From c58a9482417758a971810ca0434a3addd9d57d97 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@renovateapp.com>
Date: Wed, 4 Sep 2024 06:21:48 +0000
Subject: [PATCH 01/30] Update Ironbank to v1.17.5
---
chart/Chart.yaml | 6 +++---
chart/values.yaml | 6 +++---
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index cec4872f..cdf37c47 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v2
name: vault
version: 0.28.1-bb.2
-appVersion: 1.17.3
+appVersion: 1.17.5
kubeVersion: ">= 1.20.0-0"
description: Official HashiCorp Vault Chart
home: https://www.vaultproject.io
@@ -32,10 +32,10 @@ dependencies:
repository: oci://registry1.dso.mil/bigbang
annotations:
bigbang.dev/applicationVersions: |
- - Vault: 1.17.3
+ - Vault: 1.17.5
helm.sh/images: |
- name: vault
- image: registry1.dso.mil/ironbank/hashicorp/vault:1.17.3
+ image: registry1.dso.mil/ironbank/hashicorp/vault:1.17.5
- name: vault-k8s
image: registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s:v1.4.2
- name: vault-csi-provider
diff --git a/chart/values.yaml b/chart/values.yaml
index b67c4196..6830700c 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -75,7 +75,7 @@ injector:
# required.
agentImage:
repository: "registry1.dso.mil/ironbank/hashicorp/vault"
- tag: "1.17.3"
+ tag: "1.17.5"
# The default values for the injected Vault Agent containers.
agentDefaults:
@@ -392,7 +392,7 @@ server:
image:
repository: "registry1.dso.mil/ironbank/hashicorp/vault"
- tag: "1.17.3"
+ tag: "1.17.5"
# Overrides the default Image Pull Policy
pullPolicy: IfNotPresent
@@ -1237,7 +1237,7 @@ csi:
image:
repository: "registry1.dso.mil/ironbank/hashicorp/vault"
- tag: "1.17.3"
+ tag: "1.17.5"
pullPolicy: IfNotPresent
logFormat: standard
--
GitLab
From d1168658408acc1f2ddc7dcf55502e09e20140ab Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Wed, 4 Sep 2024 08:14:18 -0500
Subject: [PATCH 02/30] upgrading vault to 1.17.5
---
CHANGELOG.md | 6 ++++++
README.md | 8 ++++----
2 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 31ec23ca..c7edb035 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
---
+## [0.28.1-bb.3] - 2024-09-04
+
+### Changed
+
+- Upgraded registry1.dso.mil/ironbank/hashicorp/vault 1.17.3 -> 1.17.5
+
## [0.28.1-bb.2] - 2024-08-27
### Updated
diff --git a/README.md b/README.md
index 9fd1cbc7..c0ede12d 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
<!-- Warning: Do not manually edit this file. See notes on gluon + helm-docs at the end of this file for more information. -->
# vault
- 
+ 
Official HashiCorp Vault Chart
@@ -71,7 +71,7 @@ helm install vault chart/
| injector.image.tag | string | `"v1.4.2"` | |
| injector.image.pullPolicy | string | `"IfNotPresent"` | |
| injector.agentImage.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
-| injector.agentImage.tag | string | `"1.17.3"` | |
+| injector.agentImage.tag | string | `"1.17.5"` | |
| injector.agentDefaults.cpuLimit | string | `"500m"` | |
| injector.agentDefaults.cpuRequest | string | `"500m"` | |
| injector.agentDefaults.memLimit | string | `"250Mi"` | |
@@ -141,7 +141,7 @@ helm install vault chart/
| server.enterpriseLicense.secretName | string | `""` | |
| server.enterpriseLicense.secretKey | string | `"license"` | |
| server.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
-| server.image.tag | string | `"1.17.3"` | |
+| server.image.tag | string | `"1.17.5"` | |
| server.image.pullPolicy | string | `"IfNotPresent"` | |
| server.updateStrategyType | string | `"OnDelete"` | |
| server.logLevel | string | `""` | |
@@ -302,7 +302,7 @@ helm install vault chart/
| csi.agent.enabled | bool | `true` | |
| csi.agent.extraArgs | list | `[]` | |
| csi.agent.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
-| csi.agent.image.tag | string | `"1.17.3"` | |
+| csi.agent.image.tag | string | `"1.17.5"` | |
| csi.agent.image.pullPolicy | string | `"IfNotPresent"` | |
| csi.agent.logFormat | string | `"standard"` | |
| csi.agent.logLevel | string | `"info"` | |
--
GitLab
From 0df18fce0bdeec400ac3bc2aef0112019fb5d8e5 Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Wed, 4 Sep 2024 08:17:43 -0500
Subject: [PATCH 03/30] bump chart version
---
chart/Chart.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index cdf37c47..78f67cfc 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v2
name: vault
-version: 0.28.1-bb.2
+version: 0.28.1-bb.3
appVersion: 1.17.5
kubeVersion: ">= 1.20.0-0"
description: Official HashiCorp Vault Chart
--
GitLab
From 43dc18bf174e4eb01064a13b1309f1f4b9d160dd Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Wed, 4 Sep 2024 08:19:38 -0500
Subject: [PATCH 04/30] regenerate readme
---
README.md | 694 +++++++++++++++++++++++++++---------------------------
1 file changed, 349 insertions(+), 345 deletions(-)
diff --git a/README.md b/README.md
index c0ede12d..209ad4d2 100644
--- a/README.md
+++ b/README.md
@@ -1,22 +1,25 @@
<!-- Warning: Do not manually edit this file. See notes on gluon + helm-docs at the end of this file for more information. -->
+
# vault
- 
+ 
Official HashiCorp Vault Chart
## Upstream References
-* <https://www.vaultproject.io>
-* <https://github.com/hashicorp/vault>
-* <https://github.com/hashicorp/vault-helm>
-* <https://github.com/hashicorp/vault-k8s>
-* <https://github.com/hashicorp/vault-csi-provider>
+- <https://www.vaultproject.io>
+
+- <https://github.com/hashicorp/vault>
+- <https://github.com/hashicorp/vault-helm>
+- <https://github.com/hashicorp/vault-k8s>
+- <https://github.com/hashicorp/vault-csi-provider>
### Upstream Release Notes
This package has no upstream release note links on file. Please add some to [chart/Chart.yaml](chart/Chart.yaml) under `annotations.bigbang.dev/upstreamReleaseNotesMarkdown`.
Example:
+
```yaml
annotations:
bigbang.dev/upstreamReleaseNotesMarkdown: |
@@ -25,14 +28,15 @@ annotations:
```
## Learn More
-* [Application Overview](docs/overview.md)
-* [Other Documentation](docs/)
+
+- [Application Overview](docs/overview.md)
+- [Other Documentation](docs/)
## Pre-Requisites
-* Kubernetes Cluster deployed
-* Kubernetes config installed in `~/.kube/config`
-* Helm installed
+- Kubernetes Cluster deployed
+- Kubernetes config installed in `~/.kube/config`
+- Helm installed
Kubernetes: `>= 1.20.0-0`
@@ -42,345 +46,346 @@ https://helm.sh/docs/intro/install/
## Deployment
-* Clone down the repository
-* cd into directory
+- Clone down the repository
+- cd into directory
+
```bash
helm install vault chart/
```
## Values
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| global.enabled | bool | `true` | |
-| global.namespace | string | `""` | |
-| global.imagePullSecrets[0].name | string | `"private-registry"` | |
-| global.tlsDisable | bool | `true` | |
-| global.externalVaultAddr | string | `""` | |
-| global.openshift | bool | `false` | |
-| global.psp.enable | bool | `false` | |
-| global.psp.annotations | string | `"seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default\napparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default\nseccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default\napparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default\n"` | |
-| global.serverTelemetry.prometheusOperator | bool | `false` | |
-| injector.enabled | string | `"-"` | |
-| injector.replicas | int | `1` | |
-| injector.port | int | `8080` | |
-| injector.leaderElector.enabled | bool | `false` | |
-| injector.metrics.enabled | bool | `true` | |
-| injector.externalVaultAddr | string | `""` | |
-| injector.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s"` | |
-| injector.image.tag | string | `"v1.4.2"` | |
-| injector.image.pullPolicy | string | `"IfNotPresent"` | |
-| injector.agentImage.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
-| injector.agentImage.tag | string | `"1.17.5"` | |
-| injector.agentDefaults.cpuLimit | string | `"500m"` | |
-| injector.agentDefaults.cpuRequest | string | `"500m"` | |
-| injector.agentDefaults.memLimit | string | `"250Mi"` | |
-| injector.agentDefaults.memRequest | string | `"250Mi"` | |
-| injector.agentDefaults.template | string | `"map"` | |
-| injector.agentDefaults.templateConfig.exitOnRetryFailure | bool | `true` | |
-| injector.agentDefaults.templateConfig.staticSecretRenderInterval | string | `""` | |
-| injector.livenessProbe.failureThreshold | int | `2` | |
-| injector.livenessProbe.initialDelaySeconds | int | `5` | |
-| injector.livenessProbe.periodSeconds | int | `2` | |
-| injector.livenessProbe.successThreshold | int | `1` | |
-| injector.livenessProbe.timeoutSeconds | int | `5` | |
-| injector.readinessProbe.failureThreshold | int | `2` | |
-| injector.readinessProbe.initialDelaySeconds | int | `5` | |
-| injector.readinessProbe.periodSeconds | int | `2` | |
-| injector.readinessProbe.successThreshold | int | `1` | |
-| injector.readinessProbe.timeoutSeconds | int | `5` | |
-| injector.startupProbe.failureThreshold | int | `12` | |
-| injector.startupProbe.initialDelaySeconds | int | `5` | |
-| injector.startupProbe.periodSeconds | int | `5` | |
-| injector.startupProbe.successThreshold | int | `1` | |
-| injector.startupProbe.timeoutSeconds | int | `5` | |
-| injector.authPath | string | `"auth/kubernetes"` | |
-| injector.logLevel | string | `"info"` | |
-| injector.logFormat | string | `"standard"` | |
-| injector.revokeOnShutdown | bool | `false` | |
-| injector.webhook.failurePolicy | string | `"Ignore"` | |
-| injector.webhook.matchPolicy | string | `"Exact"` | |
-| injector.webhook.timeoutSeconds | int | `30` | |
-| injector.webhook.namespaceSelector | object | `{}` | |
-| injector.webhook.objectSelector | string | `"matchExpressions:\n- key: app.kubernetes.io/name\n operator: NotIn\n values:\n - {{ template \"vault.name\" . }}-agent-injector\n"` | |
-| injector.webhook.annotations | object | `{}` | |
-| injector.failurePolicy | string | `"Ignore"` | |
-| injector.namespaceSelector | object | `{}` | |
-| injector.objectSelector | object | `{}` | |
-| injector.webhookAnnotations | object | `{}` | |
-| injector.certs.secretName | string | `nil` | |
-| injector.certs.caBundle | string | `""` | |
-| injector.certs.certName | string | `"tls.crt"` | |
-| injector.certs.keyName | string | `"tls.key"` | |
-| injector.securityContext.pod | object | `{}` | |
-| injector.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
-| injector.resources.requests.memory | string | `"256Mi"` | |
-| injector.resources.requests.cpu | string | `"250m"` | |
-| injector.resources.limits.memory | string | `"256Mi"` | |
-| injector.resources.limits.cpu | string | `"250m"` | |
-| injector.extraEnvironmentVars | object | `{}` | |
-| injector.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}-agent-injector\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: webhook\n topologyKey: kubernetes.io/hostname\n"` | |
-| injector.topologySpreadConstraints | list | `[]` | |
-| injector.tolerations | list | `[]` | |
-| injector.nodeSelector | object | `{}` | |
-| injector.priorityClassName | string | `""` | |
-| injector.annotations | object | `{}` | |
-| injector.extraLabels | object | `{}` | |
-| injector.hostNetwork | bool | `false` | |
-| injector.service.annotations | object | `{}` | |
-| injector.serviceAccount.annotations | object | `{}` | |
-| injector.podDisruptionBudget | object | `{}` | |
-| injector.strategy | object | `{}` | |
-| server.enabled | bool | `true` | |
-| server.extraSecretEnvironmentVars[0].envName | string | `"AWS_ACCESS_KEY_ID"` | |
-| server.extraSecretEnvironmentVars[0].secretName | string | `"eks-creds"` | |
-| server.extraSecretEnvironmentVars[0].secretKey | string | `"AWS_ACCESS_KEY_ID"` | |
-| server.extraSecretEnvironmentVars[1].envName | string | `"AWS_SECRET_ACCESS_KEY"` | |
-| server.extraSecretEnvironmentVars[1].secretName | string | `"eks-creds"` | |
-| server.extraSecretEnvironmentVars[1].secretKey | string | `"AWS_SECRET_ACCESS_KEY"` | |
-| server.enterpriseLicense.secretName | string | `""` | |
-| server.enterpriseLicense.secretKey | string | `"license"` | |
-| server.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
-| server.image.tag | string | `"1.17.5"` | |
-| server.image.pullPolicy | string | `"IfNotPresent"` | |
-| server.updateStrategyType | string | `"OnDelete"` | |
-| server.logLevel | string | `""` | |
-| server.logFormat | string | `""` | |
-| server.resources.requests.memory | string | `"256Mi"` | |
-| server.resources.requests.cpu | string | `"250m"` | |
-| server.resources.limits.memory | string | `"256Mi"` | |
-| server.resources.limits.cpu | string | `"250m"` | |
-| server.ingress.enabled | bool | `false` | |
-| server.ingress.labels | object | `{}` | |
-| server.ingress.annotations | object | `{}` | |
-| server.ingress.ingressClassName | string | `""` | |
-| server.ingress.pathType | string | `"Prefix"` | |
-| server.ingress.activeService | bool | `true` | |
-| server.ingress.hosts[0].host | string | `"chart-example.local"` | |
-| server.ingress.hosts[0].paths | list | `[]` | |
-| server.ingress.extraPaths | list | `[]` | |
-| server.ingress.tls | list | `[]` | |
-| server.hostAliases | list | `[]` | |
-| server.route.enabled | bool | `false` | |
-| server.route.activeService | bool | `true` | |
-| server.route.labels | object | `{}` | |
-| server.route.annotations | object | `{}` | |
-| server.route.host | string | `"chart-example.local"` | |
-| server.route.tls.termination | string | `"passthrough"` | |
-| server.authDelegator.enabled | bool | `true` | |
-| server.extraInitContainers | string | `nil` | |
-| server.extraContainers | string | `nil` | |
-| server.shareProcessNamespace | bool | `false` | |
-| server.extraArgs | string | `""` | |
-| server.extraPorts | string | `nil` | |
-| server.readinessProbe.enabled | bool | `true` | |
-| server.readinessProbe.port | int | `8200` | |
-| server.readinessProbe.failureThreshold | int | `2` | |
-| server.readinessProbe.initialDelaySeconds | int | `5` | |
-| server.readinessProbe.periodSeconds | int | `5` | |
-| server.readinessProbe.successThreshold | int | `1` | |
-| server.readinessProbe.timeoutSeconds | int | `3` | |
-| server.livenessProbe.enabled | bool | `false` | |
-| server.livenessProbe.execCommand | list | `[]` | |
-| server.livenessProbe.path | string | `"/v1/sys/health?standbyok=true"` | |
-| server.livenessProbe.port | int | `8200` | |
-| server.livenessProbe.failureThreshold | int | `2` | |
-| server.livenessProbe.initialDelaySeconds | int | `60` | |
-| server.livenessProbe.periodSeconds | int | `5` | |
-| server.livenessProbe.successThreshold | int | `1` | |
-| server.livenessProbe.timeoutSeconds | int | `3` | |
-| server.terminationGracePeriodSeconds | int | `10` | |
-| server.preStopSleepSeconds | int | `5` | |
-| server.postStart | list | `[]` | |
-| server.extraEnvironmentVars | object | `{}` | |
-| server.extraSecretEnvironmentVars | list | `[]` | |
-| server.extraVolumes | list | `[]` | |
-| server.volumes | string | `nil` | |
-| server.volumeMounts | string | `nil` | |
-| server.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: server\n topologyKey: kubernetes.io/hostname\n"` | |
-| server.topologySpreadConstraints | list | `[]` | |
-| server.tolerations | list | `[]` | |
-| server.nodeSelector | object | `{}` | |
-| server.networkPolicy.enabled | bool | `false` | |
-| server.networkPolicy.egress | list | `[]` | |
-| server.networkPolicy.ingress[0].from[0].namespaceSelector | object | `{}` | |
-| server.networkPolicy.ingress[0].ports[0].port | int | `8200` | |
-| server.networkPolicy.ingress[0].ports[0].protocol | string | `"TCP"` | |
-| server.networkPolicy.ingress[0].ports[1].port | int | `8201` | |
-| server.networkPolicy.ingress[0].ports[1].protocol | string | `"TCP"` | |
-| server.priorityClassName | string | `""` | |
-| server.extraLabels | object | `{}` | |
-| server.annotations | object | `{}` | |
-| server.configAnnotation | bool | `false` | |
-| server.service.enabled | bool | `true` | |
-| server.service.active.enabled | bool | `true` | |
-| server.service.active.annotations | object | `{}` | |
-| server.service.standby.enabled | bool | `true` | |
-| server.service.standby.annotations | object | `{}` | |
-| server.service.instanceSelector.enabled | bool | `true` | |
-| server.service.ipFamilyPolicy | string | `""` | |
-| server.service.ipFamilies | list | `[]` | |
-| server.service.publishNotReadyAddresses | bool | `true` | |
-| server.service.externalTrafficPolicy | string | `"Cluster"` | |
-| server.service.port | int | `8200` | |
-| server.service.targetPort | int | `8200` | |
-| server.service.annotations | object | `{}` | |
-| server.dataStorage.enabled | bool | `true` | |
-| server.dataStorage.size | string | `"10Gi"` | |
-| server.dataStorage.mountPath | string | `"/vault/data"` | |
-| server.dataStorage.storageClass | string | `nil` | |
-| server.dataStorage.accessMode | string | `"ReadWriteOnce"` | |
-| server.dataStorage.annotations | object | `{}` | |
-| server.dataStorage.labels | object | `{}` | |
-| server.persistentVolumeClaimRetentionPolicy | object | `{}` | |
-| server.auditStorage.enabled | bool | `true` | |
-| server.auditStorage.size | string | `"10Gi"` | |
-| server.auditStorage.mountPath | string | `"/vault/audit"` | |
-| server.auditStorage.storageClass | string | `nil` | |
-| server.auditStorage.accessMode | string | `"ReadWriteOnce"` | |
-| server.auditStorage.annotations | object | `{}` | |
-| server.auditStorage.labels | object | `{}` | |
-| server.dev.enabled | bool | `false` | |
-| server.dev.devRootToken | string | `"root"` | |
-| server.standalone.enabled | string | `"-"` | |
-| server.standalone.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\n\ntelemetry {\n prometheus_retention_time = \"24h\"\n disable_hostname = true\n unauthenticated_metrics_access = true\n}\n\n{{- if .Values.server.dataStorage.enabled }}\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n{{- end }}\n\n{{- if and (not .Values.server.dataStorage.enabled) .Values.minio.enabled }}\nstorage \"s3\" {\n access_key = \"{{ .Values.minio.accessKey }}\"\n secret_key = \"{{ .Values.minio.secretKey }}\"\n endpoint = \"{{ .Values.minio.endpoint }}\"\n bucket = \"{{ .Values.minio.bucketName }}\"\n s3_force_path_style = \"true\"\n disable_ssl = \"{{ .Values.minio.disableSSL }}\"\n}\n{{- end }}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics in your config.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}\n"` | |
-| server.ha.enabled | bool | `false` | |
-| server.ha.replicas | int | `3` | |
-| server.ha.apiAddr | string | `nil` | |
-| server.ha.clusterAddr | string | `nil` | |
-| server.ha.raft.enabled | bool | `true` | |
-| server.ha.raft.setNodeId | bool | `true` | |
-| server.ha.raft.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\n\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n\ntelemetry {\n prometheus_retention_time = \"24h\"\n disable_hostname = true\n unauthenticated_metrics_access = true\n}\n\n\nservice_registration \"kubernetes\" {}\n"` | |
-| server.ha.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n}\nstorage \"consul\" {\n path = \"vault\"\n address = \"HOST_IP:8500\"\n}\n\nservice_registration \"kubernetes\" {}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev-246514\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics.\n# If you are using Prometheus Operator you can enable a ServiceMonitor resource below.\n# You may wish to enable unauthenticated metrics in the listener block above.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}\n"` | |
-| server.ha.disruptionBudget.enabled | bool | `true` | |
-| server.ha.disruptionBudget.maxUnavailable | string | `nil` | |
-| server.serviceAccount.create | bool | `true` | |
-| server.serviceAccount.name | string | `""` | |
-| server.serviceAccount.createSecret | bool | `false` | |
-| server.serviceAccount.annotations | object | `{}` | |
-| server.serviceAccount.extraLabels | object | `{}` | |
-| server.serviceAccount.serviceDiscovery.enabled | bool | `true` | |
-| server.statefulSet.annotations | object | `{}` | |
-| server.statefulSet.securityContext.pod | object | `{}` | |
-| server.statefulSet.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
-| server.hostNetwork | bool | `false` | |
-| ui.enabled | bool | `true` | |
-| ui.publishNotReadyAddresses | bool | `true` | |
-| ui.activeVaultPodOnly | bool | `false` | |
-| ui.serviceType | string | `"ClusterIP"` | |
-| ui.serviceNodePort | string | `nil` | |
-| ui.externalPort | int | `8200` | |
-| ui.targetPort | int | `8200` | |
-| ui.serviceIPFamilyPolicy | string | `""` | |
-| ui.serviceIPFamilies | list | `[]` | |
-| ui.externalTrafficPolicy | string | `"Cluster"` | |
-| ui.annotations | object | `{}` | |
-| csi.enabled | bool | `false` | |
-| csi.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault-csi-provider"` | |
-| csi.image.tag | string | `"v1.5.0"` | |
-| csi.image.pullPolicy | string | `"IfNotPresent"` | |
-| csi.volumes | string | `nil` | |
-| csi.volumeMounts | string | `nil` | |
-| csi.resources.requests.cpu | string | `"50m"` | |
-| csi.resources.requests.memory | string | `"128Mi"` | |
-| csi.resources.limits.cpu | string | `"50m"` | |
-| csi.resources.limits.memory | string | `"128Mi"` | |
-| csi.hmacSecretName | string | `""` | |
-| csi.daemonSet.updateStrategy.type | string | `"RollingUpdate"` | |
-| csi.daemonSet.updateStrategy.maxUnavailable | string | `""` | |
-| csi.daemonSet.annotations | object | `{}` | |
-| csi.daemonSet.providersDir | string | `"/etc/kubernetes/secrets-store-csi-providers"` | |
-| csi.daemonSet.kubeletRootDir | string | `"/var/lib/kubelet"` | |
-| csi.daemonSet.extraLabels | object | `{}` | |
-| csi.daemonSet.securityContext.pod | object | `{}` | |
-| csi.daemonSet.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
-| csi.pod.annotations | object | `{}` | |
-| csi.pod.tolerations | list | `[]` | |
-| csi.pod.nodeSelector | object | `{}` | |
-| csi.pod.affinity | object | `{}` | |
-| csi.pod.extraLabels | object | `{}` | |
-| csi.agent.enabled | bool | `true` | |
-| csi.agent.extraArgs | list | `[]` | |
-| csi.agent.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
-| csi.agent.image.tag | string | `"1.17.5"` | |
-| csi.agent.image.pullPolicy | string | `"IfNotPresent"` | |
-| csi.agent.logFormat | string | `"standard"` | |
-| csi.agent.logLevel | string | `"info"` | |
-| csi.agent.resources.requests.memory | string | `"256Mi"` | |
-| csi.agent.resources.requests.cpu | string | `"250m"` | |
-| csi.agent.resources.limits.memory | string | `"256Mi"` | |
-| csi.agent.resources.limits.cpu | string | `"250m"` | |
-| csi.priorityClassName | string | `""` | |
-| csi.serviceAccount.annotations | object | `{}` | |
-| csi.serviceAccount.extraLabels | object | `{}` | |
-| csi.readinessProbe.failureThreshold | int | `2` | |
-| csi.readinessProbe.initialDelaySeconds | int | `5` | |
-| csi.readinessProbe.periodSeconds | int | `5` | |
-| csi.readinessProbe.successThreshold | int | `1` | |
-| csi.readinessProbe.timeoutSeconds | int | `3` | |
-| csi.livenessProbe.failureThreshold | int | `2` | |
-| csi.livenessProbe.initialDelaySeconds | int | `5` | |
-| csi.livenessProbe.periodSeconds | int | `5` | |
-| csi.livenessProbe.successThreshold | int | `1` | |
-| csi.livenessProbe.timeoutSeconds | int | `3` | |
-| csi.debug | bool | `false` | |
-| csi.extraArgs | list | `[]` | |
-| domain | string | `"bigbang.dev"` | |
-| monitoring.enabled | bool | `false` | |
-| monitoring.namespace | string | `"monitoring"` | |
-| networkPolicies.enabled | bool | `false` | |
-| networkPolicies.controlPlaneCidr | string | `"0.0.0.0/0"` | |
-| networkPolicies.vpcCidr | string | `"0.0.0.0/0"` | |
-| networkPolicies.ingressLabels.app | string | `"istio-ingressgateway"` | |
-| networkPolicies.ingressLabels.istio | string | `"ingressgateway"` | |
-| networkPolicies.additionalPolicies | list | `[]` | |
-| autoInit.enabled | bool | `true` | |
-| autoInit.image.repository | string | `"registry1.dso.mil/ironbank/big-bang/base"` | |
-| autoInit.image.tag | string | `"2.1.0"` | |
-| autoInit.storage.size | string | `"2Gi"` | |
-| istio.enabled | bool | `false` | |
-| istio.hardened.enabled | bool | `false` | |
-| istio.hardened.customAuthorizationPolicies | list | `[]` | |
-| istio.hardened.monitoring.enabled | bool | `true` | |
-| istio.hardened.monitoring.namespaces[0] | string | `"monitoring"` | |
-| istio.hardened.monitoring.principals[0] | string | `"cluster.local/ns/monitoring/sa/monitoring-grafana"` | |
-| istio.hardened.monitoring.principals[1] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"` | |
-| istio.hardened.monitoring.principals[2] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"` | |
-| istio.hardened.monitoring.principals[3] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"` | |
-| istio.hardened.monitoring.principals[4] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"` | |
-| istio.hardened.monitoring.principals[5] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"` | |
-| istio.hardened.apiAccess.enabled | bool | `true` | |
-| istio.hardened.apiAccess.ports[0] | string | `"8200"` | |
-| istio.vault.enabled | bool | `true` | |
-| istio.vault.gateways[0] | string | `"istio-system/main"` | |
-| istio.vault.hosts[0] | string | `"vault.{{ .Values.domain }}"` | |
-| istio.vault.tls.cert | string | `""` | |
-| istio.vault.tls.key | string | `""` | |
-| istio.mtls.mode | string | `"STRICT"` | |
-| minio.enabled | bool | `false` | |
-| customAppIngressSelector.key | string | `"vault-ingress"` | |
-| customAppIngressSelector.value | bool | `true` | |
-| serverTelemetry.serviceMonitor.enabled | bool | `false` | |
-| serverTelemetry.serviceMonitor.selectors | object | `{}` | |
-| serverTelemetry.serviceMonitor.interval | string | `"30s"` | |
-| serverTelemetry.serviceMonitor.scrapeTimeout | string | `"10s"` | |
-| serverTelemetry.serviceMonitor.tlsConfig | object | `{}` | |
-| serverTelemetry.serviceMonitor.authorization | object | `{}` | |
-| serverTelemetry.prometheusRules.enabled | bool | `false` | |
-| serverTelemetry.prometheusRules.selectors | object | `{}` | |
-| serverTelemetry.prometheusRules.rules | list | `[]` | |
-| bbtests.enabled | bool | `false` | |
-| bbtests.cypress.resources.requests.cpu | int | `2` | |
-| bbtests.cypress.resources.requests.memory | string | `"8Gi"` | |
-| bbtests.cypress.resources.limits.cpu | int | `2` | |
-| bbtests.cypress.resources.limits.memory | string | `"8Gi"` | |
-| bbtests.cypress.artifacts | bool | `true` | |
-| bbtests.cypress.envs.cypress_vault_url | string | `"http://vault.vault.svc:8200"` | |
-| bbtests.cypress.secretEnvs[0].name | string | `"cypress_token"` | |
-| bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.name | string | `"vault-token"` | |
-| bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.key | string | `"key"` | |
-| bbtests.cypress.disableDefaultTests | bool | `false` | |
-| openshift | bool | `false` | |
+| Key | Type | Default | Description |
+| ----------------------------------------------------------------- | ------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
+| global.enabled | bool | `true` | |
+| global.namespace | string | `""` | |
+| global.imagePullSecrets[0].name | string | `"private-registry"` | |
+| global.tlsDisable | bool | `true` | |
+| global.externalVaultAddr | string | `""` | |
+| global.openshift | bool | `false` | |
+| global.psp.enable | bool | `false` | |
+| global.psp.annotations | string | `"seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default\napparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default\nseccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default\napparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default\n"` | |
+| global.serverTelemetry.prometheusOperator | bool | `false` | |
+| injector.enabled | string | `"-"` | |
+| injector.replicas | int | `1` | |
+| injector.port | int | `8080` | |
+| injector.leaderElector.enabled | bool | `false` | |
+| injector.metrics.enabled | bool | `true` | |
+| injector.externalVaultAddr | string | `""` | |
+| injector.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s"` | |
+| injector.image.tag | string | `"v1.4.2"` | |
+| injector.image.pullPolicy | string | `"IfNotPresent"` | |
+| injector.agentImage.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
+| injector.agentImage.tag | string | `"1.17.5"` | |
+| injector.agentDefaults.cpuLimit | string | `"500m"` | |
+| injector.agentDefaults.cpuRequest | string | `"500m"` | |
+| injector.agentDefaults.memLimit | string | `"250Mi"` | |
+| injector.agentDefaults.memRequest | string | `"250Mi"` | |
+| injector.agentDefaults.template | string | `"map"` | |
+| injector.agentDefaults.templateConfig.exitOnRetryFailure | bool | `true` | |
+| injector.agentDefaults.templateConfig.staticSecretRenderInterval | string | `""` | |
+| injector.livenessProbe.failureThreshold | int | `2` | |
+| injector.livenessProbe.initialDelaySeconds | int | `5` | |
+| injector.livenessProbe.periodSeconds | int | `2` | |
+| injector.livenessProbe.successThreshold | int | `1` | |
+| injector.livenessProbe.timeoutSeconds | int | `5` | |
+| injector.readinessProbe.failureThreshold | int | `2` | |
+| injector.readinessProbe.initialDelaySeconds | int | `5` | |
+| injector.readinessProbe.periodSeconds | int | `2` | |
+| injector.readinessProbe.successThreshold | int | `1` | |
+| injector.readinessProbe.timeoutSeconds | int | `5` | |
+| injector.startupProbe.failureThreshold | int | `12` | |
+| injector.startupProbe.initialDelaySeconds | int | `5` | |
+| injector.startupProbe.periodSeconds | int | `5` | |
+| injector.startupProbe.successThreshold | int | `1` | |
+| injector.startupProbe.timeoutSeconds | int | `5` | |
+| injector.authPath | string | `"auth/kubernetes"` | |
+| injector.logLevel | string | `"info"` | |
+| injector.logFormat | string | `"standard"` | |
+| injector.revokeOnShutdown | bool | `false` | |
+| injector.webhook.failurePolicy | string | `"Ignore"` | |
+| injector.webhook.matchPolicy | string | `"Exact"` | |
+| injector.webhook.timeoutSeconds | int | `30` | |
+| injector.webhook.namespaceSelector | object | `{}` | |
+| injector.webhook.objectSelector | string | `"matchExpressions:\n- key: app.kubernetes.io/name\n operator: NotIn\n values:\n - {{ template \"vault.name\" . }}-agent-injector\n"` | |
+| injector.webhook.annotations | object | `{}` | |
+| injector.failurePolicy | string | `"Ignore"` | |
+| injector.namespaceSelector | object | `{}` | |
+| injector.objectSelector | object | `{}` | |
+| injector.webhookAnnotations | object | `{}` | |
+| injector.certs.secretName | string | `nil` | |
+| injector.certs.caBundle | string | `""` | |
+| injector.certs.certName | string | `"tls.crt"` | |
+| injector.certs.keyName | string | `"tls.key"` | |
+| injector.securityContext.pod | object | `{}` | |
+| injector.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
+| injector.resources.requests.memory | string | `"256Mi"` | |
+| injector.resources.requests.cpu | string | `"250m"` | |
+| injector.resources.limits.memory | string | `"256Mi"` | |
+| injector.resources.limits.cpu | string | `"250m"` | |
+| injector.extraEnvironmentVars | object | `{}` | |
+| injector.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}-agent-injector\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: webhook\n topologyKey: kubernetes.io/hostname\n"` | |
+| injector.topologySpreadConstraints | list | `[]` | |
+| injector.tolerations | list | `[]` | |
+| injector.nodeSelector | object | `{}` | |
+| injector.priorityClassName | string | `""` | |
+| injector.annotations | object | `{}` | |
+| injector.extraLabels | object | `{}` | |
+| injector.hostNetwork | bool | `false` | |
+| injector.service.annotations | object | `{}` | |
+| injector.serviceAccount.annotations | object | `{}` | |
+| injector.podDisruptionBudget | object | `{}` | |
+| injector.strategy | object | `{}` | |
+| server.enabled | bool | `true` | |
+| server.extraSecretEnvironmentVars[0].envName | string | `"AWS_ACCESS_KEY_ID"` | |
+| server.extraSecretEnvironmentVars[0].secretName | string | `"eks-creds"` | |
+| server.extraSecretEnvironmentVars[0].secretKey | string | `"AWS_ACCESS_KEY_ID"` | |
+| server.extraSecretEnvironmentVars[1].envName | string | `"AWS_SECRET_ACCESS_KEY"` | |
+| server.extraSecretEnvironmentVars[1].secretName | string | `"eks-creds"` | |
+| server.extraSecretEnvironmentVars[1].secretKey | string | `"AWS_SECRET_ACCESS_KEY"` | |
+| server.enterpriseLicense.secretName | string | `""` | |
+| server.enterpriseLicense.secretKey | string | `"license"` | |
+| server.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
+| server.image.tag | string | `"1.17.5"` | |
+| server.image.pullPolicy | string | `"IfNotPresent"` | |
+| server.updateStrategyType | string | `"OnDelete"` | |
+| server.logLevel | string | `""` | |
+| server.logFormat | string | `""` | |
+| server.resources.requests.memory | string | `"256Mi"` | |
+| server.resources.requests.cpu | string | `"250m"` | |
+| server.resources.limits.memory | string | `"256Mi"` | |
+| server.resources.limits.cpu | string | `"250m"` | |
+| server.ingress.enabled | bool | `false` | |
+| server.ingress.labels | object | `{}` | |
+| server.ingress.annotations | object | `{}` | |
+| server.ingress.ingressClassName | string | `""` | |
+| server.ingress.pathType | string | `"Prefix"` | |
+| server.ingress.activeService | bool | `true` | |
+| server.ingress.hosts[0].host | string | `"chart-example.local"` | |
+| server.ingress.hosts[0].paths | list | `[]` | |
+| server.ingress.extraPaths | list | `[]` | |
+| server.ingress.tls | list | `[]` | |
+| server.hostAliases | list | `[]` | |
+| server.route.enabled | bool | `false` | |
+| server.route.activeService | bool | `true` | |
+| server.route.labels | object | `{}` | |
+| server.route.annotations | object | `{}` | |
+| server.route.host | string | `"chart-example.local"` | |
+| server.route.tls.termination | string | `"passthrough"` | |
+| server.authDelegator.enabled | bool | `true` | |
+| server.extraInitContainers | string | `nil` | |
+| server.extraContainers | string | `nil` | |
+| server.shareProcessNamespace | bool | `false` | |
+| server.extraArgs | string | `""` | |
+| server.extraPorts | string | `nil` | |
+| server.readinessProbe.enabled | bool | `true` | |
+| server.readinessProbe.port | int | `8200` | |
+| server.readinessProbe.failureThreshold | int | `2` | |
+| server.readinessProbe.initialDelaySeconds | int | `5` | |
+| server.readinessProbe.periodSeconds | int | `5` | |
+| server.readinessProbe.successThreshold | int | `1` | |
+| server.readinessProbe.timeoutSeconds | int | `3` | |
+| server.livenessProbe.enabled | bool | `false` | |
+| server.livenessProbe.execCommand | list | `[]` | |
+| server.livenessProbe.path | string | `"/v1/sys/health?standbyok=true"` | |
+| server.livenessProbe.port | int | `8200` | |
+| server.livenessProbe.failureThreshold | int | `2` | |
+| server.livenessProbe.initialDelaySeconds | int | `60` | |
+| server.livenessProbe.periodSeconds | int | `5` | |
+| server.livenessProbe.successThreshold | int | `1` | |
+| server.livenessProbe.timeoutSeconds | int | `3` | |
+| server.terminationGracePeriodSeconds | int | `10` | |
+| server.preStopSleepSeconds | int | `5` | |
+| server.postStart | list | `[]` | |
+| server.extraEnvironmentVars | object | `{}` | |
+| server.extraSecretEnvironmentVars | list | `[]` | |
+| server.extraVolumes | list | `[]` | |
+| server.volumes | string | `nil` | |
+| server.volumeMounts | string | `nil` | |
+| server.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: server\n topologyKey: kubernetes.io/hostname\n"` | |
+| server.topologySpreadConstraints | list | `[]` | |
+| server.tolerations | list | `[]` | |
+| server.nodeSelector | object | `{}` | |
+| server.networkPolicy.enabled | bool | `false` | |
+| server.networkPolicy.egress | list | `[]` | |
+| server.networkPolicy.ingress[0].from[0].namespaceSelector | object | `{}` | |
+| server.networkPolicy.ingress[0].ports[0].port | int | `8200` | |
+| server.networkPolicy.ingress[0].ports[0].protocol | string | `"TCP"` | |
+| server.networkPolicy.ingress[0].ports[1].port | int | `8201` | |
+| server.networkPolicy.ingress[0].ports[1].protocol | string | `"TCP"` | |
+| server.priorityClassName | string | `""` | |
+| server.extraLabels | object | `{}` | |
+| server.annotations | object | `{}` | |
+| server.configAnnotation | bool | `false` | |
+| server.service.enabled | bool | `true` | |
+| server.service.active.enabled | bool | `true` | |
+| server.service.active.annotations | object | `{}` | |
+| server.service.standby.enabled | bool | `true` | |
+| server.service.standby.annotations | object | `{}` | |
+| server.service.instanceSelector.enabled | bool | `true` | |
+| server.service.ipFamilyPolicy | string | `""` | |
+| server.service.ipFamilies | list | `[]` | |
+| server.service.publishNotReadyAddresses | bool | `true` | |
+| server.service.externalTrafficPolicy | string | `"Cluster"` | |
+| server.service.port | int | `8200` | |
+| server.service.targetPort | int | `8200` | |
+| server.service.annotations | object | `{}` | |
+| server.dataStorage.enabled | bool | `true` | |
+| server.dataStorage.size | string | `"10Gi"` | |
+| server.dataStorage.mountPath | string | `"/vault/data"` | |
+| server.dataStorage.storageClass | string | `nil` | |
+| server.dataStorage.accessMode | string | `"ReadWriteOnce"` | |
+| server.dataStorage.annotations | object | `{}` | |
+| server.dataStorage.labels | object | `{}` | |
+| server.persistentVolumeClaimRetentionPolicy | object | `{}` | |
+| server.auditStorage.enabled | bool | `true` | |
+| server.auditStorage.size | string | `"10Gi"` | |
+| server.auditStorage.mountPath | string | `"/vault/audit"` | |
+| server.auditStorage.storageClass | string | `nil` | |
+| server.auditStorage.accessMode | string | `"ReadWriteOnce"` | |
+| server.auditStorage.annotations | object | `{}` | |
+| server.auditStorage.labels | object | `{}` | |
+| server.dev.enabled | bool | `false` | |
+| server.dev.devRootToken | string | `"root"` | |
+| server.standalone.enabled | string | `"-"` | |
+| server.standalone.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\n\ntelemetry {\n prometheus_retention_time = \"24h\"\n disable_hostname = true\n unauthenticated_metrics_access = true\n}\n\n{{- if .Values.server.dataStorage.enabled }}\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n{{- end }}\n\n{{- if and (not .Values.server.dataStorage.enabled) .Values.minio.enabled }}\nstorage \"s3\" {\n access_key = \"{{ .Values.minio.accessKey }}\"\n secret_key = \"{{ .Values.minio.secretKey }}\"\n endpoint = \"{{ .Values.minio.endpoint }}\"\n bucket = \"{{ .Values.minio.bucketName }}\"\n s3_force_path_style = \"true\"\n disable_ssl = \"{{ .Values.minio.disableSSL }}\"\n}\n{{- end }}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics in your config.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}\n"` | |
+| server.ha.enabled | bool | `false` | |
+| server.ha.replicas | int | `3` | |
+| server.ha.apiAddr | string | `nil` | |
+| server.ha.clusterAddr | string | `nil` | |
+| server.ha.raft.enabled | bool | `true` | |
+| server.ha.raft.setNodeId | bool | `true` | |
+| server.ha.raft.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\n\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n\ntelemetry {\n prometheus_retention_time = \"24h\"\n disable_hostname = true\n unauthenticated_metrics_access = true\n}\n\n\nservice_registration \"kubernetes\" {}\n"` | |
+| server.ha.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n}\nstorage \"consul\" {\n path = \"vault\"\n address = \"HOST_IP:8500\"\n}\n\nservice_registration \"kubernetes\" {}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev-246514\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics.\n# If you are using Prometheus Operator you can enable a ServiceMonitor resource below.\n# You may wish to enable unauthenticated metrics in the listener block above.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}\n"` | |
+| server.ha.disruptionBudget.enabled | bool | `true` | |
+| server.ha.disruptionBudget.maxUnavailable | string | `nil` | |
+| server.serviceAccount.create | bool | `true` | |
+| server.serviceAccount.name | string | `""` | |
+| server.serviceAccount.createSecret | bool | `false` | |
+| server.serviceAccount.annotations | object | `{}` | |
+| server.serviceAccount.extraLabels | object | `{}` | |
+| server.serviceAccount.serviceDiscovery.enabled | bool | `true` | |
+| server.statefulSet.annotations | object | `{}` | |
+| server.statefulSet.securityContext.pod | object | `{}` | |
+| server.statefulSet.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
+| server.hostNetwork | bool | `false` | |
+| ui.enabled | bool | `true` | |
+| ui.publishNotReadyAddresses | bool | `true` | |
+| ui.activeVaultPodOnly | bool | `false` | |
+| ui.serviceType | string | `"ClusterIP"` | |
+| ui.serviceNodePort | string | `nil` | |
+| ui.externalPort | int | `8200` | |
+| ui.targetPort | int | `8200` | |
+| ui.serviceIPFamilyPolicy | string | `""` | |
+| ui.serviceIPFamilies | list | `[]` | |
+| ui.externalTrafficPolicy | string | `"Cluster"` | |
+| ui.annotations | object | `{}` | |
+| csi.enabled | bool | `false` | |
+| csi.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault-csi-provider"` | |
+| csi.image.tag | string | `"v1.5.0"` | |
+| csi.image.pullPolicy | string | `"IfNotPresent"` | |
+| csi.volumes | string | `nil` | |
+| csi.volumeMounts | string | `nil` | |
+| csi.resources.requests.cpu | string | `"50m"` | |
+| csi.resources.requests.memory | string | `"128Mi"` | |
+| csi.resources.limits.cpu | string | `"50m"` | |
+| csi.resources.limits.memory | string | `"128Mi"` | |
+| csi.hmacSecretName | string | `""` | |
+| csi.daemonSet.updateStrategy.type | string | `"RollingUpdate"` | |
+| csi.daemonSet.updateStrategy.maxUnavailable | string | `""` | |
+| csi.daemonSet.annotations | object | `{}` | |
+| csi.daemonSet.providersDir | string | `"/etc/kubernetes/secrets-store-csi-providers"` | |
+| csi.daemonSet.kubeletRootDir | string | `"/var/lib/kubelet"` | |
+| csi.daemonSet.extraLabels | object | `{}` | |
+| csi.daemonSet.securityContext.pod | object | `{}` | |
+| csi.daemonSet.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
+| csi.pod.annotations | object | `{}` | |
+| csi.pod.tolerations | list | `[]` | |
+| csi.pod.nodeSelector | object | `{}` | |
+| csi.pod.affinity | object | `{}` | |
+| csi.pod.extraLabels | object | `{}` | |
+| csi.agent.enabled | bool | `true` | |
+| csi.agent.extraArgs | list | `[]` | |
+| csi.agent.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
+| csi.agent.image.tag | string | `"1.17.5"` | |
+| csi.agent.image.pullPolicy | string | `"IfNotPresent"` | |
+| csi.agent.logFormat | string | `"standard"` | |
+| csi.agent.logLevel | string | `"info"` | |
+| csi.agent.resources.requests.memory | string | `"256Mi"` | |
+| csi.agent.resources.requests.cpu | string | `"250m"` | |
+| csi.agent.resources.limits.memory | string | `"256Mi"` | |
+| csi.agent.resources.limits.cpu | string | `"250m"` | |
+| csi.priorityClassName | string | `""` | |
+| csi.serviceAccount.annotations | object | `{}` | |
+| csi.serviceAccount.extraLabels | object | `{}` | |
+| csi.readinessProbe.failureThreshold | int | `2` | |
+| csi.readinessProbe.initialDelaySeconds | int | `5` | |
+| csi.readinessProbe.periodSeconds | int | `5` | |
+| csi.readinessProbe.successThreshold | int | `1` | |
+| csi.readinessProbe.timeoutSeconds | int | `3` | |
+| csi.livenessProbe.failureThreshold | int | `2` | |
+| csi.livenessProbe.initialDelaySeconds | int | `5` | |
+| csi.livenessProbe.periodSeconds | int | `5` | |
+| csi.livenessProbe.successThreshold | int | `1` | |
+| csi.livenessProbe.timeoutSeconds | int | `3` | |
+| csi.debug | bool | `false` | |
+| csi.extraArgs | list | `[]` | |
+| domain | string | `"bigbang.dev"` | |
+| monitoring.enabled | bool | `false` | |
+| monitoring.namespace | string | `"monitoring"` | |
+| networkPolicies.enabled | bool | `false` | |
+| networkPolicies.controlPlaneCidr | string | `"0.0.0.0/0"` | |
+| networkPolicies.vpcCidr | string | `"0.0.0.0/0"` | |
+| networkPolicies.ingressLabels.app | string | `"istio-ingressgateway"` | |
+| networkPolicies.ingressLabels.istio | string | `"ingressgateway"` | |
+| networkPolicies.additionalPolicies | list | `[]` | |
+| autoInit.enabled | bool | `true` | |
+| autoInit.image.repository | string | `"registry1.dso.mil/ironbank/big-bang/base"` | |
+| autoInit.image.tag | string | `"2.1.0"` | |
+| autoInit.storage.size | string | `"2Gi"` | |
+| istio.enabled | bool | `false` | |
+| istio.hardened.enabled | bool | `false` | |
+| istio.hardened.customAuthorizationPolicies | list | `[]` | |
+| istio.hardened.monitoring.enabled | bool | `true` | |
+| istio.hardened.monitoring.namespaces[0] | string | `"monitoring"` | |
+| istio.hardened.monitoring.principals[0] | string | `"cluster.local/ns/monitoring/sa/monitoring-grafana"` | |
+| istio.hardened.monitoring.principals[1] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"` | |
+| istio.hardened.monitoring.principals[2] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"` | |
+| istio.hardened.monitoring.principals[3] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"` | |
+| istio.hardened.monitoring.principals[4] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"` | |
+| istio.hardened.monitoring.principals[5] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"` | |
+| istio.hardened.apiAccess.enabled | bool | `true` | |
+| istio.hardened.apiAccess.ports[0] | string | `"8200"` | |
+| istio.vault.enabled | bool | `true` | |
+| istio.vault.gateways[0] | string | `"istio-system/main"` | |
+| istio.vault.hosts[0] | string | `"vault.{{ .Values.domain }}"` | |
+| istio.vault.tls.cert | string | `""` | |
+| istio.vault.tls.key | string | `""` | |
+| istio.mtls.mode | string | `"STRICT"` | |
+| minio.enabled | bool | `false` | |
+| customAppIngressSelector.key | string | `"vault-ingress"` | |
+| customAppIngressSelector.value | bool | `true` | |
+| serverTelemetry.serviceMonitor.enabled | bool | `false` | |
+| serverTelemetry.serviceMonitor.selectors | object | `{}` | |
+| serverTelemetry.serviceMonitor.interval | string | `"30s"` | |
+| serverTelemetry.serviceMonitor.scrapeTimeout | string | `"10s"` | |
+| serverTelemetry.serviceMonitor.tlsConfig | object | `{}` | |
+| serverTelemetry.serviceMonitor.authorization | object | `{}` | |
+| serverTelemetry.prometheusRules.enabled | bool | `false` | |
+| serverTelemetry.prometheusRules.selectors | object | `{}` | |
+| serverTelemetry.prometheusRules.rules | list | `[]` | |
+| bbtests.enabled | bool | `false` | |
+| bbtests.cypress.resources.requests.cpu | int | `2` | |
+| bbtests.cypress.resources.requests.memory | string | `"8Gi"` | |
+| bbtests.cypress.resources.limits.cpu | int | `2` | |
+| bbtests.cypress.resources.limits.memory | string | `"8Gi"` | |
+| bbtests.cypress.artifacts | bool | `true` | |
+| bbtests.cypress.envs.cypress_vault_url | string | `"http://vault.vault.svc:8200"` | |
+| bbtests.cypress.secretEnvs[0].name | string | `"cypress_token"` | |
+| bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.name | string | `"vault-token"` | |
+| bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.key | string | `"key"` | |
+| bbtests.cypress.disableDefaultTests | bool | `false` | |
+| openshift | bool | `false` | |
## Contributing
@@ -389,4 +394,3 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
---
_This file is programatically generated using `helm-docs` and some BigBang-specific templates. The `gluon` repository has [instructions for regenerating package READMEs](https://repo1.dso.mil/big-bang/product/packages/gluon/-/blob/master/docs/bb-package-readme.md)._
-
--
GitLab
From 26dd7224d082a06655d57fbdc87a7d7c30b9bc37 Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Wed, 4 Sep 2024 08:46:13 -0500
Subject: [PATCH 05/30] adding wait to ensure updateds after entering the token
---
chart/tests/cypress/e2e/vault-health.spec.cy.js | 3 +++
1 file changed, 3 insertions(+)
diff --git a/chart/tests/cypress/e2e/vault-health.spec.cy.js b/chart/tests/cypress/e2e/vault-health.spec.cy.js
index 67fb3b1c..bf2e62df 100644
--- a/chart/tests/cypress/e2e/vault-health.spec.cy.js
+++ b/chart/tests/cypress/e2e/vault-health.spec.cy.js
@@ -12,6 +12,9 @@ describe('Verify vault ui accessibility and components', () => {
// Login with token
cy.get('[data-test-select="auth-method"]').select('token')
cy.get('input[name="token"]').type(Cypress.env('token')).type('{enter}')
+ cy.get('input[name="token"]').should('not.exist');
+ cy.wait(2000);
+ cy.get('button').click(); // proceed to click button
cy.wait(8500); // wait for warning to disappear
cy.get('h2:contains("Secrets engines")')
// Generate random base64 value
--
GitLab
From 9593ae63d743312a97a9602760d74a169a79c423 Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Wed, 4 Sep 2024 09:29:57 -0500
Subject: [PATCH 06/30] debugging vault cypress test
---
chart/tests/cypress/e2e/vault-health.spec.cy.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/chart/tests/cypress/e2e/vault-health.spec.cy.js b/chart/tests/cypress/e2e/vault-health.spec.cy.js
index bf2e62df..a1769d2b 100644
--- a/chart/tests/cypress/e2e/vault-health.spec.cy.js
+++ b/chart/tests/cypress/e2e/vault-health.spec.cy.js
@@ -14,7 +14,7 @@ describe('Verify vault ui accessibility and components', () => {
cy.get('input[name="token"]').type(Cypress.env('token')).type('{enter}')
cy.get('input[name="token"]').should('not.exist');
cy.wait(2000);
- cy.get('button').click(); // proceed to click button
+ cy.get('button#submit-button').click(); // proceed to click button
cy.wait(8500); // wait for warning to disappear
cy.get('h2:contains("Secrets engines")')
// Generate random base64 value
--
GitLab
From c47d5aeea287cba1e280c571d5154dfbe8a1d963 Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Wed, 4 Sep 2024 09:35:48 -0500
Subject: [PATCH 07/30] debugging vault test script
---
chart/tests/cypress/e2e/vault-health.spec.cy.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/chart/tests/cypress/e2e/vault-health.spec.cy.js b/chart/tests/cypress/e2e/vault-health.spec.cy.js
index a1769d2b..511740d8 100644
--- a/chart/tests/cypress/e2e/vault-health.spec.cy.js
+++ b/chart/tests/cypress/e2e/vault-health.spec.cy.js
@@ -14,7 +14,7 @@ describe('Verify vault ui accessibility and components', () => {
cy.get('input[name="token"]').type(Cypress.env('token')).type('{enter}')
cy.get('input[name="token"]').should('not.exist');
cy.wait(2000);
- cy.get('button#submit-button').click(); // proceed to click button
+ cy.get('button#enter-button').click(); // proceed to click button
cy.wait(8500); // wait for warning to disappear
cy.get('h2:contains("Secrets engines")')
// Generate random base64 value
--
GitLab
From 7b386dfdce959c60840b2e64da140b189f83e213 Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Wed, 4 Sep 2024 09:41:17 -0500
Subject: [PATCH 08/30] debugging
---
chart/tests/cypress/e2e/vault-health.spec.cy.js | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/chart/tests/cypress/e2e/vault-health.spec.cy.js b/chart/tests/cypress/e2e/vault-health.spec.cy.js
index 511740d8..4421a248 100644
--- a/chart/tests/cypress/e2e/vault-health.spec.cy.js
+++ b/chart/tests/cypress/e2e/vault-health.spec.cy.js
@@ -13,8 +13,8 @@ describe('Verify vault ui accessibility and components', () => {
cy.get('[data-test-select="auth-method"]').select('token')
cy.get('input[name="token"]').type(Cypress.env('token')).type('{enter}')
cy.get('input[name="token"]').should('not.exist');
- cy.wait(2000);
- cy.get('button#enter-button').click(); // proceed to click button
+ // cy.wait(2000);
+ // cy.get('button#enter-button').click(); // proceed to click button
cy.wait(8500); // wait for warning to disappear
cy.get('h2:contains("Secrets engines")')
// Generate random base64 value
--
GitLab
From fb838bf7d831085554dfc0fca41e6ecf04aa0f4a Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Wed, 4 Sep 2024 09:52:57 -0500
Subject: [PATCH 09/30] upgrading vault dependencies
---
chart/tests/cypress/e2e/vault-health.spec.cy.js | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/chart/tests/cypress/e2e/vault-health.spec.cy.js b/chart/tests/cypress/e2e/vault-health.spec.cy.js
index 4421a248..e652c31c 100644
--- a/chart/tests/cypress/e2e/vault-health.spec.cy.js
+++ b/chart/tests/cypress/e2e/vault-health.spec.cy.js
@@ -12,9 +12,7 @@ describe('Verify vault ui accessibility and components', () => {
// Login with token
cy.get('[data-test-select="auth-method"]').select('token')
cy.get('input[name="token"]').type(Cypress.env('token')).type('{enter}')
- cy.get('input[name="token"]').should('not.exist');
- // cy.wait(2000);
- // cy.get('button#enter-button').click(); // proceed to click button
+ cy.get('input[name="token"]').should('not.exist'); // checks for token in the DOM. Indicating successful login
cy.wait(8500); // wait for warning to disappear
cy.get('h2:contains("Secrets engines")')
// Generate random base64 value
--
GitLab
From 7be5fa374d76e4e5d40ab5837c84fc061d004861 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@renovateapp.com>
Date: Wed, 4 Sep 2024 19:38:54 +0000
Subject: [PATCH 10/30] Update gluon Docker tag to v0.5.4
---
chart/Chart.lock | 6 +++---
chart/Chart.yaml | 2 +-
chart/charts/gluon-0.5.3.tgz | Bin 4476 -> 0 bytes
chart/charts/gluon-0.5.4.tgz | Bin 0 -> 4492 bytes
4 files changed, 4 insertions(+), 4 deletions(-)
delete mode 100644 chart/charts/gluon-0.5.3.tgz
create mode 100644 chart/charts/gluon-0.5.4.tgz
diff --git a/chart/Chart.lock b/chart/Chart.lock
index efa3ab98..2498677c 100644
--- a/chart/Chart.lock
+++ b/chart/Chart.lock
@@ -4,6 +4,6 @@ dependencies:
version: 6.0.2-bb.2
- name: gluon
repository: oci://registry1.dso.mil/bigbang
- version: 0.5.3
-digest: sha256:0264ac84c5bcbcc90a31c7a4261290cd6e6ae177ee39d5a8cbbd19c9d944293b
-generated: "2024-08-22T14:00:47.3289129-04:00"
+ version: 0.5.4
+digest: sha256:f7d447a231be1d75eba1777db1b36153e4b214d043becd9be6a4693e6dfabc24
+generated: "2024-09-04T19:38:52.015842324Z"
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 78f67cfc..ce5ca793 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -28,7 +28,7 @@ dependencies:
condition: minio.enabled
repository: oci://registry1.dso.mil/bigbang
- name: gluon
- version: "0.5.3"
+ version: "0.5.4"
repository: oci://registry1.dso.mil/bigbang
annotations:
bigbang.dev/applicationVersions: |
diff --git a/chart/charts/gluon-0.5.3.tgz b/chart/charts/gluon-0.5.3.tgz
deleted file mode 100644
index 922652c665c49b80d020258b7821c0d4e55a6044..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 4476
zcmV-?5rgg@iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PJ0PliRkE&)@nKz4TPxXx1bp&Ec$4*)7L*{PK2ul<nuuE0@a!
zk&pxr2`~Vt@nr1%>{|dxil;~&b0jNNc`T7Y188(N8r?t4%z~Iv_sJY_>0F^O`0fVE
zU@#b*ot)_Z2ZKTR|H1I&?7QK~+3D$MI657kd^Z@5jz`De!QdtaQ!cTPh<`WOy07x&
z{v-uO<UQtsFgk|CsOMwhaS}=W{V|-A2}k@2{*HqXJS8MBWgLDcv!4;2^(YGQ7_<oW
z<W+>n5SRwNMM`tvoI1z7yPoB~G!>)&5{FTMBo^+cSdw7JmY_}lA03zV|Kwya-0S~s
zl<R97+@qcr14plYi1`e|B?$sBALS*3e?5M24w;kyqCT)#MzI7r$H1|O1L^eM&4~bs
zE_4k*oTDpXQ;>6xF)UCJV=?a8x`|{Fc#KN?MW#;@>Y%KOX@-F<Fz3X_0uFsFB%w%|
zrv9oX6C^Mk3Knw@_j^a~w{JZ)Ngq!M#bA|ZYC%%rKn-d96HEyg5}fSuatP`rXW_q4
z7{DQ+UJ(0Oeem%YaA4TiB>M1G^@ZX<!l6$*3H@acQP4tU)JjA$)6}d@Zgh%zRtr;K
zeQaO<vi?sdw!}gT_mg)OaV&(#=#<Pt6m4!4TJ(Q-{AgIz|Iy%d_-L>Hw^6F9p_kuD
zR^MJOztXErS;!Qe_gbNy$waqke&b+@CIQw0S#URoy$eG9F+9<Iyg*Se#1i>PqHzzv
zI2YFSH8{pSeW{fE+cG^+=IC}mPx2BBI4SaTeNj+nc1#xATesBzdL_B<>^wSs+#
z$!spIF<ADgrQZwUV-InM2uYYjm`mtq?8z}$QxpiSDg|hQgQP!2P3z4VlF23$5E1h5
z7}O-*-~c0m^)&Qj#gBBd*Vl09{6YdOoaX_XfMt|0nW~FN*gdlP&SPPC1z&+GlR+hn
zN-AIfvBm^8t#f8kmX^_&Ze_X-6YJQ|EqC&|Ssv;u<i$c)Ol)C|g+4@4q$c8YlF_me
ztp9k|ig!;+tNo7_UVuorjZ4^K|3_!1r)B#;8lLX$|80~uyAUlrM@GTchQFak(oK5}
z2XRTJ$XnT8S~pT#jF6ZbBip@pe#EwI*Kb#^)B5r~3*rzzQTnmo))g&0tK$xFKX*3~
zVbAPaomnd+<7lS1B}BrH9zgl2;l#$|at0m%X^y;LK29cL!yAnJ|KUX9SJcBjP$w6C
zP)I6p{Cli=G~cq(tvjf<<PY3w6I$nE>lUt5_0Bf$#)?%9UtO_Q(Oa6->wEV`WwqbV
z9Z5}QKU=k3$-oWR|JMDV$CP5eRYYj@{y!QF2FK<7e{g!X-~Vr;v>BCT`AaSU#h`Zz
zI6N$=S3hmp&ns23aWcQWqpr1Ust)dA+e~)NBvfX0hNmVvBgQb7G7@9goe?>YCyvKL
zSMRII&q=^0Zis}$+zk;WQ**FW6BMS3I=@KHg5;Y|gs05-m7CZvrFsv}kIzQ-`SIC*
zfF6JjYo&v_BywI|3A4NRon*7`JK0_bxwdNa_M*7vk&|wQ={u|9Hbk6#xq9;YpO#sO
zLZh$nd(5O-3wV%nYYfA|Aj~?-HtJ%(0SQT$Ue8rM-F3cMeZR`cG<IAwju3~8U)4YD
z%9t0rcEX!-(+2j8eh5kXxVo{(^uOd%xpmVDjZT`!(Db#VyC|?1b0V*vn8<J9bj9?s
z_@}^Ji^pL3>^Wy~lzTWWJ!w9Vv^l0->NxmI#CS?iV7?$8e(ZTHrgG`2)>|rp%D!mx
z7p47(P|PzYm9|h<!%Q92I)<v^p$JV#KqSFp`4qtCEXsek;qm!-_MKzozoNm_8^)xL
zMqLSs!!bx6<D}9mrZ>MYGF}xDwmH_iMlKL;aXceJ@~ffa3+99*a3^FoL3Cz&Bn_2~
zhsVzF*cn;H5#{8z=7H|%bsPk*SwOt2G5k7x$>eK}1*R#dJr;(D`YG>hu-plu?gWXs
zwR~oK%P(Iuwn~m7_?s8=0BiyFZ}9rn+jn~77`tx3JQU2CkmKR$U@&lhkBLnG!Pl>v
z_kV+DZ{B3&j9|jE-+q1f>B+07&wd(YuLPE0<LqmTg!@D&{Y-TKU2!3GPu`q?mAnVD
z(sQ)HFu|BY(%iQS{bA)76sUL+xPp7`k>g!Cp9Q#zP(HR<Y@c5lP{aT50c;;!FBX!8
z@bTl1Am^BtIxugW`+%(el++NfRR8{auqjvvhd~Xoteeq)x;|dGG!BBkRX4QDnOc$8
zB@#-Q7|mP<jw4nOYFkOQvf_U1NjE~?1)5>u8fV>hIl4?;3PZ_Fq*FMbMXvKh8hwFO
z^LR|bwkMoj3e3Tqa~5K-?Kwt%px%G~eO0gy{;RJ<u;zKLmo|&Aj#cO&v<0)ATgZ!e
zf;}04Vt5u2R%_VgBc`0OQ;Od&7qhaCkkR*XfF<6niyXn66fS9d9HUKXgKbYa3+*Wh
zaI#{;EwQzvTkAf&#Z@ju0SfD^6t-S5g~u_bV$P&+kJ?oeAiVGi2U}T>8WJnc7C91&
zm4jG|u-haaD`&kRK4u$FIBC7vT(hpbl53pdR>GO1w8b8q+g^!;gX_%Nr5!DFwD*Pb
z|8g!>>aH0>>=T|FYpCkJMshx`wf_|ws!m4=`CT&`Le4)F4MYU@s@;asieAI0(!i{8
zmtmG_rUY`@(1l7}^^{b=W=%BaEW|ElK6V`%g<YK@<47oHC?{eWi}lOA2VU;f)F^v2
zIa2M0w7VJI#E6!qC9BjlAyaRakJkOsE+?+T9*tA?eIf~?D0rV!+o~y%Q2>VtrpD>R
zK`yiY!)8+~Ji>HQH5I=-eg5gmtCzq0`ux-1U%hyi8<CFqjKNY`XYKgFmDFRr*|VYx
z(fCqek7M~vRVk3<h|Vw^Ts(w>1&n`MO}s`7udnqQ99+Obadi@2r0*AcZPJLvs-xWs
zg=m^YK?+*iHi}96NwfVyDI?W7rAkx}YVug14@vRL<90?U3sUL8V1?(Zm_X9H<dUFT
z4Mh`?+HAC@?T*Hp5NjG~-TAhW*Vf3Y8HRQ8oLFrWZ*N+V8;*rUT&B^Bmw18Ic5WP&
zQdp_ZN$^qt)^Z?gpsyMn2^>c9>M7x4xc*igLCI5UtXOo18mkq2jK*43AEL2p&ZVf-
z>FhkDBGT+Rtmb-`4wiX|rHiq8yXdxAtnF4L4G{G^VKUZ&VpJH};I~9|u#8+lRDFHf
z5tvb@>uvq3<ArvavMwX-Kv}5=WkJ2oU;FDWmUk`ZY1M97+zd}Pm{b;heXDoalD&#J
zSs;n+H2AwIIwDDA?gYiUJ(?*O#Hs-sltw;5o@D^(DLA2F{;SF4GP%xf5GM)AzX0fD
z{q;zvSY4GeH#bL;<d&@8X=oW*FE_foK$YyvpQW_of0Ve2?Jk71;eSs~9+mEYJ$f|S
z-~YOm(q`fX(nh@&2>Z5>6R*MYv?R#y0{*(z_QnESnZ2_94vOWRaq@>AmUHoga0qiV
zzPw=pUW*&5qdVdUj{|cl4@E?yE5sN+Sk}h^HWofuSxQRicMHrX=DE&TSr5UQVX6KL
zh|vF=G@12rZH`X}^$DGA%J`p6^R@Y(bbD9JzykaRPZgzfAy&+|2auDrj`Ahq$!F|I
zz1X$-yF;yAYt6Mg)y2C}wy59+uXfY4_O4eylfANoeAj0B#!B=4Z+;QL4z7Q;-v2y1
zuH64QKHlShZ>2P8r&;}tu7B1=feg87cA@=-P|`9%gYD=FX<>GM=^La8`?kA1+Qpn#
z1ZMY90VP-s=lE2<whbIqq;0bUe7*K`yO?^ryH1<^-@)~d7W+RO4F;p~`S0w}Xm9^-
zqqL}VA!=&h1M9!tO_F3*cXg3uI9TIq<&9wF=SciFzDn5)mfoEbtaS4NX5Y<bmRmN{
z>VVLh@}Zw2i7(NWHt+#s7jXpEVrYStoHVSYL)+lWv#&|>nQ3nIwWOt_XKy8vvEDUG
z{W!wBSwh71uS&_cJ!i=O83l-Xm>UWSIVZ@!SwZ1f(`C{)PtQq4lWVOGzlGMn=xr|h
ztui@!O<g7{aG0!AM#CbJ)vxG>=AUUiXF@&>2ofgaYXgal4x}U;5@k6<Rar~_ILpTv
zAV+Nnj;fwZ0@*1l!&!nhuDjiKxZdpQLr!s%G2H&mhvkh0J@u8ADu-q1a=GA=@e4v{
zI??PFQpANz2ldwuN*51`R}Xf6`Ji&gAdjLK+$#d-HSE6&GBvv+kU;-(FDpRNdjK|1
z=9?kM^K(wI*J~hhtMG8cktL}bK=<wdv=xN0(`D#W#=%HE5DG^>g3k)?bBsE;HWk0s
zQv!pAkc7tg$I_d^EOo_s$b9(sFH54O3g*&^ZQEAui#IW)gwB@D9mlD!Swq5c>wEPX
z#Z61IJtlcI@;GN3yP$q=5r0~vJ!KR{Rr2%WF2CIvdzyBu4DD)!_4a&9z1=Qw)pXam
zCveqfjA%O0T8wD=vJPIEL%?={ix&F1E4b*Y`Lw}Bt8KS{i*^Nrrk!pL2CWd<4h*`2
z+%CYNRq|VaK^uwf1`Il^MRX3kfI(ZEZVU#k**ez2f>y$)w*o&b?JBExl;-J_>Ran$
z@#;5~j*!uo$(A;ewKtG^3E8uA;muW_+k(th+?oCVHN>0`(DgerIRE*sBar)Ym!&5D
ze~E~6KdGO)Nd9)n|2`TH%JKixef<A+O4ZV;h1Wmq&ur2m0j#S2gH0Mz0Lj}*3Lt&n
zoB}Ad+-(9_&(Bcql>UvFkT#)0q9Ayvzr@juBOk*9$$SQJ<Rghe)ox7>7n_(@o1~1>
zHQHImSS$VwCW@ORYuik5y#&@*YTCw|<#9Eg&A0KDdUk86;+6LQGn?$<PeHWge}`vh
zCH&9u>}0tA`!BaruCG@rsX)!S-}_<sTS3U}*1wC<M6qN#R9Niq9lO9Z$r3eR&S|ue
zD|ydZfbS{yHwQuQW;JS1%e|UIaypj?^N<KNbm3$z@_%AO=WQ)xb+aRLa$2q)mCNCl
zWr(iR2$n&*$_OIni;YH+;jv37>`NrQx%KfzWHSNF{<%f887{sXN$rffPFdSk1D1gC
z8Yp;SojPL5cPt|JR4gV+A(kTW4>qYReLEuP=8qLEFrvX=VAWJHcP{KmhkmWGK8_e*
z685qGaDu0dV_QGf_cjQl4^5>hB6;jl>JOSx=NSZ`>p+IWsQy~acD|TMd2N_FiP;ul
zA-PEFQb|my$7Iw?LLp()1(i|4Whkmkl*tZ|89T;JXurLXgib&06a6=r=wE)$C4ov=
zJE%?WB<Y=jb6P}%Bnh73=!X}1mei$|)*{h}m}<sMC8#O*U_CxR*B8H*qiMxUL5fX$
z$*8JU|FQ&T%)QA07?-@QheE7M@E243N=b?uQLrtE#b|841X2|8Y0drTvq4$6E4!@8
zSasZSpjdVquGv1>@)wBGY?EebjfV-e=W#ydupygU`K*uCdrlVu3^ydw`BUPa<8{a8
zJ5Sk~_^+dm5oAUg$2+8*mX`eA;Iw@Ib2vIZ-sk^rr96PwNJ`A90Lj3J09?*7g-J{T
zC8&`8`f;cC0Q6t@6>($`IAV^20A>N3K&Z~ugw7rU#{rULf%UJy$~{Na?>zvDXZqX;
zhY`n9@&)@QVD@i)2b4bvjOvzZNDyHT0ioFGIZxkydMg>ny$A5b{POhoPu_x0xac`E
zb?#9=&G389<PYxZpXr17%vC?quVO*nC7}uOF5(EL%8TtCIpQ+v9XS(p(K~Wvs6I1J
zX1$~T?LC0^h!YkI`1R>C(Q_isK4VYz9O7f-n(CZ=?l}wLF(12oXvMzl%f8&_@_zvU
O0RR7jjvN>Oga82Pfz_x0
diff --git a/chart/charts/gluon-0.5.4.tgz b/chart/charts/gluon-0.5.4.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..02d39224f49e24a94e6a24e0f268ace2f9115217
GIT binary patch
literal 4492
zcmV;75p(VziwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH<$lhe4C^Etobtm)!*da<3PAIxTIc8dXq%iRXLfXmJ;YKl^9
zB@t~~9!XA<Y1rSsCHWEg?L7K1Y*a;vE$K))Ixn4bl%9DJ4eY0L#Duj(zW2iol)+#y
zI6FB}{|^R(;{Su;$=MIXle4q4;qdX`^zjda;pq7I_y-u=#AJ#k;sUWB23wC+T-;xz
zppbmPj1wA+VKM5tm^+MwLOnl$b24FwE#dFj^TCls0#nN17c%<=1+!j&d^`q4LOrnz
z@ff_gLvNA799XB;N$;*#xi57k=6`|x&_e=q`%@%{w_{1r#{Z9xi~N6bG92#t|2E3?
zwF&l7PmzJ8_TI;AhT)2M9>ib86@`C2d36pMl>iD{ppgh80b-7UVIFzH>b;*64gy`O
z7JwK-OQ2H_bA~Z2kQZS-?wP8KpdmOk5crEo-z3mMN|m@92D-qE5f^hfbTJnsKvFdI
zo4QO8$8gAL#2no39ogT$_2eR5JS71JqqtH7k_HEIO5>klN*EVlWv^FLkd=)3|3bb8
zha_;k$i?!Di@$&c!@dI1hp%!h6nO#;UE&DnuSN*H79gWmAcDqS<Gs;lC!uGpaNx?X
z?fYNk|H;G@m<w)ya+V>(oI5m_l9`Xf&4oe>{|}EJ5A*y#8k~+E@A>~WN|`m(_FKvB
zo2%`Ye3dZ^nS%8}F|;+As2=q-77ozF!-^nt=EkshNdk8aPt_Q&P}uXaKrRw!+yjV>
z3*-74tk^t#Et&k=H#0vqqX&S3fC?oUxa<jF%(3TNd~VMvy)?!k=V9{5aWLoQ2Idte
zv$-(FV3?<ds^`ST4q_JJf>4W4n*^V+BgSA%k;k!Y<e>@nlJO)o#W!O}7Mm=9hseQW
zkc)VWJ&ZV3%TTW+KGMZrU&EpGEAcS5UU+l@M$ClCQf)lK_L0%Ip70n~@D&0nG6Dgk
z0?Su_tq_5A`<zLXm1K-Xw-jB6iFE91+nrR`(?fLwoh($tL>5*^=tC5Sav@eH8Z8RJ
z>aTarc=x2V%KvcTc!>Dhn1n6ze{^<wT9p5z(dl0P-$rSZ3*o}CMCffT_-k4u!?d@s
z5EEpIoW}9ewxLupT;L!UvfW$jGd4}LT3ubF?ZpS`MLvEi`C~oR6)qg3qlUPj+Kq?U
ziS<@z)N(-?nn`SNp5UVgP<$I>Vq<WcfCoSdBd@57lZBY@79;n67!mkQ;NTv}lZ!ei
zBn=q;Ba$P=Puc9&ozy$>C+?(#*7@41!X>NTnewh}SmyBNhLw!o(xsZ;yLT$G{dVR^
zDl+@ouI-8jZb1IG>VFmm0cKlygqrpLXfPNY7xn+(>};?9Z=<vcm1O%1CP08eX$m+z
zEU;HU?b+9vDp8!&Eo#)Yw5A;3F4ShCH4|4^tQnrg-WfiIxey^A+xCozc{H&c>f1`M
zCZ7|JPHZ1>ftl^2fK20qom?P~o5=HvVAM;VT*4hG#+P;?za;BDI6pocndir6{{d<O
z%B_`7>WYYYc_(7+-nSBE-?uVd2U=gLyqz$rcx9!^Fs(C6W<$v6m*vxoe;V;d<T`zY
zKO!pRUciGCTVogw27WeBrl|Addc-GPMm?A9)X;jj>T#uzsU5gt9zOOdTUNjAikMfb
zb%L8>*BbPUe)LKEyt<(%9)E?UV(+>g8lBY7q3*GxxyZ2-F(Q^vW6y75bVb1v{!fmX
zB9Fo9-3vyeP<uHoys1Brv>B#d+F1BYNLdPxW40g;e&RSZ3dG7%t(H_A6>ZV_2g&`2
z1ej$;YS02*PBS%7s}L%SgF-YR9uWld)ms3U(NKRj;mP@V_RKJH-vr+BEu}(vqn2D?
ze++^}IBC>`^!oZd;$<Ozn_;b5XpV4$;ThqAEr*uNspS*To{-rD1vAqjsjF-}Jhq0%
z*2u`uNTb_|7iy%7$n!3!N1WvtUQS<AaltUhL5gXI`aTNW6n7>V_JjoX1o64CdS^PT
zhp!o01w$eH&54)?CI|C3xOnsKy;2-w+xDn~ygB7!JUkr?2KFBj5$Qkp`c>inZ}9x>
z+YDSxnDG3!m+wD4ee>-3&x5RrV*w`49$P5fC0z1n!u#*@8>vQe<`j&i9^##zqXmWu
z#sMVVT_ZOhmUcl7iW7p(nPVSW&eHnK!Ipq@-)6qQzB3@F|M4T3F4#`Q1@+<g-+uxz
z$3bC$xVC-_$l6ay1@KbyhY!IFz&JScDu89fjQ-Ph@xl%w&+8jiQ@fhU9l0ogki<lT
z%yeKlq&cECB~?o)?naKVL*!hd8Rm9uteZANSE)%6L$VX<<kn}d4SpDeUm)c?76o9M
z6GpE%X5h>j^)Z;{93$70^$#DG3G3j$`jP}I-fN?@NrZKzLI<MFiDhjgFQW-|ga;Dg
znMYXeVV#YbV#Z7%K3r{PX&)hj?_v)Nyx9;MK#dAlupNfcrm(>@r;PgMlz2GVF>V*o
zTHvj9U*6&_=ez*9eU=Pc&6wO_7zcb#1-FmdSrfp&bO{4fN{<Q<4QC4t#G-K$YXP?F
z$fI%93*utB@q&}yo2@k)x+}Qa6>deG8l)|BtfpRxfP?Ey+NA?6l(+YlwEr}dDmB+)
zLF^Ky&DED}FOZmzE9HL)hHTRjg03~QDQNZ~uK~iDQy$h28%FiRQiph#yG*mtG6kS<
zLl-Dj%~Mbwoz=mZQy<#_b+K&)q2JXgiVX>A3~3~mp;%Sw7I<;cxJA*T(Ll8e((Yn(
z6CqlpmaI|Tg5q{fHd^;ryIi<(d(<x7b%`J}K;8$9ZOfuWgdQ9wIW<-v4z$SnkDDzq
z_X-D#vZ(m&*^5t4-@N|y<%>^$fAi|OHY4Tn8G|9Y&e-vRD``hry=4_Fcx@%e4#VQP
zY?1@XP%y)AaQO%h7BK#~8F&R5USF#{IJks^{O%;UNb47BZ&Hs%)6uShA?g;9qk`7H
zwPezM(rkZGh)A_AspQpziZ~XiLsHau+|B@HPAcUXEa6<1*paj@xWuVe0WtPSZ8qDu
z?~dl00IQp6)%ms-*T%@Gn1*rkf*5TJZ||C;8-}?+Or+k6*LZ=YI*$#Of?KJ|NN~~w
ztkp!;$iAvEB(NWf<uk&@aQ!VmgMy`0+c0kq)i%r77`3g+HbiYx&7>%`>1;ftBvNlV
zG-JKX0IRsf%EV|^7u}S_+Ga)40R?WSoQ$<nF-nN6v0K8bv<%H5Dj#2WOw6d_^|tZl
z@j{tQ*^r?!pp4XlGN4-Kul=}-?On@wYSNZ@Wq7i|qB8I6JEdU@@+xFxfdn>F=kKQ3
z5lJ9(Ct0l9XESL|tcqlV!ptYgG2(>uG&!MW{mo#sNUpV;jFSZ9caU_l{(huOEbmGY
zo115nXj|6rG_@>SPn+FcWR>j8U!}C>|44G>+g%82%l|z&d0e>v_4x7e{{Gjklr|C1
zkrL{aiLmc-G4YCAo|XXlU8KLRrQWEAORJaC-$Id?Q%3$&)3Ppq<QAcJhL^Y0!)swf
z4s=KOV38MJ%0nSh*%f>Y9}VO8Ty89UG_sHsS9J@_Ch>a}u`(WkF~dUs=Mk>{kHcif
z?`vaxLIRfrvrQ5IOWb{J{3pZS)izKMzr|AtDcy*M754x%O6y2pJeqvQj!>Ij$-g_~
z+O_svnNwY?8!3x&W^l8arnq;#_8ILJ4dlBP(>GS?^?&?B06Vz;*?Rx;?6`FQ=lEow
z|9dN?jyvPs-{|^hl@}-mSB@^U-w;ZACfQ&+x<Z;;-FJP1G(q2Xw@15(^Af@A-YXyp
ztL7Y^($}_*gA%oEc7U(uo^BUYZ&&NI$^RW(|7el_!_i<cDxLoZqrLpUjncx-Ij^aC
z52XKgH%XFJ-PJ{s;b4ucl{b<rKS%t(@iIj-7)m=OxzhC;m_5hJOxw1&*8vG;(uRJ4
z1inH`CEz_uFQX8Q#n1pFIcXTlfM%Rmo;@brXK{C<uP7}AJ$omRh?LeSjAQY*W|bnY
zekw)pdrp!23-VClU=~A2z*(MN(*WURJY>>Yhi4_T(R$0nZ?5;RO3h`zDx<-x8#38}
z!(^v27zPQAeu+O6{^HJa%Ec3pARb42O(0>+11SiLgjvi`HdfR>&f+m~B1h!_mTayC
zfy^{3!&)V6Tz9+eaJ|{p2aR!)Io$ruht-V*we&_wrRB18xm<8X*(C{PD$s1_Ld3aC
z2i4aO3KtLZR}Xf6`Ji;iK+mG*%*iLttF-?vnW@<wfh6@$t1Kmo-h*WGWW8DDxW48z
z_j-+t+;Vz&jFA<niiGanCD4{KjIAzHpHc=f)dLCO=qGS#u3kgb!FAm5TQwwzvmpct
zBK%XKCbvq}aPCtV{{71eXrV!TX~i^6qq5>{6a*xgt-4#5Ro$`zgk@Kc>e2w$ZO!&M
z$<3L^nr!Tn^?Qr?rxn~&%%Uh$zCQ0_?Z&yM>9A7JHfLCGkEhhy?UJsVYK?o6u3DcX
znohJbM>MUhO0U#1V7sJ?=Ek|JbkU~uw55xd`)-jg+BF$89dzqt&=R2Sl0h55?IIbp
z41SAb&{|--Nd_HOW^@j_B!jkg-8dPvLUpW@3tDoc-b(smL8~-tl=|fq+8gWV;#Dh^
zjwz!pi!CUTwH3&{OxZIv_h!@gHYamA@67!F>SER%bp6f<*1zAi2XbHTvQ+s0uMiRT
zC;7RH;BS}s@5!*}|34e-fB*4TN?Fp%jaMJ$XFBN+0G3VvK_@jKfTXq*0!ZK2hX4va
zcN+j!>x&_G3jc<b3zGy~AkTZG9-?r@kc)337Mvn~XQ5!l(Ki?Yt|OUkL%`LfRo$pg
zKi3mlGn~!!b0Y)Yw-|7v{QpcRyZBQOE%D#u!C5i>dv-EB*~|aiDA(6byj&mny;G?_
zLBg4@(mww|Cnc%h9@cHv4WH@c1{K3ll88~!B+i;OLv?sJ#-LuR&@y(h`)Govlwni7
zRhhSh29M%KQ$+OWamvy0taa=Fs5X$r(aJw;)_@d~BV*;9s&X^{)SV9-&xqM^Jr@zw
z4%x{BGDzhg5UZt~T$h$mTp<`IVXi`pI|#?^I9R5HbzS6PAJypwV*RL2$uSF+{=3A3
zH?U6gLBGU@Hyr)=N=HPM_i!x`wL$Uvuy_&}hmXdS^K+HkznV>JNF37ilh-tm&8jO4
z`6^nCmZP%zeYWaoS5pipAH|U@0RUA!S5`l-?Y@eY<y@xCGtixW+R!ZnS2!o3$=|A<
zS|DH6vMEi|lxBRR70=N<RsP+tAGNEo9VLKmcRJj$1%M(!6+P$i^PXPfAmPtl(+Z;=
zzNgf(`E{)(>QQ$~zEk?CxDnQ?2tcIR4>9uzm&oQ;)<ggEWhy7mh!4Jyh9i<lL^%vm
z3}vmfY^NEl0-&WCgw*8*Y%-1PvRmPb+m$?q<Zrm`jGdC3NPlgvs=tfZ#$4$|tnZY^
zI^V_HjSACl7gpRG>>}v8TuNM<4ca`3+Xwi*0|(+Zp}q9pV~d@)N3&+{ZjR|zR4X%S
zkL;YmcyolUYtcQ@tIUdhzQDf3@gGZ?H)Ix2hHqeumiYhRw0Qq}I66Jq-~YRn@&GQ7
z5SRrV1cjIc;A)Nom_)>rvI5dSKVbD9fcgvHJPP9sJU+*s2Q!aOz?Wws63iX}!yXc3
zfz{97Y41_s_8vfhXUb@V!;s-A`GVc}Q1@?r3*H3Y5@?`$$|*sJ8F(bXR?m9&?$bL#
z8SXuRr|}<8`0(@{xP<YZH6y}SpYim2*5prStIzbsd}hm!^pP(Ddj)8MoXaSLDe*Ax
z9a;P;>>XJXblE$ygfG8SMrOUE|Lr}14~P*Oad`RcIqz8^qtc4+S;WQ2j+-<3xo0i7
eLtSj|MdiNi%f8&_@_zvU0RR7@&5$<$hyVZ(2-Cm-
literal 0
HcmV?d00001
--
GitLab
From 4f7a841df3628180e3637f142965b6f9240b39bb Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Thu, 5 Sep 2024 11:10:43 -0500
Subject: [PATCH 11/30] re-run
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 209ad4d2..399e5e85 100644
--- a/README.md
+++ b/README.md
@@ -42,7 +42,7 @@ Kubernetes: `>= 1.20.0-0`
Install Helm
-https://helm.sh/docs/intro/install/
+<https://helm.sh/docs/intro/install/>
## Deployment
--
GitLab
From 6bbc982d4b2cf8c04cd9b44cdb00c0bc0594676c Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Thu, 5 Sep 2024 11:17:39 -0500
Subject: [PATCH 12/30] gluon upgraded and test script reviewed
---
CHANGELOG.md | 6 +
README.md | 696 +++++++++++++++++++++++------------------------
chart/Chart.yaml | 2 +-
3 files changed, 353 insertions(+), 351 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index c7edb035..2b91c0a5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
---
+## [0.28.1-bb-4] - 2024-09-05
+
+### Changed
+
+- Gluon from 0.5.3 -> 0.5.4
+
## [0.28.1-bb.3] - 2024-09-04
### Changed
diff --git a/README.md b/README.md
index 399e5e85..07c5559c 100644
--- a/README.md
+++ b/README.md
@@ -1,25 +1,22 @@
<!-- Warning: Do not manually edit this file. See notes on gluon + helm-docs at the end of this file for more information. -->
-
# vault
- 
+ 
Official HashiCorp Vault Chart
## Upstream References
+* <https://www.vaultproject.io>
-- <https://www.vaultproject.io>
-
-- <https://github.com/hashicorp/vault>
-- <https://github.com/hashicorp/vault-helm>
-- <https://github.com/hashicorp/vault-k8s>
-- <https://github.com/hashicorp/vault-csi-provider>
+* <https://github.com/hashicorp/vault>
+* <https://github.com/hashicorp/vault-helm>
+* <https://github.com/hashicorp/vault-k8s>
+* <https://github.com/hashicorp/vault-csi-provider>
### Upstream Release Notes
This package has no upstream release note links on file. Please add some to [chart/Chart.yaml](chart/Chart.yaml) under `annotations.bigbang.dev/upstreamReleaseNotesMarkdown`.
