From 5a5c9bdffe843ff0b5cbf70db614e0d2c7e314f9 Mon Sep 17 00:00:00 2001 From: TrueCharts-Bot Date: Thu, 8 Jun 2023 09:29:27 +0000 Subject: [PATCH] Commit new Chart releases for TrueCharts Signed-off-by: TrueCharts-Bot --- .../prometheus-operator/0.0.1/CHANGELOG.md | 13 + .../prometheus-operator/0.0.1/Chart.yaml | 30 + operators/prometheus-operator/0.0.1/LICENSE | 106 + operators/prometheus-operator/0.0.1/README.md | 27 + .../0.0.1/app-changelog.md | 9 + .../prometheus-operator/0.0.1/app-readme.md | 8 + .../0.0.1/charts/common-12.13.0.tgz | Bin 0 -> 129903 bytes .../prometheus-operator/0.0.1/ix_values.yaml | 306 + .../prometheus-operator/0.0.1/questions.yaml | 45 + .../0.0.1/templates/NOTES.txt | 1 + .../_mutatingwebhookconfiguration.tpl | 77 + .../_validatingwebhookconfiguration.tpl | 77 + .../0.0.1/templates/common.yaml | 8 + .../crds/crd-alertmanagerconfigs.yaml | 4484 ++++++++ .../templates/crds/crd-alertmanagers.yaml | 7226 +++++++++++++ .../0.0.1/templates/crds/crd-podmonitors.yaml | 683 ++ .../0.0.1/templates/crds/crd-probes.yaml | 726 ++ .../templates/crds/crd-prometheusagents.yaml | 8021 ++++++++++++++ .../templates/crds/crd-prometheuses.yaml | 9350 +++++++++++++++++ .../templates/crds/crd-prometheusrules.yaml | 127 + .../templates/crds/crd-scrapeconfigs.yaml | 214 + .../templates/crds/crd-servicemonitors.yaml | 713 ++ .../templates/crds/crd-thanosrulers.yaml | 6774 ++++++++++++ .../prometheus-operator/0.0.1/values.yaml | 0 operators/prometheus-operator/item.yaml | 4 + 25 files changed, 39029 insertions(+) create mode 100644 operators/prometheus-operator/0.0.1/CHANGELOG.md create mode 100644 operators/prometheus-operator/0.0.1/Chart.yaml create mode 100644 operators/prometheus-operator/0.0.1/LICENSE create mode 100644 operators/prometheus-operator/0.0.1/README.md create mode 100644 operators/prometheus-operator/0.0.1/app-changelog.md create mode 100644 operators/prometheus-operator/0.0.1/app-readme.md create mode 100644 operators/prometheus-operator/0.0.1/charts/common-12.13.0.tgz create mode 100644 operators/prometheus-operator/0.0.1/ix_values.yaml create mode 100644 operators/prometheus-operator/0.0.1/questions.yaml create mode 100644 operators/prometheus-operator/0.0.1/templates/NOTES.txt create mode 100644 operators/prometheus-operator/0.0.1/templates/_mutatingwebhookconfiguration.tpl create mode 100644 operators/prometheus-operator/0.0.1/templates/_validatingwebhookconfiguration.tpl create mode 100644 operators/prometheus-operator/0.0.1/templates/common.yaml create mode 100644 operators/prometheus-operator/0.0.1/templates/crds/crd-alertmanagerconfigs.yaml create mode 100644 operators/prometheus-operator/0.0.1/templates/crds/crd-alertmanagers.yaml create mode 100644 operators/prometheus-operator/0.0.1/templates/crds/crd-podmonitors.yaml create mode 100644 operators/prometheus-operator/0.0.1/templates/crds/crd-probes.yaml create mode 100644 operators/prometheus-operator/0.0.1/templates/crds/crd-prometheusagents.yaml create mode 100644 operators/prometheus-operator/0.0.1/templates/crds/crd-prometheuses.yaml create mode 100644 operators/prometheus-operator/0.0.1/templates/crds/crd-prometheusrules.yaml create mode 100644 operators/prometheus-operator/0.0.1/templates/crds/crd-scrapeconfigs.yaml create mode 100644 operators/prometheus-operator/0.0.1/templates/crds/crd-servicemonitors.yaml create mode 100644 operators/prometheus-operator/0.0.1/templates/crds/crd-thanosrulers.yaml create mode 100644 operators/prometheus-operator/0.0.1/values.yaml create mode 100644 operators/prometheus-operator/item.yaml diff --git a/operators/prometheus-operator/0.0.1/CHANGELOG.md b/operators/prometheus-operator/0.0.1/CHANGELOG.md new file mode 100644 index 0000000000..49f7d992c4 --- /dev/null +++ b/operators/prometheus-operator/0.0.1/CHANGELOG.md @@ -0,0 +1,13 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [prometheus-operator-0.0.1]prometheus-operator-0.0.1 (2023-06-08) + +### Add + +- add prometheus operator helm chart ([#9418](https://github.com/truecharts/charts/issues/9418)) + + \ No newline at end of file diff --git a/operators/prometheus-operator/0.0.1/Chart.yaml b/operators/prometheus-operator/0.0.1/Chart.yaml new file mode 100644 index 0000000000..697f1c5d64 --- /dev/null +++ b/operators/prometheus-operator/0.0.1/Chart.yaml @@ -0,0 +1,30 @@ +apiVersion: v2 +appVersion: "0.13.9" +deprecated: false +description: Prometheus Operator is an operator for prometheus +home: https://truecharts.org/charts/operators/prometheus-operator +icon: https://truecharts.org/img/hotlink-ok/chart-icons/prometheus-operator +keywords: + - operator + - prometheus + - metics +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 12.13.0 +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: prometheus-operator +sources: + - https://github.com/truecharts/charts/tree/master/charts/operators/prometheus-operator + - https://github.com/prometheus-operator +type: application +version: 0.0.1 +annotations: + truecharts.org/catagories: | + - operators + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/operators/prometheus-operator/0.0.1/LICENSE b/operators/prometheus-operator/0.0.1/LICENSE new file mode 100644 index 0000000000..4dfe12ac30 --- /dev/null +++ b/operators/prometheus-operator/0.0.1/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "MetalLB" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/operators/prometheus-operator/0.0.1/README.md b/operators/prometheus-operator/0.0.1/README.md new file mode 100644 index 0000000000..1ed81ac516 --- /dev/null +++ b/operators/prometheus-operator/0.0.1/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/operators/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE%20Apps/Important-MUST-READ). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/operators/prometheus-operator/0.0.1/app-changelog.md b/operators/prometheus-operator/0.0.1/app-changelog.md new file mode 100644 index 0000000000..39a9cda7bc --- /dev/null +++ b/operators/prometheus-operator/0.0.1/app-changelog.md @@ -0,0 +1,9 @@ + + +## [prometheus-operator-0.0.1]prometheus-operator-0.0.1 (2023-06-08) + +### Add + +- add prometheus operator helm chart ([#9418](https://github.com/truecharts/charts/issues/9418)) + + \ No newline at end of file diff --git a/operators/prometheus-operator/0.0.1/app-readme.md b/operators/prometheus-operator/0.0.1/app-readme.md new file mode 100644 index 0000000000..d5868df569 --- /dev/null +++ b/operators/prometheus-operator/0.0.1/app-readme.md @@ -0,0 +1,8 @@ +Prometheus Operator is an operator for prometheus + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/operators/prometheus-operator](https://truecharts.org/charts/operators/prometheus-operator) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/operators/prometheus-operator/0.0.1/charts/common-12.13.0.tgz b/operators/prometheus-operator/0.0.1/charts/common-12.13.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..3ba24f80abf117bd13603a400f4ee61b82d8310c GIT binary patch literal 129903 zcmV)TK(W6ciwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{bK5x5D7ruEuRt-GyYXI2)?2o}lR2Nq_GEk}v0b*4+5PtH zbwMN~aZM2n0m|{to8j-`jy{S)U$++d>`5uiE$VD z@Fu`x7y!WpjVb?i*Z_ckyhap2&-2-|hXD{@K>)`nVC*jbI0V0cuC4&X5L3wBv0BD2 zv+9xO5imy-25)~d%K(Z2LGi+O5wGoe??j;^6Aqhf79<)&H1Y4MA>D{VrI6nFp+8UN zAjBTJ#4#0QY5*|z!*luW5FE7IZB^qmgyR75mMD(E91{v6>=6J%4>0j1gbVOPH%L4` zoB}tDro6U?5dk5l@*4t#!q98N0EdXfXaElMCaPJ2J7$cAnHt+13E!#|@WrOd@8>UWSfV!pCZbT!p zifHCINZ6WkcA3MA$yY*A=%(1EuSDf&;byB{AvRjFg)cuGgKPgkNEBs% z9fD4~{l?E0{BV4u3NBn)QSkD^@g6IDl*v_gm~!bP>8a z#N?p(bA%JVNQr@wzXgcEU!V{X`3nF)^r;Vn6BNLQYvkh4BMeFTHA1nEz5ILGhW;>+ z?5bE+TY@wh@^eA)&CD?RJu^F~2=+kKM z;XRwfDN8Zu!_$%kF0w&V9Q+g-k3_I6VZN)*&$t<@>9* zhrn@IHS8Uqom|OZWZ~*x4Y?}0N$k@HAOSRpd|?3O1&@`02C4*?+2|A1LNb-%<)TuT zX@K-^!8>sh9+CG1#fM-p+)rP&QGs)!O79_?Zt=FtE;n62i zDiZ(+xVpHwQHcA5E!Nk=V;B*WM4T5c-=Ccnk9w_f2OK~;q8#S?cSqO1J_#s?a0r}s zyW4dX+g@U?oMENrPy#)|o|r&l1SeTWlrN5FFq|SaH7`QOm+yQsht!=3u1caPKywsQ z81NcIa|n4LE)B$QF(0oG!AZ=tu%&&DRZ)gt;Lm-vWVumt2>R`Id(MB((VPpneZG#y z=wpJ2RkV{SIB37~8x7siMI_X}1_0+D&Q8vbZjX;HuhjwzgFvD#%h}YeplyUb12p2= zq10jC`r)0yb~8-qIimMCzO!FmGB#2#$PC6zLt@JUQ|CwoU6g)~5nrj)Kph45@PUoK z7ZUYOYDqu)F`?qiF%BpGRP+_6$cnBDvo-WEC3=qYRp$^m9Y>;g6!?%JHRMcNzD5CZ zDUPLvPjP@^rD5|z#GN582~d2_8xV3l_AwXBN?DcfV^B^(xzGQY_mCy^ZV{@MxR}wv($~gSP#TRWv0u2m`%)$SF}L! z!~G1!2*4-`e3$j0aq~Zi;Qh_9HMJ#pb7sp|t50l>ouZySIg4pnJTW6}>T(lV;q%rf z)L1SB`i8}7cENaksMZIstRrF!(LACLC%#Z9xB$I`ban{#L}gKu50sD?+~FW$EMOeq zDS2cA3mEUQ>dTsllhU!M(L$Vra;f+HWPS+V@g={qO*)Sr*&v-qm5@EOAhY=+fqQ7N zM`rWYdSkLg%1It7;Ht#oU3y zrdq@Qboz;+IE2AjNKrh2E|O|Q5=%SepZ|L9Hn{$?mWGZ|O#O-PLb@h^A8?Q;`bM(GGZZO(8{-B)CQt;4paDX%rRAW9PyE<;GlKS@W_qGQ)s?=I74}!Z8j*xHIJ50h~~dY)W_FnKb~G z>r%lUpNr=W{_P?{;Wal}Id#|s0O*rXD7g3OO!Rt&f@l{+vTYm^-$OAsqH#>^kuPl! z$J0F$;gH~1IR*W{3r7(Vngv^3fU&&?#*nE@k)UWp(^m5Oix)2%{6Dk*%rapU2QZT# zT#T7WB%;`h7qVHg*+4kyByi5h_cPy}0U@wJh>*v(V8#ecQOL|e#Oz~Mob{3MOlFx( zJu=*|_C4*c(u$M(&5Tg}jj5wTOXI7k?BlmJofNN7xh1kofsQ-0+o{$p8O`HL65 zR62M6AGFz6n5 z1J^wmy50SLrDHfml*}-ubx~F2HLmSer<3A}hOj&A?)L}1&bZre?+*vCJ??e9j=R6# z8=!rJI{U-!=-|NJ?+n|WKI*%J1Gm#}ciMcKU9&*YRNA>+XAKFd21KSU$w_444eBB)iyOS!9U4R5?ZNQ~!X6sAXut2ayM1pmI`G<)-mu@@@4B5% zZ_qzD=pO7(2K_PWLJ#$agZ4h`bcSw!T#4!Z6xEghtZcfo)lM<&jE4PjXFMJqj0aw? zhdeYM4#w@VH|P(#<2F1PcDs}PVY@pS^x$ZOhH%gsc848zf>^)2N(>`RC|hcd10RL8 zarMT{d+5`qs-5C($Sl|y_T15aZ|IH2<9=@l``!J?z#9z4<1uWb@u)X;z45`=?Y6t^ z{s?sk-QIXS9`p_v&C#$D?>UTp=#3wTwya!;b^o9X4~Bz-L8s&Oy8HWMcrYFgdc(=M zGx9p_xZN8~#=ZT~aMEvgy~zX)ys##CT?O&^zet4-b0%&e$6dd;8UN#^Dq{ zn$DtfA=ZO-cQR_j;h+Z(+5_lydxOysb=&)18x6Ys4mxn%eTa}Z?2X3<-5wfxaDOoD zjXk&LcF?F2Yq=+a!Vj0{fGAbbHLdi<3-I5{)5oogs z2a|q(G#R*qPMe7g_nQt*U}o+~n~?xqGw=xPxRDAnLYSt(}&HbH?re z7y+MvIp#!!A?PSDyI{^*A%eV6IE>QIycUe_kOv@9D6|T^@@AJMFrS!EAm0mBoo&f5 zi;syP7j^wY8l1f6A)GS|ClmjZz|kkEy=S%~pt9l@+F(s#9wih9et2gN02^tjY)&2| z$PCI|FvfHy`~|EqVF++6pf!A=J(y7Z)(`LUy^urB?aOJ%h!4XDz3;+(nfFkr6^adh z_CF!-o%V8)9C>*(#|(jE6w{_OK!GbZm3=}I6z9kycHw1o9xoycU=8!FPbk0>!@J5I zM64MZ$7z1K+b5hDeD9kR(DMqyNnU{C7%@=}U}%Jarc^ayGRng!LZK(%v)?L&RJTRc zyi99~kFvc>&XIobkaEXOoS^fgYw0~!xTYfF6+zt6M>`fe3`d+$fIdaS6G&%hu3AT- z*Gz~E2$^KZOYhvfGw6rSF(kfgGGW^GcR}^J$*MBq#EALT8y=DXGM<6pIbwgw*E*zu zy;m{5D!3-b3nmDRK{I2Dg^z0vADDbs@}!kTLxw>Jpv+E+Lqri_>!_N_E)S^%;nWX5 zl@z4`X+oFBKd?zDXOM`(etJi*5tXn27F^)zz=b^`UHSykJrANe4hf=_M3SH?==1oR zM&P-PzablWv`8Is{Q_JG-~{}t$qo3akb{QdBQ(NKzzg8;fl@;3MMg=OVM0>{!4!l1 zOFBsf>c3#ZDQGi+jc444P|F`(#D~D9kP)owYzclv0=Lp7l;_rt$U11O9}^xEn`sz>lw)#nNxKbC5)6_GOGF z{wF(rA>FvowWO9_u~Mp~m9L)ZKAmO-)=UNppE>m*^YDavkcDeHW!ZFmZr)yJ*`)=3 zVoHG6%H!KMOgswCVj~cVC@=u+(NRqO22mnceNP5Mnkz7y6caxP)P8?J4Cw)yMza|% zYtn#dX(GZ3*?^7_aPfTXhpaUw>-Dx>peS?*~XJ_o`8%k3xzi7#|qehHbyS5yS!fC)qj#l{*NMFeRQ zqg{K~N}eTQW*H1AlKL=oX~LFjaF63VZczM$7@CX_qJ#^>JszLy@{muZ5KI!*hSp0$ zOnn#W9V`#?#u9=+5(bPZA8-QhVaNl2sW2lT1+h==8ZW><{~4pnzy9?~pA{4&Z^FoL z5r0Zrcl&(3)02wqF)MfPg)G<#MVzD`PG!*_x|2l*2GI<5cS@}!PUIDABwoI3N6K1q zcu8>Qho1cQ0S3OOf++zT$TwG)$5*V_F8Jl<=2HH7bFBY*doBNZef_TI0FY zlC>CW3eiTO-KT>a)_#`9@|Ab6N6Sqmk1r zP^y81I&`LB(BdSJf{%?Bqog`aq*Za{3s50@!kT9FvZ_rAb`0G+uIY+qDR-hGW?S8M(m?IkdE-49Z zv<``60ux{8AaFIja~%2<$GafHp8UI!BIDSl)MD%zEJNh3`&)H#6zEr4a-h(QupesW zxGDGD8TP7|d?$SYgF`UTv?Fc|BXyq5{E$&aXE;;{*!{n1a#1Sc9V+5dsGuKBF6zKMB~9-y&mFlvb~5T!zh>A3JApLxQO@aFxQUW@Sp#rH9n z4^ts(axJD3J=^vR;RVRIDmp6znyiLp%@n4jOWI;n9gcT2b)0XEIt}wY7)hP%1W_gt zg?OAXy<7OeRn$I@dWt34R1gPgsJ{-aGs+O?U_K>Sb=(KVAVyQ4slHM%;|eI`TA(V$ zUGt()=2+?n6#EmO>ClY1W4&mnIHiV)gdC$(J(R&B$m2GLYJ=Mf3kLb2ETC2UjhXrx zHYYd<%{FH+_L>vu2YxtJmh;WU$;F{MB&GqeLKop_9OF2rc0tWP=o5{h0iR+S$u*H8 zDjnMkRY>yI3l54)Zbnq#K?(`QOvz=&5)^0AgK;_}OxI@pX>lUU&*}*KGHA-JRRT?Z zt_v-dT4ey!5_Ms^0ZzOSQh$M((XAw+mz})~?!Q+y#1jj!7mnq=>blHgDNH|4kQ! zaT=D0Jm8@yMlKK7OV@qXq~XuFQNYV~B}K_%>WgpeH{T}m!wF8U?*b@AnPyb`#$V$A zkN21ovB!gb@Ak=FoP;eRd^5USs(y=|ni;p&nLH8kuS!5OTG{#~Oz7+mJs6tk3vk3{ z0i&J^V}9gS>b87yD?}pXFHS;cUMB>_To;wK^>6F22y5jQhuOETiz0gKg~V1>gj2#m z$wP$R`lh-}uzNSS713J8Yc5f5VLY{JbC2(B;WwPnF`LAqG7=L=W4fyc`iz1Aw zhJ89QSy53+bt+?^ru?-e(qI{P$r)h{^>K_m6jC1sq8aP3r-&Fq971p!#V*cV<1*-zwg$CJ+5A)HJS#YGe<`en`v zi^;?t`F0TVME6Z>hZ_fyC;n6=6%Y&j!rHpf=c>M9gsq*B>|O{87y5mEFU08AgA8u> z{1~}3c#vItFvJm<_<=m}0mQk@i9b!pQ>4x!7PnPGO(Ibx1qpy<;R*4z_ z51GBKhHX2A!hTn}zV?9_sz&H3xh_4PL2!NVQ+H;pbm$XL ziR8%x^5pjHa?#h5yy)vtm~jQVoJwDp*XE4)WvSKi{)_xOjBUu;w7is#IY%_p3&K1? zX(|ip2NbCrD#CYoGOqA}$wWWKA(N+usOATa4ES0!D4G8h8E>%3qeQ(?|9K_8MJ%IL z#w(071D-`Io^llRhVijJu_N38pveO=n#}HLdVVaTdh|I=YKf~T7L8ccSAfK>i|83w zwDde`Hkk^je}*_jMt?I17+)NDesHg~Ago1GDwx)V^qK>XzL_J8X-#?y(L|ZbgK09# zi*Gmi3l#2hcrc0t2sIB>6bF;G5uE9RVSY@g!Bpa?;5$}|!P_w)G;lK;-Hq5!dfz0Mwyrh#@sTv0eh%b72!}2x1jyznHU7l zqpOA>lm;Q_bT$Ts#mXmqdQwo+bltSp+1z5u*XjlU>TpuknxM)&%YvYR=T`%M<`3Mk zHBN0xx!OI7=cpOQNNHF&1{1#V5mFTl=b;FN9tvF_@#BLHH;kr_+MQquQbNTREd!z= z1Q;1+KI1_lYUkJ!Rn$wAb0mhze2iiyiMYcvbR`*h^rbp;A)+#;%*b`+>ZMDoEN)Eh zjv-+>EsUhIJKy@r2|IIA_{2~p;5vQ*~){$(wWZ+ zXF?4$AT?V*26~T1mWt6NP0DP$uh~Ln>7RR@R_9}m$+TIH~L(TMMQ_4R{MD^P6 zSzjT~C#lGLsChPnA3d@T^ICg4((Xv4B;axLJS2!HM&yGOVv1zM#`~+c*CH(eGAtR! ze((PgTK?;#1;IhQIu%&0!v3=l$CyXJcjQl@HXbE( z#%8E1bMiPLc8ci5YJ8oPdTVd=iu4m)58|=u>9K+s@leDDFL)CLTtENP8P>n?Igo(wI~j3o2S$WtWTC#2k;jlb=E{@nQe_a^W}hI)s(twpCL zc(KKsYncw{rY!!_HkrZUYqsS3VOqkUr1=L0C$~)IwX2K#Kt+IGuL#A=IF!k!l&>#k zoNj*aZ{UcZf6BRHEH8rc&jlEI1aJ~c1%ErWuTQOwaRs$ zF_D+&Ak`0pT`GA~#qwr*$FY_l^VBMZQ#S54B*$hJr;>Z5NSYl-Q|nvY^Xq!Zx$uxOgiyebxKJczqBNrHg=<$%^shG!Qp&ook@IA^pYe zQy>dx3Vr^3XuT9={{SBoOm&?mK+M`O*2D?)1K`LLy(%D&0Tfp*>IfV;^NMz5>#UvJ z1y)H2T~reAZWp{&-XMO0pU1%b2YWPAIirStPYW$V8R0(kP`zkL1g3`g1Zzdh(}@BiG$^Nj1i zVxj8QUk2H+Wupo9#(ucRPh~Vg)8+q=0HFx@;lvMp`mkJCFqe~}bzSe56fVKyYj(A? z@(Vi~TJegmU4x#N1_Pd--rOFYygNI$-dr91R<&4W{hE4^zLB+32PZvgrL3aD^DmU8 zt=C#7*SkI~m;V~O$BO@@^1ss=WaWQvG}y}jO*~)i{*Pk26?cEiC-#@xbSYW}zt%06 zl<1WkE?dvtck`6V|3wsX)n8sZ^k~`tm*w)mJ!og|{~z^x{jL1p#H00pd0=khPr247 z4=!rOUmUKgC%P9=*wU<1r1N`_!oyO(1*Tgob|TG5xQf z)r)Gu_V9fuptHYLg8%&py~_D7(+C_t(F3q#{`cBB`@hrP+W(t*^!%4&y(ZhA%`*wH z+WgO$+UA`@+SV@#>|t#vC%`2uDkih(7hpBzC28h-?&|rhEznADf?<6<&9P9^bFi|f zAb)-QqkRYJ_q$)uFHZEY>wjF|zPmVi|Ms*YybA!FoL}GmdU|?!dw%rp^!oJb!|Bx_ zaB%3bZx=W0@5#ie8oczBuNse+>J+cc;KySaUKt?)yFVXd;7Q;tl0>IB_SEs)ny?v_(QN6gm zcz^TL#ryM<+w1o~ouA%ZOXp4&YSvw$=avasv4m{4+$F;a5H3=05u3nrE*H&YbLC&| z_L9)Qh{vnBqRWeEW{>f9Rnu1an$!W~dL;g?bf4|BME{eya-LiN8x3;t-|emax0&Y| z^*_lyE9rmceNca1{m#o$GII9W4NrIOF3)d|-rxMfSK3#p zlJj4dPWaTec0l2xT3?0rqeVZcQacK@OSN8`?G&oFxn^F=+f$5JwICSFd1<3cYkqvA z83;=4vy{S%bH@(O=RvZ&;HA)kc#N%Tg%8fv#rvDn+uwiZnH5B7&`G!CN_4N{{w~$G zE7k48*T8Y|rwdjzD(b59|5d2YFNRv7w|csSq^l8tlYICDnipt~TV4HGb@f_~%1ZrD z9Q1yg^S_4wzt_&_f1TlIu-*UN$fNZ?l~z+Fl@qDv9_#)W)ysYVJjE^FB(RH4kKcy~XbfF`)llO%UtiT$@LlES{VSE%&^GQue9uNwWlH237Zbv7p7M#BhaL~R zYA_sBT3nTm`p9*05{k66JT@ypkf-XHz#xf{oTzfY=H~j==()`LdvkqzeR2FN`@Oe- z@m`#SMG4fs7QybFEPr!!b9#Gnb|tF>{@AF(`z#7FTmAOp{P&v5BP*SGPLOD7uz{_VViD z@Bg@cdv<+udM*y$i;4Q?{nM#gHC^xjsI(Rx?BB!6OY#a#aM$^ z>b^~;vG8j)M6}#a#s~m@C~|U&?A9)-Zxu+cl7Nl)?lC0j64DtD`lt%2HlV0FJo7`& zvJiQkbu3~-=?h86?Sj7?x@D z_4=D~jS)_1vY(vS&Cj33VX>c>1;Rfvo8yAb4m)EP`dHZchX?^jU%uzq8@{?h)*hnn zo?Wo0<@C-Rqj@d`m*61dd#W%nixjo}MurHPEnD_#3hw(lB=H?T)%G9bo+lcA%k96> zs5{8+|Ms@_-)5e&^S|;^)6JjzRbp4^rmUE{Wz;DZZ$=u>VtrPsGO6&h4*;9jsp*|> zdG~&dD9NTP6lIp2{53bi3r_qR8AAoQvZR4&@=0FI(OR;TtD2X|X~b2f31V2S%Z$(} z8Ya;mFJl}ZOz%pZ!zfG0^zQ2#v^35XR+2LXx{RV}Nhfs&I7JX1O<2Qfc#7p$gK;IT z4UN2z*wOMM>jkEB4T49;ne{S)o5)#woCi@%@#f}uIm5%{bd?2HBdlh&YRQm-UX`>d zHx~e@L)>NdQ5Egv4V_C#C(5lxIb}9h5-tV2D%}+L0uW26w)Z!18j>W|d2hARBfSMg zT%+KJ{N7B&mPUUf6Q-KECGv?bcaaU|F{F;ucoTcV682yjZdmX&9L%jNZz< zmFkqw=%Zo56z+&AEx;J++9^6pPOH8wVz8=A9V=w(Xyq%_%+bLWq{7C3FG?Annud;H zyX?JF?*h-=WYc zN{znS;1&iVeVxN=4$@-=S)ONjrdd*OrswM<0GX3q)|-%Dr$y-YNe)OfnQ14&^39`lv4t#g0y9h&=u_eO8<{$)n|?W?e+8LKYP7x z{QpLtXFUH|DCm|(|LR(Q&NHAQdq+N>$Fd+<7zFtKGWHjKfTrk_NfCM9n~btu5;%MG z{^acD_P49Eo70M5+UwJs_h%>O&o^hAJY0HxdUh(_VoJp zr=#OvPtQ*dffG*X3Ry=0`1S1V+w0%XZjOIB1P&vXQ+nR7pG`;dU+YOn0-oXQV87nk z!G777{#6JA*u9haVZyjpI*-;EcX=n86k>d-^=dEGBhm?syP?rGU2vTP|W)O{JC-Ghu)z{(Z(E6sE*5q zD(>#3l)()qK@at9+~>LP0C*u`uZbO^BZP@Vw$m_XxRyVeu4f1QuHf&klJG~ z#j#Ik^FwfYd~$unUy2LqyMrPB6=QLsy1G*4NE~|tfcpvKD>My)b4K2|8C@2CVaza+HwUS zSg~>j8n_}oT8guRW zF5M{$5DxrtOX1LhK_F_|9`+rXpW>3cTWvUN;9 zv9_H+p&|a*Vb(|N&v$?^g1MB_nI)Lh3)=ivMl_QxA4xd_L^1gcRBRd=oG6ChWX<9u zwNE53v~V?kJ%Z3mvGPMgVdx@aq&Oli{nj9BR|W!&F{XsZP&)qn(5K#5`Pf(&#*iQj zntExTD1cGq04@FSeTZVKPC`&zUS6n!hkC!KY7RCTsD@DP<}iMEA9;|XYZ^m}rVm!5 zg(XZZl8_`3iWfdXo+If&D30M&#&t&vSH&3~8j^k4=t~&t-($8co%8E)Ux7Ry2qWYK zQs`*ZWlgZ7c)=i62B>*z)?8xr3+TFtkayTqPE_Ifyh70XE%qt82wf!K$B5u0cFlq@ z`j{X>jW;Qcl>YlFgLdm4228CsXsuU+2@HZUbni}Ncu8yF(rf=eXopW%Jb+{55{ zI~ZTdV9asoQylx@)Z8Gr#NIpc!J2q!;a0Ysfd!9{5YR*Hp?A;^DGHgK`ppkLe6Ix3 zWsLdN&FRJgBSb>b<%eUrRlvjnCX^NX7#wPu$;pw516?9@qlu1Ma&>ETeeF+`{db9R zum@YG>pBhyAVnw~?og{TFdQ_}vOfzXt8Knwt{)5^GZoLb0)#Zs9fg7G9PQGW6jwM~2!j?c9uOve<&nmRTNj7nA#ghFcH2>g zh8W~q2JKdOWSvgiDPD|A<^OuF{^HLP`QIJ(a``{|+xs6k^Y9?MV}0C(E8jqF%djsn z2t+nAs?CM+Ni3F(^psA4p>Ej(=?`w6H)O#>a5F=IJN;b|F9EQ~lEz~wT8*?`I`LT* zF4k31&A_RnhZmA!x2Txu(BNfFaa&Y@%N|~m{Z&|m;ly*2r6`INWx2xOl?aE1!H(D% zTe>r5-?63^14%`_JI4Mt){2yPyoB+yKwvLA%Dulw6y>-Otyj%sy%bUC+TZ6b;QkPIstSul;cXzzP6 z{Ia@>;&E;KN;B7l?{U#((9jAbks-`{cb$=peeemGp_revg`Ni>2+=(V*bLWu;TyG= zOV|GxhyTXobsYa*y8qW7bh7JzXE@rf|C@NkDj(zU|KRajR)4`a8(I5#QSn=>zammO zA;>dMva`CfgRPqDs_Mg9R#n5&DwU%86ozd20}OnRi$G1tD&l2V?J=b8Y%g8AMenyO z_jcv}x>jz(>RxSrTt~>QLb!CY`~mC*nmshL5dwfYQPQX8oKOd;isyy}vHV%X3|eDL z5%xCJ5|QUXRCCLQ_~s!(4sasuIqH?zk1|Ju%y7(K?-b1ydw@44Yt&=P91{_9+H|_0 z09Et+o%z15KvIlaA((28Z2j@ABgEF;DEdTE9Kzr%q$r+17hPh{!s1baB=ikC~0vYFRLg)L0(49C*}d@~vnC$@W*6tNA&eGW$>DGbd}f{b{-V z$G&Ckzri;Ce=`ra^G^6+Un9B>3(!MRfFI^4q+gj4sC!w{4AfKLOBjN>@h6&sFp5ZO z32G8-ZNaTA_^sQ5dWx*g8YD(eTL9*ey0f>IdR~p$2CbNkx*{*>v@O}Z6}u@5b~D!N zW-QmQ+G^dn#hSHNvy*xsWU$K`sb9)K-MDf3Eg7cIW0ZbDgS5~Xt;MVIm1%!&+V&i7 z()28~|FjnW?D3z2;h>wl|95NuZRQd7pC0V*+W<^?x~2ta^yCYefV%bd+JGAD)(G4h zf#19lsJVG-1#YdttrfVn0@uKjTPtvD1%f|^6{OyYLWBkIRVk1x{n3on~O+zs4l%eK7%Q*`*6l80h zZH=?9&p1oQ1W|drEcCn>5rS&kMS4Zi_13sh0)BcjrmNz@>wHrS_L`q%>;HA&yHCvk zx@7(Db=%qapHZ*7J^#6p$6EjSV6RgN-~hi%O+fZ+ZC+u$JPF}=^AL&j0_Kurd@>R* zon0>a*-N2HYFS73%@40d>P_?2%X}Bqjdxk)#q)`a7bt#c-R+Z>kN0xg45!vNtI-(O zrN{=IyJU>w5K+YYEBUS&=G-@#L=#)x==;@;jL9Py+ni0GKR2X$Qcp1ayzLn6)=8(YC5V}1k2J;{ZcF?OEg`D>{1Ok9gy`VJzl3uwRsIR z!++0^)p))1dCq(%`tk?HZ#P^j>gyDWLVtk1F~LYjCZy@Fe&`v*d{r_fgbZYMc#MMp z#bWom1@wMf%I6k%GgYb~zImm&A6}s-@Lg!2F1t~p--rf|7AS^OWHeGh ztz}qbH`5Ed@(#^${IJg6%sIrzbf^X{zyF!;Tl(6bGX38Vd7j`6o$_oROPkvWe0}tlS|1V`3>4;aOQlWMw)DKz`qPmhm>t6CbarD5c{Q$0( zIiO{zcoJ(>LX!W{xU1W@vn>~O(HIt~rDO1<^MjjV+kA(2Ppl^Q7jQ}YMn7`K%0nXB(o*r_2^ z8aZ_`3&m!f3^uQqRV!%g<;4Glym!9m1?V2eLhL$Oib}BJ`h%adHPW*3emiD0ecH{z zHU(a;S)0(TQ4S>^w3@4FUmCj$_>B2)K524gvn0!*XzVMwvFCuD3}V)us&#SF_&mAw zip3~9u=9#B&5YB$aERuQ8J&5(ftgp0$^5CqQI16ENUYMPL3X_(YcCN69I?aR&aD^r zT&^TsF)tTD(?nroR65D3TO>uT72LS|IA@-+Yf2n?QoAj2;F)Mk{u6*Uul z?kIIYv8)|)5aWcRxP?L*Kgiu#%l(pmFoQ+z(U>4NiIKBfGsbL{&6xA|o4L|$nSR6T zW#4A5e=Dkzp8!THB|JvWNtIa=`4zn%v>~c5=SXkv1)vG|Pvxr9SNWQic@6viDN#Ce zX>ewd5<0&r?HtMlgjjZWioKDR@K;X2fGqDV4UE3#tE#=fK-=xFvi3#wes> zD{ZnA4bBWkxdOH*a?Iy7Wd0*gg4~_l0s5Zuf58Hew+k7b7d?-(0$!$KAZ9Ww6=g5ch zXM4)*zYtM2hDVe_cQ!{MJz=`D&zNUryKq_lmws=UIsen`_P6%mMjmeKor}Q+>1cy= zxYuDBR&djoy(PG^=hZg{FRfbVHsPf}#2vq)zW7^J_0{rN&%mu5g0&dF1;**!K54n3 z-*Q8DVjT=WFURI7=Ihfn?2Ib)?OLa6((E=uj}6$JY93`+NlvLh0MS1EKbMZNWc|P7 zK?={B|E1F#w6po&M*a3S|Jz0$9{>N773FWNOJew?ueDbAzT_Jb-10m@{1$7j7|L(e zT~9!N9%O1DJu0lEj>X48gWsP_xP z*u|YXV1!c`d6(E@aMU=J9y?~^GDAUxV$#wud37b8S1=!U%23g(i199UHLF_Bm6{R`7dcKmmmEUVE3;4OUw1WII9;ipsxXq6XQg>ET6ijSw+4C+n`DtLZ4g| zSusuGO;G@7MI|2p*;*d)xyl%6cU4S8Lb6?{EE~pEmSgcW$4yrsEM+88R$6NgmtmRSzv9_a>&Qj%T4t4Oa+NW+oUxbN1#P>a zZ5Oodg7%dxXxsJdJ6_Men@ys!{htVX?{Mhzv=q;L|7&m5%jJI>4!8MVH}Wjm&WW%$ z7i{o6dpRlm6*qFyitE|MkqH9Vv44}IR%i1jE&YXdZZboV-?qsVc+OO-X;Wnh8ZNb5 zD%q{cV7qjyCO2AtihY`T+cd?zx!t1y;NN)62b^bE&7@3VyqLR2He>ygg1wQVO&n6S zgOgWCw>vdo^-j$&n>ayk5_s>#>T{aj&rrn_`aXsNu2@wuE!F>GJV$hf5^|LUPrLwX zS^ob{caV+$84P+`{cjV`GW}1pL7W8WnRGy_jaBtPtMb>U3tH&a(g&>?UrHy;4@rSu zm@o9Kx}nuvseWk5tuh@kkNI*vv1lZ>x?%}^w)FHU2eMEMLzj3sx$Oa3)Yfz%SE zZKrhw=Qeqinw7vt=a@<5m&ki&G}YpT@+m-cMzeZ{!ph-8&*KsOFj!AZ1wU0LDX)Nv zY4eYuC)3roQ08qU)Mdh(S?r0;!1z8jC|pX({r{}=A2^1t*(!>s;4==HYo z{~LMuiN4DZ$Ll!d7cGhsHf-=T-{ptn>N9(?K%J9$ylAbHb-deaOC6)_fQ5U7DD*?F z_e(I!>Y2bG7(@5&L?~7q2U*%kKQjTZm{NR3fHTH8uoEf7ym%%Ja0=#iLE-Ya4p#Bn z{|~B*D=(W-;;bwW>Gw0Ri%lP^M9Qg3g#^`+f$b#$;`d~*KvSzhfw5{n*ZO{5lQH}h>&;KL*_kMrN}c4 z!Km_xEDykOVGyu>JC`4hor0tf5?MugiC2t1Cdf$aN+^!uRB7~5P?QUo1)u$?)t~-8 zG%~*`eI zdRIRktwjN3O!H+mK+d+6DxfM+M+a18W%Bpmd=DLh-)4x;WPU+b0Qf`|0QbI!0FFV3 zX-jAN75(D&b_Om<#3fpyi27xhs-=Po!ar9Q2aX6#D8K%fQvkL=Nxvv}(La-$C=Ox# z0Gwk%j4K=<2RPy%>&$&h&GJK+r3#oo5n+Ml06`k$DPSpu^a=$C64XjB-YD^NZgsqG zS;zY}v@RXK464EuwqI#`MWY^g4cE5r@rS>0A=o7?ZUs;zFWA6Po93Wa9R87xmP&r)%@1(6wX>-Q%KQ0d{D`${BW9D zUoePfuxkxdh|Fo^yt%qO7L#Qs_br`B`ENJJ<)7YOmwkGFqHF1qoh4h~ySg)qNmRplHeF5iJcsXPQ zV-(UWG%3kLkbX}i$)>`PGjIGVoz9L7>`UXRG}G(KZ$xDWh(%GC)Vv>~kBJ{6FP(52 zEwMEEBrU^qwjUPa0^f96>FKirT6WZ+?MPYHl<=vn-k#x$0meCGf?PI&xr_MJOR=$K zmMXo3uh`F1B0wtyp&{+e8~S)B1YG^I@OIfu;nEPhvVhw<|x!u;Szl2T5PKkb0f0@fIoaCbSk7=PBV|H|xtaogp3901GC|8$4h z``?D`&es0l$ipp_Yd+ZP*Z~%7^JVvdCF@r10;gr_>;tEzDZk*86=Q$pzkB+AI({)- z?zR&-xm7@|IT$>8z~hlj6$a}mLh334)Lj+h`cJj|Rj zj&TFBec;N3`5HL(*;#&%v*CU*axUgt@aJ%fE|Va*HacIc6%V_2C>FWj|4q~d2zHaX z_R67`6s;4JC{S-ub#JT*c=gS)?M~KqC+m54vMOSBGg_Ig&(#a6V_Fp(i(eqgPpVge zPiRK2fY3)1oP+U8T{RO1x4m}iC zevG{16BnN>_$MmF(j~B|d!W@`2$Mm(Vn6cU4}y{lp;b=>l$z0%x=(9A#euoK=%h>44sd3a zMn*~qt>Ie)l37G+r?S*rX{@p{lXT>pXACR#qPSJ{v9i&U#XGY{O(Nv_FyIO3xuz?0 zs8e~vs?67~ex6-AsXDs%H=y1F?yuWRf1h0f4u)m@ zT8R3DpQw`K7GZA}OmNIs8Xl{5cDV}(Rx+G`dmK_g;|G4DzaM&HxEc2eSs($iCbHd@ zDPj5a%ba>NFxtudvdasdH(P@{dd*%rY+gDA_xftieyyYR&MuvrGq{l_BNqcck!w?) zcmR@n6a+TIGj1})NG6L-HHzgT1!PajnJi9uGAs=n6m4@GJ`XGEZ zh|?INiGNoU@kikI4Y zyN|*<)Ri}iv#o(Y0&ipi_#(JJlEslxeeHO!c1GKb^Lqj^QlJ#1nP0m4y%*A$&MOH`WIWYOY?{Ij^ zv&8=|&wD*<{@-qYl)e99H0W&o{~LKM|GymVHSPnHpBLO{K#;}DO9F$kW$Oh9A(O1%;k7|G(W_S^ocPOKz3uCk2=_(VQQ0%_nfG7v{-}}--U7^*-Xn!Je|yyS z`PQFO{hvaLCP_fna0qZ&{-4gUoz?%_qyAR^-^3&Qe{!&|*K-KaLs5Vq=4eBHKVDS) z7N_ngE{pz6`&rk&mQI7UAFeB3P401g7hvd_&3}M_?{Vcr6SazvSsfcj5lOQ-8id%o z@U||zug-;M1=_4MO|BzUl!Cg>4x)W#$yUdoQ6a3o>s=P~m)ZH0%3&(4IsV2ZH(VOa z=W>L-YaZWIIHxPaBI^f7J|+0Fek&37HqgrRk9Tffrvth%naG~NnhyDCU3hU=E@Zl< zoK$>RAunqT;7TmHRIaYIK^+zqQWQ_1i!QPEv_R3FXTvqhpjNf$q(l7$mLB%xmLE`; zSLG|U7=fiiUoS{}Hm@U$WeDm=v&kDr7U|_iH_EDedT?72)Vizr)~oRKJ~{hey5sh4 zQMfosB6K`M?%lKQ|8<7l-2Pv`*WTLyn|Oqc&&C*>h6|p-?Iei;p61}uZUDhUEoQkx zKSXiMBX$KRMu~_yah1=)nOm@6f}JNUQ#g?t&EmCAo{2^w+Qo*K=xEkb;$v ze;OdDJWrg>M8inN-?M*BXkHQ_HuOySn%W1uR6iuW?VUzl(cC$-bAcW!f`BIDE zl&a%x78P_BSeq{;aV(G`=f%az#UTLiL!W{hL?{7pLQxD*xY$GC;;m2U-o*ceJVr^* zWt*M< z_P0293kmV3p_rZgz;*bLN=M-9BF%Q-unsy=5yy z{f@15kq~(XIAku@1<_{ybmo9IZ~}bqfVObB3!wIW^d#NF&E}p^pPEJctl2~mK&GLX z=qw#R0Wx(%tJTV%TUIA>%=8ZC0rN9HXfcNa(>wtAqu?4+X2aS5C_x^D9_L(sR9$w% zfM=Z$DFIsOsjr3XzxAX{{V4Dl^CjwaJ}hAdn`6i0KU$Ixm|XW<4>o{DiELf5j-k z{@f`bm2v7vXAv+PvTGDz@>=9AvEHR=O8x+TNDG?H3;?i`A@G~Cv?OQ+_|hiME@!>Bl#4dPf_5zJ`El?#A}@n3Aiu> zF`A&5C%58L&+}vC(%@m2A0&g+o$>a@Xa*NPPGZK|P|pAckMRUfXa)zZFTR3=By&W7 zlMsC|k(14#Wv-oSm>u0oJDy)_td;=~;w%PcUZZ;i1RmxDW+f8hhg0j$ByDAC=tlv; z41S1&h34{Qe1c;zPXg*kfvW5yk#lqx_>BJAd4xlxGD~STU+8cfn-n^8ou?Dmc|~@T z2Gq=%CK2`u*wp@Bp_7-+TaHS$0+;SI!<5A4F*fp?yKq=&Q`KezMV3-K;c?26_E4zg za()PyzQiX%6eE6N9Z$$^#Ka zaqv~}t~hSKA>1!xJV$hf5^|LUXeFBKnsE}KFM<16IE_(yj;s#SzNk`-ZP6XcPs3Cu z^}fV`?>?-6uEZqb^)`+4FF5x9gF^~~OY9vb6cZORJrv$S@XO`V3f-7Ruo`(Nq5I)< zZ_#}k+Q%rS&37<_QxpT^KBblTgw<=#1rYO6rs{53wbn2K>*-1uO;yU@YV;#aD4QN1 z15xR#>Oq8Yu%-@t>E-ZG_Y~@X+##}eE3)=H{RXHd`d@d{$?pFS`|WM~_eLJ!))S$8 z1Wc096=$oMgqWfb#gH=7THIo-JY+`5AkE}jJZ7x3M1o}VLWMdBwv-ty4y7e8`3~?s ziuq}jBy_>BCl97vCzFZ)2{=usEcVvKQRSX`3Z7~HD$@xUu9O4I%zu@}QoCvZ1T^c? zYuif~id;-ZC34|nW`)$b)%<}tnfjtoc~o?`&Vl&og-;rUk6vgEK-#kw>siGKse*CX z0RpZ5<^1MDG=G>{>%Y|{;zlhmddc+D6iC>{9`t*)_{+$2s zpRoC#cJtt0uhbvS|NTevf2$umzqfaXozLp$OGh+eyEAR~DCZc{8_IEQfp-a^fC*C( zK+LGY{m(E2FoRtDS5AY@16I7Unj;$#*wi{ZJDDiI_i#CQCV?g@w^t}6~5|GR`k#oRNboBUhp zWl!Y1N67!m^&itstpA;Mzmr@4JKOv(8+q!mHKuB3YiUXbQDcT6Kfv2srIMQvisvg< znqW+gmU0qcN!Jvjsr=wExXL9jCV(hpCCh4OoxgP&Qyr{qOcZ*0V~Q}9jfq0ljeThb z-9FFy6wCiGn(o~Sv;Lh(hWd>0zwKT-m;Yr>XooxPe|NB*{~LLh&wnCVfN?|WuYF0VCk~)fo#NwVhzSXVb;|!z@7d(# zSGKZG`iJ_ezgTbo?Tuajmj96xIVzVGp`J|XOl7_n-n4k9u@HB2G5Cl2aHMJtfb@O( zjOx4jvo?WG~$hWp(SWAqM2pb1VtMItyk#9CvO2PlmESTF8;IA-r9c~d93|eHrOEW34NmQms!vl zxUVZ?Pwk9uMIBk!(H=YHj!et;ij&g5&S8j83jxRndZm;He8ly}x@gug9sXVsW~``31nSi`eS z{1ic&`zTCy4xORg4t zFBY>EqPz%5Gk<_>2`c65$X0TH1J5$~kHW=s-~Tik_H*&Sqrvw4|3)55{_7mHPZj$p zTznTIpZDXL^!{D&k|$lxWE!?a@Osi~FUzQqW;1qphgFVkagmg9Db!t&h%a_5EwToQ zaNn~IJ5JtKu^{*%cd2P8;^gi{7(DP5Cv|$s{e@hDOWD?Ib^qZtUsgG|m-euM>~#;k zrm^2pxTs~;Q`ut!z|S$Bn^#7>jM0P`W}d5jX}_X}D>UKvK)Nxa`sc()fye$Vu;>U#U2viDg=cvfst(|=+T>L15 zdO?gPY>v&~0s($1e!_!-O}`)cmjhn?8~Y(}c7Y>XHs4tI5ggN_AezCQoouHI(v0dz zXvs~Dd>T>PvR*>+JVDa?qhBrrFwFw$=VA7IJ0Aa=HOUQhSt)-I-|+di!hELK+QVTu zf7vSig9vK>(aHG(O2}A*PafkZpmT>FmSCe_-k}G5?;J)2I69)%MS3MuabnSO>BW%C0?EV3KFk&&|-}!#45~ZBCF!Roc&`^qX@oDEzSwXn=)QdNkDi4 zepbn6eR1&|@odt(?OonO2*wx(*%TI{ZIuk#XwYFS<j6k1^keU>`CTW&5~h|J)PhrEJ&(umdR<8 zUTzODM-RqgcjfXv(|iffmNC|nKB?glu-85wT!_g_MM}m-_j^r)B$uOCnNvPB&!MGf z3e#lYg=plK%v3Fx$MaTnuG>mws_LY=r-G$k9A@<+K9Y-;`Y!&sgmhMbyWYiKsyXDr z{pjShGm8|upj6z8Fe;%BzhgfwZ=8|W1J*uXHcnQz%)@!`_x$TB~ArCB>uW-`)FY3$@>-5 zl-9s^G9OGNvZi=VHvxn5BS0aIABwyL1%83$=^XhcM-KU7wAYDs@KEgF7-KqHy(4n) zVl)v+0NME4$QqmcYAji?LJtKSw<0IPqil9gMZ=9y*l6Kp7%$U{i@Ajz1)$0-uVa*F zO!8I@d%V&buVIPjEvjWUc&P=xcKch7O_2?r8>V8_ymatZvcDg1eLv0iUd{5ZWp_Wq z>aJ&VuS)$T)Rya-o!-|fkzNStWN|i3J|=Q93ru1EWP8Pyc^da>PWqC$B=LG}1dkTs zXAS~KGF|o_gQ2Ls5_;m8OCfH{3|WcGqb*rwr5aaQrb`jU0DbZaP47Ql+N)w$PsyfJ zv7_Ki>^#}omze=w*yD6-syxLQ09zLS)gKMB_TR9*wf{EqTm*!cyb6T~RUWkAs(7pR~KWC_-EZ$A?kz>4#a zJ5^D1-(~RHGWoCWrhdl!AEQAp7ymozZqNU29A4nY(dowo1{P!<8}&Z)KbmiM zmYjPm@D>)~^rP)GOhW%-f@F|dRa{g7B1OaE$^lVFg@V9g_WV3bC|ev8>IXi3aDX$7 zVKnny;s9sidk7afk6jq?!8J%zplRqxGG3lz@EC`1F|o9tbzD1wOd!DiDfY4!6OJHP z-nq{A(qla5_jgp8etOzxFKu^W;3iB8KIZ1C9Sbc^6^2oe>UsRb&HrSTK~2D$|1s~S z&dki4|1qJwe|L2KYbhY{wH#Ki-9ruclAjd|jdWofan|>Ylzs@VkB{D-W~{z6SR^xLA`ioPq?&@%szKZjGKE@OP86KIM5r#tHQv-zJ!{q6bhjXb&g8Tf!3iG0@M3bNSf zyYL5PdbIAiFb@7g94FH5n$)0`cWfTM1`aQ2B9OcF*Fx1^0W_r7*~8pb{*_|=&wysN zp}QgvMlGq8i>ayWWl(CUjFQnC=MsFyYNhs76sD~hMVR;$8yBgr9#NIzW5E0Ikr+`p zT@NZ0P9KXylmvmeC$G%isE67~%R0b0o19~M86$#1T9KmcCBID1N2Zs{uId~G_wa!* z`v5IaY-u1lmsJtox{1|2eg+LwfIlwxU#0wQda_bHitwy*18N%Ui)f#sdMsQ21Al_t z2RC^1<^MJAe{GLO+4aBE+3x>r!=Etnps~iKHf+i|r zn4eBej?ikvlr3jbDxxc&L2~%hBk@MuX|`LETeH2Yl~GXKPS_F?NjzF)BhqI z(`UZ_f7l)Na`*pl<9{~uSo$9y>@{ZpR+kmmESYx z1#BBU!k+N(pn`+}YJWo2^a+snF|=B(-0q%@K}(jjwHE=8&QQ#uL7?pt@+0Ue4kl<@Q;=*MNpkLrKMjVpM@2}LELt!1 zg1 z<5K>%I$g-+Wt?8f=IiZKy;FIbIZ8%Qt|x4;iWxAEYr)*rg)SK!Hg9sH&%YSaQ$_*a zcphreVNScDB64MlyauoMsZRTCdh#jXY}wf>>PD9_rr5=S>93$}ROYU*szwFqS@*!$~y ze*-s3%p-Xi4(Ev8CIbms<;URX@(1UZVFRs+97}ia*O^pF>-^S+-V%bZM^dC(TtiByWs7~B|-i77nhXe zkZHu!DaGq0noVzD(qr*4ClHsHhJc`W19?jn!{aa|Zsd?+mFivP{d3863mIDi=ltR= za7QD|W=q4r4ct@|VO^%V)-gI9XiA$t%cynq1cq@+nR79G)a*>2SS)qS5`46v(TK6^ zUt47QuAWNypB~D8ERzPT%Kl?_SM&ee86NDf^M9@6;rYL~A=)o)8hGuc0psGczKRyH zo+n2@Bca`FwYG#_A>|9BzbME8Hw^v_wP3{bUdK(j?54@&{PQUjPju0T0Dpx5nk#w> z7^%)dOcINz6qYlqnk_jN1d*F)JbMRJ4M#5kYBbcTRaPScou)pyt z&1SJ`20{S5)oei&tqNDQjFZ@N*v)^>n;m9f|r`k3n2wJf$38@;HUmk$2%4iV7 z2rbVYN6eP)u8v6rBW27yR0#>JKrB&4sQPb?{WkmCV7u~xEOx9FP~_oQpnDX9Mn)cT zd-;!w_=TH+%(N;BSWW+UL)_aa;39T0khsNyl7$x(d0mYQ%J+rs`pnP?=A|__OkGB> zvf2ho4Hei=m*~IjD}ex$Hugf+KWr^vP|X(vYc~H;V)TRs}Wr?)x1r6ka_Vn@@~IoALtRWOeZLWuZ91Lt;&|b-$D!OGE{Ga zDMT}?QAH`5Vxu|=r7ys>;uzG#EuDb`9LW|L$&!9QQGPP-QCn=K&Q+2!`7fFC%=ioy z8Nle;9yAU#+4m2svl7ICtQ*VH@p4NS%`hme1^wO8Oc zLGn!Hd~!flcQ0V*-d{rxMLuSi@##8C;M++8(+LWF%zDo}52mU7iZ!2Ci(wKVpZ~VR zTj4A(K|-;^&>8>EPt)E@(nyqFX`|1 zsnY-Du}&V#|7*CjySs1re;uste^>G-?Aw)yxzh^gCf3e(!L>=fX`Y^TEuqV7z1kKh9v9rAHe8c=7Crh0x~E_~)J% z&!{!h6i!icUs#TQ2J)SiR4fdpK}OCc`q$Bhs{YYSvSukyd+DZW5RJiLn;O4RlOD3t zf@~X1p-YU7W)Z2IU!C!8_3XLQOWPOSSq=qh&`PmbML?_)p}C&i`Rej_5iqP}+O=?( zzI8H2JJyy#grGP)uo*3p|CH(7IG*vNMu~r@icGIAe=l)@@Z1pMX}3s7c}?6$8}DCv zmBGPd0QMl+l14l&HehF4G)bXkFFg{%uVG)2V{S1r&pRP3@cnbm^n(so4KV76X_g@X z7#ioQAtRGGV|LLrjfEIQ6^VjueulXNHvpk_@hrJaflEh6QZ-u*<)t24EsfKfUKI8> z7PI(m_E&DWfc(D2$VAp?5>pDh??<_zd}$X7FHlmudxx?;)!<n7hy*m9O0rCD=GRz_w9m5^xST`sK^TzejSh0Mr$kqQ5yg7YSSmFHq@{gStas`6K7!p2!jG^YS z1AyaU_QLtUTZ6y;>b)Cw|M~t4`S;zR`_K13cDC?a{O6bHzdD)q+) z+gERXdmsGk3nZ`pPv>8os!;??5|q42$Hk~g=xtqwZV-X9D1&3Nwc)r2hMjG&^)f_m z#$F71`}ozHAPg|~Phaj22Gfp-xQhH1O^OYD%FUnlFZ*x%uljHLzwx$SVaQskpnnEjB%wT5^7drhEqX;w7?Dg&*Jm{#VA7UBl79@0N zSRXnT&dhT&I7ZZ}mDSOr8?uTHl=Na#53sRpceEav z4b(Ub%FK84nHTfhv1=htFCbCz=Y%dppQwlG*_4rAt<2A9)cTeqK{KawJ0<>FZ_E76MISgMHC~^^X=tmz6@N@8XeuNWDlbL@UY?HBk(c_ z=0OO@@DvOAL>x0f6cr@5@KS;q~4ckeC1`^z!(6BJVj_^;YH=GB@YNt!URG*u@jd}FShYM0W4 zCr`iS-nD(ri#h$ve8XE@Lb+ZaCTWmnFcLwbq&LNPB2pnklrjJmSmblNTBA568$O%| z9yC>(n{yP-sLA10vlE9_e1m3D)(cV|FGVaZZ73XLaFikxSI0J9#VI04ItUqx)3Mp3 zk3=Vh*mpJpE?_T7#ts^*fW%9fLN{VTAJjlH6E_8J1l%+Y##ln6Lu!){^#!xw)kIx= ze9g>U3gmja@k*G*K10hhKzI;eKp3B(*i2be-b;?b#T+I{;4{lr>8{Mux)EwuYeLnH zNT}LPG^7H(k}=AC+*1;b;|_vpFrH+%;4G#{k%%5lAK{KNn1Cs6%;Hb3DR?;R<*>gA zd!=i6=BiRf!rQ9bv0JjTB)sh#vg-4k+q1q4qU^nD%t}rpOzvb22koDRX){CD*78NE zBcF%gmj>ODS!>5QXpBpqT2LhNWA9-BYny9?Colri2h5HnGq?>3*=IsliE3E8EiXX0 z2v8m5HF8^Hc=E0|=AG*@7%n)q)z#=e9@H*R_qwQ1S1BwHOi7Qmt~hor zLM=_wv<3$WryfD_aKAU|nNb`9hKHm{=kVi=5&pvm#7QflZI<%8!!licr#;Iy;&w&*WfP z)JOuWw$e`RXGhzU#4Jf5*bC7e*b2GZjq<)j@1HdZDQBwh+$bX^9ydYc1DA%g`}rBE zMXrd?Pv3s{n>hR9l=P8U%uHrco?SqiZ*ie=6W0dIot zA_9O?>l-*i2?Xg~ka?3J8sjo zTaXoDr2H+da(()iB#doX=T*}>FE9Q)KfP*J=f&~Khl@W>uddEs6zuTUw|D_ZO{zM6 zf(*$!