From 1d5f34d164340f0cd8cb6cfc1f6244bf506549bf Mon Sep 17 00:00:00 2001 From: TrueCharts-Bot Date: Wed, 28 Jun 2023 07:10:23 +0000 Subject: [PATCH] Commit new Chart releases for TrueCharts Signed-off-by: TrueCharts-Bot --- enterprise/traefik/18.0.17/CHANGELOG.md | 99 + enterprise/traefik/18.0.17/Chart.yaml | 31 + enterprise/traefik/18.0.17/LICENSE | 106 + enterprise/traefik/18.0.17/README.md | 27 + enterprise/traefik/18.0.17/app-changelog.md | 13 + enterprise/traefik/18.0.17/app-readme.md | 8 + .../traefik/18.0.17/charts/common-12.14.2.tgz | Bin 0 -> 130623 bytes .../traefik.containo.us_ingressroutes.yaml | 267 ++ .../traefik.containo.us_ingressroutetcps.yaml | 211 ++ .../traefik.containo.us_ingressrouteudps.yaml | 98 + .../crds/traefik.containo.us_middlewares.yaml | 917 ++++++ .../traefik.containo.us_middlewaretcps.yaml | 72 + ...traefik.containo.us_serverstransports.yaml | 128 + .../crds/traefik.containo.us_tlsoptions.yaml | 113 + .../crds/traefik.containo.us_tlsstores.yaml | 99 + .../traefik.containo.us_traefikservices.yaml | 381 +++ .../crds/traefik.io_ingressroutes.yaml | 275 ++ .../crds/traefik.io_ingressroutetcps.yaml | 218 ++ .../crds/traefik.io_ingressrouteudps.yaml | 105 + .../18.0.17/crds/traefik.io_middlewares.yaml | 924 ++++++ .../crds/traefik.io_middlewaretcps.yaml | 72 + .../crds/traefik.io_serverstransports.yaml | 128 + .../18.0.17/crds/traefik.io_tlsoptions.yaml | 113 + .../18.0.17/crds/traefik.io_tlsstores.yaml | 99 + .../crds/traefik.io_traefikservices.yaml | 402 +++ enterprise/traefik/18.0.17/ix_values.yaml | 416 +++ enterprise/traefik/18.0.17/questions.yaml | 2652 +++++++++++++++++ .../traefik/18.0.17/templates/NOTES.txt | 1 + .../traefik/18.0.17/templates/_args.tpl | 182 ++ .../traefik/18.0.17/templates/_helpers.tpl | 22 + .../18.0.17/templates/_ingressclass.tpl | 24 + .../18.0.17/templates/_ingressroute.tpl | 34 + .../traefik/18.0.17/templates/_portalhook.tpl | 25 + .../traefik/18.0.17/templates/_tlsoptions.tpl | 12 + .../traefik/18.0.17/templates/common.yaml | 23 + .../templates/middlewares/addPrefix.yaml | 14 + .../middlewares/basic-middleware.yaml | 58 + .../templates/middlewares/basicauth.yaml | 31 + .../18.0.17/templates/middlewares/chain.yaml | 21 + .../templates/middlewares/forwardauth.yaml | 31 + .../templates/middlewares/geoblock.yaml | 32 + .../templates/middlewares/ipwhitelist.yaml | 30 + .../templates/middlewares/ratelimit.yaml | 16 + .../templates/middlewares/real-ip.yaml | 18 + .../templates/middlewares/redirectScheme.yaml | 16 + .../templates/middlewares/redirectregex.yaml | 17 + .../middlewares/stripPrefixRegex.yaml | 17 + .../templates/middlewares/tc-chains.yaml | 26 + .../templates/middlewares/tc-headers.yaml | 59 + .../templates/middlewares/tc-nextcloud.yaml | 22 + .../templates/middlewares/theme-park.yaml | 23 + enterprise/traefik/18.0.17/values.yaml | 0 52 files changed, 8728 insertions(+) create mode 100644 enterprise/traefik/18.0.17/CHANGELOG.md create mode 100644 enterprise/traefik/18.0.17/Chart.yaml create mode 100644 enterprise/traefik/18.0.17/LICENSE create mode 100644 enterprise/traefik/18.0.17/README.md create mode 100644 enterprise/traefik/18.0.17/app-changelog.md create mode 100644 enterprise/traefik/18.0.17/app-readme.md create mode 100644 enterprise/traefik/18.0.17/charts/common-12.14.2.tgz create mode 100644 enterprise/traefik/18.0.17/crds/traefik.containo.us_ingressroutes.yaml create mode 100644 enterprise/traefik/18.0.17/crds/traefik.containo.us_ingressroutetcps.yaml create mode 100644 enterprise/traefik/18.0.17/crds/traefik.containo.us_ingressrouteudps.yaml create mode 100644 enterprise/traefik/18.0.17/crds/traefik.containo.us_middlewares.yaml create mode 100644 enterprise/traefik/18.0.17/crds/traefik.containo.us_middlewaretcps.yaml create mode 100644 enterprise/traefik/18.0.17/crds/traefik.containo.us_serverstransports.yaml create mode 100644 enterprise/traefik/18.0.17/crds/traefik.containo.us_tlsoptions.yaml create mode 100644 enterprise/traefik/18.0.17/crds/traefik.containo.us_tlsstores.yaml create mode 100644 enterprise/traefik/18.0.17/crds/traefik.containo.us_traefikservices.yaml create mode 100644 enterprise/traefik/18.0.17/crds/traefik.io_ingressroutes.yaml create mode 100644 enterprise/traefik/18.0.17/crds/traefik.io_ingressroutetcps.yaml create mode 100644 enterprise/traefik/18.0.17/crds/traefik.io_ingressrouteudps.yaml create mode 100644 enterprise/traefik/18.0.17/crds/traefik.io_middlewares.yaml create mode 100644 enterprise/traefik/18.0.17/crds/traefik.io_middlewaretcps.yaml create mode 100644 enterprise/traefik/18.0.17/crds/traefik.io_serverstransports.yaml create mode 100644 enterprise/traefik/18.0.17/crds/traefik.io_tlsoptions.yaml create mode 100644 enterprise/traefik/18.0.17/crds/traefik.io_tlsstores.yaml create mode 100644 enterprise/traefik/18.0.17/crds/traefik.io_traefikservices.yaml create mode 100644 enterprise/traefik/18.0.17/ix_values.yaml create mode 100644 enterprise/traefik/18.0.17/questions.yaml create mode 100644 enterprise/traefik/18.0.17/templates/NOTES.txt create mode 100644 enterprise/traefik/18.0.17/templates/_args.tpl create mode 100644 enterprise/traefik/18.0.17/templates/_helpers.tpl create mode 100644 enterprise/traefik/18.0.17/templates/_ingressclass.tpl create mode 100644 enterprise/traefik/18.0.17/templates/_ingressroute.tpl create mode 100644 enterprise/traefik/18.0.17/templates/_portalhook.tpl create mode 100644 enterprise/traefik/18.0.17/templates/_tlsoptions.tpl create mode 100644 enterprise/traefik/18.0.17/templates/common.yaml create mode 100644 enterprise/traefik/18.0.17/templates/middlewares/addPrefix.yaml create mode 100644 enterprise/traefik/18.0.17/templates/middlewares/basic-middleware.yaml create mode 100644 enterprise/traefik/18.0.17/templates/middlewares/basicauth.yaml create mode 100644 enterprise/traefik/18.0.17/templates/middlewares/chain.yaml create mode 100644 enterprise/traefik/18.0.17/templates/middlewares/forwardauth.yaml create mode 100644 enterprise/traefik/18.0.17/templates/middlewares/geoblock.yaml create mode 100644 enterprise/traefik/18.0.17/templates/middlewares/ipwhitelist.yaml create mode 100644 enterprise/traefik/18.0.17/templates/middlewares/ratelimit.yaml create mode 100644 enterprise/traefik/18.0.17/templates/middlewares/real-ip.yaml create mode 100644 enterprise/traefik/18.0.17/templates/middlewares/redirectScheme.yaml create mode 100644 enterprise/traefik/18.0.17/templates/middlewares/redirectregex.yaml create mode 100644 enterprise/traefik/18.0.17/templates/middlewares/stripPrefixRegex.yaml create mode 100644 enterprise/traefik/18.0.17/templates/middlewares/tc-chains.yaml create mode 100644 enterprise/traefik/18.0.17/templates/middlewares/tc-headers.yaml create mode 100644 enterprise/traefik/18.0.17/templates/middlewares/tc-nextcloud.yaml create mode 100644 enterprise/traefik/18.0.17/templates/middlewares/theme-park.yaml create mode 100644 enterprise/traefik/18.0.17/values.yaml diff --git a/enterprise/traefik/18.0.17/CHANGELOG.md b/enterprise/traefik/18.0.17/CHANGELOG.md new file mode 100644 index 0000000000..921d6263f7 --- /dev/null +++ b/enterprise/traefik/18.0.17/CHANGELOG.md @@ -0,0 +1,99 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [traefik-18.0.17](https://github.com/truecharts/charts/compare/traefik-18.0.16...traefik-18.0.17) (2023-06-28) + +### Docs + +- fix title for install guide title ([#9874](https://github.com/truecharts/charts/issues/9874)) + + ### Fix + +- fix portalhook name ([#9958](https://github.com/truecharts/charts/issues/9958)) + + + + +## [traefik-18.0.16](https://github.com/truecharts/charts/compare/traefik-18.0.15...traefik-18.0.16) (2023-06-16) + +### Fix + +- Default metrics to off ([#9647](https://github.com/truecharts/charts/issues/9647)) + - add missing `additional_attrs: true` ([#9581](https://github.com/truecharts/charts/issues/9581)) + + + + +## [traefik-18.0.16](https://github.com/truecharts/charts/compare/traefik-18.0.15...traefik-18.0.16) (2023-06-16) + +### Fix + +- Default metrics to off ([#9647](https://github.com/truecharts/charts/issues/9647)) + - add missing `additional_attrs: true` ([#9581](https://github.com/truecharts/charts/issues/9581)) + + + + +## [traefik-18.0.16](https://github.com/truecharts/charts/compare/traefik-18.0.15...traefik-18.0.16) (2023-06-16) + +### Fix + +- Default metrics to off ([#9647](https://github.com/truecharts/charts/issues/9647)) + - add missing `additional_attrs: true` ([#9581](https://github.com/truecharts/charts/issues/9581)) + + + + +## [traefik-18.0.16](https://github.com/truecharts/charts/compare/traefik-18.0.15...traefik-18.0.16) (2023-06-16) + +### Fix + +- Default metrics to off ([#9647](https://github.com/truecharts/charts/issues/9647)) + - add missing `additional_attrs: true` ([#9581](https://github.com/truecharts/charts/issues/9581)) + + + + +## [traefik-18.0.16](https://github.com/truecharts/charts/compare/traefik-18.0.15...traefik-18.0.16) (2023-06-16) + +### Fix + +- Default metrics to off ([#9647](https://github.com/truecharts/charts/issues/9647)) + - add missing `additional_attrs: true` ([#9581](https://github.com/truecharts/charts/issues/9581)) + + + + +## [traefik-18.0.15](https://github.com/truecharts/charts/compare/traefik-18.0.14...traefik-18.0.15) (2023-06-13) + +### Chore + +- update helm chart common to 12.14.2 ([#9599](https://github.com/truecharts/charts/issues/9599)) + + ### Docs + +- Guide for Authelia+LLDAP+Traefik ([#9577](https://github.com/truecharts/charts/issues/9577)) + + + + +## [traefik-18.0.14](https://github.com/truecharts/charts/compare/traefik-18.0.13...traefik-18.0.14) (2023-06-11) + +### Chore + +- update helm general non-major ([#9558](https://github.com/truecharts/charts/issues/9558)) + + + + +## [traefik-18.0.13](https://github.com/truecharts/charts/compare/traefik-18.0.12...traefik-18.0.13) (2023-06-10) + +### Chore + +- bump traefik + + ### Fix + diff --git a/enterprise/traefik/18.0.17/Chart.yaml b/enterprise/traefik/18.0.17/Chart.yaml new file mode 100644 index 0000000000..611b2d4f6d --- /dev/null +++ b/enterprise/traefik/18.0.17/Chart.yaml @@ -0,0 +1,31 @@ +apiVersion: v2 +appVersion: "2.10.1" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 12.14.2 +deprecated: false +description: Traefik is a flexible reverse proxy and Ingress Provider. +home: https://truecharts.org/charts/enterprise/traefik +icon: https://truecharts.org/img/hotlink-ok/chart-icons/traefik.png +keywords: + - traefik + - ingress +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: traefik +sources: + - https://github.com/truecharts/charts/tree/master/charts/enterprise/traefik + - https://github.com/traefik/traefik + - https://github.com/traefik/traefik-helm-chart + - https://traefik.io/ +type: application +version: 18.0.17 +annotations: + truecharts.org/catagories: | + - network + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/enterprise/traefik/18.0.17/LICENSE b/enterprise/traefik/18.0.17/LICENSE new file mode 100644 index 0000000000..4139714f20 --- /dev/null +++ b/enterprise/traefik/18.0.17/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "Traefik" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/enterprise/traefik/18.0.17/README.md b/enterprise/traefik/18.0.17/README.md new file mode 100644 index 0000000000..f8a41e479f --- /dev/null +++ b/enterprise/traefik/18.0.17/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/enterprise/traefik/18.0.17/app-changelog.md b/enterprise/traefik/18.0.17/app-changelog.md new file mode 100644 index 0000000000..0ac72bd606 --- /dev/null +++ b/enterprise/traefik/18.0.17/app-changelog.md @@ -0,0 +1,13 @@ + + +## [traefik-18.0.17](https://github.com/truecharts/charts/compare/traefik-18.0.16...traefik-18.0.17) (2023-06-28) + +### Docs + +- fix title for install guide title ([#9874](https://github.com/truecharts/charts/issues/9874)) + + ### Fix + +- fix portalhook name ([#9958](https://github.com/truecharts/charts/issues/9958)) + + \ No newline at end of file diff --git a/enterprise/traefik/18.0.17/app-readme.md b/enterprise/traefik/18.0.17/app-readme.md new file mode 100644 index 0000000000..02206fafcf --- /dev/null +++ b/enterprise/traefik/18.0.17/app-readme.md @@ -0,0 +1,8 @@ +Traefik is a flexible reverse proxy and Ingress Provider. + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/traefik](https://truecharts.org/charts/enterprise/traefik) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/enterprise/traefik/18.0.17/charts/common-12.14.2.tgz b/enterprise/traefik/18.0.17/charts/common-12.14.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..e3a92f097b6a367e3a78ab596bcb2624e54a31cc GIT binary patch literal 130623 zcmV)VK(D_aiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{bK5x5D7ruEuRt-GyYb#g)?2o}lR2Nq_GEk}iB-0f+5PtH zbwMN~aZM2n0m|{tz~TPM9LBVD4;R5- zHvhES?e?(W=l{0b?d-qpVXym_PQTypbVvQ(p!=70r`sR3{{q@ifJ^R42!-)q+K+B4 z+qrM#fsy|K#l*+q5mkKtfTxFW(DRZ1^r~NP&P$ zNMTG`0#rg!?BbB3kaDQW{%F{5w?~6P;}+fD;n*WbjV4GNYcv(6P5z?M1hSdiWP)^8 z|N7&rPOCF)wVUm~HWttiDfB}Wb6{uz{on}r;S~RO3b=*iSp$F&vi=$b03eBj6#YyE zQCwm`?;~`i&}%FeE}d?x({FVf+Zlg3|CcaG5P2d2P(A+#!(Kl(|3|&iZvJoMc?OzI z@H)T~7y!WpjT!%S)Bu2gyh0Q}&-2-|hXD{@K>#NxVC*jbI0C62pqQCZB^qegp&aAmMD(E0uu@%>=6J%4>0j1gbVOPH%L4` zoB=nCX1unC5dk5l@*4t#!q98N0EdXfXaElMI0%lw6b1w}8dDeq6X@QaqA5%QO7zH` zqNyJu09lO~&d^B!33&$>2+%pC;LZ;MFhL+8$m4Px1_2m%+13E!$2FI8Od@8>UWtJK;}}!y;();xuhg3(K;6=6*P;e!)c(ioIZ$_p)UWz77Cg~4?<^9f=#y+n_;_xK8*$+ z-tz^VAtknb_Crrc@hL_TCO*aSeFGRj*sOBnmXA%f>~4Zh2i|l#?YZ6I5Kf1E2uE-@9Q54wWHjx%gU-|&y6s{6pw}B59**F&{g;A2tb4b-(_gBUt|8`2%JyfVLFZxK_P84IHD&^{rf~&M~}zj_m^*u zfa9=g*gH8ty_CPm($&8ja#eDZ*r)eE0%#EV!T`t%o+tqgR0%G#(I={fWGchUMWrs& z0O{X?cj6>GChrM~kHBDfkiL2y<0LZPA?RI%!Tlx1^k+Xn@WQQ z&CnTfVE~1iuA~#2=<>5?z9qcM z#c%Ikf~&LZ_vfel-`DKlpD%uUcXs&_oF1RtTzojYygWZW)AdX=!Nt2b{{VNaX-$1b zWda}pmlqe;3UQyX#rkS^0wZFQi1Whu{rPF}sMi{IzyYKq%3;2LdwlilqkwVNvQA_iXgN zkf?W3OZwT52^C*Xa5(j6qOUkbR&-sMt)Yi0(Q}-yI!D0iI1A!pk16$+3` zaV#}_iUSlY4VxDt?i_hZfZ}(&0U^g@A9Jy+lvVjY7Gf#;noAIzgj5pr*mc>jYkZ3g zIY?2w@I&7A>lnIdY_HD4wj9|P9(Kt-BY%LQw|{wdeERmRwea>D>K!A>f@y%95MnGn zLncSDzkqy&Rd0k;Jw;J~@7dhoFTKfc(5GfS>|I63RWwhX{OHqDA>o6TvQ-*;E|d@2^j+sV%{qGh4n|e`0g&6!q-MSxm#?i5Y2Amz&56pEo|C z#&RjpH!N1O3&!gswLW-d9T8)Q77@Ka^@T#g1?U*k`4QL`l|@NDP(osGhl7N%gmHjp z&W`l5DCq`2ga|a5W zY7PI>*(ZwP5C-QVMe!86NU9M@EbWkg{_CmR;QG%-8ahES^{2iI>4pG)z(JyrGbb@$ zc*jW)Tp>3`Ou%`2jm*njC6{-40V7^o|Kh5ZE#O#nDcA(0TnSTAGDV<#m8%g?pv%j# zKXPA}yqhNh^cUA?5%FE4J@Dd+LW-tIaD^zqVQ|0KC@Pr8&V>QWjk&)&4!jm>MJX44h&&;YKQxAHqrx5F`k=bL8FvoKTKzN_XIyH2{|D zQo$adix&<4?IJ?q6*pQrb=U*|=#x(kh=p~3`+c+e?hhlC-pD*&z?2-e`f!gWx^&7U?xAf zm@tt@M6qYjWV2$kfpF4E;GB=|=Ds@zLSTUqA&+mtOc0o%keP#s*~hFn>m%ct%rcpJ zWVm7Nd)i&46({+d8KL?cQ%8lC##d3t$t{*RPCdD^m}&j0l-^P>-bnp6^(Jy2cNoHs z?C;BTCxtLkAXQP}EAT@#ZCVY(Zz-U?XZ0usK3{AAV-9>5GHS$-;utJo=uZ)$91Iq# zP(!_Z3qv>)lP9ZN5DI60I7^8rrHwAYIo?oH0z|bVp)m^*M3eAb`IT4rk7aS?FJAUq zy?(2wJjTPW+a30XqhWV&c+l^4hHcbwhp6iwOhyCb9SjEtUH7neI2m@}f!pqMr(O@a z1NWdiK@c5IDjmZiqGXOSt&6HEuW@a+I-S(JjfSv0>>l(7z0RcDZyyW?us!K@ypDTt z&>NrwggOVq?&$E)J?ISEoj&TjgG0B|Z+GAXb=*NEt`zzKUtj7Xt1D=1JFR{<#n$T{ zdcEo45V~Hs?{@lbx7YDt-|HTDXfPd(M*Y4wY!5nvj@vsNwhz6*#GCfJ{Q>L@MsDx0 z+U1Tt#3loZ>!QnQG({DSaKF{*r3m*BM5DuA|6p)1grn}@@UZ8)-QmO?btZ!e?6ya} z;qOxeBFbpC;tW8@{+F;qvL5gR$-S2vxo(oa$&^5RpM8iq1Ux_DiV@Tb3T|{MZ zg{cV5QHUOTUVAz`@OoY7qW+)@dvG-9j(QXC0QF#d)c4wuajDlk7#{R`2Z!#ccW^N3 z_qqqY?$qs7B6^!lkV}KQh|1yyuXcyV(06-qGJ>#&MlL$&yX|h@n~n~>_Ov(bcMrO5 zr_&qs4-dPC2h%}+g1XQ{{o$Z}06U$b+pm@acQaI50$z;$wWHd*^O1u{^_Mta<7}~OOA=drFE<79#4hNl%*Xte}OyJ>UIOq+h zlg`NNxRZ8oG@bMgM#E{p-SwtZIPfO!q}^{rcQQE`z)GxR>YLvhKId=XW~tUy@P5x<8X!_ zOlMKK5bHs^I~}#*aL|K??E&<EqfH0uvPAy9U#rmQku>2<3{yxaX>* zEC5_i6YaEKK@(Z4DQeY)Yi@Vj61Fov=y}NXro&F(olN@&sN3%z9(FsE;k1pWu#FD7 zgK57%nhxASr_Dr$d)S^1hwW~6G(0${jX~Y5a1QM^KSr+;7<=nd{mzfkj8!bBdkVWI z$u-Ox&`d%vnfUFtyPfu7r>|GE>0pQk!(kg8c+&%qtz3g{2YI6&?7MFFa0!dXJ=AV@4*IBzCew*q2Zy?(Zm6gLPFTcYNs9pq6NkOwRN$VUR^u5sPQ%~Q zqORBt;`~b$xAYhRHx`2N8R|Th4I;hHuvHaLZ zJQ@KwR@>dg>_w5il~#TWZ>43=Ej!`DR#m|ZZu0n{+&y{;xP#;+K-6uuT6--C=bYRB zF#jtMhj76#oKF2u0!N>u_MX{}fXa$rXoEF{d7Mxj_~ETN0Boe8vN?H> zATuamf(fQ`;V)o?2}6Km0j=Q^?ZJfNH-31V?}Z$4ZePwqMtm6F>wOpQ%e;d^tx#<6 zv;PTsZ?%_`Cz{N?t2g|a7YlXB$5PGL7#`$ zGy>0U{0-U2qebe7>u2Cn04LyAO>V$Xg&Z~vAE6O`0-gbf50nyO&oWBF921%<2&Ne1 zU(!h`Q2zxJ9yiaC0>7YO0jS(2QK~}(2~pkG9#5fqG|?xxhyv6KunPlSB8OB2={!Y> z0Z2EZ*(Wm^Kw&n9blw8>P)c2{`_?vP%p6 z#FPNBmB+Vjn0OSN#YP|!QD6YtqobJmHKIhW`koAiG*@6YDW-l9sQvzc7}5hYjb<}k z)}#T^(nN$6vH_hS;Nr!^4_RwW*6VGzv~XSpr~${SlvdE-Z8*mCdZswJXp#uc{-?9+ z#_Xv`b7Wr=1Ttc{#3l7CN71&g2gzA)c&#L1**ZRb!R35mP=Vf z>r%h^p|=v6p!aJ5OjqU7x2$R-ziNmYLQ}3$O$6~4wnmVv)n}!f^Nq|L=Cb5FjYdwh zK&b{2>d={jL5q_>3O+VkjFRdwkygc(FF=Lt32U0w%c?dh*a>uRxu!3o^?2+!lRYX} z8<06p0*|p6K_N}`3RyAb4gp^dykmwVis6&-z>V@HJx6t5Z5)f|4*9b=RcDewR;6-r zDCUWwUFuHxp^F!0?^V}WSwyQCzv z(K;lO2~2#ZgTU4BE^z2m9KQq+_T=A<6dA`Zr50n)U>PEJ-QTE_qd>pXk^_Zag#Az} z$4$BK&ahX#(_x!0ta@AUa10xlGdIFa?B?lEyUU zST~s=B{TtZHspEWO)M=RK!AR<4Cx|kM zD8%EO>D|HyuA=sN)Ke_Urh+&~L;ZDRol%BB2lFYxs^dN=1~HoXO!bwD8CO6d*8){3 z?wS{cGRIOspxB@KOowL79qUCq#VIvZB;**S>Y)r4K_0g`R2$q@STe}>WdW_)Z_L!s zusOv^Xtp_rvDchJKk&nuvYf9kPA`tsAu$bz6}kw|;uyy{wF_$YL7!+04fqtxNUo_A zQR&!Ts6vvro^eoIax-epW}=S3y&5trBSR zb6seu)G7m*mZ%HU4RGRxkors1jAmtU?NYU2qnI`q(pg*v*(hVgXkO2e%$gw?RSEzC z2wI|;>AjxU#35<1qC|Tq)OHy1KoWXt7Tu!z@@*98dGhSjik7u;_hI}_Hs1p0v_{hm zbhdFLLXXX_$h1w&T`blZTXI_k=7ls|yq7@6V!c$Gj4y%So@0{93@Ku5sLfk8&wtYe zVVs5~A`f^dijm6$_R@7>$?C-QKlKyzVX*2 zz>|HZMC|im-`fMSA17gp2;Yn@m#W`lr)JKrbtX?l{Hqesj8?XO2@^WMMfZj#`V1Vi zS-`00!k8a!OI>cp72%XH zQ1TF=H@>MZ6YSm&ZbY<}@tRB28yL^5+T7!NQ}_)hbiyX_4I7V}D8`@eZvuY&z@iAF zs$ri_O;%KtQk}{es40J~h%{KmU2;ZPLwyn>4~5i+0jVBsx!=isQcbw0VQ{rxtoIQl zOZZ-w}@r5 z%6NrwX27#(#WRkg-Y`DVCw7E805o|(Mw8h+P0x=-RF6J~NiA^|#i9|5`U;TPbrC(| zik6;7%_dU;_0JH8$mnkd0pp7!&kydmmV~uvN(IxpkY01Z(KmC1F|A2&A(|*tc`!{z zdGYNge~H4E93G4!0Yc3K6~)1%Z3O4~V3;2hYA}^JD)^R_;;iW!Qm%H7;st6(F;W^9j=_{~e1ud5!+9t|p@%}(NBsC;!wsX^gLWsFf|O9PMazJw z2mwZhxzBh|h}s4AL>2WC3|&bE9(}3KT!^U588dQSxq9i+DvKMF zyAw#5P75RH>`r)=uk`n`)aH}FNfM#>Jwfp}^P$;P+wa2R%>{C% z4Dn1%7Vcih;(W0v00?FJ?d)E+V}UtR;d~mRlF@3r4~H(|$&f%AUtv5k;-?-7n8PKr zyHN;|Xcj}J7`%`&b5A#IHXN%6tOX1c80c?m$wV=ev4zd@T~e+u;-wf%17nkk-t#V9 zDH2#+Pw9?y0#BF6F-jM+9)Ee>A9~!CBXmQtT60&-c`V|DSYCqIVcXOZTsY zXNpq%B-S=jUP(2=GekPw!SJ=OjI}!$6B;G_kgYr@ES>qR za3<7115&f~W1#nFWT_ZU)1=I{`|_wQ&=}lqU}GUbJR>>r;W%D(pY|aDsURd`JEiYU6Q2 z=WK?$GAEA{VyB2+tj5<#sWY#i`^T>9{K(p-sE;*5s%-HpPqR zox;fSh0UCH1M7{Da>dpiA>~so93lC!&IqY?OGe0stGFm*Lr^%QMZ^;Z~V% z*7(3NHQ`C=aq|*9pJT$o+N5fUvsq=l_`(l8^hs21iL-d^JsmymfES+cQbBGfrHaGw zaCB$(YBKF};D}sp0yPa?BJ5;Px4{;Zn|tzGDS(2Old!Pu{H!SZ`%9}tf2yaZ{x28b z2dV$7^#5+ZH_Yn)?a^ST|8L_F`hQky$ZprmAQwL*D5l6;SA#dTO*X^rZO=6Eyq#{o zAO|QuPe%>u#!0;_xZg7cGCClG-{<@-$s*}-2YA{ub-3VA67|ljMg)STWPKw z)=rSz?S_51jsE=(^9w}GYb%PcyAj_}xIAhYE3l0Cs9x7qAPuH7oo|R-ZWZK>W(EOv*Y;r}1 z{rM>7cVtVY0Md98;|c<2-^up&OH1dcf6CT>6$J3;#eens-x-dw>wkOD-QEAWmFEf9 zf5k%8tG^7gW6MSp>`(k~pP$NTf~L#=Apt@W@WZJe`t*LavS2PJMeDlWFDYDt#nf zEN#8kI=R{PX|?><*gaJIuay6t&LAuQd!znN{%_;?YWIH>+pW3#Q$Df3)TT?(GWfM_ zxuis|+;G`>?!KF+O#UyUkgNXk(xC^-{=cl2|Ls9Ld;kBa-|Ow<|27`2|H}h&Q-8*_ zK6!9aEB@keRXx$YjKY>?og$szgA^W>`Yl*>*?cRBgwmBnEiyj>e>Am7V&e{K+_Rjv_&ZFnQ9P16){%oE} zh}GtQ#?&_N9MZOaNnj6aLpcG)tf-jGreA>7l$WHL^SP_%v$jAhy$Oc(^*F~uP0zvF zo`U@K@elSLsNZjYeRpxHe_j3K>gMgm>H9Zl4dGn?;PloZ z^Mv}J>NF{9=FN$H@A)!fK*JOvSC#g(z&!anZX`jhJFwH%d| z`ky%H{W#};4gY_yozed~!_i>3|GSk(>whY(rb;R&Qq4Wo{V%GQ`~G=~TfRwPJKgiV zFY&2x#(!xNe$!9o{MX4@A7=rsnE(C3C>#IL>20Y zihSogv;*y+$ArZDJgFHEf7GO!U`&fF#tJf|1lI|qC9*6F7X=!gMX=qqcU1=&olre*6_o1eY4!4C=o%fpqw>r3_4sCd zdGYsu+`Kuzx;}d+4&LN_5Vc#ESJA1KxZQU3Xs9xEyas!Ec6EJoK7KS@GXcE@&N%XF zaHIAVAK65juwFNC_V??{;Gb` z!3%ZYCev8>H5(#YZZBg506!EtIYoAB7uB~4Bv(nmMtt`K5;TT%&VxRxLaGfYst(Wm zkh3gA9%mhk*buqH#D%uYNM`0I4fH93p?6_?6uPH88Tb}^=mAL8{+|q{%1a|Gn(2rdU&~@Np&Jn5Yx_wQ*|- z&)+@f4KvB72X2+XUBPQ&pf=BH0`7)6jRVqz;H#)fhYTmm0mgBKkE_rlZ)WM^qsm!Y zSQ%9e%4{FbDXIbEM7Vxc&UX2R&AF35Tw7eHY+{*4V`feYS`^gOWVCoo0?7=_6DTTW$Z1M%_Vn|F^fZ|F-j#o&S}Wnr{Ex zuM&ewH)X}tEu&7UxG~az7VEQ8B}s*meE`_JPEGH8%e(huL`gPXp(wNBKlTY$uj@FW$T-CgcOe3x;O%TIsU1fw;(J+bjc^TvQV0u^L0!CRvrgvZ0 zprvu9u#%i9&{Y&oOFF4Lz$t?8V8R+!!(%MJ8jLGxZD`ho#Ew=USuZf1YY;p#&a9Ua z+(gde<2;CBiZ{2%%NZUnr>iWu9$_`JRZE5x^tz-?xw!yH9pbLCbE;@3Z|Gb}I#F&t z$|>`&l5i>Db?K(S7l2qnwf(<=vyddQ&U>qk5a}%-;u-}%R2ONM=M{cW{wW7AQd+Ldr`{p)Kqf}qq`Of_x}cdKL7jMv!lA#towu{ zi0mJ94i3_Jp6i{Sc-Xs;x7R!T(lKU++mQ{|_!fmuQEK${2DdN}>FXR`bC4b~$nreH z6U~x>Gd*7?86Q4N44=r8kWj<_?ufWTpIBD}W!IEq&*N$xBaLG6*HJSJR4X+N3;bHj zhOWtjrkoN`6{Ib5Os--7SNeZ6t3GM`Z?B&}|Jm#9;{UhuJmLAzLP57O`d8QbbDjYe zTS57J9;@6S)o zpRdoidARiIYuTOqC0uCdVQ+nR7pG`;dUz z1jV!|?`-8iB$uT3vd$p|Fh=t3bg#jtr5{QUAmcU=_>&mM_p4M%aoLo?iAKmzjIp@< zga4slhw>6JA*u9haVZyjpI*-;EcX=nIU$L#;9L2(pFcO6&1M5e{s(5kF}>>d-^=dE zGBhm?s<{y4GU2vTP|W)O{JC-Khu)D%(Z&K%sE*5qD(>#Nl)()qL67up-0yPV0q{b? zUK2ZHMiPUU;EBd*#57|;(Xtc#`~v+Yr07?4FSW;DhGU=37f0aiAo>c3WlTrH2@^Jf`m{Mi-P>UjH0sW?&C(|`xoU8 zdP?Pg7|kScpFIA*pUwZ?8MV8+{7+kXRteuQnzdZP2UhHw2xgZ;Fc_hoKa6 zRvl=(HY(2j35rAho|`jxI?Zh8;aI~^g$)~L7T^gCT7=^0IIw+@7VK9%iDTYOdEg>u za6#$9B|eudTG^pUDH3RMzgQ%MzD4m2ffoe>lEz$nzDxJY0(}F2(o#6IU=WDfwugOB zCV3KVi$#d{(Z~BS3NZ9^5=_mab(#~gQ~I7wwrriyPpoYxP-uuh_L%h%`-?qbj9@P1 zbY=5kFs*?~D zmzNjn;E~?%shWdL2C5;Hy9JEz-$x##=!(XWqS?LGXkiHxizFmTgyN-7kmpEx5Q<|s zlX2G3(p7PWM}}lyHTn{U`uBt_OYivgxGzAS4}=kN3Mq6n>ar%-Q@mghD+AO#HES+0 z`UP}dM95q0DJQD%d|o2x{TBNaU4$-@?_)%861!%>7=26-p~jn(MoRyEkwLq42Lq;7 z8?@G|!4w9;1iH7UGQ6a$R9x;foAV1!5r8h<#ETLm?x za(XSGrfs2QE?|O;OwNqWY5~mz7ABN+^$V zXA1lkXm8Zql-QS8n_>`(jm>lmugSOYvV4%C505!A)P8B_W?YlS7Hq~uNU6cUigS#n z5^c8#Ks1}+By?44?7KM2O%OjZD$i`kaDga_wW_j!pKjd1M9n2VrLI)|Z|3SR{;ZJy-C-}6|Fgfl|8YAH53)Pa$6dJc4dk{A`vQYN zWFw>6TqvK!V#!EP>8w%*(;r+FY{-H~;ChY#clx^`UIJi|C5^{Wv>Iu>bmFrrT&%02 znt@YC4=*IeZc#DQp~1_V;U`B!-?l4OHmXl%5sIl3lRlw6yoA&E%k7{*&bUC+TZ6b;QkPIstSul;cXzzP6{Ia@> z;&E+SN+Z&Q?{U#((9jAbks-`{cb$=peeemGqnMwxg`Ni>2+}{zf zBF}-S=2i{y^?igK;6&JS)GM(cWsV4$2yH>s^F|v*=v7Jj^!Y+E zUp+b5Z{k&tnT^+KSul&#SRS|>c+hC_t!M+u_E(sz`6-?<`%mOECmXo^X|?^wzGdvc z!7l!PI}f+>PWfP8A-V|*&_hvx?-wYfUzri8ds)*A)KlO~7=pU-N1B2#ib!e+Y7*>h z!JRGmt=ocnifqgpBu0)|02YwC^EZ}yUX9rnt(c6uA}{H*E!n&kyDbZLJJ#!VEZ48v zYTdfUnzdH5lllN;u*({$U&=t;x^em~8KzHTlzu^jw9pu>#jEm_X@73p_8e~0^enai zv=;y5@t=d?pqsn@cW3`?=Mnaw9_;Vi08DwhrUhv9Q^opYEZE&Fk{Pbi@*Tsd``KA`^4L_^a|Es`vADaPm#rogt zwzKg+qh5D+{&Opjwf^(L-lP)10e+X7fb7}Eyux~U62kHNJ`(8#%q7YAWF%fXA20ja zOQA|?Sx5KH53fY(P4m_Bd>2&um8|mO`NYLb6yLXQ4@k?$`#EifQ|p`6XpHMpWP{Fa zGC^^ODB}H~2sy;l6DReLXbv zuMMK|%_&OX=~Jfv&2jAi2Zs~}W9%I#6!UwDp5*?YemCp?>2~_<-TB|GJZt5DPnm*W zUJPfsq8C8UdY}l+#E*4izSL<-$Txxm6S`p z&SW;0Bz~34?WDd`!1(>K>8R!rEK5W6ORdA7KsKB7c#|sC_BGH9|2;ug z&M1S1`pkfy)-p=S{DMah&9GLYHfF%AM0i{0xM z(EDvEpIhL~RH=se=9LzHc!{FGccGnQ*?4bM@5oBr)7ljng^nDXena=G}W-HAkmdz$ycB4eU5e*zKQ4D9uXrzEztFXv! zrWbbQEn49Cev`dfaEK4-Pz_vu|1;gU^tC-@`oACYJi%MY|I_L9I=SNi$`V^D(|*pTvcFf@Rs}fZ&8&h#HCiZOSsTz8 z$5h{2o`J`GpY@r6mCm!o(p9rEM=-KZ3f}D2 zi(&yBp%_vew`dH})W6NCY-I(Fq=gw7kwN3tS}@9`Nh7C5%6YGEV$eVeJ0SBz`=3sX z8*W$P{zCDX|Ec){aZ20XvwL7(Dq2dGRoz%gi|14S6Y}2ro)@4y7>nh=$quz_MqJDA zbGAlWR^GeEthrAwbFfW8oNLzZDr=NO$p_QsYTB3Cz65+K|2Ln_xw2Uj=1?^DyWH4w zz+MKi%&^qMN#pbA)+-jt?7%K6#xyfdi^3sVJY;kh^#*29H71M44o5i>r6aLUn+Dm9 zi#p7;tAHc+*xQBm!djiG30KU^1<*86*cg>gvg#H|QELS^K|jpNsO+s0N2AobOB{=) zp0?7tXlso-2V;&hU*PIAO)-7>M9~ejtf!fKP50$(1x<0KYI<>zy7H#QFTE+LEbnw} z-lF@ax~#PsWp8WE1jRc_$51S5$3nz7p(t*lkjD3N*Vu9kr60^7mOC^d$W3D8tk;Y& zTV*rm{QYLGnp>rR@p{>}nQQ5as^lkt(Mk!AQFBsdmPCGa@CR)m>q|q@8-)RA0{&CE z5cL(qW@TQ(z86cB&Rk}kS)_z9VoE!QaseTh-MwNjsU`fCb21>SdrJeOulcHKPcqQ{ zgcn)EsTjQsg{-!9n>JA`O16q9m-h{)1D*mcl`A>YXH7tp>blQ)t;3%JvDh1p@=b~p z6f^l*Z8hYN4)N=t8EyGQ%zjJ*vv@Jb_Z(2v@XCso`CQPyGUAXX4G1St)m3SQj;ZH+ ziZKeQ*h-r$MT0YgQLcb3iZ%@L8Z!S8CqeG6@bU?sB2YG$=afb%k4KQsNj9aUXr;x! z73VS~se`4+3sG1nl5T|pZv%G}6xI?X7ma1VXK;Cy?r5o3+7S^JVP)cFROY`e7e*mw znbeqU02sm20bsw1MS>!{4ocGt?l?wM|C1vsU+W8r(q{tQTNHXnnT|+ov#(8URM8|y z1QDX2uL?kzEGFufQ%(n~ZiQ91+c0|MQ?~!Jsk2*VaZ)SlwCd) z@aM>f@@IR>?7t9EHipNPLU+DEAw6Zfv(K1kZM$$){+E7lm^uH`?e=%}-&P)O>%9|$ z4bssD>2PntGOXaHFMCUHWzVZ`4qjQc&TYagfrvYPMSbzNs_Ludv7UijIRqOqd<%@z z+XK>aL%-#Q?$kOM{;nLG$C$5=*RV6H)VFJ$Zb-A+3O%-9cdB`mVI?`G{s2V#&i`CG z#)|cS%!2`*H2+JdH)v<`zm59sUH-SNJUssYCo9U|SeL}`OJ8fP@O{ZQB8cQ^g7_`g zTr-s4s=Jwh{yfOkKzdMEzeU12!TnZ+FLXpVKPdSq@_d>4$965XK|pvwl$}MXe5_ru z=8;ExrR%(C2zQZoCG^=H>a|ss2zysX3i3?Umhm-(z(f9I#9u+dJx-INma}0|{LH2e zzfkWNgt3b|b-)OxF!ILOV{p_sl^#20<1$Ao?(2dJ4^>1N@60P4ZvTm?=N{DZuV+`InaKdvR7TVnAO38YjkybXh)iO|y!83ARC% zHiSO8D6(RQ#G9f(%Zf@o&a$;SvT~g_Hpb#KM0!X|OUga)0)&_f`eaX7_)~!6!g?)Z zu5%b=Mb17&j4$|7n+4BVAUh^GI5sUA^{cTl1Gx$$l3p3Bq5Pr3*~_kxF56VAK+vQ` z4ol->T~tkY55V^U{9~#D^*G0{D*$0}}NGASem}92eK(s#W&1x7_TJ*q=Q$;w`2N@4sF%zCG#u{ozi#DO zv7HlPZz0&=Y4&nb_-k(Dq!l-_iz5>RZesr?MXk=}O0pQSMmA&pl7hXF zqD>r9wS$vaNOwCmU-eGSFq@!2ZW4HJ#p-jG-p^3Q6#71f0-vq78$=!tYdtBrN_K&$fCrwdx>)zSy88ed8$ z%nwO{UYIZRq`INiT&aF&$*nRSF^~CbJ+Wvcce-K;eRleytuM}EoJ9FdLyRR~g6I5e znrf&eO50BB3eIivC^ailjLzkf$}f>$%xJ2`3*}R7=*(gD4uzG&hn~kH`eCq{mI{8V zj7?qv71QP)Ku@Ntn|+bwWp#>QOEsLQ!vgETr zwffWFM@EKKh5Q4DR^p`o)p>b0M$h|IU%$W8 z|F-gQUGMUzga%~tW2{0oA03`@Y@^!wm?b0(Yeeo$O-_T zr~=^5_YlA_2r+HxjJl#<+}_T>C5gC1OB7MR>{7Ko%HqHgfeGc;|8ffDF8XJ3 z6U8Bn?}2k7h;fMn2R{VcgdI&~AZD41;bdEq?Vw&m;m{>dec)e!0FLU#5)E zc-SSwzkk6ih97gmZ~@-yUN8K6?aPIW_~h|d3zxOOnTv(9Ud?aqQsJ!iHG>r0!F!dQ z$`5C$^#y}y4!hPcg~*&n&g;wZiI^;Vxo_!2%742)DgX55s_fJIQ(a4s^c4C*dY$h( zOaWy4?t4H;Sw6jA{6O{`1Js_WgX!o!VZN!>O07lB!z*n#Q%L_Qg7s?JYq>RP+ZSDa zg_kf!Fh(K0MAMQy1nKuQl58dnIrC<%(&_BTz`it|N;AE#{906YfLIiDNzMB)`k44J z^3n;X(Gp9ePtr0>XZv9(F3L@(m7YF(pk+r5+K!Y}O$ndM`t2FM7+{=3Cdg$Yn7i;! zy%ZZ;W~tK4?uz|9B?7cU5E|0Xya|tYLcrBO3vY4F6fO<1D+{=-b2Xn4$k$YtwkaMq z%eRbgmHeyORFb!XTjlCj&aL{YyMlGTlJ|7Q0xw<>6Y-1XDq2kM{%hIy%iSS=Hn*#G zKuf%>h&%PC;05|vy4YGADa;RkBq`+t`O^*vEntmd33r!si}7a-`>)LY7q?1o#sRSE z{7-k7z5i|4?(FRUtvuXPx#EMpi5+0UHeYrRSh8;AE^u0=&OUHjn(~V@Suyrk{=28| zr{fpX<-QwIPN6L%nOzdRxQIlY_FlaWU`6+hg(2#bmkch?aCr0zI2RH8m>?%}=7pn6H3ipPl9RB^&M+Bj;kS1%Cl&Xq*JWmC^ZHt$5hIMX|{J{%@i# zK(L$4wO0 zep0;%d_psFB_{)f*_qz&S6f1H9B4pVu2dw=@|@^K@pMaRGVG(!O>5tx`{LSB>@Oij zx9GmO@Z(8_nO8&#Yn^`{C@=qNH^gJ=4OT$=;bAK304GZ-8$zFn(sA zd;;buMu1`fJr6(-qB{_<^^GrhwSpIS&!eAm{a^S%H(>x&>;Ii@zdg$8|D921r~hx` zk@~;zUvI93-2<)mLYNGCDfT1p{2(Z~5L)$AK&csBsr$6?Lq25bD&0CK?^BIq z<%t@J;I+~{8&cq&hdu>M82fM%AYuyE=W|GYxxOA>sofGY8>%jV2`&GQ301e36@8CX z-WQ#O#^|_oVMQ`+%S(Cde})WVx29>kU3keB3R#!3sR6~x`GPM~qFfYXid`I-+lx-R zRP6z0PHAMMgwPtkMIf0)w00^>y_Lo)J99}#zIn#5QZI^IRUa!GEm^!Xd(}Eh{p#oW*h$sV{l5YA9&mr%e){`-3_OeokIaiva1U_E_b(&tshv)P z*JKD^s@W;7x6m_BqRGwEG4_Dup$TMj8HdtHmg$OK$lHqGgrHCu(LUW%ZRZ$KBr*Cw z1cy~x_L@12);PVP+@)$G(B^7|r8(XPAe3!_^$|zyh#U z+}~l3@9#bc?@(9XD$ceB{s6p@1>lR|{y-K-M)i&3z1|sZGtTc3$Vh=wkY;}6>X);P zveeGlNW5ZkW?54wu#^oe_=K6ppumM|S1EMnR%V@jIu)oO!>YDGZ0#qPJRqypmJh;O zjQ%_!=qiwLxt5JCp_OM{(KRz#xqknux_E)XAV$9gaFwf0rIF?JHZvF7ITl$Tou|O$ z`@X~BG0zJBzdY~tr1^il{ZaP*htZ(3^Z#$Q2dttxW>0AG_pouu;4T{b|VzoDJ!beN363op~?JIDIl`W8`bBS{47>?q%bDM}uB}xBhSAskgp7 z=^apZ8*AqOw<~7?Q@?!ve;d6zr-khrUnu{7!I0$7ZWa`J%KZO!b7lGeuPnJ$qMsCC zzEVXg9LYb$k-~avNjcx{^8f#-?u#kH|=L#|5`c?Hh#FSd^Nel@oj*iXEy%<2ENCY4^7l6LS}Vr7)2z_ z=4cRN=fc~$@V+`1o)u`b)-<__P*Do%Iy;E=nI&5te?o<@_O5qX&|hZfQ!0n4wC4C5 zliYA=te(pe_O5t*PvM-d42!HE9Ql~w%lfTE*xN!YPe0zdd7TdE)?^}k0&6p_-x)p7|RgUk7koMjx5v5jjokd_xRwpBB*s&^PN}W>wR+e zzjVj#-=J`LnndVij@;WP-T&(hySe?pes{F9|F`i78=s9aI186NgWG8m1w75cgWUjv zhg!^Xhkl6SmdQ)&_ym9>E`D;rbMXgoZqdC1p5LPTJ&{)Z3Ec%L{ws19ujsE~6>jF# zupk91A^$W$Pn~8>zjK639n$Wx?LTu=n@-?#$cBy_ydfPjVx}v#rXy*bwQ3L@^ z#$A4lL!SHLgFKQ9{`mv>7w|*zFO7XM1X%4HvOy@U$B%jY1i&Ch(7RU$3K9!EZ*T;Jwx?q_5fCRZo?9=-bA;?=MAFl0Be$w?} zjJ;JWL;a3zbdeBw1~_Cc*9Fn${%r1mHgE!b=YY0wxC@~6ee@*V!p-KMP@kGb`>feS z5J0A(nCdJYJ^?ayL#x%wpIcTZa?JD&<^l6_K4>wA1JgVJ`J><(Qf9;204PBohaTr# zepFp{!+>X<5Ges#=&7;H-z=SSsT~SVb`&0>Na+ybwEyW5aWF}!>W<1XU(_4RwIa)H z2;u7E?P_!+Tsy?d=0e88X$q0&)@iLACMq+?2erwaV<3G~3`d@F9)Bi@p!A}3%#$%oTY4U6{YSek!nGGm( z8%m@jrgfE~W*^3>t^2JA1X$gbO{s3OkjNLr3&=lhu~C#)%Wx4}=UDUF4=Bouv`7d& zMJPJK(Y^EnWb{7e+6JwB@**j$fd#kOMZ|HQg_bVo1i&d`Z$RhYePK)7(B)kIH4IFw7&QP z5|S(s0Zu~n#Y9dvhnBf^s$q6?C+&ECt+84LK!~##n0bxv5D<8n6PT4qh#$_ZJCn4P zsi7YS1T**{5*C`vm+>i%!6FH$9|fwik3`PVm%wNA*UlpxB9&Q6v-who+t{Sgnd>~A zxXvrGlQf`a&NPXzSHPzB_X?f7bl!4QvK6>=rx~UsHjlB9=iG(ELYt~K8z{1r+6fO+ zmb8aLC71I3{0=W_7?-!TsNu9+>IQR&_yQw*6Rr&<0jVCsb=lnM!Cwtgn$NxEoOoEhHYG z9u^_9QxU6FM0?o3keWzL+4UrExm=yau6iFM`?@O7?>3@Mg*}tLgjdk|+aVLOQ>3`i$Hvj*q*JcK69#R6*>Q4S z@x~fB+sDDz!MozP`Ic}W$9RG093|v33D8+;z-GD;ayA9slC--xU|kG}zGh5pwab+Y@v!`^5Y|Gkw* zxb;LR9|6-Obj8^!CLv}hL@}hyv=+BmD-W3wGDtJI7Ec)KtdJntyilP|f-Pl6i$iJ2 zOTGhqhhlyjB?(ESIKnhe*#X^DT}=|aa6gd9)o9^zshvNg=^)&GV@=hvDB^_ z00GUq^xF2)g(4SIQHfl*m{}opZZ&@(PNu#nR2~%_ZgL<#df}r6;iDH?1CaKt#d=n8 zLaJaK_CUb}<9~n{MFIQE`F|bY+&B;Evplblh&gv^_i|~R_Ag?#mL9Q!MBx<37ZTxjhc457z&YiPBsmYjUz>kz@yJZp9WX%v zQn0{;vH{SwNGpSFW)QL?auOq^25~YAnZ@v2N|gu_5#l?!Pxl1G5!W?`j{jZ4pZkX9~a=CMq14ux8r*clU(%*o$q0<>Q`7yL3AW_lsX(yf@ z{Z!2VBo2tUYW`{W|JwawF8;qe*vrgWwFViHU9~Uw=(~G{oMNB?G1PHe;ZHz`A^j1&*!H%8ABp6@ykEe z7b8diGL8Hz(irSC*b_*6w+RzE*Rz|onWm(a`HR_0IjJEbcQ}?3z((UcoT^Xq6wiNt zzxV=1`!}g0^5H^YmH(&P&&7Xthr9d_TY1#}j~H+8Ars8_u&8g%Kb9YRRo2=}Sa;<$ zU1tga5^<{pgf$;;0P*bxM5!BPZ8xmEXS*0nw~XkpX%9xsO8_-@oLU2xgdqfBvxi zmm}J}nC4qt>Ae5aGvxbz%H+RD?XrIZ0wLi{dP0o|7kF9b!YqYN!s z4T>dK3%(bN*$Po!1f-ciz_tRF@^xe-d3?7_#te%kkuHe%93q0(_vw8c~QsyqSctY&GH9bghq07XYh(+U&t6orpm{#+ zda&)(+m9KKmGt*1T8QMyVzQbi6O@3J2Zr{FhM@_bds0m*N-ZQBC`shYE2?_@hj9v| zYnPW98hC%jpij%M) zsk&Jvr%igfJ;WS67>nJO%ll08B|KZkSS$LZhC{&K_;_$3CNC8!85`a24Gof9j$UL= z`P4jzmYyk0lYJMWky|oTwOk(0ThqC2E0w9Llj@!dmU?lN)sOf{E?erm_+t#|ya0E- zi@j2F$b9?3{{*8=(w5YoxwY?ypZ^%fSQF|@)#4(pb+*TQ~5|;;CvdT&|uCPp(B8ma}HU1G=!s>DE+jcb2&}ZPrXL8w$fdsnu>lYPK7A6-VH0 zBMPpD{rAQvk2?XjD*mfK8fNXkVS8u)ZRN??e{VJx`z2ZDd$IpSU!Eoy0EI=N0DLH# z`K@+VJgfAtz!> z+2|6$Y~m&MJrMc<;Q3BaY+OE&Iy8*X1T7dfPPWgf@D_WcboQEcqMx^MT z3QdxWh@Y@*z58%}dVYL!ay-5=!DMb3)`BEkTw`rC`>Jl$0`wKZJcOdNj|mJc$UHXc zedvEQ-|nqA_gLU9EW+tW+i94D{>KE#AhoKvr~*WahQ*ZwqK*m$fy3(2-=kJjdW64&h>AX+P_vb_AI~fc;bK zWi2KgL9V=Wo$sZ`c){=Qs51TZw9j7J?!v%Lm=t`-%~g9ATAV5jqafAu_=oHN$tr`I zfY<+H-bh-D>h9rsCO`m zL#+y%-rEB&&__1Zw4xAbX9Os3ysAfeW|P8P^N08I)$1515x*+Qt7U>ltu>312U#>RSGaz{IB>XUdT%f5 z$*xajDN|1`&p(`9GSPbc)A^h8>+`cKL3SlSD;65*!ZzZp?-(il5L}%czd6fTeQB^r zW-`wLJb?jlvQ)MgjJ108;r#0Sr#ELer)M9|PgIW_rZ72mRsf(c7K@WGWVRk8LZM_# z#AmWEZdrTL1~>*Yo+3Ejd&%F$h|fQO!ev$^cz<yVIW>#Uc4XQJRVFTgc2sh znErglSSm));}hxP5_lMiMA?$}_~m|p3{y*lFfB;l3H zvl&;A#YW$SKPc0qO~-|C@E77Zk#^Ul2Cckf^XL_Dcu5n1+^xSBs`d(?A-&2T=C1Ou z6zhKmG^-8W6?rgfMXg*+O)suUjs z-j5H&h{D-sP@!=4P#mHp2*f>kW$s2j)J|H~0nYjK9j40akc*{*e!GkaVuW|otdo;?f|DDcm|7R;`{%H-C-|x|Nk!jXFHFj|M9`zVD>)_@4Ha`WKW(Z`jen|>AUD1T%ecw zSE_mC_sn?#+Xj!YCp;o;pu*+O zeksa?IHibB^x+PsaLKMkvA@vn)lAPah>vB_&7oa>1U<#U1Z`^yl5HbN&X?j(gJJDa z5mF_K)^k0%iupE2(iO~Wqpr}gxYwjzEe0-uS;fH?7wayT^Kyot%Udydf|PJ_1#PP` z&lI1VDLL1;lE1A^7jk(Srx&vMX8Tm{RGwyzk`a{a2^*|p2F&AHFn4vKF@wYAO>Xr0 z7bAMgD8L)fLoGVYX*X0vu1t|v-~~U`X}?WRKINM&J9|alXdGjTT^yMH3hG8>?h31V zBuR5%sp12jmf4L;qL-J?QU>awq7M~lgo*?3mc zRO~8Sloti;!QiD-OA!ua!dJ_Qbc?q{sN*5ZA}Pbc$pJ5Jhn65Fqx?mqX;wL2!AfjgB+*Ko5&uXm5-1e5LRFy_{eHdwGk7=6s3i}<;T-07D7ytH*#c1x z0&2d4C3?W0=4j&Q5s`@RsnJf(YezXC3j?6xurSaljK(HCa1HZZv_pZx&uJV5Q65vH zRnl>A7satwi}vOnJyrY+0-TcqfsY|(rX3Pkq_!AtQ6o3_*`K5_+#)OQ9!;4ku@Byz zTvF73e|gDB4xL6qoiJH1$#il9vmTF+IfkUXG6WRG8z@?07#_!%x{*VM6*jvn`sdT@ z7CN>R&iTbV;17p{%~png3;0+T;az6A)(JWSC}vHc<;*&I4C53t=3EXRGdoi!mPj4b zj2ta!IOHt*w-%XxsHax`XNU41%cKFTv;WxLHT*w!wh#8#`M*~3i2Pr|5bakVM?rgO zz=Zg0uA)V(=jjnJm(Xsv+E_xbk@BU{UlQe!A4mU&MlfP_uj6AOyBRXM_SEkZt z=j=P83lTM_02}xTIfq4igh3-mT#WqC9p0{Mh0IZqa1Czb*m7clUBOS&h_EU-h@p>j zim^2yTWl)s%~hdHk~-}ymQ;bN!_q<K^J%J^flvVN3|kOQt0Gh_qbvo?aLaImR zR|lZ0GaA$|!pL(c5ObxwYhn_?Nf|c})j|Sm5G#}sy8c^Wzs3Ky*sfwA%N=Va6m>Wj z=pMshE+Y@Mz2Zkr{KAb$Wm+`_tf7Crq3&%Aa2dN8DcoX7$t@4oe_SEb?TPubFr1TbPYt z0ipQpYOlm`g65ej_~eMG?q0&!zrTh7N{P; zQkX?36u%wuRs_pSkUw~f`=IGCz|lW)F-i=4VnxU*JXs{Ua%^Eq|l5 z_6%1IW4`6WG#xQ5ML?_yp}Cpd`TFvA z88ED6+O=?(zIQUlI@Xp!grqnkuo){+{8Z`PD4mLck5X?I9S zMNQI27w=ztl_9_r0PY~!ibfol8?f^&nqjEeOAn>+YuQ&6m^+Nji%v)j{P5f`{a}OD z0E|9jhGhrxa)X#I6wPb?02s=8*5iV=-lCnQ+-!6DW&)lYqn!MoP z*U3m-{(c1L<=RodpTQCQygi`J^|SuVz2DIEtiN3ta`k@(Z%^NrRyaSu{A1^(T7e=l zf|L)SV`zBn0N@3Lz3~3;=HQ?I?7iRa{_Vq8`tSQe_irD5?rf5`{U`xvNe)MJYr|0w zY7|3kF( znm{&6Mg7aD|1Rpkj{0w-{y!pFHX?;}l%oXP+>O4OAK;+WKKpV=gX~-%&P|=GG zGr-2O-7$J(H_+fLs50L%XI{>4$E}4pQCE#Q4weOuDy7Ss#of%w&F+v(rm(__|fN0Zv}$ToGFOmR1xv5#q`bQJ561{f;{WT$9@kbDfw;TFJ>a zL~)GnNV7wfP5d0Y!<*529~K3L>|n5}9LDT7b6ie;Yvt+_cfbL=>6G(V0 z)V>E0%fX{D=HF4e6EbH?^l>JsmW3u4g@4B|bC)DvWHA~&-(8O7%OC}v(b4Tn?jY(9 z56^sZ1YTy*EQ;X>o)RISienatvV!z>T)YmgYQ-mdQ4fOvP14H@4WpRaQj#Oos-zcV zrm5=f1`CW*S=@Vr0zV!joO`TlEPji|YZ^`2|G>0s2>jH)iQ*`aAiYW{bWK6Arivmx zA{S5?ei$B^>~(D=0J;?y7+*A>b{f>C_5>|zOy0l0e?v|cCc6lG+x34`UwyEpa+r}`xy8M@G*`?L_%ak>XH!6 z1+(DQL{oiy!^~V78ULLf4HbsJcxwlmfkqF)DoAF^$G?2f-v7jdN0PnlhwlL=Ucy@P|3fz=SmB@FzDE zJc9M|_}`ShGPOK2U8$nr?bPkKEm?UI-u4Yy&3P{DS>H!V{y{fprKb@gcdCYi_0Pa` zK10{m@zc^Q7n*Fx#S&>)uF?%v@tU66#MvJwr=9?7 z9tWZ|-2{ri^h`|47J0=Ht1oTO4?~GdIjc`WzC}3K(nk_8Gn*zwipdCr8yNUg42dvG zWX>FcV2th(3V>1T8#qK61o$q>gK?CMNEtst`50zkiebhg_Pv2Qrjw&bQzT;8$!`~b zo`b+oNl8~S-Eu}3nC57%W4cti7GeJ;hSvut3uYv*q7ORsd5-r+=oTk`v)%;2+y-E=!&pX{#I7GK7B_M#?D#i^}KanUHo}|dNp62m&Yd`Fa9{ax;lGVvcp^7 z;w2n4t?GptvLx>)hZ7e!thZgy8snI%_9(p8_msjXlm58P2;|P7C^R#{p}lt-+?auo zdkb0DkOnZ>>5V(c+Nf*m{Z(IJK`)m7;)jWFs-(s@cxjIw; z{t%aiT7TNU9#luakTfR{V}ArM{e0{J&nsSt)!!r13Q)dRj7DZcRu5ZhbocI8WXAuUyYB90H=o z{&RnSV4eR5hr8?Ze-)2*{wtH+Viq_B>JPyLX#HuM37DanZ8n!<^hSU}cnz}|%+5v$ z%3x@@?x18CjV6BT0T06S9mjL2-&7qQb77|O83nP-7#|P`xs^cq;5@Q!Z4jM zr%xy4Kcthh({b4=KzOQ`bBTpk$r7<#MYP5Cbj`NtL^?ai?X_6{x(+uPWvl6nws>C# zz_z+_y_?$-i!W?-Rup6kF#VqiyGfRf>0M;-fD)2NSE$0X%TGP|rG$%jg2U4rCoukg z9#E|P45j`^$cZilivli*K-FnGdRC!PSj7@BajP*3a}HnuqKRZyHj1VpfR0v0 zCmJpt({M$A6Q(kAbzD@^F14Va%+p{+R5Q`|$GW>^`;?7OI4M5g1RC-Xntp@$2A|k@P+^2T%sf23%03e zzirIR7W^RnD&m+{+4G77j*cWs>TyV!3#AFyfs(lSjhb4Lo3Ody2Db3R3z!>oVG-PWgCGUA2KxaUp+LPRYTCs1`w4qipiC0m|(%%H>6j=)#712Yre*ty@bt7wP^IHIW(jI}#5W9x zxSpaA_Z2G^1|YBF>KQ3?skCMZjVNnStw&97 zniZTNTe2t_qQ;w3@B@AN68C?a*(7p~3+d7n$>fDTtm^s^ajxc?6N80ZPthDxbjkuizHmTUK5hqEDu(rxsp$47qAE5~@`* znytGcGWc&Dlb#w?{XOArD*15AewPnqVO6Ff*x=Tvum;mcbe^6ma5(MT6E)Ff^x|ufUjT}WjJ?uW4g3&1zmN!(#g*y z$TcSDO(<_P1W}Ip0cq-h8=i&EWmbZjN%6^a6`?2zQ6Z$-ugSgoW%*!~r6cE1c(RB} zw5Vz^9_4>2cJ&r_tEEG!UQp?xlAK)aa$1*Vlo8@E{RA+oMFmR@B7Nfm_G85vs=5EA zDJ{BjG=#x@5W_A{mDK+TKf|EueQ=Ha*Y@t-wsHTvyMMU9zW-gtquu|KNd;_*+qwF! z$*fgzyCd>yZLmMS+sk0Rhi%;ki|bz6cUpk|*{#gnNig({gK56_frKOdg@buP6WoxF zeV|?r%4F!|@ZsSZDMjP;v#LdulqRc$S86A4{N9g4n^*BHO8-Y$+8+Ji-!