Example:
-
```yaml
annotations:
bigbang.dev/upstreamReleaseNotesMarkdown: |
@@ -28,364 +25,362 @@ annotations:
```
## Learn More
-
-- [Application Overview](docs/overview.md)
-- [Other Documentation](docs/)
+* [Application Overview](docs/overview.md)
+* [Other Documentation](docs/)
## Pre-Requisites
-- Kubernetes Cluster deployed
-- Kubernetes config installed in `~/.kube/config`
-- Helm installed
+* Kubernetes Cluster deployed
+* Kubernetes config installed in `~/.kube/config`
+* Helm installed
Kubernetes: `>= 1.20.0-0`
Install Helm
-<https://helm.sh/docs/intro/install/>
+https://helm.sh/docs/intro/install/
## Deployment
-- Clone down the repository
-- cd into directory
-
+* Clone down the repository
+* cd into directory
```bash
helm install vault chart/
```
## Values
-| Key | Type | Default | Description |
-| ----------------------------------------------------------------- | ------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
-| global.enabled | bool | `true` | |
-| global.namespace | string | `""` | |
-| global.imagePullSecrets[0].name | string | `"private-registry"` | |
-| global.tlsDisable | bool | `true` | |
-| global.externalVaultAddr | string | `""` | |
-| global.openshift | bool | `false` | |
-| global.psp.enable | bool | `false` | |
-| global.psp.annotations | string | `"seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default\napparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default\nseccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default\napparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default\n"` | |
-| global.serverTelemetry.prometheusOperator | bool | `false` | |
-| injector.enabled | string | `"-"` | |
-| injector.replicas | int | `1` | |
-| injector.port | int | `8080` | |
-| injector.leaderElector.enabled | bool | `false` | |
-| injector.metrics.enabled | bool | `true` | |
-| injector.externalVaultAddr | string | `""` | |
-| injector.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s"` | |
-| injector.image.tag | string | `"v1.4.2"` | |
-| injector.image.pullPolicy | string | `"IfNotPresent"` | |
-| injector.agentImage.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
-| injector.agentImage.tag | string | `"1.17.5"` | |
-| injector.agentDefaults.cpuLimit | string | `"500m"` | |
-| injector.agentDefaults.cpuRequest | string | `"500m"` | |
-| injector.agentDefaults.memLimit | string | `"250Mi"` | |
-| injector.agentDefaults.memRequest | string | `"250Mi"` | |
-| injector.agentDefaults.template | string | `"map"` | |
-| injector.agentDefaults.templateConfig.exitOnRetryFailure | bool | `true` | |
-| injector.agentDefaults.templateConfig.staticSecretRenderInterval | string | `""` | |
-| injector.livenessProbe.failureThreshold | int | `2` | |
-| injector.livenessProbe.initialDelaySeconds | int | `5` | |
-| injector.livenessProbe.periodSeconds | int | `2` | |
-| injector.livenessProbe.successThreshold | int | `1` | |
-| injector.livenessProbe.timeoutSeconds | int | `5` | |
-| injector.readinessProbe.failureThreshold | int | `2` | |
-| injector.readinessProbe.initialDelaySeconds | int | `5` | |
-| injector.readinessProbe.periodSeconds | int | `2` | |
-| injector.readinessProbe.successThreshold | int | `1` | |
-| injector.readinessProbe.timeoutSeconds | int | `5` | |
-| injector.startupProbe.failureThreshold | int | `12` | |
-| injector.startupProbe.initialDelaySeconds | int | `5` | |
-| injector.startupProbe.periodSeconds | int | `5` | |
-| injector.startupProbe.successThreshold | int | `1` | |
-| injector.startupProbe.timeoutSeconds | int | `5` | |
-| injector.authPath | string | `"auth/kubernetes"` | |
-| injector.logLevel | string | `"info"` | |
-| injector.logFormat | string | `"standard"` | |
-| injector.revokeOnShutdown | bool | `false` | |
-| injector.webhook.failurePolicy | string | `"Ignore"` | |
-| injector.webhook.matchPolicy | string | `"Exact"` | |
-| injector.webhook.timeoutSeconds | int | `30` | |
-| injector.webhook.namespaceSelector | object | `{}` | |
-| injector.webhook.objectSelector | string | `"matchExpressions:\n- key: app.kubernetes.io/name\n operator: NotIn\n values:\n - {{ template \"vault.name\" . }}-agent-injector\n"` | |
-| injector.webhook.annotations | object | `{}` | |
-| injector.failurePolicy | string | `"Ignore"` | |
-| injector.namespaceSelector | object | `{}` | |
-| injector.objectSelector | object | `{}` | |
-| injector.webhookAnnotations | object | `{}` | |
-| injector.certs.secretName | string | `nil` | |
-| injector.certs.caBundle | string | `""` | |
-| injector.certs.certName | string | `"tls.crt"` | |
-| injector.certs.keyName | string | `"tls.key"` | |
-| injector.securityContext.pod | object | `{}` | |
-| injector.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
-| injector.resources.requests.memory | string | `"256Mi"` | |
-| injector.resources.requests.cpu | string | `"250m"` | |
-| injector.resources.limits.memory | string | `"256Mi"` | |
-| injector.resources.limits.cpu | string | `"250m"` | |
-| injector.extraEnvironmentVars | object | `{}` | |
-| injector.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}-agent-injector\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: webhook\n topologyKey: kubernetes.io/hostname\n"` | |
-| injector.topologySpreadConstraints | list | `[]` | |
-| injector.tolerations | list | `[]` | |
-| injector.nodeSelector | object | `{}` | |
-| injector.priorityClassName | string | `""` | |
-| injector.annotations | object | `{}` | |
-| injector.extraLabels | object | `{}` | |
-| injector.hostNetwork | bool | `false` | |
-| injector.service.annotations | object | `{}` | |
-| injector.serviceAccount.annotations | object | `{}` | |
-| injector.podDisruptionBudget | object | `{}` | |
-| injector.strategy | object | `{}` | |
-| server.enabled | bool | `true` | |
-| server.extraSecretEnvironmentVars[0].envName | string | `"AWS_ACCESS_KEY_ID"` | |
-| server.extraSecretEnvironmentVars[0].secretName | string | `"eks-creds"` | |
-| server.extraSecretEnvironmentVars[0].secretKey | string | `"AWS_ACCESS_KEY_ID"` | |
-| server.extraSecretEnvironmentVars[1].envName | string | `"AWS_SECRET_ACCESS_KEY"` | |
-| server.extraSecretEnvironmentVars[1].secretName | string | `"eks-creds"` | |
-| server.extraSecretEnvironmentVars[1].secretKey | string | `"AWS_SECRET_ACCESS_KEY"` | |
-| server.enterpriseLicense.secretName | string | `""` | |
-| server.enterpriseLicense.secretKey | string | `"license"` | |
-| server.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
-| server.image.tag | string | `"1.17.5"` | |
-| server.image.pullPolicy | string | `"IfNotPresent"` | |
-| server.updateStrategyType | string | `"OnDelete"` | |
-| server.logLevel | string | `""` | |
-| server.logFormat | string | `""` | |
-| server.resources.requests.memory | string | `"256Mi"` | |
-| server.resources.requests.cpu | string | `"250m"` | |
-| server.resources.limits.memory | string | `"256Mi"` | |
-| server.resources.limits.cpu | string | `"250m"` | |
-| server.ingress.enabled | bool | `false` | |
-| server.ingress.labels | object | `{}` | |
-| server.ingress.annotations | object | `{}` | |
-| server.ingress.ingressClassName | string | `""` | |
-| server.ingress.pathType | string | `"Prefix"` | |
-| server.ingress.activeService | bool | `true` | |
-| server.ingress.hosts[0].host | string | `"chart-example.local"` | |
-| server.ingress.hosts[0].paths | list | `[]` | |
-| server.ingress.extraPaths | list | `[]` | |
-| server.ingress.tls | list | `[]` | |
-| server.hostAliases | list | `[]` | |
-| server.route.enabled | bool | `false` | |
-| server.route.activeService | bool | `true` | |
-| server.route.labels | object | `{}` | |
-| server.route.annotations | object | `{}` | |
-| server.route.host | string | `"chart-example.local"` | |
-| server.route.tls.termination | string | `"passthrough"` | |
-| server.authDelegator.enabled | bool | `true` | |
-| server.extraInitContainers | string | `nil` | |
-| server.extraContainers | string | `nil` | |
-| server.shareProcessNamespace | bool | `false` | |
-| server.extraArgs | string | `""` | |
-| server.extraPorts | string | `nil` | |
-| server.readinessProbe.enabled | bool | `true` | |
-| server.readinessProbe.port | int | `8200` | |
-| server.readinessProbe.failureThreshold | int | `2` | |
-| server.readinessProbe.initialDelaySeconds | int | `5` | |
-| server.readinessProbe.periodSeconds | int | `5` | |
-| server.readinessProbe.successThreshold | int | `1` | |
-| server.readinessProbe.timeoutSeconds | int | `3` | |
-| server.livenessProbe.enabled | bool | `false` | |
-| server.livenessProbe.execCommand | list | `[]` | |
-| server.livenessProbe.path | string | `"/v1/sys/health?standbyok=true"` | |
-| server.livenessProbe.port | int | `8200` | |
-| server.livenessProbe.failureThreshold | int | `2` | |
-| server.livenessProbe.initialDelaySeconds | int | `60` | |
-| server.livenessProbe.periodSeconds | int | `5` | |
-| server.livenessProbe.successThreshold | int | `1` | |
-| server.livenessProbe.timeoutSeconds | int | `3` | |
-| server.terminationGracePeriodSeconds | int | `10` | |
-| server.preStopSleepSeconds | int | `5` | |
-| server.postStart | list | `[]` | |
-| server.extraEnvironmentVars | object | `{}` | |
-| server.extraSecretEnvironmentVars | list | `[]` | |
-| server.extraVolumes | list | `[]` | |
-| server.volumes | string | `nil` | |
-| server.volumeMounts | string | `nil` | |
-| server.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: server\n topologyKey: kubernetes.io/hostname\n"` | |
-| server.topologySpreadConstraints | list | `[]` | |
-| server.tolerations | list | `[]` | |
-| server.nodeSelector | object | `{}` | |
-| server.networkPolicy.enabled | bool | `false` | |
-| server.networkPolicy.egress | list | `[]` | |
-| server.networkPolicy.ingress[0].from[0].namespaceSelector | object | `{}` | |
-| server.networkPolicy.ingress[0].ports[0].port | int | `8200` | |
-| server.networkPolicy.ingress[0].ports[0].protocol | string | `"TCP"` | |
-| server.networkPolicy.ingress[0].ports[1].port | int | `8201` | |
-| server.networkPolicy.ingress[0].ports[1].protocol | string | `"TCP"` | |
-| server.priorityClassName | string | `""` | |
-| server.extraLabels | object | `{}` | |
-| server.annotations | object | `{}` | |
-| server.configAnnotation | bool | `false` | |
-| server.service.enabled | bool | `true` | |
-| server.service.active.enabled | bool | `true` | |
-| server.service.active.annotations | object | `{}` | |
-| server.service.standby.enabled | bool | `true` | |
-| server.service.standby.annotations | object | `{}` | |
-| server.service.instanceSelector.enabled | bool | `true` | |
-| server.service.ipFamilyPolicy | string | `""` | |
-| server.service.ipFamilies | list | `[]` | |
-| server.service.publishNotReadyAddresses | bool | `true` | |
-| server.service.externalTrafficPolicy | string | `"Cluster"` | |
-| server.service.port | int | `8200` | |
-| server.service.targetPort | int | `8200` | |
-| server.service.annotations | object | `{}` | |
-| server.dataStorage.enabled | bool | `true` | |
-| server.dataStorage.size | string | `"10Gi"` | |
-| server.dataStorage.mountPath | string | `"/vault/data"` | |
-| server.dataStorage.storageClass | string | `nil` | |
-| server.dataStorage.accessMode | string | `"ReadWriteOnce"` | |
-| server.dataStorage.annotations | object | `{}` | |
-| server.dataStorage.labels | object | `{}` | |
-| server.persistentVolumeClaimRetentionPolicy | object | `{}` | |
-| server.auditStorage.enabled | bool | `true` | |
-| server.auditStorage.size | string | `"10Gi"` | |
-| server.auditStorage.mountPath | string | `"/vault/audit"` | |
-| server.auditStorage.storageClass | string | `nil` | |
-| server.auditStorage.accessMode | string | `"ReadWriteOnce"` | |
-| server.auditStorage.annotations | object | `{}` | |
-| server.auditStorage.labels | object | `{}` | |
-| server.dev.enabled | bool | `false` | |
-| server.dev.devRootToken | string | `"root"` | |
-| server.standalone.enabled | string | `"-"` | |
-| server.standalone.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\n\ntelemetry {\n prometheus_retention_time = \"24h\"\n disable_hostname = true\n unauthenticated_metrics_access = true\n}\n\n{{- if .Values.server.dataStorage.enabled }}\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n{{- end }}\n\n{{- if and (not .Values.server.dataStorage.enabled) .Values.minio.enabled }}\nstorage \"s3\" {\n access_key = \"{{ .Values.minio.accessKey }}\"\n secret_key = \"{{ .Values.minio.secretKey }}\"\n endpoint = \"{{ .Values.minio.endpoint }}\"\n bucket = \"{{ .Values.minio.bucketName }}\"\n s3_force_path_style = \"true\"\n disable_ssl = \"{{ .Values.minio.disableSSL }}\"\n}\n{{- end }}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics in your config.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}\n"` | |
-| server.ha.enabled | bool | `false` | |
-| server.ha.replicas | int | `3` | |
-| server.ha.apiAddr | string | `nil` | |
-| server.ha.clusterAddr | string | `nil` | |
-| server.ha.raft.enabled | bool | `true` | |
-| server.ha.raft.setNodeId | bool | `true` | |
-| server.ha.raft.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\n\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n\ntelemetry {\n prometheus_retention_time = \"24h\"\n disable_hostname = true\n unauthenticated_metrics_access = true\n}\n\n\nservice_registration \"kubernetes\" {}\n"` | |
-| server.ha.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n}\nstorage \"consul\" {\n path = \"vault\"\n address = \"HOST_IP:8500\"\n}\n\nservice_registration \"kubernetes\" {}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev-246514\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics.\n# If you are using Prometheus Operator you can enable a ServiceMonitor resource below.\n# You may wish to enable unauthenticated metrics in the listener block above.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}\n"` | |
-| server.ha.disruptionBudget.enabled | bool | `true` | |
-| server.ha.disruptionBudget.maxUnavailable | string | `nil` | |
-| server.serviceAccount.create | bool | `true` | |
-| server.serviceAccount.name | string | `""` | |
-| server.serviceAccount.createSecret | bool | `false` | |
-| server.serviceAccount.annotations | object | `{}` | |
-| server.serviceAccount.extraLabels | object | `{}` | |
-| server.serviceAccount.serviceDiscovery.enabled | bool | `true` | |
-| server.statefulSet.annotations | object | `{}` | |
-| server.statefulSet.securityContext.pod | object | `{}` | |
-| server.statefulSet.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
-| server.hostNetwork | bool | `false` | |
-| ui.enabled | bool | `true` | |
-| ui.publishNotReadyAddresses | bool | `true` | |
-| ui.activeVaultPodOnly | bool | `false` | |
-| ui.serviceType | string | `"ClusterIP"` | |
-| ui.serviceNodePort | string | `nil` | |
-| ui.externalPort | int | `8200` | |
-| ui.targetPort | int | `8200` | |
-| ui.serviceIPFamilyPolicy | string | `""` | |
-| ui.serviceIPFamilies | list | `[]` | |
-| ui.externalTrafficPolicy | string | `"Cluster"` | |
-| ui.annotations | object | `{}` | |
-| csi.enabled | bool | `false` | |
-| csi.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault-csi-provider"` | |
-| csi.image.tag | string | `"v1.5.0"` | |
-| csi.image.pullPolicy | string | `"IfNotPresent"` | |
-| csi.volumes | string | `nil` | |
-| csi.volumeMounts | string | `nil` | |
-| csi.resources.requests.cpu | string | `"50m"` | |
-| csi.resources.requests.memory | string | `"128Mi"` | |
-| csi.resources.limits.cpu | string | `"50m"` | |
-| csi.resources.limits.memory | string | `"128Mi"` | |
-| csi.hmacSecretName | string | `""` | |
-| csi.daemonSet.updateStrategy.type | string | `"RollingUpdate"` | |
-| csi.daemonSet.updateStrategy.maxUnavailable | string | `""` | |
-| csi.daemonSet.annotations | object | `{}` | |
-| csi.daemonSet.providersDir | string | `"/etc/kubernetes/secrets-store-csi-providers"` | |
-| csi.daemonSet.kubeletRootDir | string | `"/var/lib/kubelet"` | |
-| csi.daemonSet.extraLabels | object | `{}` | |
-| csi.daemonSet.securityContext.pod | object | `{}` | |
-| csi.daemonSet.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
-| csi.pod.annotations | object | `{}` | |
-| csi.pod.tolerations | list | `[]` | |
-| csi.pod.nodeSelector | object | `{}` | |
-| csi.pod.affinity | object | `{}` | |
-| csi.pod.extraLabels | object | `{}` | |
-| csi.agent.enabled | bool | `true` | |
-| csi.agent.extraArgs | list | `[]` | |
-| csi.agent.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
-| csi.agent.image.tag | string | `"1.17.5"` | |
-| csi.agent.image.pullPolicy | string | `"IfNotPresent"` | |
-| csi.agent.logFormat | string | `"standard"` | |
-| csi.agent.logLevel | string | `"info"` | |
-| csi.agent.resources.requests.memory | string | `"256Mi"` | |
-| csi.agent.resources.requests.cpu | string | `"250m"` | |
-| csi.agent.resources.limits.memory | string | `"256Mi"` | |
-| csi.agent.resources.limits.cpu | string | `"250m"` | |
-| csi.priorityClassName | string | `""` | |
-| csi.serviceAccount.annotations | object | `{}` | |
-| csi.serviceAccount.extraLabels | object | `{}` | |
-| csi.readinessProbe.failureThreshold | int | `2` | |
-| csi.readinessProbe.initialDelaySeconds | int | `5` | |
-| csi.readinessProbe.periodSeconds | int | `5` | |
-| csi.readinessProbe.successThreshold | int | `1` | |
-| csi.readinessProbe.timeoutSeconds | int | `3` | |
-| csi.livenessProbe.failureThreshold | int | `2` | |
-| csi.livenessProbe.initialDelaySeconds | int | `5` | |
-| csi.livenessProbe.periodSeconds | int | `5` | |
-| csi.livenessProbe.successThreshold | int | `1` | |
-| csi.livenessProbe.timeoutSeconds | int | `3` | |
-| csi.debug | bool | `false` | |
-| csi.extraArgs | list | `[]` | |
-| domain | string | `"bigbang.dev"` | |
-| monitoring.enabled | bool | `false` | |
-| monitoring.namespace | string | `"monitoring"` | |
-| networkPolicies.enabled | bool | `false` | |
-| networkPolicies.controlPlaneCidr | string | `"0.0.0.0/0"` | |
-| networkPolicies.vpcCidr | string | `"0.0.0.0/0"` | |
-| networkPolicies.ingressLabels.app | string | `"istio-ingressgateway"` | |
-| networkPolicies.ingressLabels.istio | string | `"ingressgateway"` | |
-| networkPolicies.additionalPolicies | list | `[]` | |
-| autoInit.enabled | bool | `true` | |
-| autoInit.image.repository | string | `"registry1.dso.mil/ironbank/big-bang/base"` | |
-| autoInit.image.tag | string | `"2.1.0"` | |
-| autoInit.storage.size | string | `"2Gi"` | |
-| istio.enabled | bool | `false` | |
-| istio.hardened.enabled | bool | `false` | |
-| istio.hardened.customAuthorizationPolicies | list | `[]` | |
-| istio.hardened.monitoring.enabled | bool | `true` | |
-| istio.hardened.monitoring.namespaces[0] | string | `"monitoring"` | |
-| istio.hardened.monitoring.principals[0] | string | `"cluster.local/ns/monitoring/sa/monitoring-grafana"` | |
-| istio.hardened.monitoring.principals[1] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"` | |
-| istio.hardened.monitoring.principals[2] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"` | |
-| istio.hardened.monitoring.principals[3] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"` | |
-| istio.hardened.monitoring.principals[4] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"` | |
-| istio.hardened.monitoring.principals[5] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"` | |
-| istio.hardened.apiAccess.enabled | bool | `true` | |
-| istio.hardened.apiAccess.ports[0] | string | `"8200"` | |
-| istio.vault.enabled | bool | `true` | |
-| istio.vault.gateways[0] | string | `"istio-system/main"` | |
-| istio.vault.hosts[0] | string | `"vault.{{ .Values.domain }}"` | |
-| istio.vault.tls.cert | string | `""` | |
-| istio.vault.tls.key | string | `""` | |
-| istio.mtls.mode | string | `"STRICT"` | |
-| minio.enabled | bool | `false` | |
-| customAppIngressSelector.key | string | `"vault-ingress"` | |
-| customAppIngressSelector.value | bool | `true` | |
-| serverTelemetry.serviceMonitor.enabled | bool | `false` | |
-| serverTelemetry.serviceMonitor.selectors | object | `{}` | |
-| serverTelemetry.serviceMonitor.interval | string | `"30s"` | |
-| serverTelemetry.serviceMonitor.scrapeTimeout | string | `"10s"` | |
-| serverTelemetry.serviceMonitor.tlsConfig | object | `{}` | |
-| serverTelemetry.serviceMonitor.authorization | object | `{}` | |
-| serverTelemetry.prometheusRules.enabled | bool | `false` | |
-| serverTelemetry.prometheusRules.selectors | object | `{}` | |
-| serverTelemetry.prometheusRules.rules | list | `[]` | |
-| bbtests.enabled | bool | `false` | |
-| bbtests.cypress.resources.requests.cpu | int | `2` | |
-| bbtests.cypress.resources.requests.memory | string | `"8Gi"` | |
-| bbtests.cypress.resources.limits.cpu | int | `2` | |
-| bbtests.cypress.resources.limits.memory | string | `"8Gi"` | |
-| bbtests.cypress.artifacts | bool | `true` | |
-| bbtests.cypress.envs.cypress_vault_url | string | `"http://vault.vault.svc:8200"` | |
-| bbtests.cypress.secretEnvs[0].name | string | `"cypress_token"` | |
-| bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.name | string | `"vault-token"` | |
-| bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.key | string | `"key"` | |
-| bbtests.cypress.disableDefaultTests | bool | `false` | |
-| openshift | bool | `false` | |
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| global.enabled | bool | `true` | |
+| global.namespace | string | `""` | |
+| global.imagePullSecrets[0].name | string | `"private-registry"` | |
+| global.tlsDisable | bool | `true` | |
+| global.externalVaultAddr | string | `""` | |
+| global.openshift | bool | `false` | |
+| global.psp.enable | bool | `false` | |
+| global.psp.annotations | string | `"seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default\napparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default\nseccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default\napparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default\n"` | |
+| global.serverTelemetry.prometheusOperator | bool | `false` | |
+| injector.enabled | string | `"-"` | |
+| injector.replicas | int | `1` | |
+| injector.port | int | `8080` | |
+| injector.leaderElector.enabled | bool | `false` | |
+| injector.metrics.enabled | bool | `true` | |
+| injector.externalVaultAddr | string | `""` | |
+| injector.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s"` | |
+| injector.image.tag | string | `"v1.4.2"` | |
+| injector.image.pullPolicy | string | `"IfNotPresent"` | |
+| injector.agentImage.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
+| injector.agentImage.tag | string | `"1.17.5"` | |
+| injector.agentDefaults.cpuLimit | string | `"500m"` | |
+| injector.agentDefaults.cpuRequest | string | `"500m"` | |
+| injector.agentDefaults.memLimit | string | `"250Mi"` | |
+| injector.agentDefaults.memRequest | string | `"250Mi"` | |
+| injector.agentDefaults.template | string | `"map"` | |
+| injector.agentDefaults.templateConfig.exitOnRetryFailure | bool | `true` | |
+| injector.agentDefaults.templateConfig.staticSecretRenderInterval | string | `""` | |
+| injector.livenessProbe.failureThreshold | int | `2` | |
+| injector.livenessProbe.initialDelaySeconds | int | `5` | |
+| injector.livenessProbe.periodSeconds | int | `2` | |
+| injector.livenessProbe.successThreshold | int | `1` | |
+| injector.livenessProbe.timeoutSeconds | int | `5` | |
+| injector.readinessProbe.failureThreshold | int | `2` | |
+| injector.readinessProbe.initialDelaySeconds | int | `5` | |
+| injector.readinessProbe.periodSeconds | int | `2` | |
+| injector.readinessProbe.successThreshold | int | `1` | |
+| injector.readinessProbe.timeoutSeconds | int | `5` | |
+| injector.startupProbe.failureThreshold | int | `12` | |
+| injector.startupProbe.initialDelaySeconds | int | `5` | |
+| injector.startupProbe.periodSeconds | int | `5` | |
+| injector.startupProbe.successThreshold | int | `1` | |
+| injector.startupProbe.timeoutSeconds | int | `5` | |
+| injector.authPath | string | `"auth/kubernetes"` | |
+| injector.logLevel | string | `"info"` | |
+| injector.logFormat | string | `"standard"` | |
+| injector.revokeOnShutdown | bool | `false` | |
+| injector.webhook.failurePolicy | string | `"Ignore"` | |
+| injector.webhook.matchPolicy | string | `"Exact"` | |
+| injector.webhook.timeoutSeconds | int | `30` | |
+| injector.webhook.namespaceSelector | object | `{}` | |
+| injector.webhook.objectSelector | string | `"matchExpressions:\n- key: app.kubernetes.io/name\n operator: NotIn\n values:\n - {{ template \"vault.name\" . }}-agent-injector\n"` | |
+| injector.webhook.annotations | object | `{}` | |
+| injector.failurePolicy | string | `"Ignore"` | |
+| injector.namespaceSelector | object | `{}` | |
+| injector.objectSelector | object | `{}` | |
+| injector.webhookAnnotations | object | `{}` | |
+| injector.certs.secretName | string | `nil` | |
+| injector.certs.caBundle | string | `""` | |
+| injector.certs.certName | string | `"tls.crt"` | |
+| injector.certs.keyName | string | `"tls.key"` | |
+| injector.securityContext.pod | object | `{}` | |
+| injector.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
+| injector.resources.requests.memory | string | `"256Mi"` | |
+| injector.resources.requests.cpu | string | `"250m"` | |
+| injector.resources.limits.memory | string | `"256Mi"` | |
+| injector.resources.limits.cpu | string | `"250m"` | |
+| injector.extraEnvironmentVars | object | `{}` | |
+| injector.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}-agent-injector\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: webhook\n topologyKey: kubernetes.io/hostname\n"` | |
+| injector.topologySpreadConstraints | list | `[]` | |
+| injector.tolerations | list | `[]` | |
+| injector.nodeSelector | object | `{}` | |
+| injector.priorityClassName | string | `""` | |
+| injector.annotations | object | `{}` | |
+| injector.extraLabels | object | `{}` | |
+| injector.hostNetwork | bool | `false` | |
+| injector.service.annotations | object | `{}` | |
+| injector.serviceAccount.annotations | object | `{}` | |
+| injector.podDisruptionBudget | object | `{}` | |
+| injector.strategy | object | `{}` | |
+| server.enabled | bool | `true` | |
+| server.extraSecretEnvironmentVars[0].envName | string | `"AWS_ACCESS_KEY_ID"` | |
+| server.extraSecretEnvironmentVars[0].secretName | string | `"eks-creds"` | |
+| server.extraSecretEnvironmentVars[0].secretKey | string | `"AWS_ACCESS_KEY_ID"` | |
+| server.extraSecretEnvironmentVars[1].envName | string | `"AWS_SECRET_ACCESS_KEY"` | |
+| server.extraSecretEnvironmentVars[1].secretName | string | `"eks-creds"` | |
+| server.extraSecretEnvironmentVars[1].secretKey | string | `"AWS_SECRET_ACCESS_KEY"` | |
+| server.enterpriseLicense.secretName | string | `""` | |
+| server.enterpriseLicense.secretKey | string | `"license"` | |
+| server.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
+| server.image.tag | string | `"1.17.5"` | |
+| server.image.pullPolicy | string | `"IfNotPresent"` | |
+| server.updateStrategyType | string | `"OnDelete"` | |
+| server.logLevel | string | `""` | |
+| server.logFormat | string | `""` | |
+| server.resources.requests.memory | string | `"256Mi"` | |
+| server.resources.requests.cpu | string | `"250m"` | |
+| server.resources.limits.memory | string | `"256Mi"` | |
+| server.resources.limits.cpu | string | `"250m"` | |
+| server.ingress.enabled | bool | `false` | |
+| server.ingress.labels | object | `{}` | |
+| server.ingress.annotations | object | `{}` | |
+| server.ingress.ingressClassName | string | `""` | |
+| server.ingress.pathType | string | `"Prefix"` | |
+| server.ingress.activeService | bool | `true` | |
+| server.ingress.hosts[0].host | string | `"chart-example.local"` | |
+| server.ingress.hosts[0].paths | list | `[]` | |
+| server.ingress.extraPaths | list | `[]` | |
+| server.ingress.tls | list | `[]` | |
+| server.hostAliases | list | `[]` | |
+| server.route.enabled | bool | `false` | |
+| server.route.activeService | bool | `true` | |
+| server.route.labels | object | `{}` | |
+| server.route.annotations | object | `{}` | |
+| server.route.host | string | `"chart-example.local"` | |
+| server.route.tls.termination | string | `"passthrough"` | |
+| server.authDelegator.enabled | bool | `true` | |
+| server.extraInitContainers | string | `nil` | |
+| server.extraContainers | string | `nil` | |
+| server.shareProcessNamespace | bool | `false` | |
+| server.extraArgs | string | `""` | |
+| server.extraPorts | string | `nil` | |
+| server.readinessProbe.enabled | bool | `true` | |
+| server.readinessProbe.port | int | `8200` | |
+| server.readinessProbe.failureThreshold | int | `2` | |
+| server.readinessProbe.initialDelaySeconds | int | `5` | |
+| server.readinessProbe.periodSeconds | int | `5` | |
+| server.readinessProbe.successThreshold | int | `1` | |
+| server.readinessProbe.timeoutSeconds | int | `3` | |
+| server.livenessProbe.enabled | bool | `false` | |
+| server.livenessProbe.execCommand | list | `[]` | |
+| server.livenessProbe.path | string | `"/v1/sys/health?standbyok=true"` | |
+| server.livenessProbe.port | int | `8200` | |
+| server.livenessProbe.failureThreshold | int | `2` | |
+| server.livenessProbe.initialDelaySeconds | int | `60` | |
+| server.livenessProbe.periodSeconds | int | `5` | |
+| server.livenessProbe.successThreshold | int | `1` | |
+| server.livenessProbe.timeoutSeconds | int | `3` | |
+| server.terminationGracePeriodSeconds | int | `10` | |
+| server.preStopSleepSeconds | int | `5` | |
+| server.postStart | list | `[]` | |
+| server.extraEnvironmentVars | object | `{}` | |
+| server.extraSecretEnvironmentVars | list | `[]` | |
+| server.extraVolumes | list | `[]` | |
+| server.volumes | string | `nil` | |
+| server.volumeMounts | string | `nil` | |
+| server.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: server\n topologyKey: kubernetes.io/hostname\n"` | |
+| server.topologySpreadConstraints | list | `[]` | |
+| server.tolerations | list | `[]` | |
+| server.nodeSelector | object | `{}` | |
+| server.networkPolicy.enabled | bool | `false` | |
+| server.networkPolicy.egress | list | `[]` | |
+| server.networkPolicy.ingress[0].from[0].namespaceSelector | object | `{}` | |
+| server.networkPolicy.ingress[0].ports[0].port | int | `8200` | |
+| server.networkPolicy.ingress[0].ports[0].protocol | string | `"TCP"` | |
+| server.networkPolicy.ingress[0].ports[1].port | int | `8201` | |
+| server.networkPolicy.ingress[0].ports[1].protocol | string | `"TCP"` | |
+| server.priorityClassName | string | `""` | |
+| server.extraLabels | object | `{}` | |
+| server.annotations | object | `{}` | |
+| server.configAnnotation | bool | `false` | |
+| server.service.enabled | bool | `true` | |
+| server.service.active.enabled | bool | `true` | |
+| server.service.active.annotations | object | `{}` | |
+| server.service.standby.enabled | bool | `true` | |
+| server.service.standby.annotations | object | `{}` | |
+| server.service.instanceSelector.enabled | bool | `true` | |
+| server.service.ipFamilyPolicy | string | `""` | |
+| server.service.ipFamilies | list | `[]` | |
+| server.service.publishNotReadyAddresses | bool | `true` | |
+| server.service.externalTrafficPolicy | string | `"Cluster"` | |
+| server.service.port | int | `8200` | |
+| server.service.targetPort | int | `8200` | |
+| server.service.annotations | object | `{}` | |
+| server.dataStorage.enabled | bool | `true` | |
+| server.dataStorage.size | string | `"10Gi"` | |
+| server.dataStorage.mountPath | string | `"/vault/data"` | |
+| server.dataStorage.storageClass | string | `nil` | |
+| server.dataStorage.accessMode | string | `"ReadWriteOnce"` | |
+| server.dataStorage.annotations | object | `{}` | |
+| server.dataStorage.labels | object | `{}` | |
+| server.persistentVolumeClaimRetentionPolicy | object | `{}` | |
+| server.auditStorage.enabled | bool | `true` | |
+| server.auditStorage.size | string | `"10Gi"` | |
+| server.auditStorage.mountPath | string | `"/vault/audit"` | |
+| server.auditStorage.storageClass | string | `nil` | |
+| server.auditStorage.accessMode | string | `"ReadWriteOnce"` | |
+| server.auditStorage.annotations | object | `{}` | |
+| server.auditStorage.labels | object | `{}` | |
+| server.dev.enabled | bool | `false` | |
+| server.dev.devRootToken | string | `"root"` | |
+| server.standalone.enabled | string | `"-"` | |
+| server.standalone.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\n\ntelemetry {\n prometheus_retention_time = \"24h\"\n disable_hostname = true\n unauthenticated_metrics_access = true\n}\n\n{{- if .Values.server.dataStorage.enabled }}\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n{{- end }}\n\n{{- if and (not .Values.server.dataStorage.enabled) .Values.minio.enabled }}\nstorage \"s3\" {\n access_key = \"{{ .Values.minio.accessKey }}\"\n secret_key = \"{{ .Values.minio.secretKey }}\"\n endpoint = \"{{ .Values.minio.endpoint }}\"\n bucket = \"{{ .Values.minio.bucketName }}\"\n s3_force_path_style = \"true\"\n disable_ssl = \"{{ .Values.minio.disableSSL }}\"\n}\n{{- end }}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics in your config.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}\n"` | |
+| server.ha.enabled | bool | `false` | |
+| server.ha.replicas | int | `3` | |
+| server.ha.apiAddr | string | `nil` | |
+| server.ha.clusterAddr | string | `nil` | |
+| server.ha.raft.enabled | bool | `true` | |
+| server.ha.raft.setNodeId | bool | `true` | |
+| server.ha.raft.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\n\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n\ntelemetry {\n prometheus_retention_time = \"24h\"\n disable_hostname = true\n unauthenticated_metrics_access = true\n}\n\n\nservice_registration \"kubernetes\" {}\n"` | |
+| server.ha.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n}\nstorage \"consul\" {\n path = \"vault\"\n address = \"HOST_IP:8500\"\n}\n\nservice_registration \"kubernetes\" {}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev-246514\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics.\n# If you are using Prometheus Operator you can enable a ServiceMonitor resource below.\n# You may wish to enable unauthenticated metrics in the listener block above.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}\n"` | |
+| server.ha.disruptionBudget.enabled | bool | `true` | |
+| server.ha.disruptionBudget.maxUnavailable | string | `nil` | |
+| server.serviceAccount.create | bool | `true` | |
+| server.serviceAccount.name | string | `""` | |
+| server.serviceAccount.createSecret | bool | `false` | |
+| server.serviceAccount.annotations | object | `{}` | |
+| server.serviceAccount.extraLabels | object | `{}` | |
+| server.serviceAccount.serviceDiscovery.enabled | bool | `true` | |
+| server.statefulSet.annotations | object | `{}` | |
+| server.statefulSet.securityContext.pod | object | `{}` | |
+| server.statefulSet.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
+| server.hostNetwork | bool | `false` | |
+| ui.enabled | bool | `true` | |
+| ui.publishNotReadyAddresses | bool | `true` | |
+| ui.activeVaultPodOnly | bool | `false` | |
+| ui.serviceType | string | `"ClusterIP"` | |
+| ui.serviceNodePort | string | `nil` | |
+| ui.externalPort | int | `8200` | |
+| ui.targetPort | int | `8200` | |
+| ui.serviceIPFamilyPolicy | string | `""` | |
+| ui.serviceIPFamilies | list | `[]` | |
+| ui.externalTrafficPolicy | string | `"Cluster"` | |
+| ui.annotations | object | `{}` | |
+| csi.enabled | bool | `false` | |
+| csi.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault-csi-provider"` | |
+| csi.image.tag | string | `"v1.5.0"` | |
+| csi.image.pullPolicy | string | `"IfNotPresent"` | |
+| csi.volumes | string | `nil` | |
+| csi.volumeMounts | string | `nil` | |
+| csi.resources.requests.cpu | string | `"50m"` | |
+| csi.resources.requests.memory | string | `"128Mi"` | |
+| csi.resources.limits.cpu | string | `"50m"` | |
+| csi.resources.limits.memory | string | `"128Mi"` | |
+| csi.hmacSecretName | string | `""` | |
+| csi.daemonSet.updateStrategy.type | string | `"RollingUpdate"` | |
+| csi.daemonSet.updateStrategy.maxUnavailable | string | `""` | |
+| csi.daemonSet.annotations | object | `{}` | |
+| csi.daemonSet.providersDir | string | `"/etc/kubernetes/secrets-store-csi-providers"` | |
+| csi.daemonSet.kubeletRootDir | string | `"/var/lib/kubelet"` | |
+| csi.daemonSet.extraLabels | object | `{}` | |
+| csi.daemonSet.securityContext.pod | object | `{}` | |
+| csi.daemonSet.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
+| csi.pod.annotations | object | `{}` | |
+| csi.pod.tolerations | list | `[]` | |
+| csi.pod.nodeSelector | object | `{}` | |
+| csi.pod.affinity | object | `{}` | |
+| csi.pod.extraLabels | object | `{}` | |
+| csi.agent.enabled | bool | `true` | |
+| csi.agent.extraArgs | list | `[]` | |
+| csi.agent.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
+| csi.agent.image.tag | string | `"1.17.5"` | |
+| csi.agent.image.pullPolicy | string | `"IfNotPresent"` | |
+| csi.agent.logFormat | string | `"standard"` | |
+| csi.agent.logLevel | string | `"info"` | |
+| csi.agent.resources.requests.memory | string | `"256Mi"` | |
+| csi.agent.resources.requests.cpu | string | `"250m"` | |
+| csi.agent.resources.limits.memory | string | `"256Mi"` | |
+| csi.agent.resources.limits.cpu | string | `"250m"` | |
+| csi.priorityClassName | string | `""` | |
+| csi.serviceAccount.annotations | object | `{}` | |
+| csi.serviceAccount.extraLabels | object | `{}` | |
+| csi.readinessProbe.failureThreshold | int | `2` | |
+| csi.readinessProbe.initialDelaySeconds | int | `5` | |
+| csi.readinessProbe.periodSeconds | int | `5` | |
+| csi.readinessProbe.successThreshold | int | `1` | |
+| csi.readinessProbe.timeoutSeconds | int | `3` | |
+| csi.livenessProbe.failureThreshold | int | `2` | |
+| csi.livenessProbe.initialDelaySeconds | int | `5` | |
+| csi.livenessProbe.periodSeconds | int | `5` | |
+| csi.livenessProbe.successThreshold | int | `1` | |
+| csi.livenessProbe.timeoutSeconds | int | `3` | |
+| csi.debug | bool | `false` | |
+| csi.extraArgs | list | `[]` | |
+| domain | string | `"bigbang.dev"` | |
+| monitoring.enabled | bool | `false` | |
+| monitoring.namespace | string | `"monitoring"` | |
+| networkPolicies.enabled | bool | `false` | |
+| networkPolicies.controlPlaneCidr | string | `"0.0.0.0/0"` | |
+| networkPolicies.vpcCidr | string | `"0.0.0.0/0"` | |
+| networkPolicies.ingressLabels.app | string | `"istio-ingressgateway"` | |
+| networkPolicies.ingressLabels.istio | string | `"ingressgateway"` | |
+| networkPolicies.additionalPolicies | list | `[]` | |
+| autoInit.enabled | bool | `true` | |
+| autoInit.image.repository | string | `"registry1.dso.mil/ironbank/big-bang/base"` | |
+| autoInit.image.tag | string | `"2.1.0"` | |
+| autoInit.storage.size | string | `"2Gi"` | |
+| istio.enabled | bool | `false` | |
+| istio.hardened.enabled | bool | `false` | |
+| istio.hardened.customAuthorizationPolicies | list | `[]` | |
+| istio.hardened.monitoring.enabled | bool | `true` | |
+| istio.hardened.monitoring.namespaces[0] | string | `"monitoring"` | |
+| istio.hardened.monitoring.principals[0] | string | `"cluster.local/ns/monitoring/sa/monitoring-grafana"` | |
+| istio.hardened.monitoring.principals[1] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"` | |
+| istio.hardened.monitoring.principals[2] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"` | |
+| istio.hardened.monitoring.principals[3] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"` | |
+| istio.hardened.monitoring.principals[4] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"` | |
+| istio.hardened.monitoring.principals[5] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"` | |
+| istio.hardened.apiAccess.enabled | bool | `true` | |
+| istio.hardened.apiAccess.ports[0] | string | `"8200"` | |
+| istio.vault.enabled | bool | `true` | |
+| istio.vault.gateways[0] | string | `"istio-system/main"` | |
+| istio.vault.hosts[0] | string | `"vault.{{ .Values.domain }}"` | |
+| istio.vault.tls.cert | string | `""` | |
+| istio.vault.tls.key | string | `""` | |
+| istio.mtls.mode | string | `"STRICT"` | |
+| minio.enabled | bool | `false` | |
+| customAppIngressSelector.key | string | `"vault-ingress"` | |
+| customAppIngressSelector.value | bool | `true` | |
+| serverTelemetry.serviceMonitor.enabled | bool | `false` | |
+| serverTelemetry.serviceMonitor.selectors | object | `{}` | |
+| serverTelemetry.serviceMonitor.interval | string | `"30s"` | |
+| serverTelemetry.serviceMonitor.scrapeTimeout | string | `"10s"` | |
+| serverTelemetry.serviceMonitor.tlsConfig | object | `{}` | |
+| serverTelemetry.serviceMonitor.authorization | object | `{}` | |
+| serverTelemetry.prometheusRules.enabled | bool | `false` | |
+| serverTelemetry.prometheusRules.selectors | object | `{}` | |
+| serverTelemetry.prometheusRules.rules | list | `[]` | |
+| bbtests.enabled | bool | `false` | |
+| bbtests.cypress.resources.requests.cpu | int | `2` | |
+| bbtests.cypress.resources.requests.memory | string | `"8Gi"` | |
+| bbtests.cypress.resources.limits.cpu | int | `2` | |
+| bbtests.cypress.resources.limits.memory | string | `"8Gi"` | |
+| bbtests.cypress.artifacts | bool | `true` | |
+| bbtests.cypress.envs.cypress_vault_url | string | `"http://vault.vault.svc:8200"` | |
+| bbtests.cypress.secretEnvs[0].name | string | `"cypress_token"` | |
+| bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.name | string | `"vault-token"` | |
+| bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.key | string | `"key"` | |
+| bbtests.cypress.disableDefaultTests | bool | `false` | |
+| openshift | bool | `false` | |
## Contributing
@@ -394,3 +389,4 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
---
_This file is programatically generated using `helm-docs` and some BigBang-specific templates. The `gluon` repository has [instructions for regenerating package READMEs](https://repo1.dso.mil/big-bang/product/packages/gluon/-/blob/master/docs/bb-package-readme.md)._
+
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index ce5ca793..889e722d 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v2
name: vault
-version: 0.28.1-bb.3
+version: 0.28.1-bb.4
appVersion: 1.17.5
kubeVersion: ">= 1.20.0-0"
description: Official HashiCorp Vault Chart
--
GitLab
From e5a2fab990930b529a7ab1b751de3df1302dc666 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@renovateapp.com>
Date: Wed, 18 Sep 2024 06:19:41 +0000
Subject: [PATCH 13/30] Update minio-instance Docker tag to v6.0.3
---
chart/Chart.lock | 6 +++---
chart/Chart.yaml | 2 +-
chart/charts/minio-instance-6.0.2-bb.2.tgz | Bin 45701 -> 0 bytes
chart/charts/minio-instance-6.0.3-bb.2.tgz | Bin 0 -> 45476 bytes
4 files changed, 4 insertions(+), 4 deletions(-)
delete mode 100644 chart/charts/minio-instance-6.0.2-bb.2.tgz
create mode 100644 chart/charts/minio-instance-6.0.3-bb.2.tgz
diff --git a/chart/Chart.lock b/chart/Chart.lock
index 2498677c..4446fba3 100644
--- a/chart/Chart.lock
+++ b/chart/Chart.lock
@@ -1,9 +1,9 @@
dependencies:
- name: minio-instance
repository: oci://registry1.dso.mil/bigbang
- version: 6.0.2-bb.2
+ version: 6.0.3-bb.2
- name: gluon
repository: oci://registry1.dso.mil/bigbang
version: 0.5.4
-digest: sha256:f7d447a231be1d75eba1777db1b36153e4b214d043becd9be6a4693e6dfabc24
-generated: "2024-09-04T19:38:52.015842324Z"
+digest: sha256:8e87615b4587e4f6ac27e1df1987b0b73139b3509e3b63389402e08549646185
+generated: "2024-09-18T06:19:39.758473057Z"
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index c1ba63ab..e48ac779 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -23,7 +23,7 @@ sources:
- https://github.com/hashicorp/vault-csi-provider
dependencies:
- name: minio-instance
- version: 6.0.2-bb.2
+ version: 6.0.3-bb.2
alias: minio
condition: minio.enabled
repository: oci://registry1.dso.mil/bigbang
diff --git a/chart/charts/minio-instance-6.0.2-bb.2.tgz b/chart/charts/minio-instance-6.0.2-bb.2.tgz
deleted file mode 100644
index 6bd48276433dcda8e7b9fd9d17a2757ab74ed509..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 45701
zcmV)wK$O29iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0POwwciT3zFpfVz>zwC*z)Sc2#%?2OwQTGA_MYoFPU0-KYdJ~N
z-aZaQLK13<U;t3IlIH&HpM#AA7cE{Bw_?v}ED{(D2ABnd!C;I-OsY6!9EKjM?TsMi
z?i7xLf8E|wuh;9Hc3b{iuh;YcHrnmhzZ&gMr_pY2b~ZQvRd2K#t@^(}{T6YU`NWJv
z`mg$p+sb$Dfjlq_35Oh$kaa5n^zpC{!=dY=NexC(fIa!`9imJY0e@8h0H6xqh<Vcm
zC;PAWcYFJ8v)*i1>z!)7ecITmHtW^;_HPvcMkpA&Y*fQzI7C+M5ROq7$hjxq03b_r
z0YyX1IGr|JpAmPAgBqqJ?8ET9Mj{k45>pS=WJUG=?g9+b)<}dX<b+lk_K^qa^&8GZ
z>P|Xt-ECH2gf*eMU?P4-$<Mi1`Y1x7k3tV4)~y(Phe1rj3IG&EgketTv<rxbyR}*o
zS3PVM04Aozy1VJNDn4Q!#SxdUcEJl2jDaV391I8*gLrTRPEiO$&MG4!njLW-v2IOt
z)y1TOJyA3JvPO}j2dm-nuojRZsl7QkJUBYLAk-g2dhSNyuyT&3;<xM)<AlN?s#F2#
z|A{<aO<(j{l`+I2hd4x37Di);gD&vV<i91sT{%k>RV2!f!9nO%tVxszu!=@ZfH6o9
zF(1W!*CXTH_*M8cLS10Z^GZTKIil5m-)&aDHH+TqQ!4)h;+@}O8w=!rz13<I<bR{F
zlK=Pd+@<WnL&SI&un}x-cDm4Ov|9D8K^wOF+i1JF+3Ytrn}d2|u+`dW?syH@sMq`b
zMyEe$wc4;gXzXnD5$gDZ&CX_{zgZcgQ1C7CyTDO$bi3MUoi;k%R;Sz8aXXtkjh&rp
zz1^+XoxeBN-rker{|O9Y#BSLDoX`KAcD>cf^M7k=bH)Gn@vN<Zr)U7<fCDx5(lC&-
z0+?9=Jc^`xbSrCX;E-_C1)KmB!hV2291SV-5g>zHwa0*uP?&(l0Rkh)00dz??jtHH
z=x=-kIk><<0QyKY;iHHmPp~?`p@0GgF^?&7!BhPOlMr|?^sx^)Vyf;4P7r`0NKIN%
z+au#K3ON%N9;7}FhY}#iV>F;}jAVcP6s%jR_(T{aUE3J0RMx<I(Hl-<^w{)STTYr1
z48%;5LBN04c7IexGC0!a2G~1!DqAz;lw~ytY@qmVWeuE;5b*V|Xu5#0AoA(S+kMe1
zs3`&{3J_$-tz=OWw!DVdl{i-_wxtige627<C)h)~o=4)4iwbL?7a<Q1u%PG&@e!f`
z0$mP3RS>Wdi349?B>RE<3ebP)mIR>Pv@tPNpzn)+1YvUEDgfjW6ZHiFgeo%R%p<{x
zAhs*Z9t=Q8IADka82TC)K~ObTPyxaWBnkw?%*=y990c+^N8>1f93_^f<5c8GU^zI6
ziR!B%B;yEjY|sA-%tsPr)2+KZ$-n?0J2N0bKrTe9rYo4EkR_u_(U?r+e9sSUWexO^
z2gTeH(2em5MlkdP$vi1}d=v#_D(1VGByIOnQlyWjB=lV~;%cZ5LXKz%gQRX~m?6u>
zE=Xu#=v6v0F+*~UJrah<lOv?2|A3OQB#vffFNhgOG&^>B-uaI+Fl9T2Lfqns0v0)(
z^&lQi5T)2xg9(5#_xDu$2gelvB0_l=?9_Mal?rAYlMLSsV8FzD7(wcz5cyrXWGs9J
zz>66t<K38#2*sb}R6ZsFmNpgm{SR4YEm?><P)vntNCZiSj{chGSMyeoMzaL~B<6h*
zhyE#rg8}wrBhxoT_V8r?`9bgW<ipv~;p-2Mg;!5eb3f$NMyLd(AtA#6ImzcToGh%Y
z-vEpVQ(`B5CDz^wq*#1qJ_STc+b(#s-+OVk|Lf`g$>HwnOc^maB@mVN=z?~;mHP%j
zL<uJz3A*6)b+7PM^;IqlGvCB=Hi#8EPY+c+Ar6RXyky7~G!{X**fhAwS`~u}4m}*f
z!1`|HzUY2X3t3H8s4=MisHXLmb0gorH40_T+YXhbnpf*#2Gt)``~QZQstl$G8C7;I
z#Hz`<`>GfwHB(eGuqG%#^vcvywXTAUsv(d_>W;aou?BjlCkK0{;AgNaxCxLjn1XT4
zV;G3(2)JTeUHEwa<jp~^ckpgMsn92U1fl>6L5VJvHk(m@EO}lvDD*E083|BMKqdVz
zYFGdQ*hfM7a|k)QfK#jYQXW>>lyNk!3H4Vguz6Ka3-`+x;J#B!2W32guL`VDIZ6N<
zfh&K&2!AVlt1!aXz_~Iep;!##a9FA*l1bJDX~{|@MEru#^F$+*RrN^7DG81P7@|Gw
zQ?Z7Y|JCXh0B|^@h_Tm-1d2pa)YV<qUo}PKSEb89;S2PAEXWFjjDD&}7v~5MxWPzR
z;XUM0#Fbs+QRJhLV;D$#uCMidf12?jR@T<mgrU59a(Hm~ybB(=Ou}G~g!y1u^$d$;
z#bnd1yNyjb&x>{t2n7#}aY(2!g}^#?kt^yo-1>%VH+8HE2rKE4tBh*bBjErKRW}|<
z;{ZWvUY`)c!8w{L+kYCuG4@~(Otobm4yD;EdoM}|po$6-U@V3ePys`A{w+haVvOgh
zv`0RE6qDiON7*;I41yrQj0<}Og%eCkD6O;!q*$&UTu>3Db6tSPV#2|Ycf0Zx0N^Q+
zR+2ISg)J5eP3Om+Tt!&$Bp3j+$u__!@PRDPQRr*aHR%n75%z(PCMY10#D-A75t9TE
z!b^~<vId?J3eY7SM?%18Bt7DzYCj;}dAAFua2yy^wNrMg_zZ=Usv(+ku*yQv^AKaN
z(A4Y!tSP<|6i?qanyt!OMb98*v})TPg7dhKXo$qxF9Y8UoANTJHhI#b9FU|X0L8Q%
zNV9%~Xks`Tx3ZY_tg4DvO7Jd68UV>XT(&HixRUVb5=+`@zEVpV06|2PrIbNmAnB8k
zn+_YhmxOA0l?BxW6ox(-mykQNC!u7u_Tf*OlF4oM1y2Pjq=2X>7E)B#Uj<>Z^ie%M
z(JsNnsFUcQ!lCG*PcFiMKwmc`Y*9qjrc1?azEqSEmbx0RybGjEHaJ|kAq7Ab2TJ%&
zyWn7ONcb^D49SJ)+8WrC7Bl{gQeiH~PLab}Uy0(Dyw?Mi2Li*Xuq-BG3{9t0rzIYG
zxLsAviz!7R52ng;AR#i-A+5>)iz6W)<g!~rI*x-t&x1<Jfx6YIsj8Yd7zoMcjgTJ)
zVi;Ju@{;rau^H=#`03iz$1H+e)Di+et&sq76X+$2xy2C8?9RYTessYXAe{nhYl&;%
zRm%RFL~0E`f?TRnh(o4lT$!}Z$_(Zva5XT@0J@Bj$JLTnIhLft5Y70yx{JbzX-$aC
zQn@YwiFJ&tlziH%Jy^5FW!mk#&{?U==ek-;fRJEvip#vdn({JLZb^F?Br*!jLb#~J
zEVP#xnNn4z-_OtsN{d-`Nmo}`uDKbl%~C>Z#>XNFpUi&2_DTUM51AZk?adX_AZ9{9
zkpX~VqG?K4juQ!{eA-K)nQ(u~VRPU~79Pip3keYg&_h0mLmyF)HRv=+Tv;BuLpK3h
zoku;3zhxtub2Vds{FpNJ$B!w#+C!Z>J*7hwBPMx5@-|=`a-^KhSEk8QbCZowkeQr}
z3x0kIIW+S}JZTTQ;IC@Mc713})h_+X(b4JI+ur`k&*Crf$Kmdq{RQQZcYD3}M<-8{
zI_8CiSKcf!tD8i0lL!QYV-rDUOD83mjtL3Y*@klbV`dXe$t#4wN86>|l~ow{f4Lw9
zpLoW>ky?wjIAWY4IIdANKoo@@O2auk>boO84%Q+<g8%w>cBb5+gd%{$0ik2<wGROl
zx;ySm5hcZzsA2p7va^X3JK5{VSX#$I8`iWr#FEYmFs`mGW(MOh^kE=O0kPtLEVX|y
z1r1kz_JwN4{aEO!%=b3Xh#O#sglqMf@ge&JF{QJWRiT~PVl<@N)@onaa=GSQ9bdy#
zFS?*@+-jNxqGe?arQT)HzUZdqnCZ$F)p|+oED0whh{uQl$T^h8LxgC7t_fLP4Mo>F
zMpV5o$5XWA!3cVoPbFMc4N&wcMvTvB%(TJqXVe9a`g1%3^hX`=vKK&R&DC^fCR5fU
zp@$;QYPyE`x9W+ih}GoG<OD#*h=+w~DHWn2PP)sX$eo#1ii;Fl2LrtivO9*KNeK1>
z$T;@E6Crg#kBfP~zW=1R0rq+az^8bEXi{0Px5w}t0TxqaB;Vyg$vMYk*wvW3=i9P-
z1IDKjazF$r93zgX7VkZaG;Z>dB^ZOJ#ADsEc%GDeRfdPG1}|6@^;y+pxT+AY^#jtc
zjUnTRD*9RtjD0hF76ylA_oq0J##S<eY436^HKb&M=mevS+6AHKLSc!KtE$B+t66TZ
zl0oJK9KYL3s8U417|JuThWCuFW%(Pd;T6zT9>3ebR6$xA$;8!IhF^l`ZU`Wya4H1T
z$5Rp@?SZ%o+Io>A5JnR$E#jImN_Z89ew8OcmqtA!beJ%BxKPLp_+rM7aj5svj3n2)
z&~kAGJxUk@f`W*GkoYJ8n_|Mc;CJvx$*}E)Q}FSS_z3h+fILp<4QK!v!^5x|5x*+%
zNV_k!+Y(*Rn3u_VH)d+TR1(G@DHK~moQo0mMi~+S5^|#7V-7qRYA?Wi9OPO!3ur7>
zylQ_lT|yf)GHYdP8&|HF2M{OnTfj0DUNl9e;(-I{)S1p54G!749204cAxU{{AR}rG
z2b1H$s#0;tzpDnm8YDsi3^`8TrZey=!*}zUt3m-_2u3J~Kt$0*FA?QVC-8`JR)s?a
zK@PGU8oA|M!UCp4S(<}ALo#53VvWV1PzdlCb7n=`CR8<hkV!DD*`)vpg!BynV>Fh&
zv1Vdoh{ua!VRqE(<K(4k@fuY#y*VcSBe^n*sTf6pHM-<!$@ik4Dz--YNZ2`!Bmt?Y
z!tewMdufarlc72z7!DEWPnE@yf*G*ql*G}V{I1+`05WhCo)E&{V5WG+#6M{M6U#%2
zIG?6)&}D=|*{Yy)0O>HX;FvOx0>b5*jg5uzKEOdbv}<eN$rBydq=TW<h#hFJqjuRr
ziUh$L#t}gugQ39wu^egL6{DUt<@OZetg(&5UG|m<GgQFJzLyYk9|rT@+Jx%@CrdXc
z3;dACubF*OAZ^}04lu_kGiiKEBKx;6^mkvso?+fv;`U=N+w~jB9Ye&bo_>iQ5R*a2
zZ3Sd1xL8Y+l)F;v@dJs$7*0Wmlsj)seC_aJ$@*TrMu>wciK*H5wdcPWVC8&C1e0kX
zX|i`~Lq2D?r1(0fc!C2oMElHxfexgwV-v1Bta9FZWE>q+B3Q&OsiJ32;*jGpdYbsV
z!E)wNL;^CLf?h-s^o5*ZoC-tdCWev*T4fTbm?Q>hxxJKn4b*n|{a8*4N!4+y-!tr}
z?8;Y1I6)oB13vDV$z}#(Ir61!QKPD!T1^%hN_25PnSch6Un|+}`LT@Aiy$9?ixCpq
z1W|?=7b^IjS;JFZPHy%x?4tq?ud@x&tSog5`KSwO$}g2`t{3-JV;atzeDg~4iWL)L
zz=s@W{MHwchBzE%z1F7`X=lmDj|l?WGyd@-i~IVwmLHG-JRZkf`cMVcg(NYCV&3Nm
zfG`h50j(D^q9`JaS5pg6yJx3bh{?SO9}lGSN_A4{st{dB<RXfyiIX+yD==Plp+6^(
z@n8yY=ux?dSMDGg79ax~19WL*o@kOH76&q*Fb*S%eC(-i3gF83DQAbKNf*?_2WyBD
zqk;hljwu-<K0-08S}~N&qcBo?D1Jn6$blw)YAK6xm$LzJiaj<n7SDwA)s;IbjR+Hb
zQjQh6)S-|bq8tyfC*(!K|3$B@RV?rFGmBSfNk2<Bp1$sBA2fTc=O%*Q2%wNtVPsK?
zSVTf!S<8u|U9|qXm+T~->uu~P?g!Y*U>!lM{a&dPQUz~j<25(|6GR230<ezRl#T)E
z_wxcQ-PtBimM{eNc9{mLCodUeuKY^^896bt^(5#NIR?g9vU`83b`~_%_jVuaCTu*!
z%oFP#WxZ)06=H+L!m_veEIWct^tK*{qL)~WpBSLqbQSCP?Fe~7l&a=U&-UORqTD#c
zjksTWvRr+lBwL?1nlVSoxN5~9x1$9}HFpxS!kClP+h~up8HQOCM(yqW2t)rz={5ZL
zQ7?IRV@?FoK7JI9ORmnWj2VZND~q1QT=X%E`!^kTgG6C3H2tKb!E=NZbDhLIQawu8
zU?QY2qLfeu@IbGALc)bb$dp*vvqn<KAM+_#-`m~LE(^_aGVog25GCW3A}4HRp&}y4
z)GXTDHG%sHwqnM~MKm^hh!PpdC1^JVCI_R3f<d*1havJGCqd_G#dNG^=bkMit~f@C
z?qW3^XIDj`N2l`0s~RdMFkljcD%J={|C))BuqiTg+sCy>5Hr9yisZn-fXRTk5Q*gh
zq-tYp7?8f)o|oi7z7U_9k)<jZG>a&i2zx~$HAcR)Q!@gyg!Iy%(T{Q9r}6mS2x4`b
zL^PHYLZu=I?5piw!NQ_{o-KI#kY)MV>?xSo9zjeQaUjDR0(C4x2VAbLfraZm9<bUN
zhHxnCc^<GT4y&-Lmt8s<C?gJR1;4hIiw}^RP0FYXVJSJex=wDt+XZh;D1ri^cP{qG
zcuc}W738Fx6I$~NB2`NTotqw`czW2&Z*rwkjS@vXu-X8anPvn>>#5+o88~AoV^Mx|
zRpgeAlX2O^b2G8Y5|Thm88!Kc86|B72y$ueq(`^Z7NUv?2rUV(qd8{?)Mp0JEs9fv
zoDrtxx00Uy*gHr3>0!^F2P$aSa?`6$^`4y`7k8d_jegZz0ze&%@2g-DWVTCnOOi$=
z^iFL~>i{r0P7D(<{gq+8Z*AU#r6Nm`^aoQNub>*u?7u5CUkd=LFXqD<AdxcFGvz57
zN+&?fst7V(ZIqVRy)%NKK%AoSp-=BfRg#fJh8;|pRm>1&i-@HNChQn(u;{P~mWe^y
zJ38zgz1~0D-P_ym_0C@He@NC{=2LHf?_~efd}3CJXJYE;7EGXl)K3CQfrvylPX*~L
zKPLVgA(&)1$9&IK%n8LXU^Te}8pJ`>N+eM0Lx#O-@`)i{TZ@Qa9VgJMk@VV0g`@r~
z<YbUx0<M}>d&=?Y98n)p<ewnuPaQFDonuI05TL-3aR?Uv#w}<Hq}_atCnyxuI;NyQ
z--j^YLzlh}G{`DN(8uyGX{^OjH4=^3n$^U{Tl)aO)YsiDiyEXzLR6wuidc!gSS3hH
z#(>DnzmF#drTgq}ZBB<1fFP;u&gr%aiB}OB`e>Y4D6<)~NZ=NT(NkD{b5f)<(1mX>
z@@wEkC>H@h11pOf{rDOWkT>-L1V)6MFX?);d}qm@)xbciN=Ru3lOk$D>QZ@Zo?<Gs
zP~Nz+97Z}`x&?NR52Qdd-Z(u2q|fO!f&LR1z|cd~sJ2wn9w=H_Qe9gO`W$vLf_?_j
zW3$f!IY;A28cvkN9GMeH$}A<!#>Lo?!sbmesHVI5AJvIAX@aTM9lDH&KGbS=)-BXD
zr<=;_YPzJ2J|TRhOgol@7IOkVew2z-1^21?`ebB*N91I&$fnByeOCHbm`0PXs!uel
z8I-uI{q*QU>UYYX*e>zC&YD*8_;mv65z|gI<#x+OL(B5zai6L0&fcL`8clk2L>pEi
zgMti@OI{~u2n$A9y89><0vQgqoUpJn*0rrB%jesljD#OQ$_g)gM~78qPYcopWXOuM
z42C3}j!DdPCG{JBo>}2jjFEO!usEVZy=a_Mgmyy{-6`y=5<G-`51Bq5&aMyw`U5yu
z08GrVilM94K{d3GBZ#tJ92s@#be)64XGhLs2T}S8hrZKwoW~BwW8`$5X1&?0*4x$k
z)@ifRZSQnjEqAM3uWxQ|ws(GW9y?>Pyd8?7yFp-l>TzEmxnn>c9f5(Q7>lJfCRV3Y
zN3fQrOrF#9lzxLal<s8dSYXoqAQza)c{LMOBRAr*$psW984;<x#-7~-OU~HniAt>5
znL{Iw<*x6~2<cU4;l%P0hxrYDus$;bmHI!Y2xUUk)KuS)2Lva1`}CM%>D@^-UH}e#
z<0lx&9eWVzGRh+>)>?@t%F{bZq8LR1<ai=C#fVJvaICj@Qh%{DX4QtN>X(j_(BfSy
zTuVCm#ES)WQa<$&7YcfwKfu<qDVNuT&@_FiMidD(B;K!?mumM)%9R{daw0La4QckC
zt`vT$qX?9ME?Ef)O*uA6DRO}=sX8&S2-5K*g{yXd_RY#gZiHxuPYz7V2D%4@6`a*e
z9k;6Y;FOJM=@p?o#R@EMiMr_m)`&P+4s$d%-T~FdGU6(~=2b|^jXBoMFND=ceY{Ms
zY3)tF2=Y;lliFA(46&57Ik2KUIXbT2ILD1DlRk6Zg^wQ##1u<N(Xld0Ym5!K)d{)0
z#uRh?)qW4G%jI4m6oEXzXN60jqp7v@14?9WSd27NRGcFwik%}vx3x8JAj45)pUq42
zPOK3)9D;R1@em8a*+(Nd!Gvx+)~66He+5`ekKnB-+S}*wKE-hACgMtCqKe7GcIJ>>
zW9ziBS#57s>zluo;G+_OfpzHn$OmvBEYLea@4r>5v9z>FK{n_&HsPStXf)b8+dIuc
zYjX>3!<`+!(f9oA{$SIGXsglc`<=Ge*hC%FZ*C3xet&y=;5F;peFf3RWhp`}B-8xk
zh*>otTMV!VSr;_bi|m0i>&yrAeJa;}-L2MED?uh;)^U+@H0^>KA4dY;nu_6f&(Tzc
zcSB))lCq7Y6oMx`vw096<s|?tr)dfxqU3UFpI`x4o-*fYo|5Ft2tgmwOksn;uhr9l
zRrloHV|5Qvo|0jVL#v90KJ9`ZzNn)uul9Rq2T%78PY+H%d^H6<=#7w74P8c<X7PmK
zv<o)Jb!NYe!<ZpojCb-nAVV7vrNZt_PmcirV;}P_AcKK<caEkqQo*XXCdG@jT$77~
z0R!vLaDYHhN)ve`V?!S42p@47j3R`drJ?P!c2YuNb@(F*<dcU=lQz}qWQt$_UcKqr
zUj{6L9FSoMUEsJifxKf4zb{uLgic-X3Qf}mz3ibcRf&wm1BZlzlN1jr3yzaxf^OQ}
zL>RW2u`sTXE^vet?bd3t%xrggce`1yJ6eUjlj}nR!-i`e?{yrdWQ{LX*Gfvbpogs7
zsTUU)uEZgtM6AgZ;{t^o(THM(YH3E28V-GQDgEGf^ASY@eAxw#@e@111Xd+zysEv^
z<y?KfO&+h7RF))`vq>MbP)9*j>C9Y?A}W{H3Valu2pihU_^@p6V9ZA~4Xw}}!F^re
z{J#%JZ%@GP@$t#g>wR$W6uj6!+5a!cOr;MbrU?r2e+N&qP?+A!%0W^dVH;o$m_Bu%
z2S*VX0=%)wq<S|hJq|ezl3Y}Rc=F62CxD`==%*l!+!|BrER9?M0bwjdUm<qQ-}anS
z!4hW2H)l_b#cQh}v-LJB@FCkPDcc=KH(8Lys$n}gU{;fyC}hjTuH(!FZ)18z@GwE%
z0&liy;(%kZo<81xqYgCh?PfMjZCJt}i#7GvG}+a=EXj-96CsL;ua8($X$g~<CkV?8
zq7m}W0p?7DbhEvP<Z`!BXJG!!l3<tu`^dloa0sz2_SOKr$V*){nRegz^yFsB^-tx9
zO7@>274l%xy%J^uuS%fmeRZvV@-TMa_o}bn^m4KSUN9HR<7LvM)w@dC6sB1i`lJ4q
z>uW~LJM%i9gpkRnDo+S^bHH7*PuA4f2|QJfvP_$1TP<NF)28}hvd`r(Fl{D{<iVbg
zS(ZaJSV2HJcn43De0nIX`A8Bz*^|>llx@`oPtr^Z>p01YxRFVmXE$PRPP=&&E%D#Y
z^xVz_B;90c@hTG=X3#4RO`#EUpgkdmk=gHiU{`JDy|N9?wTuoZtEHuUX)R99QD{q+
zq!vT!n1U<;)?*e+wl`{a!!rMmEqmRu4R%Lc>?L6rVH{{xs6=D=w>5#a&SOEW^qPRE
zmFufFy~oKoVwTzk)pIn}t)HW*?E|q7ml&5;`3a&m>wt@)oG7=OJN2U0EX1GrKIFLM
zTgmycwbH|YYx&c6YxCURrN=DP;w%$#U(dWwBkr^B^8xqr%OF!+x?F4*H$yy*3j4NM
zhqp-&C-cWzfhZ>SLb>nkq_9z$qg@3(s48}{G<|`AG*NwXdWDl@O_~C;{_F-qRdO9S
zF-b#%^pys)fWjccp>8+Cd{(i3%%**E*=@M3mfO(%Kf%Kh2O+tT5m4qdh6zBih$_!b
zY43kOIYB0<gk`|Wd3sRW1PSUUbZCkRACmiAeS|`wTn|=r!WcFbJ>S#do<GS18ogx*
z^yCS6>YMYnKzbhKh%+4qogJaI;#p#*VJHI6I%-^cG&X+}wfyv7>G4dPpJ%c23~rvo
z%q1da4u{S>2UUI~X2yY-na5%BN2Au(z-uz>AxOQE+&7)go_b+^HNFhUkSX9W!Z%>e
z>@^hKN!x9^jjbXxmXNx90^HSDmrtx^CaUslB!@=socFKE{d4($4IC53hZNazJ~P48
z!1ql*XN`A&`xMe?Ez;n0@yu9XS)dxH`d$F>_*7@FP7iF2b9-6Za<cOFUSG!Px(g(o
zZgF;M1&|nkZ-}2grX~#c69oPD6mxVGddT`#a$pwBI5cY^&;^a;_-hGY%|2M2=dIb?
zHIu*QaM;YV^)oUh6mt{I5x&bEL*3cgDLs-{cwc@ZagZ<neQ1M<PJY@gO*NZxxh__m
zp9P6lHXzcsV+L(R7&loK)3{va8?7aOpUQKT$I=fsGj;D><5$(qE{o@y44PJ_b|^eC
z{F7wO7b9ytIym%#*hlu}z2$^Xc(1aS#<<9PsZt^1R@SoZbSrB@BK)P(huZgSHPpLv
z9Qs|o{8Mk#dDWu`eu|NLlZeEMUJ|P9$1h)ikB7ifQL7Gc?EGvFa6~Cbh~#yhFBtp<
z#)u9PSog8VH#Wf6ua!btF0)6H&B>KIt;-W~J(8pIXkNJ_5!WM=>+Mmc((iL4`--`R
zr;%X<03hXf06oqu)+q?oq9~Qg0-UB}sTY+~z-d3n=50Rnz!H^EI7upKJkMepbipI-
z%K!2unNLnO^S5iRZg7AL{sNrhG5Gq`OziHQidsM&6UsAnYXKSJ@R5;J6!CovJ+oVF
z&`g{VN%!Od&S#X2Z55Q{<~u=ytZLG!_pLnC+JmAp+kO4&WQt37N50WKQi(t1K9RB;
zRoBgFqFv`wKQDKq-?rQ~ZB$#W>Sq17!lY4*aeQ=g+69lc>yI+8UmW#L)2XCcYyRk_
zk>%gRu%;pK-)20&_3cEf=dPdJ{a;3(v)bX&>3+}Um;B~!EV}=--rCIF|Fzj^ZmsVB
zx{v3}m#Q+ujCjyzcjR3Nr<v<~grO$nh!z~?l#e=@YQhe5uH@vHf{e5FAFFH!FqFsh
zs{=wW#ClU0i(D-8X&i?7Rt13&9w>{<+SYSQ&h@E-QLezX0%S^fj|ZSyO;dM&`2v1$
zPxMVphso=&U$c0yiC43FW^4$s({8uA;(r4Esl3b#Gt8|3WD{`;d9vlzXl}`?8yc#n
z=n+5yQAyIfz_Pwm@2WeDmcufOq^PKn41Iy47y$j}x1OA<=gyy*^8ajvf(TLO^5~{l
zK`xO0TkWl_oc!->wpaIm-^=smOYKK6!Q-y<fDdqh#Jc(Cu^@{#LS67<P0EDYkCpw)
zNauymT)if*lXfe*TvgwvQCM`Tm0DE_L0wGlWV-6gVHwaaR$_7Jflf;=%6jo&fG>el
zRW*%h5`Qb4_RNJK_RVlp@F|9YN*e>CNMh?&-XjHFmgk}kfjLW(%P}&}oRw0Cu+=dl
zNRe9IB7Kh`W?)^PBhUx7<qmj+ybZT<Fi0+}kwB8P9O~w6bsZtk9uAiWvXX1<7Lzkw
z{H7%RK|=2STuR%t7#^e;sVW)eqf4r?*)NO6N7a$a&IS@u9P$Bh{x7TkU*_asDh!r{
ztjE4M4`$5Gd@8HObk$0=nx}2P4;Ez|UB|hL`D>K?-*FBbT9?h`xpU?gC~kE_OdNf6
zwdjILl$6Le<!N1_JEHKCb4LHI-I(An8QU$4KIbO~IA_=Dn9MC<&PfdjO-?v1#9Y-;
zfJZ18yKGdGy^+q*S#C7lUsoB8bG&V8Pvy04#5G1H9vCw0Mv<Y!*RK^AMQ-+BPI9rh
zFn<eG{sNz3!coq4Eke-;6|4QJ0%WF?Io(-GRkI^x=z6p)P4nHZmg1Cnpl4CfI5<md
z8?!CjpF_1iSZa!BMp~Lx?{ub^M*g8QW>)v_eC8}EYxBKT-915}kEoFR>ZY^o9ZY6D
z;a1)<d3a_H!c;<Xz&h};$AKf^If-K;f_&t1;_?wvuOw<5U2+HfAopMv5!f`4F@=P=
zd%%FB_HG>Ds%}{33y%Wx*3~V7tg(|Tysk_C1vvQt$H7Kfz3gH;nLgkN9)c$@9D-dL
zwD3Z$!hp=$0A3)9ltrFVW_hzGe<!m}jiMa_n3(JF-X6FWeVu#yDZO7>s&jma`~<k8
z4<eXT*y&x?I$Dt}R+GBUp`4x;W9wng-ed0S-7HBUb>&gU#I#ou>)DBA?+<NQ-f!8u
zYhMqYlLOYD1uCmcQj)8#$KyCu5$?%WrlO*0=9`gMZEjUl`VyLR@ws*$tDJ9bUeRKN
ztDsc7-KyC9Al*v0OjH%ob#H`)5iU}5JJYL&?;)G%|A7%UH_N(HIKGJwXo3Hy)o#{v
z{-3Q@y|wcH+{crXzGlS5+&7|E8W3s3g-)}G!=bs?XVR#s@QVXgyOIW4STPnkk)plW
zS{-J#AZ#SG5hV*I5ieh~VwIcsAr5^Ma?ma)*9D;MG!n9OHiBl!ModKA+@|tDJPJxN
zv`3I>MmJ^*5;w$2?jaY2sZ1+9w>$vV?B&>*n(~V&s0vHmEX&!hm0+4~MyDN0f7^yq
zrgO;;8V4o}rK;nVtf^ynM0`x!l-n9<v>oK5OdMcUM>oxYB~yi4T>_a9s5zBHfqcb2
z^v+S}7s3$rt>U@Y`TKOUk4$D=c$-X!tLgOhkZ`b$#u1-hO~0!Mry>>#bGh$TEyurT
zBhP{`A3!?2a;%{7H|ZkXBvWK|l6QggqdR{hIjfoU&zniBEzg<uUmp+qFdWu~6b@hr
zt3G6-K7rJ~x;ePO{;Rh;x%iJ}v$3_>|GSqbCr{J-jI+$Y#Mo2W+TOsZ#N5-1(&F54
zDw(_rmO!*x4y_P~)a;W?t0A5x5WB!>I2F^nYBu@k{>fxs6wU9zeI}DlJVzWjDNePr
zS`NrteSc3Ov5@~U<Cw_Q4us;*(mIysU$IPFA(hw=a&!TwGB3hsoz~VC5{u%$+O6FF
zf2+~yG*|q8ACKmL82YJcB1Sx6|Loflq&^CfKjX7GRbYGVO4cKpvU>Kgr0@?Z|95`|
zjx4Q{3_96D;=5}*xe~v#Q*(5Yq=IheSY9B}{TZ+*z}zZWZ2jkKCHJhJYrasRQP`Wa
zMW;Faq6r{Z&V9t8k*K=`CYzQor47Q>ISg13wB;dY$@<moIw(0S?~i+J30|2dCN(ah
zr&3PszJ7i5-d?v=Wy&wJf>WX0*2$?P=}kAgviu<@^R>}Rap>U)2ASecCYetyWVJki
z8iTbtWXh#pbt=_rwW0&ys()KaU;f-k{%2j!C6Zq~i|oIxPA4b->+SaDO8(!+bG!0C
z`K)$eY&Eb*5MD_JmQK8)Y583Vyv*vqgjz@T#;vL|Ll!O#DXlZpfV~C&pT+jcvylJu
z@&C<Er?Fc9-OKZk`TuXh_BUtuW!QY?b0hvwqC4h$gck9Cr`gK$f4#ms|8p;om@Ty*
zfr{b*2V$@#52`C^Fk;}xn!Umjg5rmAN%6x1QITB?&MK{LsVj;Bfr^F4-N_c~h|RKV
zsLUpy*)<gJEFV%+6f7(>%0im&b^LG4|751yCwUg?|8}1Lx3)GLEB?Qa=Z^HhoEdk=
zqs58$aIFAEs+(8=3c~fQfE)4u1O<pL766O+KkxsoH=3*U|GhkS#Q$n$+?@a@nRyRa
z0%&60L<DFMSC;`x^1pVO?uVStTj`fS3+?|#Gr#}a?6g<>e;-eo{ohLmyL<s~ElDwN
zFDPgI=MY%N?6;y4XY8(6KyS(Hzg4UM8*Mc#%l|4Z?DZmn7q9>G{=Y`Ex$^(r%Tvn#
zYOrsU@vq3L3V|71nmgxK)pIk?wMCvSM3W>ilQed74pA9yCo%7nIP_1|Wtch{xUwRM
zkLGFV(yDJr;RMP(j{idbR|Q~%tCQ;<1X#fTjjeVr{=X@=1Xuij56=~u+dda?b-sRw
zDUV^GHE}t6&tyeA-QU-*Vn!}$@n?Bnn)S=KlLj5nIJFoghg3^X3D{x#2?gy#4ZuEW
zFstNWV8J1W(q`r!a9G&1T{~&NIrIF33F9#aQJI-1z$W275>R#4k%#1H!aP{kDFq2g
zp40?Clt4>@x~u9cV>_P2M~vf8-JzBV8(stHA+vGzkeNO;mN`sj4wvb?Sn@E4eGn}J
z+seh74Hhqn(+=ZtAJOb#-@@TEE05(>RLPR^pOOIeap>c4Sd}>&M|i-i%=4B}35(Z%
zdHLV&G*|xLdwFugBN^L#*e~rv&&_xN3#Y&KR9Myt3D6TYRc7wo>Iklxv#KJ#=v<aC
z!aA?>OdKjE|F4BY(&8f(I@nDb=rYgi!f+a6|51g->eh7S%UP~1)0!-58Iq<Y&6hg7
zjCE&erbiZ|eyj0clK-!5`~7P%|2MbVjlBKWT=D<?JXf^;$^v}9nGN_L?Y|`P`cgJv
zuJqOIKm*|VwqO~ATe1fWA>cQ(2@Sk!*@bcoz_trxinErOxsg++s-84!W5g-;SWW9Q
zlRkZE3o|+4daWGi*D@TJ%!RHY4a{w;dQYUEYb8R|Lm}7qBBzf`fFf^VuwDyl_w<d7
z?Rx9#biXov@7{v{PRA}y=ej`tFVz29qE{j3&>M|W$g46zhP>KgIip~a{oks$^Y(wc
zvGV`i%d@oppSdy+X0aDy*9*NtW<7AIX3lOhah@jgrbO+lV?JKEtXJosbV%b4pJn;q
zgag*nTV1NTPcwzVBL3ej#(y=NEB?QiNALga`aZKS?9oG;MuGMrQ&*8r)D<{tZ|L9o
z>|MH^i4d|55&zqc{ZtVf^7!72iYYF3^yj}9W}^9bR`{qbmVc-6=HHofbUJ29@B98+
z8L$6V`cr0dGbQx4uF2>2LvD-r-<4{$`fp1n{rfvu+AsB7o&SS?T$nw#D)T6e!~o1Q
z1QzZ8)SLPBe`mG+zo(}}|Igy#a{FNU>`)n&EU^H}XVw+Nx+3CRm-u~^Z$x{i(<n_W
zWb#xcDVU0pTuGa~Oq>`fj}-&Tu~3?#GfiwzG1k6+6`)<~I^c>~EhJruDB;8-K^L6v
z9apU71ZZrkn;jOGYSvfA)IavQy8OR-UciO+UvdAZ(OBhwxR+;X`|Wn6yfuriDB!Ok
zv6cMK3rs2YcIt^|DlZ!sYLHZa{0+qBmHA(1+pYR2oL13Na$phvcRKm_-_6a<Rs7$*
zJonE3+4-Y0#OaB216!{U#Xo~}_f12{5+j^kONeZ?3L@m~)8n!<g&F5r7Q_M|cb%c`
zX8gaLA+XT@yP04AZEmg3|J={>ZTbItCcw2c^tUGTclunJ|CQVn2HesSAq)LK?fm{v
zYpb=&|9vmdH?sfJS#)FGPZhbX%GEC%Jqd_+p50sZuun5l`uR?KB;=F?#{mq{9`<QI
z<E*9``m{U*r!KGCtk>#J9@-i>I(+>BNJNvH*X2zJ0g3(O(t2=koT-K`JrosojjN#1
z*>RhjZCC$WYc&hFC*cnzuCc^E`WvimR?p(+y7FJ0IbTi#EVBQ$TKV-~yVY3v|L^6w
zg8%=vb%09ZaO0KVqJ`cX*cHtsmmm@F8As<hyuuprx~_lO!|Qqd7r-lXX|)@TtFIHU
z%>N@4jH?_mZnpn#od2!SDxClBY<5=upL=;^GTVNiOQXZuk2kOWO0L(Em$D`KZ;eps
z{tVVfkiA0F6pW)kIve)+(H|^1a*bU_4gAieQ97@0-xp=BmM~3pf$qgj8B{P_Z)CLI
zp22zzV>NH6&NWfznWu?NU)|hrd(V~Szlzh7JabF?e~r#o!TxKsSMgu>@_cvkA8LNx
z`QG4lO)wp%s>Ed^#N{>YJ3C>>45I6<yf)`POte{}{&nVlgryzKHHq?S#YBGJV5?Im
zF}Z_*zH{^cu5J8VnGiC}M?&&v4Q^wz-e}&wzPq0MzuIBIh3o&V{Qgg?-de5y@8$XK
z<Uc1_6`;?CJ@_!d??Q1D#mANTKbLxcnFx?Y{9nxf)@iKb|L^Cy_x+#J`SXDFf9A%8
zS<1WJY&J`6uy4M8y*mFV;mk{ifiBel^?dy2=4Nx1|NUN`Yv}*QcLd)25WpP;|9{)i
z|M^QceSxYzQa*R(c8gNu%KV>DXL%pcBL3fObn^b6t@eul@8$VM@gF#>hPSTuv;3X0
z0xV|Fvb$l%t3;LLOF!fwvxWR0Aw*@KZ4`3s!R1f=r_Un(Zx`~vHruQC&--~wlg7;8
zdS~VZmX2orV}$5#X0FVM05!?)t|9}*+-TkzxmHC1cdS#YUM<V}LuTV^KQsAX=P9}B
zS+BBZ0slAK_5At&dSh#q|NUN`Jpb#_&gc1BUjG{fT%Nl*YwMc(S<{?20v(xlXBI+s
z+N{8w^hh&Tl_%lKq{x~Jer}qqr5myn!_RF_|K1BAV~0ud`TX1Ntb|w#29Fy;B|@_#
zan`Il!q7<)Zl&HwUE9jAWvn8J<6q!YOgPF1A0!xyharz5o^~w#ZRcCdbTavo+`D1W
z%c_7}XGDRt-89*kTv0(j$}Hll^3_~;qCh@;SG*Gz=)#JkP`+{>dgmzg^HIEd_b&hX
zDvXqU$`VY0G%$qFJU|aojt4@ABUguc?8cnzA<DseNH|zW<A_h^RWoP1M4g@-;*E`b
z|LtCh;bAj-pyxrr3N*~aSOj7fIAT9D^*_4g6jmuxSK8dA{;xMWTgCjJtMlLY@)R|K
z9QYG6?&<v{vr}MFd3l5b)@6vGBQpd!zy*#+LXIxE1Af?8@!a?M%;f)bB!%$+4`V9r
zpQ_T+*AN5?*Z&3oe`Bk&^8ek-qb&d*4}qhUxC5MX#2m@J>F7IP0EO~h*J1+v1;&UD
zkz#tK+3gj=B)xV?%$kzrKw*MaxHO}VBKRpr6~-wJhfj4CVG$v!%gZTPW(J+BNY)f&
zlCmq8vGyOi)GvKz^1mW!c7*Qc{+DK_kpHW((*O7LX#QVM0|y1WvP54;6o(u*YvBFv
z$>G7_^DcN~$~*#?0Ut#a347lM42K>9lTEkoHa6vs;sp)@&_{rxF_|DA;1Go9l7lf0
z2?bO+`oKDNkt^yo-1>$Kj@8?kA@C?!SIAkYM9Cu{W-Efe>*S0IYcI3dpY{Aw#R8f1
zb^vhzoc)uNqmxWW1;`o5K#IUP<}nO{DL|KA5HmbM*>2ooFXY-Q|Jp^Dm~kB1-MN}D
z{_;hs01eRrj>=r@ICCZb9Eq((H3}zP@K;qX#?YnQ)O>SrcyM%fa&&Zh_O`cw@^dC^
zRW|Rcvs$mvH1AL-f;iso_1+(yJS_vG{>_0g9ba1myXr`oC@>%tyusnY5jd5DCGY$c
zU(eCBj64a3^J(-K=y%#E^c4PUYkCA`HL2jwXfo-|@=Y$7R;8?vonmE0Zg09J7KaW0
zTTQ-_uHJMamVqptl;6xCS)l)Kvg}Wu`TD<A?`-Al|3;_PS?T|Kd2GIwbHN?sP&)LR
znu)b=DrMqjQs0+5-gSz7BNmS$mFzc|f(SCEUHgC&VLrep3NZ4;FPW{MLyiV<zz_!!
z@mbjgA7*b+;3)l@>r&q6;2I}AqNtZO?gse5pjOxe5SqezmzUe%SRs+SQNtX2oC!7)
z&Rbe+@n(iuy3OvGX)8@4Dn?hiy60bHk*i_im2&Mx^7et9dc9tB|7Rh{pf1z}4yQ44
zN(+pTtsSgJboi44oDt`dlW%I)hJj5Y0o{)SL~Z?|ZuT@^O6;MTl}fgI@E8t7|AYdN
zf4dY#gketT6ny>KP2c-?h#0pH*Xs8i4#C&2j)8R?2Z6p{G{H!I5F|;yIlws>91?y^
z5kn!*@SN#<0<NfHb?ICQ#Y<UYEC!Mpht%4UoNu~{!U?7%9E)i^ffS4B3Np(~mS}MO
zqHE_=`yp@TWvvl2_tLGB>=HK2?=x9j3X5&wALiI2pm=_j6gS?KAd;UPupVH>H-z*_
z_S}@GgV|`v7Y=Br%$!FxKMvxVkRTo-c8q9GLP$&JzvMvM^M=MD$77UiMdlmHe@`1(
zRI{)xsIb}#AReD;E5r)Cw6srl%SXJmK+376Xv{dFaEL6?tzFbM!PS%7<*k-&^ER4u
zkO#mB0ei105j_f%nY57gb7iavute<=gv<iw4e=4nZvIul34;E6ia9z8J$t7t+3(3#
zFekkW8<h$*3s?ME;Mb@>$A!_hh6XMelV!$Zd(Lp=nlpEFm9&(`5Zts8P69-eKIIu3
z0PFj0G#3&-2~aNWnO)#E8iWIRd&{(Z!1Tx4XegP3r7fj1^tw&q0niyM+%%+Z&umrM
zVG8z_u9Zb$JwTz1Td)gkfI9g46@2-+u!Ds*OS*Z@zRmBfM?wy9DCGXEUe790?Eb8h
z%hO>tI(JBr497+!Aj4@dq6qqXBxIaI9P(NGJEQb9CSvC2n8YDJHnAtl@-?p<;MA0>
zArYr6?q>_@7ow<8hQ&3Prgj>eA(jayIs>Nh8HH|_6`I-G&b)Z5xhO1w!1bEXMXsbI
z%Oa91mRmX*5Ba(s-LfHn>|aKhPIm)D`RRxvHX?zqF`xBW;&4S+Ggp1A<p8H2d*_Hh
zJ?s^he5prU8m);Rnzh`dQn?e~oM!`*w%c->k27xU0fIcHh-H8%XSP#<uqm!=honwA
z7^c9&zF0HKs^gO}#HDtG{<3Jw6u46@p?l9xk4uqEKbOoD3rE$NqA=0#XQDMXa8ZGd
znOqU%0L!;G0h?tD@oP`6oeH!~KV7N0i1=?{2!}{4{_+dkl8+8>jv<9XfPz_4O~_&#
zB32y#<jYMc65t6cg>F9F1UTc6@;EBM*6(kI_W*fQFF+-T>n}F}FH{mk`VQYBak8JU
z+)yIk6o6fIk9L0PQ~a7;GtaJ>os)?R$_PDcN*2C3z>zFJYdQvGIK*L*Vf6bO%@)<C
zH+m&poHg0+HyYk>QdGs^<k|xnQB0(LSGI&Le6;C5r{25{q_@YtQ@)NucM2tLLa#iq
zH}c;1g>9;0*QV;6C>>3rbE9=_&*V8`Grg1Px1xtK{g!$u3zRt58nQTlmYP8YRZLM7
zU=J#Hm_)(6kr6$Kx9=P=+iz){Lrx*c$Vusu^RA{HOh4ou+U311vt#qN$ki>`(nUj|
zaWB9q<a3+O7rAo7Yin}9T6#{^j*PlIS>6Z9M+m%n(|epu6wH7#o~qMb)pIm;^Z-rM
zh<`z8{bB)y=lKE_dje+7s;jwDmU5)bYASJzSYDak)LCNIhY|5-ybU=ne95?ye*dGa
zPxC!&%lOxpB;HKl+5*qoEbuebx|}n`Z)MZRa(SF1HrvIs(7~gcT+X>s%AAWGJ=YKc
zxu5yoF7)v%@8Qwmlykj2V6mGg(Ni~e_H>qY_E<ksr5PrhFNs+vmXDa_cY-;Mkp#20
z29A@mfFT}7h238_V?$=tt(dm<4ySm#K;C6go2^FYlW8VvsjD^1v9mwsk(9S~m-oqh
z$yf0)JKuv5^e~@3e^RKI{hZb1r8^-RRC5KEq2==O@OreJ*Y+Y2dHXG1MWfw*>vMJr
z^6KzrCQzo;`TH-n%DnxymornY$+a^SqRkKs^<rMvnaz|q++}Z>-W<+?%v5lbl38BW
zAf8jA{1uB~$fBh{4oP@I2wx72E}ViGEQ!RRh{1eq5s=|xHSwAZdk9i*1a^-P=4gt5
z3=1kEAj73}gF@uCl|pGFSDeo`Ztq(1>c*|!o19Y3-LrtweZ0EfyD?pt)^}H0NX0%*
z<W`w=A=pS3nrmG6eFG!MfquW731{@t@6Y7L0ypaOmFahrWlXgmmdI=M$di<+ko>b8
zxA}XXIor*2b(Y<>AP#3XElR36GK8<(TdAJ1u$~3eqO_C6@SAcYQun?DS62WiT9&25
za=&pk3z1IGXd7^*A6J>n%SK&PmL8`?>q4vXs|B;%2@1=Fw`8W^4TF->wyzR8bT=4W
zB_Qig$iFy5>jurvGNCnREjFKL8qft3Isv()`CK%h=Rqhnp7Z9juuGFqgC#(hn8fpG
zc3bNW1?!p%jhU5~SYcQsDiG*u3kIN%7~IP~*O%K*pfKnB598|p)p+@<UQ3@v=l{1F
zx%0n`txjW=|NCB^FLqv!VGxthRrhRp(@0+QsCLiBFmlNRQHuR!GZnbz+>fYHtl%Wa
zYJD`oAzDyc6t?X_TkL<ClYPW!j)F3<xTTQ6q^zej4nstj?WQViU2!(2le(-ddRJY%
z=J+qe{};lby@3c=$p6Lsf34Ok|KGhlGr59!6i0k{_Rp7}%l(DI-;DV+Cd=`Drto~$
z&lde2IbS_F{&z<x7~^3`D7v*NwmAQHGnfCn(QdU?`u|>@HE;|$M>Ld&ZPmzwixCPz
zKgNNN!y$;EcMgY$xs^3=I>HRFIFhOC0UMzp0K<UvRcc)v4j%)G0?6?M$;^n>dl>qa
zH4vhq%FMGKQ8d7p$X5%(|FhwOqcE5P63UtaB@iJB0vsZ@;y&%2^*EuZvIh3ZcuYd@
zZm$P?Oj*SpVqTN~SLj#V{%2Z~|2Hp2!<zV?`N<|>Ed|tv-gz8>0S*wW{OGcasPd!R
zhv$_aT|SN~KmKoJ4ZMRClbC^nr~9npMwI-CJYI3Jk6=xeqvX$uJ7FI2QSAYxH_P$=
ztB4Ca+-@6-_`kK;&hdY1v$@j$_wv~1|IZ`t`e;&{G++>opvmH)=R`>c0B-~-uf!4K
z6hWC#U*+T&VqO8_|4PAmWIV?53Old0z1{cQ9;(B7tG?YHH2STrPIJ)cz|Ll8Yp1{6
zYByVYn<*kXDQLG=8)80+`>sdE`pi19Z`|=Qm7c+ASKhI!b603EgD#kK+`8L*KwNo$
zPmcdj_IIDY*>}hOZMLz1|C`Nx{;x)>y}8Q&e=pCP-lG0LzX#YuAwz$x8=k}Cq02@X
z1-{JA(1-pI)pV)q?(^f<|F>Cx*Q)k|7;RK4ze_l2ZIwo317HRqc!7r_aE$1H&@q$;
zjQT=>f}Y-|(5b+D5QjdZ;Q8TOAR3so0HHvvN2v=AWN7K`@qv&h5#+cZpo+8|cE|8D
z2|=%=Z=p83ALbHN@RlLnO-__u14aU)$ifJR0}2_ZvBzVI<mUYt3eyFF06`jR8wLhb
zjy+a^p|A3isA~@7F?4W2=y^b(&)iDonE)V+DIal&1LOmrc<~s8%8d>pl^<+^8Rp>k
z5uz65ec~}!Wn;mlwo$1Zgq#vT_GFsGs`XSV(jt?B81xC@j8hn~Y<?0F0tkM8m0VDy
z8tT?+nLCR%fKL7aVkXQ!K0@I47bqB~cnRU^veAYy3Bgz%*r9HvvZsTr4WUIvDZ?}9
zrf7fs_^}V!s4_C;0Q3M|K%&2Wm9`}j`pGItr=$^;DwREoAQuQi(?2;0WP^KBA(b?D
zB!*b_NTHV;aFaFC9?sM=HBJ$#jiDfrq(kyWPH`5?J;6a71XFn!4h8}8AL~GA0J8%k
z3Ea&QLDvG+YH}e4&`B6W2L7i4K((sC6$&W28MP;=q^5-|E*P*44vCMlSgh;u-f+Pw
z5mP7}DjJzcZn@{o9s>@~MHd1>&H+?OJA^I#yZSC2L(5RGACP{Af(qZ71!lutDe3!t
za{AwgY}6-^`sSj~<c0euBjNShn5+LATdmEa|F5~Z%Kv*W&zA}S&e<77pJGfAbGqPn
z<&@IfV~()soi1=97^1*=Y+hquyzE0dgz*ri?`0;ME^wYe3UZ$&YMmjzsxu*9A77!V
z8SOm3W*b8a2QY+%R`RctcJd#rmbTrx+qq7cD2zs>P1&!P?vgM;RFp=(AuCq3(Asgy
zH>=5pTX*Z%=o{mZ7aQwk-WGdS0pJhuITMf2)lE79W;~goDIx$k!lvT~0#f5~`qm;y
z*D5`qWb%8QoejySuaC`NX)EeDxT7|et=31_FL{eS67G?JPywF~`*6Mf7&IG=$Dp~n
z`4}`dEJPBr+1cm*e?aC4V0O8*J6c#9jMeV<9~C`#j*paIT2oz_1A1zMr=~Wjf~*x^
zlZ`pZ$2`|pXBZ-WAc)myZPuIWm6*S$gajN%P8ZbWOG(f$4g&Ry>v$GXvD4hy+TLpH
z)Ek|){2Ji!yhIWS(h021Q92;XS@TZ0(BDDIa%6YT5sFUnI6oW?heKvfD4^Z%hI)TI
zF0z<WkNF8JnV<w|4|*dc+9ol#C@^n+ri@i&&2(=5@FlJOH5u;|c6OvwG7ZFnP9N*f
zw5qK>mgki*j3ON72n90yr%RG3%dnY`(h)3B5hTcPn=U{RivwO-S<nPsif_(gZPzJ$
z|C)RAH4i=^DT|PYVUPu3SN|g;2e`?^QS6j6CcYXaL_M*p8=_pV9L7;pBwLYiVwxC{
zFr)~DW#mz}YN#2M?{4PzAC(z|aN-b48v5Kfnf7eamQICq8!S0qXwR)7#r`qLlEe{X
z+p%C=I9<@PeqS0<pnp%r?*eE!w;L8ub3`XF$a792AyO6{!^@|T!($>7_;f*|p0rjv
zF%`+*=s{G}wa}A7%zO<=nECi;%s3uQ&1V>MVt*zSn`M64XNvsTLr0~|;&?FdigU&p
zBN#d}r>W#=mf>@d%o*`so>?dzYRy+)^6xTzD-2T<#6uju%bP%!V5LLEv;D|)6J5$c
z16oj!@>?WXf#We+-vCuGhL`J7FrS6QM`sZwVy%59(`1N3XAF5H^x2m`N&n~naeh#V
zM$i5vefB@j*NrSqq{D|B_-71Jj99jaS`G0s+^h-d<SVH!&!7xq%~&F0#-bq#{bxzz
zU%r?%*VnIEKq~90mj7u-&+MLNYfv<hD%jc0z8CUGaAiFm`J!gSWAu!Yah}7(``!o-
z3QCJ(E-e7(Z6wM#1sy3Zzfyy7r3(`<e^Xru`-}uJe=wS`Kjr9_bzp0O4s0!_13R1F
zn-YW+!EdVs1IYM4O$oAi4Ej^BZnVV)(5jHN&NzjG0rt))@(`XN|4dHjt7<{HqRV{L
zD_2Rc8H%y&+e$NP&3H;U3_!01PSpT`gRoEH(0>TJa-|Z#W0ffVMbb}{{;%%tY;8O|
zHMwZ1*jY|ZZr01xq|+EXx2h&{%4|d^{!Bs+gWFJPhlC%BNq-lbjg81fl1^0Jd|#B_
z*-~#HJx2u}nyn?jjV9zII$v)*1}q+H6{z<w&pdtB_birY^v?zqp}D#+t5I*VK%B1!