$l%n*4XbTev&LyiRC@$o>w8M#lW~9SW&~nq5ESZ};E>+i4Q}*6$i0QEYj6W8 z-s!bFNZTv#V$V=xG*a5hLeElp;HvKbGnh<+Xwk@@^r?#fIUE}PfBS=V{I8WfYW~-J zvfH^jk^p`emqki{+P)r=M?aS|rZ7$2F}!rMi31!bf5DS$sur4t`dNl5lNVC3CqdWG z#r!yvL8$m_sX>n_D7M;Uo=8+~HKwnRp4nj=Mb&JfFM|*|zjOhsT(`MNuifOEpeDcnvib zG=;5-(d3mw2kaztgXvpNXX*zDH6kW8Gm^1|x3Y#1t!pI%g#Vs!-akqkETVJfMK&kQFNN?BY{Td@11Kt>Dtx zjTIPs-vktGKS8lO=5nG9!MuP?B9L{OmY$XAvVKSljFv?8=MLEN+$jt_H z#KX5ZiG~kH!6)GK9UF?}`Zg6u2{Yn5oVh$FkPAjAxpNaAq@kNmz`OqY#c|(^^D)Ht zclP2^x_|R+ZC*C#2gz3+$Fj_xlPB=AB+-$NL&980P1p{U$j)z6)Dql;$pzQ2h2~zM z%$PUD(ng;A3@<)66@3gwbj`&0J<9`U4G2?tl3P&A_l=x3(kLeI%1b$l1W;xmxD+y4 zGs?!O;595Q@V#9G-wKga4Le9dQ*xNZ#I6#og_9{96N!kJsH?%0Og{mZo>U5|a~y^= zK`D#)l>#iT$H-6nl9d2nT(r7gS7bn(y0;LdFiIiGNI3U0Tecs|j?e&ZMNERT3x9@( zIO(XG(}?o9EHaKQ*{p;Z51>l6&t2Ju0l%nv({iG2}uD7b-y?qTXc zQjo^b3r2xgmOpKC1T${}{p*4SuXVtRv(+J|k>-S~5Gy8D-H09M0+b6T0ek_YAW1We zJCRL&ke?-XUl8%R067DmNmr{i6FTL^!qRx&(y1ALUvE+?j}fby zg~st9MP)n1Ap1wY6}Oo)7g^)7T3lt&#Ed9cVk!qE4JU)?Mu3tU!pus1igDNgk6>@qyGVZf?nPGpbGns;qKm0yZ_nUKRj69|E%Is?tk#40y@R* zT>VsJRw>c$^1LdW^p9`$GDz)VTem^{x`*_g6kvaLOEb4&3|)<`H;W&I8M>btnCB$H z0q)p)V&y7LhDw+o9yV|(60ez7&AsI7tP)nKoxs6+Yny~7&!Y5yoW$+X|9$=bfA?Ux zzW-mzqtJgmsgFYc%hH>DM~8r%LhbPnfud7@IMpn91Yj7H{^LGX(0^HHMH)BKk0+US za_Oeon+DSK4Na>^|K2o5kexmlM||YqV)TZ9R9K$`)z6~zpQT)^bp%w<|J}jijz<6Y zb`JN}^nVqPLjT#MKFSeLoTKwQIsil`zp^0E?h$}{)z%Tf%edJDmvQ>aSf$OV$->rAguj4U9Mgz_MF?eC z{3~>Qn4}D^{Dl$eEuvP2BKm}O$1m)UcxYhr?xAwy(aZs278xebb)Q8sH~`4z6}eRf zeh4fv#&V(q8v8YWVA}uSg@JcFL9-N|MgL1} zBAPjZRnY&vg9Bau-`U$=)Blw`ETqg^nX-d1j9@}y3%i*4_0bf>Zkpbqgx>taD4iuR z1wjUwu~G_LFF|PvW-&?V)Q5gRBmD?!TtQ6bHP_3RT#tD%<@{$b0z7)BR7~~L(d|s< zZW7?{s%0s$qKKGaK;*?JNe)eCPn@ zn&GX~O=H)Ca>G_wDD<0va}0bHsF!X^u)`C19L5v(d^QF91Jxv#oSF#)ZUTYm5*_+< z8xVX&=+MXqKJ=3NI8(CqaMKEDOcXNCFnI>Hg2;!T(GTxUGZd@e}>E{3XH=c|P{(a<4Xdf^pY7hAMGheL~O`)(+LqKj7?}TlTBH+ex3T7ln zF10j|w@F$mW}>aE-`uX())5R6IC1C(#I~2s29uuc=D`(UXdu63LFI2Q`64DT$=oc1 z9v*sP#muK*Szx@sO9Lc}dy6jrMMn)y;}DW4_GCva2nH`$41z3V1qKtG5{QpfVk=4L zDcCwe(+e1l$WfYooDGQ=;hptd|!W|Lowhc%e0BOv=bD{wv zHsTwYAQ3|hld@4>m@NycN8@XdfBID@=#(kTxoD|C5RKV;JPG98ED7l=Jf7qY+0Nt@ z8J|*nw&uJ+!1z&BhfGKL=vjeqTE%Gez!&0|@;~l0RGmRMXuDg46jGebvdmHZU@#Hp zq21BoKdRZEcxv$f{>`6muvq3N`jqqkJG=Y)y8dS{*xg_A|EqXPl^Z^c)83sMD5?yJ z|4yJEm@e{ES0Qu@g&R?6fx>dYrn&p_{b%MNkQMYCt2>n3hR8MTtEFq1-{3tUcKb2( zfD=SPCX^wmH3_h^&x@+b-f2aK-gZzu6%ugBV07uo7xubomIppQQ!EVmH!aN@gSMVI zI&*9|9&PSWG)C>s9fh`@J2rQ8I38>63bhrBPM<78e&;h-dk!VO_mQSCMPbs?1Y%I% z{nXW*I6M}uPT6Jx(^;4mr`ZzwGK$CgxEEx{;xM0?xjL$r53jo9mXG4`QY&WjDJ+@# zyFH4>?JSylf~b{c?Ha;4&Duzlmuv)6cMQ3w-Vq>`PQn02*%|(_p+yzO!n>3PbN}Ec z{(>dEWN!*GTaxx!1(9`=y(~^Qkxh_N?ba{Mz{pZEii?4_jl>@i}C&%pK>g^G54t5X!>1;?YH(lWLZ-S_wP8|BH z>(M{H5TNASjhjxu&p-d;^x`FL3VIU+oYPOxn`J>X1}}aAcy*_}Ue6%~-n|3e2soSS zs5s#Ld+?wCiN^pX8Aa^m_1TBx-{1cF%qaX{8*IFA+1F=(oIWEXMPK7(6ar@xzh@LN_H6#dS`5E!(#{r?% z43Fu3`Z09*6C(2b>c%J@Avgt7`^`=9^W2FNsXvswCI45p75 zN!e+OkZ`R@LqbBUtqI8r3CYFztBX|;5<0y#2nj>##qrzYUyiR&kAU;}v!UQ)|BEa0 zhldq#dh*u(_2SLxvp$V!OZYre*}v%}v*?5(vh^3ai2cjyIN%Fi-{}N&yTr_Y^Rqnq z51`v6yx-2@V0b8f9Zl|cGEcUVFH}Z&)VobIRBMPO0<;| z+@W7_hd>uZNXSnT-@Sv!6GeV1vE6K|sXNUA(e*qSlTLUjifEwM)LCj@QYC1!9f^l( zy&qSxAFnT7U#;Z)#LJ-i@FeJ*TwI-AtH&l$%Hw}dPy$nOTC&2Y=f}UiJ|$|2)AP4y zC&zEkF3t-opOOW5Ji{_~7I-|!tAKU<;?3Flhu^PHug;I(oE88P)^SF~RY?uSLrIkE zLR5Hs!p1Zt#S=l*BKI)Wbsdx>db1=1-7axk=yqo*rGl2ZcyNx?50W^*KTy%(=%;`F zwA;r6(dQq?dU|mBMCu@hlM-3wy}U+Y0?HK{Ho~fsR++fw^J@0>+eDeGVixAW$mK;d zN*|*%8z*qBF<%AEZ%7X`YVi59<|#`q){dU37j5DuhF(@h@mSoou}_s$<@0A+kq5Uf zaY7?*U>KdWH=2bZiw!LykpogJw#mg3F+UdH757?-;|rKkr>UzyL5xrclWmZ}lwd7h z0e9{OA)V!WtEfeRy=4`BF7ly>8dR!iK0I`jJHA!p@rNMA3;P~)egvVih5QQq(BqG${*%rUrlyfHwnjRC421IgjK?3Y|!Cz4;=(68XB zVgJeWj0-w{Rr`M(?Cu|E_MgMUowfhhN*?0>^^JLdaRbFN*Dt#f<8ppqsz7)UW1f^ECQ(5Z?FLX zvT->Sy0;ew#mV}XvX#Fbk4F6rHQgDlry?yTHkj(CD3$_$P3BYhFw)tr=?|&y*lZMaeLC9u2?rOvLmS{B0QS> zzrVk?Z^-}q!?pasisze@|CtR;sr+wsgj-VnS4?=mb@^XG_B)sVnPXl%@;?K%Qu)7? z4w&%1iu^B|KbFh?#MsNK0I&+W405TMSYRHf%Jnj28K_OQpaQHT#@9kYQ!G$T0x{ip zD2i(FEKIfHS(xg@E978?S8H;x3{Q;X!g8<`+LCgx3Ue_z*aBlAIoJYcK{>bp(t>iZ z3T>gFHyRAOx*3G};;#WD3sVLJul_}Ve50{OJvnbId@sHlg(fYVyDI>u1M^Z*{<(E?5rXG5s$jXrN8R== zxCRgI?(PuWVfsJM_gD8;bxqCd)2F-7Ui-7weqO+ud&~Sn1t%-5(Rj9R)axtHIDk0G z!_ZysIL;JR$LMpErocE5yNYk14#^Meq2d$INW~!%S1g-HQ5wv(eG_pgpz}k%cO?oE zw^0yJ$ooB`tHG~A!Gdc%7g{H4uk>NmRIrnD(v+mL%gXzUiH_+#X9SmmcqQSLrjJ#M z25x8-XTN5KUp1ynrWsWRP@h!R~g_4CvoDd2>kph>(zAW?hjU(A9NlCjI zTcLf}sxpewDLb34ut|`onna+|q{K}g+~jS;1Rzq2NQ))ki?sg9?coeN!P(hjx&=t)nNx!qFnZ-fn)B_`K$vgnEnhnZEG9n9`53gIR}^7}U{7VD z?^F~@I>IQ1f#i-*528O(?+PuFTEe8MU!54acLPn3D*oo4M0iySTkDQY_dKQ;7V0bY zV=%3ad#^y${;PxYm$4o~i|q}}lkX9pyQUhU9XWXkZ^ywD_&zSEe~rG%zJ06Y_;f6i zvr%jffHdZS?5_83*<`&q=1xm!!Q?qt}Kb0;Wns zwaMtx#{3EmMjILxB{gD1ohwk^e(|GN0?RYDQ&LV!+f%E?mp;+*ec-;|E@m^(dTPFu zlO8q(e*&>KPE_nlaGq+Wz(5&4fb6sg^ngB(B5903Bwh(2U}#r+r z!XRAO36PL#T+i{K9?9G10WrBfv3|q%iTytQJCH7Aof=qR{!Gevb?HA&&4wLPl%ca$?z~#kx#x;Pk z1O}LV2rY_k(Fa09LT#OF8|{g7;lV_FibAJs*3_$kmhm^W69ZjPed+8;&R&l2#~V4{fSJ9Jjs$L+~%YA%$@rXCOKliFd6B`$F&c zCnFE<4u|}KDtW}6^Bc(mb3I;fniG%^WoWttmO40PZUvjDK`& zYT+qi-$63bU93hKS7uUH?kBzNsi@Lw2gn4vTT&q=XN{XCg<~9#I^07aH<>l-dhhFd zkDqBwxr7*${m^>%;$uc z1M?@Hfp49ec`Cm`Di6%{{Rl!JRcl;;ENRJXQk<-yFHI?o2QAhYGgbzJu$y2bLWISD zPeRPRMelxS_p4J+!MjNH7|U3myX$R%$?PsE7;?8R+w@q_q zjU)&xatHUjqpgPn3!@yp*1Vud3R`wRafpLRkBN z14)=h9ChRjlp{V{uoi_$d-~b{q50|GxS4=-m@-`K)lL=8-4v|6VWoc-8&jR4E3$f@ z`E*vAj#)a>I1Txu;)0fbixA@I_+vzG(Vk`#f0ixW#jzzC6!&dh=+C7{$n?Wn2s$UD&$ zr8SJHakYYiqBif2WKi3Zzp`h9!XdG?(ygpeg}+qBV3ER@B_F@Qc zp4}h+5Sy(zU6tnn;m`e4>&C_JQ=;)e<0jWngwf|X z&nT4^IvB8sEh1vb$X~^)IB#=F6O4!g13$vz8Ge*)M=(fDCt#PL!k&|!MIIP-a<$id zsJ?g&f#MMlj!~P#q(aOznqoQPUu_E(=m-zkslqA9OeQAWot{KaN-)&NeZgJ`s#ou3;GW8B;9G z?&E_VcXWC(t5jEO4X<@^Cia(t-sKJ+Ym9R4uzU8e!R49jOXmfqB9pewVXpbM5(tWY zS&V1gJl~eItgl9Na>`9V6*MZbrep-?9WN`2ySk5P&7YIMhy-i1{gi$^Br9?uO!%R2 zcduaR&-66k#qaO$>*v2JBog4ZO6qPt<}S=Hh{Xwgn_=D39v2fH)XQ#o66B?@in_rG zD~3=yPmMYY{n<8R^32XaCPN1AZAJFfC?QxhI9mEnD3;K(A0y7e2QO)iuh4%))<1fA z=mQ(6gM;q*eDQ*rZt|VPjxmuIr`Gorwyv_}TGcb&t;*w{#xUJPx; z*q*e}LQMrxZy9NTXATN@Yx=uT-}{#F(m2r4(g4{ANiywxrCA)=E@9T3#$GJGYR{hK zdib)&`~3r>Hyu$ADcReNy*YQ)4cyfBSM#fYLPa3cBM|2Z@GNiWZUMFXjH|$TLD%(S znnz>x`AdQw^a8rFQSIYPz49P99?xNrdIR`(`Y0k0(*NG{ekq^x@v+;X;>A?yb>R+Q zwpO`1q(5P!zszOoKtF*ivQA{-6_~jMA$GKbLHHqx>HX#K9Ze2&`djzAURV|HOuu%$g|Qqv8!c7@o@M>er0j zYPR%-caR;gA7SE`-ulk8q*JCg4q3dthYRhd4qBOliPX6s)j*mPU3Vt8%|eLkJ_+ND zz5|K;i;KIv{j{u5ZsYs44jAh%>+j&4s9O;Wf+YoHXgmo1>18|s2#{3WgP44(-T>w> zVNqAw?!}*IatIQ~ngRA>veoG_T zAI$9Y!lAFx#w!pJqeqpaukcXoinM_8MaQJZq=EWduB3w?-W`Z6U^6gb^%P~H;AX>#S&|BjObi1+X3;~8C zh3mi`V=lhpGY2A!W#^c&{=Ih?HjG{r^4At&Y!42&vYPn$F3EsegiE81@)B`T%~t1` zkDn!PepfW-`8=Gd2A61{6ddAUh`Iz+pzcBvcG1Q2&2(gjhP!{941#oJG*_8SZ20l! zLv>8AeAy%9aGnxQFHQFW>gpvPS~mW+1-({vbg`6Qokzyqi(Ojm?^eQW3R_@}Ss$N0X~t1fpf1IjZ&ARn{Le+JLW^0M|dN#++1$EL!;=e<@>%mq?D-)NYik& zvCdE-b0t^p5h<1ky4#p(6pcnx7SJLkSli|>1>U9kEt$?ovY*qkN!ujk?;HB2x0xaL z95AD?suFt7Z}73=M`Jd+r*04ro3C^wn+21#7ddA%3s{Fnscok|jh z8^#JhLEA;SR6{FGPXsg0F=pUU382Pm!Kia8bQUKVo6(9cd}NT<%jZ!DJ_m>9yvd-4 zf2~}dB$Veh4gUcLI%wvgP7dUhki&|FjyVKm#iB$-3o$l~9pQajrs)UYbQNb$$E=*m z&@>jq`mDjG_!2`O37Zz-ApbcaW9~}hp({ju*fNg7&hq$Cgv9{Pj213!d72hqiF>@v z0MerBYBhfd544-o)LdvF0;np3yW=)Giszv;A95pJOMoR~7RW1Z=i2B*gVo|V|Hp*= zjG+Isk$Vv&)KEw|L2~=4zf;;FLsA_bOr^(L%11MJSs-P+CW)F>A;BQe!Wfl^ zRXwMh(G|!hEOy-m-G`Kd!+w_L+e}xeOKAH*7Y zx+#L!)VE>Yj%D%Rqn9WaU#-oy}moz>7U-!7@`0_pYazobp z%a#-FJ@{|G%#O@Q(D<|Cw4yhTqWPbV9?CsYq>Gqc=*meL+P*AQ>!Hn?L{5=zXB8r) zTCMCiOsp{}S2NZ#Tn%opMO$v7*tJe`)&kT|A6OZ}$)mG=Q3iHM7Km^4y(T}Q&|K{? z%g)cMF*ngvDh*K{g@_Q)+EHW)C?2xOk!}}FD|I3dfM#QJ`P&uqXl#vNRi>s?_>)~N z(f)LN7b%)z#7;oWxCco8jlJgNwB)bH%4;T~|I;Vx$8aMJ9O5~E*dV&cMn z{q9l(FWlJk<*#d2P&Jlx-V$`jy$qJ3s`w47%=X5=?>-d8e{+b5gsml-DQQ@X+GSGR zvx*d#k~X^jh3fp3jxk&5Az|ibLmch7O8pp*QrlWVxuX!PVJw2O_P073)jv2S350IF zC;jnsf_*6gL?v>e`-<)*+a=J%v!nNzEi!mRZo%?PXzh%m{hJO+)g8b)eG6bdcr86c zzPk)JxqJs>C?L84dM4D>_St4@>-4~s%$E#a>#QdD5j6!Ph3AFk$Ir_@^%CSmBZB+3 z4kOhSf!{hFBnXZuX$!Dg8vr_nXY3QJ-Ai|dOg^CV1Kxfzt@v&B#;2af=tSadlf*tN z7V7iG*;7$~wIllZLE-6cs?9fR6a!Q!I`AXRJ6Va|D(3Ey#v&90jEDlE@Fm}adkn-p zqh>CLsj|UaBS+QMp!3YdMzJ_6mZcyqR)wqulTEEOLPe=ZOZC~~XJbIlu6h9Y%f{ti z4$$AVLHhn?v<6fivrmBnI;Q)cjr=^W+$TXZ5zSMe6CBGXn4EbgC9++Hlqk0w^m*I; zRz0M&B_`}8-k9zqc5R6GGG*9k467yucws(z08`lzCA1}Js0c{2VqML9hy3PnZqPr8 zAWRJHy=q#64^~i7p9hXLX1^PhL022a&8O|^8k7bP+~R;laExA(=RnNdyRgP>5_wVJ zOEk3it$)24;M)D)R{$03mMbC@mrXz)J=8^y842`y@`j5oQBLG11Xc6YlML?C1S|yV za=n(Eh75CcC*-5Q=Zk#PNjgTh{dS+;Vg(29j0V28h8w~(3`GO2W|08zvi=dE3qd!4 zFMH5{jcr!%RHXl%>`NHJ z*_`dn80{QW*r?>kt&Vfi?VD+Q3B{wso=PH`_xCb49z5y42q`~+(-JwPo=wSa@{YUc zNtIvc!eIcV-dG=TPnv9t4aK!&U)Gy8U36}y9u9-cU$S_PPQyJcIHJ}dvJCNYuW8HXk>|5u;!yE- zwgU{_PWV$fi=09n@n0LKddlYTSTlNQ;-mMghr0US54#~oWSr6Q@$5w2GkCl&yjC~j ziG?5qE#6kJTWJiFvHu73TN+aH2m51S8s)F~@p`bnN$Y?U0Z)^nVtY@!WMVCg+0Y&f4p`}!(y zfKPB=6(M$+rQ% zL&zk^_Ff0FsL5d<$0s$2(IA(;@?BM6rg@QmsBpMn?w34+(nzjDo7Ksvv6=Z3y~+_a)|r1)4COw*%f{vD^hT=?${&b1;P4%3}Y$! z!aV=Yz=tYhZd_cEta!cMypnL1px~XWmhon$Zi|{RO+=69gjB17FuLxKt5Eaog0Cf2 zv5w}cCAU8>rl71w(ropiFd;_IB-Hsiqi&=1PQ?ONKMndUnlzcY_RrbOT@Na}Syoad zD0s0JA2#7a-h&uM@L@_$S0qOR(^w!Os(9w$4MOt5nlZe#cvJO$`%`9gySqb_LWWdC zg=b)ccvr$`+WAG$&UPKuNyF^* z(4hRvxW(Z~JSW*JqKF57s$0NV1e@?XuUo%7uXh_j22aj}l6u&)NEn(sak>xVvpe~l z@Z)BPF0Nme*r#757Ca;O&h@e0F%ZBzVJKq-k)CZpf6bWUFI&fcUFukrtTH`Mws=XPBdY8k2=OqrGFcP9wTfm-_TzzlR-ru}XRw zGljNJr9b?U&^s=pKU#~-47wA(uTLP)@g7$VKDu*+p(Z2KK|!~#L&0Vy-oq~ddn$ha zSx+k69@3KH7eQD1Nl)~i*M;iWeX#eRCDdI^c(Y5W2xcQ04%Zxk7hbQ74YholmJ4*M zUF<@~U{(24;aH2#lzcnWYBSbd-c%v|zVU{r;+WUV^HF?Oc^8MV1FkTOmIJaq`^I;i zrSlM_V0MM<1bgwRH%NyXv7tFul@4akXY&~u=CU_`iE-E#cGBa&ne=~Q!W76+u7s{MOg?BF>{DEDm z8lJ-YF`!>-P%=@K04*G>8yHis=8LbNU(pm(DTpWr7hs7l_t%R1PaKbwNB_hsl}E)# zGcyDHdhO`;N~xpbUwC+*(^cJ@_cC*aYJ5KJ~<;}sKWOH1S znvH*_POj-ot|*n1DxDJ}Y~H8W+>LM4;Gy0tW2OI|+&duZE8i4!GtG%M{`61US3TBM zx@R>Gw$J5SYW}&Fg!0*t5vwN=^14zLMTg0T+~fqKea1BQ7iZJ&4{Qx~P!QWVU0eaO z_X)xdvrqEAqOB9!^PiMEMf|i50yc~pq0}JKl~rWkrS#0+8Rnv9%oKhjYDu@D_cs2rl2)Si3^b$Uw90vZ@lOPqbKYfs;{gh>9K-E8rL zfhe;3w^H@Zf~Qi}g3>VrLQc<=aTFpY*~r7T0+mFzIprZRD@k(powr4KZp zcwp(D+=J8NE$33U)Yp_^7xaXd9;c3i$Xm5>z$BQOX$CfkG+dj+Ltox;XTeQH!DmCf+EZu`y*_FRy>NnI77)_!7L`! zQ(1D=))DIveyG}`>u2dPGFVsIScb;Cc58%=N~|5ir8w7a>y4W2wEXp1>dvI+cBYt4 zZBWZ7)n%eZrc0BUNMZ5EySgwrt()4E)>xp0dsf=t7~4>0v0s0CNu<|$Xg|b9c9?KJ zco)t)kKlLP+0Rq^&cF=mj{^`|^ra!ew^^hFY}MLPdIS<#-}?3n@iVJFb=wIaR9^** z!uZz5-MWV`kpc4n*h=twI+GSs;j-{1D&J$5TX24d&sDi5DSbSl`knvWz} zQj4dd1*s|wY&php!v(+7T|etKVI=FbxNc%yWMbRiI%T>JyF|0~Nl8?XXzfnhvN83~ z)cg3;pr`{N#=tQRWFE2W!-i!@q zPZ6G{$}N4*(l|=Z;7N~`IJvIf;69kjl;-m1Sr*xoMQV_j$oN)>z_0z{sJ@&L>y&R# zbz%m$K4T)Zkcrkx+ZMrsvMFRX=f2Uu12u1e-hU9Sxuf9$Fq|m70eO!?XSz|)`P<-6 zHz(zMCa}I#I*ZAxPG6wMXeh`pKB_O&%g`7%EDowMxyCh9xG($MS>In-_qN147Igwb z_-TWc=q^%=vlNoXhAbOvOl^ZAE>7#!9`wV@N z%q3&$GE!^H@cUqwi4RBqSOmpnx8CCF*YnmRBJ3X6$*Z*lqVH?GLPL!mW?r-6Mq>*nVBOlP9-Lx**9Vd>$NLmVHdpL85ITRrxwp4xjPy)%e3;D@H+L zG`q*#d!TW{%vTLN#9tx*r??S%x9zGGv?PclEX+Cj*BC7 zCJ?;xy<^Q=v-DWf^U1b~iz!u@vp1E~Mv~K5LT3}X`3jE*!~F%>w*ig+$;q)|7wU*3 zi29doZH%UTUrk+hL-A+bhtw9U+?A+%`7>^`!ye*&(1Jk)-1jd~a(@;CNUNiZ?gnKU z`-eDxSo@Zo8&5$`GDv;~S2j#D5blRz{y;5QxkI44u^!*5lqJrlFTa1vC@^6dFink` z{fVG%dUJzcpMbX;yU`h^W#*>5IoEAt@$9eb-~My>OprrdtP|z-&_2;8zb-bh#9Cp0 z^G}j+Ej3FO`2}MtaLACQv{PTd1)5I)9`2to`$M|k|0~X95&>|Y`k$)vA+5=uDX(x~ zmNCDIpvh5~z)^S>-8D2eTHOS5S^1BR!>RU4Pb|wMDy@tNd-x6J2rbWz)5vw{8?s3A zb!|Hr3ITMq_#*S}bYUypS9H@IgXpQ=#(tlX%=Hej)uwzcqs?`hf>wU(PwTYnkKz9n zMrjutcOlGxHM?%X+A}@zPKi|P&(U~5H`C?xnvaV1SJyuVkPN3&elQ~H$A&%sZEc*W zmvAiq5V3VQ+y1Bf|Jw5xsD~5uPEUf=>B2Er)XuwYLpQt--!_K-KWrqfegS!FkDmY3 zK3qR&Rjg;W(O*Ob91=b^D)dj1Qz^7F6TMYXN67LG3Ot$2k!~24@VuooOwUP#ZWK&C zOA<2-gddDLi&av$tDx)(KKNkMC{SgG=t57&ALtfpRQJ5dV**-g*Z2 zudTf4ZwvrCT`M4FUpo{9w1}+FT>uE*Aug*@h>-N=C0_CpOZ-Kyj#R8JSrjA{nP9Rc z%aHs!Tkk$hN<)L64z_t3`h8qmZ*3h5lc^2*>Kcu_p8J8UnK_|;o=uj59hW-wwN=u;} zP+pKlXtPs!F)Yy>^6T581ROR!!w(6p2l}k^-@i6{Mh8!xNnDTXb(v%N^ZJJP@kJ@t zcu*`Ew%9zB}xtaQ6P6)5BE8s{<&duwUv_R3oWkzp)d z16mMmh&Rh;;OzS1|!8o>1TuJ zjv07D3=_)yWbG0vM$!>eAC0plB|^NdyH?nG1~!+uF}S#3<(?A(K0&*eVwgWnGJ+C; ze@E!XBcfMo1bD8+KDM90b)I$CE;RMY{t*+e+4;ws^b@XqU{eVaz;(-klz)c|xCgq$ zcIx9?KAP{+u`a*32OuYUjRoii0~HEV4KeCV$mp*fNZp_MZLFz>OwpOjn8#aODUwNX z?Z5tMMypXHf_}g&EL!~8EiCl8?B(r<2QQug@M4>O2M`20zMtJf+$gT#+j7UpW!AP+ zUt2`bW=eBBnDH)TWuEtrXKs6oj>#CQtE#yVq0WnostgZ`R*8vXBvbm@i-(KioxIoM z%E=p!P8Yva<~;yr=xWYc6rnTsZfc4ZSoWDA&(LMM;7>7uY>P@jwG$?3NO(d}YP}@#U#$%-xWTPSV&1{3 zF_`gw0hHaYzua#JZwL0UC|YMQCS6b52jc|&MX>k>q{7krxt;3nChBu8i>ryI*+Zkh z$>xk2iSDD75~;W`zDEE7q>8YXxt~GxifCi?^pps~B0-tQ_qSX*w&3{Nw)nrm#rb9W zGx@{f!xobdE?D`8c=Zj4R@zxP78vWO*Lr8Jd`Y}x+{(QvZFjS~pVE83MHgH+5^3oO zXuJhEIXN3=0k3CIkd9pPZLYFM#}O!U2dpjt+}6A)O@RbU7!B5GR4bI*po9xj3|)X(yn0IRmq)%zm@S6aLYAKna0hZrNp+Wa)GEhqx~{jNZhE=-jvsjzle_{OGaLU zQYaSA=*Hw|FgF%sGsTJLb4Iury+7vY*2T!BGU;$N<*t0b=)Z` zN^5LB-?2RidEhitEnc$R<8BO#G6l<1a+zlCxTUj=kD9H=DPM`%*eaTaPwd+`+aTarCLT>(Hg$T}&k@WBk;Qeb(QFo?RIB_` zr3y7f{+ga36~-bn*(ng1|2&fsDyujF2|kjggD=l7iSIyO7m%(aL<~*?Wi=`Q7nF24 zAK&S_to3(3ObOMDS#K?TEtbpXU?Qg?MVNV_afh7<{!yr7a;={E2}R~L<}=4EP4Q1M z@U215HcRcw-B3WqiAXHc%?~j7s{o?!TT6d`)BBMv84Ez2bLtr%*cZs5e1W@7>fu8^Gg(;j$F9KnzqR*^h{{O2o zj!txB3R^vTyL)O08h#OSX>&38R^1r6?)koB(%e*Loq5fC&-(;)_wVF8LXs5XfaZ)+ zP5?Ngn7Cqxx(e2jCL6eK^1IzimGr(JyN*mid=&{+;E^*yAsp?oAU4j-nxH{)jf!Nc zk&aiymRpYfMT5# zPPYjO$oJ&b{M;dmK9P!8w}_g;K6RaKo`G48CqB$dq0Tmv{sJq= zF?IYbO;+-vp5n?f3L4+Z_Xy5{O3x8m=(FXgU+dFh1F5y&{7*L52yq-Xuc+L{`5;wW zU}3Lkv+nA5ajPe_c_h?)>EOQ^A-Y~tJjlN{51(*jbR67-yM)v)q!_9Ps@sW>@)gck z^O|{mRw+47r!Rxd_`$9F%;*K|-c~Cj`a0*~j`J(ri~Q_wr=6@b+3Yvv+B9ldn}{-^ z4vrF0nSUiyev}566d;$jXk&SOc(_rVLBLRO8KQkN;y~4x1Jq6cFYmk|5WmhVP<;%k z+?WLSF4+Cdp{t(-{RPPYm>^D#kRS3?pt$W@TYl|T+$FJAm#a@=4LU8+j)C$Rdu>7| z`J0yi^(qDX@jK))VWcOxkJ#FDON7+A^H{jg-^s;Zz7Oh@)V#cSOJch@Q&suM{t>d z*9kAOknR!8@=>p+=#w4Rf<*EJ!@VpFCFj8s_P8M?00QtdvOl<@xr3p%rOQ4JZX${7 zq}u*~?Tx+ej{f)-z)B6NaYk4aXUB!>-!FIKOn|0_jyRwrDPk7XY4th1{uq<}LO~r= z0ve?>t&e|1hc*b&(t|<@UIMVQq{Q&CtVCIML?|-`jDj9UOksmXayhu_b8=_rfBfvn z`e|4K&~?)a5iFo4wTPj#`s!ht%Jkq`oFrc{4r}|6JQqX;4@9qr{>W@e*u`Kvckfv& z5v-B+>;=bf(^?w9x)#wUl=<|-wS$G6r83(~I4*NJ_oZ5#%I#tAv3jJh(E~TMI!(8JPM~Mt++p-iho7+^Aeivq*k^G65eL z9Nb(wuX^z*;4?bA{m;LgaZyR(G+(+yV5$EDMPI;Pw3xb2wZ;hMs8W5ppT*wp@8`_M zNw#>v%JDTrL=gKPi*%_ zy(IWY`K@|@jsM3eeuTdgmR&0(7)R?bK|((8RrT%|$7*4_;fD*#lubJ}x~% zzK_SytkoBu10s9tSqfAnW-#)~Z4u*E+U0=40)M)(EzzQ_&g%@ImKyxrDndCD2s`0Ho=D)C(bX zZOJl{f}Z`GC0@$AuW;Z%uz}NEK_>EYBJY{%{s;lE{{sy5jNyw3ENzTPXm5xh!|(Wn z#{*cLt+6h$xT>g*b%a&oO9<{7eA??Gnc|wBNb=y`vLtN0=dn6JVGtUW-083 z!PUk=NjbW*lGEK%O|i6f?K;}82)_M5tr`sB_z9Di;<-Z`De&YbZCbn`9`2m*9zr|i zlC!#^B?^p4Spy+wuh1Te{F9GbdkuNP;7be)4=~8e8^YK%B}L4De6Kg)os18|YeCSn z?yO$;SUp{g@JwRgMDdVFv}?K<-)+As3}bCE2$>x^; zBmY{i)m2#Hy}Zit(Ku`$ysdWQq-&J&bsg@dTeWGtK7jO&8`ZmkQ$k%-%*=N5GN_f@ z7wv;dGV~D^XzU+FOpiOhr5H&)k>*{tV4_?0iKICTlX6%HHX3N4B?#=q+FS6p?=EXSz9rn2KDk_%9 zsqT6k=RFCPz$iWwn0SrA9-O1cEXGIG&G=c$@=Ui zo{)0Ovi|7$wFbJ}suqF6>RJ_PGB2?9EsYS+?lOVV; zfRrwUl|vwkNS>Q@3;R&f;PL@JwuW*&z=tOgsb@-ln>tM!GSHh_Gc|gPLKZ%vG@TXO z519^UcRxFvYk|Q?PhP>OkstdezdGEzc1=G!DNi-9(P>pTeaFFBY%VS3;e=?J%Ee?j zeqDdL@ouR!LJOlH=KWh>(fkE}+2J4yl0uyhC-F(_U)r?1nm|g@>BGOX=P@ah?b&hx7I4kP)p_m1rqT!m`()ikYOs-A{>G z^pulj&Lxq@_~aMK{D=Mr!5j53|GoLh_*0pag;wc}fUHucCwaZ1IBKoHARMKI;?273 zI?!#BZuIv{%7=wqjv4dlSfVnsE(Qah>f{C1UQM6KU(G&tU=$ zW@oFbRsN--Egh28+VR9r%6}`;Ta{zW!Ma4|p=#Itre1khWNw9GMQ0ew!e`jztevX! zwMr^!FxM5_osHV#3I_2mZ>(|ccGui@S3=H=-PNd~qtdKiusYgsP@)7dyrd)$IazVahm*&zIEP(b9ZO*{j3!yWf~ z2NEakx3dC9jd9v`_*6-wbFI=A(d1rEYH8(WMNk_vFmr^2)Z{#AW;Av*3mw*70q99w zoq{y!>AuG@So+7wWXiE(8O?x3**H%FC3-ZE8l*bk=uNf82107HAdT+_+GeW5D=uGu z2L4dcnc&zzAYmn$bVJp*J7VFpt8tR3aQ^iiW{Wt6Q#Z<4vB0wB)|QpIl+JYes_9owoh*jZtsTI=vJ+NHjF%nuWVG9=7a(?10X-eH)%Qd|1M z7aApY6(=r`maW}rkRU-hXdh$P$ipLE6r4ZKnBe8i*ezO~pHUOk8NN$ehTi-Y`}7&n zbvU{m>2S=*8`(7>ew$%frBbgyE%_^<-Spp;Pf`0{v5T$ynG&1skm4erX>|NQJcn|6 zD9@Lnmjp6V^Bsu)kV5F4g*%9u9}A`9keX??p%bY}?$IS27-Z0getar3kEN)cZq&&L zf)~p1c;BnvkLmeYt)CMJd#6p!WnLF-ZIX1`q{+N>r(OY=0cKjya8iZF>%g`u5m*9i zX$eVd9l*qZoUt!Ax;((83xccf-9wt34kW#XHJ7@-NdqfjXda-HB+-$txf=s%Pb6=y z1H6~9MBGQh;+kP^{kN6uel&O7*#ATW+i?|z@e#``V090>xK=MR-)elgtQiT zef52--RS+t4<3>yiv{1FIE3uG=_tpJ9(jv!uMO#&(tOKbr1tXFm0qM(ZXUmPw5SLm zmE6NJ+*`tM{v0VYADvEo!=pHn)?FW=ilZSS6V|klbzUjtAbaUk$Va6WT-z+h=pW|` zTkC~@M4po26P!NEz`C|vKvSF1(YJ>@9?{3bKKPr{{^Z+CQosLL1asZMoi+yaABA`)tJ7RlPop-xFZ_CgvitiU-G|E71yl zR$YCLYi3EyDy}|e%*u09g&&BsCq=ZZo*xLhEM;3ta>W*9z=41yr1Ue0-Q zKv&mB6L9(8q8ZJd!21QP<-M*Z`PlAniUPlj#jC|q3_9K%!s_Ew<`(>+V>nDfpg1Z> zJaS|+jrD|-NVNd^vum40P=e;$+-m+!?s4#{@{{Td4SMuyOGSD<=S+f{Y*WrqV1=cC zy=T2K%1jKQ?)~!C(zHaP)9opmbkE(E1(f~a+%C1(riBPgO>Nkr6avj@x1ED#YJpGW z`p2y3nsbGS+CkMH>*r9>;bJskFEnZpG#TyuP+|+)abWfDyVuf?uHK%iuI*37>P&R1 znKXaGeRvDJV5f_begz~JY&8e0qet!XWrt5%@=hg2b+Bep3xz01N-hKKzVAErvZwhRrugx@X=fdGK z&(==3BdejqwK`2V@aA%C6L^QAxhuYYX5_1mGJiURI+Ahcgs$Kv#rFFdUW7*b8cTB<^lm2_H4T&!xc}tB zo<_+~&fFZ!-Tujux*4h0zgxyHJH6O=gCo?IYnms4ji7@!@~Vq&$f_K5lcZK}+=^(x z{1NKCHM$V(h%)wB=2>Tx%*hmcrj3sua(pjxYiVr6bx6~Tub$d_*#FuuC~8PKU#JhU zC{%YKT-ibDJMRN&Guyx4?y7srzEf(?miE912D`rM?+E`9#(eU>5dl4xQUXJJ?mQ@n z-->}1t~)>=;_L~t(uWhQ9O~?p@)#}YzC}O$cre^Dc6*&~_{AJl8Xd^>y-{n@PeFO* z8FcPrjn9&c_-7V;sqzRA{=--V|DV{T^t2~wZqc*$1O6M#>6xUW=5@Vf_@NO>e_4B# zXsqZ==VLXTR?4aaK2OHuFut%}W-fe4%_+lYVvy!|5Rp~}&$WABoog~VJBgjJVKH{z z^Kx~6z3|{r0N9GbWvCA5y%+pd;*?7sH3U+%QLf$+uuZK>* zu$X-H{&!y#cFRH&6nkVy`q0X$}`l+ zQoBL?hyAIWIg+Y>Lfy8nMv>aC?>GDh3bmo%{0!qhS19e^T)Bka=;08I_gKt(9!K{} z+1&fB)+gGVTV5|5Chg@m#v7Bcj_MtLg;PQy2CtlVN=-o=TE84vLW>dqrXyw}lX}GJ zNVwj~QwfFsHLU$ybI#2BxjRM?V1=AMKeHrOQ8=Y^_ibx!V`d82+5Vr`ONJk)Ju!#n zSPNXfW}&`Uw-)k8_E$d_ZL80(LsXi2M}dUeup9%jvUe*;!#cx6^Qw~VH1`>#Y$7n* z?xYDl_NkJL&RGu5Jjk8MkjO=OvH#`V!p{)4Zr@-QoX9kwdAC9%58RJjpUwRP9&h*& z!`7%#@DjwCKfrLQyIh^XO${JtlbSsdo>!9#z`WdN8sUcvceO2kgwiklFRxpiO&l4T zC&Quv&hy4FXpSwcN{Zi4jtzr~2ez1c zK^MhGTZ}`E0j^zjq$p@E8N3wwA_c=keKM#Jy zdmxtNOPo(p}%dc-QD5IuxI7?OnV zO(Z)BYuD+}#bty&qH^#?Bk<36Ix_50U?%=?)D&AWpQXfPq%3hnx2i!4pXl&qVfUem zspn&!sYLd$-mg`ihvK7#_m#%+Uo09!h2vU-b*V{29)(&3+8AR|DRdORqwZA)Kc#XY zCq=yHEkpsth*xRwV}Cyv&>ban1zfD(53Nr8 z_)5XtDNc0QlNqHwd(X=S8sc}d*kyq`ZBqR>uuw~eSw4srXDc7>KU} zEGhzcg-1jn{?`Y<{KA`8krqt584PK8CopI9;Cxz0LP&5N(M9opvx1=}S0kOFz4?xw z9Q=UMH2$SbTH1}Zu;4=*>3k6*v2gey4Wg>KVCV^tr79b61=IHgH~6T=MVkW%OVG5=z|>XA5UW9+V^$yV?7(^Ro% zk)>1Fp)SU_<}@nNzF6MA%G-(B{E|&H@@9t@ZGxSF&0)@6P0QcX!1|k32YrfvzfP*s z&!>`>K*V?cC!R)CIEn7Qu~X5qN=n_M7pv-&J^|-EBkJ1&Wmak`GEVUgC3%bvNL^1! z>(Gkzn*LgwR88$>rCEb)il|0q>|X_eVI%QtCm5w@yIWb?yg)IME8= zbF}YOd6GY0P`GV=r}?7Q(Z6r?QR1?U`=5dl=3-H%-sRolaK*XqD{P>7kc&q2F{|zK zd>LzVq^z<0dH{URxu^0Qz7WA$g8gwHYLF@QLQ}?l2Sl;mVn*%zpZkQ6Zq7ncWJLWl zfbQiLf!GfA@~&G1YW69ak?;%G12?+%Y%X_wFn`nmt zqN=#VIj)aq-W~PFu2I~?_kapB(bE^`*i4tq{3h_w@-zE3`9MmTZ&{=SPeOw3&zlw> zT1`ygvystCyWD4UDcsLUf_Q^ADCEBoj2S!)F_Y2PU{3Tw!pvgm)7{{*z75^1L{N?! zr_ot@#zFa{PYPm+lfSI-IEUga(>is*;bb+Bu>L;)=0F+0yh@?J!I{roEk$@9!IBad zDRYyICkH);bC|GCjQqhwVwbwLM~Oedl(ScycDZ33MDPs1?S=SK0?ZL9q?U z@$1(c^0;XnIDf74;SA|`b_9llsrGsbrzp8U0{eqEf$}K~ra=Ley}_Um&QGsoFkvu< z5lqv|1l?%k3_s;NMLsT&ys*ae=O8SnbpH11EJ8)lPx6BPPKU|(G!Ga^(;--pU~Ju!}2JBCSse0$q?xd-3LnC!GPCWKDT;wLa7 z2ZN=S$xhjj$m3=0V;4C6n;`0^6GwmF_4HR?w4q=%!OuVc-C%s1(w83Z;2zx_i@>I9QCNV0X_&iU@L;aQiSro zevoobuC!d{1|dExFq5hrb&a|;LJ6415uoS+d~T4gso*$s#*xvi0gdMSvoz_acxIwe zy7$RXKHLS7>xH1}0xBDHFYtj0y07Se9_Y{GsLuxqbYtzsmoKbOFA1B1*-xz}vlRcP z?G$tYvcP@n7lzOX9AQ)zYnH$$YE{c0roT5nsDj)iCfUL*jIr6&W}+As+oo_5PYsDI z!OT$_%ypHu0{9tlx>rSzZG9|nlS+Y27p^Q#7autsr|#!6t$YBiXDQ9YuiK6WK-28*T%&~@j|oh zwFc{~*>)?$>h$8J^oE))&;vqdu@*g4WYIm6t{L-3?9L-ww>K(#z+1?sahJrDD+ZrU zV}4Z9ekxZZxkca`3EQ?iBI&!;# zKMi*ddxPGfH&i~yD50PC_I8yIvm`XU6*pt#pPaq8qVNuPdcy+@vOhdfN~Lp8Ep@1r z;+;xiMpVuyA)%R=12tv@gJ_(5P>#@Z>f>W&z&#E12;hOxuDF z$&haBq(I}bosOP?QG%xb<4(geD~$;ZW0<5pVO=F4P;SR&!rAF4SSHZ*0bWQqJgval zC6$7vFmuE3MvGVlKN{FF)xm2^0Dk$T(ranq*tP2*vZ$Vk>mtxAax<))YBICdc~)ln zk}p$7bBkqYTfg^z1TSIcO(P7yN}C0W`Nk-FFAC$i1VTNpgXVV*)Xnl_L zP}0j17mk8ktKDZ&;a=XL#XM5MrYVeaLs1nyeJ0pg<-WYSd1&6`vl_K4ui$IpVA!b2 zNCO9tKqfI#uu+5H=H1Ji>Dz(=ynzZXFha*b3)X_Z;10xj*XMo&==08 zwEFN0yMs4Gu7|c2W^O4_*BA@wn`K6RikHrvHU;U4jakT9}ZYcmSFD3t2e zU2JEup`sv8>Pf1AwU`SCR%VK0cKM=%OJ;2~dM21Pni{b;lo>)p<7 zU=qO$rXSdKlSV7JMDeUX2p$IhgBSRT4v)(oP2e%cPK9ULTIxLDVZ3;8aRgolkq=1Z znhb$p8i#NSqYMxq;S~V;jdr5PAzN)9O zv|6)9`J`6Qb!oL~YMGn4StrDyL+8-(l^E5kdaV0SK2QxRvu-$fhu5a$-^Np-|C_o| zFoJ1@|8U0*@;&NLh5m1UIMn0+5BApjztud|8a=)YdUP4&mfgWfn0fFrZ`exVQsvjQ zgEeh8IhJW{OWDVd1ZcCCcze~WHmq*!?V|LpzyawE63Fp7VF^C|G7 z$6M0;MCvx0$yPGiTb9PQk{OLklI=LQzYN$7lCYYM4uF=1c5*7OajN!Lb)MxsN}l8t z7A_6+g=|ukW^A)76_41B1z-VKH>^vT#{YaSGSw5OLaSND?Gwv_Ff!!b@1!x4BDfs_ zL(CEC?%CVLMZ9v$gF&_axJqn_WHQGgH~4A^k6i6>Tk)%1h0ks1@%zhl$wlA&Q2KT4 zWLuv3$L~J*>-4gni0^0Z!8z9H``~CjL49CbO0Zd3dQUh-Ej5Gs%iMr;~x=t$Ne2KdM@gLqWwdgTx zj5bheq0t+Os_M97cr(ITmP}Evrvw$kdxFLU^?F0bBhrglI!tIJ1?u%i97m+5w;Vdy zMZMnb%V(%}gTUT)w6im!a-0v85W1t-DM+AV$1NSW1sPOnN3HKyJ)&jD0vF5{4bcgkWa{5Bx?r&=w(R{!VchlR55auc zu78Cv)aw=Z6h3g+QZE(lq)M`TscUBGvAR*>Eb~l+eadzeu$NK7@;Jqk-jZH6LcN|L z)Gwd!iel8}R^E09qw&VP+NCRX_JLM!{wVIZfF<~C*YKrvkoXu@Dk5C=j3MZQow7M& zxaTqRp)YyPfN`Y}d07HhyMDnpb5<{!s4;7bi!+LPJ=Nglp0``|Cv)KFPfvgnKL}GW z>sl2Cyv3R)NtO1SHme2>XalUv68z;{by;eO%1;Lyqju85;`?RYqN`-~U z|MiyeLGjD|u=^QJW15bB%}8bmxg&j*bE*xlQEeo%@3I9TWZ zdX&eD{{Z(}@ME`S(o7(M+5n4&fv7!GQwjQsdLjG-UjW>9U@>>c>UR>R3#*HngXTvs zE#R`h5safD*Ky&r5_YL0>+0hH>V0lF5qTmjF&qse4SOq%I4HFaO}ql@PkgkNr(*{3 z(#xydYV@uUl5QV(={cA>#cw$Bf1n}dwLW@b>$R)TNBp#)|2Dv3X%;Y#{_j8AE&Kl* z9Io^KKg!dF{@aj@#aKWkF2pVe>hH2OkvF|KF+5F{htuYY4m{f|M~8-HU0lUPaFDgHo$`P z-)@^a`fnk6dVu|@hWNiJzMe_?J*ZE7a6aL;qiRd|ZQnLYYz^2IP=9~qrH)GzaCF}` z@#uavLaej~wK0z+YF@mA1i;-lj1wfske8Uat$?{M&x~DdjXt^_Q>aX>c!bEajB!cg zel-ztIaSOop0q@~*bFYE1GzR6l9tiDh4vb`WWdqvvit*0av?wWc-pL?eY`xb1^rhG z`H=RX{bw(pRqB84?yu?pV?03rk2PI29@mf!!NkQYQPT#Ofd!ljlwl!AjPAxnR}@FX zJkUc7|DOvt>4>fGp`*^16 zrvd0Hc)CTI;pzdk<+v8g16liu;gW(8(57$?B9b{mv*`_KzB(f8~8Rlj@5io8glHAPUkm=^?cx z{jPVTZ`n>(%mVzemwRqfeQcYV+D~Z-?r-yRnElll{Vbwe>o;y?mQ!&m3mc+4&~B_P zq+Y=(=O0@XNg;yDOt~_bVvOfSUQs2K*u!LZCFLu}d|Bv#_=jd+r?SAlCnHLFM`OXp= zq%)144H1=!Ip7r81Ru7IiELK#hx;jJL^Bfdo{Au){?1eM4M8!3w|6*&ss}(hS&B^T zl-O1@G5~l-lLX-e(wq*IphE;nOS$?Xf2WP(Iuka1Mu{u1?3Egmn4Qip#NI98bU3Xm zn9yaJNxR>NEU*3QeU(OEFdM*%*w*uw3@-0!nv-HaKEo@9+?6~h^Qx1-wY_}z>Fp1& zW{Hk~Hw#DNK02|b$_J$Q8L>2)Ig@4vRV=P96|(bH7Gp_Z)-Hi}DgVEgO;54JYAG~o zQP&m~uVzTAKHV5g+(mX-WYn`5?&x{;w(4y}AF~ z{I7fa&krm1{};P!{{I-y0{ma^hvOufCjjUVE1I^h`N0soB^>$OU-4-yQA#v@7yyN$ zLu&oVJieQ&wGLl(!&Fb*S^Tya#GWjG4_c})(*h-4M@wR*zSH)IG4(6v zVZ`&tUH~Iy=kOL7@j6-(BlVrO$4JK6gvc?;g%cR&V5c(w5MpT{Ln5OwiQi^cN?WDC ztpBl9jITjhzQbCTfNP2d2{{~S7uLNjC+|FkBvV@MRqftq35}>srU;805`gv;iUu;J zWbU`=E6y2jvcAM(2MJ-3c_(^=3xKR*@B=z^0Bb1fgkNUif~ zgrj;zq9EAn3kCKYPPKQA*?NIKVKoLbg!1@js4q%h?Rg_e8wKPiHv4%Y!#}ZmzB=w% z^0C`L4iHpXv0J1(=VeTZ0gYH#oG7`5!5IgdYX9xM_9(9Tr*F#im2#hGm$qW*GQpu5 z)_c+1^mfF)3$(^5fNLy5Wt!DwjByM0>20z2pWb%8f!fvE^2$$_z0yH~P~*_`nF0|^ z7r=wxLGB7DC6$6CLtS((wyw=a$@0{{P%gWr_+bkBl zUAO_TuR}DU{=VWuguS7zQRZH4v% z#|7Tq2uyTJxLv_Mr8?`QE0AL#xRMib0$iY~FJ7b6M+ zR3ppPai(f}piz$P7!s4twmNm)S?YRgZu3|bCv6sp!Zc<6wbk|tsie_40wGE@xZp54 z1l35>P+x8vJ&7hWiAY!dZ>vuwnbgSHPohcPLDx%LW7{j4n1L5_?F-$l2PGlh9HlE1>f0Y$#KDM938HjTw04q7iTlx|m6!mnl;Uv2GzNtNR z!Q|#1ynCLl%K3^Wi=C`lr)#EczJzC&zjkiN1R4+^aNF*1Dut#)SZKk%Y-=%+x@1aD z_xm=oRedK;&2k+HDBGy*Ia)9)_hbhCkD|uo+JgH?Pp$pedgko>E#fTwkqxdg5yM!Er)U;!3u>&9rSD#paEUx`emD`)x~Dr61Wqu_r3gghD1D zyCyLdiqUc4=@fB-1uKmsrHLAe`tB!|nl-h58L{90-r7H||Jp(5|8F)RFuBfr_r?0n z>)Q~5%jSOVed9b6hR6jNVZmzZ0QBw8g|b_=VCWDwZ8b2n93^aklfIBFJNA4Of_?&t z=;tDFt3u*m0i{3xj5cMKpiO@~4#&lS%DrFzb;~n<`~&?xXA%ehjLC$hg2?+w zfOGx-_Fk0bzvsK_{9ljqfS`8@t9(V|>LkEm<2;%dZiT&MUua^v};OUDk;Ij3YE-|pWkIKw22bfnD%N<)}6j+%ZiZ2X7WIQ-F z){MC{(yeef{yR@wl_jHm^YPzfgt{`Ix7b!ZWuB7G55$Fa-lHQVv$yqHJ9a7^> z66YN2e7?oK4krnO6DUZK3szz-uPH>L86QG5oC$__K;4Z+IDD^*6zhdhFbJQ}R8dMQ ze~%#BunTa{n4r*}rjm>Z@1wIJIJoL7q3z;cNuZS65?(-yQJm{B>WaH?eIyez(c_^c z{ByHNN9g+cb=?b;s7<6%kE{eZZk=AC@%2Y8UDnfN>vv zqcb#X5LE4dwe8L8ZEyfl^NXfYLeMD39H)@SZ~$V7$q;x|)51D*1W*k~l}^bJF~zJ47p&X8c4a}tt>H!LPccInOEaM_{{)|lO) z3l{q{1yX28j-wkui9``j)%@O_v-B*D$$JvNLz_k}+)|tAo&9+s)!?BnGd-HsQmXe_ zlmvSpRwZ&oDUhn>|(_#rnb$!q>gPi{Zd7ntF8sN7x#yTj9&iY4!caH5_je0D1oT$FeJ!I=-#2iepMOSuv^MQM`ZGuV z&)D*5zuYrN{(t^_zhwX0d;WZP9sm0%k9JLG@#^INjK%dqdrdH4qUa-Qp%Jfwlm8)&mG9D z=F1L==cy8?PZBIdOMH}@EZeoms%AubsUGPBkH|%yC?3d(T+;PLayo&IOW;J|euMhx zA1F0GGW)13hm4t!=R~Tl*#b}A*UO?vfw(w3ZQ0qy+3B(!i81Enf-|K&p9f{s=bVkY zcFPVz%lKwrY!l*L9xT6+F7q27PbOO_CAF1+_f@<6rP zNFZNDIUHgwE*`a7%~GR#47+}85RK&-Fjx$CC?nOZrQ|*o zCK&fDqe{&*XiDWtFqQC^w$lk(J<^ogZ0K8-m$uGt(F4ds!DF}pRWSbX_zJHbftGay zDr&D*+CxD9$KgEPdtjfT408!7{eIm}L&Y>LIQPq(!MN|%9@Oh+foHb-cZ(AmgGT03 z0etO#YAp=T^Z(vEEXRKxJl|XUe?Q6-#Qzs-yUHv81ym;kK7hbizIj)TOV{nDxo%hM z-{oJeSH7;eX!%#`rLPwcH}|pBT5hY?)T=SlflO0PM>U^KB-OMHF%! zbc+b=uE~hd-6{(SDU)b(k_-7I7IkBB(90RS!t_IS%X+!m{!jt-M{_C2Qds=&J{3P~ zqd_jwh)I*6ZSzM)Q`Fr?UBBn*xau=v%`QLVOIJ4R-G`!!z0}O4$Sn5<+whNd#no&I zE(^j~hy=pgJuVeACfi6bbVrb(<=S)3l=qj61&O*^d3P>)p4ZaFNBp$s|1J)7VF_R! z|KEL9w*NfaJ6Pxcd6cIV|Gi=fpk~iJqzq8Dz8HHCX}eXeedfM~<|qpUNPfe+x=Ta zWv%ff&Gx{ZnsD$+q|aE(mP zO^y7$GNEEBmD~HWN#EZy#mBy7zj=zn&QB1D?#3jo&cBF>wv+#%snq-IaaQAJ=Z({A zvC?tQlgri;$KyZk`M>clTjBy>uKs^muK)h*;Mto0Kgv__|6H*g;Q1u}W-I^=bN*;e z0FQSI;BU0G4WN|`pb2GbBf$Du!PB1q+aDJ<0?gz8&-R~{`Ty?j`u_h>9$@d^n59LZ zVL_u+ivSs?6U?VRD|`Y3Ws#f=RT#bl)LBX;g=|&Uv&r*ndNRi1LbtE24Lio-m8s7i zye=0ww1e?so9cxro{(+y#C_ov1$V!B+(DO3b8o0Xwm^7L8BK8~hXKEYxL-9=PP2fS z7dGQ=z&yI%m2ww!zOM5Mg8S2gk3;d7Q?D zZ}qS~z|(yG6~04})lV+36fcYhBP5!8)0EU#fYXxO7BncB$*$8UhDc7M#ildSZCaAz-W#0aQAn2; z>o00YlV7F4%Ul+9lo39mLV(wSmrzQvISQ<|q)|7T=WTH zkMRWNb6nWZ{VVo%%79ks16iE#kp*GED&iou!`+0X=3Q*7l(ZGfE7pUZr|1H6K~O@4 z)V<&g>R(G%b0aX*)BqsL&`E)~SFX#JhdZ7II%hp2Z84v@jwm;i{L638{pe zzb7ceLfkPP3%EKUByPio94}0>QCDZ7tnG)Bn2P1Ph>6+-B#kH$eSp)~Y?AR=Jx(yE zI3BE^PXno4uPhz0)%2<%wdyrWXmm4Xxgaa(xB%9wZ^072f?gGvrv5I;hzdzKdYh>} z8DFFqcSM+J+~)>dsh6(_r^BfN&Gq$1jBFDvoMoH{b)1&y@)lqpCrPPKeMN#I7L%SX zU4w8O_Y?*4h7n$`SaA)b30F<&Q0m@#~B8`D0UzC8h#~ z(JhbkHcR#0W3S}^Z?m+`$WkK3m@&C9>TJVB5og=Y9Ne*HUNM$zOCj8EI(lJ&lpfGQx$Tk7-0+ zQ_=2<$25(JPN=_FD`E5Sd(GA=WBaFa{*6$!^Eb~zaZfTZ=lt(I-#sYT|2%lUKL3yM zcorUA@z7g#!Zwco#CR=DTHS?d9yKXJu%|?$Q|LyG_9+c_-^WC-o&*MB*`k!W_)ewHL>dc_{X*MEl zNxmACqScP(s~>{M7Ek?&p=H;6-4N#K;xuRq_y1kp%<_{Ol1iMPY4By4YWd@; zcbbLac@DEskJj~y&OrVF(G>jw`ubEyld6Fa2!gzkhJH6W$<|U)Gk-gEAvsM) z-C}Ab4q41tW=Zj9mH8d(O2%1&sB{&5G1Bn2wQ~j>1RG=~q;Lz(!CoLZq}j-qEzCYGeX+b~5yJ8~dC_lIj2Sm&1E1I&@omMC29Tj} zu!;QbsyR4xw1rA8*#2ZIJm0?adJ1`d30U*cd}yWp+_ZlSV5s{R$ejl0M__4>C?}Da+wy!q`ooq3-Qo7j>WlGEGE&cO;Ls%EU$s(Rj}ApY&YCYT#E6d{l;LNKq z`@iQ*lJWqbq)dop(ES ze+lNG}_e#i{I$qP$gRKiIx?NSDzZ^yuEKebwY;O z{`yZ-Xm%b&+^W!q^02Dg*$%O~pUXW2yE&X+W&S1HRRzT+R9(J(5M;47$f}HNA#Aa> z*eavJqXLaT&5$#LKRz0}UfXAe{m(ji-rEQ`=lQU21fd z;XAeb%Le|}#I|^`{w<7#MLX{XxMU1;qxCO=+>gEG%!01{61G8iQrZ~^%bzc9C3FEt z3z!OBuPd+@t__CwG8m!;^OTQ;6UfSpFp5~_(pMF`v~0EuGfF|?hEqba6V`%|R@ENr0Ms^3Ws#XZUU45#s1H-;*TYZ4lk8`UIB@Tc{%a+g_MorX)r zou}x6@FC+9RAj=b-r%;v(QP&RnL$}G)(X~|A-mID19wh2`uWf&L}I0IF8~~MBban5yQN+=qKA_GjTKv0teQuGWVC%IHY z8ck7HK5|G$VJfQznyf$VmgN=K$yV)X) zA{i=|_HKj0dS=*JoT<%YX(k@`SV|m?CnS}p>e$j?{);fV2jpq%r~NaN|3kKo`}=^+ z^Z!45QStwOvAfRy{3uTw25ge9^vcdzRFa9$fb6HGn{UwH;M-76*U8&nsYamf*B8LG zK>vsoh;Bup{^vhCy?x&{jb{QM*cb@X9ZydhMhP2K7rNV0G7B-xtLeuj1U zBcgK6=YQ<-L|m}A$P%#xIhg1FzgNlszV~8n|9zZC2??FR|I?WkXF7q-ONbt%37O#p zYI|$x2s+NNPjMRdXeAn8oZ+TmfN_RBe?0}i&U@e3R>7+!a8Z*C-l=w>%odVA*UKCi z`9jDm#_0D_y(rs%_Fk;% z|D!zG>9CTP4eUQFF#l9Cwk>4*skCmq6Qq+-@m*jP2|-lvUxJqPS+-Yv8x!>S$Tu>- zfUAu%-TC+~I4Z}bl0W@PY?i+LG_`3)ce~V`fmu~kiv$D~HHdb1DzOF}dnITpMk`3a zAX$}KwCuz9eK#HInMN{bgfi8qSftNiz+I6|p7~)eie~VCow#rXA%JuE|Kal&`(^vj z;q!I=uSa<*@qcG}*;f(*=yG2+D}d&cwt;}=^MJ#fpUOI)-M>&JfnxsKc3|i0#5J=l^|Y`)?RI+zd=b6608#ay zfqhY)zf1($LYt^&znJhd6R2JuMd?COCf-S?>!h+|GI2*@v%F$mnP@b`3>S9GFr7kN{vjP_wP9J7R5 zm2uA3b7t?c`|3LLp_fy%FRAd%@93UhUEVRP--H*OWSCdg4pdf(hMZ0QBv?9YsVi6+ z5xKB(REM9%6d=^31o=m;Zmu&`ph`}hrrrWKxutrXr2x%oI!g&cODICKcjyX~AvD*s zv;G&KIyMUg1)nmegI+|;na9u7r72gF0+qmPH)!# zY>dx?>wo*Z&&u&1&kqlG*ZSXMJP)e>xup8d`k(ovt^Vf)^p!)x%KD$(zYY4IdF|Hyo=*TvMJW zq-NmdFqHMx?Qi#K=Ksdw^8yO6+)E0W=l^rCUy1*Gad@!i|Bvxh{C|RFUyTn?sgzH% zFc5s$P9O+}>xl*7i?VPKZteyVA^6A>6sn*Xbr%XJI?HjWW(=)ei0a1wQ1U_0SGTtB zMGT>(EwgqtdZ?$F{_C1dtH=O4oBr<|ym(g0|M_fh9sl(xkG9BvKCScSndQ%8z*TCq&vxh0t!h*>W=XW-8D4A;Yb4zg^AV9( zB!NOE<#wgFjgzX=RZRyOXOcw>kk}ndnbpL!+YDgcCn<}`-)P-8YR>S@vu6i&udy7L zM-RUhso}aiHSKbqm?V8YFR!MP6(lk`*|q~CSzXP31I~OM++%b@EOyICw`yN?a00#{ zu`MZT4B3#pW^;zweN2*!aM5?2I1nWk+GyYlB)fvp3{$Tm{HP>- z_(Bz#WDM$&3&}Vh5tt)vMUY}3AdzudvlH|hU)Wt+v-RwBO5cQ|_?*aStosOyiiOmt zw4>nrhO-Xcy=>Q{HZMpBXO3yfY$O2h8JKLQx7)~A`^#%v~*o{s{%7Ot9^0aAB!J>zqI`<~&be1AD(Xo~}@ zUKKX~R=2(ek0(lnwYjM04YVA_-klG&?eQ>uX#sW2*i9wLagnN}W@O!>VHZ_^dwWG~ zgF7-1B+5DIR#JF6q0`8mqJF1T4~y%dibn6{%eGDH&xE0s6;#!2PnSr!^105Z><_Da zUIT7)4?sW9%vMh0vZTIltlYk}7872_{d1X2Ors~6&N5-Rex+itL+e)?(E zs%uwOjjC$~*Uh|fFZO|Z8IFI(HC^9c&AGN+zmw8cTvJlfB`?Ef-2dE0t116B zKmL2SeE)y={KY!|&!aq=IedMxy33#2XwjP=)uPuF+3i&n4z7N@pL^w)Ztvw{5#2u2 zg<`tBhSiAfS-#+#!41zeBi1&UCJ!uv>R1;s;fWIq31^|AHd@-t{d1+#ni%Jhz zT$zJezly3~i=SKn!72v)f|BvyPj*pA>=DXiT8YNX&?U%>yFO zHo`*W6JksT^ZTkCB_V6^Eos8Q1b29 z8@IuyA6|OC{2D@;LbML~^S~_~@TbSyHr&sjz(YCnLm%CsuSJ~qZSx>Cavl50Q*8kC z2jO}z>p+2x^W#jW{0n@V>3<~y!_ur^uKjm^x19g;;9#x)J<6j6A}_VXs_ek!?X#dx zSZ&^@uK9^E$~9p8nN>76ui=7WL?Ja6jdbck4YZ@2C!Uemy*_3;aG_f!~JY)-#1l@gWk)2Pb7++IN+5@W-0=KFD=HPl8)#Y5(X<{k6|5 z`OgFeKXm@TgWc!V{O{}fzmM~n1FQphSL6aqZ4Zy(7GV1NZFvUVL*!Ui=x8T))CnHH0%7F75`#X{iwHmZ0NuykbiQb! zPcM!lmZ!fe8O2c0Uz?D!ejejmpy<$1g zKwVB8bd4963N3+e>nU2=@JmUF7K2q`(Y|St8Ev*3$py8*#gYo zZPRv4-hI9pd$-Me#_oQruyohSLd@L3TZot2R#npOTy4wreNIOoobRuS?f+J}zCF$@ z*?r@7ScK09os3;hPO6>CS*ms+mhS4BrG-2BHp+$mNtl#_l{HvacDQoc?&7PAL`X11 zB}A;G8&co3vlOK?L6B=J%=I@fV8sBf3048XZW;XR`#+dQe}v0>$#l?6+4*1 zfV=eUi>nm3HkB_01LAyTB52SnG=ia%+s%}G$E_#&w<0bqkg;brRETM4x5*|{BA4FD zAStZ#_++ARABPZNJ>K3De#faKrO^dl2B4gf)JI(x(G_Y7es5bIde%i$expw#{WqG& zBl!R99UeZb`2XxZU(^4`cz_}sBM6XvTk}inYeriFB`9L4#56@?l1vcc-05kC5m140 zk>ezpq6nvG45{%D24`PIcW64Y+y%0%hD{^rNY&>$8TP%iT&y7?RnRSR}g(|9!nk9mJEq8yR&~nUU|iYHEc8Q!c=BJoW%rI z?T(;3mM1Z~!