From 12a93787237d70a4f8b8cc6fcb7365e4960d2e16 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Thu, 18 Jul 2024 18:58:14 +0000 Subject: [PATCH] feat: First v1.29 basic control plane working --- Dockerfile | 11 ++++++++++- admin/kubezero.sh | 13 +++++++------ charts/kubeadm/Chart.yaml | 2 +- charts/kubeadm/templates/KubeletConfiguration.yaml | 1 + charts/kubeadm/templates/_helpers.tpl | 3 +-- .../51-aws-iam-authenticator-deployment.yaml | 2 +- charts/kubezero-addons/README.md | 14 +++++++------- .../charts/aws-node-termination-handler/Chart.yaml | 4 ++-- charts/kubezero-addons/values.yaml | 2 +- charts/kubezero-network/README.md | 6 +++--- .../templates/cilium-grafana-dashboards.yaml | 2 +- charts/kubezero-network/values.yaml | 12 ++++++++---- .../templates/opensearch/cluster.yaml | 1 + .../templates/opensearch/ism-policy.yaml | 1 + charts/kubezero/Chart.yaml | 2 +- charts/kubezero/values.yaml | 4 ++-- 16 files changed, 48 insertions(+), 32 deletions(-) diff --git a/Dockerfile b/Dockerfile index f316df4f..7ac9b370 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,9 @@ ARG ALPINE_VERSION=3.20 FROM docker.io/alpine:${ALPINE_VERSION} ARG ALPINE_VERSION -ARG KUBE_VERSION=1.28.9 +ARG KUBE_VERSION=1.29.7 +ARG SECRETS_VERSION=4.6.0 +ARG VALS_VERSION=0.37.3 RUN cd /etc/apk/keys && \ wget "https://cdn.zero-downtime.net/alpine/stefan@zero-downtime.net-61bb6bfb.rsa.pub" && \ @@ -29,6 +31,13 @@ RUN cd /etc/apk/keys && \ RUN helm repo add kubezero https://cdn.zero-downtime.net/charts && \ mkdir -p /var/lib/kubezero +# helm secrets +RUN mkdir -p $(helm env HELM_PLUGINS) && \ + wget -qO - https://github.com/jkroepke/helm-secrets/releases/download/v${SECRETS_VERSION}/helm-secrets.tar.gz | tar -C "$(helm env HELM_PLUGINS)" -xzf- + +# vals +RUN wget -qO - https://github.com/helmfile/vals/releases/download/v${VALS_VERSION}/vals_${VALS_VERSION}_linux_amd64.tar.gz | tar -C /usr/local/bin -xzf- vals + ADD admin/kubezero.sh admin/libhelm.sh admin/migrate_argo_values.py /usr/bin ADD admin/libhelm.sh /var/lib/kubezero diff --git a/admin/kubezero.sh b/admin/kubezero.sh index 93732f39..f28e8ece 100755 --- a/admin/kubezero.sh +++ b/admin/kubezero.sh @@ -149,8 +149,8 @@ kubeadm_upgrade() { post_kubeadm # If we have a re-cert kubectl config install for root - if [ -f ${HOSTFS}/etc/kubernetes/admin.conf ]; then - cp ${HOSTFS}/etc/kubernetes/admin.conf ${HOSTFS}/root/.kube/config + if [ -f ${HOSTFS}/etc/kubernetes/super-admin.conf ]; then + cp ${HOSTFS}/etc/kubernetes/super-admin.conf ${HOSTFS}/root/.kube/config fi # post upgrade hook @@ -190,7 +190,7 @@ control_plane_node() { cp -r ${WORKDIR}/pki ${HOSTFS}/etc/kubernetes # Always use kubeadm kubectl config to never run into chicken egg with custom auth hooks - cp ${WORKDIR}/admin.conf ${HOSTFS}/root/.kube/config + cp ${WORKDIR}/super-admin.conf ${HOSTFS}/root/.kube/config # Only restore etcd data during "restore" and none exists already if [[ "$CMD" =~ ^(restore)$ ]]; then @@ -258,7 +258,7 @@ control_plane_node() { _kubeadm init phase kubelet-start - cp ${HOSTFS}/etc/kubernetes/admin.conf ${HOSTFS}/root/.kube/config + cp ${HOSTFS}/etc/kubernetes/super-admin.conf ${HOSTFS}/root/.kube/config # Wait for api to be online echo "Waiting for Kubernetes API to be online ..." @@ -347,7 +347,7 @@ delete_module() { # backup etcd + /etc/kubernetes/pki backup() { # Display all ENVs, careful this exposes the password ! - [ -n "$DEBUG" ] && env + [ -n "$DEBUG" ] && env restic snapshots || restic init || exit 1 @@ -361,7 +361,8 @@ backup() { # pki & cluster-admin access cp -r ${HOSTFS}/etc/kubernetes/pki ${WORKDIR} - cp -r ${HOSTFS}/etc/kubernetes/admin.conf ${WORKDIR} + cp ${HOSTFS}/etc/kubernetes/admin.conf ${WORKDIR} + cp ${HOSTFS}/etc/kubernetes/super-admin.conf ${WORKDIR} # Backup via restic restic backup ${WORKDIR} -H $CLUSTERNAME --tag $CLUSTER_VERSION diff --git a/charts/kubeadm/Chart.yaml b/charts/kubeadm/Chart.yaml index 6e0d1f76..fe98b91a 100644 --- a/charts/kubeadm/Chart.yaml +++ b/charts/kubeadm/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubeadm description: KubeZero Kubeadm cluster config type: application -version: 1.28.9 +version: 1.29.7 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: diff --git a/charts/kubeadm/templates/KubeletConfiguration.yaml b/charts/kubeadm/templates/KubeletConfiguration.yaml index 04785f70..2e454cbd 100644 --- a/charts/kubeadm/templates/KubeletConfiguration.yaml +++ b/charts/kubeadm/templates/KubeletConfiguration.yaml @@ -33,5 +33,6 @@ kubeReserved: #evictionHard: # memory.available: "484Mi" imageGCLowThresholdPercent: 70 +imageMaximumGCAge: 168h serializeImagePulls: false maxParallelImagePulls: 4 diff --git a/charts/kubeadm/templates/_helpers.tpl b/charts/kubeadm/templates/_helpers.tpl index b0b26095..95f2d325 100644 --- a/charts/kubeadm/templates/_helpers.tpl +++ b/charts/kubeadm/templates/_helpers.tpl @@ -2,10 +2,9 @@ {{- /* Issues: MemoryQoS */ -}} {{- /* v1.28: PodAndContainerStatsFromCRI still not working */ -}} {{- /* v1.28: UnknownVersionInteroperabilityProxy requires StorageVersionAPI which is still alpha in 1.30 */ -}} -{{- /* v1.29: remove/beta SidecarContainers */ -}} {{- /* v1.30: remove/beta KubeProxyDrainingTerminatingNodes */ -}} {{- define "kubeadm.featuregates" }} -{{- $gates := list "CustomCPUCFSQuotaPeriod" "SidecarContainers" "KubeProxyDrainingTerminatingNodes" }} +{{- $gates := list "CustomCPUCFSQuotaPeriod" "KubeProxyDrainingTerminatingNodes" "ImageMaximumGCAge" }} {{- if eq .return "csv" }} {{- range $key := $gates }} {{- $key }}=true, diff --git a/charts/kubeadm/templates/resources/51-aws-iam-authenticator-deployment.yaml b/charts/kubeadm/templates/resources/51-aws-iam-authenticator-deployment.yaml index 7f508021..f6cdc5c9 100644 --- a/charts/kubeadm/templates/resources/51-aws-iam-authenticator-deployment.yaml +++ b/charts/kubeadm/templates/resources/51-aws-iam-authenticator-deployment.yaml @@ -117,7 +117,7 @@ spec: containers: - name: aws-iam-authenticator - image: public.ecr.aws/zero-downtime/aws-iam-authenticator:v0.6.14 + image: public.ecr.aws/zero-downtime/aws-iam-authenticator:v0.6.22 args: - server - --backend-mode=CRD,MountedFile diff --git a/charts/kubezero-addons/README.md b/charts/kubezero-addons/README.md index 7954527f..ca8ac44a 100644 --- a/charts/kubezero-addons/README.md +++ b/charts/kubezero-addons/README.md @@ -1,6 +1,6 @@ # kubezero-addons -![Version: 0.8.7](https://img.shields.io/badge/Version-0.8.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.28](https://img.shields.io/badge/AppVersion-v1.28-informational?style=flat-square) +![Version: 0.8.8](https://img.shields.io/badge/Version-0.8.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.28](https://img.shields.io/badge/AppVersion-v1.28-informational?style=flat-square) KubeZero umbrella chart for various optional cluster addons @@ -18,12 +18,12 @@ Kubernetes: `>= 1.26.0` | Repository | Name | Version | |------------|------|---------| -| https://bitnami-labs.github.io/sealed-secrets | sealed-secrets | 2.15.3 | -| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.14.4 | -| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.36.0 | -| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.15.0 | +| https://bitnami-labs.github.io/sealed-secrets | sealed-secrets | 2.16.0 | +| https://kubernetes-sigs.github.io/external-dns/ | external-dns | 1.14.5 | +| https://kubernetes.github.io/autoscaler | cluster-autoscaler | 9.37.0 | +| https://nvidia.github.io/k8s-device-plugin | nvidia-device-plugin | 0.16.0 | | https://twin.github.io/helm-charts | aws-eks-asg-rolling-update-handler | 1.5.0 | -| oci://public.ecr.aws/aws-ec2/helm | aws-node-termination-handler | 0.23.0 | +| oci://public.ecr.aws/aws-ec2/helm | aws-node-termination-handler | 0.24.0 | # MetalLB @@ -110,7 +110,7 @@ Device plugin for [AWS Neuron](https://aws.amazon.com/machine-learning/neuron/) | cluster-autoscaler.extraArgs.scan-interval | string | `"30s"` | | | cluster-autoscaler.extraArgs.skip-nodes-with-local-storage | bool | `false` | | | cluster-autoscaler.image.repository | string | `"registry.k8s.io/autoscaling/cluster-autoscaler"` | | -| cluster-autoscaler.image.tag | string | `"v1.28.2"` | | +| cluster-autoscaler.image.tag | string | `"v1.29.4"` | | | cluster-autoscaler.nodeSelector."node-role.kubernetes.io/control-plane" | string | `""` | | | cluster-autoscaler.podDisruptionBudget | bool | `false` | | | cluster-autoscaler.prometheusRule.enabled | bool | `false` | | diff --git a/charts/kubezero-addons/charts/aws-node-termination-handler/Chart.yaml b/charts/kubezero-addons/charts/aws-node-termination-handler/Chart.yaml index f4d20ff1..f028f1bd 100644 --- a/charts/kubezero-addons/charts/aws-node-termination-handler/Chart.yaml +++ b/charts/kubezero-addons/charts/aws-node-termination-handler/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.21.0 +appVersion: 1.22.0 description: A Helm chart for the AWS Node Termination Handler. home: https://github.com/aws/aws-node-termination-handler/ icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png @@ -21,4 +21,4 @@ name: aws-node-termination-handler sources: - https://github.com/aws/aws-node-termination-handler/ type: application -version: 0.23.0 +version: 0.24.0 diff --git a/charts/kubezero-addons/values.yaml b/charts/kubezero-addons/values.yaml index 4e538a17..2b82ad6a 100644 --- a/charts/kubezero-addons/values.yaml +++ b/charts/kubezero-addons/values.yaml @@ -200,7 +200,7 @@ cluster-autoscaler: image: repository: registry.k8s.io/autoscaling/cluster-autoscaler - tag: v1.28.2 + tag: v1.29.4 autoDiscovery: clusterName: "" diff --git a/charts/kubezero-network/README.md b/charts/kubezero-network/README.md index 8709038f..7edf86a2 100644 --- a/charts/kubezero-network/README.md +++ b/charts/kubezero-network/README.md @@ -1,6 +1,6 @@ # kubezero-network -![Version: 0.5.2](https://img.shields.io/badge/Version-0.5.