zt!W6Zp$V^~%UbojQD%EFr6}a!t)wk5=c<dkOl{DVDl-^h$fVbsWy~z6ubj0RDoQ8o
zYZMOoNU~<;Jt`}Hm)bB0G7c&6;yH!B5C^tHYk5Jpl@oM33kBT>`#uVLY98i$uNDj2
zskD=GD2oQ13`>~aQv+M%^D(?EDL%&G49QU<DTD!3QaTY>*7>`ywxC7@*S&aofqgX>
zlDDDE(1*jsLeE$Y<uV**QY+6w!t&<kNxewQMFJr)H)7FpGyA?ca_ZJ(BxTzmAlAN^
z5;;d1&6<9UpohxXgK_Ac7g`b0AwvFZ92PrtTMHB|j#XY`A%utMOiqC-2;p);S(Ji#
z8TpnWzbKSIPGHWHjJ6H;`*ITV1P%54%2k*zN`=iK<meEA=agJ<Ym=8J+ht#D=7JRY
zMfPHZ@|-taa@Ls<c{ud(1p9Gn$$l-0>+CM`CA`ErhB5i8v)!>w+l>D&-LA})E*BAr
zC@3)+r|=TZnUz2MFoJCK3JGcH5E)3=Z8vsiX>nz|W+#y_gbJ7fc_94>WT>E-l}IcU
zS2D5i+UjwcQMR}<&H8uVnF1G0i_-@Ncvz+~<onlXk|15Nf#ywz?{=;G0G*@x;`16{
zXpE~qq~}#3g61@|UC%d@`JGu@mT|+atspmZhE-$PC1i8nQnA#O@G*-5n7BUskYR6*
z@ALMSi+8pSD7gG>D6CtlaPmC+jhB97cqy#~nMf(|fNFa~2~Bp!@Mm=9W5y}&$AYN0
zza4m|UQgM%yvy?&E&6nLz91>ENm^X>B@uw7(tEYzmw;KhH|6t9mD(+;vJ9b&pOlS+
zWqzw#ZqasPv$33(>wI@XHLLx^+&JCaexe;rGr$2lGvboaGZLXtE#4pcKH@{(J3NX|
z2%bG<4`Ih}rE9a*|HiuZit6w?h^}eP(1z`mHe6}L<)UjC3i;n7vgRRcL@S!+DCQ3)
zoMxpQv(^8`%5k+2T~75jSE_fVdX?(Ez<fkv4%Qi>6GR^u)UaHl4#^oMF~=cVElj_)
z8h%dnP^^}w>RD;umG(6N?oj(S7ii!7$;wW-^4)B$l<(?jr9S4K#Lo&X%g#s`EKsqx
zt6}f%Y~@2%ut#zfKu;P(D<!L*m6Ba4Sp(o3D%reqd4`hRS?So7j?L>>AG7nnk&0Ey
zO7%zH#>W5-b$Y=))#bl|7Je!^_7HUNO4a_8RjmxuouVKh7xS9g+El3tZ`{-Z)!s09
z-M>E#zsQN54;h}J;X9qbmx_Nl=UKmFeJ}6ATbKWrd&(+2IUlXO?CGe7cPMqPI@a3t
zFdp|21!Mr8=)*-<P_DUCr0E3cwZJ~5>a`Q#;fUu%lqhkc??z3_D7jpiEUPoAg)^x|
zF}TE;)YR2@oinM0<EM9jDAkrat5c~D{#2?I!fIo21FTcX(e*Ot{Qkq)nW%kc1mz!j
z;d~|O+MFw0<q^>njTQL)%NNywuV4STmfXF+v#q_ByqY14{|V#>SR#IP$n{2tTwATi
zEUVx<IT!l)DxGQ0>Wnh{zd>hmc4vW~?(CH7%CrG@WZG=!Oq;@~(CgSXTlJM~v$Acz
zbK7Q7-17a~H9ZvahicPE+*kI@%AQ%-GfUVrt5}2t%xZ%~KC4)SyAAl;E`U~ExK%L1
zDi~o_z~5l-cL_&$(6I(;7*-*FD>Z9%Xr*RT0N+u_-wZXowY^faD>Yjl^S9EnrpEW6
zWmh46D^>acROu?DFI(XDLi%>fHF*1PmJwzZ(sw6UPGq9^l;?Nuq4bA-)5KhjTnOq@
zX+s}`dcD0RtP!L$)Q+W^W{SrLo>%&cO5nC{oxQ57v@s(^=62~_LjUZ0Xa9+rNtC1?
zAsDE&jG)08^f;biK0OOzNakNSdjlbVm-o$@UH1pNio;_BdN}kDcnui`FAxmCt{#+?
z!dWStl3so*g_Cz0&Qv(xT~6ke!pV)(Jt`cvrdTPP?@-zFJQ!X}*{tGv)wH~MTyLYE
z6S|G&A~U~Pz+;J1ORLD<Rb=mX650D0MtB3P<ItlBGAqKDYPm4a^K`G#y++;(jOW~7
zGf!6EdsMF$t}>=~71DbTA-y@<auw10pdxx#mJGNzOD6N;+NR7_V`a*$Oqqvb${;C2
zRu;`ISTs@`uk4zYU9+-lZeZ6m>TaXuHr(cBcc)&jgQxqi_fPkWVXlRO&-YKu9NUF*
z$45O`uph)|rXiG3df$;9l-tcvF?L}R2q2H|0h3(=z|aQ_g&e>!35Ng%fld{uge))t
z66^-MBB`gmj42lR`i)&zpJmuJ78`aui|o3*hpKrUv#zoA&CEI~Ecae%1nM_4`ARlO
z9)K0N`46!It&{1}08<xw+~9=zHMTpJ-qV<G5gv%*0)6mA3b!Sa^rYJzI;4Q}D7AR~
zn97|qv+;2zQ^#Ft`=h;3|KEI&u9+ff*-=<T=4EpRJo!#+@f3fVHsF-PkPWP4xGPKi
zhL(7<@i$5u&}_^$#lL+=zL^#NkMajDG#d-<z-!r!+wE^=H?G`)D|g_mi&kZrrILnB
z$6PLb$J_E&g$_&yq5<Rs90EPF0Ykw+z6LZ7m+<r5z|LBZ2GS9F1tQEj5x6XMWGtm}
zz+RO!Pwta6a}QeFI#tY^VIB;_t52G}@5CS#gNwuA$^gAB19ZFH`R?4O*ET@6+gsmx
zXTBdJ^n3Ni-iHmEcU`s`*Dyi1zMboGWrF_WO;F3tB^_KQ1lfyXeILWzK<iudaqS(y
z1#cM~B9&0`0cFHIBt8NO`YW5_wrq+<z1{lT>@PR!?e@y3NK3CgTT6Sku4h(sR%XS@
ztoT-DMTtd05yL(T`Pmqa37yW{IlHb2@kT-hZ`s4TB}Cc}3GOQs;+{;1hqp1dvLRMB
zgtQ^H7ugVb&qTX;*m?;QVzoK8G9kVP6GEnpjM@Bfn;V?@zR8A&G&c5N1U<~Bw$;)7
z@<rhN{hJ?8DV`vZ>Bq_dxwR1a?Y~iAPHX%7i;-WMAIaD6$NVU`Fs@~PY&Tc-$IAZr
zw)RIRYxRI4bcW?U5#N;!@{A$`4kTU=*8*X{>c+|dxd#K}!R?`}?2jdm=$V}Exs!EH
zc~WbANUfys@+a`-ClCB?44>TTyfi^C2_?aVtYjcUR3F1rSI>O&!*@5Z)2<xA(k|ZQ
zvBcTCZ<kWx-p}4;yZ?7OeD_Z=>+%6FY|1<s1ZNaM|B8tgzTL6A69j$GQ<$@*&f48U
zYQY(b`zC{MK{20uDa<X#8@(58Eknfb?lhg;FEog+Eah9<E8O194!n;%Jca?w(&>K9
zPN(kNstMiL{@&xXzXKB*P9P3oKPWY#3n?sOhWslV&{@s)FfHi6wP{>*VP3~J-u~y9
z#(&$i6#o><*s{k4I6!BH+X+1*5ek>TtM3Y@$s!bjXHOrV_4Nz~2s}*)w6el(F_S@a
zrWIB&AnwnXdE0hav+>PB+n4IfH?zY2Ne9ffaz;qAoijr6{<+PqYuF%Lt#4+8thQ1A
z@m59N)q}|y^+u51eTu8w*jbgz{$y_i=~V;DXXt`!lI-HfB)ejt-!I$e@5(GYI9eHE
ztH`z0&T-b@s%Wr+X$3!uUN`D$03GIy&={s#t5sL8`Bd?h59zro$)R<PwpuMZ31}|G
z8pmPk0CED%xHad#7<?@wNcku1D<-`l_R(%oun(MZ9B^ECs~N<$^h(scB}qQTh)!qN
ze(K{peaD*R-%1JBu-*;PWwsbQ$I)9F^roR#RHj-;ScvAiG&9n{JL{^qQo}4W=@|-;
z$4f+8ddXMrPO)SF&6B-U%-l4$uvQsA-httrgO3I{#KsXR`Snc6zx6*!-&TD&r)7?s
zGQUspb$(vvXJ$_FmdlG|#^y?!DQhWk8{e{7Yt7rts3((o9tCV|-QzIyA@$!uieW!M
zzeoV3BrcirrL%tiyf4?SW*U65n^)3G%%`tPq~LKndz^tX7o3n>R9i;NI-KZtPNrIf
zy>pb_25I_|7)Q1$Ohlpl(XxM7>GGXT>+gpBqgA)RSo*(d{oU|YFaI!j3$xW4>4mM>
zfIBu|yOn0!{*i|HI9tArufZilvd<(;g<fh_sZf}wkd68TQU%8F>FIF%GW-;VT0cw@
z9n#pYeEru$ex#JEn!H;zju>Y(ZyHg=SPeB%t=_1rG65Ol&}9+wTyN_B$(C=UUa!|X
z?Y8{4Ua#l>ZPXjBe>K{jPNUu4>}+oStKMwZ+l_yL`dxP1JTc>t{;PiDw(^~OAdk`+
zeYF1QjTmL{T8#3e$6yeLp5WQ_4JlbLUw^bWLf$!;TTDFO)SY04`TCxkMJ@^_>yKg@
zJlc2+z5uTF{<@&CS+Cc@*9~2*Rs+v)5CA?xAZCaP-H}2ZBEJ3zhf&Ob$NtX_^gP6v
zFns@bwBZUFn{7>fKS$F?8;`&ED1g&0sDIt4l(ZE=#x4l;XST(VM-iXhmij)gt=GhZ
z9H}h$aes`tY*^UkxkkmSM;opxw7&8G*Pl~J?-0d<sm6PVfD~Q;GvK@+<HXGJrmp<3
zzTvVFi35NA5&HD#F?ggz+#U%T3D6@AU&zLd%GZs`x1Nft=Nmkw@;`#!IUJ&DK)iGJ
zPe#I<wJ}%zH|wp<dOIus8=cKgYbF2h;}KFjvD4+~D-%Zy{Qw8ZS}yB_^`{uqjCb16
z(<NQPJC^nC_$Wf5k3tWl+#+9_8KUL?G+J)mt!E8nZKFHVH8>`I93WQvZ+V?Ht9kio
z7RxGg8t$fBw->dH1QWSrbVi&<tXr#5G{lV4sT)S)KbcGDFbBF;)qhkaG?x!QJJ#x*
zqanq7s{AT&v(c;)@_vs7za2Lkc>DRmxcBGjiw`eepHH4WJ#KG@z4lMddOLjHZ=B#?
zYwv&k@M8ROw|Q`Iuv0_Lr|;jv{@#Aif4?<)vb+EJ#mT3);m*<9cavX!{yD$Qhxv7x
zgTkTSF|eo`YDe3D{akk&?#^<w)rOzGq+kYh#ZWb_LES9yTGjkjl>iqL`1C!VybNCA
z?cbhWHZPtZT{Qgu>-fdXS8qT3y48O_?On9Cw!$EMe)PUII^L<hdHd>s?fbu;);@&8
z_m}Vd;o;tklPBY6!4n+q|Fl_a{`OmtA@J<E3NKid;bGVm`226(-E!@{Me(_<=CQk-
z{o+A}0zJ$Bx9&EYxzA+W$072oj8g>Vy6=A*ncWoWF6U}9%lThHD%-*53<yONM5}P9
zd?lihj@!r;8CQMCq5Rx*TUiKV%w*pnk15g^w6YjrRuz_y4=IJy1j%}~h}8u#o|#63
z77=~K;Sdj|RR#yDrOnJ-l5UqVl5H`KZNqKs*aad)rAssPP&Jh9Mdv@FR0f$(vUbO9
z)ZKPw{SF7H+K&eVwcGTc%{-o*#KTe5Bjg-Q1pm`^8*VF8A`U|or1buepm(P6Sg#uY
zvn@%TcYZBmSJ1f%t6ok9{h3m*Y4!ffd@3N<s`8(z1htq$*?IrT=i}k<=-r3Ce)xR&
z?x(sxe&WBcv8}D&&UcS~J=klUhrR7XIJ|iJ=M#Fk*LWTO%71x@@L?zTX}lGD9>3s_
zyuGM-{N*eE)A{qwttC0sNBwvx$==G(hJg5xja(9X>6kXIO5|GRlWDD7J~rL0E7M&<
ztX0*&RS9D;!S|m1`T4_#UEDq$4e&1${Fy%c1x-#*e|^Ejy-)84XzQ}EI~wjY@APx$
zxBlz?fV@6=eH;%@f0;hvqt0OaxBZiMZ+p}CFP=TEZM~1%yz%Rj1Rt}6_m(22Wa^rp
z=cV&?+ih&QjjNN+0$r=hf2s!7ViI~sm)@`JmnOT!7w6M+|K+F2^jYtxH?My=emyzx
zFGia|XLvZ={`9QFe%jmmwRgV%{^++qU;Xs!=<RR*PvZ}h7w>9~?fS6kg?rvX&<^UI
z<BOkvb{3L?;gE!Xva_=RJV#ZrFrI19Y)c|vlP+cL)T*VgtFocRM5~|o;#Ys}_Ufnf
z`RkYUH?^O(-@s?*&)F}d-=Zg-=<;Yh>9t;MKl^a7)qGW}eHi-#@_y&n=BHz}`)bq}
zpI=-)f4cb@_jg$1*}*g9clNi3%MtDK=U~<h61uH*eKHBik}%?rssy%}6fZx#*}mM_
zfBvk|Y4!J~Bmd=-=%o3}uZ@$<5bnKvv9}$2FQ>uF*2PY3@7)u~&i!Au-+y{C*nTtq
zh5C*2lSx#A?bF`&i<dw3FF&7b{r2+1FUyc(3ggegOiDEB*D--D$hE5ax2j+*A&kP#
z`wx5LI{$UD9d*us+TA{$^q)T8>a_NsMo-A;=NJC&PruaOJnOt@F&I7nb8ozJ_?f_$
zq4%=4!{5H@#e3u_+xhjy<%bXKm#4$alg|0YG6wK$A(fRn&W}q7DmWZcG=v;g&7MiQ
zkZ)XrzB$;nYW_`C!d*=3_QBSvUvGSh-`7qe;tdYr^qK$c-Ff3vFD9e<{?<#{KY7{c
zgfHri7o%6te%anWIQ+EJ^M4Bct>))XC(~X)cb<%&?rvWO`!73_mv88Y-Q@(o7a%B%
zITd9iG(g@I6!o|^_q4{fS9i-=LfgxXR>*L5?qV=&!7V*fDO@p1>94AUw|InVor~ID
zvvE9b>~6u|Fb@tk4{@#evh(cOFNfQ>u{ZhLI)AbIWOuiJvD2E=4ui=n|J~82&s%$Y
z??2aCcv5>A1t-1z{ol4*zaAVNHa5v5!wn0lw~QGn`-PYXBQ%?Q_Ilw;<kNr+{q)bO
zgt(Z1!&krlxw-qAzIy-5Yxd#!&Y!{Q$@rvp`6`GnU%dP2x1C@1FAfiedxJNPT6}T*
zW-tEy?p-+A9ABLJKOMzSe)BGR2XFeH7(0A_GHwL>n~h)KlD3VI8r6YX0t*YjDW=f%
zr*BeY5Qn}UIUrxgG_a{T#C#O@|3CKLtVvaMTN}KuU$J6cew0&sB%=1I5RpbyKt#Zb
zSP}G%^sP{*&Tp?!vomLAPSQQs-rtEhH<`Skk2>CVbkF!<XUVk6v$VR5z$#3gi{#6o
zsm6Bevjg*^PQ@Nl;a_2&yY$+aVB_@nqFKp$yjN6q4X-&;QT1$g=qdxPGBXYQ3}0`R
zWQH!GHDxbn6(WLN?u5Ic-;u-gcwBAbjn*PWA&M56JF9r3E(J#Z#*7%fo?K%>zM2pZ
zto*OI&%(R4uG3+}ia%HsSuR%dJycpzc%UsfC<KPv8tb!PpJrQicRnKgv7-?N-_~bK
zKgx?VRYGWeIs-hN1&$OmISj+yVZP=A_qdXkr9X1TzpQ){J4;))tY6lA=-)6S?7)mq
zZ^ie2Kh2SUjL|{N(hfd7Fu{-XYH0_T?kw$Kaz*%cKZ@RT2X;k1Lu{YR29Gz^7PU#;
zh#=Lea$rTVZz$w&U|MLq+e{^e*$5DPCWS*C8pEncQWev7aFK&YtmG`B(%AHV7QBk|
zlOVX4Futo??*k}CEJmJNW>xj;2+)@h7_%<jEdBCxx~}{2^t$VZefKl$EUlWjep~72
zqmQ}4Uc0Vp@;oc+4}v<s7(Z1CeKLN)AMo1{=&|FcN}<d6sZwZiMfmmj3C~mJET!Ov
zj@*7lgwsCbSf-vXb$s1#t+TQWBuN)(X$=Szc#uvrTs6Ek7;l^&5Ef|*cuC6-z0#Qi
zwh+7GU}^i2+hS#UZu!Q3_Fp%{+lYx*Rc={N^0@ijWdDf1@&@-R#+TOQiuY@2ZoL(%
z4%EVy*)<)@1(9-R4yaq?)E~islM4o;M0`cm+m$O}P6oxXRL-2^Y~Zrg3+4?dadT&L
zQZitcf!*0B<D>SSQyTbV)UH(3r5S&@rNa*j@D=zf!Pn*l9w)*hQExh^ulIV5Ma9Mz
zB|wyGSA`DERv--!Zkkms$dJ<FWTeZ2;A3`Ztvhy=b+djrN`O1Jq1iH7vyvHuR*v9h
z``fqm>K3x~nZ54&cG4^2Rb+i?U+r}x45Z<l0#+8iWc8ruRkO|LnAD`{DuO^<7)W}V
zLbT)?9ac7U3c85qhe#zb35Hd3#bK$fC{r^ABOS7k3CAr;Za(Y2HWpmJ-zogenFIbn
z9~w3{(C6QO3hT)gX~h2LhNQ@$^)3L7LPgkfpcACCnI_%AZ>{6XRJP{s1XxvYia-Uk
zJ<j$G^HjQ2RC1kJ>w+}^e8xM*`dkWO0&gM>{DlbWN$i?cJ^9M`_}KJ$i+mBr+xFNs
z2q>mCu{^cVk~ZKNXB`t?uR|R|OO@OoU{EuW%yZ?WlbE9=ZZeYA%e5s&jA`2ONf)%x
z;ms`X=AtFjMW@xQ8WsLGCeR<~NayQYFWAR}iFiba&!`sxK3`9+SR*Wvvy;shso_nH
zB+7PyckUZtu|89gT61fCt?ScP_0D7ruZ@94Y$(B@w9I=(J@WYAD!@9NcG_kWIy5Qx
zWl^&QlFUa7Z<Iml<{bQZ)Ikp&JG%<K2@9RvAV%zTiPlQ#8Dt>ED`m^*#E=kObIWF@
zoYaG18)mENLZPaeY@+SC@n=vHtd{e`u{-Mxl^7Hz&^vEaOc`Xi11Vl5D(!2Nt!2h$
zYP-%PG3!qc-q4*#bF2jJp{J8~H?C7}gpC2o6jv3&{pNrZ!4{e)mR<>HZx$+1M<Ewm
z=N)|%a}E?V5?Hu8YVGEx4$jka4c2FPQ|7x|>ts{v_?TCgtH4mPUl{)_vvP5C5`7iB
z@O{<%1@$V5r|WCv!U)BDF65>WbLp%`m4hX6iyp8rKoI<Phqh%!&swW3tx#U&72yf=
z{uG_)vd5zkEY(%C08fLpb)|JToQql5=NSqWt~UQ4mE>Qcl2~@x=k+AFPLB6`XV@Fy
z%b<GG96P%Tm*MqVLN`hl;@fp0La^o)^PQ$O3n7Ge>68ps>t#|?Sij$vBwaAtX|-E;
zaG?a+Ai49+E*1SnS%8&471k}bRLE|m1+R16IyLS1$$|%=Z!CCUh%?TtNmGZP`&Ay2
z<umF<kk8lG^YsWR?unIb0z;+iOB0{Yjsa)OOAS&P@32A1eT8EUbz;`IH^6dIF5@Dx
z%!sE~Z8Hb!Ww3KGmyhxTd1L@^=N)%so2{6y4@_3vxK>y?pB|WrhlFqgy~^NrIk_VJ
zS_FE&jc}Hh2glQZ64ug`IETvIA@&<28ct_cr`Ub135}w+&{;hI=5U@Tv&hkoTM(D`
z@(F;quuhTDjy|<kA}98){>9!^nzlP}&$*dC{p?Tn?;p?utMxtjMI!fiCO6;_3dN$4
zIGXWGPA53HUGh`xoDU!|C>#ZX`@HdsATjDgvJr6%nk9>7x5-3<iJc`CgFZAP8ZR3h
zlk+vfHW&+s3N{?+2l{Dy|MRb(qJr!!wat2xnECB|2#$&sc(E{iY`Z2N*&wfw7fD|)
zCRdbS%Xi7yJugu*N-1pIMihjfFu|X%U}C{noH2!0RI=FZ+zg%dWGN#XQynxN5e_kB
zqAIcJbr9y9Lj(%M0?|wgi5lX6taZP0YaBIDUyoduF^b%WoQ1CI64-P69`pkmwNc!L
zkzLxz=h_hb1Ny$_@h$S}c)d0!H^^TP+k;4Q^%TevWlJc6R@kM#93s}*DJx@t24pDT
z%L}k8wSqf?ZN4f^8E0$mJgZyVhss!htUgdN-?q=b=tl$v?&;Hbo6H!k=*k4=grCiF
z_#wN*Gw5{kayfy=*(Jzj&4|a{%!lE{nxM33MN;Y+0_IaEI%QtkYltc8M{&2+;L|x%
z^D`U(%@(%BqLUIPNb^H-_5neI#Yj~AMX+DC)pyKTWBj$Y8OIYVOh4P1A3N&3pkBrH
zbUpTvM~DDpEyAFrFpaes!>#PPOZI~4;-wh!Loz_2UAo!|0L?kEUU^LsEUOIOlc}BC
zOg(JmdeA*sX4%HoR_xxWigM%*^qhY5ERv`B`*w2sZaoRpx(w6m#t-|~O-BF6yOru;
z*K8aGW@(M;yO&7dk5`L_OaafR*RH!=PQZ~S0kk%lKJ-k+V@*2?MJrmleiolPMMcl@
zmbDJP8g7k)dbVWv499B4v<4a+{KLS8yo+mVQ7U>{)8{A{1Cmyq>p=Zl`@Q<_z6jKK
zVDMf&f|J|-YjDPhL7NGw6)^pd*K@UThgnE%l74BTsTHBTDECcZPrIHx8N^gONOs4I
z<YA8EGpU*FP9gz-EP*TQo#^%*xyWS@he9+NIcV=a%(rONyED_%URT`$POh&Z?))rc
zR}|=jw>;!;z5e}{r}g%}yIVi~tdGV3@sJz#9(p=?cVj|~bIlg{V&3jzvZ@=AYh9sA
z2`;r)ySBwZsNhXo801)-0_*N<lK@!2-MVj4+H30>IHjc&&I^&MRt_CzzRvDQKy16+
zNPRUhtBDtze|NZ)9k}*sl4Rv;ko_m#@Q1eFcj(t?d4FqigZ_1AND)Dh1$REcbz|mj
z*h7|b+%DHpV(KM?Sdx)ftwK}yjEfE1Xo8q76V}0z5L|Ja#ab9_qEwYFU*^s#4i53Q
zE6?K%yZ`ZzKfr4)#|W8*lQ8wNPnG4_Ba*yfUIci%np|;yEjCx*`#z^BS!M(UN-}Vk
z%R$3w{?OPS0~@|b3#bcWIL^uyM)976fE1XyX-BO%Pdm>m*y|+<s)&tGqU5mlaLDNX
zl?qE0T48BMlj^I({_mIycVUdbFDB#-?xp))TVo?cP$yiFoVi~D!fw9N0y-#Jak=od
z<2iHNjg9T&lW1*<tx_FS9F~khKTeg+J{o#<&M=VCRQ{Q@6>Y!NsUQazQYS;-8Tq45
zqH#E}o3i@N0kW^KSJ^!`#)if6(}A0JmEe&~!Djjf)wJDwky#|5Y@5?@?~o|1F&ME#
z>nv+_O>8aBwi@6&L0yV+Z0xyJI-I0Uue8$EG?n$%TOUWR;H6vDmu2onD$kiHf6F=^
zhm+d0Vi)=JIEg<H_4*3?B>r1taz*>K_&aQ6+L+Rx=I(JNq_ucnEy@H(mOeH`onWK!
zcC)uKvdou&Rr;oK%)ni<T^(Jq-}sg41hkt)t>4S*B;o-91CMM!GDhtdZ9I9VNW5&K
z@VA8zfj|D&AOHEEfBeTk{(#^g|Lf;>KS!X`pGTa(Pf&fzMjhFwWs}-w{dt1Jqm$|x
z__<%7niF{3#7bwL7@j+t#;vJnh3T*_bLc2AgXOovv2BLwzICH?okFJUE$|Y9_2qen
zF-fxk5RL~{8^X@0ovyaqVyVIscPP1hY|qA_?M^Po=BG*Z&c^s#dj8)TuKPZ`@-xT7
z_pP3H$j=$g&+V%NVuTHJw_7fxDk8#WdbY4kFzkxqlssp)X%$T|SUl`^f`twemZf@k
zV36UEB>QY@iypfG7CSokgsF<nP;cWSvm>`Km$5K1;_UW?pA*#o>!RMH-|ksrWO&2f
zhka)5|9+&<E9^@TTpCv!|A?3&N9+M)-e`ykcU$Yo@y+I#?`=O~o3%P^sP(k5>?1>p
zx<zL*&qKvof5<V)16@y<HOtJ%umWYygkzARFSEKoujKjHTKeTny7d>!5cmUrU>$mf
zeU`)J`sM~3v$uOo`rKt2ADvu%4Y|5ahgpZJmJkJNr@*JnMmg+AcC#gf1BaBPFV7H{
zK!R$3whpvM!pOnSE!5fC&JY0_KP`Cp7uJfOva>%ky3HOC#vS%mBzJeN2DsU;<-*8Y
zbhGoCmCJdAO<B}t#pr>c&;<aW=JS$@lO5ICEwjWZ3gV7}UMtL8p#vu#$U!u^b1;i(
zCvB6B=uQF5cCw{2a%sNu-Ta)r{{6-Gk8yF3c9tY&>U`=O!hgUIt&&fuw@$cSPp(+M
z7QadyoN~paD?dZeQOV`|p#l4nlUP1+s)Q!7W9%Es(v0RQyb=aFp!X6>o~XU+C8D*4
zyJ_mX$25#jfOsGmEaDLAxAfFe$Mq~pvUKvqZ29pho;_lHd&PYc-cxIG#T$|3bDAD!
z7)--jZB3^j51e+)RuGn?!}Eu*jIu(?=1{j%0o|1j`q5)uDnFqZFo#M(L}e7o%R-~J
z#&i?%?rv>KnrePWd}CwZ?mU?vpST~}p`T%|@_TMfz;S!?R4H53sk&a?QeGCY`9Nm4
zVIk~*D5Xjl6o-}jCSZ4j8Pu_52<hS6!PbJ=?Bd9r6HA>l_2aCoI45(M);a}3Qhe<h
zw=YW0HGm=fDwz9`vGfXj6~=3GbUasF444sVdn46wC#Fqozc%*^TM0a~gj^IX6MJ>&
z7Sw8iCtA!j5$G;Bei<h$<YTA4Sxs3Qm}x1>FbjJ?{gvdIU&l(=WmZ*_DmS~&f&?zd
zj|Wt-SKNy*UR#qZ-iXkE9WAW{RXQxUG~sZPI4e(<m`Zt1_r6UtwHD>Bwq5xBOq1YJ
zx6k@|wy#b*SB`P9q+pf+)KzKv6;wbN(>ON4;v;q8+^mDi=|)WaGao}0xR#mvlc%-z
z&kvJGyC8fDDtIi{=#NqR$qNP1hr<|o%mDPn8Zmjkn%sa!1md-{e5QJ5Ne~dbFTni{
zJ*rgOk_qW~dP7YccUk8&GsS(;ZkZj4n~C2kD+$7lpy=>JkaR_r@3C~w4%zuk0rZT#
z+sXs8;?t@&<5;<J#eO4``e$;W4|K8jyd;1Ab<aZbb4vDKH>w8ggO_|lknoNT;qB|6
zxB)I><{it;Q|i~{$vX<3w;^A*!3N(yeu;&;{9fYS)3;nQ_<QP~7Z3OC3*A3`@`Qch
z0Q$g4fBoL*yO+H+!F@2z?rcOK@B+O(O#S)S{n6>^@#~S{18O73>|a7E-V^P-vaz5)
zko!k&dZiG170W%>QR}9)n}l`kmhkOJhrVG`xfK?$&1Zih`2I<A{l$O2(!AU~uS?Ue
zC&QI2|D8&Gt!v^p<&(IP_rt`iCfE00pOWuC+IQ>h^^N!8CDp|K#Bvc<H|o7OcAbeI
zXO<bq{ZnVX>+IMZ`ic3>miB(A#g{b*e)^EvJz>#}{pMLB#19y{f9g-FKC!a6dgFR}
z^MWKy!z6r~@0ZCud;2u2E=&E(v%9&GU-Y|va^ukdaE3h9YW?#mMDsF?-aS6|6R*sY
ziJP{6{*<Nh#7E~=^&~Gd|AkEMXA6;=wC=Mf6}uPD2j147)|WcTpL*q8-!^F-#!l$<
zAIt8Uq2tPu^PyT~h3TiHcvhIcY*63Z{r-aR%UAj1KmYTO%kuhk`5*s)!I6jE%ZPaz
zHJ{i)&<D=CSM%jM(-_3N!M+A-lwrP&ORfXq3D%RDlNqp1~3Ge)|pWmZfibMmq~
z)W;P|=Vyz9Hm(sj-9nk^1=c0&RhH55#%~X1nP?unLD7*~?tS*+bClzE4<z6ZXq@Q#
zFLDDQ=m+_L-1}={!1e#+2J&l(%k3~%cZwy0x!~}<3)g3H*qU5&u2o8R%iI8&RmJG)
zMzHv!%OqG(Lu+LkF;$t`QJU24jH_5sgMHiv2Q@lsN&dCn=_^*P`+ejwR;??>2-ovY
zW4K095tpvzmDHwNgIL)ow}v9H#>7Ufm_d?;%01B-e2iy>>M^{u469Br_?FYy11I`A
zK(NzxvE2r4(4D>0w^+5{YbeZjM;QLmsLWlreCw^)xK|>;|M!a(@Xnk2j&tYb(f>DM
zD8IK3{l3Jzd+2Kizr8Uw_3qd!G_mza$Xrw4?z~0?wiGx@kBOyILG(OXI(Bw2J3U>~
zghB`T)~_3$ht2uPCrm<CP$)V}$`K-R^x&}RhC3mf?*#qb_W56n(zWeLR9T;?nBYU9
zQ_rB&$;;&g92Y?42BZiC-HzK@EK05S(K1HT4n)z#iA^vaUuWjRBi2$*sOn5EYm`_S
z+YnDBeRhsClGqEZkU&{u*FGpK`OzhdG99U0KFQ(6GI_txzspbmYixeHn`F_~j488+
zhUpvJi;!Pili9cdx=|uyu(ho?2i<PY<pa1m=LXYuKHf(?v}KWV?PkS*qv&CgO?Q%?
zme7=CYaq0daJ3)g*|I_Q&IUpivr7+Z!Y=Wz7hyMbCYkrENsB(P7~dgZ<ngvWxnhpU
zmTfvHOnL4g$(ea*xMA1p4h)6%2C&l_T?{l<YQS~@b&;qld$9ucF2RT`F%PyxtB~hu
z#`nQm!lWI<0eK+Lxdt1#IKMDRLSv`xtFH4|kn{JCQO}@P3EnQRLCzyiQRS{!`BU6?
zFl2V%+8rV(rL&`~DRk&z!yC9_Xsv+d<(%FLyooaYVTz#^CPQaKIg4T^w2|Jq3XCs7
z8A#`wE{F566uNgzT_31tRb7VptDhHtjAG`;7<2fIit34>>^37mGwWV<672hZ^uY&Q
z`s;(+*S!k+b>FqtE-NXFQDv=-O$b+KyJ_K@4Bwk@!44f=Zj;5aF@(}`6m`SmJak;J
z^3L^6yF<{3C!Rf|E<wo%Mk`(h7452EzLO?CHXiQ13jeXA27Q1d^$z(W&bRH!74z3}
ztPNE;h^#A1LOpdC(46uDuE%tT#J5PshtaCtA|eUws|7sUV+XR=$!zH@1<W%gaLFj!
zgUFIZQO^~8#!{tB!2$iX$^6-5@mbXK0~^Z)@gjlC|7+Cqh|MIzG;liA2ydpI=jkla
z4{68F>UHOYYL7CjwXHPy!p9SnGLCfKQ|*493xv=&JZcHiOb`R8gbfbB8@n;;RSQ}B
z<5<$bJ2Ux34+np;puBM-{)N4N9yE!W-gv6x7pv1xmX<dNKUtI$xAfgFUy<g?q-@g3
zi%sJvjXq1=r)o_%^62~H$Mwri+;jM99ff~h;k@wjs?_b`TP@P(FY?``?l**YzYSEm
zjiqlzdEXh_J{#N*Y;Z5IPb2)+xDN9Xo7^m%6Xcmjnz<biFzKl5>};A8#jxhm1UrX@
z4<}>Ia9vzv)iRn!dmNt+cIobD#Xk^kkZ#wM25UPk;`NRdqJy(vk2DqJ&$b}=p%^4|
zl+bJU(*z*oA<x?l@+$1h#g&kMgc9IIMYF(2n<f^$hBxI_7eIz;ywlOnLYAF@-M*2U
zNXJOfrm%e-r!csLRSH$6+I)8?0^ReDF}&XT3gF9*#PeY?{nbkP)`a`}0;S&I-o)_S
z8XF|V(t%2*b=L?zt2;+Z_4m9Bw0f#VpqJ<Bvfj{Z5C|OyQ)+XzXLGKq(y7~2b22HV
zk}S4#pWw=QZXBa+yGW<xjv5_>@oH@UApPlXRfYa(3*|d2x*dl<qVF0g|KlHjK;RFE
z_~-*igjnA5A78#ZIV!K%J=axUhH3pdRl+0Oj<2w{vGdfJK;xJlA!zFi#I^;JcD{fj
z@Ko<j!kb%QyY5+52g(h%r3|?ZWtvq%t|Q{Wu2=JIVM#$lrU!Bw4*Mye)_ea*@X3^1
zuPXABgWdmg-xq&ePIYh0Mqdz3c+TV+i20c=13h$(c|n~{Uazl_aU%q0FQKBMriZSV
zv*8F7ki(vLvo&RGk8b7#OGn+Z%EppugzeyXKIr7pLK<GhmzF(cl0M4Fxu$t(3eMF9
zSJZA>O=n{l`sa!q(A`4+h5TNeOP_I&Js`as=0$e5tI0@5b8kA0%<P1<ZiuYEO!4{A
zY)CLdd|wg!u+UYIAy-Gw)s0|l0;?0M0~LzR;lanEw3-p@oG}rUq7wL|cc`9kZEI}I
z*eANz&8&|7HwxQ*UwY-UF#PZDMt8`U-hJD?2IG(Mn1I6Ckb(psT+>G50m)WKhGRwR
z%L`j-tgz4OW2qNQlSPBA>2D2jRyeU*>R8(qEtv&{yPqDB2nTu%#ED+h9CbXk;g}ro
zx0Pu=-pe21^M66TN$z$%md+oF*8&A^8pLEJNS?y(LOg@s*4k}cLU+1T-HBxrctzoW
zCBM?TElLN#5(!F4iRp!&Dmy~0kI)vGl?OcmaA30xR%0zBuT*`1{`Hdw_=8eGfBjS{
z=)Qc;tvJU6C1}96@A{(uUVY*pbszcImhc36>Ak1R2{~><2y7oYCT^}E;FO>grr5Pv
zhS1_hZU{aq&LWmB=o%O{q^?C4f@nT5gxftJw}sW%2;gh^AcF9!u@3zSX3=AtLE_lX
zdq*<(0U3&4nzrjT@x*(!fW3<`h^j30!l&>B{C#*rlZF@Jn(?cS@lUFaU-j&d(lz5J
zMfmsmZQkHs`}d_a)?*`zV9vp@fSX`&Oy`c-V0=Ar5|8I<-10=UIizP*-qjtNbqw5{
zX0fQ4R?X6jy@axU>BAd~O*N6!X985CfX8m=ucN@<vkZJn1oVAryhXmq<8AxK0W@MS
z=d*S`Y;=^Yn3)k{Gf!D)E39gjbz_E>bk^k+vrZ_{+Bb_5+<1@>N?Fcs$Zg0(p+PMy
z&op5sz^&4i@%i?!=fSUC1n)@|K9<NMq1boG)5(4NT83(bL}1#kdT&m}fPdhY-a<6@
zrRMiFP+Ry$S+a>x04E;fy0yg{e&i<``!Ew^6lzRifX-*tPRV*z`-~;4%Y(hN9FQ?a
zI;TcZQUvB}7y<I`!6YxUTdD8s<M;2o3)Q*3|F@lfMiW`w>69NcG(B>deT9AM_b0y)
zHttB9QVhUA<@|V9G}D|Yqrsm8hK0tSp_h3~nD`-CmFlcxNFG`Utu&Q8X?x^SG48DW
z$-teqX83{GD7~y(>ufJeyL_Z^GjDDILVqFuWa9q6`Uv|Rw)UAy^3Vj%s#^zUH+5u8
z4h4oUJW+rMQSkSNA{&m8Dr}vTw`}p~glW7&t!4_BnSQjy*El(dU5p$7ahCLvL2i~B
z62hFM$y7aE@2!PzFGvFU&Y|ni*O0$aLd(sscw8RvY&>D!1b4Z*I^suoGeB>M$kka~
zdn-U^*THT!xJZ+3LE*UYk6oxJ^Z?<r!*Ul1GcBH-4vJ$p@Ttljv_iXjZbJREC=a`E
zJ_j{BK2!~u{+76?F9aB8pVcfRe!vf$_%DDL(Z!i{<@y+L&QF;gIIMFOHWudY++~YZ
zyT;Xa!NDu0XAXSZ?bj9W!O*<n;!Sm$LqV{2PQW@gR<#%#HQC}$TMaZ!vAcp=1EDOC
zBZu7m;p&5fVwiey=m+)7Q}q66;Fe*13l#b(RP%+44|%`uyzySYi$%U3z`|-`T2&S|
zwfjMDepl)Hr&qGDGEIBb8g`AFojBpA6`&p~So;R|X>2{U#@4IdQZ~yn7Bwd;=rGVI
zB<nN_AOKL4n-r@dCSN<jQZevMFi_vvGr5j-B2pEsYJy4`)s`0_)u4mB)J>A|uu~m%
zJ#t41)9}xiq5%JdhVU=nknU8Zk6lXeBb1wOfG@rI+M3(|N2EbpD{LAijJ@41Z2Ev@
zq`Ob4^=ishgLVKV0<mm>@z7M6ma7ObOa<rJJ`~sBA)^c(h#{?vkrR#tQ=#O5G+2Rp
z`*m*7?WFjb_VxXBGB7Vc{&J3l#^n%su+xg*LB&NkB6cTj#g=XmS;J-?F*!Cp2vUyK
z`&{D>=!)Zx0yL%07PG6pX%)_4Mcca|X`6I%s10M#mb^tN=<rXTq#rP5j0@IzL&5a%
zz<WgDeFlA!`{i<ij#G7){b{wI%8(H4HM`DppP&1lB7(JWXpU+W_?r?UPQ|`SHZeZ;
zT4c#9v8xirQ5`a!X7+P#PcP7|n6cC2Sw)s@ypeu)VU4#s%Vz`i`?K{0^+{~k>+7H$
zF;R(P34{_L0+!E^cD%#@HKUkeiDOAjg@*{Kg+&=}Wl;3H1f-&TKlKGviPr|b=`A|I
zcx1oW3#lZTV76h26>XHkx9TZ?ACVON?Rwe0e)wBgjc44a?s#gAT}5JKy=WMG<I~%2
zPYWl<V3%QFL^YQ0Bx~uTcv;6usz|YF`3W^!i+m}pEW=<Z#Y!b}<(@Y}9ZKRXNZeht
z8{oYIe3Q!S-_jxPE31Fza{PYbsC(#3x7^*hx*kUqlR`|VtY~~FGL)_MMJ*CcU%C;u
zZGo*H^4{EQ@fi>uVkS{aQe=B#D9_^7cA4E;Xw&pK$0F-2Q##a;QcmGoh`{W~_5EY*
z;m#VGm*H!q&V3|J738PqO#yviR~VU%@jmM4_u2mLkS`thwmsJNr!3`$Xycg>ZP&1y
zvDBJDfNmb;)z+Jn`X<)rMl?m1j=A;b@mZ(?8ahWy*<(dDh~ovzt`1uRL9Jbh#}dB{
zwo!llPWh_YjkWaGf_x=e{(Z*6C(P;O`D(0z(6Rd>pj#bUpm?kw?L)E11%RnHJNe-7
zn=L-2JuIr=A#2pCU<n?tm~&Y33xE&|0VV}U7uTHAki#0Sm^3@cX<`0P!Ha)M!Hf6B
zg@4~s?GE`esNS|mAKDz6J~rqa7JFVG*5wo)SfInA#A;3ueW221w_D0BHB>pZIxUvg
z&YZDl6^i}9uuXQgNOxLjMYJ9l1VQT1w8zffcMcz84sCDj3!fbmzP}|sgI*<fySyF{
zMr=bT66U8CI4jVuWhz@=tlPq?xJ4P24AF;rB{%$`JuHds4Av09Eb^gI9m?_o&F-hn
zafeJ%-uL2-FRaC?mFSXPtVU|epIb$`(#-Sg*BldD^u{XlSy<ZlGbWxvuQI(|UIWrb
z<Vl>SEo<uN)QC+)8~V+n-OHkGxIEVuqEM#=<ut>d%ZFS(4)f|HY=R>!0LzpLl?^$t
zO2#wpCf9|ti8_XR<mJNsMX9-)(c!aS|Hy<4uRlB-TZ)j7QU=Yo$f7+mFfyluIo9n=
zV=3pWS<(B-$*T9dM!CACC(FZ57XXOg+aafQTu?<Vv`;i}<C`|$;=wY+avj^s&UX%)
zqs|o13E{ubRCPtXi0blxta<8av<ts<y{^b)yx;eRYRL_bauvTnB3n<;p?ENthI87}
zwkHh3f}eJEu-h5J$%#0DIr!U97v@5OW5*22Pq0}{<*~GGFO<3O&F(L6{weP8C6C?;
z)3*_aUkci5;`mAoII%Owo#a{gX{ZkJ*ckozGj5&n(UWWUjH&nBCkX~LK((k8t*6Oi
zYr4?^p_w*V2zD$u;b536wc+M7WVeniB2^kTb({sqwqS4q1cRV9^SIJn0aaZeUmkE>
z{_PvdCj<r`J4PO%l>YD&Zqohv{@5CnVaFCCvVtMgR89*b(o#;EI-zF{okA##%NOSs
z@0Rsiof()A56nL53tQp$pfjsbz@Y=7ud5R&t&T8tQZV<}$-9w5|K42vF)75&9-mg>
zQzQxUamj-Jea*N({f5sb-1n^!_t3YI@aD#KdX2D2Fb?X^DGTUrcAf}XGjlgyy=ZbJ
zEU|cZE<Dtvr>z6pG+fvyw+0C@TDT3jDQCM3U1S^6T?jM<PL~TxJZRCrQ`_HeTzi|)
z^7~@lUr=wtdvddnjB^i|EL?^A7)R0+I8`;rQnlM@ijd0dytg0>6S%;gLoq@&Z7q_i
z#%DQ{BaKr?w(3mJ76TpD8xc(jk;ijlXQe*<*s}C*7}OV4$1%&&{A`hXEGp^_`PM71
z?Xi(jc0b4PaIxX$0k&|4XvLeTnFXuf6(Pgw)*-U85p0v}R6NhhjEQ*mIH*IDv*At>
zBcJoh{klPsvz2%H34;-Da~8gi0}882lZMy5?Man$KMRloABqM1=mT!@`RVr6VLn1k
zr}WIi1*$HPW>(cZwx1tX3(+|<NsH0PaA!L)Z_Z_XZYkcXHvuuo@@-bH<+7@&plFH)
zJ?4#I(e`wv;EAvM5+i-bWb$uamfiDLoUV^_kbAx@!tU7}draSP=gm4N<5b{SZkPI`
z%mll|#xmyiAy09#N)*;E5D&r6k$*U7`yfJ#Vr}i$aX~0mG@}5Im!V~|Sh74E3so<>
z{MRvjVfE!g`WS!0GwAjAKP{sp`4fyd8VJwpC97QL>(nnd^^w>*jp`rT5bs!Ww<3Af
z?iUV58Zrq%61B<$kydR>JXnR{on5GF3~#z#%_Otg?7C|6i`1!K&_{fKA9<pVc%h9L
z6X<hLNhh=lcx5x%S(fIwuqYx-MB#&&%nf9aRc|SrRZz(Htln+2MRd|37eZWa+ji5l
z)TcF`t6+JAf;!Un+r6S!zxvr(I;rfyO+E`#e(YfS2KOq2m)6)rs9TZf21)n4S1qNm
z+L@kt0yui@ae69H0lhIo&cOj`Rm?3UTS2^-*9!Z*(tMrML$^naGB>xCnHrcILWj&)
zTH+8!O+iv$uh+M4d9`PSUO%Z!@3Ykad+22G0sf0@?(R;okvi%k_VKxCv}V#8%jFDq
z5WaViR#Es!1~SKw%>A%yM5H3>Y~e71J!BRfg2N&pR?FE*OCh3f=USj1&TYYVsu@?i
zU(4tz2K(d0^+)!xXV52UTrMa0xcv%q{M6CJGBlI~vs1%dZ38o2Z)rg+n69U(X<0%`
z@>sEU$hLx1&35qFU>By{c*uYYkRi|mG=n_{@C?LGk$h9=BXyOr5$C^7+50*49U4W{
z@ZtmdY|Hxos(pjJ_Qd64Y#Cm^&>bg|3K?fn@Zh98zQ=pfS}uT`-nP9&Vx1!gC+*}D
zcFA$bDZvT}Vk%Kzo`$8|r33B{Si$a7$c7CJ?j%I)KT#Ndm8JK6@7hn!wYyZvKYy})
z-mjW}{*;W;x@CD|%Y*LoMnCV$Hw=a!pPcarCe}0Pbn<dJxgw1?FWa+hdC2T~-&V|V
zDn{<~#HO5;Yn(y3Gk(5u(FG`PZKR$xn<;3_0Jl_zDPchKb))Z>$Ni=~>z#-jmJYc+
z(nR5Rd}kvm&tIq=KUSfkNA|88=0#@Li^&aUL@DZC<7X^MvO38|OANJFz^>eGY@VUK
zZX=y-MBg*v++eq81%ZLK6WLny2|&afe7!`H?WvC)VyCQ^cv=cnyZ7u085wN)t~$yy
zx6_+3`L=4o6Kn8YZd9E4lO}hb-~SW0L;hT*_~%EZ=hz=R3Ci;m2P$z_xBrhn{;Y#C
zYy4-@S>&EKvn$OvR5!$fVR|3G?LFh$yY$O9^sE2zk3X)ww150xe|(Tg@N4F{59p2l
z_~W1BjC)}#{e({9j=yyDc+Z|_CvO*%C!7(SJMf8Kx)>3=_P&Wtns2sysYiA_>aW=q
zeuPA%T|%eQ*N@w>l7Tg|XSu`q5ZSs^LBu++jtACt=Bsw5AECO9Fs4<$KCj-s;*Te{
z)bAtJc!T>Qh-+&st%hQuGs4`9i;{Fo`LLel{8=0hf$53SaZ9Qyh6dqwCaFj>50wKE
zpP}B^=GHcG&#)xmj<U+Odu64nRkz16sP8&t^D9~Szldmhj6LTK?o}2qt+7lxGhJ%)
z`Fz&&fmgfDEazMKoUe|AVi-=YhV3zDd%R*Qsu6a^lqhA^Y+c8tW~KlfPkn(m`Gz^H
zr{rA2ThSQ2T|bs$<O|~HPwX*Qa^3%4alm(L_3v}>zrsHC`>iq7xlekh6YaJe*Nc2G
zNd}Ffw3%^YBoY$Ka2QS+;)D#b$XP&vmxj}$!2aN|-2e?PGdmN(;tXZ2BJIT`x%ESf
zK#M{hn{1I*;pCP(|9pgg&nW&2KJa&Sw0_#;?)N18Ap)EKEr!gyy0dS8_U{`?udvg}
zo5t9oRBRR-FEBt9v=7`KMFf&!dcQC%Rbq|;C;EgyAW6N~Ry%8!_Y&d_9?G8`Oc|Wz
zO2#)k)t_oqDz49daI6KPDVN*tF!9}0AbvLz%&IQU_=OMi1E#FcU8|2K!Tq*k#jkzw
zEiS9ihR@qs@v%YRkz~gg)am5)`dV^m#MmkESh6YheAHv!?vrIh@adV}1dav@^f_Pq
z8MC(i#;nc@b2U{&{@C$bvld9fnARR}EaSct1r=232$}D7mGaIj{o(4>zplpjejWOm
z=kf0;k{OrH<XVK`)2@4H4|zttY$4Cr6MWpXUuC$n0?|dHM9q+PD@8$a)zuPb%7LD@
zk59VpcgGNL3rJlgh1@Lyz+G2{Xe>H|B%u&y%m57_YPngQ(PAI4Ruzuyy55ZAXCnW{
zDol?GZ+S<v_xpSeZ-J+iyXIKWgK4$XLbMynJ0a>$^5`Kss?b_Unr?R517ON?txyU+
zQ+A=3#ZxEKY-f%hi%OGc%WcUBCkH1sUY<?YS!?lXW!1>no`)+Vhx1v!BlH7%Wchdk
zy-4A9HMs%(S^|}%qRoMDjJU0})w%1=91TiM7#z0YlGyiiOU4xKOfM)hQH@sg%S;wK
zLzYEBTFn-`wFIE${t%0q0I3T&RT1B4znL5{#_)GXWb*MCf_@<1CuV)ceHPwxS@H|q
z2#Yjr0G5<s!+y^IM!qQLDwztP>hlXj+JkbvhqgzJY0(M*_S=)~AIv@I;{dvY8y?+6
zay0Z6M?u56(bgCk45q7xBO~Tthtl)7`R)WBFZ|G+c%Qk89;-t840@CM^>S?WS+TIh
z6P7JycYd5{y4E{!LvpKVAhm<D<Xbb@ENne#3e|}Ar<9vkMWwZYjI@3yFuNVZ<x#t(
z1Q{VxYvmgQTd?+b2JJYZy=LEjVyk<=TK$5072DJGwH)>coArvwaU|G<^QeQi^s?(9
zjR+9}pnAR(H4)Qgc|IJGgJ`coY1>;}?j?um7Q_Z-K6EmvD*e*d@fuM@K)}p`l0}{y
zIasaIwB3n&&MzDNO#;^hKH}k&;$MjVwzYkhUGV(^ozI}pf)A_unqM%YBq!YW^WChV
zPFuui0(WJmYOXCX6|pQVtLVPlQnTGaA7Z+rIV-d0tJW=w2x?}4a-fOmr0vnZt+++5
z6@^yJ&lWf=KFKfmn{t<uuh!iMhVgZ|y)CmN25!Zkq%&}cHgz(`H#$sYbCjW&<(gR>
zkEnv`h0BWiqQz(R9*8WYJxzDLDQFTX?S)>eleMw|Ex>ft{j#+xNLrfQFKWHM<Np0j
zQT)E)?Je+ha@V{ni(^c0=u8`q8bJ_4u;t5?@Xun*E8BSylE=lgk(qSoST4^6$6ztX
z)gnKM``I31399uRUqYAV%xBO_wM+#J3AyFHh4xq}zrX9Oo>`G=*OM@<a@YQRB14bR
zL)>FeC+}`dZm=U<fUep)C&C8YaM)~B`n1b6s9SZuCx)WSS!ZfD4c58<nR|Rl4vGjy
zm26jp7vUSWn~~9CYDcWMwzpzgZ;YBPk{RUxOQ-c0W@YH1Fo-96^3{+GjSGB;x8};{
z0a(V=olKo<dns^xS(HrOQP1h|xQylf(EvA$I&aKn;X+Gb+qb?mOijMuhWL@(3?k;V
z5I0M)*_2(ba|9SUn!lIR@yho7ag4+xE8!F7Rc6<#2{vv`JXyJ^DC}ylIdcOOq=UN=
z1zjnnx|}U$3!=-Mm1S2B21UCxp#k>T%nb05sW_crN3_*SkoTw1R%o=H;1LmKnuapc
z`1s~P_`ayh_m5EjYQx}5jk?dy1`l*%^|YGbF0SW-5nY(!ORQKOu;DbfczPSK3Lp1k
zpxA=$%cZj0gt3<gpdHiR227VJCB{O`p_N7_EQwLtbkTO(0c?|ma8`#}g@t$%ejUz|
ze^IgcF~ev6RIK>=f2_H4YDHp^_{%+IP#BdhUH0IbGbd>|3r<LO-9t-KLy_L?JqefP
z#gS#UCZO+ZceQM23LlCR@P(Y8C-K^~HhF*Qrkk<mPTwzG->luqOVGl<&qn#^ApU@&
z=l9Vqya&JZ?z>xK$rt7at3%Wk?2=Z2qpe~p<U9er$b}?xmRoGG-&cw5nS8j((-Na&
zI`CFvvyMo`BeA1&py#Sv(%$kkn{A{-atU?ut+W+zY&^=FgUx5^+Jlljx&5;QPi}uz
z)<#G!ixPJW77oyZQ8g^<%s^))D7gjZberXgj~8Nt%b15kv3IIEy%B1o4E$`LuhX8l
zxdcYlpg05AzDQs`Rl0Ss#D8~2LjHN_0q7w^cz!E9aQSy#MMtb93}RL-3agE72hLCf
zXT9(=NMz#!<pRmsgp+~?b06#H+)-+o#6S$(DHU(Z%Fuj<YreMJlEM&7wbB<%JY;Q7
zUw`e0&fU_>%EY{!a?-5(t#*-j*jHiP-5F~oA(nG4?$;cT;fE#f2pG|HoWlvcIcKd@
zm%<M0HOnmJqbQg{-m1K>fswX5tV6R-H-N6kN>`aFPjS;=U^lBK-eg}ZO;6=6J{HC!
zRQeadiv&WizcMzD_}Pu)S91gK_G#M^C!R3PvsHB3)&l2TNPz_<&PeGfNT+O{u%ho+
zB}WT108+4yHhXV1W%kexBumoYSCJZRS6SU;f6t0@Ul8}>Gvy;uaBqPx(tFdKVB@0U
z7^VXea-Wn`!3eX&oD$+1spw&P=xe85l^}{vWp!0^U?-5VMMmp_tXDmMR=ZkWah+Mh
zR8fa>G+by(myxUWY4}!ksej-3@U;r@C$aH&b&1FK$rbh59oMVL6ViytM2B^~sZ(l9
z);lz`sy0KzcryqD(_;*<d!RRM8@86V>tG(ai%#eOXf>nmsfLsSF(jjD<Rz5UfXQZQ
zpdIhbnb|k_a`2HO`dx+Q-<K104}BBkn;T=Zq8NC^`70R;i!SA8TaFG?RUqlK$xLPq
zgpxLO=kA&~9nSp}-j$lUMYS>$qNug1Y*)9SSG)1HUx1Jm?Sgb_1-6I&;>caapGty!
zL=she`T12mxxRk{2gUSQIV#Gnt0_M7jlpO4r%h;U`?ciEy?V9wR!qEB=X2r6o|Jm4
z5^!~l_BgJj8~Px6qGn8uc^1;d>THrB*QUO0{$hi?G2s5byy^?!<ySXJJ~m@|-5q-%
zM---lq`r2hkzv<pm$xX%g~p<A$X#q>$AfbM55UYAT0GieRD44AyF^+;UX7Fcvjp;+
zBfA1LiBVyS3A&MXh4)1>Z?^7trNiD3O^mTV<W1V!*{A8V4{oqepjX-6F2`=P<?a9s
zGCivgOkcrxJZE>LrZx&1s`J!eDfR|9?i8VJW2_e3BV1!v>ueck%TXH1XgkzzST6RH
z>Iks}r6h2-x0>%POJlq+#b@g{ep!0I&%jY!R`8;l+}=LIRV9ZiumI=^D?*NhieQ@f
zU<b_7PHxuG24&FARI-wQ7Bj;QqyS(n(4wPy2UTL*6NYeZBY0*^H=q<qSaZ<969tU4
z(p>YO?Z8Y^H~#aLI`+F-?pq(>zs@pQG;Z0yWC?vb<{!~9?x8RJd3R$1kJLN(!jIsk
z+U`wahk*@PvQ@wL>LD_cc4{Jlh@hBt+?IuDZHuV(Lwe&U8Je8b$N|zp#WDtQ7O_w;
zyrc@frS?VkHKR)D7L8lglf2CQ^7AvwV@vFN@ag2ITVt2rO{xt`jx*1k2!~oIH(aSo
zR5*n+m+~;_be4;4zirnsd6*lDqo1T%Eh9OlxC@B}`VMTtc>xVsrL6~$a$G&vy5q=E
zUk7DY*RdPE(j|{Mx?Fy0Si05Z%0TryPcC=JPeOfZk3F{tp)W2tJF`_p7wOfxYG&ay
zn(fJY*rTSyg|6L+yPXUkkBprYX3*))PK6SnZ$uJYU`MrQUDnHNj^-hBgRGIBp8smF
zRdrUnuQ8;bnMEEE$y?~FOy1tOnn=cY4uDE=y@AUktO%2UQI?oFOB?TK%r{6yDTmEm
zs*O{!0MI1|o2kN@%Z;wkU^wh#t07abm&qPmm4_rJmb2_ws!=<dC+gdkKfk;1jxoSI
zWukmMS|2$OTmUZ};yL!%f^`Qt$XaJ$EHNaAsb)r|ve8elxK4ocmUm@mvuP+Iv?Ibg
z;X?>BGnSp7L*GtmCSP&Zw%^)*zoJ74n5ANAVD^zMzdlo!VN#l(RqcDM=;aOa^3$&u
zV~bv{j;Gb;c$%{eBT2AP=to_$Ht~k?tMjm&@#_kWH@rTDGjL6+R7Z+a1Ih4?>82rR
ztj*k3S6WwCA#!rgyyPr!c+Za<gHOcyfBr@MfIcey@e^m#i`d?iCjHa<`e=Igrv#~w
z`i=N8d%(nc0lf6uIjSaCgb_yRIkG=Q062%khR@`awiKpy!9-L6M*uE~xB(6;yB*eZ
zCRj4Oh;VDLjVm(H)~S88=5tE`6SE|;BYFS{lAjjR<~(+Ls^ZZ4z;E`s#I6a_R^xe}
z)>_0KqRV`PJDt33T}!NtsUDvrN(K^w?Iej{v8``z&$6;A35z`_hZCld%K~D6Jhyfk
z0Ro0=(&tl$(avluZ2^|Xttd4T_|QnrLQnF>Xp_Z#D)Rr(W`6oH|0HeZrMt_oN7ZAI
zJ#T@ZhShU(Y_yMY%n)G)D>ShS`w(10OIgaI^+23*H%}FrC;48oIL?Q3U3Xgxb5=Z2
z=lvF*(`VL}EsiBxyWepq(6+k5mdjABzqVIYZqj}#2;v9!fTnnZyolg>F}b3QC^%>>
zl%;aOr4|Tbh->q6j?iZySLj*HOZBWdM7#1lSL<nNRh?l2wSXJ2Rfp<2a!|la3kZ{R
zAT4BiL5N;WXs6B|xu3iZkpDCg|EEpmMRu1*Prvq&62POP$*aJ%%+#OQS(2Ea`ko#O
zD1V22>AL$nW5dc%+_{8@V{X(=Qf{Gwj>=M>9-(pvo!A+D2K-YlKrHI&Nvl^~VlSa!
zuTh$z4smH39W?EaIc_wxK@djWT3gUb=#hQ+{FPsmb^g8}t@oex`*hJe<To90ZI9JL
z2>@`IptjElf*}oM7BiaOq1)z6xivK`h@&h9$zJADZt38bQtD2)?1x3mg2WL;Rl`{;
zfu{C)jculVFwESOZ9(5LP>qt|y^-cKwex}X=MC^hf^V8vrE|nuRA9Q)*9EiW1@6Q;
z;f5~_2u#}bu1)0tg{J_UQ8A+-7QEKiOZa?V<wwRzNVIc7%FGVPu3PnN;bWabxcPbC
zg2#5G1=Tj=_-(0=_q8+Ml^ndi<c<^mrx3!+YsinL!ryMpy4MFkn<n2c6ZQu8+Ql!e
z>l7JLF04yw__zdOK#>;HCR4yxcbDWE0>G{@H-!*;13BNQ88TZ{{aT?kg|WFEv@1g#
zULS1;Zr3H`TSycWVJ8QEm(MNsYqP>H^DiG<F+Rz^9JyBHO5YNevR@FPPtvw;b>zI+
zZB+|9VFx^;8z(wu8%il5q{!D4OVkuF_>0qg7Zt>rSAA!|BuI8=4NxkqlQp8q_y3*q
zFGsCiPgNH_iOnS*>BbA>r3WwnCpVB0;bbJoFDvM%vw<QlXF9&H6Jl#7&@dD1Y*9!K
zPq=mhZ4qQS%-vcugI3lK#rjyAM;YL0K}Y$14ricG4F$hB%}t*hT`(|(E??!pz`I&?
zV=7u$cG>6kB)3kE_wg$nvkIOFFs?47cLjo7+nzk}xLrQ~U4ggP!i2Ys|GS5GZ@V{M
z-Kz#4RNJUK*R502j-LV0aR<d~pW4~gGkiNNzTWvi-@op%n%%$ddgrItwQl)DNA>#3
zr+eQW^P?j--X*nu98CF0X!={=%Pe@)ycQ-K5tZHvy}Xn2Xa!b$j>F4RIXY|=ZB|-k
z=2*7dh5;8eI7_S!;*^Yd3Rio#T?4h=h(($DvuJ9cg}v5mYS$|JG7OKybZjmEB#Xi~
z>(uP~>(tx+{W&rC`-NRbtz&OL=(Eh=2MjDPuuon2lGZ&cbkaa(2T9@V;>47ToJnP}
zZ4^Bznx@4vT@-TG-Qy-(mPm%MHaU+ECcdIPRS_4db!OQk15Cjz;|ZaZ8dVu;)lsqU
zq;<dcBlb6o-U}}Wm(=azF#WxRq#xkFbjID?vAP{q=B>A#FA>LX3nGq@^Px$GNQjOy
zR`XD`RC%F9)a+D&x*DUHQX@=k)`!CN$h<tE(T*Mh4cCr7fLJFI>G6CW{cf-KlSQbS
zTsg2l5$Noph}L`Pi!ASMOlISvTQ|A7+`?k!)ar0<1vw^QTV;ryj4ea1Vq2v;uwZDC
zHny`gb`39hbU`e0Ntvm8iqGRT9**I*Ibe7PFwOSdBXtjt+_B#j_WKQ)?~iH`PwW(T
z()$)e#hs(`_qi)yVW*Qfjj@i(^0Yq`4bDfNJjH=#+cY*(9o-YUSQ_X3DoYUlR1dzR
zob6-b%y*4zS@Wrf%E|n^k@<5`kjM2>Jt;=fHYbS34?=-{ZM=JBR{Jb2=KI;6Pnb_4
zX#C(B6*D5&vzw8HPe}Z%n>($JgVu(Y0E@|JjBbO3%+`U+<d}$>u*`tALa`O4qs1{X
z9cj}Zig>-EC_4nSf@Q_I)Y`PWRSv)S{h!8Kfe$$b>T9S~o#Yd6oFjn16*Z{6Vh8h4
z3Y_EE<}nG%dNWPAEl2hA4Ah_kMG0R;lAL5oNy%A9OCnX|cC-|7hH3LB9M_1(qW6u&
zAk?xRIhkKwT8}C^H$`Q{e7g<<JIhYtS5$1@KlHr?z6kzJ^GZNA;?QU6(;mwYyOXy|
zy`<3r(XkXqZzUHGT|u9+a7DP}%tP~R#ia#@z%$6FrDU48b%HOa+RjY8GodX|PAyIv
z=gC}Nj?D<Io}-JPAIO~o^d@5M=I*-FKz?GA1%JF#Z<;cm<Yrkt$H`$IIXQpBc6rwU
zcTe7Z$Is^2_gC4sz|+ZH^E&HBth9?2B>O_L^^rx_&fDopWRf~vZb8fg>8YKPa$5Ua
zQI2JXbo}<P=OUyAW-G~w3bR{qC*m*_=749Z#c(8bEwBqo{T6ixIx@EA+2{H3@{B*=
zWx66>=E~*&<ccxE?YlJ29En6MBc)Rl4iEEAn-Pab<xe|^Ij90f5Zi9U5Gl2%Pjp%C
zr(9l7`Es!WWj)YfBHB~5?O{iQ=<r=w>^B|!wXv&iuJ%^bcR#H&1U?kv{}%Wnhd0d$
zI4;D0W2f8j0L8PN;Tp4=@|Ss&Ig169tX0QSw!p%m*2HO5t+sqBN;5U0>1F4f@J)w<
zt+QU2CAQ^+W3ZWvO1Xo#$3`BTcYE*CeoVm_!vyixQt?SNKl<bQtT8XJ7tudoPi|l%
zV!3pkVVt?e=mzS$4But_RscNg2w6ncdHS64)&!?7l8o0jg8KinckNGY>)8MPoWDYw
zGIya|Kk|m$xw``-KuZGQ{pfT%imfCfwq-0kA<*vM{vFGY*p3}LA%))kqM6dzmX4$&
zoui|3KC(-)dS0wnYsH;%6P=okr`FM=c7CJwcCAX`Gf_s(qp^7~A1`B0bj0;g;wv#k
zzPQxN<&m}d;Qi(tV(EM^MdNArVXLN=dRLNc9X2la2S@5;a<jRONcH;k{%+K(6q-<I
zi>I~Ci&CxpSuem#Jh@cFgQG`%t1X-~FRl*H8zXf%>GVf8n>WS3$)`6mEG)}yc;_uF
z8MnBDojZE;P`jNJ3U^ka(G*XfuJ6Y+O>5n$pYLuj8h3Y-=KkTGd^xz<+8-WP+Iu~6
zS-5G##~U)zC)XA2p+cq3!-II&=xpCj6tPSeIe7>ouQHy;MiVP?G7pzK((F@Z40L~I
zJ=%P9wDoveP=`-<sK1RhG*<Vo8pp$aNvX6h2jpRUcwEKTx4XjL-u7+#VC!&aQ!1Qp
z9gZ8QDmQOx!=_<0ua2*FPfEROdi7AjjlQ|iH+Zw~EnrzCyoYR=Lry+fn{nQ6&LNi0
zx$B88_3+uChb}wYqtU*2Up2<!=hDEqHpW$aH!5uwi-RgYYkwBDo(dQD)tg?cQ*O{p
z{8(uZ+8ymi$A=AaG$D6FSKb?rclU6{ZNv=RJjP&+LWHw}i!BQ$K^3<6(h~NMP0;4C
zg=LOWNayb6@hvT$qW1M<^Wb{_q^WK{YFhPhuc3=d?R2+MQ<bf!)}{J+bGvj}Io=nK
ziPSW-@$h1JbG3hrZ%RT>->bsj`Br1l75Y!Lvl<GSi!%;?x7&FcQ&Z?-&EZ2jyZo;S
zBm|b0k!gpfz_~v-hfIbSyxkq0tBsxJ{t3Qsp6#}V>TU1y=13iu#+$XlN$a+8JUrX8
z&aC$5gQog$d%Sntn(XfGkFSre+JoL0Hup={C$e~_jJK+n!u6i8sof@s^Xk9zFdI>l
zh=DlE#0rP~FF}NYJK--u{HMTY`=IxDfD>PJw%ms~7)60|{?GbZj@{O$(uGpExGr@@
zN=;NslZVo6wTw66SRda!(1YFE>*4UBZED?{zR_-MPVQ^Q;94A7&Bo)?XLx&aaNoSH
zkUrFpj@!+n<Muu7W^|f+pVLbGF3OC6*c{|M&awDa;Lf5uU64ibr@g+mw$y?d|N7cm
zwgvO{>fqCTaR}Ac`NiY7dQ9)`$?jwCd`vZQBFTuVQd!?TEf%E8Q^&e1=*s4C@9|20
z?3nW5NIkwfIj!ED-yW2AF3pK4?BiOaP+e8%{gqx{yE1>W&;5m5$^L7QlHABkNG~Jl
z&IjH3YGDTXRm$hO&^V)r7~A7kwK=*fZeCcYTD2s%hn@R7f$G~g!~Wo+*}d96Qaa~_
z$4h!wvTDMo)06V}(UkUg%iX?y+BuWXN~e1x^wg2&@6o64!CjpN>CzN9?^jmqu{4$s
zuzWXpsC0J4t@2H)d0x5DPtMPFO5^*R9p%$?dtj->;h8iN%7t^Sh}2V2o=B(HW$W&y
zh3>~kqkgqXM_pODYHjY{HYKw*e{VQ})>G2{xVYS6%Sf`$TTcpC%(&F*Ww`yRdQ;V`
z>ZbuYP<J18r0(ZQK~?t3_r=<%*}1#f-Y>Vx!szaz)S5gLu7>-EW8q5ZTuQs!yB67O
z9F*|k@Irhnolan7>q*M`IT;tBEE!U%7?0-Y$sB_fF^9!}3o+pRoc-@d?zg{jQn7}K
z^Ce|XLV}5?Nd+BBL)b_BJtf)->JUXytd`5{e^C^p|BGU^@>`)?trp7VO0`n?O)ONZ
zrQ&ZuTtVHb$)YASeiL6@SG03~lVnRoyp-gniS8ab&Htz1hg$yb6aGDgQmp(_$-ufv
z*%dc7u!(p&SiX)F`7cz9g^2vu%C*Y7{J%!}@DH|6??O7rQDg!RJ?3)IG?A*C-y~vb
zCNlmKb1HoN=H8`$6)QRBBm-Z-+PW$Mj+2Pi!+lQ124Is0I5)t6P!m8|23_3mLah(h
zp4*>}Kb?F#JUPGkv9^wT;0xe1koWF)PR=fV<iS_)Col&{14tSWkgw<e?BR`29<cVj
zv$xkgKmT^rytS{+n|o)?3+L)zf{aFjW+}>_4u!RUZvYNG01<rs6UZb70IPZJInvV~
zEZ5p|u)9CN*FWvHFs10Urwt#0_ZS!mN(1D2InX0EK_Le~59a`g@^Ni_eJyftv#_y|
z1Ar<B>7XFyWTK(m2Oud3YL*Uq22p{Ij1eXl1%{>3Ts*^#uE%4cM@SbMfa7|^kP!I(
z-T4Mvd^t5*E+L;nqxrg!qG}m1R$B(tWTJxaV1S?uI0+P7IRO812nao_Al`g5bE;gS
zmKwPm%0_WNp%s!IEf;Q7pq6aCNGl-eNd;!Qwb-zDY~Z9w$6s0gBl=$&K*OX$U$KZL
z?AaIm1ggr*>PWNy3gv1<|5q!e+PnULjRbXk<?R0IU{uV>$XWZ@^$uv^t^th+I7EsH
z*xUd;Vt`%T--TK~r$H6f0h=s2bE2a<P@Dp}kw;VHD}3qQVEkp%Jo&d5Dg~N|3g0Xf
zD@$vFH2JTUBJy7ptA%&_?^V+CGY5o^IX2)t8)f!cB{0T{0-T@bn1I`zb_@9P0YFU#
z#4>fuw9PbNAZjTlpSu`f3QRa;IRG>aI02*w%z=Rr7(vBCw4UQw5tHb)k!Yev)4StR
z2ewvmiXlKo$S|;sC|H*fHL(V5)wD6Mh;5gEbxJHlLL0e{!jB(0yOT2NVGV(Nw5NIC
zW>~YERR0U~ut810`?se}upb&ky@jd**0CljmW=ElGI|6&C~Pni8{oTL7qk=;tjkz3
z!N#-(T}dHQOeJCxr>HYFf!5j7{ai?s?Vsu6pH2R|UC!AVesi4yj-jJMJ&RIE+y9kn
zk^Nt>Tq~8{<^MI(tZ1--=G}4TrUPxul`kx~2ly){(0sScN+dtwkp{a8ViPiCZWMAu
ztjTq-$LeT9J*OfQ%Fu-M8~~1Sk$-*$ykm$S+d}^12N!Odz3+mWMogv|Xx;H$4UnSp
zbRY}}8RqMNIWnjvNr=+f4BQyu{(uGexr(!oqgX}~G<Zx+On6KLtlcBYtb=?HDiqn7
z6xc<ITc1shNk|>Iopn1vbts`ausd;v6a*<^-C(zEet4aIeg^COzP$zD4;0b`c}Lvb
zt_rA#gpc_Reup}|0^fmVs|?Kq#fZqq|BO+AN#pEml&NNPRJX0V)?Mwm5g2awaq@hK
z&k&pzETgLnV>I+S)OEWfe5N@XRf6$9-&*i~k+h`#*GG~9v6{^!Ows>ETjxjgf4Nk6
z*Z;4P()5Bpl6X^BUaa^Na=6u`=is4X;vSUd*5~Eb?InhqNOP2I_T0f1a~v1HTy?zs
z<`q#a746xQu-MY2kEDFY72?-i-KdTvXWh!oT51vl_HAxa>hdE8K=iJ|iKWQ}6g&Ws
zaimRT<aUGuX9&vI1~$=&CZQa#cP?zB;AU`Nf9hWOty{EF=lBU_T7(w)nYx7AqWWfw
zcVfm_37?-aR?t(5#LIj3LQ%1QnK|OA%ng6kRy7BHg8pA}{WmO4Lq<lA(ERnkD2ie!
zy8ahy@A3avNoh*O9q5P&pdr9k3b4K&5w8ue<VH}a+=Y|K(G_)}RnxBEEtXAp)pT8D
z&dShmyfd^8Vvu=kU3LF<719+{NKIr2D%5b#+1NR9#<JM^7t<h$dnIEk*=l?uxcbW$
zvJb6NwaB$f)os8Uz}#A1qsG`A%#MV!x^M9AV!y%rYaIxbwHI$mw_<Mb-eTxI%g>k%
z?28<Goy)v45TQcf!GlFidn~{Qk6U$65JlCm$X}?#^(t7!S!!+B`B>G#V)6CbN+z-5
zn0Ba0CB`KFZdS&$S#Fm%(V_|LDQ>Aay<OQ@<kUaqQnYl^2o=l8ZAiMzXf9GDSq3&I
zdyePVHM%Tqhh9=-u<0RA?;RM#(gQbpkvqxzku<|JOCBCQvKKYDb}BMPSVB7zi`!2v
z)p$)sVbm5)zObbqVhtI-k*cLox0~r1sBsLnlLU3x#R@htqSLzo$Oh4a*Bsbswft)X
zLHR^eCTE10%o{bKCQ|DTfWXNzkLk(J!;H5RR?`e?mLuQ@&wIGj0xwg-t5^}-*g7X+
z&sA10l=wo4FXqE73e4M>8?2^|r6?VuU};hZpL)l{>==k5&EvHDMo^D;9LW2?nf&w~
zCrvND`)oB0sDpn>mZ1QS0`3NMPR=jb!ci9lg-B2t5Ng&76;Tw02Me3tKM%a|PtZI&
z^T|0A6Etr=U3}X+X*B;5{YMUj$G=RO;WDPSe7drK5gy1X+{JwkoRJ>D5dvL=G~gDO
z^P&2XZ5M>7NIDRxAqgLOX~N%A7w{19ZHCJSN5%o_d;y#c1j(W%QNh=*4mK!Kf%7!E
z4&dkS;TYmG*?<4t0Vb_0F~t08ic_f3Mn0}-<Gwv2od^kgG7$|-0o6JQO=^xIMs$P7
zmSlQxT+b}$1Otvelft1SxU-Y;_cT!Xx~4w@Px1^)102^i$e1DnNCShY2yom0L0Pe%
z|Ni^z#9I6JhCKyi?gwf~(+G=bg$$E6q?Q8%IkdV+G8JGm-1i9EW0+(kdYs`rioXYO
zW07$LK7AP}$VAIk5g-_tg;Uy+f#9;V0q1-ht%nulju;gpY>mj)qBmc0ltW&C&^Ukj
zk|dZ^G7!?}fS6SHm@b+Cs6!bWfU~tn42d~=ivWqy+(s-!SV)>4b9+6)G9pWN*e$(W
zU;V1Hl1uF2iza7)(hJtu!19Vsu=eb0JFlV<^Y*rF`!8TpdFGm<h-GX9+N#=lJJ1}|
zWA*<G4LeUp3c*#=Z$iL6qzOc*A<b5+>T_yU^_c?BC}(MAB&SCpAPrfl#AWwLDWso7
zV?b2r?LGpp>1tM^$T1{rV<<4id=|5ZK?^)usgomW(F91PE7I(0bQvWYoh^Q*qz*ax
z=Gkc3Z>_T9%<Ylbby>zHCK^<(0%AL>N=#h=>n^5--vDcY$okfDT@2kq+Gti)+%yip
z?VTL&e>(Vfc+zeLTEsj)b&zLocw6y?%gslOWXnn$(Zq)oNd_{Tc9sxH18RK))`ow8
zwGpWQHJ^CQG<<$$W3V;^YvIvxdEq@Dv9a+y7W1}ta|9x(6QNm<S~hW-r0+D-Z$u(e
zsa=}!>VcRz7GRqsYwmX2C*(V+m}78;=XP=&NsE$mooX=@9goy<t#!(-sI4xsq?X3*
zZxeZ)FXm&KkuM+Md|JoTi-zWnfv5=$)AL>&qY<)~bH`wbxRv6J1jz$nO&hWR`YOSY
zK&oy|8rZ0V=O5t~L@cGmjA3&qF<Z#SNX#{BLnLMmm=rU4G8+%x6iK!m=5swu1=G01
z)Wn#-Tx44;7B(x~0#K7PVKNqiV$3iy!EVvxU>O02sC{{y5ttDt>uL4d+Y4qg`Bm!7
zfXaIoR360Z{Dm)9F}w>IPxDsG@M2hAqEo*2^_;D+5q+f_cmz$vdCuQu(GhMSb0sL&
zm!p{iPOKQPL8RqfDCHeMx(7~3=>L2&fk-aD8pMf9@_ztyviNv-U7Q`2C^wf!k_3iq
zBU96Sv|gZfZ-FX#Pk)!RB>u;q#5C)Hur&N{xm=6le+s4d^Ixx$(o{T!OsU5LVb4P`
z@fa*mN`U+=;I9iUZ$v>ey|=YL4=r;*4E)5J#SgbAkBQ*(<%}q3A#T_ey%9eQOK}e6
zK^-%61+9ZG`TW-qHWqxz`ynaHo{f;vb?&o>RsIk5@hSU1_GYa=K;8+H<-ab>@h*1W
zg0>{%cb(!3^WUxZt%iXp=nVC2O5Q-s>2VH#z)Z_Hzo^ANkH`i)R(@9~wF`|oGpDjx
zH?}ScnZfhTG$y@^<@e`a)Ife~HT~1lqU*o&dVqzFf2P0xr!;f^r&4*x|Gr8}l1^uw
zmpc9#=LK@#D7C~1A-AN923ye)(opaIr%#Z2ukw1)>Cr6ed}hL|-YZ~Ftb~2MH@{x$
zIGCAj%WdG}r6=3L)Yn~gmec<W9sfwt|AnF`7H9T<V)b4BzeY+C=aAQw`vtWB%TAKG
zy?U#IB+g5p-x4c7fb<AWJT`+oTb*32bn*cD*Un-V7&fQW8rJ%@4SfJjG=>wV;1xoK
zmJafxLLTJZokrfRkaKY5{-s;I?-b8(u$ktO?w^~`wAiW<sfVY|lPN@;y(%SGwnd=4
z3l&?p84d-P9IphQ%%SkfsnRVRq{q9h36!=szoF9mY?<@lDiffWRHZut>+VSTH1b%_
zZ_LOC<DXM_K&ZK+U`U;aF9)#h$bd(J$GRUgv@^5WU-#oN4v-_Z0^ZIZ2m)~)DubVb
zHlDMcc6eUy=tDqo-8Q`b$%pBQ1=jVsnks;0$#S@0OpGDc`Yg~aghIrjLkIE44k8B+
z!bcBQe)wSKj6o1ZPYo#yoM*8AEXY*<jDQRM3p|_wiv9v%bGN@fay-~)4|}};B6k)Z
z?r>yEDhANKIsokq!kEv}^d2#QGwT7?z(@DRs=?$lYVFy{_#>VYaL^DY)-3dA<VmQP
zEaN~WGT3~a5{+bV4y|w;mydmLW@#E`ucCE}^E@A)Glm2&#MjDR+nUhmmt&IWBaZ{R
zF$?PV74fGr(i25d%+CB^yQ5E+#-4iB+KP5Q!usWW@~qt~a8+;B_(kBV$rw?up|KcI
z?_nIgGJt^10v8R{^Hy-tdHqR)i_VsP0bDdI7}Tru#bD4GLN5b@&LOu7Fz77#7l1(%
ziLC|<T8Kq-7P5drQ;RMQ28~%d7QuqfxKUpPei&I*=C3Hp-HGJSFOJ2FUsN(eMpHT)
zSwt3IKz>Qc9v5(L&ikF_WS+&HasOXk%s~g;MrH;Ff4{W{@;$v}%IyCiLu?A)?7xcz
ze>22?YXvdt{}<o=|F4r~HLX3w><@QOx)}n%cGl0Nn-BtUpU#8;y!*)^fJn*J27p=r
z9Lkx(zdE6&BPELR2fMKJz5!(fKA1!%z|v)CB4FoE4G)KlIFFVI8GB>2vWPJg@t+td
zPMTRSjTFbv!1zo_%Xsp9oKI)@Wqhujy;`Vv3H^Uhx{G}ZA|?J?s7Am4S1eYG@85rU
zmGt~PS4b&Lj{W``ia!;EoUZ+|C{1XYgt-dC^<9u5(%dLf^5L9B4LO(h22s#2%Kha*
z(5o4Z7}RnuW|QpoMMs8;soiwS`z3;(*kEznyrXsfEwj5@p4}=(-7QlWU8WXHopduT
z(1}c!YK4!-j-ar|(3A%GuRmpOx?tJA_Y_Tri?3#;W=36mtj#I`Q^0r(6g)Ie88PK6
zo+7{KwCLIbF`WXRNq1)G(-A>Ge_N3PBN9dTQ`F%s&Y25NXRhCTooz=PU=os%{6`n{
zh=DkEmz~?dMEk?Z)Pp#PJ@PC+r`16Q0l@MAAB8ddTFi95IG*xYH?`}t4Z%VJp4O?5
zI4K^J5kC_`0i!Iaj0i5nraDELtN@v@V%!9?&_h9J@7H^v|K|nzr@sS1ph(mX#0GcV
z@Q%n=!iW$zz*8u0wSz2)3oR`~A`vl_jG1y#Q{YQ}r`2KyzoxB8#Y+JXn|Mq#J6rt2
z2$(VOBmiKX@-`j{F)zR$4)NPU5|)UNZgDk6V(}@EA{0+cu0I$J@~fR&WlY2><B9{q
zX{GL(mj_$^2fQ>d3A3d7!zg^`anR+kB%4$D%(m6<oDMk{e$tc<?h@ZQ9=C0N^N{U4
z|1WQEE^uEX26|B)De*tC5<UM}sMgBw@xNC|A3z71CNeY%Oah$22IB$JK-a>GJyC)8
z`f)z@0kALpQcHIbICOv%1@slt1**NT##;XmU?2sWc!b#NuLAd>Cg(l?4fWZ+6Rhh7
z>fuKuI}WpdZ1BLgCjrq|NxMlvM+Q)^hWH%cIRAET5(DKvfIa8s=~sK_K*k2m@qK&W
zWB+xUpX0kvhQR)MHwJyd{^MQJktR$Db)hu0bih8qpZmzuv7Y<Lci}MikvCQQH!*NO
z_wm2E58w(Km{=5iYBXt%*9~%yBs0fj89~9xZjk#NKcW(mk?;<!cu()?J^jk*{{jF2
N|Nr8-(_;V-1OV_?QC<K5
diff --git a/chart/charts/minio-instance-6.0.3-bb.2.tgz b/chart/charts/minio-instance-6.0.3-bb.2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..41a91ae9768a6a2bd540c88b82c6fe838a24122d
GIT binary patch
literal 45476
zcmV);K!(2`iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0POvFciXnMFb<!;wbuC#c<4TF>^7oCPkNu;bsfh^oH({?IZ4yr
z9tR>J2{lD904Q5Yb3glUVIsjnlcyxDc+N^K64=<-z#g!%u`$9SCRH3V4nq&s_J@#i
zcLGPjzwYj-*X#AIc3b|pUa#l>+i17j|7x_iwwtYXqq)8HuX>~1Xm0)s)b9|7sZY!}
zr2nelx~+WYzLN)rA>oi?60%MOfF2(7U^sAnG_JuY3a}@?y+xGCBH*tI0030MYcX#+
z;OyY&V6S`NHtWrHwZ2uYx6d29)n>g~-}$Wqzz_u^mkn!p1P92f9l{an06F*M8vta9
z4xng&8K;wm>oekxa8SdPggqEu)<}dxMq=urnyje)?aaX-ZH+{TLQZIvVIO&r-n`*F
zq|SKDt-H+%jIbtD2aLtfDET=POCLoj^ik+x#5xs&?;watSOI{dh%n3vopb>4aHm!)
z;;M(O0>Id`Sa&zwcEv}`qd4O7)gE|(f)VfpkAps;Vh|5cz=`foWk^K3L(U`CsfoV2
zm{hPQs%Br-C{hGrH9Q*B0x}@A*N4Z4Cl^<Q`Xfj$-6$MXF408%mVIKJP&h!9Dj>Z-
zk;kj)i*Bnjf;i+5hlt9;XasT40X`c4x1_i$r->qq#Q8Be484jqixLS|(TE8!2I&Fj
z!?@>qWRx4g3ZF!%1FVT&N$4krv{mi(+-Bu#^XPp(rSd-@-sK&(F-QK_Tg|P4{BJZ?
z^8X>8`;<L+fEe!pHiXU1txl`uZEt)1Mjvf9cM)p#+naE+@Ao%%w>;GB_uJ6#^?I9)
zogLWQZSFLC^~UzD*KBNW)myt;JAP$=LczAk?*K>1(cNmJabDl*G`Bm=ZFjf5wcXxs
zZvE!`tvU8?pB(>>VGtvB#|GeR{@-dgw+i-OYrDDP|A%<i*1%KLhjGAx8hdFN$XNl*
ztN<QGQaiepwKZ@|IO+gS019C*Kp>6=6#58|ey-YMz=tSIz~TUbA!Go8Fdp>~6&3V1
zK7<@x;UEA#B%1J1M3E<09pF$v0sWZA6uIE3{(?yeJQ(`eha53gcL>J_z!0P+t*Gsh
z(Flc{2@4NWABO`8kmC{RQ#eAhzkUkVtyFv>?2(Rb3|A^^;GO6Vr!jhL`h1Q;C_pPp
zFc33I1_A$V+x<})$%%ah_RpTm)(kmiSq%akD85@+1Ls2od_63hE?^{xe17)kK=cY~
ziU5iN1Q~KGS(Jn=ui<qh&XtO7>4VQ-Dh$yv_RyZ^kvQa{!W!sC$isasC^|%Zh$w(S
zmjh501Z+s+z!w<FejvXB^k2Fq0cbC6OiUH%`{F->Fgb7)0P={5`hoyL6&Z5ok>ErS
z+m&Sx`yeD7FvI~2eT|DCs2VG%0AU6a1p;Db=0QIW0{NYzQ4~Oq5<}B*Dsm*S9Gt{L
z_0<rPQ3N@*=l>PvLkY6!*4^D?U;vPv>60KJSE5zZ70gk{lF_ATM8<Ny=ZChk271VY
zVr~iO#&!im82W)^o|HU3iUKkb^Ic4mwtFop(nAvx`mPyqHPnY8M>K>%Qa3crkmX_*
zBs4JeDjk`aAvwk#2}9(`5mM8?PsvCUN3*gQ#Ec`F9Xmbm{KpxXvK>PqZt+9`iyY2+
z5KqR4QtYe21VCB)`>OrJ(+U6)p}Yfj>$~+z1v8FGhHv^XU}8QDA@xy+{El2Q7Cr;u
z#f+2DUd)Gt;!koapOOGen+p8?hb*&}EJPhBrb0C&f+Pb+f6eo&c`Hbx*#ZC(^B##q
z|D3{pAA7Qq$!j8ecy{pouzP;?{^I2L=)Gg%)m79y2syP8DnV&L$RI#Y^0^Er3oGk4
z07Jr**hycBwYLH()?S%U0a4Pn1706=UtApgdVX+rymyo-BL=4gqS786&~CSK-vEdx
z;lv|B2b>>u3tv@V<*G3AO{`{vSfTUuSk)8afSAThhFn2o5tM69gPW{XF}UE+!x0Ru
z?`H0c?gzDy)ntVlgX)iJT3<Og^6gurP}aQdP+6#XwH#(p{ZY05HM~@1Fh$6yvKt{*
zO_truVwluSQO&>_qX5yRsikTygN&*nkVxu|xT&!Qy60zy`{&?iuqU_)kT95lQOsi)
zi0KHpVp?7J^x*9EVYhqu_8_UyBYX&=0182gu9Y^MQhy|QUNtE6F9{h5P)<N4{V!@*
z00P)ULHct5Il6)qtM^hKR@sDcG^z>pS1GW0RZk1|^Jn0`RZ9nDJb^C?tWh~i02_fT
zf4~TTEqtpm!Z*OVG9sZ^4C8Q6swa|3)&XhBN+m@6iqOkMBa~J3NXRJ(P6HUCee6@Q
zhL-=U)hhtta6l1bM~VcBL{ZeyUDjVUMdVkd%Ru1^^nEPI3WJP(sz?{-5cj#ksFHDJ
zszKJizj3o7Y;@&2ROY5wLf}wBt|)_6*%<n(pi5#_85y;<2F|oEA<+hM#-GE1Fdlqz
z6$S+Qx*?&&5LMpVit*Z3l=M!06id60m8^$@xt?qQqBu}gn{>co|CsPoiWmxcMRjIh
z>RS8>rPDxKQ;HszWhRPSGew&;c_1*H2$?h%rmX3e>a|1!Fyv9hT~*DCDMcX<CQ9az
z5b5t$RR&lbiK#3Nb_wY;4uY;MrzoigNVi%wRaFy*eX$hqhRBZtF%B%X*}xD{^w<n`
zMEumM^)ZVe7qvidV%10hxe4?VGjKjcV-IHFB|kdgGmy)PwY6kX@ha{i8X~c1)Fe{Y
zzgU3^CWJU-ddi`2EM||irpJ(Cx!Uze*vEsID(U1Va5XTojJuAI$CWXxmZabkO=L5^
zuI{36Y+4gbg0hw*AYlQyN<5^k+JiNkD1nB;aWzxO>h>8ST%sUXx|0x&um^)+qSv9}
zKrZqm`l5tbXvnpUfhS5(0Yj1H4MWsgEKcN5efS{o`S3w<uw3>-5MaiIeO}r-NjV9|
zbpalUo(i$iNnQg0o)S4L)XGOJK|*2R`LQQug#}iR1JFyAK1P8LWCe~wUoY8`eo+`<
zANXjD0uo8AB%3lx3c)}rZqEn>=o*e9rCSq(J>sKkFCgA!rvoN%6xe7lFfvktdmdu!
z6`EKwQK=s>6zTg$v!$UcFh!144S5v#tg32PrZg}Wx}GYBeMRYHx(hx>axteC({gCF
z<425p%!EWDeE>s%uCbzFk;gcZV9MvYl#&U%rz|xCp5)n4%(xH<Q2;%$rVo8Yfve=L
zn<2R?%OiK-CP1sRM#o}k*@$LU&B-4=q+I;rLyE6<W~KfS={v!QNhXlY3>b$TDSy<`
zG+AgevLOmGvypMZz)vBEol3eGN_)@&e^o2?DoJCi_Vdn8PR=jhbPvvc7JrF9j`v<4
z%qf4m*X_PLIeVJaF)u8<%sA-ToESohtR@i%1dAq;%N9pU5}gtftg{W}BgD)mmJ(11
zfe*I#ts|>2@c(k#nLhE%TIe#FYqdCHoFX`?QPf8ig&s<Gem&~DLp}=DB0_@y`fzcf
zJST)AfWtnaBkkY|0TjwQ?n#*><&>ylmJG79iN7mxi)L)AQ=$H9+5lonX9XBn*A_EF
ztk!%O2;DCh2alz?4<?}D%Fn*g<+v9M#gzHp1{!e#?3i$^4>Rs2pCG1`v@#>K-%E^!