>QEDspL449tf5u(`_`!!EYOz!t!p_-CT~k+fMvHlW0VwKpEz0rLfS6 z9F>4UrP?WK#Yf~lnqV1?3H%D1<__~%c!_kY?(vXv6ZMe6i`}3&HKT=XHNjK0Q83~} z(KFO0`kzoC#m?Vi za!Vufnu`1A0`utq!Tw?S{(tXq9slzv&pgsrY=D5c866$W;Wbus8o%F0PjuTL*#fk( z@^k^a9Hc}39=0~-1^rXmTBc2Zeu#tqP8*MlblWt3zg4;G*2Rp1zG_1XbSE!^l0~(q zx~k1EoHgoZm1KoMM}De@=7ySx&K*l5v><_|o?N(IL0n5U^d%(3r_d7VrPTQrzthlu z(9xqxAQ%*pOEg8r;%j~~ViJA#sraE=v+^INH2!bmnM41*U9vnAm{0#-l<5E7{@VZl zah`efzqA1sX96C8W=>G*rOXaeQUhl}o?zPd)W%+bGgQ0%&9aB;O19w`kzn#pC6Rt|6jb=UFZLKlxHseHydC!;Wxj# z;*jvB_{-xBPsUgnj~-iU(~qq7*hgmW_D$tqk9j!2rbuLoTX>&0MBbM^YV=AejkP|U zyj4Ah>eS9Ocbqx13NLg>30WKC^?c3rv$a)mQL@#J&f@o#+-%lwr!@N+oXDF+*X6NW z09Tz7&n=dw#*L@IfzNJh!IfEUu_FOzq7s+65S}sT^D9I#sXpFM5K0(gB8A7@p`eS4Qnmif48xPRFJKiO&eTS zS&mt&fa8eUsFvaAt{V7_e%XTE%wjb@S-wA~DK<$Rqp>qzn9r0oGtm$SJ42asn`}PU zdB}ZM$J!bWsYBP3TETCvrG1o-;s5uTxU9)wN(pp=Ys498~1$&kJ$u_nd;zpcK$H()8WR6{};;V7Xg>3904SAV;bjFZkM z=tR3=eSLC;V#-CQKcaF6{$CHj(;xiAci{i+5985}`ak=pxJ`EoKm#1z$gow`5 zzPQUePx}LW(|OvL6ZLP#>8SJc|LS~#zQ&xgT%fblSEAF;IQx-AveTzA!8`hM&VKCl zZ$-pnvhz!zZ|3~JK0A4Je)Z~M`j~zG_x29=%lUuy4iDG%|3`T~%LPq|5a^2K94xdE zNd-ZB{k=}-0&_eel5o-K=ogG1A^*7^6LigU0-hKGUFZ|BtqZI%h$YjG9vj-rg401R z85af|i6Qpvr~zE}#Q2qdNs zAWkwSsAPP)jUp^@!bXU31Gw)-j}yVr1m6&pae9j-X@EOnvCfXG2&rT`DP(!HfP%=N zV7mblPfXXvmU;-6_rxVL=4KoNS{wCuSs+qZG?r{ix>C0LYs9u|OL| zziKEOuw%&kETIuq6UsOn(*czvK578gL!aeooB*5A(y$sG<0z&gOYqb>_5{142_saF zH)*WP~j(CbC@ecO>?%{54 zcdxg*=e{uK)qZr)ixP1E`t0h|g6niX2Pd;3;}hK<9@oG50lWdi*v%$kFGIw7eP zfK`R6D>jsOYCm2%b#Y@%eFFy)v< zx$0{hnXdl*um3S${QF=3XG@)T$UB;%w;4%028Klx`jXv|Tf(=YX+XQQCnC8esnlL@ z1A->Qw`bi}eLr=zh%o6#29-`#tG z-e6Ag>1XJK@r-ee^y9%cI!+RFsXi6xk|+g@#Qn~{|Mfo&IQsX${*OWcMv~*0OfbJu zTcsX&ztich^67MDvY>0iCqgf<dua0iL!sja1}TN6N(n zC@Q@r9d)3El2cC4P83n=guV4UomayliQu@HFiG!}y8Sz3IhSLE)0Ey4E--g-#6!x3L|HyaXp~Gl zZXY5yUqcHp5*djUCqW8?qY&jCuJ^CnnjN=m@5VG5t0RGQ`d;YNKOVK~#Pyy8fE`FJ zua?*L8j_lA7lUG20UUcwl#;;lh~sSB(H@x!6iu;I7(5%Q?s((s`A*G~ESVO>+LR#z zveb!kt_XKBRecgz74TmrBI0yVJ+a#`$w?0A=h0YEFx*ihHsK%#788Oj8Xw7nb3LTej0tbRlAyViyK2 zO1GhEtHJ>Qxq`%DJG~Ia0RoOFI(2y6R>A-hx$z)pAwARDqdnd@%MwaNM-a7=k|a|d z*N>y|?Cof`g?B38{M}+c?X&~I39uI^Yh{<9-|2j7(HXH+WHicIE|RI0B7(`NqY3>u z1S%?E@ux^oErR+;Z%xEWL=-NoW231Lv*TbwoVpP~3(h~)XHK6Zg_($@n*0c`)(x4W z5@w%veB49$ad=9wgtb*0C7m`O9-7w36c#kFL!3*dWPnI<#Ev_ex;vi;gl(-DV9p)P z2PX*vL9Am|RMgXB#UngW?tlZ;0F>i&YM2E0h);cP$5FyY46$KB(v>XZpGko>t+=mI zHT853JO>ySN}}aNsQnZcRVxO)r6%zfU4Qusz52`btMhAg@#^x;+4c3SQ}o%l==kE| z_1VesXRlwO*T>&%!*@n+KSkfXz5FveyFwS2Z@)e}eRYc7o_CJVm6UUQh0d-NhyU#O z>g=j-n!LS4U%tA0_1U-R^z7>7_3_!8D|Gz&HTvfG^78on`s~#eIzB%|CvVSB&#uqj zo?mTuUj60b^3~N9dV7h^-dwysdv&^v&dyI>e|36x{sr3n=Ir{*w_jbO*Jp3eu8&ol zEg#z3&pU5kU7mb-e13iW+1cx}>uhj|4 z)vIlE{`S0gcK-S0+4&c*-n=@$-d3aPT%TRPe%0@Etb|f!G{9zsF#3_!3JXO4`(OXJ z&@z=|PI`sCX=DQ+F-%cawMCf@arQPog~6h|LfVAjRA|`3s4&I!ETOB+BEq1u z4Ty`(0m`IWjyRs^fi=Oa8?b^FjJb~j3DqIBkWj-R>5w6oOMs;0Q*6uu`>-m6s`WiW zn|P}Lmiq8Cxn)C3<=u|NMI@O5PA3^tbTbV`!-JgBllUR}nCJhu_xwfq{%3c8?f>y8kGlnVt>g4NolibN=Xj!+ z-BmOu6VmDQY=TgeIPa)~P|xP&IzsQBe4Z!CIi8Sr@ZzmH3&Q`s_ap?MzwJTY`6Ym< zW)_42y!?#_Iu(xn&kHt`EibsU^ z)i3=io~$4N%q;r9ckulAekK3o;oATEksd|=tyy`0cYhylc>Ilkj=}gO`khZYpAR3CKBtM1nCJD)hMS?T6ZR~gcT0Qty3IR{ON;xrQBBh0fQ~!B!Q4 z5jDYgAZw2}(Rl}Gitad-aQS3~_0A`Su{A)J6B|YF0fV6RE~x5Vt*CEzK0#Kc_SNW1 zPbWujKS#&s-=aUCou6(S;oRC8z<#07NMePvD-zh6oT**bk)E4o#<1xbGz5Mp=o@C zPI4jHAE42^aljAUq|Kz)&>sR-e*TNVRcmKmWw#NV-19|cPcTJyZdU3fX=MWOdfy z&RpLE$*I16vr+Y6rqsS381k%u0p^`Pp_gR%4h<qud z`Nf>_9vs}*+77v1l4`$$DRSr4Dg#u&az4fB^r@y!8IFjq@A+dcv^7R3?ZLgY<~{>i z_A6-DTgv;{vgyz_qz8;GI6P{{Na~XlpdbYsD!EStOSPfa(+D=&bwv- z(Hpg3G##=dkb}h0&d!KR%Vd@KpQlt#cYN=xotWH`WJl0Z5A$eDC5dFt$qvqF4+fj+ zlQ)S!ajU*jLSHRiLY6tr#I<5kn&Rl@dM;I>bNTA(+HJdl;uI&TK(;~@O^5c*$z8#c zG=}8A`sN8piDEw!Dzywq1eh`V=me*xqHdnWhM1-31W!nEf(3bSR4a^%ooL8ZWo0sQXp@DOdPrdy7KF{@SxI#TEQ{o(F^`ovh2XEkSLsF6n5r)RzW z{!FIY&~r(K4PWX}*1VjBKm;-xxX9HavVzRduprN$^+*~qxSxTRYOOC`y+J3(B4j_g zNx){apj9gPM`H}$g_irmwI|U_rYF=#Z*t>4Mcymc18xRtovvCGx z)FP%rl1VTvgBA+6akd(^K6tCScw%lgG=JkG_Vo$QX#VA|j%8dIV4 zRbz4eGnpFIqlVMf?txbjStpDarT+KGfKZ|cO39sGLR%*0hD-sek}KY%W?P~M+7kFQ zW%8+|tOkw+G0073KLQEUwfkfN-pYwNxQ@i=mSQj|Dp5lX%9Ku4gMh%pZMPMjHN&hU zbTYC966z=8bYwk^K03AOZza?4XRqIYv4r4yuS_z*G-Pwqg7n&)p2Q++*4J-tU zw9}9?miSXKZZ{wTDmX0D8k0`Dq@_I}IZH?2ngHHP;Ogpxa*!Ks!bQ8Sjb|pp`c^oF3<=5J&Wuq}Bc+PGTkO;Y9e}h;|c)M|vhc8^sVbR}?`YWZaPH+3D=} zv*nce;)r@~$n-cFDSdW4Y5uCL9GoiAUY&vXD1cyy1n>gwP(G$YGEO6$IByTd`xR-x z!q_ye3T6d+p``k2MN=GHIAnKdjCriZA<58}SNn(071Cq__u{)7GJR)}3b(XYF}B`J83vuq(G3M!k4_V2 zGoI>(R~i#=^qQtpkYosM#;Q;Mo2KEKh*T^a%V8NWbHD=O2)QbKgXOEuoNgMix^j@6(L1`Oan-wtof~1m9 zODMC_^oBt16jF?J&xmW9f?cr*C?;?fA)HYvkfTg72Ze5$Y6m8Wd^4{tqGsV7wI^uC zl)4BmHqN~=5>AI05Vg_ZAaWqawRV^AIwfY2*ojygkxYsmc1!pzC3ib_jNj07)KmMq zr+1EkyB@Lg3H)akA#XMJ%#QO!slctomW_*`jXm~Shc@1Hv?7}zmdh-c0!{Kn(kvl; zRE3kW!sc#iu~G<9qBC^IB%!y2mo#*1AM2yf8As$jo@5Ex1`eyF%0jGE|2)0AMqsHI zbd-W_pfif+f*hf)dV9&3RQ%vC2VF&4x@T9HU+5qIve$JgS4!?k89w5=sS$p)Q81&? zjqt)=Y87-(C-P#^0HsFm)~Q_l#)jCrjvy@5nv~S2PR^UQM~fpd!S7#_bR@?|=y^SV zuCWQV+CLYrUAY=d9f$I)r?{%)0m;@XmhaH-6z5PXwL{j1fVW1?Os3li8y03ri@9?) zeE@IuW05q`Q}{P4rzQ}WM-0-qSM_|7a;2w-#M~ zSv;c^znI4>enEU? z)ehTeyF$?|9+lqHGoSZvclY}^qy2f>~R`YS}n|9lw`t1Db)yY?vuj(zKUNPFLp+H-CeQS-gih37Hl~zEV z6d@bqThCftF{E3Aa@=e+w|4E-8q8tMv{B4R4uC9^u9qY%n<$7Ry``L`6Mg;m5m?!4 z3{taq(kzRVV971vjikGDUiHUXp-do|@ldT|l8|&nEUX6Rt6rLWE!(1ql(%_xP|PMu zj8XJE(c!rI4$OFIK{%ryYy;tiad6WWm?3Rxp1|<+IRrNv>S?0;w~-*Eprj>-Bu7h& z!2prinT>hOIi5Crp)~CoEHk_g)Dt+dh%?Bsk-Gwo+1-33oBKm*bZqde=%Zs-r`Gbl zA}&zN=P?~>{{?^#Hxp9HOCxH47ayFSUupLTFZ~f4qA#znFLw77$vHj0+TE)xV>5?s zr3bfDU*lBl?#))&Lbsvf`ZchJD)v-ZL&3R|NaCWJ%}yOmQKqXg+xvYz_2Re;Au?{( za9SDx+UxK7_WAVuYTjohRD5NE)HYyiot|H9piR#wV4M&75u5D%$k>=s%{}8(Y@y?e zGl(<-%vBJ;NyK(r4jYY`m_Ls8Yl2{1!f~`|Q}Mql-2*rk zWaEZRH>?VRYgCUEi9lT5E>sa*cn*W?Jb$&&qAP|LTs73jq*XkNEd*+3<|>|Fu<{Z< ztxaFW)5ZwafT@pL&AAt56nSWel?4Ff8$7{uNxFRuje$G=q*$^h$ROVSB1kk5;+ox% zbTKlmz29`3Wm+!LrO6(9!cvh>2tNgBcJ-{Hf{!)3nEkBT#hP7wtn8weOsx;}>}P$T z*9ZFJKG16hy*|(D^ZaW#&$UAR>J_}7a()lf+#4EkCfHD-V+9Cwy^mkFvm50L&T>c@ z(oW0D2Mz->Ts!Tv7{Sogd$yBc@dRr@hiJg8p9M~16Uu4b)i^;38A^Ragx*}81(zhN z-cM+SqGiLx&Q4c2sWo$1GnXbz{fe23cfGvC!Aw28Xu9vgLz~uZ2wq)43gwf8So%L2H zW^`qSABuTsu^~Q#I1bs8$OWS}5D+yW!rT09h`97Z6%h7<=ppw47LFZn*E2K79}Y=8 zTL=PZ8D_IMM_5dPKxM3%pzR{upp3?Lh_hs}C0@{SM7`)`$=Nz;e&6|8tUuIjE28QW z2f|Gj(%yupnhKP#$W%^vi1Qpu%}b2FSRu`7e1H!zV0*5Y7%GGSniQzuD(2+XvQ#cz zdKVW`3UzBzLYgb#EIqAAF^=Vxye}9VB?JNc`GshBwyM~?FBc=T_hzhL1^{5yQx{8Y zg=~l^AW2ek0HUc0g(}v;@MTg#KDgp*X}!o9G}I~+nPiG5R%0y#@APQQAhj^`v52*< z^*J+3v~r6EDr_gmYxkD5#=6#6fAJbC@ULNln-d2#;KOpT69?df@U8_tEi&3BU}?s* zH`F9est-sH%D_)l$+bmTR)G`9%}$Pte>+YMj&4X=X=&oP_4X>VTug`@v)EMq!%4#K z1R4S3;ksfWOVqCPa$(Ml?_LtkXif6gB=1*3@{lG3_rK0{N7)5A&7uVBLm58nL%9^D ze#M7!X40t{DA6gX3`&gO{WfB$U&_i9l2ur;9DD#3*1R)2Bjef9^NJM8u5@%wi^CDd ztDGOdd1c%B$pgnmPS7HjiMip{f;`3$kp``;)TQS?gcK$;bsBDKX{_ZMw!JUtp>vkD zyBhu+s`<|OG^Qgeal#^kTioN<%CV;!#9Ia87h;K#i@7r|M$hHi+iA^K*KG9{&Q|#_ z+TS~Pz64FY{QN|Qb=l6f%mBndp6! zr9kaxyR>E@A;Ua`IH?bGGJr9GUyK?3?Be#h>r5tHN`@6e)NAciyM@M@~ARaUtgVl zfr_+#PAqe&!vN_OZ1>fvinUYKy9ub~D0)^k^zbDyUlftt0gA-Is5UPu`p!zI*39N4B=j&sSd_@4b8H{k4Di{M|dX zqueitd;9O+Eo4nvXeG?_mOKTp41Xr3zE|xk=oCB+Xr{tqbh~t0_~2Xc{_cC%UfLvC zq_H!ZCv1E=pvcyk7*;mbYB8`DuGYd;6Q+Kx!WGLUIXqZ4g!h{(bg3cy0(4DIMs1uz zmI-|Q^SlhM#Z%?R#{~$NZfD4N*{tIg#}JVCl%(d2mH-HopFK6z%B1T!)5|7>JMbp`X;4f!?sAL_i-7V{V(srM$C4sdh(1fX9 zsU&~`54PoeF%9ujh;bHu@E$W#0ceh}A+&dC>ZAvyF}mb@F%(Tp7`w?cLt+5eMpk)E zg)Cg<#Al!kAe>PY;Uswwl}C#X%UF<;J3JMpTplrSf}0$VCPVJNkXby)WLR^Jq8U@U zWQq1k)c-oZJU1SPP$$f+W4P>Che|a|$UW7w1P0<82ts<*~(yHFvKp-I}|vxqB0)ex=;~jts_(-7I>0Z%vZA1emEv zVPF~OgR-Wt6Rv*brhw66q1`a0R-Z2z)(!YwMyzl}nZxk4au{BQh4JfB+u1H0&Zy0Y ztOOA+E30A!8E1-1=qf!_K%A4Y$|B4MRC3Ix=ucN~&vn5NOF)bzKP-MyU_M=_C@ zCc+ljDixUp+P19_Ao4^8Xmqj;on#3lu7fq$5GZC*?*48^>E8DW>d}Kbj{KJN^7JNU zcWF--7e0av*Db(}?hy_K7O9If6AcCy`kL5Iy>l+!UR^^ZlifiVc$zRA`-O@dww~Es z1ymP1XX+EXkhbz3n!5lGq5%{%U=?>Ajz;E!Y^xcYTa30d)W`!FTTU|*lw*+ScVydd zBREkTg{%C=O0lFk;0MiPY?3*b5*d4y&@(0k9q7F5wK=&N=qz!Bd2AAX>uYX9jNU!% zn@s*nZhg1q>7|vvCnOro;Q%-c9d zKVU$Jp7#<|=_D7DO)TDm1o_xhf0fKfx(OCk$1e;J94jr*=3!S2dj5H6A?huRBK2S= z1YInwN-Y|Vh&f4>(!LCyH@<U*iQlb{qPedC;@X-@`16#6oaf~ z)&SL~SqAP`BG)B^fMHk|h1{fQfH{;(*7Fqlrjv{_+Jj2!JL*d?+wFXUrNmH9p(k0- zv|LDQpH;UYeCAX!n6Xsd3p;-!GwN{vA=Rs)h@L5bznN>a70B7rN61v{Rsy5qyd*~0 zVAaW#PObES0G1311T*OkO=F0P(rvv0&vJ~u@18JDzV8-=V@0t>K-tt#jmoVQw=^z< z3r(}2G=phfoTQ>gNvU74jYJ-e6(RNZ&iAR47Y$ylUlkM!u{}n*cKz=Q!44?wpVbs? z1FsHi*vgcO0K9q5xVDdeccCM{0DW29`m>PzXBi8S5$)T5Uf$mt`KGv$7V({}Lzm0w zBOq6K>ec%CzH1I_zhLj?uz%mxHKDa-q>rwdGj>Oe`>MpI-9K8F`@VanMTYOYdav67 zY;Bt@;#~BMwK$pDipt-2zwe?=9jdNr_!jI%<5s4`OHSJE3$&b#N#ho5T}P-9JqrNy z>ecNZ9xTu>QxY>zkI?^q@{j-h9q#?K+xyQSHoxnce?7H7ZT;8g_x+jgx1K&}-LG1+ z<@X^ReJUK43wL07Dbc2*vHq*GKq=}u=lspLVDY}Rq-*Ojw}Khzatr@_k#(QY)VAAO zYP+a~Kkoh2?1kgrU)^>v|K9qq_WNNmn`?PL*n}5l1-5xlJi?kTeIl1y8KWXyt^eeN*pgegkU z(U6TkWNd>q)>wOtaDoEzXIPK=4tjQ;=?WDj zc0KC>LwP_AzL=H1%YelUr4xbP9Di%`CV8rtCIV$;t6ypDMPukDpkUW2YUs^ZSJx;? z2H`@g()F=;XRecx7z?->2vgMr%3pZJ&Q!oVlp2G-?rJRy?}ECA2))UyLi!Nj^D3 z&kqj|4i{rfx?y{!BnnEgJR|YRO{G-0>A^33 z6>PZOC@QlntZ(e}??{sLz`;eA=XL$;{N>xfZm4z}Ctk&f?;)A%~m1JIOy7div^U6UVm$~or#6HdtdT&&?C8zFgC>i5Aun`$ zxZDLF^5?rqvr2jX0&67)J{-q|Q>b<7fc3zk%X2-6uPH7N7(toV$&inH1-LQ z{o3=PS>w6#w7(mg={8AAEG@wI7*{x(^SR+#ccG~uT-P#?3{e?~D2*fx+$od>=^QO{ zlP@M>>5q9@DDeeb)=6y>ZIQikBkzrrR;2Z*38vsvEf7X~M|)_3vrOAcaQQk zO66LT{#>y5DkG7JI}kNQsL3vnvDha*8K;a>IXzKo;ki->x6ww*Vq#-()ZchGq$!nC z_3yCw2DH$WOR|LU66FF@v$MfOIoCI;eRQnI514z+m)3Kcj#9Qnc;VxaAA^Q_9Er1G z+4P>Vctb$cQk*ABfQVQsBv;afc%0q895U3S_Q~;5NI_-9oWdUiA^@mEwU3y>9mU{n zG3tQsgCle=Jn7aZ`t%gyp|9M$&h(DgKfiiUqFlDlRZxB^;F$C)gaBnF~z%d?dQ5;Pece;TG zUOQ12&8R>VCS-v@dmp60xIhwJkU~f#@`(a^N9brQ#WtdS(l2a@1=tC(?icpH%iC(& zad<*fDbS|VSBwF4+c_4O*RmE}+la`hzqJi^%Umj)s4)(vh)STC;M31pKGHKGiRn0u z&sIcMF{*Tgx_WY5%S9D9?MtQS2Um1NST9~qM8;BR32$B%WBa{p1nw9XnPWN{TU=rz z?}ux!_}N2CL;{qbg(3sWPe}+grLu}$<*mOYeB!VOTSNzX8|ivt(qHIhK)YxYHW`&0 z0ycb)Wm|o8jMChlxmg{g%)vK+OuaY`VhWO#}-E|%RDXf-aykpNMENt zXQ9NQVq^AWPBfF3CTEHIXi=L&)3c&&tDpOmw&LljsjdW$MdrPMt?F#*XQA9Rv!05G z3g=DNGaK6)ymt5LI94T}-hc0)Q}&f{~!o@5eDh(uThhITq3?xM9w zQ9dZH#$v=$bC04HwZGg5B7%kWPq(9B6V)qCr6ne62*l#bB&LgVU7IpRITW|s(xVkn z&JJ$Um`+@#hAp`cLcb-c)R~9KEsdm`9|W;bsV`CQb47CxvGcy7X0LL#7P|+x&;4b> z$~cy%Hzj$;Wj+b^HZJpmY{2vv4oAL{tD`#A(xC3w7+~{L`!vu&Pz+azGG>8)^{wGXKi;V zKWn?g0?*p+Q1h(q4%KIEcUapU?(_T>><;TYmWF37>lDvg)@lE&Wu5A?mUY&$&RW)4 z%R0+GAMG8>Dj{YpUU`sE#^M<m@A0(&R-^O@iVgEGFAf$W#Yts67iNdy~?U z#hYSl3D^5|jL|yA=r<5!G{!=&t4)W{6msMp|7*f0zuAbRYp4qb8wT=67MnujE;hH& zB)$kS<_FX2;OUI;-v7tmyKcvETZzK|{S;XAtktAfcT=)QUWt;E`4~!eIF@KGkxnv> zW)9I+=x&77K&5~p)y~PgoM$;t_ATtafkIW^sxOo&yYR;{y9xztZ0!35kxa9(ROu3E zc?f^vnL~9*eA4Md^{pJtixxW*Yh3Y@OC~yu{yboo9Di-wZ!aH*Qg=Ze^)AIj+o3?! z{YNQ^IaC0sRJf?jtZ&?za3gjos<1c?Xf!#bP2te~P1b~W^8;wv^0q)ci>1cEB|huQ zSABq09#+LUpn|g$T|YS^Av?68kR8}q$PQ>QWQR2xvV$8A*&&UGtcj#|*pT0TWIG}| zyrGL7+@8pqzzSEecr4>0+~b;k@hOA*khVqE1U4DvBpB8{5liFGX!c`|VESW+Hvh3h z;~|JBZ+58LwR|j!KUC5S*!7G<^TB^Qt_)c4FP3vz7^jJlr8xeLY;W;2ZU$+XV}Imh91w;+P1$3i2g5Qolj+}Nd zA>t5K%hoOQAUOFr;r}e|xAw7=E0h4x@$bKFD&YVERwKb6MDN0FsTwl7XGt<8tjX)<73D?BNDgGANr1Z?4xee`&Gt z2gCBnm3>fDyzv2XRayQJEtj%mA472Bj#_D3|4~^vsGbN>1rQ8WtC&!8eTUe)5Z6^< zk0ZUJsI5U7s%;Okq(!NGQ)~+MLRt;f)#Eve)vz9rtt;3?(McRG8CR5UtQEyCK|}XO z-&5F;3|}9z*MRl$#1b27Q^)$lAo8AgbKue#4_lYUXhgbnl`*=?7<*O5fFJR4AG}0H zXxU$2U*uVtS(#Tc?$kObLoH=Y5v+B5cVFYlw2AjHAH>8PASVM{p^u=zozOUPtrf~|^Y&Cuj39|?FXLP=d1IttgVg8Tf!+5d@+w9O0aa}ar z&lwHZX?LA=S09~rw=g>GZi~@rcdJLI-7StzyX&;O7NgVdI_<9Q=(M|oXm^LJz~4or zJwimfiFwRsCBtx~hL&)xWMb!ycon&9G#2 zwHbCFU2TR|qpQu()n=%V&bzhW=xQ_UIXaJ5SDRta3A?I)U7Ta<(P@^QX4!6Zn&ryT zX_kA8PP1$`I?ZzR=rqetv)o~Hnq{Y1?m9Znva9;{>x{8vPccKQtNPc)UG8+;UDdzM z<5yqxuNDLN^OgSFei>c;zpnmYSO2f8|JT+3>+1itA5Y&?^5pc7Uxs(2s}RwCbQL02 zj;=yPS0SSFbnG&^3K3h5&a2T?h}d#;_5ZrKxV59x?mF$RK057gVRYKv7NgVdR*z1* zTO6Hs*J*bxMyK6%+FjexX?I=yzh8cAT37#X$>`$Ho^~ACj=17>v751}h7i5WXr6}t zN`=NqfU-p?pzfLv=Yd*SwmO<2yI%4poB%!1>lr*O)10Ug|Agm-lfKmu%rn+6+0@$H zygWUvX#7y>(^MzsG|?&%xrKj><)kb?yg%i}$cY-{I)(aOr@gHpwKLZ|1drSiFY-d_ zLfZLx#*Mk;GqDG9T#Tz*8-mt)X7L-_;s1_1GorYci8xCVT`K!XTceLKj$ip0`?5L{ zh^|}WNUIG+v+r_B+cVRh*ylpwKA;PZS>1&719h^NL+L&z+u$!wZc=mR>gFUDh$*gvq+cy<+dSCHO+@Bj6OZ7KU6g7!W}C*0I7VnPk_uVES{RVtHU zh(yTZ7aZIHT%ISQC`Uv-%W4lBit&u_lK5q%4GDIsDU?_A*%ee%to{N*;FuOkzmBRnRXFfK-_pt`np#J?9w!fgAFSq(droPwzD0wzyuf&*_nFaXKpXi|l zYr=!f(u5Z&$U8`Xn9+Ft7V%=66CNWpwBw`-nW)9gO z=T7%Qaw&A?`)Nj#CZqK;Zkyko_nMjhe8SV1zYYGl={L zsak;A!wq}Jjxk6S1LFMM;TLCxn85wR+w&1_A4#A$?yXi|YY;xvJAxqVz7Evq zyPz~NqcexB^vIB1mwB!W+vLlsxYC7Xx?ty7X{;zNt^lm1f-8|mWY9m{4n8d*Vp^%U zwe1HD6yJ>!B3@lyUxE!yqdDT-iCSY2b3&jv)l3gK0dPu#r096)lxLYx6Z)+HcmR>8 z%iaXxCAZxD+9S~Qs^`d-;-n*}Dvb&jC9X&`Twuj~dS%MN2=0_)`gVfo52VX~xHMql zGgj~oMvB&gYkM&@RiGTUU>LPCd_%_1aAH;FNdv5~JFD@}!b-*oXqd$t> zu?bJIEjHcw^9k4M)#WubvY_Lxa1CsjtI-JWZT)R`R0jOcM2lgvxkCdpH$(A(&+<$R z6FplvDwY*9RW?W*Q!E3jkCc z9hg)+t`{SIlZzo7odP;<6(_Qlkz-d|=vtsAeAyH=c%7dyZwrQ7@1%cYO6r*+Cn^Sy zAtuk^7x%C8Gp8=*TsqND7w9PC>{=v+ut8#=fP&~0Mx}JBhO(k?V%XJp7X*38apj6n z(4Xc$KEVGkmO*?2jMoQX4VZy-ItH}lflVwtDY946L4E{D!B^U8q^r(s!E|^2?hQ+$ z*D>AL$BF!P_~O}b+5J~B^qKfzg)%ZYWn?OpMV}~2MG4CHpzJ|(qDu~nDIM<-Pl$b^3(p<fAHEu9!WyBHVxHTfE+#9z(~p1P)rD?#-q+!AuQn_9@8IbKDi$OjM-9*8Yd}!- z(cc$9IM;7}#oCR?#@BM9mXoTc@EIi&^3U$6okWR0aWj?Y zy2xpctM4w@h$nYKEfrMvDm#nu6z=wYC(`+r{v&!Jg_7w}*>#!$Y{gcVfKexwgh7x2BEer&^rL6}MB0 zHd;6rIzvbD=ze08!ctLy+@H}WAcm8d?1<;N+wak)Sd!LSAwqAf?YO01ysEBMNW7-84c8nvrBJq*!z={&#{CQ`A(?!6p5sl&MYV%zD-FASD$W38 zzzvUW6NS*yKfWN>xHI&9LIIA;Vc0Y5HszN4bHO+<2h}0F)=sij#&VU2W>?J_pSvf? z$`19P6k6eoZ)Z9Rk=Ct(_qOuksFtBgjX=CeJ`Y$l64<_!dQ4iqbv&HD7sb6452p{h zxRYu!a5y_a%rd7Cih24u{HIN9Tq`(K%W2I~BSyE9sgC9>=O%F0>smM%v--|aw!l2S z%9AeKOmg|RkuTWcxv3)pACXZ46T8}$Tiyitg!j?NO}Zrf6_~JtW@!ZSm6(yJNsY$V zv~bUVxcA~}c6)mN{M5aFI@bEOkNQJtkXgfrYEPVIdLq^BTC$Fw%DP{UNCJKLC`?(Q z>`~1ha4_CiY>+P(j^Hd{lrQFoJkFy(9uM$22LxlvnHaJ&{L4tH)HLPC+I0ay1?MPE zmg`I=a&xZfBQyLc3npCN1rV&;+kgJ$26^vT7wd5H2LlAR$7drclx0aFKwIXS>4o4A z?;7tocE_=Qu^bzi=XIOg+6d%|Ut7<)F}@40E`07I^4txVsO<%6ad|%Ri_`kjw7D>! z*k#$c_k{nkROxCqUfb^6w>h)W8e&*H4X6(T|&t&Qi)ity0 zluPAr5nASni+!&$GIPr@8J_-hb8~eKR&T8oMQ!6vbc!s+KmvDkPx_}IMS#66eeK>4 zNmd$pPeRrC8SXw@_nHUa|H_mu79RyuFZuBoJvjs$x)?Rnpkw%j&NBKZmr4||v$Y1U zn>W|dR(5h$;P4TTqq$v9HasS5q?qdr8AJhUGEEIl0`fR?iN)-DQBc%JTP(r%BIMY7 z&QJY#(eZ$Z*yLIyh)NSj5UMN$ds}8!4y;gICG#O!$(4D2gh1vaUD`N3oLqpVjP zcc6Qa(M?7U_A?kdK>NG$L7S^B9=}^KZIBb_(REW;^xle23(Er>Q4JGXAJlp6HRN%{ zCX)ozk20cw;8Ctp@W4LkqKfB@59X!{Erl2gnuys4P}EJI_55T#n62lhTd9GwC(AoK zhS6fnt2hQItRgk(T~L&QQdP<8UPS1_JEU<$nuyKwSPwbH8CPo}t@h}|_EwzbN5>Up zP3*oxg#vydiyiJZ=qf{YmSupd!dSy*Jgou}aE{z_Bu_F6;Z~bO#1P{eAejtR7)nD4 zY3`e(qm@9wko@NM>rvVvY99iKDKnTh=d)pqKwGmg9;iU+>TC{EBXQ|)>h*&*EG>b z2rJLHvG2r0I?#*s^^D7vce0)gx%i&PU;+Qr>^h0%)vPd1u=nrbmZ?G#iswa&ySD{T z?i@Q*6H#Gz^eVlz^g{&cT@4{+vDA*R0E8djUHDCxO8%n^#h$8Q`N9``NVsA=GddPs z3SkQ=?yJ{QVY$o<2GYZ&INN0piB^~?xAf4LCbbeiS8oCaQuQ9p^r&)dmLxt5*>_4m zsA>XOA%^DPz7ss1->$~qRblySLh|bstKhWH!>2`lRyfvw%hb<)GarLDghDq+Z(FqY5q#kQDuag7Zq0#~xi z=f-a1W)-W6Y+zd2l@LK%0U|I z2oV9S&l2qwInVY&ojl!gF2hl=EOhKKQ^fQmr?UY}CdwrowC;xu^REl=njJdBt(Dx?^*8BeBC zi3$V7hdkq|B1$!QK!wX1{_TZn%jK~ZYp+XYVM%>&zBsP$HLaJ96JXTK@#LQfJaw zC`|42;Z>f46~nSvs^`m^!Q<45Sq`G! zX;P$SIOntMGoH&oi^2fFcrHV7p&8!&1~k$8=bzn4mA+)>rLlVUjH}uzMEGGX6JF}is8uXMhv)fA){CF%`M(eAS~1Sv>QPTCmp=YEBa$bm_qACu z%e@E9(f#w`^XJ27N1r*m=hi(bbeX?oEB2?VsyGBa4-)vBJKFE+e|G{O{FY~B!Lt~M z@Mj|xl&Ok-fWK4KxJWD+)J}cr9|vyPpD|_r#CWV`urdB`yqCVbcYvoF*1 zl0D!2nWiz0dua|OIN&&yKo^7qZ-w(3rW5}juyeX&y&&s?On@2A>5yH7%5{^H7hG8( zLXBmo)hagSc`lS0jKo+Mg0wfD6xuk^BIi)t4hyHDo_wB3kW+l8cO$5h2-Qu*Plh#P z2FAN@&cFKVtKR~T#=tX7y>oCUO&hiy+fFvNxv_0K*=S?i_QtktTff-0ZQJ^CKkuhM zdZtlRQ`I%->gznNvlQmOf6`q>isS?`jm%ugbeD39JmO!x+Dahe=DRY}sLDisI1v}- z*~Qu352nWMW0o!>oQ1}NH_R*mTylH(JVKxJ1h|ht1%SFFP3~NX*$nz8Snyvqk>X(C2F8agu<(M zSHhT4wt!a45EM_PVh%Ma?x+SOaH}NB@^Zv1Os)|Xkl zr)yLqCI`_eQ9KtukQ~f$*oNEl7oGT%_LJu~k}VFJx`P+tv8BN!6gOvTff#4R^XKOI zc}6Rvj`J!_R~|?+XrhXtVDpfE7}Ss|lH(2ri*mHdT>2Q4`D1LB<01W%L@l#?STv=} zlqoUyv57nOlW+je1p+7};Hf8CG-41lITe`4)#mYr%M#dR{aok^jD086)i#-@ekA3C z!3;+CXh?et)>^$YPjlwbxQy{XgObh?Lh@NC!_dHa8_nai@0gU+am<8E~nMC2b zY;C2OF9c&>5ycbY>|EN!(zi_&uMK|Y{Xx7V+nBbALZGMx9~j(*OJG<+*uc0E*K zG_9}a@DhdKdhe8ooxsPe=-839NN|KrWOOEaTY@@A0;wQ>Z%bYvZn@B z(oCnDfiM-iAxo zD&H;EQ`3&rTc-Zi1k-@G_*~0Pc=F{KNJdS;y6*4A&hssL<`I^1OasR6znlU*HB*ke zcyTvWx4;6`5^lNq_GyIaF?vp@j|{j9+lLujQ%)Zkq5JRSgodIfc#D`Deip3KAh>I^Aj0COAkM0IzjJEIO`X}r;Ly;?I~*mekc%i$30Ox{dgg!&gp z#*PIfp?o{rRgSf^T18sRmUeE*`_+{2bF8N}(oVC`SuHCRcG=fa1b(i!ZuPXr>Xw zpxY#S4B)%X&}!Wwzz!*(pa3#7@q)L-tNuMR29iE6DuN!OJYo^)a~N)ngE zhZ~clqRp*=L;q%ay?#{GwB##a12|o;YxfJ(9S2RB4fq9`+izR_?TJ#4TzT2mCZgra z!SF)K74j6&gsCpvN+ZHR2dJtJ9}XmudHkNszb<^Nl&f95E1>u>==TOyPZ0B98EZU- z@zwdt#vN#`XFCL5-4;j(42t=iDc6zakv2ey!j?aSWvVgNpY=j*#jvM^$kNy}bO$~P z4ubVbIOHu?>agTiwgFyG7q8<^4;d*8Ip5Et-|yYshBKui>H344%_`*tm)>wvLnXC|8X|RZO^kUs_7vU&)5uv6M0YTVf0xicU0l@?Tveb>gy$d&%^Yte%G8#7uA2G9^&sVR7Trj zugNwpl~D>^xaoAiJ2))SQ)rk2+JEhBTFB@JRk1QR?*5Xvat8h`ij^syd?Q>*HC@#o zNZ@utlB3;x-@1is;IO=aVxQHM>#rMq#vCm)O1pfxbv z%w(E}-%?6DfMhM~h5bOqVHKIC?C;CX3zO~CNWLg%IoSxHaU_NZ(u_ylk}#~8A-)$! zD!`s5lXgqSlVKIW0A%5@c&9+Nq*~D18^S1UtW?gxxqoul!gAWR1 zE_z51FoRXKzlRM^@O+~X%J*yVd_Tcn&jYb!n*f&AF^@wml-yT*26u*pO24&2M#urQbT!#{0Q07^-G}RHD`~&2E~0DS0MqD zJiB?4i2H*QYXO*!PdUrmdd!sTmo+@AQK$R5nD^eyaeN$f6Aq846q5`-v);dik9te_ zE0w*6Edp``$@dDUkJ=yf0*n7NBJDUYv|*09c*b0!v|O;am%fb<0$ZYWL0Bxf0x=q! zSn9($ggiu={2o0n1kdx&i(&P%#YZUfJf^5N_#7|HMjFCUNS`N|_BMoXr1Dh}jXyL|0!u_#{6H zEJ~5Q+4vf<*me+rp^sF%WGnCR`_q2K`sR#5JeS*TH(9f4_YT+><&@zZ2-PW3LSi?u zk2EnkBnpCs-~(%xJNpqB_HMV{85%9VQCZ1#OGPi#1_j&A}I65$=ele?dcb^3qW}y2r_~BA+I}f0S6qaK~k%I9PM=9@!5bbUm zt*`@`lW`l9FdaTCrGSrwEr3mS}P76(5%U)y6|4;P|aa>38f-9#x{!sw5ZSaXqQ3zDwh?{s)q*jS<4zJ=^+)|+plEW$uuzZ_H99=-}fl}V8Agnsz>0wA=;y)c`wizVZo4edH+i=fU>hDQ{}3&c$|K3$#?%XSz;&p-s*-V>t=Ol*ly(EI^o;Q zam@NMcv3mqbFMV~(QZ+ae@^n!E}=Qd1L@K=81)Psx%LK;j?#8;zWm9MYj<^z7QLlw zfvu4SC0HOQxSL-zEw0#I720Qk8~5#06*b1GOi5S5Amn1>ldaSz;;=KI5c%(MZ6@aj zXZ}X4P`CqNmc^i?uxXJ9WlN-h>4Q&W`gangFE+%CYk_l@GOpkH#_n@~zD z;2H@VCz}h6`GFy{WDDw-6<8y%ORo#+f`hF1&g% z$#?&FwUbPNV-N8h6zM;`>*jss{}3l}sl>e;RyJx%-T0^4fm}x&Te=uhybv+5ZP}dy z9vU$mAT~_j&@*7IPm_g)?0==kmM>6tO{RQ)uHUq&>|mCILvC`Jz}Ix?e(Kh3Ck)*% zH-CQ`{2Hn&>+s^qm%G>VUQJ#e(d6_T1^C?VRbX1D!2{+(7E{A9F8WCSD$T`mx8bkagQ^6*moP*@+7r`IoTrh?!VN^XOqjq ziLv>vR*~mpqK+^zvw(Q_!RyAoTD-MDl%u~#4Qz%;$wy*d4996g?z0&Y;cU%(mX_hN z*l3cs*2&NyBT3O?B2k~M%`U{qD)XD`)Hii@)xd{l8nGjQt-s&_o)`B!Q{chON*Kiu z*zSyHNoX8y=$)zkAkG4^3bLN|U}_=DC7!#Yz)zxlUkK&w%gBQnE$PZ&0TLdeiJ{=W z78k?=5TS}Uqh`9Vl1{xQTt#ycn7_@*Xr)9i&#S~deHNG2dRtw&ypS~6{E%R*hA{z- zZ_D3rb;n!htSO6zZE~ZVV*ZTJ@mhK8c$QZ*eQ}xPfwbsPB;wC&v5lafSP79e{KZY; z;I{AK8qT(h#5=-KUG6I_1WxyYb=U;v;5H~ zvkg9!*^bBua-87^5*J^GU#V|36@hvdL)_fpja~AH9Sn3(o92Gtby4_2Xd86y%?~x8 z!k(VBq*&Bf8JieRCK@Kqhgssu74Ug%yji2UB$3kg=xBD9t8;U`)HQ>E7Mn2#bH4pu z)d%8z1GK}CrGn?a4ispOh}7)3BJdfg{g3=Ifa#;u|6Ud?>Xs(N=$HKP8W88IJ~it< zxmOTd=-FT3WA94Xiu#`x6={vE2Kr=eZMRXS!V)@?=wv8WU%KT|w^djq7-kbQLhhJq ze5o9=AkMMaDGSGG4aW>Q4cOC;jd*L2MEMFQ5j0j1a~s~$XWQgLVkPf&ZGTES>Nt=x ze8@f~fy?%-J@Me)Pdcr!1zjZGPn8Y%eb@j`Req@qC!ktCeXbaMWDxA zQP85g5;_vx{I2D*MatoCl_gHpUi5+QzI^!7WS1MC9lAz%TLRRE&g9_`Nx-1ywe+OM z{(Jx;ZpT89$i#=j7?vc|q86!24<04Kj4kLkh9TL0yXyIDf7+PF3ET>~M&@QauMHl2 zeA^Cl_KnjV>o)f#upXM1oH#~C9Uv1pKk8Kfo%tuehE4rmmmo;MkKI@eq4+)5#U98l z`uE3MpoG*qF-17v+9H8?#t!Q@pV{M=iRZi*m|mP%^Z6}Ct|@9 zxRi1qRQu!g9M<*c&eg3O!yS?e)Oej^O+OQI_?M1zg(~EOSzMn>Y^7f=pv3DD)T)N! zZz@quCur80@%te8f(T*c_fhJ_c{6BYd_t&{!}=fn!2(Z~WnccDrCnlO78g;G98W~T zi&(8umz;r+YxwgQzTI|>l{R%YwEu$aOlu=17M?*LID%K*zu^2QeK<=KbW8a<7M4DbA0f>%TVJJM9n0uG zu4BC|Z|MQ6adYbX`apx9xM-QCFy@qE8v;Gep*X6N2tg7!E_s4)9LK@65 z*i&z=zO&GPL4&GO@i4coNb>;so@1pzudD`jZ#St(_FY z<773?;$}7a7bLKmIn9YtSX(h=hc_zHSg`KD`Zb$9%8+wU{9DQfP0jcU5F07>hBhM6 z%Pp`m3(vA+*U!v1djc67<00VjeX=58SztS*oUHTq2q&nZy@}Zo&(p@0d1pPf3#I|9 z=rtcV>0`FB9Mb1R?M+fg-^Wv(N>4NwP4;$m>)%w1g|hKdsnHA0ZmW?p<`uM)M#7g; z(Wj=X<4*lc)=0(GyNF{Z0|vm03J%+-xAq@xcox#ER3N@G{@edW_)kyEY5Vf%_lo4o zx=zn8+Ktp^A65RRxM2)H7wn{&1c8d7Q&GF&rt8c(#5dT%=hx#JYf>%JvX4RXKq__(Y)=ZDOl*4#>>S_ry%tUDV%`%em^e^FvL(YuMil}_ z^oRxH{V#)u1~P5Ej*p{D6?4q_us$T=t2LxF`w;D;Kpq00%`o6dN>uLLq8_TD@|hU_ z!m`^aA^s_)M-@q>^bGaiCyZ5>UcaMC)s-@Q0O4n?M5*rU=ZN$T0=SO-G#xmtZS>l` zE@~(PxQ_8OLL2)0;$LEv&>Tnjsu%J~84GLy$#x{oQmeYSkW9q5V&{CB1W~NJYneE7 zTw8m=jCvM#T6>^XUOAps*9zf%f(t=K5--qceJi^Y1{eC|OfEGHX7cc@p>?@+H|w*8(o&H67w@VBS}m=-byqXHi?mnM_b=2icP38w?=|V+*1~QE1NFj2WE(-{ zz{Q@;DoQlAPyfhai?)6l3SHO?bYJyX7pLS<0cgKdlU$-d2Bv!_yW&MJrN{Uz?5Vvy$(p%ug@ zCGoob^)U;O$?7vTHZj%}B~s1^fpZRI5~W(YUGt8jm?!t?_d;s2@{>>?C7fm+V|xw< z3*l})$zH_ew?$j0q0S<3`a>8n9IYm7?)qh!8fWwzVGHCn}`t8*NMDoRp(O5+52wx@h(hIv= zMIEb!Y1ChfrxIDw3#Ss?QF7uI(Q@MDKj-|}|8;68l#n=c#S?Vn!mB1YFt|SF}nRsS3a*@{m1?a zMXyTAt13WK{U^NW*$g89R^7F?aI8v11G!IOuE|2<_xKb8NU!{jJA{)(9Yb+P_5xjwDt ze@1k~)Q`{2hiB_b;`iqkU(f!YYvJ0fA6Ibt7&`+j>~;C|>S``iW>r7VsC}H#yW7L{ zXvEZSE5=Q(>sR@~X?#;A0UYgCE;u@Do+*=Cnim-b<0g7cT<2at1Am=X=CnUREWaQ4sX0aVBI%@n(Nn!xi<1t5@S76Ns*4oSs!61L^Lh*jJL05oF{iO><`6E}|qnA06e>5>#mVDMC3O;EC ztoXMZ5yeF>a+tWzSHI{slGHAV5dC}W`yBDo{7Mew!iF4kqt7L>9b$Kx5jcT5Ns_Ue z2+ZCFQV%HNSc;M!d3UmYtv@9Hp4f^cTGbpiK*s{68_nAVd~v$G+b`Fpj0vfMRi~$} z;Gm%?t{kH0nmPeZDBmQ$+(tu|PZx5Oo2h03&gcdtty#~Y=s4Ys^#xCq?Q~Uw`U6Yu zG6uoq88TPtMek)|80gw2xdtb)d%JH6{rB=AM)gSL;~N3lbjU>#);)6r5ZxOpZ)2`G z{|K$DTU>yb|L-8|sFJ8#e`s}o997fsMNrKtSegXpeQ-xt>->mUaZZ02=o-;{)%GF_ z#gdW9wmlZ$DPkB&|9A)T^pu@e`p46{66W2p=Q@q^z~976U_}NfBu(98} zXiz+wHB3QbA=47h4@QiHBinfR_Gf+YW1LDPmOAXGZC``}-SRf@gG8T2a|yS> zMFX+3IME8lLoV7U9CcR6w`B&C=qr_zryJ%p6#x7IMv?~qmn~K}!QTmu^Xu7`jnc1a z5&{o?J6vc|?>`y+qC|m*&s9(s6BHhiOv)K-=siSfp&*|lkIh(vOeyrITF=#P{_>%A zz;S%Wna?G1uE(OIk+xku%z}|9crXeODfOL(Xu58i1LG;zV;mrh&;s=JmVh39r7;rS zt7vXZ=#Lc%ZZV8XS<^t5i<<37C8k_)_@=ENqKg6Rm%D~Cg+ewVQ@^664mHJN@SzAy zH<*tbg@*1wkwPJ|zG2Ifu@5Zl*WdV75|=%XZkkk?7-*je1jHeKxP3g3U@jqcvm?Qj z7Ol>G8n&ndOUX!a+qtbdEc11nrrqA-c0|cV83p_|?G2V#OXlTTEb`==^3CxNI(A^Q zRkgj^ZYhxH$127xDd*)NwG2=-j@3wDwtC*yuNdK8*uz5lj2vBOOl(5-Kywb$u*f}{ z?XZ5Aq1;N}!fr(;o?)ki^YZY({c^MkE`e%BkZma6nO&OiZ#5U^e~+wX$8+hGna`9+-O=1n(bPeO+IkecBQ2dvV)7FeLA--a#Zy zM(;}w7N(GxZtxMJ===8<`_B@CXRt<7twn71gPXylvYl@z@rN!2cKtOvkMBcCMn*+% z!?C!W2bYJl`{h^HBQrK?`5#3(ubvZB8lOR1`VS2Z&5Ee+o2w{S+@7uJ{;mFIb^L5) zX_EF#b8qz{TJ+@c2}Zs-GSL|goAL4-0oKW8ySwzep)ByEc9g|TjM+ax;TUpCPz)m~ zl&*%Nv%^d95{a7E5vhF7Y7E|m&g8A-pV2^O)gF_wx)f>12=p<~6@o-O*s}(;94a$N z$cz#c8ay@%sPXlbLG`PdkA0oILO~2lbOJ120i)Qlj1R(5n#|~v#L2Y9n+!z@X1d7#s3d%zGB-aSL(qw5 zMPV{wkKiq@Skf1DDom#}C!dvgufJ*Min4Una#->7i1oXFO`kxv^OPy9!8|dd_t(?RZ#ZnwELA(TF+~+z`ua znAk+&YeswgQ?=}0hh!#sY(*=m*mU)QdviEJ*WFlHHoTPjGX6PKxF}vB;~aaOi2=R` zEsv|v!e1j~*TBQw?V@(fr)8`))#_kd!wrK%%nZ{Q>+d$u!x>s<2CkMnXhuyy55K9AnbiNufs0ZEG)>)d^| zYzMB+L%7(E7=hSEJ20jfA*9|NU=XY zUS;LEMIjyTjilj29xOv|z|BvTPatOP=gcwAx&8B{i3Sm!d937BD`fCv7`E*f^ZNB_ z>Z(-4uYQbp~aw`?0N_7e3qNr9DxOb}jFR(2;7ykJ z=Uvik$Bw}3xO6T3y310b3nOP-lsR!IG2e}1NSJ-HuM+d-{%Jm03{9GX)M{CKY88f= z#Q-jc*5|$*n#oq#doyL2GO%%+DeqnWSFsHlS=3@rves&clT#LPaCx?T@AzuUsRkRVuOm&n&Fw)eG zcOte+{epJfi>2wuqSc|-U10kX+vS|Tmu~4MZBhyrgl3uP3S2o7DCFnvY@a`aSy z%1ab+RH{6^T23&H*hIb%9!8CiSe<@eR^4%_#&*nLaCC?K19=0seG*{ii)W~fsWLVr zPiFzg*K1w9?E$%#@TI{J7DOvZ z%CaHdW%wh$JS7pOR)D|&)*4vku=>MYHsr&=U;XGv>ie`ugwG(@zD~pxGb*1w~B{wKJXER=qetJy(2O*GIS;jcc>Ov_7`HigSf3(b-CV==-Y+Bw~%@D%!B zbtQ`4Xjg-Wu@5Vs10`+v;up%{D%zWFaU%cx%RiFqmaFSs&_WjM@kM!DbPOY@NbSfV zr!!1I7$%M$*a@Wj<;7WmPZ77AsXvjIz1O^TKe5yJL2CTp7K-Tegy-3<`hyZ#15UFJ zEkPU& z!c`OlBI;JSoPx03nVu8F6bio~GtuP)c2`AdV?2C~QKYjl4ZlM?v8ovVPE~(Dd?MQF z3cgSg1*nJ>WAQlnd?Jv3YoWbbQ&Y^{!9{0sR~=vo*#7`hHYjQGqD-h`Ad}^y4EQQ@ zrP`JNR7W7y#NCKW{MXuk#M|C{b!fll|<_c$%5T%t{1aojBf{Ft^AWa+?_q+_zcYEcckMePB>fZL2--LPZ;lsJbDX*xis};rBbS4stU0Sv zQE}fH^IVpPFzl4HeI5*836`v>gGd*8M-r5hEae^d4|Q#7vicW>tFQfU$ak}sWH}k# z?>CwM$pq8VNM9((Dka_MZy3ZoMmon|$mF zf^pOa=o8$X6axLm=qM_7u5y8e-Q1ZP9QHq@&7ebDn>4ebBYtGFJ*ndp zr%Sy!_@dNp+ham60&*kucA+4Oo?Df^+HDqH>Sr@{2m~uoCOLEhL`91k2n=5B_9Q2X z3|$f1!1$riGc&MCyL4`OlC6LqMj{XEC}49vNe}y|V*_h{HMQ|5d6Z38X|^^o3oTRu zK-tlbAKd`mg0G97#@qf;P(kD`Ph~sfLf57mN!fCup}q(rb4HF6%=V^ShUpbQIpq^k zG>|0TM)l$SmNC|wksJpa2$v=#K|w@1*AI*wF-t=dVkVCnRC|JCyz)t`aVsE=9H`;Q z4|go&wq<}iq$>UD1h*U3GxPsTDOkww31{1@8t}9|-v;GMNL!10R(W%_=+!-OZ6ivb zy>kTZuV>_=wRpR{!%xF~>_ZyqwMZLAXxBJ&1@!OG8 zhoI2mi@+D(WV`h_2 zb%ggU3Ova^(t;(2hgXYYi%K7WPQP`L9+8+8;+T@Pl9P90<)x92D|`Z1v+s>=3d9V1 zGQN>ltz(hCqvh*$LA{+vyG4P3S5T^d>e|TBSbyb=Pw!U|L2|JN)xptMf+4;FMZ+0u98W2@1{*P$*CGCnI4Lz^-t9>EUpXc_SCf^abc>poreA~#VZ zssz!<e=JmoLd4#CB$F9Iw(J8$Q;szNTXbtrQwp^2vc8_kABc*a6Ziz4#JUP?(2AUO^ zu02Qdu09~m^%Ws(5NV00prX5YoT6`#*P=D*()3x|b8GuJ+Ch%=e0?f}z&3#x{&qM5 z`I4-X&%Tb#HzExo{Z6M_>|e~UT3`kUi?B?;0a?>3nOfy7l4b;6Fl9g|4JkP#-QaDy z^gIsKx6xDvZfVn1n-4e|`bqLjQRgsYN_PAr?<%!8IA z;pe`AyVg)T?N*d|UprOwZzUj7o}pmB7l3Jdb+Bl>oyF^GPfbntg;IOrF)&ksY3C%h zsRijfi8#wMi{NY1m~b`^-LU_LsndDURf3`<>tj*g+=mG}SNEXfSzdZu-5`V!lBCzI z`u6V1oU2yZ$V$yIMlA`ETgE9m*XpIAm=~V?NNK|UCjmv9ekSp(f>QyTb_17*z9F^q z>3H{B|5bIat5bxaFWfy9lYSL6J} zXRCf@pIn%C;nhB3TT{#iOvJ2XMsR3Ktk}-Ckn!Ppc?|9xJn0FN3|STj5&FJ8k*o*i;6d4x5)5qC zv`HTZvw`jO6fiMZ4!9dqQ$Er&H&gecKoT`NL8sUS?2jL7Vx0i{#zHF>=|p3;XprlF zz9M8bS|s&Mg-EToL(`R7^mzOP=6ZIBWX!2(e~`@$MfJRxXrey%U?XR-4tQim*Gx$i z1aemr)rEQvT9H}VmN+e!32luly9lh$3tLLhx{xqXc7uOdYj%O7qSI`H76eMZXMYeK zzW^O!F`PE2aw#oV&hR-b+}5JL^pGJYx3^VLi|er}pGw$vJ(vjH@soG!4$~7)#SQ6O zySLm3?lN-F&}Gm8Tu?qN#~)hSRGA_w%5(aYYdQ;NL(1w@XL0Lx8Q6@^m^}Yv*l&Dn~xucIt2wWpOc^FMis?p z7AJN50DCU&R+CKjd9C$@7?ko%1KsB|1RF0koR_I%%_=;nnB%w zmo&KN*#9*U(JB|Jxcb$jja@TVPdpou32Xyu?l?#o1v#}s37Ft@2K^46oIt{_G>+k| zhU*IPZA^^Pj-b!Mm^K?^V7m>M|0myAYIOzW#=Yey2j^Rt<#td*Esw$oy|@}spxmWP z4U43A+_mMhu%W>R3<}@1pqG1sA1!x{J+mM9ZmNgiP9K_9D;7H{__O}2jV7T!hob5F zW}dL6Wcc1>KfYjR(Cy^t#ig{}(kRog4zaiTfqu^-#?P0J`8z$kHc+I*Hb=NnSqy9M z*y7t~sBzrmF}7etVe;CIYcUwG=DGwqb*x#RT`v1^CUz%gD8=H1%6|cHt5R7(`rao7(%hp2@&u&!#hgd2oL$=| z4?Ect?`(#ITH%A@)0Y8Ht)3>Na2aQzlLF-5d8By1`iOF6ZOqofycmE|4(_QXdnXaI zp)LGm64Vhp+dGFiAlr4(K&1vvoCV1&GKO2JJnRGUH{`r!liZ)Yy2h4hNzXQGSUpP( z<&#(!OmSZb6LX-H#T}C)`tnj-FZP!z&Y6EO9uMb6=jnzg?E!#^OVh#x1 zm2D%S>h9l*u#est!!BLN>E~w4ETxJ$-Mf%b)Dr*EJ-Xn#(kh6eqQ0H28#OA(x{H|_ zX`l5R%~wk;lVx>mg*946t!d~%m z?Au5-`2th+@fo5C1Kr*wW6caEq5!BC+{{r1wl7okwpTYl9(pd-NmQo!Zs2nlyPAU_ zJX|hyK28_;hM4k6I<#cUo58yL?Xa6VCner_+z^|a$5(vcC|CDNd0#g$Tk^(rq2^cC zrGK4{$U$_jPtRTO6?0XNjk#eM^^0-Ap(>#-9}Kwz{1-gEWA#}rOo@iA3cWMI)u|43 z-|U)%YGoqnJpQe$pGTx89L&57AW&*mudEDKfZCKB(&IU5f|uzrI)-hGbN`uWb-Z!)_PE0uD3(oiWrcu^Si2g$FH`XfeFmTpMpoeIe(b(!htdPB zHrL2E)e(Ox(%7%!ysBs0)^4%kyzyh)=iYf?#ts{3qqMD^dHeHADlc@sdXKb5DxqTq z&kHy6ph@qL*Y1Bgm_XpM2Jc0*U29N89!Y>pZ;i>6mA=Rh5^$ly( zb}w_&qH|mLbr~V#{T0-;mO5lxFodQmQaDkDj>FHcCXcqis6OzncqB!ITbZWF-#rYr zVLf*-aKYqwwwDg4vOX)*d6zD0XwAGbr*jDA!!q-BF&I>>r{A&m zp0RhjucJA#al|+ysEBp_s!dj@EM|^ympW_2prEl5hFsXCtjbOD_VN#M>Ie=Sd(bUk{_6~0ZJ20lTSC{N- zs=BHkun$0ithbz~Hn-$*MPjTT!Ko zPB|-cE?iDNo5MbsMN@UMnXkEHc5#3kN!2xvp;{yCbM@2y~&w(pB*4`_!{<%!b zzu(li(J58|1z#z115|h$d;K$b;^hBeK<(VJtAPJNpwvd|FU32dTI9?&)(Z_diVNGH zbPZ1*#$0cc<0;eM?+4$X+uKZ)3mU4gR%+irSijY|FSEm3dEqw9$usVYZ8ZbHSXHx| zFgbY60O$eS3~{qcN|74e;NoeCu4MNUP{gKlv+nx$$|mJqo2WFqqhKg6(_}-Bd{+#v zkQw9+d^6%FIn2|O{Li9h8{lE@`HNUw?(O0DoIi`VyDRGJdK^=4dy6X)#@GG!V|;zR zs!~!r3(VSfSQ}{gCM%U?+uQyYtrlz=hEaN-XwB9QmH-d@8F9PA{2{fF*+s>@@3;i? zpO^B#TM#8Y43I3lMQHU3!bfTJYA5r-h#D8!-Oq7W&rlXGkaiOya_ayg7fG*A8)fii z3tET$28(b78^|~DrAaPDbvV#q`QUu+wbUL3Zx_)h3F{XK=3hEJzElc0Frd6pY)6`G zShoiVn?f21{~s5$Z4Z1{HxXpmgaAo@au!OC71hUza2Wd03-=oNU5LJL$auP`Um4LW zlC#CnU$iHdk0m3O7Ot>3vk-^w$6PeCTQlOeC)iX#dbFi$Xk`)eOwtsd3O;e%zGx^XWg1U-8BI=e6OYw79k z$NVF@g8^4(c$51I0Hf5caP>tfrd)O1{J7zTH%@l6<-?g(0^I4Mn$QcdxKip0LvZ&zyc8&%G1Tf# z)#Tg1q}II=obS`;*9>(A|0oEJMr+vl%g$z`$IR>p_9^7jZ9ekf*~nY{_Kh`;S)$v( z^XJ39-m>g(s} z#jl5@IzE0r!W%KW!?o|-%iRCA;OK;Tgla3-6u!b8MmZ-cstObSg}9^m+b?c~U)NAYHh|1Ld`Bx(8BWuIM6XmoBb~`)FXe{Y>LyWGZdta5? zj$;e)%t-UWGlG2gAeA44zNr}}Hl;zsu|e) zj5}?(IGjuX%lpyVC+~I=dxnA9s#0$~QCwy|2UyLu%?;EfJF)DK9q~eco6_K*U&#g? zwuNmMiBSWI+tNCJ=^R`e6J~Br{;bu@>OYW>2kih{bEW>v+iYGN{HgusbFrXEX4@YWR@9hBa$GW_T-t+>l_Ph6=nCtxKFp7LX zGVhtE?;qk7>YdCT^#6;fa|)KFi`MMfwr$(Cakg#Swr%5V+qP}nwr#8Te{V;3z2sV% zRZ$W1A*)udIlhq}vn8YFl&M-6g`^ZHg|RqphUkYF&rhGYEuJK(g4~V8;?}JA{C%p0 zw*Mu+#J;R#3jA-1CP~Srq_yldXC=w7E zTM=MF@E!RZZ$uTbqa1)Ew|cXQ`UNGAxBRZTNC~)$3Ucsn3mx0sey=&3a#h8rx#sIq z_b1+L=lhP-hv>Gf4I$#SZ`uEfF$8*4xh!8t_m>aqhoyR!`DGmto`XauM*ri3E@hk$ zDiB9-edSU-fB7K7fe)fV=N`XA-aIkzIU-AY))$pY6}bt1Zy` z3fi|U*^m9FPwVqbBHee@lj~O6RZOVeQxSwxb&UU1fzgQn@GzhD;=g&DLIwrK*Dn_1oAsLno_SJ!@xDt1&A3`)3Vl|qUOArGIHSegijvo z@hIkt3JGQrbrj50Q6wQ#3mtyAM#qQMHo4B?OEiKmkYAxra^$O0JnxSh!EW7^S>F#k&z{)42k zNc=AnG@AFNcHF=`*8Q8P9_|HG@`+aYL5v#YgF&J1B!Bh+yOwvACB!83E3j430Y7@h7 zP>et=`V-;8ex@%)$fzACSZpB0zHb&6zNE$_xEq>%vfasGb)(_u-Z_zQ2`ZdlaSfBU z6UW$amnv6}PH}PdzgP;jgx@sAhusK0#VzO+`VmzShZ24r2}J&a$fTer|xj5Zcd z6`-uGL2Nzm4qVm5rbm|~AMd~aMs%!3l5dBerN)&08MulfCT0Yy>^%mz!muGedEhb} zw{Y|U8Nvtf6f?L_dY{6Etmw2qeD@a&N^%4&tHxloP$O-snOU48 z{E|V0l#rWqTd~rvzVVormTh13E@Tc2+w8MeH^Fb)D|3(867Yjr4wxJiV|Ze*m7|JX zi)DW}%b;9hSkEJ=dg(11vP8RTzXrhIB;qU-z!&-*I(PSq*u-hnZ*@juR4=!F*K^Uw zNq7*LDkVyj&jF-WgR`wrtZr=O)0eR4T?>1GqxAs5t$Lo@w^<84-z%{^FFG}CmADhm z64MfpD(xwv7EOaRXWfL@d60V)-KP}6D2?EPUcx=r33sd`EzjWku(~5P*GHP%aYvGzG%)6| zsw`AZSG_gzy~_5$7Pi;#{fo7RrtzdEcNu*5z+3|)_&pc4*Ojx6v%UokaRWupYQ`?+ zeWV37qZuOat^o9sO&(er>?C+@o2`-6N`X~P17=&XyLU}+Qrf>gQb`nfb)wgT)LL3t zUA!MZv)??9V79){gCShSmrl88P}K?}a^1u%z6**9PbyO-=zTFtGOUa>>i-czN&gW+ zb|1e)knPgumr7=_cVVIoT%VC+*7fjzs*fZ`Rj|&OhH9J~SW|7$TbzU+hq5j_J|@+# zBcQc1Ew1?-sw|xo!n{tPh9K~&dZ}Slc<6OqyFs>! z&u3Jlq1~__?fg+Ad_CXz3G>a>%Cp!|`)vL*8$k95_$jk+MzITjTx2W$BZ7blv4dXY zxb9H0*7`gd(^uv%MT?