTsGh/+5ONzRzDoQWcsLPJqZwMMvq/AtHYtQhv2q/PiNKIMho8xhMNHJufc7y4aO3pqbPzoiWJsbzrj1JJEXFhAd9g899Rkb987Zwkg1EFP54ZyId9DIygdtmaln8UHJN9zUz5Qldu4RKxoxPvj/knpjW7JNPCBeko1k6XRZP9BXSAqDC2khRmFazz5HGixoGR5UolTmXyi5qtt8+Y/epS9lj+7ywge79KsNpWeyl6Pkcb0X0Rt0+jkPQORwiHP4vb53W5/Ff42ghTgycapHlQNNPpORbjwDOgF0AugE0EkBdNLIi07agE4AnRRDJxNUMOLmSWLH9tg5SpNY7g7uBByoxGJG3gUH0hhbQ3pn3/17v4flB8XUDfZMImjwB/wTvcOeVEYU9Hh/pCEZbwdYl9393plgTS5U49AkcWIrjGziYKNkcLNaIXjH6Daqb8/qJh7N80eozdeo16pztOn16owm3VyhLe9azsNMzYMW7GPAPsbse9ozHm3Kbbqi+weSFCFyYAtBcAKmmGULVlkKngKCjWUwVmCsyjNWh3mN1SEYKzBWuY7aln84tjK1HZr2vKVnhn5nU990AwSxTIhllhvLzJvi1TpYRIByXUzG24tQ5vR03txhmHlEHLMTwk6Pbo8Ku3P8R2UVXNgAhtn66cVfy9ft3UeszpVxhMMti4F+PzovzD/sN6vGPncau2TaI8pEaMtfiJ1Cx9LYebTS1tXqmnvv+S6JM7f9UqZYOvtFp/ne+R9dC8wQJUyR9/aQVNK3tpzr286P/T0gtkPvzt+UhC9h5/T6+ovIh7jTtmc/jhHLoGWqgn+VyY8ubhfm/s9UUU3ekssl+cq/F93wsi1fTGHN+jITWs5UPKaszCtvIlPR3FrlDBBR/uvRbzf7topYVjPq8jrsm1EgZvbKASYZKbv8DGCe0h7pmS6fNKqBFZnViiFFCi+Qn5v1ZRdf2K3XmofNduOgOc+qFenlZC72jwqQbbfWOjxsNw8PqtU3XIahiKc74fUMn3e3Vm1Xq9Vyxsp24OlwhzmKx6cN9+ezo+N2o5M6Srsz4yCZC7TbPmh0Zg0XyJZsG+5xveWV0shsdpIULjiolhaEhjIab2zHdHeLAZitber6+cFqyi8qYXk4EluMoPfHcQw/HEzB4GicDI3zZAytyp4qP8d7zHCa0y+nMvcy8l6SFeI572jr5OrLDnKSlnbQ6TGiyFCjC8CkZhsSo6GqIFQVFBIMqgpOQTOoKlicZOtVVRCaQuWE/gtD9lnNXxtJdd1rUCRvvuh+k4rkbZV64BIt6cTlzAcupy0lR0F40WQZ9pOFbdIEFhnOrcxybmUeFfkd560o/3w++7xo/uEbMlveBpmzLNzpZ+aD+IqgcJ83Z7mjLx1zlrSYB+n9g7+ZrRJ+Ymzg+bnh1c035lxWMuB7F1YHlxcXNwuuKXmij8Y2a0bHNp9Ee1H3mv6ood+PzhE2ekOFGjzWtSDQVnfvTvudNaIzbYN33lUGmm44L3Akz3veay7IFtnm54t5xoCwcSBrnNFj8OkZbSP6E4xGFC0r7hMPhC4ECzDtoU9uQ4UuQVXU1w1/lB1U438HZwqxkCKeRWYopOu2h17FaMhujfxcr88zUlSbMlKU6KuC07Vh+y2NpP2WOuy3wH7L9HlUecxm4T5W79FkJ8ffoAkfPnAAAKvx6vp8HCq4mzwuOCjeP+tOm/sgS8rbm/+uk0ssGQVTBKH0+Pys26JKj5sUOGuDFa443kwqo1KFiuN04P1/9emTP+1vTOVxamYItk4Vw/Ft+TBztpBdW1HlQGXs/EYykoXAqpNTWGpKD873FTQficaD5TSsUDHyF5ah+/o6J3vj8QbUKYfj5HleD8fJ51j7pJl0nPwAjpODZzndcfKZWyEv7zj5RzZ1qGcCBggM0ILqmSQaoDYYIDBA0xkg9m/8vJ4W6JrPvXwTFAnDBbLMTUQFBFEymZQLKHejoZODix6HhO+30rtDttlKtTjCFlIJCxjqGgkeKfS2ZvlOb72JhnQy0Ii+cKJv1k6pRiBjfOaM8U61OuOxwRJIxiexzKzxU0KNpEyhR4HDqrlOBs69VTifxdKSx5kQIoMwWwttw1ckI/pd0qQd5U0MAVM4OLPSfb4I59vGODFcAUOwZpWxoY+JYSkkJxWdkX3zlELFPwScKOLuDNHJacnyyFEBRZTHtuWycGI7lyhx2TYv5afTUzfZFk5D12S7mMc65rWRqTT0dFfjoDoV6QUKbJ6ED5w+XhRL13PQ/pRQPC8ys7lo36muBe071ZJon2Sc85joCOG/aOYz9eempXyixZ51AWLXvuW3k++iV6fINqtlnAFqJZwBarfhDNB8wzKbdAZoLof50RTBGjfIUTRac3x08r9frhadRA9hGQjLvNWwTBxmLjy0IISQiwzJJEDFtFDWCgSylhaLSYZ4EIiBQAwEYiAQA4EYCMRAIAYCMesQiGnmC8Qc1OoQiIFATJFMmRnP+aFlHfRDCznpN1v1liIlHRLr7yfHocLl9xcRg7rUVEUjSOm7QSbFDIeXDILlZ8SANqYMyIi3EfGk6rzrHHzEimobM0WKHG+k/IyKJcaJHG4rVFQOHPd1c9yP5uG2y4rJUiWFgwfIWLlmRqGnqATR79WNWJWRBaO8Vt7ttg6gPEB5eVGeV/JKZZ3JJGoRJVa3zNCIRUxJ0fkXBuueMbxgmxK35eH9Ns+wX0wQ0iuFerrm1tMKtIFBaaOh7UlnGP6c+ZL2OANgPVW3ZY2XZdodD+Jbe6VgsEsPuNxwEpSbxV0+GrsdkgnWMiKqDMm69j8WopqQFTSzFXOIusR6ZDuCbCC+EdhTqaATA9Gf++u8IVuA1TLgyXz39lYPsc3Yp8WtTF8Ary0/X3iOxErf0DtxZG9x6LYUci1vP+9K19WC5FoFelWXVpX7hkJz2VaJjIrLJVTnBk9qrT2pg5zx8lYLPCnwpPJ6Uj0Vj8aS26SWF7g2WOKiIRm2xqu8+SBcWKBY4D7xmtDUGFDvissNuzJ5L73q5Ooxf2cH1cQ+z0yNiZK9meuzk8uLk0/nZ9LZ9fXl9Y3kpD0uuhb0EmjuukUrQfST8y83t2fXb4DqYw7wVoLoV5eX52+C5qaHEVdIzdyc/HZ2+uX87LRshUPJTEzPkvyUoN7Qz+inJCFE7ymiFz7gMAy/L34g+lHOo9WcMaxAhCmMpl0IThdguODY03KDRDLpKSNKpqiX/ZYq2+RobcoOQ7v/b45FaDrJoxSsRhNBz4uutR0rSFPL50U0mpOKaKqi3UfKFM65Rg1D4qEClitTnxRq1eQpwx0zjYF9m/I6Jc10biplcyVvmepbPcx/+Q5aLdionT1R6C+zpiE9TJERFGkDUzatKeMNrlbJluU8yttoVcGWgS2bhy3L0RBOYIvS+qmldXx7qzYMHLM1sGYHC7Fm7dKsGV3WlTNonbwGrT1Pg7b8DR+qWldno2eDmyJ5xwq87CnJVH4Q124V864K9Hookr02z9Kjp17K2A396NT2DOJ1cjaTeX7gcaQDaVIixYR3Y1viX10FJ9CNeED1+0AwnZAteoonQ3wTKFInpO7JqvvmWM5XPDWCsgjf7Mw1w8yBOdW6z+k76q/CHfX5II63fZIjoyXj/tEq5QS+gT6eb6spJdU/t8qIHJmfTH2V21ImobGDJrSlhBjC9G0pI+XC+ophWt45VdxVVMV6lsY69emLlnV/H9+PXVQLx/n21PrISISuQyRCV4xERarIM5LjsUnk6JRy4IVErVKL+njNiFqpRrTKoVirBE69j7FG1GifsHJ4uCDdb+jqEwM5ZT3ipDb0x2nxV256NjLI2U4gZ6eWpaTlKLilulAb2JizLNUqmHF/pLk1V2fnikYu7FGXahwhc7NnPiua8hmPU1UjC/0RLnhB4fLt+tAa+Sp55RoQ5oiX+sejJkHT0LEs/zJPnHI6D1LNNkvPwTmqsmKC88mdYsTNHGODxKbnixPntnnLUz2jPGqiPNVBnkCeliVPkcOMixWZRsYR50SRaYDIgMgsS2Tcw3ksE2QfuUVxliVBUaPTzidBjXYTJAgkaFkS9M9gcGaxAhN1Imu53Z4WSAxIzNJsjq5pDv1XBavVmnkF5wAEBwRnWYLzGT+huQlPYnbV9FJ1mFeqDkGqQKqWJVW/G3iMw4fdl+v31HPCuEYNQgcgN8uMthkWWRmhqec1Nm0QGhCaZQmNtz6LEZpGwW3STlKx9XUSmV94dikyrWeVZak+KrI1/FCrVv/rL2hIlMHQcv7o6oZMjA/V8RMydVWRUVfFvfu/3FX+dqch9Isl+29gM9/FqjLQPiDn3M5fHlh9oR5WvcsjRZZVkvRORF/6y9h/X5/OdffRmQrq6qrMBp0w7