z^zc~i3+pY{oU6Cund(Icw9N`!lR&hrte?~oCE6F=wAOGP`J!4cshuU^m;~_%F#tJ-
z(prcREzmU~tE-{tTBnGr_vLtsmOL0i5A%tHtEvHtKE{agDUF#n82*GhpizI0r-1&T
zx5oDa$gH`V&dg-WdL;Bv#92+(F#oN3qAFrFIWsu{kTK$6VM|I4Xo!<KL>0L+(@JrX
zLhG=vU8Z{@_=$wzAb^Zx4?Gc42XwiZ_v;5wx*K4>dkB1r$A~7CPo*0ZjNl~#ET+gv
zzU#h{bB@Qbt1)*kcVzeaj87uufCy4JLL5;o-n$lQ+~gxmFa}SF$2w&@|0(&Z3=dch
zUa>0bv8u;#RUusK1*BISL9ymn^tBoo`DXYm433SXxHyo;I5LB2JH!_nQZg3HP;^xj
zYe%85#K=`u@C2(_E98<v<^-I+-A|}eM8R0bQ?Z5*jIL$s8?50H=ql&HU0|vpEsSL1
zl_<k6!E-MJkWx4ig6YFK36Qciz%pp-RgFLxjj=R=Yr-huRT%nJo&a4K^^DMA!r<XT
zAv55M89&0IcDWl#t~adYY7BamFa`t#5d|UfQ35u_gmu90;E$4F+Y2Y)!!hv@=%N65
zoX}g)05XOLVKpLtRp60!Uuw4nx}GsFlLc<f)Ygh5j6qT;wuCrWL+lMRBmgAjM8C%z
zcret<{@FOl#cvkSNGx&HR!F*LHfUrP$JUOITq5@&PUN?MWhgvvib}-;`_hdwnK>F9
zvP(H8(i%gO^4dT~)EW*Z$AeX+;*ft=4SY37gaR0HoV-nE;4;H^`<bhD4Pgj|D2PBr
z(O9nu<)#Smh;mPb0|h}2vK$(@J5|C0rbAhpgMC9XV8Z8&#h_3K@Cb8e1?DAGHQN<Q
z*qw1`f&@bP27nP7NpDy)F)_sBMX@kD>h)3bQnh%4s+r!L69180nZ;C$qQDwm^R(nU
z(NDDvFP$Rn5=WANR8(PjjD)>3!i>pX{UHno2=pe(;z+^t*>g(bXkUI;jyM1rI0?@P
z;jb}MJY%*>HUEj_Aw`@|QaI>3LZNI`P&$BgkXUd`nMVQPa?Qp@!g%lFARXGZHSpw#
z4uQ~d6Kcc`wVzS@=paRcU=8DWppU^oVE<T-wC;*g&zf@kig4E0#^D}&!-N?sU}fJ+
z2)PgaS#NE^b%2wlo0A28Oyt+h77CCyZx08UW0aXRJ|&U;TNwI#M@Li4TT9%2=w`cq
z3%O&6Sk==n(F0;K=n#*9OavEeiIQ?xYCXOuF&M!K2$AyNjfk&3Tr64Ni`NKoFd;ED
zTSWH!7Xz$ZFNt6>4J1u=?`+6t43`vNrxcHIfClJ*c`(p>uJ$(OO@~#^TaS#QQ%VGj
z*d^6Q`&k@vJVH+s2RB&EJc>v_1{2VYD1yF_GmKMV=-kFo(m<<B0u__Q04=wdQm=v9
zS$i1ENg=5^ZuNVL9hF`A>R<?{H~qnfeKXn2KrBYSlr3sh)l;j<0z-)|&L$Jk0P<@k
z+aEuY;XD!KLvS@jLYpAUFylf6zcp)ks>{jv7>0dR;Nf+)A)1w?P9Yz5Ku!6ja?N$)
zo@z|Pd7W=wX<o5nLJatj!;GW)3epgVgRGnSoFeTk`S2k@K)b>}d|+`;|JL#YGJr>;
zm`fk3pt_JG#!$@r`~VQ<p(vpBVn!52gz;)>0c!W`L<=#w`QYQebY7`WDqR(#D~Vi0
zQ8jV0CVd6QjV|=(7&0DA01iDW7xBs+BzF*H3{-%wjm#5GQpDmw#va9CM3Ij@)lC6h
z`99_B&@}0Qn)qN1QDRgu0Kq9GBgBU&W>qWPig^@9YSYAz2o5>W#7`|{G466UAWpHz
zriSg9=%2cBC#At7f=|k^Lf1NK%0ranKK6vXNcg|#wY7@nU4CZq3N7hp>BjS;uJ%E*
z$9ire=nVl1ITc10rHDl&^p&-oINC+)N8M!W@Di!PiQ-;>y$se7#M<wbIw4h@mkj0V
zO*AiX0>+36Oa)*a-X$Fa((mU5Sh}-KNF8Aa?C&uRQcqqo!d&^61Tu1BX6s4NDRK;q
zuw?h%MC~kSs_*YT)=k)Wh?ytWJ<591JSxNniG^iv^;vcVn?O%J4n;4q8b2{Wcj+qD
zp`H=)geX<bo1X2%eMGr&h8uCe@MKwjq9l8rx0*30$+&98AorgI$n4P~0Ao&4Z=*fZ
zS%8K4qW1EBgrWbVbQ*s6pjSM5F(-m%A3lh-B~xb>#*9PCl|fHpF1na)>8lRAL87qt
znSRo7qd7W?sZL@ZsU9U<Fcv}>QA#KSxUUyKA>qOxWJ)URTLY;h75N0L@9%ABkA>zq
z8KS97i0Q)wfHakbhKL|jlW2d>g!m@diU}vz(AaDtN@O6HpxqRh9E>gs`qeHTgvfuK
zgr}+n)2W`E`?iQ!a*Pty#cDbtr;0+4PUPV@HB?Msz$6A$tPzmzH4_tIQ)KF{k86)0
zW`J=N$$^6bBVt7wBC$GvRPAdG0@9P)@sd2q7t&MnvDD;(W)UT0VXjD|M#z_DYDQj`
zkY2hodNB_CG;-G)LagG>MPoS`R4ReMf!ggA94z|h*>a}`S(cs6mVyc95yX@c1~Qx>
zPyy6BG;3`Q%w6vBfYnAYgacvD^MF-xScO%+>XJ}$;=tDLYiqf90IArdh`JJnl9Q|J
z<hHwA@WzB5C=hz%VxNpgBs^A8P0BZ+6~7=-wN%czX~6Z<<8FSB%TMB4B#O9iwE-|Q
z%?OUxQ^9vLa7IwZp8V*lP%Rx7<Fc{mW}+A+B!QN)Y4Q;=O4{@h<kH$n4|%8^L=_Sc
zS^{2)%xSx=&kUeD6sHC`BTUV2B|UqwcZvAZ<E}jqRCu4|rB|KmK07}xZanW9^{RIS
zfI33kQ^6s~?3U`5B#rcm17Gb;>wqsgP7D(<{gqvPuxubna!z`pqZL$}nca7V<&glO
zx?(=80TL-gJyV{dfph`HtcoDx)kbM~-8mx%3bZMj9y-ilYLbi~GTdOIs$zyHn@1}}
zFJZ-Kb43SLuuRC&{>gFo<mljHZ-4)w+r4;o@IF~}nNQt={j-B}^GPWx?VK@&j&8w(
z8A$ackQ9hWWb;&zuJTjjzZP;y26N2zTg9AE3<Fk^3!r`+RILNYwH{>Ht0tcq;<dGi
z_|;JYy&6fMozyq#Ps>Ma1qrBGwy(UN&I$DqMgAFr{=^Zp);Wa~1_25j8H8Y=Z+wEL
zK-$YAJVv1))+r^u*$#x+?z!}Rpg~qCf<BgiNmDJ3s*z~K)~hCl*4hLBroL-Om}Wu*
zDUtw{9F_7_A}>}5vX+667k(ek3`P&x-P(-)CICTFdsesA2_hAZp-<45MKYU0iv(_g
z7+r<sS0_bE16}y$1HT5&gkq@x1F9@Q^urPEBX8mb2n-3iT+r!gdCihPtAT-3m5|cz
zB}LS9)TQ#+JjGNhpuAmYxr%gbbPMdA9!g<m{BU~wrMKybK>rC0VCW%gv|1`<4;85_
ziLMO>eONOYKR*NLvDsmPoTE`BZ6-=$j?6IyWswqQ<6=xmVeY0FRMUO@59-*9w7%5B
z4qZn?pM0}B>lSL7BM{|vHC@t1pAbG&Rvk;Ch&cftK1e01!unKweSE6GA#$=<WYgt<
zK2UilETc(R)yE#y3`!i;etPCG^*CjZb(VNtr%fw)Ml%8Rh-vqka=7IJpJn;-h|kn(
zXYWlbZ6^IWq7AE%K|zMbC9ji%Mg{vU-FKAQfD8s&N?6z#!`fDn<@4=NM#2vtWQCXA
zljEu~r3GmNGGN772161~MkHpslKPE5O|9@T#z^}pSR7HITr|!pLVKZ!>lC(C2_C|<
zhfJR#WlIEq{s1l&027U@qUWl0Pz~*q2cqm}N5)$^9p~`)*@^SmL6pA2q3?7Y=dr`_
z2ss_6S#LJ0^>($seco(z+Pj@r%iV6*>zg~9?cLv;$IeKsYzLy~UJw{>dfe0Jau|@u
zL|`B(#$suSiG}IJ5v-*tljk%&rC%csr6XDT6qxip$hBp1sKo@-$St_+31o#yMno!q
zv1d2I%$a60QHeD>b7<tT-1Ge@!Mt3q`o+o-hxx62us$_Qjrx~Ugfc;CYN~I@Q$*vu
zZF)+vbnGNsE&zwVaS;sVUOk9(8Rd%=%dEr+<>@^nQH-Jhay*vXVMLw<PmN6DDVBz;
z+A3B3(h(9`yeoZcO9!8Lv7k=Mr#|9BKhJUn*jhH_@|qBurZ3fqBB6%F`!(}Y?ORE?
zlA}saBxW`s&92i@ftNadKnduQRgln>BXe>+7t)fd6BC6XeLhmSYR_lStXkw2i1zj5
zz@%)Tdr(-tS-sQ|t9tiMS%{Wi5z14nzVddc6<e((oGgYp8X3QUYGM&-m0#{EoaBxi
z>*UwK>Z3kMrkAt!ZeIlXu*OMkq>~C*I@%mfQ9c|U&~LorMw3Zrx$eS;4+UC^)uZTG
z8KE`ChT7^dTwY;{ss8Gq3)baIFA#b_u%8_#eTgR4st+iMxnc3qR7r7(m?(CM4Bgh&
zz@dyok$pBV%{#F`;BWxe3B>~}<Yo^I;TRLT@mL~ipE3~tPfpvdDcajd?motF;wI8c
zW1@=5b9L%G-A=W!b>3)KTf5b!JWrR$M<oja>(KX+4`5#yp!b5_f2(vvX=#(DsNZXB
z!v0pH(P;1P>^A$Y&26{?cX$0p&+~VB{Y@XD?MAETZ?(O~CfY*1=61j5_jY#rUbDW_
zQxI)j79!MKGR-)7D8JiUK(-iQ53&wusu$U#W7c60==)SI{5spM?N)+Jz^rp3muS)f
zH9m?2zBLuR?_Q#bitC2L_#|aJNGSwQ`egGUJjzP|SnkpkKt##)#6G$Lu#ZBnqE%Eb
zgXGH)K_AgfVS~Z1)$@Q=_vNNzbstfll3|2HtBQs`>3|<Tt1~UH4!ReIPY;gI56|C!
zF$F#74Utt1T}PN^@r2=|12#u>X1|QXm?2+`ck((Q0~-*f!t71Yi2(p(AM*|%{l0m3
zi6$~c!K$|=#f!CClWT)M1MAOlfIwGD6L}V6L!RXbA8{FlB7~l$pzTw2QbJ*M>LZEZ
zlgCGsHe-eW1Qfvlyn5ZWzw}uKIUwT?I>2#j0(r+8eqSy~2%Wg#6`G{WdD%l>suCH3
z2aX8`XDJ?17Mvyr0^PK^v9N11V`2Ot9pDHl+NsrKndy%5&Q7ylceDz5E0>1`h7H#`
z$m=*t#~L@Pu9cK<K^Ix+6|b(YT!}+OiCB^+wgn0~q7lUm)zYj5H5~frT6)0k<|B&w
z___le<05u|iKt4@cvX9=%enesn><M^sVqq>XOli(q0WG)(wVs&MO3b?75FGR6DG7r
zk>nN_utj?ZV?L~DXoc<w?&|>O|GhtXa|ZTKPtQ({4#444@Z#X?;J+L*mEMz>CMd{%
z4xeVBFujYFgQT3nHozP(wfj{7M-dkSys^oodN(RP4ml2zd^Li2@~|H#fTF7Cryz~o
z6jSOf4OsvIVJt&mA$HB*_MB5u5@xSAXHSg8YpWr%={7CmA=@h{+Z{(YS&+r5VLK{d
zT9ce8WXr^^<IDtaW4a`Gm>_R~Hybo@z_D0PpB}tcN0;~aGTWs#EMbtvn)+*+?CM>X
z<VEg@5XHpThpDNwgh|X3gyq)I5P6pXbEZMM*<M6)wcDsOFneZ6Fie4cWMBa}fY=s$
zYXDy5rLLMxd+)k>ax>-jr*cFk`%jSyc`)fV2{RE_B~bN_x>i4V7<=!!)mN{(IavX(
zm<#2(GHKH44JB;~(<}`AQGd(zH6!MoS)ET}$K+F$M}s>#;I7#sYijHSo+^(~rcJY>
zmavj(Q++TQs&W{ZHj_s3U@u23%b^;qAfOz)!>38kEfm&#Bnh8v$LS%;w(5c>Y0iXo
zoa9a0$RyXY8?m>g-8_nx`0r$TZhcT*GPQP<$<H$A6^EwKh&jie5W~pqcU`cjcJf}?
z2IpEv2b9&)QoghnCzmL+B}-C^A$2}MmH_K9izV9|HM?P%|EHF{?$`#qqb>H5fQv8=
zv?^4hvHaVbz*=XlAXW-KK-9|h)$8u#WE?R|?Skqhn&{Rq(ZqIv*r!U2N2~nk(3*9!
z#ZXR^+shqyQEL|BPkkS9T=K2t;MiK}DZsV-vAeZdUhmTL6>4#oiM6k1UZ<h<+4uQK
zd-<iGDXv_=RiLu<*g0S#;;*v}wflNxr!!iUsR{aobU+VMolwT|ku${OsIcjq^_ZI^
zR5DAY6~toVHkAL*PCXfwdFoZbgsNhvWYTHUrIG8KgD;#UtJ)Np^=Bs#%9iVxi*XuO
zq!Xu40}6u(hq~Pm^J&F;F`M+rb*JIBT5d!4{|pa?9E9XbMo*c8942_hBC0%crMC}y
z$>B3WB`kwoF4HsKCcscPp~G5C=#ktg>md{Z<-D+(6Xvv`=;gi!_xwpFNa+njpeqm0
zQ{Nob1=4jXN1W*h>g))u6^|h^4MP!l+9~DIQ?>b1tmOv>OHX#%5@DJ^m?95mh=UTL
zG=s;d9-%5fO*7>z&D4`L`BPPEYv70sx(HHlC^ufGv!`C#FUOYw888JLM)(%2nay?I
z8MocG+t@BLV+pCtC%}D;b@{|vWTGn1NOIof-g*Cq+&`25*T5-Zd_a*c=Q9&b4Sdh^
zbJ}<ZxJMzK)FKT|7tf6K(gM}E<@W=KN9Q_6ZhF>hl-mr`wwIM1^yV^7*PSEjbc@ro
zGJwQ{d`<l92{&Q-pCRbKqnM+U&_mX@lC!p8%6VH0fevUSCud9eYWkV%Ja0|suBrSr
zgTtmC%b${Dp_tZShVWhN1nchZZs}>p!u#^WjQxE1Z$leYbc)4JX+q1C%XP8h{47Yc
zvH_9aAv0)0!njGvn8x%f?`kdi`&=HuJe8ijsR=^w8^5Y<c2PXnWWcpL@I&F5;h!Wo
zw-{OD6T+bv#6Gfj|1CFm!h4mqG)P9?ev=9rx3ZRPr&C!I65+3k+8D5J^J%DempJr0
zdI724sH3hY5&Re<^(GOC6}_lb8<?Lz10N57qt*fraO`Yu4sb*%M~LKgos|^)1xAPt
z5LoxI$2T^>moJq<MlZ9=l1=B8y1mPDc|DS&^JrGNB!|}{lP2y_rPAwhBm0UOOec|H
z1OOoAxDP$fEY>Lq)S@Vrc?O)OW2qOFj=*U@$L4K5X~6=OP&iI1Xgn`s8g#%Ty&3TN
zb26WtY<^+aB#3u_3;qI};t}}r#Z2tZjEY)7of673b!!0`;P8==R21<83q7;nZO}~I
z7)kf!+0SQ`jBFK@r1d*P{j6%z3BIjtx0wuiYW}GNd0)ObnX1xxl1CtqVB($mS_s+*
zsLQT2F>i9En3uaxY`0q9J+E(9H(S+4{kOtoQVer?a(3PUk9O*hGOu5pbkEZ%rde+G
zsHfrT-`a4eG4@}7oWJ&+DSxLYcmI#kw5)b~a(>Wt`8B_N8}sgethY9E_y25eHCwCu
ze;(rb{JE+Oq%2daT<GVS>pX-BCAe3!sPSs5^QI=GKxaHo&L7ASYX7lHVE{vU=Dyk|
z^h&G*g&D`i0-VNSsI#gIgm7QkO4gR0Q*v5Qop*8tt`z_-;~w&O0IJnA0r%(6;0O0i
z-^6m9y#Defiw7HfHLGVvyMx_!yVVi@2>9pnG9%0|w_=M;Fe&88c2=XgEmOBQR87$%
zfCQqFr1ybkeYf6GcbF`OWfn<MQ6U-n0!J|b`p>UDIaklUKU3xZ#SjG%qRi#dZLflx
zBmcMC+uJ$$zqQ$FujKzjJfA<;egtDY>PX*o9|uURXn!6FvUo$(0YBEHOsM@>Ik=8=
zcK6KHOY%Bdx1!5cfv>_}^UEQ%hN?;-sEf&6N>^PuDr42f8YvDvu+`GbrEc8s<7?nl
zRZSzB#NP_1eRcE}W^RU>fR8Z@R4y18MG{-L@(wBJvOE`U2+UcMF^-W@<`|SZTCGk9
zL5kG66X|=*FazuQh=4wZEqAvg<ZZZ>!@jw@O94r8ZK#`f)pcY%d*oZ5wMwqFnorJj
zS(=jc2MM|Jb17}pVz{4Tq^e|;k1naoX1~lEA5}*xI~zzuamf3?`M<3Cf0>hmsW4a&
zvL5^5JeV>!^ZBXf(^V_gYM!?FK3J4>bRFkD=C4umf5$m&Xk9j!XU>^Bpt#iyF>&<O
zwW13q`%xm>ln-=)?ufz*&Kdo;b})j!WZbqe`kbE};9T6OV=`leIRe!uG&#I97jsod
z0XA2*%ic)0<unJE?yswi#u<JvwcBx|8*z=1iTj2Od&y1d;v0-2H+$wLxmZ}3zlAD)
zfsZlaC}+DCq3AP+)!sw_GE>SN+$^Q4*{d;hJz12d`EFNBaY}r{)2L@$kEOMZ*_Q3k
zv05K2G(|KcEzGL-I#Wy||IisTt^4;ra~71f`QEDTo}ti3R7ig556s=9WY!aI<qeYu
zV`d;sB_s!|10Q=FI1-+dI3^;<hb|{BA0qWiqQ=oRcfb#FcVr%cO#>NINSM2a3^;06
z#R0DBhGo9+C@^nb-6F^uJGsK^y7XUwllO2GY?Rf@F1C~D1D@akcml%#*puM|FVrdw
z$aD<g1)@k<<QZj_H+%ATvg(W{+9806&H@159J&>Kopbsry<b+Ub9{~b1h}IQ8JGjs
z>0P!u5|PbUle*5aoSqhA>tW8`W9;gECP^T5i&4hJv{w@A*@<QE+-xM^b?dHuJ#0=6
zSbr9%tZqI@uDTtK;!s7eC!36lil&*bMqah;R88qiXu<DpWv9yd)@BtgMz0D=wcD+V
z%@5M8bjL(hu~rX8SQz0VHFq+-`u;s+Q~f_M!scd4cLGPZ@d3^8|Fqi8dd~l|-Q3<@
z`F|eb$w^-`;$rR_(JKvzG!{Z9PsHKCT-GygR8(NZp{iX;Lm;f^hnz^!UTm!nGg}Zg
z655E81(R5m&swp{ZS@d`J_<Q#7nJK9&~}ChSvnirvS1@7)@^1}`S2PAr5JQ0$TX!J
zQwE6};w1MFi^5dqik?{>fNJ(~+)PdR#S~P9C2p4GY}ZOKO}Bv44yC_sLn+g_<Ohud
z6ChI6kwn(iu{$C@rfte?jWiAp@?j=Iud3sYrofW<zpXBTOmNbSN}@o%Vh?(kDD(>f
zg6ZY^*(ZA~ZuXHGsta$E39+0`Uk?cf>u415$#VK##U2&0u<lc@mg8Tvk*7hJ4IrIf
zIabj4n<S8KlK(L~$veRL(Vab!oYhSF=gp+mmgiLauZIUc7!GO!3i~jGRUfipk3i}#
zZw}6}|LX0nT>M9~+1Og`|2@c)lc#Co#cAeWV(h6zY_DNdV(#fhX>sm2*=zDGfoQcH
zS|Jdr*(aG+L%c{Jc7W4xDyDVSZ1U0llgXSXn%{x@OeT_ejyP~qoN8sY9FVvA{+>c&
zF8^c3F_CE-2*sbIbu7=eVwsdeDzO3N=n76`&Vx@nTdgf5=EZ-tTe<!JR%2^(YsLQ$
z@o4^sp`V&2V#E{n&%PZ(>Z1_(Q$Cw`f7@$UvL4Bl)w72sg?~u-zw<M2WNDp0(8(4O
z-(B0umH3^Vnxl&(6?8kN@>+<_&wxb%=2pRC>py2Jxfk_Z^MwM9!rq)MI?cHhO#r!a
z?ja71MBOVe*`$0aZ4j=`V8DW)Ee|nE)~{yQLCINpDcq4Icx4Kh)VPG6N+-2<bae90
zUbj_cIxn+=Q^D2NnWiM6O((mu{2?dvwb4p(=-~(knc_|+QBN&owLE|tgS8oC%4Jn`
zD%EPWq66Tne_Kgk{@hCbXI;-Fl3zXZ?7!`;t(^R?x7&@C{C|k&ZsmXSS?$2sYG9rq
zTuKI(PQ0RN`ArGD%<8{{S||3#t*SFc7A_1atuxhty#xNA#`eiGm;dwe|IMwf`fC06
zAkX*A|9=a%zdgGz!sb(-Tk(Gq-7(uEG>`wcnyozl*XyhEKM(SV*;4xvs3;zAC<a^d
zpt@-WBL;q~*()p|D1IoH6hF)n71_n$w9@MCxuO^ls91R1pKP&?*etq+%4`CfT|@EC
z@*y=v!NNkLETs8C$N$#+Po}zkl4q{|Z|C`cd%L~4;{S(u?n(d4nQ?zSTAX;_uN9z3
zbsH-{LAaR}a4Y^FqX5zQ0$@J>=l#F+Msv0Pe~{;%_+QP8`x5{qGw=JA0Ge305dj*+
z@-kpS{?{(kgOJl%EB*3kuKnL==J$V_TlE$HKg3gJ|98{DE?)rLNK(w&3(8slIRq9l
z`>m+NDZ48c&^t2w@6_u5N?Q$!^1n*hdb3F2`Ro6@|F6+(to(lu@|5zw8tl7d{3Tgc
zAuxqYbLZTudT!>qw#c)EXp#hGl3;GeAu7Y|B<4L5hyJ;`=Tay7R#pV@(JU=pTJ<$4
zoIrWN@t@28ssM~|b$ru<0CV`ivE9za|2ON~Tg?^!Kg6>nbKB<vmgnoYnDQ6~S`(ME
z_f%H26Y+idB4*@*7JruKrCGmtJ897Ilv9gAa!9rGlz<(!pHR>~)Bx<02GdIZ1?C)b
zC~aou0f)Iw+qIMSn^Vs}m@pn=5S5vE0&EiQBLP*X9eGHOCd`6mol=m1<Vj8NLkYAb
zsJp6eDYoNDe8e~o)%|Fhu;De39x@wc51HvxW0}Kb=5U$LizN?(*ay)vu&peq*<kUK
zIPEYV^$^V-_AMMvvocIBqe>Q(|C9u%heIESgR0D$IK+KkWuCW)N|?X?%gg`vR%7M=
zeUK+7Jd&}^hyBtX^xTXWuyFcoUxj6zkpMkWQ)TMTt&ZTDI;$$;i_RbkBdjwnPsO2P
zGV@v}BrQHtp@W^Ife!P$4h$zT_8(PPtS&@XzMRF{GOfv?mLX|c(tN4I%UEZcW_n~X
z>em|o1^NHRw%@<z^M7-@-N@U2%@zMY%(JBZR~F#=)oj4;(*8?QqAz3v=1MPb2O0o3
zw*|`}+>t$42m!yPO=#fV$S#yy0JdEiQ=GNL%x#-GS@gJB8zD}y$7))inZ)J`TbRiS
z*BfOYzmeg%V3u+Xsc&vl)q5hnTq_Zx9tyd>^EiEE0u*^ig7sQZyQ^<oY}Z@M(|u|B
z-oFL^jgDQK&UKFbpR511M6W{5p*I|%kXL1b40-9oVn)F{`@dCh=k5P?W99#OkY{22
zKXqjw%wjLZt`~a!%zEHh&78et;yg{}O^Mo9$9%kSQLoNF>5#@fK8y0d2?wmD_pMZO
zpQZ|fdHlawjQ?sjSN#7VkKX^;^L=JtrK5*7jRNgKrmh(stIKKB-q64E*}HT-6Cq?B
zBL24>`>7%}<ng^J6;oX7=+A%8%|!F>tng7=EdNgB&A&6}=yc4I-uL~tGG70!^ry_^
zW=iO7U6ar4hujwLzbn;h_1~6E`u8`mv|s31p8tb@T$w$$D)T6e!~o1P1m^Ak)SLPB
z|JG{#|3FWP{-4If<@Uki*`YElSz-Z{&#WcGx+3CR*Xw<eZ$x|NlPFCrWb#xcDVU0p
zTuGbVOq>`fj}-&Tu~3?#GfiwzG1k7n4A72sQE$bp7Lu++lyKsapaahLPb=1P0yH+&
z%?@)*HR~&5>L2?oFaMX%3pm&QEAIa^>Z|+@5ArN*zum2rw`S3j0)7dJt>k}RU`nyK
zTTeVwdD%EugQWW7Zy+|8=6{`Sx9X#CQbh~NfqDGDwUv+m-P~-i;{P7xd2s&E&L5p2
zPEVv;*m{L1{wb_`U>ZV}7~$kbLS(a55Fu}#o|dI4%s9`oAm#wM?+kUf<Nw7Bfw}(Q
z&HVarb9;6E=V6|&%l|hs0dAzBzc!)2(PwG?S8`Jra0^F-%=Q1Y^ZP%o?dB@~_k%oN
z$^K7g(XDwuRphoRSHE!dBp}{pc5l_gKFvhw=R56@kW&(z1~5eX*r)l7vzlh;<KhsU
zy1Z_)UaLEKXlvl)_~<>5h$eTU%bO4a68p(@^5F0^Qw?2vC@Sn4S3zTI*KKaLUH#u$
zt69K334bVYjV1Qc-(YRCdgebjmH+C@`C=Mip8dDo%CG<0t@_IU{~*s2{{Oqy0V;{Z
ztyg~Y7J6%7Pc)ZYf<(Y499`mYi8bI&UH`I&H}m?>fmi0zYBw6ouM?N%{~-!SRgM@p
z+yA%D|JG;~&VO%hZm#@45Aw)lw!I#gMu)W@Z(jYCT(2cBWlQqk8llkn8LST>dxa(`
z7)O6}Hth4GKUi|)2D^?L_`OM^bY9=RFUnjkVVdXw-HWL*s9?C>%4oeigY^c+YTi(t
zX`;?DPZOEGy1C)*o~7l#iqn%kb4UAsjjip1{nu!(;=dl``R3w3)cm^ly}_HBU^+}y
ziOWcc%Ny8tcEXS;MAuz8GUq-_v{|G6W$J!}r5(&QiSla2M1J35t5YU1xrc$ick}<g
zZTvf#5Hie1Lh`2#Zez3FXx_cPyP5o7?l9oo_5XH$|EE=NuGaq#@_cjhpOdT#&}YNG
z`!K+7LU9zu$I|?tOTE8H1js!8FXn&SYOLb_ALe=R{h!kL^BwE|%#91vly|$?Y?j(!
zUw!?$JpU)*%nOHs&ei|*eEjF;W^<MQ{Xw1^=>Pe51m6A-z&!>3f8Egk*-JKkfvP@I
zK6B-Ehf-r{{!gg0xDRL^|8F+7^8TOg_KN=><oQbRA2_Urcdqrb{GG7^EN0KLyJ5y<
zqDu0mzvm#cx%?j?L}i|B6msmr#ZUdG&piHbH}m}8Y_IJ9hj~hq#!TUQXX*u(j%NN-
zgy>#ouFQx4HOcRmkpUxaH1CvLtD=BA(kWG!%kuu!ZSk-1Oyz%_r)1f)US-c5{%^MH
z`Sbtv#`Y@z`-41r{@0_O&-1mo{x=G^Ja==});0IDra5s0Ix_9fG=%K5S%Ep}k!G$c
zPr{W+ku?+i%rsdGH)JP<pV^%Ly&pivj+5l``L~^E39;r39yf$agl0+NtZ8+Gp_3%s
zO1+P|wv}PaSVa=Yzre?saFh=|NH7);Lmovu?O6KT&bOB7Wbz}qcf+8URROuqhyrQ5
zX|gZ5qJn&wS;ST4tC{dbfqeL`cqc5-xfMmBeB~bWE>Y;`qj>f1UH<hljFf%K5=?<K
zFoe)NKo3!l`$C5!SBH7*#hmOT%E5X_I9Nxch)-r!GiSR*ovs|>jg5T&?OuuDVN-jc
z=Rv><G|a=82VxaCVn0*$Kf2}=Rw+_f+T5r9uQ#@~i}^oS=f5B1DQW~c@MmV+)B8)N
zr@*B0@(2g4%Md|FW(abC3mlJx99?q<{IId&xo`8C%Kw*03gbQ=#8lcpRi&qIAPDBJ
z{|o;A#`f0A|Mwt|wg7xQ0FF}P4sb3Jb0qhsqwjz|6v}s9iwW=-7$G`9is_YRw^s<`
z^x7pcYf6>_g$Y*S(u_KZ;KvwM7^gTKJk?c%MTDp>FQ;Ic8FZ;4SyPZn%C20-+V9z8
zcel?}{#PW;j?n$w|I%zW^ZWmeW@E+w5AtaKUrz%E1-r6DU-uynfU^b;&dyHGI^dBh
z@CaZAd=yb6jC~(49C`?hH{H71*p%CeL&!i6p%73sB4gyc;8Z&HK+F($l&l!!{8B>V
z5fJkbLEm+9=7PpjE<Ex}4hz6^tV>&CLlOr*=pn!mpVp@6N|8ECU{R!;067IEND&yt
zJcdCq0qEKbVur^kOS+p-F4K!roY&_P*G1QuaU9y+Tu$VF{+v@ZHhc#-DqFJS%+xY7
zw1id<C>(ddUsbsPMAvd7_4VQL;mO6>$;tV}o9@Bc&qdu~qvEQwVz1C7@6afMJKgJc
z-<_O2od;5leh#D|&)OQ;Q^(Upfj*(&H4YC?z_|n@?;jOkFVSQ^5fj{JQ}Qp++iIiG
zQ$1T-)1x*G0fqiT2qZmS906;>u9gN5`pnV)w^{Zl&usnQs&6-P_dhnaTAQo&|ARcX
z0GD&Y9pO+q^qX3mYY|W?%@;|1U+#F<DfW%<If+!V-(UhF$e4ER15Si?hEWt?<cnW2
zTR(>!_2Ymc4kF^SvI{=ai?z(@!<=l6h<}v3fupKY{^|w8^a|PZzwIebYwcHEm!eV!
z^*HI#NWGkLH`0a*dk;b@Snu*u8Jw!l=Wg=IcensH6GmKGZ2l&SSu#%Vm}x6bUMgml
za<R|8KqFVf#7X7ai{z~byY+g#xb2XIAcM(J2RNL@$SEx_M7DWiHKN0=9N-K&kDPo{
z(>5w>5((&j93W~NIO;}G^QCAZO|Mk4&4fpAAo?dP5c#)DQA8N#gigShFP-$gj|Yfx
z>rk(L&*1=k`QjK@r*RPIdrcFJ<Oe~L<eLMW!~QYhrxY<1@(iz=&L`lCHl8k>E1`He
zON{wIGUJfiGE(B0uA*>^DG5hnT8|;cV!DFN@|Gngq<&F`%zWGRhZ)8z01+X@-8dyB
z<R=HL2bl2<AsUj6IOYCe*8ET}9MDcVEstrQNa7ijARZxhifC6tNK5Cx<UrelO5>2@
z5lZ$a^Nr-cr;W_3S=cL7SnUT8kIuDeVnt(GDk-}UB;Hye<vdU{W}HwsK$cw9erucH
z>d9^WR?GH&8_gNW17JAR-hfKvg2H4fEoA*%8EXP8P`d;nvyymCe8jRlf>m&ap#P3y
zj!r_)-abn<fwC3M@$bU!r9#cZ6@L==HR{iCVYIEGfpf-Wk@47>F&w$(%*9<LEv114
zw{3)z0MVpRdBz67`hFM9g~U&ymP>nP7r2WCVP9V9GASQ0{qZguO6Fi`OX&=~X;Zil
zbQ%jcjdR;K`&V}Cg8ijqrB+xEP$+{L>;fC04!(Q=pTErQV4=;DZr-qOvpegNkV6~_
zxj(Jf(~1<kKdt2AbeN9LJrX3tu@MQ#VA72!g8n`U8K)43d>a2wDSd;9nE5#(amY_i
zK#DR;%_|2uHRXs(#3_q=*~0pTC@Pd;aUrIuod#?O8{UL$z%*#1(CxB9Q+vBLD+p^Q
z3JV}`v*vT*EGfydh~$dp)-}d$zHW!SY{(x6*Ab?Zy#P^uKBR~ZN#JYDr+t<<ED3As
zl8m(+;Phhe67i?U-NJe-bxcbuHE}1imYY;6ckY`*ZeZMYTW<4l#v9#7kjE6U3=rj$
zc1jR7#g*-l)JX@!6qwr=YbIHBd@_Q#)Q-?!=1rLbcdGSm_u2VrDU#{ul9^)Rs5(;=
zCi?wUv}Q&#D$p^LD}o$g`Svzovuq)L?aP%<fwt+VrJ9R~{~CsHfW*oyzv?Xc=m6&w
zQWyj%m?qVPEXE;X#qm$R+=e0n9-~s|=EH4(GY%<_qXKOG{&slxkvH)IRD!tvavShM
zB{8Hg_AL@8`+4bx67i-0?5WGO^Gl!N*X){kdd=*dO#DMe=vh;;@XY~^Wcg{+F(88h
z4vP$<-`{Gss6M^cE8*g-$$r1p@P^}}Dh|gt9>|DdBJI1fC2ZlNP5&A7W_2LFQtqwt
zbriZ&C~+Hl<$=AHm%-0%Qx&^0RcD0mXcAo-t!ujtFA<ySI!wP6-G}M7)P-1}#HH4d
z#rd<)3@WH%ilP8}P`Se-3g(Rr^GQO!FA=kyipDwQ6e5qDlpZ<PXWGH^L*Cn5-rF)e
zHgAh8Z^@P}8VZej0Y)L8*>t|h(haYz$*p1;d9Jo;)Q!sWl1M&8;MMEy<7A>>2At7E
z9r>zWqKTsiXp$ZS5R}$0=1_Q+FJQhWVA`x&&Xux|BV}4siDSg_%Iu}i60<&xh(G0R
z$Z_FI#+CH@A7y=-?O|KQzqTOprux?Ac-E$YpQ6^~oGE@Qn?9Dy;}WsyE}pp#9@XSx
z&W%#$obTwlfe6U`%=dP#k7scYkB+gN>E!|Q-8_k&y0x=sYf)#9^&?f9VY2y>m~~?L
zh*^G{meUwXFl%ezG${)h;&D{insqZaWJcYJX=`skinnv*T?V!3YIHW4rm~j0Z?hab
z`(qwSd6jp0pUjth6(6(9eHcLx^U3okg?ib~SzTVb6OutSS6~rZE-nvmM%!6!&l8b%
z-{LYF?e1Hju~U#&hqp6<GOf<uf3a2O-M77%nQ}v}ouUwJhM21t^SaJ#ro`bMd&BhR
za28~yf}51g@~Q^$oD$`)m=8l1Ed_E+!ZSknVqkRP6hwbPB>F`RW^0Rp4CbqeBQoeB
zNWCH0J3XACDFQMmsEB|J7Sat0k-Jt3rHw2(pKsmXjpWs>TYWG&rJ8$S0j2x6yxzMt
zT^H7OOD&{gA189F%(@V4Bn!<nF8rQ>k>fzWSI&e}`snwj@?wD-^`Xo3yGcE!S`SO)
zwR+_7N>xbyS&rN6J<pu&X1Y4fZkrQ_Go2PC)f^dLSMIG;Pgz*coM}<o$zu3Txe=**
zUxKSE02D3D(qVbnxSF|0rw6wUIMa`1=JKLZ7nOy_Y2LcfYJ9n1mU}^AvGA766uf0n
zQrh-1p+onB!7>3^_d@>pAzHU+cA5#TIcvW8Jk@|Mn9vEx1<mK80X+*ssqvgQpM_nT
zeCjU%y2K=&O|!dNZzxzdTxd+Kyub>>B2j@r%Pkmyj{kp<eXh^9%BnEq{14;m-)g-0
zRj;Mbyz~Ftja>f!#`acYmH+QSp3in(k3kTV&{g+rd6P(9^r$w<Mlf>87*UG-WZx9H
z=G>2{QLNx32Vs5G$03?iS`@ZTKU>0oo{@dTD2amHw-}?4!KAFGG!8>V7wx7hZC!CT
zqm#O<EP7vEyy5sS!v9yocD;oNn9Kjg{C}<1D*xYuJX5)Xc@#%{arV!bpUM4&!e5Q~
zH71Mkex~qj*3TCG7CB!%IsSKtC>Y^ENGQ6qDK<a<cRv4bqupw)^#6lAYv2@ej%X+k
z+p3WVS3?wnUW@}DhXW8n?-C9Wb1Q4$e25ufaU@gO12#lK00sf+snohS96SaT1(4%0
zl9>^$_b~J;Yam1em6>NfqNtCrk+0T%|7XJmCt)xFB$PD;N+3cM1UN))#eLen=yF0)
zWex0;(TIfL?S2>dn6ipHz`Q2^Rp?jT-X~g<|C$%WK~4N)ezI{`O9AzucNs^Zj|0Ri
zKf3HHs{H8o;AQ1Umye>#kN;a)18*V4Bxd07=>e;_5hZ^jk5^pmBUn@ADEYJEj+sY%
zRQrx{807f>Rm24y?zWA2{NLJa=lH+1*<9)W2YKxC|CbSWeKf9(8!(85(4=$GbD|^z
zfH#DcSK^3qil9uWuadJ2Fs}gduTpRx8I3USfc9piQSa^g+i0uhLAbNI?L)ZL+TPys
z>YKj51vmX|wCnHc9i@oqq@bNzZGibO?ztWr>9ga+zH!ILR5}4C9eKyD&RwCw^gCd@
z<<{NScf^$s_vHBh>|pQd>jQV>-(?$f_`lg~=GXtN_GV+n{}1u3>D}o6^Lv0j6f*S3
zy5TuI8n|qTQQ*rg2|ef!P)(Pr?ma&}`oGQk+g7y~#Au^Z`CY<EYpXOO8vru^!3#VX
zf>T8MgpQy*OVkqz6m<2L1XVfzeGrE}qTu=Q8z34Ow*a9)tVgK}4rLVS-sz!`ClTbh
z7odu?9ri}>6A3}LrEj4&8y)5nRPcr&-AzuET?2*!qsYPthkXher?JOlisU~12ny2$
zfdD}oY8wUy6OKJrfuXPRlBjDA<cV`|Md)QfpwHY&<(U8=j42;+hy&yUpLp>Ih00?N
zB9+l=j2Y(O_aUMd<$dBYS7l?tq_$D19EO|{KlWsr#H#gFD$*j8f*AA&;fzxlv230Y
z5&{T*f0bNNq#EkfYMDEWHh@mT0b(Z1K0ZX?_ZKJ_rFaS9>ayX6F$uv)p3R|drLwQ%
zsSTk;MJdBG=%#3Y`0$|z*|0J+<pA`3m9`}j`pGItr=$^;DwTbTAQuQi(?2;0WP|%s
zA(b?DB8FJ@NTHXUWs^119!}LWHBJ$#ji4Zqq(kyWPH`5??Z18;1QU7g4F&=7AM2QC
z0J8%k3EasMLDvG+YH}e4&`B6W2L7i4K((sC6$&W28MP;=q^5-|E*P*4j){-5Sgh;u
z-f+P=5mP7}C>oidZMnV79s>?9MHd1>E&)`@GlVVtyZSC2LyJ(b7m!|tf(qZ71!lut
zDd~rOa{AwgY}g}^`sSj~<c0euBjL^3n5q98+pW!_|F5~Z%K!Nw&*usN&cy{qA7e}r
zb2{L6<&@GpVUDoqoepp!7^1*=Y+hquyzD_b0Bk^$zku-orSE0ZnGSHCKnil7#%i4*
zzN+INUmh>f)RcCf->{7Vg?$*pLM!>#Njv!uR!ci>-QBuLmne*erA^td7w(cUK~z9S
zz9B0twb0sW$v3OXhFf>*H|QJVkQW>4X5JQiRsrA-@i`NE(9umg0cJdzpeZ5%IKrmm
zhXPXLar)LGNXIHYn`H8PoShBHr!SAqUui4q<hP^tkFC~+*e`jDJreGdfKUOS4tj9C
z{uneHjmMz5x%n70HY`LEve{YS{(nHG17LQ!v^!c@8;sRP_a7BKc#e;hUs_XLnFD%i
zgQuo8sDi8&Uz3eF$j3a_S7#6+ekh35Xl>S;>Xn$k=Y#|tM@|RS<x5G>Fb)Fsi|f!8
zQE{ueyS=mB*sV9V+VX3F!^;v$BuFQ)HmBx*C}+((<wAc8Da(=FxkM;B$D{mkI2;a`
zHKBlZzZ>fP@wmuhMm^>ytYm@`q&?^jk!YL5+@ip&`I$0Sku}q~`NQY5`j=$9Q`p&&
zPRZ043p#y*KhvtV`dFS<MlgzSm?IR(@SiS8qAbH^K1xThKt+%s!)>|%MJx_@X=OnZ
zbS=I)$F)7D@cm2f&6hm*grqD&9)>{{gkAlQj2z%5=|-_r&WQMGlo0jAs&0UCy>b{w
zQITv#!ii~OM8bd~6qb=k-KwExP`<mF-+xr55W<N=ENSR--(<YAMO!)*(rvKhB%wXG
z1{C|JBuf%UjO~^M<I3rPmi7DEhywk4B7PS@%emdKc$y<RhC!Zl5($yA=m=gvg&dv|
znX9J*8ug^L(ut`^{#p;BqOOIW6k_IUNW#p=KV!yme_}qvm=pUmq1Y_*%RW=&#~wN<
zWfsSSfmfU}&IrNKnL14+PqPf4gJjN#_wsl`=}>FF`ka54>04o#q97jN@NM1%vIHv~
zAfD|<rkm(m1{%<Uf|TDP$qF2g(E0|bf)Tu4mxB2sBtE)`C=qMz3z-o^6uMx@Bcabe
z|4Dj3|Bv&7O89y4C+V^OalUM1X(Amy+`zwJh+@RDMbv7Dm*HkjNGD%OeR&3DylTc0
z5i=GIQ0PBP8vp#+thv5?$pTW@N45M<J9=UFG+TqBzEr`^UiQ6^KY}ak>Btu~8y=x&
zl#KEmCf;|4xL;6O9CK*_IBz0R#wqAXY5A2Jj4NH3fccy1LfB&@i1~M;340Tc?pO!5
z=IFrIVmfeZ^IKDbkRteXm0$oF|EDQI7LP!00@jVT*Z^7;vepHsu;0ht1w|ghW8`1R
z>Ab8Klq<T-N4;{D^qQg=%f78Nqt=Y)gu?)ITi{#`5I78bBo6)WL07I+;y0`krN2n}
ziPC@S?(X)+_opW3Efu#GQ<IzZGBxQmM$Vn8$(%A95{f^Oki+0ERN67&$70gohh}3#
za+PEbRrgmErFXW}Ye+9q!G~sR$*-dcIf*XU8;=2tM_L8y{mTnaAM3q{<#GIrK1FDz
zF3f7w+bj@g>p^Q8f*WYUrF2=Vem}}=Kc*Cg9K4aV1?C8KQJ1L=no?y30}Pq;db5m~
z<@A)ZHbX_}WIaORfDa{WX5OQ+;`gZygCOIO5-*-p=nHXRJG2%TblW*Ww>wwR4YBW|
zu&d@_zV~Xeu#-wVIft@n!117j={+^DMLr+F>yqLl98QrOC6YoIKqaLUfn^=F`(g`f
zRB+vkmsi+Vb0K*f%4B>vOf2+_)le?OVJ3_6G$br<Zl2Whq+BEr5_2OKEjP38izBCQ
zO-53-^#fw<iz$(FlF_W`#|V0;j6E2K-esW`Asr&*AK|drp}Sh3XmPAk7z-ghKo@cf
zEFpx;1!YkR=4Ip?hWw&X0y%*>OETIv-0zD?%ri95^D9?jwkQ=ghmfNK1fElJ#jQ<V
zo@|$WwwVi3<QLhC5z2Gkbjev4M&#kp$7AfrsU`cRD6X@+%-8T5=NQJMs?K)DGHo;d
zzjV7YSGrt8B%+|iXq>=nG-Fo&@WT+Y;VUGhr9)&OVW-{Lou<W=@tU1P!VoH83gp@I
zCy=3nW>zAxP+ZBx!fUI?Wk%Wj&NS=acxMV+G$~FW7~nyf%8>7m&^ST5Vgt>a4&Urr
z_d9fs=8Mm2fT0nt`jB2$g$SC_&`v$yOy+lHaaqO<ceaAu%o$dVMVFAxSxd!IQ^LnA
z3Si>;>_LXT8NScETQ1()HlX10H=(d@rNYVc>{nj;jo`Jk7G%z(!~?4B4J9<$1;d}v
zg^wAhxEBke-u-sqy?Q-m=khMkue9jX;rW83z$R&N)t5v7mP+r{j$Z<1<=&LfS5<0v
zsLC>gGJaAv6qfm&YPosaiOt4hT5ju`3#wV|C+5cK!S)mFV46M-(1j6~gkF#cg=+Es
zz3(G_&wGa_5emVxr|f&!F<j}|Z1umfu3b_cegn}pttr~Dz0!s&ZMax;4MQRSdqmcJ
z&l=H+ra6iEcN0#tQjXc`e`DpiT8J*DdYdcNyHdSM^<H5<Bryl;4AC*7j|*y8E>Q>M
zf|8iy5Um!bUt0}7CweGWOH=i%wC_s$8UXjGeVcQ%Z~kQER=M)sY^{{<>S(1t=AOjQ
z3N6bnNEpmfv3ILs@9%8o_pD$~<S2lyG>BG8Ry`{vyHc_Sz*khVdFS#JCA+)Qu`3;$
z*ReikmwzJ_tCW@MkGyz~0UYY|g8Qn=e*-Q2RCMfn(7`KJ`%hN2GE8@Zf`DAjYG!*=
zr6#;}Q*%^%!{l}U_B8xFCw4w$c#4MK+WLE``0wXD>o=_L<+XR~@?W{9tiqG?(aMXS
zj{5!%rOs5xTDu;{qaLDw^uZH-xM&IGnma|BPJnI;98juWI{_XHc}_%$5@-4v)U=F}
z%Z16ZI+I#BlUfvm3!F(!U5z(6lUg`_djE$~ZK<<5mHOSEN|i!bZ7gnpbqYDUS>~MI
zf4I01wJ(gI{39=%my)i{nbK7r5k1pbf!{xWRvq~A<&PW5-G@8d+HJ|J8M64FL5_eW
z;#Y@UZ*|DE)oM($3citZp^um8OmkXil;QssI+L?I3;c9%r(9R24Y()MW+!Lb6i$WS
z#J1V4uWXx@ZS#%WHuK_^AKtF%qL6>DHjTu6WzVeanUy`WfIYK{MM%J`Hb~^Nibc5J
zfWMsrXyt`l1tYA25vB$F_4|L9aD?wV)<6xzD&%jaW~~mb)NBgi8w&ZGqGq>uR%&*o
zX3Jy#R$A87_!hM6Dx`0vO1}eDx(eyb7Pz~RzTI*S-u|0qgjt33-OH5|nJ7Nx`JH(v
z{d>P@Vx~qe1of%3q2Gmiy}Ko>5u{Vpj-{HWipTFfuk?~i;I40-UDj3Fn35uMr}QqN
zfA+nz|HRBBO41Jz4Afdi(BJ}k9FH-dT!b(rvoD;zg^<6``)19q`**sE!y^Q`IP?%W
zf{cR~2nJwJ56Vj6tQ1a3FTa+;$vX|FDx7aFC-X|-<i_a%6^>d{tdz|+sBF3(3~!`t
zR&l**THZdcw^7dt-9~esncpnnvB0UNRb=lfviBQ_?0pO)yaCp6=urfj72!*@T$tr~
zdeG=zBku*qGj6b%C95Ais#gnF8PmH8>3x8Z-kfc@is=2WB6?Sr40te0CiCLPrp$I@
zWy-8fneWAvK~jdSESfv8Xrwq^*)=P>W@Xph!mer5-A2o8xXsPZZoOUyPY;d`&JT)V
zu7!fn56;UR+l6wcCtX>v7sP0)A(T;i-;f=Y+s#lhc3~0-Adl|>lU)PA&<6~K9KaC?
z2LJ|vP8FzxEHD8Q>=wHssi(Y*Ddze5ja^rtX4p068+N<%?7F;%s(BN$uCe{q%sMJ8
z_ikwf>Q^)QN;XKo11oUzA7TYsC)1??rY`ij#R>HrY<DcYr!m_iJQT$R`rwHaZVM#o
zNw+(6NCD?jYVrCpl{;r<<Ksf6j$3N`qdiyu-+qv8m?CM>QJ6>OMRNu``9^H<6n~jE
z;GDvc^{r&MD@**AmUy%AH%c1NY)m)BzkWx)nic+!@(0c}8w>8h8`+IJ?XPAxuH1nu
zci^;(R%Mu_l7>vjTrPaa+u~M*4onB40ptT50zI<<LqT7@1~d*A@blfm&RUEH(h<4@
z5oVkST$DO8mQp!jmnF@Uha}C+gBEvA6*Fg;2g7jrNwfcr7^GrwaX45Rpm$|}?zFeQ
zIrr&}4bYwT_BY;{Z^sDzR(-J#VT0yfm#xMPOwjGG=ek^(p#OLi)N*r42bT#!_M%wd
z$1pR{`VM_u`=@Wf8wLkRC6xS*GGZPRAAtn@l}&M1HbtY}ZvAccmmBqVdu3FlrB|M<
zg*{t0Gb^@MX2r^^_*!N~iA6yX!#)c6#R!cEoy^)fyQvBBT0#bI*!Oiyh_oLP+*c;V
z1DO!t-^SR=hFIAU(uUZXXG7#Y6Yb(*>jg}R)#ljBg!mRr2$?c6X0yX>ZgJ-OHX9<+
z*w}{=^e~^;R!8UaXMy*(Z+<+bc#J@%A1edo&O+pO{zid0t(|W#Mt)^}BwxQB^P}Lx
zxRL#_(_GmfEBoW?+8>#$)qRT41(x?jd{Z{aGl~#6lz4r=76=1YH&zD70~jFR-5$!y
z{#f9Mp2_K+J6Y$HC$-jx)Jh63egbcH^1yG#@X4LdOB3{xP!deYN(LfC^)Wnk^~_g4
ze0K{wZRr4(cJU^U1<u}my_5<Me)cZg{lC-UyMKyVmk)Sh6XwAnxS$C7OD0<QddKe0
z5cEM;Va^shYj+Q+1*a(P+YG`L#eC+aFn1Vl^iH(32ob-z({ysb&>+6Dl<#b>aAz|+
z@ILbJ2nH-mr-wB=ow{?UCUj%xTaVNJ225x;hB$z|pwx&iq_Bt?@|QNCvzqPuw4ndi
zrg71Qc@x`s=bvL5|83J!{8KDr%O30F09_bvC-j0uC|vxmz9mkRMJNQ%o_>GU*E1X-
z@H8RN$_l%~Oa{%VR#?G+csO6?UE5*J##ak%U#Kfz%?kS`9WdL@86nMf&Irl-=Qg)*
zV1sP8zM2uT+D84yTNQa%4<;AX8$x>jDX#8fXH_cuv;85Y%LbHB(FHdo+10H{wq&2*
zE!yXA$}BrPSs7xh$hFnZan|6fXt0851wV>jH|lBt9p(+u2&P)ARadY1MDdjm>7^>k
zp>>V6S}i&WXfDMX$6@LKaste_HRnDXd@UnL`6uivCcPl`(Oyun51dgPa9nt+8N{~q
zO4Ph1Nj}DiPNvv?>f>8|$C~BeN(tAn-VM-owivs_(Hk0cC!tqVrdmi?h~~L8Gt$9Z
z>#Da>!z?rD848fcOGI0G$ye@9v19<vlf6{T+%z}0RvACugW;WnkNP;o#t|v`^+L(N
z^*>3^R((0AWsaIMzfbXXeqQEhW=`^!%Zp^j=1Q9>YbkIW-?CY2&D+eVCzE*=1#E5I
z<uLRi_1{8@VJ|?xNC2fIE}8SCvwrrxFW0SR8ho^ySJFz%r!PvR;88kzoW3#_oRC~q
zTSm(|oalE>rdou(OO)OQY5I~FN46?VM4|lAvVU0V@|{iV?}q)ORky!b`oC%Y-SAZ}
z|1fw9v(*~uxvkiMw`{<6E6uk3BMtL$wtX94gG+{FpGcSrz0|Byp)gM&8}<mK3XI{?
z^TFt4_%RH%ei$b@q_I=^@~`jtky5T|@@~~QVw}~yNkkE2HPl44dZVh!1Z03imqo~P
zy@~rLTfB{Wy<XpHx8;B9^?Lrlje4W?uSR=oyV+_tn%i6dsyCbU*5<!J{XRQxo|th+
z|5d+rTlvm?Cy&w@J+%JlwHRe^Bu4qsW6+O7Pw?#ehLkLruRq!!BJUE+EG8ar;*K%H
ze0^WdA{T|@^+z!c9&J1Zp8;2Ue;v@+tk>({%Z9F2tAS@Y2ml`<5Hm!D?nogH5MO_U
z!zkvzWB+FddLCj-7`}fz+Hi%8&9<h#U!uvQjmMvT6u?Ob)W2+0O4^DbV^@UwQ`=(5
zqliy$OMRc!))Da_M=A?`+#6vo8y0qXu2J#o(T1xEt#ADQ_2(4QTSRexqVXOeAcYse
z3^*^yC^56Vi7P*>Z@6qo;=o^jgg!oc3?3;Fw@*Sw0`y437qW4q@@1p)wWs3h`3g^|
z{Ewh_2?wYe5bx6clacUtZOoMaLe$sWS^3}C+T7e;$^VCVgw#&#bUFIU#1TW^#{sgI
z%X(q`F~&6Gop$teNtf`BWxYE-icsjI(8DOV$k%3uX!$>lmRoo0Sp!+y=#F#^j))%z
zh}HgEUT4i}UOt+|vdWx>yXn^LMJ*%2SS}fzA?Fe6)M^wBFynOMhSBIx<`O!{fv#2c
zA5{s><%3U-wR-1hKrx>vzY5%JG^>QX+o!>Ar;P^Qd44$R{(1i5{fnc^@w2C=?VYgO
z{;64ShtGSBGyH4q-LLOoj9%_F4-XG_YpD73-CNk(Kj`}Jwuevl4nDm&`}ii@J$dtX
z{L9Zj=a=~~zb<o7IM6!=7Ij1IX#209>u$r{U5vKc@Y9zROrfqAs>Thdn+0C0n!l<N
z;Cup~zr*8~!ArdJ+tcgj)$^09hTl7iU%Y(v=KZhRy?2xDRcm`Y48rFp?^?st-P-Fn
zuMXLP|Lb|}eK>e`{nj5G@4q;EGI|y~!O_7_o3-X|zXcfrPoJysid7jNgiV3Z|JL1Y
z*WOzcpWA94yF1x09%Lxcv;2SSZljs|Oh!E%BEQNwMNqE${<o3YO_A<$t~Rrr{}rUN
z9ehroP&7ug3J1zpA{yCp8@VE*st-AopPOzg3qg#T>>K1UMH+)v76Z(x!t(JUrEroU
zS<e=+x**0g(}>U_qK`Nn;Qpk_U|+SgnVCz{?J`2LEvB(;xQ$)AK!m7tX@(xEhSI(0
z{700^AoEey-f|mtx1CwP!#=9^;(lN4HvMNak0&SbU|97Cxx^B||FqqP+sc%P!w>~2
zz5gTVooPJQtH%HANK)sWU-Q@%Y%Rm8*W-R~suXNmy<eJ71>{;){--KI&F4^d*?aQo
zbTBx1`+mO{J|DdOsqT-S`0r|Ld;7P`y^~)L_ZydCcjp)muAct+gdXoVj^bbWFE0^3
z-U@yiZ3mx5FE}J`u4*2C`O5!z`FwMGK@Rm%FCIv;xAL<gAU<S6mxNwArj2EZT+4hi
zt(D8irn|i~-6h0YRsFXrVazA^{<A+ny??)l+vmeR{$-3m(PzJ)@%j0$FL=2B@m(Kn
zUpMxKg9GNBf7<%3chu{XqqC#acyRv9<Ov^c^>=<dID7l1J9+ow+0)wgySU98zb;7d
z5leV)A!16VuIYJRI$w9(#<ts7o^%%IT2=n1YGBPLp?7la{mOo6vTJ;GIl1&-ejHDp
zb$@z&^vmhd_|U%^ZU$R}<H63yXIt#2{q0}7mj~}oe*5#)PrnY|{O12OdOv>gw$|9G
z51L-M?;Qs1puTl__4CipTv9L`lJHM<anXmDs45o5Qw^FON#q;SrL3J=we)pWHZ-4T
z^~-Mj>d(Dy{hU5OdRc#6`)TJje0KSq{WAP5da@N=pNz)c)~lUo?+>?|uWGgTBfn4H
z?f%;Qc*^!(4I87&tLx`aH$UOtE^9nHe1`n3gPp-*MEmq9m^OoiZfo6~OaihbjQFD}
zfz2ny%lEH$u6GZfKWl8YdIyuC|ME$6*8Jty#@S{F_g}u)--*4Kli+3RYPYuk_6cN{
z{x3W4K0fL1ydM2R{l?|lII6++d3Wc<%b$AJpU$>_d-?vCMMyD$@uy%aB^vdcn7|g~
zT2=kGs$eZ3jKZyV@ApS_{_A)r+PeH{Z|8K}d-{BPt99@+dP2@Wz3}&b`la^z+185|
zgVFOp_eZ<Op9p*zdM~@X{LQOwyicC8-Cti^zkknuc{;d0+q%43!~mWyq_R@S`Edb3
z1qTC)29Tqw*)u5@@{JqNHwU{`&A+Kixbtb<KHNU{>y3}`yV_Yqy#6tqJoBHuy=;8!
z#$;GO*nUZSXD=ID;fs3X#qia$Uv_p5k3a5q{hvaAyZPzk*`yoL-6x}`dpp;`!ON}j
z%h&Y%-eQ8^3lJ2>oQkp$8X#{9ih5j|ds^e#tGh)lp`ArWD`dDjb1|5;;1(XK6s{Ph
z^jB5Fn?FLet*hF8vvE3V>}|u}Fb@tlk8!Q}a_iZ%UygThV}Jaqb@^iN$=+V?YPU76
z9S7rA{@as}pSJh+-+ijJ@VNFe3eLI*2fyvKemy)nZfufqh8yNkZxJ(6_6so&Mrb<u
z?DfJ@<kNr+{q)bOggBpogIB-)xw&^lU%mU~h`oQl`)6=|Hae?azY5~(7jJ+1ZTFXh
ztK-ALe*bl&7GIsd-j6@MeH#upM_1?mPbcw{-@L2t;p^T<#*W{ejT*thX5$yQplu_h
zMzyb&z{0|BiYavS>6_H($DwaW4#<}=4Qy%-FdxP}*CV4Ei%7`C3}iU;1?A~5W{VE1
z*}yCt)Xf_$;Zv|?Nac^}=3?vjkMYZ2ehtpMZ=N4Dk6!F{-~38;-d?fyZAM@?9FVP}
z<L+pueb6|1;vMX;)=B*;^6}ZH$=U9w+Hb$Td>y=gH*RfzJUQv@M*hp-^_zoN&wg2g
zBNmn?GA3jeL)<{}r*IAN)Gx^n3rPG=y(hbL|K;9!gZBQ!Z=d#>!;i0?y*Pe<bUomg
zJI8O%u77JC{&w~B|6}jXnp9P{wZZ%P6)V=|M>(ZOB5I!skxo$o5dkY=MbJ0Ww?dsd
zzr8}u&YYP!N%vfPe<$MHWb%SO>Ui7HJp*C!ZGE=%qr6B{C4|<eGq9wyz>#7$hhexo
z%-74nJ+5Sh@kg%smz8f~XKCw}^~;(M{TpV49hmXyt@!@$r#bSEF*=A@+QFv>CiszF
zE$!gaouwU2t_Z*GN70+^z^=$=i0$*);4O`{MQu_yB1m<r95_+z8wxob*cRIEHd9Gq
zHv$BoN#Rh3#;_`qRK>I%T;$*pD|w5kG%mfL1+OCgBna*$jPEMf`v8g&i;?G+SylZy
z0`w&W#;i*>OTYY_uIqk0z3%#9-~9|bORFZX-&Q*M=woiM*RHFYJkQGdgP_hY#!r<(
zpNt>y2mCe!dhGbAQs^>%suY@B5q>>>!t<0pODVXaBe!1>;k3_qj;*JRj<5Tzbyk=_
zl5~-l)__2P2kA7!Rl{3@@y6)^VUf0gm$b{FS2|O`7GhT%ENwq>TdYjaE#KJB{_AFV
z8!_>!$}Q_j9ygzx>>trr-r!!v_|lqO@qR7Mt+ztefm+xyx29vcAX5I!19gj>`Xd<d
za=~Jhh_8rxyK*JW$)Grv%9(SV4Sbe*!Mp(_e(r2eN(Rg_usi!?eAK>kN&|n4+Lfxh
zG~+L~bofC5z5-t*_}ZMn<3xBQ>P-jr^<J;BsMy$|1c-9&s?ed?3ZwzTO|z;68B$uD
zjC5HLe9R85b;qr;Zq^S+32^5&G-HxACz&y5<p^H3zkOS;ZXsKr+3UV<C%qzGMb@YG
z)m}HkKpM^|U}ez^rw9E~HQS7iNllurA_&BVfuxxfq9xzxu(F|3&_y&qL@I$zFszy@
z4o7W8nVPW}>5zp?IBrq$^I7+`vEcgsPT^<H9PkJF(6G6IKL7qxSWm7<BlbTxBt;&r
zcL8V=D#D!uogkgfH0ch0YaLgnvNd-nz^Z~%1S**A@wRW6r_!aOlJCq~7pwtTW=qFd
zpGzT3;7z1~zYsw^iCwd*Ctn#KADcdJkuSn{+a9|H0mZZ?m{SWev;oIB=a~3<9qJHT
zs^tCvgPMtCo+~Gv#2zhilaaJut}QWQP1BA~x}b&5(#-O1E?P2ObXv`+QQ?1M0{wxG
zbiTgzf_*%gh)0C@jCv8^^Y!G4HNp}(JK0>38s5}MqHGs<=e_|J>oXOpHNV!^x;|}H
z?@Y$<+88**h7ue~%e-gR;}RcS1z3mEPTOokhb9HTENZSmlKE)ijWQ_RoP!^aI_RNe
zXIG&&VWE>7#E6|P(OM}zgDj+YrED3U7!smuZn^A~lX@_0!)!HOC{#6*O|(5X{tQZj
z6*E5^yR+U<i9ulkz4JE3ltp$skXoulrG0I(wanN|ZP%G3X8q~G8@lsoj+MYY^mOv>
z#&znAurVN+;;JIJ-yCov*h2Hf(klV&%|a#WDCA@7yrYj|&VzzR0t;71t=-(z!FhVF
z!TJnu%6yk=ooq_oGF~doDlk;+7sh|ftXv$OL|?@&d|x$xLA{FN>G~SEFhVh(3%O~;
zd^)R9<zR{Yq6aJt5Cp&7p>0{wv({=$E0kAxMR)?eKSd|H?C~fBOLY}3z|&xDU1{A7
z=VBK2d4@uTtIhvMCHYsVB$i$Fc|FOkljHr~8TJPFGN|4($Ih<8WtVy_p&KO&@$I@0
zAz1T@`A*ZCg%HBKbV>%RHIvj7*6+6^Nf)ekTJ07dTquDyNbY>IOGSTC7GUL1g>{QD
z3fYac;B~HBr=}f0S@0nAjRo%uamJZ7Y3lHEzsf_hd`7(p^7;CDz8)dPJ+YEaV5oGR
zG4bi_81S~tXpqW!hYd>ZD;#U66T8N}0hW`JiHpQCqb0p+n>koB!Oq3pWt1PtBMX2#
z@3<q|Y{h<kV6x)IwZhW*^uSC!B!nC2RR*`q$rb6>BGB_~gmbh!IGzTSu$HF8IaKBj
zvELxka5{53#qDcNXcWDL&gua$hx0s{MUHmdg1EewPXN4yb&8C3^r^KHIk9*3FZQm|
zwB3n&&dv1cXMeJP|9~D?t?$7v61l%KxdD$*C>D*x)2v_eI>Ey&vz%h*d;p0-;VBT@
z=Z#+kiBTVtjfi8=ELk+WO(q&_>@ZXe`p}GMylikx-q!@%U@aUfxNxK&=%?-d&%b_(
z3bM1*HtR`Z=C|`9I4V})#lrBh?V5OGgS<jsBz?V@Tv2{4Uxv5)r9{anrEqZ@Q4oH@
z1b@DQiN&(wjVZjMlErT4X6URZOBvai>Y(X}aEK`rRf$cngD~$LB2XX}h-Okq)DZt;
zt^1u@<EVl9dgQu{QRF`4EOcF$z@FpxpdZkvjp8<p?9xU)*M{I9(Dyx$Z;@Ze>$N$#
zLH>H!9z>F_r$CM<TS5`E!Y+Mgh&XGftc?8`kfD4pFTk$U3jPeX`KmN!oU8fstZr=|
zDq{h%`as2e+dliE9}yI|r%&T;GGnx&D-)a(em2YDhwKv1pwr3A<pdsQmmry%6_2}_
z55tQ!L21#7q|`G6%%@It%DlAK5L48T;%=+Kr*o#}XE*?wEo_TLCnao<=7;3$1A+#N
zk*N5KV9&JGcg$F0{I#|j#}g||KiiofJL<ilUd8rwJ@$}ChyZIX!l0xujk8$8t?ar>
z_JZl+r5G-UWPn1ubhQ-#nsZ{k@|q%Gstn$fsh!(wJ#6H9&^=h@xW?61+}@~)a^w#5
zoPP8ylBfCmc5?e}Jqgpg4Abhy5Bt|mM*qjVmFi*FY#aq<X^rZ;mq_4`SBr;C0nez{
zuDe}Mz>y{av^Lm2^i0;{OgjrjD_XgJ7N0srMbGk<vktx*ZjFO_wq*DW$7;p41{xgv
z!@z}07uVLJRP?r{&rvW2B&|Bvf%>)fd-dOa5vcLN;JtbTC%6CC;EWN2HWN}SVEf%t
z&(+2qW+Amndd5UkD?*o|+&6(e?RxTL5L4|S+1*kk4|5!!NzH6`5(xn02wYk3M7QtA
zMJ|Il6r#z<L3{6EzD1+notd8Yy6P5ia(xYP=VuwaqCg+K<spCT_3yVlt+)5x-TLWg
zeKZD$hupCD(9_Ag8xvxjYqrQ2^L7`LRo#eu>k3s$@TtApwJioh#nQBeL5{^Ku<p(_
z34jIMt@{?Gy|$i#Q(8*lyb!5s<<Mc~>)eh6#J1aw)K>$uns~AKcZW;afoq>8NmjlF
z*?-~<e`x!Chkl)w_qQfD=wEk+6cGej@aF?uH)h_3J!C1zEwhFaQ!gRJl8n4+6`I0l
zd~Dc86U20xa1M@y;ELZY*1}*DrK)U~W$vuv;1F-S@;u(K`yc=K1H9&PjF4$K2~#io
zR9T)qBFP)(MS!=f$rb0<VsrJq@AI0HWkyh-BnxM`95lS<4~^}yu;GiefVvQd<D6V!
z)Y6j>kODI|?Wh&+Y3F$bd%Z+K6|wP2lpNL`4jJ9QQemk=D=f`uQhjyU{~c4|E{yT_
z#e}@Uy>#DeYixuF>VylDH}?!6?B*LSpo5YVnT4+%&zak9Y-}H&L~B!QmFl44uw)GS
zajI<g(a>{qmW7O_^3R;DXnRJdf*f2(oeX_v<c~Uu#^J<n%IY@<$iBi}W%t||8y35q
z4*a~U1dn73F4H%trtRj7%pw70+nkPjheT<O#Rvwiv#i-Qv9&ncYJl$ql@aCG*z>D&
zI7ypcX{D`cD(kJcK8{?$OSh^o%iN1po-<MYmUTQ1C$(wCF7oMd5`Q4-^%eF>{I|yB
ziuP;qci76bF{MAv-Q!9~Yw^5VlnIV7J~l<2V52SVW^ZL=nKOV@`lfQsz+JOl9bK{C
z_?7Aew3|h(-^=SHS^@$F9=U#GjM^>Qc=Ak<c-chZZwns+fBdgM{_{Wo_>X`50l`21
z*U#^MjzFhBk2rsyp!$@JI<im8CbiA_^8|-SC)G3XbH6?{C-At5mCigdJa;sWTT{^r
z(_vrc&{1Fq%Ws8a+YHlv>qhB1g-qF7;3Wp@%z1{fNwWYDehI8Lgq=}4U2V4oqrwt@
zDEWMB&&HwcPA<phr%CnB#`s%${@)p{`#!w#GsnaCt)6$t&l%0n?W+S~gbj4JV-`{s
z5n(euTUaI-cE$2ap0nGuil!JW9`-xILI(-UQoTE{$Z$xKeYUklk6QqX9i4l^RK;ef
zxABqLkzbfhER2jeyM5v31oi*AsQ2i%dzKg(-f;I}pPBo=A1U+-`_coK#?{6@B4)@D
zdjOd?8e+oT);jXbW^>H<wjXiLTAeo3dfHg_ktIdlqO+Ojq2jDR<QV0FuBXfzCNnau
zK-n|l7^LXSobJyndH%JQe)*Da{lzi_{(v7?hn``d<#4&axxvQl?H)s)yG&a~Cs$uX
zu5Qy|)}g8;M8VoA@F~+MhaJgnwuErtk&^V~8R8O1Pz})5f%ZrkIoP>{I$PTrB0%G(
z#S;F7wc@Aj?9YsDvj>E6hkX^v-JPoeZuV=ru<{n&?7U{>@*ZJR7PVQidLSrt0l=sE
zyrkk}N40j#G8jcc{87+rg`F#O;KTzth(>n~W-;xgZL$&FDS+8d#yBIF<}2UL&)MtW
zUwr=<7YAu)Nn)nXr@kTl2mH_~`Gk7wgxmGxiuG&ptHi-6S8TfSGxQvle7+wVurGOu
zTP9AG&?I(@eM4c)Xr96=VW0zgFLC6F+PhvNT5GtQroMYj!}tV<2Xet74xxTaPaSn!
z&ypldCr`|lACKbMBi6T9+$Z5ZwI)}*5m`Q`>2Zd^G_2LubP6tk(~jK=0z*2><smGi
ztdO!f)U8xNccp`V^f;HwPbdb=p;8c08AbB4(5S63-Gobbx3(lrHNPXiv9WJ=p3IL=
z+>h<h&#+hdJvS!cxV?F*lr8F1T`zAbFAKPQAT!*s5N<$}Ql$%u$I5*Za67^b>ew=b
z^l<KAYr$@Iab(U3M(0iaIO{6j$sD$|PJxgVUwg*wi;{B<U<kho=6+->y#il_@!A|6
z&lMK~W<=WFNHyGvX%pM8&Hchw0?#ZV7X{12ULCpxwOZhb7PCzRx(j~E#0dxa*r{(;
zQ;r5^T8gsl!X8k6C3)u8u@ZKfRn?@*&F-@xfy?pZ0aff3_acnf*5ryeA~aw}ODjQ@
z4$PJ&99|M<<;fCLDevjtw`sQ4qTJQC3%{Rf5?t!`Szpig)oJI-F)o%A%n^XPDowwF
z3J7Bx$0j&@q%NGBbuc;Ih>3sZW2gexGE;x@wATLlVG?N<gik>QkL4QuF={_~p&<Hj
z7$c7vfSy<*CeK%s8_<YAyq1>FRPQhZ0de~R-0#q%O0_MSke;VE)U<J#I;Ytw?u&NI
z?nvBB{7zX(5N-rThaZBZE2?~trE_k`&SwgsXXM>h9+=fKt!gull`B{5H!`VzCI|XJ
z7kkf3^5<XoEF?dtWdC)eYQR2t$tMH}@7NIDzW#|D;4)_3vD`eReqEltqu_ZP@^u?*
z@crYLSg6bICEh)K%O!)qr~Y~IaNoYr{nIB;*ar@v4~+EJ?~T5D*;^Cb2h;4%M)UzM
z(A&e*pMTvSot_@Q9vMEMHge4VC8Xj#(atLy3;F}Of8?fD3b9wQ+;bhZZd$uZSl4a|
z-;Q+X8#a|&VFBBG_7{ThpETEB{O2pp%iZ(3H0^paT*>m^snplHCVo>si5q!8OuTAx
zegE|-`TnDQx6WSQcpqL;P3%uB7h!dy-iu?`nfP&LnQ`1db=JGij?JN;n9po!?}u7^
zS%cuG51HK)7Twryo+U#3fT8=R{-o*?D~qc)uBSIINWwHs!l(Iunas1dPqXT>)W1Bt
zn;ZE>zw0MA4*d^j$WyJ>Kc7N0FT?2F<8wdp$}E|<Y5V6-SsG7#bZ%8o@-p*Z$mD*u
z5V=X~K6_HJd+~hWZT)F|sgwMvSKjq)lh$GEgkJx#?4B7qt}Hnpszp|qeoBgGh3U%%
z^}XHiF9^SUl|TOTKmWKauTPi%@eddrdDy*-n5R+mi5&!e;H>+MI-R^+PHs@Y-WsDF
z8_rak%kT)uoMXu3kvSYqtzgU;>86%hv60NnOn0b{D~`_377uM)BW}8dGSdsJOV+C_
zqvMU=9?UY)JZ^)cBemT7?8WCO$L}6Uz#q^!(f42E20+jc@&UQ`*TjJ9|H%#H*Akc8
zVXp2JO9penS@tempT%Ko^2xbYDcvn|17ueftE(HqS{_|C!GaoEE7ORr%G8e1q;6+?
z#eo{^<2E>`(NRnCukB7>v1;A#Bag9aT`@+uo_89{H;Rh5bS<x>Hr*P;%09U@6oEA+
zHe$sNk~CEAiN@e#JS$X>T}n(?b$YREd5t^pqOSu4H*FW&ZQuso**krURSUj`!hCmx
z;UA64+;z*h-inQTB?A0^zgPk9yt(f<cU~U-e<OzSd+X5eOT4>>zIO228)H-Nj=e$?
zTaSdyH3ja@YgFJ$fv5DCV4Mn~=LzH3*}?4ebWIZq9pqcTZk9{foS%HcBxD7JqO+tN
zAtFZ)4wr8D6SDbE(BEyJ|FtMx+nz*~^_hwZJ`_6j3_6{>Tu#7o0aR{4ia^lq_^rjE
z)OsH=F_Ly5iY`uEg6a4=GZ!AQmU2Q>XL4Di#LC!)cq-|$bEJ{PUf_fT${M@&L0QR<
zE?Jc6NagZL4mXy``+fdhe)?Zy^V8iVi@s(|nLRX2-{4+^{Mwq##tqPo5*dT7ZN)k0
zc5^--z|A=~*tYZWKI)+@hn#CSD+U}z4~uNNll-)VrW{uTp^b#A{UFbn2H86s2vy83
zJ*WxC;9oDoZt6@j?^lx+ePA)ZL%zu4ZF_RX9FZ;CbWoTs`GX{9=Aq$-U9USZ6xtiW
zPHS{A&{(Mf+Xd7`qN?o03fQ{@E4IWu*b=Qmo~PNe57rVU?I0e=19{Fj*vQ5Cg+US;
zJ8fTeozH@tzkiH+2E9t~c6kkQ9&w5)cg4z|;=Y3+vjgAm5J@SW9c4|SLk}C?z!yVn
z1>923>7B4NQPw|9G1S6j=xiuwQS5{^(mPjyaR!uubiV0wI3G))d&kuEfqGWeWthME
zdGW_6W`2w@hu^5Eo*2q*Gx9UD?qw&zzTZb5e88o@KDd3|tFT}9U2E;KlEPS3*4o&F
zaCNqu7QV?YdlN3Wp`*)fvN$$|P+E?nZa91i9T%LubG_5<5H#Xx$sJOcpkxH26)%H|
zc2%(7NfRF%5BFY$|JYH3KERQBhkOy|+xFy&`D;1WhN>Jy&Xpyhp1KQYPI&>}W4c4)
zTO?bC(W>1dA_?rP1w7kh2eQ}6jPV!&^Gpe3SY>+<Ig%*qxq{C)s+1`>puaYmKbtH*
zi+X-wW4Rz+ByjnEjd~ujnM9ZdPNy2-&D8Teodx<K?YLRJ?wnBVQFgVql_p>Kcw$n<
zk<NRn-OqD@5c+0`T0%4v!~iN`g9q@&Zj5@>Le~B`mNf9rOn%YB!JjNBZ`_D~Veg*@
zO=6}up6d9;>hzPP<qg757Uje(efP^(q<Jzan{@JG)A&iF&r<iPTGNd@`u_NF{c;oc
z9KKpd;h$GHFTA`eb-Vahi}d-6e0Qn)4dLBy166Kg>043WcLul52KNIS+zaf}2){M1
z!+gXhHw)(kd8UzOZU+QRIx06in<hoEoXMDA=g{!sWUN`fi;JvcqG`0p@%dnv?v7Uc
z1K|egc1>xpw!@;O-f=>7aQ5qwrh@$076d;OgM^L}dhLFi0E9f`dAmVgg?+iW67r8w
z0=%eb78q&M#G=>mrrhcR$Wo1WI@(#taWk;nH&PSn7zx@Gwy)z91{qkTP-UvkcZVX-
zJ?|L9>#eT<zU)ZLWtdEVwUWLy;r_lrsW-ScF+8`%21#*rppt3bHA2tn&XH36{n7<m
zJ=G%6%X5{fH}o0=LdU_B+MMmVoUf{M>NeG!OiHOFi!I$JxN@Ew$7tIw(kZ#4Mn_@1
z8rwfef4W;$p?}&!`Ob=N$Kj9Yy9Ubt_{Sd*_yZz7`oIw(miPR}m+wxF$}4uyb(NQ4
zT7OQJ@Cdi#E9`CTJT)fJIA%u(+ByTVZGohnFQ5oK)q9ih<`&qldydnAa>H*aLvBNv
z=2VdHh&Zt8)qGo6QqYj;ft-fJe!5KSy?-Q@$&_5LD)N(q-T!mn7k^w%b#Kf@Ul2`r
z&g2@1`I#;QJ#>zFL7h%sudk7DBLrtNP*G9SL)XjMa0Cj-;m*6+nliRWH}e9<QMa73
zv1A(IIyjyWI(f8^W~t(gWl!0pk1}$uX<nLwb9KQNwcA$H+1Q2txgrO2x6pqfzZd7y
zXB=b?NbiPuk=^ZTGSbo9n@%IMJ7KLGBIh$HK0lfb2}X$TD`FoOx(c%7>gc(;5o}Fh
zbwYKZLa{kK_*j%yGlHA5CW2B_0-y8_)$^@wjg1-mMEAOx)v^CZVY}~3uY4AU|NY(Q
z4*Al%Z`;>k{4pLAP*@vMkl=%B+Gso=*$T;UtZ03CVM~n__E~)_^@1@uG}xN{)(~ff
z6RV|;wO!GYSx~t9=@E%=pw~d0=rzqz$5R`Q$pL>`ndalY{1HC?7u1{NZr5Y!{GoU)
zQ1GTfOiqI2DeNx9Gw5xt-Nq$!r#sc1ST=!I6b@J}S6a74=>TAmpp=xDUg)W^Bh>l`
zZIM}d&=UX$HcYS@Yaw~1>ihGrpFF@HlnVOmr&2-p<#TSuIUXoM1HOIN7yb9@6aT3D
z$j7#XC(ujpJzY-7aT`Kl`^YhIa|HpX1f{UWuFW!p7B_N3ETiHqV(Egefnh`HT4W)J
z<`YA>-2-x4SdEPUzLpOn2(KFJ(4SxqJ+>Jnj_tg6B!eH2q4=d~yIvDdyk`s8yBLG0
z%2F?U3SYqAhbJ^?coD7{zv>wOq}upZ&;BS~Gk#Kpf1lsx4eqsnUs_{5HlhgTJRA$S
z2?ob>?wAd>tOs6N;<*~POCs7F(z7b>>JH617Vb{7SX4}_=IF&<LOH+m;f=+mnn>z1
z0jg2J<2LlyQQ+@c20kSM`o1*YB46b3wteFO8nKrzvvxjgbd;>vnGs_%Pg!UytZJ2Y
zV}_P=*5wtuPAJjZH;WS7c#sfES<Y?9ZOBHUK`kuLG+{Qtt<sh8`S!41f?vA`-jgbP
zERjb-vG0(lll%6y4AlsUz_eZU-kgd7|G+ceLNxcK=Jz#FTlhv{xI`#`(-PymwY4<-
z$WJ!*VJ65Z)R@8mozJSBlJ%<gSxZ)#gUwhD$QmP^QzIxT0`oPD0D1Rdl9$=7)c5uA
z`}f_2>fGM{+fF~Di7f7P%8wbE9y!du!anu;lV1oMcce`z7GR-rempFiX-<^U;LicW
zLSxU+%RDAb{E)0lb=I-u5?TnYG?hDPd*o9w?yUXEz@4^cmjk;|dRe#D*<O}*`AFkt
z-rNF&{zCrA#QlHu5%xK3?K73+p$VK-w+_s1>d2TJ3JhO(q5u)1;O`GbHXI{W*g7YV
zY4PZUX-kD#%@jT}{fNQWI5~)2j2r=Rmh_Q9ZWs*-VP4W?s-CX**21?JB!PVA(DmnQ
z$loZT<>psBE)RG%o-l8MyIfrz@guw$pf^P1>MX9k6`*tLU^g3Fq)E4+a9sGuE>skH
zfbiLY*+s%ki)W{U;@Ay*s&WUd(5{}FP(Llo!!Df9LCua2RRgBKB`)d<0mj*9H4BL!
z@B=6Q3*bd`ab{h)K1Q7LQ+5Xq>s*D6g}FO-*<#hMakX9W@QUr(!?Nx6>uTx2(7fT}
zO?8?>L9lmDz&bWowHO;U+2T%H4Kz$~yMkH+p)8Oihur<)>Vtz~n0j&O2ldNS^!{n!
zmSKGh6#6Mt^M#8KdB5+x@m{}+MZO-u!fIk#RTek3`$2DhSLyqwSF*4&O?%WDc8!~z
zIN_%ipdKq&`v&)EY(2Hc)~nr8Hpj6RH76_RFwiI@>of--08o>g6ssXNUpoP#7<eWa
zsBi4qTt_<*sR~XtL8Xjp%Zrd|(7|2mCP{hNsgAlHxg&*X_~%PefPX?m_?K@;cPi4y
zE+zO8%FQ>xm)?ABO>TfA(x9ysHjNV2-fkB*eZVr(-KW%gHRY>8JAe{_ST?|VXsS%h
zRRkEOf-ku~6xZM(qYNF0A+3y&6OIH^q2z%ySb=)`b#Bq^r1+Wk_5F1+FfTv;a*l+?
z<q&zW(~96h#YHzFb|-Dcm2MDO!)6|_IW|2AQjXR8Tw5N{70(|9XiA+ec2|4TDxAZL
zws%3&HtFP08^)k9ON&y_;h#K7KVZxl7p(J!g6ZRd_lUy#4EiMZ%jE<er|L5OX|<oq
zkPz)PyUufeIrlw91Z&~Y9MvfBHzh=zihYx8Vtnqk2(wgTS0#$0I%GP{?&tiTUZ7hs
z<EF>6iZE@wk$!h!jkh|>X9M;7v-Jh_No?2a>!2MmQHg>9LJ1H7%V$YDW-vg_D0X0Q
zEQzV`5Fxd&DC4aRihh@XRFv<hzJMz6+MqYRMF-dt*)R4&DoG}oZ8%~@8)fjVdJ5o2
zBn5xFUUsh^{?=9F8TY9>o?2s9kr-Jo8W!L9^tRj6!pSi>CJc<I#`2wHF+Pfyb)2M%
z6swk>P_wnTEQOV27%Zh&sbsF)^G2vcNt^|VyNh-Mymx?aQhEJbI^=z2_0L?6-!B|>
z4}IyDyBk;6<A`EXi0PCSjSoeJa@D@5MS|^1H{!P~u=T^GH}_h621JLLO_Y)pxt<ux
zv$(ZgcDEMVG(FC-$U4iE4mG5dQ@9o)FgJ32|5$stvxeqn_!_BmA4yXM`RRF6Kp)r@
zMrLEYk2?B&w!b^%O9#GfkG1_NjNA}yJQJer8g?^|TC)hy&7-{9dUI0W#QNNbrU>Jh
zTW=npg*u?2bHvCVC#pdlFF0;>*cu3G?MghBmfK((^~dj&ubSOhOMflMSCZx5XDoce
zoKBvv#u^A6yDtK|)u9E7$NJGe6pLH{*m|>*56*J4#iz7~MHM_`jan5PvBWF(9M;PP
zKnR8alY*m*Yu;(dVU1R7njPe{F#o6E#lNKB#rxvIzwfAahkO}SZ`-2}Z4ONz8*~nf
z{Zb&-<rE$`pu?iXYEBS+pi-vWF>*@{RZgu=3&z@+Gw!THu^$+=$*mUYP7AGw*5iU8
zNFAE?*tz@8;bY99?Tvlmvtz>dx1?v#tK@E%*8{?cZRkY8%c%v<3bbq4%GMX_w(u%`
zQAQ<8^r2qK&GOJ57-BnvH3Tq=d}vgMvb;dE`zd?eAyahed-28>)?(F4bjdANBQ@pE
zts-4%=K1w&j)^ULW0m<VEbaRl6VISmncgn10cj)hBu>+oGj()o#3rH*{btebWl=ZW
zCEpgJP^SguG{c_Hhg?1m^XepQf+H*dOiG2yh8#F0Te9vZ*M+l*I)-~(%7y!jQgb(>
z!)L$#kqH@Ie|R{y6d@s{EShbRMSEmnWKIWjtlOCeBj>AG(fi8Ds`t7^xw@t&%weYs
z0JPlOA+L3OP(>}YPc(4joA$EB117|B9ox#zcMh7P&J@oH;lIyRbw#|0>hgcAdFp7i
z3%_)|uE=D(-}i=U$qkP3)pCDCww|Cv@nABBbK29kCk(@4Iqm9Tw=;y36Y&Cj@VB8Z
z%!LHUjv17nV6&RaV`<%9D0APN-Cy4PQ{3T89=#Q&ZzB%B6tvgG@s${GVrPy!$+Pg&
zP#xs4G5Yam+&bf<C)e&7Q}4M?5)5d7YEda#Pm{&gbfW`8vu&^t>{xKZ!7x{9!_Q~P
zZXH=fsx(~cI18R@!Qcc420?A+aizHes=7YT9B^I!?HkD_1O^{FMjoM*{_qoS(*61V
z*cy~!#}y*7f+5pXP75N^QeK)mp=S=ALMW`eEY2<7G4)!V8JG|c>^|xXTUqWwXI7zr
zLkB`%S0_?h9bxLEVD7P#cO!@Xy}9~hQiz*9KCQy1ND}1Zk_G?!nsI;n4WCW8?^`48
zp>HGM&5i5y8ex-Q9n_yw7SP+=JQ1>H=5D-t(d0^4V)5==c&JHFTL-jhxUf-v4H9Cs
za2tM8&UP8P$Tp_C5NHaVG7CyPXwkk?+uv?ndz;Ym`(oW+P;bI}a<h+&a}U@oT!s4>
zN758HRW;91wcBZmkjm@4w;&7?_`sb*F+w(NEt09W%yKA48mEwK)tR0x7CNjqBAOE7
z63>a9mHPB!%hJDLP+wFX$1F?pvqkQ)sHi*STd%yf$3{lk{T#!?#fF~;*uoj2)zU=G
zELiof2pLwl4w03OV4Gy8;(1nPY_#N#gE}-h7w#l6@_C=!uNxFOTY0CSFc|SRXW{EO
zps<=WX?We+o>V#avj8dZp;*9=KHw&wpKf0r<|D*(O3xfzpy~o?W>vl8`uSnC5S=rd
zv>1I1ceWER&AF`4EyY{)CLjh`zRl{jTvjy|6iv~f$Gj0N+Mdo7Jn?m3Vx{kxO#ZFQ
zvU~oD)Af-Ka?iI#*gd;rkLf%9yjkaDoC-Y0?^2(X*<iQWSjOBw<S9;8iNe_h;vx7s
z@(%}XA4F(TtgZbzE(oQHW)$EpWr%4O47Y@1q3UIK`E?9mSbe#WKE|K$40`?jPs`{?
z{sbeA2Ey}t$tu_RI`zv<eI&L{qxy$7#5<1Mt;nTn_X`Ij4Vi=>iCX1>NUOFb9<0Lf
z&Mwq7hBsZWW|G-#c3rjkMe5Wq=p(+rk33OFywFCB3G_Lrq!U^Nys}yCEK74-SQHT^
zqVPdX<_0pzs>cXt6%_J4r+3?I5uJ3%g%FqDw%znB^=XagDp($&ppLZtcCYBwuYPux
zPAWTalh4AGA3K=7!MzIMr8V{t>Q*GWLDK!ws~9P)cBW^Z0G?iZyq*eFa6noWa|_8<
z5HDV8g?(OWzRv5R+apGqo7>7v4a^OpLuN3RID}DCkkr@f_3c|;?OCDMPb$;<Y&F0h
zI$3;x|00{ayAy1rj=G3_d~O=8nY0GO%wPvu_72i2$}*CH%<&_0KkOP2sfapTIILg~
znFWX7un341GdpQ1MD*=k3)I88Ex1lK<7)S789l{df1J4f$UgQA`Xr6Z<pdwMUtx})
zI+|F9hLT`*YM85SV8-h$Er<o%^)xjtONb$l6=#QBD@fIB2cHdYVcLy{47dOp0zE)8
z*mD5SK<pIBH-$b@R~Z{|{_B*zpF`iFQA7<dKA_LGtnaVdH^^>mio@K+i75mf`ga
z-EktRkZ}$L4^Fzo_joT_%mT>iZQDyE);V%;(oQ~MmpqT060DFQwi0#bG%#|P4!A#H
z1-DNj8#XYwlMu20L}B<<mfrWhYd<;H?ouKD{K@utziR&ZQ!+~HmgS8t54z7A{k$vR
zFc^M(a>gH+SkIu-$;;*BiZtT9Y|k?0klFRVt=QvKjNIvoOL;5Tc!P3h%lXPh7ofbg
zk$To_rl2tc+)^2)gaOUhjlO4&`%Qb+I}tZ59ddi5iNf#r&PGz6zfe1VtU^PN>|Hm^
zi_ESUlN-#4Qq;Y+oN*+{=_D617;3M8UAf)ZOP2DwjdZpVeb0t-gWIAN1P0np<Z96;
z01<ESHG?GEQy)9TPFXW}S_)LV_v{K88EpElI?6M*)0;8*wrar>Yw%reRGj&fCU>6S
z{}Z=E{#>T`=SQXI*dIFy%JUNkDsfl0|BpZZtb;OZ{Abcx<eoRPE6q1lH^hTsdLO^-
zJ>%QE^vgH&tN-zjKd!vAfBav6e2_@+Yv#BQ=#BpP<DcV<dtod6gihj)zjX9?&z@)}
zZx@p%oDrNm@QG$zjEG%(-^3=pY_@x;M|M5xuelX|ghZrepi}AV$8A~3z?$82{Na3v
zY+b4#VjWn=1Lr#PRXfv<P~Aot+bUn5S8reO$CF#?_mOJ6!F>_LwKbMjL$S~qVeZ96
zNjjx`SkLn1SsV_5>50*COR6e{2H|!lsYo*ql>-r<q2Ac$);4j^uq5D)vdXr5Wu>ZB
zx5qK4?>c1jD_Quzh-i9@J?9PXRTeL;u}nHMU260BeAe`VSG&zDU$*i&UmXd>Fq~Ws
z+hfl4c*Ry!BkYVRQOcazx{gcDOaVBa`T}qA4SQHm$+?ENqA_^8ek{ev7sSz@*ki8b
zy8pf6fbZ7o-{<0gg?;MxTVt$qpY%>A+HE(k7x`e43>r&mGvmZcBqWyMFq|~R30Y#1
zbASRfhSQ_K{@`)l01YlXI}^d;3}vk%?L~&%`k_UjMWK#Own(dRa?726K0?1|6#oSu
z_`5n<KW%dNdlLQ-fzAIGL*`xG*|$IY_YI|2*y-d=W9(2WHj9lH7$6GT2Y!zt0!gvG
zUl^7uu}6UyeL^6Rq~2?*oi)pQ3GoIGU7j6G860LM<C~r8Pc<qP*JnRC)`HNK%=SA>
ze0LRy-;D&bs!KC|;luoZDeH6B>Z3_;zpYsDYhQee%j&b?^LAEzY!G-P+3^K+I(fam
zmK+)}c1k>!Y>GP{^>}Ib3DXeE^h|F8M*{`=oUi?iUE6+RR_BGenkwS**e$naEs%mS
ztv%pa#(gIWDyY&CGT-Ye<(*gh!_}*QU5)SkI`lKo<KI&xGcKFSwFtwfUH8x)@{D@f
zLY}WD__%4m%5Y}|qKia{nj!60ih|^-t0m5q2R&~epLE^tjv?R{kh(|;xmyH)yRHn;
zSab$SLLtnW0UAIQvss+cVjpl;6^`t>-i+gCBLBxKOpgk0c}KJN`+N;=fv1zZ=2*{z
zX|>Zrv>VAgA?i-@=pi|(&{{~EZg$!OV7la6p%i?!>_RV#r%tBX&Kx}!l_t-aZOIBJ
z2PZaOo=w+TYc18vs*$ff4_8JG=d*lA=m+-5^6><Ek;3h2as&Fc1S&~In*-q(aa(Jv
zbJv}D8kCwaIBY|P*!Ocw#uV*LFDNomjaKx_OcpysmPJ8Y%@#|G0U&07h{a5R)CHWX
zh;OvtOpX|1_`4%A`FIRLKalSev%ca!3-7rs`2}u-MVdAMOG>a|zh?m>UzBr|Oa)N&
zmkUGMgL1uxwnvR^(Fy?e+mr1d%suGi0J?*lCAx{^Xy_}Rf`)UWtuZhdOji#_M$Eqs
zrRQ<;-3dHi_@O=VK64j6R)zK%^d|S~<=E=8Vqu9VEMsJMew=B#);n=S@~dbdwS&Vf
zTQk`#Y&~fT)rj_|l%G~brL}>Kw0<YByB);mQM;uC86i?@<r@Q6aQ1fw?Kq*mX5W5d
zt9!s&{epTG+tc;69QFvC^@_-GB-n-XsDrjN({+$Wga`pp{jwA_5z}RPJ{*yQXs<zO
z+gn}kC5P!2#0GXgbTX+bJ!9*5ji@3ZU}izd;*uXZSgq2u-HCh7FB|<$0@nmS;^CCy
zUx@y;wSAUd@cjav&!EqO53Bl`UofI1C*1e*-K?NaTf}GrcV(t(t}QSXu`DdB=)T)h
zv)w=+V!ESwE3@aT)-8$%YG#0Ppo!?D?a{ui_(iT2g;vbZ7C0<E$uIbua+i{?*4+n&
z@pZYqEwdvAZpEFXGjNDDbuz~{I!t79l%-f^%`T2dR6+H^<wSka;<I`WL>AJXrn}x0
zGzpaULa)`yTG@aWU^?oaX{`#97?b}+t=D(lzn>|J-#5Iy1)fgsnpb6UjOh)XX~R(?