%=`tye1Gsz}B>6}6R@AM)mSEbMd*usiO@Xya#%vYtbGzDfq z0ymin;(@Ug&?lrg920rLInp#1OdZHWl4$DET}ZuNgI`=lN<;hynDQ$1M+9^UfXw)S zQQ2l3C|cj8R*l@|!8(l1ailge|2mS=$Vr8r(K&JSWraoYYR$~J2rn~GvgrS9Z6lfy z*>Xac4E_K@%cAFvXn`kPf!q$#)ls$l&~}69XW*tUabSF^JtV$anbG^`7;zZ|HjAlZ z1WGR;09L4|gsjMaXvt3nAqR}m%V!f`VWRZ)AL-4mGvsG9_XLIa$$dy9;4&E}QSBh0dxr%iNU!11}x zRQP-eq~-EQLN&U}OowHePzM-N0uzQDfUV$W&(Q_F1F8l#C+jgDEij|IB#Y#x z(8fBlN;FU&P0W|LCJU%d1z6e$kmJo5tTUUvm2!v4mKwbLUbjA9L)lH=MIGFOT9#Kk z-*xR44M9Z+U&UX)NiF~pVr=t(iDf3YI&A06@k~H#kT@1RuP0OR@|Q@#s}I4awW8*0 zz8XHU1K@pCjZ{hNJ>Sqv&B&M6DV@(kOfXP}>nnsmUd3^ohMTB`aBl1hPjCFoh5BgY z6x6_@qp1;!uTpG9OMeQ-iyZMkx47>hD${J9ly(Gf$1{@X0-1uDh?a<AVu0#ovB89X6(8Mw z<@9_7m4U-8GRtR1Su~<#7mYYsl?@h7_0tJ+W1PRk6}O0bnJW72s1u;|#wDh-OKv)i zURaZ`4=7BBjAXXBd9Sgob_iOR_-((nn0i)7a=It4+t0OzFBqqd5)+n@>M{+V%6lj7 z^pyy5e!Id&;uVw_vPzyZnhc1E)+&tkBPrm&mdg2FN^Qdm#VBv`n|ZLVngWEacXww# zC?3b%lu1v6gERteYV!K+jf30&B9dk|uYpx9bF*;V=9y7x9VePWNb`1}jO*^>euK+l zJ_3nR&F8|~VKt|D9c%4cnjZo`>UyMFYh$*~q=mNgFvqEuST4FleB@rq@LykU zT%0@VfbP<}-Xs+ns2V2o*gW=81!@O{Lio$H#hrHY3+^xPQBb>4E=5l`7ZTmQ0#ccg zBkTj7Rb#{&ol;Kg?GLkJjgL;fsG$lPxS0Q%x~>{HxrCDZPN-w1uV>eAo-ukrJA_UQ z)fqU|OE9x47kqvTynkwx^*?2oSzdGIR>zwlFr9SvxFychDzS73D*gF~Ys9&ie4gK` zYB43^MEO2Dij2gJJsmKXEx~#IxSDwh@3C`)?#vE^p9MboqU@5 zPAk)%=%t*JzCHG=nS)qHf8JL{CB)4!*lhigwZ9vxWVFAe*K$(L`=1K#$_Ph(5L1eF z9|uuE7c(IOuG+ddoLRk5SW9LjFgEOZAxt=RB=MVCf}XEY7hxASAvCU5o_H32lxn>@ zwPBIg5tfgAMbH-l>&Qw7E5>ng`buxYXUkU86*Np`%kR3?S1o2=z01P$Q$?L!#`0$Bo{#$T@+4F zWu{RD6J`x@Avjy%Z}PqX*0HpU2;)#tVVFTsr=rflJviRj99MdRg9PQtRhp*)cK7!E zKkA#dSB4a- zER(jCU+G3t!25!QWgO1GT7&|#C*7Xqu^lb+VkNk2jaI2CH5R?#X;~R zR!RB?5F}Sl`BfRk9qM<#Bh^sQIXE*Z9=ADmW!O6=meaFg2)E%wi4C9gx?9WKsuiFE5 z!)Pb06#?djW6rL?h0Vfs$#n4=bEb65`Zj7^`xT?9pg0HOQ*5p zOJo-h!93PaYy&QI3rKfs!eSc<&{{Z$$NF&%){+G2PCfl$1mf;w#)W(uuM3TvR6Ra} z+|;nLrv&?=hOxk~w?_crN01q-;2R{nBryEMGxBDxO4#cg;M znq~$)L;u4xYKs08!;mSe4x@a=t)pp!Y1m}-4#T$d_Z?iU?7yF|j|t3?Z@^}m(4Q$) z2mKvx?qU4zB;ax149SNS9%j+=)E&& z@3s#%QFlMXufB$#Jq+JF=s&hmKWv}w?`$NpGC!}@n=w%cgdu!}L1DX0qG9Mn!clBE z8{EHBn4CKm!zlQ=J*MFwEPMN`-%3WWYd`%KZ}_*4Slk6JXg;D>)o;ILEZu@}6TPxo zybj_0t?%&9$Ccs2?-$a{gb8`Bvp3SLMBom&3>S|Fu)EzfDK6+r=Q0rSAJyx@yH54H zPDKO*gCvt&!Ybd(vFom#%K`Rtw;5_NN;^q=e?Bceyi=r&F+eCQ z5GzEOaCjY|(M3ia{2(ev)-6nw8ien;IMpMPu=cjNK8V_M&^Ahd8hdzh7fkYyRkaEo zvbWc~)&SGslAE%%YW{A)PBXaA{(DIsAsl}k%gp?MAb3ZWW1!V0hEBTzvoe|s;9h0R zB$(3ELj2}u>-)mjYJANVzR{I|b1%0U0g3XTFVqx#_As|Yh*%-DkH7-X zsPT+2@)2~RY=VToF@5%SJM)Qg84Sa{4mvp<7jX)_bloRN(C7=GKo^z+hL=miU^DZk zve>(!d9l#C(xlVTb*0#Yc4L>}#eAhflpnr7Uh>6C_L>>V8(E+?QU! zBd9yr8=O4g37&lkf;0{pl_>^MazfO2=3fy(lDQ9ig2VU38Syq@Q))!>&Lj(^qnjtx zFZF=LNO2qdHm{*`tRr`2T9lS#HV#qyu)ZR^R)cPv36#B4s@rH+x7I8UlAWri>%5ca zxZBO~*NCG~m3)?sVJX$NGTUII7pa7kIzP@oUOy%h-_hd!>GYcT{p(gt{NI5}Q~XzX z5!i_*VJRmSD3Kgf>h<5Cbb2)VJ|AN{+uj3?8*bk1_TK2%(^SW3axaut$Sl3<^LAuC zr}UVfq6V@s&D4uDnLqOvk%(icwLf+*UIAOC#Iu&#ma{7sQE*SNWTWRbKre4|6w<=s z!gMN%MiM3>$q;EPGe@b~kZDK+W9|y2nPZWX_?Geg$zeRKW>9biGyD;y0_WDouQEVG z?b$+u87~bldO}EMG3+b(%QRseu;exd#T_gFP7zs!r8Bc6(um2llUxvwe@Nw%x?qAe zUD|v+^~7A|l9`&3X>bIT%#~`R4j}&yfQU}ADJLUG?P_qa?!?%=0bSJN(ITt8DovZk z#v9b`a%xFME6TxwVWTH;c$r4!*bGa|Bx0)TJGJ%Zl%Sx1AE6U%pCa)imnHLQmvA$I zg(|+p#7otO4N*s@J`sm0KG|kdDD4JusghjACe3Y93+@BG5IA0{CI?f16AWg(>q`-F zS8Xb+_Gw%o({c>!Gn^{_vFx?$9yhJTiIz{ZJBGH`%d&1<=lYv*8W`x@3*%Oh6>+7C zG<`U`_V;VQwFXh^{+#7kp+q>?GsfP9>`AU9HoSVGpSd>V@k&FSoAD}JjF~~}}XgX8bQ0)XB9rRJ(NK&zr z|BLzi0n(>tvwUah@YbJ72>DrA?>|k*r(FF+X`OrN_l|au-N+h5FjMLSPOd&rF@rkJ zPHfHW@jcSII6uLgJ&$Fwt0S335gn2kxDCuBT=M@S2>;zoi9~+`vLhLq-#VMVBnf&X zdE(7#JZHw6jpcJqcvV`cs)HsM^ePCfc*-AE9mrFYUq3sh;cm}Q$O{+NV;%=-yg@@XXe6zD1B#6Qd3lS&*h z)6LGuYXo>E%4d;)d+tt|O$f&;y&4W;5bi*k%Z>EvvI$)_~(_2 z`0D;SxWx6!y@?=cVd@s!P*>J=XA?(Op;e(Ta9bhWw)LH7q$S^2D{ z2l%Jopjo>YpP1~~XzOXg>+yZ;5V4HS%($Bmftilys<~x})9I@GoiAxkBJs(;l#m0J zmc~l!+llXpxmDMwEVp$xSR&F5-8pV{i^AAXqtg7nnH%h-awwVOC3z=@;FC+zC3Xd1 z)d*RL@m%BS?F5-GG>O7IQ7t@gZc_mZG12mb?WujA-#|@NO|4#MCazem5_-g5ME{}{ zLh&(QY}!x(m5t+#L!J#caO+x`T_1)!AhM|lKH@rL!!-`WLVL#hl%7M$o+6n}2eV$v zKxYEWGQsqLl!%O41~B>+;0kEf{+i5Ppk6%kQ3)r>s757xZq1Cn^%Ti=)a+oR=6&Gd z2c;eY!4(Nj1O+0dH@sB>2a8*x`6mM=X^RnJ7`gXsAiAU^Tsg~%lDJfy1$xi&W1%c)_)xL|+LhDA0$m!+e04zEo)jPG z8F>RZnEuwMlVIhPqtRW^Kjw;=Tkepwn4{?-fSo~li6RYxX04dA#C-5voki8DN)nTb zYtUC>4zk3GbD>R00}k-U+9@;Q2m9>(Z;Rk2cK){4;0Y2zoI>0022Ez{~T zhcVuYO|Z+W%S4`gV?)U4&4~KG&)cYm3A_@pX%1=Nq6n0X1g1~p=>@f=qmgkJ0Kv8i zc`Irph*-CtnlmE2*KD+?jZPRur|2u)ACG9$o2oc%%lkmU5Kn$p$LaY@;ROF?DJ19J zUc6@uFYdY#qz^VvgMmE`ta?pLe%c<5m$B$q+RgUcHd(jhXRG`?EVJI@w|=(iU1=tx z0WbZGBG*fVuWGS_TLvAB8&{>el@g?6Q9=`jG$Co8?}-+^_y?v6(d9a@7v{Y>7A4im zYRPfMj>uU?Tba6?g~8Oew<-qiFFS8<4xow_F~z|3;jB^=^+5li1^JZ5qFxcdPo>q> zF1&(5xzBBIxU^!3zec?OtsAl(RJhMz)iST*qS9&S@4G_`hY)s5TAbpv8yYXK_T|3vJ{MJ3O0O1c1ay zQ;;s8zhbFk`WPw5*7&A}Uagmy@esj(*F_F1SHC$E0t=`5V%x3DT(h1McOo7_YM2Ao zRb4Dsd z_(Pvo!=%e#3uEvCl1{@z>L`2VRV_(l#LE}upWw(xu^JGrpvDR*XzzSfJ8Ys>lA$dco$7NE8|K ztWg?Zl6g)e#`pPWfY@8W9K8qnEHH{Vb0ItF3_$||9c&(U2$x%0A>^Qk#pSmQYvm{a zlgYi-;K)r63eDkU;MYHHfU?6OGDe|X)M+CUBvfk13@eK?)-bsu6jM7?OUh^#rD28V zRR5X5i{d77*)1FlxQ!l(6SI6qspybQT&t8ej-o!-3QVkrmBtfKJ@HTKh4ns_U>~#h zKikJa$o}T$M_~az0(^olo)1dVmE1==6)48_rXI2oQNxo{o(Qc9^9h1J=3PqDgdtnie_(8eOHlRdGql>EzKaXe23k#-6f|=i9_&U)m=H$}7zd}0 z;sspZu*Fa+w3apHWlQe_LTA=A_`y~z_{?Fqd*}VI?P70ykZ4C`!ef$HX9W2adEtoN zlZ5KD936BOL)0bQ@?p7P>|blFhGD`Hv<_8?+vigj%Z}OZc}>}$nw!Zp7{br5M4bAoF&1( z8wG~vsopky3wF@dscOx7K5NV?_03khr>xGdHZDcb0)y%@BrPZ}PlkqLsUF#c_a;+o zb5Ms50IuLu^h%U#0B4_G14~q=DmXDX4f5%mBg>==MHCA&VlKG%e+E3?)_u$j`75=V z2#4r}5+iCbt6^;V8!26}+c1Fn;Qc^JN{`0-19h}E=~#6lT$!{Ra73HSlt8UmVGxvW zBEccYs?vxJ6^;r=)V3=~?6+J+pSjZ&8kuKTj*UeMG1ArEQP3uoeT??_e$JRX#8{S+=OE29k;gP}A<)i=Ga4Bm2?FzQtBQ@te9 z&RokDlaVbPnChArmwa@^<&Tyx4&@aYqhkv-B_Q8cWG~`f*f!RJ*)|l${RR@i>y#G7 zxswb}14Al*(~G!6`d3m`^+Oq7a0@7S9h(-hG8@`wVR! z?a-uj=vyB8{^&j=;^6=WkY+{}s=X!L27RU=Qt+>4oFu)!{G7b~WS(!`{>G?6KVLN1 zemkzm9o5?2eph5)X?|%9=bKxSgIFQJm}IbpH~Ue!a7k~ZTbBy4;x4uv8a2ei5T?Y> zr598r+HcsfrvZ1?MpHxGSFA{Fsj1V1fjLsVaAJ&WP*f3C7yWLzQP+?l%R%rv3BujF zNziH;^@s?NNIMQ|L0eRPmKcdQL={;unzjfs797rtK^BqJMhV{XK~skw2R#G@vYRsP zQJD}{rM4!#im#YH%C)_Je;!Sw_yWj-`n$ukoD4j@H8P->CY=dHj4Wb=D>oWZ(Gf?C zs(HA$-%U)YUx`Fd&P=Z#uOt;D`EHTALOs3=E|DQY9fv4v7wZ$1WY|F7&PkKZbm@G zt5rq(JGmfgRo#0aL{q>Sy38i|8$m~^Br2KRKu$-@m5-6bZ>qSdTk&e?n!IS;A%Fo5 zyDp<~0kpFDs^ni)?R2{R!v#-Uwzm|6ZD_WD80q831!?llm81?4#fNfUxW#Ry`00;9P5 zM`;dcBXtQ>^r#laOmH)P^PU!6s%$~xiZ~-DlAG%OM!@ij?Jlcn#qrY5dy-_S+*RdJ z6vm}I2k&k0U~=k1nfn@-c*Ze#|N3N{?8cvvBMB-QOGaDc)m&ma!AgAW1)R9?FBrc(veB@E$dN`)V5|i;lC`*1QwgG3tMX}so)5uU^#D8M0H%<6rCC^CVWSCcN@E|G zhjAFE2JEF1!yTbsx)1E-+fcrb9ke@ZfzqJSJp zGRK&5)uS`S*3GFmFvDdmn8#Yj>KZu7U)oelU2;g4eXm?c$Q+@TY)C6^%ECt=DKCa} zKMsPrM=^((PI)o8a;OVTUb7%ciQ;LvVF#EkX4dW}lJzT}b{Z?Fp%P)!p0&I23~9Xq zn0U7?a&xvnK)GMg+6I^U$UO}xi(J(5eU5FeN>1YQlkZFK2X}0bbG=1R>ZRZ>6LB_k=2^>KEC9SU5 z6Gp#X9w|24&mAncL~z>oYjYm2BRGVab{he4x5KT9VbDu0HiD9oeHo$`1EVbuoeJ_d zL%A*n25FN^hsVXEJ+ryxVhcS2@hm&##PI36NsA}6qUHO#VdN+Zw_h9%Lb$~_jlT+( zrrYHdqU>=i11)MjsS_tq`v4WTpYQ2_L&wS;H-D#k(w7Iu$(+r61<%F<2-43H{`IK> zh}YF~e~YAG{~@_V?Ccm^XWbCD{M#FJ@Ah@tucq?O0I$&|&3Cc@l?6ppseht16rINHq%i-p-JG46bha+#E-1SgUlMgHp}5N*P^%Y-VV2N!S7eqfy($C|o* z4jx|T9qMjE=r~r#`udHBlfuX~p3|M-RIcOm&dcRK|3{1IXt==oqM%BqZ%d}-@^A>v zy*=p*SGHxwwS8%M->o+qY!l6~mxS9if%I1&26Kyc7nyOf;c7cg8-1TP0MjvOE%d<2 z{I$a{5>y4t^p!J1!|})o(1S-hL6xE=e7%0O6v>CzVVSaUHugC5_{4_pilj1)CvDQt zxBgb@6?Usxj|w8L4&obx)~9gp;5QjCxuy1VKINIe$_EK*=cX(yDLB=XaOCM17NiI^ zDi`g|OTsklB{x)`8fdByLa+G-L~Vb5dK7t(5~{hx&Esva@v>83*Oy)EnXFX3qRl+- z0ZOr%94>BUwZEA$_QKv(P}A0~i=LX?)!dSDMIdW-v&>@^0bZ%)i1B5}bz>oJP%Z_` z^=1Dhgdu~l1irR@w7x2MDT*ml!#fCjVfTm{g`lGxsM z+TNC)wS~Ri8Livt;e4Nh)w<*1`EBCjQlQytztvhMED_k&CI6}FVi-MiG=dKf`GfL$ z9I0AUvHjVy4OV`zD6LYCoAcdPbgf))+*onZj9cn97d;QR41>k4}10iW<`h2OxeAzAVsdY}Mo@fi9@?zz zG==YpR3XJ+&2@IA#X4!(rA3Ac>Bu2Xm~)d}{VRr|Iwz~a-;So^9I|$MB2q2Fw?ddJ z{&}!*5QgZ|aeWSyL?L?4y7KyO0~ibSC$XyhD zg#Oj#N%^8lD(GrSYgoP@WsA)dH1?k?IK8eJbEg-6W9U-m^al=EH{8kfo=_0zoolyP zVsn~YabB~nX=t+PXhMdQHp6qxY@;W~Q7w@EHREbKZ`Oj?m<%BYM~}~x6}Q5#w?jHQ z8~6+@xQp#sfY@2jCLyjvq0emKt=}@mOk^rVJB~TDX{!1Cth1w|Zn-pg=;)CLirD z-IasImtXKwBfbrG^(Bh>UE}QgnxgQgn9B?b+8LbIkzn=C9m>th?mA^#*uO_2ctRQ# zM^ct24F{}sP)c(%4pHU^O@2zS2&?S#)Q|Dg~QcAeE3om>9=yTXvT_ZqY=NI z+P|H#&!f7^ps?0}hkDi3tHYaXP6hk$HPO14{2pujxbWO8``H2C>4T@_hJOhU$d{N~ zazr*W7SGzNcalrduQO4wUBmnKDQL{48#~N2=#(-1czp~OAsaW} zbwwfo9v=^P?a}jgB3e!F1@1SABSULtNgr!>^qz9{+AR9AlN#NChq^B(=$E!HxYUZD z7zd?0^3^XYG4@PSerTYzVH&f2bcrF}HYyH!@PQiV z3gu+naN&{Vu=w6z&tK{OuHpQ+JvJQ|R>=dqNYheBFsI-cmFkSH&GS_M$zpm;#i&L? zmI2!~^))JI_CM{$2m?hqq(lNA&oLoo?$R6A+CCe5Bcb+G#kSVI2hsy&cCy zWN{rsRi}lhXzo%@tIakU4b6v{N|LHlPlcxSzZ~qpU;b?lne(`-pTiEZfsYq+e4f+F z-mYVL?QGE5=~ySZjr{!qI6`%n(TV#J8>5@WTan*kE&c!zm+U6_xtnzJ{2XZzy2qQr z930Nk=QfAcN#I^t9NxKbl>3%IOQ^divzxF^cKRkdmQ8c>UEA05W1FfSmStx7p_i97 zi>H&eL}%~)5Ez_p8}b6|tYbtw*lcua+^1r4$fiI=NFElhQl3`%u5phqroQu~Ku&yZ zf$G`sCLv5x?&;o-N0!(;7N#Nmq%dxaFdM#2d8XIx@@krZ=B?8P@3y7(*Bd)72S=@< z`!^k6a~1TVrYp0@yN-fNtBw%tHp01i)O`Xr19SbH+Sj!INS>) ztI(~px9=nJAkBiJ*iF73g0CS6)SD-bT50`PK+z|TIz^-X=Sgwm4H+ch*QkIaRo(e} z;L-k>w?BHpU+Aohc+Z8`wl2g&bYWNMd@j(rFUEjVSUIo}vG&)fcqdC^UQObyf%~9O z!hrMS8JZ)ANIGcXQ|g&DN-X&Ci*^UFs#x=E)O@*Oo_%_e#YXUWl)LWNyZ{It`Y^=M zmaQ2M`hMFmF$j|KFv8+R>-b*{LU9B@dM1By;o`V4GfgCI*%hpoVM`AuGnt6s$|_$g zvI*WpeQif*p}5htH9~pWn`FG+<@6a`e%xW~A;{a$=z~js0tCldD>Z~Y(-cE@2{#2X z6a*MdT`$$m1aJ@~cs%*Rz2I6;)${GF$z2WbE;Zp)v2C6FAnipWlW7$Ox`dI^F6kz= z%hcyk*(_cLx+78^#eUGINd)srI0P@y!YE=oz&2_D!uj0!8F&Im>({#oY8N#v&ax*f zwu_xM5awgsE3;h%iW+<6v;^~fruv`wyHIn0)|NpKd;ic(ML@q;8nO!9W7JiU5@86_ z(&keTrhZoGPK~H&I2lNv4A$JrIN;Wg;fCah&r4R@mUuRkKXzK8Ui(KzN`hrd`zYw# z;G7-mPN5l%%VE{A^_RlD@S84I&uyd;V=wgw=$1mno2fE*#-)A<`D6IJuFA<(_pRLY zb`vA|Kj_@a;>|YwBZUFT>clFgu>23Tj|C)=k%be2T??rQvP)dMrYqT#UV0Tcja7yg z2@XT>2Cp^X)ixrtYvIqi7MoVqU>4nF!QOoLyexHJt##Of6N#X_#Y_Jhe^H7|^)aH{ zNIXV)+?h}mSOb%(#%#K@oiMl~^EOBGs0B`G1Br@Z>0#f(!vyi6q{ukS?xmf2aVi~4 zg*R$;G<<<}bj?MbO0#=YrDN7n`+W#Gjld3)P6bh4;X)|?i^WPH<>j;*@kXOL9AK)( z?_WoS*{qv+mYdd+>6Elw#_SepgBL;>W^bL0w0WaJ&yf_2{~gOb%V*^nfNx4T=5C8< z1Sm1~r;>>leD%AZ7St3TS$l>oJrs}{ai_Ab35*$Ng|7t#!fgKB>!kA63BysJE%gzA zm8OtJ7$)_&%()@R4$)z2!a?0!S|0`ArAFx&w+Spd6IfIl&~pOEE`q`L#Ijn|7F$9f zk+Uk0bHP_5^pdo9ixrVlkGtp5r^Ae?su^B=Ff7k>twX@ul?8 zBKT9EVf|1OTqN*&W7&2~Xxusl;COlbjyooaNK`j`H=|$W7O~9=_sr`g@AEC6=HNA( z4zUIO?s`vFywu?^B;bnd^9kaZ%G`&;jfd{)W)E##A}K3nB<<7vFqOfKe~hoMq+tg5 z0PSD`AQ{!vZbDNIv-k{|R?I4VpBV>bnZ*?dx$QnDKt%g!PjS8@2pHU*kmONB2OF_^ z%mqvItAwIMZil0uPiXIulmx*SC}bLDO@o8Y)dfnDEBnv!G7&qQ;p@(J%qMLB&$vIr z!AwToaMqqh_cR7MXAIpUVf+RUu*N2hta-n06Jud-w9<)?GB6A3`u1(Pr&?0IhV4|# zpoM%C-O3(?f^$;^GTol^pE#$Djqnj4T%Y&^uwFyej9TOdHV1nW*Dn1JH@74O5h2iz zwv5pZgN{dbN}(O6L*}X&EV!PSx(Z{y}uRfnDH7HRi-WU!Gd zD(S7Bc4MmGI)^PF&vA(aU4T;8L9dQbCtwQ8w1mh-Qc=9bR-G6~z$Un7NJq%PLJ#p} zl72b$(r^im@1grrV(>7M$3FG&#vo5Ty~Fe#;){EvUZP9YKQbuLfNpBh=!R<{Fcb}R zfM|?sVcowQ zl@-d>0XPkY&t|qQrZ&G(f3coTYFQ{m-RlP;WB%pwP;I$3?(?6 zvcbUDRLa%bHqxT`p7g)o@@E24Zq}(P{Hf~hLWcCePLp6`L`{{-N`sp5etRY}<$m0gkU4yB(?>8H zmJ+O}W`g+x?li4--WQzM#KQ6l;mO15c50^DEFW+`p+^^DPXxD7f)Idy`Xnb;19!@j zmWsVQ^%`Jj3~IAWqtk1zvW;U5?%@1WJ_Bf zLbu#Kq6YWYnz-CW=m`0ABfx477f%l{o6^!z|222fe6|s!h(|E`8?2MUE6%o#>C5Vc z_K(bKp1h8k<7-6@FI+I0{b7vFdKfWmr{5m*`d(RzddH5WB!5x$DbNFBXBykXN9FuHR9U-y5K<2G+w{~~)H zoCwks6!;(KShPvFybfM}Ur%QgpFgj!t;&Ig<31Kjr@6RbDvT|7O*Gw*G`! zLf8c(V}y-W3IYW3_onw1T-GkpPSoi%U#rTl)aKUn=WCQ`4=Qqk}p`OAT=G)7{-Jg1Cmd)(C^Uvdu`P z5WBuCwC{0J4uRas<+rJn+z^J3^R8_=4wmui6B3W3X1(DI!d1PZA532K$MGG*%X0{g22e3Aa&kntkn_W&ARh+8< zt8uUn$N90zhV);2l`lDW4AL_{&|04+sFI4AZUqTyO_KVqV)OoV;d7uXJVn%+2qj(5 z7IDJe+=_>{)Hp-P=pqnmDQJm(Rj>kgG70C+K?hPLY!~s3EZ*v1+S^02il3%OtseF-cW8 zw!nD+fGlqGCDc$cI6AZ0`$Y2_o(REqZBTC~d8mnt|w800jiZmR2+A zof>9XB*EipovoLFvf3>xCv65}H0>U*L~J3&*`iOW#fKeDQ_wDI38_>LSP{O8yaV_D z42$pag2sLIn6Cw0#rODH_TWYB*(} z)>n~Wf~}mR$nnyveXl10Yys-N>> z={Fc3abC~nEhS6uf1i==%E2=ew20>=qs7txdnQ!9aQJ-jIT}aYKmP5om*I~gqsk`M zsuL@$3)p-;t{k~$Fb%~UAO-qe*;~_C6Hipv6He14-J&ur%ih#}{ z^lCC-DB+M?K6Xi;GZV+}SfO{R#$(Db*?DDc5Op}Aa+xVKNa5+P_ujk$N=KMHEn_%g zvJh0-yZI?Zd-4+n*fFO%d(etS1ybKv8p4uI`a5E7&cnmOtHbhnm@#A0`{JVt+WN94 zoE_-dSWX{mZN`Z_o@e7JjdKc(#=A{vko> zf!O8rw=^>Ve&OpxU&!~dqS*rXNe~D|!oSJD0o^LF->Da@vk(lVK8WeO}w zP?$)}NoHkBtX#Kdv;%!*6m5tin7ZK{uGN`Ko;%sB2!Mu+WR-*Eswh~k9(d@w)NJvw z-;gMjO8u<-fDEI>F_Xe1@!VV#qv5?Ll=iX~D^NhoU<5OLJpJu;qFM}-NPgRf6&#Vy z6YP+v2aS)+5Dm)>*P&^Wygy0ms&J%sQ?u`Yy8tw{oF7Qn;@inPtsZe&JsHZVY2O`` zOP8=rqlu^t)taagsgpISh-2QPyy`f^ZK}L(;d^g>z@*CSq?MrdF}(txO;~BjX7wmF zjSSNNCsj47%AwE^jaKaF>uPLe)3x@qwud{#Vnul;7upcw;uqGoiskib)HcJ@9PR$+*QubUejUg9VHZJ+4S8Lv*{)M5RSn|Z-2;-UT)vr1bT4| z+C@KO(JC;aYDB+&H^Wkgu%AL)r4qp+IfZP`|y;2|(Elxp9g{adG7v8z&g=xw$eWY=PRBy?GxD5OYOQ5vwu2V7G(Nwcpz z>XLj-54Vi1NTY~lIg8)dUF}SkZ0kV> ze|i~j$-n>SSB6W)zgYJ;{p08Mj{NOE1N?vUDBH~ixZD5t#p&tmldAvki{q0Qe;WON zKgILK`~Sk~+=mPB_4y^dY4-xYKELdA1lHX^-q`93oJZN`atFRXzZ~ijtc#8g!J|X) z=n(t_9D=XUFE{fEzCOPk-GWEA;Gz9&Hmuoy=^3p5+LL4O({qvi`^hJBlHJHh)+=r0 zk+!FFlMNKv#P928U{Y7k(gVlEf~8FIsA0-R(sn5EPu!KYe*nVS`a&EaipdvqYx&9?cFdY|j|n*it1J-U!S5wFSL3^REosPpKr_JRjiQX^6KZm{V&}xyy_YMo?vLDYXJ;sV!ysG&w~5*1hqXx zYBO~qbsXVL!@cbii&pC`IeY^Q1OVquu1uVYH!Pu>0D-S-RcodT8YkSqNqdF`+YE#N z#d39Mob?1ID&o1aI2gTM7?X;aN$8qMa!QU!yWIt&F75?5-KPAF(CHC6Jwm5@J2OJ3 zcN^UZo&H@yr}t+Z@3$X60?2T$7{kGa@XrQ8&ZtuPQi@^`xHD_SZ!)DDj^uQK9)NBr;5el{D{2SADc)qm{?|GPiPn(oviK-P4#ZICtZb0cJ} z@r;nQ5wbQy*1TtgtOcGOAZsJKqw;)abjMaWjnQKGbf19z&vSCxHT!pu{qN-T<*U=v zdj9X@ljG6;_bHw)(*EbK&TUP9wVZ~f)vtWfF!*`jt=alkeruo1%;)9b9O~j<*6`1( zO;u=*5P)hp68HKLWDiFNqv>!o9agA6nhrmK>9E|^L#&4FOrXm)LF4#RvRnSK&s=zB z3wo9$8pkBVA4|s3Z&d=#!>fR^YB65<631fmu*})5p59xR2&$z;o^KA?YOp#Q$2gdy zO<}xQfPxJw8VYiopF$d}z9ys@Cv1&EN|xq8jF2rXHFgpp5{t=)t9Rf*VAvl|qojzn zW|tVazDlTClIKSOaQ*=6W~+8Er;0~sMcx8wsxF}KY(Z}UL1jYqkGm`&$#lP?T$$V# znxroA3pWntAzZaEMD3+ZH7Kbsaax* z!d4dDQ_bTd%}{|Xd)PuH4Zgq@u|!~?uFY5Foh@vCKl7GmRvygQ->zW7!U8!ToJwIJW@k-NJ`};*s}E9l1?je z&$_Zh*2z_t2QMtcN4#GVzY1bf*o2b{QwdLkB3}y0f5j1+wb>+f8TN@(!w zqER1eaWGdi_U3u$I^HUkBKH*vO_%jdPP5)&df!; zp0D$|SWSA_^@@JH!X~~G@%p=U>+N2X_CGbN)jS?P@>O9tS@7ON_ZrD+ve`K~={Zjc zjOQD`!TYb+$B40Dl1$jY_)%#2kZ{-mTIOzKdo}wK6{GO!g2FvnX#PUU>B&p-+zg() zO>>^F$+ZyV9hD3AjZ0!!ZuUT{$K-h`ETO&$@Pb<*S2PEc?CaBxZ5B4!!USWNHlN{I zy)CBLC5Xgnw#t*eu56uWQ)7=4U1r1VNg!$F_|@?-d46HFXVe7ATPcMsCz$Y5<&4Hp zW}?|@tDW4eR+;8}DVfp?)|;!qKw)+tmONTkHmn7RBjbWRg(T+c&Jqw@nL}4vE4C7{ zn!xk)&#(UUnmj-Gi9a$ix7jr<_4YFxjqBrRJ%S z%e8l{p_RqZnDu^6#DYgOA(2?kjqkr+b+<(tp>r2F3F>o_=0YlR_Wlid{@?yvXlC?r z@$(gV{(t_@H~T%%VO-3Oc?%i3L$HdLtxk+Jr`%=fM`>L8eJ5n&lnaGc0s9O-b(xB# zbe^E{iZe+hE0q4tpA~S1gIuv~mI=;4{kio&y*vG3G#l%=y#e-u;q`bGEL6U_Vz*|$ zM`D!;6~w=|IcS%>hr7*Izs*(i?);~UVWQIsWC&)c4>7bAUZ{3S5_*P2l^X*JwbUsk-t}t@BHuiqWB1l2|90XQsiM{XTVLr2d zQnbFRb!vaK)&j0iT&jo?A|+HAMVF`cWtgw;bqcyzwOGM+?3FG}xr%^ke%i%gXB%P4 zsY%K%RK-$ju3d$(nrIa`B!$vt7r*k%HM&*sm!_0yTH9FAWFO)3D?S%#&eHsPoeh#W z-?mh11*=C`pyO}{pJ8gOPkt3wSXqKjRDOse?s3pDULXslQc|vGT5=L9EX%Kq= zWQ5Rt216VzX}UlsA4+bEypRspv#HETi(I^6Ig5r|*_^q;Ubq+sofjlwh&Q?Mw_qrK z0`AO1!f$OzK}4Qtp^)WdzBbp^a5ZrV(CH!-?O+h?V1@@ zrBY)J;%7l-fSxIbmDzA}Xg~mSh6JGImJUZ3YB3QhJ0y}VsEiYRya=sZoBZl#$Ry@5 zT7GywB|nGq%{q?&0gJ#$)XI%h(iH&Tv4LF?5QR)ND=|%G`a?V=31@|+p>t)UQ6xfWMo=A`)3nrL6&%Jt zTwh<38Thl1NW|L&lWcGt7`N`}=33T23MKm$*or5nR;el4qmqO)X zZ37%OA?iUI0b1RskFIMsQ?Gv>ON+n}NWgH_ zO;TOLcvtil92k>q&(YKdIeptjCS+|exQSv8H{zNn!{KU8;N9-I`Ge3Wgw?lPWCxfo zkXgRi_-!q2%uUkmHn=|5@<((l-@>IFoyNNs!{+Yfdg*O82R*Lj=q%pRDhnptq;N>|B-D0YWx+D)v4j`XwUFw2J z)1H>+B3=ixe&hl_NBC;RVor0GtT6>kPphb?OP;ePI+Uv#;E5~37paiFpyJGiD zDh6qYN?*;2O`jTPMMhUc0y|)>e*y(V716T1GdaXDC^+ko@NswaA7YV1I4vICDsaH# zRUp{6Yhws68W6()O&>!;AVJ}37<>E)(>~M@;QN! zSLF2cyEdHeMT3PiQ zX6&&so@cWyv9C_)rnu^G=d?cc%7)T^#0-D{ z37rbLIAZDK!%S~Eb@W#@Kho>t2=xecG-LS$DRg8z)_sC*N+lK*p^*MT8qJ{6?(5fb zTj1X-p68nB-ZM#PN?01nb*6tQGcgQk60@&q63%*(tC5Y?`k>r_Lj;pt(wr@Z^7)x5 zUPadk8kYgQT$3IB_l#BLd3Pm>G`v=F+ONbvRuYyn9$53Ktx>oWD7gWTmiD4RNW7NO!XN$=l%veVNv4V<2XIVU zG0b1&)>6Q@$?f9ZMg$rKl_)J%b0*32SI5WS9O|E347*6IR&=6RMkU-%V@U-?4__U> z_$H*FQf053;I;+og9iE_@Wu(TAC$xpOXAh>@#NKC{_@Qs5kXW*-GK-M+Xq3OpB|qc zo}T>q&^Gd^;cFf1#Mn8805iTXi+Y!erh(m|88J(=ChsnX@IttDAr5Ax4q1KYyB{;0 zt-u*Hj@x0b4O*UI$qEOoU;U$7scCbo`#IgB@!mAT$S{mqtx_v4v_vii-H-%WbxO-v z?T){7yf&{{P_xZ7Lt?8e2g`k`6-w8z=?~aEGOB|4fF2VkiZn+n%%()I)M}-=9bwRt zQ>A$Ok}9oD28D(|bTp_3&8egx{Js`ix;pAcw1+Em zpKX4v|7(Y3dIR6t3bfRk9=9=n^$fXHJFQDThFVWYEC;8kbaScJ>iuSih+_K1F01?y zg(jl24vbTSIOk^@BAq(zWYCg_b^;5)nWoo0O?XUm<|!$Drnl~EBxuCXa>o^6A9G0o zo(G%gj;+Z}o~UU=Z}c&66VYiT^P8O%7yZf2sOc&^9zBf_-Y1?Honk=RV}iczH39;v zgsqjKqRemL41mAx*m^fY@)Wn%?2c!@Fv)L+YRDIjimi5uPDmy(Gij3wda!W2DtmDn zU3;!a)5>L`aw8uPk56^osMQ9ugtp1^ur<~2-fw{W|84TUJtii9bVu&6-b*nZCu?sAqS z;^Dl6jSi6;yXv>?qHggH)N>n7aT644cZoqw!5D1| zE-UFg3GEsI^~}8^O_V?o%mYv2h|1W!C(r))>}e5cs8ZBLDO8TOAr~MMa;EheUBLxm zW)OzlcimU(G^ZcQa~J4XBs5*Xg-dp~I0Bs_3k7-oWW;^@F%ui<`oYRwn-vRw;au$} z`tfWr1TTKptW}MZ#aG5EPs>sEoNX%#H&qdhmLXYi_efSWj(?$YJy-@j^UJr2z4~>D zd<>bMea}qY2^Jrj0OEKzQm&}>?HrQn^F6t%4~*J+Ef7=Lm*1>x5?jT zv&p4%GwZZO;XQ_~h5)&fewTq5&)eF+!p1IBpXR<8ynK*wcU zWP)Y72MFWZ%0lk>tG^d2<+lMiZpd}rRO+59-x+&?2B6SBuFqI%+V34<$6SG$Qm(FF zbW=k{*;cPISDURu90F={;+{##W7E!ewasFJGH*Ab(ChCdT`@!H&BoiPSsO9DA2x~M z0Yf8iSi0VQq(iQEXpE7MXmZ(Wq1-UQR7)Q!1T&<-oT_01w~<@)uF0}wZEdgS~~WGvFrX@#z!3*x8jpU1D7ig>D(m3&{pE?}IlilMH;ozXeR~C6gr1xTdrSnsXf=R*eLctYn{vH|~b zhsc|^@Bh~>C&*HZWPn;9uH^hsuhX{b!4z$-se(tmNMaKKL<@hqFJNv*S*8Z-{`7(# zS8osyxMJxLkJm(90hf<^uG!456v)fx1m7!F83Hp%CX74awh+h17&L~{s z2ErH&qeRFDRe&OqGrZl+=^axfOK8MQ2rRuR4k2I+0QK-oA|;84Xrd=61iR5y0JNP+ z5f`}0P*#Vl|FtN{16b}8e#fw6Tv9AVi1eOIkpfMDhASTVAAqe8iB*=coWa^8ApP=m z5$fk`_Krw~UV^G5q_OiJx=1rz5!&fm*SEW}Iu{+1Tc^Q!{oUog-9UUsLB-(n75I)I zN?&V>R-v(n#&&p=te7V}`jHJ9qAhDL*|0L)0Rqc#3E~v_;qu4J(DoK2lbXBdOe*R7BX7FX_#wi*}Q`AH@R&)-$0LS^#oD>HN5$JUUUv%JO3p!1y!5zO|1 zNxMFBfqp62_I8m1R05~9-g?`J8dqi~8mr>~F{2|qh)O7nQ@C}QnR$1c(1kyO@Dci`u(@vw23!u3=$ z6S{B+oM1;gr67<#P4L3wL!S+rtT915_^y`*9bAW}-^0zu75hgY*5aZp>ftSTI&n8Z z<`!fJNI)o6toEO$7CAtu)8i@%U-5rY5zMAJ37vNOVA zLr4aIXqreyM&76bs2zsGra0)cDetestj2doFp-B;3>*2d2PX?C$q!wGR#o zIaTXp$qH#sBKI>_79JWHK4jwdkVeW}WTU%?iE551=uI~bFS%!uCV@r`!MO3z$G*kZ z9}8%l^A+SCGcGhXuaBfW2y7>ao=?%fdmR6xk6h z+lJKQ*=#cpyn~BN=Y&_X#*0h0YO9eChmQMVvLO-RopYC8V z`l*rEC!k^pi;!TqTq?clKu`%LOLIdv4kg_L>a?1=riQvHcUw{YGM&D+(!XkYKRnFb zRlQy?=3J+}g;*Yt3v(mP~$J(lR0Qd%ygI3 zoBdTYzIHfYowK{5Ro3oU=S~7IjUtxiiX0KiZVSvGVWnMPCMwx}OQU-|2sRaN`wq)p z4ocVxf%Wku56S)mvgdGooP%+jL$N&eIvO5)APzYU2OWf49)jBuD|`SBIO2Mbw+-T0 zg^#s9iz4vYE1C`hMb667)yO8SqIqg^Ket}{9qGLM^7FMZvYubOxza?04gQq;)HABo z^}E?Q@Q!oV7SyWB%P#8`JeH;#1D8S1pUUI=E&Z+@9nFIxj_q6|7*9T?IW0FJdLy^B ziyeTzc)oAo=57sBJ2OfB^*mAdE&Z9zj}iU#{uO$W-U>qkLk^745w$q3=|h3?B(y-` zBADWRF2El|gHc>3YJ$@{(epcjuXhNAc^(aV^A~NcC+r`a0`sUc9!H!Vse0vfq{V0I=Ys2u=E~AJ7}wJ zwM|ht9LOg8f$umXB-YTu7}EAgwWiTgtld(qHT3&!%C&nP+?OKQ?sd>lP_o_Y_@20E z`)FfDhOy;{v2tMC1Md8q9r*;Ke}ay}e0*S>`AOlX#&{Gq%{4L$QNelIH9kU$ybRT8dU%&@98mpSkijf zSTLjh^dXtAOWauMNOBZR_+zh=tV`a4-!l&oSIwAmd}xA9L$;ovO6|=&PZtP}lqNPH zjdFBSv)DP^VSdjcqmvm~pyBzNTr$Z;JS8&$9j4gqoF(FcoJjVMBZZN_Q^sQD%`y!% ziS3bu$_1b;C?*k(L@0^v?vTiNAqRP}e5cFR=ePyGYbP)Wgrrge=H0`AQaR_jq>?9V zqE<9XNQQ(Ew}4-)Onit<3v%*UG{W8loNL0_*M?+X8<2Ia#;2h#kU-0i6AsW`vtAE< zE*_c%SogKfYO;iUOC>emcz8#GIX@Z8E z4DZjW(p@T{K!JPx5qdj9Z%62@dq(JO!W) z0s|z;L=QFus+qQF9xX8$L2ObJuuv+a-BmKv8TjW+Tg(~$;p!da{-nV>OyF3B}SJ`umQ}o_P2@Y zc|5_s?+ZL^daOUS`BrKrc!TKB;mWeqKNwAiDxZBD>r=N7_oxeKplDPrA6iOv327US z+p?f2EF%z&zB1u6$(%-aEF79bV$=k4S;QoX1;YR!n*Qr4Ia5Rlkvd(?r0Gl51CyNtemxdh@HLJZGzHSU7J}v?4*TXu7s@;q5ET z)f2j`!8O7|_R~IV5>I)~X>yU~Ox}kQZ++ssfQxFMs^QMTp!7g_j#2JA4?Ok}AxWGj zu&~ALEkFjCGOHPI2m5ROT%rC$36-WoOgq(eslHKxNVPaMm^%y5K0Lc&dt~QpHxMvlAEf$-G znWuznkwTw4kHU{Ig&}-%W3GgOgA=NT$eIV=yV6x`fZ@DFlADa&Jj*m4Xb@jw0z>JF zn2;3L0$iP!X)<|^SA0hp%PwURQ;N!9{`og}@q;UB%Rp&%@`lLXcAhKpxBW2}W}Ve# zp+M(@64Gb!8TIzqAgO&;D<9fz`;gkpJ?8}R%9aZV5^fXjb;~^gDc#uz!-pLRy=DrA z%jTb9<+Z+OCV8Kb70YQ%bL#!1Iq+A(hA?`XciO020N4kADHFb91 zCC{G0A6ZgJnwUTJ*$MZ3>Ra;f|M?ZR%Hm&`RPM(=JmCi~@{b}JtD|!L|GixCd6cQ? zny!-Vzj1tgeEjxU9F4Nbi}OLT=z0qKZn}!UmS&gMGOGs8ZP*eWGoZHx<}AdjM)`DvcDV@O z&aR35G)zXF`sgI*Dynh{G{Ja!3s*qgQ=eEGXAn0z=nANcImB0W8g(upwWL-u=8Twp zZc}oRl5@IZ$vIW*(I-GtT1_-zhfRUcL+gbbqLSrwf%&Sif?39*%D#!2(()8o$r!SO zN`whONUZ1?K>VGeeU%osY^}kQ?e3ANJb9HX30vgHFB|NBUf%Vr7MX=G6nl4y> z|4G%sdhh!*!g_iC)B;BfJDf_3-hGzmeDOb>LS!8|ikch8bz9-K55Q_*aj6dIvxG-s zQDIZPRfWSeFLj=dzozNU}Dt zMl}>nvxe&&waM0rf;S+!2GS8XVgx~^IkLKbH*0DRL9Jl`_NYx;h`FNkg#B=Refgqi zyl=dswjL&VJ$eB>_BB(ux$Q#?wIFo5E@(~uJ)SPKXdsH-8T!6ap|W~%`=jo>-E{5O z#E1BmFsVG5%=#_ zin3tHiwVC4*D8ZJ%mt9ZLR(CPjQy=}$!M%s)KjAIRkcrDbcUGRNe~beEm?GDY-bs| z#nKfkDNZFo;NT;mir{;Yk&)1WhE19Yb4ZnwxyO0&Q`A4L*=gxnH-8Th5#xLy7Y7G= zv*t}oXEV{aMUt$^gXB(%?nXR4M|3qJy%d>?czp<)Dh;{W?-NDHQ^le}ve_NaeqoZ| z_TjHD8WlkqMNg+M%aT?29Mf`w)?D?Qn)~B|^0aj|&CcFK z`M8jF>A8kBnUdC>C56b(&jzXlSCzso+Q9jlRS4|h0B}oN15)S%dZPFut)|+3e5C-l zdb_K7i-OkhO*aA`xTxE4>NQEx^*^W&Y%nq7RmMJ^fc-yDl*rHmup9R45B>K4lUFBo z{MYM0os9PXPx5?`_J416Zfp3zemDC$b4JzD;_rTMnEK0))@=Ol#V0lHyN(XVdA*wv ztl@iF!R0lanW7B&LX^OO;B>`uE#DdMDoC|cO3*B)esjr4b7zb>84s(PMF%1QXYl zrmx7prT2(uOD1Op&)dw;Rf?Z`WqSyY%@PG=+pXk4UVGq?BGY_O|8z2avANrgM?w7b z1V8-=2nc-Rtmut-aqbGXs6PjaWFq0w+EL~_l*U50pt(UvJ?*|uD7$;DhtzKwIh9;kaI}wL)L47ts7Yb+P``bZb|-5%|sXcsD#NCOr9U(&50_8CzgF~PtDxMZ z+E1=zD+bzQ=jiHdw279kf~g)YB2#iHl;ZQmxTvddiTTL&yV=R{q5s!O<*yfQQ6Rkc zFQ=uG?|YH9Ir(;wY{k=|WN{^H!Qs;EyU>|9y2j+J8UE^QGE<&Fb92{5#97ieIt*!q08SU;JXz z_Nz=gpVagVz1+m|3l*lM8tdF*HOQPn@D-6JYilIIFX%4Een5R^4X}YZYDq}oyjY8Z zL}*Z3(tAeo2Z0RJoF}x|a!O);3j%W9uE(U7u3Kb?@r7{@WI4e;jaKK;>RhG%Xm$QH zR%hTb1C7qezy{i!{awBRh8tH;4Yv)9=a4WOE$vTBk;LuR4odFW`p7q|WR%NVB3IQM z3h6Qeg!*e@EK$FwzMUIcxLxUOicDYbjnZBfvi<}NR`zJ}a};c1sdBceTsXBOujZud zHdze_ELvAK%4gyYJZO~Z%n;BDw8yi~o4`J}eWOBcpWxZ)(_}aI>7Lnsq`BU4raR|3 zJji@!0CN;;_vomZSD^*%&a$!sOqi-{n>@v%kk$1ohV-8?DyI2jo&23~z zc+*^_+vZ3LcdXI5pJ+XABm97!)GKkPj3%4pZ9jWoH8q>Gp@ez~*1djpq+03CT{9?e zO<&HMo_sa>xJd3p30dp-Vkp|q0L(iO_zjFZ&}Rz}1Z&wwOKQ7t%cJqBd_wjg{HOJZ z-OUQrZU1@o^5v@+_4seE|MYsa|9pz)%e4R0R_E4MAbdN+cIvjE%FCujsM?3RU8wT* z(^`ir{T^x~GQ}$n`qhSnJ=WklAs6402|3HMWKA9zUo1g@o7p76A|;8S@nlXDnnqRb zJRv`ENb#6UdJ9*qX_;MkTi<;X(ORk_&qE}V@zK|MswdU?7%e`d#ivUB(c<$dEIt*6 zGRW>zsWH_0vjXqc)$qkkBF!WEgERI;v%;Ux z`tGht8ca11*Eb>^)Mz3$;nxNcJBL{kxPyqh4>ITX?A>=8j1en1FXKZ*QlZ*rWG+wq zXEKy%3m+dI_U^j_MWQ87V#!j>6%TnJ&Bb&kVg-RVdvbPTP*uFphSsbe)I!lHDOAqn z#btM9>Ff5|7)1k9UHM}+l6hy7dNfn=-P#&}4@=T&QIjTW!0dMAGKP;(rG5}Li}c`0 zzN}Phh4LAwxGvQ>Oq2bat7aUXB2&3!bk#!H?%D8(RvjVCv@G^PIVPiE-nkZ%9b96C zT0X`yO{i6PbJ00AJp86)<~%PfT=ZDe?c}%(*I6H2Uyk^2+EaWwVpZTXBw|IiWN*Ut zVF_31#)}1zDkk_4EqO1-C_*4gGf-Id*&;9qJ~mcH8HsA}db(;=Vy3gR; zPmbr5*pBTtgnuCe=px$?*-SsTNuieAdFBE{I{4nNT3IkQbK4=|-O>bsO_wCx;N!H^$Bxn8#}SlTu)D59zrt&a+W{vAu>)6t?N-^ zhm*4&ZnjP7X^jyadP*xJ%m)zAnan*8dm|1EXwmW^hv!dYvKEDOu?NXHO;OS{QFckt zVGo~8571$Akn`xSC4^G>)Dy<(^3|1$KPgOWriN+%`0OF%FMNDrKi5O=(D zZ#T$t4prKyf{krLli?jDCTzpcY0^1^tzG`%`ub8=Y*!JW*8`d)PCknwrt~77uMI1o zC>}F%c6p%=@tB~B{42euGw4JA={8i{w@;s`q?HN{lZlzhZYWBuOM=&-s*1Ve`!b!SbrlCVOCzrhR} zl_=8qO3X`O8_bS#Yv^nd1$C3~b|qFl!u6n4ikIhusqVD5{}g6kYh zX*LCk4fvPmJYBzg>t79oJl9>w1tyqg5m)Sxh?F4&jIHJjz{)rR7UNV9n2XL8JjBe< zh2|y1!Ye`-N`33N8&VfOFCNFJzMVPUn#{vjU>h6Kd)9Z4@%&ND=Gz<0dk52HB!49H z_;!YIWBd-ZxuHqCX7=t`l0C-o4uf}iS$3GgdvkdYFn#Y}^frd=j;?QF?)J$Ny6N1& z(A`U$pq~7x<8*Ii=LK6;fIQn;cy|c;+-KF@#h%--iMO%jc3K1bHN}Az+HGvJRoiQa zBrwb>+iG>~Xtm28+hK3*XfbGs?Y6XbwAf{X9b#kcXu8Gvx|wygqiq+Iq{ps0FosZ2 zMC-DmK8F2tTgxfT<8aYsW1DGj_^Baw(nqt9Ze<(ofrD&h72Uw{*+w|& zUun?^+ZP5~{@Sd2K@-CcHotBKv&)~m)xy`Y#vV+kdb|W&-+h|54QN;AdpxHH%4EDA z;nL!|Tf|73#z#TCWNor@Q8C;cVj4dr)vjP~`wf>AB`qar$Zn>}PGnli39}Xlq#Hru z?av4bA3@=}4RQp9kD%}o6yBuVh?^d9(<5%$JtJ;<#7&R5=@B+g5jQ>JrbpcLh?_2--zjc-YYc^DDRsF=D>Ww3&%RL<;qY?M3EeF= v0.22.0 and takes precedence over Regex (deprecated) + if non-empty. + enum: + - '!=' + - = + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression + (true). Deprecated as of AlertManager >= v0.22.0 where + a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + targetMatch: + description: Matchers that have to be fulfilled in the alerts + to be muted. The operator enforces that the alert matches + the resource's namespace. + items: + description: Matcher defines how to match on alert's labels. + properties: + matchType: + description: Match operation available with AlertManager + >= v0.22.0 and takes precedence over Regex (deprecated) + if non-empty. + enum: + - '!=' + - = + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression + (true). Deprecated as of AlertManager >= v0.22.0 where + a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + type: object + type: array + muteTimeIntervals: + description: List of MuteTimeInterval specifying when the routes should + be muted. + items: + description: MuteTimeInterval specifies the periods in time when + notifications will be muted + properties: + name: + description: Name of the time interval + type: string + timeIntervals: + description: TimeIntervals is a list of TimeInterval + items: + description: TimeInterval describes intervals of time + properties: + daysOfMonth: + description: DaysOfMonth is a list of DayOfMonthRange + items: + description: DayOfMonthRange is an inclusive range of + days of the month beginning at 1 + properties: + end: + description: End of the inclusive range + maximum: 31 + minimum: -31 + type: integer + start: + description: Start of the inclusive range + maximum: 31 + minimum: -31 + type: integer + type: object + type: array + months: + description: Months is a list of MonthRange + items: + description: MonthRange is an inclusive range of months + of the year beginning in January Months can be specified + by name (e.g 'January') by numerical month (e.g '1') + or as an inclusive range (e.g 'January:March', '1:3', + '1:March') + pattern: ^((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12])(?:((:((?i)january|february|march|april|may|june|july|august|september|october|november|december|[1-12]))$)|$) + type: string + type: array + times: + description: Times is a list of TimeRange + items: + description: TimeRange defines a start and end time + in 24hr format + properties: + endTime: + description: EndTime is the end time in 24hr format. + pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) + type: string + startTime: + description: StartTime is the start time in 24hr + format. + pattern: ^((([01][0-9])|(2[0-3])):[0-5][0-9])$|(^24:00$) + type: string + type: object + type: array + weekdays: + description: Weekdays is a list of WeekdayRange + items: + description: WeekdayRange is an inclusive range of days + of the week beginning on Sunday Days can be specified + by name (e.g 'Sunday') or as an inclusive range (e.g + 'Monday:Friday') + pattern: ^((?i)sun|mon|tues|wednes|thurs|fri|satur)day(?:((:(sun|mon|tues|wednes|thurs|fri|satur)day)$)|$) + type: string + type: array + years: + description: Years is a list of YearRange + items: + description: YearRange is an inclusive range of years + pattern: ^2\d{3}(?::2\d{3}|$) + type: string + type: array + type: object + type: array + type: object + type: array + receivers: + description: List of receivers. + items: + description: Receiver defines one or more notification integrations. + properties: + emailConfigs: + description: List of Email configurations. + items: + description: EmailConfig configures notifications via Email. + properties: + authIdentity: + description: The identity to use for authentication. + type: string + authPassword: + description: The secret's key that contains the password + to use for authentication. The secret needs to be in + the same namespace as the AlertmanagerConfig object + and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + authSecret: + description: The secret's key that contains the CRAM-MD5 + secret. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + authUsername: + description: The username to use for authentication. + type: string + from: + description: The sender address. + type: string + headers: + description: Further headers email header key/value pairs. + Overrides any headers previously set by the notification + implementation. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + hello: + description: The hostname to identify to the SMTP server. + type: string + html: + description: The HTML body of the email notification. + type: string + requireTLS: + description: The SMTP TLS requirement. Note that Go does + not support unencrypted connections to remote SMTP endpoints. + type: boolean + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + smarthost: + description: The SMTP host and port through which emails + are sent. E.g. example.com:25 + type: string + text: + description: The text body of the email notification. + type: string + tlsConfig: + description: TLS configuration + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file + for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + to: + description: The email address to send notifications to. + type: string + type: object + type: array + name: + description: Name of the receiver. Must be unique across all + items from the list. + minLength: 1 + type: string + opsgenieConfigs: + description: List of OpsGenie configurations. + items: + description: OpsGenieConfig configures notifications via OpsGenie. + See https://prometheus.io/docs/alerting/latest/configuration/#opsgenie_config + properties: + actions: + description: Comma separated list of actions that will + be available for the alert. + type: string + apiKey: + description: The secret's key that contains the OpsGenie + API key. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + apiURL: + description: The URL to send OpsGenie API requests to. + type: string + description: + description: Description of the incident. + type: string + details: + description: A set of arbitrary key/value pairs that provide + further detail about the incident. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + entity: + description: Optional field that can be used to specify + which domain alert is related to. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: Alert text limited to 130 characters. + type: string + note: + description: Additional alert note. + type: string + priority: + description: Priority level of alert. Possible values + are P1, P2, P3, P4, and P5. + type: string + responders: + description: List of responders responsible for notifications. + items: + description: OpsGenieConfigResponder defines a responder + to an incident. One of `id`, `name` or `username` + has to be defined. + properties: + id: + description: ID of the responder. + type: string + name: + description: Name of the responder. + type: string + type: + description: Type of responder. + enum: + - team + - teams + - user + - escalation + - schedule + minLength: 1 + type: string + username: + description: Username of the responder. + type: string + required: + - type + type: object + type: array + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + source: + description: Backlink to the sender of the notification. + type: string + tags: + description: Comma separated list of tags attached to + the notifications. + type: string + updateAlerts: + description: Whether to update message and description + of the alert in OpsGenie if it already exists By default, + the alert is never updated in OpsGenie, the new message + only appears in activity log. + type: boolean + type: object + type: array + pagerdutyConfigs: + description: List of PagerDuty configurations. + items: + description: PagerDutyConfig configures notifications via + PagerDuty. See https://prometheus.io/docs/alerting/latest/configuration/#pagerduty_config + properties: + class: + description: The class/type of the event. + type: string + client: + description: Client identification. + type: string + clientURL: + description: Backlink to the sender of notification. + type: string + component: + description: The part or component of the affected system + that is broken. + type: string + description: + description: Description of the incident. + type: string + details: + description: Arbitrary key/value pairs that provide further + detail about the incident. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + group: + description: A cluster or grouping of sources. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + pagerDutyImageConfigs: + description: A list of image details to attach that provide + further detail about an incident. + items: + description: PagerDutyImageConfig attaches images to + an incident + properties: + alt: + description: Alt is the optional alternative text + for the image. + type: string + href: + description: Optional URL; makes the image a clickable + link. + type: string + src: + description: Src of the image being attached to + the incident + type: string + type: object + type: array + pagerDutyLinkConfigs: + description: A list of link details to attach that provide + further detail about an incident. + items: + description: PagerDutyLinkConfig attaches text links + to an incident + properties: + alt: + description: Text that describes the purpose of + the link, and can be used as the link's text. + type: string + href: + description: Href is the URL of the link to be attached + type: string + type: object + type: array + routingKey: + description: The secret's key that contains the PagerDuty + integration key (when using Events API v2). Either this + field or `serviceKey` needs to be defined. The secret + needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + serviceKey: + description: The secret's key that contains the PagerDuty + service key (when using integration type "Prometheus"). + Either this field or `routingKey` needs to be defined. + The secret needs to be in the same namespace as the + AlertmanagerConfig object and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + severity: + description: Severity of the incident. + type: string + url: + description: The URL to send requests to. + type: string + type: object + type: array + pushoverConfigs: + description: List of Pushover configurations. + items: + description: PushoverConfig configures notifications via Pushover. + See https://prometheus.io/docs/alerting/latest/configuration/#pushover_config + properties: + expire: + description: How long your notification will continue + to be retried for, unless the user acknowledges the + notification. + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + html: + description: Whether notification message is HTML or plain + text. + type: boolean + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: Notification message. + type: string + priority: + description: Priority, see https://pushover.net/api#priority + type: string + retry: + description: How often the Pushover servers will send + the same notification to the user. Must be at least + 30 seconds. + pattern: ^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$ + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + sound: + description: The name of one of the sounds supported by + device clients to override the user's default sound + choice + type: string + title: + description: Notification title. + type: string + token: + description: The secret's key that contains the registered + application's API token, see https://pushover.net/apps. + The secret needs to be in the same namespace as the + AlertmanagerConfig object and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + url: + description: A supplementary URL shown alongside the message. + type: string + urlTitle: + description: A title for supplementary URL, otherwise + just the URL is shown + type: string + userKey: + description: The secret's key that contains the recipient + user's user key. The secret needs to be in the same + namespace as the AlertmanagerConfig object and accessible + by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + type: array + slackConfigs: + description: List of Slack configurations. + items: + description: SlackConfig configures notifications via Slack. + See https://prometheus.io/docs/alerting/latest/configuration/#slack_config + properties: + actions: + description: A list of Slack actions that are sent with + each notification. + items: + description: SlackAction configures a single Slack action + that is sent with each notification. See https://api.slack.com/docs/message-attachments#action_fields + and https://api.slack.com/docs/message-buttons for + more information. + properties: + confirm: + description: SlackConfirmationField protect users + from destructive actions or particularly distinguished + decisions by asking them to confirm their button + click one more time. See https://api.slack.com/docs/interactive-message-field-guide#confirmation_fields + for more information. + properties: + dismissText: + type: string + okText: + type: string + text: + minLength: 1 + type: string + title: + type: string + required: + - text + type: object + name: + type: string + style: + type: string + text: + minLength: 1 + type: string + type: + minLength: 1 + type: string + url: + type: string + value: + type: string + required: + - text + - type + type: object + type: array + apiURL: + description: The secret's key that contains the Slack + webhook URL. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + callbackId: + type: string + channel: + description: The channel or user to send notifications + to. + type: string + color: + type: string + fallback: + type: string + fields: + description: A list of Slack fields that are sent with + each notification. + items: + description: SlackField configures a single Slack field + that is sent with each notification. Each field must + contain a title, value, and optionally, a boolean + value to indicate if the field is short enough to + be displayed next to other fields designated as short. + See https://api.slack.com/docs/message-attachments#fields + for more information. + properties: + short: + type: boolean + title: + minLength: 1 + type: string + value: + minLength: 1 + type: string + required: + - title + - value + type: object + type: array + footer: + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + iconEmoji: + type: string + iconURL: + type: string + imageURL: + type: string + linkNames: + type: boolean + mrkdwnIn: + items: + type: string + type: array + pretext: + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + shortFields: + type: boolean + text: + type: string + thumbURL: + type: string + title: + type: string + titleLink: + type: string + username: + type: string + type: object + type: array + snsConfigs: + description: List of SNS configurations + items: + description: SNSConfig configures notifications via AWS SNS. + See https://prometheus.io/docs/alerting/latest/configuration/#sns_configs + properties: + apiURL: + description: The SNS API URL i.e. https://sns.us-east-2.amazonaws.com. + If not specified, the SNS API URL from the SNS SDK will + be used. + type: string + attributes: + additionalProperties: + type: string + description: SNS message attributes. + type: object + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: The message content of the SNS notification. + type: string + phoneNumber: + description: Phone number if message is delivered via + SMS in E.164 format. If you don't specify this value, + you must specify a value for the TopicARN or TargetARN. + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + sigv4: + description: Configures AWS's Signature Verification 4 + signing process to sign requests. + properties: + accessKey: + description: AccessKey is the AWS API key. If blank, + the environment variable `AWS_ACCESS_KEY_ID` is + used. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + profile: + description: Profile is the named AWS profile used + to authenticate. + type: string + region: + description: Region is the AWS region. If blank, the + region from the default credentials chain used. + type: string + roleArn: + description: RoleArn is the named AWS profile used + to authenticate. + type: string + secretKey: + description: SecretKey is the AWS API secret. If blank, + the environment variable `AWS_SECRET_ACCESS_KEY` + is used. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + subject: + description: Subject line when the message is delivered + to email endpoints. + type: string + targetARN: + description: The mobile platform endpoint ARN if message + is delivered via mobile notifications. If you don't + specify this value, you must specify a value for the + topic_arn or PhoneNumber. + type: string + topicARN: + description: SNS topic ARN, i.e. arn:aws:sns:us-east-2:698519295917:My-Topic + If you don't specify this value, you must specify a + value for the PhoneNumber or TargetARN. + type: string + type: object + type: array + telegramConfigs: + description: List of Telegram configurations. + items: + description: TelegramConfig configures notifications via Telegram. + See https://prometheus.io/docs/alerting/latest/configuration/#telegram_config + properties: + apiURL: + description: The Telegram API URL i.e. https://api.telegram.org. + If not specified, default API URL will be used. + type: string + botToken: + description: Telegram bot token The secret needs to be + in the same namespace as the AlertmanagerConfig object + and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + chatID: + description: The Telegram chat ID. + format: int64 + type: integer + disableNotifications: + description: Disable telegram notifications + type: boolean + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: Message template + type: string + parseMode: + description: Parse mode for telegram message + enum: + - MarkdownV2 + - Markdown + - HTML + type: string + sendResolved: + description: Whether to notify about resolved alerts. + type: boolean + type: object + type: array + victoropsConfigs: + description: List of VictorOps configurations. + items: + description: VictorOpsConfig configures notifications via + VictorOps. See https://prometheus.io/docs/alerting/latest/configuration/#victorops_config + properties: + apiKey: + description: The secret's key that contains the API key + to use when talking to the VictorOps API. The secret + needs to be in the same namespace as the AlertmanagerConfig + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + apiUrl: + description: The VictorOps API URL. + type: string + customFields: + description: Additional custom fields for notification. + items: + description: KeyValue defines a (key, value) tuple. + properties: + key: + description: Key of the tuple. + minLength: 1 + type: string + value: + description: Value of the tuple. + type: string + required: + - key + - value + type: object + type: array + entityDisplayName: + description: Contains summary of the alerted problem. + type: string + httpConfig: + description: The HTTP client's configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + messageType: + description: Describes the behavior of the alert (CRITICAL, + WARNING, INFO). + type: string + monitoringTool: + description: The monitoring tool the state message is + from. + type: string + routingKey: + description: A key used to map the alert to a team. + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + stateMessage: + description: Contains long explanation of the alerted + problem. + type: string + type: object + type: array + webhookConfigs: + description: List of webhook configurations. + items: + description: WebhookConfig configures notifications via a + generic receiver supporting the webhook payload. See https://prometheus.io/docs/alerting/latest/configuration/#webhook_config + properties: + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + maxAlerts: + description: Maximum number of alerts to be sent per webhook + message. When 0, all alerts are included. + format: int32 + minimum: 0 + type: integer + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + url: + description: The URL to send HTTP POST requests to. `urlSecret` + takes precedence over `url`. One of `urlSecret` and + `url` should be defined. + type: string + urlSecret: + description: The secret's key that contains the webhook + URL to send HTTP requests to. `urlSecret` takes precedence + over `url`. One of `urlSecret` and `url` should be defined. + The secret needs to be in the same namespace as the + AlertmanagerConfig object and accessible by the Prometheus + Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + type: array + wechatConfigs: + description: List of WeChat configurations. + items: + description: WeChatConfig configures notifications via WeChat. + See https://prometheus.io/docs/alerting/latest/configuration/#wechat_config + properties: + agentID: + type: string + apiSecret: + description: The secret's key that contains the WeChat + API key. The secret needs to be in the same namespace + as the AlertmanagerConfig object and accessible by the + Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + apiURL: + description: The WeChat API URL. + type: string + corpID: + description: The corp id for authentication. + type: string + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for + the client. This is mutually exclusive with BasicAuth + and is only available starting from Alertmanager + v0.22+. + properties: + credentials: + description: The secret's key that contains the + credentials of the request + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, + BasicAuth takes precedence. + properties: + password: + description: The secret in the service monitor + namespace that contains the password for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor + namespace that contains the username for authentication. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. + The secret needs to be in the same namespace as + the AlertmanagerConfig object and accessible by + the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + followRedirects: + description: FollowRedirects specifies whether the + client should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch + a token for the targets. + properties: + clientId: + description: The secret or configmap containing + the OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 + client secret + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token + URL + type: object + scopes: + description: OAuth2 scopes used for the token + request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when + doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to + use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use + for the targets. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key + file for the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the + targets. + type: string + type: object + type: object + message: + description: API request data as defined by the WeChat + API. + type: string + messageType: + type: string + sendResolved: + description: Whether or not to notify about resolved alerts. + type: boolean + toParty: + type: string + toTag: + type: string + toUser: + type: string + type: object + type: array + required: + - name + type: object + type: array + route: + description: The Alertmanager route definition for alerts matching + the resource's namespace. If present, it will be added to the generated + Alertmanager configuration as a first-level route. + properties: + activeTimeIntervals: + description: ActiveTimeIntervals is a list of MuteTimeInterval + names when this route should be active. + items: + type: string + type: array + continue: + description: Boolean indicating whether an alert should continue + matching subsequent sibling nodes. It will always be overridden + to true for the first-level route by the Prometheus operator. + type: boolean + groupBy: + description: List of labels to group by. Labels must not be repeated + (unique list). Special label "..." (aggregate by all possible + labels), if provided, must be the only element in the list. + items: + type: string + type: array + groupInterval: + description: 'How long to wait before sending an updated notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "5m"' + type: string + groupWait: + description: 'How long to wait before sending the initial notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "30s"' + type: string + matchers: + description: 'List of matchers that the alert''s labels should + match. For the first level route, the operator removes any existing + equality and regexp matcher on the `namespace` label and adds + a `namespace: ` matcher.' + items: + description: Matcher defines how to match on alert's labels. + properties: + matchType: + description: Match operation available with AlertManager + >= v0.22.0 and takes precedence over Regex (deprecated) + if non-empty. + enum: + - '!=' + - = + - =~ + - '!~' + type: string + name: + description: Label to match. + minLength: 1 + type: string + regex: + description: Whether to match on equality (false) or regular-expression + (true). Deprecated as of AlertManager >= v0.22.0 where + a user should use MatchType instead. + type: boolean + value: + description: Label value to match. + type: string + required: + - name + type: object + type: array + muteTimeIntervals: + description: 'Note: this comment applies to the field definition + above but appears below otherwise it gets included in the generated + manifest. CRD schema doesn''t support self-referential types + for now (see https://github.com/kubernetes/kubernetes/issues/62872). + We have to use an alternative type to circumvent the limitation. + The downside is that the Kube API can''t validate the data beyond + the fact that it is a valid JSON representation. MuteTimeIntervals + is a list of MuteTimeInterval names that will mute this route + when matched,' + items: + type: string + type: array + receiver: + description: Name of the receiver for this route. If not empty, + it should be listed in the `receivers` field. + type: string + repeatInterval: + description: 'How long to wait before repeating the last notification. + Must match the regular expression`^(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?$` + Example: "4h"' + type: string + routes: + description: Child routes. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + type: object + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/prometheus-operator/0.0.1/templates/crds/crd-alertmanagers.yaml b/operators/prometheus-operator/0.0.1/templates/crds/crd-alertmanagers.yaml new file mode 100644 index 0000000000..305c94a05d --- /dev/null +++ b/operators/prometheus-operator/0.0.1/templates/crds/crd-alertmanagers.yaml @@ -0,0 +1,7226 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.2/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: +{{- with .Values.crds.annotations }} +{{- toYaml . | nindent 4 }} +{{- end }} + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: alertmanagers.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: Alertmanager + listKind: AlertmanagerList + plural: alertmanagers + shortNames: + - am + singular: alertmanager + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of Alertmanager + jsonPath: .spec.version + name: Version + type: string + - description: The number of desired replicas + jsonPath: .spec.replicas + name: Replicas + type: integer + - description: The number of ready replicas + jsonPath: .status.availableReplicas + name: Ready + type: integer + - jsonPath: .status.conditions[?(@.type == 'Reconciled')].status + name: Reconciled + type: string + - jsonPath: .status.conditions[?(@.type == 'Available')].status + name: Available + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Whether the resource reconciliation is paused or not + jsonPath: .status.paused + name: Paused + priority: 1 + type: boolean + name: v1 + schema: + openAPIV3Schema: + description: Alertmanager describes an Alertmanager cluster. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Alertmanager + cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalPeers: + description: AdditionalPeers allows injecting a set of additional + Alertmanagers to peer with to form a highly available cluster. + items: + type: string + type: array + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + alertmanagerConfigMatcherStrategy: + description: The AlertmanagerConfigMatcherStrategy defines how AlertmanagerConfig + objects match the alerts. In the future more options may be added. + properties: + type: + default: OnNamespace + description: If set to `OnNamespace`, the operator injects a label + matcher matching the namespace of the AlertmanagerConfig object + for all its routes and inhibition rules. `None` will not add + any additional matchers other than the ones specified in the + AlertmanagerConfig. Default is `OnNamespace`. + enum: + - OnNamespace + - None + type: string + type: object + alertmanagerConfigNamespaceSelector: + description: Namespaces to be selected for AlertmanagerConfig discovery. + If nil, only check own namespace. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + alertmanagerConfigSelector: + description: AlertmanagerConfigs to be selected for to merge and configure + Alertmanager with. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + alertmanagerConfiguration: + description: 'EXPERIMENTAL: alertmanagerConfiguration specifies the + configuration of Alertmanager. If defined, it takes precedence over + the `configSecret` field. This field may change in future releases.' + properties: + global: + description: Defines the global parameters of the Alertmanager + configuration. + properties: + httpConfig: + description: HTTP client configuration. + properties: + authorization: + description: Authorization header configuration for the + client. This is mutually exclusive with BasicAuth and + is only available starting from Alertmanager v0.22+. + properties: + credentials: + description: The secret's key that contains the credentials + of the request + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults + to Bearer, Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth for the client. This is mutually + exclusive with Authorization. If both are defined, BasicAuth + takes precedence. + properties: + password: + description: The secret in the service monitor namespace + that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace + that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: The secret's key that contains the bearer + token to be used by the client for authentication. The + secret needs to be in the same namespace as the Alertmanager + object and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + followRedirects: + description: FollowRedirects specifies whether the client + should follow HTTP 3xx redirects. + type: boolean + oauth2: + description: OAuth2 client credentials used to fetch a + token for the targets. + properties: + clientId: + description: The secret or configmap containing the + OAuth2 client id + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client + secret + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + proxyURL: + description: Optional proxy URL. + type: string + tlsConfig: + description: TLS configuration for the client. + properties: + ca: + description: Certificate authority used when verifying + server certificates. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing + client-authentication. + properties: + configMap: + description: ConfigMap containing data to use + for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for + the targets. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file + for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + opsGenieApiKey: + description: The default OpsGenie API Key. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + opsGenieApiUrl: + description: The default OpsGenie API URL. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + resolveTimeout: + description: ResolveTimeout is the default value used by alertmanager + if the alert does not include EndsAt, after this time passes + it can declare the alert as resolved if it has not been + updated. This has no impact on alerts from Prometheus, as + they always include EndsAt. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + slackApiUrl: + description: The default Slack API URL. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + name: + description: The name of the AlertmanagerConfig resource which + is used to generate the Alertmanager configuration. It must + be defined in the same namespace as the Alertmanager object. + The operator will not enforce a `namespace` label for routes + and inhibition rules. + minLength: 1 + type: string + templates: + description: Custom notification templates. + items: + description: SecretOrConfigMap allows to specify data as a Secret + or ConfigMap. Fields are mutually exclusive. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: array + type: object + baseImage: + description: 'Base image that is used to deploy pods, without tag. + Deprecated: use ''image'' instead' + type: string + clusterAdvertiseAddress: + description: 'ClusterAdvertiseAddress is the explicit address to advertise + in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. + [1] RFC1918: https://tools.ietf.org/html/rfc1918' + type: string + clusterGossipInterval: + description: Interval between gossip attempts. + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + clusterPeerTimeout: + description: Timeout for cluster peering. + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + clusterPushpullInterval: + description: Interval between pushpull attempts. + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Alertmanager object, which shall be mounted into the Alertmanager + Pods. Each ConfigMap is added to the StatefulSet definition as a + volume named `configmap-`. The ConfigMaps are mounted + into `/etc/alertmanager/configmaps/` in the 'alertmanager' + container. + items: + type: string + type: array + configSecret: + description: "ConfigSecret is the name of a Kubernetes Secret in the + same namespace as the Alertmanager object, which contains the configuration + for this Alertmanager instance. If empty, it defaults to `alertmanager-`. + \n The Alertmanager configuration should be available under the + `alertmanager.yaml` key. Additional keys from the original secret + are copied to the generated secret and mounted into the `/etc/alertmanager/config` + directory in the `alertmanager` container. \n If either the secret + or the `alertmanager.yaml` key is missing, the operator provisions + a minimal Alertmanager configuration with one empty receiver (effectively + dropping alert notifications)." + type: string + containers: + description: 'Containers allows injecting additional containers. This + is meant to allow adding an authentication proxy to an Alertmanager + pod. Containers described here modify an operator generated container + if they share the same name and modifications are done via a strategic + merge patch. The current container names are: `alertmanager` and + `config-reloader`. Overriding containers is entirely outside the + scope of what the maintainers will support and by doing so, you + accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + externalUrl: + description: The external URL the Alertmanager instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Alertmanager is not served from root of a DNS name. + type: string + forceEnableClusterMode: + description: ForceEnableClusterMode ensures Alertmanager does not + deactivate the cluster mode when running with a single replica. + Use case is e.g. spanning an Alertmanager cluster across Kubernetes + clusters with a single replica in each. + type: boolean + hostAliases: + description: Pods' hostAliases configuration + items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + required: + - hostnames + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + image: + description: Image if specified has precedence over baseImage, tag + and sha combinations. Specifying the version is still necessary + to ensure the Prometheus Operator knows what version of Alertmanager + is being configured. + type: string + imagePullPolicy: + description: Image pull policy for the 'alertmanager', 'init-config-reloader' + and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy + for more details. + enum: + - "" + - Always + - Never + - IfNotPresent + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same + namespace to use for pulling prometheus and alertmanager images + from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Alertmanager configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart + of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + InitContainers described here modify an operator generated init + containers if they share the same name and modifications are done + via a strategic merge patch. The current init container name is: + `init-config-reloader`. Overriding init containers is entirely outside + the scope of what the maintainers will support and by doing so, + you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Alertmanager server listen on loopback, + so that it does not bind against the Pod IP. Note this is only for + the Alertmanager UI, not the gossip communication. + type: boolean + logFormat: + description: Log format for Alertmanager to be configured with. + enum: + - "" + - logfmt + - json + type: string + logLevel: + description: Log level for Alertmanager to be configured with. + enum: + - "" + - debug + - info + - warn + - error + type: string + minReadySeconds: + description: Minimum number of seconds for which a newly created pod + should be ready without any of its container crashing for it to + be considered available. Defaults to 0 (pod will be considered available + as soon as it is ready) This is an alpha field from kubernetes 1.22 + until 1.24 which requires enabling the StatefulSetMinReadySeconds + feature gate. + format: int32 + type: integer + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + paused: + description: If set to true all actions on the underlying managed + objects are not goint to be performed, except for delete actions. + type: boolean + podMetadata: + description: PodMetadata configures Labels and Annotations which are + propagated to the alertmanager pods. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored + with a resource that may be set by external tools to store and + retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to + organize and categorize (scope and select) objects. May match + selectors of replication controllers and services. More info: + http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required + when creating resources, although some resources may allow a + client to request the generation of an appropriate name automatically. + Name is primarily intended for creation idempotence and configuration + definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + portName: + default: web + description: Port name used for the pods and governing service. Defaults + to `web`. + type: string + priorityClassName: + description: Priority class assigned to the Pods + type: string + replicas: + description: Size is the expected size of the alertmanager cluster. + The controller will eventually make the size of the running cluster + equal to the expected size. + format: int32 + type: integer + resources: + description: Define resources requests and limits for single Pods. + properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be set + for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + retention: + default: 120h + description: Time duration Alertmanager shall retain data for. Default + is '120h', and must match the regular expression `[0-9]+(ms|s|m|h)` + (milliseconds seconds minutes hours). + pattern: ^(0|(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + routePrefix: + description: The route prefix Alertmanager registers HTTP handlers + for. This is useful, if using ExternalURL and a proxy is rewriting + HTTP routes of a request, and the actual ExternalURL is still true, + but the server serves requests under a different route prefix. For + example for use with `kubectl proxy`. + type: string + secrets: + description: Secrets is a list of Secrets in the same namespace as + the Alertmanager object, which shall be mounted into the Alertmanager + Pods. Each Secret is added to the StatefulSet definition as a volume + named `secret-`. The Secrets are mounted into `/etc/alertmanager/secrets/` + in the 'alertmanager' container. + items: + type: string + type: array + securityContext: + description: SecurityContext holds pod-level security attributes and + common container settings. This defaults to the default PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit is + set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions of + any volume. Note that this field cannot be set when spec.os.name + is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will have + no effect on ephemeral volume types such as: secret, configmaps + and emptydir. Valid values are "OnRootMismatch" and "Always". + If not specified, "Always" is used. Note that this field cannot + be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers in this + pod. Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must be + preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a profile + defined in a file on the node should be used. RuntimeDefault + - the container runtime default profile should be used. + Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary GID, + the fsGroup (if specified), and group memberships defined in + the container image for the uid of the container process. If + unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image for + the uid of the container process are still effective, even if + they are not included in this list. Note that this field cannot + be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. Note that this field cannot be set when + spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is alpha-level + and will only be honored by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the feature flag + will result in errors when validating the Pod. All of a + Pod's containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: ServiceAccountName is the name of the ServiceAccount + to use to run the Prometheus Pods. + type: string + sha: + description: 'SHA of Alertmanager container image to be deployed. + Defaults to the value of `version`. Similar to a tag, but the SHA + explicitly deploys an immutable container image. Version and Tag + are ignored if SHA is set. Deprecated: use ''image'' instead. The + image digest can be specified as part of the image URL.' + type: string + storage: + description: Storage is the definition of how storage will be used + by the Alertmanager instances. + properties: + disableMountSubPath: + description: 'Deprecated: subPath usage will be disabled by default + in a future release, this option will become unnecessary. DisableMountSubPath + allows to remove any subPath usage in volume mounts.' + type: boolean + emptyDir: + description: 'EmptyDirVolumeSource to be used by the StatefulSet. + If specified, used in place of any volumeClaimTemplate. More + info: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the SizeLimit + specified here and the sum of memory limits of all containers + in a pod. The default is nil which means that the limit + is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: 'EphemeralVolumeSource to be used by the StatefulSet. + This is a beta field in k8s 1.21, for lower versions, starting + with k8s 1.19, it requires enabling the GenericEphemeralVolume + feature gate. More info: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes' + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to + provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC will + be deleted together with the pod. The name of the PVC will + be `-` where `` is the + name from the `PodSpec.Volumes` array entry. Pod validation + will reject the pod if the concatenated name is not valid + for a PVC (for example, too long). \n An existing PVC with + that name that is not owned by the pod will *not* be used + for the pod to avoid using an unrelated volume by mistake. + Starting the pod is then blocked until the unrelated PVC + is removed. If such a pre-created PVC is meant to be used + by the pod, the PVC has to updated with an owner reference + to the pod once the pod exists. Normally this should not + be necessary, but it may be useful when manually reconstructing + a broken cluster. \n This field is read-only and no changes + will be made by Kubernetes to the PVC after it has been + created. \n Required, must not be nil." + properties: + metadata: + description: May contain labels and annotations that will + be copied into the PVC when creating it. No other fields + are allowed and will be rejected during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the PVC + that gets created from this template. The same fields + as in a PersistentVolumeClaim are also valid here. + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified data + source. When the AnyVolumeDataSource feature gate + is enabled, dataSource contents will be copied to + dataSourceRef, and dataSourceRef contents will be + copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a + non-empty API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both fields + are non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t specified + in dataSourceRef, both fields (dataSource and dataSourceRef) + will be set to the same value automatically if one + of them is empty and the other is non-empty. When + namespace is specified in dataSourceRef, dataSource + isn''t set to the same value and must be empty. + There are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef allows + any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, + and generates an error if a disallowed value is + specified. * While dataSource only allows local + objects, dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the namespace + field of dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept the + reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It + can only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of + one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes + that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem is + implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to + the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + volumeClaimTemplate: + description: A PVC spec to be used by the StatefulSet. The easiest + way to use a volume that cannot be automatically provisioned + (for whatever reason) is to use a label selector alongside manually + created PersistentVolumes. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: EmbeddedMetadata contains metadata relevant to + an EmbeddedResource. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be + used to organize and categorize (scope and select) objects. + May match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. + Is required when creating resources, although some resources + may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be + updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + type: object + spec: + description: 'Spec defines the desired characteristics of + a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified + data source, it will create a new volume based on the + contents of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef contents + will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, then + dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty + API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic provisioner. + This field will replace the functionality of the dataSource + field and as such if both fields are non-empty, they + must have the same value. For backwards compatibility, + when namespace isn''t specified in dataSourceRef, both + fields (dataSource and dataSourceRef) will be set to + the same value automatically if one of them is empty + and the other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the same + value and must be empty. There are three important differences + between dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, + and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource feature gate + to be enabled. (Alpha) Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant object + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the + ReferenceGrant documentation for details. (Alpha) + This field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify resource + requirements that are lower than previous value but + must still be higher than capacity recorded in the status + field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable. It can only be set for + containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is + required by the claim. Value of Filesystem is implied + when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + status: + description: 'Status represents the current information/status + of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + accessModes: + description: 'accessModes contains the actual access modes + the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: allocatedResources is the storage resource + within AllocatedResources tracks the capacity allocated + to a PVC. It may be larger than the actual capacity + when a volume expansion operation is requested. For + storage quota, the larger value from allocatedResources + and PVC.spec.resources is used. If allocatedResources + is not set, PVC.spec.resources alone is used for quota + calculation. If a volume expansion capacity request + is lowered, allocatedResources is only lowered if there + are no expansion operations in progress and if the actual + volume capacity is equal or lower than the requested + capacity. This is an alpha field and requires enabling + RecoverVolumeExpansionFailure feature. + type: object + capacity: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: capacity represents the actual resources + of the underlying volume. + type: object + conditions: + description: conditions is the current Condition of persistent + volume claim. If underlying persistent volume is being + resized then the Condition will be set to 'ResizeStarted'. + items: + description: PersistentVolumeClaimCondition contains + details about state of pvc + properties: + lastProbeTime: + description: lastProbeTime is the time we probed + the condition. + format: date-time + type: string + lastTransitionTime: + description: lastTransitionTime is the time the + condition transitioned from one status to another. + format: date-time + type: string + message: + description: message is the human-readable message + indicating details about last transition. + type: string + reason: + description: reason is a unique, this should be + a short, machine understandable string that gives + the reason for condition's last transition. If + it reports "ResizeStarted" that means the underlying + persistent volume is being resized. + type: string + status: + type: string + type: + description: PersistentVolumeClaimConditionType + is a valid value of PersistentVolumeClaimCondition.Type + type: string + required: + - status + - type + type: object + type: array + phase: + description: phase represents the current phase of PersistentVolumeClaim. + type: string + resizeStatus: + description: resizeStatus stores status of resize operation. + ResizeStatus is not set by default but when expansion + is complete resizeStatus is set to empty string by resize + controller or kubelet. This is an alpha field and requires + enabling RecoverVolumeExpansionFailure feature. + type: string + type: object + type: object + type: object + tag: + description: 'Tag of Alertmanager container image to be deployed. + Defaults to the value of `version`. Version is ignored if Tag is + set. Deprecated: use ''image'' instead. The image tag can be specified + as part of the image URL.' + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: If specified, the pod's topology spread constraints. + items: + description: TopologySpreadConstraint specifies how to spread matching + pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. Pods + that match this label selector are counted to determine the + number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label keys to select + the pods over which spreading will be calculated. The keys + are used to lookup values from the incoming pod labels, those + key-value labels are ANDed with labelSelector to select the + group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in + both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot + be set when LabelSelector isn't set. Keys that don't exist + in the incoming pod labels will be ignored. A null or empty + list means only match against labelSelector. \n This is a + beta field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods + in an eligible domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum is 1. | + zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to zone3 to become + 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) + on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming + pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that satisfy + it. It''s a required field. Default value is 1 and 0 is not + allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number of eligible + domains. When the number of eligible domains with matching + topology keys is less than minDomains, Pod Topology Spread + treats \"global minimum\" as 0, and then the calculation of + Skew is performed. And when the number of eligible domains + with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. As a result, when + the number of eligible domains is less than minDomains, scheduler + won't schedule more than maxSkew Pods to those domains. If + value is nil, the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than 0. When value + is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For + example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector spread as + 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | + The number of domains is less than 5(MinDomains), so \"global + minimum\" is treated as 0. In this situation, new pod with + the same labelSelector cannot be scheduled, because computed + skew will be 3(3 - 0) if new Pod is scheduled to any of the + three zones, it will violate MaxSkew. \n This is a beta field + and requires the MinDomainsInPodTopologySpread feature gate + to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat + Pod's nodeAffinity/nodeSelector when calculating pod topology + spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the calculations. \n + If this value is nil, the behavior is equivalent to the Honor + policy. This is a beta-level feature default enabled by the + NodeInclusionPolicyInPodTopologySpread feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node + taints when calculating pod topology spread skew. Options + are: - Honor: nodes without taints, along with tainted nodes + for which the incoming pod has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + \n If this value is nil, the behavior is equivalent to the + Ignore policy. This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. Nodes that + have a label with this key and identical values are considered + to be in the same topology. We consider each + as a "bucket", and try to put balanced number of pods into + each bucket. We define a domain as a particular instance of + a topology. Also, we define an eligible domain as a domain + whose nodes meet the requirements of nodeAffinityPolicy and + nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain of + that topology. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with a + pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it. - ScheduleAnyway + tells the scheduler to schedule the pod in any location, but + giving higher precedence to topologies that would help reduce + the skew. A constraint is considered "Unsatisfiable" for an + incoming pod if and only if every possible node assignment + for that pod would violate "MaxSkew" on some topology. For + example, in a 3-zone cluster, MaxSkew is set to 1, and pods + with the same labelSelector spread as 3/1/1: | zone1 | zone2 + | zone3 | | P P P | P | P | If WhenUnsatisfiable is + set to DoNotSchedule, incoming pod can only be scheduled to + zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on + zone2(zone3) satisfies MaxSkew(1). In other words, the cluster + can still be imbalanced, but scheduler won''t make it *more* + imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + version: + description: Version the cluster should be on. + type: string + volumeMounts: + description: VolumeMounts allows configuration of additional VolumeMounts + on the output StatefulSet definition. VolumeMounts specified will + be appended to other VolumeMounts in the alertmanager container, + that are generated as a result of StorageSpec objects. + items: + description: VolumeMount describes a mounting of a Volume within + a container. + properties: + mountPath: + description: Path within the container at which the volume should + be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated + from the host to container and the other way around. When + not set, MountPropagationNone is used. This field is beta + in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which the + container's volume should be mounted. Behaves similarly to + SubPath but environment variable references $(VAR_NAME) are + expanded using the container's environment. Defaults to "" + (volume's root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + volumes: + description: Volumes allows configuration of additional volumes on + the output StatefulSet definition. Volumes specified will be appended + to other volumes that are generated as a result of StorageSpec objects. + items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'volumeID is unique ID of the persistent disk + resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + description: fsType is Filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is optional: User is the rados user name, + default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: 'cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to + be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: 'volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: 'defaultMode is optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items if unspecified, each key-value pair in + the Data field of the referenced ConfigMap will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the ConfigMap, the volume setup will error unless it is + marked optional. Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: driver is the name of the CSI driver that handles + this volume. Consult with your admin for the correct name + as registered in the cluster. + type: string + fsType: + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. + type: string + nodePublishSecretRef: + description: nodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: volumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a Optional: mode bits used to set + permissions on created files by default. Must be an octal + value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, + the volume defaultMode will be used. This might + be in conflict with other options that affect the + file mode, like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: 'emptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + properties: + medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which means + to use the node''s default medium. Must be an empty string + (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is also + applicable for memory medium. The maximum usage on memory + medium EmptyDir would be the minimum value between the + SizeLimit specified here and the sum of memory limits + of all containers in a pod. The default is nil which means + that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: "ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is tied + to the pod that defines it - it will be created before the + pod starts, and deleted when the pod is removed. \n Use this + if: a) the volume is only needed while the pod runs, b) features + of normal volumes like restoring from snapshot or capacity + tracking are needed, c) the storage driver is specified through + a storage class, and d) the storage driver supports dynamic + volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this volume + type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that persist + for longer than the lifecycle of an individual pod. \n Use + CSI for light-weight local ephemeral volumes if the CSI driver + is meant to be used that way - see the documentation of the + driver for more information. \n A pod can use both types of + ephemeral volumes and persistent volumes at the same time." + properties: + volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC to + provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC + will be deleted together with the pod. The name of the + PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. + Pod validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too long). \n + An existing PVC with that name that is not owned by the + pod will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC + is meant to be used by the pod, the PVC has to updated + with an owner reference to the pod once the pod exists. + Normally this should not be necessary, but it may be useful + when manually reconstructing a broken cluster. \n This + field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. \n Required, must + not be nil." + properties: + metadata: + description: May contain labels and annotations that + will be copied into the PVC when creating it. No other + fields are allowed and will be rejected during validation. + type: object + spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the PVC + that gets created from this template. The same fields + as in a PersistentVolumeClaim are also valid here. + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the + provisioner or an external controller can support + the specified data source, it will create a new + volume based on the contents of the specified + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be copied + to dataSourceRef, and dataSourceRef contents will + be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, if + a non-empty volume is desired. This may be any + object from a non-empty API group (non core object) + or a PersistentVolumeClaim object. When this field + is specified, volume binding will only succeed + if the type of the specified object matches some + installed volume populator or dynamic provisioner. + This field will replace the functionality of the + dataSource field and as such if both fields are + non-empty, they must have the same value. For + backwards compatibility, when namespace isn''t + specified in dataSourceRef, both fields (dataSource + and dataSourceRef) will be set to the same value + automatically if one of them is empty and the + other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the + same value and must be empty. There are three + important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types + of objects, dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping + them), dataSourceRef preserves all values, and + generates an error if a disallowed value is specified. + * While dataSource only allows local objects, + dataSourceRef allows objects in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using the + namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to + be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API + group. For any other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace + is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires the + CrossNamespaceVolumeDataSource feature gate + to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity recorded + in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. + It can only be set for containers." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If Requests + is omitted for a container, it defaults to + Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the + StorageClass required by the claim. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem + is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: 'fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. TODO: how do we prevent errors in the + filesystem from compromising the machine' + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'readOnly is Optional: Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: 'wwids Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: flexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends + on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: 'readOnly is Optional: defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if no + secret object is specified. If the secret object contains + more than one secret, all secrets are passed to the plugin + scripts.' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: datasetName is Name of the dataset stored as + metadata -> name on the dataset for Flocker should be + considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + properties: + fsType: + description: 'fsType is filesystem type of the volume that + you want to mount. Tip: Ensure that the filesystem type + is supported by the host operating system. Examples: "ext4", + "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + partition: + description: 'partition is the partition in the volume that + you want to mount. If omitted, the default is to mount + by volume name. Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume partition + for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'pdName is unique name of the PD resource in + GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: 'gitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir into + the Pod''s container.' + properties: + directory: + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, the + volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: 'glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' + properties: + endpoints: + description: 'endpoints is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'path is the Glusterfs volume path. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'readOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: 'hostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' + properties: + path: + description: 'path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'type for HostPath Volume Defaults to "" More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: 'iscsi represents an ISCSI Disk resource that is + attached to a kubelet''s host machine and then exposed to + the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iscsiInterface is the interface Name that uses + an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: portals is the iSCSI Target Portal List. The + portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: targetPortal is iSCSI Target Portal. The Portal + is either an IP or ip_addr:port if the port is other than + default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + description: 'name of the volume. Must be a DNS_LABEL and unique + within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: 'nfs represents an NFS mount on the host that shares + a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + properties: + path: + description: 'path that is exported by the NFS server. More + info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'readOnly here will force the NFS export to + be mounted with read-only permissions. Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'server is the hostname or IP address of the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents a + reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + properties: + claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: readOnly Will force the ReadOnly setting in + VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: defaultMode are the mode bits used to set permissions + on created files by default. Must be an octal value between + 0000 and 0777 or a decimal value between 0 and 511. YAML + accepts both octal and decimal values, JSON requires decimal + values for mode bits. Directories within the path are + not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the ConfigMap, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: 'Optional: mode bits used to + set permissions on this file, must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu + and requests.memory) are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the Secret, the volume setup + will error unless it is marked optional. Paths + must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. If not specified, the volume + defaultMode will be used. This might be + in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of + the file to map the key to. May not be + an absolute path. May not contain the + path element '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: audience is the intended audience + of the token. A recipient of a token must identify + itself with an identifier specified in the audience + of the token, and otherwise should reject the + token. The audience defaults to the identifier + of the apiserver. + type: string + expirationSeconds: + description: expirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, the + kubelet volume plugin will proactively rotate + the service account token. The kubelet will + start trying to rotate the token if the token + is older than 80 percent of its time to live + or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: path is the path relative to the + mount point of the file to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: group to map volume access to Default is no + group + type: string + readOnly: + description: readOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. + type: boolean + registry: + description: registry represents a single or multiple Quobyte + Registry services specified as a string as host:port pair + (multiple entries are separated with commas) which acts + as the central registry for volumes + type: string + tenant: + description: tenant owning the given Quobyte volume in the + Backend Used with dynamically provisioned Quobyte volumes, + value is set by the plugin + type: string + user: + description: user to map volume access to Defaults to serivceaccount + user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: 'rbd represents a Rados Block Device mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' + properties: + fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' + type: string + image: + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'pool is the rados pool name. Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: 'secretRef is name of the authentication secret + for RBDUser. If provided overrides keyring. Default is + nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: 'user is the rados user name. Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: readOnly Defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef references to the secret for ScaleIO + user and other sensitive information. If this is not provided, + Login operation will fail. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: storageMode indicates whether the storage for + a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + properties: + defaultMode: + description: 'defaultMode is Optional: mode bits used to + set permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to + 0644. Directories within the path are not affected by + this setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: items If unspecified, each key-value pair in + the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and content + is the value. If specified, the listed keys will be projected + into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in + the Secret, the volume setup will error unless it is marked + optional. Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not start + with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: 'secretName is the name of the secret in the + pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + readOnly: + description: readOnly defaults to false (read/write). ReadOnly + here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: secretRef specifies the secret to use for obtaining + the StorageOS API credentials. If not specified, default + values will be attempted. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: volumeName is the human-readable name of the + StorageOS volume. Volume names are only unique within + a namespace. + type: string + volumeNamespace: + description: volumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name to + override the default behaviour. Set to "default" if you + are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: fsType is filesystem type to mount. Must be + a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + web: + description: Defines the web command line flags when starting Alertmanager. + properties: + getConcurrency: + description: Maximum number of GET requests processed concurrently. + This corresponds to the Alertmanager's `--web.get-concurrency` + flag. + format: int32 + type: integer + httpConfig: + description: Defines HTTP parameters for web server. + properties: + headers: + description: List of headers that can be added to HTTP responses. + properties: + contentSecurityPolicy: + description: Set the Content-Security-Policy header to + HTTP responses. Unset if blank. + type: string + strictTransportSecurity: + description: Set the Strict-Transport-Security header + to HTTP responses. Unset if blank. Please make sure + that you use this with care as this header might force + browsers to load Prometheus and the other applications + hosted on the same domain and subdomains over HTTPS. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security + type: string + xContentTypeOptions: + description: Set the X-Content-Type-Options header to + HTTP responses. Unset if blank. Accepted value is nosniff. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options + enum: + - "" + - NoSniff + type: string + xFrameOptions: + description: Set the X-Frame-Options header to HTTP responses. + Unset if blank. Accepted values are deny and sameorigin. + https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options + enum: + - "" + - Deny + - SameOrigin + type: string + xXSSProtection: + description: Set the X-XSS-Protection header to all responses. + Unset if blank. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection + type: string + type: object + http2: + description: Enable HTTP/2 support. Note that HTTP/2 is only + supported with TLS. When TLSConfig is not configured, HTTP/2 + will be disabled. Whenever the value of the field changes, + a rolling update will be triggered. + type: boolean + type: object + timeout: + description: Timeout for HTTP requests. This corresponds to the + Alertmanager's `--web.timeout` flag. + format: int32 + type: integer + tlsConfig: + description: Defines the TLS parameters for HTTPS. + properties: + cert: + description: Contains the TLS certificate for the server. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cipherSuites: + description: 'List of supported cipher suites for TLS versions + up to TLS 1.2. If empty, Go default cipher suites are used. + Available cipher suites are documented in the go documentation: + https://golang.org/pkg/crypto/tls/#pkg-constants' + items: + type: string + type: array + client_ca: + description: Contains the CA certificate for client certificate + authentication to the server. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientAuthType: + description: 'Server policy for client authentication. Maps + to ClientAuth Policies. For more detail on clientAuth options: + https://golang.org/pkg/crypto/tls/#ClientAuthType' + type: string + curvePreferences: + description: 'Elliptic curves that will be used in an ECDHE + handshake, in preference order. Available curves are documented + in the go documentation: https://golang.org/pkg/crypto/tls/#CurveID' + items: + type: string + type: array + keySecret: + description: Secret containing the TLS key for the server. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + maxVersion: + description: Maximum TLS version that is acceptable. Defaults + to TLS13. + type: string + minVersion: + description: Minimum TLS version that is acceptable. Defaults + to TLS12. + type: string + preferServerCipherSuites: + description: Controls whether the server selects the client's + most preferred cipher suite, or the server's most preferred + cipher suite. If true then the server's preference, as expressed + in the order of elements in cipherSuites, is used. + type: boolean + required: + - cert + - keySecret + type: object + type: object + type: object + status: + description: 'Most recent observed status of the Alertmanager cluster. + Read-only. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) + targeted by this Alertmanager cluster. + format: int32 + type: integer + conditions: + description: The current state of the Alertmanager object. + items: + description: Condition represents the state of the resources associated + with the Prometheus, Alertmanager or ThanosRuler resource. + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status property. + format: date-time + type: string + message: + description: Human-readable message indicating details for the + condition's last transition. + type: string + observedGeneration: + description: ObservedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if `.metadata.generation` + is currently 12, but the `.status.conditions[].observedGeneration` + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer + reason: + description: Reason for the condition's last transition. + type: string + status: + description: Status of the condition. + type: string + type: + description: Type of the condition being reported. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + paused: + description: Represents whether any actions on the underlying managed + objects are being performed. Only delete actions will be performed. + type: boolean + replicas: + description: Total number of non-terminated pods targeted by this + Alertmanager object (their labels match the selector). + format: int32 + type: integer + unavailableReplicas: + description: Total number of unavailable pods targeted by this Alertmanager + object. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this + Alertmanager object that have the desired version spec. + format: int32 + type: integer + required: + - availableReplicas + - paused + - replicas + - unavailableReplicas + - updatedReplicas + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/operators/prometheus-operator/0.0.1/templates/crds/crd-podmonitors.yaml b/operators/prometheus-operator/0.0.1/templates/crds/crd-podmonitors.yaml new file mode 100644 index 0000000000..91e1674994 --- /dev/null +++ b/operators/prometheus-operator/0.0.1/templates/crds/crd-podmonitors.yaml @@ -0,0 +1,683 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.2/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: +{{- with .Values.crds.annotations }} +{{- toYaml . | nindent 4 }} +{{- end }} + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: podmonitors.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: PodMonitor + listKind: PodMonitorList + plural: podmonitors + shortNames: + - pmon + singular: podmonitor + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: PodMonitor defines monitoring for a set of pods. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Pod selection for target discovery + by Prometheus. + properties: + attachMetadata: + description: Attaches node metadata to discovered targets. Requires + Prometheus v2.35.0 and above. + properties: + node: + description: When set to true, Prometheus must have permissions + to get Nodes. + type: boolean + type: object + jobLabel: + description: The label to use to retrieve the job name from. + type: string + labelLimit: + description: Per-scrape limit on number of labels that will be accepted + for a sample. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelNameLengthLimit: + description: Per-scrape limit on length of labels name that will be + accepted for a sample. Only valid in Prometheus versions 2.27.0 + and newer. + format: int64 + type: integer + labelValueLengthLimit: + description: Per-scrape limit on length of labels value that will + be accepted for a sample. Only valid in Prometheus versions 2.27.0 + and newer. + format: int64 + type: integer + namespaceSelector: + description: Selector to select which namespaces the Endpoints objects + are discovered from. + properties: + any: + description: Boolean describing whether all namespaces are selected + in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names to select from. + items: + type: string + type: array + type: object + podMetricsEndpoints: + description: A list of endpoints allowed as part of this PodMonitor. + items: + description: PodMetricsEndpoint defines a scrapeable endpoint of + a Kubernetes Pod serving Prometheus metrics. + properties: + authorization: + description: Authorization section for this endpoint + properties: + credentials: + description: The secret's key that contains the credentials + of the request + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults to Bearer, + Basic will cause an error + type: string + type: object + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over + basic authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' + properties: + password: + description: The secret in the service monitor namespace + that contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace + that contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping + targets. The secret needs to be in the same namespace as the + pod monitor and accessible by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + enableHttp2: + description: Whether to enable HTTP2. + type: boolean + filterRunning: + description: 'Drop pods that are not running. (Failed, Succeeded). + Enabled by default. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase' + type: boolean + followRedirects: + description: FollowRedirects configures whether scrape requests + follow HTTP 3xx redirects. + type: boolean + honorLabels: + description: HonorLabels chooses the metric's labels on collisions + with target labels. + type: boolean + honorTimestamps: + description: HonorTimestamps controls whether Prometheus respects + the timestamps present in scraped data. + type: boolean + interval: + description: Interval at which metrics should be scraped If + not specified Prometheus' global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before + ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It + defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + default: replace + description: Action to perform based on regex matching. + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: Modulus to take of the hash of the source + label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. + items: + description: LabelName is a valid Prometheus label name + which may only contain ASCII letters, numbers, as + well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + oauth2: + description: OAuth2 for the URL. Only valid in Prometheus versions + 2.27.0 and newer. + properties: + clientId: + description: The secret or configmap containing the OAuth2 + client id + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + params: + additionalProperties: + items: + type: string + type: array + description: Optional HTTP URL parameters + type: object + path: + description: HTTP path to scrape for metrics. If empty, Prometheus + uses the default value (e.g. `/metrics`). + type: string + port: + description: Name of the pod port this endpoint refers to. Mutually + exclusive with targetPort. + type: string + proxyUrl: + description: ProxyURL eg http://proxyserver:2195 Directs scrapes + to proxy through this endpoint. + type: string + relabelings: + description: 'RelabelConfigs to apply to samples before scraping. + Prometheus Operator automatically adds relabelings for a few + standard Kubernetes fields. The original scrape job''s name + is available via the `__tmp_prometheus_job_name` label. More + info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of the + label set, being applied to samples before ingestion. It + defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + default: replace + description: Action to perform based on regex matching. + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: Modulus to take of the hash of the source + label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex + capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. + items: + description: LabelName is a valid Prometheus label name + which may only contain ASCII letters, numbers, as + well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + scheme: + description: HTTP scheme to use for scraping. `http` and `https` + are the expected values unless you rewrite the `__scheme__` + label via relabeling. If empty, Prometheus uses the default + value `http`. + enum: + - http + - https + type: string + scrapeTimeout: + description: Timeout after which the scrape is ended If not + specified, the Prometheus global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Deprecated: Use ''port'' instead.' + x-kubernetes-int-or-string: true + tlsConfig: + description: TLS configuration to use when scraping the endpoint. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + type: array + podTargetLabels: + description: PodTargetLabels transfers labels on the Kubernetes Pod + onto the target. + items: + type: string + type: array + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + selector: + description: Selector to select Pod objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + targetLimit: + description: TargetLimit defines a limit on the number of scraped + targets that will be accepted. + format: int64 + type: integer + required: + - podMetricsEndpoints + - selector + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/prometheus-operator/0.0.1/templates/crds/crd-probes.yaml b/operators/prometheus-operator/0.0.1/templates/crds/crd-probes.yaml new file mode 100644 index 0000000000..1574b5c96f --- /dev/null +++ b/operators/prometheus-operator/0.0.1/templates/crds/crd-probes.yaml @@ -0,0 +1,726 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.2/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: +{{- with .Values.crds.annotations }} +{{- toYaml . | nindent 4 }} +{{- end }} + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: probes.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: Probe + listKind: ProbeList + plural: probes + shortNames: + - prb + singular: probe + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Probe defines monitoring for a set of static targets or ingresses. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Specification of desired Ingress selection for target discovery + by Prometheus. + properties: + authorization: + description: Authorization section for this endpoint + properties: + credentials: + description: The secret's key that contains the credentials of + the request + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: + description: Set the authentication type. Defaults to Bearer, + Basic will cause an error + type: string + type: object + basicAuth: + description: 'BasicAuth allow an endpoint to authenticate over basic + authentication. More info: https://prometheus.io/docs/operating/configuration/#endpoint' + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerTokenSecret: + description: Secret to mount to read bearer token for scraping targets. + The secret needs to be in the same namespace as the probe and accessible + by the Prometheus Operator. + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + interval: + description: Interval at which targets are probed using the configured + prober. If not specified Prometheus' global scrape interval is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + jobName: + description: The job name assigned to scraped metrics by default. + type: string + labelLimit: + description: Per-scrape limit on number of labels that will be accepted + for a sample. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + labelNameLengthLimit: + description: Per-scrape limit on length of labels name that will be + accepted for a sample. Only valid in Prometheus versions 2.27.0 + and newer. + format: int64 + type: integer + labelValueLengthLimit: + description: Per-scrape limit on length of labels value that will + be accepted for a sample. Only valid in Prometheus versions 2.27.0 + and newer. + format: int64 + type: integer + metricRelabelings: + description: MetricRelabelConfigs to apply to samples before ingestion. + items: + description: 'RelabelConfig allows dynamic rewriting of the label + set, being applied to samples before ingestion. It defines ``-section + of Prometheus configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + default: replace + description: Action to perform based on regex matching. Default + is 'replace'. uppercase and lowercase actions require Prometheus + >= 2.36. + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: Modulus to take of the hash of the source label + values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex replace + is performed if the regular expression matches. Regex capture + groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source label + values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing labels. + Their content is concatenated using the configured separator + and matched against the configured regular expression for + the replace, keep, and drop actions. + items: + description: LabelName is a valid Prometheus label name which + may only contain ASCII letters, numbers, as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: Label to which the resulting value is written in + a replace action. It is mandatory for replace actions. Regex + capture groups are available. + type: string + type: object + type: array + module: + description: 'The module to use for probing specifying how to probe + the target. Example module configuring in the blackbox exporter: + https://github.com/prometheus/blackbox_exporter/blob/master/example.yml' + type: string + oauth2: + description: OAuth2 for the URL. Only valid in Prometheus versions + 2.27.0 and newer. + properties: + clientId: + description: The secret or configmap containing the OAuth2 client + id + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + clientSecret: + description: The secret containing the OAuth2 client secret + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + endpointParams: + additionalProperties: + type: string + description: Parameters to append to the token URL + type: object + scopes: + description: OAuth2 scopes used for the token request + items: + type: string + type: array + tokenUrl: + description: The URL to fetch the token from + minLength: 1 + type: string + required: + - clientId + - clientSecret + - tokenUrl + type: object + prober: + description: Specification for the prober to use for probing targets. + The prober.URL parameter is required. Targets cannot be probed if + left empty. + properties: + path: + default: /probe + description: Path to collect metrics from. Defaults to `/probe`. + type: string + proxyUrl: + description: Optional ProxyURL. + type: string + scheme: + description: HTTP scheme to use for scraping. `http` and `https` + are the expected values unless you rewrite the `__scheme__` + label via relabeling. If empty, Prometheus uses the default + value `http`. + enum: + - http + - https + type: string + url: + description: Mandatory URL of the prober. + type: string + required: + - url + type: object + sampleLimit: + description: SampleLimit defines per-scrape limit on number of scraped + samples that will be accepted. + format: int64 + type: integer + scrapeTimeout: + description: Timeout for scraping metrics from the Prometheus exporter. + If not specified, the Prometheus global scrape timeout is used. + pattern: ^(0|(([0-9]+)y)?