=d9*l}jE01O}u3q)#>UU)5RD#?3s)0-@sM zGF@{vETq{RmR6VjyV7pBj;92@{t^QywCiaZpS z9Ah=n4U2sw$J|UD)6ih)Tc2F(r;TS({!dDD4LHDB`Tx+=|Lz@Zulc`~Ji7m{nAEir zU~wK$>E@563CM%ixWLC!1jw;pYXcfSPWm6hlx&A2h#>BN4B{xb9iu6RXUV^qQOA6a zpf&V=@8H0c|9AHG*YtlS4-YB!PNnQ%1QVFi*z!JMenV<}iSZrEmlI6`$GsQ}{xcc^5xrR{ru*rccIGobi^zA~ zvYeWMB-}#2uxsiTV1o>X*aN*Q7(*Y!o@q%Q-lQ3vMQF<0H4(aIYD5*a-{8;XL3x3ttWDrH?6gWFn8_bnKr`Ct!czFy+i3@G}Txm)OwbEkN;=p`()! zgfPhN(_G8eCJZ{1G1164$K*NKjFJ$3Rtxq*cGAm!bj5P>I^Zj~IoJzfU>bDjZILl+ z+8m0*xmz^MdoDAWlCh#-)HM~}{6>UabwSO#Kh4ZFq_nKNZlEl;0UZ5xduP{^z}50Z zqEpHesqv`a|7q4wi{sR+G|ggXoui*-|Noz6)bP}?!-_wD$1tO-R}6B|N@YF51Kjvp z9O{jKg*SnU4EcQ&j9DL;39Q-!G5*|F6Qc=~Ms^6Ot&*Lv1uz1Bnqn}eIntS@NxDVT z5^@&}ZT%KTx~`58kibi0Kccq%d^WiB>~;^R0mA~hE(@x7b14=vg-PdT8T81|Q!fTF z19P&37Sk` zlC#8^Y3$$Aa~8#ru-O61G9sg}oO^kcj5=(E@)Pce+SEOR)B%{qY(1wMAnGIXj1VMh zh+$JU#tZXh!SrZi4T?{{Nd=uYWd#?l6o`@$e@`ZXzMEz-dqu{RzMoktVTyZqex#`~6#hGdVPuEM zV7dyaTPWR#S_=%82R7{8SL{DK2aT$r7g*h)>^4TeZ6K~(%lrf01L}B?!T@+t66I1E zf}Kg=m3>}TP4!MKvs8D3>gkYxM+c+JM!vMy^Je)G<1-<`P$&4|$A;sv=B`v*vFP-vGUN|FgN^4<;d>ux8ZnBqmL`yZ`r)Up;lz=# zXm!dqGKi;fUY=%A?#m<{nd4rP9Z|rvJk{%$kEpujmQT{rQY&WTDJ+@hyFE!q?JSyR zf~b>a?OMV)%i7D5S3Qd+{s;IUqOuM{Z# zcH`qQ_~n-9WZ;Qf2hO@OzdkBSFAd;tIb z-((C>mNUdo-kg0r{{7u=&#l7$^Nf!dDf{N^kJIOLq}Xe+jAGzzkoUY~i1;vM5T_`? z@cG83LTkvfL(?2|G1vt=;GfDTHe^8@X>S4Oj%63fO7qOmY0<-rE9-L_B_sKw!~cqg z;63m*1d1Mb{v3Fh7w4}%@Bw`N>iGEP;`rs+`D<`RkOUD1gaS*=w4eKg+C>SNzzNFk zJ@Daw$d^R6Oh=CIX1)aJ>=n%zA6P?I^lJ#iEkff+dxVe{1k+DKW>`o*P5dY+Y#=sq zM=k_FFJ9(rnj9sp1ZlU|>w)VSLaH(xq6};g$i`Ay005KkV0*w{3?s2364vzT#jAy= zwG>q6qu0FJnqpImok5JIS-=Ws@Y59HoL3Ce=@Hl-Oz01`fRDib;BE8_fH;~&TDiT! zz$p3G*O536-X33_9l!i_B_{%(-ug2^Aa!+d@or^DLnU@X)sP{S7iYwy9|x3Lb37*Z z_*3kMlPCe*DYe7uj=ha9>I6P`pqnc1wDEiJC}owz_P_tT4UjnZ^C|ux4l_iYr0lds zNQBm8PC~+}tqI8r3CYFz>x)$p5;naJ2nk2(2V>|H~`$hldq# zdg|8x?c(j}^FE7dP5C@pIlSp*)8vF9viVPX5&KWCrkf=lXFPC2+lESFvSJ-khEM|JZ!!kQbG@cpaVci?UWbFm9Rx0`1X#Lu@uw~Ny#gcrJV>+lCVI}*js8}G9~DIJCY35dOxmW zKVDzFxmwBjNtQwV;YrasxwtyL){jl9lqdh3pbTPqTJplD=f}UkIi+fe)AM&{C&%y3 zF3w9TpV9?*JS8%B9t9%EvxIg0^6lCA$KS6{ug;I(o|XWS)^S$FRY?uyLrInFQdD?+ z!p1cuXj}5ONQ2^2`w&}$ZH9wZ$HTPPE<4c$`r>UzyL5ffevn`NAOtF@)fIsu2 zn9cINQ`BO>-tmf|5cyET3@UXrA0E2do!F}B=wpP*!oCOH-)Y_fN+Ta0KsTg6!$N)p z-LV6bDQ)fRETB3~jQ6{`C>w(ddkiifZwydtV}R<%KykRP`lVJkiR8C7^ecH9*ne_8 zzCVzaXG&)UEBVhJALWMHum^Z z+>xJ-W0<(paD&F_LIbC5kP`!aIZl|K^6g2?l(9G0J?Dn z6t=e)1|`V)rnZ&8ACE@!47J@Eou?uzCO4Swrzn?#cunV1`Y^KDZRiha`cf9b&RkBA ziY2hT52eYjx8*=NhiS~W@tyn;o+k1?Gevkb`G0?Z z&&>b7eYihZ%m1r*zDxO^+rU)H|4v7^CFOt3gy(yg|21TPaQUA*=CvdLb6_i#|6A#R z4ey)C|El?8wfs+wy_^aFr=ZIrSBh-CWl$V#*R_oYcMmSXU4n(d-CctPx8Tm;BtRg+ zU4uh#cL?ro!QI_q`km{3>ihRq^>j_mkEyAi>a+K`_OaIfPQUNcYE&hm6WpqWCe;1G z+@BU7y&rCtPHi?IF0X`W(!v2B`Xa3Q6)O0-a=3?CL@*X@v`588aim9Rtbf<^T}(Li zl!>^vi7ST&{j5GbWSy9E>3APIJ-UnVr^o;qvi@5%%#(`6Me5u-b!qFNSK)7F+T&`j z6pq56kqGrp21x^Ef1RPS2G{dibB3HA!oMn^iblVdN^6ZlK}*YGkOB&iXhrbd6{zXq zUg^o%IRI!&Kk!Qg^z`zWk0uGcZ3LH9J$j9Q?JkNbp*c^KVCNF6*Zi3U)1N#gp_hSv zxNTyzU#JDnuBGbYn`vH6R3&Sayl-G>E~1uK3$k<#<7Ok^4$D+4BygRID$F&N&ago? z5$`aNF;!cM$HuqucPC83ap-QeE2hwEg;JZ*)KJ;o=H3-b<1^9I~2pD9X zNHzoPZvb*KbR`J*;L>y)sM>y_cmnS$X!k&bC92s5-&iO#3&%iAvlK5?5*ZK2vONny z&BrX{j!N~j(&n1q5bey^iESV@d|sUU-^OQ+T-;`U_czl2>g{VVzCV180 z^!{{K^EMj79g7WX;y(#@5(t%3$>{1Z7CXNcuyK!M+AC3Qsd0MYs=p!R!EQ-@0!>y) zJh3mkJHEgA9c|utOnkktY%63i>NdMlQ%7pmn!CFZmEw5~=0wrNr}qI0C?iPz5^vM@ zb}jA$tE-^7r>?WUzP>CzpeZU6_m`&VMlRZJ7)Qd3YDG?V*uLBoLws|RCB#DO&krSV zJ6*&wD=O8FRCz$MF*#?2HKEGBt{N_nG39G!!i|t<+uS#_8)PCkcXC-+R{14e81Jnl zE?(&%U6#9SJOUw%81iPhZ9g&0XX21LMQpR6VkW^QQ{)iaY14B2-M5@xY$3Nmhx!933Z{$5_*|9QD2p~)UhYu91z@U`IFjI z8iLaGlf`L9(^0v^N*(G6FvyFkU<(KNIi`Fu`OkRk$t^_4w=R4vYy0^fw4}{_8$ctM zq~6~+Cfr{QmTizfXl4TY7KQ1ZNZOa4@D66_j7x7jvgN`=9X!Dx=g=-9HanCT#lZnp z%XfP6d*LFBNiI*Q=I+)Kj;RWpk)kg^`T1*cyFO6x*uqGw#sHjQVUE9=L`I&xny~oP z-bM4g zovjyR0k7tJz+||Oi8jNTih=Bv`oND#wA)Co!<<|`BKP{XN@(5 zKHpKo%BNV5KiXDiMOMBFhf-}h6!Eu+D?({8uW+nXw?%d7sCn4SCG&`vP@{w1kk);D zSx6G5JkB3vq8Yh*=AJ^MAuX0ToC$)z4k%5ye$r#}FnmAVwdwNba#&~iOS{ApI$lMM z%O-KJ0VFVrm7ghbGw+W=565lh+woh_Q?8J zd{V85H5bkwsU)VmtVBo*ujzw?m^PR+8ip@Q@`*f_Ce!+1amHQ$gHnps)2zSJM0-Z) zr&I*SurUq>hC!O6?KR^588Rb|;+5?egqZzzZnt>%%?gTwG{c9}nW$q)ViPfKx$Xqa zsDXRL0xzX^)w@42qq%tPK}2W@R71j>5=)9`2XF=h1KNUgXM>@5peSj}XUTAtfmw?_ zgPsJ!qV0VxO_-?cOz>S)2)PG|2z=19;}%!?0QC@6_5iOBuMA#lT)`KF?L)$uAEVq| z{#zY8805o5K}9b6+<#=dSAT*U=V)B@3Fp&){ZMavu zd|%>1;aMOD>-Ui7SCjs__!}@v;RX+kIe;{fnzeg+F;hnd1Cm#pK#qs816kG6p8pf9JYlsew*>ejhj%(ZkHIW<)i5nhKv%8#)$hiSIdU<*hmT z-)nz08o5+o+fN&MSJ||q{t**=O)5yDR3cBww{Sxsw@@YJta{uhhO=Z3q%p6Es&KXx-NRe&!FHqr3DOb&gu0!sM2l@3UGP)pK*mIq6 zb)xb&J*`gx%2)3G^INdYCtlGoFbp%NF=t#7+HfH109b_n7<~#cMoa3}jT0A&{=x@AIDN+Yz0A zRpW`X(ic10@V~(&UPGUtQPOM;e9~yPHo0o*-OI**n638`?g-Y0bNl9pbFBE1Y~{!! z^ZOuzfL`Ds0p{5Ik}fIsnkSXOCTB_~cJ>zQzLE6od(I;*v8VI--N2tTHlnKf&0H(= z)VB9->V{lv9h3u0_rm^mhh3JCYUGc4_5cs(4(N=cVyElR{+5{(*+bC0l37&m2|iL~ zCh7uBn^fL_oqlp(H|<%Rx=d(-8q4^$^*elBBr5X(vBDIjs6WApd;8M=e##BhtGmN7 zp&ke}+Py5?zllqc=84Os9lc8mb>vDzl3&^GH%{&pxU}%LGp~{>6G==ohjS;>RQ!zY zwplkMuJv7_kIVKC~xp4hAz4Y4xf16f15rX8PC9X!UVpF~uFa?mbN3?LSe0+c@ zc9EiGuUV{;x*I=qdpN!wKf1cJeRzF5v-O%%XPfOm{3bSqKlZ+C?bw%@ln`m~OQCEJ zn+q`hB@y@aSET>`p3?E}bpF2Av3GZg#{u)4 ziui@6)=wJLw4_~4SsSdww<$tLn}-ohIS3`RdnkXvfJZhziHNklu@oH`;ogPN5o_Qe z|3}1H;&>87f9lAOeN9gR0<%dW8#8{Ndfzro7bpIkx)BSs#>=({T4!=+xcsmg>p2&? z{e66<(ZTw&hb}BFVef(Oj0M!AANpy}(ArT(U~tw3;3$RrvjzwkLBGSxIsoX3FLnTK zqVHRpI?DOj;_Kz`8d0w~`gUQp2(SbXSW@hiIk8?HY`ufH*CFFuEQ z=A^$(64%kgcQ2d*Sv`3TfS2dO3sl2C0ESsDoZ?ZYrc8m9l?M#(7mS|q*@YD?JO`U7 zSaA>1c=G9Qt}g?FdxwIXxZj@D=hJ@T9$yGLU2=vEzh91Z!IJ2rIKfEM^*=3>>{I>t zYYpx_&&`4ahU!?Fqa9Wniz4=BS7D*wm}!qjV;qkz;JkH z7bqrP$Y~f$eNljb8eAVWWpihle|iHM7kiP2I7)M+l-|9}7jD&7we~ zNfi4UR}_M{Nwg@@=N(zQO8n%O_LLf6|Mj1}45;2Oe0s8tMkGcPQ!1S8vXl$Io)Wl0v~!8kX|fAWv9dhs`))&=b4+cKuI(=$Uo4Y z{H`S`PU>NRSxl=!gTpKFr3%mG-CmER#eG#hx7jaz=>m4BiN=^2GHp)InstiDM)S9d z1ZM|_nHrAE6s?@z=C}z7kYdJD@NKc6Z*-CT#F|8GXwa)~q|;Vrq&WE-Xo>F(@WMno zdE9^&b1z`-y@YrslYKF&7%u{cVu~tW2{A>kp5=w&e3e+3*}Li16vk7&&9@U_zA9`r zB6g!j8PsY2idHt8UvIvtc_;}XsV!me)C@9@;~y1Pd_&bv^%tg@P&qU_uT19Ev+kMo zR#Xr%sC9_jKaZIvOH+S&Zo>};_l!RmA<7gt8K8ODsi+ZrxIkQT_NdZU0a~!eW|}|^ zw}5H2<2pb_c24%^2w5rQoK|-yt;CUNYI8bdH5UrZC3B?VlUrEAGA15t_VU`*QvId6=sQ)7XIcz${U(|H#k_(dTH+#(!85 zghDiueoe5e&wEsDC74U=lYG~$`%_9DIf3kSd4lAI=GeNR-?hy~50^1Iw}gFr9l=~_ ze|2)uUm`lrIof%QFCeh`SfK`%2(5zDy+Hg&0X6!0C^0*z7I&_oGN^y{#pas^XI#WC zdjBlS@9Wd+66Wsx{^sc*t3#`v#3OWN#9vwAGAyCQ%5|npbdP%SYCn*oe(4Y^)iHK~ z%ou=aGD&MKM{9HfG89Rv&@NQNH0lwU33WnxT9|}o6V7gADc0jDj4d70uV|76teHi; zm7TswL_K2K#*9i<9K}qxnZfGsm8q1hsYF=&LuQl=U6*psOb68@d%r zyV~<>ZB!q9#Bp*=N5^RopOunEUutxrVHBOd`XA%rGPb1#a zP)4>arMKiF&G+E$e^NxA#Y|=kDXkD*oN9a3wBek42_$r{sgLP1N;uluJUec*2UzC7tzddc;@uoZ&~+tiX~}g7>{UE|iJdWvl#TktDt791Xra zwWWwqC#uz}ree$V0SSZE^F62c-T}C|x~upJx=6kF!Sg^4Adqutg*RMq1ej!-!2j95 zPWTxaZjwxotVq-R36Y&jiGupXZA9krQ1DV^n`y%Ao_XXOeu)8GO`ew}IPE5Vk>o+4 zB@zQ~tk|gSa#xNp8>^5VKPmSKcSh`{Q#;7Xf70GE3MbL`=yQu1`#x`$j`cEr9otH|N+nYrTQMHbc7->Fskfg~zNo`zS6sZ|h9ahjScuEG83C>ZLIJ zDbt@wm?JgDW2im7E*M@za9}-heSnRGPXEI+A818U;!aSCz+9V4w5ZT8v(<6LBuTSz zHT|=zU(98*f=E_oQ}UgNJ*zCVuW1J7OJ2R|kI;i)$qTr`tzQJHz0v?+ruYM z)n)3s3fAJEjbsPO7HO2~ZLzR@*B+*=XYthsqm$0)Vk3w}1!9x6A0B-ZT6Aawgz}vg z1n7aB3jxp@Lm5(6?61Ey8S(hVQe0Peg%E=rui919Ik(BN17Po`^c8=Iz!Q9x}GQ0~L~tQw}*ec-P@QpK9Xpm^ON zT7N#?Gq{YpInx=ddK9^}&}|}G#_p81P*~LM1+%#g=HR|CJ1%@<4CwiS5rlgg9kLaj zeV{UE)1bgiAA1XP_ah;lcSblaX#)n{j*Yx9{0n|zgem>BAa^1wYQ6`}w#G;KlLIEv z`2*16o9OvdS4UGDG}6faC1+mb{)xkh$Up!Xt-{Qnc;a}Ox`$$4y%jp$n!c7pl5m9z zE-D?t20zFap&?Gb1l#FBS2;do+OxoDT?*S$(A+ez))z1fxE*|D11fiGj)1-8QGT2M z&J4;AOprM7o8iYmymYY7{fxLMicrICHhy~O0*CA|%N1*trsTHtcR&Q!1Hq*Xx{k-2rL;M z0Q$oP(*O_mUeK7JX#(c@5M50)CDMR|Z>@F6d|YE(gbg=yw=VsKO6n>h$HmCH`_vf&r4>*%`OuPYJTBdtPeQTk%y9f&)LfRSa ztOlvrv!Nt~e@(cIVD)PoBK`>%e6h(NP1#uO*a>BtQ6J$NZmF7MPGj^H)ttu3Mq={J z31dY*G+m-8s_XH8op<`e<}vD1rJKekvHQAUcES}y=3>$b<}coURn33>O+a~>egk~< zn!E+p*Vpw2!Jmg|`Bd42g4=W^WKd9kF}ODeMP9gIGEjVS#J@fd6oD)D z(a(Hw`B(qQOKus6tnV^j?oZpL%4b3n%p+TDBM&!yqH4+?lD7^{p>l|cSI)^0Xf*s` zTihM7sUbHlROK0HY6wxHU%%Mq!&};$#Gpk<6tRel6x6S>Mb9Vu*A1ggwI!^_V|e>| z*MlKZVV-K z4%3abop4C#2Uk`$4`K^jSxLQjCVHHYAqvrdHW9|D++GTNLL~kotECS-z|aRxSz!~4 zNEyE0?ZY2xV*ML7jGkY4|Wl``tkVR+h_LlyCx}DD)1Qo4nnLk-N0WlcsPk zW-}wf-ZAI;ik+xBNN=2WXvACQH?{^S$MRCMQVI44jinSn=7)Z2gPZ7<`-6f58JKEYxlf8q`PTea&4Pp)2I{+;= zwTe6nTv0YQc_{%oSv@@yJ^!gH1zA7}BZBz^Y|gFaa?ta)SJhCw>gQ>09x4^A9e18| z`VyN+hFPzK?{4-jESv3&KZ5u{H#Na#RD@$VZE+m8y%=qCm>Fhb9|bYK(@S2njmiAv z^-hr%oI}<6O7p(J-IpxlG+D0WQtdH(F{O(oMP(lwArRff1oFppkj-p>Gjyz7s+uGS z5ffb>zcF>ZTFVP%@4LeUCt8h9qTNaSxT~B=>HT775u;3BK-_O*2=Uq%FFidT!mR)T zUx&)_@i8gpnzH$Ehp?}Nh(F8dk_^WKsz1R9!&lc8TTYvYpXf-U@{nzjeSqE7O&H0z z_Q=QQ<{)>3p%-tG<`gX#*oh&5+$UwXeP^y?84S`x>rL%HMyj6|9z^{UerzzTeAPtc zvA2?#!W)gLy#r%i=&Rj=!>gfJ(nyeguw|P*@D(oMU)(a%Ww%vOeD@;i{i&;e%IR6~ zS&y0WjCJKsTy#=nTKU*4rLD+47G&i}VB%>UyZ82Xb}r6->*pTC4>zC;YH@^LHN_6B zDW65#tpU-R+xTM@$=}+drkO^SJH=;g?UG*MTRsuc$6?fA#hNKKHuj6fm8gz3Aw7?1-9}3XTOM`l+TO1m6^BX6dCY<}>Q#jfNlje>mR!F~Z7&8;nuj3Sl&WH4!ATLfOyQd~jl7EL zvmdy}I0eoj)J2Lp{oLzg(|ipJE<{%%gV~j)`#${&18-h|mWqUh?TrN2=>xTGu5l>* zD*@l_AA0C}mI_r4MO_efotDfR0(}nFTr%QzgaHaD#3lC!dt^h#d;6fLS%}?DnTWLC zo?re?IS1OH^Bp#Ni8m9W+Y(otG!B89zKbI-dRoOZub;QKRab)qA=9rYUxJ?R z%|#2a*zLgOn0CL+FHIu2h&TO^m_`j>OvAj^2Borg7+&Cg&AQPM>8aGd{X)$B z#c00g*V^e`jO%rcqEj)Cv9LAoD=4Gu^#o7w0wOM^gABMNRp zMlex;DD~)I^%3)V=~~f%Z)G-R#6cZn%qt5bI5_f;;-3b14bqDrGfX~{NY9mEG}vq_ zY$?Gbg3D#b2j5Tg56X3cJp!ckMfy?dQ}s@Sl?I+TUj(e!{Zk23O=NxHv2tTrP2rgs z%vEksn}WmndOkQY|HFOV>tBP)#cFtEea4RL)kwESD6*lAVBaRfLC^6fKjjd?3 zo$mIC7tQ^64I92Ue5qUl&EKeVF^oGjuFzBv&A1btwr<~x(aJHl(C5W zsNlxFeC_4-{%+`VefL%J4OoD*`dJ(x>%Uy zv?uNo(~36usY=yiU#6Fo5K}4)-<4G+3px+opCLE&H(~JYHcJxYiMJB05of-Ht)!w8dNpcweBi7IhMt(fo??wLP}_ z-non)umM_^U<*)a3JEHertjt)7NG^~$u1DO7EA)2vUUb^q{|)vLy7RB2VyGEGpxDx z^q-8`r`9qSNW^t{%2mnsrTXM1_hcHlOHiUGl~ z59$)LZ|xJWFrRx_^QpzvaJO3~f(@R#oR@&JQ?m0vXI;A2Hn)H=*Iv-Xf2HeV1&1HD z7JDg!AJyD#*;%NWR{hnZ(9THb5wB*y{e*z|4O1*7V)5)`X-=5ds*!8{(BV1il!~?+ zFJa1aSun04TW36NUI?Us*hA3<&128wM3dh{Q`PO^4+_TDs9ix ztkfX&48O=!4j8^}%K!8*wosv~<27N5nJ<2&+gGSi(**w$->_qrt5r_X1igXVT&WucX zn(2M!%65Hnj@UjzU}t%G)9rZms;;ws1}IL?D$o9_3a>XP9Y#`;-X2GMYF%^wc3GyW zew@T~_lWO5 zen9`^-}*YE_(lLD{`r_-KAe-)?w+W_j5h+Q1=u zDGRr_Qy1|8 zyd1tWL?rsdCW~A?U6}j?27iOL7B&IL^O(ve{WM#510+_xa{v7OG zRH6DeW#Cbntv9X747gF30P46u2BU!Ht`6%JFy=i}?)`7+eFDN%?hHYD=|P_Out|dx zALo$2p6+X)mIT=93saGO!6(dlvwf1iKI|&9>n1^LE`fyXCnq#_WM zkp=nLoL7(~h z(lHC!mwuVJ^^_NvJ9@?8TSC356E&RA^a{5}6F9j?7#*%(&V)Z&8aOtUTWZ{{G72n` zQ4;BrlG7(f*ZPU5_ecH9H%?eSaVTYal%69bGP;n5zqib3-f(F!Om^=ki#nJ%CI}_& z-7>^4Qx8LBL+L=$?sienNM7V1EUe6Et54(2Tdrn;*&V8hApMcG5cq_w*T`VU(I8GJ zX*v6`L7{+C()|l!`}Xr4YV77gQy@i5@B?@Qs}=lmX?bDRmmqCOB9mUXhlGpEDYg8! z*m~y$>>CQjV8FgBQ-RO9^^We}J~xl(T{=mVR$?Q62u2+FSdNc4|AcMP2VxBPYLb4P zW8M>uX4?76c8S`kj>&Khmk1Hi;BQ7gx=^E;F@0&8N-8Nm3RcW0u%c+(Uo4a&s4NN; z{oJY#_Zzx5C}X)8v{ef?q~|33*?^pykKRAVzWc$@e(UV$)7>@YEDoz1h7m1v8NVP; zz3+-#J$a1#@6V1?=3BxaSyE|pH7#vCDn$wQo%p*z*Nwq-e({L-eYmIeAX7(Y$G)C} z->o3P>F-)9Tue~)Pc>#{o?nSSzO;zgxewFFj5u5UL(#@3etF~$g-XDe&!1r@(*n!G zE|{?=aZFuim~OW48c!xBC4wv{<9c2okut_CKX%D1Z&xlMG{VEVs%PYT!dTu=-yn0& zkSdlpG&7^{DqD3R@IJmu^K1x_XP-<^nzqP=u#-nEtAxQmPo>Wzo(84@aZ{+`%l(Bc~5cilqBag zDVT2@Zm22mq4j?z$rq6E`a&iZX#b*0O2md!rVJq8ji=m^s@&pl0--W z2I)MVr!Lgl&f)=pz*xULFj@PJ@i~!F^+|K1rQzAS67qzZ{d{AhmjGIM>T3EZP(1;> zdAtrLiL5+v6t%A1boG*Nm1Y6bx)8}pFn19#yHkA0oV8I9@w5TEnB#H}a!C%0H|%VQ zDsLRo@sEl(IH~X71ZOLB+4p4@Uoob6QH&eE{`}(CUHc8fALdB?TS&{(@zbRvJ{&HsYIOK7C(YBYVxzbNYuknc~ z9KjhNP0(40WiR=#80V`tKMS}Mig3SeEN?U&0_Q7$8-1J%zyS!@ra;=@tws2rRsE(L zdl|A2B~qq4%d=DxgtT=;wS;2gr{zy&BM^Uy)eLMGb7?1T!MipN*(AiMAni`Np-9%Z zTg_6wlokW56T`I6;L{5-2SW%YG)ZV)Lqc@ zI8ngia3tXHBV6hp5g#WUD1w1=w7?AiQP7CdUu;@s6&BH(XmJ{0;r}~y$d!YB<q0lv6&=3gOY)JmF)-k$db2Lx#O>BEckD1?Cq zj;d(xz?cwZZ02tGaTQ+`SDD{cPF8G%^~uFSO^@_jHu7XF_CHkB?GhWW3C3JQ>NJ!2 z%xC80Vv*enebL@->+%vhEuWsZK~|MYm*GN~ljg_N-l_0?LK~xiqxCjoT#NM~nwwL> zOPG-$>+XA~r@@6+LGKT2Cq726MCq^JHTS0c#?u%Qe?cRUi7|Q>ZlZOc49}#QDtjxR zp&?PKXDhii0@5o?LdTq^!4~|G-@Ev-!^rJkr#Z?ro|2#=2Yvf2(m)SUt-}d{Ctel} zrf;XAw7DN2l)h&SNGD1ChO^H9p4+7R(;e?VN@;KOn+|}5 z^j?6& zJ_&9B&1*)nZXDg5cN}h%&@Y>xJ|@C(!ql@)$*(?8-q3&P1r%z|dt`n>$PtVF;%>Rg z^!LwP2mZ+!%OkI}k2H2LWHOgnaUyYuNGIB|k3C{&`~C62yAM8|s#Vl>9|qLq`3~*n zotIg!vu7xEIE?YuoUq0VIl&jq0_-0%)LbAtOl$k2bub?HCVr97y=QYBl>Ug9T?8&k zoYfEdsQ4zqziw^g}`CmQsjs#Vv)l>07dmz^8vTr(K?&i&s$GgY#MSevDq1 z@Qu1S!1j3ZP8Cr~;(oX@FX;W0!aErGOK6E&M>j%yjLw+pEC?_A{llHEX@Kie(9g+Y zqaP0Y3=MqSx14mpQ%<^$oTVrGZ$oY!!-CaRGsI6BQ)^i(QAO#W6yg%p_|@YXHBzxr zZU_zj?Syw=F8xy*oF7SBg5o_iG4@h%_2?RW&Y9w%_II5QvvXR6Z<-P9r}t^I2hnt$ z#iW9$te1GMT4*9Cx7GIuZ88p`mUNb(ht&Beg!3xSHCG)U8T1-f)rx+R*b(Tpwp%`a zB`a4(J#@E$lB&W3MX>f8hb}YV*)KoV5jA7Y^Fnh~0I#p6dw`IL(FQd7DGv?c8w<9} zlM@`J|JKzK=uCG|jc7+ks>KY9K|Lj8y`o^chj+Xw2g3lYo^l|Ji{31X~JmSf2 zR~9+6t$YuGJVTu6v4l618rEVTt+O(Cq{DWU#P+^}HssgsY1DPL=Xxs*cfT#o?((9S zJN*mO%d1a#A>kX3u^l4mTgawI;b1eirTrXo!Xbog=6DhMfCqB?;$RXYX~;eHtpDmV z3%2{Vk&aXi?U}7Ya^6A7-*O*41*G$bWy~XMNUtLHt2NAD2u2JS?c1rd_?_URHO!-Y zi0cX*M@f6NV&pZW`Xu&M$MBWegMF}MsNF%P8G-oVRj?0l$CsS5*>F`OpNf7W7|YER zxRFd*jQ;ZdAZknIID+@`vFQS`L&x9LwyhtI&A3@^{%NeTTnrSA_Qkb!3yCng(SOyq zB>Ftv9NM+ZtFywki!A$O;(bkaQJUpQf1C3;3<@rq5pxlh?wC7|2M|JWoVA|3Vc^1n zvSJ5Zxx00nW9;wMW0?AKm0=Rhy*8SKh!35<+s&*-q=pDLse9tg*k!PY>-slGJDUq? z!+p&l4nfB>LrQ>g!b#ufp|yjPK`+)QUsl%?b#NrXxRkI1%Q4+Gl~wgZ)tfC)s)3b$ z7p7+hVhGd3Gy>;TSbCHn)mCJ7uM(+cHwoRwwJI;()&lUqErzfP(q@e7n}} z$rG*tNm;9UjMHoLLFAU9eeEq0DE?O;=i=bM0ynaa+ah`1P?Cra|D}f=;x!MFh_!E- zO;!ve=(yP=FHgq%eP-^f_kj~6OA#+Eg^q2zpYbJYHb1+2v^;%wXdY)KS`tPJl|hT4 zU5}1eN8&nPQ*ky;?k3y*9QIdza%aMfEQWfyhGKkj-<+_^;|@JX|TicX6%QE90yNg0ZhN0$d!nk zU`NsyT>=^pVY(2~uFg+01ubg7$4@v5{nM7!N7P+?o-k3Yx8F5!=(}Sa-Ltg9et`-6 z975LeKP*1A)(C=xlT4Ov)+u#Wn9BHV)(dGtslfk;vC^OGn2s^*59xJ>t+R(hs0{2% zr=zuHWD_-_qlwN!@quZ=KzJSq)!A%yW+RhAM^M2P;)N2g(3FvDfbT_B(Y-zGkoXZP z#VEKHDZ;Zm^}X!JT_fJ3Fviovkgz^sD)2{H6Ik(IUL1JTUrSE3m&peduuU>)B5jo! z$a5|Evci@KJ?-FQ{v?vj9686>e3Hkh!Lt-OU^MnSCI25(ABZ@cIAmY1#5G-!$bDrZ zT|t4O=~Ax4>@@5u$h;PEnNT#>OaN0(xgW)yo*h*Qs zav>oqizzEj3a4{dYJSF8-%PNEP@WK6_5^sc!<0V(XHe5GR9^R}1dPWEt^h}47;b*w zmiOI7G%zql*i?s{ejArglQJ!q_u$Wxn7UJc1sw#9c-I^Uxm4%=euyBGfC@|NBxwo% zBUC&+k6+VeMZtS+Gi&P$8bTS#bp*xH>Wdc)WafgKj`H5t-mk4h90QI zY5gLX=hya~KO}AH1&eVa#vT@;xLfUatB+z&ddBKcCbA;4(v_YXgiP)q zP97}xM$`v{4T+a}q&oYF6MUs`GyZKeHYT!j4S$VX_$!;$_S(xV)twzkBVB6CN6oPm zs6!*|<^z%#5wj937OG-a?%)zh8|cYkSxnu#zH{WJ!u6A@wI8Qb1aC_wY33eoY6J!= zNMabnOJj@+PZ2vL(D2@1;r}G^z+p}9y2Zt(qU=%sS)kJt!9kK$y^tGSH;+G@#jP+M zp-ba@ghPfGE&uiTLljEd;-~3c{xG;dF}qr5)R-h;a(FR3GaPvPznDfA#{IAR6i_ll z#f@TWlfK5qDJ(EvlPW7Fk?2kBEYE@16(<-)=3Dnr1jN8R8j|l=6bL^EZW#1m8-tRb zK@gBxlInl5(OVpB!WKxz*6oMs_#3eK)pP(@Uo$)a8;o201KvqU&ko>_;Xh{+tim2L zi`iju#+Bqztw#`6(`3nUtwWnkyK%I#xlOY9E;r|3#(9_VvkR)@Rw>$YIr31nV~jt2*K-HDMqjr$QQ6hW5Fhvw zb0+|2=f!`(%gf9E1PX=wF8&Tj4LFQT%|a9z28uMHp0a9nW$Clg?MjC{Xk{;U z;6V36DoGwLSp)CmbIUC3n|U85CIomN7qVi?dQ&Rh!cHGap}#nj4aK6!92w~AAMiN> zCw5*ls2j;%Hxx%eE>16?{JQ76wv$In79aFyj-n=vcn;G~e9R`BZ%Yn2Hs2H6e;8oB z4OxwM9f||8UpFI*|%)OOALtApcDbzWN16kL<@|j$XkjuzxyulHyFT8#+xj4$a z{mg4XwN3Zv`#xrdsAO{MZUXjK!3?KrwI&IH4$%T!epHKv$? z<&fLEvmBpEz}**5*4sb!n&mL^VbCm9Jf{2xVSX6Anhb#oApdJbxj<5somoEC(pTq@ zg4NdJJP~^^*0F87eeBDH`j_;FN2hqXm&$*LI3witdaEPeYcXzu?|C@h2C;XL=?DAF z5~X~2xT>L74HHx8xvQzE?H({5wwMC!`8&kMoZq`|=y9w5_-A+sYSgmfElIF9X|Ghj zzj7^VyPL(6*Y5!jB5y*9&{%Tsn6j4;e|*mkU=I_8Z$Lb%BfP9L&W< zjT;&?+?x%L#xjNJd?_;wb}3y*A??C8r%Yg=m{cF*FTgMPR~JGY_x=u}0kL~G)Qu{{eo=5_u``SMA21z?Kwt`%Jmr{D2QxCvsmW4c6aU z#unC`Nmru5CwTU6^-sKez#mOwQ(K6%rSU*vm!(SB5 zF5TIBlulRUFK=G(DF_PQDwGzAqyqcPlB%dC^X2n6i(kj~ciz8LdkP<~oh=vUr=AB_ zQ9<+5J_s(=+&y8u2^iqWK4KF*qIZ)Kvo^g?w)ZPl6!e<4-`_+5xn%?W1DT<)C9?qK z`DywAFaf2X^@lAof$*k)HgvHXr);`+x%nG}Xw{JR&e|?V?9H_CRM2vI%j)RhE#Tv zcAgOKUbf&8rK7sUB z!Bx9l6JS18!?pu(1){%S$U)b7uqQ#!aW&{>hZr#sb3TPel%nfSb7E~|Mxox=>Qkd= z+-ia_+YO9IIA@&Gn=((+IZ}7kG%wm_Qcg@NiPv%yZozrDk$esu+9mSH*+uxvBedfY zHw?TMgWRscG%629Te&BoJRu87mI&A7YGf>m`~k^A5xYHFI-V? zvwak1M!*O%7g#WFXQma4t}%?X42X(*d7V_>k28hZDiN@EniwlQFROfxC%`WdYfb^Z z9Dv1#v8UyAC+yT!XgO%&p8Fs`2+en-_lY9DyQnS~#m~%aJ-M8L1OL$ly_5qS2b2m; zvan?w`OK;M!oZC3OtCVnGTntE1^D&MYJR(6B!Q(gf{63I z*`$XC@#Y3KiwXw1t-OIvjEQpP{Iv4mIO({lr+5ftb5w_vGOL$sBI5eiUt4JNOuF7Y z%nlPW>`mkd`KYhgKL+qc55_WJ@K)IOozb!L(?qtH11l^luNu^i#o*D$BC{%<}Y)!~C!eAw|jta2yb0*xqIsJq;@AGkd=+xL2gXK8ZVRf&NdP>F?{9q%(;|9c_u{Bcn;!y^v1|R#?dswr2A2X=6^N(Xs#@SQcPlv2FSQe zhyrGE@mBOR<||bEH}A)Hdutew8vWZdGI3)$P<}yj~P-C_iZMRc}7Xx$4~xr zT$C2J4&vg|o}L<49^rz`Xu70mGu7`gx+5r9QqW$~`@a5RXw58$`>fA}Y}G=|e8uYU zcjoh0{akB>i>lp=Om#*2ho^CeVDx8?Tj#@ks-+Ui~o0q%*ELL zVcDtR3w)4yu*=-HLk_zqUR@I-ykFuCWbN*TsG6}{67HFKrO#5nkG42&LBrf_G#nB$B>{w@3#9BTFO&&b7x7E z13v-m9*@%W9Dy;4Lnc%fkXT&;N1o;k#A^i53}!&lHdEEr$fsBE34|duq3Pn^#B?oD zL3J&o|B2=!!he$axm2dMAopxo&F_UbO0U;5{ZUX>0=5^7(Opvhae^$llj^1kdsNE3 zD!nDE$iAKD&E@(>75?**GEUCip-X29baOe^r71j~<_Ktm4tVuqG30>V4h&I7=K!et z&(9!DCZVU6pm+W>#e|j`*+PzEoj9adcc1wfW!$88{@(o`vNtIkDfXe#n?AZrV1~z0 zN;^97^N27$_o6$Dag>eo)#o+rK>ufO9EJd+31oXIgCjo+qhti`#(oa`fHB={goh}b znBtbAui$%`sVQnVP!oRXnKr~UbPMm`5tSghXZZg{H_r?<+#ADq(!=Ba7@=G52&5V8 zMhVV+BJGkN({z;iAvBA2?_e|<=iU+Uc0KE32xFMTE=z~)9Rd0hPlJF`qpce_L>cVT zw?PIeHe2);SpzV9mZI>QbNv}4=V&f+ub#sh%$@q$Ed>Qzue-p(tiP4cFT89xPxLzNe_$k(qqx}m*wJ-o(aPr&5pXbKA zm&Yd`Fa9{ax;lG#YJ7Ti@#p#Jl@tgJ2?2mOnnbyVQIJlLz|LSWm?$qNaDvF-?YxfU zc%mB}&lc&nIbr4E;DC-xq@m{V-ZVJ9HsW(?@N^ zs@nzqn<(kyvGS%XTJy6JR*QaB8i2tV0q>gNOl>*M)8k+0rq}CvYG=?i80$z`@QyXw z9H1;E+K6gEvc3~U%v%xq~r z&roG4YEKmRXfd;Z3gUT1Imh9nR3Bw%nrhsPK}>on3VTERnwG0Va^x(bHS@fxWHp{m zhAAVM<7j5;1r;FAf!Ez|Ln&#y|Fgz2XpX%m0*qa>+OAoq>JA`G6?1D5i|gUR*b?Mn zr`_|7O`Q8V=mx<1$@i>^9itXQkCe*5!vj;UC|Fzd!Pl=G_gC}`C9H;p@f4Fc6ovy) zR$U!Hf0&aa=lurj!-qL))bzFllsCsrUr35kGtWe3n0KBFaECoL9v+UY zjx^dECUUfma@=?nYu7?579(2-wVS4>;My`JOK0v~0DtiZb?j zZ*N!oFwJ7iTWKRj;mO&{D+cdyr?-7TK=!u}v{HB$=%o&|Qle9Y@S*e*xU3j$q1 z*~c(WVTOCsx)mril1FFo_qpxKaOvVh&Aw&g)P(9dT$&7 zxK#@Vvz8H#+0Z!CMfDuy=$b}O0KGCdquQyaGwYmZZKf~9GSzXHXgk06e+I8$9*h}S zJ&KhL{dvXRG~JytW+cjT+>?=d_$1<4z%8@Pp)5=`NFg!zX0c91$DV@`Ii5|x6cMct zTHnbqLq5RM$qmemzNZYd))a+VW??SJQ|wPiU@(1S){ZHMRE*|E)i&niAY};t+Gtdx zF?0;*awS`~pe)*en5IH1B;YV5;@?Z`0EP8N2tV6Z2r3wuxwh3!MT?Z^>ctyQ!03@f zCQSJ1itf>f7b%KF;4gLWQk%WhXLQWVgD$?uIh>gJ+f`wWuz-G!vR&A!SC z_lgD`)=|aB=W~N-XeQ>KJ3dt9UZ!fFsy!l0x+7I^(dX_@>W(i%!M+T$Z0ua4Hh0fV z!Kr%iHuxlvh33a&gl@^gi4nS;rofwRd%$Bk*WXhAfC4qIs9`Ry4P}9nRd@$)sFn}9 zR-wJ?WL@j3Qu*c>8D~xRDk2Tr9e3Gx@{Mj4?$J9m1tX_HCnv&-LaE*Y_HT=(7bwWX zd_$fAl8X9Clt&mkxD8rXWgbng)WwwAeoFWy*Or22u)S?=ec@Pt0<_kY4ilypek*eS7L z9@8qFD2HVODo6cYHihTM*MNG)Q~Shd7zH3ep}7pobb99L=`Pm0o!-DKfjPtPTyg3LFDf(j&g_#LYh$r*Fl$xJ3@LC^E@|+683E7AgV@yz_g#UI!=i zJHiEJ@gW-EG#GE)?R0Kw94e0~H{>J_II%td^PfF4N}<018DB*JT#<-iLHg%b^asjS z3Wk`&53Al2t9Q_?c>hpmEE9i`M`p@C@~8~uG6nZk*It_L8+J=#&;Q6z<9$98nequ^ zp>(L+QH3R57zqO36}2>R$ZSjXfFb4(b$7bfMaFj>bDPf^3^E>GYIXH4l`>I~M&RYu z=Okf*ri@SZy=3KADIWP(akXw?$anwRKlokw6*zoUywl!}SB#~vX+)GYqvR1*bUiD* z#!+U1f1fCqz5w zdY{yJydmw^hJO6H@N39fQv6ab_tBd-9T!n0CpJ_W?4pN}WQSYYxslbntI3C|N(Uz-!qaOKus9TQ z=H54wOk|wgj5!fw7KMlC!2bYfjS$WUJKlS_+AK>g{C$5z5l&fH-MRJL`y7z6yCkG& zH^a{XCC&R}w+SUKzG@sQyV^6dTl~Ej6o2|h0TsF>`okaAPA^`s73o;n5z_xa`CXhT z{!Zf&vV5k(`2+-=0mpHm;z;bbW!E@kEyr;fkyEbx@Qm}z+Mn0}S-#)z_t)wGGzefK z#UnZ3azlThuTWQiTGdHuoUc&#KmNlRrV>4x##rr)Gh_5xqAEKWY2J)*l0;L~>q$X{ z@SdO{LA~CP@qqLK77rsDqyqJNBaQ>oQ(F%0ZKGcA?$ry_yG3A3JKWkD(R7>*q!79# z*(pe%V#_YwmJ~EJs+51yPs<+BqGOSN9dNB&(WTbC^au2c- z1&a;QF`Fdv-yynWp~$!F!$+aL)MgJsf7q^ni7?db<(CjHaM)6>B<-Y9vU{a!=BTmS zQQ{gaSiG}{-X$dd9WLV z1KStK0}qn|G^`T)ug5lvTduVK;`HLR^NSmUR}|1^*kpPsnIuKs*|ukBO-`9TT#Ch<^L$98d~#@Sqf}oqT|UKF-oHR++XhqALPG0 z47*>^IHd9Db4D_Y$Q2pNaT+8yAgO~;c?Zr$iO9gMSTCl6;G3mkW^K&9ZA|&aHMc8U z=<^f0M0k|7Z@wZ>hGK_ftgdH2^{3(fS39)+P3oVI82_=ovvW|6|JYmQ|9O(fiT?oi zTkvByWs-Ctf!qM|hJnaEQ&9=_nS3GKEH(h#^-j@u$MSdLXVO6xLFLf=@Rb2vbS8pv z)Z{wNJyQHGRl<+zcz|k$8cswOrKK2-nvwdw6-MlpT81W0f#qi|T8q=sgLviSRc$qT zTL?w9_gwHSOqJr(ANfDfkn&0gJiqnIkLM$PTF`$J;IJ?Ym_`40Uu+lsfA;oQ`M;m! zX+!@_NXC3DpcEJ5PzL=@r?M^v!&GpCGq*t_L!f!QoYPH_FVM#DmojU}`+p?v;10Xg zXA_Sw4P7=-K>df~6!{cZ%;MvGTG0OqNjVK3k^UcSzgW@#5A?L5|9S(=N&n5ZsiOY| zqN4|xpDKv|+x+WB((gch=7MtxzZq3q!f*OESpX}*E`j>HBQJDZn1H4GrinxM%i&*z zHK+^_EKu|OB_w+6zGa-Cbc|yt`eb^=T$N|VHn)Bs-Ha(@43#`WWJ$t!O2U43X6#-Q zPg)=ttbt3ZD6RE~#6>i3pq*MS>2Wl(EdPM?B(EKw)-<$_m&diB|8gN8)Bdyj;^m7{ z{lD#<75#sTN99aabX9v?LpB5*7cWIk6FCMJaLBbR1PRgon5c@vXqd$+`ilw#S?oin zWRSyK3>C8R-WZMO9f^$*-c$~2%VBD=88`<{XEXplWB%>G&MWHl^S>&1&?O`)@bWrW z5pt7@BnPci92EHw9ICcVNOi7RP$}rL6*crAxvl+lzUK_7@k#=3hG#lZ)|cbOXMBjN-7S$~P*l$h?UtMs1pR^e zBCJ7cuBcY5mM50WLdjLATDzdO5S{crolivK^!(?!RLfU1I}S`-^7kM_rXC6T0a*e(XI6xyE2QZIHiU4(d}tB#uieo;1rXK&5I-- zK}DuqnoB;$^E|Jp6iUotGCOj}vN)_tBeml5ANSLO|C?0WkCgvqdw087|8IADe{aSA zpX6C~{%5;csw4mdQ;7gJMSFz^;Cby=Au&o+pf$s~e@o-@vAK7Ok4cIBQ76)=9EG7?>m$yM6uq*ut62VF%|95{H_&+Bj z3K=N#T*iwD0JHf2UeW)5cl+h`%K!gKp4lATuD;n1E-P~)flJ>RLW691S(-}bfMaA5 ze3&*mvRTR>_NR~$#Yo6|D!i2XThGz=1ceOV-s2dm9suQJG19S9VpGyc58yqGB7`Hz zVLFh44iO|S;j;wqG2Fg4aVg=8DGK3;x+C z0nj~L0OoIf&EqVd2e7yx2qTqBc!CpEAppvS57-@X3Rl}kaLWy6Za@%upWrwoq1>rm zuFe-stOo(^>Yr)QQ>)=Gaz*A?JB+SvZ1E5fJNR1zv!*^AKH&l3)@QXd; zP^E3b(S_}z=jPzH!FUkS?6D)QoGYGO8K~&-)(U$MI-r8jWCC?LfJSW$uLY*?JPHr~PPH_<&oV$8BAR6YLb`r^DG>Q$P%>>jj| zd7&3o9`sLw#pPjE$a{7j&89P;dv1OzRacsm1al=H!$^(uYJh`kMItBI@(T&}drp;i zj^28nK4CNlJ%r-;8`KvmulAe~#I*wQGn4&1m*Jn8JzpMolYDIVj|BuJRLmAB&Uq12 z;&1a6nk}7g_bO7IaiFQ@-_C1?;_838rc75UcZqgkD;6#jEUIVJxUJ4jZ$|98Kr5UA zxY`O+x>-fW7^moczW7l6-VW5P-Uj-IE&EvXN(Tu-jzbk+@s76G>{AYdNVT#wDJrk!Uv|6bSSOUbagVAwDxo zeH#eI6j8}IHKkVM$r|A%SpKRkYF$H&`u%yBq->&k;!b2QtW zNKe46J(D^9N-I=1_TJ)G&`K8LeU{Clwe=9wP;B_Wl~Oe`_{5mbthKMvK-^JYB1 zxD($$clNG5zHL8#oC ze_{ji4V8-3^bMWRREFKi&$6HU>CLM9-yCLt7xQE}k$6mfzD zD~uziksOKq?pGG;H8p=}vETjP*gtOm+Ck|5uQwntxz23&#p=!L+7P_U=6>aU<17<~ z$OIT+!D?y&^v%z?vRkxZs1P<~HSjBXiB$laLgb7K!49z3JGuX6KFttGc_l&vTem-`|UTced!Blh+TCeyAo2} znJa*+{>*{715;`^X$64wpE^MI0BGI$DnhLO&H;C@y{$$GYpwv84e-x@c79=l8>c2< zUJ(%X)ofz^5JLVBBo(_jMK4zAfzno>&It-`yGbNsQ3z5S4e&Kd9Z5+33kqo>&Z205gIgsGah#IT zRDrRRv%kw$nIH-b$b!nIB&DE)g+lpD#pE8bn27#7;z$9L%N9t?1d0-g`Q2f!R}8A) zsf#V(velR_FtDnRip($rnAZl&9aCf!SeY4$D-1zoJUBL1jJYt<4SzW9J4b4Q@CwHB z5R2M2-3fmGZH(_Qjqo6n@Y}Vy&iIIQH#XEny!VH`A#?5_nDQf;o;N5>YWxT}|+N zI>{y#T~+~?kZ}qZDJrFIN{g2x&NVPXfm~pJ~`R4aJoJ0^#AR$36 z*c9{hhC(Eo_92wRnP7+qRNWYa!}qF4v04ZTgYXHBC8eb4?-67hwgK)56BOFhI3**( z`{-;44zB7-XfwZ85-28jgy+yg6lQ9Ss^TtOAEl9==+Q7G{Iy=BLv(ZVrs@TX1N&F z5SD+z5TMS!`dMu15Lyz^5tW=u`G7;!KAh43%U!5y0ET_^y~@z6Kv22=<+j(aH^Bi! z&M%k-5kaF2a~wk+zje|d^<|$pqQ4R@HmsNOn8l1s(51;_v6_zV?ViPJX~WQ}kRd1Y zE8#4MG9Uq)kkWKD6htQz5>lL!XsYo=Q;RB{jKX$+qhySG5xFA~h)h%{FMd5GG*Bte zh>1p0PTw$;o0~WO;tUB+GfsRG@s@?;&@8?F8!lVa!5XuBbjd=Ora%gfl;hwQP?Dkm z$8vt}&RKjGhvYp8-=TFa7jDSS^v?V|mum1>mzfUDYAMw_Eee9Y3(J@7-8V}T@BPjy zBz&Kn6y!Dcr6afRs|!qjJCtrOz1`vHO!<;`eK_R{L3an`5Mmn1h8`c04c)o^^Pins zVp!;;jxISjqr2O=9s+u++rE;~$nR@7&~Lw?K3bXfp8T01|0itmv|sj_A^#s7>=x{Q zI|utOSMk43@+jAI7A{ZzPgqzTv{xteFDCQDr#d&8ie&-WAQLKvijz3h0@Ni7=VF&I zfjOd*YB}jY|Je~<8Rc_RQMw+D^1ziFEu>6IV%u2GdFDWxnlCyep2bq2K8~;uE%8xo zvS`;1t7?e!l0DK19+Ar|l01-;bV1jbl+y`xTmUC>_Z!ql|3IIb_U4dQMWg zHCy1x`Fc?lNf4K3CoMa>JUdymBQeIDTyiFr=X0-&`i!$t)o#&2C>dXG?l&~P6)i?k zZnW@GAfQD%o^CVFf&2aA9|Gg5#}_?w8?HMbw}-t#&TBuYgj2?8I(-l^fPs}DJ$!I6 z3&}N!NB}|f52G0_tejpnkc;_-Dv$3`M6n=?ZC_`k4yZ>OX#9|MHUOHJw|Nj@ycm|| zo2s#5Q5JvAaX>B!r!3Se(!%p^g!=G3pR$N3bK!$Gk^`#MMgsXN$lwqwaq+O#Y8Dzj zVA$1TgJ>+rfWbnzL(u`OgbVHJtp94`j4Ow2TU;mjJ|+*LFy6SEj4Bn=pfOF4y{Y)W zw4ILE>WQY*W<%exD4RT-DrzuhN0zqnM`Grfq5q2%r(~E#5Apz>75}we)c<#Pb`Ew| z`u|frpzL4kRbHwGaAE8GJ9+>)D0m7Npc2ME9$(>=BhaFbKzZ%eQhNyK|2Ukddynih zlwh7hO25zBX(*qj0cU@iF&O*Z%7c3K%<(kKe|I>dA!uYa6~K4)r`E#YEdTGF{bKyr z-oehw|NBWEFaAGY+ht|}$e~&p@DT*Q;?28kT)1x6%~iWf|1S4xz4Ud-Ma#WfFMK_J zxVej^)^c05re2Pb_GFs!>w-L2-QIDZkUvsYpKm>aETWL>pqocvcXdXD?nY5ah*^r( zCz(jU!J=v`7J4ybm!E#fY*{B)+aF56{-`enSqzK+d0f>Qv6{=zxYCsgdv~FzVlNdl$urCS!8H71RdF?wg3Ex=79xSLa*vAz4ap`F z4BZo?X}R*8)8+kB#=Jybt-L$uJVO9#aM=T3@tATjJ!t?x_246|u#+dF6~B$j|LW{1h*u+S+whsqvGr!Kan9H#ZoH-e_+o>JPoE*BHRpXg_^=(qbak+tuD;$Tm;W{Ah zmd4?kK;4PX{wrT?EP^nvV}msesc|WbF`t&uCcC~ER&?5cr4`5iw|VB^|2DvMUIAb> z|1Z{meX+N<^8b92rx^deYyqHR(|qm{K;@J_S`i=*)_!ymAm3#x8K9jEP>r#b5U_fd z^|a^zi`oAFM+^SHySH87|GO`DU#$55Q#>~Qd&!J{W%q9pmAO=#zc=NA!QXpVvi6r+ zHreaFkF^Y8BNyE;#u>b=Y`k|N7li>0bQ9$rl%#{g;A)wiof`RjX+rr_O1Jk#lfJuW z@{e81e*F}MnV%pjx*wCcJpVi<+D!iEx>E1W<1EL|&KjrFVyWYtC6}!vj;DXx^MCDK zw!j6zO#OeqSpWUS-isCgf0C!<|G8v2!0}1^x3K`!%=x1=0X*F;fV86x{yia0gX3&Ay=mnF8TnWi-j1EC$>X;%?Q*beed~JhvHlJ?7DMu9Ul=^L4H7 zS*e<6iPhU-$nJEf}4yOoPxWz5xcj4?)7r3jcJ2<_FqbZ=!0@dlmbZ5od zIRsOYPNnjfN}o_l$Caa0;UnLh$v}NfW14nRzxDSxNusH3@b7w9AK|G#{}SWNp#U?^ z|BKxh`^Efk+qu+JuV zM9^gxMYxTo(^!ebnvvp6Mu zh=chy0nyEE>lR%ad48^rjI`f=VHR4D7T_UrZZ7(T9V@4TO8w&PnYNGFPMiWZ(WlVC5+28vs`1-nz!g*F5#U3 z&Hd=|^4qI7b8LNRTRDi8jQ=E0t^6-Fv?Un;X378Z-v#~uV0UjN|3Ag!na^=CP>U|g~uY&}Ppm(W)#zijz@SWudI>hm(+s#kvTI+yx{KC=q>t(^py_<4rwIFsC>iETK;gsa>xu z9arlyG#B$UYgLrx$xfm~PzX z8eE~5?+B;EsRYf{^+$+I6J={iI1%zVEzsp1z&?tiLZ9l21O+T4Jyp5};V|q;3gisK zzg{t78xBJji@t2Dn%etC_x`bRfY8)w*{#YSTNvYam*=y`CK*de1q`EG9O+#WtGmZu z%K_dcahs9FBo$-E(z#J*8qSM2)2?xFM~ZocIK=}j2)f5Kb*)z^Q@H|L?WT|cg3Td zhD0UQpRbiLdH9`XE7h_6Q#$`zDBJp*VYrtIZPjg%9&o-WTe%3fN}{w8N7$K+z7>vq`HowbQKsvC5ySinwY&m0qCkm;rxO@8J(r z?O6Sh`c*g3|2P>vh5Wa(y}wta{|DPE|DUIM%Je@@M#~}mVAW}$_;E5KZArcyl%&;` z=F1e_a#iY2!3#40rHd)y(jd3X)2!pQ-m{k!rc)s&<-%;W-Yo zP>)&rP27?x`cXsv8POR10s8tb4+w(1k(z$jImuR1Q9XY%b&+x!kGlEP3LG+@ zahgQ=pJnEEq$(LF5u&NB=!=npzo{G~(15Y1$QezDt^wUmc}B`!t?o#S_i6#sL3f(qARtM4bus6_R8OVd1V?2lklIa<6(_jp zxK%NRPVw)YH-v*rEZ{(PyRMz?SvW{IxuYzDml0#PS%SKEJ6+T@Za&ZYS0o}>kiIQ9 z=Cyi*|%&_xj5;gS`fY+NJVOAj0K&_B@N;6+G+rcF_V>@BZ`z3^?+(Ab`(Iz)_4xha{)@fcElW%EIOKZRA(ocK{lS`7VfKH|SW1cm zd=@hyqIn1OpF%_v7Lr%moc)*sOc+n4-ccOmm%3^|+pfG1IjM7v|C*Sn1v ztHw~`r&UD7GIg|3-AT=P%6K$4N_dpBL6L@Cbt=1X7P{t4bj{A|I-9Voe^7tOCGV=; zFav3JkPpEb47(m@{2rPD0^Q%yqjV>P|ruoE)v~+xYlz->zz*+P8LBw0$dQ z=~0ErDF1%KVwy6k3l!JB_Cu{*U9#}4`VEz$<(?^7L3`H8an9QN`co@p=SpODA!@Qky16(i$+R?g~K=#MpVrD_xegWH{Jt^%BgvHP2w-VZ*pE*p0w$~-t z3s(li2N?`ejd{w&!ZBoJMi>PwvFWSwU0O8T`5C1kal;8A$+2vl@3@Upjs(@tnCR9W zp8ciN0p>PPZdC82n&O`1eS+ig!j7Sg;);ZZ#YPp$65MIMD&1w4SEuGuaqBs{Bz(yD z1m&4<$~U;JaCBGBex^~DkF|ugddT)PSHPW7j(#@u2}!Y3xaRVT|R9VrT6mad9U7IU&Hdd;7JY#)k zrrB7oh*>ZHl_K{RmIG(Vf4jT8yM_Eu+xst8_rFi_C|}r8jOWq>!HW3Lxdg(B_GQ74 z!jK(l5P}L%i%nbj4om7+-uSb~AoRacl~zWRmUDKG?g<*>ySxrxh^Xm6Y$C1#{Bm-W zoBQ2~#vysXDgSGx2rFU?peTAXnenc|DazQ_R6$`Mp2f#f|y$Vrw;A&th!FCRIi zBR`c@4NX>`c8l_g?PQ~J$R%lozVAta<*s;JqY<{@&#RH8KL$hZG_pUcPvo(s-u&lba*xQe_8VX zf4RNN|NJCR8wRYCuJnq|Su`aRmjRhi3pd}OzrnY@oUW3$oyta_?N=ATH9-G}B#3TF zq5kJTJH1}7(I5eRdtHMC0)Bqxg*v*hOWqK&(Yk8&50tVW@Fd!3Xy0HR{)nht{rMl; zTn(2j%riACKn`a4|L>IYzwf+U*?*trkwQYp^Z&G_#YQL4Sqag-R2>aYpr*H$j-cZN zyA-EpkCvhV#tE(q1{f#U@z;~^tGxHMZ56y)JQuZ;!8_T`m)U&sXM369BA*L+`M4JI z%%APx21}Fo)6P7kghAExQ}T0PJ=IS={VycEdVm->%l`B7#ml1oXXoXL{y)j1oDNH= z(ZK$*1oKZRYua4KpHl1EJ3%@b<==Tm5g$bP{>5uqon?E;w=rIiPkbZu30!Ry>CVS@ z!BILcrTpp7LcR3ur>RUcs@sL`4D_n%S|lK_$U(HbQwbH|&?!MvGFn0Ug_M=4Maw?4 z-*?@iZZwiXBb3NK#XNm}0(V6wf#rv}C~DyUDtX`%LI7v*|NVoPyG8rY{=q8$*ONS@ z_`fr?>`Ms&wD~9N6+rz-+dx45xyRx4Peq;2?B5!_Prr6_zak+2!w(P*?hSF_fN+C{ zwlU#8VipezuOEH6cNfRyKr#1iJFv5L;)+=odYW6Gw!7U2K963VgDCsYz`iKXKaB+1 zKY-4nW7U7yU3YRX|#`{;pipYD2;Qrp3}U? z9;)lihF(mQzM#T0yQ2qsbvehZdJ|r9l3-p|J5W(68ge%IlVEYvQkSqYBI(@9Q5AmX zQ-DyN667AWs<}3*K&6~Gb-j6Ratrm?qyWum+N1=b1r(v?9l8W%2+j2Dtp3HN&Q@%+ zvS`Jnr6pNLSni=en08+Zwr8!TyVvEB)^&o=4UHY-0O*{ZD_=R{wJX`idc8Mg7n0-x~c-zjpLL7tlibng?=W zea*(!wba-Ai9FV2pUshoAN9o6$3AZp{%ZM z|9zi&{;wTAFQEv^gQS32{y%%WrTEX6`@1Xt{}fNj|HoVQ<@f*<%IVY#1Kx-21Ok7! zj#%KoC<+Ju=B^PDypJ3~p$vLncOieGO^!nqV`%L{R5kv`k`KJTx|My;V+bv5nU$;2 zV?FisU)5$>Mh4Jk`oHsHcemvKz4vmZ|2@g0EO)BB*Ro>1OjWPBe0@wK_n`ZvUKb&A zXuSTVq=M*AtGs!d{CPCEQf>BTcOKQMLPcYSL`$CG#P+aS(w$;HBIz}WppZ$iUEyu* zq^fjP-9f@x$^r&R?2gkksfcMe8Nj;FViuCW(W-CcoZ*`nFZQZl<8)jcJ^YrZhU;!s zw99y;ll1kRyqZ>4NRigbHZ7QxRn_d*;PlttJx15ZVz-ENqxO{tC*TVbnzEkSkPXRe z)*H<3V-h8Vi@xo|f+(=iT4Sd(kBtpfT6Ruwh$4o=0giAS5RT3+1=R4KkQ7JJpo|)= zG8d+#mF71LhhJ$>-3oK@Jx#~uwvp57?6T0z-CD0u%B~?aL)UBYKPpHcu24lL34?m% zB4r$p2+R?-B1kb1kjQviu@lr9Uz%N8vGvS!3g7sncumq^torbaiuu&1u%qDnnzIhw zy=vE_GB1b^XNGA>ZzKTk7?@0^x4S@F`-^Lv=Ted%nQdD-5fyiyg%r6}$bN-JQm!oa z31jr8SFtNn#);km*<@fiSD943^82j8Z^d96x1MnrX}9~%a@Uon4OsrHY7d&O=h%j2 z_m;}xl{aHu!>0Y1Lu(?9HU2408>tazdMgz@g9>A++ebj1BuUQ~wq{dF>=yg3a&jnq zQ=w-%6m?xEX)QKV{sh|_g$!vfL4|KBaaNk@*IGM;ttvOM3hGvKAaTm438SV?SpnTC z$7D!v^E|k6kETISOobPk=c2%@g{@|$fmGdGH+-&c-xC}Z?=KsMHb1cPRbl;aRqLzq zcq~;|lZ(23j@1qx?WR`@e(%m6Ox0z0=?FLVID5MDVY6~`DQSAl*lj5zbDmeGVtC!W zVHcHvI~!Z>*?Te&B*-}Fmhz2S30VusqIz4GPqyu#e7)|xtiWP*)9M4P33~}uRr}0l zeJ*{jl0Un{DiRlubv^*lZ;h!HtA4BctdgOx=VGM#spJTt>gYvNWE8F%K51U}?b=tk zNI3gqMuXZd?)6oo*gi#X_^=)Pl7v$bhw49U5W;axQz}TUJ^`@GI$`^xRX493`0ut` z!EOcGUe{d_#hKCln8b+w1r6zYBG4ck2^4TF#&VZ^{p}fIvC5ZMDd}xJFAke=w66XA zUDHRwv9m3u`yH|0@ZK=-OO4jlPb z2h(lWTTnMwwrtfkt13s;)r0G1TsD(asv4BVe`Pe9XTU1^>!yJktdbyfQuh)z^N?^m zADbf+GALGfnR(u0?(f>s&OuUnQZqd^>#q+U?yormcI(7@7Hji>Z|$R*ugT2Bdu7S9 zLFAm@sc+U*&K$Y$3MlgjMgOAqOqE?T6XcwQ;yU(`F8;lpeH6e5HT6 ztUC7ao9jc_weY)cU&|yAmE!_~g06|5?*seNAAiH0V&B{&+O}P{lfu1WT?SONy1DyE zo`(CsyI?ux|7OSkZx{VP_77gJ@;^PvqxkK2$IH9?y9?&M`I9Yrb&>r}MQQKq&-uAm zjOlk?&KJ?|LY*t7-)UHm=x>SzSod!DrU`NG$Sj>6;wT#6;Pyn{?76eQnI;Xf{UdO& zi583TchOiOkF<8qU#j3!8Ju#NkF+A`@I@R=5$rbD>2!!_x+aj>8B*5*%(Eft!e*>- z@+E)Q?~7};p&fv|B-K=;G#(vCm`*Chv8PD9{UN1ke+X6aELHJm4acQ9kfotva~R9= z%o_jO@^fa^^M5|TOA-KP@&AJtrTG8tot6LRlRPT^ohKI>6^6<5+lmHv?!zR8t8zPlh;CmVp zC^Hi>B4G1?$g_#C5ZQ!iD@?Ul^LkY+5S_0;!tFK&Jk>R7tijS*jNQ*-_KI|UVmjcZ6U(6>6e&dOkWUBP!U3OZylulh-3dHaFbDL}_4=A8c*8XJ zQe#)KpDb23Wp@y^_o5EunTED3Iv zrT?Qd^;bSk@}CY0f9(8^FLsLcpLY)S_g3|Pp5)O7SOst|$pt{~oVf)+-D(a;0JBHi zxdPbm_qn_QM4s;<7d-PE5gxBMJv@b5fbOeIj?ZG68VXmHTB;xzRFh8aYKRm^hHq1* z#Hk`U=aa)qiHi=aZ+uH4LS?G>8Zo>8qIIQ5Sw(nkm5i=8Lz9qR7~ula zdTYr>OPzJIf^zQ(_&k=#U7S>NE~1LuPEVX1a2HdALNWNd7#+u_CY!aYvplx~iRmgMel6XC=dG z4*R(Yv8!j{XQuprq)x#@)PPy{zx#W;#rxmwRsH9uc|7@Ful17k01b69b-*^BUn?*K zysf8jVZ$$^B^V5rl?C&rPG>OPKB4NMyIlDef9?X7IoPdjcb~TaWNFGu4r<{4_l)00 z42KUl0M4@i?Y-P9+W%heZLj$MQ#^3QzSm2=EXHrP&YUbiZ#Drd64=TUYBMeV@_M2j~0CV*CHDT;Ck$mh8TEJIur9y-vn9 zCofe&1uT}k5U18E%HlknU=w9R{UmhC(b5_$Dmz@;Y?tA6LINZhqA5fy#cQduGv+l+uE4Ya~)4S?-3xR&8R=th48yKu@>&{Wa+WEnwA%E6(ST%dbGl88+w zBu?k6h7>yO7LWgTeJ@HwyH0URhFNq?<{X>Q4aFiCv@HjBg2{x%a}Odh2gArb}`DY!Uyry;qd~_Yd}0 z^*^5E0p9YK@R5n_(;3Ch1)`kfyVrxIw63F_+e+%@dpl`bMW;I=%&{3^wrN##w! zfH+&3@EY`TjbLcyc0DE6aqpS>EsqQIWbDR<5-~OH*4c!n$YxB_Nb>8vKAT9~hdu;Y zkBd9P?>S9LVRT-X9w;j$^-eNgf77Ry{%g(S3H-ly_V-_u{J(bg zSM>iW9-zqD2m)l^)cjNWn%0&;2?|)8Vj80{i6)3}ZuK4r3femF#NbwIEkPDB=^QZCWEv0rE? zk#47Yh<=KHiqV&M>c7{-pa2ip9nl!>yX#WLPd|EwT1WpQDpIlaw~*Y?fV`pNA-cdU z`oFikU%da{*Z87)BBC?LQVY#XpsFV4ua_6sR1SUe3GoTEL~1EjzRe#Mw4YVK9Gs!t?Y}L1D6eE29^vL@HVgt*&N2uw2Bo8p zJ%G+pP6xH(084ph(SOF%2TK35>HooAG5^EMm)ooSPfzm9r2l#YG!uUPyDbh2Z}Pt! z-tcUUh4$z%rFPxOdWU@^`fguW{&tv$1+0t27Py7;c}?bp!bi1UDTT3CrxR#Z;-oya zGsPVnXIA2c7AZb!W4xNL>3%jgN-j#KfY@31zLcBK`0W&C-@u8SS#)h4!#Qx(De&BU zX)4@!avZqqwh~;C)#f`Aa3)HDN6wr|-})@IvcIb4rjW56wTrC}Z!nrc|Fy^L!&tx! z`oFvLvSk0+Tg87o%`=PsI~$;t?C(&G2HLJmjR40$IKOWeSVmC@E!N_6Pul#k~B{V|CqbQCjAmfyz={=dCn(*Jf3UatJVp5*xgUE(w) zJci3-wF6WcTS(u=NrY2+M-UXJ z%zwvm*!cp*WTav^))P*K^gRg`DgOU$^wqrqi=m|)5=sb15sgW|(?7ZX+jYt~>3o5X zl^fP~$JZ#NTy**)nr^}WtKoP0gJ1a;{J;5OJlc}~XZ{p-@m3CKfP>pCK|>l5(Rtn% z_etk@e}Hd0&->{_{+n?+>OB9yI$xmgFsCdN=sk3lS%a`aeJUKX4VvXpV5 z!I2PR&kk$Ab&s`Q={F>rAo#I!6oyn15FDXz1wmhP9H)oq2bO`OM<$5&I@RFs8NWp| zMhRzO7RZL12n!Ukc+^3a4;F}~hzdzuNRUQTBmgy`_F8fWm~eJSLlV}2V#6T~D2@;( z2@^DBe7cDOoZ^U$5aSwf-;N$ff}sh%B`D$a4yU9B?u3OZJF+CCDO34|ilYS-1R4dK zHIRVPL->t{qkgC6d$~YE7Den{a)tm4A`s?e6NMSkBcU9{IL+jbay~VHjHw?Bw3hcP zhq4AchP+QA8c;c*gtIXn(3FISHNbl4t1J#9U^7Y@mZM`Fg;XRFo*Ks0+9pbVAM|-^>0{5@4u1^fOPUkf^nGG4AsQ&PPWhuguWadgHP@lrAIjE--5~l*NDp7UK zhUvZBPn{$pSPBwzaN6FS<${`Cf+1Do0 zUH$97{#$?XumAc#8zwCjj?qOz;*N%45QV;B_vDW7O=#-TF6D_x?ns;}FSr3g6C4tR z?=X$!mRK^W^ByF6wNP^LX#$&}O4I7REh2HM@;d5PX)PVvcC z=$P?@afS4w!6rJ2B6KA`73hjc1&xIL&cFWaziV*xumAc#5&;;c9EW6r`K{b4)xi6m zPH&k{r_;!SZU~?TZdk^%a8FqRYycch3-ILHB-o+wGe#nmQcpu@uby#nlrDMkFuO#enB1jYwu3p&gI2m$GV+A-9hT-{Jw$qVxAz+DQ7aA>6x1n;Y z!T|uef`ooMwGjCM0*)v;Re0T$!T=JP_8@0IJyY7FIo>!)B1%L@5V?{miKZ&99|z;+ z?P#`zb1LBc-C;iMv;)Bjuooz6W|pAe>HJ{O8L(I+G{{&cqN$N0yvfL;3H?|EN-ALR zCrMBxg8E2pO~gq+BreNiqp=IKV_`y^x)wom&OcRWPMsr(nSjNL{0Okt4Vk18dY^V& z+(Y=We@bu)Yb!TOJgq-GG_H^-3}|47I7^w70RqVpJN9I%?pz|^w>4sbK6fx597PBO zv5sC*QB98}k8nWQ0}fOJP>$oNW)k2dK6SYrM-dw_#D+OZm$Hm|CIwnI;=V%F)X_Qc z3}9GDiIx)~_mf{#FCX-VoWupX`Q{Xz{^jQM{03c~UcEiLxj8*SU;TiNE-&Al9Up!5 z<`lg-`hF9>(|Y>}`u^hT&*Z8eLqWv$vOT&Q4D@(b@U&n{Q9f&c8Isx>J?|;UWY+HPhV82N&2urOe2O7F#%qI!a~YB%lc;dhlg^ zJY^8NV@{JpgbzENoj$r@S~8hR+?7QG`04A*H|RS}!giqr3OzW4&2DTn$wC9+SVa-)PwZdL>mePz#fcBV{+!P!;3O@MRsLqb2yjH)qMZeZgcm+N zeGeA62%W_#;X@qA7W94Z*_G0RR681num|}faFBwY3K~H==Iq`^W`1Hs@-u!k{SSC3wgSS_-UP>ZM0j8R(x2kV z5)!~P(f^&jgM-~t{>S~5|MwF;lKvaB^6vKTF5K|A8vz}G@k#VMUv$36b?#iKJxXve zcC2=;P`WNZ=;~M9jo){^uv)X!&8@C7q!9t~k$`dzni9ovKyq!#8pXe`*JW&=!o9sL ziq^!D!hq#7PSfOYYwQ00zK>zBea1&yS|bqV?z^|!--agN#*tL$TrC}JRRI`LBYY3C z_J|XecYwy|p3@XApNz2H`64&AddRY3qwqdp5VYO}RlTbe_07%~$f(q=8hz#Hs3E!F}Y;dqqc5kVt%M>xd7=SsBD-W$0} zAj*^KcVs`HP#$_)$nh?=RHcIxs&~pE!U-ksQxZd0{oCJ(K4n{XJDpn^hll7m6DgZq z5p}V7LWVR3LBC_NBucg|xzHgBqD-WOQz0_KMc*T6ly#(bG$4^s_lP)24$+$X&6@eW zf13>mk4Z{kC<=J1PiZVtxp6B$|H9_v4E0EApxhbEbnkZhJ3IaDZbvSZ9QTN`Eb;NH zrUrQ^)yy>B6f({L8Sr~VMf&IRyEjyTPKJ^w<2Wj!5nc%zkFp5!!b^B3MUWBW)O0Up zC3k!sghap+V!Q1iqoC>*J-vQ+I~st<23#+=$Zvf`iqlLSqTh@YWv)6x8VtgZS(Hs; zr%4a}B3OKh)A1qdtM>ieMEc`@uKzEHBYgF$dqr?K?QZ<6zj7{9)!5*@^Q&xjsEbxU zq`L_b0*^?kzw6>K5>6SX>GTlo%ry*~OcbudD2s3CgoqSR5(kXB(@0X-b;rdI_3fbj zlM_i}NSqp*7~C;(_(J&<09iM=TCmX9aA6;vrRJ`6lwr{76&W26uvb%)I7ajaWXL!{ zjKl3|z?l%pToxdfXakt&qvJ@~nhaYJkoA)am88RTX~(S02v@I<_xASwr!uR9kBX2# ze|vM>FD=E9w>%2tVeXzGq@INHJ;xFfA6=e(w|8B5Q9$#Ne+=^xN@Tkwu;p2UJ9Bjp zlup(4n~ACiGo|wNz>sGJ3^4E13B4l2cW6jS6bge0K_@iAVA#YlQk`$2vAW{c&M*3u z_u$}$#&*cnl9c-$Op!gWMj4<2mh(A|r_U92N^n3_eb-+yp{y}NY7h3MG52Z6X}^Sa zwWXY&4V(6TLwdm2yu%}ROiEpH0u&@?Lk0HiSgdTPN&xvr>zYBEMby$S4fh+Ru- zrNyxxd>@on!i9-^)j59cUFNVFyBsE2tlrYQ;1jFT;#&>jpnRwr)~ zeqmRAt$@Btx`YgKYQ(iik?JYdt|#JQn^9t zFd<~bjM~*XAp)dg@L91p_XRqp9oyP=T7Nv@hz1i<<@x2)(&M+Mx*STz;c!ZNuEqmC zA%J|Krl3+_$pC)0zrT;xWz!AI!I)7i1Rcq9{eFM@f4an26lXPKW~i1%nWtyG{r*g* z%FuH~hBaTRQC7TcLLdSe4P4|Z5m`d!S6GmP7d;XO4DM&3rCjUF)3@mONcik0(+Sv2 z7BqE`9QGBAF?bgm?hDtRL@k+`P#?X`wEGl!FIf+`8OU|IzNN{{o9pigr^D&*B@lUn z)n(lAk(!h2JmKJih3>S6HXIWYoI+%s&|Z}4-y;n|iXtc`_i71EnV4HL1*E22@+LXk0zFWcz~?bb zpBu`m;TRBuOlS5ZkT6}jPv+o_oS1>@NQmwz29u%`HRPalK}|Ub2t3@hThUrG^g2Q( zBU2!udNNi=R@3O4nyA2)0ema{0iFKiw)OtX}SJ=Qpus}Ht zS!0Pi743EdBA|rB5~VSzv`b3b6Deo$2wW4uTM1lUtxyhfqe-}Ewzc-m1bYsR!4+5@ zHz2t>^B~-)8-z0MQBl`Xm%L9X2hlzEYKEB#Z|pjepJu)~v8200K!T?!1vN}mn z7pOEPlLT;VPbfef(K`~C`wKV;rLc!1;d&#QP3#}(Mts(aA!w#3fr;o1bZQ+`Ws18EL=Eb_h^iHsKlX^p>M8t_YWl58?gw-qpkN_aIn~xlvVph>D+x< zuyzEbCu_usTm~4#%y0I7_hRNZ`#ZZ$t8{kKdU@b$!>!IvtbTB$*taBc@^5<~d6bjx z0n5OTsBUwkw%BvG=R59u;PG;$b1g%D=2(unf zdBaPM2{?L1(^QaX2yVu*PxqU;;p*iFe{3~$C6NJ8c^Gr=Z9Ssr&nKBkpFfAg7xxkz zh9ulX15iNFw^whFQ9{6iIdf|?(mvFR{vm6RZuq1PeM4$5Hh)mqhBtZz^u8c*%BKaC z8EJY=pm!1}+PbI3HATU$*#s05xQYCWvKelBEJovM8lVMEa-< zCuX_L-OysG5X3}f=nhFl?