z2x17f%Q7YWvluUx?Ys!d<6_##Y`SwScgY9GU@^zlB0q`y*&gBus`VUSLYZ>rvuLGS
zrUHh9+%CO^_E;&uzw4}?S&?hklQ6Av*ZzDWLyyoy++$BC?`}+Pup?Z6uG%^$!Uo)M
z*lbn$w97T9TXnuChN8<`XKFVM*17<hdwfU^iU>xPY*&OA;Tx`-k<nsmN1V5|w_;gu
zjG8Nw8RY*<r}Y<RW$2+Wh$nmU)sPI03w(&T=E`3Ju#BlYnL61vBk+4!luX@G&*|~V
z#Pa@VfE!kwHzrfK5Cd%c)^~=fx$L(gek3=8h&e69&r)nQ<(PGj03%29_i{R3*}gxH
zk$7Y!e8RlS?0Pl9#;u7bD>oH|TkSPxZeW6Ra5ti$E2UJIv&C#dbeXfV?8?EQXqP55
zz#W^J0Uk0HrxWamwps};{VB8+8f_<dM1+~9p^P*>zBv%SFRJqWBh<gzF!)lV?z6MO
z1D#kst>(9j>$zY=7iKtv6{`a_oaWY&-UghqjC(OqY(e+sQrT_7*vkXZj%jZLrc6qS
zu@LiUrO^pTVw5&rwB2?9+aw{J)uC2lA>M>vhqL5gR4jhX@R>gqE5808Ywny{kys=?
zv!@ISqcX<j4z4+Kl9spNgyhye#E=?_^ltA-xGXP@9J@6EeP_EXrlBc(C`!N=^5r~<
z*RHk6`%^dFj5T-qe(CyV?M_~T7XE!U%0~zB2NXTOk8a^T_@#H>-5N{2Fh5uwqOM?<
zv<e(;6;mPS3Ft*GB$>0^;)?ygN_5X$hMPPsF*>FLZzVSCh*UfhJ4y$7uDT`dF{jyV
zBPEhcsEco<t$<_WQQjPEK2z5ol;p|npCx#5`>V1xLULJ@xLdGrfF6vhfvGbCot2>E
z7MRm*nA0*|hz%}d9ty?Ysp|AbsEso4vwgl!`=!k%FscT{8Nl{M0xwggTL%pOyE78<
z&r1(L4;jMqTj7Drzw0VGVl812vuaUTZFD<uh8j5Qg{MIx7au4WNX{ml6iYDov3|}U
zrIt+$#K4_W@ur*%&1bmgYs{7uhG43dzF^`ZXY=~{Ye#hMmR?pS=H--=X5DYKi@d|W
z3ghn1SSty^%=x%q^GggrFiS_kh^FHmURauQ&PsJD?7&{L%u+szf+^&!y7V<L(sqY+
zXx8Zl(Dhj9Dl=VD{4^N2&8mqv+1E<bQ@M+eh4BcL{sr(Nfza!(jLjo{cH{Wf+yK0N
z+P1`LNtou@Dmrazfpb2jz=9HIq;wRdQ?^ey(RZwprv(}SDOg9Fy|<dOduRueCF$?0
zNR76utZuTuXT`ZMi2L!G@{uUGx4;+ay=hLcanW!r+kptVPfDs_g;`=w32}{7^e{d2
zwNtN35Jji5x~h4w6Uf*iqjf>ntA2S_yINlHoms+EQHOIhTxd#{k*oD-_*QkPf8Y7=
zwF>bkvGI3xiO2WJ74_O3*Q?1B(ul}JhjYEDQ)+D1J2bSaHbcXDGYACJV+?S6pf_zB
zwiw%WFpu0tCv*U`npO8yLrQ@dlF>Bs5=v^oWWyL}w{+(0?3;W!_{b6cu0r$g%Za*&
zzKQY8jj>r#EWG0Vl?;VNm-4hNM+d4ZkaXH)Cc6egNt?QJcTJoQ=Y9(BO3mD&TA2w^
z)LK=xt6R{k-FVwCK*)-AK{~Yp+e3eG<gVgRB|$zSi7LMQ{3@PY-#>zbVtT9`73J5}
z6rcIV;B))aCbYHvT5{%Iy;^%KHeRdqxp3r8O1)JHxH?9A99Pl}eGolSGp5Eo3u$6?
zHp!50Q{Og!u|eJ#aDQK3^#$<qtD7Vrn=!rajy;eg3R^)^Upv#tuxqr-Ta@HOV^KKd
zF1E4b!8w5kU}g+09_=tHJ|X*EBCR2>#>xFz0+*X3w*oYYRbh$^x{-E;_eC>rw(fVO
z!`={0jIloCP1@Vpr|Gi~Zm>_FSJ~b!$8NOc?f?ujJ*y9FU%_}h=XRu~HVPW5^VDA{
z_69ia6rpZotQOoOTw_-2Y*}Z^QyR%?JJfGDKK7I92yq0ZByhL4n(r)2W4tiMXX`kA
zS$e<Ez)@UQ@S>XB-af)rC5I}o0O$%ULY{<*V4C<~2h7q=Zr0HTWzo%4vXX!nGs6v}
z0AMZ9qN92TRbtx{hH!2pcxFsDpcF`0bI`#P1&p-PT=Sppz)Vv&{_~YO_Pbi{TOZ-S
z&N5jvZrQ(N34J=|AJH-Hp)dV;cVhyN)H{}iAHj^;?oDEcfel!4RloP@Au^J7Y9fJ%
zpqO>smW63;i>UTPdgCV<nw-?g0n$OmG8S<bu~4u}Nfmla?ThSdMwQYn8n>z^d71g;
z=Vz41me}{;)5%Y_#xA{^R2vwcH_yBXhgv8%e5p!QIE6Hq@-XRimWyq_ZPzh*m>Y_t
zpQKqWBRQqG3yB8$4s5}B0S#HDtp|{DTs_yi<H%882W3{*u^Yb9C676}Tz+a;y4B>$
zK=nIME_cXJLVanEJ+}y<FD`gHvsFYF>D9SvX5loN?a6xBqo%`$uHA{doeUn2teq2P
z(CN)ig%Y4|L=s$JN44i%&dY3`UP9;wStC6?|J7it>a28MV@N+Ui##Hdx6oIayuEQX
zk&N*i0F~l;1D{7&5hekvFqk<@8}De$H%LV(hs|87jZ?A!P=<%iRN+i!qboER4m;Uu
z$kgj)vd32CA;}45mK{qqYDe=#eY^7KcNg9<2AHQzl#fU2BL{*D;H5)6#~xd-?f?f_
z>kO<Vh6FLy%*a$W`Uw`-32@#nUD?@e8j1+*h_Fuh5W?(?<L2kkw^N$USG=|Dx3=G}
z=uiS?saP7AedNlo&(vj@l;&qu`yMNLd4s(C^y|ggqL-`VX|*|?<{ZmP5^NOuQJ1Vu
zyrKN+JTSB6x<cd4QlG*ZxF%JqBgLtKWO&DR(~vaQW^Su1tt+e$IXUO0<ScM_zZ^LR
zpNRAS{EPSjeN_76C(fi7vAriv`lt8x(e&(32~r>R8}VcIfQj`2c<HrsR86i3BaG5>
zWPgYNa1MvfGLuglBTVapji>^S09+Dr0~}U%JFMqyz_3dZ;n!drS7e~AQ~PMm=av8_
zW=Uj6^Z*j%a#~26^VsdFibLxIzuD&!yCz6mjpuz@YY}^hF7plUbn>=!EwM7DdVG#3
z8Au4WlO%%0wZ6GM%gU-GEbgEjPMAV61;he*ZtXGx1Ps@t&!-Nfo!M5}0vwH7QEDXc
zp^=(}p5%?uCX4%2<o}_~{Pbh~N!rXycb8v}s>dRG-U2@jtLNs}XdmO4A;Jt+Xkr)k
zA;>_CEM?JpAWpfPr;5BJm%U{1ybtNR?zR@@td>Nb_gi>QpE+B$c#df8e#f6c+v*Bi
zE<?5c+Fnt)N&BfFh#%Mkn&J)eB7*D1<ccz);Gnfo80COVEfB&G-{$8Wq0d0B(6e|c
z)wAXh?aK39t*5C~b%qVp0&c)o9jfcdK>;r<AWYJMw2<iqA$m2TojQBue)2Xz{?kDG
zpEi{j*<Btz{n|%L0FR0$uL9RHQ-5M-Nn(ELdwMLO{2lhC>+bK24J$wK=Mo-{xlubw
zxrGWkDocHOgvuRs;%4+2@K3n_aj2^&tzLDB%|O9kqclSu;?guaXxblh+-PWnAdI@T
zwxE;HBm40AE59b|{Cz=M??3DJ>7sYYZ#v@I9;<~C0N}7eZJ!YYLmJ8~W;DG+x6PSy
zYid{!M_CM#y}V3$#=$M6)SZy&hegYQ#1TbR!&xhVruKS`ZKi!N%-oZ0LEkY@jgsNL
zk>)eC^MUo}4e&*RZ<<%7bHrLyV7k=T1<Nc2{=_-qW?32#n6&F%o5}$SPXR8YVpc;e
zc&)D)_<UaFN7hM5v~xkq%nrz|TlHMwW1T{{`FY=h$9ALz)i&e!ZK;p<wKLz99K5~c
zjuZZ;5W>rA$d9JN-)_vh*9SkFCf_d;_6GOb#V@Vv6d6%2tV?P5$N({*NQ-HcDPXI+
z47r8?uxrdsA;jK5&Npg?%vM#uRwzwjZGH#s$`FUwM;n6MbqV<v62(N=$${VHbBp`h
ztnkbH%LiACPx3EEt`)h`w}hqa7ewfjwC!6RId67b)xu8L0ng~hiH_NZQc4IZ@-@W~
zH3ba*;xyky1#w=gzB6DFB)hW)C>74h8c|&K|DE$MN3C5?RTn;q%_Sb`#tY=72QU98
zH;@tGWF)_2D(I+lfg&+89bec9u{9HDm<e{aC?sb|xOM_<5ri4$ZmpR?D{F^heXPx+
z3@m9uN0<E^&Oo0Uisj}sH+_C|!N3%{e3kzK?`qYJsc2!@WuMoR+&Vel$FFeADtIEm
zxVn(u6$o~1d-BBNcKQ5w1>Rl@6W%iZ?;hU0?cR8GuNr(%ZKLj7w@ytveg;6t9Tcy9
zYG+r^@a?epdguRq|GLX+cK^ETou6LUy5$oc)$1#t?tOR6kB;1Um(==kFy$km>2HBA
zv*1nhT9|A^RC*`$@=ng96<95E9A--8=x|lES!tD-W7%#S27J)q9I-lxQ!-joxZ1nz
z8mRR~EXvfMMN|7M?6qD~yH?qkVR#&-V{7>*Sroomr)J+@r{4DO&xyg`FYGdE9eevh
zpJfI=U|@NHed@}WwC+)%lLj(7ND6NkC$?PVY$}s&qv%P|G%c3tqL6d$9yhtNL^6c4
z$$5M*@fGE%invIvGshiSU<zj0k`PL%QI(-q9ToddTK8)|Vt=#fz3_5yN!>0E)89)-
z`T_n+XWZQ#tJ_g!-g?_PgE)3u5OIv04^1*eLUfd|dI?pGx)e%8%}y1lt1*fxHNwVb
zeJEUy%*zuR?dT!UaP8;=h;<^79?#d&@Ai5>S%j*|l>_S&fzBR^XuXHN$nx&SWHv6k
zb(5>i78Wz7R)=#d$T0!iDogBSj0yRQYnAH2fuTv-*v`_pHN04&3xdfdWv1?_Wge&T
za16K20mD0hZMNqgse5?jj{T;v-*3o#e^iTjVyC#1-nSSk?i`)J&t3TnJDt2~jCE9&
zr~RR5@MYx5QygfvO=Ba~(LJFH#yIa+S%NH2_24_o**+G|eAl>^HJ^H@oXpP~d3i1h
z^0;QylVTKYbAp!mK`79#jd!oiYM;f$d_UXs3G+z=jUQa2Vn*b8b~Cc@328a&=1!~Q
zptYeTz+y8RquU@MvvuIIIVPeeEVH1kP+UdnXmLzTN7}T9B3`d3$_@do;5czEwKnZ;
zmBTN7|EIB5;6sjq`Wk9gC;0>%=LjHhMGb1N*ul#v1<rA7FEI(qdNWP=El>6I4Ah_k
zMG0R;lAPp7Ny#}!OCnX|ceE7phG{QPIIa<mMeiGlMJT2oIhkKwT8}C^H$`Q{e7g<<
zJIhYtS5$1@KlHr?z6kzJ^GZNA;?QU6(;mwYyOXy|y`<3r(XkXqZzUHGT|u96a7DP}
z%tP~R#is?2z%$6FrDU48b%HZfZD%Ilna~y}uNEhb_hddV$7Y09&(THD59Ce(dK0mB
zb9dcoAV0Cmf<NA=H%%E&a<i<S<K(c9oSeU5yS(dwyC?6y<7ad1`>X6*;OXS9d7X75
zR@%i1l6@iB`pBYd=k4?)vPqpXTM+X=dTOVnoYwwUlw+AC9lt&7`3R|j*-CPv!t56O
zi8xG!IpA4pF&s%<3+zHtzeU}Fj*P8&_IZB1JmU{|nXZVJxpMhGxnhiP`!dFvCy|I_
zrF3e-;bGosGvd&w%hL{G52`>B#J1b8L`v=H6J3`3DWBKVWw}^^vL0wK5$!43_OPQt
zboeeT_L~m=+SpY$S9`1JyPwt>0v`(Te+zt(!<*&=92erhvD0mMfa2NCaE)0_`Aptq
z&SC*2Yt^xoEwC`CHE~*1tL-usrI{MhG}AdJeAD4z>#WyhiEVk|7;NUEQtsgGv608-
z-QN4OA5$>KFhRVvRD2T6kN)^RYs?GmMfA_tlN;EGST0>>S!Zssx`FyGyX>-lD*zsL
zge;=!Jbg}iYl7DoNw(BBf{Hka0^>LV&r!yeYkF7<J)!7{M>QC<%Hoz0x|;hsUZ(DI
zcjCF9QeuEV;D>guXV{Azp06i2uwToe2FrmeW<-K`2is|QT4e(v>3ba@-3-^{=-7G~
z#F*0!C=<XQA<$J0nQGXpF~|w$e72d2%>KYDbeo)d$!~Q)hyR<D-Waj5Jf`q|wXuv;
zafA7>5(>iTA?VmZGy{r*7XAP1efe_RIP&oPt*7W8<C?YOkkoBkQ?pw>Wasd0$5$$w
zf=Eb$MG`bYN>-fgvwubK5Jiz9C2Q==d_q+m5d<1Q1AU;o0S-0{<M2-Zcz1ibcXu~z
z?!UiNKX<P-_j~VaN4stMxpZ@c9&c#h9A4LqhZ<8(A0CQ#d#77>L#<e)vz$DH*j2{U
z&}b7)O~>JUN18*Z9D)AtyhocqecF6HE9t%Ocet}f3_Q^HulA06or+dF{M@AvTfO5t
zxxU?zcXzjLj}A89Z?7w*v(5K|JzQ6tHygdCWi_vkuXau<?Q3@RP$PRCd!}#j=D}M;
zvr4&#Y@S0-Ay^l2!Eez6mW{dVp{caVdAE%}pKkU0`^EdZH7I_pbggS^P$zf&%6hrn
zt&{VkkMidC(&c^qrhRx?-D980W9_JWbZXp~<ozD~G^BTOOWo}ac6Le5ZNx;ld4j?k
z4-w8ET<ka`EmUDss?4GPxBy)oJ46*Zglz1tAK$X_89urmt{+_QpEUKYN5iPU-`z8d
z+Q!+=-iEGien0%Ie_Y?HoYju^i^o)HTE?Jv*}J*gKPER7xoz&&QTt+ZuiKJ4-#5-T
z@R+(dVet2dEvSUqa*G%q9<tFDeoY|7u`~}&doX3u{~>x{a$N9s_vu34+ivckko)HO
z&S6i#ZGT+v>%GcgeWQDFc)NGpJKuHAouiKjP5t5ac=z~lxU;iAxc+o?)NKz?bH8$Z
zq89J8!Djule7!5L8@DOsy!h`tOnQ_QYGKi_i6)ZpOAuquo$)V0{I?|K`=IxrOH!{o
zoA1LM9HK0G|L6TI$Iju0%B5Diysn(~wT+@y89r2Q>s7Lj2Ik=AfgSAJUiW$rN4C+r
z=~zd5>%;pEt9xDSInBMt?;p|a&B1;1x<)(5{B(TO{B(SDPg*&R=E3K*QooBbK_D&$
z#Q<~Me-+7@b*Bq?7=PCFwHtE@%;f89H}VP0+pB{Q_vIea4=*ks2lZoicTaa7+ZO|7
z6o-n6nXXjL^|NwGseM0n?n<V%e%yY%QXfxk^?hGIzB)Op-(1`tRJT9dLtEY_8+)bt
zqFnDUbbal@?8zbaXEG&+*C3^tk>{XZ4$@x_ruWst9Q3PIFHCvwoMCEh4G!zg{#AMX
z(m6Bg74@ihdVeP~bL*zp>0UNlS6iR7(~HvMXLeU{HslXyC)L5Dt?chqTOIT4^jtZw
zobC4U_fuv19({BV?&35^AEqn@zw&C2m4SLd)VtwB?R2NOS-m-IUeqqllZ*51%HaNH
zTl;W*)OGZ7?_BB2)zXDg#`;-N9V%znRp;*J5Z@0z^*i+@>$g<x>TrGkwyD?~)Axo$
z<a|%tAD8D7wj3lMyz^ZX%Q;1@Sw&kP>Nj=6sekCw1AXUVTWNh9mUL~mdSBk?H&5?w
zw)U%sRk?q6Sved&l&*UF?+5ageEM10+1hdF`rbi>yzgBWA1h}=RNMTn<o%qCAEB&R
zN~N3}&Cymx9#+H+7XK?H1n(Eze?JSq{f(1O3_`sxDH{rwZOm*Yn@H)Q4wmj2H5SlD
zu~;nDt5yDgu~>}%Uo6&Zzm=->jdG=0DsR+(E0${Ya{V_bE}-qq<S-jqzZIX|R(x=O
zljKrFGL;C*(DaX-3jZyIu9m<1f?uYwlt}+fv509i{v-}8Vq=MQ=Wio}{!8_8DMtSr
z)s51U{$C=!`9Ho-Zz0w#Fl>W}9}5L!+gLa4Zwhq`8(V)C3p#rI=I63M%e4YGlED{P
zS=AK~MTHt|(h*f+0bexWWk8oQ8<46(i*#DZ=)lU;(TC#?C*R(mTwMNKStV`w0-^yz
zkbin|e)&^?ukZ)hU2FhWx)g+l@JE}hjg^6wr|sR{=EcRgPt9BR>7u!N-n{gl{w=Gx
zFB^`g{oz4a`Og}N_yLOW^$$>K0f4u>@)R5CPhM)}DLUMr@bwS3FPtfQ{W(I95WEHp
zBc+RdD+higHk1kgZBhV;<8ftmbtRU!URql#05A<>6H3K`N)23i1B!-`;h502s17E!
z`h+?REXQDlWQ1F-0LOBh(iXBn6x-BNF#P!8eS<Bzo*u84Qch#>axKJgy$T%Fj)e@B
z>hJ@)7^xsCQ1a;j{_O#f+eE{X{b(0-wZ<GhmOECAkxoi46f<6Lyi<`@@{J;^f?}ps
zm>AY<(-NRTRAK{vVfv5pf2E5oo5>x`p@zKcK1f5PYtL&VOaCiX>oNXcuT?5b{{IpQ
zndHjb{WYLpE~wa({rq_w4oS;G))3xfO$WX<piM2<A)Os$bP5L2aRc~bDcD03H$d|$
z6#4<oqEwTrONH^5P1ES#6;v9sF_XVJHqqwh1X=XIQHjxixmYhP^}iQMPfsGqZwq|F
zB|gjivq~@^ng-radqClK`{)qD^#I6FfjYM7*shue7G{oSONGlWVPK;kF9FE1&=6=F
z?5>3|^pWOZ)+mU)icL*dNwo2!9pw1X!R0DmH4L<mEsLm_!K#XxO$_9+rnPBRT)hNV
z8FefLuNB_PKYte7L8`b-3=BeiqyqQ_R@^Q%{)9HMm<>{xJ?et{(xUn;(luBmhN3wt
zc7Le&5hN(BaS&_p!)*&WnhmQeQEXTnwP0!)K+2gwZ0c3@<|fiR7kXF<8>;&=d;as$
zf2$>WJHv0jQNUAlbY$jX3R(NV%0_JeSFUc9H<tAO5^0h&_(V(oJd2}=cIhf47Saak
ziW9WdYVjKBZzOD>mWKI)98)(+g&r}~2JG@Sj*wZ<v5iz@qecP1Q!a$3Cy+cv^w=fx
zpFhR%uDSazWEj-uoPjkw+f^59y2QG2m(rfl0B*=&j-p`3CJTrIOgdfe;1_G&K8_I;
zE69=vvk8?5m5FhW6}tgK8)*!?g*4Q{n%|xajZ;Vi{K5JIU?x&<1KdHJV+|vQ`7n64
zi;rNiPfxHa?Ymn5=|H0`5Il18hbrSTmfs3%(l+yO1wX)WS%zUlIY#oyKNDDB+B}CG
zWyBdh*6p&cRi8VqMW)+-oxUED3q+R%FX;2a1P;B5Ow%2RlxvN~nPBqI*CxDQB+beH
z&Ay@`qUTcyGx&eGUaQ6Vf3;j&^8c4eS$x6lE0S$$&u087CH!WxOGwDFNgF9s+Y8E?
zu83haHasSqzjU<6q9`VdtJ9#oeML1#$Ga{i%qF_bz9Qt55Wl8$V<uKSxs@BW%%&FV
zxY%OM$43Dmp6g*^Zg3F>4}dsEj;M<LfrxO9k$P<r8=n{oE`Ymp;Tr|NfPej|{}lFa
z)=piJ?>Ltbn&oGv2zN>K)r5Cy!AT0AUNDi+GpZ!hd;UssvVWdB60pp*aMl*J2L1y6
zKd1b+9K*m?PK(fV`Cl#;i<P+iFV~m;{})MFOvRt*m<nKE;F1DXS7YS07Svpe5|uAF
zsT!B4Gf7Rif!7e5zSQ(hWu9c%^Q<$h0SS?LT(0_mTN-W2I$}1qWE~l#?QQHlI^#v$
z{fli;&3{q}Q(QJalzsl?64{%>O1&%|R_a^8JHX9aL8k`9?oQ5xC*9X1U)Zlnp{#>Q
zT~~N3rjw8*1;Q|RCrqdf{EHmBr=JCHBE~BHfCq=#?p(l|09y?x6^nY<P$;O!+tr9p
z^0a#Bmg7xFt0lMVGMUtd6Z)ZJom#`>+`Nc6;-!7u#H*&Dr@X0??0)4#k=OnROYz!i
zGgPjo_aW^ur@F|n;#kBU?s}GAU+Hp;ZT6XAi!YDjDDS|cjv2{p$8ys5BUy@Ro-z`C
z<QFygdMdX1M8Vq%_uG#&)nrb^P+S*He{iWE5d&MHl4@i?ce@!Vs7VNQlY>A{wy?
zW}{pH)uLwfS%mGw!|>U{NIfyM;W?!?w?++_jrE2XK;RXbhV=CJ<A`??(X$k5ULs-$
z7lOFclB6;!=|q!#-@2%fz*N>KRisiyDhuO1imcm&4BpbIqiLs9Bg(J=AKJ&%KD98z
zMu2JmM$iCvA_!sNj4;X*mC?hG5UsX_O!$}LSQ>~7#2Yw0xwzzlqan*0Rgl)D%x;uw
z#bQx@aEKlJ3xYTP1<mvG5S+I#p?UM+^4spoUh~gl_{t062_G|7xJsBypFZthj!)z$
z+{J$n-b{B<A43ac1N`c$FxDP+^@1@diU~5a6#1>B45fSK2RuY<o8$GPGvfv7d;w7f
zS#g+6b@=+#iw%l3;Jr<61H$rck^p?7`0u}afk~@c0<f@|@+j13O-Sn6pySTSX$*wB
zn5Y4xfNGPDEozZRjF=Wx9mNj9aRaqnlr1y}R0<E0?5|EH-LpvJtA_aq0p(ea0ixKl
z=zw7hl&(c}45HY@NY&i;zyChDuvY%F<}Sg6{75TV9AOr&kYmw~vE|4__M8@0Yz<t5
zhZbRX4%2kR05f6$@%L!lSZp34gs)-^+jzbvA^;<+a0FYiFq#)Oh~Br++C;<tj4?Te
z));Ngn)!mWJZ1$Lo98cI(g>3&7RCnaQk%(dvq=*`@2SKB(d8ZqAg1gsA|U!xJ24Yr
zIc<4N9d)0mn9e<5zxI4%4V%sjE_H;@TAUF`&ycYZ@k(r1c?!8*&`_USdyicGFQQTf
z>YB%hRboZ@s=H-Rk=<=1^8X1KZke1AqEa*LLPS4gDL|N|Og5{VQ(D!{i3;8<=jmpw
zWB?#S4SAp>6%RmZw37y-OLgydA6YU?J+D&aDH5(S6j@>+iuuc^1|DzJD-qXdBA~Jv
zX?`|34-<{AmatITfV^_kbhP|giySyNd!!CsRf$cgfwZd#*-o+&+tgsykExN?U?t*N
z-<)rVV_DefPqK=ey@PMNC&&9A4!*rVIci3F#4SDz5cmym3*K<~<*1deSs8tn`jTPA
z!gkXwG6vE@MhC-6?;Wi4q4DQ*;0ep{>50$5N)J}XXUE4y@V?LICa_pc+uBVbh_peB
zt%A(DsmmmLr<t7*^GIb5X~L=p34Sc#n<QuIb~^+V8mYKpa02IU@(f9{g7b}P2@pMt
z)O@}5>Mp3SKCrZ&Chc!iaV?aEgl-7c10rM%JiF@Hy0I{`k!1(gi(}l!t~mD;mY7*7
zNl8$G0IX3*W{AE@Q6#W#+QU6!HQ?#zcn@NlQfk3*bttvin2wQJYEp+tEgDfNCd%Yi
z9)cy3t~pG{dY%SGeu<HaF<o5b6BaY86@CR|sJUV?W(viaKxB&EVkU)UL=2+t<8jWw
zj3ipmYTw;naFr=+(&P%15NJ>WB=h{49~UvbGbvBgq~*9Utj;m0(E578C2WjenHK3I
z8;gPQci!j--;ueHDAwmkGewM83Bd-jp0|)9cme4_a6-!Xr-O-ja;3#YocJLB0YN9T
z&qpxC$yteGbN)z@$ds++>RK4B7wO$=M3pSl-zCi%|Kl!VmiItdR{U?Zx)G26DOHx|
zzg{F|v3Q0!Q%?+py%_U}C&cn(ILKck{B<VrMm0P!dYAi4$g#WBBHwwpq~0cz2$e&;
zoKp?YgblZ$SHg$oXx^bbWD*`-!5Z*I5WbGZ#=;jNbV)J(u8*yjm(M*`!aM%)Dfd5q
zv(`HhJU5x}b!LpWh<6LxoQU7?s?UsnzuDKC2CCt6+;$-a6ES7P1%Sv(%elUo!#|J6
zCp(dT7f7`;%{f=6@@O|MFB(&Wr>kk4dS@#iuD!T|{Mu~#FH5t^fA4yLnT~&E-~UsY
zIR8_tF5`b+B&AWOH_vk&|4gz1`8P_<aYD$i=|_Vt=m_c9=>E|sNQ0}qo^^UO4?CY&
zFpIYexC<*~A0Mo*=Nb+sR@;0V_+;wIcQEy3rOtf(f2QLf8T`LgE*8rZ`@dp&$^Ty>
zWsvij)l~cixc~D`lK7)~t%D@qrO&S!E8j)z6CMU=27yZ_KUO+@0>fudm_??|tF=Om
zj;li-AR7<RkTZCV(w<|2&@Txf_&W{3Z&38&%EL#$ddI6Stnrl=fbLw_$ac8Yh_xdz
z@69MgoL`j^t$Rq3x`Q;Aw^<$pADpB`-%Nq<!E4g59EB(Oy@}LzH@{=G_qmu0Z<UF_
zOKZ}ffmMH|LKp%ug|!L#;P~?@cPX>CHG-Ju@fCrX9t{K_Bw~g>L$@$r{f*Ec;{|dg
zHXymhBTgVOh{}*gK^sr`PCGo!cl04bxPBjA{^Y~x!~!4sR8AF%Wyy26U_h-NF*@AQ
zERVT}#||ANA3KO0JQzQEu<*kN6K4#fQS{7G#slYh*nghL)bNaeANm)0IT0xO3j~|{
z;|(Lnqhk(YuV;wJoeU56Ffsy_5YWB20NRNNV<}J9+tdPY)dMl$t$(p<G=+#-dGZSW
zOojwrG=xnI2mcX!Gd4<Iu&YxQ)*nYeV+FiJE21b0i7(C_!yx=BTEDs^Ny#M>KuB_O
ztNhy5lukcCCV6_~afCPKiTZuP_|pXHiAPaPuKZ}f<8SAVJq?<58SV54>*wPs(022L
zs|Hfz7YSEQj}Z+zniwM*yi5wOj6}fZ2^Sq}=e5E`r;R5oTy(PTGr~pl27?BTK06q6
z0?_k<L8pLQL@?+i_-6!zrUF|`FlZ?;qO+7I7&No$+`*s;qGOg=&<Qi@i-aG>q{?)O
zl0KYRd13Zgykw!0Gh{SlurVPrvjF)eL-xdod2`zDEF<$|+?n|QtBE;kpj*q0;OOty
zwm>e^Yo^@x{{bSl{LTG4oAWo1|F=4E|8KFly#Mh<(j=#Kr<nf{?`bQC1K2J4k+xD?
z0RGzv7eJ7o?gEI_T&x3_kI#dg%l&IoW_whkY47-hV|Fa0;=jTd93X#Tu3%2Pf1w9B
zZOJ^>1)RLJk_)BD=k$d(9nSpnc`5<@YChmO`2Rg^&GspX4F7MXSdaUE%k@%q$^Ty>
zJv~jM<#fmIt8)DovX$;A?DHdSO>q5ex9)V=a8Fx*p<v)&#}X2Xcu}*W$v5vp19&EP
zEn^j{?^?J`EiCd}9(hZs@y;vMMkMMz4rtfwbrd@QybOeXw8@LjrXWRRNEjKXk_-(1
zY5T*ed&F?NKIRdOY_k0hgpejL5KCP<V^uO-aWQ9{3v=XJT!1@n!Ok+ymeV{BORr8o
z5VL!ACJeKXXutC<ctxo;?)39*c%|~@Q4|qL*29@Vq&mgZ-QvDu9KHzKhlf12f7F{y
zmpBCBC&$!qizUB|#j8Z#L}FA%_p>E?yQcYY#=ST$NdQ1n&5_p6Qmc=AWn(7O={<-V
z{US|gG@M|ZglYEH=&l9E(@Z+0D2lEcKUIro=oc0K`HvrEi?Ia-fIV+_xL^$cIX30%
zc^p5Nw1*9!J{P@KEUMvObhXTXTx;6u;b%+!q3b8%L|7rg0TE!|#FkE&i)<!^HKLy{
z<1ul9xABF*9pQT-CfyKmSJp_%=IX)70XoqGld4RBdAboEc8eWx8@St$@e^(fBPahP
z(%+k^($C^$5m#^!>mN#ExzFM)MubI97bct=%){vN97>#-46-bV&v)?s0}P1IaqR`?
z9y9d3C7L7p?);d}L^W5FmdGAc82`G39hIU>q$jBr%Xoohn&$tJT&0I}3~J$LwUOcf
zFV^Dczf1Lv>hk>Gi=;PjifkKO1_PUdH`y@gVgp(Z(Og~u!RH60!W-aU_-2mjMc}b6
z)->p7v<14m7a~UI9avaHHtA!2{aqv<8EWAT7`VfgMp!j1+$N7$^)_|?w<f`fp$&l=
zyr$bFFtG(1F|bsS_Ab6%*wn&>H?Zq{JmG5h0#stLg47|l%>R1bFG#KLmdyVK8QqTT
z{s|sg-;hUuT1e?RCbWr$S>dh324>-{)Iz<&Tglel-_#<V!rT89-oO>I2z3~I*lV(a
wWLnhK;tLW{F_OLF7QHV>eWp+q%S%?dOv|)PzjFG20RRC1|2ot>W&jWb0K4$YKL7v#
literal 0
HcmV?d00001
--
GitLab
From 61df706d68cb5ff7e1acb7457440c9262b8e494f Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Thu, 19 Sep 2024 08:38:36 -0500
Subject: [PATCH 14/30] removed changlog duplication
---
CHANGELOG.md | 6 ------
1 file changed, 6 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index d85dc22d..fbabb6f0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -27,12 +27,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- Gluon from 0.5.3 -> 0.5.4
-## [0.28.1-bb-4] - 2024-09-05
-
-### Changed
-
-- Gluon from 0.5.3 -> 0.5.4
-
## [0.28.1-bb.3] - 2024-09-04
### Changed
--
GitLab
From fe598c145087d9e9e90296f391e925d8087ff000 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@renovateapp.com>
Date: Tue, 26 Nov 2024 07:20:00 +0000
Subject: [PATCH 15/30] Update Ironbank
---
chart/Chart.lock | 6 +++---
chart/Chart.yaml | 8 ++++----
chart/charts/gluon-0.5.10.tgz | Bin 4656 -> 0 bytes
chart/charts/gluon-0.5.12.tgz | Bin 0 -> 4658 bytes
chart/charts/gluon-0.5.9.tgz | Bin 4645 -> 0 bytes
5 files changed, 7 insertions(+), 7 deletions(-)
delete mode 100644 chart/charts/gluon-0.5.10.tgz
create mode 100644 chart/charts/gluon-0.5.12.tgz
delete mode 100644 chart/charts/gluon-0.5.9.tgz
diff --git a/chart/Chart.lock b/chart/Chart.lock
index 98b9574d..6f6730d8 100644
--- a/chart/Chart.lock
+++ b/chart/Chart.lock
@@ -4,6 +4,6 @@ dependencies:
version: 6.0.4-bb.2
- name: gluon
repository: oci://registry1.dso.mil/bigbang
- version: 0.5.10
-digest: sha256:4d61124e0cab3daca9e84bd1dc170ce942394539817aa40d52f7556cb66a38ec
-generated: "2024-11-09T07:15:40.659963896Z"
+ version: 0.5.12
+digest: sha256:105624a776675e7156624fe31b0c426acfa78eadcfbdc4ebf77fbffa76f5d88a
+generated: "2024-11-26T07:19:56.76797824Z"
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 5f998016..22b2f7c6 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v2
name: vault
version: '0.29.0-bb.0'
-appVersion: 1.18.1
+appVersion: 1.18.2
kubeVersion: ">= 1.20.0-0"
description: Official HashiCorp Vault Chart
home: https://www.vaultproject.io
@@ -28,14 +28,14 @@ dependencies:
condition: minio.enabled
repository: oci://registry1.dso.mil/bigbang
- name: gluon
- version: "0.5.10"
+ version: "0.5.12"
repository: oci://registry1.dso.mil/bigbang
annotations:
bigbang.dev/applicationVersions: |
- - Vault: 1.18.1
+ - Vault: 1.18.2
helm.sh/images: |
- name: vault
- image: registry1.dso.mil/ironbank/hashicorp/vault:1.18.1
+ image: registry1.dso.mil/ironbank/hashicorp/vault:1.18.2
- name: vault-k8s
image: registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s:v1.5.0
- name: vault-csi-provider
diff --git a/chart/charts/gluon-0.5.10.tgz b/chart/charts/gluon-0.5.10.tgz
deleted file mode 100644
index 8267337b0c040e6c4bceae58466028d995a61643..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 4656
zcmV-063^`)iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH<!bKAI*^I5;5mvQA;-jI~!YgSXUTbU%2m$%MQNnUndrKVC4
z2}y`af&+kZG*0%nZvi|6-qhh^vO-lHiEK202KqoB_RNcDU_Y57Cafj$y&rC%4F-e3
z*~y9ee=ryn{~rub&VLx5oDYwOXD7#_;~xgYk^Bz^H!+!Fi?~4Shr!lk6&LpxX(%Kg
zFyn*<V_1xOF6Is+p-|r+!v&cz#Fp@P?D^oxLjqIE;1@Fc1qHKSfP6d#b%c6i8R9W`
zafjX_#W}D}t>K_|*UQ|uniliFz<%f<fw}!D62#lFBxvLR^W(Du|DT);27CU$jdp!)
zf_>Ce$G}p1?_)N@a78>1;*a8r!oMEBynyVK018~7kq9FJVvd1f9(ls*y`K{f0$nNy
zK#ZX!&?$&H!x$FGi!dMeOw~ou5F8o^{6(Zs66_$QO56<tU0}wDi#Z&+m<tjhDVq9C
zT_%WQIOH^94(|7k>~G(Ca*-~ck^qBIT&V#Gz=537_-B|B#syf}<JA=8OGf>FA>V^T
z5;$JuV)?<vU%-N4U!my3S2-4nJOPI;aRl^NBZOWHl2I!XLF2CR-e|Lv*fS^`xbkEB
z{ulXwGBE|_g4>^*Wymn+4h^Pc=A&?Pq0qwr!{hT|p8rRK)8W~k|8Jv}Swn5VmF&K`
z+J4Db8MBZnSRWKaTa$_EQUAum0h)MN9mt%yG3;HEz#YRAHO5O6_Ixamiv$|?0Al09
zxV{D}HcwwkCja)$%umhe0iYnDLP-WLdjc49?D-a-+jB}UjWNi1m^^YE%y}8WyuxHQ
z7seP2^VCr9IdQRrm_@iC)FRX-!DsA<F&I<iaV&v6G{Ignp2Vj3W(>(<lLhb)Id}|m
z5pS`F5yxs7>anCpy4dS$IJABx9_H3_k50gdnJ`(ZjYrr%GWynI9@7fGLLfy(AYfEr
z`Rb1qBCu|sGl{a2jIrpJqU$h`j(u&rlh^g<p&CFx778$tg%uL|5QU*!h}G$g7KLE-
z$Gc{{d(v9vf4FcwMEq?`!WQ{IIy*fr%Ky>uWH0}3qqWI}aN$@Y^tKlKH4w=#?GP4X
zf=rRqI9>`HN)^Ke4q_qO9a^8UX`0pQ>P-qSK2R_6@e|1(>#44A;TRn?#QoH6Jj70{
zw>p!S3(C+;Qj7D19zB5K)0h$)qtgUD08$irNnM;Q#DupPx&On6z^?-b_dwoU)I}iy
zVEB(nju?N-X1DI7-jP3XCndDb$5s_CS@q78cP(I<!<zvs8NH=THNSW7RAl?@%#l=N
z_Oo5v)fu<}`QNJlSri1AZRHVa*8ij7`RQ>{{}0Ybd;NbKtxc#T+g~sN0t`x1z~Nzm
zz4~d-zRpyM;-qd-qpqbj<p6h~HWRIxxXNP9@HF<$@G;DV2>IByXGF}SiRDn=R(du0
zIq~Sk_7NAD***%$G``r$1@ag~-d_ZxUh>T)+>v5@X(#eavfhJ><Fk=@aeVe4peCT)
zTIr;&h?tjmBG&GGD^d1+E7NtL^_9xo38RWfR;moscSgx<2pRpdeDda>M!XTZPG8}V
zhzhwE@F1nu7>0v^pAD2L>ioDK@ky6aFC?5ATJKgp?r6|3aK$`)>{GU^e%h5VFBNn`
zn_|}*@{E4;N&CFIktiO2MWtfzx*Zyw)X$;rYe#dDV<%!nET6=l-^A#Og2()y95Z!1
z2CHY!8I3~i;k59i{yx%Xn0A4&@RyLX6d%WIK^*+pacC5Xm8DuOsW>XyqV-=S_ahQu
zmKmu*3wAlp)IhBwsB8`j(S&$J5X@Ik0bE8y{ksW|FD|n03?uh-;4R-$DwH>B$p!Yu
zAXtPGpeCZ%zt0n1HsZG#)(S#%gc}Uc2p4QQv|LUtpLq6!%qA$9nGQ)^W#i$oH9WNj
zMt(-xxvhAhMtT!@-W%!>XE}x!(^piyVVL6}rL;qR9|dkoI};3hLIQh&_}o}MGo96!
zuNhedLm~XliI@i_2lF?0^ZMO;r8vg6?NJALbIQedcsdvi>^~wR(tq&vtD^ni;Mv=^
z8M^pj!n5CAy#Ms%_0wlR53*Mr3ovo^wdI7ngiHQRc>jHVBh^UGoPv?Ohj^#wXn|pZ
zaR5no*T{{BrCpH2;)Gyx=GaG;v$Q^Quq7hhx0&y+?+nQ4fBXoh3$_z+L4ElB_n$z_
zaZnf_ep^2VWbji`fxHC%@FAE17zc-51+r|I(SO=5Uf4n8d3~d5YF9J4BX0^Q<YA&g
zW;!q&(%hjo<*AlZ+>IPzhse1^GtBMSST}8ku2PdC#$+d_lUtv;Huzx>eu0$pSQLP1
zP8hx7n1M5A)W=|&bBtV1zJK_ze6SAwt1pjW#dB?xHi@u~ROoPMb7EQB$jfMg9pQl_
zc;*q7dst^9rj#*Lj1O0vS=vX)@VnT<0&g~ihEO|&E8GslXj9x^no~x7b4om%>=?HT
zWG(R4x({!0mvdf#+&)W&t!7M*&bWQl&XcKJo6;z7GyaghRcKa4kwdD9HQD@2moPA;
zq|t|KxPWMV7u7TEhDzT=DO@X7641gj)XM4>lRJ8i6y*-XIN)<CwjivAWG(vYgKtLW
z{PfpCydKeWOWYCd7sSPM3$n-k*P?hb<YvUq=GztBdL&Ml)1A6o2|Nwc7IvFvvJn9X
z*O>-Q2U@5I!b^Fl(9HDo3J@!ImoROvzJz^)#C%+7Q<QK>n2s29ODvm$cIV(VNH}xK
z!}?*vsD4;Gkd$9tCYysxk!XC_1xFQliYh*DU9c1&Qv?kQnNuIz0d=u$1)<;7T8}MU
zX{BrDG$WsSsb39?gT@d=Q(HsTuHn1u_f52W@g!tGbqk8&nl2CBAMJAC${$y|bk`+<
z&;WTKG~O@EBN2LVm?V2yeK^okK7QP6iMdBOSd`_>Z%?0pdh+_!uP>f|`uppb&$JmS
zSL7HB$+||}j(t-1lTS(RZ(%(L>Sf~lh4If|46IY@#3-+vp<sqn-^WuNV!3LEU|v)~
z$*$l(Aa;?&4s4?cRyF?5V5J``kap7=DNU}g3&_8HGj{AON#H1}zZC@wUi*?`hhgzd
zg5*%fls>q81P2SbC5^}{IQ9Bk9n*tLIH)8|`hKB~Z|ZGqa?3QxjJieS7^SsuEhn{m
ziP|3&qRFjGDtY9gA_fi0!4WmO$}&WmgIPKCOEi})b^@=9E^&xgV2r)Vo6R=vyQ8@#
z$m(WV<(sOdwJ|a(reT~sCq~=C+q>q@4Z~a@CQ{GiE4;wcY>ExTf=jr{7<1C($<;*G
z$egS(*svdp<x|4OaQ!VmgMvj`3z#=M>+zMXzFOF_wN?w7Gs$Y9ng;D`i>1e@-Vkfv
zp)Lcg;*Tqfty#5nQ!Hy+X-NkZxSevZ)=If55wgY%46D+ww7`e_`l@3BR+U_68(&`e
zlm(g%87h0!NDWd0s`bO#Uw5&+YuTbrnl-ODPc~Ro7G-&-v~fYUg^Vnaz-Aic*)$6(
zNm$rPw)*y2i<+~#BB`h_^9gc{xbP%RLaJGRGa4;p!|Ie^)Rm^+L2}vp`;jiOyema&
zZk{owZCSt5)UvExZFZYwkG1B1$z|~E3If~mzfVf_zvt(pef{69v^Lh~NHKe5BJ{gl
zPDDj6S4)D#U8Fy+CHAO?ORJYs!9tOkQ%3$&)3Ppq<QAcJMwhqL!)sAP4s=KKV38LW
zWulO%>>56XkB0GkE;kxJ8d*q^t9J{`Ch>C>u{0imF~dUs=Mk>{kHe(K?`u<hLIRfr
zvrP&AOWb{J`X|HQ)izKMzr|CDDcy*M754zNlh*Nk@o4fHJ3?)CCI9Y_YuDOyrDnTm
zJt>QF=25fyR@}QDe0KJVhSOb(=^JbH`ak|f5IZRUZLR-3J1*6K9Uq_W_5W?OI_`{j
zf1~o>D(^syuI!<1uMkUmCfR^HDk09T?z^raPRO@i^>7z)UOF(lzb(pxRdc^f&)2pW
z%F=1u>|$5VJ>3eEZ&&NI$^RXc|Fp>e;b<@z74Ls%=fl1Hzm3+y&N*+Ic@L!jc9lfQ
zs_v?gXgFA-wDv}7CFY3#H(sV>219A5Bw}8_f!X(1nQ7aW#MVhLlQ#5oB=8klDgp0N
zdKraaEQSUc$xXvZ1~lWkg6wP3eHM2&`s$>msAum45|Ppxg>ft%zgd+Cs9%+%_r0LV
z{RMd_a4?H8B<L(pf75{BMLcBES;uE3v(b9X%WtmtuS(5jzg0-XS2tv`1Bb~@WjG8H
z8vPP~DEh^n=ah@b9zi^g8k#`DBsn2LVUaM4B}rg)`p21{K1sW%8o-j^T5!NjBm34W
z@PFN{+U0t)(ie?!lR4ae<;$vKMJ>HiQfc`RU5ZPtD7z%VOa&nAT<9=YbW&Y*QYbvh
zm!9mr_@q>0qE}IH=Hv?}RM|(D4A!hhBuTE*UY3$N??JIavfiw6Kwop3d*5l@aT0F1
zJRqjX3ROiy|L&4qOPR=4m#I%FgZR_~3E=1_aA_g$DkIdvbqx5e8WY4(azTO!|5SLB
zTcrY=`_zSh|FS|_0EknEP17_gU%ZWifCRHucgwP>AuCW=cJ-((4RGDoY@a{eoF%Nu
z#x5DUyUuo8k9&&I_43Kr=UsfeVY1_DSSe_mv!S=AQ)=yY$qG%i#y!ajt<N(|Ct8_j
zn7*t^(bE!5yQCcE#<{DM!>0ALr5u*~Zjo}>HK8yabnAq|5~A%A3LDVvBB8L1ev5>{
zT4cLPC>&O11rEC;6t;HVIH9mYb*z(5SaPG@N?KY$t2Aqr`sEbhjrDW1s+CH|RKk|U
z7L>@^3glj<a+#WYv*~l2lewIaWd473G3ySxerE#fpYPfOxo>ybD*XRfhzR?W{JD$Z
zZ<qM*$*}1EKRw_7{?A)!Wl1YHUi~mX(@BQ_umt@Foz#Q?lDDN0K>EBs1W@R?+W@dy
zUyQj^_&20nm?Yo=dEO)SB?@N@x%ehx!71@~77A7zeS;C;x+Ak~2)O!aRRh)O=lX-z
zjAwKG+{i%pEe6~u|3A~oF8&lqOZ@kEbX?5;Jv$kk@8$n(wCn38Uak-P-l^1|AmPkc
zX`la~lakbL59>DThR<|zgNk7&kBCtL5@*etp}M>qV^9xOXc@cMeKf&S%CM=Ps?1wL
zgGVvY6cIgooN{zLYn?g(3I?(`TKN~-H4w$*$XGe2svHdfb@#)@J7RWS&qV~aOLj7W
z3{&|R$km>mT$h$mTp<`Iajrs(I|#?^I9R5HbzS6PAJyrGV*RL2$uSF+{=3A3H?U6g
zLBGU@Hyr)=QYS=}_i!x~wL$Uvuy_&}hmXeNiwl+8znV>JNF37ilUFp5VAU@R`6}8Q
zEk|Yb`}wM)T}?5Zd=y8r1OQa^Tv`3Rw)-kpmUEdl&p>zjX+yURT;ZIACV#7bYk_=Q
z%ce9<Q=0LORy;@dRQY!=KWbNFJ4yiC?sm9i3jjres`H$u&wF}_gM>eKeO4It@I5^(
zo0n@fogP(N@|~Waii)saMF1kDeu$Y*xFj~WvL5=MuTwd3Mtt#wG#rscBFbTiVkm2+
zWjoDa6#y;GAfzrgV3TPi#co~apuo%H&#)BQaeW+saV76C8&KsYcsD6~`fIarec@jl
zC#O|k-zh_PF8te#zSK$?D~c4mNYySCkZZF+o7-~xXySL^t=uM#m=;;K7?pc6YsU5F
zlx`)pvdQ+u&RM57cd&IWx+i*-S+P$}xR))C|5(!EAhUond;?>&#Qz7U#rp5z==6AB
z|930x0lYy%U>0x?6yhTQS92V|BqE+<Ur7J_gw=Zh>My+WD2y}k_#As4%se^)UtVWO
zFna_Hdq|K4R=*ZadyWFP_W%MsQ+6C2h73>17wpCts(<TS@H+68Km*lNP6<NHz#{>+
zde+l-pWX?|aPI*;iT`-UhbQmAC5-p184<Sn8Bf1wP5xxI`k6kM&usZ4{mK`Cy+SlW
z&SezBlz5o;jx2r^_KvIxy6hcU!k3>ZBeUMo|Mnih2gC@CIJ|iJjQ6aNQE6EBEaGBh
m$KZ^9?pX`&P#4>K>9ueBwr}^j{a*k80RR8%=|u7XiU0ufd<;?m
diff --git a/chart/charts/gluon-0.5.12.tgz b/chart/charts/gluon-0.5.12.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..002bdc40c2d4eb3144041bde2fab7d61a60c84d4
GIT binary patch
literal 4658
zcmV-263y)&iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH<!bK5wU`K({@mT_e)Z%9h=)vKxAt#p#kWY#$<$z*#f)s=!s
zNJ2~!Yygy_cCx>H3*aH}rVbyI6{_M$<ii8-fOp^>_RNcDU_YHBCafj$y$3hY27|%i
z?BqoKKNt*({||;I=MRP_=cD29>|}6u{9rH~9gmJ5z~Ck(Q*03zh&>o=JyvmX{~`^A
z<RfOB&|nOUQP0KPVI&ml`xCez6NcCl{)Rmt9C=7!N*Vk@X1}0d)(eo2$Doc-Pb@<`
z1~2Z=TckJ#)~Pid_3nC^`&QFp{ukH}JtQ!<KSzRiJC+1({C|FYR^b1Wlfhum|F_Yu
zuT8Lzdg>ThYVUo_W*DxB=Ry2YTv7PvlUEmzof1HS3p5g8BtXnDFw7%QSiKK(!a<-*
z1p$aLv;;Z@F=rUV0(lYU<DRLy2pWPz1A)Ja^htspq*RH!VW11l7;!O&Ll<*F0whIK
zzp2XvaSVr?M$Eze-jV(NdrvOX#ZwYsFp4WRAOSd#QyTvaQ^L3aD|@_}f_%xS|4-z5
za7Y5ji(D)}xcDnrFzhQ7efTEFLXjun&?Sz5{%VBKYe6z<MIvb2HQpO-b`pCAg#%Z9
zY~TMP|4$~Sz+7<qv$G5t=G>vdl+1h-ZY~sB_<wkOKFss~XmC0_+w=czv@&a`?YENM
zH&@#)`6^=;G6n0SVrXkJQ9bJ4SU5lv532*2GdG64OA@$ac&f&Dg~FbX1#*!<;~qe4
zTo~8aV8!O?Ysuu_znl4~89e|L1XL)=z-3PWV~#!F;&XdW>7_9SIS-RZj)OTb1DIEs
z%;v%vgJGT;>OCheb`Y}&7lc}b+9ddb9We%Diad@bkcTGNOU9Gf6yJ;?S!}WZ9wG;i
zK`!DQ_AugDEkiw)^hg(beGP}!uf)ULdg0Lt7%>wjOSSO`+eb#<dctE`!8Zt`$Or_C
z3M^m!u|fpa?Q<qkR+2Fm-BNTNCepF5ZFlmz{ybCz=*L0<CbF<XLLZ_qlnb#sozbEY
ztp0e{jCW63tNafaj)#c9jY-%d|3_!1r$zZc8lLRs|82B3xezWKON8Fmg1-hL8Kxb=
zLQIe;avH}=VMD26xWGXyWV=J_Gd4}LT3x+O;l)SlMLvEi`C~oR6)qg3qlUPj+Kq?U
ziS<@z(sDr=nn`MLp3tKQP<$FwVq<igfCoT|BCn{6lZBY@4kPz}7!mkQ;NTv}n~S<A
zBmfNm5y=tbZ`thDoz#2sC+?(#*7?|~!X>NTnewg$EOU4>U?rosbgAa|?wyKkznwXf
zip+ktYr8rFHz5C8^*@V(0JE(;Le2VrG(0~&F6#fm`Dm~IZ=<ydm1O%1CP08eX$m+z
zEU;HU?b+9vDp8!&Eo#)Yw5A;3F4ShCH4|4^tQnrg-WfiIxey^A+xCozc{H&c>f1`M
zCO;=0o!CC&0yEo30hz`ZJGnp}gUI`fVAM;#xr94Xj4$m(eo5AQcyW9-GB1wL{sYtm
zlv^vE)D;o)@=nCsy>BJTzHeo^4z#{fc{^cL@yJS*VfxM}nGGSMUzbnc{=<kjBG>5~
z{1H(h_W~ZK)EdKZFz~a1GDV#q*CRgZGU|ndQ$y?Bs>dA-8V0VIhmU>Ameo(Y66TeH
zPH0o?T0@@EPd;g%S2q&H<FBYx>|M7*qm%kM)P3z}E^_QdjELpa*z=nhT~Y9a|AS+u
zj>lm2>;<Dys6Ct(p48t*+6>b!Fc$tAQkLT5m@SBdpEwSU0<p4Gt0fgjMO(D~i{ySp
z0?aZaHE6*ur<oe4RRopIK_QwDj|hVK>M4NBXsCZT;mO5C_MKtmz6reLJ4%J}MlHF(
z{ul&{a01js^!oRC!plbdHp5y$XpV4$;ThqAEr*uNspS*To{-rD1vAqjsjF-}Jhq0X
z*1*WmNISO`57bC+BhPzFJ>o3K@N)W^ink1N9Hf+XsPCh|O=)L>VNXb4PY|CQt7oRO
z`tmI!t6(UEzc>-|z~o^525;ZI|DY7d*tR|DAa72&7!OYegMs}=L`3=zzI{`){|h{S
z_bx*hA53`u+shB1pT2qa{O3XTiemvL&c3#saF=k&p9$}O$Zw<?$(d6ylJ^kr^c*cP
zOfU{0>Fyf2@vyWDa#)-YY|b3}$a0p}7Y?>Wr297W{q>yzIsH$cz;wZOA}**8zyJPM
z5OW+928iF*j{zC{lvE%ufj@c#W&p;)p;v({8)o#Mwu={b5P4qTsG8c<Ozz0r0t$JU
zXpor>42Lv#s7-mQr4)A~N7x~9F3}8gJ2uu$o1v@Jq=+%u$?4?Q7p@I{7=<<vbPz
zV44#~uQ+Dl%o+7DnC2WK*OTubJt`lpga7KwBUtfV8>LMmtRodV9NL^%);97onqWtG
zAPJs%gykOA*@!7+%oO9J)n=CV5i<NP_OQU44WS{_PT>l-!!X(uH<;#>QQw>r4<|du
z?E+Z~ytVGbTioTG7a+IKl3}YE)1xzPAGPyjD%Yko3fzo8WN#IkRZ--SYGO?`|I#H4
zOetyf;TkR=THi(WOuM1dH&F`Lij@Skune`by2a#<UL!@h!!Qo`oQf?7t07s7zWU&s
zkvTv8wGgjI^xP76MEeDCG2MdfasRa_o(#Dev9tMhMYkS_)8%xh?p6X%!?cCnrkQL+
zz`=E<LDPX2DuVDz-YGOQJ-q_N%H1VQo2xHj-y$&|SK1UM91^A@2Hg_Nrl8$9cnuQH
zobs@K*f6Re)(#})SC`4=;8G+SA9le}1)idc&s!HP1;`XZ!$RiN$96znY+FI-ceU1I
z3s+j{+Bwb0r(Wt;!{VSZMA6jNP_=9L?)rTb?Or?y8BpDVVz{QuL-$9!T)6Vb)h^w2
zi6AsU-bao1%koHs9vmjgURECtw3LsZHd|uu5e^n*dGp(|7oVTLdHw6l7oY$3=GAj;
zM#>dA21By0QMY5C)&1milKWd&&w+ZG_<mvhGZ+Kw)H*TBD`zN};ner>42M{*+98-1
zRZy}k_z#F(B(VeAD1udu|1((W#|os~v_?vk>+1sY@869bJ4+Hc%Ia@L!GhPm<k(?Y
zJeMFjlrg0bE+50eLT*VT@(ND9zE;Qd;1UihNt3=`sN<V@8=KrR4Kkx{5jjR_?OV%9
z?Ovkx2Zd;I>yk<yd8mj%gK}_0jjpl`QRZM)PW=+iWs9A_>!M2>;uRQUZ}Midjr;Cs
zt_iZbnO6CxYH4kZjEZR(CohQ6w($0@xpTuX7l?_}^Y|Jsur!-u!?55It}@1)G<kA0
zku@?WYYaB*hhq7RurXYJ&(EM>k=6p{&CYs!Wvj0iwrs7{g62%JTBxQ$JKJLEajG}O
zns=zn0IT@p%3^C)E!`B$+E!Z90R?WS+^e-xu1bWgF$2S@^eZj!A-}%vn1EF!7uv>`
zS3YHdW<!R`9yL;f)PQRJu=dwoZ0}mOXp?5mE6$S*7L`R=-YacfkZmC&3nZ|a26;Bk
zf=Ut=c9N~Web%Dptgc8ZD$IO>93w6~Nt2Lj*58aq%h<3wB^Y(3=?{=xw*G#kODyk7
zk(!%ljA>ie?=-b6D_5J{X4zw{`CoDwe7l0cw*2ptQvL7w`DkDNcPp)p^*K_^UYQ8}
zK9>_wk;~PRAaNJz&ufW2>fzGrrBtv`B<7TnKh?CX%b&PKsGZT}9rf^9)Q|(+5j|Ms
z#YLGYBr3axkKvPH{GQ8=hEGNolH}^$0<%f{TtzI6$6(B`kpFpvtN-ILsqy>T6rYg5
zCBbY{!v7L?Uz`5Puy?f$)Wh%aRANduqG8270PUo8JYPJTe8G-Tn_bDjJLKB6_FSpi
zE?Q5@qMUiutiBcZt_Po;y`tfC*JAp{TD|^{e-XqE%70tyf6tCf^<T%wr+fW>8?BBz
z<K5q={I|+G5Th%5sM{;VlAcL6;Eqa&bF2HID~J>FZC5?qMVyxo%<gZC@?h26@6z+N
z?S-;*+BUn`RdY|b!sOf4I&JcQ2jxF4@_#rQ3`WKK-`V+aFaK|&wXk!}n`Yhv>Azhi
zQL?JLDkK^X)+nvLky?p4;{T18DVf1g+9`>c*Kc6<JyvGgwk5H363nCx{Q?Pmg_cUd
zdz4;AAsCCH0Y-AuFp>eyxUL}knslGV-HpCFX({U2dx1oxv_@eZi^p$PB?9VK<>-Ac
zC~|*69ts@HVhjm7%hTU9V0al1nRM3iS;=g)-tzLB>;0=zbJ=ed((u&{ne4z}vQrrj
zgM>!E#2<=&apyVZ;)zEPkE4brkT6M3NKjZL%wkCrSe^cH=BH26E~*BwB)AqFFw@As
zwF>-ScdK@}-mLURW87p8w_o|Ps#sA=Z<JJ8K17$|k}JwCNib6ZNIMrg%oUwfmz@*}
zPx7TFJ1;&d)tKm26r4Hv!U<LO(Ita5s}V_(>$I1pq|SR#Y>=!ss~phRoaWwlT6dg;
zTP_cXDY8OUk<h=pWY<zAvejkkQ_3Jd^*{nR`YX7!kav|4>fkyC{9cU-;wZTwL4^NW
zc#~VD0-XEQg@6CLLRtWbQ-@8{G%8=bi-LdzvsHJ?vZ^5~P*`^Ls4fj~-PUZMKir%p
ztjWeM8M?d9c3h8piqZA*$=Byye7j+?<7!wbXq&U4x2IET?RLouO|`~7$qKE{GfXF1
znP-^3tV+?-5>30L9OlNktCYj0^|YlNmiumza@aMYFdcO3gu)V{?Gg$b(Cs3ju#A3-
zgu+^6yGbY<R%QhbyCf90cHKCkutIgLlTTQ3quxqdT0yHcYn1xs6yS~ZbF`|JO2<^f
zmc<s7$l40zUZ!%HntQY9bDNX7oR4Jwe|0hI4!VA40_&ge+5@?7ciAfZ|5u0z`?LJH
zi{NjU`0vTE=>I=G-~ay4TWMuUD>q*KFu%}AhXAky{X3o1gaDGar4T^+ygmd_=(*bf
zuv%Y?xl{Nzq+FOJ-~xHxWA!BpXAHUcCSt)U@pl#qRvdkU5#YKbvuy~t`e;=H)#>N@
zgVu~^bN$@NK=&;M+$jIQ(8(_T6i7?__jq(%%>O+*8JzFs|82DE>n2{V5B%P#)Sn>X
z%vWijf2Wg@)Nc>#HtU8jbaI1=VJMG?Q2`QX&6=UQyc=Us4^?OxyV!j^!Bfhxsh+CL
zTS9}!G0+qdJ$jsSbUbUFIsgg=vN&4#7uz)u#pK9XIj5=|4FGlb!^S&ec3sa!1hq?c
zGJy<J`4`C5o}FBmmQY+F7$<SALW?^H$L%;+ri67}<Y6Dx>4swcs7}c-3zh!6#Dh1m
zPV+&(#D_N={q#yFM3wh&Eflpu@%pfM5*UY1#*>Q+mD|6XO>0OT()5$pG>~A`FAMo9
z+8ZrLW%c{{s-s;^F`Rr9N3sL}RP|h0{k*pODpr<rnKsWrclv2Vw+vk2oP;KStA1;N
zd|S(=G)+^Q@r_nINB30ucP~F`S7SR$0Nd_%xMK?dMS`mHoTtwRdWnOCKX-jr81?Wy
zJuRD;Yc-u7Ra^3do}Y?}uwF#~BBg$anNPSRHn*}K`k${;IdMjO@r5)TkwhZOVTfWV
zYo%p7&0rM(EzKaLE;nG4X(YvNUFV>{%j3_m6xwlp9Ds2p?=Txs<tBJHDSP_YX5sq6
zzcx-ztG<3vhVESWw;O$_l`>WoDRz;nT`C~gW`j1j<@V9UAHZ9=O&l>TvTQLb_hi<L
z>&+?MN@``3?TMYUPH*mD>soYA^eVGrpPX<nTO9wfq{TsI0cH3G#%PKE4^E5q-^0=A
z@xK1=R@y^&i-f=|;2<c(M*yzoIDkn+JjuS0{`m>3_Yl-yc;`_VXW;QU_B@z*bOOG-
z&X8dC7#Q}DAPcO1Et>Wm1#a&l1bC+GI5-R$o|3QFjW1OH*0<nI;4Og$s;8V1gqVRx
z0&MlHXYW717nI@NLwFkh@r;j8--AmS?^!b<Z1ppqe$Sfx$!zsAeK4Qd@<;lWF9Lgo
zXo8%}D1<5TFz+2%{3`4nSrc^GJF<i?KT}3#y`%r_J%o>l5gKuL`RqCGSs|m+u<lvJ
o#mJ7q8U50;7TlpOw)fI&-}Y_a?sNOU00030|L1z)?*NJb0P)xo-T(jq
literal 0
HcmV?d00001
diff --git a/chart/charts/gluon-0.5.9.tgz b/chart/charts/gluon-0.5.9.tgz
deleted file mode 100644
index 4a1f8be3a68b20e2f3ac540a820a2ca376569924..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 4645
zcmV+=658z_iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PH<!kJ~tw{n@|bty0L8Ya_{aT|I8}F49RlliA9FB$Mqy&<JRW
zwwaPdHA%VRu4I4vg4AK^mXA6nV*+t3k$fZ{`3}CrHS;1G*iYt&32TXb?}r;GgTY{M
zc5<Tr9}EV?{|Cd9vmb^h=flzIU@$yA`(ZE~9S_fcfWb{nrdT2_5c^@U^;pHl{fiV7
zk`I`1LW40ZMm-mEhmlaI=f`kCCJeD9{0)0PIP#Fdlrs2*%zi<^tQR03k3k)wo>+!>
z3|`!!w@6_QtW)c+y}MrJzSNbN{ss0!4++fePmv(rjyXXa{huEf>Hp;T{B%$Mw^6RI
zO|Xx8>KIsR?|sZ>7_NxtLHt!*QTXTMmlu$o5<r0qG!kJXK+G{P%p*@&z4vp%L7+?3
z0uW<p33Li#&M<}r@*>Q~JyUfNGz5nR0)G+dn*=&Yt`c{{Ko^)X;$jYmF6M#+NV2AW
zQ<n+i7!Em&n1lPhBm3L8o?N7hrzF5&6jy3M(%?W&Y5X%x3F88+?Dc92vXW8%pUC&%
zkOYnwxmbR2@fWaQ*jFI>@Kuh5B2U1fOB@0H)d->20%X(*M9{cvyf@nHB=oEm4qW-Q
zegBK}Kbe>UbHVLT&N5_}bB6{~GV@WmIa6q%|KaiZFi-!Z!RhdLPye@3%A}#T-%57h
zTy4LktBhF46s!-5psmS7^{B70aDXNrRtGYtZVY>uByh*@M2+zhg*_h&<RXE_J%Cub
zFs`q`iq+FslE}Y(GxJk3dH^U0s8F1N%bozn9DBaS=k}b^OJfXj9wv_*2XkI-U|wM|
zn+szMhIwkJdQM#IAZ8IR2(<{cN$?pvVhqL<c^u0|9-3e;8Ban}bTfuzvB?5>h#Wiy
zxrn#e!-!+G4E0*#BVFwEH5^*M5)X6hxko2p#6*}Z)y5-i9~ph?F^_QtUm=hzBM>ku
zkbL#m3Km$m&lyKqamJW+OV)LmaL2y3-AQ%*d8lrn9}Cqm;e{0(`VfVoT!_`_j24+-
z_1C*5yn9kw`G2@@JVg9$RKgbiKRP=-E%N`-aJc9Hw^7>oLbz}&5qeuQ{+braFzqcY
z!~~flr*XWrZ74+y7dVKSZ1>jsj7`(57FTc5_TmHeA|F4I^s%1k3Kx#iQ9|5L>Bd9s
z#B!@MYPp~c%_O!sPw>$LD87v`u`xJ}!2=+Lk(boP$wEwci;?@kj0pTXaBvUg%|%@l
zk_HU_5y=tbr)+lXPU;=`6L%6q>wIk$;gVGEOnBEeEK_)M!%9ML=~7Ma-8&V@emiv}
zWtshK*LHOVZh-%{%6}FG0cKlSgqr35Xn1~lT$KNVv%UTIR!SRFNw&YB0t6V8q=3W2
z0(te*o_(FD62VE`qC{OwYRUobLTn~dGclFLlHqA=o#A7c3lZ|MZO@39M-$7TzOCeH
z@;UM7#P$&vnAtuG$TYs#$p!MbiM+oEM!n?8CESs0d}$~AOOoD$i{rDAd2xL9S5OmB
zX03EmS47OqI}uCwzLg03zLm*3(E3W@?SxUqD=QU-X`NA08$w3EET6pjhY@c?uG3fe
zBcej?1w2TxHHP6};AaD6f;vC0M|{#{)C<{84Xt;p9(Oco7`S2{KK3bFR=@3vn3t+`
zf}3L38uW~Q^hx`?x}hi@e}$!D@46itoz%~v?y;k~$gvYKB9>2L%WtA|MZshK5005S
z9)s1p=Zr?7_HtTyQ-2?6Q%t+GvGA9WvJ@W2Y(X6S*l}nSh?S;V&8avl>Z0`zlKK$|
zFw2zGpar^|W~!i8AygIzg=j)NA_(TIw*W4qq5f>b<BN;znPKF<4!q@CN`<mUExEw{
z7zB%O(x?gP_4Rqg%R>A%#agw{4B-aDGr|R14lS2c%O{>aA+rezW~M_@Q`vZUYz<GX
zfsvn)c5W+PsFB`8p7(}_Bv#q<>wZy4q{NHOhD-$#L);?4xao{+$vAU-!%?@VX)
z@HIoLU?_yYI1%%}<Y4{=Z(hH9uLQ@~wms?~Z%(-w4^Ib!f&E8BMEVcDepR^t3p{)K
zHUk$QOnCO&i}#<Nyng!Z=RsD*u>ccik1Z$MC0x>HLi_LY8>vQe<`j&i9^##zqXmWu
z#sMVVT_ZOhmU=-BiW7p(nPVSW&eHnK!Ipq@+h)GMzB3@F|M4T3F4#`Q1@+<g-+uxz
z$3bC$xVC-_$l6ay1@KbyhY!IFz&JScDu89fjQ-1Z@xl%w&+8jiQ@fhU9eGm#ArBJ`
zGSz|Mkme4xDNnWJ;%?*!J4DVUnqh9o%DQPYbd{<UF(f-Vo!t7&wZRXA@C&4r$D#mC
zbHeBq#|)e~qdo@HoMYsAvi{-2^1(Xz@4h^O74NlC+Bm{GT%p6E&9P-|BQK)~c7z8K
z;h9BP?qQvdm}16EAwFDfW@#TGgYRMw3%uD78bIw7u3$S1qfKFhX-*mS%_;G4vSZvX
zptV3->%P3jUCvnna{DX^wwf?KI^*_HJ58p1ZAzoS&FDk+R<2p)MGmRP)@1Q7UBbYW
zoJJq6;R2%dT~yDs8z_AfC3CG<Nk9wBP%EojOz!A4Vw5`!<ABep*aEQ{khSou555_i
z^V44o@OntkEpbP<Ul145EzlnKUkl^OkeeYpn{QWe>!CPZPIv5X#qcypTj*_?%0>hn
zTxSwA9cZCE2ruQGLQ~VzD?lvVUBa}v`m*gCB<ABvouULow&@5#*Tk|ZXm<`?1B5fD
zJggr!jOvHA14;hXWwN<;DG-egyTGVwo`Q<cTNfyWmMMUSh0Ljs?SQ)2wt~>_s;$Qw
zuGG@CbDE(~Rq9v6;-GPhqN=TdYM1cc<@+Ymy?7F`Ms*8{+cjMty1&}x!j(O)cImE5
z1fc=)K4`RG=0_s*;4lgHvifkKg?#+D*%EWFaIh%zo8O*3|McYbt6yI{|Ma)lFP~{M
zQl`i;7?O02x*hwZ?kAs;*x$l>4pe1g`-Sn(U<|BN>%=IpoS|TbQ`^T=9Add@hhSb5
zLCLP*KOi=d#0G4m*sN;&pTSDMRsiiLHBy{hUl)LX`)2IeSdz4(to~LMEO>1t#}32d
znQW2+8Dsk3@(~;?<d!r7ub|ZHYjsQyF5#dOHEI1q9pBX2*kqPz;2Cv`$Pr3w-&#s)
zw-U9#D0q`wmsGOILxm3-lz}5^G?it5G6S<R>X&dXOKb#Q7hGZxuYed^lQ)}f+;>NF
zO@P(Sw8}PBi)&+KR7}G-c}|SBg|~Ojog0R^Kun~T$5(iPrP>rLh6R&wl``g}!IP_r
ztPwd`qp)E=6w9ZCjp6!Reg*}Nw6<Yh?W~7a*7|DOmbJCora6_YwpG)hoprJFIMpj+
z%{$a(fR+DorLi@OmTrP&Z7nV7fC9Hu?A2N!S0zN&sDWWs_?71PkdLoA24Ge3g|_kK
zl}~A)*^r^qM~ze=HK1BPto^u)?OjV3ZIY~c!FjU5qB1YbJ0*<^ye(v8fdn>FC(ou)
zP)WeTPNLPfk6P4>)fGWSg_%!~W5kIkX%JG)`kTRM5gS&g0Hdxr{SJc5*58kGiRE1>
zVsrC|F>TBGou-yW<!ZCrEPAXp{!1={Z<i3*7XN*6a$d;)J3k-p^Z#z8w2?kXir6ay
zq2J|VA}V6JS^^~QBK&zRwnsf&TD{~77K+52GV-UImUa0fw+OW}yu76zUJDy?pgY0`
zi@Z1~6NN-Y*YGiXG>qSKvC;6+$Xt?K)h#fa#P5~I(s%^M3=8?6N4WYwc9R;vuZ{5u
z30xA)Hbwj|ard?HpA36f+dw`17EdLlbR!y8+yl@~TF3LnqseFN2({Uj^t(f<U2D&k
znC&9<BrnRTN6q3}QSW-~v$I!JobH-U-&m=a|M3q&>>&NOHUIbQxRn2Od_3CA|Jx{a
z)EV#oM(Mv*)`1vY*+Si(A(r$^q5*f5LY!OOcb!3;pl`eE;V$gFbYOOWTa*W@=6;u+
zuWc`srPH?A#jcuqx+NyxuGDGc|2s(kY2p9F(O@tt-v7?d&i4HOHcAUQ=d5YwJ>dS^
zWfCQ;x~oK@;b4u_+8fE0m?Qo_c$uOZ3?-csk9qwDX3w!O)3z<~t&?CTb?E0v;48FL
z4Bn&kG77<13=J@nn}(4LXvTR3*<;du7I!!L>ZGNhXYT|Ok&+sPaV#F!tWpHjPvz)+
zFDP<<K^_Vm%wh-$ILp&(8X&xghfF%_@T_DuT5oyz&Gr6OiMi}og*13|Lnb?LnCw&r
z!yuv2FVTm>U)*_4xp?dm#AC0a2_#H{6A};>2{T`kY^+ZIIJ46yVHZ^cShBh1957SQ
zzO{1vUw6xPx!x@GMI+o~4!58AvdUOdOK;><T0BIT<dQ4OE=e#`4oExaI?N@VRHvO3
z5>N7}Cp%9*Ddm{xSrnW(`NRp8_R%GRHOmo6g6p)(Qc&kTNH$2;n`I8@YffYDJFPno
z!Y!u<#28tDstD-cU9f8@64~l9^(kc#pL!qx9Q_0?EyP`Ah&s5A8-A;X1hJP~kRZZ8
z6>4&;R1N1ob>Tn1tbi68#G%8cX&RLkZ=)a}!EDvtvaITs6(B6TdQ_JNxNd8<j~{N1
z64rQQmk8ZmM?0=ZJw@+&`Q+>KF4k@s?6?|MGTP>7=<V^8YP(&cLQ|=6PohHW;|$Y@
zR>m2ol~o~nTA*o{ki*<KcNKEjw4Sz*!*bs(LJqqI6sCi29Z*;Tv|T`91GrrT6qdnn
z5l~nQY&QXg!^)_@VV8iy)~*`|6jq3ib>az2X4G2=ODjl~W{Fb2oI-nJ{TQukq0%vw
zuw}6YA+ojrxtF0_re@x3`rc+_F2^I8|E?xx-9Xpxj9~ryU0Wdc<t|Hw{r?IPVSkdJ
zyKw$?@&BF-i}wH1^ZoCC-byKRTDkG+!~9Gq9UQ>2>EG$3#s!enmRtbo`+65Zq33QL
zz-oOl<WBD2kaA&?fD7b#kJLjH&KPp>P56RS<nPQCtSI^hJ-~HGW?L6<_0g(sR41S7
z4_Y&v&E<0=0o^wra3lZ!OeeeeQy?w=-{Zkq(f@mPG8pXn|811(>n2*Rcl_Qd*PkHa
z%vWKbf2WfY*Kc?0Hp_<3baI1&VJMG?QPCuhnl(dpc{j$OUMklzcCq_tf~S;WQ@vG@
zw}b|d;zm<MbnkIW(ebQx>;R}XkonQdKWx{46q6%kWt^%qGyv4y4;$}@*>yeV5!5c(
z$pkV;<sXo%Jv+HBEv~qNGfu)>xfXZej@z-bOfl;^&%@rU(+$M>UY(L*7Aoy`i3M+9
zo#vf>i4AW!`thZXh$`#hS|Dnj;`MIv#4!#ZjmH-kDz<+$n^u=Nq~Ry8Xds(aR~F(`
zv>Gi&W%c`f)!wcqA5PwjBS``Ps(P-peqP&s<txjXOq*w*8~wDQTL!K$PC}EtRll`B
zzO1EFnx-k$_(m<BqkAg+yQd$ui?JOAfNgg>+_46LB0<%8&g17jy~II6pSwOQjC%N<
zo|etiwVF<k$}Ra$&rd~0Sg*nXkzzl@%qLtTn_F2A{m<8_m^dT8_(JNANIVf`H$>5u
zwUV-(X0URAmSzxAmm9FjG_qv3LW<j!yoTg6+;&DzNhZ?2HdWQ<;<XW1nuztC(pcwQ
zyxoW}ExWKHZ?Fra>ynhXHW{>861R8oeFp}_ZCrb4-eZfNw@0(4?{1FiR#YoBX^-rj
z!gzBBTbH7Hq*tjG`*?wUiTyv8RBy;EpbX!@7%l$)!D%u7dpJ5B?eqU`r96N)NC?aV
z4uV2_1mJ3p1DHg_le_}bKR;ph9)S7_?>q|Q2s}Q=o(D6JPQaIUArj0U0mB{=WP#Ps
zqG|6@;PxIsfM-f+gu{^GDfxok_)_;DeG6U(-V$h_ddew5h#7b!z*f(C`tH*^K^g8n
zfG6=E&-n1<9k_(?o;4%FR-f_od)DMnW~<Ni#e8PVkMxl*0(%8$f}G1Jgembb?;TnE
zD(oFu6Li@-vV<?cQ$}XJqyOtYfDecf8gY2>^cnA2A)``@?^(pf$c~#c`nhK<xI<lR
b?^)%(?90B~=kosn00960ccoWc0Ez$rOH~WQ
--
GitLab
From a42613fc0404d1a1f611d43188082c2ba9dba947 Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Wed, 4 Dec 2024 08:33:18 -0600
Subject: [PATCH 16/30] fix conflict
---
chart/Chart.yaml | 4 ----
1 file changed, 4 deletions(-)
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 9a89931d..22b2f7c6 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -23,11 +23,7 @@ sources:
- https://github.com/hashicorp/vault-csi-provider
dependencies:
- name: minio-instance
-<<<<<<< HEAD
- version: 6.0.3-bb.2
-=======
version: 6.0.4-bb.2
->>>>>>> origin/renovate/ironbank
alias: minio
condition: minio.enabled
repository: oci://registry1.dso.mil/bigbang
--
GitLab
From a0d8497ee3697b23a75d6c8d0e1f69014b694c5f Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Wed, 4 Dec 2024 09:55:59 -0600
Subject: [PATCH 17/30] bump version
---
CHANGELOG.md | 8 +
README.md | 676 ++++++++++++++++++++++++-----------------------
chart/Chart.yaml | 2 +-
3 files changed, 348 insertions(+), 338 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index b26205ca..3268be3b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
---
+## [0.29.0-bb.1] - 2024-12-04
+
+### Changed
+
+- Updated gluon 0.5.10 -> 0.5.12
+- Updated registry1.dso.mil/ironbank/hashicorp/vault (source) 1.18.1 -> 1.18.2
+- Updated minio-instance from 6.0.3-bb.2 -> 6.0.4-bb.2
+
## [0.29.0-bb.0] - 2024-11-12
### Changed
diff --git a/README.md b/README.md
index 530df119..344e7161 100644
--- a/README.md
+++ b/README.md
@@ -1,11 +1,13 @@
<!-- Warning: Do not manually edit this file. See notes on gluon + helm-docs at the end of this file for more information. -->
+
# vault
-  
+  
Official HashiCorp Vault Chart
## Upstream References
+
- <https://www.vaultproject.io>
* <https://github.com/hashicorp/vault>
@@ -17,6 +19,7 @@ Official HashiCorp Vault Chart
This package has no upstream release note links on file. Please add some to [chart/Chart.yaml](chart/Chart.yaml) under `annotations.bigbang.dev/upstreamReleaseNotesMarkdown`.