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.5.3](https://img.shields.io/badge/Version-0.5.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) KubeZero umbrella chart for all things network @@ -20,8 +20,8 @@ Kubernetes: `>= 1.26.0` |------------|------|---------| | https://cdn.zero-downtime.net/charts/ | kubezero-lib | >= 0.1.6 | | https://haproxytech.github.io/helm-charts | haproxy | 1.22.0 | -| https://helm.cilium.io/ | cilium | 1.15.5 | -| https://metallb.github.io/metallb | metallb | 0.14.5 | +| https://helm.cilium.io/ | cilium | 1.15.7 | +| https://metallb.github.io/metallb | metallb | 0.14.7 | ## Values diff --git a/charts/kubezero-network/templates/cilium-grafana-dashboards.yaml b/charts/kubezero-network/templates/cilium-grafana-dashboards.yaml index 1005a220..270169c7 100644 --- a/charts/kubezero-network/templates/cilium-grafana-dashboards.yaml +++ b/charts/kubezero-network/templates/cilium-grafana-dashboards.yaml @@ -11,7 +11,7 @@ metadata: k8s-sidecar-target-directory: KubeZero binaryData: cilium-agents.json.gz: - H4sIAAAAAAAC/+2dW3PbRpbH3+dT9MKpLSnL2ABIguRUzYNsyxnXxB6t7SRbk6RYINCksAIBBBfZGpX2s29fABA3XtAEKYA8L7aIa+P07df/Pn368S8ISbrjuKEeWq4TSH9Fj+QQOWhbQUh+/cZ+ofgoOzOLLDt875CTSm911NRDPXAj38DkhHTju0sc3uIokDLXYEef2fR86Ec4c/zWMiuOWobrvHFt16cP9Bcz/ULuIVVRyD/DYQ8pl9lHO/qSvfhq9S3oP9GVjf0wl4TwwWPXmXpwO3N135Tic0/s/z/Iv0/0csnEgeFbHn0Svf5tcj2auz56Y9lWtEQXt2HoBX999cpgv19a7qtLRL7btwz+UgmbVlj4Zmnh4PC9SY44kW3zI77u3X5xXTu0vMSskhViX49fr2iy1pcnw4ky1MbsrG05dzS3fvuD/fR0B9tBml9Jbkm6bekBM+Iqa3lW+D437IvxRJ7LatZGX3XfsZwFO2soQ0MZpUZKrpJmOnviXLeDNM+YUX/CziK8pWmWc8dx1eVbiow0t7BtvnGdubXIJ9/Ecz2yw/xHkeNGFITukh59Sg8/ZT7NvScfTkobN13pq+aWbWfLNTvwo6+bFnZobVh90oI85cYtGJV+9jBrSPosNXPgW/YZ5PcD/V1KBakOJnY+Y9+qMJpFS85IS3/beIEdM58O/X5RvI/Zxvf5ZxTPLPVvVUctp+JocOt+LdfVkFQ6u+Lqe92OVh9R+lJSitnZ7NPYwa+WyQtR9mimwPM6T+rPjWs54QeXtR/swKrwuF6+SUvL3E/po0oJ8nQDV5VgD5NS6oT6ApcyxKMpoEUkCrLZz4+X849kgYl9zOre3HbDVXoDluH/zJbQNN25Qs4qNb2fV+Je9tyD/s2i59RV8Y//WtktWPeVQagbd6UUByH2PGwSq5U/PtT9BQ43pBV/89inBtHygjRn+II3lVOW9GAaNzXBlBWgx7txMNU972+/S/yy36Ue8lzzb//3u/Qd+f936ek3ZfnH5SWaPaALcqCHbHyP7Uv0PdLkvCFIM73UaWGXQmuJp9y4+UtI/mCflNB3uhGyxlDJneY16136nMdH9rKnp/xTfDxnrbl0JW2weXjrY1J1bLNQhmni3vmsyUq6g/T4J7yIC3Dhhs+31jws3xGyfka6ZqYlvd+vsXFXRSxM+5jHbI3WfWyW63Tg+mGhvWLVeZr0oZZjWveWGZGaX6pIyTWsa1sl4FtcPHM4YdzxIpT9HNr+xLWafnFFV1+4urpdStufirpOqsqmWrYqQK63zGe5rc+wXUoCPeEuXusBLhUl3sCWLuctbOlw5lOqOrE2p7JU7h/KGU6ar0VVz8KO/0SrWPy6HJnFBthONrzzI+Qyn+vz+ZmRi3xIcskdEEWXCaALoAvPt3x/Tcrra2y7X7+47DzJwXyjFds7mxvrm8XVe3Z8TisgiST2wspSkue7Bg6CqeFFhGDIeNgUJSWKSIp8cEYqmbuSjnqbzUDagI6bgbZi1WZ4vbsZSBXpemkoVvLUDG9awspvbn5GPwekbUSkmUQObYwBlveC5bi76QAwk7v88JyQ2XBtW/cCVnw38GyupqylRaVAi+pgi841LJUpxoOKpmQQJlEx/yhX1R+xQ1okQyrVGp8Ytd4Q4eqXH6f3lh+Syjhd4qXrP0xnDyEr39KLoTzWBjk99IpwDW0ifuG3oA/sFnbxfGJO5pPsxR+u/mf9s/FQN+Rc/fygf6t67nA8GIxGMHgRHryMt5RGTWDoosLQBYYulVV200jmg+VsvFxwYCP42NaMcwpMW9Vk7oC1l4dG2G1mFh3fdOTz13R9jYxtulICtlT31o1p8olFrxl9wKhmr1HNLGdEGNO0fxqAcjipcqRPd8JcmzLl35fCOLg2NMXY4yYYe7CZsWnhuAq+xD41pbJzQAT3rcVt+Jl7KgGePyOePy+7VsBbZTNzUHShF+3Hdb/8WJ3sHdimPtp10ECbu49qI72tYaTyCOj4RtrVFO8/rjPF2tme65aw8Kc43YinG5GGIYyAhoGGz80pxrbZ7FYqQ4+xCuTbGPkqWgPoOxmDvAzycqaqdsaxt0Ayroed6dxsBbyssaaIbFvBbG36UpK8VzkHBmFxtmKI06osvV9s+tD9hiqtylH926YPfdsSxv4nMRkifSpGyZopih+A2HshdkvQFRD7ZATnwoLG1zfvkkFxxBzgLAeROxBJveVjFDwQOliSg4YdmZazQIa79FyHnA1If0rG07pDbjKpQyFfDPmy04Cv1V21pygChK+MxqBuw+igG+r2zJuTlssrTcyTUrWzNon+C2WeRhhrsdfj6hPXbWWJblpJZ6bKtvjr/b/F6BTyYmfRvpQXTev1p54XpHWp6k0azaf3HyvyqfWTCZ8ZE/1AOiqMivgE4x2R8c53390SnP0HZk7P7ux/sRH+Velr64pzu+cdqj9mtO5jzn3k9Mzjn3dkjIBWjIfcOa/TpGXvIXIkHtyQ34hVhpMe3ZRW9ooNbyaDs5vBOMSAZNeBh3pCA488XBEkwkEQ+XgH+NnVAaQIIS2P4hE3RiixBABGU4Ch9tcufI2rXuRYzfTMkvKy8K4DcYbaV4AzWrHMURmtWec4HO62zvHq5r34Gkfw5TiA1DsWYaGhWkfqLbR4nJQKB9eDEh3NXy+98KE6tOK/sO+Wz4iqw8UORgy8Mo0DaMPd0Yaz4SjI1zshgTMrnTyP5SYemSKIlrvGpXhV47GGGzmhQKA42nTR/z09vL08fKg4/rqnJ/T4SN/Y+qBxpNdBBnWWsUlWOAaxmh4v/aMeCJdAn3tO58NUPghSZ8BOZSFJDJ76e8PT7jLTHvRUPAjwBPC0fjIX4Ols4IlkN4ATgBOAE4CTmOikDoS4SQPRCbjpjEWnrgIOajnhvEAJ4wSgDDUKOK4HiAOIc5bakCDjjEAbAsY5Y20IGOcIjAMCDvAN8A3wzR4STl8WwpsJSDiANyDh7IU3PeTjMPId8rBsF34w1sm8jXDORRX8XHZgDot/BqKfATIPYBBgEGBQAzKPIAeNgYOAg06Jg4pbYAMHdYODSL6hNIwggBCAECyaa3rRXF+rXjQ3UndbM8dDkNVYNkea2JCzgCTt8KXH5rQGLbtuOeJgsIkFkuZiqft3pvvVkSoXKJcNHuJvodhCxRyzAGjnY0zvpjcKudoPuuEy1sbZ1Lw5gbNFODtX7Q8iN9KQEsFDQOf1pmZEzhDr7g3ZLrEse9IRoDp9V+v94F8kYUPBUQzAGRTEI3CNiQ1rqdv5aECnCDtlVVGMdoZAO0A7J0Q7Rd8xoJ1no52GXMbUMyWdTFcm9wCBBNK5bat3mEXtrjPZQBPCHRlwB+ZQT9iXbCPu1AmigACingWiMgiVDT21AM0IoieAzxnQkqDPmSAuHdHnDMgHyOdgQg+QT0fJB5YdAvkA+QD5rCOf8RaZaKgKcY96zG0ps0JR1blm3e1hM8uzRabQ9e4uhj1UJRrRTWZcL5iyjN+FaYYFL3tyP+3UsnRzjKAK8WuZR313WIduZEOsDR5B4BEElAOUU5dyxs1QzggoByjnZCmnSiACynkWygEVBwgHCAcIZ3fCUbRmEKf/XIhz8LAJQDgQOKEO2bhRaJCmgxya65YthjpAOttIh8ZGoPaNfAiNALRzqqERziRWwHC8JlbAWN0zVsDdPfnE3B7mLY8XcCrr6oZ1/cyHExHuHA/AzxyW1Z3QsroUOeOWa5qyWYKcm12eAoPc0EMEA4/Dkex9DCL5KzuweG5l0WZDbMH6OVg/ByEEAHW2O4kLsg4ETALWOckQAsA6x2AdCBMAmAOYA7OGh1BvNKEd9cZjIBpYK3cGjt8VgFO5dG4z73DqiLnnEr0Seg1fS1fnRUcgq4SnUApZLSerTMQA8CuHtXNAT0BP+whCYvg0gSBLgE/n4FEO+HSq+AQO64BOgE6ATkg0PKUmNJU22RJ3oG3+6OBzvpGB1NPdRCRhEtLkkA+b/hnhCNeCkWNPku3MIq9bwiLXzLLIxwa27rEJkg64loNr+cm4lo+G1a7l2TX5Qp7lfOc/5ODwq+vfIcvhpYm0QE06mwMh7k2II5GInGOlUUAE1gO9a4f1haQJ+ar7Jue63WMnFIjPtAjLHIn20ne1XnJ6x21LAO9G59AEZLcX2XlAdqA5nWeQbyGkUBRgirNgiuomidVLpjf8+On68+d8k5S0BsqGFqNNgDJ7CHHQAKCg79EYIKUKUr74+nxuGQAp+0HKDCClA5CyesyVbd1jhCzvfsAWMMj6UNaVbBHKXIEc1/nhy5sbduV8Yk7mk+orNXaFpgzMSX/NFSh5zljW8Gy07qrsG9c9780XRHod2m6t3j3Tzfl8kL32LbZxSCp6/mr+1bO5MpPlqqvTS8YTeS6r6y7JpXPjpdqaF/40QoRnLHKRj/8k9TBc8yhy3TxttLKXjvBM1Uyp5HEkvcAyyauchU2eHm5VbMpYrjiLeAmXXgwG5NmGVEIhcq86wcNcaeHFPz1TakgAipuS2cYiccOGGiAxIHFa/yuZWN3akabPofmfp0lS7l9j2/36xWXnLafQy2bXh9Z4T0PPybZs+357+qxi2iqe1YqxBUloMqyghdnTw9up4Tq0DBp304UxjbvFygEGSVcYBeSQTrtcemSuLy37gRyh/R8bg/hu6BquTQ6RnrA8KuEDEn5bjz9PXDDNTaSJjFJK2VY5Nultdx44GZPuaDjaR2x3MOhtX4l8boYrNTqp4d4cu8TFbVdnTFfZX6Xme3vsctdR86H1JfC6JXrM+xsylnqTZAgbI4Igs5+fcjukDpBkQJIBSQYkmdOepxTSZBR1DKIMiDIgyoAo0+hAWANRpvsmPRFRRgNRRlRV0ECUOWXzdUOU0UCUAVEGRBkQZUCUAVGmY34yYyFNZgKaDGgyoMmAJnNQ54S4OwRdpotmPVGHmVYZr3tOM60yXzcdZ9powu45z3yMh1qg1YBWA1oNaDWg1YBW03oHGiGxpi+DWANiDYg1INYc1GkBxJoOm/VEHWlArNnLGwTEmpM0YfecakCsAbHmLMWaVIwYKpOhkSs9K9HFVOaa+lwD78w+tM8aozkekMvH3GZ0IrJP1nh0uG2ydt/wqnAQ9rvqwhBeamE8vpikLG+qmybhg2ANOFXRDwu/xxHo8nfn8JH3+KtaH3bvyrZdQ6egdpWYFMgHyOe8yMeMlt6U1XA/8sIApSO01QQN1rWBlp/H2HQTp6XhWBnIBkxTHHD7UCEsGoFLKWxxcExiqdB+WPNBOlzyqJ2jCWc32vSxnvBMD9E+7ghbHtDXsO2t6NvZHx2hnLex/TMyz1tif/SJ2R+AB4AHNkQAABGSZYQ24ZQh+CsAyMEBpLihJkngvWXgINlRU3QTg6NvqNlyuvjM7Yp+9kjpBP0E9s0EmACYEFMzRGhiDGoGTNjkvHUih4zPjVs6rTe9xbod3k7Ji3ga0n78cm8PxWS36MzrEH8dSl/XDdfFjFSTtR3dBrvWDNPBmShrapa6/f0L13x7sdy01gybS1zr9lynChTdkuveCh/Q31naARhBfwJkBGQU0Z8UWWQCrA/ICPrTUagqqz+ZvuvlNvhOd6ckUMH3BqVQUUuQIhwQHEWL4i9q/0wXsTHJOHS9oM48sOE3SFJnue48XptsGHo/vxD6A19b7C9mF4o26iFlKPfo/tSXZ+alIx9V1xKjlEkfKAWELVZlNy0C/tDQ4t2mnqObJmWYhhYAN/KoiM1MNfIo+nXUZdj+gepP3ZD3ihOhTDmb6radzIQSDMXWPTaFp0TZcxgW9RBv7+kG7zmH0QNxKXvzF/Ji5o/F372WUtsign0kGYCume0BTfdF0yWgKUhfZyl9CfleKUCVoH09j/Y1ewhx0Lj2RUBjDPpXtf71xdfnc8sAyNgPMmagf3VM/+KeGR9d3hjS9WuzcX9SUMIy5w1laCgjEMEOKoKJ8MpEqbOEv1SeDkgz2XX8QDqt1s/iir5FRau6SlxLq/G01ohEJX3IiZatcnzKN+x7+35lQva195vXlKU9w8G1+Hur62tlBLfnFvFAvgPftdNka8MltZYxkiRVk+yzhqBay6VKgUvVwTYZTSnPzTLyzG6GXsaqpAYtdf/OdL86UrmBuHFty3iQSvU2xN9Cqd6Apjp+eTkoR4345fx52XjpEKfjcFqtMhQY+wxBqoUBTFXl339qndX9zqxNySrJHmtVp/Zo18nqHvIjG7MwsvSrUw358BFgy0YWXaDSjAHSruFoNkjfuP/YpTkzJN4OR7NC8sKWD2gq4QHGN3uNb4gZOzF30JJ0goPCKS3nFqPe/gioFxwUWrU45/3HOh4KQ1ids27xLzMZorYO0HuH+SgAYcDanHPyTaDTG6TFZeEL6O4lBqkDlrP4YrFyI73A6sAcqEVPhfSOyAtCUtuX6fVxkN38pPe6QVLcUvGzL7/PDIo8gj14SppnkmA63bNmI0V2GeKX7aId5jo/oCgR6VCVRdwmBvu7Tazd+qBlXhMbtz/I2wbwq47XxLpmal/5cX2Dtn9Iniaavn1TkWskmxdZc23qQRYIkfz+9jBNcmbqY89+IKBquI4ZTIOd/AWKK4QCw/XwJXqFSjrepncxIBd+2/PtfPj4yFKwE5DvvguduORZLOJHc+ZYXxVatyjrhhZERF7nkZsxojegi6v7xSWMUPb08YDxCeifZ6l/CqG7ogxAAAUBtFUrtOoJoLBEa5clWrH+CWu0YI3WOeqgehyjSBvMZCPbOkhs0MfOTXRjMNalUmdWtUcr/3zyPGzKWIaVXIdUJEWmdRUZsAaERZ5vmxZiLRsKQ9TUc0i5RLxF2lcWJF/e0JNWaWqZsyZdUJWFytC3FgvsB4l0xQMxTQ267siMyJWksB9KWKz17mcSGndk21JZFhUSIW8azxvabzWyMA/ypvl6U+xrWudzy9cIkTEgszl6G9sXBoOnLzm3InLZWTjEgNPKM0jfImNETQOvFfBa2WNw2TnPiyL4nbvnRY0YEdt8LPbA78YcLfLWaYO3xVWbvS1ItoK3BXhbnBH8zlzW11QFaMB8eQRD4KFuyLliZTmZs/JoqOZudVwHA+g2ALratqmQvoiHR79/yJh2hUZFFHOL7WtlixWQa3+NybTQxAEAn6jTSJ6Rkn0nyR+kfTfwkm4EQFIQRrtvmZm5tT4i3VaOylgTSZJRUSMKfr7K3jsQrFLf+o0HrpNdQhHPPpRJPOK5tit/lYbBLQGwUhkRRLBsPvK2LD0C8c7O0E9lNjJn+qzCF8VfzPSL8aRHYEDtoZHWQ/LL4eCyyjdFnQ9HQwyBthrjMa0RHlNkGVxTQD1snWtKa1w6coIh6f6ZZ3C7tkRvzEWiA9/amMtBF/K1/VP4TMn8lFgP9EuICHxuhMyDsifOQQx1TW3czztoz+PaKL3QlIE56RdQOn979SWxaxL3DddGfVktUHb+IcPxYDAaFS/JPmRuYN3QzwzI1eN6AggiuQpIDki+C5KnFbohNG/0ebzR60Sg3R19t8W2iD3OdrBrc++A/tJttkfSM2+2SfN+yq0uIxmO2D6waMYerBVoqT0qWqjUEm/b6SX9KXJgmAX7Jp/VICtZ+DpXjUneTySZySu5N5evMW51Z1HHExpWy+6/WrYv4gk9HnbAReQYntAwbhJzhM41Cg2sXO3Umt3K5q4zg7Ccg82OYnw351ha94WNz6y0Lw93mk/p1XUD41Vtd3d5NwoNwgN0Uxrdso8bknBr49DO8Q/5bnRDRj9030kY/cAkE6wShVWiXV8lKjQ2UtQ+LBMFL/lzWiZaK0B3u5du1lm2+axhGj9+Rl68SJFthQeS83nsVPMcadzm+Pl8bu/ziTmZT6pCMI5lDc9GVW7u8RkQlQ9ITgOx0NKwtx7wDzi67ya9TomZCFrdWwEpDqft7N7y7z2MLNvi/O1K3LpPsfUAjUGPPEk9koyoQ84+qw2h8gyaqx/HZs+1RKkUiFIdbHNTGJSlOMaMo/4mlEpq0FL370z3a7YhKK05l0pVN8Tf4hDGdbenOaz4amLDWpJ7njt7GxBlJ7X9VQaawMhiOARJFiTZhgKXHEY/vbVIXSSwsJz+GelOaNn4Qn45kXsoK6ym4Ux8WopxHO2Yc12oh0EqsnKmqKRGpm/+BznEStK6DcI5TbZDc71qWXgSlLV+HBtuIoe3KC67JO8gThzEiTu/XfkAe5rCngpFVRNSVAF8AHy6CD4TAJ+OgM8EwAfA51z9/qh78JpFTfTUq3TOeSLP8+EggsgwkhC5g8EIz4yKs+n9/bk27vfPy9mvf9R1UEMRX7/BZIcJ65r8VFz91OR0tSAiqTBdvSmIAm0D9l3DlDQHLZt1Lm7KUMlhwe4r6vtywJ36LuIlFiKMlQTOrQqqW5O/4lR0k8A6HwwXlpkj2Iprd9gyLTJcchy67buzWBOHy8e6+bCKe6v0kKrKPTQZsri3ai7u7Vfdok/6IXR/SKsVX34h60NZV2BtxQE9BIV4a6i0dN15m3ksrjPYBN3qABsNpEREdShcY1OB7G1HUJryL2w98Lxh1kNJqln0f3ww3jGiZWQTprrH4MgFAhM4ch3QkUuT1zhyDfZ05CLmCH3XtrG/jyvXKrXvyLCetSZV4h49mUBoWdtjEcDYMl5lMjTObUeF4+p2miLAkSP56NOizybrwSIUIVUvqeGVwp6yu7AXNyOdCO9TVPuMVZM69aM6Ot9xNxbNRVwUXnGSgfrsh895QWhTlJyqMtW6FcrV/THMCYNMeeoyZRzkH9GWI/LxGkhML8vOBA/lsZaPE7P5IbRVRjtckn1HeS/XihSA9Hk46VMIWbXxEZGV7lp5vfTCh3o4WzgIPn7Pgbo+9rBe6pb50bdsE6B4A5LbffA4aTL2xeOk7ToNPk7a9NQdkdwhEuqGbXV6iV6h+m8UDq/D33kEl0f2ovYL0Kml0duo5nw7cGwt30ZJant4neOlECTnA0jOWrXkrMl7Ss7/iGbYd3CIA0SbwUW8uVeDC4lhz91i9o/qK8QjkZUzWq0ojoXWsm6koixvFx5FT/0L+25zcfGLvRNEPmql18IB+LUYp5FSomHTukdg0Zra5JRjPMTLauoT7Ku6zxZlVdqO0f89Pbw9ArHy1z09ocdH+sbWoyuxN/luUuxQbHV0kWy1RaMNwxIdWKJzfmuTgaRqk1SFcimGUkNAKUCp00Kp4taKgFLnglJ0h07AKMAoCPECFEW3QqytR40GQhA13huihKZ/azLUTm6OMDEMi2jKs6mAOS3AnBeGbtsBuiCZg8hfjHQCQJ3z2FsEYAdgZz/YKUtGgrSjdUMyqo07zShGQDunRjus2xVcX7HCGx+Hke8QSjLxcSkn8+IOwQ6wDrAOsA6wTiXraLWFnbEqgjoj9Zkc+w8yOwZAsxFo1BMGmtQZckraJPJtUx8b2LrH5gaswX+S/pCG5CXJo79JgbDMzO+qCL2FLWF7SGdLGo4APPxFDHi6Ebj3F2rOHvqZBgDCQaD7D+gf4wBds/xBn+L8AeIB4gHiAeLR6qs7gsgzaDJsLjANME0XmIalCaBmb6h579wD1hzDPweCxQHYnKmPzngsxDVD4BrgmlPnmpRj9hBr4psBb9ZqNh8BbUCxAbABsGnYH0eQbPpANkA2Z0c2INk0LNkA1QDVANUA1aBmQ/xMhDbHlseH3E2oZbtjb15kDj7DbYSbUryeEtysZxoGBuQI30jnIw6/uv7djWtbxsN2f+KYZND3SJOPiDO0SrU8qHnZmjHFALycQ4zzZ4OXbPPdjjDnho9J04R4Nyi9GMnmLLcnAQEMG2cuwOrAzIc2jzwz+wQszyfmCCKPHzB+jxgnKRPgJOCkE+ckIKRmCAnYCNgI2AjYqGMSkir3hSQkQCNAo1NHoxtKQABEgkBErAcYBBgEGAQY1AGJSJCDVBU4CDjo1CUikjMAQuLKEDEfkBCQ0PmQEABK8zqNIgtNYYGrD/DJqfMJqQH3ltFaRGk5nsTWA0IBQgFCAULZQ0IRQxRVBkQBRDlxRLl2TGYHYBQhRknMFwClAKUApQCl7KGjCG3lqSoAKQAppz7PQ7ohlnSgFLGJnsR+QClAKadEKX+JH0urHK1N9LP7Mi/fUmDc4qX+C/YDUmdoDzvkh8MHXitM3b/jV5IWeZXvcfsTG05yuPu8lL4qxEvP1kPLWbEI6VaCMFNwHqv60senQlSVQlWyHMOOTHxlV3WBScZV4RHNDwJBVsVtcc2Q3n6e3nz654frL3+//vlz9sZV77ZqUMjhPyPsUyiRvMrXsdO/0JpEr8meWeWDkju6wN+KlwZ3lvezb39+cIyKlCfNRQYOi/U1V3zsNDk8+15+L1USTa6uBNjGRsiausL7WT5/Y9XoKkMDqyaEnvluOiUvlioJcyvUcnq1HCvkpZNn8ZS3T0lnec8LL+v0smFMtpafQqtXXe+3Fhvy1jqFpdYXrEqKul9JiXulbHkj9ZkVh+C/k6RJ+bOlb6DHqi+OyyH/yKwjXIC/8AflqJT9T7uWJ95YWMyScTMx59265Lhff1CSTpD0wfExKXebZ5Fu0F/dHBtsmkBKtqeSFDnTqfezP5RVVyUNM38r2R99OXsm0z2rmb8Vkxf1P5J0U4zKlImtb8k+WMs+OPsWdZD9kQlBMzKz6U3SkjPZv11GqlIUGnHDnl8mjj7g0LeMuH+I2AhKug+jX0MzWv6bH71P+wvlL0//D+dDxvx86gIA + H4sIAAAAAAAC/+2da5PbNpaGv+dXYJWtre6sYpO6a6rmg922M64Z9/TaTmZ3k5QKIiE1yxTJ8NLujqv3ty8AUhIlkbqTAqV3PkzcEsXLAQi8zzkHB9++I6RGHccNaWi5TlD7C/nGP+If2lYQ8r9+lX+R5FP5zTCy7PC9w7/U6/NPTRrSwI18g/Evane+O2HhPYuCWuoY5tChLb4P/YilPr+3zIxPLcN1blzb9cUJ/fGQXml10tB1/n/tdp3o1+lTO3QiL/xq/izkP8grm/nhwi2ET548zqTB/dClvllLvnuW//2d//+zOLxmssDwLU+cSRz/Zno8Gbk+ubFsK5qQq/sw9IK/vHxpyL9fWO7La8Kf27eM+KI1Zlrh0jPXRlZgUPt/GPU/hdQPP7hOeM+/1+SXY596959d1w4tb2rhmmXO/mlbzhfRSr/+Lv/0qMPsYNZO01ba3Br8Lpht3rjOyBrPGj3+KRvRyA6DhU/550bSFOkP+ccTV7YdvxObhSH70bBpEFhGLXXUc33hPFEQupPVE9FHK3jt+ibzP927X/n3I2oHrL560A1zQuYz83+Z7647TNzvh+TuQvYY1jIO+gcdMlsckPXlnU0NNuFXEwfQKHSXDxpS/5VtjZ3kGG3pa9OnXz+FT7L1RcOx5d+PLNv+p0cNK3wSDbz8e94XTIufevoQjrt6CvHqvPMz7Cn6Chszx8w2kXgVZr0s+/sH68/pdwtfPS/dguUE/C27jWzZEbOaQzz7e9FonmvT6RslPqR+LePQf1mmfCP0pe8813LCT9afwhjtpe/EK8Xe8DHLt4ZRcokVg0xf/uTSa58q4J3wTlwwkKZnD2zlXgP+9q177CCkxhfLGWfdyth3I08OWLUVw0/S7b32JsN7n/Ebtc1g2s++5Z3MHY2WzpX7hi6OMfMzUc/jT5Pxzfw28scHOgxcOwpXOnAQMi9ITTTT/y0/SGoE4sZjzFmxm+iy1I7E1RzeKkvfPtd3uAAfXdadvqctn3zh799zLRs5lhxMXG8yb4zUITWXdzOfv9LLFlk2Kg2Ne+ZntbecK2rDp1sxIa50LdebTvM1fiF3wzvg+a7HX22LbdlA8bVjK64x3+ov5Vj4yMzZdP99r6+NtEbGWVJdSv6ktnLE836NU4CJv1LfEe+/qkY29Lahd4s28nfLn84swF9ky7xzF0eN2v3i8F4TWkBvpD54XJxra2Ly1FbOLe3U7cz+nrdL6lqzKXJR6lDbyBjmTCvwbPo0nY6lQl44wEsLhqEbCp2zcICYVP4xvaQQhJmDwHxiXriraYtMuDqzls7r+uHqjPG8YhPPjsaW8wvzg2QS1rUXrRfNuSrkgnTMwsWeuHATW8j8RPbOxZch/rv4/aMne2AQTa58GrKrWEAP5JgUDJL3JhiEXMvb3770ggGfe/76Wy0+7LdanXiu+df/+6327/y/v9Wef9Unv19fk+ETueIf1InNp2v7mvxAOtrihbl45y+2VITWhA24cBHv3cIhlhAq/C16R41Qvif64uQom+/d7DzfvsmLPT8vnsWnzniVacQXbPTejCf+lYb6fd4OVhjLxrfSIhxl/pXYJNVWiZoRT5I8yHep5gYLVJgFmm2wAFgALHABLMDFnyHGjFPzAH1QWKiORpT32WrTwIQ+FmJgOYe+EPPHa2a7Xz+766xdm1hObY/XYeFa84F5zZU0dQy//MhHNfyxjVEILi18sIaX+uClk/BSwkO8p15ZaSDiPdNgQTAwvIjDiuE65r5QJGhI1wrHIfGubead+jGMxSesihtLTLnZxnp9bGPxyafqPYtPn9nGutmKpG/ufiY/B3TMCB/riZP2SWyN0lzM2NQL2ApILbaGkJybB219adButDb4uNrZY7be0ecD1iwemGGBn5jDn81YfWyfMzZcB3AdwHUA1wFcB9VxHQyfwulMdULHwatffho8WH4YUXswYRPXfxos3Zhi3oS21uu0qh5bfMUbWIiZX2LLkw/S8srafNQ3+6N+xW3+4dV/V6unszY1NFZ1q9PHqvTydq/V6nZh7+O7LT9YztqbOn8v5iYLnL1Ts7cBjzvZeNyAS/PULs0ll1PWFLqF1+m6aA9TxhtWoiuzIkbK0Z0lujGr0ptWp9FD3JeLpyKvpe5ELtAFOPSwLgAOPTj04NArzaEn3By84fjFnHBhWh0UlcJSHV9HESDT2xJkWgCZE4JMhkbPfEkK1Z4rkmRn+f7LT9m3vYU4LUrBV9CM64fIbFO+ObopV9G6fFNua7D3t3kGy80YersVGH1MzkrisxKursIIaAQ0AhoBjYBG54JG3Fi+AoskbFumDiod8u2xRhUxSO9sx0H9HjjohBwk1uwuqU7e2Z3ByFRCaM7f0JJiNxkqXCV78Nt76awswC4uQpOByUp1j4fxOnOUgbtK9Q76uM4cb7YisH/yByJcmDMyLZrl+oUA2FJNrtd376bQF8nEfssh/BeED9aWz0jwxIXShH9o2JHJVRgx3InHB1OuT/kIwXmROvxHpljGENfzegHUA+oB9YB6QD1EwRAFOzL+dXYt6aTrOevdugBARQJhQ2/E3wZvJQmLvyFbhx7If5LU2firMz7odLtL5qT67MocddygmzRVehTJX/xbJISgxbaO76202GlCe+feYlwHyrG1yNZ8f5vRmgfGHT9JvPzxK38yskyiJcDvO05HJKkdJNjXHcV3wXtKnfBPErLlfxMnLXWAtkBboC3Q9ihoK2bE5cEXuLtfATj552boPSZxrVSFykWuPnIPT4lci1KQCzgWBJHPtpBq2+a/LUum2iFFaxMhQqb3WbVCO3o35zVot7ertPPq7j2q7ECzQbNBsyEcUfnMs6JDEb/IO10Ti8h4elf2x3GY5eoXFokM5ifpMO8DOfjuvZD/qIUFZkPgrnEOOy33MsMb8yEy95C8UXLH8Edd7eYWwxya+3jNXU60q5enORsHoddS92R0oRbyWjCLd67LJzPfGt+HiIWlq6rSsYgWU8+aZXslLvG4wGoQTbYtr/pyh9MabuSEe2yTIh5N/Nej4f118RulxJd7fibfvokrrmyZshtkcsYihsj25CqVOQZ/JpqUphAJbddYAAQMA4YBw4BhwDBgGDAMGAYM2yoElsthzWNy2GIKKTDs8AQ3YJgiGMYbAwgGBAOCAcGAYGe2bT0gDKocEAYIKzYW1mjlMVgHsbBziYVVlZbIQbj0PZkCU4CAFWgJtARaAi2BlkBLoCXQEmhpr5BVPi51EbI6k5AVaAlxJZASSAmkBFICKYGUQEogJZDSjnGlppYHSn3ElRBXmpNSnfgsjHyHnyzNG4VhU+pqHJmusjjq+uAsvfgiRFwEsScQFYgKRAWiAlGBqEBUICoQ1X6xp3yk6gGplN7DC0h1bKTiViWz7ceuq1b0sJmz3V63sV3Nw3gPpX3LHhb1UHmVHFsbCpoa8Uu98I7Z1BlHorr3X+SIIrrkY9ZAwsX/bTQZ8rc5s6y5OOaD5VgfqLcyzqeHG/7uhcmQlbrIfLih/hfT/TobFwsbTdJNs8+L8vruXca7IEwHz0IlPAv82GCTZwGuBbgWFl0LfCq24VyAcwHOBTgX4FyAc2Fhv+/twrV5pVhaR18GWEeuaxHuBtMK50LWWNlnOC/CK/Y5CJ6ELLIHZuRL2XWwM0K8svJMJTgfZtdaKa7CEZJlvJ+7J8YmuxtjJSGYC8wF5jotc5nMsPilg+VeDRgDjAHGAGOAscrB2GqkN5fG2qCxdTQmNm5VeeXhGdPWYVCFBYdIjwVPIT0WEaxzgyYgEzQ0kAnIVOxyw1Ynj5g0EFOVVyCuJaZdNhcg4LAMDktRWHpztzFgDDAGGAOMAcYuDsYKXcOUr9N60GlVrqkHnVa+ToPTHDoNOg06DToNmUZwm8OPulmg9za4UduNPHneOEier1XbNh+V14jtoRuGS013cWo7dL0vV+06yfKO8mF3wMeLQeiG1N5GDreXKgfw3zt0wtLCuIzy1cllZZWAY8lkflL+FEjShzyGPIY8hjyGPIY8hjzeWx73tpbHXchjBeRxllMa8jhDHsNzDGkMaQxpDGkMaQxpfO7SGAnXIKEDSUjvbI1CTaCQQuWGt0IgNwoNflr+0Yha9n5MVHUkEhWFxdNH/l4FhcuosNvOWxbea6DCbkkVdr888InCZ6iyi4pPQGZUfELFJ9A0aBo0DZoGTc+VfXvX5cvtfp6yb2FZTJUKPs3wO+GEwYxTp/i9fm1KYPAf1AlH4nKYWl5PAnV8yYPLOs2f9/BNegBOACeAE8AJ4ARwAjgBnABOFw9OKwUF8skJG5dUs1QuyAn5mcjPBDMhPxP5mecHRsAi6GRgEbCo2HhSp5VHRSizdhaFHzIgKbPq2npmisklYadr8nKvy8Rl2Ha5UAl0NmUyMgO1g+gsVRoXdSUAZ4AzwBngDHAGOAOcAc4AZzvGrHLprI/NSs6i7gjo7DR0hrAZyAxkhlRDsBkyCkFnoDPQGQqb7Bw6y0so7KMEukobQ07hh+sMLjkGf0QsYjtRT9kJg1tDz+utoOetfG7iM4NZD8w8bmiqoAIm3Xb2u7WpfCrqlxytfsmNfHuIw8Kvrv+FWE7c1cW9oaQJaBm0jDgmWLnqrOx5ZW/0uTLT5+zz2dMhohWqDsgn/6/UN2O9vH2J9CUlbVpchZakomfXOjBm8C5+ci6c7/goKkyMkAFEEEQQRBBE0HmIoKF38t3O81SQrkMGqSiDhk8hC44gg8gPpFdFKfTZp6MR1xWQQhcghZptSCFIIUihC5BC3Fh+WHT2xC2drI2m1/jY9cAIsbyHVq2ISLe05q7x7ZH1yMybaUN8r9G2RvVaZhR72rXkT2qny1vYxdCEv9Q/fr65U9bgo77ZH/XPxuAdZQ3d0Vtmv3k+hiYq9+qe1mHD7hkZW/Vh5Ix6981nwkW4YC21B5QhNUejVsVN/oZxjOTku2h0dfXJcKQPNe1MjK60pXt9baQ1zsjSyo/h52bxDkaRIi39jy4xmWNxW/vsj4gFITp2weYezRzFqlu8y4aNjllxi9OHsbIGZhoH96oDjhmP1epCDTM1pp2HkcnS0nOlDN1q8QHDqLihVTZwp9Fn7aq7VSeWAwNXsQfHS+BE9PM1s92vn9euwVxt5u2COQvXmocV917+dw49uxhjlLIMsJezv3m7g8ydU+4SYDnTpB3xQ4+G9wPDdZzQp8aXwdgYJF68zPSdIKRhFPCPqHC0ik9GdGLZT/wT4SCRGT6+G7p8ROYffb65W835idN94p/V4/Ptn/S8kgiyaw6QeG83Z/7Uj7X88mwMv6V5BYBtXqJZP9buF5dmXjHdZ5v3Rs3em6BMZQw85dtsI79Rsw9X1Mgkvze/3SoL8/3dQ4vcTM0lo9tIw0wdhDTM1DFIw0xkKtIwkYaJNEyCNEyl86eQhll2whoS1UoyNNIwkYaJNEykYSINs8qpakjDLM3SSMMs2eJIwyzU0kjDRBpmnsWRhok0TKRhqmRkpGEiDRNpmDAw0jCRhnmgMQpJw1wpoZaXh6k3ekjEPM9EzA4SMU+TiNlBImaRiZgdJGIWm4jZQSJm8YmYnQtIxOwgEROJmEjERCImEjEzRiAkYiIRkyARsxiDIxETqWpIxFTe2EjEJEjERCImUqiQiIlETFh8K4sjEbNQSyMRE4mYeRZHIiYSMZGIqZKRkYiJREwkYsLASMREIuaBxiinHmYvLw+zjzzMyyiImfhLkIt5iqKY5Rj/ogtjKmXicy2OqZSRz7lApoqGPnaRzNvEg4/8zNRByM9MHYP8zES+Ij8T+ZnIzyTIz1Q6sQr5mWVnsiGDrSRDIz8T+ZnIz0R+JvIzq5zDhvzM0iyN/MySLY78zEItjfxM5GfmWRz5mcjPRH6mSkZGfibyM5GfCQMjPxP5mQcao6RCmXkJmk0NCZqXUSgTCZrLxi+xWCYSNC/LxOdaNBMJmhds6GMXz0SC5gUlaGrIz0R+JvIzcyET+ZnH9QIoHY5v6/22wSru4FI7QdDUR53Co5T7OG/auy6u7beyfTe97kGum6UOwaizMl3RILx15eS3/NWyEiQrbre1nqGQDm22xjXkW+P78LI9Q0E0mdKG5Q2oafJZKMiBiyxC4P+eEsb1b07RhPDtW3yp5+ctnDf5gPDKtl2DCtR4NX1g0MEl0IEOPAAeAA+AB2XhgRlNvIGc5PzICwMyc+SpncfLaKfVqXwSzTrbq4sU7Z7e0oxKIsVKPDiPKbqo16OI6M8IMcj3hs82/IKD0A2pvRsMUJ/RKRLUicPf0uvisUBc5vmZfPsmri7/cRRQeJNYJxVNeMOtQz5K64AZwAxgBjADmOFMmMH1gi2IoVAnbD8ngU7rQDGdUDGJ7Befhmwqm/jQ+mAZLBjwAcjZQSf9qk9+v06LJUO0ZQkCKb7QgXLoU/zU5GePWw8+U+gf6B/oH+ifi/OZFuszypFAPfiMFPEZRY7PqHEvgusDhz/JTtHiwrVO6u6IvLuy8vxzLHTPqB3eD/g9yolCXWPFN0pmN7pF8n6+VBQOM8Y15wMXEeRv8syQi5CLkIuQi5CLcJcdyV2mazkBxibE4qnFYtpdZvquNzDcyAkTT5lp+Ux6pLgKevvTx7efPgkVtJP/jAuXoBTXWXyhQyOJ3AIeM8nbscg3JHd8TEUE8UIkEYrGQxJBEl2IJJqcvmS8wiXQDIM2K19E8YO6RaP88fBK73TrRG9r/P90/Rq2zrT1buWNPlxeeaMPlSpvVHRVSdMUcFKEQeTMsa7vLQVlTp5VLYs0wBqxNSKZCQFrzF8TsbLO/lEEXiphkXLy4HP9VP0m/FQKpXXJeOGA2vY0r8tnBrMemLl3gpc8z0DwaZ3E93VNfiBLa2sKcVvJK3/mF5bp8PG1c51Y2wX1brl5yFtpGXiuEMyD5wqeK3iuzsRzNVQgmJeX/K5DJSkXzRs+hSw4ejSPa6NeNSN6n306GlkGdBEietBF0EXQRagjctSYHvPpmJFbmdCsbtmQYa/Zr37ESXEzG3rb0Lsw8zHDe1n3chFBvsIbQYWdTPbx2OfAaF8Hi57YY7/irHeiiVKrahZn65KWH6X2eFHXMvMBp/ydQRS2ymwu3LyZx/rozKFxGaHGNw+n+tJw2mhtcu3pOfHPRm/9aGrEI9RCB7CpM4746yVdGTYVtn7MquLL553baDLkQ1MW9MljeHe0PlBvhZ3TY6fh8gvEA3DqIvOxk/pfTPfrLFmmsKEx3TT7+KvuXNsynjL6h7AePFOI2MEzBc8UPFPV8Uz57I+tYnbYUf6MitpiR/nyE15F71bWxsORPix+RUUpO5DoejubEtqI/6sU//ckSQzs7iB+N3ZMjix+G0H5wpZY9SXbOLNxWjH7zO6rLB9Mvon2TK8t2kLT2zrIHZM5UyM7BAwOBgeDg8FRAudYkco81dzsQjVXpQbO+9td0mbbFS2CcyMfiAhLBOS9IxNnIYmqL4n4scEmSQRNBE20qIn44GJDFZ1lzuzJoxIio8JjviwATDzfNfhMwxv