+7nw=*B+QN3R)2<#aJr&!C&^elC*TsuCKmUKmKK>YgMk8+>;`F#8p!*{3@ehLW5i3 zguPTM=#Eb0#G(O8wcM>zxwwrrv9ldPSg0{6$x$7j*KLm$M`D8CzajA`9Ur2DYW`ed z6Kb`8E^WJFHI^z47%RH$LM$a z`}-R@oJ^ZHY89*5ICf3D?NEJoetmlU?bT_uCDbWKTQ(FZE3a#(tAydxb%& zc_%elqy&rZ2(KmGh4ZRDRtjYV$&80`6{Cp6BVu6HFkksn-)or`d8E9_tAj!|kz$Ob z-;oN(Rd-<8OAEpo-C!FCFATk#F3${UO7nPzuh$UVsHvxp?%za$kereh9Fi<8%?ATS zVyhYRm~%X>`9f;i4J^~Y4pb93Hi*;6F_F6hjoJNdB$**D*pw54>uF3l$Sb8uYU=rM8A4=S({NfE z0ov>D>h}5M{Cd`B1yp>igVfewYn_~5uc39vCt#cn`T?74{leIoQN=yOSZtu9%QJ{H z0?d^Vz)8S(Sa}1zARbU_lZbkHM%bTa0QMV=nV3C}_G^M*UHoyhX;bpQD%=BD6=dy} zOxKJGf-6*y7zs~Y-po}IoO=#~>^yt5(7Y>#=3F(@#-x=$^DP8wXXeVEPgr^JpVp?Y z{AptZtHIRAt>!!kGm<>C!^#|h@hzTUx***?g2up|f0Zm*5o8c=KM4{|gt%e1B%Y5< zEAKbeW|5W)bg8q)9b z?gPDI(5v&jI?tcOd9D=dm#^Ucn(+si=HAkPGr@)_I+B1u*ZcT&JF`)~<}8DhA?>uR zY+y0a;M!@P`3Q!h-px*e`Qxnx9ijmN938&h_#F2Qzl?qUgQ@53L)wA$WBODU^>RmW3OSL2TN% zdFM~BG^qI+9*=2^7ijl2;S(G$(D2*quOXF)#BAHnsa6wGM+6wuRx;gT1D5iI2?Yw%K6dT zQ`6Q>9yr!=f)cTG%ndgd)n%Sj3+ce-$G(TVfK&mnnHlLYlw^PZsb9Pax0}A2e*XxDM^Paz@7zL zdPG|rA31S_HL1&H>p%0I=p66@L{%Q>vrC&{lW{Pd+YBnPO~I~G$Vfh>qxW@|0=b{f z(&~kT4D%4;BtKBe0LBD<(Ps3s%ew>Hr##a-+Ly#Z#B_0f@%IdKf(EeWsX*(bKSDq5 zZg1}#hJ)W79`5|S@&Eomzeg%lW1i)+nEi7;Ix+A4lc1wkDgA1&zb4UtbA9$T%G3H; zvCO6p1EiO*-Iu2-R8lDjWAEO{;S_Ga-@StiE%oltWD13>-hoq=O6xAEu}!C`a;U@G z^#BXfqp={dpmOau4$-@J-@H9KetWY2?w$1<+1S)SUw?D7^X{GV*Y5toyLWO&* z5JypOfP-6gEu?Z%-Jv_o#U>JCEcdsYKpE=EF%Em+Odow)3!{*@MsE2&z88Hw!N0N? z@^Xmqwl`$FH)30NJ6k%r5#ha2Mnht=+Q<_j!rT5hokU;czB4^%B#*+}on?K{Rojgv zq;`=S*Vv@LPBJLysg9UVJa(%VO=S;)zpVYCly$Ijx2*O_+kLW<1Xhwj9i~20NdS2s zY>W9~YT_jkV=emNJ*K4s&>UeyDDTqPN)J+Fw8{BGD4G^AcAF)d!~m|ftn!A6GYun65~nVQJ@s zqNcABu72dEfYE%R-7uwApU)ZA4ftI|tguCy{qVJ77+!*f_Un?{*(@ARsL6*c1raAJ zt7HWUXOc^(Dm_#{oRhZ7BFqOg<(N;=pRO;?RlyKLK(r;_FMg8ep{F{cMG}u+vDS3m zhO%!J-~tyfeV@-r=4S7LXh1epqHNt;2EhnwAi!gF^4OF)H~1CT^sgC5AxSZfgekC9 zC^8GQZBrsZWKrs&(aJh>l0=ZW4%T2zppXTb{kt8dd*92cM-S>a@;lPY;@gGVVGojm!kulrz@17;R^$kOwk$I!$y?jz*%}k!in);6$zE zuJUV3#ggQJA2g4#PUc)lWb9NzPnZyNpz^X;=HzCevxEWWp-%X%uDLZadiT7qGxiUsL8HT?Y%wp2R2-ATp??Lj5=E%_yw?Y6$aX^NqoLN8@K-EuCi zy{T@2|IDaj(6Ch9OEZ5hGpca^Ayum(iJmThzn&?y<;dAkM@U!fmI9;Xyd*?eW7W!( zR;_e^0G2cf1T*O^jYEivQf-|A&*>Qb)IDaL{M5}0$BKN7fU?P_fz*;i3~q=)m}FP*x1xt z#JcEdYjHF+6_tPL{?tY5DpXz3@D13D+O15Amz=cS7icjXlfo_7x(-n-dgcJ;)T`Uw z->vO8N8I~$yZ1kTUjMPD|MlGbwDF(oKlK~mZ#;k2x?j0wi|<1? z`czmd=kLJcQlfQBW8GJ0o>J7a&iU&XVDY{(q-*0Tw}Kw&VhevT&$>@&Y})NCv|Z%F zANBsK_rg){uXa1=e{cL}`~5JV&9%56Ou~zz0$aZ)o?uNEK9LKpj8#@1hDD|CIH*)V zw4m}ikF{o-hy^$*L&>@SIZJJwQ^JY5OETw>XOY&dFLTjU$*NGm)By~YsWFEdXvgwh zFMsDsqFhTyTD*Yas1j!mmw*s+rKbosA?a9aqdrD#OJ&vv$(VUH`|M#>2~(t?qabU2 zNZSUbC}SnYuQ`S?onUv7qB9ioqyds(Qf6wq;drXSq0+xBk=9q+0&eo*DtN z7CuLpTBKHGa+T==1Z6lPu=*&)d_M)n6_W)s5H)}e;Esu`P4 zctg%~O&QbN{S@;Ywco@WL)AJs#K;p&BP{z`&%pa9{Z=ph}p|<&UmIsRyNxcG7>fhL+?5H%ann-f5_LJPrn>nT5 zbYqO*;%P@tZ?~d9HAr{5;9cTy&H&&Z0!Lq`#3eWfS+RY2d%Xny0*_h&d*%rRvNX4G0PuS;1XKy?as%Q=p>sQqJ#bY zz5V&vl4{tVDT$m?EY3(=a#Jc5u6uCHa4Vwj#}TXeHYs>09|UWUDFAo5k3NI8*`ZwT z=VnVBqBn+;ox_nR5XyCTLu`DUbkmv>4M9kmCX6l-9V&)r3jAZCj?uK9MmAtIXVH$> zTrfju<_vap$6Td+ZYU>(yXS{dTslNJMG?Uwg`%crL(ys>BB#JBy8G00_p{VkTg&as zu{-H2#v6&6`EOw^Odd^hQwf5&R8E~sN_`)wKdFgRJ!c^SI>|UXRyOLhOW0w$%y#J1 z!Zsf--6?^_BThsM%W>(3SGUw^N$K|5y?9l%n;i$C!8E@|f`ZkdPG)3b8$ID0GD#xb#;>7-HhcaJ?otiQrarR)*vi!7A<23Q=*HILx_EpZ z>#}?PyCUO-y`UrP1&r-2Nikw~gmW-w*{ba>8tlF*<3ep6*8LdAmcTf2K8B%0I8nEtH0}*D8W|5l#i=!+25ThHFf)2RaIeX{UdVIZ9xisl zhurzj)2vjUKgU|Zfe(ja?i6aAI$*!+74$cIdnBPn5rrP;&f#}Hx7aj~3ypa^WWRBI zXjXVGJ?-y?8r>#ofu(u)9^(>cvpzRm=`J)DgsWNxDMK{%M3h<*2JRG6gS3v8na&pz zu=tlO&XxF_Evuxqk+R6%+L8B0QY%vW)C5!TsTK&Mox>e8!AYWQrRhB(j=TNYr7CY# zoc&y!roE>V3zxxU6BaJUU_re5H|MSrc`MG^_(7&P}m5{wNbQ3WYPibOV%K<^11jZ?9SXrJ_RTVf7&LX7)`x$knensOYT zkT?}+-Rdja0J>=%i;HVniLOmV(xAVw33kgYl{k@O983{SfntJBKWEuU&4fg{V?RDy z5?RTp;t}eq$#o4EmEe>wm6{)1(Gg+1csUUXi=idFInBrRd)o-yF$^-tbTl@ H3> z*I@p$hZcwgC_ZyV1{9xy5U5LK<-5vR|CI2F#UgAG73i&{>xoW(p_Tz{qjlJ1G+h(0 z;d?CE=%XVPXZFlBbr3TPUjx$h;w-EMXZ#>?r=Iy;=!;KJV}Qg#TgUn;APUzD0(cnd zHZaUA7Kc&FPY%ab*l=gUCz}Wh!2$|mu|1IfDOR{xbXTC|>w^vTl0pp~#3 zQ2|~JKDIp~KbXSXHKEm>haeX%fzsvAgJ@pF&70wzq^V z8~&`G05b0c6p?VG2`*dD;Kg#(aUydHv=uN~=Cdl?&%U_`7-H6Ie0b@~OUs;FUK^Uj}CiXGW@V78DBaxd^6~dcYx9J`$9C zCO9ADl;jytM9NZ7cihC-5lAL%DvGgSx#Qpa#GidIP8@q;pE&l0+#v9LgH>UEL0Jcl zZ=I~u$vPX1PS$BVI$3Ag=wzJ*qmy+yS!bv59A%waVZ15N`?P7Rr!v`kUbKMi%@Frj zG~_ldZy=@lk~?)1Ta>6Q;>GR;y3JFwnq%8kEkBldI-bmHMHC=7 zQfiXx62}wPp4662g=O5<4DE6%f}^!6Q9i6(V=2>${3z~F2ivV65#0FrbiWEcbzhar zdSc?1AUv$7FkM<=Z%V~VXl{3et2NNh4m@cZ3zxZN+X9o&AB3`4c}P6S#D@Jr5{tCx zMBT+jvxC^VtEkzZyIY(2!Ts1>CY)Qx_VlJ9?@$fprRth>Uqe4A{1XuT`*+*A-PoRZ z&CdL#shE{n=Fl5Gaq}Qp;2}ex)UG7DZ_!bCc6EV;Zw0&6xz6->7M~y{4TWNyp#7CY z5-r^&x@sJG=VMtqIv>m2=~B8V+Z{WKSg>b$V!ywg|oNa*Vnhqu)S|(S#d3S6>ccS;|p#{clAv{mo_^ z-9le5Kp3bWSs?|&E+sFtNU!SK;+aErNPN=iL-nof z&5IU06Kh=YlS?MrkN(_emK=X=+ix!(`%-s79rZ57ecPcx)%|BFiWyV@s8qP9%&c$R znQ$YvD5@|&_GmQOr%hqs{!P||ck=^i+48nPJd1_Kzy&_*%2&OIRqj{C*`tE95M4hx zBO%+jp^)v_SjhHhFl75R8nV3`4%t49hpdUD_t=o%eq=i$+rOcU?cJWpn!pNIuy`ut zBHZJeeepSid!M#N)&w>gy%|aS>a4%*D$8%_VaH$SZUYJAFAY4EdBwai~zZ2aD^JaT346%}uNKwMRp zKSax=?9j&$9J!-b+SY$mR`#nWLR0|+1Jx=f)Lh>o_AbPARoLT5uPAD3kcMj8Lo8`g zD&G{Fg1wMd19kOyj$$>e2W0CCc2RT^hfBs4r5kHS@k`Lqz0vm+b|k~s2kbRqeLS(m zhT7Dzem{u3Bi`(}G{)n`r7;?jE?s4et}@0>l`-H)yxe;)kr7(<7uXkhT4q+}Rg62e z&dE?q8Bqjl9pBy8crt0?JS6kX=tz9>q)rJA0saDr#ActHWWBe1-^>^ zeA=O$yGP~i!`ipEXuMxM67RQEUF2E%N1mP5@$2x3bSb&*$ET2z`wRI!KAp_mPuAD* zsbuDM{*8^sZy{lJul|hAm$7G=YA?+HX?z&ZHes9XJ0h-&hWjO>;X3WE)9&h{)9&U* zr`>HZI_+-x=(M}}(P?*`cGqHb+FhsJwH=*yw-@bhe--$^Nap^{mh3rZXmwTpy12`&j=QV+w|@NQtNztu0DrmCf159( ztN+*4|Lf}ib@l(c`hQ*hzxLz#drF?2{_*SZj&v0w+K;Y6#M04Ki0CRrbe@iFMpq$X z!_j#)x(X2+j;{V+7ZmNCwe`Dhh>@*HR7M}yl~RD8iIL7`W2g4o10fBCl!q!NPUv(#GE8r zB_g-*kC7ag1&H@2+!#4l{amL|zw4y85u~=}n)~39TjE7tNL@%fJI}Z=S9~gVK#t2% zb!$V=TF=aXV>A5Ua%V;q4>A#FNuo<-pJ;3J5ytT=A7fuuX9Cf6LmX+fp=kDPPHA&y zx)uAJE8GWk!7;1buzsLU)^aG_=VTlF#mP--#+*EDsS;#V8qpRIQ~1ZA2^@>jNF?@8 ztTdio1>O~;_doi7{b^ImzJs8>i_r-;wT+ligZyilhDnvmBp4zQviJoDcL0~?i73hu zk7@rbwE>TDd z$(2*lyeNltxm1rlZ3=|q7>i3kN+V+3RvIQTSKugO9^qyV*q>)k_i$%>%%t@)z7h7= zOSE)t=(ws&J<^4E5CuC-HM|3X??(gnlPEN5!eWdO)^yDv@*kvX0csC7>;*f-czHRU zid1qdve^+jV12~>_J_ZH`bLzt@%6uM{61`VXN>s~)V&%RMGdfl8iDic6-ML8NF1rb zo`eR(`G>LDqd8sLyvnX<|la4q54u0lO*l zTo<;$pEN`s{6c<6*@nNVZ;tpIock*Lew1mOj@-2K`k(Dkb4 z$d=-yBd98k3Kk`wKIG}#?NqKRpvJdq$h+gROPI4QQi3itVupPqHmG-TLzh*X!cy z1{zt=aaXtoHq7N{g!i`owmT{VerKY^FxkwZfti_s_`s)mCI*R~&K(s^szm%!{DQZw zrFzPxVvmoHgT|a2VKIWO!{T+5w!-3#+@q@lk9;!?kGBN?Dvl0JDjwI15x>dB5ROg( zowbS+*~rMTtu1sVP!qmriWxDHzcD5COp#+1gU1k)=kSaB*ZG-K7jrJ1 z=%)*GlyP<=l0w)ZF;GB3bPB^#I#okiQ8+Q|`nyYlJmk1?#mDGRb06>H{}+oOz6Qpt z1F-tcz&afRTJXR+7M>K@g>;Y~LQ?Rxb{grjGn+Hroxgj-(&%+eH}-KNe;d4f@q700 zRSbP5K3JiQ3{DxD3T4qJic(R6@;y0f+!r937@vk*ckxhr$YFW(0jFgT1xqF(x%b4! zt9CUs@Dv451yk>JX&3Ith^6B0dMdMqwydQnIx+c;C>-5xeK6mj-&}*xFA5}|jT5O( z0T4C~ImO-`{lmLAV3>f3C=FW_6b#z6ub=P{wjwqNPK5fJcW>KP4!8 z5S{3PgJMd@d&CoB-{`_~$7A=Q7z#hUd&3eh?H^36&0n3IIM5EHvi%QV4KiVkP)RY% z?LZgfrQYeMKk({8w>s~e@VHl-mHT(_bOIF%5|5*X=kYZlsQT#dOCX%9H@{@+*?Gz!F*K62Zti}VivZTfCkpo{N7;$C?d04kl~J!R(EvW z^>lRf{Nj3m)*Li4Akr)~G(YXNdT=`UTCDuhJ++l6@fU6;@>~}=&2jzRB^&bOUZ{nF z>W&KQO;6$mq2-)j6=DTuZ) zSMWT4r?Zvjw)&Rv`9&+oRadm=EYDeZmQ6)6;Yyn6akbAvlb?%-ax85|HoKmd=?76fNbz{`sEd24#(jsgeZ(wt0-=~E zpTmFJ#KyIPL$#dN95rHeOPT6$#&T`~XT7O~gE6b`9c2s5)2lq`+|4AHe;fIN?Vp=E zBJdFzB`~q;O}XW5fKPZIjohS5!e4<2J7|_hAYX|Yi5k~vY)uRI{D*rlu4Z>952q*Y z{gaW_cgLtdlm?kKe5m%sNv6kA-K`|+=&7vx<%lHEcMrmp70Mpe`~iF8eZ?C2a_$Ju z0!H~_e#qlI`s48cpL0MkrksiaJHx*WrAkdxeym*=090^};$*qbWFpt+nm#eZkFsFG z<(&h;s=fXDUvH83j&!jKCx0+NaC>|@ltNjS6autmo|#?<{_w8xj$?Nm`&Y}cfqCAv zxvh;ruK2apoEzi2@an?nJ|fRubBWqspca?s6TdjEFHM^Z^NC%SwR=zapG%c4XXCZ~ z{+S!`^}qIoN^~kxHiS3b{;yxZW#?yJjcmpqJn&4W-cVgLyH2=N{uZHSp19ceDkC$u z9FgJaFSobXH(>SFN>S7{-bAO!QVb+;NB5+E3Q`2v+tSzW{g7m(kq;zPouA?E!*#ED z@cpk$>0 z#bm={!di;C%8)@6peEDQ&?F#_Lzh_0eh>vkeYC|Ad@n+d_2>NDj~5*en21fTMS`d_ zaWr1-gK*uv4q!FwC47(+wzq?Qc|8wW$$#4Lo;7^u6XrRs_{}EYx;gpf=$EBF(5e0&_hKJr3?N7kQ%2+KRE zCRzsRwNPH=Jy_s1m^XS5$miU8J$I*!9IHDfR0`f&?=_gt{&#*a|2Ir>;vPAf&iaMU zMBi=bV6gRO(1O)&I~XzIH&jtm#?!PArb^3=jbnZX{*d5+;%LHGzx(pVi!FEXAQT_T z^-frLY%4D;y?T3n&2-`a?>y6GiUyAvL}fmKL)J~ZO~`;-TC3y4O;qJ0;NS>Q@KY@p z+FRWWiHuqS=^(h^TtvD9`+Q=)$a7g&A$RiOHs)&Y&Aq;CD6&K@fm=Fe8bU6^^@y?P z?E13PXrH5W!8(n0{oczWYkgCGc=yKhjv+S!{(saUs`d29z%+O+2T1D&K$}h;PFI$C zS-WJpeNT&VbMD)IxQ>@a6~msXnj!Uwbzix73)kAP(R9u0)j`mO2GsB zsEaC|H$Ir#Dzp@0C}<*PA3;$!$E@ck>%nY2KiyIdoIP9K*)fb3TVBR7Kw%ZBN$-QA z6qKq;UiTuxF}y<>N2H0^JdgE|6P$6mCemt;PHb<*S$=X{LDt0XYg8!U7qZylZiB8e zU}sqds49##Y|7IrAOYvdJxB5+vk-2zNkj}Wt^tzCP=%p1l#u4WPC8l&1PsY&ds#t5`E`-B%>T0P}fCOpgLN*JuT->WVoPZnRmx^RE~_H~uP=Q9p+ zGImE$qpV*j$T-9dDv4Xfy)meu5yI{0bh)B0pki$`9&=3-eS)y^j2rt-jHLs;NMBF6 zTzV(#$&mB!c?=ftKh3U_SYFKv;{<#E9&VW`B%yd-q_}%q@Z{dHLp2r^c1N$$TMIu# zklxl1QWgvC2y;OA;oYU*bgAS&%TVm83YIT?!H0w^#xtX1(WMZ!km8|wEfto_%wQlr zT#B=8_K;|WnQ{vcePL27;dAvSU?5fR!Ay@T$7Vs|!+?FK^rNaKfE8kB{@pvl)7jl} z>|GX?zak{RUa<;J`#gL)1aVfYaZJ!jMDE`Z%%N7MqO27Z)`czYpsp8vg%7IOzP@!&nP>9Sj*U(;PXE5 z1XV`UtZ@^vuEe$(!m+H{G=ki?_e<83^spTT%pjI?qK1PF?#}6SRX)- zD+Rx87W&!;JpFXw%;ZI(sAkp8tTMZsunKh@0a%FlA#n5xMd`Tw-S;mWg16j6V9GnA zIf~@$p4)f$)4qxO_f0^%N@PQe`{KfQP>j!X=;5DpFRSFq`(1vATU!n`ZtPCB*U35V zmTSAbiBA;GdR}GaA^hKY?A_U%^H%-oKziM6;i81f9^wn+#VpH}Qho&f%qkxiHW2S| zK8N~Qb(#2%q)#vn(dmoH^d3gPN-MrtDd*&y3vkFvT2KqTYVbj?!UN%^!`KBu2tJtG zV)|~s)mbW;5N5~~;B;8f=6g$+IvzN}A4$!))qa@imRg{6ZvSSKHpF_F$C9w^wWIK( zfdJozJYkk1{pL0}aU5~yUj|JBV9ZkD~!G zv*99dw96Ns&TGX+l@a8A<4V9Qd6l^lkt0SZ&j`(dwit$vblJ)Dd0JBK0mq5*Gm%3% z4%v7}O%$1hW00H=oZghrj5^P36E zhcnF$=m|>%KyM5I@Qo#zPMXOxVg2Q)VkjY2;Rxxg<0Epb+@H{8lr19H(gwzpE15w| zi887{@ZBj0Grk@(Kv5MLnsGZwJUVJnn3<63O{NUYpZ8}L?(_d66^Z`n6eF1rA50En z+iSZVFhC*rV*27@g15myPOJgEgbQNhMEe<>9rf+3wU!{HS>`&s|zQzYMvoDTOgo?RTx~p;6X?uQX-?4zmpV8ap z9QByllBdMdVmvGHzMMX&!lq0e4Fw&KLIhcWC~sFc-f% znfy~n*=wuMzwro<$sHWKH0tM~OLY9^L8P|noHWC5i9BIh}EtBAb=H* zcBjhwq2=YddC-n2j^sgwrM91{l5muuGJ;i$z!OYJeOEh-Gxw40B=jV@;bd?jM9(kk z8|ArwpF}o%4g$DuyHlnvK9LrrzkAvqLuUnCp5s--Yg8U9C%FinrtTUi&= z$j;Vw^}1X9!ALq>M*D}923lS3DJk|R(S{HwI!c~Z4%=SxFv`}i4QjDMP?97_BQ%aE zRn=yo?9OgjeXR_C3Hx?c?CGU|XpE&0izl&+)4Fol$>`}Jr8KmXDyu4$Pjm(V=FxvOr!U^GRYqzMLRpE1s;%Sg?YceR?wGKeIhv7aeN_y zPr-|@-voQl-sO`BpkeX6p4J7S;gm=7y@pgG%@Sy4QKRhZLF3`a`H4#n5UtG;|Q zSFMEeY#anz2xl?Eg=q0{*97~gGzKmRyw}2)===F|TLafP-jyD$a=TkG7!MBWmPSDC zlnDZu-1V1}(tsFK4hwppeF21e;;gZ+Zi=u2GPJbMxpH`4ot>+p#^VT>=36lZ4 zuwMG4uV?L8#teQ+R|Q^iflqeRZ0`<|rXS;PLKNL|m^?`Wj! zYH{C%Nu~?-K4)&A9y>s^E8Wu}^)R&fg#*?q>-{Da67Fr+8JxjVbh!ASPFwWFkm-l~ zawM#NYuL2LI8tcPql}T12`>c6mR&94!j%1FP_x-pgNLp6_hvF;iUk%b@=FAVn z9#D^tD_d@-*A6xgK${|BzuK4hgiju1FwVgKdRtywz3rc^a~hPVgk~`%>nr!4R~x4K zs|*F^P3q!y(qoIkt(UQ3Fk=N0p^m&tu;wL}1(lu^Pi#m^?T75<6iRnia1v%aYj+O;AfiF%5)^&q{jeI*s}5lRsGMRrHFil_n=0U7UYjqX{J^n z2a*vfLj_M?xq_<^I#U!?UzH9Yv{+fwOJ`cRf+s-L^y98`-IWO^m?wKnF~js4ALR~j zS*cc{O77N-uoq>~BmF!COWWX=5}J48D~U?VQ$200_+W2wu_SW~WxlqPWwl5!bAt@X zs@TA1a7D#f)kpcM5&`7NSLIKRL}i5HIe6j*8OfKKz#>kdDXgv$*0wHb?Guj{-BJe1 z2&F*)z4x*pzH(E4AoW1k*v>I`*-4hM%U&WkBY@)BayM7~HR-K&Z@)j!FRv_qR2pV1 zQIxXL-ua93Z<9y)q2%!eqj zCnuY5Ab1wpIOY|)_|f{@=y)fi0&TGH)l&;w?L37#Ntk&#N?FXErY?iol8KC^l<0bO zA!NC~OtpE0VB=^_BIk?;egUkV4AavZwCU*ZdSZ9~HR6Iw`nRsGkLC}v$5o{tVnAo?^YeR1 zTTnf_b*a(G`aYTa`RMV{n=KVe*BjbuR4T{4@`4tLo~f@382eXMGphk+R7TpxlQ>UvhA&=M*GG< zPAfA*Xz*MgQsdJ)o!=wCf)QU5$+geZ;c1hk+&uLX+_TgmRplEDz}=9Shyz4J&6jh& zBx$>6czy&;mFwHmahZ)zm;TM|mPv^=ib3c4T(>&pnu|emUIw-Wp%QI~G1L^zw8qd; zcx3K%uxkqj61u)c6tvYVSiFaJuMas9l6eCUB+I_~GVc8$&K5ANV34~WTqoVgq*Uv` zVks0b=9m=Q^6~Ube6?k%jN@b^JPHNpA@;2(R!$iMPpAi6i zS7&ZK+^r9PPqh=Ei>_uUCbmlDNO&}wOXn-n;ZP;&U4z-Adg%x?1r)u|2D~nq7bGmE z;jz;0j!cX{DRz~3(}D(L)y+hv7%*S*VIb@LDn;Yy=ifooVTUoqY$FdvnAjj2_6 zw@Eo}S$@XF%5Q`tM@{S4$1ZB^8f$jumRlE&0tt)Tng$nDWG~Prq_fC#(eWtql77YO z@cRfjHxeW>i$Tuy7x9EB`6-*y7BfnZYC)9n2dEA6$KBK^V?Rdej+Nbseq~kVnF8% z`dc|4FDLr8Ow90jJF>HwfRp&jr{4PtcQ3xwvfJX0JUvEPSJU|cSNg=}-J!^@kEs_` z=yB%{N?B*a_tupm&m5^jI2ou0t*=S(hX`HAo#9wFx^uX5rJcI;U6a@_HV$J(?e`jf zMH&r=TaNQhD5H+95obTmXH0D+uYa+=%;7q~%pA@DbVkM&deHX4k5R^KPe9^M3c)|R zq8a92*tx?FcX;o_&Yhop~WBVzsZR zN_u^O)Iafmc#>eQmG`42tAn8O&{BEesFo0wAEdLF$z*0C@ZT zd+dyi90L&5%@$R7!kJpyY-Im8(u=fGfaO5>JLO)ujj79?EBZSvuMC@pRP?kXUc{9N zsA^<$(ZwcYk>!eUe`Uq~a-aPkpDooZD75y$-?>tN2}kl^Cg*aWz4|?SwJ6@OSpJoJ z`z(Quuuy*M0Iyuj)C+9R4t`O@(m5c|6gw91odgk3R8*XrQ;-28Q2+L58O@Yj3k0S!>{czVpm(lel~ zbFc4hB86>-;q$j|^>(g7o1@hZu3iRFBLehl73}bu5L#WR_o*E)bN&lB>*(+fE*{PY zC>Hj@-S6(I-o==4CwTv>?*rI5G^|9-F9u+S40$xnd1$=bb7^(7+5Z-#W16xVnW(Bb z?HSJ4`hhc56^oGOUdT4&MMbYD``}@I$TQDBU08P zDyx}bDfpbXCR?5kJRsE1tpB|VSCu($F;e!_jDp<;rIla@fjq>c`s;_{FHt^yC23c* zYalO2hxtw}h2kg(*|>Ll%jWC6MQxf=3~Nz;fMbehOAA7)ii%sUv?(+xlK zJ9QjkJAcx|GfsI?VP`YA5|Z>)wbF;+7{v5%8Li`=vk%y~yuC6(e8C@k*Yl{_J`q05 zT~v#5S9T1N2M91tPRCL6-djwo*U_uSkl+F~`i*>FrxQKr5s9QfioltgQ0fSfiY?;y zK*SI#GT1rH_I`4+tWqa!&+O&;4I#&&+%k;_x2Yez^VqWzafomJkp8y0hu*)}(RaYY zAlV1ucC9D76ZriregcJi6Ro@CEn^@hHO@zvl-;T@VSTkNCO>->(L(0XI=99945=QR z;c6qQe9YQ~k9skUL`a>Z#(loiB=2`Z(W#iTSS+}zN}p`g?Eo%gWgFWmP~9OBku8`U{O%f1?7-KIBPbbAR%fUJ!*-ad zvE_?oU1KRUTeuK zqh{=0L*3qQ_Z2BtX)xXM!Aq&(sFnjn1`6}BoNYN9BkDkV;Qrb({{}5_Na=D-I9I7L z5=JtEu2o&Hk~k-5Kka%9Y`BuzfgEk%`vzWXW3ox5p+#7H)~ZPI(U3+F7#M-P`eAh9 z*6iO~fXY!mq6W8uC1fMfE=S_j!4Fve;bUyiZk3i{(OavNwAM*cBEU<~pu$s}ug@*U zNGtN1Y1cP(c2&THWd3V`1<82D?tWQ1=uCkDF)g7Jfn~Wjnj@67zpZwp@C7^f&nn1z zzQ?EqFBil0z=WE`{JGW1+*gQ#(pS+?IPr{oge8Y__+DHU4uyd&*iG20yiYjwmv)jU zLZdaCmrzR#UtiITdj2f0Y6`Hs`FBfJUkQhgyc$jGd2(p;bEi1dwPHb2F=C$;-w_3* zk3-ZXV8gMzsTxSgt_-eDaVZ*oorG`Z@k~eZSJz95G6r({8Kv%gyWFieWH|B3xfq1G zv`qO%Ei4zi_C}cnI5}6e5O5C^JKQY$Zpr(J9WRLU65q%y zxxCIU)V<*WTc@ieT?ZDS!Qo2#@Taaa=H0!uS7IA-BF!6K81Oh(9wH{X8MD^N zdnOeAItr(~%>%FM2`>Wts50B-)Z;Su6Wc!G!e1C}K!G8#?j3w+CJKi992avT+#+lHkRT7;romT_YQfJTYdDaAwveVUD~ogKbevpxq_V`3 z!jmT8!-oe$ocL<;t3&4>_BJ1dp%Y0sSP~$xSuG8bksnVtAg4niP-Nm`VGLuEVG*lD zr8|cLf5tXs8?C7HfNk|cwjWhY<0MvvOd~_Ht>-2eHjYiZ8SCa*j#aDMGDt7z=ZqYB zDh&W57$3?c->sQP&YE+ro@PJrP61at)aYF2pN>``&mrEPZ@l>V=FxELX!gFO-a{*u zSGV1-N8q(cCf^lBdF!ITdqc1QXt?&IuX&nGtLGsN8tHSjjXWLnjqbh<0dBa3(|Bxu zFUdeN&I!bp<{r`4HM&S(GRzGrSKV#`GDrfC4At!o)5uG#=SA^HkSwCputNEbZpw?Z zAa6!rwv!-==o%d;5}7aQ#NPiEa>C~2OetzXR2!05GO%%gZD^QbOKoC=Fp^NqafDXT zII<6Cg+}sd&5$__&eb6?8-usD0nhAgI-=VJd;o{U((!!P!;`E)ZU^e>s9Jmoy8glX zz)3}7&vsR_kI%X=sU5>M#1uAU6`eS}JT?v0T+A)(&pU0bA}aBUB*r(J0CatD@M6?57LVHwsCe<6(eX+PeL44QVcs}N5(FD2&>bJ2E_eq?EQ7Ps zx?}6N-&JhH>;5$BKCsx#EG-66nh1;+lNFCdViq9%5in_0dddjp-1)3rt3H`>4#ow> zRnLmG!hL6lTj+e(3~$ZuM{dVJxIhtgNLyfV@k8> zWPk}Orn^T-=VJ#uz@-7H*Oh#N+Z4QFJ~uKn`8QYx^|xGP$I5c#FW0Pds`1N5P=S$C z#4qBWD3CKi`yWX+Zte*AA

nzx2m>|k&Tih44s`L+l6xoW86)mTzOH>wK|`K3YC zHk-UK58VzJa0AC&iI^Rpz-+b1zMt2Rn&Ep7nP*4TYzaKgY7Yy-id7c+24#Ud=Ufv) z+O^@)i0;h6xDdmHpY7%OLC?B0B;4+(;BnMG=7AsCC;LvQkP39EPdZW??_Ym$J~~t~ z=X5)+GD?Sa zUava?G{!}eGqR~VH}`Pd394J!UC}&EEU6FXGutrAU#SqYiQ;|+Yl~q$c9gy(Rg?p4 zmFe_EGvQ<}7uSF*l~@RCPo)~&pzQV<2_tTPTS<5v2_-!W>N?I;1L8(fJZ3=>%S`8y`w15lsz5dP~&0xNhN zebd!6wWWo6EgUOpI5YbR{m5Z*&~S|<_F@KE9k8lV1y`0oSyw#^!|Ekbv^ZHT+rQaI zIjlMthBsn#b6B?5zV&~HmDGw!l+^0K%74Wo+M|@^&qo^N${7w4xqVjkXhH5aaeK~L zpk{fU#|gIDM?=4F{OgPYGUF&u z^T>HyOvfIH`aB=QRu{Yx4p28L{35PqMu(n5%6Oo;vOA; zA@-N-#X6wT<@wJvFr2Mu4FL!2gIujj;G+X4a`bebr?&P0J=k1Lg^l3D-I`B%$`Km~ z7th!_Q~TdsvNid5HXdm(Q##?|O0I~6w_PqF0IEKNO4Rep4_ z7+-KpPe?x8snc2aV5~4~hYnYW8WRr@`Oj!WWc^eZf!|&F`&*J3uQ#_4_XQcuL{7N&~h4AUJJF)4rG+DpPqXL{d)HW6NEd)j&6rc?OgXyzm6{5Z-pkN^P#H|TN}r1V(!iGw;{Qp;$dm1 zp89W=_wt#^Z-M@629ED*`EzF`PrvrNEPq|~lANmlS)o(Ey>s8NaXf3;YqfLeYFlbY z5MG~qGLP6)PODN+U!+hzH@z{mhwEw&)l~1Rs@_?QolQwCa114x?i^`wp`SIEMO7p|1dn(;!e~O(yyDChBgTFcnYz+_9o*c3Sta1``B+;$<_M8t)FmpWre;|D`$M-Lg9!l_5VP8#RY@ zI|N}UKx$Au{#0SD%OLUzXjF&ugp@tg%U=HkrojAnHzm*z58v5;gUkG4VBNed8eHa8=;2E z>w$Wz>HV}r^c}(HCQG_}avk&Np=;?hyQ>QKYpY_)z`HI<;*j|AjN;0yl_a<|{)b(u z%En*}u6|M;TKYvN>88xDz``tNXL1yu=rUI^u*NUoxeBkkuahGHH_pj57?C|Yz0)X6 zD?_N&qm@tZIm9zymjaQlY3jbHUtu`u3yru&$t0a({M~#Q{gJ~9!>_%86?{?Uj6>&s zR3|}6;%RsOZ5=GjLze}ad_jS%1alNya!sX*hsRoXX#ge&L4|zc>?l)`wrVNwkE4od zwns5_Y8M4e1j`^r`iO*0F$DIw)?2<`ZpVkNF7YE$8nm>S`Y~OdVygbICGE9@+M(d` zwF626obaBWOnSUw0tMS-!{{#(su1}#{KhD`0=5G>wStlA$qQv-#4Q9F*m(;xqTDtP ziyMLCqWJf^KNny&{m0I|k+}TA<#7Uw=@?}2uJtb;TGCzB~&>k zMRobDonUy$knr45Vrf3E*i6gUJC*VP78x)c7~LpA>AL>|qhAs$aQD6r%tC;`#+OPt zhYEQBD=p;bap1DldTMxPTPZ%@^5rBx| zUQIY%C(V}bjN>V;I}6Vo`0Wmt24=M}62-G@ep^7xk`SvHQmHIyu*+G+X0#GbrZ{}d z#uv_6pZVKOPLWhD8;^cK-a?y#^eN~_2(kyn+m%*LCse3VfVh9eqGbFN`R^MOj-}XD z?~|)Kc_u3I7c4G8uokDcJ3QnS*j{!dh{BTPg?Ga?ML;Pr5mq~=6`MuAPScF*N8GM3 zi7*|X-Dt%PNqJr56MJ z_x()$qsz~$3sa9<0)5X;n|t~MJ=I%L#0g0KiT*sK!V`7gJS2UgItZGIlrEvlbWLV4 zS$C$E_dl&Yf(YI<3DB!AklDPi6IWMGKSO7J3E8kT)z+ImtU4ry0!fnPK`(#34903+ zr`m9TQHf1=xZ7QK(ZH)8ZmS-v&+`Kg=4L`E|J~6P_1mZY9S&(Pgus}vQh!1!EnY*G z(NWatXvkGi%}-w-NQdH^>lcUI15JZGvaTeHu5$uLG+O>3D4yv$lEgL7`crM*LkN&w zp<|bzDsCJY5MkJFE(aki;)qTKi^3!X0zLodI0kbuu#gHe&yvNki_RtnelJ1^YBsV* z&mNKp`b&;5SxU(MrZ>~Uu=meX*EoSBs+U7QE(j)Mp4v>}Kv|>peJ`oo^{zbI7pumi z5)o2$VOqT)e92Yq^<8%e_%v_j^X*reVgl$4)Ya>qu8@=JD{7C}T-zL=f?)Roz~ zmy}F*w~Pww@!U*pd^b%hgT2pO$miqQ3j;nsK2e6SMm0HEnLghXt&kcgSG}(Kh2S|p zq9_XC-Hs9rP8%`^Dj;kTfD8{m!fl)POuhziySAK|c?peol~a<@L{689V`ruoTqk*J z0q#_-ZUE2xYd>TK-yfRS%Q*t7zfSqWsNRhSFVuL_zr#-nQhT?M|CNi6m7Z6%UHHtY zqX1o1oiV=i8M3u>mcEBil#8L6$Il&bryN%Ayrlw#zZ1&!uXi(REdqXRN#*>h z#0^}ow^&@6urjjXw6Hu57-^a>t+Pft;0)H%%EPcgI-qeb5D2exWvn~YZoOrVw{qD@ zpfjifDBi3{+N~(jaiLTe{1~Va?Bf4N2y%gLU3=Q9?RFaNWyf z$!=}eQT6ZO>WTrCX{Mc2WDIlcbG`;lou;l1Q80Hu0)!|%r#`=SV1Ii23UGfee6Taw zWq$DH0}6f$!3!`$Cmv#ic&UhZu6W(?6SdyNJ@tHWJx@y4!*9AQ zq$0qqQ=643w-3h)$s)*5q(qi0nA2;J42t^DxHCQv#ee8+6upLIST%x4y#fm1d)sV| zl+Y(i+?b@Zs#tIbM+q^%SxZBi$d<3(eutEm#G9e= zZvfGbm&5mxs_qv~C%0aJ@YvBWimvZdxDp#qfa{2*w&Nc`aVG%~2ip1N`~66bH3lzJ zucvLZZ~k%=)hp?ABo<}duncf&9XLk48x+n7h8?LZ`Sq|&2b@_KkKnB~ zN!t)+&*Fu7|G^N38qq93%~oT0g)x8QaUuk=#+cU0=)bH)_a&=gGhPrjV57P&Jkm4N z&VTq?H%xb=8e!Vs>0b%4zr{6OEEI{@mNo1@oW#!f!#HfAMO~i%s4791!+U{$_4RG~ z&6w3hASJ)+K~`yR3_)5GEi(P9aR)2(F(QHxFF@#msb`}E!F zy! zc%KdaIB1|39ZB(jQG4*mJp5O9=I^kcSAN(~n-8>9bf9i-PG@IY5C_$o+7_C8w4ZHE zNi8TMrAKWcUa0?~KzoMb&6riv8Wk9N8tc{O9|?@Oe{^D`_|mZch^|JX0{BA{bClQu z(mBfAj)eV&oADQv$V8*^D6p^LcN^&P&5DM9QDz3$u_w+C>)gsmy}go=nnEJ_pCp+8 zB5qZOwmP1}z|K_<3Xck;K#gJTD`HPv}3M!{9SHyQQ>e_0m5`_ z3#wVp{i5bl@x#pUA`iNiY5Y_m7G?$C=5KF1#iy*wwx>iQI~`Tz%H(7v zmHNF&Dq#f?k)A%{e648P*knS7(1x;|O&F!b2SV|jY?@L!eiBAM5=^6rr<^0^vLgGB#KzXQgR}3)-e@Z^aKM6NbO%AI$+*a>q=)u5cM@Aho_X)eVg#5x& z9M3WH9E^M6e0jMAoKK59IyZ@igkm5brWO(4c!Js)go>gCdJO1vcJ>nQna3_^=!NfQ z>prX2M`$;+7ZR__KpI&Z`!Kapzg=jr#cI^1&P#kCnz>=e8~cNAKSfu zLW}+3?h2CL7IlO*amIm?Y}@X79XJvmlJ;{LfBZ{7M~o>dGuuylg7a|q2YCw6BnU~) z)fr);U|TnBP~qfgv}X@TgfcR+wV{}f}lt8NKGTV zFV3MPX%mp_`g&+mn&2UftXM!jSH0JotU=gb1Pyd3cy9@M;BZdRt8+x>Tdch<+3Z^_p5f6 z>@lgs$tca6sb=*9xLx7~E_&@FfL-q(N1u0`p@duFA~(v%CY%2^xhzd!>Gxq{52!2{ zVDNX#X#USbOn^^vF@l57e)u=Pv8c}apQ&IC$4BriFb=_-RQojcX+s2GriC#j8M6}x zRsy?qcF^n*pQa)Of{35}Yu<04+L&OQv%$ls8d)O+(*n`tG&_GEh5q!w6QCda+NjBn z@hb=ta;^UPofA2|vxEn=y2m+^{7O%{-RXN~mN~OG4DMiRAOBeEGvHrHaW~Q2F?n_J z4=Voc{g4V<*S;DBlWunz*fFgxidJwDFYC=nI{4jqrQ7IMeo@RIn#Gymownw?+|@g^ z7e#j*R4WBX*!o~cZ-CPnzp(w<12Q&hi0x7Xaz0(l5Y#h%j0_~7VV$PA#)>&>?QGRN za{SXXDWdS2g8ZT?a;za}98cODv;d#~y6Z6PL1IM1yi6~)i_#9&;V(76&Wj%7tiK+g zb-vY5@(AMbpXQrMIw1LpNv=GmqD+8lq=39ku6rMF%9=|3E(Sgu(9m@)RUkPdoi&K! z3uKuOAo4Nu;~&=Tp1@?=P|b|vwAxd1d$`Ef$xLhP%02nQU!iuYK)Ay|Dkv8+_@TqnYaFqSL|K8Q~;PRJd|xewDiCWNob_} z6&3VY=cK}u6<3^PR8ym-%~zs1uNJ)o%EDq4z{3l3*ylB^O@S|ym!KftYFW1N*18r@ zRS|d9kMPAp41>uo^mwp<0Pku|sQ3Fwm{TS{9U*+VH9-$IF7FC0;FwSHmVBEOC76QZqaBhSb{k6RH$ht`|Uu>kk)OcPvLIRidm;2mt&t?c{E&7g+U=y(K zJK*}7j-a}sD%CcPK7Cs>xXl){3fVmbwdHdY)4mF5!z*7W$uLwHxjZF=vf~h;pqLY} zTl$U%dcEr%^vot;q7!XG#q5`xAJU^YDB2MW z;i#kF*-swglcKX?%;OTa(vfcTLX6VMdGEklHlqn2-8fOsdXLf?Ei7Ws>_R>62#+n; zcNn0MD)QB@BWHjNXs6I{JXZ53ks*MagNf%HhP`@+7^03R+-rs$<3$B6DGd-~}XG3s!qP z-tLJx9cyqvlMB*tG-#4yP;D@dRX|>>uvg>I?)^0HvQoD~3*nvRGl?R!u%W!QOen&K*zwH>}`SniC$;;?ey|)B1+uq4eeata7*w1l0a zo^|Vg8GMd1tS=0|xyBv}$PP`P!CAvP+SMXXKA~R@d9u-FTT{4i1V#7#04gG$vJpXHdLwJObsGL1Qi;%Pr`JiE;^0aE@PtGNX`r z>c_p&HBcGq@@=~$CG8#GDMCx;fZgGvEqbu0^9(l2(cgfN zaXCicBCJQN)u-t(w-?s-v$X>q>w0-l2!Lz>&>D0&0QeBDk<7h~{*vp4;hEB@mj;&d zs}>o$1%()Aq5;>{3a3{ED(qN**9tG>NYv8|sxp4#Uls>7G7A1#>Fev{U>U8}iK5rMfCMd#h^J!s!@q=oDq4aC z0<7M=FHq1ZAHv?Up1C7@su3uMB5KY6VPN*zagSym^Iqp@IdEGcxd~GMd zk)0#{{b&Hu^z2|%dp-Bp)1023=?|gs#GYa#2ic&fbf|*pI}JV0{uj#CtRm%L8MS9) zifq97(p3mAClP2;+&+SWxKi^d;aXk!)X>e392l>qQ~B-HlsR9mwAq!KWn@?qETe)^ zbfM7~lyH`3`dzUOEkp!@D(zJ0K@hbRB;^V=4QWk$`~BAqqxO^HOh+dlPJf7N5-Q~~ zPTDmtpY0#>$HY_$ZIAOmn@Yy&VNzU~U4t_u(h67=6g?aDQ@gA@ob%6C;YzRLik&K& zp0jK>xA&uR#r959FRt6h6O|M+{MNlno!HeKX=jzVYkb#)4dez5;4XA-R&`g`KV~4` zv`W8`&i7ILEk1wPKBf6EBn5gLwE038d8zDEs-oK2HAf1|-%PmAmsofLw`l?3@|2Kv zJ!lP_a7twgcYPLv-MMPh{C}Yw2c)Aa1pB2f(nMWL=mAA_Z_AkpF!>?yPH| z9`c?+U*re^#QRXAsJkxKIltEnV6B=s^>o82lb0RM9_G{KKwJUQ)Ipo0- zq0UW##l)|NIoj_ggf9C-TKy_Ln8@3dvvjEiV^CEM#(6st%q>Z4R^#tip)3WeZcjKm zPvl3yC298Mp3+Agk`%GWL{KV{MOk6Dhtj8|Bt-;$Y1y)-qW_YjiWC-6G@f?@b|&4G zQ&A#zjsD$biDglRo_F1ijM|^rRAjx?U7dv9?bCQ(T^OIGd=-^kYi&BcH@k~e`82?; zc@2COiWonR_H8+UIUT%3+Xxf=F25%NOpwc>X5(18D5?jzb6UQz5}ArRGNhZGl^k(E z-Wr%Ym(fT^~)Ph^7J` zO<_u+R6Nl||KfG>sX@~e7%Rn8H!(1VR@oL&K+_N=l%3zy%oD>`YJpzf zXBTW|B`cYzI^M4C(hXqG{EIOpW-PKN0AjMm)BC7eqWwCQIiGMY;H1(d$G}TDFDgY<Y?wG1=#vMFEq3Cl7^e{lxFUt=TwO%8HkYb%U96N7 zn)}l!jiXCm&P&iWx}!@@$H%8d>kL%T`xm7vZ^{sCaa&7X_*_~Bgk#r9&4!zhpF)=E z6&YVnnmsyREkWZ#%oGHe!p#!D|59mI5LR8@vmL5dQKHA$z!GF11AYA|zJZMmjfG6S z*8$Q-foa=6!xS`+O{Ebnj^lc0g&u=r#I}@{)>OMAw!)7&&&$~mm_FH+Bf5k!x8jM% zQ}R&h47wZh#}m}1wTKg>vRBj_FUoLoRn5-VfvFZ)ZGd_!-5gUx;r9fU{c`4eTJ9aa zE-R)-ABtoCqcp8uotHVktn=__m8N;tbW|dvtf=F6gtXdG9?0~G0Ki&x2P5OnxG#f-zRjbZ3 zR`C*EiC}+J&xBwxi;R@%{?<}j4N->MoP_H+(k^ahB#uO#Dl508LUPWL7rW5IPI0fI zqr(j>74?P3UBMR-x?zuL!j$Qfj~R+VIJ=w#S760ws>u6aD=dq;{3?Af z*1RfIQ*kr_5vloy^9k6!jHpd9o&xFd^3hzfzs6!-D(~N1j#FG{UQ^oPb@W}Pqox#O z*VsEfKR5ZX(%`V+vjYlKjkl3^g1YtN6T)miE1+HDVj75{Fl{c+t4%OkUeKO4P*$zC z1^4&`8(ZKMEvs-KbOz!6^0qzv6g_W>UxldXof~YAr%v0h^0PRa*Xx#KGpkSw4ks3B zy0`sFx<8ILyT)MQXpF;UjrzTP`-6uM;6$YLq1G`+BY4=#;~}sq*8E9d@=G-|i#gcy zP_nSN9rhtj>MPT&yeypyD#BXu%C7}v zpAa~s19-=31iw}(B1`h8`<;*EgPP&Mq%0EhZ;6v^v{cL8Ea6hVKtky3;Z@*ZDsm_eU!(F0cjtx;ok3ZZ0ix z%)bby+$$?Ls9p4KB*x2$H7|iW{QqjJxffs8`Zj!P{Y~}3Rw=)2O z9b^Nh5T%bGK2j~G{v`&nFO48dZH>G83M)m|ANPUnJ?I?YYV}aNjNDi&MBN@u)xIW- zht1c@bb`bUzwbDw2AM^a0lq!OywhkF5;~QuJSFloihWO#0IEdoYu2VZE|bI!Xag5(k~(-J_Jl4zq`O|WiNdLSO9?@yg!{mxrE#IEc^nmc-5M5cRuw8n zSfwsNUu_6gf@sE{9-B-sbf#g3oY|e8e`Pk$F7P?|iOR>%)%bPHMu-Jc?}I39lZ`vk zBs6aghQGg#KPaux_94L4?=Plg%Q+qs7&Nf%UegncF?&wCqakQ^-Ov}`q6}^NP>B%j zgM#bNEQyH-cLn@L6zK(!y#i`_Apv2;Q_g0z+@@m*sK!=K{jmk0Bjz;1~!_=JI;_b$Mh>Y4Ue zuhKfvtX;!;fzUUm9VEu_@rH5lZ*Un~<+~`9x?5Dq*kNBIm+6ZQrlSRht?by19|Zf+)?4ak~=k(=_i!O>Kn# z#aoZwVCVQmDgwatPR}}Qs`hiV1qV-$n_Y*xL~tOd-x;OPCC-A%4Y`b!voQMnn{i~P zbFlJSIWFM8`fw86*9p_tl>g|CU^DVMMX9gtXd|WAi{g6gixmUfl7oU^r5bSA5p!IF zz>I+KjcXs&IJ`C+$vc=TZ8Xm8JtdU_@AJ0hPo9=Ed|Di+Qo+krd{M11{HIv|ufyjF zxG#JG&>P$3MS!;(j#{WIn*R_KPGI(FxO}mAE$nx>LVmT;+xANbeG=dP(m{C#99#&~ z!@Q8QxQn><0e|UKNpa(_i!}}fOkf&@nIezB`jS=!z|lf-3lcK1VE##-8Fh)}>AEDk z(|pVdd<}9#m~h(4Cy zeCdblRromusfKa5aQe^L>-;)c%E2%g%TX4H14sw~_DOlrDnqKvzuGMBuF0%^1UhPm zy?`kns3~S6$g%v=L2cRl#q$!ad>J5B=%-ibB+A?p7(2`(lSyNP2=m~s+ZA}Uf3>`{ zkeQ(FbfxNlSMHyAe=q&|eNLKBb;I6kmv{125CB@p&{lj6?P}+ecl^4oY`)e;zZ;@K z!h}AaV_EMo{bi@3^?p6Hk)Pf@eECpa`{KW$^Pv`*YIsJ^jJkbNcHx1^2UE;_JQl z1O_Wm;0(=-w~WmPThbqhk90eR_= z^$Kp<{uI4=ZWK^okBKC|6V4azYsP;>iGw-Gk}l)M!YeuSRnrLLEhCISn|gSoFK<$) zuB)0)K3+cC%ann}q4)sk@h`h$=Y7exjz}ZUNoXI03QRLgSPM{LQeKwcgW@u%agIZ% zKhx~j&wgy)O_Yzuz52^Vhy&X>U!gUbNM$-=z!~Gqde>KEm_WLJKs@8~hqu4& z948W_ZV56$RDm;3M-bT!aGD6Uf|q;*@lo8>+0+D6B_^!RWAKT=l3de7Gt^p`iGz@$ z#wW8CiY|{v(3S}|+d!fCgA4DJ%j9zH?f}oGY>j{)M6g`sY zKEK#bohbP0mZD%?{-OVHyR!asgZx2gPF-WLagxhoN&}lbOzkjP?hiw=H&xTU8AUnv zf6$=JI%2OnZbb&&%3X)FVKT8DTgrEGBO64fJPompOyFB%bo0M%}5H zl}#Fc7<(W#H-oDFWHgn~z)L6QP%_~#^#m|0N=Al9P(oyISOlP}(~IH4mTuATx`xe8 z>{hr|R0}Lqrl)@Qi!)PK$zNdmk}MG!iF>elLdkojnqM+V=09Xm^!q&qUDUc&i9D^< z&+T^L-$D%3{>ECY8F#lcX$8sS&Xu|YWKUMnKLP{lN1_2COXSE6U4`P5^i0V)OM2XHQ=J90&Wqs9uoQ>)B*6hv$mN=ol|#J zTmoqWD|Z#1Z^v*(=Cn3`BuaomZZ)8z7upS;w_`b+pE(5=+%?W1F|R~>tc`n`^iz!6 zB-Q$`R(s!`tLhn)Njy*xt7hkAf5?R(XD9IY+ugl$#@D*qYDPu%ZPCF$xGS%!YO{Xj z{*d&hA+3};kLP7FlJPShgLAm4pdd6jj+-uK(X}EFaS296L&VoeZgcKQZiPDxT zed&`k;_`=OWq>oQ5&DO`EiLq0)>vT#cgDZiaf0DSzI2RPI$pg|mNEmrx@D;F=kb&R z-Dbp4!ZO~^GeBVV66-x`4eU|?DkVX<*=ySJee1WNg&P;+yQ3-qrnz3(& zcU1g$O^}QL^2|`1A+CuipOQcaUSfw~1l~whrX!WV#4Djpeuu0%oZpPDVRSPv{$W^x zoX5j_^w*#q=HT*ii9GY3OH{MW8;Jn2rKfZFS!HU=cF=rXl;g|^SBhoj%mo@{uw#eK z)w%bA?PC1y%x+m2cnANjCUyPe4$5&!mp3kZyova$ZTU=^=I=Ns9aPvXLkC~=LfY$L z@M3UdgJTJb4twxz+EbED@Jyfm&x|NxSz&gY?@Fd^FQ!;q<+RY;KP^2ASeCRxs@Vb# zJ=2&^zqZtz$M^|{%14y5VBFA8cr=&Rzo`YqXWT31GknVm8YVJ+V*dex=7ZnZR(r7N zHtpOTnvvzy5b02Fc?I?L<^j&p=#<$Y`>YwydtLkyHXvkPS&Vaa_;? zz~YmdovQ+l(-3X2P7{cW%^M(`*wO{Ko#cJOw7CT>u9)f(}E;`LR?fNk8vVu)~})wq5&lku|5 zNBPma!3;wZFax=@zZK>s{h_*UzN$eMXlz`_;}|YzkH`#uIHA4!$Lch|EA)sg=vdf+ zTlI~wBsS3l=!qy~B!iEr?N|pgLL#`;C#IYP7ih^C4M3Zl{wMi198pF6U;dFYXt+a~ z;E9$Xw*9m<6-{6Goxpo&|C7XpU5$47VE?3P&NZy&Vb@YcoX-}f=Qi0y%NB!=90;!5F$fxJ zR_l8XM7NT)Gv0lvOf1?m$qaNLfe~U}%+n^kA3*kka1H0yw&$b3oC+;$S)cMS>XIC7C5R1vA%?Qlh!@sAIOoHJRUSDm>Fi zfE-W8o}F3kt&}=UmeLUA_qz3Y8^Uk;F6!VO)Uv(WIj?K4sPQL4cq>T#COQ8I6JePL zOe{0H)nPej{W3w;AaTsNUQdL;OCQ2{&))wR69l~fe=$LxpC+U}3entwXfMye06dCf z+4MG0^I%+9W$#{imh-ieM@T4uMn+OYG2j>Ai@2fGy!ErICi7SvB1Q+5Yu4n#O}k0@%2cH*sSy}zzGnU5e8Ih*RL-; zcc!>eh$A_xq%mFitl(Tbddg|Ka?AV&nxq#__0yog#vAJ~GRx{LzxEq_zfK%7%WLLb zqUt3oXtv`IJl5;yWm3&KsMLC%jDuguFm2Kkm}2JLhca8hs2yUqeO99Cm>@~199OyB zZgn00HV=!H$Ez&L6S2lQF{BR~2q54wNg0RjgLgqqq)o<(`sgjpf*n~AyJl4qNpO@a zYU7Oryb+v>eJ+$@z^ptxTQvf*TdGC%IccrL;Bb@_QmHAcnF@7(Gd8gIEMOWNfMhd< z`;BeZntO>J!Sbk7aQ?zE)am=i4H8gu$h+FlUE;Z1Q&>EoTrZpW*zvlgLYyquad(-I zaw-YBm$jR0t<1tf{s062d~Y?|ur`zGG%)&_Q=v(|d9F zdq4Vu>Xf`gcTV?S{8w`M&ZU7lfiEg06xUc06e$sgtK)Uj$TACYVHPa*i0Dtxn!Lw;8EntQS4S(V~p2mlBF>4@ginq;uSqqU>tn)Az}}f3iKUe*Hs0%?D#w%LfN*Wk z-}9Q*=PkBHKn}D)cEm=u-2GSj09END9!%~lUa;b4G;apKmh8r5bVK<^X$?1V9%}R{ zL*TCOXI=?irq4Gq$f2x}$bf0+o3p_4A#{$=PMC?jvmpK$XclqVjP&u;xcFjqF>1~Y z-5EtIp0vg4;a51@DpzY*Hcqz`>vzwYkGY)m_Im7OZvl2#2#df{eM1P&fdqH>EBEzj znJ3jQ7z+U7`>I8G8q05>d<2c{M!S{To!?}OC9*B7>U{)rGI^7%ttFF?%D_ZIC^*@} ztoRBo+rm+X7p0K8JBhfyGbR_!qvgiB59iLT(XBY3+02_47 zp~f_h3Nx3#e)9mGXu@X(Po0G~(1=|ug_G;QvJRd=qc^;SBmJ*oZ}u6s7699f`6RG5 z*|rKim>-Txud|7mr}-jUe-)xj`%tp8peczN7xIUeV@%&##q0EXI1i+nDnYHBlpXhp z;KTGMe7EWr4ixh{E3ca@T~!|srgP(ZIuw$r+ug+vAV;cF zYl>yuW4s%88`vz21D}gUG-BCQe8%B8biQH$d1IX4{Rh( zgvg4hqQETgIxlMG^ptsC=x|;KDfvi;C6h$r$IkSGF`R<0wB74Ixp3e{R*KQW6G#8} z^DMaGj7OVAZ3*DX)%F;sgsb0kqMRu0r+a*FItYRl>A(qif0u|7f2-oY13@_;k%8&T z_;%Z6}>J;#fZI)AcQ5eSOe{G3>Vk9`Ta#MY29yi_zf zdr`-?1$rA+oV>u(dCGYX>rJrH$vVUD|Io2SiDK4D!(JhBzr7w`|5AL~nrM#1o20Cf4FEZsR?% za{Jnwc7DsN59m}nf;J)CU|99vFg`I|zXK8Le}>`jz-t>}6ifNa;jg#)&q$4{a`^aqG9|>l4@9rTIcv`X}EHD%`a(c4H% zZ_qQFxa)`+ye;J%{`QUi-!LBkhPV8;0cKu1_P6*O=bPUc3x43E)K;+tu=I>bW;n^`kzJ&Kb%jS{2R;|O9W%erUvUApE&L7TdDSG!2 zAQv29g2)9hjf^+&yw~KJx@sjM=-7)C)54X2&N$5|tI3Z@=vM zB!P3Dsf}ICDb^v({I|13qku;R!s5SPkUu4fz%gqEeF2ZY@lxszM`o!9+dm~=D?jTf z4L5yeHw8}p!dLwyNO(V>A^2Rd?z>3w;Od_NA)I~_^Fl^P& z8bf4%{DFSmF>8v}N{Qb{4?aki9dQmu?94jS>Dspv*n)WX7;}FQiJJjI$^E!PZRI9T zUo`pTl;2G8GGIiHSvLPuPXhd$lr5GQ&a|5;p!>%F>;rZOClC07`y~T}!6}t;!(c*1 z43SI@S05&ke{-NPI%T?(_!%~>hPQ7=I#(LDGeP*?0h|;mZlmS!mXS<5-aw#Bfr7%y zE@U4yR&>*5&}}t=yoW}4yGe+1Z4xsEhe_>u+Qm)6)x_0pa8`F@Hq}JGk*s?j9CsNb zeouuo3x>6m8#~rRPcHY@MDnqgWd)k+$G^e^?^#Y*W|Z+U_2hyXid|a0(LDxK?ZW=| z|N9M2_g=8ImuIuHuiEuC=`kw&3#1tmaqs+`U6O7iSu{6s9Vw_L(mCw3@A-ppxRGS5 zubU^&z!f9bY18%6g(dM|s6(is(bLMGkI%y(l6;{;xC(Oyk_IaAAgKu_b|Xc6MFOI> zFot9XcXp6k6MC)iS;4?&d*0W_ps;h|ZIqN7BDu>85TVX*x(@&jCjav=s3{9-zbX5e zeG=1lPDFr`S^J2LkZLoeIydueaX&D;aDp3aJT1qGrwu}&_JYprxgxV`@Op^?KVv{u zHVPU#!|t>C{C~hJ{dI3Hej~VYsb6-*d;=v4BAiJ`UFa*{Ru*W1cB_GUNYA&~@;>d@ z6NIu7dcjLYfWA1WLU@OU(4Gb4exn9czU|`f7O=2NFDdat^?t!ruxZgm;D%4OITT8} zAsuqWS+PfRn=}G@Kri@$&rl=%OhHKdGM{wi2so&fNG^3MoWY_o_H5AaNWJKEX*IX# z6{3bpB3bOhSZ1b_1uoZfEcbf0=yp(>W-SIU3qhP~FHG7SU-l~(Pod~Y^>iEAxy-Zr zEVzW7EkoNL6-cYuFf<{3EbnNg(HIS~PT4|MSYgh_6_fwyA2{EzD{ZKeEXNHUe0_Oo zqT80pMQUM6S}kXFO57+P%sLL@sf+bzs(|_4w*C2K4q`q7b&CzaMXCL4Jl?{siVjzm zQP&|C{gz?m{Z@w9>)Q2NpE5pFDHxd*Um2eJ3ZUalZbg1B_O&7-A&xSh5dXp$Crzs1 zsh_if9?0!p^>ZC)EQTqPFk`ZOoz3&%7-*SGrJBhu;NtG>)Why$)7iN8VjzG#ECQDn z^P@t*89ioLj?UndxluF$}UQGGq$3w5_Qgr;~kqkvbZ z3up)!+Ni%aooV`C5ia%UPdt5@c_FdHwn$l0F}ekZ0hFCBV?+nAIb0`p)f(AfDBtK- z!NaP!6b_sVxHq|1x2G83lnvi{iG{>|Y4v;#LLmd@K6fB*8Q?{471weHuDHcAv~6EF0Yg7W%XlZu6zSPBvUtLD^H7VkNZzfQR`Sr z47+*eN=&?$P3;Q|ZYO1*!Y%9J$*=L{$UX23^oCNt?L>|koAs?J@>_}f3sl<7of2jT zltMwASyo?dI$&>HlBztfD*N5NpS@!5aTfGbwG)Ml&C8w=G#Yo#8qI z#;bGSE3QK*)K~8msgGG4OR^xmspQhC!yBdbv?g%OpE+E4 z;`u8dg%hcTElOdt8y4&y=czRhmPh@y?aR(^pz0wYoDIN?P|SY4l^v2emt8Wh0L_{d znsgB3NVf}MktL+z$bnXncx3kM-_}nwlnynlEmn?(mqIk0a{TFN^=iG$U=m~dN;Y~( zK(F&(P6T=KZ}UWbnK6myU<*2bU4G=U5N`djr<(5sPR(&^Zkavcth43(47s6Wk=h{4 zC9b;v<)($4r%eVOTNx(Lv*{g`XIQq+QAej>-}4TY1}ipaoo%{nyf|!cjE5k;I7w5m z@4J7taSA(z97#$?k11JQ!I564bsk*$IM5za$EFf`n~1vAF9K`PlgjS-dV3vs^x@~q z*hZWqw2S0(?8F68h^m`{xY8v=XhyGL-8B-(s1-$&XnZiN7L;)rOc9qs=4d#tlvY#!!pxrF_d-4j~_!IJk1meUU=p+r-HGj3WKD ze3i=^BKj+dv(uRG+^B?dj<^vrRdC2zq@{7zU|rXJ8npy5uLX31+09v#gq^QjKBy# zT~M~``z-V2aDOu*-gqaF6XR}{q8!R%1^KA1OSm+hRq67CjlsgEn=YaRx2C3qan>V} zjYVg}4Y3K&(hJX@<2Pib)`$MufAI2iEZUh;_Pa&7dJZm#buk)A9F|{$NAqda%fql35#aswCL^fK3biDpA zuUbNmh3M+`Xn(hM$w?BuBD$j(@YOjm*EJLC?KyYr=f67KXofeQd=stuil@a&2~-$> z1>%G?`e+9C<-iJKQN-(QCJVOp7GW+!>#-ng*-gN)(58cmu>nE%cN76)eJ zID_EQX9gL9R?sN~d`BXaE=A-qsff5*J}HT^V^3}{DINz&iF5{(EH1KbDnBkt9%+tc zH7p{DQ?Wn_Zp4AAejXZ%iAd0Dl&{fu-TU?Rg|-|o_6J4118!2&Y;^pE>crEB3$(*DG2NG%(%WmOYKC9AKj&D)NCT(}K`x~+(UkX0e-qfzIBfn4B{ zE&D0G0cw(=qQHP0LvrZR`#60EV25}ue>dyii?5HpL;V5dwVD)a=LR^`luLboM)k@9 zIl}z6GeS6(Q1A$7Cj)LTUPb8EkTIWZ)r!kL!Tlpbtv#sRZ8#ucv~t=3zLek<@IAd(I|!!#G(SC;)%mqb*OK|bV+KU&<9!@6oXjf zmgS7m;zzMpr-!NeNEQXCFRg@F6B^E07^w6sn*A4=-NNB@BlD8v$>svl*@-A~wg=h0 zh6x3+BDsR#YcYa!Q|HU6eNjo4O#^iFW5~6?NJkRZAru)0-+QJ;$&^X-2(PlzuOY_c zZauk_hb{lFip!toQoFw%wu{1fnDcCFMG1bN@)6>8I7Rm0D65|Mj=nm+hSiQM3b%Q5 zK=F?_z|PK6F_(IxbnEfh)$)L(u_-RFzy%`-nPi~gl~hW5RftJha>)-DDZ*?aJRwhIF&O@SG;c>os9lZOE8RH}chIi-bP;(8 zYa;ElRLGVY_kJSs#IF1kLpB}3Or<^U!qwmVUzuD^Ga(p6A`@5s6G0yWB*W|>GWNdK zzzU{pyqpbHOf0&5;T*`VJs=2=e?G?u%jYSZ4=Icjf^CA&X3_c-GLGU)eNt^Lp`+*%DC|FtXYa1f=G58TU!Yp&7*L( zBcXXsDM_q|H{p=zXeGB30;)2=9o6F5n6!G>|4C6?qPi86Ey+8|AQw*cR{g}$By?;a zUuGgnn2VbxJZ5bi9NFeg1yd-(KtT7yPUJIN*0cVEB`UC(agJo){kYXtvr>q8)LK32 z7pc3GXwJOLC}Juk$EMw?bq^{1l-X1ys>z6l6i*35+d6lk38(%2`hDbxkL@$9$1R|a z80GBk8gdaCzQp_fJmMal6FdRzV5b%jAS0mT70kMCpB0#0PR*k6LW;&GvxUT1pN^|8 zkW#|fxXoa<2MoL2A15?`s4wUZ8K&g&J(Gu~JwU*|~xvC&-Ix6~)DCK=n(L1cFj1VuSZ|7KfWhvp#!@&0F|N1TUtc z`eH_l>~Ik?#MQ)|HS5<_%EQ?CMi-jxSg^Hm z$MTV-VMva6N=7ivgQe$t#EcAk)Zka4xgQRGb*1U12Qh##GfVK2jrn8|eSWc*M;XrZ zWNr$pZ+=rWxW#5fu2CK!b48(%y_Oj%DLF_a-7zaHIq6Cwkc^leDjIUfzyfN*Lb|Qk zUd$c0WoiJkO(aWXq5y=~DNT+u#~+yn$3Xt3lXiy=uY@e<#Y|L>Nd>Eud<}s|2KV01 z5@!Dlfd>LxFgJRByi$NZ~4VeNC@Ajmf#1chL1nTv=M|D!|ziuz2^ zrSS9p!}YOa=#BaPmYdt_?S22rJB+LYdjfjXbJp5DG(${^H`3L2w)k4uy=sI%_;pW1wENb2HlapwCNT%5n1{#O2u3jb&!$BXpujX zgrgor@S$&-8tf7TDgv0xv`W9~q>%=_JMmqj%`{q`!_)Kr@7eL4Ka_zn?s3c~2Twz- z^~fi|SNvh2i{#h`)&I0l%8_Chu%<1PG`L7ui#S~wNqi&a8=?%CgwrKa8a#_hp)rRQ zrz-5nklaO})-&IRy#PEu0j6woVsn-JG~9I`}iCq!ZE5|Rft_*6U!>199*4@gWbdvkS9x~U`SJlZexGt@)&#YJFvo`Nq41x*%Q12Ia$_fX#?5z{14|IdqZvK>$0MTSzcU^-Rs3nYMahyuZPA#xF^oT1S|#P$gXXiZjE_FYXE+c*1QJixR+VLqb=h8;u~NAl^G z-I=kZ3}He1sbM$$eVs6gBS#t}LK(g3nE}EqR_m6wVs zfz8%cvr)5fzwyE{ip5#?H(f&oN325P%JLW%GpB=?)N*%irFx<^X6nR0tJU}`SD_sK zg#9quw3P0g6?n@Ad(a}x8FEMPUSIxuI-@!sI7ly`Xx*A)q5Gr-vBJ;Bg`MoUIGaX* zWdfu$v=r3DR3dHhcxqLl2Q8QHcch)yeLrd5n;?kb`N82;&~*E}<;i-i#22pP3oB_e z_*$YNjRYA>9|;wLM3SRqNveLse0HYfmvr0F9&mV_5k(4QPwNpo=$tUK&LF|;O&Zen zqeJt&vt}@i%kGoYm#qV}9&#pH92+Kl-sywr7;{`?Z3bs_%m>pKiwh6+ZyXZ z5={4?kuYGD(<%&I%oQF~0)xi(M6RGmuR+Mkg&MJ??tS6W%^tOFQbMR!eo zO$g=FbTCkiTy_R`Z5WdNpq6gi2vAsu%68N~JlIuDQY=iq?cJCbv{B5Lxp6e^6myN` z*R!)WG~lzW$Z>NHZW{yF~n8-A;u-h0VL!BzP)spnA5moh`5^Sh*sm@8owId0?O{ zx$IYfcw88q5N#~_3^)w7q5iv9)UEnZN`1_Ot>NY6GZ_m~K#HW$Owr6(V|^TMZA#bl z5$X-U<2uZzZzIijdx;z>Gf@ht8)4$J=#r1i#3x(X*!rK&tJK&>UEhqi35FaeKmW&1 z`eg}LhYF_)a&o7SVg|0P11{^kVjT9=V?iPOy^-d-v5>;5f6Vg2x9XbVj?ArO2W}AU z>h-(vOSwC%+Xp|L%B-;b8pPde@d39N&3kESLL)juh$$bQC!vqUfVG)*(a`;615sEm zBE-eIOJ-8jPz^H1#q;-_RWDnCvfY5YG&MS(Z-eRD)59eP zs0X&WhTGC??7mFN5I<%w1-JP9s78bge;WdR5HJFY7O#34p(tDpe=1gR!wh~#(OL&8 zsMHWFCM8gA{6&f6umJ?=U*6It(H^oXRMxNvprBwIf_eE6OGs#SvpTu9%TCtTA{!h& zaX^4P2d~wX=xREw3XdQa+^7i^S62_)STk?*J-~Dg+jTKmsV$pZhM$YY%x2EFD4Nu$KGO~BDb~+(`CmQGXEtu7oZLQ9n?445tn@uJg$n<$VTU(@` zN8K}Gxq5Y_hkdxaBRCBo8Y1D z4hqZ;sy9LhX3L111=~Ns);IR;P1L;-LkGq^Nhn2uAX(9B5*d{&|E^%mppo5+-?C0@ zPS*vU3n2;dn_Aki+%~1LUug=IjLw&#BRz)E0IQ3G#obX+k zbSTO{{5&CbFWr7lJa*9hWm3@|w`f6(@+56!wZcCLLME!h6R5Sd0N+L7$3!w*%xI)^ z;SRO`k^>f3HVvt%@X(F!2t#E;qt1qKo&-LC1VIG{>|K?_8!>IdKSN0TZl)w+kZwuV za1L0!K2R-H=3*jrihJE(=?g)$Xv;q3jH59+V>0p_HT#WlAIVJ%=7*NsYdoTQ;cP8L zQ`D?3k$`L@54eS(4>h_xI|`dIQUP5GY60_;By+ZSfW-hzi`s3UFtv7-FaXyuW!$sJ zx~;1<{Q!WWb#L9{@GETa1$M5qWur@FVelJFD~2w*78)6I7)kl_bwoj|h%#n4ZDJ*6 zHYDD33nx6EEZpd9{V3N0gdn0K^4GwSt0dLjCIH~-%2)|WL`Tu?;KC=5Ca<7 zmpakrDp&URIQ4Ysu!vix3AfgUnHh(5y5O{)obZL>L5eR8~)?v~NX_>7Ii@d(yHhK&bqjD3V+fEEWhsxlv z_B;u#06RMN&Ag5R0!#OiKbPF z#$OaR6$|`Qu~*IPUeqA44r-p1=L^7@Ak!vw$Ymlqm-RII9{@4QR zJymJ?OyOW+G^Ni+yHutl-%Ka0<5a*loQ9LfNsa+t`(R3p+;&*W+Ix ziJqu}gql4h6)NLBYg-sX$I8YhHPJBryDOTeu^kygv{rVFb6i`$?{6ZBv z1O)#4ru82FyuHcKSQU$}v(7AS;kraOkzCrsT`91Etax)sQ?M-XSY$+`w*1pl>$Ifk z`OXqaaKEBTx`PkcxK$coW_K%6@?eYAuL)>A4S31W+N+VNPZ)d-sAX0G+FeIOU zy7?L$#B3`sw9*bc+)t#_S~K#(zc|*JUVz4Y(znRXfY)NXVWr%M=8$M{_Xb)Qio*{}VC^x+q zj#T-iPM(H6spgvOv`w)45X0Q84n)dcB(R#D5(SJ)oxaV)eq9#XCk=jul(!D1a(N;( z`kW3r5L_s$UUt~cV}b?#VVcA6MnYs4^{{Hzilan#%J)8obZNr<988g zf~N8oK75QzQUNhFpNtNJ2{R zE#)(fmA2gJKGPH=HSf;(&BuvpkaA&8Y$t!1TsuNSS0vjWp%tKK3GKa#J3vs z&8L`X7A}jaC9a~HQ=LZPM)Hx~qj#|lr?q7&cVmnnR@^C+s9o^yRt;ge4V=B*Xkp|` zoOsLPaisA)_cZyTYP=GwFG`XqRVNb----G7vUseL&I$--Bgq2Sv{3P++u$3LJR^aT zije1>cOR+S7@j1SMn|qaU(if=7z8l|6kzcpL1gEh!NL$*MwUQP;p)9H({yHaX*O(H z-GweTrUb$q%rsn7|D|FEtBZ>m2FS2YWOW8cj}gN0HP#OqgZQ_YPTWr{R|Oaadi(;4 zp*SMT0@?xfkvxg|uf?}MROd5~EMI8=QaHmT%y@Ux`a>v7s4sQz48g3Khks!HO?`0| zc|}!koTmu0T0cx(#WHP7@b~IyX(o8|oa`trNu(l9`XOU&G*v#t>xKb~K$k`rcC?;N zr_UBuBoB(>$p!btjfa1NJ3>kDmH>syX6NQyVcGt4O|Vy*JoJfjMI zk`W?Zx0}kpqWuT+A;FqlurDL8hUo?uB;Ha~Vky7|(fa_|sUb={kTM{4aWo?+O(DoI-$CPxB~ik8Zy~^xD4PQH0+?`STG-L7I$EGOsz=(6m`Wo~D|b}7!ezf(tBQsgm20+b3W5Xg z6h|07%e#I(4+1c^nnglDfUrK}lr-QgU7}UN=dpy`Q=)3Yf0+Jmm(5gwDkU!QHYb3W z&Xsx{mw!IU-S4uh+yhis{h>C3L3tx$R_}W`b4yOYlJlI z!BKu!9eO2w)YJsIr=lFQfNxk@CB)SL35?^q$~7mS#1$I$ctrY+JC=}oSRH&fonPq| zlFbU+%-|%?<9(0X@b!ugiG|$mdQWzORG|nI;4$fkz+Cf zrt7J=?-oabp1{YRdeh<8NQ-LwlGY4c1<-()0jMIW!)I83q?TR!=+~N*P$akbaktV_ z{^)2I)y{Ktl(tHZino|<4Wx&OCZPx`NC&C>5p%wawjOU7&ramA(giFbx}Bv=yGZS*E#kUv9qGv6;Fd=JIuV)j>l) zRvq&RwKU2rKkKMFra8-GE!*JC{M@jfv{MFTBK^NkWHt_OTvR9X;PKaN@zY}QB()xL zMcYXkdFI)OFfDf55RrbvV8BCth+M_{Da@uLL{~a-?uo^e{<1qv@pS1|e}&I+re(l= zk?h2(Cnp}-)yz(=dt$JWE{GV-o=#J&V>YXcFiyb`Y;<^o{p z_W)iiMT-N(Mxq;1t=Ezp!