Example:
+
```yaml
annotations:
bigbang.dev/upstreamReleaseNotesMarkdown: |
@@ -52,341 +55,341 @@ helm install vault chart/
## Values
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| global.enabled | bool | `true` | |
-| global.namespace | string | `""` | |
-| global.imagePullSecrets[0].name | string | `"private-registry"` | |
-| global.tlsDisable | bool | `true` | |
-| global.externalVaultAddr | string | `""` | |
-| global.openshift | bool | `false` | |
-| global.psp.enable | bool | `false` | |
-| global.psp.annotations | string | `"seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default\napparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default\nseccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default\napparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default\n"` | |
-| global.serverTelemetry.prometheusOperator | bool | `false` | |
-| injector.enabled | string | `"-"` | |
-| injector.replicas | int | `1` | |
-| injector.port | int | `8080` | |
-| injector.leaderElector.enabled | bool | `false` | |
-| injector.metrics.enabled | bool | `true` | |
-| injector.externalVaultAddr | string | `""` | |
-| injector.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s"` | |
-| injector.image.tag | string | `"v1.5.0"` | |
-| injector.image.pullPolicy | string | `"IfNotPresent"` | |
-| injector.agentImage.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
-| injector.agentImage.tag | string | `"1.18.1"` | |
-| injector.agentDefaults.cpuLimit | string | `"500m"` | |
-| injector.agentDefaults.cpuRequest | string | `"500m"` | |
-| injector.agentDefaults.memLimit | string | `"250Mi"` | |
-| injector.agentDefaults.memRequest | string | `"250Mi"` | |
-| injector.agentDefaults.template | string | `"map"` | |
-| injector.agentDefaults.templateConfig.exitOnRetryFailure | bool | `true` | |
-| injector.agentDefaults.templateConfig.staticSecretRenderInterval | string | `""` | |
-| injector.livenessProbe.failureThreshold | int | `2` | |
-| injector.livenessProbe.initialDelaySeconds | int | `5` | |
-| injector.livenessProbe.periodSeconds | int | `2` | |
-| injector.livenessProbe.successThreshold | int | `1` | |
-| injector.livenessProbe.timeoutSeconds | int | `5` | |
-| injector.readinessProbe.failureThreshold | int | `2` | |
-| injector.readinessProbe.initialDelaySeconds | int | `5` | |
-| injector.readinessProbe.periodSeconds | int | `2` | |
-| injector.readinessProbe.successThreshold | int | `1` | |
-| injector.readinessProbe.timeoutSeconds | int | `5` | |
-| injector.startupProbe.failureThreshold | int | `12` | |
-| injector.startupProbe.initialDelaySeconds | int | `5` | |
-| injector.startupProbe.periodSeconds | int | `5` | |
-| injector.startupProbe.successThreshold | int | `1` | |
-| injector.startupProbe.timeoutSeconds | int | `5` | |
-| injector.authPath | string | `"auth/kubernetes"` | |
-| injector.logLevel | string | `"info"` | |
-| injector.logFormat | string | `"standard"` | |
-| injector.revokeOnShutdown | bool | `false` | |
-| injector.webhook.failurePolicy | string | `"Ignore"` | |
-| injector.webhook.matchPolicy | string | `"Exact"` | |
-| injector.webhook.timeoutSeconds | int | `30` | |
-| injector.webhook.namespaceSelector | object | `{}` | |
-| injector.webhook.objectSelector | string | `"matchExpressions:\n- key: app.kubernetes.io/name\n operator: NotIn\n values:\n - {{ template \"vault.name\" . }}-agent-injector\n"` | |
-| injector.webhook.annotations | object | `{}` | |
-| injector.failurePolicy | string | `"Ignore"` | |
-| injector.namespaceSelector | object | `{}` | |
-| injector.objectSelector | object | `{}` | |
-| injector.webhookAnnotations | object | `{}` | |
-| injector.certs.secretName | string | `nil` | |
-| injector.certs.caBundle | string | `""` | |
-| injector.certs.certName | string | `"tls.crt"` | |
-| injector.certs.keyName | string | `"tls.key"` | |
-| injector.securityContext.pod | object | `{}` | |
-| injector.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
-| injector.resources.requests.memory | string | `"256Mi"` | |
-| injector.resources.requests.cpu | string | `"250m"` | |
-| injector.resources.limits.memory | string | `"256Mi"` | |
-| injector.resources.limits.cpu | string | `"250m"` | |
-| injector.extraEnvironmentVars | object | `{}` | |
-| injector.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}-agent-injector\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: webhook\n topologyKey: kubernetes.io/hostname\n"` | |
-| injector.topologySpreadConstraints | list | `[]` | |
-| injector.tolerations | list | `[]` | |
-| injector.nodeSelector | object | `{}` | |
-| injector.priorityClassName | string | `""` | |
-| injector.annotations | object | `{}` | |
-| injector.extraLabels | object | `{}` | |
-| injector.hostNetwork | bool | `false` | |
-| injector.service.annotations | object | `{}` | |
-| injector.serviceAccount.annotations | object | `{}` | |
-| injector.podDisruptionBudget | object | `{}` | |
-| injector.strategy | object | `{}` | |
-| server.enabled | bool | `true` | |
-| server.extraSecretEnvironmentVars[0].envName | string | `"AWS_ACCESS_KEY_ID"` | |
-| server.extraSecretEnvironmentVars[0].secretName | string | `"eks-creds"` | |
-| server.extraSecretEnvironmentVars[0].secretKey | string | `"AWS_ACCESS_KEY_ID"` | |
-| server.extraSecretEnvironmentVars[1].envName | string | `"AWS_SECRET_ACCESS_KEY"` | |
-| server.extraSecretEnvironmentVars[1].secretName | string | `"eks-creds"` | |
-| server.extraSecretEnvironmentVars[1].secretKey | string | `"AWS_SECRET_ACCESS_KEY"` | |
-| server.enterpriseLicense.secretName | string | `""` | |
-| server.enterpriseLicense.secretKey | string | `"license"` | |
-| server.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
-| server.image.tag | string | `"1.18.1"` | |
-| server.image.pullPolicy | string | `"IfNotPresent"` | |
-| server.updateStrategyType | string | `"OnDelete"` | |
-| server.logLevel | string | `""` | |
-| server.logFormat | string | `""` | |
-| server.resources.requests.memory | string | `"256Mi"` | |
-| server.resources.requests.cpu | string | `"250m"` | |
-| server.resources.limits.memory | string | `"256Mi"` | |
-| server.resources.limits.cpu | string | `"250m"` | |
-| server.ingress.enabled | bool | `false` | |
-| server.ingress.labels | object | `{}` | |
-| server.ingress.annotations | object | `{}` | |
-| server.ingress.ingressClassName | string | `""` | |
-| server.ingress.pathType | string | `"Prefix"` | |
-| server.ingress.activeService | bool | `true` | |
-| server.ingress.hosts[0].host | string | `"chart-example.local"` | |
-| server.ingress.hosts[0].paths | list | `[]` | |
-| server.ingress.extraPaths | list | `[]` | |
-| server.ingress.tls | list | `[]` | |
-| server.hostAliases | list | `[]` | |
-| server.route.enabled | bool | `false` | |
-| server.route.activeService | bool | `true` | |
-| server.route.labels | object | `{}` | |
-| server.route.annotations | object | `{}` | |
-| server.route.host | string | `"chart-example.local"` | |
-| server.route.tls.termination | string | `"passthrough"` | |
-| server.authDelegator.enabled | bool | `true` | |
-| server.extraInitContainers | string | `nil` | |
-| server.extraContainers | string | `nil` | |
-| server.shareProcessNamespace | bool | `false` | |
-| server.extraArgs | string | `""` | |
-| server.extraPorts | string | `nil` | |
-| server.readinessProbe.enabled | bool | `true` | |
-| server.readinessProbe.port | int | `8200` | |
-| server.readinessProbe.failureThreshold | int | `2` | |
-| server.readinessProbe.initialDelaySeconds | int | `5` | |
-| server.readinessProbe.periodSeconds | int | `5` | |
-| server.readinessProbe.successThreshold | int | `1` | |
-| server.readinessProbe.timeoutSeconds | int | `3` | |
-| server.livenessProbe.enabled | bool | `false` | |
-| server.livenessProbe.execCommand | list | `[]` | |
-| server.livenessProbe.path | string | `"/v1/sys/health?standbyok=true"` | |
-| server.livenessProbe.port | int | `8200` | |
-| server.livenessProbe.failureThreshold | int | `2` | |
-| server.livenessProbe.initialDelaySeconds | int | `60` | |
-| server.livenessProbe.periodSeconds | int | `5` | |
-| server.livenessProbe.successThreshold | int | `1` | |
-| server.livenessProbe.timeoutSeconds | int | `3` | |
-| server.terminationGracePeriodSeconds | int | `10` | |
-| server.preStopSleepSeconds | int | `5` | |
-| server.postStart | list | `[]` | |
-| server.extraEnvironmentVars | object | `{}` | |
-| server.extraSecretEnvironmentVars | list | `[]` | |
-| server.extraVolumes | list | `[]` | |
-| server.volumes | string | `nil` | |
-| server.volumeMounts | string | `nil` | |
-| server.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: server\n topologyKey: kubernetes.io/hostname\n"` | |
-| server.topologySpreadConstraints | list | `[]` | |
-| server.tolerations | list | `[]` | |
-| server.nodeSelector | object | `{}` | |
-| server.networkPolicy.enabled | bool | `false` | |
-| server.networkPolicy.egress | list | `[]` | |
-| server.networkPolicy.ingress[0].from[0].namespaceSelector | object | `{}` | |
-| server.networkPolicy.ingress[0].ports[0].port | int | `8200` | |
-| server.networkPolicy.ingress[0].ports[0].protocol | string | `"TCP"` | |
-| server.networkPolicy.ingress[0].ports[1].port | int | `8201` | |
-| server.networkPolicy.ingress[0].ports[1].protocol | string | `"TCP"` | |
-| server.priorityClassName | string | `""` | |
-| server.extraLabels | object | `{}` | |
-| server.annotations | object | `{}` | |
-| server.includeConfigAnnotation | bool | `false` | |
-| server.service.enabled | bool | `true` | |
-| server.service.active.enabled | bool | `true` | |
-| server.service.active.annotations | object | `{}` | |
-| server.service.standby.enabled | bool | `true` | |
-| server.service.standby.annotations | object | `{}` | |
-| server.service.instanceSelector.enabled | bool | `true` | |
-| server.service.ipFamilyPolicy | string | `""` | |
-| server.service.ipFamilies | list | `[]` | |
-| server.service.publishNotReadyAddresses | bool | `true` | |
-| server.service.externalTrafficPolicy | string | `"Cluster"` | |
-| server.service.port | int | `8200` | |
-| server.service.targetPort | int | `8200` | |
-| server.service.annotations | object | `{}` | |
-| server.dataStorage.enabled | bool | `true` | |
-| server.dataStorage.size | string | `"10Gi"` | |
-| server.dataStorage.mountPath | string | `"/vault/data"` | |
-| server.dataStorage.storageClass | string | `nil` | |
-| server.dataStorage.accessMode | string | `"ReadWriteOnce"` | |
-| server.dataStorage.annotations | object | `{}` | |
-| server.dataStorage.labels | object | `{}` | |
-| server.persistentVolumeClaimRetentionPolicy | object | `{}` | |
-| server.auditStorage.enabled | bool | `true` | |
-| server.auditStorage.size | string | `"10Gi"` | |
-| server.auditStorage.mountPath | string | `"/vault/audit"` | |
-| server.auditStorage.storageClass | string | `nil` | |
-| server.auditStorage.accessMode | string | `"ReadWriteOnce"` | |
-| server.auditStorage.annotations | object | `{}` | |
-| server.auditStorage.labels | object | `{}` | |
-| server.dev.enabled | bool | `false` | |
-| server.dev.devRootToken | string | `"root"` | |
-| server.standalone.enabled | string | `"-"` | |
-| server.standalone.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\n\ntelemetry {\n prometheus_retention_time = \"24h\"\n disable_hostname = true\n unauthenticated_metrics_access = true\n}\n\n{{- if .Values.server.dataStorage.enabled }}\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n{{- end }}\n\n{{- if and (not .Values.server.dataStorage.enabled) .Values.minio.enabled }}\nstorage \"s3\" {\n access_key = \"{{ .Values.minio.accessKey }}\"\n secret_key = \"{{ .Values.minio.secretKey }}\"\n endpoint = \"{{ .Values.minio.endpoint }}\"\n bucket = \"{{ .Values.minio.bucketName }}\"\n s3_force_path_style = \"true\"\n disable_ssl = \"{{ .Values.minio.disableSSL }}\"\n}\n{{- end }}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics in your config.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}"` | |
-| server.ha.enabled | bool | `false` | |
-| server.ha.replicas | int | `3` | |
-| server.ha.apiAddr | string | `nil` | |
-| server.ha.clusterAddr | string | `nil` | |
-| server.ha.raft.enabled | bool | `true` | |
-| server.ha.raft.setNodeId | bool | `true` | |
-| server.ha.raft.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\n\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n\ntelemetry {\n prometheus_retention_time = \"24h\"\n disable_hostname = true\n unauthenticated_metrics_access = true\n}\n\n\nservice_registration \"kubernetes\" {}\n"` | |
-| server.ha.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n}\nstorage \"consul\" {\n path = \"vault\"\n address = \"HOST_IP:8500\"\n}\n\nservice_registration \"kubernetes\" {}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev-246514\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics.\n# If you are using Prometheus Operator you can enable a ServiceMonitor resource below.\n# You may wish to enable unauthenticated metrics in the listener block above.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}\n"` | |
-| server.ha.disruptionBudget.enabled | bool | `true` | |
-| server.ha.disruptionBudget.maxUnavailable | string | `nil` | |
-| server.serviceAccount.create | bool | `true` | |
-| server.serviceAccount.name | string | `""` | |
-| server.serviceAccount.createSecret | bool | `false` | |
-| server.serviceAccount.annotations | object | `{}` | |
-| server.serviceAccount.extraLabels | object | `{}` | |
-| server.serviceAccount.serviceDiscovery.enabled | bool | `true` | |
-| server.statefulSet.annotations | object | `{}` | |
-| server.statefulSet.securityContext.pod | object | `{}` | |
-| server.statefulSet.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
-| server.hostNetwork | bool | `false` | |
-| ui.enabled | bool | `true` | |
-| ui.publishNotReadyAddresses | bool | `true` | |
-| ui.activeVaultPodOnly | bool | `false` | |
-| ui.serviceType | string | `"ClusterIP"` | |
-| ui.serviceNodePort | string | `nil` | |
-| ui.externalPort | int | `8200` | |
-| ui.targetPort | int | `8200` | |
-| ui.serviceIPFamilyPolicy | string | `""` | |
-| ui.serviceIPFamilies | list | `[]` | |
-| ui.externalTrafficPolicy | string | `"Cluster"` | |
-| ui.annotations | object | `{}` | |
-| csi.enabled | bool | `false` | |
-| csi.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault-csi-provider"` | |
-| csi.image.tag | string | `"v1.5.0"` | |
-| csi.image.pullPolicy | string | `"IfNotPresent"` | |
-| csi.volumes | string | `nil` | |
-| csi.volumeMounts | string | `nil` | |
-| csi.resources.requests.cpu | string | `"50m"` | |
-| csi.resources.requests.memory | string | `"128Mi"` | |
-| csi.resources.limits.cpu | string | `"50m"` | |
-| csi.resources.limits.memory | string | `"128Mi"` | |
-| csi.hmacSecretName | string | `""` | |
-| csi.hostNetwork | bool | `false` | |
-| csi.daemonSet.updateStrategy.type | string | `"RollingUpdate"` | |
-| csi.daemonSet.updateStrategy.maxUnavailable | string | `""` | |
-| csi.daemonSet.annotations | object | `{}` | |
-| csi.daemonSet.providersDir | string | `"/etc/kubernetes/secrets-store-csi-providers"` | |
-| csi.daemonSet.kubeletRootDir | string | `"/var/lib/kubelet"` | |
-| csi.daemonSet.extraLabels | object | `{}` | |
-| csi.daemonSet.securityContext.pod.runAsNonRoot | bool | `true` | |
-| csi.daemonSet.securityContext.pod.runAsGroup | int | `1000` | |
-| csi.daemonSet.securityContext.pod.runAsUser | int | `100` | |
-| csi.daemonSet.securityContext.pod.fsGroup | int | `1000` | |
-| csi.pod.annotations | object | `{}` | |
-| csi.pod.tolerations | list | `[]` | |
-| csi.pod.nodeSelector | object | `{}` | |
-| csi.pod.affinity | object | `{}` | |
-| csi.pod.extraLabels | object | `{}` | |
-| csi.agent.enabled | bool | `true` | |
-| csi.agent.extraArgs | list | `[]` | |
-| csi.agent.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
-| csi.agent.image.tag | string | `"1.18.1"` | |
-| csi.agent.image.pullPolicy | string | `"IfNotPresent"` | |
-| csi.agent.logFormat | string | `"standard"` | |
-| csi.agent.logLevel | string | `"info"` | |
-| csi.agent.resources.requests.memory | string | `"256Mi"` | |
-| csi.agent.resources.requests.cpu | string | `"250m"` | |
-| csi.agent.resources.limits.memory | string | `"256Mi"` | |
-| csi.agent.resources.limits.cpu | string | `"250m"` | |
-| csi.priorityClassName | string | `""` | |
-| csi.serviceAccount.annotations | object | `{}` | |
-| csi.serviceAccount.extraLabels | object | `{}` | |
-| csi.readinessProbe.failureThreshold | int | `2` | |
-| csi.readinessProbe.initialDelaySeconds | int | `5` | |
-| csi.readinessProbe.periodSeconds | int | `5` | |
-| csi.readinessProbe.successThreshold | int | `1` | |
-| csi.readinessProbe.timeoutSeconds | int | `3` | |
-| csi.livenessProbe.failureThreshold | int | `2` | |
-| csi.livenessProbe.initialDelaySeconds | int | `5` | |
-| csi.livenessProbe.periodSeconds | int | `5` | |
-| csi.livenessProbe.successThreshold | int | `1` | |
-| csi.livenessProbe.timeoutSeconds | int | `3` | |
-| csi.logLevel | string | `"info"` | |
-| csi.debug | bool | `false` | |
-| csi.extraArgs | list | `[]` | |
-| domain | string | `"dev.bigbang.mil"` | |
-| monitoring.enabled | bool | `false` | |
-| monitoring.namespace | string | `"monitoring"` | |
-| networkPolicies.enabled | bool | `false` | |
-| networkPolicies.controlPlaneCidr | string | `"0.0.0.0/0"` | |
-| networkPolicies.vpcCidr | string | `"0.0.0.0/0"` | |
-| networkPolicies.ingressLabels.app | string | `"istio-ingressgateway"` | |
-| networkPolicies.ingressLabels.istio | string | `"ingressgateway"` | |
-| networkPolicies.additionalPolicies | list | `[]` | |
-| autoInit.enabled | bool | `true` | |
-| autoInit.image.repository | string | `"registry1.dso.mil/ironbank/big-bang/base"` | |
-| autoInit.image.tag | string | `"2.1.0"` | |
-| autoInit.storage.size | string | `"2Gi"` | |
-| istio.enabled | bool | `false` | |
-| istio.hardened.enabled | bool | `false` | |
-| istio.hardened.customAuthorizationPolicies | list | `[]` | |
-| istio.hardened.monitoring.enabled | bool | `true` | |
-| istio.hardened.monitoring.namespaces[0] | string | `"monitoring"` | |
-| istio.hardened.monitoring.principals[0] | string | `"cluster.local/ns/monitoring/sa/monitoring-grafana"` | |
-| istio.hardened.monitoring.principals[1] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"` | |
-| istio.hardened.monitoring.principals[2] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"` | |
-| istio.hardened.monitoring.principals[3] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"` | |
-| istio.hardened.monitoring.principals[4] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"` | |
-| istio.hardened.monitoring.principals[5] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"` | |
-| istio.hardened.apiAccess.enabled | bool | `true` | |
-| istio.hardened.apiAccess.ports[0] | string | `"8200"` | |
-| istio.vault.enabled | bool | `true` | |
-| istio.vault.gateways[0] | string | `"istio-system/main"` | |
-| istio.vault.hosts[0] | string | `"vault.{{ .Values.domain }}"` | |
-| istio.vault.tls.cert | string | `""` | |
-| istio.vault.tls.key | string | `""` | |
-| istio.mtls.mode | string | `"STRICT"` | |
-| minio.enabled | bool | `false` | |
-| customAppIngressSelector.key | string | `"vault-ingress"` | |
-| customAppIngressSelector.value | bool | `true` | |
-| serverTelemetry.serviceMonitor.enabled | bool | `false` | |
-| serverTelemetry.serviceMonitor.selectors | object | `{}` | |
-| serverTelemetry.serviceMonitor.interval | string | `"30s"` | |
-| serverTelemetry.serviceMonitor.scrapeTimeout | string | `"10s"` | |
-| serverTelemetry.serviceMonitor.tlsConfig | object | `{}` | |
-| serverTelemetry.serviceMonitor.authorization | object | `{}` | |
-| serverTelemetry.prometheusRules.enabled | bool | `false` | |
-| serverTelemetry.prometheusRules.selectors | object | `{}` | |
-| serverTelemetry.prometheusRules.rules | list | `[]` | |
-| bbtests.enabled | bool | `false` | |
-| bbtests.cypress.resources.requests.cpu | int | `2` | |
-| bbtests.cypress.resources.requests.memory | string | `"8Gi"` | |
-| bbtests.cypress.resources.limits.cpu | int | `2` | |
-| bbtests.cypress.resources.limits.memory | string | `"8Gi"` | |
-| bbtests.cypress.artifacts | bool | `true` | |
-| bbtests.cypress.envs.cypress_vault_url | string | `"http://vault.vault.svc:8200"` | |
-| bbtests.cypress.secretEnvs[0].name | string | `"cypress_token"` | |
-| bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.name | string | `"vault-token"` | |
-| bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.key | string | `"key"` | |
-| bbtests.cypress.disableDefaultTests | bool | `false` | |
-| openshift | bool | `false` | |
+| Key | Type | Default | Description |
+| ----------------------------------------------------------------- | ------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
+| global.enabled | bool | `true` | |
+| global.namespace | string | `""` | |
+| global.imagePullSecrets[0].name | string | `"private-registry"` | |
+| global.tlsDisable | bool | `true` | |
+| global.externalVaultAddr | string | `""` | |
+| global.openshift | bool | `false` | |
+| global.psp.enable | bool | `false` | |
+| global.psp.annotations | string | `"seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default\napparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default\nseccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default\napparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default\n"` | |
+| global.serverTelemetry.prometheusOperator | bool | `false` | |
+| injector.enabled | string | `"-"` | |
+| injector.replicas | int | `1` | |
+| injector.port | int | `8080` | |
+| injector.leaderElector.enabled | bool | `false` | |
+| injector.metrics.enabled | bool | `true` | |
+| injector.externalVaultAddr | string | `""` | |
+| injector.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s"` | |
+| injector.image.tag | string | `"v1.5.0"` | |
+| injector.image.pullPolicy | string | `"IfNotPresent"` | |
+| injector.agentImage.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
+| injector.agentImage.tag | string | `"1.18.1"` | |
+| injector.agentDefaults.cpuLimit | string | `"500m"` | |
+| injector.agentDefaults.cpuRequest | string | `"500m"` | |
+| injector.agentDefaults.memLimit | string | `"250Mi"` | |
+| injector.agentDefaults.memRequest | string | `"250Mi"` | |
+| injector.agentDefaults.template | string | `"map"` | |
+| injector.agentDefaults.templateConfig.exitOnRetryFailure | bool | `true` | |
+| injector.agentDefaults.templateConfig.staticSecretRenderInterval | string | `""` | |
+| injector.livenessProbe.failureThreshold | int | `2` | |
+| injector.livenessProbe.initialDelaySeconds | int | `5` | |
+| injector.livenessProbe.periodSeconds | int | `2` | |
+| injector.livenessProbe.successThreshold | int | `1` | |
+| injector.livenessProbe.timeoutSeconds | int | `5` | |
+| injector.readinessProbe.failureThreshold | int | `2` | |
+| injector.readinessProbe.initialDelaySeconds | int | `5` | |
+| injector.readinessProbe.periodSeconds | int | `2` | |
+| injector.readinessProbe.successThreshold | int | `1` | |
+| injector.readinessProbe.timeoutSeconds | int | `5` | |
+| injector.startupProbe.failureThreshold | int | `12` | |
+| injector.startupProbe.initialDelaySeconds | int | `5` | |
+| injector.startupProbe.periodSeconds | int | `5` | |
+| injector.startupProbe.successThreshold | int | `1` | |
+| injector.startupProbe.timeoutSeconds | int | `5` | |
+| injector.authPath | string | `"auth/kubernetes"` | |
+| injector.logLevel | string | `"info"` | |
+| injector.logFormat | string | `"standard"` | |
+| injector.revokeOnShutdown | bool | `false` | |
+| injector.webhook.failurePolicy | string | `"Ignore"` | |
+| injector.webhook.matchPolicy | string | `"Exact"` | |
+| injector.webhook.timeoutSeconds | int | `30` | |
+| injector.webhook.namespaceSelector | object | `{}` | |
+| injector.webhook.objectSelector | string | `"matchExpressions:\n- key: app.kubernetes.io/name\n operator: NotIn\n values:\n - {{ template \"vault.name\" . }}-agent-injector\n"` | |
+| injector.webhook.annotations | object | `{}` | |
+| injector.failurePolicy | string | `"Ignore"` | |
+| injector.namespaceSelector | object | `{}` | |
+| injector.objectSelector | object | `{}` | |
+| injector.webhookAnnotations | object | `{}` | |
+| injector.certs.secretName | string | `nil` | |
+| injector.certs.caBundle | string | `""` | |
+| injector.certs.certName | string | `"tls.crt"` | |
+| injector.certs.keyName | string | `"tls.key"` | |
+| injector.securityContext.pod | object | `{}` | |
+| injector.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
+| injector.resources.requests.memory | string | `"256Mi"` | |
+| injector.resources.requests.cpu | string | `"250m"` | |
+| injector.resources.limits.memory | string | `"256Mi"` | |
+| injector.resources.limits.cpu | string | `"250m"` | |
+| injector.extraEnvironmentVars | object | `{}` | |
+| injector.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}-agent-injector\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: webhook\n topologyKey: kubernetes.io/hostname\n"` | |
+| injector.topologySpreadConstraints | list | `[]` | |
+| injector.tolerations | list | `[]` | |
+| injector.nodeSelector | object | `{}` | |
+| injector.priorityClassName | string | `""` | |
+| injector.annotations | object | `{}` | |
+| injector.extraLabels | object | `{}` | |
+| injector.hostNetwork | bool | `false` | |
+| injector.service.annotations | object | `{}` | |
+| injector.serviceAccount.annotations | object | `{}` | |
+| injector.podDisruptionBudget | object | `{}` | |
+| injector.strategy | object | `{}` | |
+| server.enabled | bool | `true` | |
+| server.extraSecretEnvironmentVars[0].envName | string | `"AWS_ACCESS_KEY_ID"` | |
+| server.extraSecretEnvironmentVars[0].secretName | string | `"eks-creds"` | |
+| server.extraSecretEnvironmentVars[0].secretKey | string | `"AWS_ACCESS_KEY_ID"` | |
+| server.extraSecretEnvironmentVars[1].envName | string | `"AWS_SECRET_ACCESS_KEY"` | |
+| server.extraSecretEnvironmentVars[1].secretName | string | `"eks-creds"` | |
+| server.extraSecretEnvironmentVars[1].secretKey | string | `"AWS_SECRET_ACCESS_KEY"` | |
+| server.enterpriseLicense.secretName | string | `""` | |
+| server.enterpriseLicense.secretKey | string | `"license"` | |
+| server.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
+| server.image.tag | string | `"1.18.1"` | |
+| server.image.pullPolicy | string | `"IfNotPresent"` | |
+| server.updateStrategyType | string | `"OnDelete"` | |
+| server.logLevel | string | `""` | |
+| server.logFormat | string | `""` | |
+| server.resources.requests.memory | string | `"256Mi"` | |
+| server.resources.requests.cpu | string | `"250m"` | |
+| server.resources.limits.memory | string | `"256Mi"` | |
+| server.resources.limits.cpu | string | `"250m"` | |
+| server.ingress.enabled | bool | `false` | |
+| server.ingress.labels | object | `{}` | |
+| server.ingress.annotations | object | `{}` | |
+| server.ingress.ingressClassName | string | `""` | |
+| server.ingress.pathType | string | `"Prefix"` | |
+| server.ingress.activeService | bool | `true` | |
+| server.ingress.hosts[0].host | string | `"chart-example.local"` | |
+| server.ingress.hosts[0].paths | list | `[]` | |
+| server.ingress.extraPaths | list | `[]` | |
+| server.ingress.tls | list | `[]` | |
+| server.hostAliases | list | `[]` | |
+| server.route.enabled | bool | `false` | |
+| server.route.activeService | bool | `true` | |
+| server.route.labels | object | `{}` | |
+| server.route.annotations | object | `{}` | |
+| server.route.host | string | `"chart-example.local"` | |
+| server.route.tls.termination | string | `"passthrough"` | |
+| server.authDelegator.enabled | bool | `true` | |
+| server.extraInitContainers | string | `nil` | |
+| server.extraContainers | string | `nil` | |
+| server.shareProcessNamespace | bool | `false` | |
+| server.extraArgs | string | `""` | |
+| server.extraPorts | string | `nil` | |
+| server.readinessProbe.enabled | bool | `true` | |
+| server.readinessProbe.port | int | `8200` | |
+| server.readinessProbe.failureThreshold | int | `2` | |
+| server.readinessProbe.initialDelaySeconds | int | `5` | |
+| server.readinessProbe.periodSeconds | int | `5` | |
+| server.readinessProbe.successThreshold | int | `1` | |
+| server.readinessProbe.timeoutSeconds | int | `3` | |
+| server.livenessProbe.enabled | bool | `false` | |
+| server.livenessProbe.execCommand | list | `[]` | |
+| server.livenessProbe.path | string | `"/v1/sys/health?standbyok=true"` | |
+| server.livenessProbe.port | int | `8200` | |
+| server.livenessProbe.failureThreshold | int | `2` | |
+| server.livenessProbe.initialDelaySeconds | int | `60` | |
+| server.livenessProbe.periodSeconds | int | `5` | |
+| server.livenessProbe.successThreshold | int | `1` | |
+| server.livenessProbe.timeoutSeconds | int | `3` | |
+| server.terminationGracePeriodSeconds | int | `10` | |
+| server.preStopSleepSeconds | int | `5` | |
+| server.postStart | list | `[]` | |
+| server.extraEnvironmentVars | object | `{}` | |
+| server.extraSecretEnvironmentVars | list | `[]` | |
+| server.extraVolumes | list | `[]` | |
+| server.volumes | string | `nil` | |
+| server.volumeMounts | string | `nil` | |
+| server.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: server\n topologyKey: kubernetes.io/hostname\n"` | |
+| server.topologySpreadConstraints | list | `[]` | |
+| server.tolerations | list | `[]` | |
+| server.nodeSelector | object | `{}` | |
+| server.networkPolicy.enabled | bool | `false` | |
+| server.networkPolicy.egress | list | `[]` | |
+| server.networkPolicy.ingress[0].from[0].namespaceSelector | object | `{}` | |
+| server.networkPolicy.ingress[0].ports[0].port | int | `8200` | |
+| server.networkPolicy.ingress[0].ports[0].protocol | string | `"TCP"` | |
+| server.networkPolicy.ingress[0].ports[1].port | int | `8201` | |
+| server.networkPolicy.ingress[0].ports[1].protocol | string | `"TCP"` | |
+| server.priorityClassName | string | `""` | |
+| server.extraLabels | object | `{}` | |
+| server.annotations | object | `{}` | |
+| server.includeConfigAnnotation | bool | `false` | |
+| server.service.enabled | bool | `true` | |
+| server.service.active.enabled | bool | `true` | |
+| server.service.active.annotations | object | `{}` | |
+| server.service.standby.enabled | bool | `true` | |
+| server.service.standby.annotations | object | `{}` | |
+| server.service.instanceSelector.enabled | bool | `true` | |
+| server.service.ipFamilyPolicy | string | `""` | |
+| server.service.ipFamilies | list | `[]` | |
+| server.service.publishNotReadyAddresses | bool | `true` | |
+| server.service.externalTrafficPolicy | string | `"Cluster"` | |
+| server.service.port | int | `8200` | |
+| server.service.targetPort | int | `8200` | |
+| server.service.annotations | object | `{}` | |
+| server.dataStorage.enabled | bool | `true` | |
+| server.dataStorage.size | string | `"10Gi"` | |
+| server.dataStorage.mountPath | string | `"/vault/data"` | |
+| server.dataStorage.storageClass | string | `nil` | |
+| server.dataStorage.accessMode | string | `"ReadWriteOnce"` | |
+| server.dataStorage.annotations | object | `{}` | |
+| server.dataStorage.labels | object | `{}` | |
+| server.persistentVolumeClaimRetentionPolicy | object | `{}` | |
+| server.auditStorage.enabled | bool | `true` | |
+| server.auditStorage.size | string | `"10Gi"` | |
+| server.auditStorage.mountPath | string | `"/vault/audit"` | |
+| server.auditStorage.storageClass | string | `nil` | |
+| server.auditStorage.accessMode | string | `"ReadWriteOnce"` | |
+| server.auditStorage.annotations | object | `{}` | |
+| server.auditStorage.labels | object | `{}` | |
+| server.dev.enabled | bool | `false` | |
+| server.dev.devRootToken | string | `"root"` | |
+| server.standalone.enabled | string | `"-"` | |
+| server.standalone.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\n\ntelemetry {\n prometheus_retention_time = \"24h\"\n disable_hostname = true\n unauthenticated_metrics_access = true\n}\n\n{{- if .Values.server.dataStorage.enabled }}\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n{{- end }}\n\n{{- if and (not .Values.server.dataStorage.enabled) .Values.minio.enabled }}\nstorage \"s3\" {\n access_key = \"{{ .Values.minio.accessKey }}\"\n secret_key = \"{{ .Values.minio.secretKey }}\"\n endpoint = \"{{ .Values.minio.endpoint }}\"\n bucket = \"{{ .Values.minio.bucketName }}\"\n s3_force_path_style = \"true\"\n disable_ssl = \"{{ .Values.minio.disableSSL }}\"\n}\n{{- end }}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics in your config.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}"` | |
+| server.ha.enabled | bool | `false` | |
+| server.ha.replicas | int | `3` | |
+| server.ha.apiAddr | string | `nil` | |
+| server.ha.clusterAddr | string | `nil` | |
+| server.ha.raft.enabled | bool | `true` | |
+| server.ha.raft.setNodeId | bool | `true` | |
+| server.ha.raft.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\n\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n\ntelemetry {\n prometheus_retention_time = \"24h\"\n disable_hostname = true\n unauthenticated_metrics_access = true\n}\n\n\nservice_registration \"kubernetes\" {}\n"` | |
+| server.ha.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n}\nstorage \"consul\" {\n path = \"vault\"\n address = \"HOST_IP:8500\"\n}\n\nservice_registration \"kubernetes\" {}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev-246514\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics.\n# If you are using Prometheus Operator you can enable a ServiceMonitor resource below.\n# You may wish to enable unauthenticated metrics in the listener block above.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}\n"` | |
+| server.ha.disruptionBudget.enabled | bool | `true` | |
+| server.ha.disruptionBudget.maxUnavailable | string | `nil` | |
+| server.serviceAccount.create | bool | `true` | |
+| server.serviceAccount.name | string | `""` | |
+| server.serviceAccount.createSecret | bool | `false` | |
+| server.serviceAccount.annotations | object | `{}` | |
+| server.serviceAccount.extraLabels | object | `{}` | |
+| server.serviceAccount.serviceDiscovery.enabled | bool | `true` | |
+| server.statefulSet.annotations | object | `{}` | |
+| server.statefulSet.securityContext.pod | object | `{}` | |
+| server.statefulSet.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
+| server.hostNetwork | bool | `false` | |
+| ui.enabled | bool | `true` | |
+| ui.publishNotReadyAddresses | bool | `true` | |
+| ui.activeVaultPodOnly | bool | `false` | |
+| ui.serviceType | string | `"ClusterIP"` | |
+| ui.serviceNodePort | string | `nil` | |
+| ui.externalPort | int | `8200` | |
+| ui.targetPort | int | `8200` | |
+| ui.serviceIPFamilyPolicy | string | `""` | |
+| ui.serviceIPFamilies | list | `[]` | |
+| ui.externalTrafficPolicy | string | `"Cluster"` | |
+| ui.annotations | object | `{}` | |
+| csi.enabled | bool | `false` | |
+| csi.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault-csi-provider"` | |
+| csi.image.tag | string | `"v1.5.0"` | |
+| csi.image.pullPolicy | string | `"IfNotPresent"` | |
+| csi.volumes | string | `nil` | |
+| csi.volumeMounts | string | `nil` | |
+| csi.resources.requests.cpu | string | `"50m"` | |
+| csi.resources.requests.memory | string | `"128Mi"` | |
+| csi.resources.limits.cpu | string | `"50m"` | |
+| csi.resources.limits.memory | string | `"128Mi"` | |
+| csi.hmacSecretName | string | `""` | |
+| csi.hostNetwork | bool | `false` | |
+| csi.daemonSet.updateStrategy.type | string | `"RollingUpdate"` | |
+| csi.daemonSet.updateStrategy.maxUnavailable | string | `""` | |
+| csi.daemonSet.annotations | object | `{}` | |
+| csi.daemonSet.providersDir | string | `"/etc/kubernetes/secrets-store-csi-providers"` | |
+| csi.daemonSet.kubeletRootDir | string | `"/var/lib/kubelet"` | |
+| csi.daemonSet.extraLabels | object | `{}` | |
+| csi.daemonSet.securityContext.pod.runAsNonRoot | bool | `true` | |
+| csi.daemonSet.securityContext.pod.runAsGroup | int | `1000` | |
+| csi.daemonSet.securityContext.pod.runAsUser | int | `100` | |
+| csi.daemonSet.securityContext.pod.fsGroup | int | `1000` | |
+| csi.pod.annotations | object | `{}` | |
+| csi.pod.tolerations | list | `[]` | |
+| csi.pod.nodeSelector | object | `{}` | |
+| csi.pod.affinity | object | `{}` | |
+| csi.pod.extraLabels | object | `{}` | |
+| csi.agent.enabled | bool | `true` | |
+| csi.agent.extraArgs | list | `[]` | |
+| csi.agent.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
+| csi.agent.image.tag | string | `"1.18.1"` | |
+| csi.agent.image.pullPolicy | string | `"IfNotPresent"` | |
+| csi.agent.logFormat | string | `"standard"` | |
+| csi.agent.logLevel | string | `"info"` | |
+| csi.agent.resources.requests.memory | string | `"256Mi"` | |
+| csi.agent.resources.requests.cpu | string | `"250m"` | |
+| csi.agent.resources.limits.memory | string | `"256Mi"` | |
+| csi.agent.resources.limits.cpu | string | `"250m"` | |
+| csi.priorityClassName | string | `""` | |
+| csi.serviceAccount.annotations | object | `{}` | |
+| csi.serviceAccount.extraLabels | object | `{}` | |
+| csi.readinessProbe.failureThreshold | int | `2` | |
+| csi.readinessProbe.initialDelaySeconds | int | `5` | |
+| csi.readinessProbe.periodSeconds | int | `5` | |
+| csi.readinessProbe.successThreshold | int | `1` | |
+| csi.readinessProbe.timeoutSeconds | int | `3` | |
+| csi.livenessProbe.failureThreshold | int | `2` | |
+| csi.livenessProbe.initialDelaySeconds | int | `5` | |
+| csi.livenessProbe.periodSeconds | int | `5` | |
+| csi.livenessProbe.successThreshold | int | `1` | |
+| csi.livenessProbe.timeoutSeconds | int | `3` | |
+| csi.logLevel | string | `"info"` | |
+| csi.debug | bool | `false` | |
+| csi.extraArgs | list | `[]` | |
+| domain | string | `"dev.bigbang.mil"` | |
+| monitoring.enabled | bool | `false` | |
+| monitoring.namespace | string | `"monitoring"` | |
+| networkPolicies.enabled | bool | `false` | |
+| networkPolicies.controlPlaneCidr | string | `"0.0.0.0/0"` | |
+| networkPolicies.vpcCidr | string | `"0.0.0.0/0"` | |
+| networkPolicies.ingressLabels.app | string | `"istio-ingressgateway"` | |
+| networkPolicies.ingressLabels.istio | string | `"ingressgateway"` | |
+| networkPolicies.additionalPolicies | list | `[]` | |
+| autoInit.enabled | bool | `true` | |
+| autoInit.image.repository | string | `"registry1.dso.mil/ironbank/big-bang/base"` | |
+| autoInit.image.tag | string | `"2.1.0"` | |
+| autoInit.storage.size | string | `"2Gi"` | |
+| istio.enabled | bool | `false` | |
+| istio.hardened.enabled | bool | `false` | |
+| istio.hardened.customAuthorizationPolicies | list | `[]` | |
+| istio.hardened.monitoring.enabled | bool | `true` | |
+| istio.hardened.monitoring.namespaces[0] | string | `"monitoring"` | |
+| istio.hardened.monitoring.principals[0] | string | `"cluster.local/ns/monitoring/sa/monitoring-grafana"` | |
+| istio.hardened.monitoring.principals[1] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"` | |
+| istio.hardened.monitoring.principals[2] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"` | |
+| istio.hardened.monitoring.principals[3] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"` | |
+| istio.hardened.monitoring.principals[4] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"` | |
+| istio.hardened.monitoring.principals[5] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"` | |
+| istio.hardened.apiAccess.enabled | bool | `true` | |
+| istio.hardened.apiAccess.ports[0] | string | `"8200"` | |
+| istio.vault.enabled | bool | `true` | |
+| istio.vault.gateways[0] | string | `"istio-system/main"` | |
+| istio.vault.hosts[0] | string | `"vault.{{ .Values.domain }}"` | |
+| istio.vault.tls.cert | string | `""` | |
+| istio.vault.tls.key | string | `""` | |
+| istio.mtls.mode | string | `"STRICT"` | |
+| minio.enabled | bool | `false` | |
+| customAppIngressSelector.key | string | `"vault-ingress"` | |
+| customAppIngressSelector.value | bool | `true` | |
+| serverTelemetry.serviceMonitor.enabled | bool | `false` | |
+| serverTelemetry.serviceMonitor.selectors | object | `{}` | |
+| serverTelemetry.serviceMonitor.interval | string | `"30s"` | |
+| serverTelemetry.serviceMonitor.scrapeTimeout | string | `"10s"` | |
+| serverTelemetry.serviceMonitor.tlsConfig | object | `{}` | |
+| serverTelemetry.serviceMonitor.authorization | object | `{}` | |
+| serverTelemetry.prometheusRules.enabled | bool | `false` | |
+| serverTelemetry.prometheusRules.selectors | object | `{}` | |
+| serverTelemetry.prometheusRules.rules | list | `[]` | |
+| bbtests.enabled | bool | `false` | |
+| bbtests.cypress.resources.requests.cpu | int | `2` | |
+| bbtests.cypress.resources.requests.memory | string | `"8Gi"` | |
+| bbtests.cypress.resources.limits.cpu | int | `2` | |
+| bbtests.cypress.resources.limits.memory | string | `"8Gi"` | |
+| bbtests.cypress.artifacts | bool | `true` | |
+| bbtests.cypress.envs.cypress_vault_url | string | `"http://vault.vault.svc:8200"` | |
+| bbtests.cypress.secretEnvs[0].name | string | `"cypress_token"` | |
+| bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.name | string | `"vault-token"` | |
+| bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.key | string | `"key"` | |
+| bbtests.cypress.disableDefaultTests | bool | `false` | |
+| openshift | bool | `false` | |
## Contributing
@@ -395,4 +398,3 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
---
_This file is programatically generated using `helm-docs` and some BigBang-specific templates. The `gluon` repository has [instructions for regenerating package READMEs](https://repo1.dso.mil/big-bang/product/packages/gluon/-/blob/master/docs/bb-package-readme.md)._
-
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 99aa2ef5..6cd87135 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v2
name: vault
-version: '0.29.0-bb.0'
+version: '0.29.0-bb.1'
appVersion: 1.18.2
kubeVersion: ">= 1.20.0-0"
description: Official HashiCorp Vault Chart
--
GitLab
From 17f476909c2f355a87273328890c11d5760d7176 Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Wed, 4 Dec 2024 09:58:57 -0600
Subject: [PATCH 18/30] updated
---
chart/.github/workflows/acceptance.yaml | 11 ++--
chart/.github/workflows/tests.yaml | 2 +-
chart/CHANGELOG.md | 10 +++-
chart/Kptfile | 4 +-
chart/Makefile | 2 +-
chart/README.md | 2 +-
chart/test/unit/server-configmap.bats | 74 ++++++++++++++++++-------
7 files changed, 74 insertions(+), 31 deletions(-)
diff --git a/chart/.github/workflows/acceptance.yaml b/chart/.github/workflows/acceptance.yaml
index 12afe9ee..1b756284 100644
--- a/chart/.github/workflows/acceptance.yaml
+++ b/chart/.github/workflows/acceptance.yaml
@@ -8,10 +8,11 @@ jobs:
fail-fast: false
matrix:
kind-k8s-version:
- - 1.31.1
- - 1.30.4
- - 1.29.8
- - 1.28.13
+ - 1.31.2
+ - 1.30.6
+ - 1.29.10
+ - 1.28.15
+ - 1.27.16
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -22,7 +23,7 @@ jobs:
with:
config: test/kind/config.yaml
node_image: kindest/node:v${{ matrix.kind-k8s-version }}
- version: v0.24.0
+ version: v0.25.0
- run: bats --tap --timing ./test/acceptance
env:
VAULT_LICENSE_CI: ${{ secrets.VAULT_LICENSE_CI }}
diff --git a/chart/.github/workflows/tests.yaml b/chart/.github/workflows/tests.yaml
index 139c6154..65932fb6 100644
--- a/chart/.github/workflows/tests.yaml
+++ b/chart/.github/workflows/tests.yaml
@@ -20,6 +20,6 @@ jobs:
uses: ./.github/actions/setup-test-tools
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
- go-version: '1.22.8'
+ go-version: '1.22.9'
- run: go install "github.com/redhat-certification/chart-verifier@${CHART_VERIFIER_VERSION}"
- run: bats --tap --timing ./test/chart
diff --git a/chart/CHANGELOG.md b/chart/CHANGELOG.md
index 55750a23..920c6e03 100644
--- a/chart/CHANGELOG.md
+++ b/chart/CHANGELOG.md
@@ -1,13 +1,21 @@
## Unreleased
+## 0.29.1 (November 20, 2024)
+
+Bugs:
+* server: restore support for templated config [GH-1073](https://github.com/hashicorp/vault-helm/pull/1073)
+
## 0.29.0 (November 7, 2024)
+KNOWN ISSUES:
+* Template support in server config stopped working [GH-1072](https://github.com/hashicorp/vault-helm/issues/1072)
+
Changes:
* Default `vault` version updated to 1.18.1
* Default `vault-k8s` version updated to 1.5.0
* Default `vault-csi-provider` version updated to 1.5.0
-* Tested with Kubernetes versions 1.28-1.31
+* Tested with Kubernetes versions 1.27-1.31
Features:
diff --git a/chart/Kptfile b/chart/Kptfile
index df449144..c87736b0 100644
--- a/chart/Kptfile
+++ b/chart/Kptfile
@@ -5,7 +5,7 @@ metadata:
upstream:
type: git
git:
- commit: deb58795634ca2e073a00c757dad51b6e3c9fffc
+ commit: 272d04ee17098aae908364d331bd8c99118e0c5e
repo: https://github.com/hashicorp/vault-helm
directory: /
- ref: v0.29.0
+ ref: v0.29.1
diff --git a/chart/Makefile b/chart/Makefile
index 8d0b57c0..b7cb034e 100644
--- a/chart/Makefile
+++ b/chart/Makefile
@@ -14,7 +14,7 @@ LOCAL_ACCEPTANCE_TESTS?=false
KIND_CLUSTER_NAME?=vault-helm
# kind k8s version
-KIND_K8S_VERSION?=v1.31.1
+KIND_K8S_VERSION?=v1.31.2
# Generate json schema for chart values. See test/README.md for more details.
values-schema:
diff --git a/chart/README.md b/chart/README.md
index 2e58a67e..03e31b8b 100644
--- a/chart/README.md
+++ b/chart/README.md
@@ -21,7 +21,7 @@ this README. Please refer to the Kubernetes and Helm documentation.
The versions required are:
* **Helm 3.6+**
- * **Kubernetes 1.28+** - This is the earliest version of Kubernetes tested.
+ * **Kubernetes 1.27+** - This is the earliest version of Kubernetes tested.
It is possible that this chart works with earlier versions but it is
untested.
diff --git a/chart/test/unit/server-configmap.bats b/chart/test/unit/server-configmap.bats
index 90f69e1f..f70af832 100755
--- a/chart/test/unit/server-configmap.bats
+++ b/chart/test/unit/server-configmap.bats
@@ -57,6 +57,35 @@ load _helpers
[ "${actual}" = "true" ]
}
+@test "server/ConfigMap: raft config templated not JSON" {
+ cd `chart_dir`
+ local actual
+ actual=$(helm template \
+ --show-only templates/server-config-configmap.yaml \
+ --set 'server.ha.enabled=true' \
+ --set 'server.ha.raft.enabled=true' \
+ --set "server.ha.raft.config=hello = {{ .Chart.Name }}" \
+ . | tee /dev/stderr |
+ yq '.data' | tee /dev/stderr)
+ local check=$(echo "${actual}" | \
+ yq '."extraconfig-from-values.hcl" == "hello = vault\ndisable_mlock = true"')
+ [ "${check}" = "true" ]
+}
+
+@test "server/ConfigMap: raft config templated JSON" {
+ cd `chart_dir`
+ local actual
+ actual=$(helm template \
+ --show-only templates/server-config-configmap.yaml \
+ --set 'server.ha.enabled=true' \
+ --set 'server.ha.raft.enabled=true' \
+ --set "server.ha.raft.config=\{\"hello\": \"{{ .Chart.Name }}\"\}" \
+ . | tee /dev/stderr |
+ yq '.data' | tee /dev/stderr)
+ local check=$(echo "${actual}" | \
+ yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":true,\"hello\":\"vault\"}"')
+ [ "${check}" = "true" ]
+}
@test "server/ConfigMap: disabled by server.dev.enabled true" {
cd `chart_dir`
@@ -107,10 +136,11 @@ load _helpers
--set 'server.standalone.config=\{\"hello\": \"world\"\}' \
. | tee /dev/stderr |
yq '.data')
- [ "$(echo "${data}" | \
- yq '(. | length) == 1')" = "true" ]
- [ "$(echo "${data}" | \
- yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":true,\"hello\":\"world\"}"')" = 'true' ]
+ local checkLength=$(echo "${data}" | yq '(. | length) == 1')
+ [ "${checkLength}" = "true" ]
+ local checkExtraConfig=$(echo "${data}" | \
+ yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":true,\"hello\":\"world\"}"')
+ [ "${checkExtraConfig}" = 'true' ]
data=$(helm template \
--show-only templates/server-config-configmap.yaml \
@@ -118,10 +148,11 @@ load _helpers
--set 'server.standalone.config=\{\"foo\": \"bar\"\}' \
. | tee /dev/stderr |
yq '.data' | tee /dev/stderr)
- [ "$(echo "${data}" | \
- yq '(. | length) == 1')" = "true" ]
- [ "$(echo "${data}" | \
- yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":true,\"foo\":\"bar\"}"')" = 'true' ]
+ checkLength=$(echo "${data}" | yq '(. | length) == 1')
+ [ "${checkLength}" = "true" ]
+ checkExtraConfig=$(echo "${data}" | \
+ yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":true,\"foo\":\"bar\"}"')
+ [ "${checkExtraConfig}" = 'true' ]
data=$(helm template \
--show-only templates/server-config-configmap.yaml \
@@ -129,10 +160,11 @@ load _helpers
--set 'server.standalone.config=\{\"disable_mlock\": false\,\"foo\":\"bar\"\}' \
. | tee /dev/stderr |
yq '.data' | tee /dev/stderr)
- [ "$(echo "${data}" | \
- yq '(. | length) == 1')" = "true" ]
- [ "$(echo "${data}" | \
- yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":false,\"foo\":\"bar\"}"')" = 'true' ]
+ checkLength=$(echo "${data}" | yq '(. | length) == 1')
+ [ "${checkLength}" = "true" ]
+ checkExtraConfig=$(echo "${data}" | \
+ yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":false,\"foo\":\"bar\"}"')
+ [ "${checkExtraConfig}" = 'true' ]
}
@test "server/ConfigMap: standalone extraConfig is set as not JSON" {
@@ -173,10 +205,11 @@ load _helpers
--set 'server.ha.config=\{\"hello\": \"ha-world\"\}' \
. | tee /dev/stderr |
yq '.data' | tee /dev/stderr)
- [ "$(echo "${data}" | \
- yq '(. | length) == 1')" = "true" ]
- [ "$(echo "${data}" | \
- yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":true,\"hello\":\"ha-world\"}"')" = 'true' ]
+ local checkLength=$(echo "${data}" | yq '(. | length) == 1')
+ [ "${checkLength}" = "true" ]
+ local checkExtraConfig=$(echo "${data}" | \
+ yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":true,\"hello\":\"ha-world\"}"')
+ [ "$checkExtraConfig" = 'true' ]
data=$(helm template \
--show-only templates/server-config-configmap.yaml \
@@ -184,10 +217,11 @@ load _helpers
--set 'server.ha.config=\{\"foo\": \"bar\"\,\"disable_mlock\":false\}' \
. | tee /dev/stderr |
yq '.data' | tee /dev/stderr)
- [ "$(echo "${data}" | \
- yq '(. | length) == 1')" = "true" ]
- [ "$(echo "${data}" | \
- yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":false,\"foo\":\"bar\"}"')" = 'true' ]
+ checkLength=$(echo "${data}" | yq '(. | length) == 1')
+ [ "$checkLength" = "true" ]
+ checkExtraConfig=$(echo "${data}" | \
+ yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":false,\"foo\":\"bar\"}"')
+ [ "${checkExtraConfig}" = 'true' ]
}
@test "server/ConfigMap: disabled by injector.externalVaultAddr" {
--
GitLab
From 8ee74a2d2be1bfc8e519371a05bba74333883c50 Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Wed, 4 Dec 2024 10:13:32 -0600
Subject: [PATCH 19/30] updating image version
---
chart/values.yaml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/chart/values.yaml b/chart/values.yaml
index f66eda55..bf6582c0 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -75,7 +75,7 @@ injector:
# required.
agentImage:
repository: "registry1.dso.mil/ironbank/hashicorp/vault"
- tag: "1.18.1"
+ tag: "1.18.2"
# The default values for the injected Vault Agent containers.
agentDefaults:
@@ -392,7 +392,7 @@ server:
image:
repository: "registry1.dso.mil/ironbank/hashicorp/vault"
- tag: "1.18.1"
+ tag: "1.18.2"
# Overrides the default Image Pull Policy
pullPolicy: IfNotPresent
@@ -1242,7 +1242,7 @@ csi:
image:
repository: "registry1.dso.mil/ironbank/hashicorp/vault"
- tag: "1.18.1"
+ tag: "1.18.2"
pullPolicy: IfNotPresent
logFormat: standard
--
GitLab
From a0d9394cf61e33d0fa39eb19ed99745783bda713 Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Wed, 4 Dec 2024 10:21:11 -0600
Subject: [PATCH 20/30] fixing version
---
chart/values.openshift.yaml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/chart/values.openshift.yaml b/chart/values.openshift.yaml
index a1fb3461..282a84a2 100644
--- a/chart/values.openshift.yaml
+++ b/chart/values.openshift.yaml
@@ -13,12 +13,12 @@ injector:
agentImage:
repository: "registry.connect.redhat.com/hashicorp/vault"
- tag: "1.18.1-ubi"
+ tag: "1.18.2-ubi"
server:
image:
repository: "registry.connect.redhat.com/hashicorp/vault"
- tag: "1.18.1-ubi"
+ tag: "1.18.2-ubi"
readinessProbe:
path: "/v1/sys/health?uninitcode=204"
--
GitLab
From 91742687aa53a6bc178c2b82b63dd8ffedb53cb4 Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Wed, 4 Dec 2024 11:07:29 -0600
Subject: [PATCH 21/30] update dependency
---
chart/charts/minio-instance-6.0.3-bb.2.tgz | Bin 45476 -> 0 bytes
1 file changed, 0 insertions(+), 0 deletions(-)
delete mode 100644 chart/charts/minio-instance-6.0.3-bb.2.tgz
diff --git a/chart/charts/minio-instance-6.0.3-bb.2.tgz b/chart/charts/minio-instance-6.0.3-bb.2.tgz
deleted file mode 100644
index 41a91ae9768a6a2bd540c88b82c6fe838a24122d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 45476
zcmV);K!(2`iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0POvFciXnMFb<!;wbuC#c<4TF>^7oCPkNu;bsfh^oH({?IZ4yr
z9tR>J2{lD904Q5Yb3glUVIsjnlcyxDc+N^K64=<-z#g!%u`$9SCRH3V4nq&s_J@#i
zcLGPjzwYj-*X#AIc3b|pUa#l>+i17j|7x_iwwtYXqq)8HuX>~1Xm0)s)b9|7sZY!}
zr2nelx~+WYzLN)rA>oi?60%MOfF2(7U^sAnG_JuY3a}@?y+xGCBH*tI0030MYcX#+
z;OyY&V6S`NHtWrHwZ2uYx6d29)n>g~-}$Wqzz_u^mkn!p1P92f9l{an06F*M8vta9
z4xng&8K;wm>oekxa8SdPggqEu)<}dxMq=urnyje)?aaX-ZH+{TLQZIvVIO&r-n`*F
zq|SKDt-H+%jIbtD2aLtfDET=POCLoj^ik+x#5xs&?;watSOI{dh%n3vopb>4aHm!)
z;;M(O0>Id`Sa&zwcEv}`qd4O7)gE|(f)VfpkAps;Vh|5cz=`foWk^K3L(U`CsfoV2
zm{hPQs%Br-C{hGrH9Q*B0x}@A*N4Z4Cl^<Q`Xfj$-6$MXF408%mVIKJP&h!9Dj>Z-
zk;kj)i*Bnjf;i+5hlt9;XasT40X`c4x1_i$r->qq#Q8Be484jqixLS|(TE8!2I&Fj
z!?@>qWRx4g3ZF!%1FVT&N$4krv{mi(+-Bu#^XPp(rSd-@-sK&(F-QK_Tg|P4{BJZ?
z^8X>8`;<L+fEe!pHiXU1txl`uZEt)1Mjvf9cM)p#+naE+@Ao%%w>;GB_uJ6#^?I9)
zogLWQZSFLC^~UzD*KBNW)myt;JAP$=LczAk?*K>1(cNmJabDl*G`Bm=ZFjf5wcXxs
zZvE!`tvU8?pB(>>VGtvB#|GeR{@-dgw+i-OYrDDP|A%<i*1%KLhjGAx8hdFN$XNl*
ztN<QGQaiepwKZ@|IO+gS019C*Kp>6=6#58|ey-YMz=tSIz~TUbA!Go8Fdp>~6&3V1
zK7<@x;UEA#B%1J1M3E<09pF$v0sWZA6uIE3{(?yeJQ(`eha53gcL>J_z!0P+t*Gsh
z(Flc{2@4NWABO`8kmC{RQ#eAhzkUkVtyFv>?2(Rb3|A^^;GO6Vr!jhL`h1Q;C_pPp
zFc33I1_A$V+x<})$%%ah_RpTm)(kmiSq%akD85@+1Ls2od_63hE?^{xe17)kK=cY~
ziU5iN1Q~KGS(Jn=ui<qh&XtO7>4VQ-Dh$yv_RyZ^kvQa{!W!sC$isasC^|%Zh$w(S
zmjh501Z+s+z!w<FejvXB^k2Fq0cbC6OiUH%`{F->Fgb7)0P={5`hoyL6&Z5ok>ErS
z+m&Sx`yeD7FvI~2eT|DCs2VG%0AU6a1p;Db=0QIW0{NYzQ4~Oq5<}B*Dsm*S9Gt{L
z_0<rPQ3N@*=l>PvLkY6!*4^D?U;vPv>60KJSE5zZ70gk{lF_ATM8<Ny=ZChk271VY
zVr~iO#&!im82W)^o|HU3iUKkb^Ic4mwtFop(nAvx`mPyqHPnY8M>K>%Qa3crkmX_*
zBs4JeDjk`aAvwk#2}9(`5mM8?PsvCUN3*gQ#Ec`F9Xmbm{KpxXvK>PqZt+9`iyY2+
z5KqR4QtYe21VCB)`>OrJ(+U6)p}Yfj>$~+z1v8FGhHv^XU}8QDA@xy+{El2Q7Cr;u
z#f+2DUd)Gt;!koapOOGen+p8?hb*&}EJPhBrb0C&f+Pb+f6eo&c`Hbx*#ZC(^B##q
z|D3{pAA7Qq$!j8ecy{pouzP;?{^I2L=)Gg%)m79y2syP8DnV&L$RI#Y^0^Er3oGk4
z07Jr**hycBwYLH()?S%U0a4Pn1706=UtApgdVX+rymyo-BL=4gqS786&~CSK-vEdx
z;lv|B2b>>u3tv@V<*G3AO{`{vSfTUuSk)8afSAThhFn2o5tM69gPW{XF}UE+!x0Ru
z?`H0c?gzDy)ntVlgX)iJT3<Og^6gurP}aQdP+6#XwH#(p{ZY05HM~@1Fh$6yvKt{*
zO_truVwluSQO&>_qX5yRsikTygN&*nkVxu|xT&!Qy60zy`{&?iuqU_)kT95lQOsi)
zi0KHpVp?7J^x*9EVYhqu_8_UyBYX&=0182gu9Y^MQhy|QUNtE6F9{h5P)<N4{V!@*
z00P)ULHct5Il6)qtM^hKR@sDcG^z>pS1GW0RZk1|^Jn0`RZ9nDJb^C?tWh~i02_fT
zf4~TTEqtpm!Z*OVG9sZ^4C8Q6swa|3)&XhBN+m@6iqOkMBa~J3NXRJ(P6HUCee6@Q
zhL-=U)hhtta6l1bM~VcBL{ZeyUDjVUMdVkd%Ru1^^nEPI3WJP(sz?{-5cj#ksFHDJ
zszKJizj3o7Y;@&2ROY5wLf}wBt|)_6*%<n(pi5#_85y;<2F|oEA<+hM#-GE1Fdlqz
z6$S+Qx*?&&5LMpVit*Z3l=M!06id60m8^$@xt?qQqBu}gn{>co|CsPoiWmxcMRjIh
z>RS8>rPDxKQ;HszWhRPSGew&;c_1*H2$?h%rmX3e>a|1!Fyv9hT~*DCDMcX<CQ9az
z5b5t$RR&lbiK#3Nb_wY;4uY;MrzoigNVi%wRaFy*eX$hqhRBZtF%B%X*}xD{^w<n`
zMEumM^)ZVe7qvidV%10hxe4?VGjKjcV-IHFB|kdgGmy)PwY6kX@ha{i8X~c1)Fe{Y
zzgU3^CWJU-ddi`2EM||irpJ(Cx!Uze*vEsID(U1Va5XTojJuAI$CWXxmZabkO=L5^
zuI{36Y+4gbg0hw*AYlQyN<5^k+JiNkD1nB;aWzxO>h>8ST%sUXx|0x&um^)+qSv9}
zKrZqm`l5tbXvnpUfhS5(0Yj1H4MWsgEKcN5efS{o`S3w<uw3>-5MaiIeO}r-NjV9|
zbpalUo(i$iNnQg0o)S4L)XGOJK|*2R`LQQug#}iR1JFyAK1P8LWCe~wUoY8`eo+`<
zANXjD0uo8AB%3lx3c)}rZqEn>=o*e9rCSq(J>sKkFCgA!rvoN%6xe7lFfvktdmdu!
z6`EKwQK=s>6zTg$v!$UcFh!144S5v#tg32PrZg}Wx}GYBeMRYHx(hx>axteC({gCF
z<425p%!EWDeE>s%uCbzFk;gcZV9MvYl#&U%rz|xCp5)n4%(xH<Q2;%$rVo8Yfve=L
zn<2R?%OiK-CP1sRM#o}k*@$LU&B-4=q+I;rLyE6<W~KfS={v!QNhXlY3>b$TDSy<`
zG+AgevLOmGvypMZz)vBEol3eGN_)@&e^o2?DoJCi_Vdn8PR=jhbPvvc7JrF9j`v<4
z%qf4m*X_PLIeVJaF)u8<%sA-ToESohtR@i%1dAq;%N9pU5}gtftg{W}BgD)mmJ(11
zfe*I#ts|>2@c(k#nLhE%TIe#FYqdCHoFX`?QPf8ig&s<Gem&~DLp}=DB0_@y`fzcf
zJST)AfWtnaBkkY|0TjwQ?n#*><&>ylmJG79iN7mxi)L)AQ=$H9+5lonX9XBn*A_EF
ztk!%O2;DCh2alz?4<?}D%Fn*g<+v9M#gzHp1{!e#?3i$^4>Rs2pCG1`v@#>K-%E^!
z^zc~i3+pY{oU6Cund(Icw9N`!lR&hrte?~oCE6F=wAOGP`J!4cshuU^m;~_%F#tJ-
z(prcREzmU~tE-{tTBnGr_vLtsmOL0i5A%tHtEvHtKE{agDUF#n82*GhpizI0r-1&T
zx5oDa$gH`V&dg-WdL;Bv#92+(F#oN3qAFrFIWsu{kTK$6VM|I4Xo!<KL>0L+(@JrX
zLhG=vU8Z{@_=$wzAb^Zx4?Gc42XwiZ_v;5wx*K4>dkB1r$A~7CPo*0ZjNl~#ET+gv
zzU#h{bB@Qbt1)*kcVzeaj87uufCy4JLL5;o-n$lQ+~gxmFa}SF$2w&@|0(&Z3=dch
zUa>0bv8u;#RUusK1*BISL9ymn^tBoo`DXYm433SXxHyo;I5LB2JH!_nQZg3HP;^xj
zYe%85#K=`u@C2(_E98<v<^-I+-A|}eM8R0bQ?Z5*jIL$s8?50H=ql&HU0|vpEsSL1
zl_<k6!E-MJkWx4ig6YFK36Qciz%pp-RgFLxjj=R=Yr-huRT%nJo&a4K^^DMA!r<XT
zAv55M89&0IcDWl#t~adYY7BamFa`t#5d|UfQ35u_gmu90;E$4F+Y2Y)!!hv@=%N65
zoX}g)05XOLVKpLtRp60!Uuw4nx}GsFlLc<f)Ygh5j6qT;wuCrWL+lMRBmgAjM8C%z
zcret<{@FOl#cvkSNGx&HR!F*LHfUrP$JUOITq5@&PUN?MWhgvvib}-;`_hdwnK>F9
zvP(H8(i%gO^4dT~)EW*Z$AeX+;*ft=4SY37gaR0HoV-nE;4;H^`<bhD4Pgj|D2PBr
z(O9nu<)#Smh;mPb0|h}2vK$(@J5|C0rbAhpgMC9XV8Z8&#h_3K@Cb8e1?DAGHQN<Q
z*qw1`f&@bP27nP7NpDy)F)_sBMX@kD>h)3bQnh%4s+r!L69180nZ;C$qQDwm^R(nU
z(NDDvFP$Rn5=WANR8(PjjD)>3!i>pX{UHno2=pe(;z+^t*>g(bXkUI;jyM1rI0?@P
z;jb}MJY%*>HUEj_Aw`@|QaI>3LZNI`P&$BgkXUd`nMVQPa?Qp@!g%lFARXGZHSpw#
z4uQ~d6Kcc`wVzS@=paRcU=8DWppU^oVE<T-wC;*g&zf@kig4E0#^D}&!-N?sU}fJ+
z2)PgaS#NE^b%2wlo0A28Oyt+h77CCyZx08UW0aXRJ|&U;TNwI#M@Li4TT9%2=w`cq
z3%O&6Sk==n(F0;K=n#*9OavEeiIQ?xYCXOuF&M!K2$AyNjfk&3Tr64Ni`NKoFd;ED
zTSWH!7Xz$ZFNt6>4J1u=?`+6t43`vNrxcHIfClJ*c`(p>uJ$(OO@~#^TaS#QQ%VGj
z*d^6Q`&k@vJVH+s2RB&EJc>v_1{2VYD1yF_GmKMV=-kFo(m<<B0u__Q04=wdQm=v9
zS$i1ENg=5^ZuNVL9hF`A>R<?{H~qnfeKXn2KrBYSlr3sh)l;j<0z-)|&L$Jk0P<@k
z+aEuY;XD!KLvS@jLYpAUFylf6zcp)ks>{jv7>0dR;Nf+)A)1w?P9Yz5Ku!6ja?N$)
zo@z|Pd7W=wX<o5nLJatj!;GW)3epgVgRGnSoFeTk`S2k@K)b>}d|+`;|JL#YGJr>;
zm`fk3pt_JG#!$@r`~VQ<p(vpBVn!52gz;)>0c!W`L<=#w`QYQebY7`WDqR(#D~Vi0
zQ8jV0CVd6QjV|=(7&0DA01iDW7xBs+BzF*H3{-%wjm#5GQpDmw#va9CM3Ij@)lC6h
z`99_B&@}0Qn)qN1QDRgu0Kq9GBgBU&W>qWPig^@9YSYAz2o5>W#7`|{G466UAWpHz
zriSg9=%2cBC#At7f=|k^Lf1NK%0ranKK6vXNcg|#wY7@nU4CZq3N7hp>BjS;uJ%E*
z$9ire=nVl1ITc10rHDl&^p&-oINC+)N8M!W@Di!PiQ-;>y$se7#M<wbIw4h@mkj0V
zO*AiX0>+36Oa)*a-X$Fa((mU5Sh}-KNF8Aa?C&uRQcqqo!d&^61Tu1BX6s4NDRK;q
zuw?h%MC~kSs_*YT)=k)Wh?ytWJ<591JSxNniG^iv^;vcVn?O%J4n;4q8b2{Wcj+qD
zp`H=)geX<bo1X2%eMGr&h8uCe@MKwjq9l8rx0*30$+&98AorgI$n4P~0Ao&4Z=*fZ
zS%8K4qW1EBgrWbVbQ*s6pjSM5F(-m%A3lh-B~xb>#*9PCl|fHpF1na)>8lRAL87qt
znSRo7qd7W?sZL@ZsU9U<Fcv}>QA#KSxUUyKA>qOxWJ)URTLY;h75N0L@9%ABkA>zq
z8KS97i0Q)wfHakbhKL|jlW2d>g!m@diU}vz(AaDtN@O6HpxqRh9E>gs`qeHTgvfuK
zgr}+n)2W`E`?iQ!a*Pty#cDbtr;0+4PUPV@HB?Msz$6A$tPzmzH4_tIQ)KF{k86)0
zW`J=N$$^6bBVt7wBC$GvRPAdG0@9P)@sd2q7t&MnvDD;(W)UT0VXjD|M#z_DYDQj`
zkY2hodNB_CG;-G)LagG>MPoS`R4ReMf!ggA94z|h*>a}`S(cs6mVyc95yX@c1~Qx>
zPyy6BG;3`Q%w6vBfYnAYgacvD^MF-xScO%+>XJ}$;=tDLYiqf90IArdh`JJnl9Q|J
z<hHwA@WzB5C=hz%VxNpgBs^A8P0BZ+6~7=-wN%czX~6Z<<8FSB%TMB4B#O9iwE-|Q
z%?OUxQ^9vLa7IwZp8V*lP%Rx7<Fc{mW}+A+B!QN)Y4Q;=O4{@h<kH$n4|%8^L=_Sc
zS^{2)%xSx=&kUeD6sHC`BTUV2B|UqwcZvAZ<E}jqRCu4|rB|KmK07}xZanW9^{RIS
zfI33kQ^6s~?3U`5B#rcm17Gb;>wqsgP7D(<{gqvPuxubna!z`pqZL$}nca7V<&glO
zx?(=80TL-gJyV{dfph`HtcoDx)kbM~-8mx%3bZMj9y-ilYLbi~GTdOIs$zyHn@1}}
zFJZ-Kb43SLuuRC&{>gFo<mljHZ-4)w+r4;o@IF~}nNQt={j-B}^GPWx?VK@&j&8w(
z8A$ackQ9hWWb;&zuJTjjzZP;y26N2zTg9AE3<Fk^3!r`+RILNYwH{>Ht0tcq;<dGi
z_|;JYy&6fMozyq#Ps>Ma1qrBGwy(UN&I$DqMgAFr{=^Zp);Wa~1_25j8H8Y=Z+wEL
zK-$YAJVv1))+r^u*$#x+?z!}Rpg~qCf<BgiNmDJ3s*z~K)~hCl*4hLBroL-Om}Wu*
zDUtw{9F_7_A}>}5vX+667k(ek3`P&x-P(-)CICTFdsesA2_hAZp-<45MKYU0iv(_g
z7+r<sS0_bE16}y$1HT5&gkq@x1F9@Q^urPEBX8mb2n-3iT+r!gdCihPtAT-3m5|cz
zB}LS9)TQ#+JjGNhpuAmYxr%gbbPMdA9!g<m{BU~wrMKybK>rC0VCW%gv|1`<4;85_
ziLMO>eONOYKR*NLvDsmPoTE`BZ6-=$j?6IyWswqQ<6=xmVeY0FRMUO@59-*9w7%5B
z4qZn?pM0}B>lSL7BM{|vHC@t1pAbG&Rvk;Ch&cftK1e01!unKweSE6GA#$=<WYgt<
zK2UilETc(R)yE#y3`!i;etPCG^*CjZb(VNtr%fw)Ml%8Rh-vqka=7IJpJn;-h|kn(
zXYWlbZ6^IWq7AE%K|zMbC9ji%Mg{vU-FKAQfD8s&N?6z#!`fDn<@4=NM#2vtWQCXA
zljEu~r3GmNGGN772161~MkHpslKPE5O|9@T#z^}pSR7HITr|!pLVKZ!>lC(C2_C|<
zhfJR#WlIEq{s1l&027U@qUWl0Pz~*q2cqm}N5)$^9p~`)*@^SmL6pA2q3?7Y=dr`_
z2ss_6S#LJ0^>($seco(z+Pj@r%iV6*>zg~9?cLv;$IeKsYzLy~UJw{>dfe0Jau|@u
zL|`B(#$suSiG}IJ5v-*tljk%&rC%csr6XDT6qxip$hBp1sKo@-$St_+31o#yMno!q
zv1d2I%$a60QHeD>b7<tT-1Ge@!Mt3q`o+o-hxx62us$_Qjrx~Ugfc;CYN~I@Q$*vu
zZF)+vbnGNsE&zwVaS;sVUOk9(8Rd%=%dEr+<>@^nQH-Jhay*vXVMLw<PmN6DDVBz;
z+A3B3(h(9`yeoZcO9!8Lv7k=Mr#|9BKhJUn*jhH_@|qBurZ3fqBB6%F`!(}Y?ORE?
zlA}saBxW`s&92i@ftNadKnduQRgln>BXe>+7t)fd6BC6XeLhmSYR_lStXkw2i1zj5
zz@%)Tdr(-tS-sQ|t9tiMS%{Wi5z14nzVddc6<e((oGgYp8X3QUYGM&-m0#{EoaBxi
z>*UwK>Z3kMrkAt!ZeIlXu*OMkq>~C*I@%mfQ9c|U&~LorMw3Zrx$eS;4+UC^)uZTG
z8KE`ChT7^dTwY;{ss8Gq3)baIFA#b_u%8_#eTgR4st+iMxnc3qR7r7(m?(CM4Bgh&
zz@dyok$pBV%{#F`;BWxe3B>~}<Yo^I;TRLT@mL~ipE3~tPfpvdDcajd?motF;wI8c
zW1@=5b9L%G-A=W!b>3)KTf5b!JWrR$M<oja>(KX+4`5#yp!b5_f2(vvX=#(DsNZXB
z!v0pH(P;1P>^A$Y&26{?cX$0p&+~VB{Y@XD?MAETZ?(O~CfY*1=61j5_jY#rUbDW_
zQxI)j79!MKGR-)7D8JiUK(-iQ53&wusu$U#W7c60==)SI{5spM?N)+Jz^rp3muS)f
zH9m?2zBLuR?_Q#bitC2L_#|aJNGSwQ`egGUJjzP|SnkpkKt##)#6G$Lu#ZBnqE%Eb
zgXGH)K_AgfVS~Z1)$@Q=_vNNzbstfll3|2HtBQs`>3|<Tt1~UH4!ReIPY;gI56|C!
zF$F#74Utt1T}PN^@r2=|12#u>X1|QXm?2+`ck((Q0~-*f!t71Yi2(p(AM*|%{l0m3
zi6$~c!K$|=#f!CClWT)M1MAOlfIwGD6L}V6L!RXbA8{FlB7~l$pzTw2QbJ*M>LZEZ
zlgCGsHe-eW1Qfvlyn5ZWzw}uKIUwT?I>2#j0(r+8eqSy~2%Wg#6`G{WdD%l>suCH3
z2aX8`XDJ?17Mvyr0^PK^v9N11V`2Ot9pDHl+NsrKndy%5&Q7ylceDz5E0>1`h7H#`
z$m=*t#~L@Pu9cK<K^Ix+6|b(YT!}+OiCB^+wgn0~q7lUm)zYj5H5~frT6)0k<|B&w
z___le<05u|iKt4@cvX9=%enesn><M^sVqq>XOli(q0WG)(wVs&MO3b?75FGR6DG7r
zk>nN_utj?ZV?L~DXoc<w?&|>O|GhtXa|ZTKPtQ({4#444@Z#X?;J+L*mEMz>CMd{%
z4xeVBFujYFgQT3nHozP(wfj{7M-dkSys^oodN(RP4ml2zd^Li2@~|H#fTF7Cryz~o
z6jSOf4OsvIVJt&mA$HB*_MB5u5@xSAXHSg8YpWr%={7CmA=@h{+Z{(YS&+r5VLK{d
zT9ce8WXr^^<IDtaW4a`Gm>_R~Hybo@z_D0PpB}tcN0;~aGTWs#EMbtvn)+*+?CM>X
z<VEg@5XHpThpDNwgh|X3gyq)I5P6pXbEZMM*<M6)wcDsOFneZ6Fie4cWMBa}fY=s$
zYXDy5rLLMxd+)k>ax>-jr*cFk`%jSyc`)fV2{RE_B~bN_x>i4V7<=!!)mN{(IavX(
zm<#2(GHKH44JB;~(<}`AQGd(zH6!MoS)ET}$K+F$M}s>#;I7#sYijHSo+^(~rcJY>
zmavj(Q++TQs&W{ZHj_s3U@u23%b^;qAfOz)!>38kEfm&#Bnh8v$LS%;w(5c>Y0iXo
zoa9a0$RyXY8?m>g-8_nx`0r$TZhcT*GPQP<$<H$A6^EwKh&jie5W~pqcU`cjcJf}?
z2IpEv2b9&)QoghnCzmL+B}-C^A$2}MmH_K9izV9|HM?P%|EHF{?$`#qqb>H5fQv8=
zv?^4hvHaVbz*=XlAXW-KK-9|h)$8u#WE?R|?Skqhn&{Rq(ZqIv*r!U2N2~nk(3*9!
z#ZXR^+shqyQEL|BPkkS9T=K2t;MiK}DZsV-vAeZdUhmTL6>4#oiM6k1UZ<h<+4uQK
zd-<iGDXv_=RiLu<*g0S#;;*v}wflNxr!!iUsR{aobU+VMolwT|ku${OsIcjq^_ZI^
zR5DAY6~toVHkAL*PCXfwdFoZbgsNhvWYTHUrIG8KgD;#UtJ)Np^=Bs#%9iVxi*XuO
zq!Xu40}6u(hq~Pm^J&F;F`M+rb*JIBT5d!4{|pa?9E9XbMo*c8942_hBC0%crMC}y
z$>B3WB`kwoF4HsKCcscPp~G5C=#ktg>md{Z<-D+(6Xvv`=;gi!_xwpFNa+njpeqm0
zQ{Nob1=4jXN1W*h>g))u6^|h^4MP!l+9~DIQ?>b1tmOv>OHX#%5@DJ^m?95mh=UTL
zG=s;d9-%5fO*7>z&D4`L`BPPEYv70sx(HHlC^ufGv!`C#FUOYw888JLM)(%2nay?I
z8MocG+t@BLV+pCtC%}D;b@{|vWTGn1NOIof-g*Cq+&`25*T5-Zd_a*c=Q9&b4Sdh^
zbJ}<ZxJMzK)FKT|7tf6K(gM}E<@W=KN9Q_6ZhF>hl-mr`wwIM1^yV^7*PSEjbc@ro
zGJwQ{d`<l92{&Q-pCRbKqnM+U&_mX@lC!p8%6VH0fevUSCud9eYWkV%Ja0|suBrSr
zgTtmC%b${Dp_tZShVWhN1nchZZs}>p!u#^WjQxE1Z$leYbc)4JX+q1C%XP8h{47Yc
zvH_9aAv0)0!njGvn8x%f?`kdi`&=HuJe8ijsR=^w8^5Y<c2PXnWWcpL@I&F5;h!Wo
zw-{OD6T+bv#6Gfj|1CFm!h4mqG)P9?ev=9rx3ZRPr&C!I65+3k+8D5J^J%DempJr0
zdI724sH3hY5&Re<^(GOC6}_lb8<?Lz10N57qt*fraO`Yu4sb*%M~LKgos|^)1xAPt
z5LoxI$2T^>moJq<MlZ9=l1=B8y1mPDc|DS&^JrGNB!|}{lP2y_rPAwhBm0UOOec|H
z1OOoAxDP$fEY>Lq)S@Vrc?O)OW2qOFj=*U@$L4K5X~6=OP&iI1Xgn`s8g#%Ty&3TN
zb26WtY<^+aB#3u_3;qI};t}}r#Z2tZjEY)7of673b!!0`;P8==R21<83q7;nZO}~I
z7)kf!+0SQ`jBFK@r1d*P{j6%z3BIjtx0wuiYW}GNd0)ObnX1xxl1CtqVB($mS_s+*
zsLQT2F>i9En3uaxY`0q9J+E(9H(S+4{kOtoQVer?a(3PUk9O*hGOu5pbkEZ%rde+G
zsHfrT-`a4eG4@}7oWJ&+DSxLYcmI#kw5)b~a(>Wt`8B_N8}sgethY9E_y25eHCwCu
ze;(rb{JE+Oq%2daT<GVS>pX-BCAe3!sPSs5^QI=GKxaHo&L7ASYX7lHVE{vU=Dyk|
z^h&G*g&D`i0-VNSsI#gIgm7QkO4gR0Q*v5Qop*8tt`z_-;~w&O0IJnA0r%(6;0O0i
z-^6m9y#Defiw7HfHLGVvyMx_!yVVi@2>9pnG9%0|w_=M;Fe&88c2=XgEmOBQR87$%
zfCQqFr1ybkeYf6GcbF`OWfn<MQ6U-n0!J|b`p>UDIaklUKU3xZ#SjG%qRi#dZLflx
zBmcMC+uJ$$zqQ$FujKzjJfA<;egtDY>PX*o9|uURXn!6FvUo$(0YBEHOsM@>Ik=8=
zcK6KHOY%Bdx1!5cfv>_}^UEQ%hN?;-sEf&6N>^PuDr42f8YvDvu+`GbrEc8s<7?nl
zRZSzB#NP_1eRcE}W^RU>fR8Z@R4y18MG{-L@(wBJvOE`U2+UcMF^-W@<`|SZTCGk9
zL5kG66X|=*FazuQh=4wZEqAvg<ZZZ>!@jw@O94r8ZK#`f)pcY%d*oZ5wMwqFnorJj
zS(=jc2MM|Jb17}pVz{4Tq^e|;k1naoX1~lEA5}*xI~zzuamf3?`M<3Cf0>hmsW4a&
zvL5^5JeV>!^ZBXf(^V_gYM!?FK3J4>bRFkD=C4umf5$m&Xk9j!XU>^Bpt#iyF>&<O
zwW13q`%xm>ln-=)?ufz*&Kdo;b})j!WZbqe`kbE};9T6OV=`leIRe!uG&#I97jsod
z0XA2*%ic)0<unJE?yswi#u<JvwcBx|8*z=1iTj2Od&y1d;v0-2H+$wLxmZ}3zlAD)
zfsZlaC}+DCq3AP+)!sw_GE>SN+$^Q4*{d;hJz12d`EFNBaY}r{)2L@$kEOMZ*_Q3k
zv05K2G(|KcEzGL-I#Wy||IisTt^4;ra~71f`QEDTo}ti3R7ig556s=9WY!aI<qeYu
zV`d;sB_s!|10Q=FI1-+dI3^;<hb|{BA0qWiqQ=oRcfb#FcVr%cO#>NINSM2a3^;06
z#R0DBhGo9+C@^nb-6F^uJGsK^y7XUwllO2GY?Rf@F1C~D1D@akcml%#*puM|FVrdw
z$aD<g1)@k<<QZj_H+%ATvg(W{+9806&H@159J&>Kopbsry<b+Ub9{~b1h}IQ8JGjs
z>0P!u5|PbUle*5aoSqhA>tW8`W9;gECP^T5i&4hJv{w@A*@<QE+-xM^b?dHuJ#0=6
zSbr9%tZqI@uDTtK;!s7eC!36lil&*bMqah;R88qiXu<DpWv9yd)@BtgMz0D=wcD+V
z%@5M8bjL(hu~rX8SQz0VHFq+-`u;s+Q~f_M!scd4cLGPZ@d3^8|Fqi8dd~l|-Q3<@
z`F|eb$w^-`;$rR_(JKvzG!{Z9PsHKCT-GygR8(NZp{iX;Lm;f^hnz^!UTm!nGg}Zg
z655E81(R5m&swp{ZS@d`J_<Q#7nJK9&~}ChSvnirvS1@7)@^1}`S2PAr5JQ0$TX!J
zQwE6};w1MFi^5dqik?{>fNJ(~+)PdR#S~P9C2p4GY}ZOKO}Bv44yC_sLn+g_<Ohud
z6ChI6kwn(iu{$C@rfte?jWiAp@?j=Iud3sYrofW<zpXBTOmNbSN}@o%Vh?(kDD(>f
zg6ZY^*(ZA~ZuXHGsta$E39+0`Uk?cf>u415$#VK##U2&0u<lc@mg8Tvk*7hJ4IrIf
zIabj4n<S8KlK(L~$veRL(Vab!oYhSF=gp+mmgiLauZIUc7!GO!3i~jGRUfipk3i}#
zZw}6}|LX0nT>M9~+1Og`|2@c)lc#Co#cAeWV(h6zY_DNdV(#fhX>sm2*=zDGfoQcH
zS|Jdr*(aG+L%c{Jc7W4xDyDVSZ1U0llgXSXn%{x@OeT_ejyP~qoN8sY9FVvA{+>c&
zF8^c3F_CE-2*sbIbu7=eVwsdeDzO3N=n76`&Vx@nTdgf5=EZ-tTe<!JR%2^(YsLQ$
z@o4^sp`V&2V#E{n&%PZ(>Z1_(Q$Cw`f7@$UvL4Bl)w72sg?~u-zw<M2WNDp0(8(4O
z-(B0umH3^Vnxl&(6?8kN@>+<_&wxb%=2pRC>py2Jxfk_Z^MwM9!rq)MI?cHhO#r!a
z?ja71MBOVe*`$0aZ4j=`V8DW)Ee|nE)~{yQLCINpDcq4Icx4Kh)VPG6N+-2<bae90
zUbj_cIxn+=Q^D2NnWiM6O((mu{2?dvwb4p(=-~(knc_|+QBN&owLE|tgS8oC%4Jn`
zD%EPWq66Tne_Kgk{@hCbXI;-Fl3zXZ?7!`;t(^R?x7&@C{C|k&ZsmXSS?$2sYG9rq
zTuKI(PQ0RN`ArGD%<8{{S||3#t*SFc7A_1atuxhty#xNA#`eiGm;dwe|IMwf`fC06
zAkX*A|9=a%zdgGz!sb(-Tk(Gq-7(uEG>`wcnyozl*XyhEKM(SV*;4xvs3;zAC<a^d
zpt@-WBL;q~*()p|D1IoH6hF)n71_n$w9@MCxuO^ls91R1pKP&?*etq+%4`CfT|@EC
z@*y=v!NNkLETs8C$N$#+Po}zkl4q{|Z|C`cd%L~4;{S(u?n(d4nQ?zSTAX;_uN9z3
zbsH-{LAaR}a4Y^FqX5zQ0$@J>=l#F+Msv0Pe~{;%_+QP8`x5{qGw=JA0Ge305dj*+
z@-kpS{?{(kgOJl%EB*3kuKnL==J$V_TlE$HKg3gJ|98{DE?)rLNK(w&3(8slIRq9l
z`>m+NDZ48c&^t2w@6_u5N?Q$!^1n*hdb3F2`Ro6@|F6+(to(lu@|5zw8tl7d{3Tgc
zAuxqYbLZTudT!>qw#c)EXp#hGl3;GeAu7Y|B<4L5hyJ;`=Tay7R#pV@(JU=pTJ<$4
zoIrWN@t@28ssM~|b$ru<0CV`ivE9za|2ON~Tg?^!Kg6>nbKB<vmgnoYnDQ6~S`(ME
z_f%H26Y+idB4*@*7JruKrCGmtJ897Ilv9gAa!9rGlz<(!pHR>~)Bx<02GdIZ1?C)b
zC~aou0f)Iw+qIMSn^Vs}m@pn=5S5vE0&EiQBLP*X9eGHOCd`6mol=m1<Vj8NLkYAb
zsJp6eDYoNDe8e~o)%|Fhu;De39x@wc51HvxW0}Kb=5U$LizN?(*ay)vu&peq*<kUK
zIPEYV^$^V-_AMMvvocIBqe>Q(|C9u%heIESgR0D$IK+KkWuCW)N|?X?%gg`vR%7M=
zeUK+7Jd&}^hyBtX^xTXWuyFcoUxj6zkpMkWQ)TMTt&ZTDI;$$;i_RbkBdjwnPsO2P
zGV@v}BrQHtp@W^Ife!P$4h$zT_8(PPtS&@XzMRF{GOfv?mLX|c(tN4I%UEZcW_n~X
z>em|o1^NHRw%@<z^M7-@-N@U2%@zMY%(JBZR~F#=)oj4;(*8?QqAz3v=1MPb2O0o3
zw*|`}+>t$42m!yPO=#fV$S#yy0JdEiQ=GNL%x#-GS@gJB8zD}y$7))inZ)J`TbRiS
z*BfOYzmeg%V3u+Xsc&vl)q5hnTq_Zx9tyd>^EiEE0u*^ig7sQZyQ^<oY}Z@M(|u|B
z-oFL^jgDQK&UKFbpR511M6W{5p*I|%kXL1b40-9oVn)F{`@dCh=k5P?W99#OkY{22
zKXqjw%wjLZt`~a!%zEHh&78et;yg{}O^Mo9$9%kSQLoNF>5#@fK8y0d2?wmD_pMZO
zpQZ|fdHlawjQ?sjSN#7VkKX^;^L=JtrK5*7jRNgKrmh(stIKKB-q64E*}HT-6Cq?B
zBL24>`>7%}<ng^J6;oX7=+A%8%|!F>tng7=EdNgB&A&6}=yc4I-uL~tGG70!^ry_^
zW=iO7U6ar4hujwLzbn;h_1~6E`u8`mv|s31p8tb@T$w$$D)T6e!~o1P1m^Ak)SLPB
z|JG{#|3FWP{-4If<@Uki*`YElSz-Z{&#WcGx+3CR*Xw<eZ$x|NlPFCrWb#xcDVU0p
zTuGbVOq>`fj}-&Tu~3?#GfiwzG1k7n4A72sQE$bp7Lu++lyKsapaahLPb=1P0yH+&
z%?@)*HR~&5>L2?oFaMX%3pm&QEAIa^>Z|+@5ArN*zum2rw`S3j0)7dJt>k}RU`nyK
zTTeVwdD%EugQWW7Zy+|8=6{`Sx9X#CQbh~NfqDGDwUv+m-P~-i;{P7xd2s&E&L5p2
zPEVv;*m{L1{wb_`U>ZV}7~$kbLS(a55Fu}#o|dI4%s9`oAm#wM?+kUf<Nw7Bfw}(Q
z&HVarb9;6E=V6|&%l|hs0dAzBzc!)2(PwG?S8`Jra0^F-%=Q1Y^ZP%o?dB@~_k%oN
z$^K7g(XDwuRphoRSHE!dBp}{pc5l_gKFvhw=R56@kW&(z1~5eX*r)l7vzlh;<KhsU
zy1Z_)UaLEKXlvl)_~<>5h$eTU%bO4a68p(@^5F0^Qw?2vC@Sn4S3zTI*KKaLUH#u$
zt69K334bVYjV1Qc-(YRCdgebjmH+C@`C=Mip8dDo%CG<0t@_IU{~*s2{{Oqy0V;{Z
ztyg~Y7J6%7Pc)ZYf<(Y499`mYi8bI&UH`I&H}m?>fmi0zYBw6ouM?N%{~-!SRgM@p
z+yA%D|JG;~&VO%hZm#@45Aw)lw!I#gMu)W@Z(jYCT(2cBWlQqk8llkn8LST>dxa(`
z7)O6}Hth4GKUi|)2D^?L_`OM^bY9=RFUnjkVVdXw-HWL*s9?C>%4oeigY^c+YTi(t
zX`;?DPZOEGy1C)*o~7l#iqn%kb4UAsjjip1{nu!(;=dl``R3w3)cm^ly}_HBU^+}y
ziOWcc%Ny8tcEXS;MAuz8GUq-_v{|G6W$J!}r5(&QiSla2M1J35t5YU1xrc$ick}<g
zZTvf#5Hie1Lh`2#Zez3FXx_cPyP5o7?l9oo_5XH$|EE=NuGaq#@_cjhpOdT#&}YNG
z`!K+7LU9zu$I|?tOTE8H1js!8FXn&SYOLb_ALe=R{h!kL^BwE|%#91vly|$?Y?j(!
zUw!?$JpU)*%nOHs&ei|*eEjF;W^<MQ{Xw1^=>Pe51m6A-z&!>3f8Egk*-JKkfvP@I
zK6B-Ehf-r{{!gg0xDRL^|8F+7^8TOg_KN=><oQbRA2_Urcdqrb{GG7^EN0KLyJ5y<
zqDu0mzvm#cx%?j?L}i|B6msmr#ZUdG&piHbH}m}8Y_IJ9hj~hq#!TUQXX*u(j%NN-
zgy>#ouFQx4HOcRmkpUxaH1CvLtD=BA(kWG!%kuu!ZSk-1Oyz%_r)1f)US-c5{%^MH
z`Sbtv#`Y@z`-41r{@0_O&-1mo{x=G^Ja==});0IDra5s0Ix_9fG=%K5S%Ep}k!G$c
zPr{W+ku?+i%rsdGH)JP<pV^%Ly&pivj+5l``L~^E39;r39yf$agl0+NtZ8+Gp_3%s
zO1+P|wv}PaSVa=Yzre?saFh=|NH7);Lmovu?O6KT&bOB7Wbz}qcf+8URROuqhyrQ5
zX|gZ5qJn&wS;ST4tC{dbfqeL`cqc5-xfMmBeB~bWE>Y;`qj>f1UH<hljFf%K5=?<K
zFoe)NKo3!l`$C5!SBH7*#hmOT%E5X_I9Nxch)-r!GiSR*ovs|>jg5T&?OuuDVN-jc
z=Rv><G|a=82VxaCVn0*$Kf2}=Rw+_f+T5r9uQ#@~i}^oS=f5B1DQW~c@MmV+)B8)N
zr@*B0@(2g4%Md|FW(abC3mlJx99?q<{IId&xo`8C%Kw*03gbQ=#8lcpRi&qIAPDBJ
z{|o;A#`f0A|Mwt|wg7xQ0FF}P4sb3Jb0qhsqwjz|6v}s9iwW=-7$G`9is_YRw^s<`
z^x7pcYf6>_g$Y*S(u_KZ;KvwM7^gTKJk?c%MTDp>FQ;Ic8FZ;4SyPZn%C20-+V9z8
zcel?}{#PW;j?n$w|I%zW^ZWmeW@E+w5AtaKUrz%E1-r6DU-uynfU^b;&dyHGI^dBh
z@CaZAd=yb6jC~(49C`?hH{H71*p%CeL&!i6p%73sB4gyc;8Z&HK+F($l&l!!{8B>V
z5fJkbLEm+9=7PpjE<Ex}4hz6^tV>&CLlOr*=pn!mpVp@6N|8ECU{R!;067IEND&yt
zJcdCq0qEKbVur^kOS+p-F4K!roY&_P*G1QuaU9y+Tu$VF{+v@ZHhc#-DqFJS%+xY7
zw1id<C>(ddUsbsPMAvd7_4VQL;mO6>$;tV}o9@Bc&qdu~qvEQwVz1C7@6afMJKgJc
z-<_O2od;5leh#D|&)OQ;Q^(Upfj*(&H4YC?z_|n@?;jOkFVSQ^5fj{JQ}Qp++iIiG
zQ$1T-)1x*G0fqiT2qZmS906;>u9gN5`pnV)w^{Zl&usnQs&6-P_dhnaTAQo&|ARcX
z0GD&Y9pO+q^qX3mYY|W?%@;|1U+#F<DfW%<If+!V-(UhF$e4ER15Si?hEWt?<cnW2
zTR(>!_2Ymc4kF^SvI{=ai?z(@!<=l6h<}v3fupKY{^|w8^a|PZzwIebYwcHEm!eV!