y/7Y2cK+5ZM/0H/h33P30rXBOyOPyioiZVQEyUog03MWc2Xe3mqP2r5ar/VsgZKT339Mi4783VlUjtlbNzvZpy2mfXYUGb6aG1hdeoKJIY2CqZIJNjSRqPcOmwZ50zfUG4om+7rAo/srIAVLeG86kjRthZiabfnYGorq1GeGg6M5Dowos9onMsraP0PYi7Mgmu6d4irslvZ7PPAmad019Gut3L6yFWw62DXF+cdz9bMTGSg0c/iF5rSI1bZSwlvL2aPX9baxY4f5H0j2ADM0jqbpWjd78N8Zqle78AxRDBJK+FqiqyLaVGcM2K1kbzk46I9Kt+2ebkdKiaiDxlKD8mUETTZZF2qKMl1g7VDYu0rP6B/W/qYyvngeW/Sc2pP0fd/UIn+t9PAij5IAelgyPtV7bIZkl3nvSba0nQLEY1tQ8iswZZrsLb30AnWUJcgLMvOnR6TGjasYpmsaBW1dbZT3wE9Ktbww512p/373/9+xiP1TnNef87bYh2pqv6oKqb1gW197CJWDtL86x8p8/7G3wSVCx0b1w0rnVw2dB28r3bOqGr74O2auf1/OT3lPGGJNJZjwvLT/lxtYezVvHgOBS1t4avBXBba/1S0vl7UKvJmhbyo7o53OdS1MJNj3MaFvCyv07lwqmJOG2qFyzY2Y6peLWpxe1T0TaWXbHF6VBnxjluRF+EnxTzm2Qc3VG5FqRTuQyc8gYHI/ySGnvZYUF/GUjfch7jpji2ke/NKpew5cnMyYvW6EAuCGUcse8J9JhKxrcgGfrxhGRPs97w98k60apaqXlIZUKxnQYM7ptNlppkT1Lpjgaiu+WgI6Omzo5hEvH2YrlrKOPH+g/Ijpl4FnisTFWJwVW8mLAf79k9s0ais+maGXcRGRfDo7yzfJR6Mr/BaIa5ebkURBzPvpxR9GUrXdod4SYp+u0OnfhU3HmxAbqA08kBic6XqS/M+O6olOAjCPVYzVTQTrsfiXSJCEqXFelZG5ziBaB6bvSS9TO/3k8P9G1XMumCVJvo9hlVZHlzMPAHXSWosnQ4XfeHPC9eiCzYiWEvGbm6vOU81Mb8nTMRxUHl2dYvp/HjunDfJRDJPlFToOzxuG1FLpUTey9YzJj6v2RisvVffq20aBPMaSvOez05FJrZ1Q/y+A0Vh2Xb+opf5gdLuTKlmCp2yU+9pw8oyV3PqZVYkM9bxleVFxN4RiJn/Uvuvypsv7nzYmmuHghlt09hxXpdonTKPmSZFMzKq6FDe/Kr8+I1nEPNl2Ine80Bg6NZcOwzMLR5/6wmWEygURCFCT33Gxr2TTB7W6hVT+eHAyViIxo/ov9VIA+vl9h6Vb+zQvuilY94HgQWnTe8f/M1/vWOqmOWgeQdcwz0RZjOwy03oHmDbax29fhndInNZrzUPm+3GQfMw02q+RctYX0DTg9qaNqNrFD02nmAlM1y4qI/VC+VaUS4OmtBGEP1F7Wutmmhfg3eYbkoLeq13h58vGou3EXkqwxq4xoebmCvG6m829Ro/CWyj33XhSZElPCAvm2EBu5TusxjBNUmrWsp5nTlv/gbLsbNo+YX+WFmdHeJ6zpBfo9YsN0N3tn3izevvBklRM3XbYQdrRpgVY2SHbwxLYpG5osp/utruKR3jpjAe3p2PmBWuj+5ElXOGB5J4N9rasI1ICilXyMjU8xmZZh1sDM9I6tMn55x0BLZmOlsz6SnineWUHpwvny31NjUjaKkmZnmZRMFmIqFq/ovsJVJLKIXUrAmaiczCo6Ipi6YtCv2IZu9/Qb2VaDKcok7tw3yd9gSValz9llWtZrLrnl6xxn8uqWqNKBVFXPApZMaDpV7iVBArsFqU41P0VKKuEmGCfPyQFQgRZzsurNpLhvpJV0G59UyironiogiyS+wRMlFLwj4h4c19v45MhGWWJdyNqYS7AcINwr2Jwp1U0He1hfhgKiFughCDEG+iEN8MqR2W0bHd7zOOWw8Z7kwlwy2QYZDhTZThMyq7dLkeCDrBvWGk+ftqS3KtPpUoH4Aogyhvoij/rhv36DMZrYv4tqYS3zaIL4jvZrrEbA4a+wK0bqLcnkqUOyDKIMqbKMrXWJP1EbqizIlO9OgRx5UV43ptGjHuVEGMQYw3Mr5FvtuUNRSsrowoN2bZSz5Il+TN8Yw3vxHKfPSTOM0HFNi6KbA5aKWk9M+0FNCUNNAcqaACGU9LCc1KC82TGpqaHipOERWkiY5tY6ySiuDR19i1b5kfnJj9KdKBwizQuEooxcQ0pjAxjdxYMStbNDNjNEfWaO7M0czs0ZQM0rQs0pjopp1YSMskFfFCjozSpKzSzMzS1OzSN2mCih/w3nTrM8kNnd36JJ1KANO0bNPEFfSzRQSis7KW62AKy1VvguUCy7WJlkt8GDvJjpk850fqOjk/xXthofeo2IBdVe/dS6byg8zYeAuMJhhNMJpTG83OFEazdQhGE4wmGE3iJdlJPZZkN6U1A9MJphNM5xqaTnGiapbDeQC2E2znWwyVPurGvTQio8JGixrIWrXefNumC6wTWKdi1qk1hXVqgmcH1umNbuT5adrS1JYKTBSYqCWaKIGGXWkL1Z7GQrXBQoGFeosWyuCnD6QxHhCpp5sWWCewTmCd5madxKdmsnbGILoH1ulNWieTfAfTtOamKaEXL7/Hj8Mk6Bjnx4R1r01SHiHa8VfEHngVvLSvqHSdefVVMSM4nDKmEiPUGWCAl2FiOwITG060TDnO1qhnHExt5T1sQBnSb3lTMUexdsu6TnlLLFa2Zl3rj8mH2NJMmGNHDbGhNO1RtoE0Ax2vM03gbwTLxEjoOawb1vFz+kqu/znXVNM0iw1KKwC92kbKO+rqGBXbwKJyjPFK0Okrx8WP4skB1qLVpFIl0V2snmrL5Pj5gi5DkoFgDVkSFT29L0lsESUp7Rn/UGDaQ5TwvH142jMeb6Q98x+9m3Zbc75VqEP8BzhPpr2FskWCcRMbTUWTyVMuQleF43k9YTtZa1DLXIB6FvUbWaRvptC9lUb0w0yCt1OofZCL0gZh70sndYBelUrahCtjbNB/MZv0Lsvsv6aZhQTB5U3mqVq81T9jy1CeCgowRSj2SPvIDB+frC7s5Wfoj5NH/O9Jaq7hP+qwXAkfWZZ2yiFX0zKET5a7O4fXZlj47LPC3HCl9QMop5tDzuYDQrtUifUfoFyU3X4gpFUX238goVnKpK9ioP/Askl9OSYOmbGKbqjTahYg9+JbuY6pm2JZZLenYtNUesnlDxJ81Qp+UsxjXqzhJoCid+IPnfB6D0T+JzH0tMeCkTpB5Qv+EO/kLCo1w26mtdDkD3WxccS8a/eZqFMkG/jxhhWY4F0/lXgQkPWxvKQ2TbGe433fnSiizGKAaYFE1s6EtcITFgDhQDXRF7J0XbWUceL9B+VHLmeGGn1i8BBigt/FP/4TW7WxrvoBTXYRR00Mv+r1NI2maXLswQuixiBExWR+8qnC+jV1bXeIOEH0QaSLakSg2APZsUs2De5DauQhZiQrFKVoacSgCKl37/QpjU2Qm3pHRcTDHz4XUOSvpk9zEgzxGPAl6XV6v5/sneRuxfwWui1ndEFuz9r9mBLLsBbYauwwYj5r9QzzWa+KzWf90PcGmPzeR8ynsP+Yr5vETb/C7BXtoKxE6z6Ng6q6q1vMwoQe4EWOvCETKTnRiKFZedw6onZRibyXLdkH54BC3Kpn9fWqld+cK0e3X9MebWn0kyTfpwrX6vkwqdrTG9uSbbLdAZPQq7IpWbqF1Q/0FZJC0Ql5EQRkdlBi/OZ12z8uU7g3ZIEmXPWZmnCFF5hqIm4zcqHjqy/oCyNXHKqxz3K/ChAbIDZAbPkQmw/MnKFXH5tpBJDZxiGz+BGCKZDZu6Rvoatn9YbiHS0nONZ14lIpobHKd5saZrSLDFYj07TMdC4cG/qY1UskOZfSmYZD7xRCC8NmfeWJyCfeUv35Y73ZaZ2IA6oe8/Gf5Iip7eSeOTdhe0H1nfIZ1VnHmajElFHqs47iK6uiK5KiyTK0WSmrwKjjKL+iE5exOUzYnkcCt967Lrj8bUfMqqrq7OXTcQqGdBO1yByFXVVGyiqL+sdOu1EFUQdR32BRfxe9WkbkpVbPHXppQehlvUIvk+jKiIx045mfWqOyzbJfJI40s4Iq0Y7o/hv/RG+xC8oID4jzx4ZHXD5zEjpBF7T1uK8jXtFlex4BmKQiJBCZWcHITEZgRhdCg42OzdTWKDYjSoncuNDMWoRhCkRK5rZR1S6a51E/FKOlRudNIaMwy8eR0aKBD0v3ZWemiL+R9FK05JoYyzC1LVKWKQgmClH4dNCWi1S2E6DKcVknRxZNM3bqheygOOnyU+jlhb/k9TWTSvnym26IyRA5z20iJuyYAS4DXAa47M3islXd/1oYqstMP2q0xKhucq4MUF2JqE5WrIlx4T3mpkIwLEtoUhmX2nqJjd/FJpGecM+SevpopFgFQc0frdG37SQ0mB/SOGNbRE6ENO7x9NgXCrHOQhBhFj0NXVUZYCyToiXgazYtSmc2s0IoOxk/3rJjcNhp34PY9CHmB9gSkrEAWAKwXAtgyQ1aZYXwZmzTNQlwNgFvLieKKGi34MfGWEM/60mS3bOJXsL6yyx9FgpFx9K3OPMgmnOdok3TQgFkA5gGMA1gGsA0gGkgWFYoWNZsJATLWgBelgNeUgI3MsEy6w1lvtBLbl2+wqX4eAQnd9zGq380S0yHl9sqKZpz6pEAQjkAewD2AOwB2AOwZ4qYTSLugaDNknBPOEzziBVW4nGqVKZlxmaOGTghMvq7HU6Uzw1QghWwgrRaaAGsVi0hMbIlKIC1+UX7R/hJVA1RdGg6S+vn0fyp2l+sv3NYAeGH53nbn8+OjtuNTkV8lmpyRG7vsKwRxTYoMlq75PYFY6fUPP9z+SWW24ISy7F+pEklllsZJZab4WLNySWWKYN/VX74RZYPoxjSue+hz9jtSGsCkUOwjk0Jbj3x5r5QYo2I4JOfsXFPjCTYq/xwQK+QQn57g4IVnhvzr9+cnvoj2JLZGrNJUtWmWQ+s3Cihvq8y2kZbNbSL7m1KTWJJzh0e+jAl/IAVldW4dI+8JZ9uE7463mt0XzxODzteZUnDbKcWm044SJcOV5Igi2g+wirTCTlKYZTz8frsTLq5Ojo5qxSqzrpxXLP104u/oK/bu49YnSv3CIfbAC6Sfj86L1zV/CufA7phVHPObH5AV7+eHt0eIazJiL0yq9K5uFruANsDsmldPWTSU0aY26E6ANt5ANv2QoFtB4Dtk+hiPmR7AMh2ZZHtJiNYIS5QWP1MU7JNIs8NuTpjvHHE+uni8vTsZg0g6zzYpBBUnZ5dNhCiOmwzC0b9xMgJGBXiqxBfXSsYejhLC7uDalaXWIivQnx1obDDtEc85d035TuFEAiDHqUFr6yuufeel5S40/bvtBmnVnpsLTi993eargVmhhKmxrNPJJX0rS3nOtt43r7T2Ix5VXzWotSdtykJX8KgV19/KdyZsEwM5Uzn9XU3uRfhbFHi6WJ7tyxUyxfA3HTQlJL0JzafqT17cyQAFkgCzJ0ImJkMmDshMEdSYK7EwBzJgXkTBLOSBHMkCuZJFkxNGExAdtmJgwWTB7MSCLOSCHMnEmYmEyZ9cXZSYY7EwqzkwqwEw4wkw6S5ZycbpiccihD3urW7LtdVyuG4tKvr2lV7ppSPg8OMwHhOj0SY35iS45grzzFXrmNGvqMwm1eY95iR+5iS/5ie5bs0hJ+vS3ZG0Q+L4leZoWsiz3x6ZHtWJOpOZFr4ebTcQG9p6+GY8/ksSNKZnilWy5vmtMt1vCHL1SesJcOqr5Y7y2kX62RDFssglm1oK79a3jSnXa7TDVkue0z/XPnVcmc57WIVj5bc2mOVoE/7l+HjjiF3KnqiAAIgEACBAAgEQCAAAgGQzQyACFMDMyMgBxAB2ewISArE7Kr3pjRUrHILZ0yBIOkcEiphbFr8I2s1DILlOSxHqb4ZlmdfrOPCoJ+fIQbQD6AfQD+AfgD9GwX6Z0iglEkv3mB8DbcqD1vpQL1eB6A+I1CPZSy296p7rco6gXmvhq+LEL06vvT/fBhpUu3sZgW6T/2JgkSLv98iLMdvx7tOAeZYNy0ql2ZhoDkz5kcuhKRr7010+tS7o8Jw8tSlF+LWDNAkoElAk4AmAU1CCHkhIeR1ha7CIHMmdgXouoIx5tkjlgxUhqFmqRHkxCrLU6DN5KMd00PIW/r56Jh9ftGQZLxSYjkVJYs2kaV+CR4Q9N8srBovymhQ5LfC1RjrCdUYD9eoGiOAdgDtANoBtANoh7yPHJC8nbfUaSMdkEPSxxoDco7FGQQjPYrfGCp/xKqEjd5QeXCOh9vmC+d/isbZbv1zYUheKSFH4Dk1SWD+SRvzoKZMOaQEYpaYjcFmlIvQxRMufj86RzdkwKQUHTn0QDecHhAuB+QNyBuQNyBvQN5vGHm3p0DeLYiFb1Qs3AWKhvcPWeJ9/V6WkETtzWA9cHcKKftYUcslZJkHifnk5gS5XZhtuDh7oZnOSR0eAYkDEgckDkgckDggcTdxZVUzVkQgvXYwDUpvAEpf8wB5DFWapKezHpqmQrGixKr4uvdm66Q5DVAfkKkwejZ+PKdf5cdqjwaQ1wzwsAA8BHS4cegwiYGC4DCJKoAOAR1ubIbEQS0dAR7WW28TAlJ4NFDJmlfGSNnaF5Wa30HJABB5e/88HJmA/tIzlfPnIs/prBvbyT9h01+/FOXfDcWiUHbIik6c64O1S1JuiJOUa21IUgYEDgFaCNCud4CWszVg8NS35exkdlCtljWijI373RzQv5Ew5gaGhg/yZk530v2CGqROb0Bk2CBjVelxOyOpeFBC/HfVzypeT74YneMBBIYBlgIsBVgKeQMQGYa8ARE4PJgGHEI7qbUNGU+RWhBEkY8sTsmwpJdnsJqYEu3+Db28UDXnTzyx7toM4WYeswWUCSgTUCagTECZgDIBZSagTGE5tSyY2eoAzHyjMLOv2uYQYCYn8UdGi0XCTDghBRgUMChgUMCggEE3CYO2p8Cg9Spg0DeKQdm/8XPJIHS+IHNOebXXnBIFIeiKJNYGEgLWLqm2KU6qrTdqubNqe9hwrFtYJsVgnD994udzdZv9frUaYTPnp56Cr5jfDSvhiSHVWuwRxUdb5JJzaFSgmShSfeLg270Iipok7I9Jjy7FqJKoaNjaTKQnwJQ7iwy1p7gkKwqcy8Ooa9xVVpgkl1zvf0iwRcFlXLLYGjMv8tju3TvaLrZQ9JnBkPp0Q+vElc6owvbkPHw8OwFjcOMvWPDXfMiF4RObCafQcPi3XbaIrlGPqOqvnA51wZ2vDHeawt8lRANSdYHrxiYrp6C6cPSPwAxSrjKTq+SYnmbzJqJQcy14ytNuYpUWcAxq9XYql3s4JTVoUjEGXbxVb7V2qjv8v3uH26mVjRihqNqdLEAcbLC5kd1qJ/U1ybg2gevir6BG1vxo4BERTgM/6/YkAJL6IjbiV9eTEXq7M537oi8/CZo2MXs8/0b1pD6gn5Pr25+PnhQh+WPxH5X0reLcOvHDpu0NV6vuNfYaUYjFR/1Hmg5bncLA7r8YMJZtw0HIywHspYZ9T/zPQqfuZ0XQdwKze5IpUObsThoDvwrhvWfrQjefhJwdHDvxvWKhqPR9OsYAoqoPjjEXg9rOFOM5fHys21yTRTQNpGRAOByi4VARAqLhEA1Ha1wRIn8bu1ZWG7tGC4LeKxj0ng4e8wpgAYxMuU83lhPJLhUfn7HvMNcvIH3irQwvfmuuXVC6lRSU7kCpB4DWAK0BWgO0Bmhdeg9pbJFbatWPzE+mvgJJJwezdK07yMLfh4C/NwZ/9xXDZIklPcZ2uKuo1C5KXJsXBOHva9VqFf0NCTa9+qFdb0mw7b0ioP0jIwa6DhEDccuyfkD+mFoye7x+AP4gAcB3GiUDeMgjX110v1srB963Ad5DHjnAe4D3s8F7oYpYDVTfyovqDzNQfQei6rOi+lj2SnuvvlerrGRDju6A18owpN6Q9O65fjepG/B95tB7TrCf0QtultOQ3t2PmHk4Iosm6JT9fT/boTheiS7ZqSvIaC4vag1LXwY++/35FN77bhNqxOR9FqaR4awq+BjgY4CPAT4G+Bgr4mOMzDXyMFpTeRhQtPmNexhufT6Gs96mn8G/fxM8Dcl81noLXcjS14J9wVx8DV54cf+Gvh6xL1rDHLCJQ1nG9lGJm0OH4s2hg4lpWffNoQCQKgTJ3uXBOIk213+gmngrHz7ioiiTJ3FqlcdKzNWjr7nQ0TXB8jOiMmhWhE+/5oV0Pn86AC0T4K4ThF1ozve7rFlTtrOoITCS/AwukZXu8wUeEbGLM+HCqHZNcnHGhj6mHqlCChLXmYuLDRMnFID1Fbb5r/UUlSDiZPBOtyDvku4WAON1ARhv5m2s2EwH4wednEk8vWCMpktdW+a/alHxZwGP8TAl2lH5j21aSt/H54IYTUU3WMjEjySIHqGKx+6Ry0QtNvEQBPEHbFoXOo9qVDKVAVfxphhrPHinlrMP2PKwAqG2RrNOhm75EwHU5BrRIw1/vYQ1mRdSiVLgkcrpuXcqOfVcYa6ztMuvfiNG3h4ONe3R1r3dJRI1ERyM2myXgtqMAOykCJNpB0xHvZigz1f0Huka2qI/3EY86CKxQ8xbSGXBRImaTom92NCIRUxJ0Tm10TbyR+PPmS9pjzN021N1W9Yo1z6Q3fGAjrs9tRMiRORR2OpYzEv3g9EVM52JpXbEI06BbV3jylZgTrHx2yFB3jIiI6KFkaxr/2MhqsgtCnhsxRyiLrEeqcFEbLAuNgnqqVTFEAPRn/u8Ye4BchOAjFKwmyg8WS5k2ymJNH0nwl5LsP102eiylwd8a2KyJIxusV2SZr3T7Bwc1jutwsRzRB3wLuDdt4J3m1Pg3cNqHfAu4N2Vx7sj/LRFBdIyWIK+IRm2xoOiPh6SLN3CaiTmKkC/O8ixahQcc7lmVybvZX3UHbQ0f7x64sKyiaIRHI0tAlqvz04uL04+nZ9JZ9fXl9c30vHRyf9+uQIoC1AWoCxAWYCyAGXXBsq2pwrdtgHKApQFKOtB2S4/6Th/JOucqAQgC0AWgCwAWQCyAGQByKK0Sn7ZQdkmIFlAsoBkPSTL6vbLtkrkRUHaG29ABOAWwC2AWwC3AG4B3AK4jYDbg6nAbQPALYBbALceuB3rurqIhIMrPs5bQrJQViL8KBSmhqoSvo6GwtRoTapKwBFGOMIIHtZGeVjtWY4wZtQhP2y+0XoiiT1CyygoslIuzBs8Ayi+P9MhQKHXNFMtvfTBF1dPb+1D+OBPgT8F/hT4U+vvT8E+H+zzgRcKXug6e6HNabzQg0PwQt+CF7oGJ3NnP3qb7irOuhPm1xfMMy/wIsGLBC8SvEjwIsGLBC8SvEjwIsGLXAsvsj2VF9kGLxK8yFU4FD/zqffF+JB5pgUuJLiQ4EKCCwkuJLiQ4EKCCwkuJLiQa+FCiqtpZPmQnSr4kJvtQ25yvYp83ugMBSsW45cWmyB4qOChgocKHip4qOChgocKHip4qOChroeHejDVLmcHPFTY5VyFmjIzF41ZjDeZZ1pFW4p77/YOcKa1+H7n/pJ9GbNU7G6j6oxPrz0oLhNys87DASM8Yc0GF3fKjAGQFTkr6w5eufn7ecUfzOJxDiuIOR1xnrBzoJN4zzYMR6BDXrJJVNKziNDX8BFUkvPsq+bx5AGRX+4xWbBRuaJRV1kmR6oaH7qien7f6UTwArdHlNkVwc94nSr2qxvp6vry89ntb2dfboI/nKjSoGasfLeJ8Rz5jujtr963Bu9M1rsWujrg6Cr0qHmvjL8YKut3L5i5x1MBRRPt4S5eyyCVc2gpFl5QKADxvDZ+YtupIyZSRbjHGFB61I17yq47vibaDr8yFELxFRN6pFCEIDoFdHJx9eskrqKYSNV72Aoh1Ol5xD9i7Y9chFdi+rQAv4Qk6bvxfOusYgi9T5irDGIHtedkgb9iQ8FdlfydDXXGLdBu6JpYKifcW5+Ne10DXRUw9Pfg8HPl5Z42Hkg9RtIe/X6JOtvFeDQWwiuZTU+990/FptrM7OmxYRqdgux1Y2FNxoY8OyPtBwtQbP2fX5hZ+dsf/7qrfPt5e3+w7mwWwWdaoK5GCgdyjeie8CmFvQTvyuKpXvwn5XBUPpIsUpft3911vRNjd91S2LA2DRtiVfWBxE/uhHa3/qjtdr79UaX/eR+yrMtg2p2xLvNrwtn9lM7VpzEdyjeuesQswuNhp2HC4p9EL/OYPPIjj8eFE5jOrDd3ZuX+QrRdqHiwiS1GKN55YZdXx4lRRpPItRf+pJ7+425t6Hk9PO7IrlVCPxsrvftArIs9cEpUzBcl/OQPFjjwEE3wgCX1sS64j3X1q3PPdsJSAu+r8uA7bJyElUdC7qmNdEITlXev/x+FGHERW4YDAA== + H4sIAAAAAAAC/+19eXfbOLLv//kUGE3fe+20F622lOmZd7ylO+c6tsd20m+mneFAIiRxTJEKFy/x8fvsDwAXcQE3iVpd79zXE5MUARZq+VWhUPXyDqGKJCna2LbMygf0B/0boRf+X3pHwyNCr1ZOb6Sr68vPZ7e/nX25qex4t1XcJSq7f2XoI2INiW1ObsrE7BnK2FJ0jT0yuWE9j/lLZWxhU7eNHpncG6v2QNE+yez+WPBS5/6FO63AsPyB153E6Z/936vrs5ubT5cXgumfPY0NYppspuVNX5IIfa0kuVOj//2241CbqGRENE7vl1f3mkG+2wqdRHwN0sZTwiP51x+IYboTr+1V96pi8nhvHmON0iHyUqwSw1IV05rc8Mh5xG6h8L3AiFMM1sXGANsDEh/rGBsocmu2oRLG+XXKMQYG7mMNx0aJXvbHid4ILlV1r7HXmOKbhgRbIzyOj/Zb9Ebu70rmNpFYanGBLJMXTQsL2PAmdHU2rrBwVxVwxW348oxjkCfBV9yGrs44gjIiJjEUIliaW3oPRW/Gh/PVFNY0nRKY3uV66p2jMZnMexpqMit6p2srqvWJvam2M7ka4CIxd9BniMaJ/AFZhk0C14eKLLiq9HTtRFd1g73QGHTxVnUH1Ws1+p9WawfVtoOv9hXW5FvQfyOuvkJTsKj6IZb/mZ55UEYKu1irVneC10fY6g2PtGd6q49Vk4RuWnjAdfi38FVfqsxhV8eGXPHvvgbnkfTYK//fb+/cxytEVqwI1Sp9xexh9R8EG1QwDOuzrllDep/Pnemj8fBW11VLGXtr5DCNZqsq/0tVtHuB+cHmqaGPZf1Ri34vXws2XcrBxNCwitgrAjyp9VRbJl+xYcZ+ek/ImHFk7IZHvwlReqpuyxpdvQcyHngE+Rb4AVu7YxXToWMvUyxOo8o1UbFFZHTqETYgA5ZPFaGRj//ANlSRwKh0ghf6Y3ASjpQKiJopF3TBFPlKN0M8WWHreRjgFzZYI/D3k7fe7t+MRavvInzmLPvB4YF/QR+HxdxZdyYlnzSqerUeOWdI6SOVcMLl7oUJljnGPfLX/3dX+cn/666yM9Zlfk1xf2neVV6DosZf6+G3SkhVuJR2xTMmXJW+rsrO+MHfDQzdHh8/R2TOufxZl51VJH1sq1bwZyP89MkiIzZOPUgyUzesS8MZJ6jJmAkiPgVCeoIYBldHYU3FJdJQtIHojqafUg4QKhBNN0ZYFf1oTDR58j6hAnlQyKP30VxXxxbfF4mIFvQ5foL7hPZnBs6tRTi3GeHcRj7ObbUzOLfnECCsy7E2sPHAMZ0qVrSQMXZWeKg/nisaubBHXWKYwsVhz3xWNOUzHnv3hetAFaNFEX6UV0fu0oywcc81auwLHQfiawwTxtePQjuVKvjY+vEPm/fS1eqRtTvMt3aNBqwdvXFJcRcT1SWtXnTxap2cq9eqw+oxv0M3cNBZXOjiRe19vZZ38ZqweCye0Lu3x2a5ixeJFZ2otklxAromY1Xpcb8DOeoaGYRFmljwB9F3IPyAFRV3FVWxnpHeZ7fZL5ifxlwz775KkKXzmxRk8R+ODYVS4xkpGuphk7DfYkpYRbUNsjeZWF8hqnyia31lEF5sFxGZ0QXvua5V8GJgBawhnf2Q4jCzEnjgNeIejccUpoRRfNhbTGFD/2ZVeDkwxYpB5BArTnxETSZPYT0X9MXYQtOfX+gaqcQeeI3/plLLnApVCFpAIwhnU0udzSmhLppMZMGM3mXM0GfhB6zakU+KPFxsCfqU1cVkpLQ3GaDOosvAIERLJ0s1lSyO2DznWydLpz/pdDq5Ceas2rskakd8+AnvJ8oH7pq6altRTqDeAxnHBQKJiJ5JO3eZHc/9XRqvfEuUUVtTrJse9gMIQm2sUxVErZITk/4W07mJFqueATeiOL+WhPNbWQaLUsrzdrpUrzOfT5PDziEeD71HNCbwgZv/oVpa6T97t7FN+Sf4+YZC9TT2lHr0NtU+do9cCuWnQknbi683NaemdaFbF3ThKol8xnW2GbGB3rKbqfaT2dkrQg2VZp0MOW/HvWgmWUmf/EhX+xw/67YV5osihpaHY8LfHiJNjpCgG+CaLC6HJuH7T2PDgQRPWz1tPJDo/xkTcyuZlkHwiJoh76qZErNAoqAF2kWiFyum9IhVeqlHFCofkj0u+uLt8JeoZED9+o/M67ecUJU/WPhBw13QWFzAIH1nx+koEFWMx8lcncdj6eXgnN+UwRCpeEBRiMymTEykmKZN0KPiQB3vQ/bQBbEedeMe6QYyHfiMGJg0+pRQJhrhZ6TpFhriB4KIptv0vV2syZQf6Yso9KHMLKvsJz2dLSqlAe73lR6il4PjIGxxdGTSNUAsGL4ZUIgHnLkGY4pjemscA+8FjfGFjhiPzAJRzDHpKVgtH6RU5wpSaiWDlOpebSaQUgbB9mrTk+yZqKr+OAv6vrG7uyahDp9cgGxLJ9oMJMvjIjQyXAQVP5Mi9Gotm16t6emV6d0102WS2qYClGrWO83OwWG90wLnYaWch1rEeWjldB46VXAe5us88FdKFIFJfJt9I90ICm4L7nVuo59R8G0Mbode+WgoFmEvlhzzZ5Y9QF+1zeE8B+BxyOdZRggvgpvoEQ8bO7+xhPeibtM5HhR1l86PfhWmYUzDZy4flfBhq+fmneuPSFbMe8TXlLlwFPtRX4xKE+pRpWlRf09VkWPXWUSajUCfMU1wv8D9Wk33q71896s9X18i3f36HRsayyUpQrPO8mnWmaM/ke58nVCzTQ2gWoxiK8BmnfbSfDCW44TOqR14Iy5+JrlaqeT6GEH24LJuhst6kM9lPag1wGUFl7WIy7rF/kP/P+o+b43ZzEyWPvNARXJEeipWRttoq4Z20b3dJSqxJOcO9+hMyc8tkbrPFgn6cLFdLNGr4xtm++Jxepi+R7GeSxpme3sbXV6jrM8WToX7LKZkm0Se2+c6Y5TxmTmdyagnHE1Py+lV3txeXh/9erZg33J1HMTlGj8ZG/e7XWbn5mcA3WNdhJ27+EiX5iKygzNfK9nIyAo5zGclG432KlnJIf37h04vqJtiK/1DqUn2c13NJhmNVWwIVagoDDzWTWuEWR4nU+yGJbF8gqKBzve1arUankjfV9TshVLkRF7euGFMj/NsigesxnnDu/MR9yzdiHo4MfNRmSbo6GXXnlOC8TRUpiUCa0zNj+l8uCsRf5RrVd628Vhbz+kgwyZ0ctqEZj1w6HAiB7VRpYCtiCm3kJnABsHgTG1K8qBvC2J61DMFpj3aMihYCm+DsfG72CTSE1WmUk8fjRSroE344ydWbsNh0m/bbLMtz1CGrqoMzMw2WCWnyYjahNurm6LuBPtJHosRfPU8HIyTqy/oi6WoiulkCLIoH7om36k0WCZsT5W4PfVZMU2Wm2k4xC1/mypR6VHYFoM1I0WLzng97PJOgQES94H8EXLsdKUNII5oB97emdEfHTsGh/+5ONzRzDoQWcsLPJqZwMMvq/AtHYtQhv2q/PiNKIMho8xhMNHJufc7y4aO3pqbPzoiWJsbzrj1JJEXFhAd9g899Rkb987Zwkg1EFP54ZyId9DIygdtmaln8UHJN9zUz5Qldu4RKxoxPvj/knpjW7JNPCBeko1k6XRZP9BXSAqDC2khRmFazz5HGixoGR5UolTmXyi5qtt8+Y/epS9lj+7ywge79KsNpWeyl6Pkcb0X0Rt0+jkPQORwiHP4vb53W5/Ff42ghTgycapHlQNNPpORbjwDOgF0AugE0EkBdNLIi07agE4AnRRDJxNUMOLmSWLH9tg5SpNY7g7uBByoxGJG3gUH0hhbQ3pn3/17v4flB8XUDfZMImjwB/wTvcOeVEYU9Hh/pCEZbwdYl9393plgTS5U49AkcWIrjGziYKNkcLNaIXjH6Daqb8/qJh7N80eozdeo16pztOn16owm3VyhLe9azsNMzYMW7GPAPsbse9ozHm3Kbbqi+weSFCFyYAtBcAKmmGULVlkKngKCjWUwVmCsyjNWh3mN1SEYKzBWuY7aln84tjK1HZr2vKVnhn5nU990AwSxTIhllhvLzJvi1TpYRIByXUzG24tQ5vR03txhmHlEHLMTwk6Pbo8Ku3P8R2UVXNgAhtn66cVfy9ft3UeszpVxhMMti4F+PzovzD/sN6vGPncau2TaI8pEaMtfiJ1Cx9LYebTS1tXqmnvv+S6JM7f9UqZYOvtFp/ne+R9dC8wQJUyR9/aQVNK3tpzr286P/T0gtkPvzt+UhC9h5/T6+ovIh7jTtmc/jhHLoGWqgn+VyY8ubhfm/s9UUU3ekssl+cq/F93wsi1fTGHN+jITWs5UPKaszCtvIlPR3FrlDBBR/uvRbzf7topYVjPq8jrsm1EgZvbKASYZKbv8DGCe0h7pmS6fNKqBFZnViiFFCi+Qn5v1ZRdf2K3XmofNduOgOc+qFenlZC72jwqQbbfWOjxsNw8PqtU3XIahiKc74fUMn3e3Vm1Xq9Vyxsp24OlwhzmKx6cN9+ezo+N2o5M6Srsz4yCZC7TbPmh0Zg0XyJZsG+5xveWV0shsdpIULjiolhaEhjIab2zHdHeLAZitber6+cFqyi8qYXk4EluMoPfHcQw/HEzB4GicDI3zZAytyp4qP8d7zHCa0y+nMvcy8l6SFeI572jr5OrLDnKSlnbQ6TGiyFCjC8CkZhsSo6GqIFQVFBIMqgpOQTOoKlicZOtVVRCaQuWE/gtD9lnNXxtJdd1rUCRvvuh+k4rkbZV64BIt6cTlzAcupy0lR0F40WQZ9pOFbdIEFhnOrcxybmUeFfkd560o/3w++7xo/uEbMlveBpmzLNzpZ+aD+IqgcJ83Z7mjLx1zlrSYB+n9g7+ZrRJ+Ymzg+bnh1c035lxWMuB7F1YHlxcXNwuuKXmij8Y2a0bHNp9Ee1H3mv6ood+PzhE2ekOFGjzWtSDQVnfvTvudNaIzbYN33lUGmm44L3Akz3veay7IFtnm54t5xoCwcSBrnNFj8OkZbSP6E4xGFC0r7hMPhC4ECzDtoU9uQ4UuQVXU1w1/lB1U438HZwqxkCKeRWYopOu2h17FaMhujfxcr88zUlSbMlKU6KuC07Vh+y2NpP2WOuy3wH7L9HlUecxm4T5W79FkJ8ffoAkfPnAAAKvx6vp8HCq4mzwuOCjeP+tOm/sgS8rbm/+uk0ssGQVTBKH0+Pys26JKj5sUOGuDFa443kwqo1KFiuN04P1/9emTP+1vTOVxamYItk4Vw/Ft+TBztpBdW1HlQGXs/EYykoXAqpNTWGpKD873FTQficaD5TSsUDHyF5ah+/o6J3vj8QbUKYfj5HleD8fJ51j7pJl0nPwAjpODZzndcfKZWyEv7zj5RzZ1qGcCBggM0ILqmSQaoDYYIDBA0xkg9m/8vJ4W6JrPvXwTFAnDBbLMTUQFBFEymZQLKHejoZODix6HhO+30rtDttlKtTjCFlIJCxjqGgkeKfS2ZvlOb72JhnQy0Ii+cKJv1k6pRiBjfOaM8U61OuOxwRJIxiexzKzxU0KNpEyhR4HDqrlOBs69VTifxdKSx5kQIoMwWwttw1ckI/pd0qQd5U0MAVM4OLPSfb4I59vGODFcAUOwZpWxoY+JYSkkJxWdkX3zlELFPwScKOLuDNHJacnyyFEBRZTHtuWycGI7lyhx2TYv5afTUzfZFk5D12S7mMc65rWRqTT0dFfjoDoV6QUKbJ6ED5w+XhRL13PQ/pRQPC8ys7lo36muBe071ZJon2Sc85joCOG/aOYz9eempXyixZ51AWLXvuW3k++iV6fINqtlnAFqJZwBarfhDNB8wzKbdAZoLof50RTBGjfIUTRac3x08r9frhadRA9hGQjLvNWwTBxmLjy0IISQiwzJJEDFtFDWCgSylhaLSYZ4EIiBQAwEYiAQA4EYCMRAIAYCMesQiGnmC8Qc1OoQiIFATJFMmRnP+aFlHfRDCznpN1v1liIlHRLr7yfHocLl9xcRg7rUVEUjSOm7QSbFDIeXDILlZ8SANqYMyIi3EfGk6rzrHHzEimobM0WKHG+k/IyKJcaJHG4rVFQOHPd1c9yP5uG2y4rJUiWFgwfIWLlmRqGnqATR79WNWJWRBaO8Vt7ttg6gPEB5eVGeV/JKZZ3JJGoRJVa3zNCIRUxJ0fkXBuueMbxgmxK35eH9Ns+wX0wQ0iuFerrm1tMKtIFBaaOh7UlnGP6c+ZL2OANgPVW3ZY2XZdodD+Jbe6VgsEsPuNxwEpSbxV0+GrsdkgnWMiKqDMm69j8WopqQFTSzFXOIusR6ZDuCbCC+EdhTqaATA9Gf++u8IVuA1TLgyXz39lYPsc3Yp8WtTF8Ary0/X3iOxErf0DtxZG9x6LYUci1vP+9K19WC5FoFelWXVpX7hkJz2VaJjIrLJVTnBk9qrT2pg5zx8lYLPCnwpPJ6Uj0Vj8aS26SWF7g2WOKiIRm2xqu8+SBcWKBY4D7xmtDUGFDvissNuzJ5L73q5Ooxf2cH1cQ+z0yNiZK9meuzk8uLk0/nZ9LZ9fXl9Y3kpD0uuhb0EmjuukUrQfST8y83t2fXb4DqYw7wVoLoV5eX52+C5qaHEVdIzdyc/HZ2+uX87LRshUPJTEzPkvyUoN7Qz+inJCFE7ymiFz7gMAy/L34g+lHOo9WcMaxAhCmMpl0IThdguODY03KDRDLpKSNKpqiX/ZYq2+RobcoOQ7v/b45FaDrJoxSsRhNBz4uutR0rSFPL50U0mpOKaKqi3UfKFM65Rg1D4qEClitTnxRq1eQpwx0zjYF9m/I6Jc10biplcyVvmepbPcx/+Q5aLbxPiUtQ5LTnQW7LImQSCyq2gV2b1q7xblerZNhynutttKpg2MCwzcOw5egOJzBMac3V0tq/vVWDBl7aGlizg4VYs3Zp1owu68oZtE5eg9aep0Fb/u4PVa2rs+uzwR2SvDMGXiqVZCo/iGu3irlaBRo/FEllm2cd0lMvf+yGfnRqrwbxOjk7yzxZ8DjSjjQpq2LCu7H98a