(([0-9]+)w)?(([0-9]+)d)?(([0-9]+)h)?(([0-9]+)m)?(([0-9]+)s)?(([0-9]+)ms)?)$ + type: string + targetLimit: + description: TargetLimit defines a limit on the number of scraped + targets that will be accepted. + format: int64 + type: integer + targets: + description: Targets defines a set of static or dynamically discovered + targets to probe. + properties: + ingress: + description: ingress defines the Ingress objects to probe and + the relabeling configuration. If `staticConfig` is also defined, + `staticConfig` takes precedence. + properties: + namespaceSelector: + description: From which namespaces to select Ingress objects. + properties: + any: + description: Boolean describing whether all namespaces + are selected in contrast to a list restricting them. + type: boolean + matchNames: + description: List of namespace names to select from. + items: + type: string + type: array + type: object + relabelingConfigs: + description: 'RelabelConfigs to apply to the label set of + the target before it gets scraped. The original ingress + address is available via the `__tmp_prometheus_ingress_address` + label. It can be used to customize the probed URL. The original + scrape job''s name is available via the `__tmp_prometheus_job_name` + label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of + the label set, being applied to samples before ingestion. + It defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + default: replace + description: Action to perform based on regex matching. + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: Modulus to take of the hash of the source + label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex + replace is performed if the regular expression matches. + Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. + items: + description: LabelName is a valid Prometheus label + name which may only contain ASCII letters, numbers, + as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + selector: + description: Selector to select the Ingress objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + staticConfig: + description: 'staticConfig defines the static list of targets + to probe and the relabeling configuration. If `ingress` is also + defined, `staticConfig` takes precedence. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#static_config.' + properties: + labels: + additionalProperties: + type: string + description: Labels assigned to all metrics scraped from the + targets. + type: object + relabelingConfigs: + description: 'RelabelConfigs to apply to the label set of + the targets before it gets scraped. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config' + items: + description: 'RelabelConfig allows dynamic rewriting of + the label set, being applied to samples before ingestion. + It defines ``-section of Prometheus + configuration. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' + properties: + action: + default: replace + description: Action to perform based on regex matching. + Default is 'replace'. uppercase and lowercase actions + require Prometheus >= 2.36. + enum: + - replace + - Replace + - keep + - Keep + - drop + - Drop + - hashmod + - HashMod + - labelmap + - LabelMap + - labeldrop + - LabelDrop + - labelkeep + - LabelKeep + - lowercase + - Lowercase + - uppercase + - Uppercase + - keepequal + - KeepEqual + - dropequal + - DropEqual + type: string + modulus: + description: Modulus to take of the hash of the source + label values. + format: int64 + type: integer + regex: + description: Regular expression against which the extracted + value is matched. Default is '(.*)' + type: string + replacement: + description: Replacement value against which a regex + replace is performed if the regular expression matches. + Regex capture groups are available. Default is '$1' + type: string + separator: + description: Separator placed between concatenated source + label values. default is ';'. + type: string + sourceLabels: + description: The source labels select values from existing + labels. Their content is concatenated using the configured + separator and matched against the configured regular + expression for the replace, keep, and drop actions. + items: + description: LabelName is a valid Prometheus label + name which may only contain ASCII letters, numbers, + as well as underscores. + pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ + type: string + type: array + targetLabel: + description: Label to which the resulting value is written + in a replace action. It is mandatory for replace actions. + Regex capture groups are available. + type: string + type: object + type: array + static: + description: The list of hosts to probe. + items: + type: string + type: array + type: object + type: object + tlsConfig: + description: TLS configuration to use when scraping the endpoint. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keySecret: + description: Secret containing the client key file for the targets. + properties: + key: + description: The key of the secret to select from. Must be + a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be + defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/prometheus-operator/0.0.1/templates/crds/crd-prometheusagents.yaml b/operators/prometheus-operator/0.0.1/templates/crds/crd-prometheusagents.yaml new file mode 100644 index 0000000000..a34bb9a32e --- /dev/null +++ b/operators/prometheus-operator/0.0.1/templates/crds/crd-prometheusagents.yaml @@ -0,0 +1,8021 @@ +# https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.65.2/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: +{{- with .Values.crds.annotations }} +{{- toYaml . | nindent 4 }} +{{- end }} + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: prometheusagents.monitoring.coreos.com +spec: + group: monitoring.coreos.com + names: + categories: + - prometheus-operator + kind: PrometheusAgent + listKind: PrometheusAgentList + plural: prometheusagents + shortNames: + - promagent + singular: prometheusagent + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The version of Prometheus agent + jsonPath: .spec.version + name: Version + type: string + - description: The number of desired replicas + jsonPath: .spec.replicas + name: Desired + type: integer + - description: The number of ready replicas + jsonPath: .status.availableReplicas + name: Ready + type: integer + - jsonPath: .status.conditions[?(@.type == 'Reconciled')].status + name: Reconciled + type: string + - jsonPath: .status.conditions[?(@.type == 'Available')].status + name: Available + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Whether the resource reconciliation is paused or not + jsonPath: .status.paused + name: Paused + priority: 1 + type: boolean + name: v1alpha1 + schema: + openAPIV3Schema: + description: PrometheusAgent defines a Prometheus agent deployment. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Specification of the desired behavior of the Prometheus + agent. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + properties: + additionalArgs: + description: AdditionalArgs allows setting additional arguments for + the Prometheus container. It is intended for e.g. activating hidden + flags which are not supported by the dedicated configuration options + yet. The arguments are passed as-is to the Prometheus container + which may cause issues if they are invalid or not supported by the + given Prometheus version. In case of an argument conflict (e.g. + an argument which is already set by the operator itself) or when + providing an invalid argument the reconciliation will fail and an + error will be logged. + items: + description: Argument as part of the AdditionalArgs list. + properties: + name: + description: Name of the argument, e.g. "scrape.discovery-reload-interval". + minLength: 1 + type: string + value: + description: Argument value, e.g. 30s. Can be empty for name-only + arguments (e.g. --storage.tsdb.no-lockfile) + type: string + required: + - name + type: object + type: array + additionalScrapeConfigs: + description: 'AdditionalScrapeConfigs allows specifying a key of a + Secret containing additional Prometheus scrape configurations. Scrape + configurations specified are appended to the configurations generated + by the Prometheus Operator. Job configurations specified must have + the form as specified in the official Prometheus documentation: + https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. + As scrape configs are appended, the user is responsible to make + sure it is valid. Note that using this feature may expose the possibility + to break upgrades of Prometheus. It is advised to review Prometheus + release notes to ensure that no incompatible scrape configs are + going to break Prometheus after the upgrade.' + properties: + key: + description: The key of the secret to select from. Must be a + valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + affinity: + description: If specified, the pod's scheduling constraints. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + apiserverConfig: + description: APIServerConfig allows specifying a host and auth methods + to access apiserver. If left empty, Prometheus is assumed to run + inside of the cluster and will discover API servers automatically + and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/. + properties: + authorization: + description: Authorization section for accessing apiserver + properties: + credentials: + description: The secret's key that contains the credentials + of the request + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + credentialsFile: + description: File to read a secret from, mutually exclusive + with Credentials (from SafeAuthorization) + type: string + type: + description: Set the authentication type. Defaults to Bearer, + Basic will cause an error + type: string + type: object + basicAuth: + description: BasicAuth allow an endpoint to authenticate over + basic authentication + properties: + password: + description: The secret in the service monitor namespace that + contains the password for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + username: + description: The secret in the service monitor namespace that + contains the username for authentication. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + bearerToken: + description: Bearer token for accessing apiserver. + type: string + bearerTokenFile: + description: File to read bearer token for accessing apiserver. + type: string + host: + description: Host of apiserver. A valid string consisting of a + hostname or IP followed by an optional port number + type: string + tlsConfig: + description: TLS Config to use for accessing apiserver. + properties: + ca: + description: Certificate authority used when verifying server + certificates. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + caFile: + description: Path to the CA cert in the Prometheus container + to use for the targets. + type: string + cert: + description: Client certificate to present when doing client-authentication. + properties: + configMap: + description: ConfigMap containing data to use for the + targets. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secret: + description: Secret containing data to use for the targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + certFile: + description: Path to the client cert file in the Prometheus + container for the targets. + type: string + insecureSkipVerify: + description: Disable target certificate validation. + type: boolean + keyFile: + description: Path to the client key file in the Prometheus + container for the targets. + type: string + keySecret: + description: Secret containing the client key file for the + targets. + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + serverName: + description: Used to verify the hostname for the targets. + type: string + type: object + required: + - host + type: object + arbitraryFSAccessThroughSMs: + description: ArbitraryFSAccessThroughSMs configures whether configuration + based on a service monitor can access arbitrary files on the file + system of the Prometheus container e.g. bearer token files. + properties: + deny: + type: boolean + type: object + configMaps: + description: ConfigMaps is a list of ConfigMaps in the same namespace + as the Prometheus object, which shall be mounted into the Prometheus + Pods. Each ConfigMap is added to the StatefulSet definition as a + volume named `configmap-`. The ConfigMaps are mounted + into /etc/prometheus/configmaps/ in the 'prometheus' + container. + items: + type: string + type: array + containers: + description: 'Containers allows injecting additional containers or + modifying operator generated containers. This can be used to allow + adding an authentication proxy to a Prometheus pod or to change + the behavior of an operator generated container. Containers described + here modify an operator generated container if they share the same + name and modifications are done via a strategic merge patch. The + current container names are: `prometheus`, `config-reloader`, and + `thanos-sidecar`. Overriding containers is entirely outside the + scope of what the maintainers will support and by doing so, you + accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + enableFeatures: + description: Enable access to Prometheus disabled features. By default, + no features are enabled. Enabling disabled features is entirely + outside the scope of what the maintainers will support and by doing + so, you accept that this behaviour may break at any time without + notice. For more information see https://prometheus.io/docs/prometheus/latest/disabled_features/ + items: + type: string + type: array + enableRemoteWriteReceiver: + description: 'Enable Prometheus to be used as a receiver for the Prometheus + remote write protocol. Defaults to the value of `false`. WARNING: + This is not considered an efficient way of ingesting samples. Use + it with caution for specific low-volume use cases. It is not suitable + for replacing the ingestion via scraping and turning Prometheus + into a push-based metrics collection system. For more information + see https://prometheus.io/docs/prometheus/latest/querying/api/#remote-write-receiver + Only valid in Prometheus versions 2.33.0 and newer.' + type: boolean + enforcedBodySizeLimit: + description: 'EnforcedBodySizeLimit defines the maximum size of uncompressed + response body that will be accepted by Prometheus. Targets responding + with a body larger than this many bytes will cause the scrape to + fail. Example: 100MB. If defined, the limit will apply to all service/pod + monitors and probes. This is an experimental feature, this behaviour + could change or be removed in the future. Only valid in Prometheus + versions 2.28.0 and newer.' + pattern: (^0|([0-9]*[.])?[0-9]+((K|M|G|T|E|P)i?)?B)$ + type: string + enforcedLabelLimit: + description: Per-scrape limit on number of labels that will be accepted + for a sample. If more than this number of labels are present post + metric-relabeling, the entire scrape will be treated as failed. + 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + enforcedLabelNameLengthLimit: + description: Per-scrape limit on length of labels name that will be + accepted for a sample. If a label name is longer than this number + post metric-relabeling, the entire scrape will be treated as failed. + 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + enforcedLabelValueLengthLimit: + description: Per-scrape limit on length of labels value that will + be accepted for a sample. If a label value is longer than this number + post metric-relabeling, the entire scrape will be treated as failed. + 0 means no limit. Only valid in Prometheus versions 2.27.0 and newer. + format: int64 + type: integer + enforcedNamespaceLabel: + description: "EnforcedNamespaceLabel If set, a label will be added + to \n 1. all user-metrics (created by `ServiceMonitor`, `PodMonitor` + and `Probe` objects) and 2. in all `PrometheusRule` objects (except + the ones excluded in `prometheusRulesExcludedFromEnforce`) to * + alerting & recording rules and * the metrics used in their expressions + (`expr`). \n Label name is this field's value. Label value is the + namespace of the created object (mentioned above)." + type: string + enforcedSampleLimit: + description: EnforcedSampleLimit defines global limit on number of + scraped samples that will be accepted. This overrides any SampleLimit + set per ServiceMonitor or/and PodMonitor. It is meant to be used + by admins to enforce the SampleLimit to keep overall number of samples/series + under the desired limit. Note that if SampleLimit is lower that + value will be taken instead. + format: int64 + type: integer + enforcedTargetLimit: + description: EnforcedTargetLimit defines a global limit on the number + of scraped targets. This overrides any TargetLimit set per ServiceMonitor + or/and PodMonitor. It is meant to be used by admins to enforce + the TargetLimit to keep the overall number of targets under the + desired limit. Note that if TargetLimit is lower, that value will + be taken instead, except if either value is zero, in which case + the non-zero value will be used. If both values are zero, no limit + is enforced. + format: int64 + type: integer + excludedFromEnforcement: + description: List of references to PodMonitor, ServiceMonitor, Probe + and PrometheusRule objects to be excluded from enforcing a namespace + label of origin. Applies only if enforcedNamespaceLabel set to true. + items: + description: ObjectReference references a PodMonitor, ServiceMonitor, + Probe or PrometheusRule object. + properties: + group: + default: monitoring.coreos.com + description: Group of the referent. When not specified, it defaults + to `monitoring.coreos.com` + enum: + - monitoring.coreos.com + type: string + name: + description: Name of the referent. When not set, all resources + are matched. + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + minLength: 1 + type: string + resource: + description: Resource of the referent. + enum: + - prometheusrules + - servicemonitors + - podmonitors + - probes + type: string + required: + - namespace + - resource + type: object + type: array + externalLabels: + additionalProperties: + type: string + description: The labels to add to any time series or alerts when communicating + with external systems (federation, remote storage, Alertmanager). + type: object + externalUrl: + description: The external URL the Prometheus instances will be available + under. This is necessary to generate correct URLs. This is necessary + if Prometheus is not served from root of a DNS name. + type: string + hostAliases: + description: Pods' hostAliases configuration + items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + required: + - hostnames + - ip + type: object + type: array + x-kubernetes-list-map-keys: + - ip + x-kubernetes-list-type: map + hostNetwork: + description: Use the host's network namespace if true. Make sure to + understand the security implications if you want to enable it. When + hostNetwork is enabled, this will set dnsPolicy to ClusterFirstWithHostNet + automatically. + type: boolean + ignoreNamespaceSelectors: + description: IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector + settings from all PodMonitor, ServiceMonitor and Probe objects. + They will only discover endpoints within the namespace of the PodMonitor, + ServiceMonitor and Probe objects. Defaults to false. + type: boolean + image: + description: Image if specified has precedence over baseImage, tag + and sha combinations. Specifying the version is still necessary + to ensure the Prometheus Operator knows what version of Prometheus + is being configured. + type: string + imagePullPolicy: + description: Image pull policy for the 'prometheus', 'init-config-reloader' + and 'config-reloader' containers. See https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy + for more details. + enum: + - "" + - Always + - Never + - IfNotPresent + type: string + imagePullSecrets: + description: An optional list of references to secrets in the same + namespace to use for pulling prometheus and alertmanager images + from registries see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod + items: + description: LocalObjectReference contains enough information to + let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + initContainers: + description: 'InitContainers allows adding initContainers to the pod + definition. Those can be used to e.g. fetch secrets for injection + into the Prometheus configuration from external sources. Any errors + during the execution of an initContainer will lead to a restart + of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ + InitContainers described here modify an operator generated init + containers if they share the same name and modifications are done + via a strategic merge patch. The current init container name is: + `init-config-reloader`. Overriding init containers is entirely outside + the scope of what the maintainers will support and by doing so, + you accept that this behaviour may break at any time without notice.' + items: + description: A single application container that you want to run + within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. + Cannot be updated. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must be + a C_IDENTIFIER. All invalid keys will be reported as an event + when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take + precedence. Values defined by an Env with a duplicate key + will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. + properties: + postStart: + description: 'PostStart is called immediately after a container + is created. If the handler fails, the container is terminated + and restarted according to its restart policy. Other management + of the container blocks until the hook completes. More + info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, resource + contention, etc. The handler is not called if the container + crashes or exits. The Pod''s termination grace period + countdown begins before the PreStop hook is executed. + Regardless of the outcome of the handler, the container + will eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other management + of the container blocks until the hook completes or until + the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's + filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you need + to explicitly call out to that shell. Exit status + of 0 is treated as live/healthy and non-zero is + unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward compatibility. + There are no validation of this field and lifecycle + hooks will fail in runtime when tcp handler is specified. + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. More + info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. + items: + description: ContainerPort represents a network port in a + single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x < + 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the probe + fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resizePolicy: + description: Resources resize policy for the container. + items: + description: ContainerResizePolicy represents resource resize + policy for the container. + properties: + resourceName: + description: 'Name of the resource to which this resource + resize policy applies. Supported values: cpu, memory.' + type: string + restartPolicy: + description: Restart policy to apply when specified resource + is resized. If not specified, it defaults to NotRequired. + type: string + required: + - resourceName + - restartPolicy + type: object + type: array + x-kubernetes-list-type: atomic + resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by + the container runtime. Note that this field cannot be + set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent to + root on the host. Defaults to false. Note that this field + cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to + use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed until + this completes successfully. If this probe fails, the Pod + will be restarted, just as if the livenessProbe failed. This + can be used to provide different probe parameters at the beginning + of a Pod''s lifecycle, when it might take a long time to load + data or warm a cache, than during steady-state operation. + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + properties: + exec: + description: Exec specifies the action to take. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory for the + command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', etc) + won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. + format: int32 + type: integer + grpc: + description: GRPC specifies an action involving a GRPC port. + properties: + port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." + type: string + required: + - port + type: object + httpGet: + description: HTTPGet specifies the http request to perform. + properties: + host: + description: Host name to connect to, defaults to the + pod IP. You probably want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP + allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + anyOf: + - type: integer + - type: string + description: Name or number of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocket specifies an action involving a TCP + port. + properties: + host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' + type: string + port: + anyOf: + - type: integer + - type: string + description: Number or name of the port to access on + the container. Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill + signal. Set this value longer than the expected cleanup + time for your process. If this value is nil, the pod's + terminationGracePeriodSeconds will be used. Otherwise, + this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. Minimum value + is 1. spec.terminationGracePeriodSeconds is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe times + out. Defaults to 1 second. Minimum value is 1. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, reads + from stdin in the container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If this + flag is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success and + failure. FallbackToLogsOnError will use the last chunk of + container log output if the termination message file is empty + and the container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for + itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be + used by the container. + items: + description: volumeDevice describes a mapping of a raw block + device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which the volume + should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are + propagated from the host to container and the other + way around. When not set, MountPropagationNone is used. + This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves similarly + to SubPath but environment variable references $(VAR_NAME) + are expanded using the container's environment. Defaults + to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + listenLocal: + description: ListenLocal makes the Prometheus server listen on loopback, + so that it does not bind against the Pod IP. + type: boolean + logFormat: + description: Log format for Prometheus to be configured with. + enum: + - "" + - logfmt + - json + type: string + logLevel: + description: Log level for Prometheus to be configured with. + enum: + - "" + - debug + - info + - warn + - error + type: string + minReadySeconds: + description: Minimum number of seconds for which a newly created pod + should be ready without any of its container crashing for it to + be considered available. Defaults to 0 (pod will be considered available + as soon as it is ready) This is an alpha field from kubernetes 1.22 + until 1.24 which requires enabling the StatefulSetMinReadySeconds + feature gate. + format: int32 + type: integer + nodeSelector: + additionalProperties: + type: string + description: Define which Nodes the Pods are scheduled on. + type: object + overrideHonorLabels: + description: When true, Prometheus resolves label conflicts by renaming + the labels in the scraped data to "exported_