z^*HI#NWGkLH`0a*dk;b@Snu*u8Jw!l=Wg=IcensH6GmKGZ2l&SSu#%Vm}x6bUMgml
za<R|8KqFVf#7X7ai{z~byY+g#xb2XIAcM(J2RNL@$SEx_M7DWiHKN0=9N-K&kDPo{
z(>5w>5((&j93W~NIO;}G^QCAZO|Mk4&4fpAAo?dP5c#)DQA8N#gigShFP-$gj|Yfx
z>rk(L&*1=k`QjK@r*RPIdrcFJ<Oe~L<eLMW!~QYhrxY<1@(iz=&L`lCHl8k>E1`He
zON{wIGUJfiGE(B0uA*>^DG5hnT8|;cV!DFN@|Gngq<&F`%zWGRhZ)8z01+X@-8dyB
z<R=HL2bl2<AsUj6IOYCe*8ET}9MDcVEstrQNa7ijARZxhifC6tNK5Cx<UrelO5>2@
z5lZ$a^Nr-cr;W_3S=cL7SnUT8kIuDeVnt(GDk-}UB;Hye<vdU{W}HwsK$cw9erucH
z>d9^WR?GH&8_gNW17JAR-hfKvg2H4fEoA*%8EXP8P`d;nvyymCe8jRlf>m&ap#P3y
zj!r_)-abn<fwC3M@$bU!r9#cZ6@L==HR{iCVYIEGfpf-Wk@47>F&w$(%*9<LEv114
zw{3)z0MVpRdBz67`hFM9g~U&ymP>nP7r2WCVP9V9GASQ0{qZguO6Fi`OX&=~X;Zil
zbQ%jcjdR;K`&V}Cg8ijqrB+xEP$+{L>;fC04!(Q=pTErQV4=;DZr-qOvpegNkV6~_
zxj(Jf(~1<kKdt2AbeN9LJrX3tu@MQ#VA72!g8n`U8K)43d>a2wDSd;9nE5#(amY_i
zK#DR;%_|2uHRXs(#3_q=*~0pTC@Pd;aUrIuod#?O8{UL$z%*#1(CxB9Q+vBLD+p^Q
z3JV}`v*vT*EGfydh~$dp)-}d$zHW!SY{(x6*Ab?Zy#P^uKBR~ZN#JYDr+t<<ED3As
zl8m(+;Phhe67i?U-NJe-bxcbuHE}1imYY;6ckY`*ZeZMYTW<4l#v9#7kjE6U3=rj$
zc1jR7#g*-l)JX@!6qwr=YbIHBd@_Q#)Q-?!=1rLbcdGSm_u2VrDU#{ul9^)Rs5(;=
zCi?wUv}Q&#D$p^LD}o$g`Svzovuq)L?aP%<fwt+VrJ9R~{~CsHfW*oyzv?Xc=m6&w
zQWyj%m?qVPEXE;X#qm$R+=e0n9-~s|=EH4(GY%<_qXKOG{&slxkvH)IRD!tvavShM
zB{8Hg_AL@8`+4bx67i-0?5WGO^Gl!N*X){kdd=*dO#DMe=vh;;@XY~^Wcg{+F(88h
z4vP$<-`{Gss6M^cE8*g-$$r1p@P^}}Dh|gt9>|DdBJI1fC2ZlNP5&A7W_2LFQtqwt
zbriZ&C~+Hl<$=AHm%-0%Qx&^0RcD0mXcAo-t!ujtFA<ySI!wP6-G}M7)P-1}#HH4d
z#rd<)3@WH%ilP8}P`Se-3g(Rr^GQO!FA=kyipDwQ6e5qDlpZ<PXWGH^L*Cn5-rF)e
zHgAh8Z^@P}8VZej0Y)L8*>t|h(haYz$*p1;d9Jo;)Q!sWl1M&8;MMEy<7A>>2At7E
z9r>zWqKTsiXp$ZS5R}$0=1_Q+FJQhWVA`x&&Xux|BV}4siDSg_%Iu}i60<&xh(G0R
z$Z_FI#+CH@A7y=-?O|KQzqTOprux?Ac-E$YpQ6^~oGE@Qn?9Dy;}WsyE}pp#9@XSx
z&W%#$obTwlfe6U`%=dP#k7scYkB+gN>E!|Q-8_k&y0x=sYf)#9^&?f9VY2y>m~~?L
zh*^G{meUwXFl%ezG${)h;&D{insqZaWJcYJX=`skinnv*T?V!3YIHW4rm~j0Z?hab
z`(qwSd6jp0pUjth6(6(9eHcLx^U3okg?ib~SzTVb6OutSS6~rZE-nvmM%!6!&l8b%
z-{LYF?e1Hju~U#&hqp6<GOf<uf3a2O-M77%nQ}v}ouUwJhM21t^SaJ#ro`bMd&BhR
za28~yf}51g@~Q^$oD$`)m=8l1Ed_E+!ZSknVqkRP6hwbPB>F`RW^0Rp4CbqeBQoeB
zNWCH0J3XACDFQMmsEB|J7Sat0k-Jt3rHw2(pKsmXjpWs>TYWG&rJ8$S0j2x6yxzMt
zT^H7OOD&{gA189F%(@V4Bn!<nF8rQ>k>fzWSI&e}`snwj@?wD-^`Xo3yGcE!S`SO)
zwR+_7N>xbyS&rN6J<pu&X1Y4fZkrQ_Go2PC)f^dLSMIG;Pgz*coM}<o$zu3Txe=**
zUxKSE02D3D(qVbnxSF|0rw6wUIMa`1=JKLZ7nOy_Y2LcfYJ9n1mU}^AvGA766uf0n
zQrh-1p+onB!7>3^_d@>pAzHU+cA5#TIcvW8Jk@|Mn9vEx1<mK80X+*ssqvgQpM_nT
zeCjU%y2K=&O|!dNZzxzdTxd+Kyub>>B2j@r%Pkmyj{kp<eXh^9%BnEq{14;m-)g-0
zRj;Mbyz~Ftja>f!#`acYmH+QSp3in(k3kTV&{g+rd6P(9^r$w<Mlf>87*UG-WZx9H
z=G>2{QLNx32Vs5G$03?iS`@ZTKU>0oo{@dTD2amHw-}?4!KAFGG!8>V7wx7hZC!CT
zqm#O<EP7vEyy5sS!v9yocD;oNn9Kjg{C}<1D*xYuJX5)Xc@#%{arV!bpUM4&!e5Q~
zH71Mkex~qj*3TCG7CB!%IsSKtC>Y^ENGQ6qDK<a<cRv4bqupw)^#6lAYv2@ej%X+k
z+p3WVS3?wnUW@}DhXW8n?-C9Wb1Q4$e25ufaU@gO12#lK00sf+snohS96SaT1(4%0
zl9>^$_b~J;Yam1em6>NfqNtCrk+0T%|7XJmCt)xFB$PD;N+3cM1UN))#eLen=yF0)
zWex0;(TIfL?S2>dn6ipHz`Q2^Rp?jT-X~g<|C$%WK~4N)ezI{`O9AzucNs^Zj|0Ri
zKf3HHs{H8o;AQ1Umye>#kN;a)18*V4Bxd07=>e;_5hZ^jk5^pmBUn@ADEYJEj+sY%
zRQrx{807f>Rm24y?zWA2{NLJa=lH+1*<9)W2YKxC|CbSWeKf9(8!(85(4=$GbD|^z
zfH#DcSK^3qil9uWuadJ2Fs}gduTpRx8I3USfc9piQSa^g+i0uhLAbNI?L)ZL+TPys
z>YKj51vmX|wCnHc9i@oqq@bNzZGibO?ztWr>9ga+zH!ILR5}4C9eKyD&RwCw^gCd@
z<<{NScf^$s_vHBh>|pQd>jQV>-(?$f_`lg~=GXtN_GV+n{}1u3>D}o6^Lv0j6f*S3
zy5TuI8n|qTQQ*rg2|ef!P)(Pr?ma&}`oGQk+g7y~#Au^Z`CY<EYpXOO8vru^!3#VX
zf>T8MgpQy*OVkqz6m<2L1XVfzeGrE}qTu=Q8z34Ow*a9)tVgK}4rLVS-sz!`ClTbh
z7odu?9ri}>6A3}LrEj4&8y)5nRPcr&-AzuET?2*!qsYPthkXher?JOlisU~12ny2$
zfdD}oY8wUy6OKJrfuXPRlBjDA<cV`|Md)QfpwHY&<(U8=j42;+hy&yUpLp>Ih00?N
zB9+l=j2Y(O_aUMd<$dBYS7l?tq_$D19EO|{KlWsr#H#gFD$*j8f*AA&;fzxlv230Y
z5&{T*f0bNNq#EkfYMDEWHh@mT0b(Z1K0ZX?_ZKJ_rFaS9>ayX6F$uv)p3R|drLwQ%
zsSTk;MJdBG=%#3Y`0$|z*|0J+<pA`3m9`}j`pGItr=$^;DwTbTAQuQi(?2;0WP|%s
zA(b?DB8FJ@NTHXUWs^119!}LWHBJ$#ji4Zqq(kyWPH`5??Z18;1QU7g4F&=7AM2QC
z0J8%k3EasMLDvG+YH}e4&`B6W2L7i4K((sC6$&W28MP;=q^5-|E*P*4j){-5Sgh;u
z-f+P=5mP7}C>oidZMnV79s>?9MHd1>E&)`@GlVVtyZSC2LyJ(b7m!|tf(qZ71!lut
zDd~rOa{AwgY}g}^`sSj~<c0euBjL^3n5q98+pW!_|F5~Z%K!Nw&*usN&cy{qA7e}r
zb2{L6<&@GpVUDoqoepp!7^1*=Y+hquyzD_b0Bk^$zku-orSE0ZnGSHCKnil7#%i4*
zzN+INUmh>f)RcCf->{7Vg?$*pLM!>#Njv!uR!ci>-QBuLmne*erA^td7w(cUK~z9S
zz9B0twb0sW$v3OXhFf>*H|QJVkQW>4X5JQiRsrA-@i`NE(9umg0cJdzpeZ5%IKrmm
zhXPXLar)LGNXIHYn`H8PoShBHr!SAqUui4q<hP^tkFC~+*e`jDJreGdfKUOS4tj9C
z{uneHjmMz5x%n70HY`LEve{YS{(nHG17LQ!v^!c@8;sRP_a7BKc#e;hUs_XLnFD%i
zgQuo8sDi8&Uz3eF$j3a_S7#6+ekh35Xl>S;>Xn$k=Y#|tM@|RS<x5G>Fb)Fsi|f!8
zQE{ueyS=mB*sV9V+VX3F!^;v$BuFQ)HmBx*C}+((<wAc8Da(=FxkM;B$D{mkI2;a`
zHKBlZzZ>fP@wmuhMm^>ytYm@`q&?^jk!YL5+@ip&`I$0Sku}q~`NQY5`j=$9Q`p&&
zPRZ043p#y*KhvtV`dFS<MlgzSm?IR(@SiS8qAbH^K1xThKt+%s!)>|%MJx_@X=OnZ
zbS=I)$F)7D@cm2f&6hm*grqD&9)>{{gkAlQj2z%5=|-_r&WQMGlo0jAs&0UCy>b{w
zQITv#!ii~OM8bd~6qb=k-KwExP`<mF-+xr55W<N=ENSR--(<YAMO!)*(rvKhB%wXG
z1{C|JBuf%UjO~^M<I3rPmi7DEhywk4B7PS@%emdKc$y<RhC!Zl5($yA=m=gvg&dv|
znX9J*8ug^L(ut`^{#p;BqOOIW6k_IUNW#p=KV!yme_}qvm=pUmq1Y_*%RW=&#~wN<
zWfsSSfmfU}&IrNKnL14+PqPf4gJjN#_wsl`=}>FF`ka54>04o#q97jN@NM1%vIHv~
zAfD|<rkm(m1{%<Uf|TDP$qF2g(E0|bf)Tu4mxB2sBtE)`C=qMz3z-o^6uMx@Bcabe
z|4Dj3|Bv&7O89y4C+V^OalUM1X(Amy+`zwJh+@RDMbv7Dm*HkjNGD%OeR&3DylTc0
z5i=GIQ0PBP8vp#+thv5?$pTW@N45M<J9=UFG+TqBzEr`^UiQ6^KY}ak>Btu~8y=x&
zl#KEmCf;|4xL;6O9CK*_IBz0R#wqAXY5A2Jj4NH3fccy1LfB&@i1~M;340Tc?pO!5
z=IFrIVmfeZ^IKDbkRteXm0$oF|EDQI7LP!00@jVT*Z^7;vepHsu;0ht1w|ghW8`1R
z>Ab8Klq<T-N4;{D^qQg=%f78Nqt=Y)gu?)ITi{#`5I78bBo6)WL07I+;y0`krN2n}
ziPC@S?(X)+_opW3Efu#GQ<IzZGBxQmM$Vn8$(%A95{f^Oki+0ERN67&$70gohh}3#
za+PEbRrgmErFXW}Ye+9q!G~sR$*-dcIf*XU8;=2tM_L8y{mTnaAM3q{<#GIrK1FDz
zF3f7w+bj@g>p^Q8f*WYUrF2=Vem}}=Kc*Cg9K4aV1?C8KQJ1L=no?y30}Pq;db5m~
z<@A)ZHbX_}WIaORfDa{WX5OQ+;`gZygCOIO5-*-p=nHXRJG2%TblW*Ww>wwR4YBW|
zu&d@_zV~Xeu#-wVIft@n!117j={+^DMLr+F>yqLl98QrOC6YoIKqaLUfn^=F`(g`f
zRB+vkmsi+Vb0K*f%4B>vOf2+_)le?OVJ3_6G$br<Zl2Whq+BEr5_2OKEjP38izBCQ
zO-53-^#fw<iz$(FlF_W`#|V0;j6E2K-esW`Asr&*AK|drp}Sh3XmPAk7z-ghKo@cf
zEFpx;1!YkR=4Ip?hWw&X0y%*>OETIv-0zD?%ri95^D9?jwkQ=ghmfNK1fElJ#jQ<V
zo@|$WwwVi3<QLhC5z2Gkbjev4M&#kp$7AfrsU`cRD6X@+%-8T5=NQJMs?K)DGHo;d
zzjV7YSGrt8B%+|iXq>=nG-Fo&@WT+Y;VUGhr9)&OVW-{Lou<W=@tU1P!VoH83gp@I
zCy=3nW>zAxP+ZBx!fUI?Wk%Wj&NS=acxMV+G$~FW7~nyf%8>7m&^ST5Vgt>a4&Urr
z_d9fs=8Mm2fT0nt`jB2$g$SC_&`v$yOy+lHaaqO<ceaAu%o$dVMVFAxSxd!IQ^LnA
z3Si>;>_LXT8NScETQ1()HlX10H=(d@rNYVc>{nj;jo`Jk7G%z(!~?4B4J9<$1;d}v
zg^wAhxEBke-u-sqy?Q-m=khMkue9jX;rW83z$R&N)t5v7mP+r{j$Z<1<=&LfS5<0v
zsLC>gGJaAv6qfm&YPosaiOt4hT5ju`3#wV|C+5cK!S)mFV46M-(1j6~gkF#cg=+Es
zz3(G_&wGa_5emVxr|f&!F<j}|Z1umfu3b_cegn}pttr~Dz0!s&ZMax;4MQRSdqmcJ
z&l=H+ra6iEcN0#tQjXc`e`DpiT8J*DdYdcNyHdSM^<H5<Bryl;4AC*7j|*y8E>Q>M
zf|8iy5Um!bUt0}7CweGWOH=i%wC_s$8UXjGeVcQ%Z~kQER=M)sY^{{<>S(1t=AOjQ
z3N6bnNEpmfv3ILs@9%8o_pD$~<S2lyG>BG8Ry`{vyHc_Sz*khVdFS#JCA+)Qu`3;$
z*ReikmwzJ_tCW@MkGyz~0UYY|g8Qn=e*-Q2RCMfn(7`KJ`%hN2GE8@Zf`DAjYG!*=
zr6#;}Q*%^%!{l}U_B8xFCw4w$c#4MK+WLE``0wXD>o=_L<+XR~@?W{9tiqG?(aMXS
zj{5!%rOs5xTDu;{qaLDw^uZH-xM&IGnma|BPJnI;98juWI{_XHc}_%$5@-4v)U=F}
z%Z16ZI+I#BlUfvm3!F(!U5z(6lUg`_djE$~ZK<<5mHOSEN|i!bZ7gnpbqYDUS>~MI
zf4I01wJ(gI{39=%my)i{nbK7r5k1pbf!{xWRvq~A<&PW5-G@8d+HJ|J8M64FL5_eW
z;#Y@UZ*|DE)oM($3citZp^um8OmkXil;QssI+L?I3;c9%r(9R24Y()MW+!Lb6i$WS
z#J1V4uWXx@ZS#%WHuK_^AKtF%qL6>DHjTu6WzVeanUy`WfIYK{MM%J`Hb~^Nibc5J
zfWMsrXyt`l1tYA25vB$F_4|L9aD?wV)<6xzD&%jaW~~mb)NBgi8w&ZGqGq>uR%&*o
zX3Jy#R$A87_!hM6Dx`0vO1}eDx(eyb7Pz~RzTI*S-u|0qgjt33-OH5|nJ7Nx`JH(v
z{d>P@Vx~qe1of%3q2Gmiy}Ko>5u{Vpj-{HWipTFfuk?~i;I40-UDj3Fn35uMr}QqN
zfA+nz|HRBBO41Jz4Afdi(BJ}k9FH-dT!b(rvoD;zg^<6``)19q`**sE!y^Q`IP?%W
zf{cR~2nJwJ56Vj6tQ1a3FTa+;$vX|FDx7aFC-X|-<i_a%6^>d{tdz|+sBF3(3~!`t
zR&l**THZdcw^7dt-9~esncpnnvB0UNRb=lfviBQ_?0pO)yaCp6=urfj72!*@T$tr~
zdeG=zBku*qGj6b%C95Ais#gnF8PmH8>3x8Z-kfc@is=2WB6?Sr40te0CiCLPrp$I@
zWy-8fneWAvK~jdSESfv8Xrwq^*)=P>W@Xph!mer5-A2o8xXsPZZoOUyPY;d`&JT)V
zu7!fn56;UR+l6wcCtX>v7sP0)A(T;i-;f=Y+s#lhc3~0-Adl|>lU)PA&<6~K9KaC?
z2LJ|vP8FzxEHD8Q>=wHssi(Y*Ddze5ja^rtX4p068+N<%?7F;%s(BN$uCe{q%sMJ8
z_ikwf>Q^)QN;XKo11oUzA7TYsC)1??rY`ij#R>HrY<DcYr!m_iJQT$R`rwHaZVM#o
zNw+(6NCD?jYVrCpl{;r<<Ksf6j$3N`qdiyu-+qv8m?CM>QJ6>OMRNu``9^H<6n~jE
z;GDvc^{r&MD@**AmUy%AH%c1NY)m)BzkWx)nic+!@(0c}8w>8h8`+IJ?XPAxuH1nu
zci^;(R%Mu_l7>vjTrPaa+u~M*4onB40ptT50zI<<LqT7@1~d*A@blfm&RUEH(h<4@
z5oVkST$DO8mQp!jmnF@Uha}C+gBEvA6*Fg;2g7jrNwfcr7^GrwaX45Rpm$|}?zFeQ
zIrr&}4bYwT_BY;{Z^sDzR(-J#VT0yfm#xMPOwjGG=ek^(p#OLi)N*r42bT#!_M%wd
z$1pR{`VM_u`=@Wf8wLkRC6xS*GGZPRAAtn@l}&M1HbtY}ZvAccmmBqVdu3FlrB|M<
zg*{t0Gb^@MX2r^^_*!N~iA6yX!#)c6#R!cEoy^)fyQvBBT0#bI*!Oiyh_oLP+*c;V
z1DO!t-^SR=hFIAU(uUZXXG7#Y6Yb(*>jg}R)#ljBg!mRr2$?c6X0yX>ZgJ-OHX9<+
z*w}{=^e~^;R!8UaXMy*(Z+<+bc#J@%A1edo&O+pO{zid0t(|W#Mt)^}BwxQB^P}Lx
zxRL#_(_GmfEBoW?+8>#$)qRT41(x?jd{Z{aGl~#6lz4r=76=1YH&zD70~jFR-5$!y
z{#f9Mp2_K+J6Y$HC$-jx)Jh63egbcH^1yG#@X4LdOB3{xP!deYN(LfC^)Wnk^~_g4
ze0K{wZRr4(cJU^U1<u}my_5<Me)cZg{lC-UyMKyVmk)Sh6XwAnxS$C7OD0<QddKe0
z5cEM;Va^shYj+Q+1*a(P+YG`L#eC+aFn1Vl^iH(32ob-z({ysb&>+6Dl<#b>aAz|+
z@ILbJ2nH-mr-wB=ow{?UCUj%xTaVNJ225x;hB$z|pwx&iq_Bt?@|QNCvzqPuw4ndi
zrg71Qc@x`s=bvL5|83J!{8KDr%O30F09_bvC-j0uC|vxmz9mkRMJNQ%o_>GU*E1X-
z@H8RN$_l%~Oa{%VR#?G+csO6?UE5*J##ak%U#Kfz%?kS`9WdL@86nMf&Irl-=Qg)*
zV1sP8zM2uT+D84yTNQa%4<;AX8$x>jDX#8fXH_cuv;85Y%LbHB(FHdo+10H{wq&2*
zE!yXA$}BrPSs7xh$hFnZan|6fXt0851wV>jH|lBt9p(+u2&P)ARadY1MDdjm>7^>k
zp>>V6S}i&WXfDMX$6@LKaste_HRnDXd@UnL`6uivCcPl`(Oyun51dgPa9nt+8N{~q
zO4Ph1Nj}DiPNvv?>f>8|$C~BeN(tAn-VM-owivs_(Hk0cC!tqVrdmi?h~~L8Gt$9Z
z>#Da>!z?rD848fcOGI0G$ye@9v19<vlf6{T+%z}0RvACugW;WnkNP;o#t|v`^+L(N
z^*>3^R((0AWsaIMzfbXXeqQEhW=`^!%Zp^j=1Q9>YbkIW-?CY2&D+eVCzE*=1#E5I
z<uLRi_1{8@VJ|?xNC2fIE}8SCvwrrxFW0SR8ho^ySJFz%r!PvR;88kzoW3#_oRC~q
zTSm(|oalE>rdou(OO)OQY5I~FN46?VM4|lAvVU0V@|{iV?}q)ORky!b`oC%Y-SAZ}
z|1fw9v(*~uxvkiMw`{<6E6uk3BMtL$wtX94gG+{FpGcSrz0|Byp)gM&8}<mK3XI{?
z^TFt4_%RH%ei$b@q_I=^@~`jtky5T|@@~~QVw}~yNkkE2HPl44dZVh!1Z03imqo~P
zy@~rLTfB{Wy<XpHx8;B9^?Lrlje4W?uSR=oyV+_tn%i6dsyCbU*5<!J{XRQxo|th+
z|5d+rTlvm?Cy&w@J+%JlwHRe^Bu4qsW6+O7Pw?#ehLkLruRq!!BJUE+EG8ar;*K%H
ze0^WdA{T|@^+z!c9&J1Zp8;2Ue;v@+tk>({%Z9F2tAS@Y2ml`<5Hm!D?nogH5MO_U
z!zkvzWB+FddLCj-7`}fz+Hi%8&9<h#U!uvQjmMvT6u?Ob)W2+0O4^DbV^@UwQ`=(5
zqliy$OMRc!))Da_M=A?`+#6vo8y0qXu2J#o(T1xEt#ADQ_2(4QTSRexqVXOeAcYse
z3^*^yC^56Vi7P*>Z@6qo;=o^jgg!oc3?3;Fw@*Sw0`y437qW4q@@1p)wWs3h`3g^|
z{Ewh_2?wYe5bx6clacUtZOoMaLe$sWS^3}C+T7e;$^VCVgw#&#bUFIU#1TW^#{sgI
z%X(q`F~&6Gop$teNtf`BWxYE-icsjI(8DOV$k%3uX!$>lmRoo0Sp!+y=#F#^j))%z
zh}HgEUT4i}UOt+|vdWx>yXn^LMJ*%2SS}fzA?Fe6)M^wBFynOMhSBIx<`O!{fv#2c
zA5{s><%3U-wR-1hKrx>vzY5%JG^>QX+o!>Ar;P^Qd44$R{(1i5{fnc^@w2C=?VYgO
z{;64ShtGSBGyH4q-LLOoj9%_F4-XG_YpD73-CNk(Kj`}Jwuevl4nDm&`}ii@J$dtX
z{L9Zj=a=~~zb<o7IM6!=7Ij1IX#209>u$r{U5vKc@Y9zROrfqAs>Thdn+0C0n!l<N
z;Cup~zr*8~!ArdJ+tcgj)$^09hTl7iU%Y(v=KZhRy?2xDRcm`Y48rFp?^?st-P-Fn
zuMXLP|Lb|}eK>e`{nj5G@4q;EGI|y~!O_7_o3-X|zXcfrPoJysid7jNgiV3Z|JL1Y
z*WOzcpWA94yF1x09%Lxcv;2SSZljs|Oh!E%BEQNwMNqE${<o3YO_A<$t~Rrr{}rUN
z9ehroP&7ug3J1zpA{yCp8@VE*st-AopPOzg3qg#T>>K1UMH+)v76Z(x!t(JUrEroU
zS<e=+x**0g(}>U_qK`Nn;Qpk_U|+SgnVCz{?J`2LEvB(;xQ$)AK!m7tX@(xEhSI(0
z{700^AoEey-f|mtx1CwP!#=9^;(lN4HvMNak0&SbU|97Cxx^B||FqqP+sc%P!w>~2
zz5gTVooPJQtH%HANK)sWU-Q@%Y%Rm8*W-R~suXNmy<eJ71>{;){--KI&F4^d*?aQo
zbTBx1`+mO{J|DdOsqT-S`0r|Ld;7P`y^~)L_ZydCcjp)muAct+gdXoVj^bbWFE0^3
z-U@yiZ3mx5FE}J`u4*2C`O5!z`FwMGK@Rm%FCIv;xAL<gAU<S6mxNwArj2EZT+4hi
zt(D8irn|i~-6h0YRsFXrVazA^{<A+ny??)l+vmeR{$-3m(PzJ)@%j0$FL=2B@m(Kn
zUpMxKg9GNBf7<%3chu{XqqC#acyRv9<Ov^c^>=<dID7l1J9+ow+0)wgySU98zb;7d
z5leV)A!16VuIYJRI$w9(#<ts7o^%%IT2=n1YGBPLp?7la{mOo6vTJ;GIl1&-ejHDp
zb$@z&^vmhd_|U%^ZU$R}<H63yXIt#2{q0}7mj~}oe*5#)PrnY|{O12OdOv>gw$|9G
z51L-M?;Qs1puTl__4CipTv9L`lJHM<anXmDs45o5Qw^FON#q;SrL3J=we)pWHZ-4T
z^~-Mj>d(Dy{hU5OdRc#6`)TJje0KSq{WAP5da@N=pNz)c)~lUo?+>?|uWGgTBfn4H
z?f%;Qc*^!(4I87&tLx`aH$UOtE^9nHe1`n3gPp-*MEmq9m^OoiZfo6~OaihbjQFD}
zfz2ny%lEH$u6GZfKWl8YdIyuC|ME$6*8Jty#@S{F_g}u)--*4Kli+3RYPYuk_6cN{
z{x3W4K0fL1ydM2R{l?|lII6++d3Wc<%b$AJpU$>_d-?vCMMyD$@uy%aB^vdcn7|g~
zT2=kGs$eZ3jKZyV@ApS_{_A)r+PeH{Z|8K}d-{BPt99@+dP2@Wz3}&b`la^z+185|
zgVFOp_eZ<Op9p*zdM~@X{LQOwyicC8-Cti^zkknuc{;d0+q%43!~mWyq_R@S`Edb3
z1qTC)29Tqw*)u5@@{JqNHwU{`&A+Kixbtb<KHNU{>y3}`yV_Yqy#6tqJoBHuy=;8!
z#$;GO*nUZSXD=ID;fs3X#qia$Uv_p5k3a5q{hvaAyZPzk*`yoL-6x}`dpp;`!ON}j
z%h&Y%-eQ8^3lJ2>oQkp$8X#{9ih5j|ds^e#tGh)lp`ArWD`dDjb1|5;;1(XK6s{Ph
z^jB5Fn?FLet*hF8vvE3V>}|u}Fb@tlk8!Q}a_iZ%UygThV}Jaqb@^iN$=+V?YPU76
z9S7rA{@as}pSJh+-+ijJ@VNFe3eLI*2fyvKemy)nZfufqh8yNkZxJ(6_6so&Mrb<u
z?DfJ@<kNr+{q)bOggBpogIB-)xw&^lU%mU~h`oQl`)6=|Hae?azY5~(7jJ+1ZTFXh
ztK-ALe*bl&7GIsd-j6@MeH#upM_1?mPbcw{-@L2t;p^T<#*W{ejT*thX5$yQplu_h
zMzyb&z{0|BiYavS>6_H($DwaW4#<}=4Qy%-FdxP}*CV4Ei%7`C3}iU;1?A~5W{VE1
z*}yCt)Xf_$;Zv|?Nac^}=3?vjkMYZ2ehtpMZ=N4Dk6!F{-~38;-d?fyZAM@?9FVP}
z<L+pueb6|1;vMX;)=B*;^6}ZH$=U9w+Hb$Td>y=gH*RfzJUQv@M*hp-^_zoN&wg2g
zBNmn?GA3jeL)<{}r*IAN)Gx^n3rPG=y(hbL|K;9!gZBQ!Z=d#>!;i0?y*Pe<bUomg
zJI8O%u77JC{&w~B|6}jXnp9P{wZZ%P6)V=|M>(ZOB5I!skxo$o5dkY=MbJ0Ww?dsd
zzr8}u&YYP!N%vfPe<$MHWb%SO>Ui7HJp*C!ZGE=%qr6B{C4|<eGq9wyz>#7$hhexo
z%-74nJ+5Sh@kg%smz8f~XKCw}^~;(M{TpV49hmXyt@!@$r#bSEF*=A@+QFv>CiszF
zE$!gaouwU2t_Z*GN70+^z^=$=i0$*);4O`{MQu_yB1m<r95_+z8wxob*cRIEHd9Gq
zHv$BoN#Rh3#;_`qRK>I%T;$*pD|w5kG%mfL1+OCgBna*$jPEMf`v8g&i;?G+SylZy
z0`w&W#;i*>OTYY_uIqk0z3%#9-~9|bORFZX-&Q*M=woiM*RHFYJkQGdgP_hY#!r<(
zpNt>y2mCe!dhGbAQs^>%suY@B5q>>>!t<0pODVXaBe!1>;k3_qj;*JRj<5Tzbyk=_
zl5~-l)__2P2kA7!Rl{3@@y6)^VUf0gm$b{FS2|O`7GhT%ENwq>TdYjaE#KJB{_AFV
z8!_>!$}Q_j9ygzx>>trr-r!!v_|lqO@qR7Mt+ztefm+xyx29vcAX5I!19gj>`Xd<d
za=~Jhh_8rxyK*JW$)Grv%9(SV4Sbe*!Mp(_e(r2eN(Rg_usi!?eAK>kN&|n4+Lfxh
zG~+L~bofC5z5-t*_}ZMn<3xBQ>P-jr^<J;BsMy$|1c-9&s?ed?3ZwzTO|z;68B$uD
zjC5HLe9R85b;qr;Zq^S+32^5&G-HxACz&y5<p^H3zkOS;ZXsKr+3UV<C%qzGMb@YG
z)m}HkKpM^|U}ez^rw9E~HQS7iNllurA_&BVfuxxfq9xzxu(F|3&_y&qL@I$zFszy@
z4o7W8nVPW}>5zp?IBrq$^I7+`vEcgsPT^<H9PkJF(6G6IKL7qxSWm7<BlbTxBt;&r
zcL8V=D#D!uogkgfH0ch0YaLgnvNd-nz^Z~%1S**A@wRW6r_!aOlJCq~7pwtTW=qFd
zpGzT3;7z1~zYsw^iCwd*Ctn#KADcdJkuSn{+a9|H0mZZ?m{SWev;oIB=a~3<9qJHT
zs^tCvgPMtCo+~Gv#2zhilaaJut}QWQP1BA~x}b&5(#-O1E?P2ObXv`+QQ?1M0{wxG
zbiTgzf_*%gh)0C@jCv8^^Y!G4HNp}(JK0>38s5}MqHGs<=e_|J>oXOpHNV!^x;|}H
z?@Y$<+88**h7ue~%e-gR;}RcS1z3mEPTOokhb9HTENZSmlKE)ijWQ_RoP!^aI_RNe
zXIG&&VWE>7#E6|P(OM}zgDj+YrED3U7!smuZn^A~lX@_0!)!HOC{#6*O|(5X{tQZj
z6*E5^yR+U<i9ulkz4JE3ltp$skXoulrG0I(wanN|ZP%G3X8q~G8@lsoj+MYY^mOv>
z#&znAurVN+;;JIJ-yCov*h2Hf(klV&%|a#WDCA@7yrYj|&VzzR0t;71t=-(z!FhVF
z!TJnu%6yk=ooq_oGF~doDlk;+7sh|ftXv$OL|?@&d|x$xLA{FN>G~SEFhVh(3%O~;
zd^)R9<zR{Yq6aJt5Cp&7p>0{wv({=$E0kAxMR)?eKSd|H?C~fBOLY}3z|&xDU1{A7
z=VBK2d4@uTtIhvMCHYsVB$i$Fc|FOkljHr~8TJPFGN|4($Ih<8WtVy_p&KO&@$I@0
zAz1T@`A*ZCg%HBKbV>%RHIvj7*6+6^Nf)ekTJ07dTquDyNbY>IOGSTC7GUL1g>{QD
z3fYac;B~HBr=}f0S@0nAjRo%uamJZ7Y3lHEzsf_hd`7(p^7;CDz8)dPJ+YEaV5oGR
zG4bi_81S~tXpqW!hYd>ZD;#U66T8N}0hW`JiHpQCqb0p+n>koB!Oq3pWt1PtBMX2#
z@3<q|Y{h<kV6x)IwZhW*^uSC!B!nC2RR*`q$rb6>BGB_~gmbh!IGzTSu$HF8IaKBj
zvELxka5{53#qDcNXcWDL&gua$hx0s{MUHmdg1EewPXN4yb&8C3^r^KHIk9*3FZQm|
zwB3n&&dv1cXMeJP|9~D?t?$7v61l%KxdD$*C>D*x)2v_eI>Ey&vz%h*d;p0-;VBT@
z=Z#+kiBTVtjfi8=ELk+WO(q&_>@ZXe`p}GMylikx-q!@%U@aUfxNxK&=%?-d&%b_(
z3bM1*HtR`Z=C|`9I4V})#lrBh?V5OGgS<jsBz?V@Tv2{4Uxv5)r9{anrEqZ@Q4oH@
z1b@DQiN&(wjVZjMlErT4X6URZOBvai>Y(X}aEK`rRf$cngD~$LB2XX}h-Okq)DZt;
zt^1u@<EVl9dgQu{QRF`4EOcF$z@FpxpdZkvjp8<p?9xU)*M{I9(Dyx$Z;@Ze>$N$#
zLH>H!9z>F_r$CM<TS5`E!Y+Mgh&XGftc?8`kfD4pFTk$U3jPeX`KmN!oU8fstZr=|
zDq{h%`as2e+dliE9}yI|r%&T;GGnx&D-)a(em2YDhwKv1pwr3A<pdsQmmry%6_2}_
z55tQ!L21#7q|`G6%%@It%DlAK5L48T;%=+Kr*o#}XE*?wEo_TLCnao<=7;3$1A+#N
zk*N5KV9&JGcg$F0{I#|j#}g||KiiofJL<ilUd8rwJ@$}ChyZIX!l0xujk8$8t?ar>
z_JZl+r5G-UWPn1ubhQ-#nsZ{k@|q%Gstn$fsh!(wJ#6H9&^=h@xW?61+}@~)a^w#5
zoPP8ylBfCmc5?e}Jqgpg4Abhy5Bt|mM*qjVmFi*FY#aq<X^rZ;mq_4`SBr;C0nez{
zuDe}Mz>y{av^Lm2^i0;{OgjrjD_XgJ7N0srMbGk<vktx*ZjFO_wq*DW$7;p41{xgv
z!@z}07uVLJRP?r{&rvW2B&|Bvf%>)fd-dOa5vcLN;JtbTC%6CC;EWN2HWN}SVEf%t
z&(+2qW+Amndd5UkD?*o|+&6(e?RxTL5L4|S+1*kk4|5!!NzH6`5(xn02wYk3M7QtA
zMJ|Il6r#z<L3{6EzD1+notd8Yy6P5ia(xYP=VuwaqCg+K<spCT_3yVlt+)5x-TLWg
zeKZD$hupCD(9_Ag8xvxjYqrQ2^L7`LRo#eu>k3s$@TtApwJioh#nQBeL5{^Ku<p(_
z34jIMt@{?Gy|$i#Q(8*lyb!5s<<Mc~>)eh6#J1aw)K>$uns~AKcZW;afoq>8NmjlF
z*?-~<e`x!Chkl)w_qQfD=wEk+6cGej@aF?uH)h_3J!C1zEwhFaQ!gRJl8n4+6`I0l
zd~Dc86U20xa1M@y;ELZY*1}*DrK)U~W$vuv;1F-S@;u(K`yc=K1H9&PjF4$K2~#io
zR9T)qBFP)(MS!=f$rb0<VsrJq@AI0HWkyh-BnxM`95lS<4~^}yu;GiefVvQd<D6V!
z)Y6j>kODI|?Wh&+Y3F$bd%Z+K6|wP2lpNL`4jJ9QQemk=D=f`uQhjyU{~c4|E{yT_
z#e}@Uy>#DeYixuF>VylDH}?!6?B*LSpo5YVnT4+%&zak9Y-}H&L~B!QmFl44uw)GS
zajI<g(a>{qmW7O_^3R;DXnRJdf*f2(oeX_v<c~Uu#^J<n%IY@<$iBi}W%t||8y35q
z4*a~U1dn73F4H%trtRj7%pw70+nkPjheT<O#Rvwiv#i-Qv9&ncYJl$ql@aCG*z>D&
zI7ypcX{D`cD(kJcK8{?$OSh^o%iN1po-<MYmUTQ1C$(wCF7oMd5`Q4-^%eF>{I|yB
ziuP;qci76bF{MAv-Q!9~Yw^5VlnIV7J~l<2V52SVW^ZL=nKOV@`lfQsz+JOl9bK{C
z_?7Aew3|h(-^=SHS^@$F9=U#GjM^>Qc=Ak<c-chZZwns+fBdgM{_{Wo_>X`50l`21
z*U#^MjzFhBk2rsyp!$@JI<im8CbiA_^8|-SC)G3XbH6?{C-At5mCigdJa;sWTT{^r
z(_vrc&{1Fq%Ws8a+YHlv>qhB1g-qF7;3Wp@%z1{fNwWYDehI8Lgq=}4U2V4oqrwt@
zDEWMB&&HwcPA<phr%CnB#`s%${@)p{`#!w#GsnaCt)6$t&l%0n?W+S~gbj4JV-`{s
z5n(euTUaI-cE$2ap0nGuil!JW9`-xILI(-UQoTE{$Z$xKeYUklk6QqX9i4l^RK;ef
zxABqLkzbfhER2jeyM5v31oi*AsQ2i%dzKg(-f;I}pPBo=A1U+-`_coK#?{6@B4)@D
zdjOd?8e+oT);jXbW^>H<wjXiLTAeo3dfHg_ktIdlqO+Ojq2jDR<QV0FuBXfzCNnau
zK-n|l7^LXSobJyndH%JQe)*Da{lzi_{(v7?hn``d<#4&axxvQl?H)s)yG&a~Cs$uX
zu5Qy|)}g8;M8VoA@F~+MhaJgnwuErtk&^V~8R8O1Pz})5f%ZrkIoP>{I$PTrB0%G(
z#S;F7wc@Aj?9YsDvj>E6hkX^v-JPoeZuV=ru<{n&?7U{>@*ZJR7PVQidLSrt0l=sE
zyrkk}N40j#G8jcc{87+rg`F#O;KTzth(>n~W-;xgZL$&FDS+8d#yBIF<}2UL&)MtW
zUwr=<7YAu)Nn)nXr@kTl2mH_~`Gk7wgxmGxiuG&ptHi-6S8TfSGxQvle7+wVurGOu
zTP9AG&?I(@eM4c)Xr96=VW0zgFLC6F+PhvNT5GtQroMYj!}tV<2Xet74xxTaPaSn!
z&ypldCr`|lACKbMBi6T9+$Z5ZwI)}*5m`Q`>2Zd^G_2LubP6tk(~jK=0z*2><smGi
ztdO!f)U8xNccp`V^f;HwPbdb=p;8c08AbB4(5S63-Gobbx3(lrHNPXiv9WJ=p3IL=
z+>h<h&#+hdJvS!cxV?F*lr8F1T`zAbFAKPQAT!*s5N<$}Ql$%u$I5*Za67^b>ew=b
z^l<KAYr$@Iab(U3M(0iaIO{6j$sD$|PJxgVUwg*wi;{B<U<kho=6+->y#il_@!A|6
z&lMK~W<=WFNHyGvX%pM8&Hchw0?#ZV7X{12ULCpxwOZhb7PCzRx(j~E#0dxa*r{(;
zQ;r5^T8gsl!X8k6C3)u8u@ZKfRn?@*&F-@xfy?pZ0aff3_acnf*5ryeA~aw}ODjQ@
z4$PJ&99|M<<;fCLDevjtw`sQ4qTJQC3%{Rf5?t!`Szpig)oJI-F)o%A%n^XPDowwF
z3J7Bx$0j&@q%NGBbuc;Ih>3sZW2gexGE;x@wATLlVG?N<gik>QkL4QuF={_~p&<Hj
z7$c7vfSy<*CeK%s8_<YAyq1>FRPQhZ0de~R-0#q%O0_MSke;VE)U<J#I;Ytw?u&NI
z?nvBB{7zX(5N-rThaZBZE2?~trE_k`&SwgsXXM>h9+=fKt!gull`B{5H!`VzCI|XJ
z7kkf3^5<XoEF?dtWdC)eYQR2t$tMH}@7NIDzW#|D;4)_3vD`eReqEltqu_ZP@^u?*
z@crYLSg6bICEh)K%O!)qr~Y~IaNoYr{nIB;*ar@v4~+EJ?~T5D*;^Cb2h;4%M)UzM
z(A&e*pMTvSot_@Q9vMEMHge4VC8Xj#(atLy3;F}Of8?fD3b9wQ+;bhZZd$uZSl4a|
z-;Q+X8#a|&VFBBG_7{ThpETEB{O2pp%iZ(3H0^paT*>m^snplHCVo>si5q!8OuTAx
zegE|-`TnDQx6WSQcpqL;P3%uB7h!dy-iu?`nfP&LnQ`1db=JGij?JN;n9po!?}u7^
zS%cuG51HK)7Twryo+U#3fT8=R{-o*?D~qc)uBSIINWwHs!l(Iunas1dPqXT>)W1Bt
zn;ZE>zw0MA4*d^j$WyJ>Kc7N0FT?2F<8wdp$}E|<Y5V6-SsG7#bZ%8o@-p*Z$mD*u
z5V=X~K6_HJd+~hWZT)F|sgwMvSKjq)lh$GEgkJx#?4B7qt}Hnpszp|qeoBgGh3U%%
z^}XHiF9^SUl|TOTKmWKauTPi%@eddrdDy*-n5R+mi5&!e;H>+MI-R^+PHs@Y-WsDF
z8_rak%kT)uoMXu3kvSYqtzgU;>86%hv60NnOn0b{D~`_377uM)BW}8dGSdsJOV+C_
zqvMU=9?UY)JZ^)cBemT7?8WCO$L}6Uz#q^!(f42E20+jc@&UQ`*TjJ9|H%#H*Akc8
zVXp2JO9penS@tempT%Ko^2xbYDcvn|17ueftE(HqS{_|C!GaoEE7ORr%G8e1q;6+?
z#eo{^<2E>`(NRnCukB7>v1;A#Bag9aT`@+uo_89{H;Rh5bS<x>Hr*P;%09U@6oEA+
zHe$sNk~CEAiN@e#JS$X>T}n(?b$YREd5t^pqOSu4H*FW&ZQuso**krURSUj`!hCmx
z;UA64+;z*h-inQTB?A0^zgPk9yt(f<cU~U-e<OzSd+X5eOT4>>zIO228)H-Nj=e$?
zTaSdyH3ja@YgFJ$fv5DCV4Mn~=LzH3*}?4ebWIZq9pqcTZk9{foS%HcBxD7JqO+tN
zAtFZ)4wr8D6SDbE(BEyJ|FtMx+nz*~^_hwZJ`_6j3_6{>Tu#7o0aR{4ia^lq_^rjE
z)OsH=F_Ly5iY`uEg6a4=GZ!AQmU2Q>XL4Di#LC!)cq-|$bEJ{PUf_fT${M@&L0QR<
zE?Jc6NagZL4mXy``+fdhe)?Zy^V8iVi@s(|nLRX2-{4+^{Mwq##tqPo5*dT7ZN)k0
zc5^--z|A=~*tYZWKI)+@hn#CSD+U}z4~uNNll-)VrW{uTp^b#A{UFbn2H86s2vy83
zJ*WxC;9oDoZt6@j?^lx+ePA)ZL%zu4ZF_RX9FZ;CbWoTs`GX{9=Aq$-U9USZ6xtiW
zPHS{A&{(Mf+Xd7`qN?o03fQ{@E4IWu*b=Qmo~PNe57rVU?I0e=19{Fj*vQ5Cg+US;
zJ8fTeozH@tzkiH+2E9t~c6kkQ9&w5)cg4z|;=Y3+vjgAm5J@SW9c4|SLk}C?z!yVn
z1>923>7B4NQPw|9G1S6j=xiuwQS5{^(mPjyaR!uubiV0wI3G))d&kuEfqGWeWthME
zdGW_6W`2w@hu^5Eo*2q*Gx9UD?qw&zzTZb5e88o@KDd3|tFT}9U2E;KlEPS3*4o&F
zaCNqu7QV?YdlN3Wp`*)fvN$$|P+E?nZa91i9T%LubG_5<5H#Xx$sJOcpkxH26)%H|
zc2%(7NfRF%5BFY$|JYH3KERQBhkOy|+xFy&`D;1WhN>Jy&Xpyhp1KQYPI&>}W4c4)
zTO?bC(W>1dA_?rP1w7kh2eQ}6jPV!&^Gpe3SY>+<Ig%*qxq{C)s+1`>puaYmKbtH*
zi+X-wW4Rz+ByjnEjd~ujnM9ZdPNy2-&D8Teodx<K?YLRJ?wnBVQFgVql_p>Kcw$n<
zk<NRn-OqD@5c+0`T0%4v!~iN`g9q@&Zj5@>Le~B`mNf9rOn%YB!JjNBZ`_D~Veg*@
zO=6}up6d9;>hzPP<qg757Uje(efP^(q<Jzan{@JG)A&iF&r<iPTGNd@`u_NF{c;oc
z9KKpd;h$GHFTA`eb-Vahi}d-6e0Qn)4dLBy166Kg>043WcLul52KNIS+zaf}2){M1
z!+gXhHw)(kd8UzOZU+QRIx06in<hoEoXMDA=g{!sWUN`fi;JvcqG`0p@%dnv?v7Uc
z1K|egc1>xpw!@;O-f=>7aQ5qwrh@$076d;OgM^L}dhLFi0E9f`dAmVgg?+iW67r8w
z0=%eb78q&M#G=>mrrhcR$Wo1WI@(#taWk;nH&PSn7zx@Gwy)z91{qkTP-UvkcZVX-
zJ?|L9>#eT<zU)ZLWtdEVwUWLy;r_lrsW-ScF+8`%21#*rppt3bHA2tn&XH36{n7<m
zJ=G%6%X5{fH}o0=LdU_B+MMmVoUf{M>NeG!OiHOFi!I$JxN@Ew$7tIw(kZ#4Mn_@1
z8rwfef4W;$p?}&!`Ob=N$Kj9Yy9Ubt_{Sd*_yZz7`oIw(miPR}m+wxF$}4uyb(NQ4
zT7OQJ@Cdi#E9`CTJT)fJIA%u(+ByTVZGohnFQ5oK)q9ih<`&qldydnAa>H*aLvBNv
z=2VdHh&Zt8)qGo6QqYj;ft-fJe!5KSy?-Q@$&_5LD)N(q-T!mn7k^w%b#Kf@Ul2`r
z&g2@1`I#;QJ#>zFL7h%sudk7DBLrtNP*G9SL)XjMa0Cj-;m*6+nliRWH}e9<QMa73
zv1A(IIyjyWI(f8^W~t(gWl!0pk1}$uX<nLwb9KQNwcA$H+1Q2txgrO2x6pqfzZd7y
zXB=b?NbiPuk=^ZTGSbo9n@%IMJ7KLGBIh$HK0lfb2}X$TD`FoOx(c%7>gc(;5o}Fh
zbwYKZLa{kK_*j%yGlHA5CW2B_0-y8_)$^@wjg1-mMEAOx)v^CZVY}~3uY4AU|NY(Q
z4*Al%Z`;>k{4pLAP*@vMkl=%B+Gso=*$T;UtZ03CVM~n__E~)_^@1@uG}xN{)(~ff
z6RV|;wO!GYSx~t9=@E%=pw~d0=rzqz$5R`Q$pL>`ndalY{1HC?7u1{NZr5Y!{GoU)
zQ1GTfOiqI2DeNx9Gw5xt-Nq$!r#sc1ST=!I6b@J}S6a74=>TAmpp=xDUg)W^Bh>l`
zZIM}d&=UX$HcYS@Yaw~1>ihGrpFF@HlnVOmr&2-p<#TSuIUXoM1HOIN7yb9@6aT3D
z$j7#XC(ujpJzY-7aT`Kl`^YhIa|HpX1f{UWuFW!p7B_N3ETiHqV(Egefnh`HT4W)J
z<`YA>-2-x4SdEPUzLpOn2(KFJ(4SxqJ+>Jnj_tg6B!eH2q4=d~yIvDdyk`s8yBLG0
z%2F?U3SYqAhbJ^?coD7{zv>wOq}upZ&;BS~Gk#Kpf1lsx4eqsnUs_{5HlhgTJRA$S
z2?ob>?wAd>tOs6N;<*~POCs7F(z7b>>JH617Vb{7SX4}_=IF&<LOH+m;f=+mnn>z1
z0jg2J<2LlyQQ+@c20kSM`o1*YB46b3wteFO8nKrzvvxjgbd;>vnGs_%Pg!UytZJ2Y
zV}_P=*5wtuPAJjZH;WS7c#sfES<Y?9ZOBHUK`kuLG+{Qtt<sh8`S!41f?vA`-jgbP
zERjb-vG0(lll%6y4AlsUz_eZU-kgd7|G+ceLNxcK=Jz#FTlhv{xI`#`(-PymwY4<-
z$WJ!*VJ65Z)R@8mozJSBlJ%<gSxZ)#gUwhD$QmP^QzIxT0`oPD0D1Rdl9$=7)c5uA
z`}f_2>fGM{+fF~Di7f7P%8wbE9y!du!anu;lV1oMcce`z7GR-rempFiX-<^U;LicW
zLSxU+%RDAb{E)0lb=I-u5?TnYG?hDPd*o9w?yUXEz@4^cmjk;|dRe#D*<O}*`AFkt
z-rNF&{zCrA#QlHu5%xK3?K73+p$VK-w+_s1>d2TJ3JhO(q5u)1;O`GbHXI{W*g7YV
zY4PZUX-kD#%@jT}{fNQWI5~)2j2r=Rmh_Q9ZWs*-VP4W?s-CX**21?JB!PVA(DmnQ
z$loZT<>psBE)RG%o-l8MyIfrz@guw$pf^P1>MX9k6`*tLU^g3Fq)E4+a9sGuE>skH
zfbiLY*+s%ki)W{U;@Ay*s&WUd(5{}FP(Llo!!Df9LCua2RRgBKB`)d<0mj*9H4BL!
z@B=6Q3*bd`ab{h)K1Q7LQ+5Xq>s*D6g}FO-*<#hMakX9W@QUr(!?Nx6>uTx2(7fT}
zO?8?>L9lmDz&bWowHO;U+2T%H4Kz$~yMkH+p)8Oihur<)>Vtz~n0j&O2ldNS^!{n!
zmSKGh6#6Mt^M#8KdB5+x@m{}+MZO-u!fIk#RTek3`$2DhSLyqwSF*4&O?%WDc8!~z
zIN_%ipdKq&`v&)EY(2Hc)~nr8Hpj6RH76_RFwiI@>of--08o>g6ssXNUpoP#7<eWa
zsBi4qTt_<*sR~XtL8Xjp%Zrd|(7|2mCP{hNsgAlHxg&*X_~%PefPX?m_?K@;cPi4y
zE+zO8%FQ>xm)?ABO>TfA(x9ysHjNV2-fkB*eZVr(-KW%gHRY>8JAe{_ST?|VXsS%h
zRRkEOf-ku~6xZM(qYNF0A+3y&6OIH^q2z%ySb=)`b#Bq^r1+Wk_5F1+FfTv;a*l+?
z<q&zW(~96h#YHzFb|-Dcm2MDO!)6|_IW|2AQjXR8Tw5N{70(|9XiA+ec2|4TDxAZL
zws%3&HtFP08^)k9ON&y_;h#K7KVZxl7p(J!g6ZRd_lUy#4EiMZ%jE<er|L5OX|<oq
zkPz)PyUufeIrlw91Z&~Y9MvfBHzh=zihYx8Vtnqk2(wgTS0#$0I%GP{?&tiTUZ7hs
z<EF>6iZE@wk$!h!jkh|>X9M;7v-Jh_No?2a>!2MmQHg>9LJ1H7%V$YDW-vg_D0X0Q
zEQzV`5Fxd&DC4aRihh@XRFv<hzJMz6+MqYRMF-dt*)R4&DoG}oZ8%~@8)fjVdJ5o2
zBn5xFUUsh^{?=9F8TY9>o?2s9kr-Jo8W!L9^tRj6!pSi>CJc<I#`2wHF+Pfyb)2M%
z6swk>P_wnTEQOV27%Zh&sbsF)^G2vcNt^|VyNh-Mymx?aQhEJbI^=z2_0L?6-!B|>
z4}IyDyBk;6<A`EXi0PCSjSoeJa@D@5MS|^1H{!P~u=T^GH}_h621JLLO_Y)pxt<ux
zv$(ZgcDEMVG(FC-$U4iE4mG5dQ@9o)FgJ32|5$stvxeqn_!_BmA4yXM`RRF6Kp)r@
zMrLEYk2?B&w!b^%O9#GfkG1_NjNA}yJQJer8g?^|TC)hy&7-{9dUI0W#QNNbrU>Jh
zTW=npg*u?2bHvCVC#pdlFF0;>*cu3G?MghBmfK((^~dj&ubSOhOMflMSCZx5XDoce
zoKBvv#u^A6yDtK|)u9E7$NJGe6pLH{*m|>*56*J4#iz7~MHM_`jan5PvBWF(9M;PP
zKnR8alY*m*Yu;(dVU1R7njPe{F#o6E#lNKB#rxvIzwfAahkO}SZ`-2}Z4ONz8*~nf
z{Zb&-<rE$`pu?iXYEBS+pi-vWF>*@{RZgu=3&z@+Gw!THu^$+=$*mUYP7AGw*5iU8
zNFAE?*tz@8;bY99?Tvlmvtz>dx1?v#tK@E%*8{?cZRkY8%c%v<3bbq4%GMX_w(u%`
zQAQ<8^r2qK&GOJ57-BnvH3Tq=d}vgMvb;dE`zd?eAyahed-28>)?(F4bjdANBQ@pE
zts-4%=K1w&j)^ULW0m<VEbaRl6VISmncgn10cj)hBu>+oGj()o#3rH*{btebWl=ZW
zCEpgJP^SguG{c_Hhg?1m^XepQf+H*dOiG2yh8#F0Te9vZ*M+l*I)-~(%7y!jQgb(>
z!)L$#kqH@Ie|R{y6d@s{EShbRMSEmnWKIWjtlOCeBj>AG(fi8Ds`t7^xw@t&%weYs
z0JPlOA+L3OP(>}YPc(4joA$EB117|B9ox#zcMh7P&J@oH;lIyRbw#|0>hgcAdFp7i
z3%_)|uE=D(-}i=U$qkP3)pCDCww|Cv@nABBbK29kCk(@4Iqm9Tw=;y36Y&Cj@VB8Z
z%!LHUjv17nV6&RaV`<%9D0APN-Cy4PQ{3T89=#Q&ZzB%B6tvgG@s${GVrPy!$+Pg&
zP#xs4G5Yam+&bf<C)e&7Q}4M?5)5d7YEda#Pm{&gbfW`8vu&^t>{xKZ!7x{9!_Q~P
zZXH=fsx(~cI18R@!Qcc420?A+aizHes=7YT9B^I!?HkD_1O^{FMjoM*{_qoS(*61V
z*cy~!#}y*7f+5pXP75N^QeK)mp=S=ALMW`eEY2<7G4)!V8JG|c>^|xXTUqWwXI7zr
zLkB`%S0_?h9bxLEVD7P#cO!@Xy}9~hQiz*9KCQy1ND}1Zk_G?!nsI;n4WCW8?^`48
zp>HGM&5i5y8ex-Q9n_yw7SP+=JQ1>H=5D-t(d0^4V)5==c&JHFTL-jhxUf-v4H9Cs
za2tM8&UP8P$Tp_C5NHaVG7CyPXwkk?+uv?ndz;Ym`(oW+P;bI}a<h+&a}U@oT!s4>
zN758HRW;91wcBZmkjm@4w;&7?_`sb*F+w(NEt09W%yKA48mEwK)tR0x7CNjqBAOE7
z63>a9mHPB!%hJDLP+wFX$1F?pvqkQ)sHi*STd%yf$3{lk{T#!?#fF~;*uoj2)zU=G
zELiof2pLwl4w03OV4Gy8;(1nPY_#N#gE}-h7w#l6@_C=!uNxFOTY0CSFc|SRXW{EO
zps<=WX?We+o>V#avj8dZp;*9=KHw&wpKf0r<|D*(O3xfzpy~o?W>vl8`uSnC5S=rd
zv>1I1ceWER&AF`4EyY{)CLjh`zRl{jTvjy|6iv~f$Gj0N+Mdo7Jn?m3Vx{kxO#ZFQ
zvU~oD)Af-Ka?iI#*gd;rkLf%9yjkaDoC-Y0?^2(X*<iQWSjOBw<S9;8iNe_h;vx7s
z@(%}XA4F(TtgZbzE(oQHW)$EpWr%4O47Y@1q3UIK`E?9mSbe#WKE|K$40`?jPs`{?
z{sbeA2Ey}t$tu_RI`zv<eI&L{qxy$7#5<1Mt;nTn_X`Ij4Vi=>iCX1>NUOFb9<0Lf
z&Mwq7hBsZWW|G-#c3rjkMe5Wq=p(+rk33OFywFCB3G_Lrq!U^Nys}yCEK74-SQHT^
zqVPdX<_0pzs>cXt6%_J4r+3?I5uJ3%g%FqDw%znB^=XagDp($&ppLZtcCYBwuYPux
zPAWTalh4AGA3K=7!MzIMr8V{t>Q*GWLDK!ws~9P)cBW^Z0G?iZyq*eFa6noWa|_8<
z5HDV8g?(OWzRv5R+apGqo7>7v4a^OpLuN3RID}DCkkr@f_3c|;?OCDMPb$;<Y&F0h
zI$3;x|00{ayAy1rj=G3_d~O=8nY0GO%wPvu_72i2$}*CH%<&_0KkOP2sfapTIILg~
znFWX7un341GdpQ1MD*=k3)I88Ex1lK<7)S789l{df1J4f$UgQA`Xr6Z<pdwMUtx})
zI+|F9hLT`*YM85SV8-h$Er<o%^)xjtONb$l6=#QBD@fIB2cHdYVcLy{47dOp0zE)8
z*mD5SK<pIBH-$b@R~Z{|{_B*zpF`iFQA7<dKA_LGtnaVdH^^>mio@K+i75mf`ga
z-EktRkZ}$L4^Fzo_joT_%mT>iZQDyE);V%;(oQ~MmpqT060DFQwi0#bG%#|P4!A#H
z1-DNj8#XYwlMu20L}B<<mfrWhYd<;H?ouKD{K@utziR&ZQ!+~HmgS8t54z7A{k$vR
zFc^M(a>gH+SkIu-$;;*BiZtT9Y|k?0klFRVt=QvKjNIvoOL;5Tc!P3h%lXPh7ofbg
zk$To_rl2tc+)^2)gaOUhjlO4&`%Qb+I}tZ59ddi5iNf#r&PGz6zfe1VtU^PN>|Hm^
zi_ESUlN-#4Qq;Y+oN*+{=_D617;3M8UAf)ZOP2DwjdZpVeb0t-gWIAN1P0np<Z96;
z01<ESHG?GEQy)9TPFXW}S_)LV_v{K88EpElI?6M*)0;8*wrar>Yw%reRGj&fCU>6S
z{}Z=E{#>T`=SQXI*dIFy%JUNkDsfl0|BpZZtb;OZ{Abcx<eoRPE6q1lH^hTsdLO^-
zJ>%QE^vgH&tN-zjKd!vAfBav6e2_@+Yv#BQ=#BpP<DcV<dtod6gihj)zjX9?&z@)}
zZx@p%oDrNm@QG$zjEG%(-^3=pY_@x;M|M5xuelX|ghZrepi}AV$8A~3z?$82{Na3v
zY+b4#VjWn=1Lr#PRXfv<P~Aot+bUn5S8reO$CF#?_mOJ6!F>_LwKbMjL$S~qVeZ96
zNjjx`SkLn1SsV_5>50*COR6e{2H|!lsYo*ql>-r<q2Ac$);4j^uq5D)vdXr5Wu>ZB
zx5qK4?>c1jD_Quzh-i9@J?9PXRTeL;u}nHMU260BeAe`VSG&zDU$*i&UmXd>Fq~Ws
z+hfl4c*Ry!BkYVRQOcazx{gcDOaVBa`T}qA4SQHm$+?ENqA_^8ek{ev7sSz@*ki8b
zy8pf6fbZ7o-{<0gg?;MxTVt$qpY%>A+HE(k7x`e43>r&mGvmZcBqWyMFq|~R30Y#1
zbASRfhSQ_K{@`)l01YlXI}^d;3}vk%?L~&%`k_UjMWK#Own(dRa?726K0?1|6#oSu
z_`5n<KW%dNdlLQ-fzAIGL*`xG*|$IY_YI|2*y-d=W9(2WHj9lH7$6GT2Y!zt0!gvG
zUl^7uu}6UyeL^6Rq~2?*oi)pQ3GoIGU7j6G860LM<C~r8Pc<qP*JnRC)`HNK%=SA>
ze0LRy-;D&bs!KC|;luoZDeH6B>Z3_;zpYsDYhQee%j&b?^LAEzY!G-P+3^K+I(fam
zmK+)}c1k>!Y>GP{^>}Ib3DXeE^h|F8M*{`=oUi?iUE6+RR_BGenkwS**e$naEs%mS
ztv%pa#(gIWDyY&CGT-Ye<(*gh!_}*QU5)SkI`lKo<KI&xGcKFSwFtwfUH8x)@{D@f
zLY}WD__%4m%5Y}|qKia{nj!60ih|^-t0m5q2R&~epLE^tjv?R{kh(|;xmyH)yRHn;
zSab$SLLtnW0UAIQvss+cVjpl;6^`t>-i+gCBLBxKOpgk0c}KJN`+N;=fv1zZ=2*{z
zX|>Zrv>VAgA?i-@=pi|(&{{~EZg$!OV7la6p%i?!>_RV#r%tBX&Kx}!l_t-aZOIBJ
z2PZaOo=w+TYc18vs*$ff4_8JG=d*lA=m+-5^6><Ek;3h2as&Fc1S&~In*-q(aa(Jv
zbJv}D8kCwaIBY|P*!Ocw#uV*LFDNomjaKx_OcpysmPJ8Y%@#|G0U&07h{a5R)CHWX
zh;OvtOpX|1_`4%A`FIRLKalSev%ca!3-7rs`2}u-MVdAMOG>a|zh?m>UzBr|Oa)N&
zmkUGMgL1uxwnvR^(Fy?e+mr1d%suGi0J?*lCAx{^Xy_}Rf`)UWtuZhdOji#_M$Eqs
zrRQ<;-3dHi_@O=VK64j6R)zK%^d|S~<=E=8Vqu9VEMsJMew=B#);n=S@~dbdwS&Vf
zTQk`#Y&~fT)rj_|l%G~brL}>Kw0<YByB);mQM;uC86i?@<r@Q6aQ1fw?Kq*mX5W5d
zt9!s&{epTG+tc;69QFvC^@_-GB-n-XsDrjN({+$Wga`pp{jwA_5z}RPJ{*yQXs<zO
z+gn}kC5P!2#0GXgbTX+bJ!9*5ji@3ZU}izd;*uXZSgq2u-HCh7FB|<$0@nmS;^CCy
zUx@y;wSAUd@cjav&!EqO53Bl`UofI1C*1e*-K?NaTf}GrcV(t(t}QSXu`DdB=)T)h
zv)w=+V!ESwE3@aT)-8$%YG#0Ppo!?D?a{ui_(iT2g;vbZ7C0<E$uIbua+i{?*4+n&
z@pZYqEwdvAZpEFXGjNDDbuz~{I!t79l%-f^%`T2dR6+H^<wSka;<I`WL>AJXrn}x0
zGzpaULa)`yTG@aWU^?oaX{`#97?b}+t=D(lzn>|J-#5Iy1)fgsnpb6UjOh)XX~R(?
z2x17f%Q7YWvluUx?Ys!d<6_##Y`SwScgY9GU@^zlB0q`y*&gBus`VUSLYZ>rvuLGS
zrUHh9+%CO^_E;&uzw4}?S&?hklQ6Av*ZzDWLyyoy++$BC?`}+Pup?Z6uG%^$!Uo)M
z*lbn$w97T9TXnuChN8<`XKFVM*17<hdwfU^iU>xPY*&OA;Tx`-k<nsmN1V5|w_;gu
zjG8Nw8RY*<r}Y<RW$2+Wh$nmU)sPI03w(&T=E`3Ju#BlYnL61vBk+4!luX@G&*|~V
z#Pa@VfE!kwHzrfK5Cd%c)^~=fx$L(gek3=8h&e69&r)nQ<(PGj03%29_i{R3*}gxH
zk$7Y!e8RlS?0Pl9#;u7bD>oH|TkSPxZeW6Ra5ti$E2UJIv&C#dbeXfV?8?EQXqP55
zz#W^J0Uk0HrxWamwps};{VB8+8f_<dM1+~9p^P*>zBv%SFRJqWBh<gzF!)lV?z6MO
z1D#kst>(9j>$zY=7iKtv6{`a_oaWY&-UghqjC(OqY(e+sQrT_7*vkXZj%jZLrc6qS
zu@LiUrO^pTVw5&rwB2?9+aw{J)uC2lA>M>vhqL5gR4jhX@R>gqE5808Ywny{kys=?
zv!@ISqcX<j4z4+Kl9spNgyhye#E=?_^ltA-xGXP@9J@6EeP_EXrlBc(C`!N=^5r~<
z*RHk6`%^dFj5T-qe(CyV?M_~T7XE!U%0~zB2NXTOk8a^T_@#H>-5N{2Fh5uwqOM?<
zv<e(;6;mPS3Ft*GB$>0^;)?ygN_5X$hMPPsF*>FLZzVSCh*UfhJ4y$7uDT`dF{jyV
zBPEhcsEco<t$<_WQQjPEK2z5ol;p|npCx#5`>V1xLULJ@xLdGrfF6vhfvGbCot2>E
z7MRm*nA0*|hz%}d9ty?Ysp|AbsEso4vwgl!`=!k%FscT{8Nl{M0xwggTL%pOyE78<
z&r1(L4;jMqTj7Drzw0VGVl812vuaUTZFD<uh8j5Qg{MIx7au4WNX{ml6iYDov3|}U
zrIt+$#K4_W@ur*%&1bmgYs{7uhG43dzF^`ZXY=~{Ye#hMmR?pS=H--=X5DYKi@d|W
z3ghn1SSty^%=x%q^GggrFiS_kh^FHmURauQ&PsJD?7&{L%u+szf+^&!y7V<L(sqY+
zXx8Zl(Dhj9Dl=VD{4^N2&8mqv+1E<bQ@M+eh4BcL{sr(Nfza!(jLjo{cH{Wf+yK0N
z+P1`LNtou@Dmrazfpb2jz=9HIq;wRdQ?^ey(RZwprv(}SDOg9Fy|<dOduRueCF$?0
zNR76utZuTuXT`ZMi2L!G@{uUGx4;+ay=hLcanW!r+kptVPfDs_g;`=w32}{7^e{d2
zwNtN35Jji5x~h4w6Uf*iqjf>ntA2S_yINlHoms+EQHOIhTxd#{k*oD-_*QkPf8Y7=
zwF>bkvGI3xiO2WJ74_O3*Q?1B(ul}JhjYEDQ)+D1J2bSaHbcXDGYACJV+?S6pf_zB
zwiw%WFpu0tCv*U`npO8yLrQ@dlF>Bs5=v^oWWyL}w{+(0?3;W!_{b6cu0r$g%Za*&
zzKQY8jj>r#EWG0Vl?;VNm-4hNM+d4ZkaXH)Cc6egNt?QJcTJoQ=Y9(BO3mD&TA2w^
z)LK=xt6R{k-FVwCK*)-AK{~Yp+e3eG<gVgRB|$zSi7LMQ{3@PY-#>zbVtT9`73J5}
z6rcIV;B))aCbYHvT5{%Iy;^%KHeRdqxp3r8O1)JHxH?9A99Pl}eGolSGp5Eo3u$6?
zHp!50Q{Og!u|eJ#aDQK3^#$<qtD7Vrn=!rajy;eg3R^)^Upv#tuxqr-Ta@HOV^KKd
zF1E4b!8w5kU}g+09_=tHJ|X*EBCR2>#>xFz0+*X3w*oYYRbh$^x{-E;_eC>rw(fVO
z!`={0jIloCP1@Vpr|Gi~Zm>_FSJ~b!$8NOc?f?ujJ*y9FU%_}h=XRu~HVPW5^VDA{
z_69ia6rpZotQOoOTw_-2Y*}Z^QyR%?JJfGDKK7I92yq0ZByhL4n(r)2W4tiMXX`kA
zS$e<Ez)@UQ@S>XB-af)rC5I}o0O$%ULY{<*V4C<~2h7q=Zr0HTWzo%4vXX!nGs6v}
z0AMZ9qN92TRbtx{hH!2pcxFsDpcF`0bI`#P1&p-PT=Sppz)Vv&{_~YO_Pbi{TOZ-S
z&N5jvZrQ(N34J=|AJH-Hp)dV;cVhyN)H{}iAHj^;?oDEcfel!4RloP@Au^J7Y9fJ%
zpqO>smW63;i>UTPdgCV<nw-?g0n$OmG8S<bu~4u}Nfmla?ThSdMwQYn8n>z^d71g;
z=Vz41me}{;)5%Y_#xA{^R2vwcH_yBXhgv8%e5p!QIE6Hq@-XRimWyq_ZPzh*m>Y_t
zpQKqWBRQqG3yB8$4s5}B0S#HDtp|{DTs_yi<H%882W3{*u^Yb9C676}Tz+a;y4B>$
zK=nIME_cXJLVanEJ+}y<FD`gHvsFYF>D9SvX5loN?a6xBqo%`$uHA{doeUn2teq2P
z(CN)ig%Y4|L=s$JN44i%&dY3`UP9;wStC6?|J7it>a28MV@N+Ui##Hdx6oIayuEQX
zk&N*i0F~l;1D{7&5hekvFqk<@8}De$H%LV(hs|87jZ?A!P=<%iRN+i!qboER4m;Uu
z$kgj)vd32CA;}45mK{qqYDe=#eY^7KcNg9<2AHQzl#fU2BL{*D;H5)6#~xd-?f?f_
z>kO<Vh6FLy%*a$W`Uw`-32@#nUD?@e8j1+*h_Fuh5W?(?<L2kkw^N$USG=|Dx3=G}
z=uiS?saP7AedNlo&(vj@l;&qu`yMNLd4s(C^y|ggqL-`VX|*|?<{ZmP5^NOuQJ1Vu
zyrKN+JTSB6x<cd4QlG*ZxF%JqBgLtKWO&DR(~vaQW^Su1tt+e$IXUO0<ScM_zZ^LR
zpNRAS{EPSjeN_76C(fi7vAriv`lt8x(e&(32~r>R8}VcIfQj`2c<HrsR86i3BaG5>
zWPgYNa1MvfGLuglBTVapji>^S09+Dr0~}U%JFMqyz_3dZ;n!drS7e~AQ~PMm=av8_
zW=Uj6^Z*j%a#~26^VsdFibLxIzuD&!yCz6mjpuz@YY}^hF7plUbn>=!EwM7DdVG#3
z8Au4WlO%%0wZ6GM%gU-GEbgEjPMAV61;he*ZtXGx1Ps@t&!-Nfo!M5}0vwH7QEDXc
zp^=(}p5%?uCX4%2<o}_~{Pbh~N!rXycb8v}s>dRG-U2@jtLNs}XdmO4A;Jt+Xkr)k
zA;>_CEM?JpAWpfPr;5BJm%U{1ybtNR?zR@@td>Nb_gi>QpE+B$c#df8e#f6c+v*Bi
zE<?5c+Fnt)N&BfFh#%Mkn&J)eB7*D1<ccz);Gnfo80COVEfB&G-{$8Wq0d0B(6e|c
z)wAXh?aK39t*5C~b%qVp0&c)o9jfcdK>;r<AWYJMw2<iqA$m2TojQBue)2Xz{?kDG
zpEi{j*<Btz{n|%L0FR0$uL9RHQ-5M-Nn(ELdwMLO{2lhC>+bK24J$wK=Mo-{xlubw
zxrGWkDocHOgvuRs;%4+2@K3n_aj2^&tzLDB%|O9kqclSu;?guaXxblh+-PWnAdI@T
zwxE;HBm40AE59b|{Cz=M??3DJ>7sYYZ#v@I9;<~C0N}7eZJ!YYLmJ8~W;DG+x6PSy
zYid{!M_CM#y}V3$#=$M6)SZy&hegYQ#1TbR!&xhVruKS`ZKi!N%-oZ0LEkY@jgsNL
zk>)eC^MUo}4e&*RZ<<%7bHrLyV7k=T1<Nc2{=_-qW?32#n6&F%o5}$SPXR8YVpc;e
zc&)D)_<UaFN7hM5v~xkq%nrz|TlHMwW1T{{`FY=h$9ALz)i&e!ZK;p<wKLz99K5~c
zjuZZ;5W>rA$d9JN-)_vh*9SkFCf_d;_6GOb#V@Vv6d6%2tV?P5$N({*NQ-HcDPXI+
z47r8?uxrdsA;jK5&Npg?%vM#uRwzwjZGH#s$`FUwM;n6MbqV<v62(N=$${VHbBp`h
ztnkbH%LiACPx3EEt`)h`w}hqa7ewfjwC!6RId67b)xu8L0ng~hiH_NZQc4IZ@-@W~
zH3ba*;xyky1#w=gzB6DFB)hW)C>74h8c|&K|DE$MN3C5?RTn;q%_Sb`#tY=72QU98
zH;@tGWF)_2D(I+lfg&+89bec9u{9HDm<e{aC?sb|xOM_<5ri4$ZmpR?D{F^heXPx+
z3@m9uN0<E^&Oo0Uisj}sH+_C|!N3%{e3kzK?`qYJsc2!@WuMoR+&Vel$FFeADtIEm
zxVn(u6$o~1d-BBNcKQ5w1>Rl@6W%iZ?;hU0?cR8GuNr(%ZKLj7w@ytveg;6t9Tcy9
zYG+r^@a?epdguRq|GLX+cK^ETou6LUy5$oc)$1#t?tOR6kB;1Um(==kFy$km>2HBA
zv*1nhT9|A^RC*`$@=ng96<95E9A--8=x|lES!tD-W7%#S27J)q9I-lxQ!-joxZ1nz
z8mRR~EXvfMMN|7M?6qD~yH?qkVR#&-V{7>*Sroomr)J+@r{4DO&xyg`FYGdE9eevh
zpJfI=U|@NHed@}WwC+)%lLj(7ND6NkC$?PVY$}s&qv%P|G%c3tqL6d$9yhtNL^6c4
z$$5M*@fGE%invIvGshiSU<zj0k`PL%QI(-q9ToddTK8)|Vt=#fz3_5yN!>0E)89)-
z`T_n+XWZQ#tJ_g!-g?_PgE)3u5OIv04^1*eLUfd|dI?pGx)e%8%}y1lt1*fxHNwVb
zeJEUy%*zuR?dT!UaP8;=h;<^79?#d&@Ai5>S%j*|l>_S&fzBR^XuXHN$nx&SWHv6k
zb(5>i78Wz7R)=#d$T0!iDogBSj0yRQYnAH2fuTv-*v`_pHN04&3xdfdWv1?_Wge&T
za16K20mD0hZMNqgse5?jj{T;v-*3o#e^iTjVyC#1-nSSk?i`)J&t3TnJDt2~jCE9&
zr~RR5@MYx5QygfvO=Ba~(LJFH#yIa+S%NH2_24_o**+G|eAl>^HJ^H@oXpP~d3i1h
z^0;QylVTKYbAp!mK`79#jd!oiYM;f$d_UXs3G+z=jUQa2Vn*b8b~Cc@328a&=1!~Q
zptYeTz+y8RquU@MvvuIIIVPeeEVH1kP+UdnXmLzTN7}T9B3`d3$_@do;5czEwKnZ;
zmBTN7|EIB5;6sjq`Wk9gC;0>%=LjHhMGb1N*ul#v1<rA7FEI(qdNWP=El>6I4Ah_k
zMG0R;lAPp7Ny#}!OCnX|ceE7phG{QPIIa<mMeiGlMJT2oIhkKwT8}C^H$`Q{e7g<<
zJIhYtS5$1@KlHr?z6kzJ^GZNA;?QU6(;mwYyOXy|y`<3r(XkXqZzUHGT|u96a7DP}
z%tP~R#is?2z%$6FrDU48b%HZfZD%Ilna~y}uNEhb_hddV$7Y09&(THD59Ce(dK0mB
zb9dcoAV0Cmf<NA=H%%E&a<i<S<K(c9oSeU5yS(dwyC?6y<7ad1`>X6*;OXS9d7X75
zR@%i1l6@iB`pBYd=k4?)vPqpXTM+X=dTOVnoYwwUlw+AC9lt&7`3R|j*-CPv!t56O
zi8xG!IpA4pF&s%<3+zHtzeU}Fj*P8&_IZB1JmU{|nXZVJxpMhGxnhiP`!dFvCy|I_
zrF3e-;bGosGvd&w%hL{G52`>B#J1b8L`v=H6J3`3DWBKVWw}^^vL0wK5$!43_OPQt
zboeeT_L~m=+SpY$S9`1JyPwt>0v`(Te+zt(!<*&=92erhvD0mMfa2NCaE)0_`Aptq
z&SC*2Yt^xoEwC`CHE~*1tL-usrI{MhG}AdJeAD4z>#WyhiEVk|7;NUEQtsgGv608-
z-QN4OA5$>KFhRVvRD2T6kN)^RYs?GmMfA_tlN;EGST0>>S!Zssx`FyGyX>-lD*zsL
zge;=!Jbg}iYl7DoNw(BBf{Hka0^>LV&r!yeYkF7<J)!7{M>QC<%Hoz0x|;hsUZ(DI
zcjCF9QeuEV;D>guXV{Azp06i2uwToe2FrmeW<-K`2is|QT4e(v>3ba@-3-^{=-7G~
z#F*0!C=<XQA<$J0nQGXpF~|w$e72d2%>KYDbeo)d$!~Q)hyR<D-Waj5Jf`q|wXuv;
zafA7>5(>iTA?VmZGy{r*7XAP1efe_RIP&oPt*7W8<C?YOkkoBkQ?pw>Wasd0$5$$w
zf=Eb$MG`bYN>-fgvwubK5Jiz9C2Q==d_q+m5d<1Q1AU;o0S-0{<M2-Zcz1ibcXu~z
z?!UiNKX<P-_j~VaN4stMxpZ@c9&c#h9A4LqhZ<8(A0CQ#d#77>L#<e)vz$DH*j2{U
z&}b7)O~>JUN18*Z9D)AtyhocqecF6HE9t%Ocet}f3_Q^HulA06or+dF{M@AvTfO5t
zxxU?zcXzjLj}A89Z?7w*v(5K|JzQ6tHygdCWi_vkuXau<?Q3@RP$PRCd!}#j=D}M;
zvr4&#Y@S0-Ay^l2!Eez6mW{dVp{caVdAE%}pKkU0`^EdZH7I_pbggS^P$zf&%6hrn
zt&{VkkMidC(&c^qrhRx?-D980W9_JWbZXp~<ozD~G^BTOOWo}ac6Le5ZNx;ld4j?k
z4-w8ET<ka`EmUDss?4GPxBy)oJ46*Zglz1tAK$X_89urmt{+_QpEUKYN5iPU-`z8d
z+Q!+=-iEGien0%Ie_Y?HoYju^i^o)HTE?Jv*}J*gKPER7xoz&&QTt+ZuiKJ4-#5-T
z@R+(dVet2dEvSUqa*G%q9<tFDeoY|7u`~}&doX3u{~>x{a$N9s_vu34+ivckko)HO
z&S6i#ZGT+v>%GcgeWQDFc)NGpJKuHAouiKjP5t5ac=z~lxU;iAxc+o?)NKz?bH8$Z
zq89J8!Djule7!5L8@DOsy!h`tOnQ_QYGKi_i6)ZpOAuquo$)V0{I?|K`=IxrOH!{o
zoA1LM9HK0G|L6TI$Iju0%B5Diysn(~wT+@y89r2Q>s7Lj2Ik=AfgSAJUiW$rN4C+r
z=~zd5>%;pEt9xDSInBMt?;p|a&B1;1x<)(5{B(TO{B(SDPg*&R=E3K*QooBbK_D&$
z#Q<~Me-+7@b*Bq?7=PCFwHtE@%;f89H}VP0+pB{Q_vIea4=*ks2lZoicTaa7+ZO|7
z6o-n6nXXjL^|NwGseM0n?n<V%e%yY%QXfxk^?hGIzB)Op-(1`tRJT9dLtEY_8+)bt
zqFnDUbbal@?8zbaXEG&+*C3^tk>{XZ4$@x_ruWst9Q3PIFHCvwoMCEh4G!zg{#AMX
z(m6Bg74@ihdVeP~bL*zp>0UNlS6iR7(~HvMXLeU{HslXyC)L5Dt?chqTOIT4^jtZw
zobC4U_fuv19({BV?&35^AEqn@zw&C2m4SLd)VtwB?R2NOS-m-IUeqqllZ*51%HaNH
zTl;W*)OGZ7?_BB2)zXDg#`;-N9V%znRp;*J5Z@0z^*i+@>$g<x>TrGkwyD?~)Axo$
z<a|%tAD8D7wj3lMyz^ZX%Q;1@Sw&kP>Nj=6sekCw1AXUVTWNh9mUL~mdSBk?H&5?w
zw)U%sRk?q6Sved&l&*UF?+5ageEM10+1hdF`rbi>yzgBWA1h}=RNMTn<o%qCAEB&R
zN~N3}&Cymx9#+H+7XK?H1n(Eze?JSq{f(1O3_`sxDH{rwZOm*Yn@H)Q4wmj2H5SlD
zu~;nDt5yDgu~>}%Uo6&Zzm=->jdG=0DsR+(E0${Ya{V_bE}-qq<S-jqzZIX|R(x=O
zljKrFGL;C*(DaX-3jZyIu9m<1f?uYwlt}+fv509i{v-}8Vq=MQ=Wio}{!8_8DMtSr
z)s51U{$C=!`9Ho-Zz0w#Fl>W}9}5L!+gLa4Zwhq`8(V)C3p#rI=I63M%e4YGlED{P
zS=AK~MTHt|(h*f+0bexWWk8oQ8<46(i*#DZ=)lU;(TC#?C*R(mTwMNKStV`w0-^yz
zkbin|e)&^?ukZ)hU2FhWx)g+l@JE}hjg^6wr|sR{=EcRgPt9BR>7u!N-n{gl{w=Gx
zFB^`g{oz4a`Og}N_yLOW^$$>K0f4u>@)R5CPhM)}DLUMr@bwS3FPtfQ{W(I95WEHp
zBc+RdD+higHk1kgZBhV;<8ftmbtRU!URql#05A<>6H3K`N)23i1B!-`;h502s17E!
z`h+?REXQDlWQ1F-0LOBh(iXBn6x-BNF#P!8eS<Bzo*u84Qch#>axKJgy$T%Fj)e@B
z>hJ@)7^xsCQ1a;j{_O#f+eE{X{b(0-wZ<GhmOECAkxoi46f<6Lyi<`@@{J;^f?}ps
zm>AY<(-NRTRAK{vVfv5pf2E5oo5>x`p@zKcK1f5PYtL&VOaCiX>oNXcuT?5b{{IpQ
zndHjb{WYLpE~wa({rq_w4oS;G))3xfO$WX<piM2<A)Os$bP5L2aRc~bDcD03H$d|$
z6#4<oqEwTrONH^5P1ES#6;v9sF_XVJHqqwh1X=XIQHjxixmYhP^}iQMPfsGqZwq|F
zB|gjivq~@^ng-radqClK`{)qD^#I6FfjYM7*shue7G{oSONGlWVPK;kF9FE1&=6=F
z?5>3|^pWOZ)+mU)icL*dNwo2!9pw1X!R0DmH4L<mEsLm_!K#XxO$_9+rnPBRT)hNV
z8FefLuNB_PKYte7L8`b-3=BeiqyqQ_R@^Q%{)9HMm<>{xJ?et{(xUn;(luBmhN3wt
zc7Le&5hN(BaS&_p!)*&WnhmQeQEXTnwP0!)K+2gwZ0c3@<|fiR7kXF<8>;&=d;as$
zf2$>WJHv0jQNUAlbY$jX3R(NV%0_JeSFUc9H<tAO5^0h&_(V(oJd2}=cIhf47Saak
ziW9WdYVjKBZzOD>mWKI)98)(+g&r}~2JG@Sj*wZ<v5iz@qecP1Q!a$3Cy+cv^w=fx
zpFhR%uDSazWEj-uoPjkw+f^59y2QG2m(rfl0B*=&j-p`3CJTrIOgdfe;1_G&K8_I;
zE69=vvk8?5m5FhW6}tgK8)*!?g*4Q{n%|xajZ;Vi{K5JIU?x&<1KdHJV+|vQ`7n64
zi;rNiPfxHa?Ymn5=|H0`5Il18hbrSTmfs3%(l+yO1wX)WS%zUlIY#oyKNDDB+B}CG
zWyBdh*6p&cRi8VqMW)+-oxUED3q+R%FX;2a1P;B5Ow%2RlxvN~nPBqI*CxDQB+beH
z&Ay@`qUTcyGx&eGUaQ6Vf3;j&^8c4eS$x6lE0S$$&u087CH!WxOGwDFNgF9s+Y8E?
zu83haHasSqzjU<6q9`VdtJ9#oeML1#$Ga{i%qF_bz9Qt55Wl8$V<uKSxs@BW%%&FV
zxY%OM$43Dmp6g*^Zg3F>4}dsEj;M<LfrxO9k$P<r8=n{oE`Ymp;Tr|NfPej|{}lFa
z)=piJ?>Ltbn&oGv2zN>K)r5Cy!AT0AUNDi+GpZ!hd;UssvVWdB60pp*aMl*J2L1y6
zKd1b+9K*m?PK(fV`Cl#;i<P+iFV~m;{})MFOvRt*m<nKE;F1DXS7YS07Svpe5|uAF
zsT!B4Gf7Rif!7e5zSQ(hWu9c%^Q<$h0SS?LT(0_mTN-W2I$}1qWE~l#?QQHlI^#v$
z{fli;&3{q}Q(QJalzsl?64{%>O1&%|R_a^8JHX9aL8k`9?oQ5xC*9X1U)Zlnp{#>Q
zT~~N3rjw8*1;Q|RCrqdf{EHmBr=JCHBE~BHfCq=#?p(l|09y?x6^nY<P$;O!+tr9p
z^0a#Bmg7xFt0lMVGMUtd6Z)ZJom#`>+`Nc6;-!7u#H*&Dr@X0??0)4#k=OnROYz!i
zGgPjo_aW^ur@F|n;#kBU?s}GAU+Hp;ZT6XAi!YDjDDS|cjv2{p$8ys5BUy@Ro-z`C
z<QFygdMdX1M8Vq%_uG#&)nrb^P+S*He{iWE5d&MHl4@i?ce@!Vs7VNQlY>A{wy?
zW}{pH)uLwfS%mGw!|>U{NIfyM;W?!?w?++_jrE2XK;RXbhV=CJ<A`??(X$k5ULs-$
z7lOFclB6;!=|q!#-@2%fz*N>KRisiyDhuO1imcm&4BpbIqiLs9Bg(J=AKJ&%KD98z
zMu2JmM$iCvA_!sNj4;X*mC?hG5UsX_O!$}LSQ>~7#2Yw0xwzzlqan*0Rgl)D%x;uw
z#bQx@aEKlJ3xYTP1<mvG5S+I#p?UM+^4spoUh~gl_{t062_G|7xJsBypFZthj!)z$
z+{J$n-b{B<A43ac1N`c$FxDP+^@1@diU~5a6#1>B45fSK2RuY<o8$GPGvfv7d;w7f
zS#g+6b@=+#iw%l3;Jr<61H$rck^p?7`0u}afk~@c0<f@|@+j13O-Sn6pySTSX$*wB
zn5Y4xfNGPDEozZRjF=Wx9mNj9aRaqnlr1y}R0<E0?5|EH-LpvJtA_aq0p(ea0ixKl
z=zw7hl&(c}45HY@NY&i;zyChDuvY%F<}Sg6{75TV9AOr&kYmw~vE|4__M8@0Yz<t5
zhZbRX4%2kR05f6$@%L!lSZp34gs)-^+jzbvA^;<+a0FYiFq#)Oh~Br++C;<tj4?Te
z));Ngn)!mWJZ1$Lo98cI(g>3&7RCnaQk%(dvq=*`@2SKB(d8ZqAg1gsA|U!xJ24Yr
zIc<4N9d)0mn9e<5zxI4%4V%sjE_H;@TAUF`&ycYZ@k(r1c?!8*&`_USdyicGFQQTf
z>YB%hRboZ@s=H-Rk=<=1^8X1KZke1AqEa*LLPS4gDL|N|Og5{VQ(D!{i3;8<=jmpw
zWB?#S4SAp>6%RmZw37y-OLgydA6YU?J+D&aDH5(S6j@>+iuuc^1|DzJD-qXdBA~Jv
zX?`|34-<{AmatITfV^_kbhP|giySyNd!!CsRf$cgfwZd#*-o+&+tgsykExN?U?t*N
z-<)rVV_DefPqK=ey@PMNC&&9A4!*rVIci3F#4SDz5cmym3*K<~<*1deSs8tn`jTPA
z!gkXwG6vE@MhC-6?;Wi4q4DQ*;0ep{>50$5N)J}XXUE4y@V?LICa_pc+uBVbh_peB
zt%A(DsmmmLr<t7*^GIb5X~L=p34Sc#n<QuIb~^+V8mYKpa02IU@(f9{g7b}P2@pMt
z)O@}5>Mp3SKCrZ&Chc!iaV?aEgl-7c10rM%JiF@Hy0I{`k!1(gi(}l!t~mD;mY7*7
zNl8$G0IX3*W{AE@Q6#W#+QU6!HQ?#zcn@NlQfk3*bttvin2wQJYEp+tEgDfNCd%Yi
z9)cy3t~pG{dY%SGeu<HaF<o5b6BaY86@CR|sJUV?W(viaKxB&EVkU)UL=2+t<8jWw
zj3ipmYTw;naFr=+(&P%15NJ>WB=h{49~UvbGbvBgq~*9Utj;m0(E578C2WjenHK3I
z8;gPQci!j--;ueHDAwmkGewM83Bd-jp0|)9cme4_a6-!Xr-O-ja;3#YocJLB0YN9T
z&qpxC$yteGbN)z@$ds++>RK4B7wO$=M3pSl-zCi%|Kl!VmiItdR{U?Zx)G26DOHx|
zzg{F|v3Q0!Q%?+py%_U}C&cn(ILKck{B<VrMm0P!dYAi4$g#WBBHwwpq~0cz2$e&;
zoKp?YgblZ$SHg$oXx^bbWD*`-!5Z*I5WbGZ#=;jNbV)J(u8*yjm(M*`!aM%)Dfd5q
zv(`HhJU5x}b!LpWh<6LxoQU7?s?UsnzuDKC2CCt6+;$-a6ES7P1%Sv(%elUo!#|J6
zCp(dT7f7`;%{f=6@@O|MFB(&Wr>kk4dS@#iuD!T|{Mu~#FH5t^fA4yLnT~&E-~UsY
zIR8_tF5`b+B&AWOH_vk&|4gz1`8P_<aYD$i=|_Vt=m_c9=>E|sNQ0}qo^^UO4?CY&
zFpIYexC<*~A0Mo*=Nb+sR@;0V_+;wIcQEy3rOtf(f2QLf8T`LgE*8rZ`@dp&$^Ty>
zWsvij)l~cixc~D`lK7)~t%D@qrO&S!E8j)z6CMU=27yZ_KUO+@0>fudm_??|tF=Om
zj;li-AR7<RkTZCV(w<|2&@Txf_&W{3Z&38&%EL#$ddI6Stnrl=fbLw_$ac8Yh_xdz
z@69MgoL`j^t$Rq3x`Q;Aw^<$pADpB`-%Nq<!E4g59EB(Oy@}LzH@{=G_qmu0Z<UF_
zOKZ}ffmMH|LKp%ug|!L#;P~?@cPX>CHG-Ju@fCrX9t{K_Bw~g>L$@$r{f*Ec;{|dg
zHXymhBTgVOh{}*gK^sr`PCGo!cl04bxPBjA{^Y~x!~!4sR8AF%Wyy26U_h-NF*@AQ
zERVT}#||ANA3KO0JQzQEu<*kN6K4#fQS{7G#slYh*nghL)bNaeANm)0IT0xO3j~|{
z;|(Lnqhk(YuV;wJoeU56Ffsy_5YWB20NRNNV<}J9+tdPY)dMl$t$(p<G=+#-dGZSW
zOojwrG=xnI2mcX!Gd4<Iu&YxQ)*nYeV+FiJE21b0i7(C_!yx=BTEDs^Ny#M>KuB_O
ztNhy5lukcCCV6_~afCPKiTZuP_|pXHiAPaPuKZ}f<8SAVJq?<58SV54>*wPs(022L
zs|Hfz7YSEQj}Z+zniwM*yi5wOj6}fZ2^Sq}=e5E`r;R5oTy(PTGr~pl27?BTK06q6
z0?_k<L8pLQL@?+i_-6!zrUF|`FlZ?;qO+7I7&No$+`*s;qGOg=&<Qi@i-aG>q{?)O
zl0KYRd13Zgykw!0Gh{SlurVPrvjF)eL-xdod2`zDEF<$|+?n|QtBE;kpj*q0;OOty
zwm>e^Yo^@x{{bSl{LTG4oAWo1|F=4E|8KFly#Mh<(j=#Kr<nf{?`bQC1K2J4k+xD?
z0RGzv7eJ7o?gEI_T&x3_kI#dg%l&IoW_whkY47-hV|Fa0;=jTd93X#Tu3%2Pf1w9B
zZOJ^>1)RLJk_)BD=k$d(9nSpnc`5<@YChmO`2Rg^&GspX4F7MXSdaUE%k@%q$^Ty>
zJv~jM<#fmIt8)DovX$;A?DHdSO>q5ex9)V=a8Fx*p<v)&#}X2Xcu}*W$v5vp19&EP
zEn^j{?^?J`EiCd}9(hZs@y;vMMkMMz4rtfwbrd@QybOeXw8@LjrXWRRNEjKXk_-(1
zY5T*ed&F?NKIRdOY_k0hgpejL5KCP<V^uO-aWQ9{3v=XJT!1@n!Ok+ymeV{BORr8o
z5VL!ACJeKXXutC<ctxo;?)39*c%|~@Q4|qL*29@Vq&mgZ-QvDu9KHzKhlf12f7F{y
zmpBCBC&$!qizUB|#j8Z#L}FA%_p>E?yQcYY#=ST$NdQ1n&5_p6Qmc=AWn(7O={<-V
z{US|gG@M|ZglYEH=&l9E(@Z+0D2lEcKUIro=oc0K`HvrEi?Ia-fIV+_xL^$cIX30%
zc^p5Nw1*9!J{P@KEUMvObhXTXTx;6u;b%+!q3b8%L|7rg0TE!|#FkE&i)<!^HKLy{
z<1ul9xABF*9pQT-CfyKmSJp_%=IX)70XoqGld4RBdAboEc8eWx8@St$@e^(fBPahP
z(%+k^($C^$5m#^!>mN#ExzFM)MubI97bct=%){vN97>#-46-bV&v)?s0}P1IaqR`?
z9y9d3C7L7p?);d}L^W5FmdGAc82`G39hIU>q$jBr%Xoohn&$tJT&0I}3~J$LwUOcf
zFV^Dczf1Lv>hk>Gi=;PjifkKO1_PUdH`y@gVgp(Z(Og~u!RH60!W-aU_-2mjMc}b6
z)->p7v<14m7a~UI9avaHHtA!2{aqv<8EWAT7`VfgMp!j1+$N7$^)_|?w<f`fp$&l=
zyr$bFFtG(1F|bsS_Ab6%*wn&>H?Zq{JmG5h0#stLg47|l%>R1bFG#KLmdyVK8QqTT
z{s|sg-;hUuT1e?RCbWr$S>dh324>-{)Iz<&Tglel-_#<V!rT89-oO>I2z3~I*lV(a
wWLnhK;tLW{F_OLF7QHV>eWp+q%S%?dOv|)PzjFG20RRC1|2ot>W&jWb0K4$YKL7v#
--
GitLab
From f6022eba4e82aef34ad75967238bc5a232d0d2da Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Wed, 4 Dec 2024 11:26:19 -0600
Subject: [PATCH 22/30] bump version
---
CHANGELOG.md | 2 +-
README.md | 676 +++++++++++++++++++++++------------------------
chart/Chart.yaml | 2 +-
3 files changed, 339 insertions(+), 341 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3268be3b..7a80f9be 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
---
-## [0.29.0-bb.1] - 2024-12-04
+## [0.29.1-bb.0] - 2024-12-04
### Changed
diff --git a/README.md b/README.md
index 344e7161..65fa915d 100644
--- a/README.md
+++ b/README.md
@@ -1,13 +1,11 @@
<!-- Warning: Do not manually edit this file. See notes on gluon + helm-docs at the end of this file for more information. -->
-
# vault
-  
+  
Official HashiCorp Vault Chart
## Upstream References
-
- <https://www.vaultproject.io>
* <https://github.com/hashicorp/vault>
@@ -19,7 +17,6 @@ Official HashiCorp Vault Chart
This package has no upstream release note links on file. Please add some to [chart/Chart.yaml](chart/Chart.yaml) under `annotations.bigbang.dev/upstreamReleaseNotesMarkdown`.