-DKeiD>q{94v7{0e{J!2xa1CO)PF(dOA@>ecnT;C<>iw zp{-0{@h=8A{2)KX4P{hW!qQPiDpv<;HwZqL+O{yY5CvF3ESGFyuXcFP)623)_rfo@ zuIr$3+A~Vc-68dA9x^~LP$)~FP{F7~gJEt>L{PyJbqop_iUMR57|NPadLEl0%z~#k z#&D>Ci0B9K6u^vi*bS4&T4tBy-X%$Edl!m+B#Whxy9nj1Rp#HQc@&OfPEtaoB=qLIy$mkeI z9FNL75k&tu9Re^t?%tbClb=NE2NhrcqkiZ%1Jh%07+V)6>Jr7PVVDFW$8)TS5Ah+y zEY}P4a~f;-aKZ+EQ2fRk!Mh8pEQpw2ONAG`m|DsLdmCos>)J zNgsx3zlxs>KiI1C;(Y#u?IBG}a&l{8z~9OcS;sSDT%0@-34Sk{n&|8w!wHMucOXWE z0=Iu`!g_eH)N#FZYz<{`d7d$d6#fNFYqDIovhZ*i5)*-yo@vVF zA(#_a#2etf(@tWId1OaxBmlbm^G4@6u&yPIJNP&!vzpLU;8mFSfC zq4lwyJvzkEl71l~vPiJ5L2Gkj5HR4L?rtf^qFd8|6p#;ZTmWatqra5$RcS}VferOT z$MwN$RtokrAx=TAdAmW6>U(mhz))1^cUgeh9`pP%`dCeT*KTKG(5^~i9ZAFj z@}5lBepf`uTJ2rjlDI}c?L67pPho5234y*Fp=kfX#Qq}*8SB-r(%#zYA>9h>pU5 z$}AB4>E_K%JUgIBy+mo4ne_~NR_m(mkvR^_KT#iO2vll#R`L-9mFOH-&;!8qK`4pAEYL@jab(o>+oObb~9!#cF8UaCR)@0rMmO)tsHO<A8i4*~1M2_MvWBCVmG+xEL?MKdSO}IK+GxtgPCOsa1i!DJJ@LDJ?J59)&`~uCa8yn1D@JX6&Kq7xUcoyF0;sZ;trbd&c$r5*8`E0+_>Fj^%dJwYcSGg z7wwqIW3EUaz(5RoOdFDhpyN+Q6%xloB+-!V#&GR;9n88=fb|-?{3^+UB@k02M^(p5 z(*Xd}5|i^ZrK}`7)$Q^}rdsGGEe|U#QspN%odTfnXfGRjvrqA1S4DVwktMwXympPS z4~*a-;7dj_9>ub~A`g*|IP#dDabMWs5t=QuqYm9ii!k|J4f;LqK#G$i#hU@1=%Zxb zb3R{(RxL+pYmxUDG6DS)m?ncG;2)UF5@CW(lJ@+^+5NF67Oyu{AXkqDEsUQ^ zB}Uj7Kun-?=&sI2b?vj4%@6qKkm_0J2z<>t-`bi$JDtO>rWH?HuJ(%5DCY1M z09oc4MUQNrfL(Jvt1Ej9ggyF@_&r{q^&!_z+_GYVu=dI!K|9;Q0;iEYBT0*kEUaLN zswuLuwN&=E%i5>RFFEXoeIN;sBc?JEFKPuNl``SNUrMn3ytDs7s0*cQXbbeot)I1N z93SkwXG4jGW#V?gbNu1SsdPuO9|A-Og|s-p)QDX${9gf8II71^58n%S5Fivhg0f2+ zOK03p%tg2vlXDWYB_L1KYWEm(%_wF?hDi~=UbB$Xltmk3on|yx5vcCf51s4B?54Rl zzRs*t-1&;#F{#+JgITtZvp%32!K|Jdbv~meMHT-3Px?^z7!>?FZ6{67^=dJZC2m!? z^;UUs9Ov58)02~RB~HHjZ0Gpi9m)W9pKbU#u%i{3IUGa7Aydxlwo}!C!Envwtso{E z0@jIv1d7Laerga7V0x~|*_o-&k52OUydNXc33qgrQ;=f1n;ur=N55;WGz*q^{`gmGI@%hAKA~hY)_(Z^Sg}f&v z^FojFLC7-*kFa5^0apy`1Yq>odd@;UGOmJ!xGfz+!mf3k`+n+@FK;qyo52Xo47D%7 zJ)q`I>wKDLlGfEXE)tUKceBDF(|;Gan*H4j(x`@wYv+XmCetgXM0D4rpDZrp!fW4X z#PDK38a7qhA*=*(fsTXtYrAJs!;rQ9N?XGe8ck@hW|ODI+{$KZ^|ZDFJB4CRc~kk? zB7k3G(^?Cs8KzJTzX2M>?8?PLQ+uB?Gmm;uv>G>ynZsZhhK^zq}c5ILt|Qn zJ{-Otu6KHg_xjsD&|xy(oVpV{bPy*+n+q6MrlZ$hy1ltdImwuL;I2vIf(LQ3WYGjf4S0okLX(BiqmW z30CSs^2Klu%7wj~GM`gLfKVHsxUVg3nsVsP?bP-(JeyUKywoiCc`r z&2uZ#AYe(#!Vl$8J5wdwM$o~ZUd3DT@Bi_Q!BXKbHat%M_@$#GfBR35_}?^0_6q@S zkNJa5dwUDF@-nvQNY(1)7C&>Jq^T-wXwiy zkbJ3d;OmQN--uw{bO;C@0)mHt;71S;e0?$9E++W;VmgEc4`IQ5=UE+CqyIcISpRjP zz~ILhBK!B#&lV)RRgA3H+VUfHPaY=Q&}5squb%-)T{%q;kc%aYndCu5m5rcn5#k?t zC~Nlu`YnQdT|q~d!yAHFA4L#r7y9`;VXPX%+tCgfK&pqWiy`$s*B&ENEoEeyGTTyZQpP9YCs6bs=;d;LO0C;}Yww*4eWE1?cGjoHDsKc`9DBh;HKu zd|m2VQeDt6;>Mk{V_9&`fC*46RmUb+Phg=Uo+|4Hqpu5NQV|}9XjkqS*kptbA_11^ z6@zd%O(+7I&^eDZcUb%e7jYNONCl2)s3;9f15!oqSri?U6-t)QHi_zJ^P}*C9+B1%xd(QWeuUo8P$G^*bi*V$BNI}ucfqWS z2XUOP6aEI*>A`h+aGma)%-}k`-|7a}>EEU6^x>4_-TLDPa56lok6~{`_!o0QPN-7p zN{VdRU^A=aZ!)bbfv|9YjD{OYk(DbNv)xv2OUn|P)jWe6_25Qb1cE-+_< zuLJr29?oS=PwD|&*7UG-E^FTB2A8$UGq|h`E^C9!n)eJYYYopHE^C8#N8$Ox-W@yn zX$%^}$NMzs|GXfleXDJa7UcNdzE7$)%Ir-C||N9)zSE>K=Pv@?xzfw)ZT-)nNhpgX-`z zs1EaM-A8L!j|AFu6EqB`k}deBE_LC#ZRlx|Xc&?Nf6Ng_w^j)x53d96s`c?oSGX2i zhh@$ddV3eH5LC^GJl)=DtAgri7~*0k+q&^44G^qA(Lj*f`V`Xm>T5unb;8xiq-1dl zz-ZEi#YRs8Kw=^Jc=Zk<2n_n;aS&ypmh2+quCF4hR^-{F!8yN&cC%JGm{Y}r^DM1# zX(}F|A8bSK06}L$^^f};Aj$N+gH)N?7aF9l@C!Eq__wjRkF}^MYZZ)pA0JqYUdqjvhHf@DID5;tI6g6vE^h`C53p7FnupHnDCN-;YQeiqF zCCJj1ko;F%p*f2c%p=+>er+)7@>=ZevDn*N(X?+^i>V&17q0J@mVQF0 zp}UitVjB+577He83oMp!ux;q$VE5a8C^(f|Uo=S~4lEo{IQ}ccR4A66TT!U2U1vyS z#oD5C8r-rt+#zD3ik9pWCr{V(lbOt1gq!&$Ewk066J4+Arz;%d2N7<5*wkA0s<3}w z?N*9-_{7(l!DNkg4?SxHtEpz^_@rk%Ca|98;0N!&VxI!W8jEDY{l$;M$j5}k4bVJy zrP`~xmnaxDQx|0J$x`DNO3qGSl4oY|gMm-_VVqpRG zya5+1gj~}URI=ZmwOq4il`U*APHFocF7?}Ci(P?8+-560S#xFWKARo~+~~X-W=8=@ zv&XMaPRO%MD?OtmNZv>(WWK?K$0}tsd^8)));rzgYPZ5Rrz^>nMzG#qH7pc%_kP8L zRpG)~2XRDPP^XZDT-{m#LMU^SNo&p4LKX{np8fgNpS~r}PT%tf2Ielerl#M)z-i81 z4|q1qSzidAnxbyrd`cu%SM0~z6}prn6;iqJ%o$!>j*Qaig z#Q_F)L6D%PlQb1lk@F9)$+Q3QKbm$%lZ&6P$g}_Zf1e+gpu@VDTk{S)bPHn@tZIW8 zOF_A-JdV_4n7Snlz!Yl41kt|dCH-A?k7!GR1)@dd<1Mz3! ze|mrT!)mscb2}64HKy0&MQ5S>)fHQq`yPmOB2=UQi`#>G&bxouZ1LM%Rc+_*3yO)> zAdo&jLtP$2JNXNhj3iA@pR97dTp4<~3O%5s&=z~rb4^_q{Z@PaUZJ>c_=?LQ)7T=maJ~cgjX^N}P=VQ@|t&s1W zK~x56M1IF``b|j1;`S=MkjRo};FQ8+qEZ@%^9}0i8#J&x_|mX#*aMF-;Eqz6iGp07 zO1@k&X}B)Qlce!h!8&$|wOr6B(xUxqbDkc>p?F)Glm(E>#G{4noUb$+-Xx-%V*pI& zJ>|}Xk;;wH_e&N)3EF4Cuu==`LmvH#)rA@0Dm>-ke-(lcX@^q^Kh zZpa6Z1F_a1v|7>@5vsCP4&w202hO(h=C(Txu6ewh$Y0a1s3_wxD$3R(YlO2{pfUhB za3ko0dUTzsv>1V6j(WG^>Gb5qS*wkq2@|&7ba$M(II_HDQJ#dOqd&3Nm1mzgx>Oj+ z(u^)83p9;d(K{|A$>Nkpgr+27wAM_6z6StCNZn_Ah=Uc4ml)(j$s$WL>HK=OX=v*pxp3Z{{)K3!739Jx?@K$Wk)j7_&8)CXT^% zI!ncxraYj{$^R6luAs)(CS;P|u`pNdnjKcTP-7M1=Z(k!BU6qGyW#fGI04KV0)QGT z9j>lv#7M;Km`JvyGK@5N5n8r3_0`RiNytOg{P1*4eiZlYt~rhYKFL)oBoEvi@6iE^ zM)!210D7YkcMpoCo6TySDQ=D)DCQAbB9Oi>h2gK}jNGy$HL1G58;JLf zupSuEhDa6x*QObj250zo>thRM2>Ft!w2$+|YuD044A}iQ;y!_k8T=;({|WazM*oR| z`$Rb{Q;SbTE4^v=l&}^#gM#cWCrmpBoN^)$s{Wn2iC1;y1kV3 zkBrHNEYbzA|G&CjfxZ8D_0G93Am9O3&sIXE&7Kb%OOKwTRrO${w8mA~q@;kQOQ1dML3wJ{ zxNCyLs*8FfjKEvnhmY=SFH>iH9*eUE5=cOC)echK!bDeeHSC#_?7-R7dIf#kLndTt zF?fkW4i<5ZlYzKe6?l7iZh9{?g|PCL%j^K#1w6}Fo4>6ljJXQB{TA01TK<4xe5(xx5zqh^w#fK zI3Ct+e7tR;4xZClm=;q-uS;^j;^5?yY;su;VcIeBT!fp(svoJq&k?>}vyju2MH?)^ z(lIIu>XN6d>K)2e$>E7B!k4j-ovB-Zj9sxiCKZD+M0u=cL8nhmup*=DK8YQ$*FS-P zp|W6=+f0se4GL%-0zPcd{zI(i5N?YHw}Lz1$+{ugw;Q7mF6xoP0aYJ;Qy@X(Vj6q= z3Cli|J;>W`bvHpFm#HNiaMD1^Xy-)YI&=Uymn(91_VO48LEpA}-c6=k;fu;EbuDSE z+9^;akCfl7mMDVC=lY7Z<8$R z0y@+|1BdDli*1UeX<+>vM;!&iDwF;3`g*Fn)$_7uzO8wf?4!9RFhsDB%r^%4jua0W zIiFstV?^szk$C-#$C3K{-NA zW-J{cgeG=k?G$udD6t@GO6lJSqZxGC|NL5P3;27@(^MnfJ0=N@35x@{N%SvyC59eD zV)Zo*!dXXgHL}%N?^Qdn4`Y%_nzChIJU=tdi{3SYhIs-nH)PBFJ!Mr+@2*4^hgV|G zoo5;Bhq3S4v>h#@8jJT@tXsv79;dM@#aYkvW?&dci@rHpEwj&ca=>8$Uh*o@(~>I7 zrtx@2<2HWXSob6gxMIiP_5m7aww^O6ABD4LA%dR({98_Hw-EnOMOgBDVAZE|M!_bK zV*?(ntf4?iG|On_4}WUpqs+!hrm`pn=a{&ln7>S|rhsu%+r_g+Gz zPEMX5>z`Z>yFjehbfj29C0M7irGlo%uTEY(ZxT?cvgRhRwm^T7K<@=woY41!k`Qu9 zygE47S47AfMZPt>v5;Jx3qMjJJ7H&!}hy z*xxlHWRaHSopA^a!X<+^sFhlH^}TIBW;r`KXV5ULcXO@4@*GzXx6wy8!)Y@MW_xsSC#=>|6Q z0i8!eRbxG%hx8Lgn4=bETc8(u)k58_uu+p!gn0dt%C$|#3k@C7QK8xnw`8%_zoeqE1T1k@3ROM--Mi6t z>b*V6cLR$`D~PFpJ&B_H`^Ju zT337wrJj~t4o*;M$5OT3yVVW>#qx`7TKPT#O+aTYK28C~zxgONOMC(r<# zYk1w!h=(*~o{-{KdTTc$!61H>JFW=(lu8Qjd2oqt*@oPtks1f|Mw5Y?fQ|#1-s~l~ z=ud73P1oV!;AxcbKJdKk6g|ow6O3&y0T8@O*hU#B%Jc?k0Q_~!Hv0jR$9TPFw>M|N`MKB1YTvVTCBoex zW%~Ak6gK^u0rj)wOCG=Ds#g$IOLvnG#zDCD7XY7tNQUaY|?s*gjREFj~ zdGg06j|)hBg`ze{p>VVdxWF?ZWm=xm9b6J-25HFs(0#RuQ~HTKbBT^cMB^nGT$0=6 z1Z0Y&Daq?+1MZtoiP%ckZ|vN5S+U_)j@91NPv^@%{^IA=Ud23Fd~LMyG+$*0ZCg{Y zR0T9xHSvP`XR@MU_zRVr-aO#B-@caZ)vt5U$0pUYADO8q!NQ42Ada??{6y7X=O&(B zAEuo`0f|k&_oGmC1^TLx@R}F)dXech{Uf6h+IkGSX@Z1F`WK2db-Bj{Z8EjixTltW^_*b`0GO9pp~`iL6D){&^mW z;C8pIH9@>!MCR#c3I_EaYrLrIS8^r5z-8NHgl*av2iw1YxrqFfM zseP~fVC)epfST@cdBT2GcT7qinsI(8 zT^5s+dAALPS-+KZ%?zZsTW_UjX~poq-zGLM7zTOG;?4dm?PK1dA!a_J(X>-Txn+W> znmH5zW8G>voCp z;+#?PtN>hrC(>@HcVX{&pT#(w&`L|Tz(0y&X46jb*COw z(Z)>GNa95lnhYSC`O|X&bvyDhCAaR+&**XW8XW@HEbgOxxb)lCZS|U`d}(bcS$t39 z<}hKlSg;^ZrQ&nY$7D8phxtPE;YT{7@Q521#>O;CgnU#P2ofnn>uySKnIcI<17=cS z=}U1831h%f55FX05{ZCDdXt*mZgdxL+D@bhGrVNTtApu(BQkOin)`^~GHe;<5NiTN ze8;7T0j2=MH4pp`z*PvuI*C}y;A|4$etEoXn&)ixj!1@4f+`23(eoa=Ofy^&+8SEd zb-R)>7VT48r-FI?+vUC8f_+9t#rWqdh#f&MeJw3ofyNSz-TYCKY##C8C)R6;wyia? zVP~)b0?Kd&;uQID`qQ-OdJB?Bjonl7{_^@gp=nBkTjSfc5OT@Fg57ARb%D)KGTD3o zt_mFrn`d8{oogpseRj^`7PEsccCrazb`DJ1^N|XSOTn>s%M_p@pw{~8?ZRqYnVV>| zjy>3nmh>Ph`h3%9gGe_?eK^kaXf}J-i#($fq*5Z_w3!lF{uDAZn4(-En(-+bV3AHZ zLY@19HjJ1lw#XtRSV(g43?d_-$TRkdY7Fo_dE%QqwKOW8G{NWzXp)~aC9>~wr&WY1O2@Cj%N_VUrVWN2Z~dck}hE z(ydn2%3Z71*s5U_X5Dw-qe7E}#a<-(4DySOT!5TYWtnTWV@@N@O|wYQK54&Z*E7?& zcA1HJw}|M{UqLeoeb9ByFp#+4x=iD8shJU7IuD%2iMDbo4v*i0W#fwdqs!OgGH>enTkv?~EI`HzvWMq|SMAC;{Q*hft^q+B~wlFd^V>h zmNt*0gTUSk$x|l5QfmU38f>xq+to@R?3Hq=G{+nj(v$@5XRfS!Xv6ZM61V4Rq>LdO z!$nM1b1Xq`rfG1=9g{R_7}Nlan+ScJTWI640LCd_L+vpWLSyUtNXi=>+X;Hl$GGE) zrNx}7T-k7VPiLZe;YLR(vZu3@e=naRa2(`!O{v9`*>(|lN0(CZyQ6S>|;nO6x5@)%x**^Ftw;T{xC(72*rDZj6PE-mHAbKldX?jN9<_7 z)H->7^~-5TFnMiy^~-4<#Lo)wQ(F3IPX?o(5_o+8Di*N-0k+^$=~D-cN@KA!w{#Ow z(hi_jt*INTZWTBGKelHhl4<&E8 zFrjL-$$^L!4_V*bCol{(@$wy&gZA{9ZsU5Bzi7l)@6K1o?5=4MwL8?g7sE?~fF-FS z6C&9n!}<}H+x2;(9PQT(dQd{JEpyvNEcYRla1|QP$D<^Y-2}3OI6e$v+=VFSWUpo5 z-UP7^G3-SMcO-(l0jrq+_8@Vc6oFZp=>tbdTR**b3xS!dm z{g!fGe*5{xC|NHqUteh;!Uca!aq0iXU60&vF#t4nHC#AVZR2M?v`!60PNi>LDN ze$Bj#q@zkG!qDzTg!$w{n$r9NVl;ByxHtirix>L_VeVEjwKtN~Ur!^2-_oDio{Z?P zcc0M9cp(f33^*`DM^F>ErilXOQPTkhLoh{qF1SC43Zl4<)CjkCr1y6OUvE=J_K+== z%6jKDy@bZau+!=?amZGI4B&9ch4x!4!O~o75w~;Fm4#opPHoOALM~}+N&?X6W87HS z%s%>%$+gL>7#lbs`1;6l-8p~)k;Q3K9`}ZoLXWm(nnAzx+R(0XA=ZhA8(mRq*Z8{F zvt_LvYb;IS;nxh#COq9{L*JP$Z98g*{nA_NU!X0P__Noo@BRGJOHHJ><8gb*+_Hm+ z>C(1DJM5QUo??>I=mXeHwpilK>(;hRfA}xE)E+9FSfuBR#*l~#3_h6VZR`IaQgYsr z+t**XW6OS_5f3#sNN8J%>OO0aMfw9&w&}kvY~QsoZ1n|Krf8Fuy|Snot+T9qez+NC zU^|aeCb2j`%ff)cs9jynIN16CtL=4Fce6vF79h#Y!ABVN66V8bbXJUwSBO)BEr~l#n`!F-92o6)rowD)jvYc{-Eo7 z%!JA%Sus-Xf-Nzn}xDb*BrnrWP7x9PLLk{L&=tD)EeElE@Mj<4%*U#Uc^ zZRn}%b!T)w?9jv4tc%48tWMyX?uz_^GnHfk(~<)v3(BSE!)J}W#|=J=Ce#8lLkk0V zbSr~__#ui_>NUfXxA$kfW0LmEvVkpagpGA()So^k^G)tI7CVqk8VmkdbCM0oTk<>R zIm8t!rkos`B-2o>r%|N#cAm#ebdQuKHy{mC3{tbcb9%!3jzdK!v$BSP=NmF*l8bOm zW&$Qmao9PF#63Bc>>m?_nZIMkLgno;Z5R^ABN3HL@V1~>L^u#lMQrzXiJWJ$R}{++ zx?OpXYy5ZZ1~xiEQYpdb-SY#ba?VppC66{lt!WgI1OXuy;J;Yd_$D+h$mv7D2xrp} zT+>{Atxx5(9#z*$cpByc1+@G;;o#b9&g-#{#hZ2k&VA{!nkpgR6G{HrUF(TE<-In+ zo!5Hji5=>+ZSS-@`0V!b**#KFe7iCGr%4)aD!f0VN>3?w1!}PC53aX^>+Rrr>z={& zw(tzDx4#3|Tj>WlcZzC-XlPGdGrya3`TIEFx(p0ZBoiap&{55dP19h7#Rx)Ent(Nx zGTL7xGn0W&Po6fUv~MQ`36pEutjDfod7$;0YY)nXA94dXoSJ7ZPfi=~a@TQ^J=29Y z)l0C~7B&lZDxgW4H5xUU&FfI99P;t%-Hr(w+{x&*4%fO+8dxtugnWTD!#`fVgW8|8 z(S`~5jop(}3x&H*zQ<*qHB?HizpbWJYRz>u6;t=|gUs)%#Ll!d?jg?A_EF0kfSZD38BQx`GgmXWX^RSt*{?ztYsTSZBpu>a< z$5Q`bBps@J^lh|H?M&Q*9-yAAQL%l~Q7UstyI|a!14ZE&0i)DJ&zo7NgB}^=m9{-M zdvP3)MV#eX#0%_4lfootN^(FxBKE^OIPg2p57eVg`gqi@`vo1$0z+~~C8zUfr(900 zm!#GSrF=6|xhY%+{dXfuh4WrB%fbx+|3#1GpvL%+E4fp?Ht93ToCde7IW>jEtO>?g z#3Ts?!vr82{+ls5S40UBJ6X+?>5J7pleNZ?l0iJ@OT<_Sxcw4WB%o1{ zMJ>s^^vS;G0b;@u_&`mb#jf)1aenLWdDNsi&-ak<^_qp8rcB?ZYnPNQ;vl;P}N{cq8M}cCAnRWmtq{UyNQPL(6{9zqJXZ1zAGP zzNusj-pNeN@}?f*gaM%V0pC~0vKDu&5U<5TGcfanaLrO^y7M6T2um2kH@C)0m^e71 zst>Pu^wza5`UV)xn?yLq=f4!bTlt~(yKQ-+Hd!PEA{QG}= zgQK$W7bcba@ehyqK|}r|kfEC7=l}2diBE$>jW={1?f#9ElarHg&(7fgCnqQ6|G#>9 z^70R-XJ==pFaC7)^3{t!oSgpY)ydf($jKoW+Vo^9rScCadw;9ExUb~-W;7aoLlbTe z?DvEwoPA1J499nT`)8%m;oa#scm-Tl1~9X|)_4i6-S#@d1&VDJ1ao~%KIMqX(UQeu z%?Zvk9)(Q8;P%sZC*yC&FZ89747y)yaVMqg_^I9#w|YibdmNLYM6z5M0ntnhQ02p1-8-PSIyUgrtFk*5bWm$mBa zrume8La+~+6n9MCadz)f#(IkAoxK7fD3utWUYb?~Vram~LIW>U18`7#N~Y|BOXNo{ zKQ^RcOlF{ka8+*u5#KSH63GIwjQOu_Y-QuHwES1$;y_A_X@oKvCcR%%&CEhbSQdNZ zVaDfLHe|_Dd*?J}&SIW!CUAZDJWGXC6UgX4QG7X~GFb7H1!*SPgeH6hQ;*@^jo0B* zX>Mt$vT6g}hAYvs1NvHE%|h&Igii-(SBvn??3&n5!)BDBk3n*-qsq5H1B}NDFadE- zd}48!K;GoWP(YQ6DT+8`1tud(mSgn871T>tdD|k?n0?V%}f?#DPC0Vfi{DB&&1QD5ip`_HdJ7hH}J}96?ZN zj;ycW&8m_^qtwvD_oz-<2)Uy3i2ZndJ$=!!-q&7J+YgJpPF}!_eaRFow_P4XH6A)` z23k{pkH<^R8i=fOhu&5?6i!cSf7Fw=m#*GSj?qjOd75=KucBR04LOa>gdT-c&Fg$V zmPyF9AK*%p3iPYV;*>{?q1>KY!*>|7o?ckBj%c249&xp5Qe5m1FU!M-U5Ge-Oi;Zn z&Z!(nZo<9w(L;yB#sngIaah9Wma$|+BYsy42z{}mP4FMaDju5fGC3Rfk#F_Hw-FN;;d3USv_UA@`CyF1p?0=^1)g zqoY7wFxOSfgUNojEkkVA6_WHt6m?fUL&AYV$%)72O;Wqo%&2t4E=AE z2e#Ol!IW``r$PUpMoJ{80oc#?>kr-f|I=5eW&f{l|8zR&|3Ay~RqFq})48kS|N7nR z=fo*hbB(|Iy`t*RKU&i9yBD8Tx$h?0+t2IWj9?Ex(h7{%Kr=<2@`WgY3Bl=_rJBDp z(N$1tC+DC&#iKW3FO@qqnxv7MJWV4tGJqYF?1PfM2>n6H{uz|)4wdxLuDiy4)#@}# z;;9s=2t?GyJs+LFn|^SO3sZ60^ejn)gtS{p5*dEJhM$Zy==HSBST?t&#$hWOhiXM{ z8Dta`GQ>#NM6v~wEDl&>QRgkJiXMv7AQ-u+RAWUB&AkUaSur`wcv`1^E<*gmYuf>E z9F{0(TdySt@LGaLvP9!S{nP3A#r9!09t82zBmDGd03hIv^Q<%H#f58FBmNvIl8A^0 z8wZ(-rZN_K1dR=v#M5?jLO$JVy`*l<&_$s`UBL=km{5ZPM*|QP{Yerv1m&?fYe-!^ zA|FIvVX&czNfg$r9hdAp-gGua)lJ^)a`7+xj@2*G8#pZYtL@O0>jfl#Ph2cNCE41w zt|Wf*BHj(o3dv7SH`cIUvw|hEuA<R3?*}l(8t%T>>1x z4pJQQ58LXCKppnOUHU_#oVa`j{I#Z^Y8mA!)ZV+6wLZ`uI>%67BTdvy6;$=85gC)I zP>RnZ6QZuZC*~v9?`Eeb$NpcZg}+|ZWr6VCzZ~a5z8^$f7v$RlvNezUg2lBgC5Mk6 zJy`r9w*wCzQDm?$wqPNq4gG2pdm(A8BVsE7?(ww1XArs;@sem3U);xp$0}tMa%AI+ zoMasx)nczpuz0YT&Lhn;W~o?HP1e9vv0|}zD2R~W%>mywR+|p-wU$R9_iI5ISY`8Z zAl8$mh-kc=EX4$~t4z*boxMD1+KPHJfQtDnmAtO@RFOv5b`@Y-x!+{m_gpjTST`*` zAsh=$@pOj*Oqz%jH_j6DcTn#-ZP7M%jzM|*NSFRbto>ff&T-#`87^rWo+eRVeI ze?QCfwd#M(>D)v8J4>yIU(o)-&vnXQ{9;x2tIRl`RrL$A+(z>Y9mb@X>)iTkkU4|o zDt@EIDE<%6MI)5ImGvJt>N@ql1J$26hE#Jb28&6NkZyONL zF<~@V*`HP-3hT8Ul-#n-#8<2&l*>{fS5;jKX;T6;&DZ2uqW(;MJvX9od(!I!nXcL! zxxT7N`_rJXvZTqcQLv4s%IT_7;lz%#Sd*?@Wz{3GXj$0EpOLrlMx{(^g@9T|d!%*V z26nmIS2~pL3DQmt(4}@K zm$rq!`Z`s~KD&$+d3)?I)&RDPo zXtGV+_VW)#RkJA@N~l+0-J4fSsg=&!HNEQAbk(fss8^%OMReCxkhSbz3{C41fO!WD zzj5Pkn6q^d1Z~+?M{2ip%Y*VMf130^_)i-VyPp=QUH|jy<;zzu%K6{E{nM*K|MNMX zuT%e1I-NUff$;4N$0_TA3NNb~q2e6MdZEJG&#N6O%)76S$TTkm=obePmaKs}Ar;?~ z5jjtiXhZH9U#@_Go7p14A|{cb;b=}H8V5z}JR?dwj&v5Nr;3)gk(EThkUAun!w0T(hl&$){9*73S7dZrsJc$F7%Hnb zMxE-VJXB$BoMs;fGCa!lZk=Wnau2x&oBdaa^0{KaZ!XjzOrXFSfX zyC4JUSwOh?7S>E^_q&Ks^Nqx({a)HOJ#HsHy|e;xYt`8j09s4UZl}g2px`qcq%0$J zOaf&Me;oPJIZN+ZgF~iU^9rqse*P(2T_3g&%6GSIQg5gMyS^3ZphwkX6Mn4#v2~d_ zfLnmL{~}X<$KL(0#Tv1Li!we&Pbw7K4A14U|4cR&+QP?o4}15+ks`s0N15 zKWwZ5_&5ixW;JP~dhBjnEo1lyRq97!t4R0Wtt+2#71ym=muaehb5+fwlO-yZ zjIL`S+rAq<(26UBotD`lAjf3TSa+@lWJgo%P^!n6mkG53Zz@{XhQx17W-ju=x{ID@ zxSgKV`E`~T*Ht6Fx$G%EEx9W2>65Xd*s`8!5Y2Hf<|sl(lxm`| z;{KZfc=HSeRi$aB9qHS`5;=U-76NI0O`*$tKT* zVxX_(lQB6bF zY5NtsV^XoH6rVP^9;$o3UVB-5uCO)J1^u%TzhBkcKsz2k?vj(&&`D=}`?EoXPq|>6ZeKjf z_>;o2W~!g`kIw;8{=&yc_Tz0hpf6Digt+Ccce?_X3+Pe@6&!3EnDn10F=-oqj-%Ec ztex_Y*Vj|sv0g-gS@#%{IQ}dMn9_%MzA>nLq$A?~)vP zc4}1R5WA{f_4O+Q#vk!~;W%0;|G6&SM z`(OH%;gbGfNv+$ecKI+lH>z4Vr(1{J$(`H3O?_^!ldvt!PQKQ_wipxj^x*Biy$i{; zDoW$wx!OBF;#vFLH|h9&$P3bWaSAwgEE6^j8C&>%%`Q)`&)(!{aPHgCg}#jsO#7d= z&VRVJ@lgWi?^hqh%5em~j#J^nT(A+W!3><5*SS$%K^-Vbam-8V==I_ls9uKCM`TVP zftf+N5Z?kkKLneX19NdO93(#okC%b*1iy(kjYxcjy@ikzU^oN3>9AxlxcHX00)6j* z-U)0oUAN%wxm&1{P6Ox`eM9b(UtOo$#CZd&BHU9-cy|a|Ik%V7NUc{C1k%nP!`Dsl zh=Dp9h@vh!l~{#d)LC*^%nXGE#Y7ABL{Nwnjsh0*zlrG3d_hhAw&)&-7k5~nu6rYmteW~esh3<$cHb_*%}0F3 zFS=^4*n9jR`B9W+%AmvRX5G|@-@_({{V22nUf;rj*&Q8+~55QRT_4!UXR zrlFh82HiAt)6h*rHx1qNgF!dFH0Y+Gn}%*0x@qX9p__(oda^gwO&4n@#!t#R?-@2V z>7k!zt0?I5a-kDLx4O@&sXv!h@1U`O#sV4(Xe_>{#sU?RVK5l%ZS8*m00960;HNP? H06-7`wM)dy literal 0 HcmV?d00001 diff --git a/enterprise/traefik/18.0.17/crds/traefik.containo.us_ingressroutes.yaml b/enterprise/traefik/18.0.17/crds/traefik.containo.us_ingressroutes.yaml new file mode 100644 index 0000000000..a13de5922e --- /dev/null +++ b/enterprise/traefik/18.0.17/crds/traefik.containo.us_ingressroutes.yaml @@ -0,0 +1,267 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressroutes.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRoute + listKind: IngressRouteList + plural: ingressroutes + singular: ingressroute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRoute is the CRD implementation of a Traefik HTTP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteSpec defines the desired state of IngressRoute. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: Route holds the HTTP route configuration. + properties: + kind: + description: Kind defines the kind of the route. Rule is the + only supported kind. + enum: + - Rule + type: string + match: + description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule' + type: string + middlewares: + description: 'Middlewares defines the list of references to + Middleware resources. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-middleware' + items: + description: MiddlewareRef is a reference to a Middleware + resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + priority: + description: 'Priority defines the router''s priority. More + info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority' + type: integer + services: + description: Services defines the list of Service. It can contain + any combination of TraefikService and/or reference to a Kubernetes + Service. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + passHostHeader: + description: PassHostHeader defines whether the client + Host header is forwarded to the upstream Kubernetes + Service. By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to + the client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, + in milliseconds, in between flushes to the client + while copying the response body. A negative value + means to flush immediately after each write to the + client. This configuration is ignored when ReverseProxy + recognizes a response as a streaming response; for + such responses, writes are flushed to the client + immediately. Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the + request to the upstream Kubernetes Service. It defaults + to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as + JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie + can only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only + be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round + Robin). + type: integer + required: + - name + type: object + type: array + required: + - kind + - match + type: object + type: array + tls: + description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls' + properties: + certResolver: + description: 'CertResolver defines the name of the certificate + resolver to use. Cert resolvers have to be configured in the + static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers' + type: string + domains: + description: 'Domains defines the list of domains that will be + used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains' + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: 'Options defines the reference to a TLSOption, that + specifies the parameters of the TLS connection. If not defined, + the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options' + properties: + name: + description: 'Name defines the name of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption' + type: string + namespace: + description: 'Namespace defines the namespace of the referenced + TLSOption. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption' + type: string + required: + - name + type: object + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: Store defines the reference to the TLSStore, that + will be used to store certificates. Please note that only `default` + TLSStore can be used. + properties: + name: + description: 'Name defines the name of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore' + type: string + namespace: + description: 'Namespace defines the namespace of the referenced + TLSStore. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore' + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/18.0.17/crds/traefik.containo.us_ingressroutetcps.yaml b/enterprise/traefik/18.0.17/crds/traefik.containo.us_ingressroutetcps.yaml new file mode 100644 index 0000000000..37da83b344 --- /dev/null +++ b/enterprise/traefik/18.0.17/crds/traefik.containo.us_ingressroutetcps.yaml @@ -0,0 +1,211 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressroutetcps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRouteTCP + listKind: IngressRouteTCPList + plural: ingressroutetcps + singular: ingressroutetcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteTCP holds the TCP route configuration. + properties: + match: + description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule_1' + type: string + middlewares: + description: Middlewares defines the list of references to MiddlewareTCP + resources. + items: + description: ObjectReference is a generic reference to a Traefik + resource. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: array + priority: + description: 'Priority defines the router''s priority. More + info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority_1' + type: integer + services: + description: Services defines the list of TCP services. + items: + description: ServiceTCP defines an upstream TCP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + proxyProtocol: + description: 'ProxyProtocol defines the PROXY protocol + configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/services/#proxy-protocol' + properties: + version: + description: Version defines the PROXY Protocol version + to use. + type: integer + type: object + terminationDelay: + description: TerminationDelay defines the deadline that + the proxy sets, after one of its connected peers indicates + it has closed the writing capability of its connection, + to close the reading capability as well, hence fully + terminating the connection. It is a duration in milliseconds, + defaulting to 100. A negative value means an infinite + deadline (i.e. the reading capability is never closed). + type: integer + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + required: + - match + type: object + type: array + tls: + description: 'TLS defines the TLS configuration on a layer 4 / TCP + Route. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls_1' + properties: + certResolver: + description: 'CertResolver defines the name of the certificate + resolver to use. Cert resolvers have to be configured in the + static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers' + type: string + domains: + description: 'Domains defines the list of domains that will be + used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains' + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: 'Options defines the reference to a TLSOption, that + specifies the parameters of the TLS connection. If not defined, + the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options' + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + passthrough: + description: Passthrough defines whether a TLS router will terminate + the TLS connection. + type: boolean + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: Store defines the reference to the TLSStore, that + will be used to store certificates. Please note that only `default` + TLSStore can be used. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/18.0.17/crds/traefik.containo.us_ingressrouteudps.yaml b/enterprise/traefik/18.0.17/crds/traefik.containo.us_ingressrouteudps.yaml new file mode 100644 index 0000000000..2ba4dade6b --- /dev/null +++ b/enterprise/traefik/18.0.17/crds/traefik.containo.us_ingressrouteudps.yaml @@ -0,0 +1,98 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressrouteudps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRouteUDP + listKind: IngressRouteUDPList + plural: ingressrouteudps + singular: ingressrouteudp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteUDP holds the UDP route configuration. + properties: + services: + description: Services defines the list of UDP services. + items: + description: ServiceUDP defines an upstream UDP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + type: object + type: array + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/18.0.17/crds/traefik.containo.us_middlewares.yaml b/enterprise/traefik/18.0.17/crds/traefik.containo.us_middlewares.yaml new file mode 100644 index 0000000000..26cb51d2e6 --- /dev/null +++ b/enterprise/traefik/18.0.17/crds/traefik.containo.us_middlewares.yaml @@ -0,0 +1,917 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: middlewares.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: Middleware + listKind: MiddlewareList + plural: middlewares + singular: middleware + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'Middleware is the CRD implementation of a Traefik Middleware. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/overview/' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MiddlewareSpec defines the desired state of a Middleware. + properties: + addPrefix: + description: 'AddPrefix holds the add prefix middleware configuration. + This middleware updates the path of a request before forwarding + it. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/addprefix/' + properties: + prefix: + description: Prefix is the string to add before the current path + in the requested URL. It should include a leading slash (/). + type: string + type: object + basicAuth: + description: 'BasicAuth holds the basic auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/' + properties: + headerField: + description: 'HeaderField defines a header field to store the + authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield' + type: string + realm: + description: 'Realm allows the protected resources on a server + to be partitioned into a set of protection spaces, each with + its own authentication scheme. Default: traefik.' + type: string + removeHeader: + description: 'RemoveHeader sets the removeHeader option to true + to remove the authorization header before forwarding the request + to your service. Default: false.' + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + buffering: + description: 'Buffering holds the buffering middleware configuration. + This middleware retries or limits the size of requests that can + be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#maxrequestbodybytes' + properties: + maxRequestBodyBytes: + description: 'MaxRequestBodyBytes defines the maximum allowed + body size for the request (in bytes). If the request exceeds + the allowed size, it is not forwarded to the service, and the + client gets a 413 (Request Entity Too Large) response. Default: + 0 (no maximum).' + format: int64 + type: integer + maxResponseBodyBytes: + description: 'MaxResponseBodyBytes defines the maximum allowed + response size from the service (in bytes). If the response exceeds + the allowed size, it is not forwarded to the client. The client + gets a 500 (Internal Server Error) response instead. Default: + 0 (no maximum).' + format: int64 + type: integer + memRequestBodyBytes: + description: 'MemRequestBodyBytes defines the threshold (in bytes) + from which the request will be buffered on disk instead of in + memory. Default: 1048576 (1Mi).' + format: int64 + type: integer + memResponseBodyBytes: + description: 'MemResponseBodyBytes defines the threshold (in bytes) + from which the response will be buffered on disk instead of + in memory. Default: 1048576 (1Mi).' + format: int64 + type: integer + retryExpression: + description: 'RetryExpression defines the retry conditions. It + is a logical combination of functions with operators AND (&&) + and OR (||). More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#retryexpression' + type: string + type: object + chain: + description: 'Chain holds the configuration of the chain middleware. + This middleware enables to define reusable combinations of other + pieces of middleware. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/chain/' + properties: + middlewares: + description: Middlewares is the list of MiddlewareRef which composes + the chain. + items: + description: MiddlewareRef is a reference to a Middleware resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + type: object + circuitBreaker: + description: CircuitBreaker holds the circuit breaker configuration. + properties: + checkPeriod: + anyOf: + - type: integer + - type: string + description: CheckPeriod is the interval between successive checks + of the circuit breaker condition (when in standby state). + x-kubernetes-int-or-string: true + expression: + description: Expression is the condition that triggers the tripped + state. + type: string + fallbackDuration: + anyOf: + - type: integer + - type: string + description: FallbackDuration is the duration for which the circuit + breaker will wait before trying to recover (from a tripped state). + x-kubernetes-int-or-string: true + recoveryDuration: + anyOf: + - type: integer + - type: string + description: RecoveryDuration is the duration for which the circuit + breaker will try to recover (as soon as it is in recovering + state). + x-kubernetes-int-or-string: true + type: object + compress: + description: 'Compress holds the compress middleware configuration. + This middleware compresses responses before sending them to the + client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/compress/' + properties: + excludedContentTypes: + description: ExcludedContentTypes defines the list of content + types to compare the Content-Type header of the incoming requests + and responses before compressing. + items: + type: string + type: array + minResponseBodyBytes: + description: 'MinResponseBodyBytes defines the minimum amount + of bytes a response body must have to be compressed. Default: + 1024.' + type: integer + type: object + contentType: + description: ContentType holds the content-type middleware configuration. + This middleware exists to enable the correct behavior until at least + the default one can be changed in a future version. + properties: + autoDetect: + description: AutoDetect specifies whether to let the `Content-Type` + header, if it has not been set by the backend, be automatically + set to a value derived from the contents of the response. As + a proxy, the default behavior should be to leave the header + alone, regardless of what the backend did with it. However, + the historic default was to always auto-detect and set the header + if it was nil, and it is going to be kept that way in order + to support users currently relying on it. + type: boolean + type: object + digestAuth: + description: 'DigestAuth holds the digest auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/digestauth/' + properties: + headerField: + description: 'HeaderField defines a header field to store the + authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield' + type: string + realm: + description: 'Realm allows the protected resources on a server + to be partitioned into a set of protection spaces, each with + its own authentication scheme. Default: traefik.' + type: string + removeHeader: + description: RemoveHeader defines whether to remove the authorization + header before forwarding the request to the backend. + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + errors: + description: 'ErrorPage holds the custom error middleware configuration. + This middleware returns a custom page in lieu of the default, according + to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/' + properties: + query: + description: Query defines the URL for the error page (hosted + by service). The {status} variable can be used in order to insert + the status code in the URL. + type: string + service: + description: 'Service defines the reference to a Kubernetes Service + that will serve the error page. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/#service' + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between the + two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in milliseconds, + in between flushes to the client while copying the response + body. A negative value means to flush immediately after + each write to the client. This configuration is ignored + when ReverseProxy recognizes a response as a streaming + response; for such responses, writes are flushed to + the client immediately. Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport between + Traefik and your servers. Can only be used on a Kubernetes + Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can + be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported value + at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object (and + to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + status: + description: Status defines which status or range of statuses + should result in an error page. It can be either a status code + as a number (500), as multiple comma-separated numbers (500,502), + as ranges by separating two codes with a dash (500-599), or + a combination of the two (404,418,500-599). + items: + type: string + type: array + type: object + forwardAuth: + description: 'ForwardAuth holds the forward auth middleware configuration. + This middleware delegates the request authentication to a Service. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/' + properties: + address: + description: Address defines the authentication server address. + type: string + authRequestHeaders: + description: AuthRequestHeaders defines the list of the headers + to copy from the request to the authentication server. If not + set or empty then all request headers are passed. + items: + type: string + type: array + authResponseHeaders: + description: AuthResponseHeaders defines the list of headers to + copy from the authentication server response and set on forwarded + request, replacing any existing conflicting headers. + items: + type: string + type: array + authResponseHeadersRegex: + description: 'AuthResponseHeadersRegex defines the regex to match + headers to copy from the authentication server response and + set on forwarded request, after stripping all headers that match + the regex. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/#authresponseheadersregex' + type: string + tls: + description: TLS defines the configuration used to secure the + connection to the authentication server. + properties: + caOptional: + type: boolean + caSecret: + description: CASecret is the name of the referenced Kubernetes + Secret containing the CA to validate the server certificate. + The CA certificate is extracted from key `tls.ca` or `ca.crt`. + type: string + certSecret: + description: CertSecret is the name of the referenced Kubernetes + Secret containing the client certificate. The client certificate + is extracted from the keys `tls.crt` and `tls.key`. + type: string + insecureSkipVerify: + description: InsecureSkipVerify defines whether the server + certificates should be validated. + type: boolean + type: object + trustForwardHeader: + description: 'TrustForwardHeader defines whether to trust (ie: + forward) all X-Forwarded-* headers.' + type: boolean + type: object + headers: + description: 'Headers holds the headers middleware configuration. + This middleware manages the requests and responses headers. More + info: https://doc.traefik.io/traefik/v2.9/middlewares/http/headers/#customrequestheaders' + properties: + accessControlAllowCredentials: + description: AccessControlAllowCredentials defines whether the + request can include user credentials. + type: boolean + accessControlAllowHeaders: + description: AccessControlAllowHeaders defines the Access-Control-Request-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlAllowMethods: + description: AccessControlAllowMethods defines the Access-Control-Request-Method + values sent in preflight response. + items: + type: string + type: array + accessControlAllowOriginList: + description: AccessControlAllowOriginList is a list of allowable + origins. Can also be a wildcard origin "*". + items: + type: string + type: array + accessControlAllowOriginListRegex: + description: AccessControlAllowOriginListRegex is a list of allowable + origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/). + items: + type: string + type: array + accessControlExposeHeaders: + description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlMaxAge: + description: AccessControlMaxAge defines the time that a preflight + request may be cached. + format: int64 + type: integer + addVaryHeader: + description: AddVaryHeader defines whether the Vary header is + automatically added/updated when the AccessControlAllowOriginList + is set. + type: boolean + allowedHosts: + description: AllowedHosts defines the fully qualified list of + allowed domain names. + items: + type: string + type: array + browserXssFilter: + description: BrowserXSSFilter defines whether to add the X-XSS-Protection + header with the value 1; mode=block. + type: boolean + contentSecurityPolicy: + description: ContentSecurityPolicy defines the Content-Security-Policy + header value. + type: string + contentTypeNosniff: + description: ContentTypeNosniff defines whether to add the X-Content-Type-Options + header with the nosniff value. + type: boolean + customBrowserXSSValue: + description: CustomBrowserXSSValue defines the X-XSS-Protection + header value. This overrides the BrowserXssFilter option. + type: string + customFrameOptionsValue: + description: CustomFrameOptionsValue defines the X-Frame-Options + header value. This overrides the FrameDeny option. + type: string + customRequestHeaders: + additionalProperties: + type: string + description: CustomRequestHeaders defines the header names and + values to apply to the request. + type: object + customResponseHeaders: + additionalProperties: + type: string + description: CustomResponseHeaders defines the header names and + values to apply to the response. + type: object + featurePolicy: + description: 'Deprecated: use PermissionsPolicy instead.' + type: string + forceSTSHeader: + description: ForceSTSHeader defines whether to add the STS header + even when the connection is HTTP. + type: boolean + frameDeny: + description: FrameDeny defines whether to add the X-Frame-Options + header with the DENY value. + type: boolean + hostsProxyHeaders: + description: HostsProxyHeaders defines the header keys that may + hold a proxied hostname value for the request. + items: + type: string + type: array + isDevelopment: + description: IsDevelopment defines whether to mitigate the unwanted + effects of the AllowedHosts, SSL, and STS options when developing. + Usually testing takes place using HTTP, not HTTPS, and on localhost, + not your production domain. If you would like your development + environment to mimic production with complete Host blocking, + SSL redirects, and STS headers, leave this as false. + type: boolean + permissionsPolicy: + description: PermissionsPolicy defines the Permissions-Policy + header value. This allows sites to control browser features. + type: string + publicKey: + description: PublicKey is the public key that implements HPKP + to prevent MITM attacks with forged certificates. + type: string + referrerPolicy: + description: ReferrerPolicy defines the Referrer-Policy header + value. This allows sites to control whether browsers forward + the Referer header to other sites. + type: string + sslForceHost: + description: 'Deprecated: use RedirectRegex instead.' + type: boolean + sslHost: + description: 'Deprecated: use RedirectRegex instead.' + type: string + sslProxyHeaders: + additionalProperties: + type: string + description: 'SSLProxyHeaders defines the header keys with associated + values that would indicate a valid HTTPS request. It can be + useful when using other proxies (example: "X-Forwarded-Proto": + "https").' + type: object + sslRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + sslTemporaryRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + stsIncludeSubdomains: + description: STSIncludeSubdomains defines whether the includeSubDomains + directive is appended to the Strict-Transport-Security header. + type: boolean + stsPreload: + description: STSPreload defines whether the preload flag is appended + to the Strict-Transport-Security header. + type: boolean + stsSeconds: + description: STSSeconds defines the max-age of the Strict-Transport-Security + header. If set to 0, the header is not set. + format: int64 + type: integer + type: object + inFlightReq: + description: 'InFlightReq holds the in-flight request middleware configuration. + This middleware limits the number of requests being processed and + served concurrently. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/' + properties: + amount: + description: Amount defines the maximum amount of allowed simultaneous + in-flight request. The middleware responds with HTTP 429 Too + Many Requests if there are already amount requests in progress + (based on the same sourceCriterion strategy). + format: int64 + type: integer + sourceCriterion: + description: 'SourceCriterion defines what criterion is used to + group requests as originating from a common source. If several + strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the requestHost. More + info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/#sourcecriterion' + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + ipWhiteList: + description: 'IPWhiteList holds the IP whitelist middleware configuration. + This middleware accepts / refuses requests based on the client IP. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/' + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration used + by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position (starting + from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the X-Forwarded-For + header and select the first IP not in the list. + items: + type: string + type: array + type: object + sourceRange: + description: SourceRange defines the set of allowed IPs (or ranges + of allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + passTLSClientCert: + description: 'PassTLSClientCert holds the pass TLS client cert middleware + configuration. This middleware adds the selected data from the passed + client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/passtlsclientcert/' + properties: + info: + description: Info selects the specific client certificate details + you want to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + issuer: + description: Issuer defines the client certificate issuer + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the issuer. + type: boolean + country: + description: Country defines whether to add the country + information into the issuer. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the issuer. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the issuer. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the issuer. + type: boolean + province: + description: Province defines whether to add the province + information into the issuer. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the issuer. + type: boolean + type: object + notAfter: + description: NotAfter defines whether to add the Not After + information from the Validity part. + type: boolean + notBefore: + description: NotBefore defines whether to add the Not Before + information from the Validity part. + type: boolean + sans: + description: Sans defines whether to add the Subject Alternative + Name information from the Subject Alternative Name part. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the client + serialNumber information. + type: boolean + subject: + description: Subject defines the client certificate subject + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the subject. + type: boolean + country: + description: Country defines whether to add the country + information into the subject. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the subject. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the subject. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the subject. + type: boolean + organizationalUnit: + description: OrganizationalUnit defines whether to add + the organizationalUnit information into the subject. + type: boolean + province: + description: Province defines whether to add the province + information into the subject. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the subject. + type: boolean + type: object + type: object + pem: + description: PEM sets the X-Forwarded-Tls-Client-Cert header with + the escaped certificate. + type: boolean + type: object + plugin: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Plugin defines the middleware plugin configuration. + More info: https://doc.traefik.io/traefik/plugins/' + type: object + rateLimit: + description: 'RateLimit holds the rate limit configuration. This middleware + ensures that services will receive a fair amount of requests, and + allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ratelimit/' + properties: + average: + description: Average is the maximum rate, by default in requests/s, + allowed for the given source. It defaults to 0, which means + no rate limiting. The rate is actually defined by dividing Average + by Period. So for a rate below 1req/s, one needs to define a + Period larger than a second. + format: int64 + type: integer + burst: + description: Burst is the maximum number of requests allowed to + arrive in the same arbitrarily small period of time. It defaults + to 1. + format: int64 + type: integer + period: + anyOf: + - type: integer + - type: string + description: 'Period, in combination with Average, defines the + actual maximum rate, such as: r = Average / Period. It defaults + to a second.' + x-kubernetes-int-or-string: true + sourceCriterion: + description: SourceCriterion defines what criterion is used to + group requests as originating from a common source. If several + strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the request's remote + address field (as an ipStrategy). + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + redirectRegex: + description: 'RedirectRegex holds the redirect regex middleware configuration. + This middleware redirects a request using regex matching and replacement. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectregex/#regex' + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + regex: + description: Regex defines the regex used to match and capture + elements from the request URL. + type: string + replacement: + description: Replacement defines how to modify the URL to have + the new target URL. + type: string + type: object + redirectScheme: + description: 'RedirectScheme holds the redirect scheme middleware + configuration. This middleware redirects requests from a scheme/port + to another. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectscheme/' + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + port: + description: Port defines the port of the new URL. + type: string + scheme: + description: Scheme defines the scheme of the new URL. + type: string + type: object + replacePath: + description: 'ReplacePath holds the replace path middleware configuration. + This middleware replaces the path of the request URL and store the + original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepath/' + properties: + path: + description: Path defines the path to use as replacement in the + request URL. + type: string + type: object + replacePathRegex: + description: 'ReplacePathRegex holds the replace path regex middleware + configuration. This middleware replaces the path of a URL using + regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepathregex/' + properties: + regex: + description: Regex defines the regular expression used to match + and capture the path from the request URL. + type: string + replacement: + description: Replacement defines the replacement path format, + which can include captured variables. + type: string + type: object + retry: + description: 'Retry holds the retry middleware configuration. This + middleware reissues requests a given number of times to a backend + server if that server does not reply. As soon as the server answers, + the middleware stops retrying, regardless of the response status. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/retry/' + properties: + attempts: + description: Attempts defines how many times the request should + be retried. + type: integer + initialInterval: + anyOf: + - type: integer + - type: string + description: InitialInterval defines the first wait time in the + exponential backoff series. The maximum interval is calculated + as twice the initialInterval. If unspecified, requests will + be retried immediately. The value of initialInterval should + be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration. + x-kubernetes-int-or-string: true + type: object + stripPrefix: + description: 'StripPrefix holds the strip prefix middleware configuration. + This middleware removes the specified prefixes from the URL path. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/' + properties: + forceSlash: + description: 'ForceSlash ensures that the resulting stripped path + is not the empty string, by replacing it with / when necessary. + Default: true.' + type: boolean + prefixes: + description: Prefixes defines the prefixes to strip from the request + URL. + items: + type: string + type: array + type: object + stripPrefixRegex: + description: 'StripPrefixRegex holds the strip prefix regex middleware + configuration. This middleware removes the matching prefixes from + the URL path. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefixregex/' + properties: + regex: + description: Regex defines the regular expression to match the + path prefix from the request URL. + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/18.0.17/crds/traefik.containo.us_middlewaretcps.yaml b/enterprise/traefik/18.0.17/crds/traefik.containo.us_middlewaretcps.yaml new file mode 100644 index 0000000000..1f6eec9404 --- /dev/null +++ b/enterprise/traefik/18.0.17/crds/traefik.containo.us_middlewaretcps.yaml @@ -0,0 +1,72 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: middlewaretcps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: MiddlewareTCP + listKind: MiddlewareTCPList + plural: middlewaretcps + singular: middlewaretcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/overview/' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP. + properties: + inFlightConn: + description: InFlightConn defines the InFlightConn middleware configuration. + properties: + amount: + description: Amount defines the maximum amount of allowed simultaneous + connections. The middleware closes the connection if there are + already amount connections opened. + format: int64 + type: integer + type: object + ipWhiteList: + description: IPWhiteList defines the IPWhiteList middleware configuration. + properties: + sourceRange: + description: SourceRange defines the allowed IPs (or ranges of + allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/18.0.17/crds/traefik.containo.us_serverstransports.yaml b/enterprise/traefik/18.0.17/crds/traefik.containo.us_serverstransports.yaml new file mode 100644 index 0000000000..afc0384965 --- /dev/null +++ b/enterprise/traefik/18.0.17/crds/traefik.containo.us_serverstransports.yaml @@ -0,0 +1,128 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: serverstransports.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: ServersTransport + listKind: ServersTransportList + plural: serverstransports + singular: serverstransport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'ServersTransport is the CRD implementation of a ServersTransport. + If no serversTransport is specified, the default@internal will be used. + The default@internal serversTransport is created from the static configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/services/#serverstransport_1' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServersTransportSpec defines the desired state of a ServersTransport. + properties: + certificatesSecrets: + description: CertificatesSecrets defines a list of secret storing + client certificates for mTLS. + items: + type: string + type: array + disableHTTP2: + description: DisableHTTP2 disables HTTP/2 for connections with backend + servers. + type: boolean + forwardingTimeouts: + description: ForwardingTimeouts defines the timeouts for requests + forwarded to the backend servers. + properties: + dialTimeout: + anyOf: + - type: integer + - type: string + description: DialTimeout is the amount of time to wait until a + connection to a backend server can be established. + x-kubernetes-int-or-string: true + idleConnTimeout: + anyOf: + - type: integer + - type: string + description: IdleConnTimeout is the maximum period for which an + idle HTTP keep-alive connection will remain open before closing + itself. + x-kubernetes-int-or-string: true + pingTimeout: + anyOf: + - type: integer + - type: string + description: PingTimeout is the timeout after which the HTTP/2 + connection will be closed if a response to ping is not received. + x-kubernetes-int-or-string: true + readIdleTimeout: + anyOf: + - type: integer + - type: string + description: ReadIdleTimeout is the timeout after which a health + check using ping frame will be carried out if no frame is received + on the HTTP/2 connection. + x-kubernetes-int-or-string: true + responseHeaderTimeout: + anyOf: + - type: integer + - type: string + description: ResponseHeaderTimeout is the amount of time to wait + for a server's response headers after fully writing the request + (including its body, if any). + x-kubernetes-int-or-string: true + type: object + insecureSkipVerify: + description: InsecureSkipVerify disables SSL certificate verification. + type: boolean + maxIdleConnsPerHost: + description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) + to keep per-host. + type: integer + peerCertURI: + description: PeerCertURI defines the peer cert URI used to match against + SAN URI during the peer certificate verification. + type: string + rootCAsSecrets: + description: RootCAsSecrets defines a list of CA secret used to validate + self-signed certificate. + items: + type: string + type: array + serverName: + description: ServerName defines the server name used to contact the + server. + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/18.0.17/crds/traefik.containo.us_tlsoptions.yaml b/enterprise/traefik/18.0.17/crds/traefik.containo.us_tlsoptions.yaml new file mode 100644 index 0000000000..16ea46008b --- /dev/null +++ b/enterprise/traefik/18.0.17/crds/traefik.containo.us_tlsoptions.yaml @@ -0,0 +1,113 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: tlsoptions.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TLSOption + listKind: TLSOptionList + plural: tlsoptions + singular: tlsoption + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TLSOption is the CRD implementation of a Traefik TLS Option, + allowing to configure some parameters of the TLS connection. More info: + https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSOptionSpec defines the desired state of a TLSOption. + properties: + alpnProtocols: + description: 'ALPNProtocols defines the list of supported application + level protocols for the TLS handshake, in order of preference. More + info: https://doc.traefik.io/traefik/v2.9/https/tls/#alpn-protocols' + items: + type: string + type: array + cipherSuites: + description: 'CipherSuites defines the list of supported cipher suites + for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#cipher-suites' + items: + type: string + type: array + clientAuth: + description: ClientAuth defines the server's policy for TLS Client + Authentication. + properties: + clientAuthType: + description: ClientAuthType defines the client authentication + type to apply. + enum: + - NoClientCert + - RequestClientCert + - RequireAnyClientCert + - VerifyClientCertIfGiven + - RequireAndVerifyClientCert + type: string + secretNames: + description: SecretNames defines the names of the referenced Kubernetes + Secret storing certificate details. + items: + type: string + type: array + type: object + curvePreferences: + description: 'CurvePreferences defines the preferred elliptic curves + in a specific order. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#curve-preferences' + items: + type: string + type: array + maxVersion: + description: 'MaxVersion defines the maximum TLS version that Traefik + will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, + VersionTLS13. Default: None.' + type: string + minVersion: + description: 'MinVersion defines the minimum TLS version that Traefik + will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, + VersionTLS13. Default: VersionTLS10.' + type: string + preferServerCipherSuites: + description: 'PreferServerCipherSuites defines whether the server + chooses a cipher suite among his own instead of among the client''s. + It is enabled automatically when minVersion or maxVersion is set. + Deprecated: https://github.com/golang/go/issues/45430' + type: boolean + sniStrict: + description: SniStrict defines whether Traefik allows connections + from clients connections that do not specify a server_name extension. + type: boolean + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/18.0.17/crds/traefik.containo.us_tlsstores.yaml b/enterprise/traefik/18.0.17/crds/traefik.containo.us_tlsstores.yaml new file mode 100644 index 0000000000..f6dfc6c8fb --- /dev/null +++ b/enterprise/traefik/18.0.17/crds/traefik.containo.us_tlsstores.yaml @@ -0,0 +1,99 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: tlsstores.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TLSStore + listKind: TLSStoreList + plural: tlsstores + singular: tlsstore + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For + the time being, only the TLSStore named default is supported. This means + that you cannot have two stores that are named default in different Kubernetes + namespaces. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#certificates-stores' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSStoreSpec defines the desired state of a TLSStore. + properties: + certificates: + description: Certificates is a list of secret names, each secret holding + a key/certificate pair to add to the store. + items: + description: Certificate holds a secret name for the TLSStore resource. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + type: array + defaultCertificate: + description: DefaultCertificate defines the default certificate configuration. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + defaultGeneratedCert: + description: DefaultGeneratedCert defines the default generated certificate + configuration. + properties: + domain: + description: Domain is the domain definition for the DefaultCertificate. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain names. + items: + type: string + type: array + type: object + resolver: + description: Resolver is the name of the resolver that will be + used to issue the DefaultCertificate. + type: string + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/18.0.17/crds/traefik.containo.us_traefikservices.yaml b/enterprise/traefik/18.0.17/crds/traefik.containo.us_traefikservices.yaml new file mode 100644 index 0000000000..358fdc1eab --- /dev/null +++ b/enterprise/traefik/18.0.17/crds/traefik.containo.us_traefikservices.yaml @@ -0,0 +1,381 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: traefikservices.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TraefikService + listKind: TraefikServiceList + plural: traefikservices + singular: traefikservice + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TraefikService is the CRD implementation of a Traefik Service. + TraefikService object allows to: - Apply weight to Services on load-balancing + - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-traefikservice' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TraefikServiceSpec defines the desired state of a TraefikService. + properties: + mirroring: + description: Mirroring defines the Mirroring service configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + maxBodySize: + description: MaxBodySize defines the maximum size allowed for + the body of the request. If the body is larger, the request + is not mirrored. Default value is -1, which means unlimited + size. + format: int64 + type: integer + mirrors: + description: Mirrors defines the list of mirrors where Traefik + will duplicate the traffic. + items: + description: MirrorService holds the mirror configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + percent: + description: 'Percent defines the part of the traffic to + mirror. Supported values: 0 to 100.' + type: integer + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in + milliseconds, in between flushes to the client while + copying the response body. A negative value means + to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes + a response as a streaming response; for such responses, + writes are flushed to the client immediately. Default: + 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between the two + is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + passHostHeader: + description: PassHostHeader defines whether the client Host header + is forwarded to the upstream Kubernetes Service. By default, + passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. This + can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards the + response from the upstream Kubernetes Service to the client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in milliseconds, + in between flushes to the client while copying the response + body. A negative value means to flush immediately after + each write to the client. This configuration is ignored + when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https when + Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport between + Traefik and your servers. Can only be used on a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. More + info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy between + the servers. RoundRobin is the only supported value at the moment. + type: string + weight: + description: Weight defines the weight and should only be specified + when Name references a TraefikService object (and to be precise, + one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + weighted: + description: Weighted defines the Weighted Round Robin configuration. + properties: + services: + description: Services defines the list of Kubernetes Service and/or + TraefikService to load-balance, with weight. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in + milliseconds, in between flushes to the client while + copying the response body. A negative value means + to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes + a response as a streaming response; for such responses, + writes are flushed to the client immediately. Default: + 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + sticky: + description: 'Sticky defines whether sticky sessions are enabled. + More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#stickiness-and-load-balancing' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. More + info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/18.0.17/crds/traefik.io_ingressroutes.yaml b/enterprise/traefik/18.0.17/crds/traefik.io_ingressroutes.yaml new file mode 100644 index 0000000000..89aaee7595 --- /dev/null +++ b/enterprise/traefik/18.0.17/crds/traefik.io_ingressroutes.yaml @@ -0,0 +1,275 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressroutes.traefik.io +spec: + group: traefik.io + names: + kind: IngressRoute + listKind: IngressRouteList + plural: ingressroutes + singular: ingressroute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRoute is the CRD implementation of a Traefik HTTP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteSpec defines the desired state of IngressRoute. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: Route holds the HTTP route configuration. + properties: + kind: + description: Kind defines the kind of the route. Rule is the + only supported kind. + enum: + - Rule + type: string + match: + description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule' + type: string + middlewares: + description: 'Middlewares defines the list of references to + Middleware resources. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-middleware' + items: + description: MiddlewareRef is a reference to a Middleware + resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + priority: + description: 'Priority defines the router''s priority. More + info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority' + type: integer + services: + description: Services defines the list of Service. It can contain + any combination of TraefikService and/or reference to a Kubernetes + Service. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs + or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client + Host header is forwarded to the upstream Kubernetes + Service. By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to + the client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, + in milliseconds, in between flushes to the client + while copying the response body. A negative value + means to flush immediately after each write to the + client. This configuration is ignored when ReverseProxy + recognizes a response as a streaming response; for + such responses, writes are flushed to the client + immediately. Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the + request to the upstream Kubernetes Service. It defaults + to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as + JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie + can only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only + be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round + Robin). + type: integer + required: + - name + type: object + type: array + required: + - kind + - match + type: object + type: array + tls: + description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls' + properties: + certResolver: + description: 'CertResolver defines the name of the certificate + resolver to use. Cert resolvers have to be configured in the + static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers' + type: string + domains: + description: 'Domains defines the list of domains that will be + used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains' + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: 'Options defines the reference to a TLSOption, that + specifies the parameters of the TLS connection. If not defined, + the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' + properties: + name: + description: 'Name defines the name of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption' + type: string + namespace: + description: 'Namespace defines the namespace of the referenced + TLSOption. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption' + type: string + required: + - name + type: object + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: Store defines the reference to the TLSStore, that + will be used to store certificates. Please note that only `default` + TLSStore can be used. + properties: + name: + description: 'Name defines the name of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore' + type: string + namespace: + description: 'Namespace defines the namespace of the referenced + TLSStore. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore' + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/18.0.17/crds/traefik.io_ingressroutetcps.yaml b/enterprise/traefik/18.0.17/crds/traefik.io_ingressroutetcps.yaml new file mode 100644 index 0000000000..82f61ac24f --- /dev/null +++ b/enterprise/traefik/18.0.17/crds/traefik.io_ingressroutetcps.yaml @@ -0,0 +1,218 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressroutetcps.traefik.io +spec: + group: traefik.io + names: + kind: IngressRouteTCP + listKind: IngressRouteTCPList + plural: ingressroutetcps + singular: ingressroutetcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteTCP holds the TCP route configuration. + properties: + match: + description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule_1' + type: string + middlewares: + description: Middlewares defines the list of references to MiddlewareTCP + resources. + items: + description: ObjectReference is a generic reference to a Traefik + resource. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: array + priority: + description: 'Priority defines the router''s priority. More + info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority_1' + type: integer + services: + description: Services defines the list of TCP services. + items: + description: ServiceTCP defines an upstream TCP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs + or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + proxyProtocol: + description: 'ProxyProtocol defines the PROXY protocol + configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/services/#proxy-protocol' + properties: + version: + description: Version defines the PROXY Protocol version + to use. + type: integer + type: object + terminationDelay: + description: TerminationDelay defines the deadline that + the proxy sets, after one of its connected peers indicates + it has closed the writing capability of its connection, + to close the reading capability as well, hence fully + terminating the connection. It is a duration in milliseconds, + defaulting to 100. A negative value means an infinite + deadline (i.e. the reading capability is never closed). + type: integer + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + required: + - match + type: object + type: array + tls: + description: 'TLS defines the TLS configuration on a layer 4 / TCP + Route. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls_1' + properties: + certResolver: + description: 'CertResolver defines the name of the certificate + resolver to use. Cert resolvers have to be configured in the + static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers' + type: string + domains: + description: 'Domains defines the list of domains that will be + used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains' + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: 'Options defines the reference to a TLSOption, that + specifies the parameters of the TLS connection. If not defined, + the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + passthrough: + description: Passthrough defines whether a TLS router will terminate + the TLS connection. + type: boolean + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: Store defines the reference to the TLSStore, that + will be used to store certificates. Please note that only `default` + TLSStore can be used. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/18.0.17/crds/traefik.io_ingressrouteudps.yaml b/enterprise/traefik/18.0.17/crds/traefik.io_ingressrouteudps.yaml new file mode 100644 index 0000000000..27c50185d0 --- /dev/null +++ b/enterprise/traefik/18.0.17/crds/traefik.io_ingressrouteudps.yaml @@ -0,0 +1,105 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressrouteudps.traefik.io +spec: + group: traefik.io + names: + kind: IngressRouteUDP + listKind: IngressRouteUDPList + plural: ingressrouteudps + singular: ingressrouteudp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteUDP holds the UDP route configuration. + properties: + services: + description: Services defines the list of UDP services. + items: + description: ServiceUDP defines an upstream UDP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs + or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + type: object + type: array + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/18.0.17/crds/traefik.io_middlewares.yaml b/enterprise/traefik/18.0.17/crds/traefik.io_middlewares.yaml new file mode 100644 index 0000000000..5a4dc3640f --- /dev/null +++ b/enterprise/traefik/18.0.17/crds/traefik.io_middlewares.yaml @@ -0,0 +1,924 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: middlewares.traefik.io +spec: + group: traefik.io + names: + kind: Middleware + listKind: MiddlewareList + plural: middlewares + singular: middleware + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'Middleware is the CRD implementation of a Traefik Middleware. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/overview/' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MiddlewareSpec defines the desired state of a Middleware. + properties: + addPrefix: + description: 'AddPrefix holds the add prefix middleware configuration. + This middleware updates the path of a request before forwarding + it. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/addprefix/' + properties: + prefix: + description: Prefix is the string to add before the current path + in the requested URL. It should include a leading slash (/). + type: string + type: object + basicAuth: + description: 'BasicAuth holds the basic auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/' + properties: + headerField: + description: 'HeaderField defines a header field to store the + authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield' + type: string + realm: + description: 'Realm allows the protected resources on a server + to be partitioned into a set of protection spaces, each with + its own authentication scheme. Default: traefik.' + type: string + removeHeader: + description: 'RemoveHeader sets the removeHeader option to true + to remove the authorization header before forwarding the request + to your service. Default: false.' + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + buffering: + description: 'Buffering holds the buffering middleware configuration. + This middleware retries or limits the size of requests that can + be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#maxrequestbodybytes' + properties: + maxRequestBodyBytes: + description: 'MaxRequestBodyBytes defines the maximum allowed + body size for the request (in bytes). If the request exceeds + the allowed size, it is not forwarded to the service, and the + client gets a 413 (Request Entity Too Large) response. Default: + 0 (no maximum).' + format: int64 + type: integer + maxResponseBodyBytes: + description: 'MaxResponseBodyBytes defines the maximum allowed + response size from the service (in bytes). If the response exceeds + the allowed size, it is not forwarded to the client. The client + gets a 500 (Internal Server Error) response instead. Default: + 0 (no maximum).' + format: int64 + type: integer + memRequestBodyBytes: + description: 'MemRequestBodyBytes defines the threshold (in bytes) + from which the request will be buffered on disk instead of in + memory. Default: 1048576 (1Mi).' + format: int64 + type: integer + memResponseBodyBytes: + description: 'MemResponseBodyBytes defines the threshold (in bytes) + from which the response will be buffered on disk instead of + in memory. Default: 1048576 (1Mi).' + format: int64 + type: integer + retryExpression: + description: 'RetryExpression defines the retry conditions. It + is a logical combination of functions with operators AND (&&) + and OR (||). More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#retryexpression' + type: string + type: object + chain: + description: 'Chain holds the configuration of the chain middleware. + This middleware enables to define reusable combinations of other + pieces of middleware. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/chain/' + properties: + middlewares: + description: Middlewares is the list of MiddlewareRef which composes + the chain. + items: + description: MiddlewareRef is a reference to a Middleware resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + type: object + circuitBreaker: + description: CircuitBreaker holds the circuit breaker configuration. + properties: + checkPeriod: + anyOf: + - type: integer + - type: string + description: CheckPeriod is the interval between successive checks + of the circuit breaker condition (when in standby state). + x-kubernetes-int-or-string: true + expression: + description: Expression is the condition that triggers the tripped + state. + type: string + fallbackDuration: + anyOf: + - type: integer + - type: string + description: FallbackDuration is the duration for which the circuit + breaker will wait before trying to recover (from a tripped state). + x-kubernetes-int-or-string: true + recoveryDuration: + anyOf: + - type: integer + - type: string + description: RecoveryDuration is the duration for which the circuit + breaker will try to recover (as soon as it is in recovering + state). + x-kubernetes-int-or-string: true + type: object + compress: + description: 'Compress holds the compress middleware configuration. + This middleware compresses responses before sending them to the + client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/compress/' + properties: + excludedContentTypes: + description: ExcludedContentTypes defines the list of content + types to compare the Content-Type header of the incoming requests + and responses before compressing. + items: + type: string + type: array + minResponseBodyBytes: + description: 'MinResponseBodyBytes defines the minimum amount + of bytes a response body must have to be compressed. Default: + 1024.' + type: integer + type: object + contentType: + description: ContentType holds the content-type middleware configuration. + This middleware exists to enable the correct behavior until at least + the default one can be changed in a future version. + properties: + autoDetect: + description: AutoDetect specifies whether to let the `Content-Type` + header, if it has not been set by the backend, be automatically + set to a value derived from the contents of the response. As + a proxy, the default behavior should be to leave the header + alone, regardless of what the backend did with it. However, + the historic default was to always auto-detect and set the header + if it was nil, and it is going to be kept that way in order + to support users currently relying on it. + type: boolean + type: object + digestAuth: + description: 'DigestAuth holds the digest auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/digestauth/' + properties: + headerField: + description: 'HeaderField defines a header field to store the + authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield' + type: string + realm: + description: 'Realm allows the protected resources on a server + to be partitioned into a set of protection spaces, each with + its own authentication scheme. Default: traefik.' + type: string + removeHeader: + description: RemoveHeader defines whether to remove the authorization + header before forwarding the request to the backend. + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + errors: + description: 'ErrorPage holds the custom error middleware configuration. + This middleware returns a custom page in lieu of the default, according + to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/' + properties: + query: + description: Query defines the URL for the error page (hosted + by service). The {status} variable can be used in order to insert + the status code in the URL. + type: string + service: + description: 'Service defines the reference to a Kubernetes Service + that will serve the error page. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/#service' + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between the + two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if + the only child is the Kubernetes Service clusterIP. The + Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in milliseconds, + in between flushes to the client while copying the response + body. A negative value means to flush immediately after + each write to the client. This configuration is ignored + when ReverseProxy recognizes a response as a streaming + response; for such responses, writes are flushed to + the client immediately. Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport between + Traefik and your servers. Can only be used on a Kubernetes + Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can + be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported value + at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object (and + to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + status: + description: Status defines which status or range of statuses + should result in an error page. It can be either a status code + as a number (500), as multiple comma-separated numbers (500,502), + as ranges by separating two codes with a dash (500-599), or + a combination of the two (404,418,500-599). + items: + type: string + type: array + type: object + forwardAuth: + description: 'ForwardAuth holds the forward auth middleware configuration. + This middleware delegates the request authentication to a Service. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/' + properties: + address: + description: Address defines the authentication server address. + type: string + authRequestHeaders: + description: AuthRequestHeaders defines the list of the headers + to copy from the request to the authentication server. If not + set or empty then all request headers are passed. + items: + type: string + type: array + authResponseHeaders: + description: AuthResponseHeaders defines the list of headers to + copy from the authentication server response and set on forwarded + request, replacing any existing conflicting headers. + items: + type: string + type: array + authResponseHeadersRegex: + description: 'AuthResponseHeadersRegex defines the regex to match + headers to copy from the authentication server response and + set on forwarded request, after stripping all headers that match + the regex. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/#authresponseheadersregex' + type: string + tls: + description: TLS defines the configuration used to secure the + connection to the authentication server. + properties: + caOptional: + type: boolean + caSecret: + description: CASecret is the name of the referenced Kubernetes + Secret containing the CA to validate the server certificate. + The CA certificate is extracted from key `tls.ca` or `ca.crt`. + type: string + certSecret: + description: CertSecret is the name of the referenced Kubernetes + Secret containing the client certificate. The client certificate + is extracted from the keys `tls.crt` and `tls.key`. + type: string + insecureSkipVerify: + description: InsecureSkipVerify defines whether the server + certificates should be validated. + type: boolean + type: object + trustForwardHeader: + description: 'TrustForwardHeader defines whether to trust (ie: + forward) all X-Forwarded-* headers.' + type: boolean + type: object + headers: + description: 'Headers holds the headers middleware configuration. + This middleware manages the requests and responses headers. More + info: https://doc.traefik.io/traefik/v2.10/middlewares/http/headers/#customrequestheaders' + properties: + accessControlAllowCredentials: + description: AccessControlAllowCredentials defines whether the + request can include user credentials. + type: boolean + accessControlAllowHeaders: + description: AccessControlAllowHeaders defines the Access-Control-Request-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlAllowMethods: + description: AccessControlAllowMethods defines the Access-Control-Request-Method + values sent in preflight response. + items: + type: string + type: array + accessControlAllowOriginList: + description: AccessControlAllowOriginList is a list of allowable + origins. Can also be a wildcard origin "*". + items: + type: string + type: array + accessControlAllowOriginListRegex: + description: AccessControlAllowOriginListRegex is a list of allowable + origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/). + items: + type: string + type: array + accessControlExposeHeaders: + description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlMaxAge: + description: AccessControlMaxAge defines the time that a preflight + request may be cached. + format: int64 + type: integer + addVaryHeader: + description: AddVaryHeader defines whether the Vary header is + automatically added/updated when the AccessControlAllowOriginList + is set. + type: boolean + allowedHosts: + description: AllowedHosts defines the fully qualified list of + allowed domain names. + items: + type: string + type: array + browserXssFilter: + description: BrowserXSSFilter defines whether to add the X-XSS-Protection + header with the value 1; mode=block. + type: boolean + contentSecurityPolicy: + description: ContentSecurityPolicy defines the Content-Security-Policy + header value. + type: string + contentTypeNosniff: + description: ContentTypeNosniff defines whether to add the X-Content-Type-Options + header with the nosniff value. + type: boolean + customBrowserXSSValue: + description: CustomBrowserXSSValue defines the X-XSS-Protection + header value. This overrides the BrowserXssFilter option. + type: string + customFrameOptionsValue: + description: CustomFrameOptionsValue defines the X-Frame-Options + header value. This overrides the FrameDeny option. + type: string + customRequestHeaders: + additionalProperties: + type: string + description: CustomRequestHeaders defines the header names and + values to apply to the request. + type: object + customResponseHeaders: + additionalProperties: + type: string + description: CustomResponseHeaders defines the header names and + values to apply to the response. + type: object + featurePolicy: + description: 'Deprecated: use PermissionsPolicy instead.' + type: string + forceSTSHeader: + description: ForceSTSHeader defines whether to add the STS header + even when the connection is HTTP. + type: boolean + frameDeny: + description: FrameDeny defines whether to add the X-Frame-Options + header with the DENY value. + type: boolean + hostsProxyHeaders: + description: HostsProxyHeaders defines the header keys that may + hold a proxied hostname value for the request. + items: + type: string + type: array + isDevelopment: + description: IsDevelopment defines whether to mitigate the unwanted + effects of the AllowedHosts, SSL, and STS options when developing. + Usually testing takes place using HTTP, not HTTPS, and on localhost, + not your production domain. If you would like your development + environment to mimic production with complete Host blocking, + SSL redirects, and STS headers, leave this as false. + type: boolean + permissionsPolicy: + description: PermissionsPolicy defines the Permissions-Policy + header value. This allows sites to control browser features. + type: string + publicKey: + description: PublicKey is the public key that implements HPKP + to prevent MITM attacks with forged certificates. + type: string + referrerPolicy: + description: ReferrerPolicy defines the Referrer-Policy header + value. This allows sites to control whether browsers forward + the Referer header to other sites. + type: string + sslForceHost: + description: 'Deprecated: use RedirectRegex instead.' + type: boolean + sslHost: + description: 'Deprecated: use RedirectRegex instead.' + type: string + sslProxyHeaders: + additionalProperties: + type: string + description: 'SSLProxyHeaders defines the header keys with associated + values that would indicate a valid HTTPS request. It can be + useful when using other proxies (example: "X-Forwarded-Proto": + "https").' + type: object + sslRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + sslTemporaryRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + stsIncludeSubdomains: + description: STSIncludeSubdomains defines whether the includeSubDomains + directive is appended to the Strict-Transport-Security header. + type: boolean + stsPreload: + description: STSPreload defines whether the preload flag is appended + to the Strict-Transport-Security header. + type: boolean + stsSeconds: + description: STSSeconds defines the max-age of the Strict-Transport-Security + header. If set to 0, the header is not set. + format: int64 + type: integer + type: object + inFlightReq: + description: 'InFlightReq holds the in-flight request middleware configuration. + This middleware limits the number of requests being processed and + served concurrently. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/' + properties: + amount: + description: Amount defines the maximum amount of allowed simultaneous + in-flight request. The middleware responds with HTTP 429 Too + Many Requests if there are already amount requests in progress + (based on the same sourceCriterion strategy). + format: int64 + type: integer + sourceCriterion: + description: 'SourceCriterion defines what criterion is used to + group requests as originating from a common source. If several + strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the requestHost. More + info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/#sourcecriterion' + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + ipWhiteList: + description: 'IPWhiteList holds the IP whitelist middleware configuration. + This middleware accepts / refuses requests based on the client IP. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/' + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration used + by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position (starting + from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the X-Forwarded-For + header and select the first IP not in the list. + items: + type: string + type: array + type: object + sourceRange: + description: SourceRange defines the set of allowed IPs (or ranges + of allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + passTLSClientCert: + description: 'PassTLSClientCert holds the pass TLS client cert middleware + configuration. This middleware adds the selected data from the passed + client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/passtlsclientcert/' + properties: + info: + description: Info selects the specific client certificate details + you want to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + issuer: + description: Issuer defines the client certificate issuer + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the issuer. + type: boolean + country: + description: Country defines whether to add the country + information into the issuer. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the issuer. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the issuer. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the issuer. + type: boolean + province: + description: Province defines whether to add the province + information into the issuer. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the issuer. + type: boolean + type: object + notAfter: + description: NotAfter defines whether to add the Not After + information from the Validity part. + type: boolean + notBefore: + description: NotBefore defines whether to add the Not Before + information from the Validity part. + type: boolean + sans: + description: Sans defines whether to add the Subject Alternative + Name information from the Subject Alternative Name part. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the client + serialNumber information. + type: boolean + subject: + description: Subject defines the client certificate subject + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the subject. + type: boolean + country: + description: Country defines whether to add the country + information into the subject. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the subject. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the subject. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the subject. + type: boolean + organizationalUnit: + description: OrganizationalUnit defines whether to add + the organizationalUnit information into the subject. + type: boolean + province: + description: Province defines whether to add the province + information into the subject. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the subject. + type: boolean + type: object + type: object + pem: + description: PEM sets the X-Forwarded-Tls-Client-Cert header with + the certificate. + type: boolean + type: object + plugin: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Plugin defines the middleware plugin configuration. + More info: https://doc.traefik.io/traefik/plugins/' + type: object + rateLimit: + description: 'RateLimit holds the rate limit configuration. This middleware + ensures that services will receive a fair amount of requests, and + allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ratelimit/' + properties: + average: + description: Average is the maximum rate, by default in requests/s, + allowed for the given source. It defaults to 0, which means + no rate limiting. The rate is actually defined by dividing Average + by Period. So for a rate below 1req/s, one needs to define a + Period larger than a second. + format: int64 + type: integer + burst: + description: Burst is the maximum number of requests allowed to + arrive in the same arbitrarily small period of time. It defaults + to 1. + format: int64 + type: integer + period: + anyOf: + - type: integer + - type: string + description: 'Period, in combination with Average, defines the + actual maximum rate, such as: r = Average / Period. It defaults + to a second.' + x-kubernetes-int-or-string: true + sourceCriterion: + description: SourceCriterion defines what criterion is used to + group requests as originating from a common source. If several + strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the request's remote + address field (as an ipStrategy). + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + redirectRegex: + description: 'RedirectRegex holds the redirect regex middleware configuration. + This middleware redirects a request using regex matching and replacement. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectregex/#regex' + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + regex: + description: Regex defines the regex used to match and capture + elements from the request URL. + type: string + replacement: + description: Replacement defines how to modify the URL to have + the new target URL. + type: string + type: object + redirectScheme: + description: 'RedirectScheme holds the redirect scheme middleware + configuration. This middleware redirects requests from a scheme/port + to another. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectscheme/' + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + port: + description: Port defines the port of the new URL. + type: string + scheme: + description: Scheme defines the scheme of the new URL. + type: string + type: object + replacePath: + description: 'ReplacePath holds the replace path middleware configuration. + This middleware replaces the path of the request URL and store the + original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepath/' + properties: + path: + description: Path defines the path to use as replacement in the + request URL. + type: string + type: object + replacePathRegex: + description: 'ReplacePathRegex holds the replace path regex middleware + configuration. This middleware replaces the path of a URL using + regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepathregex/' + properties: + regex: + description: Regex defines the regular expression used to match + and capture the path from the request URL. + type: string + replacement: + description: Replacement defines the replacement path format, + which can include captured variables. + type: string + type: object + retry: + description: 'Retry holds the retry middleware configuration. This + middleware reissues requests a given number of times to a backend + server if that server does not reply. As soon as the server answers, + the middleware stops retrying, regardless of the response status. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/retry/' + properties: + attempts: + description: Attempts defines how many times the request should + be retried. + type: integer + initialInterval: + anyOf: + - type: integer + - type: string + description: InitialInterval defines the first wait time in the + exponential backoff series. The maximum interval is calculated + as twice the initialInterval. If unspecified, requests will + be retried immediately. The value of initialInterval should + be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration. + x-kubernetes-int-or-string: true + type: object + stripPrefix: + description: 'StripPrefix holds the strip prefix middleware configuration. + This middleware removes the specified prefixes from the URL path. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefix/' + properties: + forceSlash: + description: 'ForceSlash ensures that the resulting stripped path + is not the empty string, by replacing it with / when necessary. + Default: true.' + type: boolean + prefixes: + description: Prefixes defines the prefixes to strip from the request + URL. + items: + type: string + type: array + type: object + stripPrefixRegex: + description: 'StripPrefixRegex holds the strip prefix regex middleware + configuration. This middleware removes the matching prefixes from + the URL path. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefixregex/' + properties: + regex: + description: Regex defines the regular expression to match the + path prefix from the request URL. + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/18.0.17/crds/traefik.io_middlewaretcps.yaml b/enterprise/traefik/18.0.17/crds/traefik.io_middlewaretcps.yaml new file mode 100644 index 0000000000..8623568f5b --- /dev/null +++ b/enterprise/traefik/18.0.17/crds/traefik.io_middlewaretcps.yaml @@ -0,0 +1,72 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: middlewaretcps.traefik.io +spec: + group: traefik.io + names: + kind: MiddlewareTCP + listKind: MiddlewareTCPList + plural: middlewaretcps + singular: middlewaretcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/overview/' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP. + properties: + inFlightConn: + description: InFlightConn defines the InFlightConn middleware configuration. + properties: + amount: + description: Amount defines the maximum amount of allowed simultaneous + connections. The middleware closes the connection if there are + already amount connections opened. + format: int64 + type: integer + type: object + ipWhiteList: + description: IPWhiteList defines the IPWhiteList middleware configuration. + properties: + sourceRange: + description: SourceRange defines the allowed IPs (or ranges of + allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/18.0.17/crds/traefik.io_serverstransports.yaml b/enterprise/traefik/18.0.17/crds/traefik.io_serverstransports.yaml new file mode 100644 index 0000000000..803b56395a --- /dev/null +++ b/enterprise/traefik/18.0.17/crds/traefik.io_serverstransports.yaml @@ -0,0 +1,128 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: serverstransports.traefik.io +spec: + group: traefik.io + names: + kind: ServersTransport + listKind: ServersTransportList + plural: serverstransports + singular: serverstransport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'ServersTransport is the CRD implementation of a ServersTransport. + If no serversTransport is specified, the default@internal will be used. + The default@internal serversTransport is created from the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#serverstransport_1' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServersTransportSpec defines the desired state of a ServersTransport. + properties: + certificatesSecrets: + description: CertificatesSecrets defines a list of secret storing + client certificates for mTLS. + items: + type: string + type: array + disableHTTP2: + description: DisableHTTP2 disables HTTP/2 for connections with backend + servers. + type: boolean + forwardingTimeouts: + description: ForwardingTimeouts defines the timeouts for requests + forwarded to the backend servers. + properties: + dialTimeout: + anyOf: + - type: integer + - type: string + description: DialTimeout is the amount of time to wait until a + connection to a backend server can be established. + x-kubernetes-int-or-string: true + idleConnTimeout: + anyOf: + - type: integer + - type: string + description: IdleConnTimeout is the maximum period for which an + idle HTTP keep-alive connection will remain open before closing + itself. + x-kubernetes-int-or-string: true + pingTimeout: + anyOf: + - type: integer + - type: string + description: PingTimeout is the timeout after which the HTTP/2 + connection will be closed if a response to ping is not received. + x-kubernetes-int-or-string: true + readIdleTimeout: + anyOf: + - type: integer + - type: string + description: ReadIdleTimeout is the timeout after which a health + check using ping frame will be carried out if no frame is received + on the HTTP/2 connection. + x-kubernetes-int-or-string: true + responseHeaderTimeout: + anyOf: + - type: integer + - type: string + description: ResponseHeaderTimeout is the amount of time to wait + for a server's response headers after fully writing the request + (including its body, if any). + x-kubernetes-int-or-string: true + type: object + insecureSkipVerify: + description: InsecureSkipVerify disables SSL certificate verification. + type: boolean + maxIdleConnsPerHost: + description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) + to keep per-host. + type: integer + peerCertURI: + description: PeerCertURI defines the peer cert URI used to match against + SAN URI during the peer certificate verification. + type: string + rootCAsSecrets: + description: RootCAsSecrets defines a list of CA secret used to validate + self-signed certificate. + items: + type: string + type: array + serverName: + description: ServerName defines the server name used to contact the + server. + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/18.0.17/crds/traefik.io_tlsoptions.yaml b/enterprise/traefik/18.0.17/crds/traefik.io_tlsoptions.yaml new file mode 100644 index 0000000000..b86fefe0e9 --- /dev/null +++ b/enterprise/traefik/18.0.17/crds/traefik.io_tlsoptions.yaml @@ -0,0 +1,113 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: tlsoptions.traefik.io +spec: + group: traefik.io + names: + kind: TLSOption + listKind: TLSOptionList + plural: tlsoptions + singular: tlsoption + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TLSOption is the CRD implementation of a Traefik TLS Option, + allowing to configure some parameters of the TLS connection. More info: + https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSOptionSpec defines the desired state of a TLSOption. + properties: + alpnProtocols: + description: 'ALPNProtocols defines the list of supported application + level protocols for the TLS handshake, in order of preference. More + info: https://doc.traefik.io/traefik/v2.10/https/tls/#alpn-protocols' + items: + type: string + type: array + cipherSuites: + description: 'CipherSuites defines the list of supported cipher suites + for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#cipher-suites' + items: + type: string + type: array + clientAuth: + description: ClientAuth defines the server's policy for TLS Client + Authentication. + properties: + clientAuthType: + description: ClientAuthType defines the client authentication + type to apply. + enum: + - NoClientCert + - RequestClientCert + - RequireAnyClientCert + - VerifyClientCertIfGiven + - RequireAndVerifyClientCert + type: string + secretNames: + description: SecretNames defines the names of the referenced Kubernetes + Secret storing certificate details. + items: + type: string + type: array + type: object + curvePreferences: + description: 'CurvePreferences defines the preferred elliptic curves + in a specific order. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#curve-preferences' + items: + type: string + type: array + maxVersion: + description: 'MaxVersion defines the maximum TLS version that Traefik + will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, + VersionTLS13. Default: None.' + type: string + minVersion: + description: 'MinVersion defines the minimum TLS version that Traefik + will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, + VersionTLS13. Default: VersionTLS10.' + type: string + preferServerCipherSuites: + description: 'PreferServerCipherSuites defines whether the server + chooses a cipher suite among his own instead of among the client''s. + It is enabled automatically when minVersion or maxVersion is set. + Deprecated: https://github.com/golang/go/issues/45430' + type: boolean + sniStrict: + description: SniStrict defines whether Traefik allows connections + from clients connections that do not specify a server_name extension. + type: boolean + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/18.0.17/crds/traefik.io_tlsstores.yaml b/enterprise/traefik/18.0.17/crds/traefik.io_tlsstores.yaml new file mode 100644 index 0000000000..47b46854c8 --- /dev/null +++ b/enterprise/traefik/18.0.17/crds/traefik.io_tlsstores.yaml @@ -0,0 +1,99 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: tlsstores.traefik.io +spec: + group: traefik.io + names: + kind: TLSStore + listKind: TLSStoreList + plural: tlsstores + singular: tlsstore + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For + the time being, only the TLSStore named default is supported. This means + that you cannot have two stores that are named default in different Kubernetes + namespaces. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#certificates-stores' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSStoreSpec defines the desired state of a TLSStore. + properties: + certificates: + description: Certificates is a list of secret names, each secret holding + a key/certificate pair to add to the store. + items: + description: Certificate holds a secret name for the TLSStore resource. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + type: array + defaultCertificate: + description: DefaultCertificate defines the default certificate configuration. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + defaultGeneratedCert: + description: DefaultGeneratedCert defines the default generated certificate + configuration. + properties: + domain: + description: Domain is the domain definition for the DefaultCertificate. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain names. + items: + type: string + type: array + type: object + resolver: + description: Resolver is the name of the resolver that will be + used to issue the DefaultCertificate. + type: string + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/18.0.17/crds/traefik.io_traefikservices.yaml b/enterprise/traefik/18.0.17/crds/traefik.io_traefikservices.yaml new file mode 100644 index 0000000000..0f3475bda4 --- /dev/null +++ b/enterprise/traefik/18.0.17/crds/traefik.io_traefikservices.yaml @@ -0,0 +1,402 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: traefikservices.traefik.io +spec: + group: traefik.io + names: + kind: TraefikService + listKind: TraefikServiceList + plural: traefikservices + singular: traefikservice + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TraefikService is the CRD implementation of a Traefik Service. + TraefikService object allows to: - Apply weight to Services on load-balancing + - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-traefikservice' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TraefikServiceSpec defines the desired state of a TraefikService. + properties: + mirroring: + description: Mirroring defines the Mirroring service configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + maxBodySize: + description: MaxBodySize defines the maximum size allowed for + the body of the request. If the body is larger, the request + is not mirrored. Default value is -1, which means unlimited + size. + format: int64 + type: integer + mirrors: + description: Mirrors defines the list of mirrors where Traefik + will duplicate the traffic. + items: + description: MirrorService holds the mirror configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or + if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + percent: + description: 'Percent defines the part of the traffic to + mirror. Supported values: 0 to 100.' + type: integer + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in + milliseconds, in between flushes to the client while + copying the response body. A negative value means + to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes + a response as a streaming response; for such responses, + writes are flushed to the client immediately. Default: + 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between the two + is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the + only child is the Kubernetes Service clusterIP. The Kubernetes + Service itself does load-balance to the pods. By default, NativeLB + is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host header + is forwarded to the upstream Kubernetes Service. By default, + passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. This + can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards the + response from the upstream Kubernetes Service to the client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in milliseconds, + in between flushes to the client while copying the response + body. A negative value means to flush immediately after + each write to the client. This configuration is ignored + when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https when + Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport between + Traefik and your servers. Can only be used on a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. More + info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy between + the servers. RoundRobin is the only supported value at the moment. + type: string + weight: + description: Weight defines the weight and should only be specified + when Name references a TraefikService object (and to be precise, + one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + weighted: + description: Weighted defines the Weighted Round Robin configuration. + properties: + services: + description: Services defines the list of Kubernetes Service and/or + TraefikService to load-balance, with weight. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or + if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in + milliseconds, in between flushes to the client while + copying the response body. A negative value means + to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes + a response as a streaming response; for such responses, + writes are flushed to the client immediately. Default: + 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + sticky: + description: 'Sticky defines whether sticky sessions are enabled. + More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#stickiness-and-load-balancing' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. More + info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/18.0.17/ix_values.yaml b/enterprise/traefik/18.0.17/ix_values.yaml new file mode 100644 index 0000000000..1a294f81ce --- /dev/null +++ b/enterprise/traefik/18.0.17/ix_values.yaml @@ -0,0 +1,416 @@ +image: + repository: tccr.io/truecharts/traefik + tag: 2.10.1@sha256:049aece2d3e7eddabed1e2e4c4bd03ceba372d3b9f461386b262b6cb69369fcf + pullPolicy: IfNotPresent +manifestManager: + enabled: true +workload: + main: + replicas: 2 + strategy: RollingUpdate + podSpec: + containers: + main: + args: [] + probes: + # -- Liveness probe configuration + # @default -- See below + liveness: + # -- sets the probe type when not using a custom probe + # @default -- "TCP" + type: tcp + # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used + # @default -- "/" + # path: "/ping" + + # -- Redainess probe configuration + # @default -- See below + readiness: + # -- sets the probe type when not using a custom probe + # @default -- "TCP" + type: tcp + # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used + # @default -- "/" + # path: "/ping" + + # -- Startup probe configuration + # @default -- See below + startup: + # -- sets the probe type when not using a custom probe + # @default -- "TCP" + type: tcp + # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used + # @default -- "/" + # path: "/ping" + +# -- Options for all pods +# Can be overruled per pod +podOptions: + automountServiceAccountToken: true + +# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x +ingressClass: + # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12 + enabled: false + isDefaultClass: false + # Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1" + fallbackApiVersion: "" + +# -- Create an IngressRoute for the dashboard +ingressRoute: + dashboard: + enabled: true + # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) + annotations: {} + # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels) + labels: {} +# +# -- Configure providers +providers: + kubernetesCRD: + enabled: true + namespaces: + [] + # - "default" + kubernetesIngress: + enabled: true + # labelSelector: environment=production,method=traefik + namespaces: + [] + # - "default" + # IP used for Kubernetes Ingress endpoints + publishedService: + enabled: true + # Published Kubernetes Service to copy status from. Format: namespace/servicename + # By default this Traefik service + # pathOverride: "" + +# -- Logs +# https://docs.traefik.io/observability/logs/ +logs: + # Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on). + general: + # By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. + level: ERROR + # -- Set the format of General Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/logs/#format + format: common + access: + # To enable access logs + enabled: false + # To write the logs in an asynchronous fashion, specify a bufferingSize option. + # This option represents the number of log lines Traefik will keep in memory before writing + # them to the selected output. In some cases, this option can greatly help performances. + # bufferingSize: 100 + # Filtering https://docs.traefik.io/observability/access-logs/#filtering + filters: + {} + # statuscodes: "200,300-302" + # retryattempts: true + # minduration: 10ms + # Fields + # https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers + fields: + general: + defaultmode: keep + names: + {} + # Examples: + # ClientUsername: drop + headers: + defaultmode: drop + names: + {} + # Examples: + # User-Agent: redact + # Authorization: drop + # Content-Type: keep + # -- Set the format of Access Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/access-logs/#format + format: common + +metrics: + main: + enabled: false + type: servicemonitor + endpoints: + - port: metrics + path: /metrics + targetSelector: metrics + +globalArguments: + - "--global.checknewversion" + +## +# -- Additional arguments to be passed at Traefik's binary +# All available options available on https://docs.traefik.io/reference/static-configuration/cli/ +## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"` +additionalArguments: + - "--serverstransport.insecureskipverify=true" + - "--providers.kubernetesingress.allowexternalnameservices=true" + +# -- TLS Options to be created as TLSOption CRDs +# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options +# Example: +tlsOptions: + default: + sniStrict: false + minVersion: VersionTLS12 + curvePreferences: + - CurveP521 + - CurveP384 + cipherSuites: + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + +# -- Options for the main traefik service, where the entrypoints traffic comes from +# from. +service: + main: + type: LoadBalancer + ports: + main: + port: 9000 + targetPort: 9000 + protocol: http + # -- Forwarded Headers should never be enabled on Main entrypoint + forwardedHeaders: + enabled: false + # -- Proxy Protocol should never be enabled on Main entrypoint + proxyProtocol: + enabled: false + tcp: + enabled: true + type: LoadBalancer + ports: + web: + enabled: true + port: 9080 + protocol: http + redirectTo: websecure + # Options: Empty, 0 (ingore), or positive int + # redirectPort: + # -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support + forwardedHeaders: + enabled: false + # -- List of trusted IP and CIDR references + trustedIPs: [] + # -- Trust all forwarded headers + insecureMode: false + # -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support + proxyProtocol: + enabled: false + # -- Only IPs in trustedIPs will lead to remote client address replacement + trustedIPs: [] + # -- Trust every incoming connection + insecureMode: false + websecure: + enabled: true + port: 9443 + protocol: https + # -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support + forwardedHeaders: + enabled: false + # -- List of trusted IP and CIDR references + trustedIPs: [] + # -- Trust all forwarded headers + insecureMode: false + # -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support + proxyProtocol: + enabled: false + # -- Only IPs in trustedIPs will lead to remote client address replacement + trustedIPs: [] + # -- Trust every incoming connection + insecureMode: false + # tcpexample: + # enabled: true + # targetPort: 9443 + # protocol: tcp + # tls: + # enabled: false + # # this is the name of a TLSOption definition + # options: "" + # certResolver: "" + # domains: [] + # # - main: example.com + # # sans: + # # - foo.example.com + # # - bar.example.com + metrics: + enabled: true + type: ClusterIP + ports: + metrics: + enabled: true + port: 9180 + targetPort: 9180 + protocol: http + # -- Forwarded Headers should never be enabled on Metrics entrypoint + forwardedHeaders: + enabled: false + # -- Proxy Protocol should never be enabled on Metrics entrypoint + proxyProtocol: + enabled: false + # udp: + # enabled: false + +# -- Whether Role Based Access Control objects like roles and rolebindings should be created +rbac: + main: + enabled: true + primary: true + clusterWide: true + rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - traefik.containo.us + - traefik.io + resources: + - middlewares + - middlewaretcps + - ingressroutes + - traefikservices + - ingressroutetcps + - ingressrouteudps + - tlsoptions + - tlsstores + - serverstransports + verbs: + - get + - list + - watch + +# -- The service account the pods will use to interact with the Kubernetes API +serviceAccount: + main: + enabled: true + primary: true + +# -- SCALE Middleware Handlers +middlewares: + basicAuth: [] + # - name: basicauthexample + # users: + # - username: testuser + # password: testpassword + forwardAuth: [] + # - name: forwardAuthexample + # address: https://auth.example.com/ + # authResponseHeaders: + # - X-Secret + # - X-Auth-User + # authRequestHeaders: + # - "Accept" + # - "X-CustomHeader" + # authResponseHeadersRegex: "^X-" + # trustForwardHeader: true + chain: [] + # - name: chainname + # middlewares: + # - name: compress + redirectScheme: [] + # - name: redirectSchemeName + # scheme: https + # permanent: true + rateLimit: [] + # - name: rateLimitName + # average: 300 + # burst: 200 + redirectRegex: [] + # - name: redirectRegexName + # regex: putregexhere + # replacement: replacementurlhere + # permanent: false + stripPrefixRegex: [] + # - name: stripPrefixRegexName + # regex: [] + ipWhiteList: [] + # - name: ipWhiteListName + # sourceRange: [] + # ipStrategy: + # depth: 2 + # excludedIPs: [] + themeParkVersion: v1.3.0 + themePark: [] + # - name: themeParkName + # -- Supported apps, lower case name + # -- https://docs.theme-park.dev/themes + # app: appnamehere + # -- Supported themes, lower case name + # -- https://docs.theme-park.dev/themes/APPNAMEHERE + # -- https://docs.theme-park.dev/community-themes + # theme: themenamehere + # -- https://theme-park.dev or a self hosted url + # baseUrl: https://theme-park.dev + realIPVersion: v1.0.3 + # Sets X-Real-Ip with an IP from the X-Forwarded-For or + # Cf-Connecting-Ip (If from Cloudflare) + # Evaluation of those headers will go from last to first + realIP: [] + # - name: realIPName + # -- The real IP will be the first one that is + # -- not included in any of the CIDRs passed here + # excludedNetworks: + # - 1.1.1.1/24 + addPrefix: [] + # - name: addPrefixName + # prefix: "/foo" + geoBlockVersion: v0.2.4 + geoBlock: [] + # -- https://github.com/PascalMinder/geoblock + # - name: geoBlockName + # allowLocalRequests: true + # logLocalRequests: false + # logAllowedRequests: false + # logApiRequests: false + # api: https://get.geojs.io/v1/ip/country/{ip} + # apiTimeoutMs: 500 + # cacheSize: 25 + # forceMonthlyUpdate: true + # allowUnknownCountries: false + # unknownCountryApiResponse: nil + # blackListMode: false + # countries: + # - RU + +portalhook: + enabled: true + +persistence: + plugins: + enabled: true + mountPath: "/plugins-storage" + type: emptyDir + +portal: + open: + enabled: true + path: /dashboard/ diff --git a/enterprise/traefik/18.0.17/questions.yaml b/enterprise/traefik/18.0.17/questions.yaml new file mode 100644 index 0000000000..04d93e73fc --- /dev/null +++ b/enterprise/traefik/18.0.17/questions.yaml @@ -0,0 +1,2652 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" + path: "$kubernetes-resource_configmap_tcportal-open_path" +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + - variable: workload + group: "Workload Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type (Advanced) + schema: + type: string + default: Deployment + enum: + - value: Deployment + description: Deployment + - value: DaemonSet + description: DaemonSet + + - variable: replicas + label: Replicas (Advanced) + description: Set the number of Replicas + schema: + type: int + show_if: [["type", "!=", "DaemonSet"]] + default: 1 + - variable: podSpec + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: containers + label: Containers + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Container + schema: + additional_attrs: true + type: dict + attrs: + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: command + label: Command + schema: + type: list + default: [] + items: + - variable: param + label: Param + schema: + type: string + + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: podOptions + group: "General Settings" + label: "Global Pod Options (Advanced)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: expertPodOpts + label: "Expert - Pod Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + label: "Host Networking" + schema: + type: boolean + default: false + - variable: dnsConfig + label: "DNS Configuration" + schema: + type: dict + additional_attrs: true + attrs: + - variable: options + label: "Options" + schema: + type: list + default: [{"name": "ndots", "value": "1"}] + items: + - variable: optionsEntry + label: "Option Entry" + schema: + type: dict + additional_attrs: true + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + - variable: nameservers + label: "Nameservers" + schema: + type: list + default: [] + items: + - variable: nsEntry + label: "Nameserver Entry" + schema: + type: string + required: true + - variable: searches + label: "Searches" + schema: + type: list + default: [] + items: + - variable: searchEntry + label: "Search Entry" + schema: + type: string + required: true + - variable: expertIngressClass + label: Expert Mode + group: App Configuration + description: | + Expert Mode contains settings like:
+ - IngressClass
+ schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: ingressClass + label: "ingressClass" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + description: "When enabled, ingressClass will match the entered name of this app" + schema: + type: boolean + default: false + - variable: isDefaultClass + label: "isDefaultClass" + schema: + type: boolean + show_if: [["enabled", "=", true]] + default: false + - variable: logs + label: "Logs" + group: "App Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: general + label: "General Logs" + schema: + additional_attrs: true + type: dict + attrs: + - variable: level + label: "Log Level" + schema: + type: string + default: "ERROR" + enum: + - value: "INFO" + description: "Info" + - value: "WARN" + description: "Warnings" + - value: "ERROR" + description: "Errors" + - value: "FATAL" + description: "Fatal Errors" + - value: "PANIC" + description: "Panics" + - value: "DEBUG" + description: "Debug" + - variable: format + label: "General Log format" + schema: + type: string + default: "common" + enum: + - value: "common" + description: "Common Log Format" + - value: "json" + description: "JSON" + - variable: access + label: "Access Logs" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabledFilters + label: "Enable Filters" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: filters + label: "Filters" + schema: + additional_attrs: true + type: dict + attrs: + - variable: statuscodes + label: "Status codes" + schema: + type: string + default: "200,300-302" + - variable: retryattempts + label: "retryattempts" + schema: + type: boolean + default: true + - variable: minduration + label: "minduration" + schema: + type: string + default: "10ms" + - variable: fields + label: "Fields" + schema: + additional_attrs: true + type: dict + attrs: + - variable: general + label: "General" + schema: + additional_attrs: true + type: dict + attrs: + - variable: defaultmode + label: "Default Mode" + schema: + type: string + default: "keep" + enum: + - value: "keep" + description: "Keep" + - value: "drop" + description: "Drop" + - variable: headers + label: "Headers" + schema: + additional_attrs: true + type: dict + attrs: + - variable: defaultmode + label: "Default Mode" + schema: + type: string + default: "drop" + enum: + - value: "keep" + description: "Keep" + - value: "drop" + description: "Drop" + - variable: format + label: "Access Log format" + schema: + type: string + default: "common" + enum: + - value: "common" + description: "Common Log Format" + - value: "json" + description: "JSON" + - variable: middlewares + label: "" + group: "Middlewares" + schema: + additional_attrs: true + type: dict + attrs: + - variable: basicAuth + label: basicAuth + schema: + type: list + default: [] + items: + - variable: basicAuthEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: users + label: Users + schema: + type: list + default: [] + items: + - variable: usersEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: username + label: Username + schema: + type: string + required: true + default: "" + - variable: password + label: Password + schema: + type: string + required: true + default: "" + - variable: forwardAuth + label: forwardAuth + schema: + type: list + default: [] + items: + - variable: basicAuthEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: address + label: Address + schema: + type: string + required: true + default: "" + - variable: trustForwardHeader + label: trustForwardHeader + schema: + type: boolean + default: false + - variable: tls + label: TLS + schema: + additional_attrs: true + type: dict + attrs: + - variable: insecureSkipVerify + label: insecureSkipVerify (expert) + description: >- + This disables all TLS certificate validation on communications with the authentication endpoint. + This could be a security risk and should only be used if you know what you are doing. + schema: + type: boolean + default: false + - variable: authResponseHeadersRegex + label: authResponseHeadersRegex + schema: + type: string + default: "" + - variable: authResponseHeaders + label: authResponseHeaders + schema: + type: list + default: [] + items: + - variable: authResponseHeadersEntry + label: "" + schema: + type: string + default: "" + - variable: authRequestHeaders + label: authRequestHeaders + schema: + type: list + default: [] + items: + - variable: authRequestHeadersEntry + label: "" + schema: + type: string + default: "" + - variable: chain + label: Chain + schema: + type: list + default: [] + items: + - variable: chainEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: middlewares + label: Middlewares to Chain + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: redirectScheme + label: redirectScheme + schema: + type: list + default: [] + items: + - variable: redirectSchemeEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: scheme + label: Scheme + schema: + type: string + required: true + default: https + enum: + - value: https + description: https + - value: http + description: http + - variable: permanent + label: Permanent + schema: + type: boolean + default: false + - variable: rateLimit + label: rateLimit + schema: + type: list + default: [] + items: + - variable: rateLimitEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: average + label: Average + schema: + type: int + required: true + default: 300 + - variable: burst + label: Burst + schema: + type: int + required: true + default: 200 + - variable: redirectRegex + label: redirectRegex + schema: + type: list + default: [] + items: + - variable: redirectRegexEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: regex + label: Regex + schema: + type: string + required: true + default: "" + - variable: replacement + label: Replacement + schema: + type: string + required: true + default: "" + - variable: permanent + label: Permanent + schema: + type: boolean + default: false + - variable: stripPrefixRegex + label: stripPrefixRegex + schema: + type: list + default: [] + items: + - variable: stripPrefixRegexEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: regex + label: Regex + schema: + type: list + default: [] + items: + - variable: regexEntry + label: Regex + schema: + type: string + required: true + default: "" + - variable: ipWhiteList + label: ipWhiteList + schema: + type: list + default: [] + items: + - variable: ipWhiteListEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: sourceRange + label: Source Range + schema: + type: list + default: [] + items: + - variable: sourceRangeEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: ipStrategy + label: IP Strategy + schema: + additional_attrs: true + type: dict + attrs: + - variable: depth + label: Depth + schema: + type: int + required: true + - variable: excludedIPs + label: Excluded IPs + schema: + type: list + default: [] + items: + - variable: excludedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: themePark + label: theme.park + schema: + type: list + default: [] + items: + - variable: themeParkEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: This is a 3rd party plugin and not maintained by TrueCharts, + for more information go to traefik-themepark + schema: + type: string + required: true + default: "" + - variable: appName + label: App Name + description: Lower case, name of the app to be themed. +
Go to https://docs.theme-park.dev/themes/ to see supported apps. + schema: + type: string + required: true + default: "" + - variable: themeName + label: Theme Name + description: Lower case, name of the theme to be applied. +
Go to https://docs.theme-park.dev/theme-options/ to see supported themes. + schema: + type: string + required: true + default: "" + - variable: baseUrl + label: Base URL + description: Replace `https://theme-park.dev` URL for self-hosting reference. + schema: + type: string + required: true + default: https://theme-park.dev + - variable: addons + label: Addons + schema: + type: list + default: [] + items: + - variable: addonEntry + label: Addon + description: Currently only supports 'darker' and '4k-logo' for *arr apps. +
Go to https://docs.theme-park.dev/themes/addons/ for Addon information. +
Go to https://github.com/packruler/traefik-themepark for more context on plugin + schema: + type: string + required: true + default: "" + - variable: realIP + label: Real IP + schema: + type: list + default: [] + items: + - variable: realIPEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: excludedNetworks + label: Excluded Networks + schema: + type: list + default: [] + items: + - variable: excludedNetEntry + label: Excluded Network Entry + description: Network to exclude setting it to X-Real-Ip + schema: + type: string + required: true + default: "" + - variable: geoBlock + label: GeoBlock + schema: + type: list + default: [] + items: + - variable: geoBlockEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: This is a 3rd party plugin and not maintained by TrueCharts, + for more information go to geoblock + schema: + type: string + required: true + default: "" + - variable: allowLocalRequests + label: Allow Local Requests + description: If set to true, will not block request from Private IP Ranges + schema: + type: boolean + default: true + - variable: logLocalRequests + label: Log Local Requests + description: If set to true, will log every connection from any IP in the private IP range + schema: + type: boolean + default: false + - variable: logAllowedRequests + label: Log Allowed Requests + description: If set to true, will show a log message with the IP and the country of origin if a request is allowed. + schema: + type: boolean + default: false + - variable: logApiRequests + label: Log API Requests + description: If set to true, will show a log message for every API hit. + schema: + type: boolean + default: false + - variable: api + label: API + description: Defines the API URL for the IP to Country resolution. The IP to fetch can be added with {ip} to the URL. + schema: + type: string + required: true + default: https://get.geojs.io/v1/ip/country/{ip} + - variable: apiTimeoutMs + label: API Timeout in ms + description: Timeout for the call to the api uri. + schema: + type: int + required: true + default: 500 + - variable: cacheSize + label: Cache Size + description: Defines the max size of the LRU (least recently used) cache. + schema: + type: int + required: true + default: 25 + - variable: forceMonthlyUpdate + label: Force Monthly Update + description: Even if an IP stays in the cache for a period of a month (about 30 x 24 hours), it must be fetch again after a month. + schema: + type: boolean + default: true + - variable: allowUnknownCountries + label: Allow Unknown Countries + description: Some IP addresses have no country associated with them. If this option is set to true, all IPs with no associated country are also allowed. + schema: + type: boolean + default: false + - variable: unknownCountryApiResponse + label: Unknown Countries API Response + description: The API uri can be customized. This options allows to customize the response string of the API when a IP with no associated country is requested. + schema: + type: string + required: true + default: nil + - variable: blackListMode + label: Blacklist Mode + description: When set to true the filter logic is inverted, i.e. requests originating from countries listed in the countries list are blocked. + schema: + type: boolean + default: false + - variable: countries + description: Country codes (2 characters) from which connections to the service should be allowed or blocked, based on the mode. + label: Countries + schema: + type: list + default: [] + items: + - variable: countryEntry + label: Country + description: Country codes (2 characters) from which connections to the service should be allowed or blocked, based on the mode. + schema: + type: string + required: true + # Allow only 2 Characters + valid_chars: '^[a-zA-Z]{2}$' + default: "" + - variable: addPrefix + label: Add Prefix + schema: + type: list + default: [] + items: + - variable: addPrefixEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: prefix + label: Prefix + schema: + type: string + required: true + default: "" + - variable: service + group: "Networking and Services" + label: "Configure Service Entrypoint" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Entrypoint Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Entrypoints Port" + schema: + type: int + default: 9000 + required: true + - variable: tcp + label: "TCP Service" + description: "The tcp Entrypoint service" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: web + label: "web Entrypoint Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Entrypoints Port" + schema: + type: int + default: 9080 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: redirectPort + label: "Redirect to Port" + schema: + type: int + - variable: redirectTo + label: "Redirect to Entrypoint" + schema: + type: string + default: "websecure" + - variable: forwardedHeaders + label: Accept Forwarded Headers + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Trust Forwarded Headers from specific IPs. + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Always Trust Forwarded Headers + schema: + type: boolean + default: false + - variable: proxyProtocol + label: Accept Proxy Protocol connections + description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Only IPs in trustedIPs will lead to remote client address replacement + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Trust every incoming connection + schema: + type: boolean + default: false + - variable: websecure + label: "websecure Entrypoints Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Entrypoints Port" + schema: + type: int + default: 9443 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: redirectPort + label: "Redirect to Port" + schema: + type: int + - variable: redirectTo + label: "Redirect to Entrypoint" + schema: + type: string + - variable: forwardedHeaders + label: Accept Forwarded Headers + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Trust Forwarded Headers from specific IPs. + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Always Trust Forwarded Headers + schema: + type: boolean + default: false + - variable: proxyProtocol + label: Accept Proxy Protocol connections + description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Only IPs in trustedIPs will lead to remote client address replacement + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Trust every incoming connection + schema: + type: boolean + default: false + - variable: tls + label: "websecure Entrypoints Configuration" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: enabled + label: "Enabled" + schema: + type: boolean + default: true + hidden: true + - variable: portsList + label: "Additional TCP Entrypoints" + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: "Custom Entrypoints" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the port" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Entrypoints Name" + schema: + type: string + default: "" + - variable: protocol + label: "Entrypoints Type" + schema: + type: string + default: "tcp" + enum: + - value: http + description: "HTTP" + - value: "https" + description: "HTTPS" + - value: tcp + description: "TCP" + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + required: true + - variable: tls + label: "websecure Entrypoints Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enabled" + schema: + type: boolean + default: true + - variable: redirectPort + label: "Redirect to Port" + schema: + type: int + - variable: redirectTo + label: "Redirect to Entrypoint" + schema: + type: string + - variable: forwardedHeaders + label: Accept Forwarded Headers + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Trust Forwarded Headers from specific IPs. + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Always Trust Forwarded Headers + schema: + type: boolean + default: false + - variable: proxyProtocol + label: Accept Proxy Protocol connections + description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Only IPs in trustedIPs will lead to remote client address replacement + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Trust every incoming connection + schema: + type: boolean + default: false + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: certificateIssuer + label: Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + show_if: [["advanced", "=", true]] + required: true + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: clusterIssuer + label: clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["clusterIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: clusterIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["clusterIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["clusterIssuer", "=", ""]] + default: "" + - variable: entrypoint + label: Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: securityContext + group: Security and Permissions + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: container + label: Container + schema: + additional_attrs: true + type: dict + attrs: + # Settings from questions.yaml get appended here on a per-app basis + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID of the user running the application" + schema: + type: int + default: 568 + # Settings from questions.yaml get appended here on a per-app basis + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + show_if: [["runAsUser", "=", 0]] + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "0022" + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: pod + label: Pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + # Settings from questions.yaml get appended here on a per-app basis + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: device + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + - variable: scaleGPU + label: GPU Configuration + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: scaleGPUEntry + label: GPU + schema: + additional_attrs: true + type: dict + attrs: + # Specify GPU configuration + - variable: gpu + label: Select GPU + schema: + additional_attrs: true + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] + - variable: workaround + label: "Workaround" + schema: + type: string + default: workaround + hidden: true + - variable: metrics + group: Metrics + label: Prometheus Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: prometheusRule + label: PrometheusRule + description: Enable and configure Prometheus Rules for the App. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: false + # TODO: Rule List section +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: gluetun + description: Gluetun + - value: tailscale + description: Tailscale + - value: openvpn + description: OpenVPN (Deprecated) + - value: wireguard + description: Wireguard (Deprecated) + - variable: openvpn + label: OpenVPN Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + show_if: [["username", "!=", ""]] + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: string + show_if: [["type", "!=", "disabled"]] + default: "" + + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + max_length: 10240 + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true diff --git a/enterprise/traefik/18.0.17/templates/NOTES.txt b/enterprise/traefik/18.0.17/templates/NOTES.txt new file mode 100644 index 0000000000..efcb74cb77 --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/enterprise/traefik/18.0.17/templates/_args.tpl b/enterprise/traefik/18.0.17/templates/_args.tpl new file mode 100644 index 0000000000..4478375d84 --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/_args.tpl @@ -0,0 +1,182 @@ +{{/* Define the args */}} +{{- define "traefik.args" -}} +args: + {{/* merge all ports */}} + {{- $ports := dict }} + {{- range $.Values.service }} + {{- range $name, $value := .ports }} + {{- $_ := set $ports $name $value }} + {{- end }} + {{- end }} + {{/* start of actual arguments */}} + {{- with .Values.globalArguments }} + {{- range . }} + - {{ . | quote }} + {{- end }} + {{- end }} + {{- range $name, $config := $ports }} + {{- if $config }} + {{- if or ( eq $config.protocol "http" ) ( eq $config.protocol "https" ) ( eq $config.protocol "tcp" ) }} + {{- $_ := set $config "protocol" "tcp" }} + {{- end }} + - "--entryPoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}" + {{- end }} + {{- end }} + - "--api.dashboard=true" + - "--ping=true" + {{- if .Values.traefikMetrics }} + {{- if .Values.traefikMetrics.datadog }} + - "--metrics.datadog=true" + - "--metrics.datadog.address={{ .Values.traefikMetrics.datadog.address }}" + {{- end }} + {{- if .Values.traefikMetrics.influxdb }} + - "--metrics.influxdb=true" + - "--metrics.influxdb.address={{ .Values.traefikMetrics.influxdb.address }}" + - "--metrics.influxdb.protocol={{ .Values.traefikMetrics.influxdb.protocol }}" + {{- end }} + {{- if .Values.traefikMetrics.statsd }} + - "--metrics.statsd=true" + - "--metrics.statsd.address={{ .Values.traefikMetrics.statsd.address }}" + {{- if or .Values.traefikMetrics.prometheus }} + - "--metrics.prometheus=true" + - "--metrics.prometheus.entrypoint=metrics" + {{- end }} + {{- end }} + {{- end }} + {{- if or .Values.metrics.main.enabled }} + - "--metrics.prometheus=true" + - "--metrics.prometheus.entrypoint=metrics" + {{- end }} + {{- if .Values.providers.kubernetesCRD.enabled }} + - "--providers.kubernetescrd" + {{- end }} + {{- if .Values.providers.kubernetesIngress.enabled }} + - "--providers.kubernetesingress" + {{- if .Values.providers.kubernetesIngress.publishedService.enabled }} + - "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}" + {{- end }} + {{- if .Values.providers.kubernetesIngress.labelSelector }} + - "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}" + {{- end }} + {{- end }} + {{- if and .Values.rbac.enabled .Values.rbac.namespaced }} + {{- if .Values.providers.kubernetesCRD.enabled }} + - "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" . }}" + {{- end }} + {{- if .Values.providers.kubernetesIngress.enabled }} + - "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" . }}" + {{- end }} + {{- end }} + {{- if $.Values.ingressClass.enabled }} + - "--providers.kubernetesingress.ingressclass={{ .Release.Name }}" + {{- end }} + {{- range $entrypoint, $config := $ports }} + {{/* add args for proxyProtocol support */}} + {{- if $config.proxyProtocol }} + {{- if $config.proxyProtocol.enabled }} + {{- if $config.proxyProtocol.insecureMode }} + - "--entrypoints.{{ $entrypoint }}.proxyProtocol.insecure" + {{- end }} + {{- if not ( empty $config.proxyProtocol.trustedIPs ) }} + - "--entrypoints.{{ $entrypoint }}.proxyProtocol.trustedIPs={{ join "," $config.proxyProtocol.trustedIPs }}" + {{- end }} + {{- end }} + {{- end }} + {{/* add args for forwardedHeaders support */}} + {{- if $config.forwardedHeaders.enabled }} + {{- if not ( empty $config.forwardedHeaders.trustedIPs ) }} + - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}" + {{- end }} + {{- if $config.forwardedHeaders.insecureMode }} + - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.insecure" + {{- end }} + {{- end }} + {{/* end forwardedHeaders configuration */}} + {{- if $config.redirectTo }} + {{- $toPort := index $ports $config.redirectTo }} + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.port }}" + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https" + {{- else if $config.redirectPort }} + {{ if gt $config.redirectPort 0.0 }} + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $config.redirectPort }}" + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https" + {{- end }} + {{- end }} + {{- if or ( $config.tls ) ( eq $config.protocol "https" ) }} + {{- if or ( $config.tls.enabled ) ( eq $config.protocol "https" ) }} + - "--entrypoints.{{ $entrypoint }}.http.tls=true" + {{- if $config.tls.options }} + - "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}" + {{- end }} + {{- if $config.tls.certResolver }} + - "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}" + {{- end }} + {{- if $config.tls.domains }} + {{- range $index, $domain := $config.tls.domains }} + {{- if $domain.main }} + - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}" + {{- end }} + {{- if $domain.sans }} + - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}" + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Values.logs }} + - "--log.format={{ .general.format }}" + {{- if ne .general.level "ERROR" }} + - "--log.level={{ .general.level | upper }}" + {{- end }} + {{- if .access.enabled }} + - "--accesslog=true" + - "--accesslog.format={{ .access.format }}" + {{- if .access.bufferingsize }} + - "--accesslog.bufferingsize={{ .access.bufferingsize }}" + {{- end }} + {{- if .access.filters }} + {{- if .access.filters.statuscodes }} + - "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}" + {{- end }} + {{- if .access.filters.retryattempts }} + - "--accesslog.filters.retryattempts" + {{- end }} + {{- if .access.filters.minduration }} + - "--accesslog.filters.minduration={{ .access.filters.minduration }}" + {{- end }} + {{- end }} + - "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}" + {{- range $fieldname, $fieldaction := .access.fields.general.names }} + - "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}" + {{- end }} + - "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}" + {{- range $fieldname, $fieldaction := .access.fields.headers.names }} + - "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}" + {{- end }} + {{- end }} + {{- end }} + {{/* theme.park */}} + {{- if .Values.middlewares.themePark }} + - "--experimental.plugins.traefik-themepark.modulename=github.com/packruler/traefik-themepark" + - "--experimental.plugins.traefik-themepark.version={{ .Values.middlewares.themeParkVersion }}" + {{- end }} + {{/* End of theme.park */}} + {{/* GeoBlock */}} + {{- if .Values.middlewares.geoBlock }} + - "--experimental.plugins.GeoBlock.modulename=github.com/PascalMinder/geoblock" + - "--experimental.plugins.GeoBlock.version={{ .Values.middlewares.geoBlockVersion }}" + {{- end }} + {{/* End of GeoBlock */}} + {{/* RealIP */}} + {{- if .Values.middlewares.realIP }} + - "--experimental.plugins.traefik-real-ip.modulename=github.com/soulbalz/traefik-real-ip" + - "--experimental.plugins.traefik-real-ip.version={{ .Values.middlewares.realIPVersion }}" + {{- end }} + {{/* End of RealIP */}} + {{- with .Values.additionalArguments }} + {{- range . }} + - {{ . | quote }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/enterprise/traefik/18.0.17/templates/_helpers.tpl b/enterprise/traefik/18.0.17/templates/_helpers.tpl new file mode 100644 index 0000000000..1345dcea39 --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/_helpers.tpl @@ -0,0 +1,22 @@ +{{/* +Construct the path for the providers.kubernetesingress.ingressendpoint.publishedservice. +By convention this will simply use the / to match the name of the +service generated. +Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride` +*/}} +{{- define "providers.kubernetesIngress.publishedServicePath" -}} +{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}} +{{- $defServiceName := printf "%s/%s-tcp" .Release.Namespace $fullName -}} +{{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }} +{{- print $servicePath | trimSuffix "-" -}} +{{- end -}} + +{{/* +Construct a comma-separated list of whitelisted namespaces +*/}} +{{- define "providers.kubernetesIngress.namespaces" -}} +{{- default .Release.Namespace (join "," .Values.providers.kubernetesIngress.namespaces) }} +{{- end -}} +{{- define "providers.kubernetesCRD.namespaces" -}} +{{- default .Release.Namespace (join "," .Values.providers.kubernetesCRD.namespaces) }} +{{- end -}} diff --git a/enterprise/traefik/18.0.17/templates/_ingressclass.tpl b/enterprise/traefik/18.0.17/templates/_ingressclass.tpl new file mode 100644 index 0000000000..4213783865 --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/_ingressclass.tpl @@ -0,0 +1,24 @@ +{{/* Define the ingressClass */}} +{{- define "traefik.ingressClass" -}} +--- +{{ if $.Values.ingressClass.enabled }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass" }} +apiVersion: networking.k8s.io/v1 + {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass" }} +apiVersion: networking.k8s.io/v1beta1 + {{- else if or (eq .Values.ingressClass.fallbackApiVersion "v1beta1") (eq .Values.ingressClass.fallbackApiVersion "v1") }} +apiVersion: {{ printf "networking.k8s.io/%s" .Values.ingressClass.fallbackApiVersion }} + {{- else }} + {{- fail "\n\n ERROR: You must have at least networking.k8s.io/v1beta1 to use ingressClass" }} + {{- end }} +kind: IngressClass +metadata: + annotations: + ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }} + labels: + {{- include "tc.v1.common.lib.metadata.allLabels" . | nindent 4 }} + name: {{ .Release.Name }} +spec: + controller: traefik.io/ingress-controller +{{- end }} +{{- end }} diff --git a/enterprise/traefik/18.0.17/templates/_ingressroute.tpl b/enterprise/traefik/18.0.17/templates/_ingressroute.tpl new file mode 100644 index 0000000000..bf235761f8 --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/_ingressroute.tpl @@ -0,0 +1,34 @@ +{{/* Define the ingressRoute */}} +{{- define "traefik.ingressRoute" -}} +{{ if .Values.ingressRoute.dashboard.enabled }} + +{{- $ingressRouteLabels := .Values.ingressRoute.dashboard.labels -}} +{{- $ingressRouteAnnotations := .Values.ingressRoute.dashboard.annotations -}} + +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: {{ include "tc.v1.common.lib.chart.names.fullname" . }}-dashboard + {{- $labels := (mustMerge ($ingressRouteLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end }} + {{- $annotations := (mustMerge ($ingressRouteAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} + +spec: + entryPoints: + - main + routes: + - match: PathPrefix(`/dashboard`) || PathPrefix(`/api`) + kind: Rule + services: + - name: api@internal + kind: TraefikService +{{ end }} +{{- end -}} diff --git a/enterprise/traefik/18.0.17/templates/_portalhook.tpl b/enterprise/traefik/18.0.17/templates/_portalhook.tpl new file mode 100644 index 0000000000..242555bdc9 --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/_portalhook.tpl @@ -0,0 +1,25 @@ +{{/* Define the portalHook */}} +{{- define "traefik.portalhook" -}} +{{- if .Values.portalhook.enabled -}} + {{- $name := "portalhook" -}} + {{- if $.Values.ingressClass.enabled -}} + {{- $name = printf "portalhook-%v" .Release.Name -}} + {{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $name }} + namespace: tc-system +data: + {{- $ports := dict }} + {{- range $.Values.service }} + {{- range $name, $value := .ports }} + {{- $_ := set $ports $name $value }} + {{- end }} + {{- end }} + {{- range $name, $value := $ports }} + {{ $name }}: {{ $value.port | quote }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/enterprise/traefik/18.0.17/templates/_tlsoptions.tpl b/enterprise/traefik/18.0.17/templates/_tlsoptions.tpl new file mode 100644 index 0000000000..4194e513cd --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/_tlsoptions.tpl @@ -0,0 +1,12 @@ +{{/* Define the tlsOptions */}} +{{- define "traefik.tlsOptions" -}} +{{- range $name, $config := .Values.tlsOptions }} +--- +apiVersion: traefik.io/v1alpha1 +kind: TLSOption +metadata: + name: {{ $name }} +spec: + {{- toYaml $config | nindent 2 }} +{{- end }} +{{- end -}} diff --git a/enterprise/traefik/18.0.17/templates/common.yaml b/enterprise/traefik/18.0.17/templates/common.yaml new file mode 100644 index 0000000000..d70a9887a4 --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/common.yaml @@ -0,0 +1,23 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{- $newArgs := (include "traefik.args" . | fromYaml) }} +{{- $_ := set .Values "newArgs" $newArgs -}} +{{- $mergedargs := concat $.Values.workload.main.podSpec.containers.main.args .Values.newArgs.args }} +{{- $_ := set $.Values.workload.main.podSpec.containers.main "args" $mergedargs -}} + +{{- include "traefik.portalhook" . }} +{{- include "traefik.tlsOptions" . }} +{{- include "traefik.ingressRoute" . }} +{{- include "traefik.ingressClass" . }} + +{{- with .Values.ingress -}} + {{- with .main -}} + {{- if .enabled -}} + {{- $_ := set $.Values.portal.open.override "protocol" "https" -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/enterprise/traefik/18.0.17/templates/middlewares/addPrefix.yaml b/enterprise/traefik/18.0.17/templates/middlewares/addPrefix.yaml new file mode 100644 index 0000000000..473f703eec --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/middlewares/addPrefix.yaml @@ -0,0 +1,14 @@ +{{- $values := .Values }} + +{{- range $index, $middlewareData := .Values.middlewares.addPrefix }} + +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + addPrefix: + prefix: {{ $middlewareData.prefix }} +{{- end }} diff --git a/enterprise/traefik/18.0.17/templates/middlewares/basic-middleware.yaml b/enterprise/traefik/18.0.17/templates/middlewares/basic-middleware.yaml new file mode 100644 index 0000000000..ead5bdf724 --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/middlewares/basic-middleware.yaml @@ -0,0 +1,58 @@ +{{- $values := .Values }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-compress" $.Release.Name) "compress" $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + compress: {} +--- +# Here, an average of 300 requests per second is allowed. +# In addition, a burst of 200 requests is allowed. +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-basic-ratelimit" $.Release.Name) "basic-ratelimit" $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + rateLimit: + average: 600 + burst: 400 +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-basic-secure-headers" $.Release.Name) "basic-secure-headers" $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + headers: + accessControlAllowMethods: + - GET + - OPTIONS + - HEAD + - PUT + accessControlMaxAge: 100 + stsSeconds: 63072000 + # stsIncludeSubdomains: false + # stsPreload: false + forceSTSHeader: true + contentTypeNosniff: true + browserXssFilter: true + referrerPolicy: same-origin + customRequestHeaders: + X-Forwarded-Proto: "https" + customResponseHeaders: + server: '' +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-chain-basic" $.Release.Name) "chain-basic" $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + chain: + middlewares: + - name: {{ ternary (printf "%v-basic-ratelimit" $.Release.Name) "basic-ratelimit" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-basic-secure-headers" $.Release.Name) "basic-secure-headers" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-compress" $.Release.Name) "compress" $.Values.ingressClass.enabled }} diff --git a/enterprise/traefik/18.0.17/templates/middlewares/basicauth.yaml b/enterprise/traefik/18.0.17/templates/middlewares/basicauth.yaml new file mode 100644 index 0000000000..f2a990a57e --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/middlewares/basicauth.yaml @@ -0,0 +1,31 @@ +{{- $values := .Values }} + +{{ range $index, $middlewareData := .Values.middlewares.basicAuth }} +--- +{{- $users := list }} +{{- range $index, $userdata := $middlewareData.users }} + {{- $users = append $users (htpasswd $userdata.username $userdata.password) }} +{{- end }} + +apiVersion: v1 +kind: Secret +metadata: + name: {{printf "%v-%v" $middlewareData.name "secret" }} + namespace: tc-system +type: Opaque +stringData: + users: | + {{- range $index, $user := $users }} + {{ printf "%s" $user }} + {{- end }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + basicAuth: + secret: {{ printf "%v-%v" $middlewareData.name "secret" }} +{{ end }} diff --git a/enterprise/traefik/18.0.17/templates/middlewares/chain.yaml b/enterprise/traefik/18.0.17/templates/middlewares/chain.yaml new file mode 100644 index 0000000000..bb4920caab --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/middlewares/chain.yaml @@ -0,0 +1,21 @@ +{{- $values := .Values }} +{{- $namespace := "tc-system" }} +{{- if $.Values.ingressClass.enabled }} +{{- $namespace := ( printf "tc-system-%s" .Release.Name ) }} +{{- end }} +{{ range $index, $middlewareData := .Values.middlewares.chain }} + +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + chain: + middlewares: + {{ range $index, $middleware := .middlewares }} + - name: {{ printf "%v-%v@%v" $namespace $middleware "kubernetescrd" }} + {{ end }} +{{ end }} diff --git a/enterprise/traefik/18.0.17/templates/middlewares/forwardauth.yaml b/enterprise/traefik/18.0.17/templates/middlewares/forwardauth.yaml new file mode 100644 index 0000000000..a0336c6719 --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/middlewares/forwardauth.yaml @@ -0,0 +1,31 @@ +{{- $values := .Values }} + +{{ range $index, $middlewareData := .Values.middlewares.forwardAuth }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + forwardAuth: + address: {{ $middlewareData.address }} + {{- with $middlewareData.authResponseHeaders }} + authResponseHeaders: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with $middlewareData.authRequestHeaders }} + authRequestHeaders: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if $middlewareData.authResponseHeadersRegex }} + authResponseHeadersRegex: {{ $middlewareData.authResponseHeadersRegex }} + {{- end }} + {{- if $middlewareData.trustForwardHeader }} + trustForwardHeader: true + {{- end }} + {{- with $middlewareData.tls }} + tls: + insecureSkipVerify: {{ .insecureSkipVerify | default false }} + {{- end }} +{{ end }} diff --git a/enterprise/traefik/18.0.17/templates/middlewares/geoblock.yaml b/enterprise/traefik/18.0.17/templates/middlewares/geoblock.yaml new file mode 100644 index 0000000000..c1a2dcd0ae --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/middlewares/geoblock.yaml @@ -0,0 +1,32 @@ +{{- $values := .Values }} + +{{- range $index, $middlewareData := .Values.middlewares.geoBlock }} + +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + plugin: + GeoBlock: + allowLocalRequests: {{ $middlewareData.allowLocalRequests }} + logLocalRequests: {{ $middlewareData.logLocalRequests }} + logAllowedRequests: {{ $middlewareData.logAllowedRequests }} + logApiRequests: {{ $middlewareData.logApiRequests }} + api: {{ $middlewareData.api }} + apiTimeoutMs: {{ $middlewareData.apiTimeoutMs }} + cacheSize: {{ $middlewareData.cacheSize }} + forceMonthlyUpdate: {{ $middlewareData.forceMonthlyUpdate }} + allowUnknownCountries: {{ $middlewareData.allowUnknownCountries }} + unknownCountryApiResponse: {{ $middlewareData.unknownCountryApiResponse }} + blackListMode: {{ $middlewareData.blackListMode }} + {{- if not $middlewareData.countries }} + {{- fail "You have to define at least one country..." }} + {{- end }} + countries: + {{- range $middlewareData.countries }} + - {{ . }} + {{- end }} +{{- end }} diff --git a/enterprise/traefik/18.0.17/templates/middlewares/ipwhitelist.yaml b/enterprise/traefik/18.0.17/templates/middlewares/ipwhitelist.yaml new file mode 100644 index 0000000000..cec46d5102 --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/middlewares/ipwhitelist.yaml @@ -0,0 +1,30 @@ +{{- $values := .Values }} + +{{ range $index, $middlewareData := .Values.middlewares.ipWhiteList }} + +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + ipWhiteList: + sourceRange: + {{- range $middlewareData.sourceRange }} + - {{ . }} + {{- end }} + {{- if $middlewareData.ipStrategy }} + ipStrategy: + {{- if $middlewareData.ipStrategy.depth }} + depth: {{ $middlewareData.ipStrategy.depth }} + {{- end }} + {{- if $middlewareData.ipStrategy.excludedIPs }} + excludedIPs: + {{- range $middlewareData.ipStrategy.excludedIPs }} + - {{ . }} + {{- end }} + {{- end }} + {{- end }} +{{ end }} diff --git a/enterprise/traefik/18.0.17/templates/middlewares/ratelimit.yaml b/enterprise/traefik/18.0.17/templates/middlewares/ratelimit.yaml new file mode 100644 index 0000000000..a2ae79af66 --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/middlewares/ratelimit.yaml @@ -0,0 +1,16 @@ +{{- $values := .Values }} + +{{ range $index, $middlewareData := .Values.middlewares.rateLimit }} + +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + rateLimit: + average: {{ $middlewareData.average }} + burst: {{ $middlewareData.burst }} +{{ end }} diff --git a/enterprise/traefik/18.0.17/templates/middlewares/real-ip.yaml b/enterprise/traefik/18.0.17/templates/middlewares/real-ip.yaml new file mode 100644 index 0000000000..1e7d6e148e --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/middlewares/real-ip.yaml @@ -0,0 +1,18 @@ +{{- $values := .Values }} + +{{- range $index, $middlewareData := .Values.middlewares.realIP }} + +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + plugin: + traefik-real-ip: + excludednets: + {{- range $middlewareData.excludedNetworks }} + - {{ . | quote }} + {{- end }} +{{- end }} diff --git a/enterprise/traefik/18.0.17/templates/middlewares/redirectScheme.yaml b/enterprise/traefik/18.0.17/templates/middlewares/redirectScheme.yaml new file mode 100644 index 0000000000..0913fd132a --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/middlewares/redirectScheme.yaml @@ -0,0 +1,16 @@ +{{- $values := .Values }} + +{{ range $index, $middlewareData := .Values.middlewares.redirectScheme }} + +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + redirectScheme: + scheme: {{ $middlewareData.scheme }} + permanent: {{ $middlewareData.permanent }} +{{ end }} diff --git a/enterprise/traefik/18.0.17/templates/middlewares/redirectregex.yaml b/enterprise/traefik/18.0.17/templates/middlewares/redirectregex.yaml new file mode 100644 index 0000000000..9dbd602a16 --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/middlewares/redirectregex.yaml @@ -0,0 +1,17 @@ +{{- $values := .Values }} + +{{ range $index, $middlewareData := .Values.middlewares.redirectRegex }} + +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + redirectRegex: + regex: {{ $middlewareData.regex | quote }} + replacement: {{ $middlewareData.replacement | quote }} + permanent: {{ $middlewareData.permanent }} +{{ end }} diff --git a/enterprise/traefik/18.0.17/templates/middlewares/stripPrefixRegex.yaml b/enterprise/traefik/18.0.17/templates/middlewares/stripPrefixRegex.yaml new file mode 100644 index 0000000000..a409bfa85a --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/middlewares/stripPrefixRegex.yaml @@ -0,0 +1,17 @@ +{{- $values := .Values }} + + +{{ range $index, $middlewareData := .Values.middlewares.stripPrefixRegex }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + stripPrefixRegex: + regex: + {{- range $middlewareData.regex }} + - {{ . | quote }} + {{- end }} +{{ end }} diff --git a/enterprise/traefik/18.0.17/templates/middlewares/tc-chains.yaml b/enterprise/traefik/18.0.17/templates/middlewares/tc-chains.yaml new file mode 100644 index 0000000000..0b21a01f3b --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/middlewares/tc-chains.yaml @@ -0,0 +1,26 @@ +{{- $values := .Values }} + +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-chain") "tc-opencors-chain" $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + chain: + middlewares: + - name: {{ ternary (printf "%v-%v" $.Release.Name "basic-ratelimit") "basic-ratelimit" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-headers") "tc-opencors-headers" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-%v" $.Release.Name "compress") "compress" $.Values.ingressClass.enabled }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-chain") "tc-closedcors-chain" $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + chain: + middlewares: + - name: {{ ternary (printf "%v-%v" $.Release.Name "basic-ratelimit") "basic-ratelimit" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-headers") "tc-closedcors-headers" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-%v" $.Release.Name "compress") "compress" $.Values.ingressClass.enabled }} diff --git a/enterprise/traefik/18.0.17/templates/middlewares/tc-headers.yaml b/enterprise/traefik/18.0.17/templates/middlewares/tc-headers.yaml new file mode 100644 index 0000000000..859a5c8e04 --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/middlewares/tc-headers.yaml @@ -0,0 +1,59 @@ +{{- $values := .Values }} + +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-headers") "tc-opencors-headers" $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + headers: + accessControlAllowHeaders: + - '*' + accessControlAllowMethods: + - GET + - OPTIONS + - HEAD + - PUT + - POST + accessControlAllowOriginList: + - '*' + accessControlMaxAge: 100 + browserXssFilter: true + contentTypeNosniff: true + customRequestHeaders: + X-Forwarded-Proto: https + customResponseHeaders: + server: "" + forceSTSHeader: true + referrerPolicy: same-origin + sslForceHost: true + sslRedirect: true + stsSeconds: 63072000 +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-headers") "tc-closedcors-headers" $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + headers: + accessControlAllowMethods: + - GET + - OPTIONS + - HEAD + - PUT + accessControlMaxAge: 100 + sslRedirect: true + stsSeconds: 63072000 + # stsIncludeSubdomains: false + # stsPreload: false + forceSTSHeader: true + contentTypeNosniff: true + browserXssFilter: true + sslForceHost: true + referrerPolicy: same-origin + customRequestHeaders: + X-Forwarded-Proto: "https" + customResponseHeaders: + server: '' diff --git a/enterprise/traefik/18.0.17/templates/middlewares/tc-nextcloud.yaml b/enterprise/traefik/18.0.17/templates/middlewares/tc-nextcloud.yaml new file mode 100644 index 0000000000..3186bf4e2c --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/middlewares/tc-nextcloud.yaml @@ -0,0 +1,22 @@ +{{- $values := .Values }} + +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-redirectregex-dav") "tc-nextcloud-redirectregex-dav" $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + redirectRegex: + regex: "https://(.*)/.well-known/(card|cal)dav" + replacement: "https://${1}/remote.php/dav/" +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-chain") "tc-nextcloud-chain" $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + chain: + middlewares: + - name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-redirectregex-dav") "tc-nextcloud-redirectregex-dav" $.Values.ingressClass.enabled }} diff --git a/enterprise/traefik/18.0.17/templates/middlewares/theme-park.yaml b/enterprise/traefik/18.0.17/templates/middlewares/theme-park.yaml new file mode 100644 index 0000000000..5f6c9d8159 --- /dev/null +++ b/enterprise/traefik/18.0.17/templates/middlewares/theme-park.yaml @@ -0,0 +1,23 @@ +{{- $values := .Values }} + +{{- range $index, $middlewareData := .Values.middlewares.themePark }} + +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: tc-system +spec: + plugin: + traefik-themepark: + app: {{ $middlewareData.appName }} + theme: {{ $middlewareData.themeName }} + baseUrl: {{ $middlewareData.baseUrl }} + {{- if $middlewareData.addons }} + addons: + {{- range $middlewareData.addons }} + - {{ . | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/enterprise/traefik/18.0.17/values.yaml b/enterprise/traefik/18.0.17/values.yaml new file mode 100644 index 0000000000..e69de29bb2