+ughPoRjyg+n0gmE7IFj3FMyO+CRSpE1/3ZNV9cywBLJ4nQVmE73zmmmHmwJxq3ef07fVX4fb6fBDH2z7WkdGfcf9olRIE30BTz7fVoZLqn1tlRI7MT6a+yj0qk9DYQRN6VEIMYfoelZHaYX3FMC3v0CruKqpiPUtjnfr0RWu8v49vzi6qn+N8G2x9ZCRC1yESoStGoiIl5RnJ8dgkcnRKOfBColapRX28ZkStVCNa5VCsVQJH4MdYI2q0aVg5PFyQ7jd09YmBnBofcVIb+uO0+Cs3PRsZ5GwnkLNTy1LSchTcUl2oDWzMWZZqFcy4P9Lpmquzc0UjF/aoSzWOkLnZM58VTfmMx6mqkYX+CBe8oHD5dn1ojXyVvHLdCHPES/2zUpOgaeiMln+ZZ1E5bQipZpulAeEcVVkxwfnkTjHiZo6xQWLT88WJc9u85ameUSs1UZ7qIE8gT8uSp8jJxsWKTCPjvHOiyDRAZEBkliUy7kk9lgeyj9wKOcuSoKjRaeeToEa7CRIEErQsCfpnMDizWIGJOpG13G5PCyQGJGZpNkfXNIf+q4LVas28gnMAggOCsyzB+Yyf0NyEJzG7anqpOswrVYcgVSBVy5Kq3w08xuGT78v1e+o5YVyjBqEDkJtlRtsMi6yM0NTzGps2CA0IzbKExlufxQhNo+A2aSep8vo6icwvPLsUmdazyrJUHxXZGn6oVav/9Rc0JMpgaDl/dHVDJsaH6vgJmbqqyKir4t79X+4qf7vTEPrFkv03sJnvYlUZaB+Qc27nLw+s2FAPq97lkSLLKkl6J6Iv/WXsv69P57r76EwFdXVVZoNOmPeX/bEzhX1Lpv+g/8O+52+lawJ2xx8U1MRKqIkSlMEm5qzmy7081R+1fIXgalkDpae+fhmXnfm6MqmdMjbudzNO28x6bCgzfbS2sKJ1BRJDGwVTJBJsaaNRblG2jHOmbyg3lE33dYFHdlbAipZwXnWkaFsLsbTbczC1ldWoVQ0HRnIdGNFnNM7lVbf+BzEXZsE13TvEVdmtbPZ54MxTuuto11s5feQq2HWw64vzjmfrbCYy0Ohn8QtN6RGr7KWE9xqzxy9r7WLHD/K+EWwAZmmdzVK0CPhhPrNUr3fgGCKYpJVwNUXWxbQozhmx2khe8nHRhpVv27zcDhUT0YcMpYdkygiabLKWVZTkusF6I7Felh/Qvy19TOV88Lw3aUC1p+j7P6hE/9vpZkUfpIB0MOTNq3bZDMmu814TbWm6hYjGtiFk1m3LNVjbe+gEa6hLEJZl506PSQ0bVrFMVrSK2jrbqe+AHhVr+OFOu9P+/e9/P+OReqc5rz/nPbKOVFV/VBXT+sC2PnYRqw1p/vWPlHl/42+CyoWOjeuGlU4uG7oO3lc7Z1S1ffB2zdz+v5wGc56wRLrMMWH5aX+utjD2al48h4KWtvDVYC4L7X8qWl8vahV550JeYXfHuxxqYZjJMW4XQ16j12ljOFUxpw21wmUbmzFVrxa1uD0q+qbSS7Y4PaqMePutyIvwk2Ie8+yDGyq3olQK96ETnsBA5H8SQ097LKgvY6kb7kPcdMcW0r15pVL2HLk5GbF6XYgFwYwjlj3hPhOJ2FZkAz/esIwJ9nveK3knWjVLVS+pDCjWs6DbHdPpMtPMCWrdsUBU13w0BPT02VFMIt5LTFctZZx4/0H5EVOvAs+ViQoxuKo3E5aDffsntmhUVn0zwy5ioyJ49HeW7xIPxld4rRBXL7eiiIOZ91OKvgyla7tDvCRFv92hU7+KGw82IDdQGnkgsblS9aV5nx3VEhwE4R6rmSqaCddj8ZYRIYnSYg0so3OcQDSPzV6SXqb3+8nh/o0qZl2wShP9HsOqLA8uZp6A6yR1mU6Hi77w54Vr0QUbEawlYze38ZynmpjfEybiOKg8u7rFdH48d86bZCKZJ0oq9B0et42opVIi72XrGROf12wM1t6r79U2DYJ53aV5A2inIhPbuiF+E4KisGw7f9HL/EBpd6ZUM4VO2an3tGFlmas59TIrkhlr/8ryImLvCMTMf6n9V+XNF3c+bM21Q8GMtmnsOK9LtE6Zx0yTohkZVXQob35VfvzGM4j5MuxE73kgMHRrrh0G5haPv/UEywkUCqIQoac+Y+PeSSYPa/WKqfxw4GQsRONH9N9qpIE1dnuPyjd2aF/00jHvg8CC06b3D/7mv94xVcxy0LwDruGeCLMZ2OUmdA+w7fWRXr+MbpG5rNeah81246B5mGk136JlrC+g6UFtTTvTNYoeG0+wkhkuXNTH6oVyrSgXB01oI4j+ova1Vk20r8E7TDelBb3Wu8PPF43F24g8lWENXOPDTcwVY/U3m3qNnwS20e+68KTIEh6Ql82wgF1K91mM4JqkVS3lvM6cN3+D5dhZtPxCf6yszg5xPWfIr1FrlpuhO9s+8eb1d4OkqJm67bCDNSPMijGywzeGJbHIXFHlP11t95SOcVMYD+/OR8wK10d3oso5wwNJvBttbdhGJIWUK2Rk6vmMTLMONoZnJPXpk3NOOgJbM52tmfQU8c5ySg/Ol8+WepuaEbRUE7O8TKJgM5FQNf9F9hKpJZRCatYEzURm4VHRlEXTFoV+RLP3v6DeSjQZTlGn9mG+TnuCSjWufsuqVjPZdU+vWOM/l1S1RpSKIi74FDLjwVIvcSqIFVgtyvEpeipRV4kwQT5+yAqEiLMdF1btJUP9pKug3HomUddEcVEE2SX2CJmoJWGfkPDmvl9HJsIyyxLuxlTC3QDhBuHeROFOKui72kJ8MJUQN0GIQYg3UYhvhtQOy+jY7vcZx62HDHemkuEWyDDI8CbK8BmVXbpcDwSd4N4w0vx9tSW5Vp9KlA9AlEGUN1GUf9eNe/SZjNZFfFtTiW8bxBfEdzNdYjYHjX0BWjdRbk8lyh0QZRDlTRTla6zJ+ghdUeZEJ3r0iOPKinG9No0Yd6ogxiDGGxnfIt9tyhoKVldGlBuz7CUfpEvy5njGm98IZT76SZzmAwps3RTYHLRSUvpnWgpoShpojlRQgYynpYRmpYXmSQ1NTQ8Vp4gK0kTHtjFWSUXw6Gvs2rfMD07M/hTpQGEWaFwllGJiGlOYmEZurJiVLZqZMZojazR35mhm9mhKBmlaFmlMdNNOLKRlkop4IUdGaVJWaWZmaWp26Zs0QcUPeG+69Znkhs5ufZJOJYBpWrZp4gr62SIC0VlZy3UwheWqN8FygeXaRMslPoydZMdMnvMjdZ2cn+K9sNB7VGzArqr37iVT+UFmbLwFRhOMJhjNqY1mZwqj2ToEowlGE4wm8ZLspB5LspvSmoHpBNMJpnMNTac4UTXL4TwA2wm28y2GSh91414akVFho0UNZK1ab75t0wXWCaxTMevUmsI6NcGzA+v0Rjfy/DRtaWpLBSYKTNQSTZRAw660hWpPY6HaYKHAQr1FC2Xw0wfSGA+I1NNNC6wTWCewTnOzTuJTM1k7YxDdA+v0Jq2TSb6DaVpz05TQi5ff48dhEnSM82PCutcmKY8Q7fgrYg+8Cl7aV1S6zrz6qpgRHE4ZU4kR6gwwwMswsR2BiQ0nWqYcZ2vUMw6mtvIeNqAM6be8qZijWLtlXae8JRYrW7Ou9cfkQ2xpJsyxo4bYUJr2KNtAmoGO15km8DeCZWIk9BzWDev4OX0l1/+ca6ppmsUGpRWAXm0j5R11dYyKbWBROcZ4Jej0lePiR/HkAGvRalKpkuguVk+1ZXL8fEGXIclAsIYsiYqe3pcktoiSlPaMfygw7SFKeN4+PO0ZjzfSnvmP3k27rTnfKtQh/gOcJ9PeQtkiwbiJjaaiyeQpF6GrwvG8nrCdrDWoZS5APYv6jSzSN1Po3koj+mEmwdsp1D7IRWmDsPelkzpAr0olbcKVMTbov5hNepdl9l/TzEKC4PIm81Qt3uqfsWUoTwUFmCIUe6R9ZIaPT1YX9vIz9MfJI/73JDXX8B91WK6EjyxLO+WQq2kZwifL3Z3DazMsfPZZYW640voBlNPNIWfzAaFdqsT6D1Auym4/ENKqi+0/kNAsZdJXMdB/YNmkvhwTh8xYRTfUaTULkHvxrVzH1E2xLLLbU7FpKr3k8gcJvmoFPynmMS/WcBNA0Tvxh054vQci/5MYetpjwUidoPIFf4h3chaVmmE301po8oe62Dhi3rX7TNQpkg38eMMKTPCun0o8CMj6WF5Sm6ZYz/G+704UUWYxwLRAImtnwlrhCQuAcKCa6AtZuq5ayjjx/oPyI5czQ40+MXgIMcHv4h//ia3aWFf9gCa7iKMmhl/1eppG0zQ59uAFUWMQomIyP/lUYf2aurY7RJwg+iDSRTUiUOyB7Nglmwb3ITXyEDOSFYpStDRiUITUu3f6lMYmyE29oyLi4Q+fCyjyV9OnOQmGeAz4kvQ6vd9P9k5yt2J+C92WM7ogt2ftfkyJZVgLbDV2GDGftXqG+axXxeazfuh7A0x+7yPmU9h/zNdN4qZfYfaKdlBWonWfxkFV3dUtZmFCD/AiR96QiZScaMTQrDxuHVG7qETey5bsg3NAIW7Vs/p61cpvzpWj269pj7Y0+kmS71OFa/V8mFTt6Y1tyTbZ7oBJ6FXZlCzdwuoH+gpJoeiEvAgCMjsoMX7zuu0flyncG7JAE676TE24wgtMNRG3GbnQ8dUX9IWRKw7V2Ge5XwWIDRAbILZ8iM0HZs7Qq4/NNALIbOOQWfwIwRTI7F3St9DVs3pD8Y6WExzrOnGplNBY5btNDTPaRQarkWlaZjoXjg19zOolkpxL6UzDoXcKoYVhs77yROQTb6n+/LHe7LROxAFVj/n4T3LE1HZyz5ybsL2g+k75jOqs40xUYsoo9VlH8ZVV0RVJ0WQZ2qyUVWDUcZRf0YnL2BwmbM8jgVvvXRdc/rYjZlVVdfby6TgFQ7qJWmSOwq4qI2WVRf1jp92ogqiDqG+wqL+LXi0j8lKr5w69tCD0sl6hl0l0ZURGuvHMT61R2WbZLxJHmllBlWhHdP+Nf6K32AVlhAfE+WPDIy6fOQmdoAuakBY5pEUuaREl7fY8YjJJdUkgWLOCwZqMWI0uRAsbHa6prVG4RpQluXHRmrWIzBQInsxt76pdNPWjfigGUI3OmwJLYZaPg6VFYyGWAcyOURF/b+mlaBU2MbxhalukLFNATRS18OmgLRe8bCegl+OyDpMsmmbsIAzZQXHS5afQywt/yetrJpXypTzdEJOBdJ7uREzYRANcBrgMcNmbxWWruiW2MFSXmZHUaIlR3eSoGaC6ElGdrFgT48Lbzk2FYFji0KRYLrX1Ehu/i00iPeGeJfX00UixCoKaP1qjb9tJaDA/pHHGtoicCGncE+uxLxRinYUgwix6GrqqMsBYJkVLwNdsWpTObGaFUHYyfrxlJ+Ow09EHselDzA+wJeRnAbAEYLkWwJIbtMoK4c3YPmwS4GwC3lxOFFHQgcGPjbEef9aTJLvHFb0c9pdZWi8Uio6l73rmQTTnOkWbpoUCyAYwDWAawDSAaQDTQLCsULCs2UgIlrUAvCwHvKQEbmSCZdYuynyhl9xSfYWr8/EITu64jVcSaZaYDq/AVVI059QjAYRyAPYA7AHYA7AHYM8UMZtE3ANBmyXhnnCY5hErrOrjVKlMy4zNHDNwQmT0dzucO58boASLYgVptdCaWK1aQmJkS1ATa/Pr+I/wk6hAougcdZbWz6P5U7W/WH/nsALCD8/ztj+fHR23G52K+HjV5NTc3mFZI4ptUGS0dskdDcZO9Xn+5/KrLrcFVZdjLUqTqi63MqouN8P1m5OrLlMG/6r88OsuH0YxpHPfQ5+x25FuBSKHYB37FNx64s19ocSyEcEnP2PjnhhJsFf54YBeIYX8jgcFiz435l/SOT31R7AlszVmk6SqTbMeWAVSQn1fZbSNtmpoF93blJrEkpw7PPRhSvgBKyore+megks+8CZ8dbz96L54nB52vMqShtlOrT+dcLYuHa4kQRbRfISFpxNylMIo5+P12Zl0c3V0clYpVLB147hm66cXf0Fft3cfsTpX7hEOtwFcJP1+dF640PlXPgd0w6jmHOP8gK5+PT26PUJYkxF7ZVbxc3EB3QG2B2TTGn3IpKeMMLdDdQC28wC27YUC2w4A2yfRxXzI9gCQ7coi201GsEJcoLCSmqZkm0SeG3J1xnjjiPXTxeXp2c0aQNZ5sEkhqDo9u2wgRHXYZhaM+omREzAqxFchvrpWMPRwlq52B9WsxrEQX4X46kJhh2mPeMq7b8p3CiEQBj1KC15ZXXPvPS8pcaft32kzTq302Fpweu/vNF0LzAwlTI1nn0gq6VtbznW28bx9p7EZ80L5rGupO29TEr6EQa++/lK4WWGZGMqZzuvrbnJ7wtmixNPF9m5ZqJYvgLnpoCkl6U9sPlPb+OZIACyQBJg7ETAzGTB3QmCOpMBciYE5kgPzJghmJQnmSBTMkyyYmjCYgOyyEwcLJg9mJRBmJRHmTiTMTCZM+uLspMIciYVZyYVZCYYZSYZJc89ONkxPOBQh7nXrgF2uq5TDcWlX17XR9kwpHweHGYHxnB6JML8xJccxV55jrlzHjHxHYTavMO8xI/cxJf8xPct3aQg/X+PsjKIfFsWvMkPXRJ759Mj2rEjUnci08PNouYHe0tbDMefzWZCkMz1TrJY3zWmX63hDlqtPWJeGVV8td5bTLtbJhiyWQSzb0FZ+tbxpTrtcpxuyXPaY/rnyq+XOctrFKh4tubXHKkGf9i/Dxx1D7lT0RAEEQCAAAgEQCIBAAAQCIJsZABGmBmZGQA4gArLZEZAUiNlV701pqFjlFs6YAkHSOSRUwti0+EfWahgEy3NYjlJ9MyzPvljHhUE/P0MMoB9AP4B+AP0A+jcK9M+QQCmTXrzn+BpuVR620oF6vQ5AfUagHstYbO9V91qVdQLzXg1fFyF6dXzp//kw0qTa2c0KdJ/6EwWJFn+/RViO3453nQLMsW5aVC7NwkBzZsyPXAhJ196b6PSpd0eF4eSpSy/ErRmgSUCTgCYBTQKahBDyQkLI6wpdhUHmTOwK0HUFY8yzRywZqAxDzVIjyIlVlqdAm8lHO6aHkLf089Ex+/yiIcl4pcRyKkoWbSJL/RI8IOi/WVg1XpTRoMhvhasx1hOqMR6uUTVGAO0A2gG0A2gH0A55HzkgeTtvqdNGOiCHpI81BuQcizMIRnoUvzFU/ohVCRu9ofLgHA+3zRfO/xSNs93658KQvFJCjsBzapLA/JM25kFNmXJICcQsMRuDzSgXoYsnXPx+dI5uyIBJKTpy6IFuOD0gXA7IG5A3IG9A3oC83zDybk+BvFsQC9+oWLgLFA3vH7LE+/q9LCGJ2pvBeuDuFFL2saKWS8gyDxLzyc0Jcrsw23Bx9kIznZM6PAISByQOSByQOCBxQOJu4sqqZqyIQHrtYBqU3gCUvuYB8hiqNElPZz00TYViRYlV8XXvzdZJcxqgPiBTYfRs/HhOv8qP1R4NIK8Z4GEBeAjocOPQYRIDBcFhElUAHQI63NgMiYNaOgI8rLfeJgSk8GigkjWvjJGytS8qNb+DkgEg8vb+eTgyAf2lZyrnz0We01k3tpN/wqa/finKvxuKRaHskBWdONcHa5ek3BAnKdfakKQMCBwCtBCgXe8ALWdrwOCpb8vZyeygWi1rRBkb97s5oH8jYcwNDA0f5M2c7qT7BTVInd6AyLBBxqrS43ZGUvGghPjvqp9VvJ58MTrHAwgMAywFWAqwFPIGIDIMeQMicHgwDTiEdlJrGzKeIrUgiCIfWZySYUkvz2A1MSXa/Rt6eaFqzp94Yt21GcLNPGYLKBNQJqBMQJmAMgFlAspMQJnCcmpZMLPVAZj5RmFmX7XNIcBMTuKPjBaLhJlwQgowKGBQwKCAQQGDbhIGbU+BQetVwKBvFIOyf+PnkkHofEHmnPJqrzklCkLQFUmsDSQErF1SbVOcVFtv1HJn1faw4Vi3sEyKwTh/+sTP5+o2+/1qNcJmzk89BV8xvxtWwhNDqrXYI4qPtsgl59CoQDNRpPrEwbd7ERQ1Sdgfkx5dilElUdGwtZlIT4ApdxYZak9xSVYUOJeHUde4q6wwSS653v+QYIuCy7hksTVmXuSx3bt3tF1soegzgyH16YbWiSudUYXtyXn4eHYCxuDGX7Dgr/mQC8MnNhNOoeHwb7tsEV2jHlHVXzkd6oI7XxnuNIW/S4gGpOoC141NVk5BdeHoH4EZpFxlJlfJMT3N5k1EoeZa8JSn3cQqLeAY1OrtVC73cEpq0KRiDLp4q95q7VR3+H/3DrdTKxsxQlG1O1mAONhgcyO71U7qa5JxbQLXxV9Bjaz50cAjIpwGftbtSQAk9UVsxK+uJyP0dmc690VffhI0bWL2eP6N6kl9QD8n17c/Hz0pQvLH4j8q6VvFuXXih03bG65W3WvsNaIQi4/6jzQdtjqFgd1/MWAs24aDkJcD2EsN+574n4VO3c+KoO8EZvckU6DM2Z00Bn4VwnvP1oVuPgk5Ozh24nvFQlHp+3SMAURVHxxjLga1nSnGc/j4WLe5JotoGkjJgHA4RMOhIgREwyEajta4IkT+NnatrDZ2jRYEvVcw6D0dPOYVwAIYmXKfbiwnkl0qPj5j32GuX0D6xFsZXvzWXLugdCspKN2BUg8ArQFaA7QGaA3QuvQe0tgit9SqH5mfTH0Fkk4OZulad5CFvw8Bf28M/u4rhskSS3qM7XBXUaldlLg2LwjC39eq1Sr6GxJsevVDu96SYNt7RUD7R0YMdB0iBuKWZf2A/DG1ZPZ4/QD8QQKA7zRKBvCQR7666H63Vg68bwO8hzxygPcA72eD90IVsRqovpUX1R9moPoORNVnRfWx7JX2Xn2vVlnJhhzdAa+VYUi9Iendc/1uUjfg+8yh95xgP6MX3CynIb27HzHzcEQWTdAp+/t+tkNxvBJdslNXkNFcXtQalr4MfPb78ym8990m1IjJ+yxMI8NZVfAxwMcAHwN8DPAxVsTHGJlr5GG0pvIwoGjzG/cw3Pp8DGe9TT+Df/8meBqS+az1FrqQpa8F+4K5+Bq88OL+DX09Yl+0hjlgE4eyjO2jEjeHDsWbQwcT07Lum0MBIFUIkr3Lg3ESba7/QDXxVj58xEVRJk/i1CqPlZirR19zoaNrguVnRGXQrAiffs0L6Xz+dABaJsBdJwi70Jzvd1mzpmxnUUNgJPkZXCIr3ecLPCJiF2fChVHtmuTijA19TD1ShRQkrjMXFxsmTigA6yts81/rKSpBxMngnW5B3iXdLQDG6wIw3szbWLGZDsYPOjmTeHrBGE2XurbMf9Wi4s8CHuNhSrSj8h/btJS+j88FMZqKbrCQiR9JED1CFY/dI5eJWmziIQjiD9i0LnQe1ahkKgOu4k0x1njwTi1nH7DlYQVCbY1mnQzd8icCqMk1okca/noJazIvpBKlwCOV03PvVHLqucJcZ2mXX/1GjLw9HGrao617u0skaiI4GLXZLgW1GQHYSREm0w6YjnoxQZ+v6D3SNbRFf7iNeNBFYoeYt5DKgokSNZ0Se7GhEYuYkqJzaqNt5I/GnzNf0h5n6Lan6rasUa59ILvjAR13e2onRIjIo7DVsZiX7gejK2Y6E0vtiEecAtu6xpWtwJxi47dDgrxlREZECyNZ1/7HQlSRWxTw2Io5RF1iPVKDidhgXWwS1FOpiiEGoj/3ecPcA+QmABmlYDdReLJcyLZTEmn6ToS9lmD76bLRZS8P+NbEZEkY3WK7JM16p9k5OKx3WoWJ54g64F3Au28F7zanwLuH1TrgXcC7K493R/hpiwqkZbAEfUMybI0HRX08JFm6hdVIzFWAfneQY9UoOOZyza5M3sv6qDtoaf549cSFZRNFIzgaWwS0Xp+dXF6cfDo/k86ury+vb6Tjo5P//XIFUBagLEBZgLIAZQHKrg2UbU8Vum0DlAUoC1DWg7JdftJx/kjWOVEJQBaALABZALIAZAHIApBFaZX8soOyTUCygGQByXpIltXtl22VyIuCtDfegAjALYBbALcAbgHcArgFcBsBtwdTgdsGgFsAtwBuPXA71nV1EQkHV3yct4RkoaxE+FEoTA1VJXwdDYWp0ZpUlYAjjHCEETysjfKw2rMcYcyoQ37YfKP1RBJ7hJZRUGSlXJg3eAZQfH+mQ4BCr2mmWnrpgy+unt7ah/DBnwJ/Cvwp8KfW35+CfT7Y5wMvFLzQdfZCm9N4oQeH4IW+BS90DU7mzn70Nt1VnHUnzK8vmGde4EWCFwleJHiR4EWCFwleJHiR4EWCF7kWXmR7Ki+yDV4keJGrcCh+5lPvi/Eh80wLXEhwIcGFBBcSXEhwIcGFBBcSXEhwIdfChRRX08jyITtV8CE324fc5HoV+bzRGQpWLMYvLTZB8FDBQwUPFTxU8FDBQwUPFTxU8FDBQ10PD/Vgql3ODniosMu5CjVlZi4asxhvMs+0irYU997tHeBMa/H9zv0l+zJmqdjdRtUZn157UFwm5GadhwNGeMKaDS7ulBkDICtyVtYdvHLz9/OKP5jF4xxWEHM64jxh50An8Z5tGI5Ah7xkk6ikZxGhr+EjqCTn2VfN48kDIr/cY7Jgo3JFo66yTI5UNT50RfX8vtOJ4AVujyizK4Kf8TpV7Fc30tX15eez29/OvtwEfzhRpUHNWPluE+M58h3R21+9bw3emax3LXR1wNFV6FHzXhl/MVTW714wc4+nAoom2sNdvJZBKufQUiy8oFAA4nlt/MS2U0dMpIpwjzGg9Kgb95Rdd3xNtB1+ZSiE4ism9EihCEF0Cujk4urXSVxFMZGq97AVQqjT84h/xNofuQivxPRpAX4JSdJ34/nWWcUQep8wVxnEDmrPyQJ/xYaCuyr5OxvqjFug3dA1sVROuLc+G/e6BroqYOjvweHnyss9bTyQeoykPfr9EnW2i/FoLIRXMpueeu+fik21mdnTY8M0OgXZ68bCmowNeXZG2g8WoNj6P78ws/K3P/51V/n28/b+YN3ZLILPtEBdjRQO5BrRPeFTCnsJ3pXFU734T8rhqHwkWaQu27+763onxu66pbBhbRo2xKrqA4mf3Antbv1R2+18+6NK//M+ZFmXwbQ7Y13m14Sz+ymdq09jOpRvXPWIWYTHw07DhMU/iV7mMXnkRx6PCycwnVlv7szK/YVou1DxYBNbjFC888Iur44To4wmkWsv/Ek9/cfd2tDzenjckV2rhH42Vnr3gVgXe+CUqJgvSvjJHyxw4CGa4AFL6mNdcB/r6lfnnu2EpQTeV+XBd9g4CSuPhNxTG+mEJirvXv8/4aladHuGAwA= {{- end }} diff --git a/charts/kubezero-operators/update.sh b/charts/kubezero-operators/update.sh index 4ed77ca1..1d517d24 100755 --- a/charts/kubezero-operators/update.sh +++ b/charts/kubezero-operators/update.sh @@ -16,6 +16,9 @@ helm template charts/eck-operator/charts/eck-operator-crds --name-template loggi rm -rf charts/eck-operator/charts yq eval -Mi 'del(.dependencies)' charts/eck-operator/Chart.yaml +# get latest cloudnative-pg clusterimagecatalog +wget -qO templates/cloudnative-pg/ClusterImageCatalog-bookworm.yaml https://raw.githubusercontent.com/cloudnative-pg/postgres-containers/refs/heads/main/Debian/ClusterImageCatalog-bookworm.yaml + # Create ZDT dashboard configmap ../kubezero-metrics/sync_grafana_dashboards.py dashboards-pg.yaml templates/cloudnative-pg/grafana-dashboards.yaml ../kubezero-metrics/sync_grafana_dashboards.py dashboards-strimzi.yaml templates/strimzi/grafana-dashboards.yaml diff --git a/charts/kubezero-operators/values.yaml b/charts/kubezero-operators/values.yaml index 861f2c7e..0774d0d7 100644 --- a/charts/kubezero-operators/values.yaml +++ b/charts/kubezero-operators/values.yaml @@ -48,3 +48,24 @@ strimzi-kafka-operator: monitoring: podMonitorEnabled: false + +# rabbitmq cluster operator +rabbitmq-cluster-operator: + enabled: false + #rabbitmqImage: + # tag: 3.11.4-debian-11-r0 + + useCertManager: true + + clusterOperator: + metrics: + enabled: false + serviceMonitor: + enabled: true + + msgTopologyOperator: + enabled: false + metrics: + enabled: false + serviceMonitor: + enabled: true diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index b633492b..7344e055 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -96,7 +96,7 @@ telemetry: operators: enabled: false namespace: operators - targetRevision: 0.1.8 + targetRevision: 0.2.0 metrics: enabled: false