Example:
-
```yaml
annotations:
bigbang.dev/upstreamReleaseNotesMarkdown: |
@@ -55,341 +52,341 @@ helm install vault chart/
## Values
-| Key | Type | Default | Description |
-| ----------------------------------------------------------------- | ------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
-| global.enabled | bool | `true` | |
-| global.namespace | string | `""` | |
-| global.imagePullSecrets[0].name | string | `"private-registry"` | |
-| global.tlsDisable | bool | `true` | |
-| global.externalVaultAddr | string | `""` | |
-| global.openshift | bool | `false` | |
-| global.psp.enable | bool | `false` | |
-| global.psp.annotations | string | `"seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default\napparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default\nseccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default\napparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default\n"` | |
-| global.serverTelemetry.prometheusOperator | bool | `false` | |
-| injector.enabled | string | `"-"` | |
-| injector.replicas | int | `1` | |
-| injector.port | int | `8080` | |
-| injector.leaderElector.enabled | bool | `false` | |
-| injector.metrics.enabled | bool | `true` | |
-| injector.externalVaultAddr | string | `""` | |
-| injector.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s"` | |
-| injector.image.tag | string | `"v1.5.0"` | |
-| injector.image.pullPolicy | string | `"IfNotPresent"` | |
-| injector.agentImage.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
-| injector.agentImage.tag | string | `"1.18.1"` | |
-| injector.agentDefaults.cpuLimit | string | `"500m"` | |
-| injector.agentDefaults.cpuRequest | string | `"500m"` | |
-| injector.agentDefaults.memLimit | string | `"250Mi"` | |
-| injector.agentDefaults.memRequest | string | `"250Mi"` | |
-| injector.agentDefaults.template | string | `"map"` | |
-| injector.agentDefaults.templateConfig.exitOnRetryFailure | bool | `true` | |
-| injector.agentDefaults.templateConfig.staticSecretRenderInterval | string | `""` | |
-| injector.livenessProbe.failureThreshold | int | `2` | |
-| injector.livenessProbe.initialDelaySeconds | int | `5` | |
-| injector.livenessProbe.periodSeconds | int | `2` | |
-| injector.livenessProbe.successThreshold | int | `1` | |
-| injector.livenessProbe.timeoutSeconds | int | `5` | |
-| injector.readinessProbe.failureThreshold | int | `2` | |
-| injector.readinessProbe.initialDelaySeconds | int | `5` | |
-| injector.readinessProbe.periodSeconds | int | `2` | |
-| injector.readinessProbe.successThreshold | int | `1` | |
-| injector.readinessProbe.timeoutSeconds | int | `5` | |
-| injector.startupProbe.failureThreshold | int | `12` | |
-| injector.startupProbe.initialDelaySeconds | int | `5` | |
-| injector.startupProbe.periodSeconds | int | `5` | |
-| injector.startupProbe.successThreshold | int | `1` | |
-| injector.startupProbe.timeoutSeconds | int | `5` | |
-| injector.authPath | string | `"auth/kubernetes"` | |
-| injector.logLevel | string | `"info"` | |
-| injector.logFormat | string | `"standard"` | |
-| injector.revokeOnShutdown | bool | `false` | |
-| injector.webhook.failurePolicy | string | `"Ignore"` | |
-| injector.webhook.matchPolicy | string | `"Exact"` | |
-| injector.webhook.timeoutSeconds | int | `30` | |
-| injector.webhook.namespaceSelector | object | `{}` | |
-| injector.webhook.objectSelector | string | `"matchExpressions:\n- key: app.kubernetes.io/name\n operator: NotIn\n values:\n - {{ template \"vault.name\" . }}-agent-injector\n"` | |
-| injector.webhook.annotations | object | `{}` | |
-| injector.failurePolicy | string | `"Ignore"` | |
-| injector.namespaceSelector | object | `{}` | |
-| injector.objectSelector | object | `{}` | |
-| injector.webhookAnnotations | object | `{}` | |
-| injector.certs.secretName | string | `nil` | |
-| injector.certs.caBundle | string | `""` | |
-| injector.certs.certName | string | `"tls.crt"` | |
-| injector.certs.keyName | string | `"tls.key"` | |
-| injector.securityContext.pod | object | `{}` | |
-| injector.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
-| injector.resources.requests.memory | string | `"256Mi"` | |
-| injector.resources.requests.cpu | string | `"250m"` | |
-| injector.resources.limits.memory | string | `"256Mi"` | |
-| injector.resources.limits.cpu | string | `"250m"` | |
-| injector.extraEnvironmentVars | object | `{}` | |
-| injector.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}-agent-injector\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: webhook\n topologyKey: kubernetes.io/hostname\n"` | |
-| injector.topologySpreadConstraints | list | `[]` | |
-| injector.tolerations | list | `[]` | |
-| injector.nodeSelector | object | `{}` | |
-| injector.priorityClassName | string | `""` | |
-| injector.annotations | object | `{}` | |
-| injector.extraLabels | object | `{}` | |
-| injector.hostNetwork | bool | `false` | |
-| injector.service.annotations | object | `{}` | |
-| injector.serviceAccount.annotations | object | `{}` | |
-| injector.podDisruptionBudget | object | `{}` | |
-| injector.strategy | object | `{}` | |
-| server.enabled | bool | `true` | |
-| server.extraSecretEnvironmentVars[0].envName | string | `"AWS_ACCESS_KEY_ID"` | |
-| server.extraSecretEnvironmentVars[0].secretName | string | `"eks-creds"` | |
-| server.extraSecretEnvironmentVars[0].secretKey | string | `"AWS_ACCESS_KEY_ID"` | |
-| server.extraSecretEnvironmentVars[1].envName | string | `"AWS_SECRET_ACCESS_KEY"` | |
-| server.extraSecretEnvironmentVars[1].secretName | string | `"eks-creds"` | |
-| server.extraSecretEnvironmentVars[1].secretKey | string | `"AWS_SECRET_ACCESS_KEY"` | |
-| server.enterpriseLicense.secretName | string | `""` | |
-| server.enterpriseLicense.secretKey | string | `"license"` | |
-| server.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
-| server.image.tag | string | `"1.18.1"` | |
-| server.image.pullPolicy | string | `"IfNotPresent"` | |
-| server.updateStrategyType | string | `"OnDelete"` | |
-| server.logLevel | string | `""` | |
-| server.logFormat | string | `""` | |
-| server.resources.requests.memory | string | `"256Mi"` | |
-| server.resources.requests.cpu | string | `"250m"` | |
-| server.resources.limits.memory | string | `"256Mi"` | |
-| server.resources.limits.cpu | string | `"250m"` | |
-| server.ingress.enabled | bool | `false` | |
-| server.ingress.labels | object | `{}` | |
-| server.ingress.annotations | object | `{}` | |
-| server.ingress.ingressClassName | string | `""` | |
-| server.ingress.pathType | string | `"Prefix"` | |
-| server.ingress.activeService | bool | `true` | |
-| server.ingress.hosts[0].host | string | `"chart-example.local"` | |
-| server.ingress.hosts[0].paths | list | `[]` | |
-| server.ingress.extraPaths | list | `[]` | |
-| server.ingress.tls | list | `[]` | |
-| server.hostAliases | list | `[]` | |
-| server.route.enabled | bool | `false` | |
-| server.route.activeService | bool | `true` | |
-| server.route.labels | object | `{}` | |
-| server.route.annotations | object | `{}` | |
-| server.route.host | string | `"chart-example.local"` | |
-| server.route.tls.termination | string | `"passthrough"` | |
-| server.authDelegator.enabled | bool | `true` | |
-| server.extraInitContainers | string | `nil` | |
-| server.extraContainers | string | `nil` | |
-| server.shareProcessNamespace | bool | `false` | |
-| server.extraArgs | string | `""` | |
-| server.extraPorts | string | `nil` | |
-| server.readinessProbe.enabled | bool | `true` | |
-| server.readinessProbe.port | int | `8200` | |
-| server.readinessProbe.failureThreshold | int | `2` | |
-| server.readinessProbe.initialDelaySeconds | int | `5` | |
-| server.readinessProbe.periodSeconds | int | `5` | |
-| server.readinessProbe.successThreshold | int | `1` | |
-| server.readinessProbe.timeoutSeconds | int | `3` | |
-| server.livenessProbe.enabled | bool | `false` | |
-| server.livenessProbe.execCommand | list | `[]` | |
-| server.livenessProbe.path | string | `"/v1/sys/health?standbyok=true"` | |
-| server.livenessProbe.port | int | `8200` | |
-| server.livenessProbe.failureThreshold | int | `2` | |
-| server.livenessProbe.initialDelaySeconds | int | `60` | |
-| server.livenessProbe.periodSeconds | int | `5` | |
-| server.livenessProbe.successThreshold | int | `1` | |
-| server.livenessProbe.timeoutSeconds | int | `3` | |
-| server.terminationGracePeriodSeconds | int | `10` | |
-| server.preStopSleepSeconds | int | `5` | |
-| server.postStart | list | `[]` | |
-| server.extraEnvironmentVars | object | `{}` | |
-| server.extraSecretEnvironmentVars | list | `[]` | |
-| server.extraVolumes | list | `[]` | |
-| server.volumes | string | `nil` | |
-| server.volumeMounts | string | `nil` | |
-| server.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: server\n topologyKey: kubernetes.io/hostname\n"` | |
-| server.topologySpreadConstraints | list | `[]` | |
-| server.tolerations | list | `[]` | |
-| server.nodeSelector | object | `{}` | |
-| server.networkPolicy.enabled | bool | `false` | |
-| server.networkPolicy.egress | list | `[]` | |
-| server.networkPolicy.ingress[0].from[0].namespaceSelector | object | `{}` | |
-| server.networkPolicy.ingress[0].ports[0].port | int | `8200` | |
-| server.networkPolicy.ingress[0].ports[0].protocol | string | `"TCP"` | |
-| server.networkPolicy.ingress[0].ports[1].port | int | `8201` | |
-| server.networkPolicy.ingress[0].ports[1].protocol | string | `"TCP"` | |
-| server.priorityClassName | string | `""` | |
-| server.extraLabels | object | `{}` | |
-| server.annotations | object | `{}` | |
-| server.includeConfigAnnotation | bool | `false` | |
-| server.service.enabled | bool | `true` | |
-| server.service.active.enabled | bool | `true` | |
-| server.service.active.annotations | object | `{}` | |
-| server.service.standby.enabled | bool | `true` | |
-| server.service.standby.annotations | object | `{}` | |
-| server.service.instanceSelector.enabled | bool | `true` | |
-| server.service.ipFamilyPolicy | string | `""` | |
-| server.service.ipFamilies | list | `[]` | |
-| server.service.publishNotReadyAddresses | bool | `true` | |
-| server.service.externalTrafficPolicy | string | `"Cluster"` | |
-| server.service.port | int | `8200` | |
-| server.service.targetPort | int | `8200` | |
-| server.service.annotations | object | `{}` | |
-| server.dataStorage.enabled | bool | `true` | |
-| server.dataStorage.size | string | `"10Gi"` | |
-| server.dataStorage.mountPath | string | `"/vault/data"` | |
-| server.dataStorage.storageClass | string | `nil` | |
-| server.dataStorage.accessMode | string | `"ReadWriteOnce"` | |
-| server.dataStorage.annotations | object | `{}` | |
-| server.dataStorage.labels | object | `{}` | |
-| server.persistentVolumeClaimRetentionPolicy | object | `{}` | |
-| server.auditStorage.enabled | bool | `true` | |
-| server.auditStorage.size | string | `"10Gi"` | |
-| server.auditStorage.mountPath | string | `"/vault/audit"` | |
-| server.auditStorage.storageClass | string | `nil` | |
-| server.auditStorage.accessMode | string | `"ReadWriteOnce"` | |
-| server.auditStorage.annotations | object | `{}` | |
-| server.auditStorage.labels | object | `{}` | |
-| server.dev.enabled | bool | `false` | |
-| server.dev.devRootToken | string | `"root"` | |
-| server.standalone.enabled | string | `"-"` | |
-| server.standalone.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\n\ntelemetry {\n prometheus_retention_time = \"24h\"\n disable_hostname = true\n unauthenticated_metrics_access = true\n}\n\n{{- if .Values.server.dataStorage.enabled }}\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n{{- end }}\n\n{{- if and (not .Values.server.dataStorage.enabled) .Values.minio.enabled }}\nstorage \"s3\" {\n access_key = \"{{ .Values.minio.accessKey }}\"\n secret_key = \"{{ .Values.minio.secretKey }}\"\n endpoint = \"{{ .Values.minio.endpoint }}\"\n bucket = \"{{ .Values.minio.bucketName }}\"\n s3_force_path_style = \"true\"\n disable_ssl = \"{{ .Values.minio.disableSSL }}\"\n}\n{{- end }}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics in your config.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}"` | |
-| server.ha.enabled | bool | `false` | |
-| server.ha.replicas | int | `3` | |
-| server.ha.apiAddr | string | `nil` | |
-| server.ha.clusterAddr | string | `nil` | |
-| server.ha.raft.enabled | bool | `true` | |
-| server.ha.raft.setNodeId | bool | `true` | |
-| server.ha.raft.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\n\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n\ntelemetry {\n prometheus_retention_time = \"24h\"\n disable_hostname = true\n unauthenticated_metrics_access = true\n}\n\n\nservice_registration \"kubernetes\" {}\n"` | |
-| server.ha.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n}\nstorage \"consul\" {\n path = \"vault\"\n address = \"HOST_IP:8500\"\n}\n\nservice_registration \"kubernetes\" {}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev-246514\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics.\n# If you are using Prometheus Operator you can enable a ServiceMonitor resource below.\n# You may wish to enable unauthenticated metrics in the listener block above.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}\n"` | |
-| server.ha.disruptionBudget.enabled | bool | `true` | |
-| server.ha.disruptionBudget.maxUnavailable | string | `nil` | |
-| server.serviceAccount.create | bool | `true` | |
-| server.serviceAccount.name | string | `""` | |
-| server.serviceAccount.createSecret | bool | `false` | |
-| server.serviceAccount.annotations | object | `{}` | |
-| server.serviceAccount.extraLabels | object | `{}` | |
-| server.serviceAccount.serviceDiscovery.enabled | bool | `true` | |
-| server.statefulSet.annotations | object | `{}` | |
-| server.statefulSet.securityContext.pod | object | `{}` | |
-| server.statefulSet.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
-| server.hostNetwork | bool | `false` | |
-| ui.enabled | bool | `true` | |
-| ui.publishNotReadyAddresses | bool | `true` | |
-| ui.activeVaultPodOnly | bool | `false` | |
-| ui.serviceType | string | `"ClusterIP"` | |
-| ui.serviceNodePort | string | `nil` | |
-| ui.externalPort | int | `8200` | |
-| ui.targetPort | int | `8200` | |
-| ui.serviceIPFamilyPolicy | string | `""` | |
-| ui.serviceIPFamilies | list | `[]` | |
-| ui.externalTrafficPolicy | string | `"Cluster"` | |
-| ui.annotations | object | `{}` | |
-| csi.enabled | bool | `false` | |
-| csi.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault-csi-provider"` | |
-| csi.image.tag | string | `"v1.5.0"` | |
-| csi.image.pullPolicy | string | `"IfNotPresent"` | |
-| csi.volumes | string | `nil` | |
-| csi.volumeMounts | string | `nil` | |
-| csi.resources.requests.cpu | string | `"50m"` | |
-| csi.resources.requests.memory | string | `"128Mi"` | |
-| csi.resources.limits.cpu | string | `"50m"` | |
-| csi.resources.limits.memory | string | `"128Mi"` | |
-| csi.hmacSecretName | string | `""` | |
-| csi.hostNetwork | bool | `false` | |
-| csi.daemonSet.updateStrategy.type | string | `"RollingUpdate"` | |
-| csi.daemonSet.updateStrategy.maxUnavailable | string | `""` | |
-| csi.daemonSet.annotations | object | `{}` | |
-| csi.daemonSet.providersDir | string | `"/etc/kubernetes/secrets-store-csi-providers"` | |
-| csi.daemonSet.kubeletRootDir | string | `"/var/lib/kubelet"` | |
-| csi.daemonSet.extraLabels | object | `{}` | |
-| csi.daemonSet.securityContext.pod.runAsNonRoot | bool | `true` | |
-| csi.daemonSet.securityContext.pod.runAsGroup | int | `1000` | |
-| csi.daemonSet.securityContext.pod.runAsUser | int | `100` | |
-| csi.daemonSet.securityContext.pod.fsGroup | int | `1000` | |
-| csi.pod.annotations | object | `{}` | |
-| csi.pod.tolerations | list | `[]` | |
-| csi.pod.nodeSelector | object | `{}` | |
-| csi.pod.affinity | object | `{}` | |
-| csi.pod.extraLabels | object | `{}` | |
-| csi.agent.enabled | bool | `true` | |
-| csi.agent.extraArgs | list | `[]` | |
-| csi.agent.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
-| csi.agent.image.tag | string | `"1.18.1"` | |
-| csi.agent.image.pullPolicy | string | `"IfNotPresent"` | |
-| csi.agent.logFormat | string | `"standard"` | |
-| csi.agent.logLevel | string | `"info"` | |
-| csi.agent.resources.requests.memory | string | `"256Mi"` | |
-| csi.agent.resources.requests.cpu | string | `"250m"` | |
-| csi.agent.resources.limits.memory | string | `"256Mi"` | |
-| csi.agent.resources.limits.cpu | string | `"250m"` | |
-| csi.priorityClassName | string | `""` | |
-| csi.serviceAccount.annotations | object | `{}` | |
-| csi.serviceAccount.extraLabels | object | `{}` | |
-| csi.readinessProbe.failureThreshold | int | `2` | |
-| csi.readinessProbe.initialDelaySeconds | int | `5` | |
-| csi.readinessProbe.periodSeconds | int | `5` | |
-| csi.readinessProbe.successThreshold | int | `1` | |
-| csi.readinessProbe.timeoutSeconds | int | `3` | |
-| csi.livenessProbe.failureThreshold | int | `2` | |
-| csi.livenessProbe.initialDelaySeconds | int | `5` | |
-| csi.livenessProbe.periodSeconds | int | `5` | |
-| csi.livenessProbe.successThreshold | int | `1` | |
-| csi.livenessProbe.timeoutSeconds | int | `3` | |
-| csi.logLevel | string | `"info"` | |
-| csi.debug | bool | `false` | |
-| csi.extraArgs | list | `[]` | |
-| domain | string | `"dev.bigbang.mil"` | |
-| monitoring.enabled | bool | `false` | |
-| monitoring.namespace | string | `"monitoring"` | |
-| networkPolicies.enabled | bool | `false` | |
-| networkPolicies.controlPlaneCidr | string | `"0.0.0.0/0"` | |
-| networkPolicies.vpcCidr | string | `"0.0.0.0/0"` | |
-| networkPolicies.ingressLabels.app | string | `"istio-ingressgateway"` | |
-| networkPolicies.ingressLabels.istio | string | `"ingressgateway"` | |
-| networkPolicies.additionalPolicies | list | `[]` | |
-| autoInit.enabled | bool | `true` | |
-| autoInit.image.repository | string | `"registry1.dso.mil/ironbank/big-bang/base"` | |
-| autoInit.image.tag | string | `"2.1.0"` | |
-| autoInit.storage.size | string | `"2Gi"` | |
-| istio.enabled | bool | `false` | |
-| istio.hardened.enabled | bool | `false` | |
-| istio.hardened.customAuthorizationPolicies | list | `[]` | |
-| istio.hardened.monitoring.enabled | bool | `true` | |
-| istio.hardened.monitoring.namespaces[0] | string | `"monitoring"` | |
-| istio.hardened.monitoring.principals[0] | string | `"cluster.local/ns/monitoring/sa/monitoring-grafana"` | |
-| istio.hardened.monitoring.principals[1] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"` | |
-| istio.hardened.monitoring.principals[2] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"` | |
-| istio.hardened.monitoring.principals[3] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"` | |
-| istio.hardened.monitoring.principals[4] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"` | |
-| istio.hardened.monitoring.principals[5] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"` | |
-| istio.hardened.apiAccess.enabled | bool | `true` | |
-| istio.hardened.apiAccess.ports[0] | string | `"8200"` | |
-| istio.vault.enabled | bool | `true` | |
-| istio.vault.gateways[0] | string | `"istio-system/main"` | |
-| istio.vault.hosts[0] | string | `"vault.{{ .Values.domain }}"` | |
-| istio.vault.tls.cert | string | `""` | |
-| istio.vault.tls.key | string | `""` | |
-| istio.mtls.mode | string | `"STRICT"` | |
-| minio.enabled | bool | `false` | |
-| customAppIngressSelector.key | string | `"vault-ingress"` | |
-| customAppIngressSelector.value | bool | `true` | |
-| serverTelemetry.serviceMonitor.enabled | bool | `false` | |
-| serverTelemetry.serviceMonitor.selectors | object | `{}` | |
-| serverTelemetry.serviceMonitor.interval | string | `"30s"` | |
-| serverTelemetry.serviceMonitor.scrapeTimeout | string | `"10s"` | |
-| serverTelemetry.serviceMonitor.tlsConfig | object | `{}` | |
-| serverTelemetry.serviceMonitor.authorization | object | `{}` | |
-| serverTelemetry.prometheusRules.enabled | bool | `false` | |
-| serverTelemetry.prometheusRules.selectors | object | `{}` | |
-| serverTelemetry.prometheusRules.rules | list | `[]` | |
-| bbtests.enabled | bool | `false` | |
-| bbtests.cypress.resources.requests.cpu | int | `2` | |
-| bbtests.cypress.resources.requests.memory | string | `"8Gi"` | |
-| bbtests.cypress.resources.limits.cpu | int | `2` | |
-| bbtests.cypress.resources.limits.memory | string | `"8Gi"` | |
-| bbtests.cypress.artifacts | bool | `true` | |
-| bbtests.cypress.envs.cypress_vault_url | string | `"http://vault.vault.svc:8200"` | |
-| bbtests.cypress.secretEnvs[0].name | string | `"cypress_token"` | |
-| bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.name | string | `"vault-token"` | |
-| bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.key | string | `"key"` | |
-| bbtests.cypress.disableDefaultTests | bool | `false` | |
-| openshift | bool | `false` | |
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| global.enabled | bool | `true` | |
+| global.namespace | string | `""` | |
+| global.imagePullSecrets[0].name | string | `"private-registry"` | |
+| global.tlsDisable | bool | `true` | |
+| global.externalVaultAddr | string | `""` | |
+| global.openshift | bool | `false` | |
+| global.psp.enable | bool | `false` | |
+| global.psp.annotations | string | `"seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default\napparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default\nseccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default\napparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default\n"` | |
+| global.serverTelemetry.prometheusOperator | bool | `false` | |
+| injector.enabled | string | `"-"` | |
+| injector.replicas | int | `1` | |
+| injector.port | int | `8080` | |
+| injector.leaderElector.enabled | bool | `false` | |
+| injector.metrics.enabled | bool | `true` | |
+| injector.externalVaultAddr | string | `""` | |
+| injector.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s"` | |
+| injector.image.tag | string | `"v1.5.0"` | |
+| injector.image.pullPolicy | string | `"IfNotPresent"` | |
+| injector.agentImage.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
+| injector.agentImage.tag | string | `"1.18.2"` | |
+| injector.agentDefaults.cpuLimit | string | `"500m"` | |
+| injector.agentDefaults.cpuRequest | string | `"500m"` | |
+| injector.agentDefaults.memLimit | string | `"250Mi"` | |
+| injector.agentDefaults.memRequest | string | `"250Mi"` | |
+| injector.agentDefaults.template | string | `"map"` | |
+| injector.agentDefaults.templateConfig.exitOnRetryFailure | bool | `true` | |
+| injector.agentDefaults.templateConfig.staticSecretRenderInterval | string | `""` | |
+| injector.livenessProbe.failureThreshold | int | `2` | |
+| injector.livenessProbe.initialDelaySeconds | int | `5` | |
+| injector.livenessProbe.periodSeconds | int | `2` | |
+| injector.livenessProbe.successThreshold | int | `1` | |
+| injector.livenessProbe.timeoutSeconds | int | `5` | |
+| injector.readinessProbe.failureThreshold | int | `2` | |
+| injector.readinessProbe.initialDelaySeconds | int | `5` | |
+| injector.readinessProbe.periodSeconds | int | `2` | |
+| injector.readinessProbe.successThreshold | int | `1` | |
+| injector.readinessProbe.timeoutSeconds | int | `5` | |
+| injector.startupProbe.failureThreshold | int | `12` | |
+| injector.startupProbe.initialDelaySeconds | int | `5` | |
+| injector.startupProbe.periodSeconds | int | `5` | |
+| injector.startupProbe.successThreshold | int | `1` | |
+| injector.startupProbe.timeoutSeconds | int | `5` | |
+| injector.authPath | string | `"auth/kubernetes"` | |
+| injector.logLevel | string | `"info"` | |
+| injector.logFormat | string | `"standard"` | |
+| injector.revokeOnShutdown | bool | `false` | |
+| injector.webhook.failurePolicy | string | `"Ignore"` | |
+| injector.webhook.matchPolicy | string | `"Exact"` | |
+| injector.webhook.timeoutSeconds | int | `30` | |
+| injector.webhook.namespaceSelector | object | `{}` | |
+| injector.webhook.objectSelector | string | `"matchExpressions:\n- key: app.kubernetes.io/name\n operator: NotIn\n values:\n - {{ template \"vault.name\" . }}-agent-injector\n"` | |
+| injector.webhook.annotations | object | `{}` | |
+| injector.failurePolicy | string | `"Ignore"` | |
+| injector.namespaceSelector | object | `{}` | |
+| injector.objectSelector | object | `{}` | |
+| injector.webhookAnnotations | object | `{}` | |
+| injector.certs.secretName | string | `nil` | |
+| injector.certs.caBundle | string | `""` | |
+| injector.certs.certName | string | `"tls.crt"` | |
+| injector.certs.keyName | string | `"tls.key"` | |
+| injector.securityContext.pod | object | `{}` | |
+| injector.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
+| injector.resources.requests.memory | string | `"256Mi"` | |
+| injector.resources.requests.cpu | string | `"250m"` | |
+| injector.resources.limits.memory | string | `"256Mi"` | |
+| injector.resources.limits.cpu | string | `"250m"` | |
+| injector.extraEnvironmentVars | object | `{}` | |
+| injector.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}-agent-injector\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: webhook\n topologyKey: kubernetes.io/hostname\n"` | |
+| injector.topologySpreadConstraints | list | `[]` | |
+| injector.tolerations | list | `[]` | |
+| injector.nodeSelector | object | `{}` | |
+| injector.priorityClassName | string | `""` | |
+| injector.annotations | object | `{}` | |
+| injector.extraLabels | object | `{}` | |
+| injector.hostNetwork | bool | `false` | |
+| injector.service.annotations | object | `{}` | |
+| injector.serviceAccount.annotations | object | `{}` | |
+| injector.podDisruptionBudget | object | `{}` | |
+| injector.strategy | object | `{}` | |
+| server.enabled | bool | `true` | |
+| server.extraSecretEnvironmentVars[0].envName | string | `"AWS_ACCESS_KEY_ID"` | |
+| server.extraSecretEnvironmentVars[0].secretName | string | `"eks-creds"` | |
+| server.extraSecretEnvironmentVars[0].secretKey | string | `"AWS_ACCESS_KEY_ID"` | |
+| server.extraSecretEnvironmentVars[1].envName | string | `"AWS_SECRET_ACCESS_KEY"` | |
+| server.extraSecretEnvironmentVars[1].secretName | string | `"eks-creds"` | |
+| server.extraSecretEnvironmentVars[1].secretKey | string | `"AWS_SECRET_ACCESS_KEY"` | |
+| server.enterpriseLicense.secretName | string | `""` | |
+| server.enterpriseLicense.secretKey | string | `"license"` | |
+| server.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
+| server.image.tag | string | `"1.18.2"` | |
+| server.image.pullPolicy | string | `"IfNotPresent"` | |
+| server.updateStrategyType | string | `"OnDelete"` | |
+| server.logLevel | string | `""` | |
+| server.logFormat | string | `""` | |
+| server.resources.requests.memory | string | `"256Mi"` | |
+| server.resources.requests.cpu | string | `"250m"` | |
+| server.resources.limits.memory | string | `"256Mi"` | |
+| server.resources.limits.cpu | string | `"250m"` | |
+| server.ingress.enabled | bool | `false` | |
+| server.ingress.labels | object | `{}` | |
+| server.ingress.annotations | object | `{}` | |
+| server.ingress.ingressClassName | string | `""` | |
+| server.ingress.pathType | string | `"Prefix"` | |
+| server.ingress.activeService | bool | `true` | |
+| server.ingress.hosts[0].host | string | `"chart-example.local"` | |
+| server.ingress.hosts[0].paths | list | `[]` | |
+| server.ingress.extraPaths | list | `[]` | |
+| server.ingress.tls | list | `[]` | |
+| server.hostAliases | list | `[]` | |
+| server.route.enabled | bool | `false` | |
+| server.route.activeService | bool | `true` | |
+| server.route.labels | object | `{}` | |
+| server.route.annotations | object | `{}` | |
+| server.route.host | string | `"chart-example.local"` | |
+| server.route.tls.termination | string | `"passthrough"` | |
+| server.authDelegator.enabled | bool | `true` | |
+| server.extraInitContainers | string | `nil` | |
+| server.extraContainers | string | `nil` | |
+| server.shareProcessNamespace | bool | `false` | |
+| server.extraArgs | string | `""` | |
+| server.extraPorts | string | `nil` | |
+| server.readinessProbe.enabled | bool | `true` | |
+| server.readinessProbe.port | int | `8200` | |
+| server.readinessProbe.failureThreshold | int | `2` | |
+| server.readinessProbe.initialDelaySeconds | int | `5` | |
+| server.readinessProbe.periodSeconds | int | `5` | |
+| server.readinessProbe.successThreshold | int | `1` | |
+| server.readinessProbe.timeoutSeconds | int | `3` | |
+| server.livenessProbe.enabled | bool | `false` | |
+| server.livenessProbe.execCommand | list | `[]` | |
+| server.livenessProbe.path | string | `"/v1/sys/health?standbyok=true"` | |
+| server.livenessProbe.port | int | `8200` | |
+| server.livenessProbe.failureThreshold | int | `2` | |
+| server.livenessProbe.initialDelaySeconds | int | `60` | |
+| server.livenessProbe.periodSeconds | int | `5` | |
+| server.livenessProbe.successThreshold | int | `1` | |
+| server.livenessProbe.timeoutSeconds | int | `3` | |
+| server.terminationGracePeriodSeconds | int | `10` | |
+| server.preStopSleepSeconds | int | `5` | |
+| server.postStart | list | `[]` | |
+| server.extraEnvironmentVars | object | `{}` | |
+| server.extraSecretEnvironmentVars | list | `[]` | |
+| server.extraVolumes | list | `[]` | |
+| server.volumes | string | `nil` | |
+| server.volumeMounts | string | `nil` | |
+| server.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: server\n topologyKey: kubernetes.io/hostname\n"` | |
+| server.topologySpreadConstraints | list | `[]` | |
+| server.tolerations | list | `[]` | |
+| server.nodeSelector | object | `{}` | |
+| server.networkPolicy.enabled | bool | `false` | |
+| server.networkPolicy.egress | list | `[]` | |
+| server.networkPolicy.ingress[0].from[0].namespaceSelector | object | `{}` | |
+| server.networkPolicy.ingress[0].ports[0].port | int | `8200` | |
+| server.networkPolicy.ingress[0].ports[0].protocol | string | `"TCP"` | |
+| server.networkPolicy.ingress[0].ports[1].port | int | `8201` | |
+| server.networkPolicy.ingress[0].ports[1].protocol | string | `"TCP"` | |
+| server.priorityClassName | string | `""` | |
+| server.extraLabels | object | `{}` | |
+| server.annotations | object | `{}` | |
+| server.includeConfigAnnotation | bool | `false` | |
+| server.service.enabled | bool | `true` | |
+| server.service.active.enabled | bool | `true` | |
+| server.service.active.annotations | object | `{}` | |
+| server.service.standby.enabled | bool | `true` | |
+| server.service.standby.annotations | object | `{}` | |
+| server.service.instanceSelector.enabled | bool | `true` | |
+| server.service.ipFamilyPolicy | string | `""` | |
+| server.service.ipFamilies | list | `[]` | |
+| server.service.publishNotReadyAddresses | bool | `true` | |
+| server.service.externalTrafficPolicy | string | `"Cluster"` | |
+| server.service.port | int | `8200` | |
+| server.service.targetPort | int | `8200` | |
+| server.service.annotations | object | `{}` | |
+| server.dataStorage.enabled | bool | `true` | |
+| server.dataStorage.size | string | `"10Gi"` | |
+| server.dataStorage.mountPath | string | `"/vault/data"` | |
+| server.dataStorage.storageClass | string | `nil` | |
+| server.dataStorage.accessMode | string | `"ReadWriteOnce"` | |
+| server.dataStorage.annotations | object | `{}` | |
+| server.dataStorage.labels | object | `{}` | |
+| server.persistentVolumeClaimRetentionPolicy | object | `{}` | |
+| server.auditStorage.enabled | bool | `true` | |
+| server.auditStorage.size | string | `"10Gi"` | |
+| server.auditStorage.mountPath | string | `"/vault/audit"` | |
+| server.auditStorage.storageClass | string | `nil` | |
+| server.auditStorage.accessMode | string | `"ReadWriteOnce"` | |
+| server.auditStorage.annotations | object | `{}` | |
+| server.auditStorage.labels | object | `{}` | |
+| server.dev.enabled | bool | `false` | |
+| server.dev.devRootToken | string | `"root"` | |
+| server.standalone.enabled | string | `"-"` | |
+| server.standalone.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\n\ntelemetry {\n prometheus_retention_time = \"24h\"\n disable_hostname = true\n unauthenticated_metrics_access = true\n}\n\n{{- if .Values.server.dataStorage.enabled }}\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n{{- end }}\n\n{{- if and (not .Values.server.dataStorage.enabled) .Values.minio.enabled }}\nstorage \"s3\" {\n access_key = \"{{ .Values.minio.accessKey }}\"\n secret_key = \"{{ .Values.minio.secretKey }}\"\n endpoint = \"{{ .Values.minio.endpoint }}\"\n bucket = \"{{ .Values.minio.bucketName }}\"\n s3_force_path_style = \"true\"\n disable_ssl = \"{{ .Values.minio.disableSSL }}\"\n}\n{{- end }}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics in your config.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}"` | |
+| server.ha.enabled | bool | `false` | |
+| server.ha.replicas | int | `3` | |
+| server.ha.apiAddr | string | `nil` | |
+| server.ha.clusterAddr | string | `nil` | |
+| server.ha.raft.enabled | bool | `true` | |
+| server.ha.raft.setNodeId | bool | `true` | |
+| server.ha.raft.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\n\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n\ntelemetry {\n prometheus_retention_time = \"24h\"\n disable_hostname = true\n unauthenticated_metrics_access = true\n}\n\n\nservice_registration \"kubernetes\" {}\n"` | |
+| server.ha.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n}\nstorage \"consul\" {\n path = \"vault\"\n address = \"HOST_IP:8500\"\n}\n\nservice_registration \"kubernetes\" {}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev-246514\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics.\n# If you are using Prometheus Operator you can enable a ServiceMonitor resource below.\n# You may wish to enable unauthenticated metrics in the listener block above.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}\n"` | |
+| server.ha.disruptionBudget.enabled | bool | `true` | |
+| server.ha.disruptionBudget.maxUnavailable | string | `nil` | |
+| server.serviceAccount.create | bool | `true` | |
+| server.serviceAccount.name | string | `""` | |
+| server.serviceAccount.createSecret | bool | `false` | |
+| server.serviceAccount.annotations | object | `{}` | |
+| server.serviceAccount.extraLabels | object | `{}` | |
+| server.serviceAccount.serviceDiscovery.enabled | bool | `true` | |
+| server.statefulSet.annotations | object | `{}` | |
+| server.statefulSet.securityContext.pod | object | `{}` | |
+| server.statefulSet.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
+| server.hostNetwork | bool | `false` | |
+| ui.enabled | bool | `true` | |
+| ui.publishNotReadyAddresses | bool | `true` | |
+| ui.activeVaultPodOnly | bool | `false` | |
+| ui.serviceType | string | `"ClusterIP"` | |
+| ui.serviceNodePort | string | `nil` | |
+| ui.externalPort | int | `8200` | |
+| ui.targetPort | int | `8200` | |
+| ui.serviceIPFamilyPolicy | string | `""` | |
+| ui.serviceIPFamilies | list | `[]` | |
+| ui.externalTrafficPolicy | string | `"Cluster"` | |
+| ui.annotations | object | `{}` | |
+| csi.enabled | bool | `false` | |
+| csi.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault-csi-provider"` | |
+| csi.image.tag | string | `"v1.5.0"` | |
+| csi.image.pullPolicy | string | `"IfNotPresent"` | |
+| csi.volumes | string | `nil` | |
+| csi.volumeMounts | string | `nil` | |
+| csi.resources.requests.cpu | string | `"50m"` | |
+| csi.resources.requests.memory | string | `"128Mi"` | |
+| csi.resources.limits.cpu | string | `"50m"` | |
+| csi.resources.limits.memory | string | `"128Mi"` | |
+| csi.hmacSecretName | string | `""` | |
+| csi.hostNetwork | bool | `false` | |
+| csi.daemonSet.updateStrategy.type | string | `"RollingUpdate"` | |
+| csi.daemonSet.updateStrategy.maxUnavailable | string | `""` | |
+| csi.daemonSet.annotations | object | `{}` | |
+| csi.daemonSet.providersDir | string | `"/etc/kubernetes/secrets-store-csi-providers"` | |
+| csi.daemonSet.kubeletRootDir | string | `"/var/lib/kubelet"` | |
+| csi.daemonSet.extraLabels | object | `{}` | |
+| csi.daemonSet.securityContext.pod.runAsNonRoot | bool | `true` | |
+| csi.daemonSet.securityContext.pod.runAsGroup | int | `1000` | |
+| csi.daemonSet.securityContext.pod.runAsUser | int | `100` | |
+| csi.daemonSet.securityContext.pod.fsGroup | int | `1000` | |
+| csi.pod.annotations | object | `{}` | |
+| csi.pod.tolerations | list | `[]` | |
+| csi.pod.nodeSelector | object | `{}` | |
+| csi.pod.affinity | object | `{}` | |
+| csi.pod.extraLabels | object | `{}` | |
+| csi.agent.enabled | bool | `true` | |
+| csi.agent.extraArgs | list | `[]` | |
+| csi.agent.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
+| csi.agent.image.tag | string | `"1.18.2"` | |
+| csi.agent.image.pullPolicy | string | `"IfNotPresent"` | |
+| csi.agent.logFormat | string | `"standard"` | |
+| csi.agent.logLevel | string | `"info"` | |
+| csi.agent.resources.requests.memory | string | `"256Mi"` | |
+| csi.agent.resources.requests.cpu | string | `"250m"` | |
+| csi.agent.resources.limits.memory | string | `"256Mi"` | |
+| csi.agent.resources.limits.cpu | string | `"250m"` | |
+| csi.priorityClassName | string | `""` | |
+| csi.serviceAccount.annotations | object | `{}` | |
+| csi.serviceAccount.extraLabels | object | `{}` | |
+| csi.readinessProbe.failureThreshold | int | `2` | |
+| csi.readinessProbe.initialDelaySeconds | int | `5` | |
+| csi.readinessProbe.periodSeconds | int | `5` | |
+| csi.readinessProbe.successThreshold | int | `1` | |
+| csi.readinessProbe.timeoutSeconds | int | `3` | |
+| csi.livenessProbe.failureThreshold | int | `2` | |
+| csi.livenessProbe.initialDelaySeconds | int | `5` | |
+| csi.livenessProbe.periodSeconds | int | `5` | |
+| csi.livenessProbe.successThreshold | int | `1` | |
+| csi.livenessProbe.timeoutSeconds | int | `3` | |
+| csi.logLevel | string | `"info"` | |
+| csi.debug | bool | `false` | |
+| csi.extraArgs | list | `[]` | |
+| domain | string | `"dev.bigbang.mil"` | |
+| monitoring.enabled | bool | `false` | |
+| monitoring.namespace | string | `"monitoring"` | |
+| networkPolicies.enabled | bool | `false` | |
+| networkPolicies.controlPlaneCidr | string | `"0.0.0.0/0"` | |
+| networkPolicies.vpcCidr | string | `"0.0.0.0/0"` | |
+| networkPolicies.ingressLabels.app | string | `"istio-ingressgateway"` | |
+| networkPolicies.ingressLabels.istio | string | `"ingressgateway"` | |
+| networkPolicies.additionalPolicies | list | `[]` | |
+| autoInit.enabled | bool | `true` | |
+| autoInit.image.repository | string | `"registry1.dso.mil/ironbank/big-bang/base"` | |
+| autoInit.image.tag | string | `"2.1.0"` | |
+| autoInit.storage.size | string | `"2Gi"` | |
+| istio.enabled | bool | `false` | |
+| istio.hardened.enabled | bool | `false` | |
+| istio.hardened.customAuthorizationPolicies | list | `[]` | |
+| istio.hardened.monitoring.enabled | bool | `true` | |
+| istio.hardened.monitoring.namespaces[0] | string | `"monitoring"` | |
+| istio.hardened.monitoring.principals[0] | string | `"cluster.local/ns/monitoring/sa/monitoring-grafana"` | |
+| istio.hardened.monitoring.principals[1] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"` | |
+| istio.hardened.monitoring.principals[2] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"` | |
+| istio.hardened.monitoring.principals[3] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"` | |
+| istio.hardened.monitoring.principals[4] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"` | |
+| istio.hardened.monitoring.principals[5] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"` | |
+| istio.hardened.apiAccess.enabled | bool | `true` | |
+| istio.hardened.apiAccess.ports[0] | string | `"8200"` | |
+| istio.vault.enabled | bool | `true` | |
+| istio.vault.gateways[0] | string | `"istio-system/main"` | |
+| istio.vault.hosts[0] | string | `"vault.{{ .Values.domain }}"` | |
+| istio.vault.tls.cert | string | `""` | |
+| istio.vault.tls.key | string | `""` | |
+| istio.mtls.mode | string | `"STRICT"` | |
+| minio.enabled | bool | `false` | |
+| customAppIngressSelector.key | string | `"vault-ingress"` | |
+| customAppIngressSelector.value | bool | `true` | |
+| serverTelemetry.serviceMonitor.enabled | bool | `false` | |
+| serverTelemetry.serviceMonitor.selectors | object | `{}` | |
+| serverTelemetry.serviceMonitor.interval | string | `"30s"` | |
+| serverTelemetry.serviceMonitor.scrapeTimeout | string | `"10s"` | |
+| serverTelemetry.serviceMonitor.tlsConfig | object | `{}` | |
+| serverTelemetry.serviceMonitor.authorization | object | `{}` | |
+| serverTelemetry.prometheusRules.enabled | bool | `false` | |
+| serverTelemetry.prometheusRules.selectors | object | `{}` | |
+| serverTelemetry.prometheusRules.rules | list | `[]` | |
+| bbtests.enabled | bool | `false` | |
+| bbtests.cypress.resources.requests.cpu | int | `2` | |
+| bbtests.cypress.resources.requests.memory | string | `"8Gi"` | |
+| bbtests.cypress.resources.limits.cpu | int | `2` | |
+| bbtests.cypress.resources.limits.memory | string | `"8Gi"` | |
+| bbtests.cypress.artifacts | bool | `true` | |
+| bbtests.cypress.envs.cypress_vault_url | string | `"http://vault.vault.svc:8200"` | |
+| bbtests.cypress.secretEnvs[0].name | string | `"cypress_token"` | |
+| bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.name | string | `"vault-token"` | |
+| bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.key | string | `"key"` | |
+| bbtests.cypress.disableDefaultTests | bool | `false` | |
+| openshift | bool | `false` | |
## Contributing
@@ -398,3 +395,4 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
---
_This file is programatically generated using `helm-docs` and some BigBang-specific templates. The `gluon` repository has [instructions for regenerating package READMEs](https://repo1.dso.mil/big-bang/product/packages/gluon/-/blob/master/docs/bb-package-readme.md)._
+
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 6cd87135..8f9f0e49 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v2
name: vault
-version: '0.29.0-bb.1'
+version: '0.29.1-bb.0'
appVersion: 1.18.2
kubeVersion: ">= 1.20.0-0"
description: Official HashiCorp Vault Chart
--
GitLab
From 872e50060c0711d739b4d6b588f29b09aaddb5e5 Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Thu, 5 Dec 2024 08:26:21 -0600
Subject: [PATCH 23/30] fix readme conflict
---
README.md | 686 +++++++++++++++++++++++++++---------------------------
1 file changed, 342 insertions(+), 344 deletions(-)
diff --git a/README.md b/README.md
index c9272bad..44d91d18 100644
--- a/README.md
+++ b/README.md
@@ -1,26 +1,25 @@
<!-- Warning: Do not manually edit this file. See notes on gluon + helm-docs at the end of this file for more information. -->
+
# vault
-<<<<<<< HEAD
  
-=======
-  
->>>>>>> origin/main
Official HashiCorp Vault Chart
## Upstream References
+
- <https://www.vaultproject.io>
-- <https://github.com/hashicorp/vault>
-- <https://github.com/hashicorp/vault-helm>
-- <https://github.com/hashicorp/vault-k8s>
-- <https://github.com/hashicorp/vault-csi-provider>
+* <https://github.com/hashicorp/vault>
+* <https://github.com/hashicorp/vault-helm>
+* <https://github.com/hashicorp/vault-k8s>
+* <https://github.com/hashicorp/vault-csi-provider>
## Upstream Release Notes
This package has no upstream release note links on file. Please add some to [chart/Chart.yaml](chart/Chart.yaml) under `annotations.bigbang.dev/upstreamReleaseNotesMarkdown`.
Example:
+
```yaml
annotations:
bigbang.dev/upstreamReleaseNotesMarkdown: |
@@ -56,341 +55,341 @@ helm install vault chart/
## Values
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| global.enabled | bool | `true` | |
-| global.namespace | string | `""` | |
-| global.imagePullSecrets[0].name | string | `"private-registry"` | |
-| global.tlsDisable | bool | `true` | |
-| global.externalVaultAddr | string | `""` | |
-| global.openshift | bool | `false` | |
-| global.psp.enable | bool | `false` | |
-| global.psp.annotations | string | `"seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default\napparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default\nseccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default\napparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default\n"` | |
-| global.serverTelemetry.prometheusOperator | bool | `false` | |
-| injector.enabled | string | `"-"` | |
-| injector.replicas | int | `1` | |
-| injector.port | int | `8080` | |
-| injector.leaderElector.enabled | bool | `false` | |
-| injector.metrics.enabled | bool | `true` | |
-| injector.externalVaultAddr | string | `""` | |
-| injector.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s"` | |
-| injector.image.tag | string | `"v1.5.0"` | |
-| injector.image.pullPolicy | string | `"IfNotPresent"` | |
-| injector.agentImage.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
-| injector.agentImage.tag | string | `"1.18.2"` | |
-| injector.agentDefaults.cpuLimit | string | `"500m"` | |
-| injector.agentDefaults.cpuRequest | string | `"500m"` | |
-| injector.agentDefaults.memLimit | string | `"250Mi"` | |
-| injector.agentDefaults.memRequest | string | `"250Mi"` | |
-| injector.agentDefaults.template | string | `"map"` | |
-| injector.agentDefaults.templateConfig.exitOnRetryFailure | bool | `true` | |
-| injector.agentDefaults.templateConfig.staticSecretRenderInterval | string | `""` | |
-| injector.livenessProbe.failureThreshold | int | `2` | |
-| injector.livenessProbe.initialDelaySeconds | int | `5` | |
-| injector.livenessProbe.periodSeconds | int | `2` | |
-| injector.livenessProbe.successThreshold | int | `1` | |
-| injector.livenessProbe.timeoutSeconds | int | `5` | |
-| injector.readinessProbe.failureThreshold | int | `2` | |
-| injector.readinessProbe.initialDelaySeconds | int | `5` | |
-| injector.readinessProbe.periodSeconds | int | `2` | |
-| injector.readinessProbe.successThreshold | int | `1` | |
-| injector.readinessProbe.timeoutSeconds | int | `5` | |
-| injector.startupProbe.failureThreshold | int | `12` | |
-| injector.startupProbe.initialDelaySeconds | int | `5` | |
-| injector.startupProbe.periodSeconds | int | `5` | |
-| injector.startupProbe.successThreshold | int | `1` | |
-| injector.startupProbe.timeoutSeconds | int | `5` | |
-| injector.authPath | string | `"auth/kubernetes"` | |
-| injector.logLevel | string | `"info"` | |
-| injector.logFormat | string | `"standard"` | |
-| injector.revokeOnShutdown | bool | `false` | |
-| injector.webhook.failurePolicy | string | `"Ignore"` | |
-| injector.webhook.matchPolicy | string | `"Exact"` | |
-| injector.webhook.timeoutSeconds | int | `30` | |
-| injector.webhook.namespaceSelector | object | `{}` | |
-| injector.webhook.objectSelector | string | `"matchExpressions:\n- key: app.kubernetes.io/name\n operator: NotIn\n values:\n - {{ template \"vault.name\" . }}-agent-injector\n"` | |
-| injector.webhook.annotations | object | `{}` | |
-| injector.failurePolicy | string | `"Ignore"` | |
-| injector.namespaceSelector | object | `{}` | |
-| injector.objectSelector | object | `{}` | |
-| injector.webhookAnnotations | object | `{}` | |
-| injector.certs.secretName | string | `nil` | |
-| injector.certs.caBundle | string | `""` | |
-| injector.certs.certName | string | `"tls.crt"` | |
-| injector.certs.keyName | string | `"tls.key"` | |
-| injector.securityContext.pod | object | `{}` | |
-| injector.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
-| injector.resources.requests.memory | string | `"256Mi"` | |
-| injector.resources.requests.cpu | string | `"250m"` | |
-| injector.resources.limits.memory | string | `"256Mi"` | |
-| injector.resources.limits.cpu | string | `"250m"` | |
-| injector.extraEnvironmentVars | object | `{}` | |
-| injector.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}-agent-injector\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: webhook\n topologyKey: kubernetes.io/hostname\n"` | |
-| injector.topologySpreadConstraints | list | `[]` | |
-| injector.tolerations | list | `[]` | |
-| injector.nodeSelector | object | `{}` | |
-| injector.priorityClassName | string | `""` | |
-| injector.annotations | object | `{}` | |
-| injector.extraLabels | object | `{}` | |
-| injector.hostNetwork | bool | `false` | |
-| injector.service.annotations | object | `{}` | |
-| injector.serviceAccount.annotations | object | `{}` | |
-| injector.podDisruptionBudget | object | `{}` | |
-| injector.strategy | object | `{}` | |
-| server.enabled | bool | `true` | |
-| server.extraSecretEnvironmentVars[0].envName | string | `"AWS_ACCESS_KEY_ID"` | |
-| server.extraSecretEnvironmentVars[0].secretName | string | `"eks-creds"` | |
-| server.extraSecretEnvironmentVars[0].secretKey | string | `"AWS_ACCESS_KEY_ID"` | |
-| server.extraSecretEnvironmentVars[1].envName | string | `"AWS_SECRET_ACCESS_KEY"` | |
-| server.extraSecretEnvironmentVars[1].secretName | string | `"eks-creds"` | |
-| server.extraSecretEnvironmentVars[1].secretKey | string | `"AWS_SECRET_ACCESS_KEY"` | |
-| server.enterpriseLicense.secretName | string | `""` | |
-| server.enterpriseLicense.secretKey | string | `"license"` | |
-| server.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
-| server.image.tag | string | `"1.18.2"` | |
-| server.image.pullPolicy | string | `"IfNotPresent"` | |
-| server.updateStrategyType | string | `"OnDelete"` | |
-| server.logLevel | string | `""` | |
-| server.logFormat | string | `""` | |
-| server.resources.requests.memory | string | `"256Mi"` | |
-| server.resources.requests.cpu | string | `"250m"` | |
-| server.resources.limits.memory | string | `"256Mi"` | |
-| server.resources.limits.cpu | string | `"250m"` | |
-| server.ingress.enabled | bool | `false` | |
-| server.ingress.labels | object | `{}` | |
-| server.ingress.annotations | object | `{}` | |
-| server.ingress.ingressClassName | string | `""` | |
-| server.ingress.pathType | string | `"Prefix"` | |
-| server.ingress.activeService | bool | `true` | |
-| server.ingress.hosts[0].host | string | `"chart-example.local"` | |
-| server.ingress.hosts[0].paths | list | `[]` | |
-| server.ingress.extraPaths | list | `[]` | |
-| server.ingress.tls | list | `[]` | |
-| server.hostAliases | list | `[]` | |
-| server.route.enabled | bool | `false` | |
-| server.route.activeService | bool | `true` | |
-| server.route.labels | object | `{}` | |
-| server.route.annotations | object | `{}` | |
-| server.route.host | string | `"chart-example.local"` | |
-| server.route.tls.termination | string | `"passthrough"` | |
-| server.authDelegator.enabled | bool | `true` | |
-| server.extraInitContainers | string | `nil` | |
-| server.extraContainers | string | `nil` | |
-| server.shareProcessNamespace | bool | `false` | |
-| server.extraArgs | string | `""` | |
-| server.extraPorts | string | `nil` | |
-| server.readinessProbe.enabled | bool | `true` | |
-| server.readinessProbe.port | int | `8200` | |
-| server.readinessProbe.failureThreshold | int | `2` | |
-| server.readinessProbe.initialDelaySeconds | int | `5` | |
-| server.readinessProbe.periodSeconds | int | `5` | |
-| server.readinessProbe.successThreshold | int | `1` | |
-| server.readinessProbe.timeoutSeconds | int | `3` | |
-| server.livenessProbe.enabled | bool | `false` | |
-| server.livenessProbe.execCommand | list | `[]` | |
-| server.livenessProbe.path | string | `"/v1/sys/health?standbyok=true"` | |
-| server.livenessProbe.port | int | `8200` | |
-| server.livenessProbe.failureThreshold | int | `2` | |
-| server.livenessProbe.initialDelaySeconds | int | `60` | |
-| server.livenessProbe.periodSeconds | int | `5` | |
-| server.livenessProbe.successThreshold | int | `1` | |
-| server.livenessProbe.timeoutSeconds | int | `3` | |
-| server.terminationGracePeriodSeconds | int | `10` | |
-| server.preStopSleepSeconds | int | `5` | |
-| server.postStart | list | `[]` | |
-| server.extraEnvironmentVars | object | `{}` | |
-| server.extraSecretEnvironmentVars | list | `[]` | |
-| server.extraVolumes | list | `[]` | |
-| server.volumes | string | `nil` | |
-| server.volumeMounts | string | `nil` | |
-| server.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: server\n topologyKey: kubernetes.io/hostname\n"` | |
-| server.topologySpreadConstraints | list | `[]` | |
-| server.tolerations | list | `[]` | |
-| server.nodeSelector | object | `{}` | |
-| server.networkPolicy.enabled | bool | `false` | |
-| server.networkPolicy.egress | list | `[]` | |
-| server.networkPolicy.ingress[0].from[0].namespaceSelector | object | `{}` | |
-| server.networkPolicy.ingress[0].ports[0].port | int | `8200` | |
-| server.networkPolicy.ingress[0].ports[0].protocol | string | `"TCP"` | |
-| server.networkPolicy.ingress[0].ports[1].port | int | `8201` | |
-| server.networkPolicy.ingress[0].ports[1].protocol | string | `"TCP"` | |
-| server.priorityClassName | string | `""` | |
-| server.extraLabels | object | `{}` | |
-| server.annotations | object | `{}` | |
-| server.includeConfigAnnotation | bool | `false` | |
-| server.service.enabled | bool | `true` | |
-| server.service.active.enabled | bool | `true` | |
-| server.service.active.annotations | object | `{}` | |
-| server.service.standby.enabled | bool | `true` | |
-| server.service.standby.annotations | object | `{}` | |
-| server.service.instanceSelector.enabled | bool | `true` | |
-| server.service.ipFamilyPolicy | string | `""` | |
-| server.service.ipFamilies | list | `[]` | |
-| server.service.publishNotReadyAddresses | bool | `true` | |
-| server.service.externalTrafficPolicy | string | `"Cluster"` | |
-| server.service.port | int | `8200` | |
-| server.service.targetPort | int | `8200` | |
-| server.service.annotations | object | `{}` | |
-| server.dataStorage.enabled | bool | `true` | |
-| server.dataStorage.size | string | `"10Gi"` | |
-| server.dataStorage.mountPath | string | `"/vault/data"` | |
-| server.dataStorage.storageClass | string | `nil` | |
-| server.dataStorage.accessMode | string | `"ReadWriteOnce"` | |
-| server.dataStorage.annotations | object | `{}` | |
-| server.dataStorage.labels | object | `{}` | |
-| server.persistentVolumeClaimRetentionPolicy | object | `{}` | |
-| server.auditStorage.enabled | bool | `true` | |
-| server.auditStorage.size | string | `"10Gi"` | |
-| server.auditStorage.mountPath | string | `"/vault/audit"` | |
-| server.auditStorage.storageClass | string | `nil` | |
-| server.auditStorage.accessMode | string | `"ReadWriteOnce"` | |
-| server.auditStorage.annotations | object | `{}` | |
-| server.auditStorage.labels | object | `{}` | |
-| server.dev.enabled | bool | `false` | |
-| server.dev.devRootToken | string | `"root"` | |
-| server.standalone.enabled | string | `"-"` | |
-| server.standalone.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\n\ntelemetry {\n prometheus_retention_time = \"24h\"\n disable_hostname = true\n unauthenticated_metrics_access = true\n}\n\n{{- if .Values.server.dataStorage.enabled }}\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n{{- end }}\n\n{{- if and (not .Values.server.dataStorage.enabled) .Values.minio.enabled }}\nstorage \"s3\" {\n access_key = \"{{ .Values.minio.accessKey }}\"\n secret_key = \"{{ .Values.minio.secretKey }}\"\n endpoint = \"{{ .Values.minio.endpoint }}\"\n bucket = \"{{ .Values.minio.bucketName }}\"\n s3_force_path_style = \"true\"\n disable_ssl = \"{{ .Values.minio.disableSSL }}\"\n}\n{{- end }}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics in your config.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}"` | |
-| server.ha.enabled | bool | `false` | |
-| server.ha.replicas | int | `3` | |
-| server.ha.apiAddr | string | `nil` | |
-| server.ha.clusterAddr | string | `nil` | |
-| server.ha.raft.enabled | bool | `true` | |
-| server.ha.raft.setNodeId | bool | `true` | |
-| server.ha.raft.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\n\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n\ntelemetry {\n prometheus_retention_time = \"24h\"\n disable_hostname = true\n unauthenticated_metrics_access = true\n}\n\n\nservice_registration \"kubernetes\" {}\n"` | |
-| server.ha.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n}\nstorage \"consul\" {\n path = \"vault\"\n address = \"HOST_IP:8500\"\n}\n\nservice_registration \"kubernetes\" {}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev-246514\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics.\n# If you are using Prometheus Operator you can enable a ServiceMonitor resource below.\n# You may wish to enable unauthenticated metrics in the listener block above.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}\n"` | |
-| server.ha.disruptionBudget.enabled | bool | `true` | |
-| server.ha.disruptionBudget.maxUnavailable | string | `nil` | |
-| server.serviceAccount.create | bool | `true` | |
-| server.serviceAccount.name | string | `""` | |
-| server.serviceAccount.createSecret | bool | `false` | |
-| server.serviceAccount.annotations | object | `{}` | |
-| server.serviceAccount.extraLabels | object | `{}` | |
-| server.serviceAccount.serviceDiscovery.enabled | bool | `true` | |
-| server.statefulSet.annotations | object | `{}` | |
-| server.statefulSet.securityContext.pod | object | `{}` | |
-| server.statefulSet.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
-| server.hostNetwork | bool | `false` | |
-| ui.enabled | bool | `true` | |
-| ui.publishNotReadyAddresses | bool | `true` | |
-| ui.activeVaultPodOnly | bool | `false` | |
-| ui.serviceType | string | `"ClusterIP"` | |
-| ui.serviceNodePort | string | `nil` | |
-| ui.externalPort | int | `8200` | |
-| ui.targetPort | int | `8200` | |
-| ui.serviceIPFamilyPolicy | string | `""` | |
-| ui.serviceIPFamilies | list | `[]` | |
-| ui.externalTrafficPolicy | string | `"Cluster"` | |
-| ui.annotations | object | `{}` | |
-| csi.enabled | bool | `false` | |
-| csi.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault-csi-provider"` | |
-| csi.image.tag | string | `"v1.5.0"` | |
-| csi.image.pullPolicy | string | `"IfNotPresent"` | |
-| csi.volumes | string | `nil` | |
-| csi.volumeMounts | string | `nil` | |
-| csi.resources.requests.cpu | string | `"50m"` | |
-| csi.resources.requests.memory | string | `"128Mi"` | |
-| csi.resources.limits.cpu | string | `"50m"` | |
-| csi.resources.limits.memory | string | `"128Mi"` | |
-| csi.hmacSecretName | string | `""` | |
-| csi.hostNetwork | bool | `false` | |
-| csi.daemonSet.updateStrategy.type | string | `"RollingUpdate"` | |
-| csi.daemonSet.updateStrategy.maxUnavailable | string | `""` | |
-| csi.daemonSet.annotations | object | `{}` | |
-| csi.daemonSet.providersDir | string | `"/etc/kubernetes/secrets-store-csi-providers"` | |
-| csi.daemonSet.kubeletRootDir | string | `"/var/lib/kubelet"` | |
-| csi.daemonSet.extraLabels | object | `{}` | |
-| csi.daemonSet.securityContext.pod.runAsNonRoot | bool | `true` | |
-| csi.daemonSet.securityContext.pod.runAsGroup | int | `1000` | |
-| csi.daemonSet.securityContext.pod.runAsUser | int | `100` | |
-| csi.daemonSet.securityContext.pod.fsGroup | int | `1000` | |
-| csi.pod.annotations | object | `{}` | |
-| csi.pod.tolerations | list | `[]` | |
-| csi.pod.nodeSelector | object | `{}` | |
-| csi.pod.affinity | object | `{}` | |
-| csi.pod.extraLabels | object | `{}` | |
-| csi.agent.enabled | bool | `true` | |
-| csi.agent.extraArgs | list | `[]` | |
-| csi.agent.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
-| csi.agent.image.tag | string | `"1.18.2"` | |
-| csi.agent.image.pullPolicy | string | `"IfNotPresent"` | |
-| csi.agent.logFormat | string | `"standard"` | |
-| csi.agent.logLevel | string | `"info"` | |
-| csi.agent.resources.requests.memory | string | `"256Mi"` | |
-| csi.agent.resources.requests.cpu | string | `"250m"` | |
-| csi.agent.resources.limits.memory | string | `"256Mi"` | |
-| csi.agent.resources.limits.cpu | string | `"250m"` | |
-| csi.priorityClassName | string | `""` | |
-| csi.serviceAccount.annotations | object | `{}` | |
-| csi.serviceAccount.extraLabels | object | `{}` | |
-| csi.readinessProbe.failureThreshold | int | `2` | |
-| csi.readinessProbe.initialDelaySeconds | int | `5` | |
-| csi.readinessProbe.periodSeconds | int | `5` | |
-| csi.readinessProbe.successThreshold | int | `1` | |
-| csi.readinessProbe.timeoutSeconds | int | `3` | |
-| csi.livenessProbe.failureThreshold | int | `2` | |
-| csi.livenessProbe.initialDelaySeconds | int | `5` | |
-| csi.livenessProbe.periodSeconds | int | `5` | |
-| csi.livenessProbe.successThreshold | int | `1` | |
-| csi.livenessProbe.timeoutSeconds | int | `3` | |
-| csi.logLevel | string | `"info"` | |
-| csi.debug | bool | `false` | |
-| csi.extraArgs | list | `[]` | |
-| domain | string | `"dev.bigbang.mil"` | |
-| monitoring.enabled | bool | `false` | |
-| monitoring.namespace | string | `"monitoring"` | |
-| networkPolicies.enabled | bool | `false` | |
-| networkPolicies.controlPlaneCidr | string | `"0.0.0.0/0"` | |
-| networkPolicies.vpcCidr | string | `"0.0.0.0/0"` | |
-| networkPolicies.ingressLabels.app | string | `"istio-ingressgateway"` | |
-| networkPolicies.ingressLabels.istio | string | `"ingressgateway"` | |
-| networkPolicies.additionalPolicies | list | `[]` | |
-| autoInit.enabled | bool | `true` | |
-| autoInit.image.repository | string | `"registry1.dso.mil/ironbank/big-bang/base"` | |
-| autoInit.image.tag | string | `"2.1.0"` | |
-| autoInit.storage.size | string | `"2Gi"` | |
-| istio.enabled | bool | `false` | |
-| istio.hardened.enabled | bool | `false` | |
-| istio.hardened.customAuthorizationPolicies | list | `[]` | |
-| istio.hardened.monitoring.enabled | bool | `true` | |
-| istio.hardened.monitoring.namespaces[0] | string | `"monitoring"` | |
-| istio.hardened.monitoring.principals[0] | string | `"cluster.local/ns/monitoring/sa/monitoring-grafana"` | |
-| istio.hardened.monitoring.principals[1] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"` | |
-| istio.hardened.monitoring.principals[2] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"` | |
-| istio.hardened.monitoring.principals[3] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"` | |
-| istio.hardened.monitoring.principals[4] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"` | |
-| istio.hardened.monitoring.principals[5] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"` | |
-| istio.hardened.apiAccess.enabled | bool | `true` | |
-| istio.hardened.apiAccess.ports[0] | string | `"8200"` | |
-| istio.vault.enabled | bool | `true` | |
-| istio.vault.gateways[0] | string | `"istio-system/main"` | |
-| istio.vault.hosts[0] | string | `"vault.{{ .Values.domain }}"` | |
-| istio.vault.tls.cert | string | `""` | |
-| istio.vault.tls.key | string | `""` | |
-| istio.mtls.mode | string | `"STRICT"` | |
-| minio.enabled | bool | `false` | |
-| customAppIngressSelector.key | string | `"vault-ingress"` | |
-| customAppIngressSelector.value | bool | `true` | |
-| serverTelemetry.serviceMonitor.enabled | bool | `false` | |
-| serverTelemetry.serviceMonitor.selectors | object | `{}` | |
-| serverTelemetry.serviceMonitor.interval | string | `"30s"` | |
-| serverTelemetry.serviceMonitor.scrapeTimeout | string | `"10s"` | |
-| serverTelemetry.serviceMonitor.tlsConfig | object | `{}` | |
-| serverTelemetry.serviceMonitor.authorization | object | `{}` | |
-| serverTelemetry.prometheusRules.enabled | bool | `false` | |
-| serverTelemetry.prometheusRules.selectors | object | `{}` | |
-| serverTelemetry.prometheusRules.rules | list | `[]` | |
-| bbtests.enabled | bool | `false` | |
-| bbtests.cypress.resources.requests.cpu | int | `2` | |
-| bbtests.cypress.resources.requests.memory | string | `"8Gi"` | |
-| bbtests.cypress.resources.limits.cpu | int | `2` | |
-| bbtests.cypress.resources.limits.memory | string | `"8Gi"` | |
-| bbtests.cypress.artifacts | bool | `true` | |
-| bbtests.cypress.envs.cypress_vault_url | string | `"http://vault.vault.svc:8200"` | |
-| bbtests.cypress.secretEnvs[0].name | string | `"cypress_token"` | |
-| bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.name | string | `"vault-token"` | |
-| bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.key | string | `"key"` | |
-| bbtests.cypress.disableDefaultTests | bool | `false` | |
-| openshift | bool | `false` | |
+| Key | Type | Default | Description |
+| ----------------------------------------------------------------- | ------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
+| global.enabled | bool | `true` | |
+| global.namespace | string | `""` | |
+| global.imagePullSecrets[0].name | string | `"private-registry"` | |
+| global.tlsDisable | bool | `true` | |
+| global.externalVaultAddr | string | `""` | |
+| global.openshift | bool | `false` | |
+| global.psp.enable | bool | `false` | |
+| global.psp.annotations | string | `"seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default\napparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default\nseccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default\napparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default\n"` | |
+| global.serverTelemetry.prometheusOperator | bool | `false` | |
+| injector.enabled | string | `"-"` | |
+| injector.replicas | int | `1` | |
+| injector.port | int | `8080` | |
+| injector.leaderElector.enabled | bool | `false` | |
+| injector.metrics.enabled | bool | `true` | |
+| injector.externalVaultAddr | string | `""` | |
+| injector.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s"` | |
+| injector.image.tag | string | `"v1.5.0"` | |
+| injector.image.pullPolicy | string | `"IfNotPresent"` | |
+| injector.agentImage.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
+| injector.agentImage.tag | string | `"1.18.2"` | |
+| injector.agentDefaults.cpuLimit | string | `"500m"` | |
+| injector.agentDefaults.cpuRequest | string | `"500m"` | |
+| injector.agentDefaults.memLimit | string | `"250Mi"` | |
+| injector.agentDefaults.memRequest | string | `"250Mi"` | |
+| injector.agentDefaults.template | string | `"map"` | |
+| injector.agentDefaults.templateConfig.exitOnRetryFailure | bool | `true` | |
+| injector.agentDefaults.templateConfig.staticSecretRenderInterval | string | `""` | |
+| injector.livenessProbe.failureThreshold | int | `2` | |
+| injector.livenessProbe.initialDelaySeconds | int | `5` | |
+| injector.livenessProbe.periodSeconds | int | `2` | |
+| injector.livenessProbe.successThreshold | int | `1` | |
+| injector.livenessProbe.timeoutSeconds | int | `5` | |
+| injector.readinessProbe.failureThreshold | int | `2` | |
+| injector.readinessProbe.initialDelaySeconds | int | `5` | |
+| injector.readinessProbe.periodSeconds | int | `2` | |
+| injector.readinessProbe.successThreshold | int | `1` | |
+| injector.readinessProbe.timeoutSeconds | int | `5` | |
+| injector.startupProbe.failureThreshold | int | `12` | |
+| injector.startupProbe.initialDelaySeconds | int | `5` | |
+| injector.startupProbe.periodSeconds | int | `5` | |
+| injector.startupProbe.successThreshold | int | `1` | |
+| injector.startupProbe.timeoutSeconds | int | `5` | |
+| injector.authPath | string | `"auth/kubernetes"` | |
+| injector.logLevel | string | `"info"` | |
+| injector.logFormat | string | `"standard"` | |
+| injector.revokeOnShutdown | bool | `false` | |
+| injector.webhook.failurePolicy | string | `"Ignore"` | |
+| injector.webhook.matchPolicy | string | `"Exact"` | |
+| injector.webhook.timeoutSeconds | int | `30` | |
+| injector.webhook.namespaceSelector | object | `{}` | |
+| injector.webhook.objectSelector | string | `"matchExpressions:\n- key: app.kubernetes.io/name\n operator: NotIn\n values:\n - {{ template \"vault.name\" . }}-agent-injector\n"` | |
+| injector.webhook.annotations | object | `{}` | |
+| injector.failurePolicy | string | `"Ignore"` | |
+| injector.namespaceSelector | object | `{}` | |
+| injector.objectSelector | object | `{}` | |
+| injector.webhookAnnotations | object | `{}` | |
+| injector.certs.secretName | string | `nil` | |
+| injector.certs.caBundle | string | `""` | |
+| injector.certs.certName | string | `"tls.crt"` | |
+| injector.certs.keyName | string | `"tls.key"` | |
+| injector.securityContext.pod | object | `{}` | |
+| injector.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
+| injector.resources.requests.memory | string | `"256Mi"` | |
+| injector.resources.requests.cpu | string | `"250m"` | |
+| injector.resources.limits.memory | string | `"256Mi"` | |
+| injector.resources.limits.cpu | string | `"250m"` | |
+| injector.extraEnvironmentVars | object | `{}` | |
+| injector.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}-agent-injector\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: webhook\n topologyKey: kubernetes.io/hostname\n"` | |
+| injector.topologySpreadConstraints | list | `[]` | |
+| injector.tolerations | list | `[]` | |
+| injector.nodeSelector | object | `{}` | |
+| injector.priorityClassName | string | `""` | |
+| injector.annotations | object | `{}` | |
+| injector.extraLabels | object | `{}` | |
+| injector.hostNetwork | bool | `false` | |
+| injector.service.annotations | object | `{}` | |
+| injector.serviceAccount.annotations | object | `{}` | |
+| injector.podDisruptionBudget | object | `{}` | |
+| injector.strategy | object | `{}` | |
+| server.enabled | bool | `true` | |
+| server.extraSecretEnvironmentVars[0].envName | string | `"AWS_ACCESS_KEY_ID"` | |
+| server.extraSecretEnvironmentVars[0].secretName | string | `"eks-creds"` | |
+| server.extraSecretEnvironmentVars[0].secretKey | string | `"AWS_ACCESS_KEY_ID"` | |
+| server.extraSecretEnvironmentVars[1].envName | string | `"AWS_SECRET_ACCESS_KEY"` | |
+| server.extraSecretEnvironmentVars[1].secretName | string | `"eks-creds"` | |
+| server.extraSecretEnvironmentVars[1].secretKey | string | `"AWS_SECRET_ACCESS_KEY"` | |
+| server.enterpriseLicense.secretName | string | `""` | |
+| server.enterpriseLicense.secretKey | string | `"license"` | |
+| server.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
+| server.image.tag | string | `"1.18.2"` | |
+| server.image.pullPolicy | string | `"IfNotPresent"` | |
+| server.updateStrategyType | string | `"OnDelete"` | |
+| server.logLevel | string | `""` | |
+| server.logFormat | string | `""` | |
+| server.resources.requests.memory | string | `"256Mi"` | |
+| server.resources.requests.cpu | string | `"250m"` | |
+| server.resources.limits.memory | string | `"256Mi"` | |
+| server.resources.limits.cpu | string | `"250m"` | |
+| server.ingress.enabled | bool | `false` | |
+| server.ingress.labels | object | `{}` | |
+| server.ingress.annotations | object | `{}` | |
+| server.ingress.ingressClassName | string | `""` | |
+| server.ingress.pathType | string | `"Prefix"` | |
+| server.ingress.activeService | bool | `true` | |
+| server.ingress.hosts[0].host | string | `"chart-example.local"` | |
+| server.ingress.hosts[0].paths | list | `[]` | |
+| server.ingress.extraPaths | list | `[]` | |
+| server.ingress.tls | list | `[]` | |
+| server.hostAliases | list | `[]` | |
+| server.route.enabled | bool | `false` | |
+| server.route.activeService | bool | `true` | |
+| server.route.labels | object | `{}` | |
+| server.route.annotations | object | `{}` | |
+| server.route.host | string | `"chart-example.local"` | |
+| server.route.tls.termination | string | `"passthrough"` | |
+| server.authDelegator.enabled | bool | `true` | |
+| server.extraInitContainers | string | `nil` | |
+| server.extraContainers | string | `nil` | |
+| server.shareProcessNamespace | bool | `false` | |
+| server.extraArgs | string | `""` | |
+| server.extraPorts | string | `nil` | |
+| server.readinessProbe.enabled | bool | `true` | |
+| server.readinessProbe.port | int | `8200` | |
+| server.readinessProbe.failureThreshold | int | `2` | |
+| server.readinessProbe.initialDelaySeconds | int | `5` | |
+| server.readinessProbe.periodSeconds | int | `5` | |
+| server.readinessProbe.successThreshold | int | `1` | |
+| server.readinessProbe.timeoutSeconds | int | `3` | |
+| server.livenessProbe.enabled | bool | `false` | |
+| server.livenessProbe.execCommand | list | `[]` | |
+| server.livenessProbe.path | string | `"/v1/sys/health?standbyok=true"` | |
+| server.livenessProbe.port | int | `8200` | |
+| server.livenessProbe.failureThreshold | int | `2` | |
+| server.livenessProbe.initialDelaySeconds | int | `60` | |
+| server.livenessProbe.periodSeconds | int | `5` | |
+| server.livenessProbe.successThreshold | int | `1` | |
+| server.livenessProbe.timeoutSeconds | int | `3` | |
+| server.terminationGracePeriodSeconds | int | `10` | |
+| server.preStopSleepSeconds | int | `5` | |
+| server.postStart | list | `[]` | |
+| server.extraEnvironmentVars | object | `{}` | |
+| server.extraSecretEnvironmentVars | list | `[]` | |
+| server.extraVolumes | list | `[]` | |
+| server.volumes | string | `nil` | |
+| server.volumeMounts | string | `nil` | |
+| server.affinity | string | `"podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchLabels:\n app.kubernetes.io/name: {{ template \"vault.name\" . }}\n app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n component: server\n topologyKey: kubernetes.io/hostname\n"` | |
+| server.topologySpreadConstraints | list | `[]` | |
+| server.tolerations | list | `[]` | |
+| server.nodeSelector | object | `{}` | |
+| server.networkPolicy.enabled | bool | `false` | |
+| server.networkPolicy.egress | list | `[]` | |
+| server.networkPolicy.ingress[0].from[0].namespaceSelector | object | `{}` | |
+| server.networkPolicy.ingress[0].ports[0].port | int | `8200` | |
+| server.networkPolicy.ingress[0].ports[0].protocol | string | `"TCP"` | |
+| server.networkPolicy.ingress[0].ports[1].port | int | `8201` | |
+| server.networkPolicy.ingress[0].ports[1].protocol | string | `"TCP"` | |
+| server.priorityClassName | string | `""` | |
+| server.extraLabels | object | `{}` | |
+| server.annotations | object | `{}` | |
+| server.includeConfigAnnotation | bool | `false` | |
+| server.service.enabled | bool | `true` | |
+| server.service.active.enabled | bool | `true` | |
+| server.service.active.annotations | object | `{}` | |
+| server.service.standby.enabled | bool | `true` | |
+| server.service.standby.annotations | object | `{}` | |
+| server.service.instanceSelector.enabled | bool | `true` | |
+| server.service.ipFamilyPolicy | string | `""` | |
+| server.service.ipFamilies | list | `[]` | |
+| server.service.publishNotReadyAddresses | bool | `true` | |
+| server.service.externalTrafficPolicy | string | `"Cluster"` | |
+| server.service.port | int | `8200` | |
+| server.service.targetPort | int | `8200` | |
+| server.service.annotations | object | `{}` | |
+| server.dataStorage.enabled | bool | `true` | |
+| server.dataStorage.size | string | `"10Gi"` | |
+| server.dataStorage.mountPath | string | `"/vault/data"` | |
+| server.dataStorage.storageClass | string | `nil` | |
+| server.dataStorage.accessMode | string | `"ReadWriteOnce"` | |
+| server.dataStorage.annotations | object | `{}` | |
+| server.dataStorage.labels | object | `{}` | |
+| server.persistentVolumeClaimRetentionPolicy | object | `{}` | |
+| server.auditStorage.enabled | bool | `true` | |
+| server.auditStorage.size | string | `"10Gi"` | |
+| server.auditStorage.mountPath | string | `"/vault/audit"` | |
+| server.auditStorage.storageClass | string | `nil` | |
+| server.auditStorage.accessMode | string | `"ReadWriteOnce"` | |
+| server.auditStorage.annotations | object | `{}` | |
+| server.auditStorage.labels | object | `{}` | |
+| server.dev.enabled | bool | `false` | |
+| server.dev.devRootToken | string | `"root"` | |
+| server.standalone.enabled | string | `"-"` | |
+| server.standalone.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\n\ntelemetry {\n prometheus_retention_time = \"24h\"\n disable_hostname = true\n unauthenticated_metrics_access = true\n}\n\n{{- if .Values.server.dataStorage.enabled }}\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n{{- end }}\n\n{{- if and (not .Values.server.dataStorage.enabled) .Values.minio.enabled }}\nstorage \"s3\" {\n access_key = \"{{ .Values.minio.accessKey }}\"\n secret_key = \"{{ .Values.minio.secretKey }}\"\n endpoint = \"{{ .Values.minio.endpoint }}\"\n bucket = \"{{ .Values.minio.bucketName }}\"\n s3_force_path_style = \"true\"\n disable_ssl = \"{{ .Values.minio.disableSSL }}\"\n}\n{{- end }}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics in your config.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}"` | |
+| server.ha.enabled | bool | `false` | |
+| server.ha.replicas | int | `3` | |
+| server.ha.apiAddr | string | `nil` | |
+| server.ha.clusterAddr | string | `nil` | |
+| server.ha.raft.enabled | bool | `true` | |
+| server.ha.raft.setNodeId | bool | `true` | |
+| server.ha.raft.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n #telemetry {\n # unauthenticated_metrics_access = \"true\"\n #}\n}\n\nstorage \"raft\" {\n path = \"/vault/data\"\n}\n\ntelemetry {\n prometheus_retention_time = \"24h\"\n disable_hostname = true\n unauthenticated_metrics_access = true\n}\n\n\nservice_registration \"kubernetes\" {}\n"` | |
+| server.ha.config | string | `"ui = true\n\nlistener \"tcp\" {\n {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n tls_disable = 0\n tls_key_file = \"/vault/tls/tls.key\"\n tls_cert_file = \"/vault/tls/tls.crt\"\n {{- else }}\n tls_disable = 1\n {{- end }}\n address = \"[::]:8200\"\n cluster_address = \"[::]:8201\"\n}\nstorage \"consul\" {\n path = \"vault\"\n address = \"HOST_IP:8500\"\n}\n\nservice_registration \"kubernetes\" {}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n# project = \"vault-helm-dev-246514\"\n# region = \"global\"\n# key_ring = \"vault-helm-unseal-kr\"\n# crypto_key = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics.\n# If you are using Prometheus Operator you can enable a ServiceMonitor resource below.\n# You may wish to enable unauthenticated metrics in the listener block above.\n#telemetry {\n# prometheus_retention_time = \"30s\"\n# disable_hostname = true\n#}\n"` | |
+| server.ha.disruptionBudget.enabled | bool | `true` | |
+| server.ha.disruptionBudget.maxUnavailable | string | `nil` | |
+| server.serviceAccount.create | bool | `true` | |
+| server.serviceAccount.name | string | `""` | |
+| server.serviceAccount.createSecret | bool | `false` | |
+| server.serviceAccount.annotations | object | `{}` | |
+| server.serviceAccount.extraLabels | object | `{}` | |
+| server.serviceAccount.serviceDiscovery.enabled | bool | `true` | |
+| server.statefulSet.annotations | object | `{}` | |
+| server.statefulSet.securityContext.pod | object | `{}` | |
+| server.statefulSet.securityContext.container.capabilities.drop[0] | string | `"ALL"` | |
+| server.hostNetwork | bool | `false` | |
+| ui.enabled | bool | `true` | |
+| ui.publishNotReadyAddresses | bool | `true` | |
+| ui.activeVaultPodOnly | bool | `false` | |
+| ui.serviceType | string | `"ClusterIP"` | |
+| ui.serviceNodePort | string | `nil` | |
+| ui.externalPort | int | `8200` | |
+| ui.targetPort | int | `8200` | |
+| ui.serviceIPFamilyPolicy | string | `""` | |
+| ui.serviceIPFamilies | list | `[]` | |
+| ui.externalTrafficPolicy | string | `"Cluster"` | |
+| ui.annotations | object | `{}` | |
+| csi.enabled | bool | `false` | |
+| csi.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault-csi-provider"` | |
+| csi.image.tag | string | `"v1.5.0"` | |
+| csi.image.pullPolicy | string | `"IfNotPresent"` | |
+| csi.volumes | string | `nil` | |
+| csi.volumeMounts | string | `nil` | |
+| csi.resources.requests.cpu | string | `"50m"` | |
+| csi.resources.requests.memory | string | `"128Mi"` | |
+| csi.resources.limits.cpu | string | `"50m"` | |
+| csi.resources.limits.memory | string | `"128Mi"` | |
+| csi.hmacSecretName | string | `""` | |
+| csi.hostNetwork | bool | `false` | |
+| csi.daemonSet.updateStrategy.type | string | `"RollingUpdate"` | |
+| csi.daemonSet.updateStrategy.maxUnavailable | string | `""` | |
+| csi.daemonSet.annotations | object | `{}` | |
+| csi.daemonSet.providersDir | string | `"/etc/kubernetes/secrets-store-csi-providers"` | |
+| csi.daemonSet.kubeletRootDir | string | `"/var/lib/kubelet"` | |
+| csi.daemonSet.extraLabels | object | `{}` | |
+| csi.daemonSet.securityContext.pod.runAsNonRoot | bool | `true` | |
+| csi.daemonSet.securityContext.pod.runAsGroup | int | `1000` | |
+| csi.daemonSet.securityContext.pod.runAsUser | int | `100` | |
+| csi.daemonSet.securityContext.pod.fsGroup | int | `1000` | |
+| csi.pod.annotations | object | `{}` | |
+| csi.pod.tolerations | list | `[]` | |
+| csi.pod.nodeSelector | object | `{}` | |
+| csi.pod.affinity | object | `{}` | |
+| csi.pod.extraLabels | object | `{}` | |
+| csi.agent.enabled | bool | `true` | |
+| csi.agent.extraArgs | list | `[]` | |
+| csi.agent.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
+| csi.agent.image.tag | string | `"1.18.2"` | |
+| csi.agent.image.pullPolicy | string | `"IfNotPresent"` | |
+| csi.agent.logFormat | string | `"standard"` | |
+| csi.agent.logLevel | string | `"info"` | |
+| csi.agent.resources.requests.memory | string | `"256Mi"` | |
+| csi.agent.resources.requests.cpu | string | `"250m"` | |
+| csi.agent.resources.limits.memory | string | `"256Mi"` | |
+| csi.agent.resources.limits.cpu | string | `"250m"` | |
+| csi.priorityClassName | string | `""` | |
+| csi.serviceAccount.annotations | object | `{}` | |
+| csi.serviceAccount.extraLabels | object | `{}` | |
+| csi.readinessProbe.failureThreshold | int | `2` | |
+| csi.readinessProbe.initialDelaySeconds | int | `5` | |
+| csi.readinessProbe.periodSeconds | int | `5` | |
+| csi.readinessProbe.successThreshold | int | `1` | |
+| csi.readinessProbe.timeoutSeconds | int | `3` | |
+| csi.livenessProbe.failureThreshold | int | `2` | |
+| csi.livenessProbe.initialDelaySeconds | int | `5` | |
+| csi.livenessProbe.periodSeconds | int | `5` | |
+| csi.livenessProbe.successThreshold | int | `1` | |
+| csi.livenessProbe.timeoutSeconds | int | `3` | |
+| csi.logLevel | string | `"info"` | |
+| csi.debug | bool | `false` | |
+| csi.extraArgs | list | `[]` | |
+| domain | string | `"dev.bigbang.mil"` | |
+| monitoring.enabled | bool | `false` | |
+| monitoring.namespace | string | `"monitoring"` | |
+| networkPolicies.enabled | bool | `false` | |
+| networkPolicies.controlPlaneCidr | string | `"0.0.0.0/0"` | |
+| networkPolicies.vpcCidr | string | `"0.0.0.0/0"` | |
+| networkPolicies.ingressLabels.app | string | `"istio-ingressgateway"` | |
+| networkPolicies.ingressLabels.istio | string | `"ingressgateway"` | |
+| networkPolicies.additionalPolicies | list | `[]` | |
+| autoInit.enabled | bool | `true` | |
+| autoInit.image.repository | string | `"registry1.dso.mil/ironbank/big-bang/base"` | |
+| autoInit.image.tag | string | `"2.1.0"` | |
+| autoInit.storage.size | string | `"2Gi"` | |
+| istio.enabled | bool | `false` | |
+| istio.hardened.enabled | bool | `false` | |
+| istio.hardened.customAuthorizationPolicies | list | `[]` | |
+| istio.hardened.monitoring.enabled | bool | `true` | |
+| istio.hardened.monitoring.namespaces[0] | string | `"monitoring"` | |
+| istio.hardened.monitoring.principals[0] | string | `"cluster.local/ns/monitoring/sa/monitoring-grafana"` | |
+| istio.hardened.monitoring.principals[1] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"` | |
+| istio.hardened.monitoring.principals[2] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"` | |
+| istio.hardened.monitoring.principals[3] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"` | |
+| istio.hardened.monitoring.principals[4] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"` | |
+| istio.hardened.monitoring.principals[5] | string | `"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"` | |
+| istio.hardened.apiAccess.enabled | bool | `true` | |
+| istio.hardened.apiAccess.ports[0] | string | `"8200"` | |
+| istio.vault.enabled | bool | `true` | |
+| istio.vault.gateways[0] | string | `"istio-system/main"` | |
+| istio.vault.hosts[0] | string | `"vault.{{ .Values.domain }}"` | |
+| istio.vault.tls.cert | string | `""` | |
+| istio.vault.tls.key | string | `""` | |
+| istio.mtls.mode | string | `"STRICT"` | |
+| minio.enabled | bool | `false` | |
+| customAppIngressSelector.key | string | `"vault-ingress"` | |
+| customAppIngressSelector.value | bool | `true` | |
+| serverTelemetry.serviceMonitor.enabled | bool | `false` | |
+| serverTelemetry.serviceMonitor.selectors | object | `{}` | |
+| serverTelemetry.serviceMonitor.interval | string | `"30s"` | |
+| serverTelemetry.serviceMonitor.scrapeTimeout | string | `"10s"` | |
+| serverTelemetry.serviceMonitor.tlsConfig | object | `{}` | |
+| serverTelemetry.serviceMonitor.authorization | object | `{}` | |
+| serverTelemetry.prometheusRules.enabled | bool | `false` | |
+| serverTelemetry.prometheusRules.selectors | object | `{}` | |
+| serverTelemetry.prometheusRules.rules | list | `[]` | |
+| bbtests.enabled | bool | `false` | |
+| bbtests.cypress.resources.requests.cpu | int | `2` | |
+| bbtests.cypress.resources.requests.memory | string | `"8Gi"` | |
+| bbtests.cypress.resources.limits.cpu | int | `2` | |
+| bbtests.cypress.resources.limits.memory | string | `"8Gi"` | |
+| bbtests.cypress.artifacts | bool | `true` | |
+| bbtests.cypress.envs.cypress_vault_url | string | `"http://vault.vault.svc:8200"` | |
+| bbtests.cypress.secretEnvs[0].name | string | `"cypress_token"` | |
+| bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.name | string | `"vault-token"` | |
+| bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.key | string | `"key"` | |
+| bbtests.cypress.disableDefaultTests | bool | `false` | |
+| openshift | bool | `false` | |
## Contributing
@@ -399,4 +398,3 @@ Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in
---
_This file is programatically generated using `helm-docs` and some BigBang-specific templates. The `gluon` repository has [instructions for regenerating package READMEs](https://repo1.dso.mil/big-bang/product/packages/gluon/-/blob/master/docs/bb-package-readme.md)._
-
--
GitLab
From 706e92429d340742fb2a0c9986d3c816bd59fc0c Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Fri, 6 Dec 2024 08:17:48 -0600
Subject: [PATCH 24/30] fix changelog
---
CHANGELOG.md | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7a80f9be..806c33ed 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- Updated registry1.dso.mil/ironbank/hashicorp/vault (source) 1.18.1 -> 1.18.2
- Updated minio-instance from 6.0.3-bb.2 -> 6.0.4-bb.2
+## [0.29.0-bb.1] - 2024-12-04
+
+### Changed
+
+- Updated minio-instance from 6.0.4-bb.2 -> 6.0.4-bb.3
+- Updated gluon to 0.5.12
+- Added missing label for app.kubernetes.io/version
+
## [0.29.0-bb.0] - 2024-11-12
### Changed
--
GitLab
From eb6e02349eb7ce5eddf89f53c3e0485c86eb6a89 Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Fri, 6 Dec 2024 08:20:27 -0600
Subject: [PATCH 25/30] fix linting
---
README.md | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/README.md b/README.md
index 44d91d18..f3747b3e 100644
--- a/README.md
+++ b/README.md
@@ -10,10 +10,10 @@ Official HashiCorp Vault Chart
- <https://www.vaultproject.io>
-* <https://github.com/hashicorp/vault>
-* <https://github.com/hashicorp/vault-helm>
-* <https://github.com/hashicorp/vault-k8s>
-* <https://github.com/hashicorp/vault-csi-provider>
+- <https://github.com/hashicorp/vault>
+- <https://github.com/hashicorp/vault-helm>
+- <https://github.com/hashicorp/vault-k8s>
+- <https://github.com/hashicorp/vault-csi-provider>
## Upstream Release Notes
@@ -42,7 +42,7 @@ Kubernetes: `>= 1.20.0-0`
Install Helm
-https://helm.sh/docs/intro/install/
+<https://helm.sh/docs/intro/install/>
## Deployment
--
GitLab
From cfce381045e057cfbf058416ba6767fd406900e5 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@renovateapp.com>
Date: Thu, 19 Dec 2024 07:15:51 +0000
Subject: [PATCH 26/30] chore(deps): update ironbank to v1.18.3
---
chart/Chart.yaml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 9e231621..82933f2b 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v2
name: vault
version: '0.29.1-bb.1'
-appVersion: 1.18.2
+appVersion: 1.18.3
kubeVersion: ">= 1.20.0-0"
description: Official HashiCorp Vault Chart
home: https://www.vaultproject.io
@@ -33,10 +33,10 @@ dependencies:
annotations:
bigbang.dev/maintenanceTrack: bb_integrated
bigbang.dev/applicationVersions: |
- - Vault: 1.18.2
+ - Vault: 1.18.3
helm.sh/images: |
- name: vault
- image: registry1.dso.mil/ironbank/hashicorp/vault:1.18.2
+ image: registry1.dso.mil/ironbank/hashicorp/vault:1.18.3
- name: vault-k8s
image: registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s:v1.6.0
- name: vault-csi-provider
--
GitLab
From 32b9b3a89843b8b6d0fc014e1f5958860cf254fd Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@renovateapp.com>
Date: Fri, 31 Jan 2025 07:17:08 +0000
Subject: [PATCH 27/30] chore(deps): update ironbank to v1.18.4
---
chart/Chart.yaml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 11478571..4cab12d1 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v2
name: vault
version: '0.29.1-bb.4'
-appVersion: 1.18.3
+appVersion: 1.18.4
kubeVersion: ">= 1.20.0-0"
description: Official HashiCorp Vault Chart
home: https://www.vaultproject.io
@@ -33,10 +33,10 @@ dependencies:
annotations:
bigbang.dev/maintenanceTrack: bb_integrated
bigbang.dev/applicationVersions: |
- - Vault: 1.18.3
+ - Vault: 1.18.4
helm.sh/images: |
- name: vault
- image: registry1.dso.mil/ironbank/hashicorp/vault:1.18.3
+ image: registry1.dso.mil/ironbank/hashicorp/vault:1.18.4
- name: vault-k8s
image: registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s:v1.6.1
- name: vault-csi-provider
--
GitLab
From 63a4b910c96dd37faf200c7faf47d4908b345330 Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Wed, 5 Feb 2025 07:32:51 -0600
Subject: [PATCH 28/30] bump version
---
chart/values.yaml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/chart/values.yaml b/chart/values.yaml
index b8a46ed2..43daf715 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -75,7 +75,7 @@ injector:
# required.
agentImage:
repository: "registry1.dso.mil/ironbank/hashicorp/vault"
- tag: "1.18.3"
+ tag: "1.18.4"
# The default values for the injected Vault Agent containers.
agentDefaults:
@@ -392,7 +392,7 @@ server:
image:
repository: "registry1.dso.mil/ironbank/hashicorp/vault"
- tag: "1.18.3"
+ tag: "1.18.4"
# Overrides the default Image Pull Policy
pullPolicy: IfNotPresent
@@ -1242,7 +1242,7 @@ csi:
image:
repository: "registry1.dso.mil/ironbank/hashicorp/vault"
- tag: "1.18.3"
+ tag: "1.18.4"
pullPolicy: IfNotPresent
logFormat: standard
--
GitLab
From 050a89664434529059b3e5a9e00771798d8b8546 Mon Sep 17 00:00:00 2001
From: chukwuka akagbusi <chukwuka.akagbusi.ctr@us.af.mil>
Date: Thu, 6 Feb 2025 10:59:30 -0600
Subject: [PATCH 29/30] updated image tag to 1.18.4
---
README.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 6b732cf1..2125ea74 100644
--- a/README.md
+++ b/README.md
@@ -74,7 +74,7 @@ helm install vault chart/
| injector.image.tag | string | `"v1.6.1"` | |
| injector.image.pullPolicy | string | `"IfNotPresent"` | |
| injector.agentImage.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
-| injector.agentImage.tag | string | `"1.18.3"` | |
+| injector.agentImage.tag | string | `"1.18.4"` | |
| injector.agentDefaults.cpuLimit | string | `"500m"` | |
| injector.agentDefaults.cpuRequest | string | `"500m"` | |
| injector.agentDefaults.memLimit | string | `"250Mi"` | |
@@ -144,7 +144,7 @@ helm install vault chart/
| server.enterpriseLicense.secretName | string | `""` | |
| server.enterpriseLicense.secretKey | string | `"license"` | |
| server.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
-| server.image.tag | string | `"1.18.3"` | |
+| server.image.tag | string | `"1.18.4"` | |
| server.image.pullPolicy | string | `"IfNotPresent"` | |
| server.updateStrategyType | string | `"OnDelete"` | |
| server.logLevel | string | `""` | |
@@ -308,7 +308,7 @@ helm install vault chart/
| csi.agent.enabled | bool | `true` | |
| csi.agent.extraArgs | list | `[]` | |
| csi.agent.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` | |
-| csi.agent.image.tag | string | `"1.18.3"` | |
+| csi.agent.image.tag | string | `"1.18.4"` | |
| csi.agent.image.pullPolicy | string | `"IfNotPresent"` | |
| csi.agent.logFormat | string | `"standard"` | |
| csi.agent.logLevel | string | `"info"` | |
--
GitLab
From bc34646f155ba97541124b5875d6a03aea0651a7 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@renovateapp.com>
Date: Tue, 25 Feb 2025 23:54:35 +0000
Subject: [PATCH 30/30] chore(deps): update ironbank to v1.18.5
---
chart/Chart.yaml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 487e2436..b970a4eb 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v2
name: vault
version: '0.29.1-bb.5'
-appVersion: 1.18.4
+appVersion: 1.18.5
kubeVersion: ">= 1.20.0-0"
description: Official HashiCorp Vault Chart
home: https://www.vaultproject.io
@@ -33,10 +33,10 @@ dependencies:
annotations:
bigbang.dev/maintenanceTrack: bb_integrated
bigbang.dev/applicationVersions: |
- - Vault: 1.18.4
+ - Vault: 1.18.5
helm.sh/images: |
- name: vault
- image: registry1.dso.mil/ironbank/hashicorp/vault:1.18.4
+ image: registry1.dso.mil/ironbank/hashicorp/vault:1.18.5
- name: vault-k8s
image: registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s:v1.6.1
- name: vault-csi-provider
--
GitLab