3M59a1I1PNFpmq3EGaZ0zw0ceH7IYnSht9nL22yu68sI8LW7uXfP4tMwG/J1z/elKrURIxoe++EFkOV14ZKPghpFtQOI2gKXPaMivWm2WUgfmyhWuUWv4rJr5ih7kqlH1ZyWc3dBylhC0DnLMLbUfowuF2uC2I0ctCcR77OPTYDpgDnzm2U+DgBmuYwaDYKtE8uWaQIHBX4Jr8pKsBEbXXUu6Dve+2t4ewhUH0u6+Q3kHW7kO60deIrJ2MFdpBcDCCHpIiaY70YWIzwKPDyuMiPsjV68extfwsyL0DDcrQs9wsqJg09FCz3kKV9dbiD1XpWLTbrHncyjZlISeUbMJNZsgjSCNII0Qfz6+Q1nZaE+nNdSMXsWjPdIbpqyJ+9Ro9WjFTTxRd5ub79t6v22wqhu4oC1WjjJIMFNjGnpwpoF3qy42ubzNgybYPGhBC5DCpquNodGFHekUeCErY4qSYsQ5izd0DR60U3rQRDW1tAeNg+94zK8+DSnGGz8NDFFOzIx8id1FhYV3uvaJwsRbOvLExFBiGBgtePQWFGRbYu0+tODx30Guig9Z2B4XkiOfY4uQN8nTw4tefS86FnLBjb67Gx0LueBIL4oYsZDrRKiOhVwnMTvWC52Lpau6VXGeR6rTwaoFdd1VS6h86asWdii8v2l9QuFujQMXKSxaToWVCq/2X6nAGwQrFeBIgCMB+XhwI2APxaMKfq4T71EqvUgLs7iim7J+mTY1tKonjVmO4kbWuu1G1Tvy5qkIFf+38DZ0NmW/NHPWjzWbR/Q1cIke3rpSsR3L5eBb4/uwAI+DcG3brDprzBYJlj+71Kz8H5w7Y2sNuCoMo2Drxfapn+6OsoIOMvd645o9pLLpRMvk1jnQD12llrr7rfwJ+XT8NrFlQGLjktSpSWxTcHL1ORnL1oDJwGRgskKYrPLStWHXHNIhVqUUZWB/PKRXvX6dK/NGnXQ7daK9aLeusc6qsB7dGLW7bYYenWlgrLM6q3VWRbgUOtu6FFLxJiyoOdGCmoWEAa6mZBGaQKlCfCUvUKmARUpe8FGFPnLoAgqZ+fBx+mzw48CPAz8O/Djw45zNpoATBbw4zKdjRqZrE5UFYLPTa1a+kstIvh3K1nLRW2a/WX0fg/qd+WwsnSx3VrfAVqfb1BrV90uq36XbvVar2z0DS6vepUcGowZqxh3JE5zd3BfhES60p1fSKIXJs6qu8ct3kjfgJFe/6tSeS8PID6SjleBAnw1AalV6UtlqU1xfb7lTVVhSur+laGWzU75Mq8lZR1GrxTNitr3e7FMF6mPkIJCBQAYCGQhkIJCBhNQLyZf8ftQw+pVftpmsMDHuqTNG7aESLQ5TIzf1nD2RF5aburnaezOntlavrfZ6V/jmFhNY5fC9ZU7iOaetKmeHEyWrqtcftkpRrRezDjwWktt6DevEjUKDX4MfMqKWXe6+61nS92C3GL8rcsd8citGOTjFKu8UQzUzeMV294qhLPq5+sVcD4XR93EooDA6CqPv7TJDYfQzsfTmpKmDXWWLCnDdtbgEM5mjYIZW3r6AjSbKsCvrI1rORKpwafRdyqLn4/Cb20/ESwp9/xGxAKtdkSQCHEaSCGAYSSJHFa0qVy0b9c3+qI84emEG7mkdNuyiShkMjEwQZIKomAmyCvitvCVYehdLsFRK8xjwcYOT+4MlbgC1ypS3yilTQBTuK8fZ9P1j8mwHenEE02weVfWlUbXR2pRf18rxmnY3OE2NeJxa6Ao2dcYRHccOIZsKez9m7fnAp5/baDLkA1Tm1gPimA+WY32g3ooHIj2CGi6/QDwMpy4yH0Gp/8V0v84m0sIGyHTT5A8qW2xckNFFhAHh4kPKC3x8SHmBl69aXr4tPHw7AFN/59T5Vid7am+3EQ9VOh56z83k8qlhMvgjok5o2exKe9HX6iQdKJ1tHeUL67C4JtYgFr8hDYNZ0HQYGV9YdtRUxiv/jX8kE48z4qhtEUeNJbcaMdTdFBVJ2ybZL7mvhfciG8lg0rLYOxnSC9IL0gvSC9Jrb+mV4avu5PmqIb6qKL76EF9HEV99iC+IL4ivBnLbkNt2ltJLhZ0cxJpoLHgp2sIvlU6/6mujyle7DyJDrFFU1sitVpcNjfMwstK9uTnq9JqFb5JRTkGfdk7CQat/bDCuL3eWR+VZWaxHtlk1YFlUMdnIxMH2lZCbWhAv2rpKqpvsw7tcmMomWs0q2ZmFk7sogoaxpAvcC+5VnHvFGI6YA8B325iDEou6uI4xXMdhRii6KTZ9K9DUPqPmk6om9sdDetXT66TR0Oqk364T7UW7cV1xk3+llujXP4bujzM5pW4RGY22NapXktpWA5p52NbWL7QOa9VQbZnSRJySbb3gYvFnJUQiFy94IITdyGcj03MSeU5FF2R0cla5dVtYkFHSggwO0aHv2jbzsSTj3KuugNCRFojINCLT5eD5O2rZy3ofsenj21hl58dZhKbl5oXKVm/V+22DnUe4tKPn4ICGcGmVUouXo6XGnDEGfrRLnHRx79OiSXxhl9J8mDr2vhhp84ziAV2lzUKSefyQOp/rIRPRYESDwZpgTbBmNYPBpw8ER8nCGzF7Rj4DDpVibdVTdttar1P5/UTQpctIb+DCH4NHaZZWfeDosmGj8tt2Y3QuMWMkz3PV6ZXguVr+yLrsdfI+8xgN31i+SAyMD7k/natrqpZmq+T5L/bZ1SWkYRRck5dk9yvuvZNMfM0SVuLLCx2a9zKzA3kTHWfpQWFpLzkFMzoa0l5KSnv5e8RN4bCQBUSYbBx3GGTAnHcGjA6vJLyS8ErCK3kEr+Qv8k7XEFjG07uyP47DrHi9sEhksLg2k22/D+Tgu/emFUfdRGM2BO7KfHYaFDJRbz5E5h6SN0qWytuFN7dcCIDmPlpz70P+3d1TVro5te86zeL2aQnpcHk1xgK2+9b4PkR1uzQlC/o1bCH1OARbA66RmGM8JVXsdifzl7uee18GFw8p/uvR8L4EEo8v9/xMvn0TVzwQybk1+F3xGZckNiFXlP/FaVVuj46KeIAuQBegC9AF6AJ0AboAXYCuLcOtudTVBnWdcndM+gjqUpC6eLuAuJB9D+S6XORCMbZzhS7XA3ZBhwO7gF07YVdv51hXt5VHXT2F1mdvwjQs0F7NWgVLbWSp73l3tQNyxU1H+L8kTgXgKfAUeAo8BZ4CT4GnwFPgKfDUDmGsfKDqHBOojghPiHFtYieJCXsWuJrDks/CyHcGxkLMpgxmSl34aOgEcgI5gZxATiAnkBPICeQEcgI5pcmps3MkqtfIAadu49iRKJQFLo6cZjUYBlyJcFEy8JnBrAdmruEn9kdEbf6JsJf4m78Zlpn6e4mv2kslTQz+gtYJlZVhSiCr+EKSrOSlD2SqX8TD1snPYtM7FgTUfyJ/7wXkrbQe+ZhYD2gFtAJaAa2AVthxFXAFuAJcAa52CUvl01ULdHWZdCW77tnj1XvnAYAFwAJgAbAAWIhdAa+AV8Ar4NVxV1H1enl01QZdXQZdzWjqgOBV8uPKxrBuAVgALAAWAAuABcACYAGwAFgArOMsq8onrCYI60IJ68ICWKAr0BXoCnQFuroYuppsQVeFboXTz9nVUtd6xRVlhrDafSucFWGVr6ekKOGf3MhPbln41fW/3Lm2ZTxtXsyeqCjyA+loJUop/rw5Iur1dhvJrj5roqAgnCCcIJwgnCCcLk04HeSnvKWTtW7KmuEzPj/LiasID6I05a5+w5H1yMybaSt839XMYWZLpPqV/EntdP7gjXY2GZ8b1bYza7TMVqPido48U/X+zLRR3+wWbeeStsPJJS+9D/KqOHldBnOBtkBboC3QFmgLtAXaAm2BtkBbatDWcpiroTXzwlyArarD1p1gqjNFLP5sACuAFcAKYAWwAlgBrABWACuAlTphrHyyajRAVlUPY/HHPt/oFX84sBXYCmwFtgJbXShbFep01rW8DB+srai6NPrEVYtlKKuODlJGybNBHEEcQRxBHEEcQRwV4DjKVUcNDeqo4urorWPK4fIs5dH04QIIJAgkCCQIJAgkCKQCvEfdPH2kQx9VPbBGuUDgU8t5+o9mT7e9QPouOZG4lBiqxEFNLf4lnzzu2YTOW7gpc3Z5u47njZoYObkUnxDk0rTa7Lwhm3hicksN93Fnn/eK1CtkRL4fd/lv6U4sZvOlV9VyDDsy2SvbXp1lavZUv2T2qaTTr/7METkO/FdvPg3uPv7zw9vPf3v786f0D+evffptrv0RMf9Jqr3My8mvf0lGyLSkShldX/h0zB6XDw2+WN7Pvv3pyTEy7nzavqk3avl9TVmZ2vbsduLme/FD+lqpVlgYGJjNjJBlKqdYSop5e6kI6GxqqP37YMAvnD26bzESCAVu8VliKpNEEw/kyYPpiPAQ91T5ZqfLEW7sP4ulPDf2D376XXrFTrc67xKNw7pEMoynOxZ/cWW7B/81vbXa4rc5XySdK36g1BdRwD7HY0FaDccDlJiin+MRwJrM9VdtFItyPrt8/VG/nw4boZt8Vlv4mWcZX1JpSVPjDKbDa3pu4dNPasBrpv/Q5zNnrZ36t57+o6mlv7mf/7uR+reepAb9Pr1vMQGk2n/jVdIn7qRPnL5Ko5X+I1WBsmum73d6Lwsm+1PM2iIdKzRqyYcLlZrIB8ZZwEhG+CjOrnoIo3+FZjT5M/70YTbiy95T+8rYl098NpcveO275/8HM4Xl7vlQBAA= cilium-operator.json.gz: H4sIAAAAAAAC/+2cX2/bNhDA3/spCBUYkiHDLDdJgwF7cNO0C9C0RpJ2A9pAoCVKJkKJGkk5cQ1/95HUP8qSndStEy/liy0dKfJ4dyR/IiXNngHgeB5O0kxw5w/wWZ4DMNO/MiWBMZJS5/WFNzz/cHZy+dfJxwtnr0wmcISISk8ZjZEYo4zXiQHiPsOpwDRRWeoEMU11oQEUkNOM+ahOS0kW4eQ0WFZonv6+UGtY59AZ5vL3SuV1YJJQAVXdqlV5exyCuajaWLdSpowyTMSp0tPdq6WGgs3KjDwogSOi0gXLkCEf46BDin2aHFNCmSqQRSO409sDfdeVPwcHe8DdNYsujT+o2wJ+AQOCmGioUNuTj0cUssAp0ub6/0r+zrVRUIDFgrZOlCChzZ1khOQSBtPxJaVE4FTKe1qIVZYjfUhwcq1DJbd0ChNEOkIHEgy5bmvtgTxhEiltn/thCMOw0rVy8QjqK0JIOKqDSbbtHUoiMVY+6jXkqCv7HZ5zQoxIcEyTEEdN9QIUwoyIptJS7mdc0FhJ55V4bniBThBj0um5aVqtCjEhpTUrwVsGA4wS0UiIZClDumA01ewDo7YbZYa+Ibg1y5DnU3Xe0kJGZYCSC8Rwh9G0j/v7de9GEUqCLuc1rtO2YSxvxmJKDG+7pDjpkPIxvWl3GSFjn3TknkCS1Y1otVRGqU41S9PCGxzkQWRKjYDOu57sDEOKE3FGdTfWgjp4aNocWaqYe1cV1VIohT7qiuAUyShNBIxQyyGp0kCFSMZN9+fytv+kCwLEkB5bQkJFrS/XDv9gRmildyPIdadV1yu/7ZkpKlxfIUJvLqlOlx5spJf2Nr3R6CBL6rlnOcVR7SG+zJ5cQP+6ZRsuUJqiQPqnbWYBWYTECqug25QVyu5gBgXa8THBWexR6TwoKPPkVOUjzj0/zTyO5CAfcE8H7gxTr8gM0/TPL055yRdn/tmNr3Z3wWgKdlIa7IJfZTN6C1anLIaqXzkCx8jL/djMIkMBsYnuIk53yhvoCz3juE1L6+79pqqh5QqGwnwiHjh3OrQ0kRwfnrCJ1OjXbaJX9zeR7FpPOYoWB47KRMfOiu4sxgzJ8Z8ECwOxUvgN0/NuCSiV/BxFxSi8cMHFGIeifYXQ5OMcDz+Cj1yOt0AaESRqgK8zVdgzM+clyFDQnpk4ZWJh1tWTklcCGU4CPMFBJs3amg7KPJq2agVu4S1emFdGmX+dD09me9QsWsxNqskd3LiQu3t2rWbRjhlrCm9XzRV1VBVT2MJAXtwbNNVQCTR6BTlqRVKOCq3sOSu0xEZz7ux5tabyKrYFerbCf9p2u5wioy5K0vJ3aFIp3YD9wgR3U/jZ4B9PdjmJA4nwYhRTNvVGU4G4l7fPeY4OoN9DPxmfu5vk84ZgbUA/XA3oKjwG/LK4z2tFzwb5neFoLC7y+17L9o/I9o9LyQoBl5FN54izim52H49kBp/edut7D765BwI+BROtnkS6zfT6G8wk77eehJlO3y8z09J7rpMtoeXzQm+Q6w3kwCHMedoS8zrE3DGOWF7eBl72KSEw5Tp4VyBro68sBUJ3AQjrtdUlC7YHrYjSyHdogEa52H7V7qqnw8FZe5eFSXve59bAAv6d/jz61gX4wzX4/siuv28no/cfi9EbJtwYouMUxvKH50uJavRYn5juyUWzmapmPr/HsvNjItDpEAyCQFbHkQWf7wSfLQEKCz6WBjZOA63lvnVwwDCu5QHLAxtas+vcjkR+34Mp9oKM6aePqj1JnsV61/H3b7vMp1ki9IWbB4tcG1n7fA5mMzl3pzI+kFQh2H7eODnug8HwFJyqRssG6zIsd3wXdwSiDEe77GLp4wnQx8sF+ji6YynC3V8DPuyzgJY9Ns4enQsR6rEcvnlM8CXARJRNt54J3mfxCDFAQ9C0jMUBuwxhQcCCwHIQOPoRIFAvZVgSsCTwoCQAJxAT/TTbhmlAZw9lq/mWs8BzUKsKbrAYA1huT4C2tSwhWEKwhGAJYTkhuIc/BBEOLSJYRHiUjQrNCXICnCZ+/r7Ug2wyVFsM284LZ0hAFWPgXJsIfGgrbiFhLUigqd1NsIjwMz7Z2HfXQQS7n2ARYdPPNq58JkElegTHWKz7VMOqEh7pAYf/weMMPlFjEVCvkgBlQaAtiJPIEsj3EQhD/1oGsQzycz5PuRaE2J0MyyAP8g708qWKavne8xnKEULeSRofcuHZSH+Wba943fIBeCKvaD4HO/K4qH6++NLs9r2aUVoSHBeWtEBhlzSeAk5UX7KUfU51J9XqF73cNw73xyiGnxDj+cc1+we5WExJ8SVIdp3nlONu7fZig7WwmyP7+A2VGauqBIpTAjWWt76ZWX9FUodolR7mHdpJ6M1vbhn8su8VMqdxWYpl+LP64qJtXjlamRHquD2DZ16YJ25cHx8Yx6558qJnphjdsm8cu8W3Mq9KvdV4Ws9+n++sxSz40CzYrKW/b54E9fHLwNS31KVhsq9Uz0NO4c7qI1bak8VSrhzgdWqmAcdx3x73Li/3//6aSyd1mDyb/wfhH1MR8FUAAA== {{- end }} diff --git a/charts/kubezero-network/values.yaml b/charts/kubezero-network/values.yaml index 4cd8c87d..330dfd8f 100644 --- a/charts/kubezero-network/values.yaml +++ b/charts/kubezero-network/values.yaml @@ -45,10 +45,6 @@ cilium: #-- Ensure this is false if multus is enabled exclusive: false -# bpf: -# autoMount: -# enabled: false - cluster: # This should match the second octet of clusterPoolIPv4PodCIDRList # to prevent IP space overlap and easy tracking @@ -71,6 +67,14 @@ cilium: enabled: false hostRoot: "/sys/fs/cgroup" + # we need biDirectional so use helm init-container + #bpf: + # autoMount: + # enabled: false + + sysctlfix: + enabled: false + routingMode: tunnel tunnelProtocol: geneve diff --git a/charts/kubezero-telemetry/templates/opensearch/cluster.yaml b/charts/kubezero-telemetry/templates/opensearch/cluster.yaml index 865e04dd..a5a1e5a2 100644 --- a/charts/kubezero-telemetry/templates/opensearch/cluster.yaml +++ b/charts/kubezero-telemetry/templates/opensearch/cluster.yaml @@ -21,6 +21,7 @@ spec: runAsUser: 1000 runAsGroup: 1000 runAsNonRoot: true + fsGroup: 1000 securityContext: allowPrivilegeEscalation: false privileged: false diff --git a/charts/kubezero-telemetry/templates/opensearch/ism-policy.yaml b/charts/kubezero-telemetry/templates/opensearch/ism-policy.yaml index f5dadaef..d5bb3f62 100644 --- a/charts/kubezero-telemetry/templates/opensearch/ism-policy.yaml +++ b/charts/kubezero-telemetry/templates/opensearch/ism-policy.yaml @@ -35,4 +35,5 @@ spec: indexPatterns: - "logstash-*" - "jaeger-*" + - "otel-v1-apm-span-*" {{- end }} diff --git a/charts/kubezero/Chart.yaml b/charts/kubezero/Chart.yaml index f7fbf3cd..cfed442b 100644 --- a/charts/kubezero/Chart.yaml +++ b/charts/kubezero/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: kubezero description: KubeZero - Root App of Apps chart type: application -version: 1.28.9-2 +version: 1.29.7 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: diff --git a/charts/kubezero/values.yaml b/charts/kubezero/values.yaml index 33641b9b..dc5284f3 100644 --- a/charts/kubezero/values.yaml +++ b/charts/kubezero/values.yaml @@ -11,7 +11,7 @@ global: addons: enabled: true - targetRevision: 0.8.7 + targetRevision: 0.8.8 external-dns: enabled: false forseti: @@ -30,7 +30,7 @@ addons: network: enabled: true retain: true - targetRevision: 0.5.1 + targetRevision: 0.5.3 cilium: cluster: {}